1 files changed, 197 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
new file mode 100644
index 0000000000..e03bda05e4
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
@@ -0,0 +1,197 @@
+From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:25 +0100
+Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+CVE: CVE-2023-30630
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c      | 40 -------------------------------
+ util.h      |  1 -
+ 3 files changed, 51 insertions(+), 59 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index b082c03..a80a140 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+        }
+ }
+ 
+-static void dmi_table_dump(const u8 *buf, u32 len)
+static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+                         u32 table_len)
+ {
+       FILE *f;
+
+       f = fopen(opt.dumpfile, "wb");
+       if (!f)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fopen");
+               return -1;
+       }
+
+       if (!(opt.flags & FLAG_QUIET))
+               pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
+       if (fwrite(ep, ep_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fseek(f, 32, SEEK_SET) != 0)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fseek");
+               goto err_close;
+       }
+
+        if (!(opt.flags & FLAG_QUIET))
+-               pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+-       write_dump(32, len, buf, opt.dumpfile, 0);
+               pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
+       if (fwrite(table, table_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fclose(f))
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fclose");
+               return -1;
+       }
+
+       return 0;
+
+err_close:
+       fclose(f);
+       return -1;
+ }
+ 
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_smbios3_address(crafted);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", crafted[0x06],
+-                                  opt.dumpfile);
+-               write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x06], table, len);
+        }
+        else
+        {
+@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_dmi_address(crafted + 0x10);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", crafted[0x05],
+-                                  opt.dumpfile);
+-               write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x05], table, len);
+        }
+        else
+        {
+@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 16);
+                overwrite_dmi_address(crafted);
+ 
+-               dmi_table_dump(table, len);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", 0x0F,
+-                                  opt.dumpfile);
+-               write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, 0x0F, table, len);
+        }
+        else
+        {
+diff --git a/util.c b/util.c
+index 04aaadd..1547096 100644
+--- a/util.c
+++ b/util.c
+@@ -259,46 +259,6 @@ out:
+        return p;
+ }
+ 
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+-       FILE *f;
+-
+-       f = fopen(dumpfile, add ? "r+b" : "wb");
+-       if (!f)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fopen");
+-               return -1;
+-       }
+-
+-       if (fseek(f, base, SEEK_SET) != 0)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fseek");
+-               goto err_close;
+-       }
+-
+-       if (fwrite(data, len, 1, f) != 1)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fwrite");
+-               goto err_close;
+-       }
+-
+-       if (fclose(f))
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fclose");
+-               return -1;
+-       }
+-
+-       return 0;
+-
+-err_close:
+-       fclose(f);
+-       return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
+++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);
+-- 
+2.41.0

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch new file mode 100644 index 0000000000..e03bda05e4 --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
@@ -0,0 +1,197 @@
	1	From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001
	2	From: Jean Delvare <jdelvare@suse.de>
	3	Date: Mon, 20 Feb 2023 14:53:25 +0100
	4	Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once
	5
	6	When option --dump-bin is used, write the whole dump file at once,
	7	instead of opening and closing the file separately for the table
	8	and then for the entry point.
	9
	10	As the file writing function is no longer generic, it gets moved
	11	from util.c to dmidecode.c.
	12
	13	One minor functional change resulting from the new implementation is
	14	that the entry point is written first now, so the messages printed
	15	are swapped.
	16
	17	Signed-off-by: Jean Delvare <jdelvare@suse.de>
	18	Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
