glibc: CVE-2020-29562 and CVE-2020-29573

Backport the CVE patches from the glibc upstream: git://sourceware.org/git/glibc.git commit 681900d29683722b1cb0a8e565a0585846ec5a61 commit 228edd356f03bf62dcf2b1335f25d43c602ee68d (From OE-Core rev: 01d59c49720548d620448f0e812f07aa3c1cc83a) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Zhixiong Chi <zhixiong.chi@windriver.com> 2020-12-07 23:43:08 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-12-15 22:51:56 +0000
commit: fcadedd84569dfebdf4c7b85eab11f7786554c6c (patch)
tree: 79d246a2c8a506ad21c31d99bec9d7926a9c546a /meta
parent: 1551dbbc4729f727cada31f001bd336763841798 (diff)
download: poky-fcadedd84569dfebdf4c7b85eab11f7786554c6c.tar.gz
3 files changed, 213 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
new file mode 100644
index 0000000000..134b4e3613
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
@@ -0,0 +1,155 @@
+From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001
+From: Michael Colavita <mcolavita@fb.com>
+Date: Thu, 19 Nov 2020 11:44:40 -0500
+Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
+Previously, in UCS4 conversion routines we limit the number of
+characters we examine to the minimum of the number of characters in the
+input and the number of characters in the output. This is not the
+correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
+an output character when we skip a code unit. Instead, track the input
+and output pointers and terminate the loop when either reaches its
+limit.
+This resolves assertion failures when resetting the input buffer in a step of
+iconv, which assumes that the input will be fully consumed given sufficient
+output space.
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+CVE: CVE-2020-29562
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ iconv/Makefile       |  2 +-
+ iconv/gconv_simple.c | 16 ++++----------
+ iconv/tst-iconv8.c   | 50 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 55 insertions(+), 13 deletions(-)
+ create mode 100644 iconv/tst-iconv8.c
+diff --git a/iconv/Makefile b/iconv/Makefile
+index 30bf996d3a..f9b51e23ec 100644
+--- a/iconv/Makefile
+++ b/iconv/Makefile
+@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION
+ CFLAGS-simple-hash.c += -I../locale
+ 
+ tests  = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \
+-         tst-iconv7 tst-iconv-mt tst-iconv-opt
+         tst-iconv7 tst-iconv8 tst-iconv-mt tst-iconv-opt
+ 
+ others         = iconv_prog iconvconfig
+ install-others-programs        = $(inst_bindir)/iconv
+diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c
+index d4797fba17..963b29f246 100644
+--- a/iconv/gconv_simple.c
+++ b/iconv/gconv_simple.c
+@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step,
+   int flags = step_data->__flags;
+   const unsigned char *inptr = *inptrp;
+   unsigned char *outptr = *outptrp;
+-  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
+   int result;
+-  size_t cnt;
+ 
+-  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
+     {
+       uint32_t inval;
+ 
+@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step,
+   int flags = step_data->__flags;
+   const unsigned char *inptr = *inptrp;
+   unsigned char *outptr = *outptrp;
+-  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
+   int result;
+-  size_t cnt;
+ 
+-  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
+     {
+       if (__glibc_unlikely (inptr[0] > 0x80))
+        {
+@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step,
+   int flags = step_data->__flags;
+   const unsigned char *inptr = *inptrp;
+   unsigned char *outptr = *outptrp;
+-  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
+   int result;
+-  size_t cnt;
+ 
+-  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
+     {
+       uint32_t inval;
+ 
+@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step,
+   int flags = step_data->__flags;
+   const unsigned char *inptr = *inptrp;
+   unsigned char *outptr = *outptrp;
+-  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
+   int result;
+-  size_t cnt;
+ 
+-  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
+     {
+       if (__glibc_unlikely (inptr[3] > 0x80))
+        {
+diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c
+new file mode 100644
+index 0000000000..0b92b19f66
+--- /dev/null
+++ b/iconv/tst-iconv8.c
+@@ -0,0 +1,50 @@
+/* Test iconv behavior on UCS4 conversions with //IGNORE.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* Derived from BZ #26923 */
+#include <errno.h>
+#include <iconv.h>
+#include <stdio.h>
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+  iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/");
+  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
+
+  /*
+   * Convert sequence beginning with an irreversible character into buffer that
+   * is too small.
