glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch

Drop 0016-Add-unused-attribute.patch since its fixed by Rewrite iconv option parsing [BZ #19519] [1] Upgrade to latest on 2.31 branch which brings following bug fixes * 6fdf971c9db (origin/release/2.31/master) Add NEWS entry for CVE-2016-10228 (bug 19519) * 70d585151c0 Rewrite iconv option parsing [BZ #19519] * 1c8efe848bf powerpc: Fix incorrect cache line size load in memset (bug 26332) * 7611339a9b5 nptl: Zero-extend arguments to SETXID syscalls [BZ #26248] * 21b760cc2fa Disable warnings due to deprecated libselinux symbols used by nss and nscd * 6f3459f9859 Add NEWS entry for CVE-2020-6096 (bug 25620) * 64246fccafc arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] * 9bbd2b61729 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] * 4e8a33a9590 NEWS: Mention BZ 25933 fix * fd15ba932d2 Fix avx2 strncmp offset compare condition check [BZ #25933] * 3a44844c97a nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976] * c8391752678 aarch64: fix strcpy and strnlen for big-endian [BZ #25824] * 10947412240 aarch64: Accept PLT calls to __getauxval within libc.so * a98b8b221cf NEWS: Mention fixes for BZ 25810/25896/25902/25966 * 4c833bbebe3 x86-64: Use RDX_LP on __x86_shared_non_temporal_threshold [BZ #25966] * 3b9ceb33204 NEWS: Mention bug 25639 fixed in 2.31 branch * bb44fe7711a oc_FR locale: Fix spelling of April (bug 25639) * f2ac7920474 oc_FR locale: Fix spelling of Thursday (bug 25639) * 18fdba553dd Add a C wrapper for prctl [BZ #25896] * 7c9e054afdd powerpc: Rename argN to _argN in LOADARGS_N [BZ #25902] * 9c5ae39a644 Add C wrappers for process_vm_readv/process_vm_writev [BZ #25810] * 63c3696a4ac Mark unsigned long arguments with U in more syscalls [BZ #25810] * 5b9d49293b7 Add a syscall test for [BZ #25810] * 496b5963a75 Add SYSCALL_ULONG_ARG_[12] to pass long to syscall [BZ #25810] * 04330f85263 x32: Properly pass long to syscall [BZ #25810] * de371d1581f Fix build with GCC 10 when long double = double. * ece4e11d55d Add new file missed in previous hppa commit. * 91b909315c4 Fix data race in setting function descriptors during lazy binding on hppa. * b999c0098ae nios2: delete sysdeps/unix/sysv/linux/nios2/kernel-features.h * 54ba2541b3a mips: Fix bracktrace result for signal frames * 83d3eec6728 stdlib: Move tst-system to tests-container * ad9b0037ccc support/shell-container.c: Add builtin kill * 2448ba1d724 support/shell-container.c: Add builtin exit * 5810e6d75ff support/shell-container.c: Return 127 if execve fails * d39fb022c26 Add NEWS entry for CVE-2020-1751 (bug 25423) * 46bbbd46223 posix: Fix system error return value [BZ #25715] * 3937f6806d9 Add NEWS entry for CVE-2020-1752 (bug 25414) * ab029a2801d Fix use-after-free in glob when expanding ~user (bug 25414) * a3189fb15b4 Update syscall lists for Linux 5.5. * 05c08d5aea9 NEWS: update list of bugs fixed on the 2.31 branch * 123d48b33a5 Add NEWS entry for CVE-2020-10029 (bug 25487) * 03f44ce0938 math/test-sinl-pseudo: Use stack protector only if available * e85a88e00c1 sparc: Move sigreturn stub to assembly * a9ae2062d57 arm: Fix softp-fp Implies (BZ #25635) * da6ce60e3cb linux/sysipc: Include linux/posix_types.h for __kernel_mode_t * 9db2970506c linux: Clear mode_t padding bits (BZ#25623) * 44f2c26ee4f i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543) * f2d95cf030f Improve IFUNC check [BZ #25506] * 9f997ceca28 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=70d585151c03ede999bd2ad5a724243914cb5f54 (From OE-Core rev: e03433fd52af298a4b177f36314728f916dd1ac2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Khem Raj <raj.khem@gmail.com> 2020-08-11 11:01:24 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-21 15:25:33 +0100
commit: 73b941cf53f9d8ce540f60c40e714b444933f623 (patch)
tree: 5525526659404df02a6bc0fdf9ba288330f6d83d
parent: 4b6faa9dada8d0ae7aba3a161429e4c1eab2fe21 (diff)
download: poky-73b941cf53f9d8ce540f60c40e714b444933f623.tar.gz
5 files changed, 2 insertions, 342 deletions
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index c2d68979eb..3bcd336de4 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.31/master"
 PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"
+SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
 SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch b/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
deleted file mode 100644
index 574e7c3503..0000000000
--- a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 18 Mar 2015 00:28:41 +0000
-Subject: [PATCH] Add unused attribute
-Helps in avoiding gcc warning when header is is included in
-a source file which does not use both functions
-        * iconv/gconv_charset.h (strip):
-        Add unused attribute.
