subject:"\[OE\-core\] \[PATCH\] gcc\: backport a fix for ICE caused by CVE\-2023\-4039.patch"

Re: [OE-core] [PATCH] gcc: backport a fix for ICE caused by CVE-2023-4039.patch

2023-09-20 Thread SANJAYKUMAR CHITRODA via lists.openembedded.org

Hi Richard and Martin,

In my knowledge CVE-2023-4039 is fixed and merged in master branch for gcc 
package.
But still if we generate report, this CVE gets reported as "unpatched".

>From my analysis it looks like that due to following suspected reason CVE is 
>not parsed properly

  *   gcc package is not extracted in tmp/work/ directory
  *   There is no do_patch task in recipe of gcc

Please review the case and provide your insights, If anyone has any 
suggestion/comment on this please share.

Thanks,
Sanjay Chitroda

From: openembedded-core@lists.openembedded.org 
 on behalf of Martin Jansa via 
lists.openembedded.org 
Sent: 16 September 2023 02:12
To: openembedded-core@lists.openembedded.org 

Cc: Martin Jansa 
Subject: [External] [OE-core] [PATCH] gcc: backport a fix for ICE caused by 
CVE-2023-4039.patch


CAUTION: This email originated from outside of the organization. This message 
might not be safe, use caution in opening it. If in doubt, do not open the 
attachment nor links in the message.


* see:
  
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D111418=05%7C01%7CSANJAY.CHITRODA%40einfochips.com%7C616af282b3e44ef008dbb62c578e%7C0beb0c359cbb4feb99e5589e415c7944%7C1%7C0%7C638304073791206852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=Kvptq0Ny6rYD0mPMROruN60EITxp1TLIzozJyAsP76w%3D=0<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111418>
  
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc.gnu.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D111411=05%7C01%7CSANJAY.CHITRODA%40einfochips.com%7C616af282b3e44ef008dbb62c578e%7C0beb0c359cbb4feb99e5589e415c7944%7C1%7C0%7C638304073791206852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=gL1a4%2BXpuVnne4yARpkbSOrGpdlsC2RkEowbd6YqX4Q%3D=0<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111411>

* add git headers to 0025-gcc-testsuite-mips.patch so that it does
  easily apply with other patches with git am

Signed-off-by: Martin Jansa 
---
 meta/recipes-devtools/gcc/gcc-13.2.inc|   3 +-
 ...25-gcc-testsuite-tweaks-for-mips-OE.patch} | 148 +-
 ...ch64-Fix-loose-ldpstp-check-PR111411.patch | 117 ++
 3 files changed, 197 insertions(+), 71 deletions(-)
 rename meta/recipes-devtools/gcc/gcc/{0025-gcc-testsuite-mips.patch => 
0025-gcc-testsuite-tweaks-for-mips-OE.patch} (76%)
 create mode 100644 
meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch

diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc 
b/meta/recipes-devtools/gcc/gcc-13.2.inc
index 0922251e18..d96f3171e4 100644
--- a/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -64,8 +64,9 @@ SRC_URI = "${BASEURI} \
file://0022-libatomic-Do-not-enforce-march-on-aarch64.patch \
file://0023-Fix-install-path-of-linux64.h.patch \
file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
-   file://0025-gcc-testsuite-mips.patch \
+   file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
file://CVE-2023-4039.patch \
+   file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \
 "
 SRC_URI[sha256sum] = 
"e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da"

diff --git a/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch 
b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
similarity index 76%
rename from meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
rename to 
meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
index 49eaece923..c405d8d484 100644
--- a/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
+++ b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
@@ -1,4 +1,7 @@
-gcc testsuite tweaks for mips/OE
+From f12acc6a383546d48da3bdfb2f25ca2adb7976d7 Mon Sep 17 00:00:00 2001
+From: Richard Purdie 
+Date: Sun, 13 Aug 2023 10:24:05 +0100
+Subject: [PATCH] gcc testsuite tweaks for mips/OE

 Disable loongson-mmi runtine, qemu doesn't appear to fully support them even 
if some
 of the instruction decoding is there.
@@ -27,12 +30,70 @@ Upstream-Status: Pending
 discussion. Need to investigate why qemu-user passes the 'bad' instructions']

 Signed-off-by: Richard Purdie 
+---
+ gcc/testsuite/gcc.target/mips/mips.exp | 16 +
+ gcc/testsuite/lib/gcc-dg.exp   | 11 +++
+ gcc/testsuite/lib/target-supports.exp  | 45 --
+ 3 files changed, 41 insertions(+), 31 deletions(-)

-Index: gcc-13.2.0/gcc/testsuite/lib/target-supports.exp
-===
 gcc-13.2.0.orig/gcc/testsuite/lib/target-supports.exp
-+++ gcc-13.2.0/gcc/testsuite/l

[OE-core] [PATCH] gcc: backport a fix for ICE caused by CVE-2023-4039.patch

2023-09-15 Thread Martin Jansa

* see:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111418
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111411

* add git headers to 0025-gcc-testsuite-mips.patch so that it does
  easily apply with other patches with git am

