* [warrior 00/29] Merge request
@ 2020-01-26 16:24 Armin Kuster
2020-01-26 16:24 ` [warrior 01/29] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Armin Kuster
` (28 more replies)
0 siblings, 29 replies; 30+ messages in thread
From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw)
To: openembedded-core
Please consider this for warrior.
All changes have already been posted on list
The following changes since commit 279c4da2e5f46dccfeff0c898c2205940be9e174:
stress: update SRC_URI (2020-01-11 19:39:37 -0800)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/warrior-next
http://cgit.openembedded.org//log/?h=stable/warrior-next
Adrian Bunk (13):
python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652
python/python3: Whitelist CVE-2019-18348
python3: Upgrade 3.7.5 -> 3.7.6
bind: Whitelist CVE-2019-6470
lighttpd: Backport the CVE-2019-11072 fix
glib-2.0: Backport the CVE-2019-12450 fix
lz4: Whitelist CVE-2014-4715
iputils: Whitelist CVE-2000-1213 CVE-2000-1214
systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844
systemd: Upgrade to a more recent snapshot from the 241 branch
openssl: Upgrade 1.1.1b -> 1.1.1c
openssl: Upgrade 1.1.1c -> 1.1.1d
openssl: Whitelist CVE-2019-0190
Anuj Mittal (6):
libarchive: fix CVE-2019-19221
glibc: fix CVE-2019-19126
nasm: fix CVE-2018-19755
nasm: fix CVE-2019-14248
sysstat: fix CVE-2019-19725
openssl: fix CVE-2019-1551
Hongxu Jia (1):
go: fix CVE-2019-17596
Joshua Watt (1):
python3: RDEPEND on libgcc
Khem Raj (1):
openssl: Enable os option for with-rand-seed as well
Mattias Hansson (1):
base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
Peter Kjellerstedt (2):
populate_sdk_ext.bbclass: No longer needed to clean away
conf/sanity_info
sanity.bbclass: Move sanity_info from conf to cache
Ross Burton (1):
wpa-supplicant: fix CVE-2019-16275
Trevor Gamblin (2):
binutils: fix CVE-2019-17450
binutils: fix CVE-2019-17451
Vinay Kumar (1):
gdb: Fix CVE-2019-1010180
meta/classes/base.bbclass | 1 +
meta/classes/populate_sdk_ext.bbclass | 2 +-
meta/classes/sanity.bbclass | 2 +-
meta/lib/oeqa/buildperf/base.py | 2 +-
.../bind/bind_9.11.5-P4.bb | 4 +
.../openssl/openssl/CVE-2019-1543.patch | 69 --
.../openssl/openssl/CVE-2019-1551.patch | 758 ++++++++++++++++++
.../openssl/openssl/afalg.patch | 6 +-
.../{openssl_1.1.1b.bb => openssl_1.1.1d.bb} | 16 +-
...re-management-frame-from-unexpected-.patch | 82 ++
.../wpa-supplicant/wpa-supplicant_2.7.bb | 1 +
...e-Limit-access-to-files-when-copying.patch | 57 ++
meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb | 1 +
.../glibc/glibc/CVE-2019-19126.patch | 32 +
meta/recipes-core/glibc/glibc_2.29.bb | 1 +
meta/recipes-core/systemd/systemd.inc | 9 +-
.../binutils/binutils-2.32.inc | 2 +
.../binutils/binutils/CVE-2019-17450.patch | 99 +++
.../binutils/binutils/CVE-2019-17451.patch | 51 ++
meta/recipes-devtools/gdb/gdb-8.2.1.inc | 1 +
.../gdb/gdb/CVE-2019-1010180.patch | 132 +++
meta/recipes-devtools/go/go-1.12.inc | 1 +
.../go/go-1.12/0010-fix-CVE-2019-17596.patch | 42 +
.../nasm/nasm/CVE-2018-19755.patch | 116 +++
.../nasm/nasm/CVE-2019-14248.patch | 43 +
meta/recipes-devtools/nasm/nasm_2.14.02.bb | 5 +-
meta/recipes-devtools/python/python.inc | 13 +
.../{python3_3.7.5.bb => python3_3.7.6.bb} | 9 +-
.../iputils/iputils_s20180629.bb | 4 +
.../libarchive/CVE-2019-19221.patch | 101 +++
.../libarchive/libarchive_3.3.3.bb | 1 +
...x-abort-in-http-parseopts-fixes-2945.patch | 54 ++
.../lighttpd/lighttpd_1.4.53.bb | 1 +
.../sysstat/sysstat/CVE-2019-19725.patch | 28 +
.../sysstat/sysstat_12.1.3.bb | 4 +-
meta/recipes-support/lz4/lz4_1.8.3.bb | 3 +
36 files changed, 1667 insertions(+), 86 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1b.bb => openssl_1.1.1d.bb} (92%)
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-19126.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch
create mode 100644 meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch
create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch
rename meta/recipes-devtools/python/{python3_3.7.5.bb => python3_3.7.6.bb} (97%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch
create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-core-fix-abort-in-http-parseopts-fixes-2945.patch
create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2019-19725.patch
--
2.17.1
^ permalink raw reply [flat|nested] 30+ messages in thread* [warrior 01/29] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 02/29] python/python3: Whitelist CVE-2019-18348 Armin Kuster ` (27 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> One Windows-only CVE that cannot be fixed, and two CVEs where upstream agreement is that they are not vulnerabilities. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/recipes-devtools/python/python.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index b093ea6f09..5d280dc63b 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -19,6 +19,16 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>2(\.\d+)+).tar" CVE_PRODUCT = "python" +# Upstream agreement is that these are not security issues: +# https://bugs.python.org/issue32367 +CVE_CHECK_WHITELIST += "CVE-2017-17522" +# https://bugs.python.org/issue32056 +CVE_CHECK_WHITELIST += "CVE-2017-18207" + +# Windows-only, "It was determined that this is a longtime behavior +# of Python that cannot really be altered at this point." +CVE_CHECK_WHITELIST += "CVE-2015-5652" + PYTHON_MAJMIN = "2.7" inherit autotools pkgconfig -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 02/29] python/python3: Whitelist CVE-2019-18348 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster 2020-01-26 16:24 ` [warrior 01/29] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 03/29] python3: Upgrade 3.7.5 -> 3.7.6 Armin Kuster ` (26 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> This is not exploitable when glibc has CVE-2016-10739 fixed, which is fixed in the upstream version since warrior. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/recipes-devtools/python/python.inc | 3 +++ meta/recipes-devtools/python/python3_3.7.5.bb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index 5d280dc63b..a2424a67bf 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -29,6 +29,9 @@ CVE_CHECK_WHITELIST += "CVE-2017-18207" # of Python that cannot really be altered at this point." CVE_CHECK_WHITELIST += "CVE-2015-5652" +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + PYTHON_MAJMIN = "2.7" inherit autotools pkgconfig diff --git a/meta/recipes-devtools/python/python3_3.7.5.bb b/meta/recipes-devtools/python/python3_3.7.5.bb index c560c4a29d..c90054d45a 100644 --- a/meta/recipes-devtools/python/python3_3.7.5.bb +++ b/meta/recipes-devtools/python/python3_3.7.5.bb @@ -46,6 +46,9 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" CVE_PRODUCT = "python" +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + PYTHON_MAJMIN = "3.7" PYTHON_BINABI = "${PYTHON_MAJMIN}m" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 03/29] python3: Upgrade 3.7.5 -> 3.7.6 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster 2020-01-26 16:24 ` [warrior 01/29] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Armin Kuster 2020-01-26 16:24 ` [warrior 02/29] python/python3: Whitelist CVE-2019-18348 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 04/29] python3: RDEPEND on libgcc Armin Kuster ` (25 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- .../python/{python3_3.7.5.bb => python3_3.7.6.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/python/{python3_3.7.5.bb => python3_3.7.6.bb} (98%) diff --git a/meta/recipes-devtools/python/python3_3.7.5.bb b/meta/recipes-devtools/python/python3_3.7.6.bb similarity index 98% rename from meta/recipes-devtools/python/python3_3.7.5.bb rename to meta/recipes-devtools/python/python3_3.7.6.bb index c90054d45a..7a569f9ca7 100644 --- a/meta/recipes-devtools/python/python3_3.7.5.bb +++ b/meta/recipes-devtools/python/python3_3.7.6.bb @@ -38,8 +38,8 @@ SRC_URI_append_class-nativesdk = " \ file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \ " -SRC_URI[md5sum] = "08ed8030b1183107c48f2092e79a87e2" -SRC_URI[sha256sum] = "e85a76ea9f3d6c485ec1780fca4e500725a4a7bbc63c78ebc44170de9b619d94" +SRC_URI[md5sum] = "c08fbee72ad5c2c95b0f4e44bf6fd72c" +SRC_URI[sha256sum] = "55a2cce72049f0794e9a11a84862e9039af9183603b78bc60d89539f82cf533f" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 04/29] python3: RDEPEND on libgcc 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (2 preceding siblings ...) 2020-01-26 16:24 ` [warrior 03/29] python3: Upgrade 3.7.5 -> 3.7.6 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 05/29] wpa-supplicant: fix CVE-2019-16275 Armin Kuster ` (24 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Joshua Watt <jpewhacker@gmail.com> Python uses features of glibc that require it to dynamically load (i.e. dlopen()) libgcc_s at runtime. However, since this isn't a link time dependency, it doesn't get picked up automatically by bitbake so manually add it to RDEPENDS. There is an outstanding bug in Python to make it explicitly link against libgcc at link time which would remove the need for this. See: https://bugs.python.org/issue37395 Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> [ merged the fix to make it glibc only ] Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/recipes-devtools/python/python3_3.7.6.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3_3.7.6.bb b/meta/recipes-devtools/python/python3_3.7.6.bb index 7a569f9ca7..3efd3bcac8 100644 --- a/meta/recipes-devtools/python/python3_3.7.6.bb +++ b/meta/recipes-devtools/python/python3_3.7.6.bb @@ -308,6 +308,8 @@ FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN} ${libdir}/python${PYTHON_MA PACKAGES += "${PN}-man" FILES_${PN}-man = "${datadir}/man" +# See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 +RDEPENDS_libpython3_append_libc-glibc = " libgcc" RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed" RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 05/29] wpa-supplicant: fix CVE-2019-16275 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (3 preceding siblings ...) 2020-01-26 16:24 ` [warrior 04/29] python3: RDEPEND on libgcc Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 06/29] binutils: fix CVE-2019-17450 Armin Kuster ` (23 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Ross Burton <ross.burton@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- ...re-management-frame-from-unexpected-.patch | 82 +++++++++++++++++++ .../wpa-supplicant/wpa-supplicant_2.7.