diff options
Diffstat (limited to 'meta/recipes-support')
31 files changed, 1489 insertions, 12 deletions
diff --git a/meta/recipes-support/attr/attr_2.4.47.bb b/meta/recipes-support/attr/attr_2.4.47.bb index fc88bef830..c3da66a0c7 100644 --- a/meta/recipes-support/attr/attr_2.4.47.bb +++ b/meta/recipes-support/attr/attr_2.4.47.bb @@ -12,4 +12,7 @@ SRC_URI += "file://attr-Missing-configure.ac.patch \ SRC_URI[md5sum] = "84f58dec00b60f2dc8fd1c9709291cc7" SRC_URI[sha256sum] = "25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859" +# Has issues with newer versions of make +PARALLEL_MAKEINST = "" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/boost/boost.inc b/meta/recipes-support/boost/boost.inc index 9be3717fd6..f385541653 100644 --- a/meta/recipes-support/boost/boost.inc +++ b/meta/recipes-support/boost/boost.inc @@ -2,6 +2,8 @@ SUMMARY = "Free peer-reviewed portable C++ source libraries" SECTION = "libs" DEPENDS = "bjam-native zlib bzip2" +CVE_PRODUCT = "boost:boost" + ARM_INSTRUCTION_SET_armv4 = "arm" ARM_INSTRUCTION_SET_armv5 = "arm" @@ -33,6 +35,7 @@ BOOST_LIBS_append_x86 = " context coroutine" BOOST_LIBS_append_x86-64 = " context coroutine" BOOST_LIBS_append_powerpc = " context coroutine" BOOST_LIBS_append_arm = " context coroutine" +BOOST_LIBS_append_aarch64 = " context coroutine" # need consistent settings for native builds (x86 override not applied for native) BOOST_LIBS_remove_class-native = " context coroutine" # does not compile @@ -151,6 +154,7 @@ BJAM_OPTS_append_x86-x32 = " abi=x32 address-model=64" # cross compiling for arm fails to detect abi, so provide some help BJAM_OPTS_append_arm = " abi=aapcs architecture=arm" +BJAM_OPTS_append_aarch64 = " abi=aapcs address-model=64 architecture=arm" do_configure() { cp -f ${S}/boost/config/platform/linux.hpp ${S}/boost/config/platform/linux-gnueabi.hpp diff --git a/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch new file mode 100644 index 0000000000..78b19225d4 --- /dev/null +++ b/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch @@ -0,0 +1,42 @@ +From 59402e3a61d14eb7ce8c2019ea1a87ad4bd28605 Mon Sep 17 00:00:00 2001 +From: Anuj Mittal <anuj.mittal@intel.com> +Date: Thu, 14 Nov 2019 10:13:53 +0800 +Subject: [PATCH] dont setup compiler flags -m32/-m64 + +We don't want these to be setup by boost as we pass our own flags. + +Upstream-Status: Inappropriate [OE-specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + tools/build/src/tools/gcc.jam | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam +index c7e3cf3..24486e0 100644 +--- a/tools/build/src/tools/gcc.jam ++++ b/tools/build/src/tools/gcc.jam +@@ -430,20 +430,6 @@ local rule compile-link-flags ( * ) + } + + { +- # Handle address-model +- compile-link-flags <target-os>aix/<address-model>32 : -maix32 ; +- compile-link-flags <target-os>aix/<address-model>64 : -maix64 ; +- +- compile-link-flags <target-os>hpux/<address-model>32 : -milp32 ; +- compile-link-flags <target-os>hpux/<address-model>64 : -mlp64 ; +- +- local generic-os = [ set.difference $(all-os) : aix hpux ] ; +- local arch = power sparc x86 ; +- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>32 : -m32 ; +- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>64 : -m64 ; +-} +- +-{ + # Handle threading + local rule threading-flags ( * ) + { +-- +2.7.4 + diff --git a/meta/recipes-support/boost/boost_1.69.0.bb b/meta/recipes-support/boost/boost_1.69.0.bb index 324b46f168..5e9e0d87d7 100644 --- a/meta/recipes-support/boost/boost_1.69.0.bb +++ b/meta/recipes-support/boost/boost_1.69.0.bb @@ -6,4 +6,5 @@ SRC_URI += "file://arm-intrinsics.patch \ file://boost-math-disable-pch-for-gcc.patch \ file://0001-Apply-boost-1.62.0-no-forced-flags.patch.patch \ file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \ + file://0001-dont-setup-compiler-flags-m32-m64.patch \ " diff --git a/meta/recipes-support/curl/curl/CVE-2019-5435.patch b/meta/recipes-support/curl/curl/CVE-2019-5435.patch new file mode 100644 index 0000000000..f72435f608 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5435.patch @@ -0,0 +1,266 @@ +From 756380f74d58d5a877b26dc21be7b1316b617213 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 29 Apr 2019 08:00:49 +0200 +Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size + +This limits all accepted input strings passed to libcurl to be less than +CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: +curl_easy_setopt() and curl_url_set(). + +The 8000000 number is arbitrary picked and is meant to detect mistakes +or abuse, not to limit actual practical use cases. By limiting the +acceptable string lengths we also reduce the risk of integer overflows +all over. + +NOTE: This does not apply to `CURLOPT_POSTFIELDS`. + +Test 1559 verifies. + +Closes #3805 + +Upstream-Status: Backport +CVE: CVE-2019-5435 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + lib/setopt.c | 7 +++++ + lib/urlapi.c | 8 +++++ + lib/urldata.h | 4 +++ + tests/data/Makefile.inc | 2 +- + tests/data/test1559 | 44 ++++++++++++++++++++++++++ + tests/libtest/Makefile.inc | 6 ++-- + tests/libtest/lib1559.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++ + 7 files changed, 146 insertions(+), 3 deletions(-) + create mode 100644 tests/data/test1559 + create mode 100644 tests/libtest/lib1559.c + +diff --git a/lib/setopt.c b/lib/setopt.c +index b5f74a9..edf7165 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -61,6 +61,13 @@ CURLcode Curl_setstropt(char **charp, const char *s) + if(s) { + char *str = strdup(s); + ++ if(str) { ++ size_t len = strlen(str); ++ if(len > CURL_MAX_INPUT_LENGTH) { ++ free(str); ++ return CURLE_BAD_FUNCTION_ARGUMENT; ++ } ++ } + if(!str) + return CURLE_OUT_OF_MEMORY; + +diff --git a/lib/urlapi.c b/lib/urlapi.c +index a19867e..822e4b3 100644 +--- a/lib/urlapi.c ++++ b/lib/urlapi.c +@@ -642,6 +642,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) + ************************************************************/ + /* allocate scratch area */ + urllen = strlen(url); ++ if(urllen > CURL_MAX_INPUT_LENGTH) ++ /* excessive input length */ ++ return CURLUE_MALFORMED_INPUT; ++ + path = u->scratch = malloc(urllen * 2 + 2); + if(!path) + return CURLUE_OUT_OF_MEMORY; +@@ -1272,6 +1276,10 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, + const char *newp = part; + size_t nalloc = strlen(part); + ++ if(nalloc > CURL_MAX_INPUT_LENGTH) ++ /* excessive input length */ ++ return CURLUE_MALFORMED_INPUT; ++ + if(urlencode) { + const char *i; + char *o; +diff --git a/lib/urldata.h b/lib/urldata.h +index 24187a4..049a34d 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -79,6 +79,10 @@ + */ + #define RESP_TIMEOUT (120*1000) + ++/* Max string intput length is a precaution against abuse and to detect junk ++ input easier and better. */ ++#define CURL_MAX_INPUT_LENGTH 8000000 ++ + #include "cookie.h" + #include "psl.h" + #include "formdata.h" +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 2eca9c6..3dd234f 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -176,7 +176,7 @@ test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \ + test1533 test1534 test1535 test1536 test1537 test1538 \ + test1540 test1541 \ + test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ +-test1558 test1560 test1561 test1562 \ ++test1558 test1559 test1560 test1561 test1562 \ + \ + test1590 test1591 test1592 \ + \ +diff --git a/tests/data/test1559 b/tests/data/test1559 +new file mode 100644 +index 0000000..cbed6fb +--- /dev/null ++++ b/tests/data/test1559 +@@ -0,0 +1,44 @@ ++<testcase> ++<info> ++<keywords> ++CURLOPT_URL ++</keywords> ++</info> ++ ++<reply> ++</reply> ++ ++<client> ++<server> ++none ++</server> ++ ++# require HTTP so that CURLOPT_POSTFIELDS works as assumed ++<features> ++http ++</features> ++<tool> ++lib1559 ++</tool> ++ ++<name> ++Set excessive URL lengths ++</name> ++</client> ++ ++# ++# Verify that the test runs to completion without crashing ++<verify> ++<errorcode> ++0 ++</errorcode> ++<stdout> ++CURLOPT_URL 10000000 bytes URL == 43 ++CURLOPT_POSTFIELDS 10000000 bytes data == 0 ++CURLUPART_URL 10000000 bytes URL == 3 ++CURLUPART_SCHEME 10000000 bytes scheme == 3 ++CURLUPART_USER 10000000 bytes user == 3 ++</stdout> ++</verify> ++ ++</testcase> +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index e38f481..52b51c5 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -31,8 +31,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ + lib1534 lib1535 lib1536 lib1537 lib1538 \ + lib1540 lib1541 \ + lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ +- lib1558 \ +- lib1560 \ ++ lib1558 lib1559 lib1560 \ + lib1591 lib1592 \ + lib1900 lib1905 \ + lib2033 +@@ -529,6 +528,9 @@ lib1557_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1557 + lib1558_SOURCES = lib1558.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib1558_LDADD = $(TESTUTIL_LIBS) + ++lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1559_LDADD = $(TESTUTIL_LIBS) ++ + lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib1560_LDADD = $(TESTUTIL_LIBS) + +diff --git a/tests/libtest/lib1559.c b/tests/libtest/lib1559.c +new file mode 100644 +index 0000000..2aa3615 +--- /dev/null ++++ b/tests/libtest/lib1559.c +@@ -0,0 +1,78 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.haxx.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ ***************************************************************************/ ++#include "test.h" ++ ++#include "testutil.h" ++#include "warnless.h" ++#include "memdebug.h" ++ ++#define EXCESSIVE 10*1000*1000 ++int test(char *URL) ++{ ++ CURLcode res = 0; ++ CURL *curl = NULL; ++ char *longurl = malloc(EXCESSIVE); ++ CURLU *u; ++ (void)URL; ++ ++ memset(longurl, 'a', EXCESSIVE); ++ longurl[EXCESSIVE-1] = 0; ++ ++ global_init(CURL_GLOBAL_ALL); ++ easy_init(curl); ++ ++ res = curl_easy_setopt(curl, CURLOPT_URL, longurl); ++ printf("CURLOPT_URL %d bytes URL == %d\n", ++ EXCESSIVE, (int)res); ++ ++ res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, longurl); ++ printf("CURLOPT_POSTFIELDS %d bytes data == %d\n", ++ EXCESSIVE, (int)res); ++ ++ u = curl_url(); ++ if(u) { ++ CURLUcode uc = curl_url_set(u, CURLUPART_URL, longurl, 0); ++ printf("CURLUPART_URL %d bytes URL == %d\n", ++ EXCESSIVE, (int)uc); ++ uc = curl_url_set(u, CURLUPART_SCHEME, longurl, CURLU_NON_SUPPORT_SCHEME); ++ printf("CURLUPART_SCHEME %d bytes scheme == %d\n", ++ EXCESSIVE, (int)uc); ++ uc = curl_url_set(u, CURLUPART_USER, longurl, 0); ++ printf("CURLUPART_USER %d bytes user == %d\n", ++ EXCESSIVE, (int)uc); ++ curl_url_cleanup(u); ++ } ++ ++ free(longurl); ++ ++ curl_easy_cleanup(curl); ++ curl_global_cleanup(); ++ ++ return 0; ++ ++test_cleanup: ++ ++ curl_easy_cleanup(curl); ++ curl_global_cleanup(); ++ ++ return res; /* return the final return code */ ++} diff --git a/meta/recipes-support/curl/curl/CVE-2019-5436.patch b/meta/recipes-support/curl/curl/CVE-2019-5436.patch new file mode 100644 index 0000000000..eee26ce273 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5436.patch @@ -0,0 +1,30 @@ +From 2da531b3068e22cf714f001b493a704b2e9b923f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 3 May 2019 22:20:37 +0200 +Subject: [PATCH] tftp: use the current blksize for recvfrom() + +bug: https://curl.haxx.se/docs/CVE-2019-5436.html +Reported-by: l00p3r on hackerone +CVE-2019-5436 + +Upstream-Status: Backport +CVE: CVE-2019-5436 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + lib/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/tftp.c b/lib/tftp.c +index 8b92b7b..289cda2 100644 +--- a/lib/tftp.c ++++ b/lib/tftp.c +@@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = TFTP_BLKSIZE_DEFAULT; ++ state->blksize = blksize; + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch new file mode 100644 index 0000000000..30122d1ae9 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5482.patch @@ -0,0 +1,65 @@ +From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001 +From: Thomas Vegas <> +Date: Sat, 31 Aug 2019 17:30:51 +0200 +Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is + received + +Fixes potential buffer overflow from 'recvfrom()', should the server +return an OACK without blksize. + +Bug: https://curl.haxx.se/docs/CVE-2019-5482.html +CVE-2019-5482 + +Upstream-Status: Backport +CVE: CVE-2019-5482 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + lib/tftp.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +Index: curl-7.64.1/lib/tftp.c +=================================================================== +--- curl-7.64.1.orig/lib/tftp.c ++++ curl-7.64.1/lib/tftp.c +@@ -973,6 +973,7 @@ static CURLcode tftp_connect(struct conn + { + tftp_state_data_t *state; + int blksize; ++ int need_blksize; + + blksize = TFTP_BLKSIZE_DEFAULT; + +@@ -987,15 +988,20 @@ static CURLcode tftp_connect(struct conn + return CURLE_TFTP_ILLEGAL; + } + ++ need_blksize = blksize; ++ /* default size is the fallback when no OACK is received */ ++ if(need_blksize < TFTP_BLKSIZE_DEFAULT) ++ need_blksize = TFTP_BLKSIZE_DEFAULT; ++ + if(!state->rpacket.data) { +- state->rpacket.data = calloc(1, blksize + 2 + 2); ++ state->rpacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->rpacket.data) + return CURLE_OUT_OF_MEMORY; + } + + if(!state->spacket.data) { +- state->spacket.data = calloc(1, blksize + 2 + 2); ++ state->spacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->spacket.data) + return CURLE_OUT_OF_MEMORY; +@@ -1009,7 +1015,7 @@ static CURLcode tftp_connect(struct conn + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = blksize; ++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl_7.64.1.bb b/meta/recipes-support/curl/curl_7.64.1.bb index 47c28beff6..151d74a236 100644 --- a/meta/recipes-support/curl/curl_7.64.1.bb +++ b/meta/recipes-support/curl/curl_7.64.1.bb @@ -7,6 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://CVE-2019-5435.patch \ + file://CVE-2019-5436.patch \ + file://CVE-2019-5482.patch \ " SRC_URI[md5sum] = "790c101927845208a9d7e8c429ddd1b2" diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch index 4a280f9d5c..83195b5bd4 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch @@ -1,4 +1,4 @@ -From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001 +From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 20 Dec 2018 17:37:48 -0800 Subject: [PATCH] Woverride-init is not needed with gcc 9 @@ -17,15 +17,18 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 30d0b45..98fe412 100644 +index 024d6dcc8..c6e141e16 100644 --- a/dirmngr/dns.h +++ b/dirmngr/dns.h -@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void); +@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void); + #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"") + #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop") - #define dns_quietinit(...) \ - DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP -#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4 +#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9) #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") +-- +2.17.1 + diff --git a/meta/recipes-support/gnupg/gnupg_2.2.13.bb b/meta/recipes-support/gnupg/gnupg_2.2.17.bb index 3ce2a38c0e..e5456dd9b9 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.13.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.17.bb @@ -19,9 +19,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" - -SRC_URI[md5sum] = "563b959d0c3856e34526e9ca51c80d7b" -SRC_URI[sha256sum] = "76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8" +SRC_URI[md5sum] = "1ba2d9b70c377f8e967742064c27a19c" +SRC_URI[sha256sum] = "afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ diff --git a/meta/recipes-support/gnutls/gnutls_3.6.7.bb b/meta/recipes-support/gnutls/gnutls_3.6.8.bb index 01dd23c961..bd752d3457 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.7.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.8.bb @@ -21,8 +21,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar file://arm_eabi.patch \ " -SRC_URI[md5sum] = "c4ac669c500df939d4fbfea722367929" -SRC_URI[sha256sum] = "5b3409ad5aaf239808730d1ee12fdcd148c0be00262c7edf157af655a8a188e2" +SRC_URI[md5sum] = "9dcf0aa45d1a42e1b3ca5d39ec7c61a8" +SRC_URI[sha256sum] = "aa81944e5635de981171772857e72be231a7e0f559ae0292d2737de475383e83" inherit autotools texinfo pkgconfig gettext lib_package gtk-doc diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch new file mode 100644 index 0000000000..cdfc9cf5e6 --- /dev/null +++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch @@ -0,0 +1,38 @@ +From 38bdf8e956218dd6a72942229cf39ef8e45dd28f Mon Sep 17 00:00:00 2001 +From: Mike Gorse <mgorse@alum.wpi.edu> +Date: Thu, 2 May 2019 10:54:43 -0500 +Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8 +Reply-To: muislam@microsoft.com; Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Otherwise, the offending character is never consumed, possibly leading +to an infinite loop. + +https://bugzilla.gnome.org/show_bug.cgi?id=782647 + +CVE: CVE-2017-8834 CVE-2017-8871 + +Upstream-Status: Backport + +Signed-off-by: Muminul Islam <muislam@microsoft.com> + +Upstream commit: https://bug782647.bugzilla-attachments.gnome.org/attachment.cgi?id=374219 +--- + src/cr-utils.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cr-utils.c b/src/cr-utils.c +index 2420cec..6cf4849 100644 +--- a/src/cr-utils.c ++++ b/src/cr-utils.c +@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in, + + } else { + /*BAD ENCODING */ ++ nb_bytes_2_decode = 1; + goto end; + } + +-- +2.23.0 + diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb index f95a583134..85a120d80b 100644 --- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb +++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb @@ -18,6 +18,7 @@ inherit gnomebase gtk-doc binconfig-disabled SRC_URI += "file://CVE-2017-7960.patch \ file://CVE-2017-7961.patch \ + file://CVE-2017-8834_71.patch \ " SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce" diff --git a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch new file mode 100644 index 0000000000..4df96f0011 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch @@ -0,0 +1,90 @@ +From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Sat, 27 Apr 2019 19:33:28 +0300 +Subject: [PATCH 1/3] Prefetch GCM look-up tables + +* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) +(prefetch_tables): New. +(ghash_internal): Call prefetch_tables. +-- + +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index c19f09f..11f119a 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -118,6 +118,34 @@ static const u16 gcmR[256] = { + 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, + }; + ++static inline ++void prefetch_table(const void *tab, size_t len) ++{ ++ const volatile byte *vtab = tab; ++ size_t i; ++ ++ for (i = 0; i < len; i += 8 * 32) ++ { ++ (void)vtab[i + 0 * 32]; ++ (void)vtab[i + 1 * 32]; ++ (void)vtab[i + 2 * 32]; ++ (void)vtab[i + 3 * 32]; ++ (void)vtab[i + 4 * 32]; ++ (void)vtab[i + 5 * 32]; ++ (void)vtab[i + 6 * 32]; ++ (void)vtab[i + 7 * 32]; ++ } ++ ++ (void)vtab[len - 1]; ++} ++ ++static inline void ++do_prefetch_tables (const void *gcmM, size_t gcmM_size) ++{ ++ prefetch_table(gcmM, gcmM_size); ++ prefetch_table(gcmR, sizeof(gcmR)); ++} ++ + #ifdef GCM_TABLES_USE_U64 + static void + bshift (u64 * b0, u64 * b1) +@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) + #define fillM(c) \ + do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) + #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table) ++#define prefetch_tables(c) \ ++ do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table)) + + #else + +@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf) + + #define fillM(c) do { } while (0) + #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf) ++#define prefetch_tables(c) do {} while (0) + + #endif /* !GCM_USE_TABLES */ + +@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf, + const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; + unsigned int burn = 0; + ++ prefetch_tables (c); ++ + while (nblocks) + { + burn = GHASH (c, result, buf); +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch new file mode 100644 index 0000000000..c82c5b5c8a --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch @@ -0,0 +1,332 @@ +From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:18:09 +0300 +Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between + processes + +* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. +* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. +(enc_tables): New structure for encryption table with counters before +and after. +(encT): New macro. +(dec_tables): Add counters before and after encryption table; Move +from .rodata to .data section. +(do_encrypt): Change 'encT' to 'enc_tables.T'. +(do_decrypt): Change '&dec_tables' to 'dec_tables.T'. +* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input +with length not multiple of 256. +(prefetch_enc, prefetch_dec): Modify pre- and post-table counters +to unshare look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/rijndael-internal.h | 4 +- + cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++-------------------- + cipher/rijndael.c | 35 ++++++++-- + 3 files changed, 118 insertions(+), 76 deletions(-) + +diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h +index 160fb8c..a62d4b7 100644 +--- a/cipher/rijndael-internal.h ++++ b/cipher/rijndael-internal.h +@@ -29,11 +29,13 @@ + #define BLOCKSIZE (128/8) + + +-/* Helper macro to force alignment to 16 bytes. */ ++/* Helper macro to force alignment to 16 or 64 bytes. */ + #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED + # define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) + #else + # define ATTR_ALIGNED_16 ++# define ATTR_ALIGNED_64 + #endif + + +diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h +index 8359470..b54d959 100644 +--- a/cipher/rijndael-tables.h ++++ b/cipher/rijndael-tables.h +@@ -21,80 +21,98 @@ + /* To keep the actual implementation at a readable size we use this + include file to define the tables. */ + +-static const u32 encT[256] = ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u32 T[256]; ++ volatile u32 counter_tail; ++} enc_tables ATTR_ALIGNED_64 = + { +- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, +- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, +- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, +- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, +- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, +- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, +- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, +- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, +- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, +- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, +- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, +- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, +- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, +- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, +- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, +- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, +- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, +- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, +- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, +- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, +- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, +- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, +- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, +- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, +- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, +- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, +- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, +- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, +- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, +- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, +- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, +- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, +- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, +- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, +- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, +- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, +- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, +- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, +- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, +- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, +- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, +- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, +- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, +- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, +- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, +- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, +- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, +- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, +- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, +- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, +- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, +- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, +- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, +- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, +- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, +- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, +- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, +- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, +- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, +- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, +- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, +- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, +- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, +- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ 0, ++ { 0, }, ++ { ++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, ++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, ++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, ++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, ++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, ++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, ++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, ++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, ++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, ++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, ++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, ++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, ++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, ++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, ++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, ++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, ++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, ++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, ++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, ++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, ++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, ++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, ++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, ++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, ++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, ++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, ++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, ++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, ++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, ++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, ++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, ++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, ++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, ++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, ++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, ++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, ++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, ++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, ++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, ++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, ++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, ++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, ++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, ++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, ++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, ++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, ++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, ++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, ++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, ++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, ++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, ++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, ++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, ++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, ++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, ++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, ++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, ++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, ++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, ++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, ++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, ++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, ++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, ++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ }, ++ 0 + }; + +-static const struct ++#define encT enc_tables.T ++ ++static struct + { ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; + u32 T[256]; + byte inv_sbox[256]; +-} dec_tables = ++ volatile u32 counter_tail; ++} dec_tables ATTR_ALIGNED_64 = + { ++ 0, ++ { 0, }, + { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, +@@ -194,7 +212,8 @@ static const struct + 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, + 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, + 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +- } ++ }, ++ 0 + }; + + #define decT dec_tables.T +diff --git a/cipher/rijndael.c b/cipher/rijndael.c +index 8637195..d0edab2 100644 +--- a/cipher/rijndael.c ++++ b/cipher/rijndael.c +@@ -227,11 +227,11 @@ static const char *selftest(void); + + + /* Prefetching for encryption/decryption tables. */ +-static void prefetch_table(const volatile byte *tab, size_t len) ++static inline void prefetch_table(const volatile byte *tab, size_t len) + { + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)tab[i + 0 * 32]; + (void)tab[i + 1 * 32]; +@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len) + (void)tab[i + 6 * 32]; + (void)tab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)tab[i]; ++ } + + (void)tab[len - 1]; + } + + static void prefetch_enc(void) + { +- prefetch_table((const void *)encT, sizeof(encT)); ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ enc_tables.counter_head++; ++ enc_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ ++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables)); + } + + static void prefetch_dec(void) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ dec_tables.counter_head++; ++ dec_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table((const void *)&dec_tables, sizeof(dec_tables)); + } + +@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, +- encT); ++ enc_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx, + return ret; + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) +- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); ++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, ++ enc_tables.T); + #else + return do_encrypt_fn (ctx, bx, ax); + #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/ +@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) + return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + #else + return do_decrypt_fn (ctx, bx, ax); + #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/ +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch new file mode 100644 index 0000000000..b580b7b13c --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch @@ -0,0 +1,178 @@ +From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:27:25 +0300 +Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare + between processes + +* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. +(gcmR): Move to 'gcm_table' structure. +(gcm_table): New structure for look-up table with counters before and +after. +(gcmR): New macro. +(prefetch_table): Handle input with length not multiple of 256. +(do_prefetch_tables): Modify pre- and post-table counters to unshare +look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 70 insertions(+), 36 deletions(-) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index 11f119a..194e2ec 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -30,6 +30,14 @@ + #include "./cipher-internal.h" + + ++/* Helper macro to force alignment to 16 or 64 bytes. */ ++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) ++#else ++# define ATTR_ALIGNED_64 ++#endif ++ ++ + #ifdef GCM_USE_INTEL_PCLMUL + extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c); + +@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf, + + + #ifdef