dmidecode: fix CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. References: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone (From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yogita Urade <yogita.urade@windriver.com> 2023-07-28 10:01:09 +0000
committer: Steve Sakoman <steve@sakoman.com> 2023-08-02 04:47:13 -1000
commit: f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72 (patch)
tree: f3719c3422c6bdbab14556ecdb08438729e58b64
parent: e01d123ba1d23d9f5933cf6c30104eefaf74d375 (diff)
download: poky-f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72.tar.gz
5 files changed, 527 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
new file mode 100644
index 0000000000..53480d6299
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
@@ -0,0 +1,237 @@
+From  d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 09:40:23 +0000
+Subject: [PATCH] dmidecode: Write the whole dump file at once
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+CVE: CVE-2023-30630
+Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
+Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 79 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c      | 40 ---------------------------
+ util.h      |  1 -
+ 3 files changed, 58 insertions(+), 62 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index 9aeff91..5477309 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+        }
+ }
+-static void dmi_table_dump(const u8 *buf, u32 len)
+static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+                         u32 table_len)
+ {
+       FILE *f;
+
+       f = fopen(opt.dumpfile, "wb");
+       if (!f)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fopen");
+               return -1;
+       }
+
+       if (!(opt.flags & FLAG_QUIET))
+               pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
+       if (fwrite(ep, ep_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fseek(f, 32, SEEK_SET) != 0)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fseek");
+               goto err_close;
+       }
+
+        if (!(opt.flags & FLAG_QUIET))
+-               pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+-       write_dump(32, len, buf, opt.dumpfile, 0);
+               pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
+       if (fwrite(table, table_len, 1, f) != 1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fwrite");
+               goto err_close;
+       }
+
+       if (fclose(f))
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("fclose");
+               return -1;
+       }
+
+       return 0;
+
+err_close:
+       fclose(f);
+       return -1;
+ }
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+                return;
+        }
+-       if (opt.flags & FLAG_DUMP_BIN)
+-               dmi_table_dump(buf, len);
+-       else
+-               dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+        free(buf);
+ }
+@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf)
+ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+-       u32 ver;
+       u32 ver, len;
+        u64 offset;
+       u8 *table;
+        /* Don't let checksum run beyond the buffer */
+        if (buf[0x06] > 0x20)
+@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_smbios3_address(crafted);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", crafted[0x06],
+-                                  opt.dumpfile);
+-               write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x06], table, len);
+        }
+        return 1;
+@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+        u16 ver;
+       u32 len;
+        u8 *table;
+        /* Don't let checksum run beyond the buffer */
+        if (buf[0x05] > 0x20)
+@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 32);
+                overwrite_dmi_address(crafted + 0x10);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", crafted[0x05],
+-                                  opt.dumpfile);
+-               write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, crafted[0x05], table, len);
+        }
+        return 1;
+@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+       u32 len;
+       u8 *table;
+
+        if (!checksum(buf, 0x0F))
+                return 0;
+@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+                memcpy(crafted, buf, 16);
+                overwrite_dmi_address(crafted);
+-               if (!(opt.flags & FLAG_QUIET))
+-                       pr_comment("Writing %d bytes to %s.", 0x0F,
+-                                  opt.dumpfile);
+-               write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+               dmi_table_dump(crafted, 0x0F, table, len);
+        }
+        return 1;
+diff --git a/util.c b/util.c
+index 04aaadd..1547096 100644
+--- a/util.c
+++ b/util.c
+@@ -259,46 +259,6 @@ out:
+        return p;
+ }
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+-       FILE *f;
+-
+-       f = fopen(dumpfile, add ? "r+b" : "wb");
+-       if (!f)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fopen");
