The change to link libssp_nonshared.a only for musl was to move
spec file changes to config/linux.h under a conditional when
DEFAULT_LIBC == LIBC_MUSL which worked fine for all but ppc
since gcc for ppc provided its own linux.h overrides which are
used. This patch duplicates the change in those headers too
Cherry-picked from oe-core master 9d39168a6acfa1f289a4448271c0bf9caaea10ec
(From OE-Core rev: 7d391a9e566a6ddc2970fc666a45570310bdc780)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
glibc already provides the content for libssp_nonshared
in libc_nonshared.a therefore we dont need to make it
universal.
This also fixed build issues on glibc when linking statically
and using -fstack-protector
Fixed errors like
/mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libc.a(stack_chk_fail.o): In function `__stack_chk_fail': /usr/src/debug/glibc/2.26-r0/git/debug/stack_chk_fail.c:27: multiple definition of `__stack_chk_fail_local' /mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libssp_nonshared.a(libssp_nonshared_la-ssp-local.o):/usr/src/debug/gcc-runtime/7.1.0-r0/gcc-7.1.0/build.i586-bec-linux.i586-bec-linux/i586-bec-linux/libssp/../../../../../../../../work-shared/gcc-7.1.0-r0/gcc-7.1.0/libssp/ssp-local.c:47: first defined here collect2: error: ld returned 1 exit status
Cherry-picked from oe-core master d71eba26850838b2878efea3f8c392a2eb2ebbfb
(From OE-Core rev: 27eaa97595cbac38a8bec118fe3d5f8920ab814e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use ucontext_t not struct ucontext in linux-unwind.h files.
Current glibc no longer gives the ucontext_t type the tag struct
ucontext, to conform with POSIX namespace rules. This requires
various linux-unwind.h files in libgcc, that were previously using
struct ucontext, to be fixed to use ucontext_t instead. This is
similar to the removal of the struct siginfo tag from siginfo_t some
years ago.
Backport of patches by Joseph Myers, taken from
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957
[YOCTO #12083]
(From OE-Core rev: 063f5558ef2040b6d2c34caa553ed09733fc6470)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ec1c18d866c137b1fa523d0fcc29f65a28f59f44)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-4490 applied to gcc < 6.1.1, our version is 6.3
(From OE-Core rev: 869d7ddb30e5c522a3e7e200b0696340d37f5198)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8329861bf6f48f6e541a04062b8d1f373dfcd78)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[NVD] -- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6131
The demangler in GNU Libiberty allows remote attackers to cause a denial
of service (infinite loop, stack overflow, and crash) via a cycle in the
references of remembered mangled types.
[BZ #71696] -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
2016-08-04 Marcel Böhme <boehme.marcel@gmail.com>
PR c++/71696
* cplus-dem.c: Prevent infinite recursion when there is a cycle
in the referencing of remembered mangled types.
(work_stuff): New stack to keep track of the remembered mangled
types that are currently being processed.
(push_processed_type): New method to push currently processed
remembered type onto the stack.
(pop_processed_type): New method to pop currently processed
remembered type from the stack.
(work_stuff_copy_to_from): Copy values of new variables.
(delete_non_B_K_work_stuff): Free stack memory.
(demangle_args): Push/Pop currently processed remembered type.
(do_type): Do not demangle a cyclic reference and push/pop
referenced remembered type.
cherry-picked from commit of
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4
(From OE-Core rev: 3c288b181a4cfecc80b48994f4dd2df285e4d1d0)
(From OE-Core rev: be00ad34a3827a4205718609f349bc6e8a09733b)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96a16c4181d18b8580dad243350d589586cb2b07)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC provides some of std* headers including stddef.h
and it syncs with glibc definitions via __needed* defines
to find which datatypes are expected to be defined on top
of glibc. we need same for musl.
Drop unused 0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch
(From OE-Core rev: 5c3cfa24e49cbea34c74009b91bf96e0f9a00a63)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7da04721a620ad741ea50adf116e6b5afd47caa5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
6.3.0 is a bugfix release in gcc 6 series
Cherry-picked from oe-core master 36ffcd1d7d2ab9dcc91e9c09623a6613a248bc69
(From OE-Core rev: c24f6de26efdfb13b95e51b4531d1e111fab409c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
(From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The gentoo.osuosl.org mirror doesn't store all versions of pax-utils, so
use the maintainers own mirror which stores them all.
Fixes [YOCTO #11559]
(From OE-Core rev: 2892e05c3c1655b97b983ad783ca57c680ab8acb)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too),
yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable
to Spectre.
