From ce6423205d83b6ab789fc93a54dc1be101a87279 Mon Sep 17 00:00:00 2001 From: Evgeny Sagatov Date: Fri, 2 Feb 2024 16:01:24 +0300 Subject: [PATCH 1/3] Add compatability with GCC 12.x Fixes build for kas 4.2 and Yocto Project 4.3.2 Signed-off-by: Evgeny Sagatov Backport from 8c0c9f13cb89008f080fded0ca435f388e97bd7b Signed-off-by: Tim Orling --- recipes-core/icedtea/icedtea7-native.inc | 5 ++--- recipes-core/openjdk/openjdk-7-common.inc | 3 +++ recipes-core/openjdk/openjdk-8-common.inc | 3 +++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/recipes-core/icedtea/icedtea7-native.inc b/recipes-core/icedtea/icedtea7-native.inc index 0f317bb8..d6f8fd75 100644 --- a/recipes-core/icedtea/icedtea7-native.inc +++ b/recipes-core/icedtea/icedtea7-native.inc @@ -21,9 +21,8 @@ CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'x11', '', ' -DHEADLESS=t # Disable dead store elimination and set C++ standard to C++98. # There are dead stores in the JVM that would be pretty hard to # remove, so disable the optimisation in the compiler. -CFLAGS:append = " -fno-tree-dse" -CXXFLAGS:append = " -fno-tree-dse" -CXX:append = " -std=gnu++98" +CFLAGS:append = " -std=gnu++98 -fno-tree-dse -fno-tree-vectorize" +CXXFLAGS:append = " -std=gnu++98 -fno-tree-dse" # WORKAROUND: ignore errors from new compilers CFLAGS:append = " -Wno-error=stringop-overflow -Wno-error=return-type" diff --git a/recipes-core/openjdk/openjdk-7-common.inc b/recipes-core/openjdk/openjdk-7-common.inc index 04352331..cba1ea63 100644 --- a/recipes-core/openjdk/openjdk-7-common.inc +++ b/recipes-core/openjdk/openjdk-7-common.inc @@ -459,3 +459,6 @@ ALTERNATIVE_LINK_NAME[javac] = "${bindir}/javac" ALTERNATIVE_LINK_NAME[keytool] = "${bindir}/keytool" ALTERNATIVE_PRIORITY = "50" + +# canon-prefix-map doesn't exist in gcc 12.x +DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" diff --git a/recipes-core/openjdk/openjdk-8-common.inc b/recipes-core/openjdk/openjdk-8-common.inc index 16e3816f..82bf31e0 100644 --- a/recipes-core/openjdk/openjdk-8-common.inc +++ b/recipes-core/openjdk/openjdk-8-common.inc @@ -194,3 +194,6 @@ BUILD_CXXFLAGS:append = " ${GLOBAL_FLAGS}" # flags for -cross TARGET_CFLAGS:append = " ${GLOBAL_FLAGS}" TARGET_CXXFLAGS:append = " ${GLOBAL_FLAGS}" + +# canon-prefix-map doesn't exist in gcc 12.x +DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map" From 42f0f528d2468681930abceb0aa2ecf1bd6405df Mon Sep 17 00:00:00 2001 From: Tim Orling Date: Fri, 2 Feb 2024 13:45:12 -0800 Subject: [PATCH 2/3] jsch,xerces-j: fix deprecated CVE_CHECK_IGNORE The preferred variable name is now CVE_STATUS since: openembedded-core 34f682a24b7075b12ec308154b937ad118d69fe5 "cve-check: add option to add additional patched CVEs" Fixes: WARNING: /build/../meta-java/recipes-core/jcraft/jsch_0.1.40.bb: CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS WARNING: /build/../meta-java/recipes-core/xerces-j/xerces-j_2.11.0.bb: CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS Backport from c799db95582750b978111c86fd4a5f87e96de1b0 Signed-off-by: Tim Orling --- recipes-core/jcraft/jsch_0.1.40.bb | 2 +- recipes-core/xerces-j/xerces-j_2.11.0.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-core/jcraft/jsch_0.1.40.bb b/recipes-core/jcraft/jsch_0.1.40.bb index 25971266..8ef5c85d 100644 --- a/recipes-core/jcraft/jsch_0.1.40.bb +++ b/recipes-core/jcraft/jsch_0.1.40.bb @@ -26,7 +26,7 @@ SRC_URI[md5sum] = "b59cec19a487e95aed68378976b4b566" SRC_URI[sha256sum] = "ca9d2ae08fd7a8983fb00d04f0f0c216a985218a5eb364ff9bee73870f28e097" # Ignore the CVE because it only affects Windows platforms -CVE_CHECK_IGNORE += "CVE-2016-5725" +CVE_STATUS += "CVE-2016-5725" BBCLASSEXTEND = "native" diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb index dcdd510e..c7a54ab0 100644 --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb @@ -18,7 +18,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar # Already fixed with updates and closed. # https://access.redhat.com/security/cve/CVE-2018-2799 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542 -CVE_CHECK_IGNORE += "CVE-2018-2799" +CVE_STATUS += "CVE-2018-2799" S = "${WORKDIR}/xerces-2_11_0" From 0d0fac3c22d11781d39cd75647679e35be9aff25 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sat, 24 Feb 2024 12:39:42 +0100 Subject: [PATCH 3/3] jsch,xerces-j: fix CVE_STATUS Last commit tried to convert CVE_CHECK_IGNORE to CVE_STATUS, however it was done in wrong way and caused the CVEs to be reported as open again. This fixes CVE_STATUS syntax. Signed-off-by: Peter Marko --- recipes-core/jcraft/jsch_0.1.40.bb | 3 +-- recipes-core/xerces-j/xerces-j_2.11.0.bb | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/recipes-core/jcraft/jsch_0.1.40.bb b/recipes-core/jcraft/jsch_0.1.40.bb index 8ef5c85d..aeb04b49 100644 --- a/recipes-core/jcraft/jsch_0.1.40.bb +++ b/recipes-core/jcraft/jsch_0.1.40.bb @@ -25,8 +25,7 @@ do_compile() { SRC_URI[md5sum] = "b59cec19a487e95aed68378976b4b566" SRC_URI[sha256sum] = "ca9d2ae08fd7a8983fb00d04f0f0c216a985218a5eb364ff9bee73870f28e097" -# Ignore the CVE because it only affects Windows platforms -CVE_STATUS += "CVE-2016-5725" +CVE_STATUS[CVE-2016-5725] = "not-applicable-platform: Issue only applies on Windows" BBCLASSEXTEND = "native" diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb index c7a54ab0..45d3c43b 100644 --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb @@ -18,7 +18,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar # Already fixed with updates and closed. # https://access.redhat.com/security/cve/CVE-2018-2799 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542 -CVE_STATUS += "CVE-2018-2799" +CVE_STATUS[CVE-2018-2799] = "not-applicable-platform: Issue only applies on some Oracle Java SE and Red Hat Enterprise Linux versions" S = "${WORKDIR}/xerces-2_11_0"