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
---
- iconv/gconv_charset.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
-index 348acc089b..fa92465d89 100644
--- a/iconv/gconv_charset.h
-+++ b/iconv/gconv_charset.h
-@@ -21,7 +21,7 @@
- #include <locale.h>
- 
- 
-static void
-+static void __attribute__ ((unused))
- strip (char *wp, const char *s)
- {
-   int slash_count = 0;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
deleted file mode 100644
index 9c26f76432..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
-From: Alexander Anisimov <a.anisimov@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:31 +0200
-Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
- [BZ #25620]
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy.
-This commit fixes the armv7 version.
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-index bf4ac7077f..379bb56fc9 100644
--- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-@@ -268,7 +268,7 @@ ENTRY(memcpy)
- 
-        mov     dst, dstin      /* Preserve dstin, we need to return it.  */
-        cmp     count, #64
-       bge     .Lcpy_not_short
-+       bhs     .Lcpy_not_short
-        /* Deal with small copies quickly by dropping straight into the
-           exit block.  */
- 
-@@ -351,10 +351,10 @@ ENTRY(memcpy)
- 
- 1:
-        subs    tmp2, count, #64        /* Use tmp2 for count.  */
-       blt     .Ltail63aligned
-+       blo     .Ltail63aligned
- 
-        cmp     tmp2, #512
-       bge     .Lcpy_body_long
-+       bhs     .Lcpy_body_long
- 
- .Lcpy_body_medium:                     /* Count in tmp2.  */
- #ifdef USE_VFP
-@@ -378,7 +378,7 @@ ENTRY(memcpy)
-        add     src, src, #64
-        vstr    d1, [dst, #56]
-        add     dst, dst, #64
-       bge     1b
-+       bhs     1b
-        tst     tmp2, #0x3f
-        beq     .Ldone
- 
-@@ -412,7 +412,7 @@ ENTRY(memcpy)
-        ldrd    A_l, A_h, [src, #64]!
-        strd    A_l, A_h, [dst, #64]!
