The patches are all same. There was an error in the subject due to which it wasn’t reflecting in the submitted patches on open embedded core.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 ________________________________ From: akuster808 <[email protected]> Sent: Monday, September 23, 2019 2:19:15 PM To: Shubham Agrawal <[email protected]>; [email protected] <[email protected]> Subject: Re: [OE-core] [”OE-core][thud][PATCH”] elfutils: CVE fix for elfutils On 9/23/19 2:14 PM, [email protected] wrote: > From: Shubham Agrawal <[email protected]> > > CVE: CVE-2019-7664.patch > CVE: CVE-2019-7665.patch This is the third email patch on the same issues. Are they different? regards, Armin > > Sign off: Shubham Agrawal <[email protected]> > --- > meta/recipes-devtools/elfutils/elfutils_0.175.bb | 2 + > .../elfutils/files/CVE-2019-7664.patch | 65 +++++++++ > .../elfutils/files/CVE-2019-7665.patch | 154 > +++++++++++++++++++++ > 3 files changed, 221 insertions(+) > create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch > create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch > > diff --git a/meta/recipes-devtools/elfutils/elfutils_0.175.bb > b/meta/recipes-devtools/elfutils/elfutils_0.175.bb > index e94a48e..862a9b6 100644 > --- a/meta/recipes-devtools/elfutils/elfutils_0.175.bb > +++ b/meta/recipes-devtools/elfutils/elfutils_0.175.bb > @@ -31,6 +31,8 @@ SRC_URI = > "https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Felfutils%2Fftp%2F%24&data=02%7C01%7Cshuagr%40microsoft.com%7C0a3b7e85865a440119d508d7406bb255%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637048703613961219&sdata=J1z7WGLoV1xEpBxRaWekNFf0HDIvmCtUMpLYUb1nR%2Fk%3D&reserved=0{PV}/${BP}.tar.bz2 > \ > file://CVE-2019-7150.patch \ > file://CVE-2019-7146_p1.patch \ > file://CVE-2019-7146_p2.patch \ > + file://CVE-2019-7664.patch \ > + file://CVE-2019-7665.patch \ > " > SRC_URI_append_libc-musl = " > file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch" > > diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch > b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch > new file mode 100644 > index 0000000..e55dc5a > --- /dev/null > +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch > @@ -0,0 +1,65 @@ > +From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001 > +From: Mark Wielaard <[email protected]> > +Date: Wed, 16 Jan 2019 12:25:57 +0100 > +Subject: [PATCH] CVE: CVE-2019-7664 > + > +Upstream-Status: Backport > +libelf: Correct overflow check in note_xlate. > + > +We want to make sure the note_len doesn't overflow and becomes shorter > +than the note header. But the namesz and descsz checks got the note header > +size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12). > + > +https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D24084&data=02%7C01%7Cshuagr%40microsoft.com%7C0a3b7e85865a440119d508d7406bb255%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637048703613961219&sdata=XDpI1uUOmF4w%2FdtsO%2BspaDCLIOEdoGQr6PNxaJh3u%2Fc%3D&reserved=0 > + > +Signed-off-by: Mark Wielaard <[email protected]> > +Signed-off-by: Ubuntu > <l...