From 5c09684863be8e803e3e987a5ce4940721c3f39a Mon Sep 17 00:00:00 2001 From: Ralph Siemsen Date: Fri, 8 Apr 2022 13:17:11 -0400 Subject: [PATCH] arm-toolchain: ignore CVE-2019-15847 CVE-2021-37322 CVE-2019-15847 is a bug in gcc POWER9 back-end, which is not relevant for ARM architecture. (It has been fixed in gcc 8.4, 9.3, and 10.1). CVE-2021-37322 is a bug in c++filt, which is part of binutils rather than gcc. The issue was fixed in binutils 2.32 (poky has 2.34). These exclusions are needed only in the dunfell branch, as it is the only one with affected gcc versions. Master branch has gcc 11.2, hardknott has 10.2, and honister has 10.3. Signed-off-by: Ralph Siemsen Signed-off-by: Jon Mason --- meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc | 6 ++++++ meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc | 6 ++++++ meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc index 65fbeffb..6e18e2a0 100644 --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.2.inc @@ -4,6 +4,12 @@ BASEPV = "8.2" PV = "arm-${BASEPV}" CVE_VERSION = "${BASEPV}" +# CVE-2019-15847 is only relevant to POWER9 architecture +CVE_CHECK_WHITELIST += "CVE-2019-15847" + +# CVE-2021-37322 is in binutils < 2.32, not in gcc +CVE_CHECK_WHITELIST += "CVE-2021-37322" + MMYY = "19.01" RELEASE = "20${MMYY}" PR = "r${RELEASE}" diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc index 3fb87bb5..c86467f9 100644 --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-8.3.inc @@ -9,6 +9,12 @@ RELEASE = "20${MMYY}" PR = "r${RELEASE}" BINV = "${BASEPV}.0" +# CVE-2019-15847 is only relevant to POWER9 architecture +CVE_CHECK_WHITELIST += "CVE-2019-15847" + +# CVE-2021-37322 is in binutils < 2.32, not in gcc +CVE_CHECK_WHITELIST += "CVE-2021-37322" + FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-${BASEPV}:${FILE_DIRNAME}/gcc-${BASEPV}/backport:" DEPENDS =+ "mpfr gmp libmpc zlib flex-native" diff --git a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc index 6378ecf4..ebbb5ed0 100644 --- a/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc +++ b/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-9.2.inc @@ -5,6 +5,12 @@ require recipes-devtools/gcc/gcc-common.inc PV = "arm-9.2" CVE_VERSION = "9.2" +# CVE-2019-15847 is only relevant to POWER9 architecture +CVE_CHECK_WHITELIST += "CVE-2019-15847" + +# CVE-2021-37322 is in binutils < 2.32, not in gcc +CVE_CHECK_WHITELIST += "CVE-2021-37322" + # BINV should be incremented to a revision after a minor gcc release BINV = "9.2.1"