diff options
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.24.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch new file mode 100644 index 0000000000..f9b9fa50d9 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | glibc-2.24: Fix CVE-2016-6323 | ||
2 | |||
3 | [No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435 | ||
4 | |||
5 | arm: mark __startcontext as .cantunwind, GNU | ||
6 | |||
7 | Glibc bug where the makecontext function would create | ||
8 | an execution context which is incompatible with the unwinder, | ||
9 | causing it to hang when the generation of a backtrace is attempted. | ||
10 | |||
11 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617] | ||
12 | CVE: CVE-2016-6323 | ||
13 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
14 | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> | ||
15 | |||
16 | diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
17 | index 603e508..d1f168f 100644 | ||
18 | --- a/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
19 | +++ b/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
20 | @@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext) | ||
21 | |||
22 | /* Called when a makecontext() context returns. Start the | ||
23 | context in R4 or fall through to exit(). */ | ||
24 | + /* Unwind descriptors are looked up based on PC - 2, so we have to | ||
25 | + make sure to mark the instruction preceding the __startcontext | ||
26 | + label as .cantunwind. */ | ||
27 | + .fnstart | ||
28 | + .cantunwind | ||
29 | + nop | ||
30 | ENTRY(__startcontext) | ||
31 | movs r0, r4 | ||
32 | bne PLTJMP(__setcontext) | ||
33 | |||
34 | @ New context was 0 - exit | ||
35 | b PLTJMP(HIDDEN_JUMPTARGET(exit)) | ||
36 | + .fnend | ||
37 | END(__startcontext) | ||
38 | |||
39 | #ifdef PIC | ||
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index b60b692723..08ae45947f 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb | |||
@@ -38,6 +38,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
38 | file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \ | 38 | file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \ |
39 | file://0026-build_local_scope.patch \ | 39 | file://0026-build_local_scope.patch \ |
40 | file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \ | 40 | file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \ |
41 | file://CVE-2016-6323.patch \ | ||
41 | " | 42 | " |
42 | 43 | ||
43 | SRC_URI += "\ | 44 | SRC_URI += "\ |