Signed-off-by: Anatol Belski <anbel...@linux.microsoft.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/CVE-2019-25013.patch | 135 ---------------
.../glibc/glibc/CVE-2020-29562.patch | 156 ------------------
meta/recipes-core/glibc/glibc_2.31.bb | 6 +-
4 files changed, 4 insertions(+), 295 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
diff --git a/meta/recipes-core/glibc/glibc-version.inc
b/meta/recipes-core/glibc/glibc-version.inc
index 5f726537ff..7ae64a190f 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.31/master"
PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "df31c7ca927242d5d4eee97f93a01e23ff47e332"
+SRCREV_glibc ?= "f84949f1c4bbf20e6a1d9a5859cf012cde060ede"
SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
deleted file mode 100644
index 73df1da868..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <sch...@suse.de>
-Date: Mon, 21 Dec 2020 08:56:43 +0530
-Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
-
-The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
-area and is not allowed. The from_euc_kr function used to skip two bytes
-when told to skip over the unknown designation, potentially running over
-the buffer end.
-
-Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
-CVE: CVE-2019-25013
-Signed-off-by: Scott Murray <scott.mur...@konsulko.com>
-[Refreshed for Dundell context; Makefile changes]
-Signed-off-by: Armin Kuster <akus...@mvista.com>
-
----
- iconvdata/Makefile | 3 ++-
- iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
- iconvdata/euc-kr.c | 6 +----
- iconvdata/ksc5601.h | 6 ++---
- 4 files changed, 59 insertions(+), 9 deletions(-)
- create mode 100644 iconvdata/bug-iconv13.c
-
-Index: git/iconvdata/Makefile
-===================================================================
---- git.orig/iconvdata/Makefile
-+++ git/iconvdata/Makefile
-@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules
- ifeq (yes,$(build-shared))
- tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
- tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
-- bug-iconv10 bug-iconv11 bug-iconv12
-+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13
- ifeq ($(have-thread-library),yes)
- tests += bug-iconv3
- endif
-Index: git/iconvdata/bug-iconv13.c
-===================================================================
---- /dev/null
-+++ git/iconvdata/bug-iconv13.c
-@@ -0,0 +1,53 @@
-+/* bug 24973: Test EUC-KR module
-+ Copyright (C) 2020 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <https://www.gnu.org/licenses/>. */
-+
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
-+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
-+ areas, which are not allowed and should be skipped over due to
-+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
-+ should be checked first. */
-+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
-+ char *inptr = input;
-+ size_t insize = sizeof (input);
-+ char output[4];
-+ char *outptr = output;
-+ size_t outsize = sizeof (output);
-+
-+ /* This used to crash due to buffer overrun. */
-+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
-+ TEST_VERIFY (errno == EINVAL);
-+ /* The conversion should produce one character, the converted null
-+ character. */
-+ TEST_VERIFY (sizeof (output) - outsize == 1);
-+
-+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+ return 0;
-+}
-+
-+#include <support/test-driver.c>
-Index: git/iconvdata/euc-kr.c
-===================================================================
---- git.orig/iconvdata/euc-kr.c
-+++ git/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c
- \
- if (ch <= 0x9f)
\
- ++inptr;
\
-- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are
\
-- user-defined areas. */
\
-- else if (__builtin_expect (ch == 0xa0, 0) \
-- || __builtin_expect (ch > 0xfe, 0)
\
-- || __builtin_expect (ch == 0xc9, 0)) \
-+ else if (__glibc_unlikely (ch == 0xa0)) \
- {
\
- /* This is illegal. */ \
- STANDARD_FROM_LOOP_ERR_HANDLER (1); \
-Index: git/iconvdata/ksc5601.h
-===================================================================
---- git.orig/iconvdata/ksc5601.h
-+++ git/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s
- unsigned char ch2;
- int idx;
-
-+ if (avail < 2)
-+ return 0;
-+
- /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
-
- if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
- || (ch - offset) == 0x49)
- return __UNKNOWN_10646_CHAR;
-
-- if (avail < 2)
-- return 0;
--
- ch2 = (*s)[1];
- if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
- return __UNKNOWN_10646_CHAR;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
b/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
deleted file mode 100644
index c51fb3223a..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-29562.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001
-From: Michael Colavita <mcolav...@fb.com>
-Date: Thu, 19 Nov 2020 11:44:40 -0500
-Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
-
-Previously, in UCS4 conversion routines we limit the number of
-characters we examine to the minimum of the number of characters in the
-input and the number of characters in the output. This is not the
-correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
-an output character when we skip a code unit. Instead, track the input
-and output pointers and terminate the loop when either reaches its
-limit.