@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net> > +--- > + libelf/ChangeLog | 13 +++++++++++++ > + libelf/note_xlate.h | 4 ++-- > + 2 files changed, 15 insertions(+), 2 deletions(-) > + > +diff --git a/libelf/ChangeLog b/libelf/ChangeLog > +index 68c4fbd..892e6e7 100644 > +--- a/libelf/ChangeLog > ++++ b/libelf/ChangeLog > +@@ -1,3 +1,16 @@ > ++<<<<<<< HEAD > ++======= > ++2019-01-16 Mark Wielaard <[email protected]> > ++ > ++ * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't > ++ overflow note_len into note header. > ++ > ++2018-11-17 Mark Wielaard <[email protected]> > ++ > ++ * elf32_updatefile.c (updatemmap): Make sure to call convert > ++ function on a properly aligned destination. > ++ > ++>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate. > + 2018-11-16 Mark Wielaard <[email protected]> > + > + * libebl.h (__elf32_msize): Mark with const attribute. > +diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h > +index 9bdc3e2..bc9950f 100644 > +--- a/libelf/note_xlate.h > ++++ b/libelf/note_xlate.h > +@@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, > int encode, > + /* desc needs to be aligned. */ > + note_len += n->n_namesz; > + note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len); > +- if (note_len > len || note_len < 8) > ++ if (note_len > len || note_len < sizeof *n) > + break; > + > + /* data as a whole needs to be aligned. */ > + note_len += n->n_descsz; > + note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len); > +- if (note_len > len || note_len < 8) > ++ if (note_len > len || note_len < sizeof *n) > + break; > + > + /* Copy or skip the note data. */ > +-- > +2.7.4 > + > diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch > b/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch > new file mode 100644 > index 0000000..a1bb309 > --- /dev/null > +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7665.patch > @@ -0,0 +1,154 @@ > +From 4323d46c4a369b614aa1f574805860b3434552df Mon Sep 17 00:00:00 2001 > +From: Mark Wielaard <[email protected]> > +Date: Wed, 16 Jan 2019 15:41:31 +0100 > +Subject: [PATCH] CVE: CVE-2019-7665 > + > +Upstream-Status: Backport > + > +Sign off: Shubham Agrawal <[email protected]> > + > +libebl: Check NT_PLATFORM core notes contain a zero terminated string. > + > +Most strings in core notes are fixed size. But NT_PLATFORM contains just > +a variable length string. Check that it is actually zero terminated > +before passing to readelf to print. > + > +https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D24089&data=02%7C01%7Cshuagr%40microsoft.com%7C0a3b7e85865a440119d508d7406bb255%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637048703613961219&sdata=WQe4updGnCdqEq%2FgiVbXZT%2FWc4sUd%2FoBef7x9f7jGE8%3D&reserved=0 > + > +Signed-off-by: Mark Wielaard <[email protected]> > +Signed-off-by: Ubuntu > <l...@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net> > +--- > + libdwfl/linux-core-attach.c | 9 +++++---- > + libebl/eblcorenote.c | 39 +++++++++++++++++++-------------------- > + libebl/libebl.h | 3 ++- > + src/readelf.c | 2 +- > + 4 files changed, 27 insertions(+), 26 deletions(-) > + > +diff --git a/libdwfl/linux-core-attach.c b/libdwfl/linux-core-attach.c > +index 6c99b9e..c0f1b0d 100644 > +--- a/libdwfl/linux-core-attach.c > ++++ b/libdwfl/linux-core-attach.c > +@@ -137,7 +137,7 @@ core_next_thread (Dwfl *dwfl __attribute__ ((unused)), > void *dwfl_arg, > + const Ebl_Register_Location *reglocs; > + size_t nitems; > + const Ebl_Core_Item *items; > +- if (! ebl_core_note (core_arg->ebl, &nhdr, name, > ++ if (! ebl_core_note (core_arg->ebl, &nhdr, name, desc, > + ®s_offset, &nregloc, ®locs, &nitems, &items)) > + { > + /* This note may be just not recognized, skip it. */ > +@@ -191,8 +191,9 @@ core_set_initial_registers (Dwfl_Thread *thread, void > *thread_arg_voidp) > + const Ebl_Register_Location *reglocs; > + size_t nitems; > + const Ebl_Core_Item *items; > +- int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, > ®s_offset, > +- &nregloc, ®locs, &nitems, &items); > ++ int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, desc, > ++ ®s_offset, &nregloc, ®locs, > ++ &nitems, &items); > + /* __libdwfl_attach_state_for_core already verified the note is there. */ > + assert (core_note_err != 0); > + assert (nhdr.n_type == NT_PRSTATUS); > +@@ -383,7 +384,7 @@ dwfl_core_file_attach (Dwfl *dwfl, Elf *core) > + const Ebl_Register_Location *reglocs; > + size_t nitems; > + const Ebl_Core_Item *items; > +- if (! ebl_core_note (ebl, &nhdr, name, > ++ if (! ebl_core_note (ebl, &nhdr, name, desc, > + ®s_offset, &nregloc, ®locs, &nitems, &items)) > + { > + /* This note may be just not recognized, skip it. */ > +diff --git a/libebl/eblcorenote.c b/libebl/eblcorenote.c > +index 783f981..7fab397 100644 > +--- a/libebl/eblcorenote.c > ++++ b/libebl/eblcorenote.c > +@@ -36,11 +36,13 @@ > + #include <inttypes.h> > + #include <stdio.h> > + #include <stddef.h> > ++#include <string.h> > + #include <libeblP.h> > + > + > + int > + ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name, > ++ const char *desc, > + GElf_Word *regs_offset, size_t *nregloc, > + const Ebl_Register_Location **reglocs, size_t *nitems, > + const Ebl_Core_Item **items) > +@@ -51,28 +53,25 @@ ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const > char *name, > + { > + /* The machine specific function did not know this type. */ > + > +- *regs_offset = 0; > +- *nregloc = 0; > +- *reglocs = NULL; > +- switch (nhdr->n_type) > ++ /* NT_PLATFORM is kind of special since it needs a zero terminated > ++ string (other notes often have a fixed size string). */ > ++ static const Ebl_Core_Item platform[] = > + { > +-#define ITEMS(type, table) \ > +- case type: \ > +- *items = table; \ > +- *nitems = sizeof table / sizeof table[0]; \ > +- result = 1; \ > +- break > ++ { > ++ .name = "Platform", > ++ .type = ELF_T_BYTE, .count = 0, .format = 's' > ++ } > ++ }; > + > +- static const Ebl_Core_Item platform[] = > +- { > +- { > +- .name = "Platform", > +- .type = ELF_T_BYTE, .count = 0, .format = 's' > +- } > +- }; > +- ITEMS (NT_PLATFORM, platform); > +- > +-#undef ITEMS > ++ if (nhdr->n_type == NT_PLATFORM > ++ && memchr (desc, '\0', nhdr->n_descsz) != NULL) > ++ { > ++ *regs_offset = 0; > ++ *nregloc = 0; > ++ *reglocs = NULL; > ++ *items = platform; > ++ *nitems = 1; > ++ result = 1; > + } > + } > + > +diff --git a/libebl/libebl.h b/libebl/libebl.h > +index ca9b9fe..24922eb 100644 > +--- a/libebl/libebl.h > ++++ b/libebl/libebl.h > +@@ -319,7 +319,8 @@ typedef struct > + > + /* Describe the format of a core file note with the given header and NAME. > + NAME is not guaranteed terminated, it's NHDR->n_namesz raw bytes. */ > +-extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name, > ++extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, > ++ const char *name, const char *desc, > + GElf_Word *regs_offset, size_t *nregloc, > + const Ebl_Register_Location **reglocs, > + size_t *nitems, const Ebl_Core_Item **items) > +diff --git a/src/readelf.c b/src/readelf.c > +index 3a73710..71651e0 100644 > +--- a/src/readelf.c > ++++ b/src/readelf.c > +@@ -12153,7 +12153,7 @@ handle_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, > + size_t nitems; > + const Ebl_Core_Item *items; > + > +- if (! ebl_core_note (ebl, nhdr, name, > ++ if (! ebl_core_note (ebl, nhdr, name, desc, > + ®s_offset, &nregloc, ®locs, &nitems, &items)) > + return; > + > +-- > +2.7.4 > +
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
