---
- branch: MAIN
  date: Fri Jul 28 23:40:07 UTC 2017
  files:
  - new: '1.37'
    old: '1.36'
    path: pkgsrc/lang/gcc48/Makefile
    pathrev: pkgsrc/lang/gcc48/Makefile@1.37
    type: modified
  - new: '1.36'
    old: '1.35'
    path: pkgsrc/lang/gcc48/distinfo
    pathrev: pkgsrc/lang/gcc48/distinfo@1.36
    type: modified
  - new: '1.3'
    old: '0'
    path: pkgsrc/lang/gcc48/patches/patch-gcc_config_i386_i386.c
    pathrev: pkgsrc/lang/gcc48/patches/patch-gcc_config_i386_i386.c@1.3
    type: added
  id: 20170728T234007Z.e13e806909605c5acedeef8a6e468731f5a7eace
  log: |
    gcc48: backport upstream security fix
    Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)

    We should not expand call arguments in between flags reg setting and
    flags reg using instructions, as it may expand with flags reg
    clobbering insn (ADD in this case).

    Attached patch moves expansion out of the link. Also, change
    zero-extension to non-flags reg clobbering sequence in case we perform
    zero-extension with and.

    2017-03-25  Uros Bizjak
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/gcc48'
  unixtime: '1501285207'
  user: maya