+-               return -1;
+-       }
+-
+-       if (fseek(f, base, SEEK_SET) != 0)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fseek");
+-               goto err_close;
+-       }
+-
+-       if (fwrite(data, len, 1, f) != 1)
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fwrite");
+-               goto err_close;
+-       }
+-
+-       if (fclose(f))
+-       {
+-               fprintf(stderr, "%s: ", dumpfile);
+-               perror("fclose");
+-               return -1;
+-       }
+-
+-       return 0;
+-
+-err_close:
+-       fclose(f);
+-       return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
+++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
new file mode 100644
index 0000000000..9f53a205ac
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -0,0 +1,80 @@
+From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:03:53 +0000
+Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
+Make sure that the file passed to option --dump-bin does not already
+exist. In practice, it is rather unlikely that an honest user would
+want to overwrite an existing dump file, while this possibility
+could be used by a rogue user to corrupt a system file.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+CVE: CVE-2023-30630
+Upstream-Status: Backport
+[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c     | 14 ++++++++++++--
+ man/dmidecode.8 |  3 ++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index ae461de..6446040 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -60,6 +60,7 @@
+  *    https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
+  */
+ 
+#include <fcntl.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <strings.h>
+@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+                          u32 table_len)
+ {
+       int fd;
+        FILE *f;
+ 
+-       f = fopen(opt.dumpfile, "wb");
+       fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
+       if (fd == -1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("open");
+               return -1;
+       }
+
+       f = fdopen(fd, "wb");
+        if (!f)
+        {
+                fprintf(stderr, "%s: ", opt.dumpfile);
+-               perror("fopen");
+               perror("fdopen");
+                return -1;
+        }
+ 
+diff --git a/man/dmidecode.8 b/man/dmidecode.8
+index 64dc7e7..d5b7f01 100644
+--- a/man/dmidecode.8
+++ b/man/dmidecode.8
+@@ -1,4 +1,4 @@
+-.TH DMIDECODE 8 "January 2019" "dmidecode"
+.TH DMIDECODE 8 "February 2023" "dmidecode"
+ .\"
+ .SH NAME
+ dmidecode \- \s-1DMI\s0 table decoder
+@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
+ Do not decode the entries, instead dump the DMI data to a file in binary
+ form. The generated file is suitable to pass to \fB--from-dump\fR
+ later.
+\fIFILE\fP must not exist.
+ .TP
+ .BR "  " "  " "--from-dump FILE"
+ Read the DMI data from a binary file previously generated using 
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
new file mode 100644
index 0000000000..01d0d1f867
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -0,0 +1,69 @@
+From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:25:50 +0000
+Subject: [PATCH] Consistently use read_file() when reading from a dump file
+Use read_file() instead of mem_chunk() to read the entry point from a
+dump file. This is faster, and consistent with how we then read the
+actual DMI table from that dump file.
+This made no functional difference so far, which is why it went
+unnoticed for years. But now that a file type check was added to the
+mem_chunk() function, we must stop using it to read from regular
+files.
+This will again allow root to use the --from-dump option.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+CVE: CVE-2023-30630
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index 98f9692..b4dbc9d 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
+                pr_comment("dmidecode %s", VERSION);
+        /* Read from dump if so instructed */
+        size = 0x20;
+        if (opt.flags & FLAG_FROM_DUMP)
+        {
+                if (!(opt.flags & FLAG_QUIET))
+                        pr_info("Reading SMBIOS/DMI data from file %s.",
+                                opt.dumpfile);
+-               if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+                if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
+                {
+                        ret = 1;
+                        goto exit_free;
+                }
+                /* Truncated entry point can't be processed */
+                if (size < 0x20)
+                {
+                        ret = 1;
+                        goto done;
+                }
+
+                if (memcmp(buf, "_SM3_", 5) == 0)
+                {
+                        if (smbios3_decode(buf, opt.dumpfile, 0))
+@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
+         * contain one of several types of entry points, so read enough for
+         * the largest one, then determine what type it contains.
