Created attachment 253097 [details] [PATCH] devel/binutils: update 2.40 → 2.43, fix 4 CVEs https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-25585 https://nvd.nist.gov/vuln/detail/CVE-2023-25586 https://nvd.nist.gov/vuln/detail/CVE-2023-25588
PR/272853 appears to have stalled. I wasn't handling that PR, If needed I can take the lead on this. I'm out of office this week. We do need an exp-run. A cursory review of the patch changes more than simply updating the package. The commit log does not match the changes made to the port. I will split the commit into at least three commits.
I've removed approval until changes not directly related to the update are removed from the patch. I have already three commits queued to address formatting issues.
I will test my three reformatting patches and upload an updated copy of the submitted patch later today or tomorrow, pending a test build here. One of my commits includes petting portclippy, as much as can be done with this port, considering all the conditionals. I'll commit the three reformatting commits and upload a revised update (under the author's name) when the test build completes.
pkg-plist broken for aarch64. Likely for others. pkg-plist in patch only provided for amd64. This will need rework before exp-run. I will take ownership of this PR and fix all build issues. Sample aarch64 output: ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for items in pkg-plist which are not in STAGEDIR ===> No pkg-plist issues found (check-plist) ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xdcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xder Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xdwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xscer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xser Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xswer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64elf.xwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xdcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xder Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xdwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xscer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xser Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xswer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsd.xwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xdcer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xder Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xdwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xscer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xser Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xswer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/aarch64fbsdb.xwer Error: Orphaned: %%BUTARGET%%/lib/ldscripts/stamp ===> Checking for items in pkg-plist which are not in STAGEDIR ===> Error: Plist issues found. *** Error code 1
Currently finished fixing up pkg-plist-arm-gnueabi. I'll continue the rest tomorrow.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0d6b5ef730deb6a26d179a8a849ede4798ed75ec commit 0d6b5ef730deb6a26d179a8a849ede4798ed75ec Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-26 15:38:23 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-08-28 06:00:21 +0000 devel/binutils: Remove redundancies Remove: - Extraneous blank line - Now unneeded GNU_CONFIGURE_MANPREFIX - No longer needed TEST_DEPENDS PR: 281070 MFH: 2024Q3 devel/binutils/Makefile | 2 -- 1 file changed, 2 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d31fb9678d7312593a49348e94d5d4bce3b2f0a7 commit d31fb9678d7312593a49348e94d5d4bce3b2f0a7 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-26 15:29:12 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-08-28 06:00:20 +0000 devel/binutils: Pet portclippy In addition to petting portclippy, replace the "rm" command with its predefined variable. PR: 281070 MFH: 2024Q3 devel/binutils/Makefile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3650d3295bdd6ac829c8130feafc9aad390951c3 commit 3650d3295bdd6ac829c8130feafc9aad390951c3 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-26 15:49:19 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-08-28 06:00:21 +0000 devel/binutils: Reformat pkg-descr Shorten a long line. PR: 281070 MFH: 2024Q3 devel/binutils/Makefile | 2 +- devel/binutils/pkg-descr | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
Created attachment 253140 [details] Update to 2.43 This patch, updates binutils to 2.43: - separates cosmetic and other changes from the update commit - requires the three preceding patches just committed to patch and build correctly as separate other fixes and cosmetic patches. - Fixes packaging broken by the submitted patch
Hi portmgr@, Please run an exp-run on the attached patch. Make sure your ports tree is up to date as the attached patch relies on three preceding patches committed today.
Commit log message updated. I won't upload a new patch with the updated commit log message.
Can you fix elf-dissector before requesting the exp-run?
(In reply to Antoine Brodin from comment #12) This will require updating devel/gnulibiberty to 2.40, first, then update it to 2.43 in lockstep with binutils. (Probably makes sense if I get blanket commit approval for that port.) Another thought, we should probably create a wiki page to list the other ports that need to be updated in lockstep with binutils as well. Regarding elf-dissector, we're still at version 0.0.1. Upstream doesn't list any versions though there was a commit to it a month ago.
(In reply to Antoine Brodin from comment #12) By fix you mean fix the build? If yes, I have an update to devel/gnulibiberty and an update to BUILD_DEPENDS for elf-dissector that builds properly. Or, do you mean it doesn't work? (I don't use KDE here so I can't really test this.) I've added joerg@FreeBSD.org and kde@FreeBSD.org to the cc list as this discussion now affects their ports.
(In reply to Cy Schubert from comment #14) I mean fix the build, it was the only remaining failure for the previous upgrade
Created attachment 253171 [details] This patch to elf-dissector & gnulibiberty build ok. (In reply to Antoine Brodin from comment #15) Attached is a patch to gnulibiberty and elf-dissector that builds correctly here (15-CURRENT). It depends on binutils-2.40. If an exp-run with this patch, using the currently in ports binutils-2.40, passes, can I have your (portmgr) permission to commit the patches? Rather than complicate things, let's discuss what happens next after the exp-run for gnulibiberty and elf-dissector succeeds.