-        subs    tmp2, tmp2, #64
-       bge     1b
-+       bhs     1b
-        tst     tmp2, #0x3f
-        bne     1f
-        ldr     tmp2,[sp], #FRAME_SIZE
-@@ -482,7 +482,7 @@ ENTRY(memcpy)
-        add     src, src, #32
- 
-        subs    tmp2, tmp2, #prefetch_lines * 64 * 2
-       blt     2f
-+       blo     2f
- 1:
-        cpy_line_vfp    d3, 0
-        cpy_line_vfp    d4, 64
-@@ -494,7 +494,7 @@ ENTRY(memcpy)
-        add     dst, dst, #2 * 64
-        add     src, src, #2 * 64
-        subs    tmp2, tmp2, #prefetch_lines * 64
-       bge     1b
-+       bhs     1b
- 
- 2:
-        cpy_tail_vfp    d3, 0
-@@ -615,8 +615,8 @@ ENTRY(memcpy)
- 1:
-        pld     [src, #(3 * 64)]
-        subs    count, count, #64
-       ldrmi   tmp2, [sp], #FRAME_SIZE
-       bmi     .Ltail63unaligned
-+       ldrlo   tmp2, [sp], #FRAME_SIZE
-+       blo     .Ltail63unaligned
-        pld     [src, #(4 * 64)]
- 
- #ifdef USE_NEON
-@@ -633,7 +633,7 @@ ENTRY(memcpy)
-        neon_load_multi d0-d3, src
-        neon_load_multi d4-d7, src
-        subs    count, count, #64
-       bmi     2f
-+       blo     2f
- 1:
-        pld     [src, #(4 * 64)]
-        neon_store_multi d0-d3, dst
-@@ -641,7 +641,7 @@ ENTRY(memcpy)
-        neon_store_multi d4-d7, dst
-        neon_load_multi d4-d7, src
-        subs    count, count, #64
-       bpl     1b
-+       bhs     1b
- 2:
-        neon_store_multi d0-d3, dst
-        neon_store_multi d4-d7, dst
-- 
-2.17.1
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
deleted file mode 100644
index 905e44c8e3..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
-From: Evgeny Eremin <e.eremin@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:19 +0200
-Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
- length [BZ #25620]
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy and memmove.
-This commit fixes the generic arm implementation of memcpy amd memmove.
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #2
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- sysdeps/arm/memcpy.S  | 24 ++++++++++--------------
- sysdeps/arm/memmove.S | 24 ++++++++++--------------
- 2 files changed, 20 insertions(+), 28 deletions(-)
-diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
-index 510e8adaf2..bcfbc51d99 100644
--- a/sysdeps/arm/memcpy.S
-+++ b/sysdeps/arm/memcpy.S
-@@ -68,7 +68,7 @@ ENTRY(memcpy)
-                cfi_remember_state
- 
-                subs    r2, r2, #4
-               blt     8f
-+               blo     8f
-                ands    ip, r0, #3
-        PLD(    pld     [r1, #0]                )
-                bne     9f
-@@ -82,7 +82,7 @@ ENTRY(memcpy)
-                cfi_rel_offset (r6, 4)
-                cfi_rel_offset (r7, 8)
-                cfi_rel_offset (r8, 12)
-               blt     5f
-+               blo     5f
- 
-        CALGN(  ands    ip, r1, #31             )
-        CALGN(  rsb     r3, ip, #32             )
-@@ -98,9 +98,9 @@ ENTRY(memcpy)
- #endif
- 
-        PLD(    pld     [r1, #0]                )
-2:     PLD(    subs    r2, r2, #96             )
-+2:     PLD(    cmp     r2, #96                 )
-        PLD(    pld     [r1, #28]               )
-       PLD(    blt     4f                      )
-+       PLD(    blo     4f                      )
-        PLD(    pld     [r1, #60]               )
-        PLD(    pld     [r1, #92]               )
- 
-@@ -108,9 +108,7 @@ ENTRY(memcpy)
- 4:             ldmia   r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
-                subs    r2, r2, #32
-                stmia   r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-               bge     3b