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch new file mode 100644 index 0000000000..7b0713cf6d --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -0,0 +1,82 @@ +hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication +of disconnection in certain situations because source address validation is +mishandled. This is a denial of service that should have been prevented by PMF +(aka management frame protection). The attacker must send a crafted 802.11 frame +from a location that is within the 802.11 communications range. + +CVE: CVE-2019-16275 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb index 277bbaec63..542bbf4a9a 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb @@ -41,6 +41,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch \ file://0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch \ file://0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch \ + file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ " SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10" SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 06/29] binutils: fix CVE-2019-17450 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (4 preceding siblings ...) 2020-01-26 16:24 ` [warrior 05/29] wpa-supplicant: fix CVE-2019-16275 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 07/29] binutils: fix CVE-2019-17451 Armin Kuster ` (22 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Trevor Gamblin <trevor.gamblin@windriver.com> Backport upstream fix. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../binutils/binutils-2.32.inc | 1 + .../binutils/binutils/CVE-2019-17450.patch | 99 +++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index d3c52936d1..a92bfd0354 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -52,6 +52,7 @@ SRC_URI = "\ file://CVE-2019-12972.patch \ file://CVE-2019-14250.patch \ file://CVE-2019-14444.patch \ + file://CVE-2019-17450.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch new file mode 100644 index 0000000000..a6ce0b9a8a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch @@ -0,0 +1,99 @@ +From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 9 Oct 2019 00:07:29 +1030 +Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance + +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog +file. There are newer versions of binutils, but none of them contain the +commit fixing CVE-2019-17450, so backport it to master and zeus. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79] +CVE: CVE-2019-17450 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + + PR 25078 + * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add + recur_count. Error on recur_count reaching 100 rather than + info_ptr matching orig_info_ptr. Adjust calls. + +--- + bfd/dwarf2.c | 35 +++++++++++++++++------------------ + 1 file changed, 17 insertions(+), 18 deletions(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 0b4e485582..20ec9e2e56 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit *unit, + } + + static bfd_boolean +-find_abstract_instance (struct comp_unit * unit, +- bfd_byte * orig_info_ptr, +- struct attribute * attr_ptr, +- const char ** pname, +- bfd_boolean * is_linkage, +- char ** filename_ptr, +- int * linenumber_ptr) ++find_abstract_instance (struct comp_unit *unit, ++ struct attribute *attr_ptr, ++ unsigned int recur_count, ++ const char **pname, ++ bfd_boolean *is_linkage, ++ char **filename_ptr, ++ int *linenumber_ptr) + { + bfd *abfd = unit->abfd; + bfd_byte *info_ptr; +@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit * unit, + struct attribute attr; + const char *name = NULL; + ++ if (recur_count == 100) ++ { ++ _bfd_error_handler ++ (_("DWARF error: abstract instance recursion detected")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ + if (attr_ptr->form == DW_FORM_ref_addr) +@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit * unit, + info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; +- /* It doesn't ever make sense for DW_AT_specification to +- refer to the same DIE. Stop simple recursion. */ +- if (info_ptr == orig_info_ptr) +- { +- _bfd_error_handler +- (_("DWARF error: abstract instance recursion detected")); +- bfd_set_error (bfd_error_bad_value); +- return FALSE; +- } + switch (attr.name) + { + case DW_AT_name: +@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit * unit, + } + break; + case DW_AT_specification: +- if (!find_abstract_instance (unit, info_ptr, &attr, ++ if (!find_abstract_instance (unit, &attr, recur_count + 1, + &name, is_linkage, + filename_ptr, linenumber_ptr)) + return FALSE; +@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit) + + case DW_AT_abstract_origin: + case DW_AT_specification: +- if (!find_abstract_instance (unit, info_ptr, &attr, ++ if (!find_abstract_instance (unit, &attr, 0, + &func->name, + &func->is_linkage, + &func->file, +-- +2.23.0 + -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 07/29] binutils: fix CVE-2019-17451 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (5 preceding siblings ...) 2020-01-26 16:24 ` [warrior 06/29] binutils: fix CVE-2019-17450 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 08/29] bind: Whitelist CVE-2019-6470 Armin Kuster ` (21 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Trevor Gamblin <trevor.gamblin@windriver.com> Backport upstream fix. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../binutils/binutils-2.32.inc | 1 + .../binutils/binutils/CVE-2019-17451.patch | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index a92bfd0354..739ba70cf2 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -53,6 +53,7 @@ SRC_URI = "\ file://CVE-2019-14250.patch \ file://CVE-2019-14444.patch \ file://CVE-2019-17450.patch \ + file://CVE-2019-17451.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch new file mode 100644 index 0000000000..b36a532668 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch @@ -0,0 +1,51 @@ +From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 9 Oct 2019 10:47:13 +1030 +Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line + +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog +file. There are newer versions of binutils, but none of them contain the +commit fixing CVE-2019-17451, so backport it to master and zeus. + +Upstream-Status: Backport +[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848] +CVE: CVE-2019-17451 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + + +Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1 +and ffffd5555453b140 result in a total size of 1. Reading the first +section of course overflows the buffer and tramples on other memory. + + PR 25070 + * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of + total_size calculation. +--- + bfd/dwarf2.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 0b4e485582..a91597b1d0 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd, + for (total_size = 0; + msec; + msec = find_debug_info (debug_bfd, debug_sections, msec)) +- total_size += msec->size; ++ { ++ /* Catch PR25070 testcase overflowing size calculation here. */ ++ if (total_size + msec->size < total_size ++ || total_size + msec->size < msec->size) ++ { ++ bfd_set_error (bfd_error_no_memory); ++ return FALSE; ++ } ++ total_size += msec->size; ++ } + + stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); + if (stash->info_ptr_memory == NULL) +-- +2.23.0 + -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 08/29] bind: Whitelist CVE-2019-6470 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (6 preceding siblings ...) 2020-01-26 16:24 ` [warrior 07/29] binutils: fix CVE-2019-17451 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 09/29] gdb: Fix CVE-2019-1010180 Armin Kuster ` (20 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/recipes-connectivity/bind/bind_9.11.5-P4.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb index 4fc0f19875..5d52b696c8 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb @@ -37,6 +37,10 @@ UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/" RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021" +# BIND >= 9.11.2 need dhcpd >= 4.4.0, +# don't report it here since dhcpd is already recent enough. +CVE_CHECK_WHITELIST += "CVE-2019-6470" + inherit autotools update-rc.d systemd useradd pkgconfig multilib_script MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 09/29] gdb: Fix CVE-2019-1010180 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (7 preceding siblings ...) 2020-01-26 16:24 ` [warrior 08/29] bind: Whitelist CVE-2019-6470 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 10/29] libarchive: fix CVE-2019-19221 Armin Kuster ` (19 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Vinay Kumar <vinay.m.engg@gmail.com> Source: git://sourceware.org/git/binutils-gdb.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=23657 Backported upstream commit 950b74950f6020eda38647f22e9077ac7f68ca49 to gdb-8.3.1 sources. Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49] Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/recipes-devtools/gdb/gdb-8.2.1.inc | 1 + .../gdb/gdb/CVE-2019-1010180.patch | 132 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch diff --git a/meta/recipes-devtools/gdb/gdb-8.2.1.inc b/meta/recipes-devtools/gdb/gdb-8.2.1.inc index f28b57439c..8fa48171f4 100644 --- a/meta/recipes-devtools/gdb/gdb-8.2.1.inc +++ b/meta/recipes-devtools/gdb/gdb-8.2.1.inc @@ -19,6 +19,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \ file://0001-Fix-build-with-latest-GCC-9.0-tree.patch \ file://CVE-2017-9778.patch \ file://0012-AArch64-Fix-the-gdb-build-with-musl-libc.patch \ + file://CVE-2019-1010180.patch \ " SRC_URI[md5sum] = "f8b2562e830a4098dd5b5ea9e9296c70" SRC_URI[sha256sum] = "0a6a432907a03c5c8eaad3c3cffd50c00a40c3a5e3c4039440624bae703f2202" diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch b/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch new file mode 100644 index 0000000000..46b2b3a713 --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch @@ -0,0 +1,132 @@ +From 950b74950f6020eda38647f22e9077ac7f68ca49 Mon Sep 17 00:00:00 2001 +From: Keith Seitz <keiths@redhat.com> +Date: Wed, 16 Oct 2019 11:33:59 -0700 +Subject: [PATCH] DWARF reader: Reject sections with invalid sizes + +This is another fuzzer bug, gdb/23567. This time, the fuzzer has +specifically altered the size of .debug_str: + +$ eu-readelf -S objdump +Section Headers: +[Nr] Name Type Addr Off Size ES Flags Lk Inf Al +[31] .debug_str PROGBITS 0000000000000000 0057116d ffffffffffffffff 1 MS 0 0 1 + +When this file is loaded into GDB, the DWARF reader crashes attempting +to access the string table (or it may just store a bunch of nonsense): + +[gdb-8.3-6-fc30] +$ gdb -nx -q objdump +BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size +Reading symbols from /path/to/objdump... +Segmentation fault (core dumped) + +Nick has already committed a BFD patch to issue the warning seen above. + +[gdb master 6acc1a0b] +$ gdb -BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size +Reading symbols from /path/to/objdump... +(gdb) inf func +All defined functions: + +File ./../include/dwarf2.def: +186: const + + 8 *>(.: + ;'@�B); +747: const + + 8 *�(.: + ;'@�B); +701: const + + 8 *�D � + (.: + ;'@�B); +71: const + + 8 *(.: + ;'@�B); +/* and more gibberish */ + +Consider read_indirect_string_at_offset_from: + +static const char * +read_indirect_string_at_offset_from (struct objfile *objfile, + bfd *abfd, LONGEST str_offset, + struct dwarf2_section_info *sect, + const char *form_name, + const char *sect_name) +{ + dwarf2_read_section (objfile, sect); + if (sect->buffer == NULL) + error (_("%s used without %s section [in module %s]"), + form_name, sect_name, bfd_get_filename (abfd)); + if (str_offset >= sect->size) + error (_("%s pointing outside of %s section [in module %s]"), + form_name, sect_name, bfd_get_filename (abfd)); + gdb_assert (HOST_CHAR_BIT == 8); + if (sect->buffer[str_offset] == '\0') + return NULL; + return (const char *) (sect->buffer + str_offset); +} + +With sect_size being ginormous, the code attempts to access +sect->buffer[GINORMOUS], and depending on the layout of memory, +GDB either stores a bunch of gibberish strings or crashes. + +This is an attempt to mitigate this by implementing a similar approach +used by BFD. In our case, we simply reject the section with the invalid +length: + +$ ./gdb -nx -q objdump +BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size +Reading symbols from /path/to/objdump... + +warning: Discarding section .debug_str which has a section size (ffffffffffffffff) larger than the file size [in module /path/to/objdump] +DW_FORM_strp used without .debug_str section [in module /path/to/objdump] +(No debugging symbols found in /path/to/objdump) +(gdb) + +Unfortunately, I have not found a way to regression test this, since it +requires poking ELF section headers. + +gdb/ChangeLog: +2019-10-16 Keith Seitz <keiths@redhat.com> + + PR gdb/23567 + * dwarf2read.c (dwarf2_per_objfile::locate_sections): Discard + sections whose size is greater than the file size. + +Change-Id: I896ac3b4eb2207c54e8e05c16beab3051d9b4b2f + +CVE: CVE-2019-1010180 +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49] +[Removed Changelog entry] +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> +--- + gdb/dwarf2read.c | 9 +++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c +index 0443b55..a78f818 100644 +--- a/gdb/dwarf2read.c ++++ b/gdb/dwarf2read.c +@@ -2338,6 +2338,15 @@ dwarf2_per_objfile::locate_sections (bfd *abfd, asection *sectp, + if ((aflag & SEC_HAS_CONTENTS) == 0) + { + } ++ else if (elf_section_data (sectp)->this_hdr.sh_size ++ > bfd_get_file_size (abfd)) ++ { ++ bfd_size_type size = elf_section_data (sectp)->this_hdr.sh_size; ++ warning (_("Discarding section %s which has a section size (%s" ++ ") larger than the file size [in module %s]"), ++ bfd_section_name (abfd, sectp), phex_nz (size, sizeof (size)), ++ bfd_get_filename (abfd)); ++ } + else if (section_is_p (sectp->name, &names.info)) + { + this->info.s.section = sectp; +-- +2.7.4 + -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 10/29] libarchive: fix CVE-2019-19221 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (8 preceding siblings ...) 2020-01-26 16:24 ` [warrior 09/29] gdb: Fix CVE-2019-1010180 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 11/29] glibc: fix CVE-2019-19126 Armin Kuster ` (18 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Also see: https://github.com/libarchive/libarchive/issues/1276 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../libarchive/CVE-2019-19221.patch | 101 ++++++++++++++++++ .../libarchive/libarchive_3.3.3.bb | 1 + 2 files changed, 102 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch new file mode 100644 index 0000000000..b57e87874f --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2019-19221.patch @@ -0,0 +1,101 @@ +From 22b1db9d46654afc6f0c28f90af8cdc84a199f41 Mon Sep 17 00:00:00 2001 +From: Martin Matuska <martin@matuska.org> +Date: Thu, 21 Nov 2019 03:08:40 +0100 +Subject: [PATCH] Bugfix and optimize archive_wstring_append_from_mbs() + +The cal to mbrtowc() or mbtowc() should read up to mbs_length +bytes and not wcs_length. This avoids out-of-bounds reads. + +mbrtowc() and mbtowc() return (size_t)-1 wit errno EILSEQ when +they encounter an invalid multibyte character and (size_t)-2 when +they they encounter an incomplete multibyte character. As we return +failure and all our callers error out it makes no sense to continue +parsing mbs. + +As we allocate `len` wchars at the beginning and each wchar has +at least one byte, there will never be need to grow the buffer, +so the code can be left out. On the other hand, we are always +allocatng more memory than we need. + +As long as wcs_length == mbs_length == len we can omit wcs_length. +We keep the old code commented if we decide to save memory and +use autoexpanding wcs_length in the future. + +Fixes #1276 + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41] +CVE: CVE-2019-19221 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + libarchive/archive_string.c | 28 +++++++++++++++++----------- + 1 file changed, 17 insertions(+), 11 deletions(-) + +diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c +index 979a418b6..bd39c96f1 100644 +--- a/libarchive/archive_string.c ++++ b/libarchive/archive_string.c +@@ -591,7 +591,7 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, + * No single byte will be more than one wide character, + * so this length estimate will always be big enough. + */ +- size_t wcs_length = len; ++ // size_t wcs_length = len; + size_t mbs_length = len; + const char *mbs = p; + wchar_t *wcs; +@@ -600,7 +600,11 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, + + memset(&shift_state, 0, sizeof(shift_state)); + #endif +- if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) ++ /* ++ * As we decided to have wcs_length == mbs_length == len ++ * we can use len here instead of wcs_length ++ */ ++ if (NULL == archive_wstring_ensure(dest, dest->length + len + 1)) + return (-1); + wcs = dest->s + dest->length; + /* +@@ -609,6 +613,12 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, + * multi bytes. + */ + while (*mbs && mbs_length > 0) { ++ /* ++ * The buffer we allocated is always big enough. ++ * Keep this code path in a comment if we decide to choose ++ * smaller wcs_length in the future ++ */ ++/* + if (wcs_length == 0) { + dest->length = wcs - dest->s; + dest->s[dest->length] = L'\0'; +@@ -618,24 +628,20 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, + return (-1); + wcs = dest->s + dest->length; + } ++*/ + #if HAVE_MBRTOWC +- r = mbrtowc(wcs, mbs, wcs_length, &shift_state); ++ r = mbrtowc(wcs, mbs, mbs_length, &shift_state); + #else +- r = mbtowc(wcs, mbs, wcs_length); ++ r = mbtowc(wcs, mbs, mbs_length); + #endif + if (r == (size_t)-1 || r == (size_t)-2) { + ret_val = -1; +- if (errno == EILSEQ) { +- ++mbs; +- --mbs_length; +- continue; +- } else +- break; ++ break; + } + if (r == 0 || r > mbs_length) + break; + wcs++; +- wcs_length--; ++ // wcs_length--; + mbs += r; + mbs_length -= r; + } diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb index af5ca65297..36d5bffe09 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb @@ -40,6 +40,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2018-1000880.patch \ file://CVE-2019-1000019.patch \ file://CVE-2019-1000020.patch \ + file://CVE-2019-19221.patch \ " SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 11/29] glibc: fix CVE-2019-19126 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (9 preceding siblings ...) 2020-01-26 16:24 ` [warrior 10/29] libarchive: fix CVE-2019-19221 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 12/29] lighttpd: Backport the CVE-2019-11072 fix Armin Kuster ` (17 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Backport from 2.30 stable branch and drop NEWS section. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../glibc/glibc/CVE-2019-19126.patch | 32 +++++++++++++++++++ meta/recipes-core/glibc/glibc_2.29.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-19126.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-19126.patch b/meta/recipes-core/glibc/glibc/CVE-2019-19126.patch new file mode 100644 index 0000000000..aead04c485 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2019-19126.patch @@ -0,0 +1,32 @@ +From 37c90e117310728a4ad1eb998c0bbe7d79c4a398 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net> +Date: Thu, 21 Nov 2019 00:20:15 +0100 +Subject: [PATCH] rtld: Check __libc_enable_secure before honoring + LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] + +The problem was introduced in glibc 2.23, in commit +b9eb92ab05204df772eb4929eccd018637c9f3e9 +("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). + +(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e) + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398] +CVE: CVE-2019-19126 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- +diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +index 975cbe2..df2cdfd 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h ++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +@@ -31,7 +31,8 @@ + environment variable, LD_PREFER_MAP_32BIT_EXEC. */ + #define EXTRA_LD_ENVVARS \ + case 21: \ +- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ ++ if (!__libc_enable_secure \ ++ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ + GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ + |= bit_arch_Prefer_MAP_32BIT_EXEC; \ + break; +-- +2.9.3 diff --git a/meta/recipes-core/glibc/glibc_2.29.bb b/meta/recipes-core/glibc/glibc_2.29.bb index c6b2caad42..28af4d1ba4 100644 --- a/meta/recipes-core/glibc/glibc_2.29.bb +++ b/meta/recipes-core/glibc/glibc_2.29.bb @@ -56,6 +56,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0030-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ file://0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch \ file://CVE-2019-9169.patch \ + file://CVE-2019-19126.patch \ " S = "${WORKDIR}/git" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 12/29] lighttpd: Backport the CVE-2019-11072 fix 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (10 preceding siblings ...) 