+         */
+-       size = 0x20;
+        if (!(opt.flags & FLAG_NO_SYSFS)
+         && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
+        {
+--
+2.40.0
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
new file mode 100644
index 0000000000..5fa72b4f9b
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -0,0 +1,137 @@
+From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:58:11 +0000
+Subject: [PATCH] Don't read beyond sysfs entry point buffer
+Functions smbios_decode() and smbios3_decode() include a check
+against buffer overrun. This check assumes that the buffer length is
+always 32 bytes. This is true when reading from /dev/mem or from a
+dump file, however when reading from sysfs, the buffer length is the
+size of the actual sysfs attribute file, typically 31 bytes for an
+SMBIOS 2.x entry point and 24 bytes for an SMBIOS 3.x entry point.
+In the unlikely event of a malformed entry point, with encoded length
+larger than expected but smaller than or equal to 32, we would hit a
+buffer overrun. So properly pass the actual buffer length as an
+argument and perform the check against it.
+In practice, this will never happen, because on the Linux kernel
+side, the size of the sysfs attribute file is decided from the entry
+point length field. So it is technically impossible for them not to
+match. But user-space code should not make such assumptions.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+CVE: CVE-2023-30630
+Upstream-Status: Backport
+[https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=2b83c4b898f8325313162f588765411e8e3e5561]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index b4dbc9d..870d94e 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
+        buf[0x17] = 0;
+ }
+-static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+        u32 ver, len;
+        u64 offset;
+        u8 *table;
+        /* Don't let checksum run beyond the buffer */
+-       if (buf[0x06] > 0x20)
+        if (buf[0x06] > buf_len)
+        {
+                fprintf(stderr,
+                        "Entry point length too large (%u bytes, expected %u).\n",
+@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+        return 1;
+ }
+-static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+        u16 ver;
+        u32 len;
+         u8 *table;
+        /* Don't let checksum run beyond the buffer */
+-       if (buf[0x05] > 0x20)
+        if (buf[0x05] > buf_len)
+        {
+                fprintf(stderr,
+                        "Entry point length too large (%u bytes, expected %u).\n",
+@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
+                if (memcmp(buf, "_SM3_", 5) == 0)
+                {
+-                       if (smbios3_decode(buf, opt.dumpfile, 0))
+                        if (smbios3_decode(buf, size, opt.dumpfile, 0))
+                                found++;
+                }
+                else if (memcmp(buf, "_SM_", 4) == 0)
+                {
+-                       if (smbios_decode(buf, opt.dumpfile, 0))
+                        if (smbios_decode(buf, size, opt.dumpfile, 0))
+                                found++;
+                }
+                else if (memcmp(buf, "_DMI_", 5) == 0)
+@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
+                        pr_info("Getting SMBIOS data from sysfs.");
+                if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+                {
+-                       if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+                        if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+                                found++;
+                }
+                else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+                {
+-                       if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+                        if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+                                found++;
+                }
+                else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
+        if (memcmp(buf, "_SM3_", 5) == 0)
+        {
+-               if (smbios3_decode(buf, opt.devmem, 0))
+                if (smbios3_decode(buf, 0x20, opt.devmem, 0))
+                        found++;
+        }
+        else if (memcmp(buf, "_SM_", 4) == 0)
+        {
+-               if (smbios_decode(buf, opt.devmem, 0))
+                if (smbios_decode(buf, 0x20, opt.devmem, 0))
+                        found++;
+        }
+        goto done;
+@@ -6114,7 +6114,7 @@ memory_scan:
+        {
+                if (memcmp(buf + fp, "_SM3_", 5) == 0)
+                {
+-                       if (smbios3_decode(buf + fp, opt.devmem, 0))
+                        if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
+                        {
+                                found++;
+                                goto done;
+@@ -6127,7 +6127,7 @@ memory_scan:
+        {
+                if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+                {
+-                       if (smbios_decode(buf + fp, opt.devmem, 0))
+                        if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
+                        {
+                                found++;
+                                goto done;
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
index 23540b2703..b99c2ea99d 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
+++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
           file://0001-Committing-changes-from-do_unpack_extra.patch \
+           file://CVE-2023-30630_1.patch \
+           file://CVE-2023-30630_2.patch \
+           file://CVE-2023-30630_3.patch \
+           file://CVE-2023-30630_4.patch \
           "
 COMPATIBLE_HOST = "(i.86|x86_64|aarch64|arm|powerpc|powerpc64).*-linux"
author	Yogita Urade <yogita.urade@windriver.com>	2023-07-28 10:01:09 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-08-02 04:47:13 -1000
commit	f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72 (patch)
tree	f3719c3422c6bdbab14556ecdb08438729e58b64
parent	e01d123ba1d23d9f5933cf6c30104eefaf74d375 (diff)
download	poky-f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72.tar.gz

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch new file mode 100644 index 0000000000..53480d6299 --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
@@ -0,0 +1,237 @@
		1	From d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
		2	From: Jean Delvare <jdelvare@suse.de>
		3	Date: Tue, 27 Jun 2023 09:40:23 +0000
		4	Subject: [PATCH] dmidecode: Write the whole dump file at once
		5
		6	When option --dump-bin is used, write the whole dump file at once,
		7	instead of opening and closing the file separately for the table
		8	and then for the entry point.