-       PLD(    cmn     r2, #96                 )
-       PLD(    bge     4b                      )
-+               bhs     3b
- 
- 5:             ands    ip, r2, #28
-                rsb     ip, ip, #32
-@@ -222,7 +220,7 @@ ENTRY(memcpy)
-                strbge  r4, [r0], #1
-                subs    r2, r2, ip
-                strb    lr, [r0], #1
-               blt     8b
-+               blo     8b
-                ands    ip, r1, #3
-                beq     1b
- 
-@@ -236,7 +234,7 @@ ENTRY(memcpy)
-                .macro  forward_copy_shift pull push
- 
-                subs    r2, r2, #28
-               blt     14f
-+               blo     14f
- 
-        CALGN(  ands    ip, r1, #31             )
-        CALGN(  rsb     ip, ip, #32             )
-@@ -253,9 +251,9 @@ ENTRY(memcpy)
-                cfi_rel_offset (r10, 16)
- 
-        PLD(    pld     [r1, #0]                )
-       PLD(    subs    r2, r2, #96             )
-+       PLD(    cmp     r2, #96                 )
-        PLD(    pld     [r1, #28]               )
-       PLD(    blt     13f                     )
-+       PLD(    blo     13f                     )
-        PLD(    pld     [r1, #60]               )
-        PLD(    pld     [r1, #92]               )
- 
-@@ -280,9 +278,7 @@ ENTRY(memcpy)
-                mov     ip, ip, PULL #\pull
-                orr     ip, ip, lr, PUSH #\push
-                stmia   r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
-               bge     12b
-       PLD(    cmn     r2, #96                 )
-       PLD(    bge     13b                     )
-+               bhs     12b
- 
-                pop     {r5 - r8, r10}
-                cfi_adjust_cfa_offset (-20)
-diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
-index 954037ef3a..0d07b76ee6 100644
--- a/sysdeps/arm/memmove.S
-+++ b/sysdeps/arm/memmove.S
-@@ -85,7 +85,7 @@ ENTRY(memmove)
-                add     r1, r1, r2
-                add     r0, r0, r2
-                subs    r2, r2, #4
-               blt     8f
-+               blo     8f
-                ands    ip, r0, #3
-        PLD(    pld     [r1, #-4]               )
-                bne     9f
-@@ -99,7 +99,7 @@ ENTRY(memmove)
-                cfi_rel_offset (r6, 4)
-                cfi_rel_offset (r7, 8)
-                cfi_rel_offset (r8, 12)
-               blt     5f
-+               blo     5f
- 
-        CALGN(  ands    ip, r1, #31             )
-        CALGN(  sbcsne  r4, ip, r2              )  @ C is always set here
-@@ -114,9 +114,9 @@ ENTRY(memmove)
- #endif
- 
-        PLD(    pld     [r1, #-4]               )
-2:     PLD(    subs    r2, r2, #96             )
-+2:     PLD(    cmp     r2, #96                 )
-        PLD(    pld     [r1, #-32]              )
-       PLD(    blt     4f                      )
-+       PLD(    blo     4f                      )
-        PLD(    pld     [r1, #-64]              )
-        PLD(    pld     [r1, #-96]              )
- 
-@@ -124,9 +124,7 @@ ENTRY(memmove)
- 4:             ldmdb   r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
-                subs    r2, r2, #32
-                stmdb   r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-               bge     3b
-       PLD(    cmn     r2, #96                 )
-       PLD(    bge     4b                      )
-+               bhs     3b
- 
- 5:             ands    ip, r2, #28
-                rsb     ip, ip, #32
-@@ -237,7 +235,7 @@ ENTRY(memmove)
-                strbge  r4, [r0, #-1]!
-                subs    r2, r2, ip
-                strb    lr, [r0, #-1]!
