glibc: Security fix CVE-2016-6323

arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 (From OE-Core rev: e80d454711f67a9a3a2a43bb7d9ff911c4664a84) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-06-17 10:20:51 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-08-29 16:50:53 +0100
commit: fa4a5024fcad307d061dea7933fbf531abf5e17d (patch)
tree: 07b677774737389c8657de55993bac14aef1b077 /meta
parent: 4f064564fd595b3a0cbc09832ce74235faa96345 (diff)
download: poky-fa4a5024fcad307d061dea7933fbf531abf5e17d.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
new file mode 100644
index 0000000000..f9b9fa50d9
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
@@ -0,0 +1,39 @@
+glibc-2.24: Fix CVE-2016-6323
+[No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435
+arm: mark __startcontext as .cantunwind, GNU
+Glibc bug where the makecontext function would create
+an execution context which is incompatible with the unwinder,
+causing it to hang when the generation of a backtrace is attempted.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617]
+CVE: CVE-2016-6323
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
+index 603e508..d1f168f 100644
+--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
+++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
+@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
+ 
+        /* Called when a makecontext() context returns.  Start the
+           context in R4 or fall through to exit().  */
+       /* Unwind descriptors are looked up based on PC - 2, so we have to
+          make sure to mark the instruction preceding the __startcontext
+          label as .cantunwind.  */
+       .fnstart
+       .cantunwind
+       nop
+ ENTRY(__startcontext)
+        movs    r0, r4
+        bne     PLTJMP(__setcontext)
+ 
+        @ New context was 0 - exit
+        b       PLTJMP(HIDDEN_JUMPTARGET(exit))
+       .fnend
+ END(__startcontext)
+ 
+ #ifdef PIC
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index b60b692723..08ae45947f 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -38,6 +38,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
           file://0026-build_local_scope.patch \
           file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \
+           file://CVE-2016-6323.patch \
 "
 SRC_URI += "\
author	Armin Kuster <akuster808@gmail.com>	2017-06-17 10:20:51 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-29 16:50:53 +0100
commit	fa4a5024fcad307d061dea7933fbf531abf5e17d (patch)
tree	07b677774737389c8657de55993bac14aef1b077 /meta
parent	4f064564fd595b3a0cbc09832ce74235faa96345 (diff)
download	poky-fa4a5024fcad307d061dea7933fbf531abf5e17d.tar.gz

diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch new file mode 100644 index 0000000000..f9b9fa50d9 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch
@@ -0,0 +1,39 @@
		1	glibc-2.24: Fix CVE-2016-6323
		2
		3	[No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435
		4
		5	arm: mark __startcontext as .cantunwind, GNU
		6
		7	Glibc bug where the makecontext function would create
		8	an execution context which is incompatible with the unwinder,
		9	causing it to hang when the generation of a backtrace is attempted.
		10
		11	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617]
		12	CVE: CVE-2016-6323
		13	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
		14	Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
		15
		16	diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
		17	index 603e508..d1f168f 100644
		18	--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
		19	+++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
		20	@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
		21
		22	/* Called when a makecontext() context returns. Start the
		23	context in R4 or fall through to exit(). */
		24	+ /* Unwind descriptors are looked up based on PC - 2, so we have to
		25	+ make sure to mark the instruction preceding the __startcontext
		26	+ label as .cantunwind. */
		27	+ .fnstart
		28	+ .cantunwind
		29	+ nop
		30	ENTRY(__startcontext)
		31	movs r0, r4
		32	bne PLTJMP(__setcontext)
		33
		34	@ New context was 0 - exit
		35	b PLTJMP(HIDDEN_JUMPTARGET(exit))
		36	+ .fnend
		37	END(__startcontext)
		38
		39	#ifdef PIC


diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index b60b692723..08ae45947f 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -38,6 +38,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
38	file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \	38	file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
39	file://0026-build_local_scope.patch \	39	file://0026-build_local_scope.patch \
40	file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \	40	file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \
		41	file://CVE-2016-6323.patch \
41	"	42	"
42		43
43	SRC_URI += "\	44	SRC_URI += "\