Patches for gcc-9:
$ git config --add remote.origin.fetch
'+refs/vendors/ARM/heads/CVE-2023-4039/gcc-9:refs/remotes/origin/ARM_CVE-2023-4039_gcc-9'
$ git fetch
$ git log --oneline origin/ARM_CVE-2023-4039_gcc-9 | head -n11
bf3eeaa0182a aarch64: Make stack smash canary protect saved registers
f2684e63652b aarch64: Simplify probe of final frame allocation
12517baf6c88 aarch64: Put LR save probe in first 16 bytes
4dd8925d95d3 aarch64: Tweak stack clash boundary condition
cfed3b87e935 Backport check-function-bodies support
eb2271eb6bb6 aarch64: Tweak frame_size comment
16016465ff28 aarch64: Rename hard_fp_offset to bytes_above_hard_fp
4604c4cd0a6c aarch64: Rename locals_offset to bytes_above_locals
347487fffa02 aarch64: Add bytes_below_hard_fp to frame info
78ebdb7b12d5 aarch64: Explicitly handle frames with no saved registers
7a15b5060a83 Update ChangeLog and version files for release
Gitweb:
https://gcc.gnu.org/git/?p=gcc.git;a=shortlog;h=bf3eeaa0182a92987570d9c787bd45079eebf528&hp=7a15b5060a83ea8282323d92043c6152e6a3e22d
Generated a single .patch file just like src:gcc-9's d/p/git-
updates.diff
LANG=C git diff --no-renames --src-prefix=a/src/ --dst-prefix=b/src/ \
78ebdb7b12d5e258b9811bab715734454268fd0c^
bf3eeaa0182a92987570d9c787bd45079eebf528 \
| awk '/^diff .*\.texi/ {skip=1; next} /^diff / { skip=0 }
skip==0' \
| grep -v -E '^(diff|index)' \
> cve-2023-4039.diff
For verification purposes, this patch can be cleanly reverted
from the gcc-9 package that introduced its changes in Noble:
gcc-9 (9.5.0-6) unstable; urgency=medium
* Address stack protector and stack clash protection weaknesses
on AArch64. CVE-2023-4039.
$ pull-lp-source gcc-9 noble 9.5.0-6ubuntu1
$ cd gcc-9-9.5.0/
$ debian/rules patch
$ patch -R -p1 -F0 --dry-run < /tmp/gcc-9/cve-2023-4039.diff
checking file src/gcc/config/aarch64/aarch64.c
checking file src/gcc/config/aarch64/aarch64.h
checking file
src/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-17.c
checking file
src/gcc/testsuite/gcc.target/aarch64/stack-check-prologue-18.c
checking file src/gcc/testsuite/gcc.target/aarch64/stack-protector-8.c
checking file src/gcc/testsuite/gcc.target/aarch64/stack-protector-9.c
checking file src/gcc/testsuite/lib/scanasm.exp
$ echo $?
0
Changelog entry:
'd/p/cve-2023-4039.diff: Address stack protector and stack clash
protection weaknesses on AArch64. CVE-2023-4039. (LP: #2054343) Taken
from the vendors/ARM/heads/CVE-2023-4039/gcc-9 branch.'
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2054343
Title:
CVE-2023-4039: ARM64 GCC
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-10/+bug/2054343/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