2020-01-26 16:24 ` [warrior 11/29] glibc: fix CVE-2019-19126 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 13/29] glib-2.0: Backport the CVE-2019-12450 fix Armin Kuster ` (16 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- ...x-abort-in-http-parseopts-fixes-2945.patch | 54 +++++++++++++++++++ .../lighttpd/lighttpd_1.4.53.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-core-fix-abort-in-http-parseopts-fixes-2945.patch diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-core-fix-abort-in-http-parseopts-fixes-2945.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-core-fix-abort-in-http-parseopts-fixes-2945.patch new file mode 100644 index 0000000000..123bb94c60 --- /dev/null +++ b/meta/recipes-extended/lighttpd/lighttpd/0001-core-fix-abort-in-http-parseopts-fixes-2945.patch @@ -0,0 +1,54 @@ +From 32120d5b8b3203fc21ccb9eafb0eaf824bb59354 Mon Sep 17 00:00:00 2001 +From: Glenn Strauss <gstrauss@gluelogic.com> +Date: Wed, 10 Apr 2019 11:28:10 -0400 +Subject: [core] fix abort in http-parseopts (fixes #2945) + +fix abort in server.http-parseopts with url-path-2f-decode enabled + +(thx stze) + +x-ref: + "Security - SIGABRT during GET request handling with url-path-2f-decode enabled" + https://redmine.lighttpd.net/issues/2945 + +CVE: CVE-2019-11072 +Upstream-Status: Backport +Signed-off-by: Adrian Bunk <bunk@stusta.de> +--- + src/burl.c | 6 ++++-- + src/t/test_burl.c | 2 ++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/burl.c b/src/burl.c +index 51182628..c4b928fd 100644 +--- a/src/burl.c ++++ b/src/burl.c +@@ -252,8 +252,10 @@ static int burl_normalize_2F_to_slash_fix (buffer *b, int qs, int i) + } + } + if (qs >= 0) { +- memmove(s+j, s+qs, blen - qs); +- j += blen - qs; ++ const int qslen = blen - qs; ++ memmove(s+j, s+qs, (size_t)qslen); ++ qs = j; ++ j += qslen; + } + buffer_string_set_length(b, j); + return qs; +diff --git a/src/t/test_burl.c b/src/t/test_burl.c +index 7be9be50..f7a16815 100644 +--- a/src/t/test_burl.c ++++ b/src/t/test_burl.c +@@ -97,6 +97,8 @@ static void test_burl_normalize (void) { + flags |= HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE; + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a/b?c=/"), CONST_STR_LEN("/a/b?c=/")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a/b?c=%2f"), CONST_STR_LEN("/a/b?c=/")); ++ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("%2f?"), CONST_STR_LEN("/?")); ++ run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/%2f?"), CONST_STR_LEN("//?")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2fb"), CONST_STR_LEN("/a/b")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2Fb"), CONST_STR_LEN("/a/b")); + run_burl_normalize(psrc, ptmp, flags, __LINE__, CONST_STR_LEN("/a%2fb?c=/"), CONST_STR_LEN("/a/b?c=/")); +-- +2.17.1 + diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.53.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.53.bb index a0b350f358..1259e63bfe 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.53.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.53.bb @@ -17,6 +17,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://lighttpd.conf \ file://lighttpd \ file://0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch \ + file://0001-core-fix-abort-in-http-parseopts-fixes-2945.patch \ " SRC_URI[md5sum] = "f93436d8d400b2b0e26ee4bcc60b9ac7" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 13/29] glib-2.0: Backport the CVE-2019-12450 fix 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (11 preceding siblings ...) 2020-01-26 16:24 ` [warrior 12/29] lighttpd: Backport the CVE-2019-11072 fix Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 14/29] nasm: fix CVE-2018-19755 Armin Kuster ` (15 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- ...e-Limit-access-to-files-when-copying.patch | 57 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch new file mode 100644 index 0000000000..8fc03d1aed --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch @@ -0,0 +1,57 @@ +From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy <oholy@redhat.com> +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. + +CVE: CVE-2019-12450 +Upstream-Status: Backport +Signed-off-by: Adrian Bunk <bunk@stusta.de> +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 1cc69166a..13b435480 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) +-- +2.20.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb index 2286d03148..f151a3358f 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb @@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ file://glib-meson.cross \ file://CVE-2019-13012.patch \ + file://0001-gfile-Limit-access-to-files-when-copying.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 14/29] nasm: fix CVE-2018-19755 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (12 preceding siblings ...) 2020-01-26 16:24 ` [warrior 13/29] glib-2.0: Backport the CVE-2019-12450 fix Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 15/29] nasm: fix CVE-2019-14248 Armin Kuster ` (14 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../nasm/nasm/CVE-2018-19755.patch | 116 ++++++++++++++++++ meta/recipes-devtools/nasm/nasm_2.14.02.bb | 4 +- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch b/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch new file mode 100644 index 0000000000..6e3f909d0f --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch @@ -0,0 +1,116 @@ +From 3079f7966dbed4497e36d5067cbfd896a90358cb Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov <gorcunov@gmail.com> +Date: Wed, 14 Nov 2018 10:03:42 +0300 +Subject: [PATCH] preproc: Fix malformed parameter count + +readnum returns 64bit number which may become +a negative integer upon conversion which in +turn lead to out of bound array access. + +Fix it by explicit conversion with bounds check + + | POC6:2: error: parameter count `2222222222' is out of bounds [0; 2147483647] + +https://bugzilla.nasm.us/show_bug.cgi?id=3392528 + +Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> + +Upstream-Status: Backport +CVE: CVE-2018-19755 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + asm/preproc.c | 43 +++++++++++++++++++++---------------------- + 1 file changed, 21 insertions(+), 22 deletions(-) + +diff --git a/asm/preproc.c b/asm/preproc.c +index b6afee3..e5ad05a 100644 +--- a/asm/preproc.c ++++ b/asm/preproc.c +@@ -1650,6 +1650,23 @@ smacro_defined(Context * ctx, const char *name, int nparam, SMacro ** defn, + return false; + } + ++/* param should be a natural number [0; INT_MAX] */ ++static int read_param_count(const char *str) ++{ ++ int result; ++ bool err; ++ ++ result = readnum(str, &err); ++ if (result < 0 || result > INT_MAX) { ++ result = 0; ++ nasm_error(ERR_NONFATAL, "parameter count `%s' is out of bounds [%d; %d]", ++ str, 0, INT_MAX); ++ } else if (err) { ++ nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'", str); ++ } ++ return result; ++} ++ + /* + * Count and mark off the parameters in a multi-line macro call. + * This is called both from within the multi-line macro expansion +@@ -1871,11 +1888,7 @@ static bool if_condition(Token * tline, enum preproc_token ct) + pp_directives[ct]); + } else { + searching.nparam_min = searching.nparam_max = +- readnum(tline->text, &j); +- if (j) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", +- tline->text); ++ read_param_count(tline->text); + } + if (tline && tok_is_(tline->next, "-")) { + tline = tline->next->next; +@@ -1886,11 +1899,7 @@ static bool if_condition(Token * tline, enum preproc_token ct) + "`%s' expects a parameter count after `-'", + pp_directives[ct]); + else { +- searching.nparam_max = readnum(tline->text, &j); +- if (j) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", +- tline->text); ++ searching.nparam_max = read_param_count(tline->text); + if (searching.nparam_min > searching.nparam_max) { + nasm_error(ERR_NONFATAL, + "minimum parameter count exceeds maximum"); +@@ -2079,8 +2088,6 @@ static void undef_smacro(Context *ctx, const char *mname) + */ + static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + { +- bool err; +- + tline = tline->next; + skip_white_(tline); + tline = expand_id(tline); +@@ -2103,11 +2110,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + if (!tok_type_(tline, TOK_NUMBER)) { + nasm_error(ERR_NONFATAL, "`%s' expects a parameter count", directive); + } else { +- def->nparam_min = def->nparam_max = +- readnum(tline->text, &err); +- if (err) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", tline->text); ++ def->nparam_min = def->nparam_max = read_param_count(tline->text); + } + if (tline && tok_is_(tline->next, "-")) { + tline = tline->next->next; +@@ -2117,11 +2120,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + nasm_error(ERR_NONFATAL, + "`%s' expects a parameter count after `-'", directive); + } else { +- def->nparam_max = readnum(tline->text, &err); +- if (err) { +- nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'", +- tline->text); +- } ++ def->nparam_max = read_param_count(tline->text); + if (def->nparam_min > def->nparam_max) { + nasm_error(ERR_NONFATAL, "minimum parameter count exceeds maximum"); + def->nparam_max = def->nparam_min; +-- +2.10.5.GIT + diff --git a/meta/recipes-devtools/nasm/nasm_2.14.02.bb b/meta/recipes-devtools/nasm/nasm_2.14.02.bb index ecec78d8ec..e4f964ce93 100644 --- a/meta/recipes-devtools/nasm/nasm_2.14.02.bb +++ b/meta/recipes-devtools/nasm/nasm_2.14.02.bb @@ -3,7 +3,9 @@ SECTION = "devel" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" -SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2" +SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ + file://CVE-2018-19755.patch \ + " SRC_URI[md5sum] = "3f489aa48ad2aa1f967dc5e293bbd06f" SRC_URI[sha256sum] = "34fd26c70a277a9fdd54cb5ecf389badedaf48047b269d1008fbc819b24e80bc" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 15/29] nasm: fix CVE-2019-14248 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (13 preceding siblings ...) 