-               blt     8b
-+               blo     8b
-                ands    ip, r1, #3
-                beq     1b
- 
-@@ -251,7 +249,7 @@ ENTRY(memmove)
-                .macro  backward_copy_shift push pull
- 
-                subs    r2, r2, #28
-               blt     14f
-+               blo     14f
- 
-        CALGN(  ands    ip, r1, #31             )
-        CALGN(  rsb     ip, ip, #32             )
-@@ -268,9 +266,9 @@ ENTRY(memmove)
-                cfi_rel_offset (r10, 16)
- 
-        PLD(    pld     [r1, #-4]               )
-       PLD(    subs    r2, r2, #96             )
-+       PLD(    cmp     r2, #96                 )
-        PLD(    pld     [r1, #-32]              )
-       PLD(    blt     13f                     )
-+       PLD(    blo     13f                     )
-        PLD(    pld     [r1, #-64]              )
-        PLD(    pld     [r1, #-96]              )
- 
-@@ -295,9 +293,7 @@ ENTRY(memmove)
-                mov     r4, r4, PUSH #\push
-                orr     r4, r4, r3, PULL #\pull
-                stmdb   r0!, {r4 - r8, r10, ip, lr}
-               bge     12b
-       PLD(    cmn     r2, #96                 )
-       PLD(    bge     13b                     )
-+               bhs     12b
- 
-                pop     {r5 - r8, r10}
-                cfi_adjust_cfa_offset (-20)
-- 
-2.17.1
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index e8e11f5438..3d486fbb59 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,7 @@
 require glibc.inc
 require glibc-version.inc
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
 DEPENDS += "gperf-native bison-native make-native"
@@ -28,7 +28,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
           file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
           file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
-           file://0016-Add-unused-attribute.patch \
           file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
           file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
           file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
@@ -42,8 +41,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
           file://0028-inject-file-assembly-directives.patch \
           file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
-           file://CVE-2020-6096.patch \
-           file://CVE-2020-6096_2.patch \
           "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
author	Khem Raj <raj.khem@gmail.com>	2020-08-11 11:01:24 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-08-21 15:25:33 +0100
commit	73b941cf53f9d8ce540f60c40e714b444933f623 (patch)
tree	5525526659404df02a6bc0fdf9ba288330f6d83d
parent	4b6faa9dada8d0ae7aba3a161429e4c1eab2fe21 (diff)
download	poky-73b941cf53f9d8ce540f60c40e714b444933f623.tar.gz

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index c2d68979eb..3bcd336de4 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
1	SRCBRANCH ?= "release/2.31/master"	1	SRCBRANCH ?= "release/2.31/master"
2	PV = "2.31+git${SRCPV}"	2	PV = "2.31+git${SRCPV}"
3	SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"	3	SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
4	SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"	4	SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
5		5
6	GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"	6	GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"


diff --git a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch b/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch deleted file mode 100644 index 574e7c3503..0000000000 --- a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
2	From: Khem Raj <raj.khem@gmail.com>
3	Date: Wed, 18 Mar 2015 00:28:41 +0000
4	Subject: [PATCH] Add unused attribute
5
6	Helps in avoiding gcc warning when header is is included in
7	a source file which does not use both functions
8
9	* iconv/gconv_charset.h (strip):
10	Add unused attribute.
11
12	Signed-off-by: Khem Raj <raj.khem@gmail.com>
13
14	Upstream-Status: Pending
15	---
16	iconv/gconv_charset.h \| 2 +-
17	1 file changed, 1 insertion(+), 1 deletion(-)
18
19	diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
20	index 348acc089b..fa92465d89 100644
21	--- a/iconv/gconv_charset.h
22	+++ b/iconv/gconv_charset.h
23	@@ -21,7 +21,7 @@
24	#include <locale.h>
25
26
27	-static void
28	+static void __attribute__ ((unused))
29	strip (char wp, const char s)
30	{
31	int slash_count = 0;


diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch deleted file mode 100644 index 9c26f76432..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch +++ /dev/null
@@ -1,112 +0,0 @@
1	From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
2	From: Alexander Anisimov <a.anisimov@omprussia.ru>
3	Date: Wed, 8 Jul 2020 14:18:31 +0200
4	Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
5	[BZ #25620]
6
7	Unsigned branch instructions could be used for r2 to fix the wrong
8	behavior when a negative length is passed to memcpy.
