glibc: fix CVE-2016-6323

Backport patch to fix CVE-2016-6323 of glibc. And remove the section of
file ChangeLog which can't be applied.

Ref:
https://sourceware.org/bugzilla/show_bug.cgi?id=20435

(From OE-Core rev: a3c2acee40c8875e311e03bff6906e7c93c491fc)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 47 insertions, 0 deletions

diff --git a/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch
new file mode 100644
index 0000000000..95067d37a5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch
@@ -0,0 +1,46 @@
+Backport patch to fix CVE-2016-6323 for glibc. And remove the section of
+ChangeLog which can't be applied.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c]
+CVE: CVE-2016-6323
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From 9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Mon, 8 Aug 2016 09:29:18 +0200
+Subject: [PATCH] arm: mark __startcontext as .cantunwind (bug 20435)
+
+__startcontext marks the bottom of the call stack of the contexts created
+by makecontext.
+---
+ ChangeLog                                | 6 ++++++
+ sysdeps/unix/sysv/linux/arm/setcontext.S | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
+index 603e508..d1f168f 100644
+--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
++++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
+@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
+ 
+        /* Called when a makecontext() context returns.  Start the
+           context in R4 or fall through to exit().  */
++       /* Unwind descriptors are looked up based on PC - 2, so we have to
++          make sure to mark the instruction preceding the __startcontext
++          label as .cantunwind.  */
++       .fnstart
++       .cantunwind
++       nop
+ ENTRY(__startcontext)
+        movs    r0, r4
+        bne     PLTJMP(__setcontext)
+ 
+        @ New context was 0 - exit
+        b       PLTJMP(HIDDEN_JUMPTARGET(exit))
++       .fnend
+ END(__startcontext)
+ 
+ #ifdef PIC
+-- 
+2.10.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index f5a21b258d..475c13339a 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
            file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
            file://0026-build_local_scope.patch \
+           file://0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch \
 "
 
 SRC_URI += "\