		9
		10	As the file writing function is no longer generic, it gets moved
		11	from util.c to dmidecode.c.
		12
		13	One minor functional change resulting from the new implementation is
		14	that the entry point is written first now, so the messages printed
		15	are swapped.
		16
		17	Signed-off-by: Jean Delvare <jdelvare@suse.de>
		18	Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
		19
		20	CVE: CVE-2023-30630
		21
		22	Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
		23
		24	Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
		25
		26	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		27	---
		28	dmidecode.c \| 79 +++++++++++++++++++++++++++++++++++++++--------------
		29	util.c \| 40 ---------------------------
		30	util.h \| 1 -
		31	3 files changed, 58 insertions(+), 62 deletions(-)
		32
		33	diff --git a/dmidecode.c b/dmidecode.c
		34	index 9aeff91..5477309 100644
		35	--- a/dmidecode.c
		36	+++ b/dmidecode.c
		37	@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header h, const u8 data, u16 ver
		38	}
		39	}
		40
		41	-static void dmi_table_dump(const u8 *buf, u32 len)
		42	+static int dmi_table_dump(const u8 ep, u32 ep_len, const u8 table,
		43	+ u32 table_len)
		44	{
		45	+ FILE *f;
		46	+
		47	+ f = fopen(opt.dumpfile, "wb");
		48	+ if (!f)
		49	+ {
		50	+ fprintf(stderr, "%s: ", opt.dumpfile);
		51	+ perror("fopen");
		52	+ return -1;
		53	+ }
		54	+
		55	+ if (!(opt.flags & FLAG_QUIET))
		56	+ pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
		57	+ if (fwrite(ep, ep_len, 1, f) != 1)
		58	+ {
		59	+ fprintf(stderr, "%s: ", opt.dumpfile);
		60	+ perror("fwrite");
		61	+ goto err_close;
		62	+ }
		63	+
		64	+ if (fseek(f, 32, SEEK_SET) != 0)
		65	+ {
		66	+ fprintf(stderr, "%s: ", opt.dumpfile);
		67	+ perror("fseek");
		68	+ goto err_close;
		69	+ }
		70	+
		71	if (!(opt.flags & FLAG_QUIET))
		72	- pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
		73	- write_dump(32, len, buf, opt.dumpfile, 0);
		74	+ pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
		75	+ if (fwrite(table, table_len, 1, f) != 1)
		76	+ {
		77	+ fprintf(stderr, "%s: ", opt.dumpfile);
		78	+ perror("fwrite");
		79	+ goto err_close;
		80	+ }
		81	+
		82	+ if (fclose(f))
		83	+ {
		84	+ fprintf(stderr, "%s: ", opt.dumpfile);
		85	+ perror("fclose");
		86	+ return -1;
		87	+ }
		88	+
		89	+ return 0;
		90	+
		91	+err_close:
		92	+ fclose(f);
		93	+ return -1;
		94	}
		95
		96	static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
		97	@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
		98	return;
		99	}
		100
		101	- if (opt.flags & FLAG_DUMP_BIN)
		102	- dmi_table_dump(buf, len);
		103	- else
		104	- dmi_table_decode(buf, len, num, ver >> 8, flags);
		105	-
		106	free(buf);
		107	}
		108
		109	@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf)
		110
		111	static int smbios3_decode(u8 buf, const char devmem, u32 flags)
		112	{
		113	- u32 ver;
		114	+ u32 ver, len;
		115	u64 offset;
		116	+ u8 *table;
		117
		118	/* Don't let checksum run beyond the buffer */
		119	if (buf[0x06] > 0x20)
		120	@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
		121	memcpy(crafted, buf, 32);
		122	overwrite_smbios3_address(crafted);
		123
		124	- if (!(opt.flags & FLAG_QUIET))
		125	- pr_comment("Writing %d bytes to %s.", crafted[0x06],
		126	- opt.dumpfile);
		127	- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
		128	+ dmi_table_dump(crafted, crafted[0x06], table, len);
		129	}
		130
		131	return 1;
		132	@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
		133	static int smbios_decode(u8 buf, const char devmem, u32 flags)
