On Sat, 2021-07-31 at 21:57 +0530, Vinay Kumar wrote: > Hi Anuj, > > The patch is conjugate of both commits. > https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb > > https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 > > Also, the patch is committed to master branch > http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=55681d09d7f519a1c7f17d17b18ec59bccdc91ca > > Due you want me to resubmit for "hardknott" branch by splitting in to > 2 patches ?
It seems wrong to me because the patch header/description is not correct here. It's no longer a backport of just 42d359350510506b87101cf77202fefcbfc790cb. I also just noticed that there's already a fix for this CVE in my branch. So I think I will take that: https://git.openembedded.org/openembedded-core-contrib/commit/?h=anujm/hardknott&id=ede353df06a07d35dc66d024e2c7bd1b250d9761 Thanks, Anuj > > Regards, > Vinay > > On Sat, Jul 31, 2021 at 11:52 AM Mittal, Anuj <[email protected]> > wrote: > > > > On Tue, 2021-07-27 at 11:38 -0700, Vinay Kumar wrote: > > > Source: https://sourceware.org/git/glibc.git > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=27896 > > > > > > Backported upstream commit 42d359350510506b87101cf77202fefcbfc790cb > > > to > > > glibc-2.33 source with dependent commit id > > > 217b6dc298156bdb0d6aea9ea93e7e394a5ff091. > > > > > > Upstream-Status: Backport > > > [ > > > https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb > > > ] > > > > It looks like you'd need to backport this one too: > > > > https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 > > > > ? > > > > Thanks, > > > > Anuj > > > > > > > > Signed-off-by: Vinay Kumar <[email protected]> > > > --- > > > .../glibc/glibc/CVE-2021-33574.patch | 61 > > > +++++++++++++++++++ > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 + > > > 2 files changed, 62 insertions(+) > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021- > > > 33574.patch > > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574.patch > > > b/meta/recipes-core/glibc/glibc/CVE-2021-33574.patch > > > new file mode 100644 > > > index 0000000000..fd73b23c88 > > > --- /dev/null > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-33574.patch > > > @@ -0,0 +1,61 @@ > > > +From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 > > > 2001 > > > +From: Andreas Schwab <[email protected]> > > > +Date: Thu, 27 May 2021 12:49:47 +0200 > > > +Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) > > > + > > > +Make a deep copy of the pthread attribute object to remove a > > > potential > > > +use-after-free issue. > > > + > > > +Upstream-Status: Backport > > > [ > > > https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb > > > ] > > > +CVE: CVE-2021-33574 > > > +Signed-off-by: Vinay Kumar <[email protected]> > > > +--- > > > +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c > > > b/sysdeps/unix/sysv/linux/mq_notify.c > > > +index cc575a0cdd8..6f46d29d1dc 100644 > > > +--- a/sysdeps/unix/sysv/linux/mq_notify.c > > > ++++ b/sysdeps/unix/sysv/linux/mq_notify.c > > > +@@ -133,8 +133,11 @@ helper_thread (void *arg) > > > + (void) __pthread_barrier_wait (¬ify_barrier); > > > + } > > > + else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) > > > +- /* The only state we keep is the copy of the thread > > > attributes. */ > > > +- free (data.attr); > > > ++ { > > > ++ /* The only state we keep is the copy of the thread > > > attributes. */ > > > ++ pthread_attr_destroy (data.attr); > > > ++ free (data.attr); > > > ++ } > > > + } > > > + return NULL; > > > + } > > > +@@ -255,8 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent > > > *notification) > > > + if (data.attr == NULL) > > > + return -1; > > > + > > > +- memcpy (data.attr, notification->sigev_notify_attributes, > > > +- sizeof (pthread_attr_t)); > > > ++ int ret = __pthread_attr_copy (data.attr, > > > ++ notification- > > > > sigev_notify_attributes); > > > ++ if (ret != 0) > > > ++ { > > > ++ free (data.attr); > > > ++ __set_errno (ret); > > > ++ return -1; > > > ++ } > > > + } > > > + > > > + /* Construct the new request. */ > > > +@@ -269,8 +278,11 @@ mq_notify (mqd_t mqdes, const struct sigevent > > > *notification) > > > + int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); > > > + > > > + /* If it failed, free the allocated memory. */ > > > +- if (__glibc_unlikely (retval != 0)) > > > +- free (data.attr); > > > ++ if (retval != 0 && data.attr != NULL) > > > ++ { > > > ++ pthread_attr_destroy (data.attr); > > > ++ free (data.attr); > > > ++ } > > > + > > > + return retval; > > > + } > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes- > > > core/glibc/glibc_2.33.bb > > > index 925efe8cc6..e9f01a14c5 100644 > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb > > > @@ -57,6 +57,7 @@ SRC_URI = > > > "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > > > > file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch > > > \ > > > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ > > > file://mte-backports.patch \ > > > + file://CVE-2021-33574.patch \ > > > " > > > S = "${WORKDIR}/git" > > > B = "${WORKDIR}/build-${TARGET_SYS}" > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#154310): https://lists.openembedded.org/g/openembedded-core/message/154310 Mute This Topic: https://lists.openembedded.org/mt/84488573/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