I've performed the update by copying the ruby recipe directory over from the current
pyro tree; if you want to see the list of specific commits, issue this command:
git log 99656fecf4 meta/recipes-devtools/ruby
(up to commit e593d3aeb2)
(From OE-Core rev: 4734a4b41898e3df252b6234ed1270a915fd1f68)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: binutils-gdb.git
MR: 76766
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3
Description:
PR22209, invalid memory read in find_abstract_instance_name
This patch adds bounds checking for DW_FORM_ref_addr die refs, and
calculates them relative to the first .debug_info section. See the
big comment for why calculating relative to the current .debug_info
section was wrong for relocatable object files.
PR 22209
* dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
(find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
to stash->info_ptr_memory, and check die_ref is within that memory.
Set info_ptr_end correctly when another CU is refd. Check die_ref
for DW_FORM_ref4 etc. is within CU.
Affects: <= 2.29
(From OE-Core rev: 592f315516e602bd9a9bdc3d116771528cd433d1)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: binutils-gdb.git
MR: 76524
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: 5f22a66eabb228b655605b964ecd350aee700806
Description:
PR22187, infinite loop in find_abstract_instance_name
This patch prevents the simple case of infinite recursion in
find_abstract_instance_name by ensuring that the attributes being
processed are not the same as the previous call.
The patch also does a little cleanup, and leaves in place some changes
to the nested_funcs array that I made when I wrongly thought looping
might occur in scan_unit_for_symbols.
PR 22187
* dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
pname param. Return status. Make name const. Don't abort,
return an error. Formatting. Exit if current info_ptr matches
orig_info_ptr. Update callers.
(scan_unit_for_symbols): Start at nesting_level of zero. Make
nested_funcs an array of structs for extensibility. Formatting.
Affects: <= 2.29
(From OE-Core rev: 3e88bb5e933ebbf9c3445bac1814dc0ac105bf45)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: binutils-gdb.git
MR: 76278
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de
Description:
x86: Guard against corrupted PLT
There should be only one entry in PLT for a given symbol. Set howto to
NULL after processing a PLT entry to guard against corrupted PLT so that
the duplicated PLT entries are skipped.
PR binutils/22170
Affects: <= 2.29
(From OE-Core rev: 51fc4c8d86bc7c567794305bcc08e5054e9e204a)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: binutils-gdb.git
MR: 73971
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: fe0e1d0f234ed157135818c24f4270c34e093828
Description:
Fix potential address violations when processing a corrupt Alpha VMA binary.
PR binutils/21589
* vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
maximum value for the ascic pointer. Check that name processing
does not read beyond this value.
(_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
end of etir record.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: ea89dfe868085b463dfc24df78b49d1703989484)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74127
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54
Description:
Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
PR binutils/21438
* dwarf.c (process_extended_line_op): Do not assume that the
string extracted from the section is NUL terminated.
(fetch_indirect_string): If the string retrieved from the section
is not NUL terminated, return an error message.
(fetch_indirect_line_string): Likewise.
(fetch_indexed_string): Likewise.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: 1e19e656a97caf61f26ab4f52339b9413d3bb29f)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: 09c642a70e2a12dcc01ffe45c333011a142c02a7)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74179
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 976156cd25454143883090ca42010c38c6d6af0f
Description:
PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
This patch fixes an assumption made by code that runs for objcopy and
strip, that SHT_REL/SHR_RELA sections are always named starting with a
.rel/.rela prefix. I'm also modifying the interface for
elf_backend_get_reloc_section, so any backend function just needs to
handle name mapping.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: 24124406a2a1657b80ba2933bef40ccf798c8097)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74296
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: d2cf3ab15c89351c941c92e4cdf28c2bfa9dcda8
Description:
Fix seg-fault running addr2line on a corrupt binary.
PR binutils/20891
* aoutx.h (find_nearest_line): Handle the case where the main file
name and the directory name are both empty.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: ba01ee6899c8d36e6469f6d02d40866fb0502af9)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73854, 73827, 73814, 73801, 73775
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: fb23096307f9903872a04edf171d1fd2099e35c5
Description:
Fix address violation errors parsing corrupt binary files.
PR 21813
binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
string whilst concatenating symbol names.
bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
of the relocs to the canonicalize_one_reloc routine.
* mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
for the _bfd_mach_o_canonicalize_one_reloc field.
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
res_base parameter. Use to check for corrupt pair relocs.
* mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
Likewise.
* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
Likewise.
* vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
enough data in the record before attempting to parse it.
(_bfd_vms_slurp_eeom): Likewise.
(_bfd_vms_slurp_egsd): Check for an invalid section index.
(image_set_ptr): Likewise.
(alpha_vms_slurp_relocs): Likewise.
Affects: <= 2.29
(From OE-Core rev: 2cc3922462c9dd86f50a419a2a4abb0f3b5b4745)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
