Patches for gcc-11:
$ git log --oneline --before 2023-09-12 --after 2023-09-11 --author
'Richard Sandiford' origin/releases/gcc-11 --
bea0985749c1 aarch64: Make stack smash canary protect saved registers
4bbf7b6cdd02 aarch64: Remove below_hard_fp_saved_regs_size
9ed9fd54b2b4 aarch64: Explicitly record probe registers in frame info
e932e11c353b aarch64: Simplify probe of final frame allocation
174a9747491e aarch64: Put LR save probe in first 16 bytes
f22329d5efba aarch64: Tweak stack clash boundary condition
bb4600071acc aarch64: Minor initial adjustment tweak
8b664cc8f05c aarch64: Simplify top of frame allocation
999c4a81cffd aarch64: Measure reg_offset from the bottom of the frame
b8cd5a0229da aarch64: Tweak frame_size comment
fa6600b55b49 aarch64: Rename hard_fp_offset to bytes_above_hard_fp
82fb69e75c21 aarch64: Rename locals_offset to bytes_above_locals
7356df0319ae aarch64: Only calculate chain_offset if there is a chain
e8a7ec87fcdb aarch64: Tweak aarch64_save/restore_callee_saves
d3f6ceecc8a7 aarch64: Add bytes_below_hard_fp to frame info
a8385d143186 aarch64: Add bytes_below_saved_regs to frame info
5efdcc8ed19d aarch64: Explicitly handle frames with no saved registers
a2a57f7ec791 aarch64: Avoid a use of callee_offset
52816ab48f97 aarch64: Use local frame vars in shrink-wrapping code
Gitweb:
https://gcc.gnu.org/git/?p=gcc.git;a=shortlog;h=bea0985749c12fcc264710586addb7838cc61e6d&hp=2eb8e5cba7408e2a4016a8f5c48e4980abdd1d08
Generated a single .patch file just like src:gcc-11's d/p/git-
updates.diff
$ LANG=C git diff --no-renames --src-prefix=a/src/ --dst-prefix=b/src/ \
52816ab48f97968f3fbfb5656250f3de7c00166d^
bea0985749c12fcc264710586addb7838cc61e6d \
| awk '/^diff .*\.texi/ {skip=1; next} /^diff / { skip=0 }
skip==0' \
| grep -v -E '^(diff|index)' \
> cve-2023-4039.diff
For verification purposes, this patch can be cleanly reverted
from the gcc-11 package that introduced its changes in Mantic:
gcc-11 (11.4.0-4) unstable; urgency=medium
- Address stack protector and stack clash protection weaknesses
on AArch64. CVE-2023-4039.
$ pull-lp-source gcc-11 mantic 11.4.0-4ubuntu1
$ cd gcc-11-11.4.0/
$ debian/rules patch
$ patch -R -p1 -F0 --dry-run < /tmp/gcc-11/cve-2023-4039.diff
checking file src/gcc/config/aarch64/aarch64.c
checking file src/gcc/config/aarch64/aarch64.h
checking file
src/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
checking file
src/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
checking file src/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c
checking file src/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c
checking file
src/gcc/testsuite/gcc.target/aarch64/sve/pcs/stack_clash_3.c
$ echo $?
0
Changelog entry:
'd/p/cve-2023-4039.diff: Address stack protector and stack clash
protection weaknesses on AArch64. CVE-2023-4039. (LP: #2054343) Taken
from the gcc-11 branch.'
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2054343
Title:
CVE-2023-4039: ARM64 GCC
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-10/+bug/2054343/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