9	This commit fixes the armv7 version.
10
11	Upstream-Status: Backport
12	CVE: CVE-2020-6096 patch #1
13	Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15	---
16	sysdeps/arm/armv7/multiarch/memcpy_impl.S \| 22 +++++++++++-----------
17	1 file changed, 11 insertions(+), 11 deletions(-)
18
19	diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
20	index bf4ac7077f..379bb56fc9 100644
21	--- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
22	+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
23	@@ -268,7 +268,7 @@ ENTRY(memcpy)
24
25	mov dst, dstin /* Preserve dstin, we need to return it. */
26	cmp count, #64
27	- bge .Lcpy_not_short
28	+ bhs .Lcpy_not_short
29	/* Deal with small copies quickly by dropping straight into the
30	exit block. */
31
32	@@ -351,10 +351,10 @@ ENTRY(memcpy)
33
34	1:
35	subs tmp2, count, #64 /* Use tmp2 for count. */
36	- blt .Ltail63aligned
37	+ blo .Ltail63aligned
38
39	cmp tmp2, #512
40	- bge .Lcpy_body_long
41	+ bhs .Lcpy_body_long
42
43	.Lcpy_body_medium: /* Count in tmp2. */
44	#ifdef USE_VFP
45	@@ -378,7 +378,7 @@ ENTRY(memcpy)
46	add src, src, #64
47	vstr d1, [dst, #56]
48	add dst, dst, #64
49	- bge 1b
50	+ bhs 1b
51	tst tmp2, #0x3f
52	beq .Ldone
53
54	@@ -412,7 +412,7 @@ ENTRY(memcpy)
55	ldrd A_l, A_h, [src, #64]!
56	strd A_l, A_h, [dst, #64]!
57	subs tmp2, tmp2, #64
58	- bge 1b
59	+ bhs 1b
60	tst tmp2, #0x3f
61	bne 1f
62	ldr tmp2,[sp], #FRAME_SIZE
63	@@ -482,7 +482,7 @@ ENTRY(memcpy)
64	add src, src, #32
65
66	subs tmp2, tmp2, #prefetch_lines * 64 * 2
67	- blt 2f
68	+ blo 2f
69	1:
70	cpy_line_vfp d3, 0
71	cpy_line_vfp d4, 64
72	@@ -494,7 +494,7 @@ ENTRY(memcpy)
73	add dst, dst, #2 * 64
74	add src, src, #2 * 64
75	subs tmp2, tmp2, #prefetch_lines * 64
76	- bge 1b
77	+ bhs 1b
78
79	2:
80	cpy_tail_vfp d3, 0
81	@@ -615,8 +615,8 @@ ENTRY(memcpy)
82	1:
83	pld [src, #(3 * 64)]
84	subs count, count, #64
85	- ldrmi tmp2, [sp], #FRAME_SIZE
86	- bmi .Ltail63unaligned
87	+ ldrlo tmp2, [sp], #FRAME_SIZE
88	+ blo .Ltail63unaligned
89	pld [src, #(4 * 64)]
90
91	#ifdef USE_NEON
92	@@ -633,7 +633,7 @@ ENTRY(memcpy)
93	neon_load_multi d0-d3, src
94	neon_load_multi d4-d7, src
95	subs count, count, #64
96	- bmi 2f
97	+ blo 2f
98	1:
99	pld [src, #(4 * 64)]
100	neon_store_multi d0-d3, dst
101	@@ -641,7 +641,7 @@ ENTRY(memcpy)
102	neon_store_multi d4-d7, dst
103	neon_load_multi d4-d7, src
104	subs count, count, #64
105	- bpl 1b
106	+ bhs 1b
107	2:
108	neon_store_multi d0-d3, dst
109	neon_store_multi d4-d7, dst
110	--
111	2.17.1
112


diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch deleted file mode 100644 index 905e44c8e3..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch +++ /dev/null
@@ -1,194 +0,0 @@
1	From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
2	From: Evgeny Eremin <e.eremin@omprussia.ru>
3	Date: Wed, 8 Jul 2020 14:18:19 +0200
4	Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
5	length [BZ #25620]
6
7	Unsigned branch instructions could be used for r2 to fix the wrong
8	behavior when a negative length is passed to memcpy and memmove.