(In reply to Cy Schubert from comment #16) I can't do an exp-run for just elf-dissector and gnulibiberty, they are close to leaf-ports
Created attachment 253183 [details] Total five commits updating binutils and leaf ports (In reply to Antoine Brodin from comment #17) Use this. It contains the five following commits: * 823760b28b0d fc6d77feeeb3 2024-08-30 - (HEAD -> binutils-243) devel/elf-dissector: Depend on binutils/gnuliliberty 2.43 | * a49eb79e49db ffeddf278ec3 2024-08-30 - devel/gnulibiberty: Update to 2.43 | * 57bd1f31ee09 72d0c8e142ce 2024-08-26 - devel/binutils: update to 2.43 | * 30130d557acc 0bb73a55c1f5 2024-08-30 - (elf-dissector) devel/elf-dissector: Depend on binutils/gnuliliberty 2.40 | * 32e043822c3b 98adae5be89a 2024-08-30 - devel/gnulibiberty: Update to 2.40 | error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
Created attachment 253184 [details] Exp-run this one instead. I had forgotten to change a dependency in elf-dissector. This is the correct patch.
Exp-run looks fine
(In reply to Antoine Brodin from comment #20) Do I have your permission as portmgr to commit the changes to the leaf ports too?
Should we also merge quarterly? I'm of two trains of thought here. 1) We're close enough to 2024Q4 that it won't matter. But 2) this does fix four CVEs. It may matter. I'll leave it to you (portmgr) to decide.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6d62bda5341831a6184e60acf3b5e0e37ab6ef00 commit 6d62bda5341831a6184e60acf3b5e0e37ab6ef00 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-30 13:11:28 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-09-06 14:24:35 +0000 devel/elf-dissector: Depend on binutils/gnuliliberty 2.43 Requested by: antoine (as portmgr) PR: 281070 Exp-run by: antoine Approved by: portmgr (antoine, implicit) devel/elf-dissector/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=50ba4c61028c62d1deb28779d81ea1c235a53791 commit 50ba4c61028c62d1deb28779d81ea1c235a53791 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-25 21:04:53 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-09-06 14:21:02 +0000 devel/binutils: update to 2.43 Original patch (files/patch-* and native pkg-plist) by alster@vinterdalen.se. I separated cosmetic and other changes not related to the update into three prior commits and fixed pkg-plist packaging failures. The process used to fix pkg-plist problems resulted in correct sorting of ldscripts pkg-plist information. This part of the change should have been proactively fixed but the issue wasn't discovered until merging orphaned files back into the various pkg-plist files. Rather than introduce possible new breakage while trying to preemptively sort pkg-plist in a prior commit, let's just accept this change with the upgrade. PR: 281070 Security: CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, CVE-2023-25588 Exp-run by: antoine devel/binutils/Makefile | 4 +- devel/binutils/distinfo | 6 +- devel/binutils/files/extra-patch-no-info | 15 ++- devel/binutils/files/patch-bfd_elf.c (gone) | 39 -------- .../binutils/files/patch-commit-5e9091dab88 (gone) | 108 --------------------- devel/binutils/files/patch-ld_ldlang.c (gone) | 12 --- devel/binutils/pkg-plist | 13 ++- devel/binutils/pkg-plist-aarch64 | 27 ++++++ devel/binutils/pkg-plist-aarch64-none-elf | 54 +++++++++++ devel/binutils/pkg-plist-amd64 | 45 +++++++++ devel/binutils/pkg-plist-arm-gnueabi | 27 ++++++ devel/binutils/pkg-plist-arm-none-eabi | 9 ++ devel/binutils/pkg-plist-avr | 32 ++++++ devel/binutils/pkg-plist-i386 | 27 ++++++ devel/binutils/pkg-plist-mingw32 | 1 + devel/binutils/pkg-plist-mips | 108 +++++++++++++++++++++ devel/binutils/pkg-plist-mips64 | 108 +++++++++++++++++++++ devel/binutils/pkg-plist-powerpc | 27 ++++++ devel/binutils/pkg-plist-powerpc64 | 36 +++++++ devel/binutils/pkg-plist-powerpc64le | 62 +++++++----- devel/binutils/pkg-plist-riscv32-unknown-elf | 36 +++++++ devel/binutils/pkg-plist-riscv64 | 36 +++++++ devel/binutils/pkg-plist-riscv64-none-elf | 36 +++++++ devel/binutils/pkg-plist-s390x | 68 ++++++++----- 24 files changed, 716 insertions(+), 220 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0f7027c36121bdb86fbc1e8b66d0dca7f562d3a2 commit 0f7027c36121bdb86fbc1e8b66d0dca7f562d3a2 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-30 13:10:02 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-09-06 14:22:30 +0000 devel/gnulibiberty: Update to 2.43 Requested by: antoine (as portmgr) PR: 281070 Exp-run by: antoine Approved by: portmgr (antoine, implicit) devel/gnulibiberty/Makefile | 4 ++-- devel/gnulibiberty/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
Unless we want to MFH this PR is now closed. Reopen if MFH is requested.
This patch caused a regression: x11/pixman no longer builds on armv7, when it built with binutils 2.40.