2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch
new file mode 100644
index 0000000000..95067d37a5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch
@@ -0,0 +1,46 @@
+Backport patch to fix CVE-2016-6323 for glibc. And remove the section of
+ChangeLog which can't be applied.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c]
+CVE: CVE-2016-6323
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From 9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Mon, 8 Aug 2016 09:29:18 +0200
+Subject: [PATCH] arm: mark __startcontext as .cantunwind (bug 20435)
+__startcontext marks the bottom of the call stack of the contexts created
+by makecontext.
+---
+ ChangeLog                                | 6 ++++++
+ sysdeps/unix/sysv/linux/arm/setcontext.S | 7 +++++++
+ 2 files changed, 13 insertions(+)
+diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
+index 603e508..d1f168f 100644
+--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
+++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
+@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
+ 
+        /* Called when a makecontext() context returns.  Start the
+           context in R4 or fall through to exit().  */
+       /* Unwind descriptors are looked up based on PC - 2, so we have to
+          make sure to mark the instruction preceding the __startcontext
+          label as .cantunwind.  */
+       .fnstart
+       .cantunwind
+       nop
+ ENTRY(__startcontext)
+        movs    r0, r4
+        bne     PLTJMP(__setcontext)
+ 
+        @ New context was 0 - exit
+        b       PLTJMP(HIDDEN_JUMPTARGET(exit))
+       .fnend
+ END(__startcontext)
+ 
+ #ifdef PIC
+-- 
+2.10.1
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb
index f5a21b258d..475c13339a 100644
--- a/meta/recipes-core/glibc/glibc_2.24.bb
+++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
           file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
           file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
           file://0026-build_local_scope.patch \
+           file://0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch \
 "
 SRC_URI += "\

diff --git a/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch new file mode 100644 index 0000000000..95067d37a5 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch
@@ -0,0 +1,46 @@
		1	Backport patch to fix CVE-2016-6323 for glibc. And remove the section of
		2	ChangeLog which can't be applied.
		3
		4	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c]
		5	CVE: CVE-2016-6323
		6	Signed-off-by: Kai Kang <kai.kang@windriver.com>
		7	---
		8	From 9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 Mon Sep 17 00:00:00 2001
		9	From: Andreas Schwab <schwab@suse.de>
		10	Date: Mon, 8 Aug 2016 09:29:18 +0200
		11	Subject: [PATCH] arm: mark __startcontext as .cantunwind (bug 20435)
		12
		13	__startcontext marks the bottom of the call stack of the contexts created
		14	by makecontext.
		15	---
		16	ChangeLog \| 6 ++++++
		17	sysdeps/unix/sysv/linux/arm/setcontext.S \| 7 +++++++
		18	2 files changed, 13 insertions(+)
		19
		20	diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S
		21	index 603e508..d1f168f 100644
		22	--- a/sysdeps/unix/sysv/linux/arm/setcontext.S
		23	+++ b/sysdeps/unix/sysv/linux/arm/setcontext.S
		24	@@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext)
		25
		26	/* Called when a makecontext() context returns. Start the
		27	context in R4 or fall through to exit(). */
		28	+ /* Unwind descriptors are looked up based on PC - 2, so we have to
		29	+ make sure to mark the instruction preceding the __startcontext
		30	+ label as .cantunwind. */
		31	+ .fnstart
		32	+ .cantunwind
		33	+ nop
		34	ENTRY(__startcontext)
		35	movs r0, r4
		36	bne PLTJMP(__setcontext)
		37
		38	@ New context was 0 - exit
		39	b PLTJMP(HIDDEN_JUMPTARGET(exit))
		40	+ .fnend
		41	END(__startcontext)
		42
		43	#ifdef PIC
		44	--
		45	2.10.1
		46


diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index f5a21b258d..475c13339a 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb
@@ -37,6 +37,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
37	file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \	37	file://0024-eglibc-Forward-port-cross-locale-generation-support.patch \
38	file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \	38	file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \
39	file://0026-build_local_scope.patch \	39	file://0026-build_local_scope.patch \
		40	file://0027-arm-mark-__startcontext-as-.cantunwind-bug-20435.patch \
40	"	41	"
41		42
42	SRC_URI += "\	43	SRC_URI += "\