File _patchinfo of Package patchinfo.30293

<patchinfo incident="30293">
  <issue tracker="cve" id="2023-4039"/>
  <issue tracker="cve" id="2019-14250"/>
  <issue tracker="cve" id="2020-13844"/>
  <issue tracker="cve" id="2019-15847"/>
  <issue tracker="bnc" id="1129389">ICE after tensorflow update</issue>
  <issue tracker="bnc" id="1196861">gcc-ada built with incorrect target</issue>
  <issue tracker="bnc" id="1141897">SLES 15 SP1 - GCC Miscompilation of vector shift</issue>
  <issue tracker="bnc" id="1161913">SLES 12 SP3 - SLES GCC generates wrong code for exception handling</issue>
  <issue tracker="bnc" id="1160086">SLES 15 SP1 - GCC Miscompilation in vectorized code</issue>
  <issue tracker="bnc" id="1128794">GCC: Internal compiler error with -mtune=cortex-a57 -O2</issue>
  <issue tracker="bnc" id="1071995">[TRACKERBUG] SLE15 livepatch backports</issue>
  <issue tracker="bnc" id="1146475">[DellEMC-SPE]  SLES15 built-in GCC has different behavior with the version from SLES12SP1 on forwarding array declaration</issue>
  <issue tracker="bnc" id="1178577">Please backport fixes for gcc PR97535</issue>
  <issue tracker="bnc" id="1124644">SLES 15 - GCC Wrong code generate for floating point workloads</issue>
  <issue tracker="bnc" id="1205145">cannot build kernel with KASAN</issue>
  <issue tracker="bnc" id="1167939">Use LSE instructions in glibc's mutex_lock</issue>
  <issue tracker="bnc" id="1142649">VUL-1: CVE-2019-14250: binutils: simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow</issue>
  <issue tracker="bnc" id="1114592">Package gcc7-info, gnat info pages, info dir section erroneous</issue>
  <issue tracker="bnc" id="1178614">Incorrect line info for try/catch</issue>
  <issue tracker="bnc" id="1204505">gcc: internal compiler error: Segmentation fault</issue>
  <issue tracker="bnc" id="1150164">CLOCK_MONOTONIC and CLOCK_REALTIME appear to be broken on thunderX1</issue>
  <issue tracker="bnc" id="1131264">Backport x86/retpolines: Disable switch jump tables when retpolines are enabled (a9d57ef15cbe327fe54416dd194ee0ea66ae53a4)</issue>
  <issue tracker="bnc" id="1149145">VUL-0: CVE-2019-15847: gcc7, gcc8: The POWER9 backend in gcc optimizes multiple calls of the __builtin_darn intrinsic into a single call reducing the entropy of the random number generator</issue>
  <issue tracker="bnc" id="1148517">devel:gcc/cross-mips-gcc9: /usr/include/c++/9/cstdlib:41:10: fatal error: bits/c++config.h: No such file or directory</issue>
  <issue tracker="bnc" id="1178624">On AArch64 memcpy expansion cannot handle length &gt; 32-bit signed int max</issue>
  <issue tracker="bnc" id="1214052">VUL-0: EMBARGOED: CVE-2023-4039: gcc: stack protector does not protect C99 VLAs on Aarch64</issue>
  <issue tracker="bnc" id="1084842">gcc on i*86 with option -mieee-fp requires obsolete libieee now disappeared</issue>
  <issue tracker="bnc" id="1178675">[Staging] brp-check-suse bug fix exposes packaging bug in gcc/gcc7/gcc10</issue>
  <issue tracker="bnc" id="1195517">libxcam failed to build for ppc64le</issue>
  <issue tracker="bnc" id="1172798">VUL-0: CVE-2020-13844: gcc, llvm: ARMv8 straight-line speculation</issue>
  <issue tracker="bnc" id="1181618">gcc ICE on building webkit2gtk3 for Leap 15.3</issue>
  <issue tracker="jsc" id="SLE-12209"/>
  <issue tracker="jsc" id="SLE-6738"/>
  <issue tracker="fate" id="323487"/>
  <packager>rguenther</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gcc7</summary>
  <description>This update for gcc7 fixes the following issues:

Security issues fixed:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
- CVE-2019-15847: Fixed POWER9 DARN miscompilation.  (bsc#1149145)
- CVE-2019-14250: Includes fix for LTO linker plugin heap overflow.  (bsc#1142649)

Update to GCC 7.5.0 release.

Other changes:

- Fixed KASAN kernel compile. (bsc#1205145)
- Fixed ICE with C++17 code. (bsc#1204505)
- Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):
- Adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]
- Do not handle exceptions in std::thread (jsc#CAR-1182)
- add -fpatchable-function-entry feature to gcc-7.
- Fixed glibc namespace violation with getauxval. (bsc#1167939)
- Backport aarch64 Straight Line Speculation mitigation [bsc#1172798, CVE-2020-13844]
- Enable fortran for the nvptx offload compiler. 
- Update README.First-for.SuSE.packagers
- Avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
- Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its
  default enabling.  (jsc#SLE-12209, bsc#1167939)
- Fixed memcpy miscompilation on aarch64.  (bsc#1178624, bsc#1178577)
- Fixed debug line info for try/catch.  (bsc#1178614)
- Fixed corruption of pass private -&gt;aux via DF. (gcc#94148)
- Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
- Fixed register allocation issue with exception handling code on s390x.  (bsc#1161913)
- Backport PR target/92692 to fix miscompilation of some atomic code on aarch64. (bsc#1150164)
- Fixed miscompilation in vectorized code for s390x.  (bsc#1160086) [gcc#92950]
- Fixed miscompilation with thread-safe local static initialization.  [gcc#85887]
- Fixed debug info created for array definitions that complete an earlier declaration.  [bsc#1146475]
- Fixed vector shift miscompilation on s390.  (bsc#1141897)
- Add gcc7 -flive-patching patch.  [bsc#1071995, fate#323487]
- Strip -flto from $optflags.
- Disables switch jump-tables when retpolines are used.  (bsc#1131264, jsc#SLE-6738)
- Fixed ICE compiling tensorflow on aarch64.  (bsc#1129389)
- Fixed for aarch64 FMA steering pass use-after-free.  (bsc#1128794)
- Fixed ICE compiling tensorflow.  (bsc#1129389)
- Fixed s390x FP load-and-test issue.  (bsc#1124644)
- Adjust gnat manual entries in the info directory.  (bsc#1114592)
- Fixed to no longer try linking -lieee with -mieee-fp.  (bsc#1084842)
</description>
</patchinfo>