		134	{
		135	u16 ver;
		136	+ u32 len;
		137	+ u8 *table;
		138
		139	/* Don't let checksum run beyond the buffer */
		140	if (buf[0x05] > 0x20)
		141	@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 buf, const char devmem, u32 flags)
		142	memcpy(crafted, buf, 32);
		143	overwrite_dmi_address(crafted + 0x10);
		144
		145	- if (!(opt.flags & FLAG_QUIET))
		146	- pr_comment("Writing %d bytes to %s.", crafted[0x05],
		147	- opt.dumpfile);
		148	- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
		149	+ dmi_table_dump(crafted, crafted[0x05], table, len);
		150	}
		151
		152	return 1;
		153	@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 buf, const char devmem, u32 flags)
		154
		155	static int legacy_decode(u8 buf, const char devmem, u32 flags)
		156	{
		157	+ u32 len;
		158	+ u8 *table;
		159	+
		160	if (!checksum(buf, 0x0F))
		161	return 0;
		162
		163	@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 buf, const char devmem, u32 flags)
		164	memcpy(crafted, buf, 16);
		165	overwrite_dmi_address(crafted);
		166
		167	- if (!(opt.flags & FLAG_QUIET))
		168	- pr_comment("Writing %d bytes to %s.", 0x0F,
		169	- opt.dumpfile);
		170	- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
		171	+ dmi_table_dump(crafted, 0x0F, table, len);
		172	}
		173
		174	return 1;
		175	diff --git a/util.c b/util.c
		176	index 04aaadd..1547096 100644
		177	--- a/util.c
		178	+++ b/util.c
		179	@@ -259,46 +259,6 @@ out:
		180	return p;
		181	}
		182
		183	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add)
		184	-{
		185	- FILE *f;
		186	-
		187	- f = fopen(dumpfile, add ? "r+b" : "wb");
		188	- if (!f)
		189	- {
		190	- fprintf(stderr, "%s: ", dumpfile);
		191	- perror("fopen");
		192	- return -1;
		193	- }
		194	-
		195	- if (fseek(f, base, SEEK_SET) != 0)
		196	- {
		197	- fprintf(stderr, "%s: ", dumpfile);
		198	- perror("fseek");
		199	- goto err_close;
		200	- }
		201	-
		202	- if (fwrite(data, len, 1, f) != 1)
		203	- {
		204	- fprintf(stderr, "%s: ", dumpfile);
		205	- perror("fwrite");
		206	- goto err_close;
		207	- }
		208	-
		209	- if (fclose(f))
		210	- {
		211	- fprintf(stderr, "%s: ", dumpfile);
		212	- perror("fclose");
		213	- return -1;
		214	- }
		215	-
		216	- return 0;
		217	-
		218	-err_close:
		219	- fclose(f);
		220	- return -1;
		221	-}
		222	-
		223	/* Returns end - start + 1, assuming start < end */
		224	u64 u64_range(u64 start, u64 end)
		225	{
		226	diff --git a/util.h b/util.h
		227	index 3094cf8..ef24eb9 100644
		228	--- a/util.h
		229	+++ b/util.h
		230	@@ -27,5 +27,4 @@
		231	int checksum(const u8 *buf, size_t len);
		232	void read_file(off_t base, size_t len, const char *filename);
		233	void mem_chunk(off_t base, size_t len, const char devmem);
		234	-int write_dump(size_t base, size_t len, const void data, const char dumpfile, int add);
		235	u64 u64_range(u64 start, u64 end);
		236	--
		237	2.35.5


diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch new file mode 100644 index 0000000000..9f53a205ac --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -0,0 +1,80 @@
		1	From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
		2	From: Jean Delvare <jdelvare@suse.de>
		3	Date: Tue, 27 Jun 2023 10:03:53 +0000
		4	Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
		5
		6	Make sure that the file passed to option --dump-bin does not already
		7	exist. In practice, it is rather unlikely that an honest user would
		8	want to overwrite an existing dump file, while this possibility
		9	could be used by a rogue user to corrupt a system file.
