glibc: Security fix CVE-2019-9169

(From OE-Core rev: 3103f407ff0c579c7e5887fd925d52d5c92c83f9) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2019-05-26 07:22:17 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-27 18:05:17 +0100
commit: 2c225a199d441b52698eb094dadf2b98dba58244 (patch)
tree: e06220fb6961eec43bdaa0686fd597e0e6425eb3
parent: a7ffffd44089cead5fae6e98f74d9bbb7c093a2a (diff)
download: poky-2c225a199d441b52698eb094dadf2b98dba58244.tar.gz
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
new file mode 100644
index 0000000000..14cfaa35af
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
@@ -0,0 +1,63 @@
+From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 21 Jan 2019 11:08:13 -0800
+Subject: [PATCH] regex: fix read overrun [BZ #24114]
+Problem found by AddressSanitizer, reported by Hongxu Chen in:
+https://debbugs.gnu.org/34140
+* posix/regexec.c (proceed_next_node):
+Do not read past end of input buffer.
+Upstream-Status: Backport 
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
+CVE: CVE-2019-9169
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ ChangeLog       | 10 +++++++++-
+ posix/regexec.c |  6 ++++--
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
+++ git/ChangeLog
+@@ -1,3 +1,11 @@
+2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
+
+       regex: fix read overrun [BZ #24114]
+       Problem found by AddressSanitizer, reported by Hongxu Chen in:
+       https://debbugs.gnu.org/34140
+       * posix/regexec.c (proceed_next_node):
+       Do not read past end of input buffer.
+
+ 2018-09-30  Martin Jansa  <Martin.Jansa@gmail.com>
+        Partial fix for [BZ #23716]
+        * locale/weight.h: Fix build with -Os.
+@@ -10917,7 +10925,7 @@
+        (CFLAGS-wcstof_l.c): Likewise.
+        (CPPFLAGS-tst-wchar-h.c): Likewise.
+        (CPPFLAGS-wcstold_l.c): Likewise.
+----
+
+ 2017-12-11  Paul A. Clarke  <pc@us.ibm.com>
+ 
+        * sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
+Index: git/posix/regexec.c
+===================================================================
+--- git.orig/posix/regexec.c
+++ git/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex
+              else if (naccepted)
+                {
+                  char *buf = (char *) re_string_get_buffer (&mctx->input);
+-                 if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+-                             naccepted) != 0)
+                 if (mctx->input.valid_len - *pidx < naccepted
+                     || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+                                 naccepted)
+                         != 0))
+                    return -1;
+                }
+            }
diff --git a/meta/recipes-core/glibc/glibc_2.28.bb b/meta/recipes-core/glibc/glibc_2.28.bb
index 72cee04d9a..1bcec3ecb1 100644
--- a/meta/recipes-core/glibc/glibc_2.28.bb
+++ b/meta/recipes-core/glibc/glibc_2.28.bb
@@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \
           file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
           file://0034-inject-file-assembly-directives.patch \
+           file://CVE-2019-9169.patch \
 "
 NATIVESDKFIXES ?= ""
author	Armin Kuster <akuster@mvista.com>	2019-05-26 07:22:17 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:17 +0100
commit	2c225a199d441b52698eb094dadf2b98dba58244 (patch)
tree	e06220fb6961eec43bdaa0686fd597e0e6425eb3
parent	a7ffffd44089cead5fae6e98f74d9bbb7c093a2a (diff)
download	poky-2c225a199d441b52698eb094dadf2b98dba58244.tar.gz

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch new file mode 100644 index 0000000000..14cfaa35af --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch
@@ -0,0 +1,63 @@
		1	From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
		2	From: Paul Eggert <eggert@cs.ucla.edu>
		3	Date: Mon, 21 Jan 2019 11:08:13 -0800
		4	Subject: [PATCH] regex: fix read overrun [BZ #24114]
		5
		6	Problem found by AddressSanitizer, reported by Hongxu Chen in:
		7	https://debbugs.gnu.org/34140
		8	* posix/regexec.c (proceed_next_node):
		9	Do not read past end of input buffer.
		10
		11	Upstream-Status: Backport
		12	https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
		13
		14	CVE: CVE-2019-9169
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	ChangeLog \| 10 +++++++++-
		19	posix/regexec.c \| 6 ++++--
		20	2 files changed, 13 insertions(+), 3 deletions(-)
		21
		22	Index: git/ChangeLog
		23	===================================================================
		24	--- git.orig/ChangeLog
		25	+++ git/ChangeLog
		26	@@ -1,3 +1,11 @@
		27	+2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
		28	+
		29	+ regex: fix read overrun [BZ #24114]
		30	+ Problem found by AddressSanitizer, reported by Hongxu Chen in:
		31	+ https://debbugs.gnu.org/34140
		32	+ * posix/regexec.c (proceed_next_node):
		33	+ Do not read past end of input buffer.
		34	+
		35	2018-09-30 Martin Jansa <Martin.Jansa@gmail.com>
		36	Partial fix for [BZ #23716]
		37	* locale/weight.h: Fix build with -Os.
		38	@@ -10917,7 +10925,7 @@
		39	(CFLAGS-wcstof_l.c): Likewise.
		40	(CPPFLAGS-tst-wchar-h.c): Likewise.
		41	(CPPFLAGS-wcstold_l.c): Likewise.
		42	----
		43	+
		44	2017-12-11 Paul A. Clarke <pc@us.ibm.com>
		45
		46	* sysdeps/ieee754/flt-32/s_cosf.c: New implementation.
		47	Index: git/posix/regexec.c
		48	===================================================================
		49	--- git.orig/posix/regexec.c
		50	+++ git/posix/regexec.c
		51	@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_contex
		52	else if (naccepted)
		53	{
		54	char buf = (char ) re_string_get_buffer (&mctx->input);
		55	- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
		56	- naccepted) != 0)
		57	+ if (mctx->input.valid_len - *pidx < naccepted
		58	+ \|\| (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
		59	+ naccepted)
		60	+ != 0))
		61	return -1;
		62	}
		63	}


diff --git a/meta/recipes-core/glibc/glibc_2.28.bb b/meta/recipes-core/glibc/glibc_2.28.bb index 72cee04d9a..1bcec3ecb1 100644 --- a/meta/recipes-core/glibc/glibc_2.28.bb +++ b/meta/recipes-core/glibc/glibc_2.28.bb
@@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
47	file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \	47	file://0032-sysdeps-ieee754-soft-fp-ignore-maybe-uninitialized-w.patch \
48	file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \	48	file://0033-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
49	file://0034-inject-file-assembly-directives.patch \	49	file://0034-inject-file-assembly-directives.patch \
		50	file://CVE-2019-9169.patch \
50	"	51	"
51		52
52	NATIVESDKFIXES ?= ""	53	NATIVESDKFIXES ?= ""