9	This commit fixes the generic arm implementation of memcpy amd memmove.
10
11	Upstream-Status: Backport
12	CVE: CVE-2020-6096 patch #2
13	Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15	---
16	sysdeps/arm/memcpy.S \| 24 ++++++++++--------------
17	sysdeps/arm/memmove.S \| 24 ++++++++++--------------
18	2 files changed, 20 insertions(+), 28 deletions(-)
19
20	diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
21	index 510e8adaf2..bcfbc51d99 100644
22	--- a/sysdeps/arm/memcpy.S
23	+++ b/sysdeps/arm/memcpy.S
24	@@ -68,7 +68,7 @@ ENTRY(memcpy)
25	cfi_remember_state
26
27	subs r2, r2, #4
28	- blt 8f
29	+ blo 8f
30	ands ip, r0, #3
31	PLD( pld [r1, #0] )
32	bne 9f
33	@@ -82,7 +82,7 @@ ENTRY(memcpy)
34	cfi_rel_offset (r6, 4)
35	cfi_rel_offset (r7, 8)
36	cfi_rel_offset (r8, 12)
37	- blt 5f
38	+ blo 5f
39
40	CALGN( ands ip, r1, #31 )
41	CALGN( rsb r3, ip, #32 )
42	@@ -98,9 +98,9 @@ ENTRY(memcpy)
43	#endif
44
45	PLD( pld [r1, #0] )
46	-2: PLD( subs r2, r2, #96 )
47	+2: PLD( cmp r2, #96 )
48	PLD( pld [r1, #28] )
49	- PLD( blt 4f )
50	+ PLD( blo 4f )
51	PLD( pld [r1, #60] )
52	PLD( pld [r1, #92] )
53
54	@@ -108,9 +108,7 @@ ENTRY(memcpy)
55	4: ldmia r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
56	subs r2, r2, #32
57	stmia r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
58	- bge 3b
59	- PLD( cmn r2, #96 )
60	- PLD( bge 4b )
61	+ bhs 3b
62
63	5: ands ip, r2, #28
64	rsb ip, ip, #32
65	@@ -222,7 +220,7 @@ ENTRY(memcpy)
66	strbge r4, [r0], #1
67	subs r2, r2, ip
68	strb lr, [r0], #1
69	- blt 8b
70	+ blo 8b
71	ands ip, r1, #3
72	beq 1b
73
74	@@ -236,7 +234,7 @@ ENTRY(memcpy)
75	.macro forward_copy_shift pull push
76
77	subs r2, r2, #28
78	- blt 14f
79	+ blo 14f
80
81	CALGN( ands ip, r1, #31 )
82	CALGN( rsb ip, ip, #32 )
83	@@ -253,9 +251,9 @@ ENTRY(memcpy)
84	cfi_rel_offset (r10, 16)
85
86	PLD( pld [r1, #0] )
87	- PLD( subs r2, r2, #96 )
88	+ PLD( cmp r2, #96 )
89	PLD( pld [r1, #28] )
90	- PLD( blt 13f )
91	+ PLD( blo 13f )
92	PLD( pld [r1, #60] )
93	PLD( pld [r1, #92] )
94
95	@@ -280,9 +278,7 @@ ENTRY(memcpy)
96	mov ip, ip, PULL #\pull
97	orr ip, ip, lr, PUSH #\push
98	stmia r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
99	- bge 12b
100	- PLD( cmn r2, #96 )
101	- PLD( bge 13b )
102	+ bhs 12b
103
104	pop {r5 - r8, r10}
105	cfi_adjust_cfa_offset (-20)
106	diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
107	index 954037ef3a..0d07b76ee6 100644
108	--- a/sysdeps/arm/memmove.S
109	+++ b/sysdeps/arm/memmove.S
110	@@ -85,7 +85,7 @@ ENTRY(memmove)
111	add r1, r1, r2
112	add r0, r0, r2
113	subs r2, r2, #4
114	- blt 8f
115	+ blo 8f
116	ands ip, r0, #3
117	PLD( pld [r1, #-4] )
118	bne 9f
119	@@ -99,7 +99,7 @@ ENTRY(memmove)
120	cfi_rel_offset (r6, 4)
121	cfi_rel_offset (r7, 8)
122	cfi_rel_offset (r8, 12)
123	- blt 5f
124	+ blo 5f
125
126	CALGN( ands ip, r1, #31 )
127	CALGN( sbcsne r4, ip, r2 ) @ C is always set here
128	@@ -114,9 +114,9 @@ ENTRY(memmove)
129	#endif
130
131	PLD( pld [r1, #-4] )
132	-2: PLD( subs r2, r2, #96 )
133	+2: PLD( cmp r2, #96 )
134	PLD( pld [r1, #-32] )
135	- PLD( blt 4f )
136	+ PLD( blo 4f )
137	PLD( pld [r1, #-64] )
138	PLD( pld [r1, #-96] )
139
140	@@ -124,9 +124,7 @@ ENTRY(memmove)
141	4: ldmdb r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
142	subs r2, r2, #32
143	stmdb r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
144	- bge 3b
145	- PLD( cmn r2, #96 )
146	- PLD( bge 4b )
147	+ bhs 3b
148
149	5: ands ip, r2, #28
150	rsb ip, ip, #32
151	@@ -237,7 +235,7 @@ ENTRY(memmove)
152	strbge r4, [r0, #-1]!