2020-01-26 16:24 ` [warrior 14/29] nasm: fix CVE-2018-19755 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 16/29] go: fix CVE-2019-17596 Armin Kuster ` (13 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> See: https://bugzilla.nasm.us/show_bug.cgi?id=3392576 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../nasm/nasm/CVE-2019-14248.patch | 43 +++++++++++++++++++ meta/recipes-devtools/nasm/nasm_2.14.02.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch b/meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch new file mode 100644 index 0000000000..d45d2cb465 --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/CVE-2019-14248.patch @@ -0,0 +1,43 @@ +From 93d41d82963b2cfd0b24c906f5a8daf53281b559 Mon Sep 17 00:00:00 2001 +From: "H. Peter Anvin (Intel)" <hpa@zytor.com> +Date: Fri, 16 Aug 2019 01:12:54 -0700 +Subject: [PATCH] BR 3392576: don't segfault on a bad %pragma limit + +Don't segfault on a bad %pragma limit. Instead treat a NULL pointer as +an empty string. + +Reported-by: Ren Kimura <rkx1209dev@gmail.com> +Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com> + +CVE: CVE-2019-14248 +Upstream-Status: Backport [https://repo.or.cz/nasm.git/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + asm/nasm.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/asm/nasm.c b/asm/nasm.c +index c84d675..65116ab 100644 +--- a/asm/nasm.c ++++ b/asm/nasm.c +@@ -212,6 +212,11 @@ nasm_set_limit(const char *limit, const char *valstr) + bool rn_error; + int errlevel; + ++ if (!limit) ++ limit = ""; ++ if (!valstr) ++ valstr = ""; ++ + for (i = 0; i <= LIMIT_MAX; i++) { + if (!nasm_stricmp(limit, limit_info[i].name)) + break; +@@ -204,7 +209,7 @@ nasm_set_limit(const char *limit, const char *valstr) + errlevel = ERR_WARNING|ERR_NOFILE|ERR_USAGE; + else + errlevel = ERR_WARNING|ERR_PASS1|WARN_UNKNOWN_PRAGMA; +- nasm_error(errlevel, "unknown limit: `%s'", limit); ++ nasm_error(errlevel, "invalid limit value: `%s'", valstr); + return DIRR_ERROR; + } + diff --git a/meta/recipes-devtools/nasm/nasm_2.14.02.bb b/meta/recipes-devtools/nasm/nasm_2.14.02.bb index e4f964ce93..bd4ecea8b6 100644 --- a/meta/recipes-devtools/nasm/nasm_2.14.02.bb +++ b/meta/recipes-devtools/nasm/nasm_2.14.02.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://CVE-2018-19755.patch \ + file://CVE-2019-14248.patch \ " SRC_URI[md5sum] = "3f489aa48ad2aa1f967dc5e293bbd06f" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 16/29] go: fix CVE-2019-17596 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (14 preceding siblings ...) 2020-01-26 16:24 ` [warrior 15/29] nasm: fix CVE-2019-14248 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 17/29] base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot Armin Kuster ` (12 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Hongxu Jia <hongxu.jia@windriver.com> https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/recipes-devtools/go/go-1.12.inc | 1 + .../go/go-1.12/0010-fix-CVE-2019-17596.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch diff --git a/meta/recipes-devtools/go/go-1.12.inc b/meta/recipes-devtools/go/go-1.12.inc index ed14b175e6..6aecaad75d 100644 --- a/meta/recipes-devtools/go/go-1.12.inc +++ b/meta/recipes-devtools/go/go-1.12.inc @@ -17,6 +17,7 @@ SRC_URI += "\ file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \ + file://0010-fix-CVE-2019-17596.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch b/meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch new file mode 100644 index 0000000000..134cfab737 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.12/0010-fix-CVE-2019-17596.patch @@ -0,0 +1,42 @@ +From f1783e1ce44a86c000a7c380a57a805c89c3efbe Mon Sep 17 00:00:00 2001 +From: Katie Hockman <katie@golang.org> +Date: Mon, 14 Oct 2019 16:42:21 -0400 +Subject: [PATCH] crypto/dsa: prevent bad public keys from causing panic + +dsa.Verify might currently use a nil s inverse in a +multiplication if the public key contains a non-prime Q, +causing a panic. Change this to check that the mod +inverse exists before using it. + +Fixes CVE-2019-17596 + +Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809 +Reviewed-by: Filippo Valsorda <valsorda@google.com> +(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7) +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232 + +CVE: CVE-2019-17596 +Upstream-Status: Backport [https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + src/crypto/dsa/dsa.go | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go +index 575314b..2fc4f1f 100644 +--- a/src/crypto/dsa/dsa.go ++++ b/src/crypto/dsa/dsa.go +@@ -279,6 +279,9 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { + } + + w := new(big.Int).ModInverse(s, pub.Q) ++ if w == nil { ++ return false ++ } + + n := pub.Q.BitLen() + if n&7 != 0 { +-- +2.23.0 + -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 17/29] base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (15 preceding siblings ...) 2020-01-26 16:24 ` [warrior 16/29] go: fix CVE-2019-17596 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 18/29] sysstat: fix CVE-2019-19725 Armin Kuster ` (11 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Mattias Hansson <mattias.hansson@axis.com> do_prepare_recipe_sysroot may perform groupadd, which requires pseudo. However, do_prepare_recipe_sysroot does not depend on pseudo explicitly, which sometimes causes a build error when building a recipe that adds groups. This issue only occurs when executing do_prepare_recipe_sysroot for a recipe that adds groups before finishing a task that depends on pseudo for a recipe that doesn't add groups. Signed-off-by: Mattias Hansson <mattihn@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- meta/classes/base.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 1636c6ef93..d6f566a413 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -476,6 +476,7 @@ python () { # If we're building a target package we need to use fakeroot (pseudo) # in order to capture permissions, owners, groups and special files if not bb.data.inherits_class('native', d) and not bb.data.inherits_class('cross', d): + d.appendVarFlag('do_prepare_recipe_sysroot', 'depends', ' virtual/fakeroot-native:do_populate_sysroot') d.setVarFlag('do_unpack', 'umask', '022') d.setVarFlag('do_configure', 'umask', '022') d.setVarFlag('do_compile', 'umask', '022') -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 18/29] sysstat: fix CVE-2019-19725 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (16 preceding siblings ...) 2020-01-26 16:24 ` [warrior 17/29] base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 19/29] lz4: Whitelist CVE-2014-4715 Armin Kuster ` (10 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> --- .../sysstat/sysstat/CVE-2019-19725.patch | 28 +++++++++++++++++++ .../sysstat/sysstat_12.1.3.bb | 4 ++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/sysstat/sysstat/CVE-2019-19725.patch diff --git a/meta/recipes-extended/sysstat/sysstat/CVE-2019-19725.patch b/meta/recipes-extended/sysstat/sysstat/CVE-2019-19725.patch new file mode 100644 index 0000000000..2aa12724f8 --- /dev/null +++ b/meta/recipes-extended/sysstat/sysstat/CVE-2019-19725.patch @@ -0,0 +1,28 @@ +From a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD <sysstat@users.noreply.github.com> +Date: Mon, 9 Dec 2019 17:54:07 +0100 +Subject: [PATCH] Fix #242: Double free in check_file_actlst() + +Avoid freeing buffer() twice. + +Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com> + +Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed] +CVE: CVE-2019-19725 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + sa_common.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sa_common.c b/sa_common.c +index cf52aefe..856a3715 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -2153,6 +2153,7 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[], uint64_t f + } + + free(buffer); ++ buffer = NULL; + + /* Check that at least one activity selected by the user is available in file */ + for (i = 0; i < NR_ACT; i++) { diff --git a/meta/recipes-extended/sysstat/sysstat_12.1.3.bb b/meta/recipes-extended/sysstat/sysstat_12.1.3.bb index 5daf3f45f5..1b552166b0 100644 --- a/meta/recipes-extended/sysstat/sysstat_12.1.3.bb +++ b/meta/recipes-extended/sysstat/sysstat_12.1.3.bb @@ -2,7 +2,9 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb" -SRC_URI += "file://0001-Include-needed-headers-explicitly.patch" +SRC_URI += "file://0001-Include-needed-headers-explicitly.patch \ + file://CVE-2019-19725.patch \ +" SRC_URI[md5sum] = "0f9b73f60aba6fd49de346bc384902c3" SRC_URI[sha256sum] = "55498bf82755ba9fed3e7df61fd26f8f50dd3e7b3b229c731029a4c8ab51a1aa" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 19/29] lz4: Whitelist CVE-2014-4715 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (17 preceding siblings ...) 2020-01-26 16:24 ` [warrior 18/29] sysstat: fix CVE-2019-19725 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 20/29] iputils: Whitelist CVE-2000-1213 CVE-2000-1214 Armin Kuster ` (9 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- meta/recipes-support/lz4/lz4_1.8.3.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/lz4/lz4_1.8.3.bb b/meta/recipes-support/lz4/lz4_1.8.3.bb index 125836f7bf..605e148d81 100644 --- a/meta/recipes-support/lz4/lz4_1.8.3.bb +++ b/meta/recipes-support/lz4/lz4_1.8.3.bb @@ -18,6 +18,9 @@ UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" +# Fixed in r118, which is larger than the current version. +CVE_CHECK_WHITELIST += "CVE-2014-4715" + EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" do_install() { -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 20/29] iputils: Whitelist CVE-2000-1213 CVE-2000-1214 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (18 preceding siblings ...) 2020-01-26 16:24 ` [warrior 19/29] lz4: Whitelist CVE-2014-4715 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 21/29] systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844 Armin Kuster ` (8 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- meta/recipes-extended/iputils/iputils_s20180629.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-extended/iputils/iputils_s20180629.bb b/meta/recipes-extended/iputils/iputils_s20180629.bb index eff44be1bd..5d11ced96d 100644 --- a/meta/recipes-extended/iputils/iputils_s20180629.bb +++ b/meta/recipes-extended/iputils/iputils_s20180629.bb @@ -21,6 +21,10 @@ S = "${WORKDIR}/git" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>s\d+)" +# Fixed in 2000-10-10, but the versioning of iputils +# breaks the version order. +CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" + EXTRA_OEMAKE = "-e MAKEFLAGS=" PACKAGECONFIG ??