Signed-off-by: Martin Jansa 
---
 meta/recipes-devtools/gcc/gcc-13.2.inc|   3 +-
 ...25-gcc-testsuite-tweaks-for-mips-OE.patch} | 148 +-
 ...ch64-Fix-loose-ldpstp-check-PR111411.patch | 117 ++
 3 files changed, 197 insertions(+), 71 deletions(-)
 rename meta/recipes-devtools/gcc/gcc/{0025-gcc-testsuite-mips.patch => 
0025-gcc-testsuite-tweaks-for-mips-OE.patch} (76%)
 create mode 100644 
meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch

diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc 
b/meta/recipes-devtools/gcc/gcc-13.2.inc
index 0922251e18..d96f3171e4 100644
--- a/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -64,8 +64,9 @@ SRC_URI = "${BASEURI} \
file://0022-libatomic-Do-not-enforce-march-on-aarch64.patch \
file://0023-Fix-install-path-of-linux64.h.patch \
file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \
-   file://0025-gcc-testsuite-mips.patch \
+   file://0025-gcc-testsuite-tweaks-for-mips-OE.patch \
file://CVE-2023-4039.patch \
+   file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \
 "
 SRC_URI[sha256sum] = 
"e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da"
 
diff --git a/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch 
b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
similarity index 76%
rename from meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
rename to 
meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
index 49eaece923..c405d8d484 100644
--- a/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch
+++ b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-tweaks-for-mips-OE.patch
@@ -1,4 +1,7 @@
-gcc testsuite tweaks for mips/OE
+From f12acc6a383546d48da3bdfb2f25ca2adb7976d7 Mon Sep 17 00:00:00 2001
+From: Richard Purdie 
+Date: Sun, 13 Aug 2023 10:24:05 +0100
+Subject: [PATCH] gcc testsuite tweaks for mips/OE
 
 Disable loongson-mmi runtine, qemu doesn't appear to fully support them even 
if some
 of the instruction decoding is there.
@@ -27,12 +30,70 @@ Upstream-Status: Pending
 discussion. Need to investigate why qemu-user passes the 'bad' instructions']
 
 Signed-off-by: Richard Purdie 
+---
+ gcc/testsuite/gcc.target/mips/mips.exp | 16 +
+ gcc/testsuite/lib/gcc-dg.exp   | 11 +++
+ gcc/testsuite/lib/target-supports.exp  | 45 --
+ 3 files changed, 41 insertions(+), 31 deletions(-)
 
-Index: gcc-13.2.0/gcc/testsuite/lib/target-supports.exp
-===
 gcc-13.2.0.orig/gcc/testsuite/lib/target-supports.exp
-+++ gcc-13.2.0/gcc/testsuite/lib/target-supports.exp
-@@ -2155,14 +2155,7 @@ proc check_mips_loongson_mmi_hw_availabl
+diff --git a/gcc/testsuite/gcc.target/mips/mips.exp 
b/gcc/testsuite/gcc.target/mips/mips.exp
+index 15d574202d3..2cef9709774 100644
+--- a/gcc/testsuite/gcc.target/mips/mips.exp
 b/gcc/testsuite/gcc.target/mips/mips.exp
+@@ -709,7 +709,23 @@ proc mips_first_unsupported_option { upstatus } {
+ global mips_option_tests
+ upvar $upstatus status
+ 
++if { [mips_have_test_option_p status "-mmsa"] } {
++verbose -log "Found -mmsa"
++  if { ![check_mips_msa_hw_available] } {
++  verbose -log "No MSA avail"
++  return "-mmsa"
++  }
++}
++if { [mips_have_test_option_p status "-mloongson-mmi"] } {
++verbose -log "Found -mloonson-mmi"
++if { ![check_mips_loongson_mmi_hw_available] } {
++  verbose -log "No MMI avail"
++  return "-mloonson-mmi"
++  }
++}
++
+ foreach { option code } [array get mips_option_tests] {
++
+   if { [mips_have_test_option_p status $option] } {
+   regsub -all "\n" $code "\\n\\\n" asm
+   # Use check_runtime from target-supports.exp, which caches
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 9d79b9402e9..e0e5cbb1af8 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
 b/gcc/testsuite/lib/gcc-dg.exp
+@@ -240,9 +240,20 @@ proc schedule-cleanups { opts } {
+ 
+ proc gcc-dg-test-1 { target_compile prog do_what extra_tool_flags } {
+ # Set up the compiler flags, based on what we're going to do.
++global do-what-limit
+ 
+ set options [list]
+ 
++if [info exists do-what-limit] then {
++# Demote run tests to $do-what-limit if set
++  switch $do_what {
++  run {
++  set do_what $do-what-limit
++  set dg-do-what $do-what-limit
++  }
++}
++}
++
+ switch $do_what {
+   "preprocess" {
+   set compile_type

Re: [OE-core] [PATCH] gcc: backport a fix for ICE caused by CVE-2023-4039.patch

[OE-core] [PATCH] gcc: backport a fix for ICE caused by CVE-2023-4039.patch

2 matches

Site Navigation

Mail list logo

Footer information