+   */
+  char input[12] = "\xe1\x80\xa1" "AAAAAAAAA";
+  char *inptr = input;
+  size_t insize = sizeof (input);
+  char output[6];
+  char *outptr = output;
+  size_t outsize = sizeof (output);
+
+  TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1);
+  TEST_VERIFY (errno == E2BIG);
+
+  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
+
+  return 0;
+}
+
+#include <support/test-driver.c>
+-- 
+2.17.0
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
new file mode 100644
index 0000000000..0f54d72cad
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
@@ -0,0 +1,56 @@
+From 681900d29683722b1cb0a8e565a0585846ec5a61 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 22 Sep 2020 19:07:48 +0200
+Subject: [PATCH] x86: Harden printf against non-normal long double values (bug
+ 26649)
+The behavior of isnan/__builtin_isnan on bit patterns that do not
+correspond to something that the CPU would produce from valid inputs
+is currently under-defined in the toolchain. (The GCC built-in and
+glibc disagree.)
+The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c
+assumes the GCC behavior that returns true for non-normal numbers
+which are not specified as NaN. (The glibc implementation returns
+false for such numbers.)
+At present, passing non-normal numbers to __mpn_extract_long_double
+causes this function to produce irregularly shaped multi-precision
+integers, triggering undefined behavior in __printf_fp_l.
+With GCC 10 and glibc 2.32, this behavior is not visible because
+__builtin_isnan is used, which avoids calling
+__mpn_extract_long_double in this case.  This commit updates the
+implementation of __mpn_extract_long_double so that regularly shaped
+multi-precision integers are produced in this case, avoiding
+undefined behavior in __printf_fp_l.
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+CVE: CVE-2020-29573
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ sysdeps/i386/ldbl2mpn.c                  |  8 ++++
+ 1 files changed, 8 insertions(+)
+diff --git a/sysdeps/i386/ldbl2mpn.c b/sysdeps/i386/ldbl2mpn.c
+index ec8464eef7..23afedfb67 100644
+--- a/sysdeps/i386/ldbl2mpn.c
+++ b/sysdeps/i386/ldbl2mpn.c
+@@ -115,6 +115,14 @@ __mpn_extract_long_double (mp_ptr res_ptr, mp_size_t size,
+           && res_ptr[N - 1] == 0)
+     /* Pseudo zero.  */
+     *expt = 0;
+  else
+    /* Unlike other floating point formats, the most significant bit
+       is explicit and expected to be set for normal numbers.  Set it
+       in case it is cleared in the input.  Otherwise, callers will
+       not be able to produce the expected multi-precision integer
+       layout by shifting.  */
+    res_ptr[N - 1] |= (mp_limb_t) 1 << (LDBL_MANT_DIG - 1
+                                       - ((N - 1) * BITS_PER_MP_LIMB));
+ 
+   return N;
+ }
+-- 
+2.17.0
diff --git a/meta/recipes-core/glibc/glibc_2.32.bb b/meta/recipes-core/glibc/glibc_2.32.bb
index 2a0e464385..6d42f33822 100644
--- a/meta/recipes-core/glibc/glibc_2.32.bb
+++ b/meta/recipes-core/glibc/glibc_2.32.bb
@@ -43,6 +43,8 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
           file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
           file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
+           file://CVE-2020-29562.patch \
+           file://CVE-2020-29573.patch \
           "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
author	Zhixiong Chi <zhixiong.chi@windriver.com>	2020-12-07 23:43:08 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-12-15 22:51:56 +0000
commit	fcadedd84569dfebdf4c7b85eab11f7786554c6c (patch)
tree	79d246a2c8a506ad21c31d99bec9d7926a9c546a /meta
parent	1551dbbc4729f727cada31f001bd336763841798 (diff)
download	poky-fcadedd84569dfebdf4c7b85eab11f7786554c6c.tar.gz

diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch new file mode 100644 index 0000000000..134b4e3613 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
@@ -0,0 +1,155 @@
		1	From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001
		2	From: Michael Colavita <mcolavita@fb.com>
		3	Date: Thu, 19 Nov 2020 11:44:40 -0500
		4	Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
		5
		6	Previously, in UCS4 conversion routines we limit the number of
		7	characters we examine to the minimum of the number of characters in the
		8	input and the number of characters in the output. This is not the
		9	correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
		10	an output character when we skip a code unit. Instead, track the input
		11	and output pointers and terminate the loop when either reaches its
		12	limit.