		10
		11	Signed-off-by: Jean Delvare <jdelvare@suse.de>
		12	Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
		13
		14	CVE: CVE-2023-30630
		15
		16	Upstream-Status: Backport
		17	[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
		18
		19	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		20
		21	---
		22	dmidecode.c \| 14 ++++++++++++--
		23	man/dmidecode.8 \| 3 ++-
		24	2 files changed, 14 insertions(+), 3 deletions(-)
		25
		26	diff --git a/dmidecode.c b/dmidecode.c
		27	index ae461de..6446040 100644
		28	--- a/dmidecode.c
		29	+++ b/dmidecode.c
		30	@@ -60,6 +60,7 @@
		31	* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
		32	*/
		33
		34	+#include <fcntl.h>
		35	#include <stdio.h>
		36	#include <string.h>
		37	#include <strings.h>
		38	@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header h, const u8 data, u16 ver
		39	static int dmi_table_dump(const u8 ep, u32 ep_len, const u8 table,
		40	u32 table_len)
		41	{
		42	+ int fd;
		43	FILE *f;
		44
		45	- f = fopen(opt.dumpfile, "wb");
		46	+ fd = open(opt.dumpfile, O_WRONLY\|O_CREAT\|O_EXCL, 0666);
		47	+ if (fd == -1)
		48	+ {
		49	+ fprintf(stderr, "%s: ", opt.dumpfile);
		50	+ perror("open");
		51	+ return -1;
		52	+ }
		53	+
		54	+ f = fdopen(fd, "wb");
		55	if (!f)
		56	{
		57	fprintf(stderr, "%s: ", opt.dumpfile);
		58	- perror("fopen");
		59	+ perror("fdopen");
		60	return -1;
		61	}
		62
		63	diff --git a/man/dmidecode.8 b/man/dmidecode.8
		64	index 64dc7e7..d5b7f01 100644
		65	--- a/man/dmidecode.8
		66	+++ b/man/dmidecode.8
		67	@@ -1,4 +1,4 @@
		68	-.TH DMIDECODE 8 "January 2019" "dmidecode"
		69	+.TH DMIDECODE 8 "February 2023" "dmidecode"
		70	.\"
		71	.SH NAME
		72	dmidecode \- \s-1DMI\s0 table decoder
		73	@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
		74	Do not decode the entries, instead dump the DMI data to a file in binary
		75	form. The generated file is suitable to pass to \fB--from-dump\fR
		76	later.
		77	+\fIFILE\fP must not exist.
		78	.TP
		79	.BR " " " " "--from-dump FILE"
		80	Read the DMI data from a binary file previously generated using


diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch new file mode 100644 index 0000000000..01d0d1f867 --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -0,0 +1,69 @@
		1	From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
		2	From: Jean Delvare <jdelvare@suse.de>
		3	Date: Tue, 27 Jun 2023 10:25:50 +0000
		4	Subject: [PATCH] Consistently use read_file() when reading from a dump file
		5
		6	Use read_file() instead of mem_chunk() to read the entry point from a
		7	dump file. This is faster, and consistent with how we then read the
		8	actual DMI table from that dump file.
