blob: 296c89299458d92b703b895483f6be3c63359684 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
require glibc.inc
require glibc-version.inc
CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \
CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \
CVE-2022-23218 CVE-2022-23219 \
"
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
# "this is being treated as a non-security bug and no real threat."
CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
# easier access for another. "ASLR bypass itself is not a vulnerability."
# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
CVE_CHECK_WHITELIST += "CVE-2019-1010025"
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942
# The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash
# or read arbitrary memory in parse_param (in posix/wordexp.c) when called with
# an untrusted, crafted pattern, potentially resulting in a denial of service
# or disclosure of information. Patch was backported to 2.31 branch already:
# https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8
# which is already included in the dunfell branch of poky:
# https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b
CVE_CHECK_WHITELIST += "CVE-2021-35942"
# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527
# This vulnerability was introduced in 2.36 by commit
# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option
# so our version is not yet vulnerable
# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842
CVE_CHECK_WHITELIST += "CVE-2023-4527"
DEPENDS += "gperf-native bison-native make-native"
NATIVESDKFIXES ?= ""
NATIVESDKFIXES_class-nativesdk = "\
file://0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch \
file://0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
file://0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
file://0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
file://0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch \
"
SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://etc/ld.so.conf \
file://generate-supported.mk \
file://makedbs.sh \
\
${NATIVESDKFIXES} \
file://0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch \
file://0009-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
file://0010-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch \
file://0011-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
file://0012-Quote-from-bug-1443-which-explains-what-the-patch-do.patch \
file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
file://0020-eglibc-Cross-building-and-testing-instructions.patch \
file://0021-eglibc-Help-bootstrap-cross-toolchain.patch \
file://0022-eglibc-Resolve-__fpscr_values-on-SH4.patch \
file://0023-eglibc-Forward-port-cross-locale-generation-support.patch \
file://0024-Define-DUMMY_LOCALE_T-if-not-defined.patch \
file://0025-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
file://0026-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
file://0028-inject-file-assembly-directives.patch \
file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
file://CVE-2020-29573.patch \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
file://CVE-2021-38604.patch \
file://0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch \
file://0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch \
file://0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch \
file://0033-elf-Add-test-case-for-BZ-19329.patch \
file://0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch \
file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
file://CVE-2023-0687.patch \
file://CVE-2023-4911.patch \
file://CVE-2023-4813.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
PACKAGES_DYNAMIC = ""
# the -isystem in bitbake.conf screws up glibc do_stage
BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}"
GLIBC_BROKEN_LOCALES = ""
GLIBCPIE ??= ""
EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--disable-profile \
--disable-debug --without-gd \
--enable-clocale=gnu \
--with-headers=${STAGING_INCDIR} \
--without-selinux \
--enable-tunables \
--enable-bind-now \
--enable-stack-protector=strong \
--enable-stackguard-randomization \
--disable-crypt \
--with-default-link \
--enable-nscd \
${@bb.utils.contains_any('SELECTED_OPTIMIZATION', '-O0 -Og', '--disable-werror', '', d)} \
${GLIBCPIE} \
${GLIBC_EXTRA_OECONF}"
EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
do_patch_append() {
bb.build.exec_func('do_fix_readlib_c', d)
}
do_fix_readlib_c () {
sed -i -e 's#OECORE_KNOWN_INTERPRETER_NAMES#${EGLIBC_KNOWN_INTERPRETER_NAMES}#' ${S}/elf/readlib.c
}
do_configure () {
# override this function to avoid the autoconf/automake/aclocal/autoheader
# calls for now
# don't pass CPPFLAGS into configure, since it upsets the kernel-headers
# version check and doesn't really help with anything
(cd ${S} && gnu-configize) || die "failure in running gnu-configize"
find ${S} -name "configure" | xargs touch
CPPFLAGS="" oe_runconf
}
LDFLAGS += "-fuse-ld=bfd"
do_compile () {
base_do_compile
echo "Adjust ldd script"
if [ -n "${RTLDLIST}" ]
then
prevrtld=`cat ${B}/elf/ldd | grep "^RTLDLIST=" | sed 's#^RTLDLIST="\?\([^"]*\)"\?$#\1#'`
# remove duplicate entries
newrtld=`echo $(printf '%s\n' ${prevrtld} ${RTLDLIST} | LC_ALL=C sort -u)`
echo "ldd \"${prevrtld} ${RTLDLIST}\" -> \"${newrtld}\""
sed -i ${B}/elf/ldd -e "s#^RTLDLIST=.*\$#RTLDLIST=\"${newrtld}\"#"
fi
}
require glibc-package.inc
BBCLASSEXTEND = "nativesdk"
|