GCM_USE_TABLES +-static const u16 gcmR[256] = { +- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, +- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, +- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, +- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, +- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, +- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, +- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, +- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, +- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, +- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, +- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, +- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, +- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, +- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, +- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, +- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, +- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, +- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, +- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, +- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, +- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, +- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, +- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, +- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, +- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, +- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, +- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, +- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, +- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, +- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, +- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, +- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, +-}; ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u16 R[256]; ++ volatile u32 counter_tail; ++} gcm_table ATTR_ALIGNED_64 = ++ { ++ 0, ++ { 0, }, ++ { ++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, ++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, ++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, ++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, ++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, ++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, ++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, ++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, ++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, ++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, ++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, ++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, ++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, ++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, ++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, ++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, ++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, ++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, ++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, ++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, ++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, ++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, ++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, ++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, ++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, ++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, ++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, ++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, ++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, ++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, ++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, ++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, ++ }, ++ 0 ++ }; ++ ++#define gcmR gcm_table.R + + static inline + void prefetch_table(const void *tab, size_t len) +@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len) + const volatile byte *vtab = tab; + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)vtab[i + 0 * 32]; + (void)vtab[i + 1 * 32]; +@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len) + (void)vtab[i + 6 * 32]; + (void)vtab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)vtab[i]; ++ } + + (void)vtab[len - 1]; + } +@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len) + static inline void + do_prefetch_tables (const void *gcmM, size_t gcmM_size) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ gcm_table.counter_head++; ++ gcm_table.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table(gcmM, gcmM_size); +- prefetch_table(gcmR, sizeof(gcmR)); ++ prefetch_table(&gcm_table, sizeof(gcm_table)); + } + + #ifdef GCM_TABLES_USE_U64 +-- +2.7.4 + diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb index fda68a2938..11d078d44a 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb @@ -21,6 +21,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ + file://0001-Prefetch-GCM-look-up-tables.patch \ + file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ + file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ " SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573" SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227" diff --git a/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch b/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch new file mode 100644 index 0000000000..dc3d558e24 --- /dev/null +++ b/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch @@ -0,0 +1,161 @@ +Upstream-Status: Backport [https://dev.gnupg.org/T4459] +Signed-off-by: Sean Nyekjaer <sean@geanix.com> + +From 37069826e497d6af01e3e48fe5d2220ae7f85449 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Mon, 15 Apr 2019 15:10:44 +0900 +Subject: [PATCH] awk: Prepare for Gawk 5.0. + +* src/Makefile.am: Use pkg_namespace (instead of namespace). +* src/mkerrnos.awk: Likewise. +* lang/cl/mkerrcodes.awk: Don't escape # in regexp. +* src/mkerrcodes.awk, src/mkerrcodes1.awk, src/mkerrcodes2.awk: Ditto. + +-- + +In Gawk 5.0, regexp routines are replaced by Gnulib implementation, +which only allows escaping specific characters. + +GnuPG-bug-id: 4459 +Reported-by: Marius Schamschula +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> +--- + lang/cl/mkerrcodes.awk | 2 +- + src/Makefile.am | 2 +- + src/mkerrcodes.awk | 2 +- + src/mkerrcodes1.awk | 2 +- + src/mkerrcodes2.awk | 2 +- + src/mkerrnos.awk | 2 +- + src/mkstrtable.awk | 10 +++++----- + 7 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/lang/cl/mkerrcodes.awk b/lang/cl/mkerrcodes.awk +index ae29043..9a1fc18 100644 +--- a/lang/cl/mkerrcodes.awk ++++ b/lang/cl/mkerrcodes.awk +@@ -122,7 +122,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/Makefile.am b/src/Makefile.am +index 42998e4..0ceac9f 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -281,7 +281,7 @@ code-from-errno.h: mkerrcodes Makefile + + errnos-sym.h: Makefile mkstrtable.awk errnos.in + $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \ +- -v prefix=GPG_ERR_ -v namespace=errnos_ \ ++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \ + $(srcdir)/errnos.in >$@ + + +diff --git a/src/mkerrcodes.awk b/src/mkerrcodes.awk +index 46d436c..e9c857c 100644 +--- a/src/mkerrcodes.awk ++++ b/src/mkerrcodes.awk +@@ -85,7 +85,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrcodes1.awk b/src/mkerrcodes1.awk +index a771a73..4578e29 100644 +--- a/src/mkerrcodes1.awk ++++ b/src/mkerrcodes1.awk +@@ -81,7 +81,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrcodes2.awk b/src/mkerrcodes2.awk +index ea58503..188f7a4 100644 +--- a/src/mkerrcodes2.awk ++++ b/src/mkerrcodes2.awk +@@ -91,7 +91,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrnos.awk b/src/mkerrnos.awk +index f79df66..15b1aad 100644 +--- a/src/mkerrnos.awk ++++ b/src/mkerrnos.awk +@@ -83,7 +83,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkstrtable.awk b/src/mkstrtable.awk +index c9de9c1..285e45f 100644 +--- a/src/mkstrtable.awk ++++ b/src/mkstrtable.awk +@@ -77,7 +77,7 @@ + # + # The variable prefix can be used to prepend a string to each message. + # +-# The variable namespace can be used to prepend a string to each ++# The variable pkg_namespace can be used to prepend a string to each + # variable and macro name. + + BEGIN { +@@ -102,7 +102,7 @@ header { + print "/* The purpose of this complex string table is to produce"; + print " optimal code with a minimum of relocations. */"; + print ""; +- print "static const char " namespace "msgstr[] = "; ++ print "static const char " pkg_namespace "msgstr[] = "; + header = 0; + } + else +@@ -110,7 +110,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +@@ -150,7 +150,7 @@ END { + else + print " gettext_noop (\"" last_msgstr "\");"; + print ""; +- print "static const int " namespace "msgidx[] ="; ++ print "static const int " pkg_namespace "msgidx[] ="; + print " {"; + for (i = 0; i < coded_msgs; i++) + print " " pos[i] ","; +@@ -158,7 +158,7 @@ END { + print " };"; + print ""; + print "static GPG_ERR_INLINE int"; +- print namespace "msgidxof (int code)"; ++ print pkg_namespace "msgidxof (int code)"; + print "{"; + print " return (0 ? 0"; + +-- +2.23.0 + diff --git a/meta/recipes-support/libgpg-error/libgpg-error_1.35.bb b/meta/recipes-support/libgpg-error/libgpg-error_1.35.bb index 57ac143fd5..37c298e151 100644 --- a/meta/recipes-support/libgpg-error/libgpg-error_1.35.bb +++ b/meta/recipes-support/libgpg-error/libgpg-error_1.35.bb @@ -14,6 +14,7 @@ SECTION = "libs" UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \ file://pkgconfig.patch \ + file://libgpg-error-1.35-gawk5-support.patch \ " SRC_URI[md5sum] = "2808a9e044f883f7554c5ba6a380b711" diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb index b095397ec2..b33a47be6a 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.64.2.bb @@ -15,6 +15,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ SRC_URI[md5sum] = "cac755dc6c6acd6e0c70007f547548f5" SRC_URI[sha256sum] = "75ddc194a5b1d6f25033bb9d355f04bfe5c03e0e1c71ed0774104457b3a786c6" +CVE_PRODUCT = "libsoup" + S = "${WORKDIR}/libsoup-${PV}" inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 0000000000..ef3f2709f7 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-13117.patch @@ -0,0 +1,33 @@ +From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 27 Apr 2019 11:19:48 +0200 +Subject: [PATCH] Fix uninitialized read of xsl:number token + +Found by OSS-Fuzz. + +CVE: CVE-2019-13117 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + libxslt/numbers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index 89e1f668..75c31eba 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, + tokens->tokens[tokens->nTokens].token = val - 1; + ix += len; + val = xmlStringCurrentChar(NULL, format+ix, &len); +- } ++ } else { ++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; ++ tokens->tokens[tokens->nTokens].width = 1; ++ } + } else if ( (val == (xmlChar)'A') || + (val == (xmlChar)'a') || + (val == (xmlChar)'I') || +-- +2.21.0 + diff --git a/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/meta/recipes-support/libxslt/files/CVE-2019-13118.patch new file mode 100644 index 0000000000..595e6c2f33 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-13118.patch @@ -0,0 +1,76 @@ +From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 3 Jun 2019 13:14:45 +0200 +Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars + +The character type in xsltFormatNumberConversion was too narrow and +an invalid character/length combination could be passed to +xsltNumberFormatDecimal, resulting in an uninitialized read. + +Found by OSS-Fuzz. + +CVE: CVE-2019-13118 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + libxslt/numbers.c | 5 +++-- + tests/docs/bug-222.xml | 1 + + tests/general/bug-222.out | 2 ++ + tests/general/bug-222.xsl | 6 ++++++ + 4 files changed, 12 insertions(+), 2 deletions(-) + create mode 100644 tests/docs/bug-222.xml + create mode 100644 tests/general/bug-222.out + create mode 100644 tests/general/bug-222.xsl + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index f1ed8846..20b99d5a 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: + number = floor((scale * number + 0.5)) / scale; + if ((self->grouping != NULL) && + (self->grouping[0] != 0)) { ++ int gchar; + + len = xmlStrlen(self->grouping); +- pchar = xsltGetUTF8Char(self->grouping, &len); ++ gchar = xsltGetUTF8Char(self->grouping, &len); + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, + format_info.group, +- pchar, len); ++ gchar, len); + } else + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, +diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml +new file mode 100644 +index 00000000..69d62f2c +--- /dev/null ++++ b/tests/docs/bug-222.xml +@@ -0,0 +1 @@ ++<doc/> +diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out +new file mode 100644 +index 00000000..e3139698 +--- /dev/null ++++ b/tests/general/bug-222.out +@@ -0,0 +1,2 @@ ++<?xml version="1.0"?