-
-This resolves assertion failures when resetting the input buffer in a step of
-iconv, which assumes that the input will be fully consumed given sufficient
-output space.
-
-Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=228edd356f03bf62dcf2b1335f25d43c602ee68d]
-CVE: CVE-2020-29562
-Signed-off-by: Chee Yang Lee <chee.yang....@intel.com>
-
----
- iconv/Makefile | 2 +-
- iconv/gconv_simple.c | 16 ++++----------
- iconv/tst-iconv8.c | 50 ++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 55 insertions(+), 13 deletions(-)
- create mode 100644 iconv/tst-iconv8.c
-
-diff --git a/iconv/Makefile b/iconv/Makefile
-index 30bf996d3a..f9b51e23ec 100644
---- a/iconv/Makefile
-+++ b/iconv/Makefile
-@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION
- CFLAGS-simple-hash.c += -I../locale
-
- tests = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \
-- tst-iconv7 tst-iconv-mt tst-iconv-opt
-+ tst-iconv7 tst-iconv8 tst-iconv-mt tst-iconv-opt
-
- others = iconv_prog iconvconfig
- install-others-programs = $(inst_bindir)/iconv
-diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c
-index d4797fba17..963b29f246 100644
---- a/iconv/gconv_simple.c
-+++ b/iconv/gconv_simple.c
-@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step,
- int flags = step_data->__flags;
- const unsigned char *inptr = *inptrp;
- unsigned char *outptr = *outptrp;
-- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
- int result;
-- size_t cnt;
-
-- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
- {
- uint32_t inval;
-
-@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step,
- int flags = step_data->__flags;
- const unsigned char *inptr = *inptrp;
- unsigned char *outptr = *outptrp;
-- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
- int result;
-- size_t cnt;
-
-- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
- {
- if (__glibc_unlikely (inptr[0] > 0x80))
- {
-@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step,
- int flags = step_data->__flags;
- const unsigned char *inptr = *inptrp;
- unsigned char *outptr = *outptrp;
-- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
- int result;
-- size_t cnt;
-
-- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
- {
- uint32_t inval;
-
-@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step,
- int flags = step_data->__flags;
- const unsigned char *inptr = *inptrp;
- unsigned char *outptr = *outptrp;
-- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
- int result;
-- size_t cnt;
-
-- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
- {
- if (__glibc_unlikely (inptr[3] > 0x80))
- {
-diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c
-new file mode 100644
-index 0000000000..0b92b19f66
---- /dev/null
-+++ b/iconv/tst-iconv8.c
-@@ -0,0 +1,50 @@
-+/* Test iconv behavior on UCS4 conversions with //IGNORE.
-+ Copyright (C) 2020 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+/* Derived from BZ #26923 */
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/");
-+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+ /*
-+ * Convert sequence beginning with an irreversible character into buffer
that
-+ * is too small.
-+ */
-+ char input[12] = "\xe1\x80\xa1" "AAAAAAAAA";
-+ char *inptr = input;
-+ size_t insize = sizeof (input);
-+ char output[6];
-+ char *outptr = output;
-+ size_t outsize = sizeof (output);
-+
-+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1);
-+ TEST_VERIFY (errno == E2BIG);
-+
-+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+ return 0;
-+}
-+
-+#include <support/test-driver.c>
---
-2.27.0
-
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb
b/meta/recipes-core/glibc/glibc_2.31.bb
index b75bbb4196..22858bc563 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,9 @@
require glibc.inc
require glibc-version.inc
-CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228
CVE-2020-1751 CVE-2020-1752 \
+ CVE-2021-27645 CVE-2021-3326 CVE-2020-27618
CVE-2020-29562 CVE-2019-25013 \
+"
DEPENDS += "gperf-native bison-native make-native"
@@ -41,9 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
file://0028-inject-file-assembly-directives.patch \
file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
- file://CVE-2020-29562.patch \
file://CVE-2020-29573.patch \
- file://CVE-2019-25013.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