	19
	20	CVE: CVE-2023-30630
	21
	22	Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
	23
	24	Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
	25	---
	26	dmidecode.c \| 69 +++++++++++++++++++++++++++++++++++++++--------------
	27	util.c \| 40 -------------------------------
	28	util.h \| 1 -
	29	3 files changed, 51 insertions(+), 59 deletions(-)
	30
	31	diff --git a/dmidecode.c b/dmidecode.c
	32	index b082c03..a80a140 100644
	33	--- a/dmidecode.c
	34	+++ b/dmidecode.c
	35	@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header h, const u8 data, u16 ver
	36	}
	37	}
	38
	39	-static void dmi_table_dump(const u8 *buf, u32 len)
	40	+static int dmi_table_dump(const u8 ep, u32 ep_len, const u8 table,
	41	+ u32 table_len)
	42	{
	43	+ FILE *f;
	44	+
	45	+ f = fopen(opt.dumpfile, "wb");
	46	+ if (!f)
	47	+ {
	48	+ fprintf(stderr, "%s: ", opt.dumpfile);
	49	+ perror("fopen");
	50	+ return -1;
	51	+ }
	52	+
	53	+ if (!(opt.flags & FLAG_QUIET))
	54	+ pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
	55	+ if (fwrite(ep, ep_len, 1, f) != 1)
	56	+ {
	57	+ fprintf(stderr, "%s: ", opt.dumpfile);
	58	+ perror("fwrite");
	59	+ goto err_close;
	60	+ }
	61	+
	62	+ if (fseek(f, 32, SEEK_SET) != 0)
	63	+ {
	64	+ fprintf(stderr, "%s: ", opt.dumpfile);
	65	+ perror("fseek");
	66	+ goto err_close;
	67	+ }
	68	+
	69	if (!(opt.flags & FLAG_QUIET))
	70	- pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
	71	- write_dump(32, len, buf, opt.dumpfile, 0);
	72	+ pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
	73	+ if (fwrite(table, table_len, 1, f) != 1)
	74	+ {
	75	+ fprintf(stderr, "%s: ", opt.dumpfile);
	76	+ perror("fwrite");
	77	+ goto err_close;
	78	+ }
	79	+
	80	+ if (fclose(f))
	81	+ {
	82	+ fprintf(stderr, "%s: ", opt.dumpfile);
	83	+ perror("fclose");
	84	+ return -1;
	85	+ }
	86	+
	87	+ return 0;
	88	+
	89	+err_close:
	90	+ fclose(f);
	91	+ return -1;
	92	}
	93
	94	static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
	95	@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
	96	memcpy(crafted, buf, 32);
	97	overwrite_smbios3_address(crafted);
	98
	99	- dmi_table_dump(table, len);
	100	- if (!(opt.flags & FLAG_QUIET))
	101	- pr_comment("Writing %d bytes to %s.", crafted[0x06],
	102	- opt.dumpfile);
	103	- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
	104	+ dmi_table_dump(crafted, crafted[0x06], table, len);
	105	}
	106	else
	107	{
	108	@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 buf, const char devmem, u32 flags)
	109	memcpy(crafted, buf, 32);
	110	overwrite_dmi_address(crafted + 0x10);
	111
	112	- dmi_table_dump(table, len);
	113	- if (!(opt.flags & FLAG_QUIET))
	114	- pr_comment("Writing %d bytes to %s.", crafted[0x05],
	115	- opt.dumpfile);
	116	- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
	117	+ dmi_table_dump(crafted, crafted[0x05], table, len);
	118	}
	119	else
	120	{
	121	@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 buf, const char devmem, u32 flags)
	122	memcpy(crafted, buf, 16);
	123	overwrite_dmi_address(crafted);
	124
	125	- dmi_table_dump(table, len);
	126	- if (!(opt.flags & FLAG_QUIET))
	127	- pr_comment("Writing %d bytes to %s.", 0x0F,
	128	- opt.dumpfile);
	129	- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
	130	+ dmi_table_dump(crafted, 0x0F, table, len);
	131	}
	132	else
	133	{
	134	diff --git a/util.c b/util.c
	135	index 04aaadd..1547096 100644
	136	--- a/util.c
	137	+++ b/util.c
	138	@@ -259,46 +259,6 @@ out:
	139	return p;
	140	}
	141
	142	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add)
	143	-{
	144	- FILE *f;
	145	-
	146	- f = fopen(dumpfile, add ? "r+b" : "wb");
	147	- if (!f)
	148	- {
	149	- fprintf(stderr, "%s: ", dumpfile);
	150	- perror("fopen");
	151	- return -1;
	152	- }
	153	-
	154	- if (fseek(f, base, SEEK_SET) != 0)
	155	- {
	156	- fprintf(stderr, "%s: ", dumpfile);
	157	- perror("fseek");
	158	- goto err_close;
	159	- }
	160	-
	161	- if (fwrite(data, len, 1, f) != 1)
	162	- {
	163	- fprintf(stderr, "%s: ", dumpfile);
	164	- perror("fwrite");
	165	- goto err_close;
	166	- }
	167	-
	168	- if (fclose(f))
	169	- {
	170	- fprintf(stderr, "%s: ", dumpfile);
	171	- perror("fclose");
	172	- return -1;
	173	- }
	174	-
	175	- return 0;
	176	-
	177	-err_close:
	178	- fclose(f);
	179	- return -1;
	180	-}
	181	-
	182	/* Returns end - start + 1, assuming start < end */
	183	u64 u64_range(u64 start, u64 end)
	184	{
	185	diff --git a/util.h b/util.h
	186	index 3094cf8..ef24eb9 100644
	187	--- a/util.h
	188	+++ b/util.h
	189	@@ -27,5 +27,4 @@
	190	int checksum(const u8 *buf, size_t len);
	191	void read_file(off_t base, size_t len, const char *filename);
	192	void mem_chunk(off_t base, size_t len, const char devmem);
	193	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add);
	194	u64 u64_range(u64 start, u64 end);
	195	--
	196	2.41.0
	197