[Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788

[Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788

[Gustavo Zacarias]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
http://hmarco.org/bugs/CVE-2013-4788.html

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 .../2.17-svnr22064/eglibc-0001-ptr_mangle.patch    | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch

diff --git a/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch b/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch
new file mode 100644
index 0000000..c9bf107
--- /dev/null
+++ b/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch
@@ -0,0 +1,35 @@
+Fix for CVE-2013-4788 from http://hmarco.org/bugs/CVE-2013-4788.html
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -rupN glibc-2.17/csu/libc-start.c glibc-2.17-mangle-fix/csu/libc-start.c
+--- glibc-2.17/libc/csu/libc-start.c	2012-12-25 04:02:13.000000000 +0100
++++ glibc-2.17-mangle-fix/libc/csu/libc-start.c	2013-07-10 00:13:48.000000000 +0200
+@@ -38,6 +38,12 @@ extern void __pthread_initialize_minimal
+    in thread local area.  */
+ uintptr_t __stack_chk_guard attribute_relro;
+ # endif
++
++# ifndef  THREAD_SET_POINTER_GUARD
++uintptr_t __pointer_chk_guard_local
++     attribute_relro attribute_hidden __attribute__ ((nocommon));
++# endif
++
+ #endif
+ 
+ #ifdef HAVE_PTR_NTHREADS
+@@ -184,6 +190,14 @@ LIBC_START_MAIN (int (*main) (int, char
+ # else
+   __stack_chk_guard = stack_chk_guard;
+ # endif
++    uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
++                          stack_chk_guard);
++# ifdef THREAD_SET_POINTER_GUARD
++      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
++# else
++      __pointer_chk_guard_local = pointer_chk_guard;
++# endif
++
+ #endif
+ 
+   /* Register the destructor of the dynamic linker if there is any.  */
-- 
1.8.3.2

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Gustavo Zacarias]

It's tested to be far more stable than uClibc.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 board/qemu/mips64-malta/readme.txt  | 2 --
 configs/qemu_mips64_malta_defconfig | 3 +--
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/board/qemu/mips64-malta/readme.txt b/board/qemu/mips64-malta/readme.txt
index 4fa8a19..b655922 100644
--- a/board/qemu/mips64-malta/readme.txt
+++ b/board/qemu/mips64-malta/readme.txt
@@ -6,6 +6,4 @@ The login prompt will appear in the terminal that started Qemu. The
 graphical window is the framebuffer. No keyboard support has been
 enabled.
 
-This configuration is known to be flaky.
-
 Tested with QEMU 1.6.1
diff --git a/configs/qemu_mips64_malta_defconfig b/configs/qemu_mips64_malta_defconfig
index e1295dd..011b9c6 100644
--- a/configs/qemu_mips64_malta_defconfig
+++ b/configs/qemu_mips64_malta_defconfig
@@ -3,8 +3,7 @@ BR2_mips64=y
 BR2_MIPS_NABI64=y
 
 # Toolchain
-# uClibc dynamic loader seems broken for mips64
-BR2_PREFER_STATIC_LIB=y
+BR2_TOOLCHAIN_BUILDROOT_EGLIBC=y
 
 # Filesystem
 BR2_TARGET_ROOTFS_EXT2=y
-- 
1.8.3.2

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Thomas Petazzoni]

Dear Gustavo Zacarias,

On Tue, 26 Nov 2013 21:51:41 -0300, Gustavo Zacarias wrote:

>  # Toolchain
> -# uClibc dynamic loader seems broken for mips64
> -BR2_PREFER_STATIC_LIB=y

I think the broken dynamic loader for mips64 in uClibc is now fixed by
package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Gustavo Zacarias]

On 11/27/2013 05:24 AM, Thomas Petazzoni wrote:

> I think the broken dynamic loader for mips64 in uClibc is now fixed by
> package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.

Probably, but besides that it's generally unstable with uClibc (you
almost certainly can't login properly) where with eglibc it just works(tm).
Though maybe it just needs a little kick like the recent SIGBUS mips64
patch from the uclibc mailing list.
Regards.

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Thomas Petazzoni]

Dear Gustavo Zacarias,

On Wed, 27 Nov 2013 07:06:41 -0300, Gustavo Zacarias wrote:
> On 11/27/2013 05:24 AM, Thomas Petazzoni wrote:
> 
> > I think the broken dynamic loader for mips64 in uClibc is now fixed
> > by package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.
> 
> Probably, but besides that it's generally unstable with uClibc (you
> almost certainly can't login properly) where with eglibc it just
> works(tm). Though maybe it just needs a little kick like the recent
> SIGBUS mips64 patch from the uclibc mailing list.

Ok. Then, should we make (e)glibc the default C library for mips64, so
that users will not have a non-working system if they simply build a
basic default configuration for mips64 (which will use uClibc) ?

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Gustavo Zacarias]

On 11/27/2013 10:03 AM, Thomas Petazzoni wrote:

> Ok. Then, should we make (e)glibc the default C library for mips64, so
> that users will not have a non-working system if they simply build a
> basic default configuration for mips64 (which will use uClibc) ?

Yes, i'll test other combinations (mips64 O32/N32/N64) to see what's
best for each scenario before sending a patch.
Regards.

[Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc

[Markos Chandras]

On 11/27/2013 12:51 AM, Gustavo Zacarias wrote:
> It's tested to be far more stable than uClibc.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
>   board/qemu/mips64-malta/readme.txt  | 2 --
>   configs/qemu_mips64_malta_defconfig | 3 +--
>   2 files changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/board/qemu/mips64-malta/readme.txt b/board/qemu/mips64-malta/readme.txt
> index 4fa8a19..b655922 100644
> --- a/board/qemu/mips64-malta/readme.txt
> +++ b/board/qemu/mips64-malta/readme.txt
> @@ -6,6 +6,4 @@ The login prompt will appear in the terminal that started Qemu. The
>   graphical window is the framebuffer. No keyboard support has been
>   enabled.
>
> -This configuration is known to be flaky.
> -
>   Tested with QEMU 1.6.1
> diff --git a/configs/qemu_mips64_malta_defconfig b/configs/qemu_mips64_malta_defconfig
> index e1295dd..011b9c6 100644
> --- a/configs/qemu_mips64_malta_defconfig
> +++ b/configs/qemu_mips64_malta_defconfig
> @@ -3,8 +3,7 @@ BR2_mips64=y
>   BR2_MIPS_NABI64=y
>
>   # Toolchain
> -# uClibc dynamic loader seems broken for mips64
> -BR2_PREFER_STATIC_LIB=y
> +BR2_TOOLCHAIN_BUILDROOT_EGLIBC=y
>
>   # Filesystem
>   BR2_TARGET_ROOTFS_EXT2=y
>

Looks good to me.

Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>

-- 
markos

[Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788

[Peter Korsgaard]

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
 > http://hmarco.org/bugs/CVE-2013-4788.html

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard