1 files changed, 198 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
new file mode 100644
index 0000000000..353c2553f5
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
@@ -0,0 +1,198 @@
+From 58e8a07b1aef0e53af1642b30248255e53e42790 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:25 +0100
+Subject: [PATCH] dmidecode: Write the whole dump file at once
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+CVE: CVE-2023-30630
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f38]
+Backport Changes:
+- In the file dmidecode.c, the commit [2241f1d] in v3.3 introduces
+  pr_info(). This is backported to printf() as per v3.2.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+(cherry picked from commit d8cfbc808f387e87091c25e7d5b8c2bb348bb206)
+Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
+---
+ dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c      | 40 -------------------------------
+ util.h      |  1 -
+ 3 files changed, 51 insertions(+), 59 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index d6eedd1..b91e53b 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -5094,11 +5094,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+        }
+ }
+ 
+-static void dmi_table_dump(const u8 *buf, u32 len)
+static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+                         u32 table_len)
+ {
+       FILE *f;
+
+       f = fopen(opt.dumpfile, "wb");
+       if (!f)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fopen");
+               return -1;
+       }
+
+       if (!(opt.flags & FLAG_QUIET))
+               printf("# Writing %d bytes to %s.\n", ep_len, opt.dumpfile);
+       if (fwrite(ep, ep_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fseek(f, 32, SEEK_SET) != 0)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fseek");
+               goto err_close;
+       }
+
+        if (!(opt.flags & FLAG_QUIET))
+-               printf("# Writing %d bytes to %s.\n", len, opt.dumpfile);
+-       write_dump(32, len, buf, opt.dumpfile, 0);
+               printf("# Writing %d bytes to %s.\n", table_len, opt.dumpfile);
+       if (fwrite(table, table_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fclose(f))
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fclose");
+               return -1;
+       }
+
+       return 0;
+
+err_close:
+       fclose(f);
+       return -1;
+ }
+ 
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5351,11 +5396,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_smbios3_address(crafted);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       printf("# Writing %d bytes to %s.\n", crafted[0x06],
+-                              opt.dumpfile);
+-               write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x06], table, len);
+        }
+        else
+        {
+@@ -5427,11 +5468,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_dmi_address(crafted + 0x10);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       printf("# Writing %d bytes to %s.\n", crafted[0x05],
+-                               opt.dumpfile);
+-               write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x05], table, len);
+        }
+        else
+        {
+@@ -5472,11 +5509,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 16);
+                overwrite_dmi_address(crafted);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       printf("# Writing %d bytes to %s.\n", 0x0F,
+-                               opt.dumpfile);
+-               write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, 0x0F, table, len);
+        }
+        else
+        {
+diff --git a/util.c b/util.c
+index eeffdae..2e1931c 100644
+--- a/util.c
+++ b/util.c
+@@ -247,46 +247,6 @@ out:
+        return p;
+ }
+ 
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+-       FILE *f;
+-
+-       f = fopen(dumpfile, add ? "r+b" : "wb");
+-       if (!f)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fopen");
+-               return -1;
+-       }
+-
+-       if (fseek(f, base, SEEK_SET) != 0)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fseek");
+-               goto err_close;
+-       }
+-
+-       if (fwrite(data, len, 1, f) != 1)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fwrite");
+-               goto err_close;
+-       }
+-
+-       if (fclose(f))
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fclose");
+-               return -1;
+-       }
+-
+-       return 0;
+-
+-err_close:
+-       fclose(f);
+-       return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
+++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch new file mode 100644 index 0000000000..353c2553f5 --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
@@ -0,0 +1,198 @@
	1	From 58e8a07b1aef0e53af1642b30248255e53e42790 Mon Sep 17 00:00:00 2001
	2	From: Jean Delvare <jdelvare@suse.de>
	3	Date: Mon, 20 Feb 2023 14:53:25 +0100
	4	Subject: [PATCH] dmidecode: Write the whole dump file at once
	5
	6	When option --dump-bin is used, write the whole dump file at once,
	7	instead of opening and closing the file separately for the table
	8	and then for the entry point.
	9
	10	As the file writing function is no longer generic, it gets moved
	11	from util.c to dmidecode.c.
	12
	13	One minor functional change resulting from the new implementation is
	14	that the entry point is written first now, so the messages printed
	15	are swapped.
	16
	17	CVE: CVE-2023-30630
	18	Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f38]
	19
	20	Backport Changes:
	21	- In the file dmidecode.c, the commit [2241f1d] in v3.3 introduces
	22	pr_info(). This is backported to printf() as per v3.2.
