summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/glibc/glibc-version.inc2
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2019-25013.patch137
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-27618.patch91
-rw-r--r--meta/recipes-core/glibc/glibc_2.32.bb5
4 files changed, 3 insertions, 232 deletions
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 1566056..586b2e2 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.32/master"
PV = "2.32"
-SRCREV_glibc ?= "3de512be7ea6053255afed6154db9ee31d4e557a"
+SRCREV_glibc ?= "760e1d287825fa91d4d5a0cc921340c740d803e2"
SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
deleted file mode 100644
index 987e959..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Mon, 21 Dec 2020 08:56:43 +0530
-Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
-
-The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
-area and is not allowed. The from_euc_kr function used to skip two bytes
-when told to skip over the unknown designation, potentially running over
-the buffer end.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
-CVE: CVE-2019-25013
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
----
- iconvdata/Makefile | 3 ++-
- iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
- iconvdata/euc-kr.c | 6 +----
- iconvdata/ksc5601.h | 6 ++---
- 4 files changed, 59 insertions(+), 9 deletions(-)
- create mode 100644 iconvdata/bug-iconv13.c
-
-diff --git a/iconvdata/Makefile b/iconvdata/Makefile
-index 4ec2741cdc..85009f3390 100644
---- a/iconvdata/Makefile
-+++ b/iconvdata/Makefile
-@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
- ifeq (yes,$(build-shared))
- tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
- tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
-- bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4
-+ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
-+ bug-iconv13
- ifeq ($(have-thread-library),yes)
- tests += bug-iconv3
- endif
-diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
-new file mode 100644
-index 0000000000..87aaff398e
---- /dev/null
-+++ b/iconvdata/bug-iconv13.c
-@@ -0,0 +1,53 @@
-+/* bug 24973: Test EUC-KR module
-+ Copyright (C) 2020 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <https://www.gnu.org/licenses/>. */
-+
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
-+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
-+ areas, which are not allowed and should be skipped over due to
-+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
-+ should be checked first. */
-+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
-+ char *inptr = input;
-+ size_t insize = sizeof (input);
-+ char output[4];
-+ char *outptr = output;
-+ size_t outsize = sizeof (output);
-+
-+ /* This used to crash due to buffer overrun. */
-+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
-+ TEST_VERIFY (errno == EINVAL);
-+ /* The conversion should produce one character, the converted null
-+ character. */
-+ TEST_VERIFY (sizeof (output) - outsize == 1);
-+
-+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+ return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
-index b0d56cf3ee..1045bae926 100644
---- a/iconvdata/euc-kr.c
-+++ b/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
- \
- if (ch <= 0x9f) \
- ++inptr; \
-- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \
-- user-defined areas. */ \
-- else if (__builtin_expect (ch == 0xa0, 0) \
-- || __builtin_expect (ch > 0xfe, 0) \
-- || __builtin_expect (ch == 0xc9, 0)) \
-+ else if (__glibc_unlikely (ch == 0xa0)) \
- { \
- /* This is illegal. */ \
- STANDARD_FROM_LOOP_ERR_HANDLER (1); \
-diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
-index d3eb3a4ff8..f5cdc72797 100644
---- a/iconvdata/ksc5601.h
-+++ b/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
- unsigned char ch2;
- int idx;
-
-+ if (avail < 2)
-+ return 0;
-+
- /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
-
- if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
- || (ch - offset) == 0x49)
- return __UNKNOWN_10646_CHAR;
-
-- if (avail < 2)
-- return 0;
--
- ch2 = (*s)[1];
- if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
- return __UNKNOWN_10646_CHAR;
---
-2.27.0
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch b/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch
deleted file mode 100644
index bf32238..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-27618.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 20e6c868c29f5a6121cbb88f3387bb9b884a4206 Mon Sep 17 00:00:00 2001
-From: Arjun Shankar <arjun@redhat.com>
-Date: Wed, 4 Nov 2020 12:19:38 +0100
-Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
- #26224]
-
-The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
-share converter logic (iconvdata/ibm1364.c) which would reject
-redundant shift sequences when processing input in these character
-sets. This led to a hang in the iconv program (CVE-2020-27618).
-
-This commit adjusts the converter to ignore redundant shift sequences
-and adds test cases for iconv_prog hangs that would be triggered upon
-their rejection. This brings the implementation in line with other
-converters that also ignore redundant shift sequences (e.g. IBM930
-etc., fixed in commit 692de4b3960d).
