[OE-core] [PATCH][morty] glibc: Security fix CVE-2016-6323
Valek, Andrej
andrej.valek at siemens.com
Mon Apr 24 06:41:36 UTC 2017
Hi Armin,
Patches http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135828.html and http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135829.html are the same.
I have resubmitted them, because "[PATCH]" was missing message header. I don't know, if the word is required... (Patchwork didn't show them).
Andrej
> On 4/21/17 09:10 PM, akuster808 wrote:
> what is different about this one and the one sent on the 19th?
> -armin
>On 4/21/17 3:37 AM, Andrej Valek wrote:
> arm: mark __startcontext as .cantunwind, GNU
>
> CVE: CVE-2016-6323
> Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> Signed-off-by: Pascal Bach <pascal.bach at siemens.com>
> ---
> meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++++++++++++++++++++++
> meta/recipes-core/glibc/glibc_2.24.bb | 1 +
> 2 files changed, 40 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
> b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
> new file mode 100644
> index 0000000..f9b9fa5
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
> @@ -0,0 +1,39 @@
> +glibc-2.24: Fix CVE-2016-6323
> +
> +[No upstream tracking] --
> +https://sourceware.org/bugzilla/show_bug.cgi?id=20435
> +
> +arm: mark __startcontext as .cantunwind, GNU
> +
> +Glibc bug where the makecontext function would create an execution
> +context which is incompatible with the unwinder, causing it to hang
> +when the generation of a backtrace is attempted.
> +
> +Upstream-Status: Backport
> +[https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4
> +402b8d49e4abe7000fde7617]
> +CVE: CVE-2016-6323
> +Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> +Signed-off-by: Pascal Bach <pascal.bach at siemens.com>
> +
> +diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S
> +b/sysdeps/unix/sysv/linux/arm/setcontext.S
> +index 603e508..d1f168f 100644
> +--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
> ++++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
> +@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
> +
> + /* Called when a makecontext() context returns. Start the
> + context in R4 or fall through to exit(). */
> ++ /* Unwind descriptors are looked up based on PC - 2, so we have to
> ++ make sure to mark the instruction preceding the __startcontext
> ++ label as .cantunwind. */
> ++ .fnstart
> ++ .cantunwind
> ++ nop
> + ENTRY(__startcontext)
> + movs r0, r4
> + bne PLTJMP(__setcontext)
> +
> + @ New context was 0 - exit
> + b PLTJMP(HIDDEN_JUMPTARGET(exit))
> ++ .fnend
> + END(__startcontext)
> +
> + #ifdef PIC
> diff --git a/meta/recipes-core/glibc/glibc_2.24.bb
> b/meta/recipes-core/glibc/glibc_2.24.bb
> index f5a21b2..bce06c7 100644
> --- a/meta/recipes-core/glibc/glibc_2.24.bb
> +++ b/meta/recipes-core/glibc/glibc_2.24.bb
> @@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
> file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
> file://0026-build_local_scope.patch \
> + file://CVE-2016-6323.patch \
> "
>
> SRC_URI += "\
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core at lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list