	23
	24	Signed-off-by: Jean Delvare <jdelvare@suse.de>
	25	Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
	26	(cherry picked from commit d8cfbc808f387e87091c25e7d5b8c2bb348bb206)
	27	Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
	28
	29	---
	30	dmidecode.c \| 69 +++++++++++++++++++++++++++++++++++++++--------------
	31	util.c \| 40 -------------------------------
	32	util.h \| 1 -
	33	3 files changed, 51 insertions(+), 59 deletions(-)
	34
	35	diff --git a/dmidecode.c b/dmidecode.c
	36	index d6eedd1..b91e53b 100644
	37	--- a/dmidecode.c
	38	+++ b/dmidecode.c
	39	@@ -5094,11 +5094,56 @@ static void dmi_table_string(const struct dmi_header h, const u8 data, u16 ver
	40	}
	41	}
	42
	43	-static void dmi_table_dump(const u8 *buf, u32 len)
	44	+static int dmi_table_dump(const u8 ep, u32 ep_len, const u8 table,
	45	+ u32 table_len)
	46	{
	47	+ FILE *f;
	48	+
	49	+ f = fopen(opt.dumpfile, "wb");
	50	+ if (!f)
	51	+ {
	52	+ fprintf(stderr, "%s: ", opt.dumpfile);
	53	+ perror("fopen");
	54	+ return -1;
	55	+ }
	56	+
	57	+ if (!(opt.flags & FLAG_QUIET))
	58	+ printf("# Writing %d bytes to %s.\n", ep_len, opt.dumpfile);
	59	+ if (fwrite(ep, ep_len, 1, f) != 1)
	60	+ {
	61	+ fprintf(stderr, "%s: ", opt.dumpfile);
	62	+ perror("fwrite");
	63	+ goto err_close;
	64	+ }
	65	+
	66	+ if (fseek(f, 32, SEEK_SET) != 0)
	67	+ {
	68	+ fprintf(stderr, "%s: ", opt.dumpfile);
	69	+ perror("fseek");
	70	+ goto err_close;
	71	+ }
	72	+
	73	if (!(opt.flags & FLAG_QUIET))
	74	- printf("# Writing %d bytes to %s.\n", len, opt.dumpfile);
	75	- write_dump(32, len, buf, opt.dumpfile, 0);
	76	+ printf("# Writing %d bytes to %s.\n", table_len, opt.dumpfile);
	77	+ if (fwrite(table, table_len, 1, f) != 1)
	78	+ {
	79	+ fprintf(stderr, "%s: ", opt.dumpfile);
	80	+ perror("fwrite");
	81	+ goto err_close;
	82	+ }
	83	+
	84	+ if (fclose(f))
	85	+ {
	86	+ fprintf(stderr, "%s: ", opt.dumpfile);
	87	+ perror("fclose");
	88	+ return -1;
	89	+ }
	90	+
	91	+ return 0;
	92	+
	93	+err_close:
	94	+ fclose(f);
	95	+ return -1;
	96	}
	97
	98	static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
	99	@@ -5351,11 +5396,7 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
	100	memcpy(crafted, buf, 32);
	101	overwrite_smbios3_address(crafted);
	102
	103	- dmi_table_dump(table, len);
	104	- if (!(opt.flags & FLAG_QUIET))
	105	- printf("# Writing %d bytes to %s.\n", crafted[0x06],
	106	- opt.dumpfile);
	107	- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
	108	+ dmi_table_dump(crafted, crafted[0x06], table, len);
	109	}
	110	else
	111	{
	112	@@ -5427,11 +5468,7 @@ static int smbios_decode(u8 buf, const char devmem, u32 flags)
	113	memcpy(crafted, buf, 32);
	114	overwrite_dmi_address(crafted + 0x10);
	115
	116	- dmi_table_dump(table, len);
	117	- if (!(opt.flags & FLAG_QUIET))
	118	- printf("# Writing %d bytes to %s.\n", crafted[0x05],
	119	- opt.dumpfile);
	120	- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
	121	+ dmi_table_dump(crafted, crafted[0x05], table, len);
	122	}
	123	else
	124	{
	125	@@ -5472,11 +5509,7 @@ static int legacy_decode(u8 buf, const char devmem, u32 flags)
	126	memcpy(crafted, buf, 16);
	127	overwrite_dmi_address(crafted);
	128
	129	- dmi_table_dump(table, len);
	130	- if (!(opt.flags & FLAG_QUIET))
	131	- printf("# Writing %d bytes to %s.\n", 0x0F,
	132	- opt.dumpfile);
	133	- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
	134	+ dmi_table_dump(crafted, 0x0F, table, len);
	135	}
	136	else
	137	{
	138	diff --git a/util.c b/util.c
	139	index eeffdae..2e1931c 100644
	140	--- a/util.c
	141	+++ b/util.c
	142	@@ -247,46 +247,6 @@ out:
	143	return p;
	144	}
	145
	146	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add)
	147	-{
	148	- FILE *f;
	149	-
	150	- f = fopen(dumpfile, add ? "r+b" : "wb");
	151	- if (!f)
	152	- {
	153	- fprintf(stderr, "%s: ", dumpfile);
	154	- perror("fopen");
	155	- return -1;
	156	- }
	157	-
	158	- if (fseek(f, base, SEEK_SET) != 0)
	159	- {
	160	- fprintf(stderr, "%s: ", dumpfile);
	161	- perror("fseek");
	162	- goto err_close;
	163	- }
	164	-
	165	- if (fwrite(data, len, 1, f) != 1)
	166	- {
	167	- fprintf(stderr, "%s: ", dumpfile);
	168	- perror("fwrite");
	169	- goto err_close;
	170	- }
	171	-
	172	- if (fclose(f))
	173	- {
	174	- fprintf(stderr, "%s: ", dumpfile);
	175	- perror("fclose");
	176	- return -1;
	177	- }
	178	-
	179	- return 0;
	180	-
	181	-err_close:
	182	- fclose(f);
	183	- return -1;
	184	-}
	185	-
	186	/* Returns end - start + 1, assuming start < end */
	187	u64 u64_range(u64 start, u64 end)
	188	{
	189	diff --git a/util.h b/util.h
	190	index 3094cf8..ef24eb9 100644
	191	--- a/util.h
	192	+++ b/util.h
	193	@@ -27,5 +27,4 @@
	194	int checksum(const u8 *buf, size_t len);
	195	void read_file(off_t base, size_t len, const char *filename);
	196	void mem_chunk(off_t base, size_t len, const char devmem);
	197	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add);
	198	u64 u64_range(u64 start, u64 end);