		9
		10	This made no functional difference so far, which is why it went
		11	unnoticed for years. But now that a file type check was added to the
		12	mem_chunk() function, we must stop using it to read from regular
		13	files.
		14
		15	This will again allow root to use the --from-dump option.
		16
		17	Signed-off-by: Jean Delvare <jdelvare@suse.de>
		18	Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
		19
		20	CVE: CVE-2023-30630
		21
		22	Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
		23
		24	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		25	---
		26	dmidecode.c \| 11 +++++++++--
		27	1 file changed, 9 insertions(+), 2 deletions(-)
		28
		29	diff --git a/dmidecode.c b/dmidecode.c
		30	index 98f9692..b4dbc9d 100644
		31	--- a/dmidecode.c
		32	+++ b/dmidecode.c
		33	@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
		34	pr_comment("dmidecode %s", VERSION);
		35
		36	/* Read from dump if so instructed */
		37	+ size = 0x20;
		38	if (opt.flags & FLAG_FROM_DUMP)
		39	{
		40	if (!(opt.flags & FLAG_QUIET))
		41	pr_info("Reading SMBIOS/DMI data from file %s.",
		42	opt.dumpfile);
		43	- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
		44	+ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
		45	{
		46	ret = 1;
		47	goto exit_free;
		48	}
		49
		50	+ /* Truncated entry point can't be processed */
		51	+ if (size < 0x20)
		52	+ {
		53	+ ret = 1;
		54	+ goto done;
		55	+ }
		56	+
		57	if (memcmp(buf, "_SM3_", 5) == 0)
		58	{
		59	if (smbios3_decode(buf, opt.dumpfile, 0))
		60	@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
		61	* contain one of several types of entry points, so read enough for
		62	* the largest one, then determine what type it contains.
		63	*/
		64	- size = 0x20;
		65	if (!(opt.flags & FLAG_NO_SYSFS)
		66	&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
		67	{
		68	--
		69	2.40.0


diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch new file mode 100644 index 0000000000..5fa72b4f9b --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -0,0 +1,137 @@
		1	From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001
		2	From: Jean Delvare <jdelvare@suse.de>
		3	Date: Tue, 27 Jun 2023 10:58:11 +0000
		4	Subject: [PATCH] Don't read beyond sysfs entry point buffer
		5
		6	Functions smbios_decode() and smbios3_decode() include a check
		7	against buffer overrun. This check assumes that the buffer length is
		8	always 32 bytes. This is true when reading from /dev/mem or from a
		9	dump file, however when reading from sysfs, the buffer length is the
		10	size of the actual sysfs attribute file, typically 31 bytes for an
		11	SMBIOS 2.x entry point and 24 bytes for an SMBIOS 3.x entry point.
		12
		13	In the unlikely event of a malformed entry point, with encoded length
		14	larger than expected but smaller than or equal to 32, we would hit a
		15	buffer overrun. So properly pass the actual buffer length as an
		16	argument and perform the check against it.
		17
		18	In practice, this will never happen, because on the Linux kernel
		19	side, the size of the sysfs attribute file is decided from the entry
		20	point length field. So it is technically impossible for them not to
		21	match. But user-space code should not make such assumptions.