153	subs r2, r2, ip
154	strb lr, [r0, #-1]!
155	- blt 8b
156	+ blo 8b
157	ands ip, r1, #3
158	beq 1b
159
160	@@ -251,7 +249,7 @@ ENTRY(memmove)
161	.macro backward_copy_shift push pull
162
163	subs r2, r2, #28
164	- blt 14f
165	+ blo 14f
166
167	CALGN( ands ip, r1, #31 )
168	CALGN( rsb ip, ip, #32 )
169	@@ -268,9 +266,9 @@ ENTRY(memmove)
170	cfi_rel_offset (r10, 16)
171
172	PLD( pld [r1, #-4] )
173	- PLD( subs r2, r2, #96 )
174	+ PLD( cmp r2, #96 )
175	PLD( pld [r1, #-32] )
176	- PLD( blt 13f )
177	+ PLD( blo 13f )
178	PLD( pld [r1, #-64] )
179	PLD( pld [r1, #-96] )
180
181	@@ -295,9 +293,7 @@ ENTRY(memmove)
182	mov r4, r4, PUSH #\push
183	orr r4, r4, r3, PULL #\pull
184	stmdb r0!, {r4 - r8, r10, ip, lr}
185	- bge 12b
186	- PLD( cmn r2, #96 )
187	- PLD( bge 13b )
188	+ bhs 12b
189
190	pop {r5 - r8, r10}
191	cfi_adjust_cfa_offset (-20)
192	--
193	2.17.1
194


diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index e8e11f5438..3d486fbb59 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,7 @@
1	require glibc.inc	1	require glibc.inc
2	require glibc-version.inc	2	require glibc-version.inc
3		3
4	CVE_CHECK_WHITELIST += "CVE-2020-10029"	4	CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
5		5
6	DEPENDS += "gperf-native bison-native make-native"	6	DEPENDS += "gperf-native bison-native make-native"
7		7
@@ -28,7 +28,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
28	file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \	28	file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
29	file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \	29	file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
30	file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \	30	file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
31	file://0016-Add-unused-attribute.patch \
32	file://0017-yes-within-the-path-sets-wrong-config-variables.patch \	31	file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
33	file://0018-timezone-re-written-tzselect-as-posix-sh.patch \	32	file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
34	file://0019-Remove-bash-dependency-for-nscd-init-script.patch \	33	file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
@@ -42,8 +41,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
42	file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \	41	file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
43	file://0028-inject-file-assembly-directives.patch \	42	file://0028-inject-file-assembly-directives.patch \
44	file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \	43	file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
45	file://CVE-2020-6096.patch \
46	file://CVE-2020-6096_2.patch \
47	"	44	"
48	S = "${WORKDIR}/git"	45	S = "${WORKDIR}/git"
49	B = "${WORKDIR}/build-${TARGET_SYS}"	46	B = "${WORKDIR}/build-${TARGET_SYS}"