[oe-commits] [openembedded-core] 20/41: glibc: Security fix CVE-2016-6323
git at git.openembedded.org
git at git.openembedded.org
Tue Aug 29 14:13:41 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch morty-next
in repository openembedded-core.
commit e80d454711f67a9a3a2a43bb7d9ff911c4664a84
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Sat Jun 17 10:20:51 2017 -0700
glibc: Security fix CVE-2016-6323
arm: mark __startcontext as .cantunwind, GNU
CVE: CVE-2016-6323
Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
Signed-off-by: Pascal Bach <pascal.bach at siemens.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.24.bb | 1 +
2 files changed, 40 insertions(+)
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
new file mode 100644
index 0000000..f9b9fa5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
@@ -0,0 +1,39 @@
+glibc-2.24: Fix CVE-2016-6323
+
+[No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435
+
+arm: mark __startcontext as .cantunwind, GNU
+
+Glibc bug where the makecontext function would create
+an execution context which is incompatible with the unwinder,
+causing it to hang when the generation of a backtrace is attempted.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617]
+CVE: CVE-2016-6323
+Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
+Signed-off-by: Pascal Bach <pascal.bach at siemens.com>
+
+diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
+index 603e508..d1f168f 100644
+--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
++++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
+@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
+
+ /* Called when a makecontext() context returns. Start the
+ context in R4 or fall through to exit(). */
++ /* Unwind descriptors are looked up based on PC - 2, so we have to
++ make sure to mark the instruction preceding the __startcontext
++ label as .cantunwind. */
++ .fnstart
++ .cantunwind
++ nop
+ ENTRY(__startcontext)
+ movs r0, r4
+ bne PLTJMP(__setcontext)
+
+ @ New context was 0 - exit
+ b PLTJMP(HIDDEN_JUMPTARGET(exit))
++ .fnend
+ END(__startcontext)
+
+ #ifdef PIC
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index b60b692..08ae459 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -38,6 +38,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
file://0026-build_local_scope.patch \
file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \
+ file://CVE-2016-6323.patch \
"
SRC_URI += "\
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list