		22
		23	Signed-off-by: Jean Delvare <jdelvare@suse.de>
		24
		25	CVE: CVE-2023-30630
		26
		27	Upstream-Status: Backport
		28	[https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=2b83c4b898f8325313162f588765411e8e3e5561]
		29
		30	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		31	---
		32	dmidecode.c \| 24 ++++++++++++------------
		33	1 file changed, 12 insertions(+), 12 deletions(-)
		34
		35	diff --git a/dmidecode.c b/dmidecode.c
		36	index b4dbc9d..870d94e 100644
		37	--- a/dmidecode.c
		38	+++ b/dmidecode.c
		39	@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
		40	buf[0x17] = 0;
		41	}
		42
		43	-static int smbios3_decode(u8 buf, const char devmem, u32 flags)
		44	+static int smbios3_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)
		45	{
		46	u32 ver, len;
		47	u64 offset;
		48	u8 *table;
		49
		50	/* Don't let checksum run beyond the buffer */
		51	- if (buf[0x06] > 0x20)
		52	+ if (buf[0x06] > buf_len)
		53	{
		54	fprintf(stderr,
		55	"Entry point length too large (%u bytes, expected %u).\n",
		56	@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
		57	return 1;
		58	}
		59
		60	-static int smbios_decode(u8 buf, const char devmem, u32 flags)
		61	+static int smbios_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)
		62	{
		63	u16 ver;
		64	u32 len;
		65	u8 *table;
		66
		67	/* Don't let checksum run beyond the buffer */
		68	- if (buf[0x05] > 0x20)
		69	+ if (buf[0x05] > buf_len)
		70	{
		71	fprintf(stderr,
		72	"Entry point length too large (%u bytes, expected %u).\n",
		73	@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
		74
		75	if (memcmp(buf, "_SM3_", 5) == 0)
		76	{
		77	- if (smbios3_decode(buf, opt.dumpfile, 0))
		78	+ if (smbios3_decode(buf, size, opt.dumpfile, 0))
		79	found++;
		80	}
		81	else if (memcmp(buf, "_SM_", 4) == 0)
		82	{
		83	- if (smbios_decode(buf, opt.dumpfile, 0))
		84	+ if (smbios_decode(buf, size, opt.dumpfile, 0))
		85	found++;
		86	}
		87	else if (memcmp(buf, "_DMI_", 5) == 0)
		88	@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
		89	pr_info("Getting SMBIOS data from sysfs.");
		90	if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
		91	{
		92	- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
		93	+ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
		94	found++;
		95	}
		96	else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
		97	{
		98	- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
		99	+ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
		100	found++;
		101	}
		102	else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
		103	@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
		104
		105	if (memcmp(buf, "_SM3_", 5) == 0)
		106	{
		107	- if (smbios3_decode(buf, opt.devmem, 0))
		108	+ if (smbios3_decode(buf, 0x20, opt.devmem, 0))
		109	found++;
		110	}
		111	else if (memcmp(buf, "_SM_", 4) == 0)
		112	{
		113	- if (smbios_decode(buf, opt.devmem, 0))
		114	+ if (smbios_decode(buf, 0x20, opt.devmem, 0))
		115	found++;
		116	}
		117	goto done;
		118	@@ -6114,7 +6114,7 @@ memory_scan:
		119	{
		120	if (memcmp(buf + fp, "_SM3_", 5) == 0)
		121	{
		122	- if (smbios3_decode(buf + fp, opt.devmem, 0))
		123	+ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
		124	{
		125	found++;
		126	goto done;
		127	@@ -6127,7 +6127,7 @@ memory_scan:
		128	{
		129	if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
		130	{
		131	- if (smbios_decode(buf + fp, opt.devmem, 0))
		132	+ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
		133	{
		134	found++;
		135	goto done;
		136	--
		137	2.35.5


diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb index 23540b2703..b99c2ea99d 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb +++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
6		6
7	SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \	7	SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
8	file://0001-Committing-changes-from-do_unpack_extra.patch \	8	file://0001-Committing-changes-from-do_unpack_extra.patch \
		9	file://CVE-2023-30630_1.patch \
		10	file://CVE-2023-30630_2.patch \
		11	file://CVE-2023-30630_3.patch \
		12	file://CVE-2023-30630_4.patch \
9	"	13	"
10		14
11	COMPATIBLE_HOST = "(i.86\|x86_64\|aarch64\|arm\|powerpc\|powerpc64).*-linux"	15	COMPATIBLE_HOST = "(i.86\|x86_64\|aarch64\|arm\|powerpc\|powerpc64).*-linux"