		13
		14	This resolves assertion failures when resetting the input buffer in a step of
		15	iconv, which assumes that the input will be fully consumed given sufficient
		16	output space.
		17
		18	Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
		19	CVE: CVE-2020-29562
		20	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		21	---
		22	iconv/Makefile \| 2 +-
		23	iconv/gconv_simple.c \| 16 ++++----------
		24	iconv/tst-iconv8.c \| 50 ++++++++++++++++++++++++++++++++++++++++++++
		25	3 files changed, 55 insertions(+), 13 deletions(-)
		26	create mode 100644 iconv/tst-iconv8.c
		27
		28	diff --git a/iconv/Makefile b/iconv/Makefile
		29	index 30bf996d3a..f9b51e23ec 100644
		30	--- a/iconv/Makefile
		31	+++ b/iconv/Makefile
		32	@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION
		33	CFLAGS-simple-hash.c += -I../locale
		34
		35	tests = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \
		36	- tst-iconv7 tst-iconv-mt tst-iconv-opt
		37	+ tst-iconv7 tst-iconv8 tst-iconv-mt tst-iconv-opt
		38
		39	others = iconv_prog iconvconfig
		40	install-others-programs = $(inst_bindir)/iconv
		41	diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c
		42	index d4797fba17..963b29f246 100644
		43	--- a/iconv/gconv_simple.c
		44	+++ b/iconv/gconv_simple.c
		45	@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step,
		46	int flags = step_data->__flags;
		47	const unsigned char inptr = inptrp;
		48	unsigned char outptr = outptrp;
		49	- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
		50	int result;
		51	- size_t cnt;
		52
		53	- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
		54	+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
		55	{
		56	uint32_t inval;
		57
		58	@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step,
		59	int flags = step_data->__flags;
		60	const unsigned char inptr = inptrp;
		61	unsigned char outptr = outptrp;
		62	- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
		63	int result;
		64	- size_t cnt;
		65
		66	- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
		67	+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
		68	{
		69	if (__glibc_unlikely (inptr[0] > 0x80))
		70	{
		71	@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step,
		72	int flags = step_data->__flags;
		73	const unsigned char inptr = inptrp;
		74	unsigned char outptr = outptrp;
		75	- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
		76	int result;
		77	- size_t cnt;
		78
		79	- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
		80	+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
		81	{
		82	uint32_t inval;
		83
		84	@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step,
		85	int flags = step_data->__flags;
		86	const unsigned char inptr = inptrp;
		87	unsigned char outptr = outptrp;
		88	- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
		89	int result;
		90	- size_t cnt;
		91
		92	- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
		93	+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
		94	{
		95	if (__glibc_unlikely (inptr[3] > 0x80))
		96	{
		97	diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c
		98	new file mode 100644
		99	index 0000000000..0b92b19f66
		100	--- /dev/null
		101	+++ b/iconv/tst-iconv8.c
		102	@@ -0,0 +1,50 @@
		103	+/* Test iconv behavior on UCS4 conversions with //IGNORE.
		104	+ Copyright (C) 2020 Free Software Foundation, Inc.
		105	+ This file is part of the GNU C Library.
		106	+
		107	+ The GNU C Library is free software; you can redistribute it and/or
		108	+ modify it under the terms of the GNU Lesser General Public
		109	+ License as published by the Free Software Foundation; either
		110	+ version 2.1 of the License, or (at your option) any later version.
		111	+
		112	+ The GNU C Library is distributed in the hope that it will be useful,
		113	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
		114	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		115	+ Lesser General Public License for more details.
		116	+
		117	+ You should have received a copy of the GNU Lesser General Public
		118	+ License along with the GNU C Library; if not, see
		119	+ <http://www.gnu.org/licenses/>. */
		120	+
		121	+/* Derived from BZ #26923 */
		122	+#include <errno.h>
		123	+#include <iconv.h>
		124	+#include <stdio.h>
		125	+#include <support/check.h>
		126	+
		127	+static int
		128	+do_test (void)
		129	+{
		130	+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/");
		131	+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
		132	+
		133	+ /*
		134	+ * Convert sequence beginning with an irreversible character into buffer that
		135	+ * is too small.