= "" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 21/29] systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (19 preceding siblings ...) 2020-01-26 16:24 ` [warrior 20/29] iputils: Whitelist CVE-2000-1213 CVE-2000-1214 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 22/29] systemd: Upgrade to a more recent snapshot from the 241 branch Armin Kuster ` (7 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> One does not strictly apply to 241, for the other two a fix was already backported to the 241 branch. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-core/systemd/systemd.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 2b9c291959..cb41ac5b22 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -14,6 +14,13 @@ LICENSE = "GPLv2 & LGPLv2.1" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" +# DNSOverTLS strict mode was added in 243 +# https://github.com/systemd/systemd/issues/9397 +CVE_CHECK_WHITELIST += "CVE-2018-21029" + +# Commit dc903ec516cb on the 241 branch +CVE_CHECK_WHITELIST += "CVE-2019-3843 CVE-2019-3844" + SRCREV = "511646b8ac5c82f210b16920044465756913d238" SRCBRANCH = "v241-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 22/29] systemd: Upgrade to a more recent snapshot from the 241 branch 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (20 preceding siblings ...) 2020-01-26 16:24 ` [warrior 21/29] systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 23/29] openssl: Upgrade 1.1.1b -> 1.1.1c Armin Kuster ` (6 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Bugfix-only changes on the 241 stable branch, including a fix for a breakage with OpenSSL >= 1.1.1c. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-core/systemd/systemd.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index cb41ac5b22..3161a6c543 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -21,7 +21,7 @@ CVE_CHECK_WHITELIST += "CVE-2018-21029" # Commit dc903ec516cb on the 241 branch CVE_CHECK_WHITELIST += "CVE-2019-3843 CVE-2019-3844" -SRCREV = "511646b8ac5c82f210b16920044465756913d238" +SRCREV = "d1cc09a6eac5f8d62e630cc31d604095e30d2d84" SRCBRANCH = "v241-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 23/29] openssl: Upgrade 1.1.1b -> 1.1.1c 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (21 preceding siblings ...) 2020-01-26 16:24 ` [warrior 22/29] systemd: Upgrade to a more recent snapshot from the 241 branch Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 24/29] openssl: Upgrade 1.1.1c -> 1.1.1d Armin Kuster ` (5 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Backported patch removed. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../openssl/openssl/CVE-2019-1543.patch | 69 ------------------- .../openssl/openssl/afalg.patch | 6 +- .../{openssl_1.1.1b.bb => openssl_1.1.1c.bb} | 5 +- 3 files changed, 5 insertions(+), 75 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch rename meta/recipes-connectivity/openssl/{openssl_1.1.1b.bb => openssl_1.1.1c.bb} (97%) diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch deleted file mode 100644 index 900ef97fce..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch +++ /dev/null @@ -1,69 +0,0 @@ -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3] -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 5 Mar 2019 14:39:15 +0000 -Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305 - -ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for -every encryption operation. RFC 7539 specifies that the nonce value (IV) -should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and -front pads the nonce with 0 bytes if it is less than 12 bytes. However it -also incorrectly allows a nonce to be set of up to 16 bytes. In this case -only the last 12 bytes are significant and any additional leading bytes are -ignored. - -It is a requirement of using this cipher that nonce values are unique. -Messages encrypted using a reused nonce value are susceptible to serious -confidentiality and integrity attacks. If an application changes the -default nonce length to be longer than 12 bytes and then makes a change to -the leading bytes of the nonce expecting the new value to be a new unique -nonce then such an application could inadvertently encrypt messages with a -reused nonce. - -Additionally the ignored bytes in a long nonce are not covered by the -integrity guarantee of this cipher. Any application that relies on the -integrity of these ignored leading bytes of a long nonce may be further -affected. - -Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe -because no such use sets such a long nonce value. However user -applications that use this cipher directly and set a non-default nonce -length to be longer than 12 bytes may be vulnerable. - -CVE: CVE-2019-1543 - -Fixes #8345 - -Reviewed-by: Paul Dale <paul.dale@oracle.com> -Reviewed-by: Richard Levitte <levitte@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/8406) - -(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6) ---- - crypto/evp/e_chacha20_poly1305.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c -index c1917bb86a6..d3e2c622a1b 100644 ---- a/crypto/evp/e_chacha20_poly1305.c -+++ b/crypto/evp/e_chacha20_poly1305.c -@@ -30,6 +30,8 @@ typedef struct { - - #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) - -+#define CHACHA20_POLY1305_MAX_IVLEN 12 -+ - static int chacha_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char user_key[CHACHA_KEY_SIZE], - const unsigned char iv[CHACHA_CTR_SIZE], int enc) -@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: -- if (arg <= 0 || arg > CHACHA_CTR_SIZE) -+ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) - return 0; - actx->nonce_len = arg; - return 1; diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch index 7c4b084f3d..b7c0e9697f 100644 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch @@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755 - ($mi2) = $mi2 =~ /(\d+)/; - my $ver = $ma*10000 + $mi1*100 + $mi2; - if ($ver < $minver) { -- $disabled{afalgeng} = "too-old-kernel"; +- disable('too-old-kernel', 'afalgeng'); - } else { - push @{$config{engdirs}}, "afalg"; - } - } else { -- $disabled{afalgeng} = "cross-compiling"; +- disable('cross-compiling', 'afalgeng'); - } + push @{$config{engdirs}}, "afalg"; } else { - $disabled{afalgeng} = "not-linux"; + disable('not-linux', 'afalgeng'); } diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb similarity index 97% rename from meta/recipes-connectivity/openssl/openssl_1.1.1b.bb rename to meta/recipes-connectivity/openssl/openssl_1.1.1c.bb index 13e6ad4db7..94f4d49724 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb @@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://CVE-2019-1543.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930" -SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b" +SRC_URI[md5sum] = "15e21da6efe8aa0e0768ffd8cd37a5f6" +SRC_URI[sha256sum] = "f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90" inherit lib_package multilib_header ptest -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 24/29] openssl: Upgrade 1.1.1c -> 1.1.1d 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (22 preceding siblings ...) 2020-01-26 16:24 ` [warrior 23/29] openssl: Upgrade 1.1.1b -> 1.1.1c Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 25/29] openssl: Enable os option for with-rand-seed as well Armin Kuster ` (4 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../openssl/{openssl_1.1.1c.bb => openssl_1.1.1d.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_1.1.1c.bb => openssl_1.1.1d.bb} (98%) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_1.1.1c.bb rename to meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index 94f4d49724..b00624650a 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -22,8 +22,8 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "15e21da6efe8aa0e0768ffd8cd37a5f6" -SRC_URI[sha256sum] = "f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90" +SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" +SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" inherit lib_package multilib_header ptest -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 25/29] openssl: Enable os option for with-rand-seed as well 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (23 preceding siblings ...) 2020-01-26 16:24 ` [warrior 24/29] openssl: Upgrade 1.1.1c -> 1.1.1d Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 26/29] openssl: Whitelist CVE-2019-0190 Armin Kuster ` (3 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Khem Raj <raj.khem@gmail.com> with openSSL 1.1.1d we start seeing errors like Error Generating Key 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342: when using openssl from openssl-native on build hosts, this is due to limiting the random seed to devrandom, to support older hosts, since the option allows to have a comma separated list of methods to try, we can try the default first and if that fails then fallback to devrandom, this will ensure that it keeps working with build systems which dont support getrandom() Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index b00624650a..0e65f333e2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -42,10 +42,10 @@ do_configure[cleandirs] = "${B}" EXTRA_OECONF_append_libc-musl = " no-async" EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" -# This prevents openssl from using getrandom() which is not available on older glibc versions +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 26/29] openssl: Whitelist CVE-2019-0190 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (24 preceding siblings ...) 2020-01-26 16:24 ` [warrior 25/29] openssl: Enable os option for with-rand-seed as well Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 27/29] openssl: fix CVE-2019-1551 Armin Kuster ` (2 subsequent siblings) 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Adrian Bunk <bunk@stusta.de> This is only a problem with older Apache versions. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index 0e65f333e2..af2217bd15 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -205,3 +205,7 @@ RCONFLICTS_openssl-conf = "openssl10-conf" BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 27/29] openssl: fix CVE-2019-1551 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (25 preceding siblings ...) 