-
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-
-Upstream-Status: Backport
-[https://sourceware.org/git/?p=glibc.git;a=commit;
-h=9a99c682144bdbd40792ebf822fe9264e0376fb5]
-
-CVE: CVE-2020-27618
-Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
----
- iconv/tst-iconv_prog.sh | 16 ++++++++++------
- iconvdata/ibm1364.c | 14 ++------------
- 2 files changed, 12 insertions(+), 18 deletions(-)
-
-diff --git a/iconv/tst-iconv_prog.sh b/iconv/tst-iconv_prog.sh
-index 8298136b7f..d8db7b335c 100644
---- a/iconv/tst-iconv_prog.sh
-+++ b/iconv/tst-iconv_prog.sh
-@@ -102,12 +102,16 @@ hangarray=(
- "\x00\x80;-c;IBM1161;UTF-8//TRANSLIT//IGNORE"
- "\x00\xdb;-c;IBM1162;UTF-8//TRANSLIT//IGNORE"
- "\x00\x70;-c;IBM12712;UTF-8//TRANSLIT//IGNORE"
--# These are known hangs that are yet to be fixed:
--# "\x00\x0f;-c;IBM1364;UTF-8"
--# "\x00\x0f;-c;IBM1371;UTF-8"
--# "\x00\x0f;-c;IBM1388;UTF-8"
--# "\x00\x0f;-c;IBM1390;UTF-8"
--# "\x00\x0f;-c;IBM1399;UTF-8"
-+"\x00\x0f;-c;IBM1364;UTF-8"
-+"\x0e\x0e;-c;IBM1364;UTF-8"
-+"\x00\x0f;-c;IBM1371;UTF-8"
-+"\x0e\x0e;-c;IBM1371;UTF-8"
-+"\x00\x0f;-c;IBM1388;UTF-8"
-+"\x0e\x0e;-c;IBM1388;UTF-8"
-+"\x00\x0f;-c;IBM1390;UTF-8"
-+"\x0e\x0e;-c;IBM1390;UTF-8"
-+"\x00\x0f;-c;IBM1399;UTF-8"
-+"\x0e\x0e;-c;IBM1399;UTF-8"
- "\x00\x53;-c;IBM16804;UTF-8//TRANSLIT//IGNORE"
- "\x00\x41;-c;IBM274;UTF-8//TRANSLIT//IGNORE"
- "\x00\x41;-c;IBM275;UTF-8//TRANSLIT//IGNORE"
-diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
-index 49e7267ab4..521f0825b7 100644
---- a/iconvdata/ibm1364.c
-+++ b/iconvdata/ibm1364.c
-@@ -158,24 +158,14 @@ enum
- \
- if (__builtin_expect (ch, 0) == SO) \
- { \
-- /* Shift OUT, change to DBCS converter. */ \
-- if (curcs == db) \
-- { \
-- result = __GCONV_ILLEGAL_INPUT; \
-- break; \
-- } \
-+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
- curcs = db; \
- ++inptr; \
- continue; \
- } \
- if (__builtin_expect (ch, 0) == SI) \
- { \
-- /* Shift IN, change to SBCS converter. */ \
-- if (curcs == sb) \
-- { \
-- result = __GCONV_ILLEGAL_INPUT; \
-- break; \
-- } \
-+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
- curcs = sb; \
- ++inptr; \
- continue; \
---
-2.29.2
-
diff --git a/meta/recipes-core/glibc/glibc_2.32.bb b/meta/recipes-core/glibc/glibc_2.32.bb
index 2d9c707..249f591 100644
--- a/meta/recipes-core/glibc/glibc_2.32.bb
+++ b/meta/recipes-core/glibc/glibc_2.32.bb
@@ -1,7 +1,8 @@
require glibc.inc
require glibc-version.inc
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+# whitelist CVE's with fixes in latest release/2.32/master branch
+CVE_CHECK_WHITELIST += "CVE-2019-25013 CVE-2020-10029 CVE-2020-27618"
DEPENDS += "gperf-native bison-native make-native"
@@ -45,8 +46,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0031-linux-Allow-adjtime-with-NULL-argument-BZ-26833.patch \
file://CVE-2020-29562.patch \
file://CVE-2020-29573.patch \
- file://CVE-2019-25013.patch \
- file://CVE-2020-27618.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"