		136	+ */
		137	+ char input[12] = "\xe1\x80\xa1" "AAAAAAAAA";
		138	+ char *inptr = input;
		139	+ size_t insize = sizeof (input);
		140	+ char output[6];
		141	+ char *outptr = output;
		142	+ size_t outsize = sizeof (output);
		143	+
		144	+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1);
		145	+ TEST_VERIFY (errno == E2BIG);
		146	+
		147	+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
		148	+
		149	+ return 0;
		150	+}
		151	+
		152	+#include <support/test-driver.c>
		153	--
		154	2.17.0
		155


diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch new file mode 100644 index 0000000000..0f54d72cad --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
@@ -0,0 +1,56 @@
		1	From 681900d29683722b1cb0a8e565a0585846ec5a61 Mon Sep 17 00:00:00 2001
		2	From: Florian Weimer <fweimer@redhat.com>
		3	Date: Tue, 22 Sep 2020 19:07:48 +0200
		4	Subject: [PATCH] x86: Harden printf against non-normal long double values (bug
		5	26649)
		6
		7	The behavior of isnan/__builtin_isnan on bit patterns that do not
		8	correspond to something that the CPU would produce from valid inputs
		9	is currently under-defined in the toolchain. (The GCC built-in and
		10	glibc disagree.)
		11
		12	The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c
		13	assumes the GCC behavior that returns true for non-normal numbers
		14	which are not specified as NaN. (The glibc implementation returns
		15	false for such numbers.)
		16
		17	At present, passing non-normal numbers to __mpn_extract_long_double
		18	causes this function to produce irregularly shaped multi-precision
		19	integers, triggering undefined behavior in __printf_fp_l.
		20
		21	With GCC 10 and glibc 2.32, this behavior is not visible because
		22	__builtin_isnan is used, which avoids calling
		23	__mpn_extract_long_double in this case. This commit updates the
		24	implementation of __mpn_extract_long_double so that regularly shaped
		25	multi-precision integers are produced in this case, avoiding
		26	undefined behavior in __printf_fp_l.
		27
		28	Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
		29	CVE: CVE-2020-29573
		30	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		31	---
		32	sysdeps/i386/ldbl2mpn.c \| 8 ++++
		33	1 files changed, 8 insertions(+)
		34
		35	diff --git a/sysdeps/i386/ldbl2mpn.c b/sysdeps/i386/ldbl2mpn.c
		36	index ec8464eef7..23afedfb67 100644
		37	--- a/sysdeps/i386/ldbl2mpn.c
		38	+++ b/sysdeps/i386/ldbl2mpn.c
		39	@@ -115,6 +115,14 @@ __mpn_extract_long_double (mp_ptr res_ptr, mp_size_t size,
		40	&& res_ptr[N - 1] == 0)
		41	/* Pseudo zero. */
		42	*expt = 0;
		43	+ else
		44	+ /* Unlike other floating point formats, the most significant bit
		45	+ is explicit and expected to be set for normal numbers. Set it
		46	+ in case it is cleared in the input. Otherwise, callers will
		47	+ not be able to produce the expected multi-precision integer
		48	+ layout by shifting. */
		49	+ res_ptr[N - 1] \|= (mp_limb_t) 1 << (LDBL_MANT_DIG - 1
		50	+ - ((N - 1) * BITS_PER_MP_LIMB));
		51
		52	return N;
		53	}
		54	--
		55	2.17.0
		56


diff --git a/meta/recipes-core/glibc/glibc_2.32.bb b/meta/recipes-core/glibc/glibc_2.32.bb index 2a0e464385..6d42f33822 100644 --- a/meta/recipes-core/glibc/glibc_2.32.bb +++ b/meta/recipes-core/glibc/glibc_2.32.bb
@@ -43,6 +43,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
43	file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \	43	file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
44	file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \	44	file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
45	file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \	45	file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
		46	file://CVE-2020-29562.patch \
		47	file://CVE-2020-29573.patch \
46	"	48	"
47	S = "${WORKDIR}/git"	49	S = "${WORKDIR}/git"
48	B = "${WORKDIR}/build-${TARGET_SYS}"	50	B = "${WORKDIR}/build-${TARGET_SYS}"