From 40caebeb7544992cc09aa7a2885ae92437926486 Mon Sep 17 00:00:00 2001 From: Adrian Stratulat Date: Wed, 4 Sep 2019 08:17:39 +0300 Subject: glibc: remove patch for CVE-2018-11237 CVE-2018-11237 affects glibc 2.27, while the 'warrior' branch uses glibc 2.29. This patch is not applicable anymore. References: https://nvd.nist.gov/vuln/detail/CVE-2018-11237 https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-core/glibc?h=warrior Change-Id: I2b01931064a7828264de1a72c1044109e9030e87 --- recipes-core/glibc/glibc/CVE-2018-11237.patch | 74 --------------------------- recipes-core/glibc/glibc_2.27.bbappend | 6 --- 2 files changed, 80 deletions(-) delete mode 100644 recipes-core/glibc/glibc/CVE-2018-11237.patch delete mode 100644 recipes-core/glibc/glibc_2.27.bbappend diff --git a/recipes-core/glibc/glibc/CVE-2018-11237.patch b/recipes-core/glibc/glibc/CVE-2018-11237.patch deleted file mode 100644 index 41bd002..0000000 --- a/recipes-core/glibc/glibc/CVE-2018-11237.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Tue, 22 May 2018 10:37:59 +0200 -Subject: [PATCH] Don't write beyond destination in - __mempcpy_avx512_no_vzeroupper (bug 23196) - -When compiled as mempcpy, the return value is the end of the destination -buffer, thus it cannot be used to refer to the start of it. - -CVE: CVE-2018-11237 -Upstream-Status: Backport - -Signed-off-by: Adrian Mangeac ---- - ChangeLog | 9 +++++++++ - string/test-mempcpy.c | 1 + - sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S | 5 +++-- - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 252b099..8032adf 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,12 @@ -+2018-05-23 Andreas Schwab -+ -+ [BZ #23196] -+ CVE-2018-11237 -+ * sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -+ (L(preloop_large)): Save initial destination pointer in %r11 and -+ use it instead of %rax after the loop. -+ * string/test-mempcpy.c (MIN_PAGE_SIZE): Define. -+ - 2018-05-09 Paul Pluzhnikov - - [BZ #22786] -diff --git a/string/test-mempcpy.c b/string/test-mempcpy.c -index c08fba8..d98ecdd 100644 ---- a/string/test-mempcpy.c -+++ b/string/test-mempcpy.c -@@ -18,6 +18,7 @@ - . */ - - #define MEMCPY_RESULT(dst, len) (dst) + (len) -+#define MIN_PAGE_SIZE 131072 - #define TEST_MAIN - #define TEST_NAME "mempcpy" - #include "test-string.h" -diff --git a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -index 23c0f7a..effc3ac 100644 ---- a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -+++ b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S -@@ -336,6 +336,7 @@ L(preloop_large): - vmovups (%rsi), %zmm4 - vmovups 0x40(%rsi), %zmm5 - -+ mov %rdi, %r11 - /* Align destination for access with non-temporal stores in the loop. */ - mov %rdi, %r8 - and $-0x80, %rdi -@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop): - cmp $256, %rdx - ja L(gobble_256bytes_nt_loop) - sfence -- vmovups %zmm4, (%rax) -- vmovups %zmm5, 0x40(%rax) -+ vmovups %zmm4, (%r11) -+ vmovups %zmm5, 0x40(%r11) - jmp L(check) - - L(preloop_large_bkw): --- -2.9.3 - diff --git a/recipes-core/glibc/glibc_2.27.bbappend b/recipes-core/glibc/glibc_2.27.bbappend deleted file mode 100644 index 1ab2d4a..0000000 --- a/recipes-core/glibc/glibc_2.27.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# look for files in the layer first -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += " \ - file://CVE-2018-11237.patch \ - " -- cgit v1.2.3-54-g00ecf