2020-01-26 16:24 ` [warrior 26/29] openssl: Whitelist CVE-2019-0190 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 28/29] populate_sdk_ext.bbclass: No longer needed to clean away conf/sanity_info Armin Kuster 2020-01-26 16:24 ` [warrior 29/29] sanity.bbclass: Move sanity_info from conf to cache Armin Kuster 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- .../openssl/openssl/CVE-2019-1551.patch | 758 ++++++++++++++++++ .../openssl/openssl_1.1.1d.bb | 1 + 2 files changed, 759 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch new file mode 100644 index 0000000000..0cc19cb5f4 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch @@ -0,0 +1,758 @@ +From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Wed, 4 Dec 2019 12:48:21 +0100 +Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr + +There is an overflow bug in the x64_64 Montgomery squaring procedure used in +exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis +suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a +result of this defect would be very difficult to perform and are not believed +likely. Attacks against DH512 are considered just feasible. However, for an +attack the target would have to re-use the DH512 private key, which is not +recommended anyway. Also applications directly using the low level API +BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. + +CVE-2019-1551 + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +(Merged from https://github.com/openssl/openssl/pull/10575) + +CVE: CVE-2019-1551 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- + 1 file changed, 197 insertions(+), 184 deletions(-) + +diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl +index b1797b649f0..7534d5cd03e 100755 +--- a/crypto/bn/asm/rsaz-x86_64.pl ++++ b/crypto/bn/asm/rsaz-x86_64.pl +@@ -116,7 +116,7 @@ + subq \$128+24, %rsp + .cfi_adjust_cfa_offset 128+24 + .Lsqr_body: +- movq $mod, %rbp # common argument ++ movq $mod, %xmm1 # common off-load + movq ($inp), %rdx + movq 8($inp), %rax + movq $n0, 128(%rsp) +@@ -134,7 +134,8 @@ + .Loop_sqr: + movl $times,128+8(%rsp) + #first iteration +- movq %rdx, %rbx ++ movq %rdx, %rbx # 0($inp) ++ mov %rax, %rbp # 8($inp) + mulq %rdx + movq %rax, %r8 + movq 16($inp), %rax +@@ -173,31 +174,29 @@ + mulq %rbx + addq %rax, %r14 + movq %rbx, %rax +- movq %rdx, %r15 +- adcq \$0, %r15 ++ adcq \$0, %rdx + +- addq %r8, %r8 #shlq \$1, %r8 +- movq %r9, %rcx +- adcq %r9, %r9 #shld \$1, %r8, %r9 ++ xorq %rcx,%rcx # rcx:r8 = r8 << 1 ++ addq %r8, %r8 ++ movq %rdx, %r15 ++ adcq \$0, %rcx + + mulq %rax +- movq %rax, (%rsp) +- addq %rdx, %r8 +- adcq \$0, %r9 ++ addq %r8, %rdx ++ adcq \$0, %rcx + +- movq %r8, 8(%rsp) +- shrq \$63, %rcx ++ movq %rax, (%rsp) ++ movq %rdx, 8(%rsp) + + #second iteration +- movq 8($inp), %r8 + movq 16($inp), %rax +- mulq %r8 ++ mulq %rbp + addq %rax, %r10 + movq 24($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r11 + movq 32($inp), %rax + adcq \$0, %rdx +@@ -205,7 +204,7 @@ + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r12 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -213,7 +212,7 @@ + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r13 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -221,7 +220,7 @@ + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r14 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -229,39 +228,39 @@ + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r15 +- movq %r8, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rbx, %r15 +- movq %rdx, %r8 +- movq %r10, %rdx +- adcq \$0, %r8 ++ adcq \$0, %rdx + +- add %rdx, %rdx +- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 +- movq %r11, %rbx +- adcq %r11, %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r8 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ movq 16($inp), %rbp ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq 24($inp), %rax + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) +- shrq \$63, %rbx + + #third iteration +- movq 16($inp), %r9 +- movq 24($inp), %rax +- mulq %r9 ++ mulq %rbp + addq %rax, %r12 + movq 32($inp), %rax + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r13 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -269,7 +268,7 @@ + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r14 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -277,9 +276,7 @@ + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- movq %r12, %r10 +- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 ++ mulq %rbp + addq %rax, %r15 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -287,36 +284,40 @@ + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- shrq \$63, %r10 ++ mulq %rbp + addq %rax, %r8 +- movq %r9, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rcx, %r8 +- movq %rdx, %r9 +- adcq \$0, %r9 ++ adcq \$0, %rdx + +- movq %r13, %rcx +- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r9 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ movq 24($inp), %r10 ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq 32($inp), %rax + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 32(%rsp) + movq %r12, 40(%rsp) +- shrq \$63, %rcx + + #fourth iteration +- movq 24($inp), %r10 +- movq 32($inp), %rax ++ mov %rax, %r11 # 32($inp) + mulq %r10 + addq %rax, %r14 + movq 40($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %r12 # 40($inp) + mulq %r10 + addq %rax, %r15 + movq 48($inp), %rax +@@ -325,9 +326,8 @@ + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %rbp # 48($inp) + mulq %r10 +- movq %r14, %r12 +- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 + addq %rax, %r8 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -336,32 +336,33 @@ + adcq \$0, %rbx + + mulq %r10 +- shrq \$63, %r12 + addq %rax, %r9 + movq %r10, %rax + adcq \$0, %rdx + addq %rbx, %r9 +- movq %rdx, %r10 +- adcq \$0, %r10 ++ adcq \$0, %rdx + +- movq %r15, %rbx +- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 ++ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 ++ addq %r13, %r13 ++ movq %rdx, %r10 ++ adcq %r14, %r14 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r13 ++ movq %r12, %rax # 40($inp) + adcq %rdx, %r14 +- adcq \$0, %r15 ++ adcq \$0, %rbx + + movq %r13, 48(%rsp) + movq %r14, 56(%rsp) +- shrq \$63, %rbx + + #fifth iteration +- movq 32($inp), %r11 +- movq 40($inp), %rax + mulq %r11 + addq %rax, %r8 +- movq 48($inp), %rax ++ movq %rbp, %rax # 48($inp) + movq %rdx, %rcx + adcq \$0, %rcx + +@@ -369,97 +370,99 @@ + addq %rax, %r9 + movq 56($inp), %rax + adcq \$0, %rdx +- movq %r8, %r12 +- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 + addq %rcx, %r9 + movq %rdx, %rcx + adcq \$0, %rcx + ++ mov %rax, %r14 # 56($inp) + mulq %r11 +- shrq \$63, %r12 + addq %rax, %r10 + movq %r11, %rax + adcq \$0, %rdx + addq %rcx, %r10 +- movq %rdx, %r11 +- adcq \$0, %r11 ++ adcq \$0, %rdx + +- movq %r9, %rcx +- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 ++ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 ++ addq %r15, %r15 ++ movq %rdx, %r11 ++ adcq %r8, %r8 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r15 ++ movq %rbp, %rax # 48($inp) + adcq %rdx, %r8 +- adcq \$0, %r9 ++ adcq \$0, %rcx + + movq %r15, 64(%rsp) + movq %r8, 72(%rsp) +- shrq \$63, %rcx + + #sixth iteration +- movq 40($inp), %r12 +- movq 48($inp), %rax + mulq %r12 + addq %rax, %r10 +- movq 56($inp), %rax ++ movq %r14, %rax # 56($inp) + movq %rdx, %rbx + adcq \$0, %rbx + + mulq %r12 + addq %rax, %r11 + movq %r12, %rax +- movq %r10, %r15 +- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 + adcq \$0, %rdx +- shrq \$63, %r15 + addq %rbx, %r11 +- movq %rdx, %r12 +- adcq \$0, %r12 ++ adcq \$0, %rdx + +- movq %r11, %rbx +- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r12 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + + #seventh iteration +- movq 48($inp), %r13 +- movq 56($inp), %rax +- mulq %r13 ++ mulq %rbp + addq %rax, %r12 +- movq %r13, %rax +- movq %rdx, %r13 +- adcq \$0, %r13 ++ movq %rbp, %rax ++ adcq \$0, %rdx + +- xorq %r14, %r14 +- shlq \$1, %rbx +- adcq %r12, %r12 #shld \$1, %rbx, %r12 +- adcq %r13, %r13 #shld \$1, %r12, %r13 +- adcq %r14, %r14 #shld \$1, %r13, %r14 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r13 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 96(%rsp) + movq %r12, 104(%rsp) + + #eighth iteration +- movq 56($inp), %rax ++ xorq %rbx, %rbx # rbx:r13 = r13 << 1 ++ addq %r13, %r13 ++ adcq \$0, %rbx ++ + mulq %rax +- addq %rax, %r13 ++ addq %rcx, %rax + adcq \$0, %rdx +- +- addq %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) ++ addq %r13, %rax ++ adcq %rbx, %rdx + + movq (%rsp), %r8 + movq 8(%rsp), %r9 +@@ -469,6 +472,10 @@ + movq 40(%rsp), %r13 + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 ++ movq %xmm1, %rbp ++ ++ movq %rax, 112(%rsp) ++ movq %rdx, 120(%rsp) + + call __rsaz_512_reduce + +@@ -500,9 +507,9 @@ + .Loop_sqrx: + movl $times,128+8(%rsp) + movq $out, %xmm0 # off-load +- movq %rbp, %xmm1 # off-load + #first iteration + mulx %rax, %r8, %r9 ++ mov %rax, %rbx + + mulx 16($inp), %rcx, %r10 + xor %rbp, %rbp # cf=0, of=0 +@@ -510,40 +517,39 @@ + mulx 24($inp), %rax, %r11 + adcx %rcx, %r9 + +- mulx 32($inp), %rcx, %r12 ++ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 + adcx %rax, %r10 + +- mulx 40($inp), %rax, %r13 ++ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 + adcx %rcx, %r11 + +- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 ++ mulx 48($inp), %rcx, %r14 + adcx %rax, %r12 + adcx %rcx, %r13 + +- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 ++ mulx 56($inp), %rax, %r15 + adcx %rax, %r14 + adcx %rbp, %r15 # %rbp is 0 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shl \$1, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rdx, %r8 +- mov 8($inp), %rdx +- adcx %rbp, %r9 ++ mulx %rdx, %rax, $out ++ mov %rbx, %rdx # 8($inp) ++ xor %rcx, %rcx ++ adox %r8, %r8 ++ adcx $out, %r8 ++ adox %rbp, %rcx ++ adcx %rbp, %rcx + + mov %rax, (%rsp) + mov %r8, 8(%rsp) + + #second iteration +- mulx 16($inp), %rax, %rbx ++ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx + adox %rax, %r10 + adcx %rbx, %r11 + +- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 ++ mulx 24($inp), $out, %r8 + adox $out, %r11 ++ .byte 0x66 + adcx %r8, %r12 + + mulx 32($inp), %rax, %rbx +@@ -561,24 +567,25 @@ + .