> ++1⠢0 +diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl +new file mode 100644 +index 00000000..e32dc473 +--- /dev/null ++++ b/tests/general/bug-222.xsl +@@ -0,0 +1,6 @@ ++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> ++ <xsl:decimal-format name="f" grouping-separator="⠢"/> ++ <xsl:template match="/"> ++ <xsl:value-of select="format-number(10,'#⠢0','f')"/> ++ </xsl:template> ++</xsl:stylesheet> +-- +2.21.0 + diff --git a/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch new file mode 100644 index 0000000000..5f2b620396 --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2019-18197.patch @@ -0,0 +1,33 @@ +libxslt: fix CVE-2019-18197 + +Added after 1.1.33 release. + +CVE: CVE-2019-18197 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git] +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +commit 2232473733b7313d67de8836ea3b29eec6e8e285 +Author: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat Aug 17 16:51:53 2019 +0200 + + Fix dangling pointer in xsltCopyText + + xsltCopyText didn't reset ctxt->lasttext in some cases which could + lead to various memory errors in relation with CDATA sections in input + documents. + + Found by OSS-Fuzz. + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 95ebd07..d7ab0b6 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target, + if ((copy->content = xmlStrdup(cur->content)) == NULL) + return NULL; + } ++ ++ ctxt->lasttext = NULL; + } else { + /* + * normal processing. keep counters to extend the text node diff --git a/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/meta/recipes-support/libxslt/libxslt_1.1.33.bb index 42b21c7bca..f93c2537ad 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.33.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.33.bb @@ -10,6 +10,9 @@ DEPENDS = "libxml2" SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ file://0001-Fix-security-framework-bypass.patch \ + file://CVE-2019-13117.patch \ + file://CVE-2019-13118.patch \ + file://CVE-2019-18197.patch \ " SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f" diff --git a/meta/recipes-support/lz4/lz4_1.8.3.bb b/meta/recipes-support/lz4/lz4_1.8.3.bb index 125836f7bf..605e148d81 100644 --- a/meta/recipes-support/lz4/lz4_1.8.3.bb +++ b/meta/recipes-support/lz4/lz4_1.8.3.bb @@ -18,6 +18,9 @@ UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)" S = "${WORKDIR}/git" +# Fixed in r118, which is larger than the current version. +CVE_CHECK_WHITELIST += "CVE-2014-4715" + EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" do_install() { diff --git a/meta/recipes-support/popt/popt_1.16.bb b/meta/recipes-support/popt/popt_1.16.bb index 478288f9bf..27e49c2ca2 100644 --- a/meta/recipes-support/popt/popt_1.16.bb +++ b/meta/recipes-support/popt/popt_1.16.bb @@ -8,7 +8,7 @@ PR = "r3" DEPENDS = "virtual/libiconv" -SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \ +SRC_URI = "http://anduin.linuxfromscratch.org/BLFS/popt/popt-${PV}.tar.gz \ file://pkgconfig_fix.patch \ file://popt_fix_for_automake-1.12.patch \ file://disable_tests.patch \ diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service index f0355db14f..5c8253b5fb 100644 --- a/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service @@ -2,7 +2,8 @@ Description=Hardware RNG Entropy Gatherer Daemon DefaultDependencies=no After=systemd-udev-settle.service -Before=sysinit.target +Before=sysinit.target shutdown.target +Conflicts=shutdown.target [Service] ExecStart=@SBINDIR@/rngd -f -r /dev/hwrng diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch new file mode 100644 index 0000000000..7c4a65b3cd --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch @@ -0,0 +1,40 @@ +From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 15 Oct 2019 13:22:52 +0800 +Subject: [PATCH] Fix CVE-2019-16168 + +CVE: CVE-2019-16168 + +Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + sqlite3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 61bfdeb..b3e6ae2 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -105933,7 +105933,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sz); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +-- +2.17.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb index 4bdb04f4d1..2888a56ee9 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb @@ -7,6 +7,7 @@ SRC_URI = "\ http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2019-9936.patch \ file://CVE-2019-9937.patch \ + file://0001-Fix-CVE-2019-16168.patch \ " SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0" diff --git a/meta/recipes-support/vim/files/CVE-2019-12735.patch b/meta/recipes-support/vim/files/CVE-2019-12735.patch new file mode 100644 index 0000000000..d8afa1867b --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2019-12735.patch @@ -0,0 +1,64 @@ +From e8197acdd091881fdbf9ed6ca8318f3c96465f0a Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Wed, 22 May 2019 22:38:25 +0200 +Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox + +Problem: Source command doesn't check for the sandbox. (Armin Razmjou) +Solution: Check for the sandbox when sourcing a file. + +Upstream-Status: Backport +CVE: CVE-2019-12735 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + src/getchar.c | 6 ++++++ + src/testdir/test_source.vim | 9 +++++++++ + src/version.c | 2 ++ + 3 files changed, 17 insertions(+) + +diff --git a/src/getchar.c b/src/getchar.c +index 0e9942b..475f644 100644 +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -1407,6 +1407,12 @@ openscript( + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ +diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim +index a33d286..5166baf 100644 +--- a/src/testdir/test_source.vim ++++ b/src/testdir/test_source.vim +@@ -36,3 +36,12 @@ func Test_source_cmd() + au! SourcePre + au! SourcePost + endfunc ++ ++func Test_source_sandbox() ++ new ++ call writefile(["Ohello\<Esc>"], 'Xsourcehello') ++ source! Xsourcehello | echo ++ call assert_equal('hello', getline(1)) ++ call assert_fails('sandbox source! Xsourcehello', 'E48:') ++ bwipe! ++endfunc +diff --git a/src/version.c b/src/version.c +index a49f6fb..e4f74be 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -780,6 +780,8 @@ static char *(features[]) = + static int included_patches[] = + { /* Add new patch number below this line */ + /**/ ++ 1365, ++/**/ + 1017, + /**/ + 1016, diff --git a/meta/recipes-support/vim/vim_8.1.1017.bb b/meta/recipes-support/vim/vim_8.1.1017.bb index 7627d2844b..e161e12eed 100644 --- a/meta/recipes-support/vim/vim_8.1.1017.bb +++ b/meta/recipes-support/vim/vim_8.1.1017.bb @@ -12,6 +12,7 @@ SRC_URI = "git://github.com/vim/vim.git \ file://disable_acl_header_check.patch;patchdir=.. \ file://vim-add-knob-whether-elf.h-are-checked.patch;patchdir=.. \ file://0001-src-Makefile-improve-reproducibility.patch;patchdir=.. \ + file://CVE-2019-12735.patch;patchdir=.. \ " SRCREV = "493fbe4abee660d30b4f2aef87b754b0a720213c" |