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 + adox $out, %r15 + adcx %rbp, %r8 ++ mulx %rdx, %rax, $out + adox %rbp, %r8 ++ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp,%ebp +- mulx %rdx, %rax, %rcx +- mov 16($inp), %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rcx, %r10 +- adcx %rbp, %r11 ++ adox %rbp, %rbx ++ adcx $out, %r10 ++ adcx %rbp, %rbx + + mov %r9, 16(%rsp) + .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) + + #third iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 ++ mulx 24($inp), $out, %r9 + adox $out, %r12 + adcx %r9, %r13 + +@@ -586,7 +593,7 @@ + adox %rax, %r13 + adcx %rcx, %r14 + +- mulx 40($inp), $out, %r9 ++ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 + adox $out, %r14 + adcx %r9, %r15 + +@@ -594,27 +601,28 @@ + adox %rax, %r15 + adcx %rcx, %r8 + +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 ++ mulx 56($inp), $out, %r9 + adox $out, %r8 + adcx %rbp, %r9 ++ mulx %rdx, %rax, $out + adox %rbp, %r9 ++ mov 24($inp), %rdx + +- mov %r13, %rcx +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 + adcx %rax, %r11 +- adcx %rdx, %r12 +- mov 24($inp), %rdx +- adcx %rbp, %r13 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + mov %r11, 32(%rsp) +- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) ++ mov %r12, 40(%rsp) + + #fourth iteration +- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx ++ mulx 32($inp), %rax, %rbx + adox %rax, %r14 + adcx %rbx, %r15 + +@@ -629,25 +637,25 @@ + mulx 56($inp), $out, %r10 + adox $out, %r9 + adcx %rbp, %r10 ++ mulx %rdx, %rax, $out + adox %rbp, %r10 ++ mov 32($inp), %rdx + +- .byte 0x66 +- mov %r15, %rbx +- shld \$1, %r14, %r15 +- shld \$1, %rcx, %r14 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, $out ++ adox %r14, %r14 + adcx %rax, %r13 +- adcx %rdx, %r14 +- mov 32($inp), %rdx +- adcx %rbp, %r15 ++ adox %rbp, %rbx ++ adcx $out, %r14 ++ adcx %rbp, %rbx + + mov %r13, 48(%rsp) + mov %r14, 56(%rsp) + + #fifth iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 ++ mulx 40($inp), $out, %r11 + adox $out, %r8 + adcx %r11, %r9 + +@@ -658,18 +666,19 @@ + mulx 56($inp), $out, %r11 + adox $out, %r10 + adcx %rbp, %r11 ++ mulx %rdx, %rax, $out ++ mov 40($inp), %rdx + adox %rbp, %r11 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shld \$1, %rbx, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r15, %r15 ++ adcx %rbp, $out ++ adox %r8, %r8 + adcx %rax, %r15 +- adcx %rdx, %r8 +- mov 40($inp), %rdx +- adcx %rbp, %r9 ++ adox %rbp, %rcx ++ adcx $out, %r8 ++ adcx %rbp, %rcx + + mov %r15, 64(%rsp) + mov %r8, 72(%rsp) +@@ -682,18 +691,19 @@ + .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 + adox $out, %r11 + adcx %rbp, %r12 ++ mulx %rdx, %rax, $out + adox %rbp, %r12 ++ mov 48($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rdx, %r10 +- mov 48($inp), %rdx +- adcx %rbp, %r11 ++ adcx $out, %r10 ++ adox %rbp, %rbx ++ adcx %rbp, %rbx + + mov %r9, 80(%rsp) + mov %r10, 88(%rsp) +@@ -703,31 +713,31 @@ + adox %rax, %r12 + adox %rbp, %r13 + +- xor %r14, %r14 +- shld \$1, %r13, %r14 +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rax, %r11 +- adcx %rdx, %r12 ++ mulx %rdx, %rax, $out ++ xor %rcx, %rcx + mov 56($inp), %rdx +- adcx %rbp, %r13 ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 ++ adcx %rax, %r11 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) + .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) + + #eighth iteration + mulx %rdx, %rax, %rdx +- adox %rax, %r13 +- adox %rbp, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, %rdx ++ adox %rbp, %rbx ++ adcx %r13, %rax ++ adcx %rdx, %rbx + +- .byte 0x66 +- add %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) + movq %xmm0, $out + movq %xmm1, %rbp + +@@ -741,6 +751,9 @@ + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 + ++ movq %rax, 112(%rsp) ++ movq %rbx, 120(%rsp) ++ + call __rsaz_512_reducex + + addq 64(%rsp), %r8 diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index af2217bd15..d256646934 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -16,6 +16,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ + file://CVE-2019-1551.patch \ " SRC_URI_append_class-nativesdk = " \ -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 28/29] populate_sdk_ext.bbclass: No longer needed to clean away conf/sanity_info 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (26 preceding siblings ...) 2020-01-26 16:24 ` [warrior 27/29] openssl: fix CVE-2019-1551 Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 2020-01-26 16:24 ` [warrior 29/29] sanity.bbclass: Move sanity_info from conf to cache Armin Kuster 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Since the sanity_info file has moved from the conf directory to the cache directory, there is no longer any need to clean it away explicitly in clean_esdk_builddir() since the whole cache directory is already cleaned away anyway. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 40c30990e1be72130819c040fe471e2bdc0c6e7d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/classes/populate_sdk_ext.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass index 800e1175d7..f845f7d47d 100644 --- a/meta/classes/populate_sdk_ext.bbclass +++ b/meta/classes/populate_sdk_ext.bbclass @@ -121,7 +121,7 @@ SDK_TITLE_task-populate-sdk-ext = "${@d.getVar('DISTRO_NAME') or d.getVar('DISTR def clean_esdk_builddir(d, sdkbasepath): """Clean up traces of the fake build for create_filtered_tasklist()""" import shutil - cleanpaths = 'cache conf/sanity_info tmp'.split() + cleanpaths = ['cache', 'tmp'] for pth in cleanpaths: fullpth = os.path.join(sdkbasepath, pth) if os.path.isdir(fullpth): -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
* [warrior 29/29] sanity.bbclass: Move sanity_info from conf to cache 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster ` (27 preceding siblings ...) 2020-01-26 16:24 ` [warrior 28/29] populate_sdk_ext.bbclass: No longer needed to clean away conf/sanity_info Armin Kuster @ 2020-01-26 16:24 ` Armin Kuster 28 siblings, 0 replies; 30+ messages in thread From: Armin Kuster @ 2020-01-26 16:24 UTC (permalink / raw) To: openembedded-core From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Since this file is written during recipe parsing, having it in the ${BUILDDIR}/conf directory, which is covered by an inotify watcher, will trigger a re-parse the next time bitbake is run and the resident bitbake server is enabled. This causes the sanity_info file to be updated again, which triggers a new parse the next time bitbake is run ad infinitum. Moving it to ${BUILDDIR}/cache should avoid this. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f98103b548aa7dba6b1be6c8e02ef41858a8e85c) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta/classes/sanity.bbclass | 2 +- meta/lib/oeqa/buildperf/base.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 9429202dca..3b41c69ef6 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -919,7 +919,7 @@ def check_sanity(sanity_data): last_tmpdir = "" last_sstate_dir = "" last_nativelsbstr = "" - sanityverfile = sanity_data.expand("${TOPDIR}/conf/sanity_info") + sanityverfile = sanity_data.expand("${TOPDIR}/cache/sanity_info") if os.path.exists(sanityverfile): with open(sanityverfile, 'r') as f: for line in f: diff --git a/meta/lib/oeqa/buildperf/base.py b/meta/lib/oeqa/buildperf/base.py index 3b2fed549f..5f1805d86c 100644 --- a/meta/lib/oeqa/buildperf/base.py +++ b/meta/lib/oeqa/buildperf/base.py @@ -462,7 +462,7 @@ class BuildPerfTestCase(unittest.TestCase): def rm_tmp(self): """Cleanup temporary/intermediate files and directories""" log.debug("Removing temporary and cache files") - for name in ['bitbake.lock', 'conf/sanity_info', + for name in ['bitbake.lock', 'cache/sanity_info', self.bb_vars['TMPDIR']]: oe.path.remove(name, recurse=True) -- 2.17.1 ^ permalink raw reply related [flat|nested] 30+ messages in thread
end of thread, other threads:[~2020-01-26 16:25 UTC | newest] Thread overview: 30+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-01-26 16:24 [warrior 00/29] Merge request Armin Kuster 2020-01-26 16:24 ` [warrior 01/29] python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652 Armin Kuster 2020-01-26 16:24 ` [warrior 02/29] python/python3: Whitelist CVE-2019-18348 Armin Kuster 2020-01-26 16:24 ` [warrior 03/29] python3: Upgrade 3.7.5 -> 3.7.6 Armin Kuster 2020-01-26 16:24 ` [warrior 04/29] python3: RDEPEND on libgcc Armin Kuster 2020-01-26 16:24 ` [warrior 05/29] wpa-supplicant: fix CVE-2019-16275 Armin Kuster 2020-01-26 16:24 ` [warrior 06/29] binutils: fix CVE-2019-17450 Armin Kuster 2020-01-26 16:24 ` [warrior 07/29] binutils: fix CVE-2019-17451 Armin Kuster 2020-01-26 16:24 ` [warrior 08/29] bind: Whitelist CVE-2019-6470 Armin Kuster 2020-01-26 16:24 ` [warrior 09/29] gdb: Fix CVE-2019-1010180 Armin Kuster 2020-01-26 16:24 ` [warrior 10/29] libarchive: fix CVE-2019-19221 Armin Kuster 2020-01-26 16:24 ` [warrior 11/29] glibc: fix CVE-2019-19126 Armin Kuster 2020-01-26 16:24 ` [warrior 12/29] lighttpd: Backport the CVE-2019-11072 fix Armin Kuster 2020-01-26 16:24 ` [warrior 13/29] glib-2.0: Backport the CVE-2019-12450 fix Armin Kuster 2020-01-26 16:24 ` [warrior 14/29] nasm: fix CVE-2018-19755 Armin Kuster 2020-01-26 16:24 ` [warrior 15/29] nasm: fix CVE-2019-14248 Armin Kuster 2020-01-26 16:24 ` [warrior 16/29] go: fix CVE-2019-17596 Armin Kuster 2020-01-26 16:24 ` [warrior 17/29] base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot Armin Kuster 2020-01-26 16:24 ` [warrior 18/29] sysstat: fix CVE-2019-19725 Armin Kuster 2020-01-26 16:24 ` [warrior 19/29] lz4: Whitelist CVE-2014-4715 Armin Kuster 2020-01-26 16:24 ` [warrior 20/29] iputils: Whitelist CVE-2000-1213 CVE-2000-1214 Armin Kuster 2020-01-26 16:24 ` [warrior 21/29] systemd: Whitelist CVE-2018-21029 CVE-2019-3843 CVE-2019-3844 Armin Kuster 2020-01-26 16:24 ` [warrior 22/29] systemd: Upgrade to a more recent snapshot from the 241 branch Armin Kuster 2020-01-26 16:24 ` [warrior 23/29] openssl: Upgrade 1.1.1b -> 1.1.1c Armin Kuster 2020-01-26 16:24 ` [warrior 24/29] openssl: Upgrade 1.1.1c -> 1.1.1d Armin Kuster 2020-01-26 16:24 ` [warrior 25/29] openssl: Enable os option for with-rand-seed as well Armin Kuster 2020-01-26 16:24 ` [warrior 26/29] openssl: Whitelist CVE-2019-0190 Armin Kuster 2020-01-26 16:24 ` [warrior 27/29] openssl: fix CVE-2019-1551 Armin Kuster 2020-01-26 16:24 ` [warrior 28/29] populate_sdk_ext.bbclass: No longer needed to clean away conf/sanity_info Armin Kuster 2020-01-26 16:24 ` [warrior 29/29] sanity.bbclass: Move sanity_info from conf to cache Armin Kuster
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.