diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-10-27 21:52:24 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-11-23 23:00:33 +0300 |
commit | 4c19ea120a3e7a73dc8470c86744bc95997f1c90 (patch) | |
tree | dd2f114bc0a3614b653d1afde08bec22ab646e7e /poky/meta/recipes-bsp | |
parent | 5f4b874fc7d6f8941582b97eb688c67dc21efffb (diff) | |
download | openbmc-4c19ea120a3e7a73dc8470c86744bc95997f1c90.tar.xz |
poky: subtree update:ad30a6d470..7231c10430
Akira Shibakawa (3):
License-Update: attr: Add a missing file to LIC_FILES_CHKSUM.
License-Update: kmod: Add a missing file to LIC_FILES_CHKSUM.
License-Update: gdk-pixbuf: Fix LICENSE.
Alejandro Hernandez Samaniego (1):
baremetal-helloworld: Fix install path since S doesnt have a trailing slash
Alexander Kanavin (4):
ncurses: only include upstream releases in version check
python3: fix upstream version check
boost-build-native: fix upstream version check
selftest/virgl: drop the custom 30 sec timeout
Alistair (1):
weston-init: Allow setting idle time to 0
Changqing Li (1):
toolchain-shar-extract.sh: don't print useless info
Charlie Davies (1):
bitbake: bitbake: fetch/git: use shlex.quote() to support spaces in SRC_URI url
Chen Qi (2):
watchdog: use /run instead of /var/run in systemd service file
cups: use /run instead /var/run in systemd's unit file
David Reyna (1):
bitbake: toaster: Enable Gatesgarth branch in place of Zeus
Douglas Royds (1):
externalsrc: No single-task lock if S != B
Joshua Watt (2):
ref-variables: Given example for naming sources
ref-manual: Document wic --offset option
Khairul Rohaizzat Jamaluddin (1):
imagefeatures: New test case, test_empty_image, added
Khem Raj (5):
autotools.bbclass: Order CONFIG_SHELL before CACHED_CONFIGUREVARS
boost: Fix build on 32-bit arches with 64bit time_t only
mesa: Fix build on 32bit arches supporting 64bit time_t only
packagegroup-core-tools-debug: Disable for rv32/glibc as well
packagegroup-core-tools-profile: Remove lttng-tools and perf for rv32/glibc
Konrad Weihmann (1):
lib/oe/rootfs: introduce IMAGE_LOG_CHECK_EXCLUDES
Lee Chee Yang (2):
libproxy: fix CVE-2020-25219
grub2: fix CVE-2020-10713
Martin Jansa (11):
tune-cortexa76ae.inc: Correct TUNE_FEATURES
arch-armv7a.inc: fix typo
arch-mips.inc: remove duplicated mips64el-o32 from PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
arch-arm64.inc: don't append _be to ARMPKGARCH for tune-aarch64_be
tune-mips64r6.inc: fix typo in mipsisa64r6-nf
tune-ep9312.inc: add t suffix for thumb to PACKAGE_EXTRA_ARCHS_tune-ep9312
tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
tune-supersparc.inc: remove
tune-thunderx.inc: don't append _be to ARMPKGARCH for tune-thunderx_be
siteinfo: Recognize 32bit PPC LE
siteinfo: Recognize bigendian sh3be and sh4be
Max Krummenacher (2):
linux-firmware: package marvel sdio 8997 firmware
linux-firmware: package nvidia firmware
Mingli Yu (1):
tcl: adapt to potential pseudo changes
Naoki Hayama (1):
dev/test/ref-manual: Fix typos
Neil Armstrong (1):
linux-firmware: add Amlogic VDEC firmware package
Nicolas Dechesne (4):
sdk-manual: use built-in footnotes
dev-manual/dev-manual-common-tasks: fix warning
sphinx: add 3.1.3 and 3.0.4 release in the switcher
dev-manual/dev-manual-common-tasks: fix typos and use extlinks
Paul Eggleton (2):
classes/buildhistory: record SRC_URI
classes/buildhistory: also save recipe info for native recipes
Quentin Schulz (17):
docs: poky.yaml: use HTTPS for links
docs: ref-manual: indentation, links and highlights fixes
docs: remove OE_INIT_FILE variable
docs: ref-manual: fix typos
docs: ref-manual: migration-2.3: specify 2.3 version instead of DISTRO
docs: ref-manual: ref-classes: remove dropped tinderclient class
docs: ref-manual: ref-system-requirements: update requirements to build Sphinx docs
docs: sphinx: yocto-vars: rebuild files when poky.yaml has changed
docs: poky.yaml: fix identation in host packages variables
docs: dev-manual-common-tasks: remove paragraph about race when missing DEPENDS
docs: dev-manual-common-tasks: update python webserver example to python3
docs: dev-manual: fix typos, highlights, indentation and links
docs: ref-manual: ref-terms: add links to terms in glossary
docs: bsp-guide: bsp: fix typos, highlights and links
docs: kernel-dev: fix typos, highlights and links
docs: kernel-dev-common: add .patch file extension to SRC_URI files
docs: kernel-dev-faq: update outdated RDEPENDS_kernel-base
Reyna, David (1):
bitbake: toaster: Update documentation links to new URLs
Richard Purdie (10):
layer.conf: Switch to gatesgarth only in preparation for release
bitbake: ui/toasterui: Fix startup faults from incorrect event sequencing
bitbake: bitbake: Bump version to 1.48.0 ready for the new release
oeqa: Add sync call to command execution
poky.conf: Bump version for 3.2 gatesgarth release
build-appliance-image: Update to master head revision
bitbake: tests/fetch: Update upstream master->main branchname transition
Revert "classes/buildhistory: also save recipe info for native recipes"
valgrind: Fix build on musl after drd fixes
build-appliance-image: Update to master head revision
Robert Yang (1):
weston: Fix PACKAGECONFIG for remoting
Roland Hieber (1):
devtool: make sure .git/info exists before writing to .git/info/excludes
Ross Burton (4):
waf: don't assume the waf intepretter is good
waf: add ${B} to do_configure[cleandirs]
scripts/install-buildtools: Update to 3.2 M3 buildtools
glib-2.0: fix parsing of slim encoded tzdata
Sourabh Banerjee (1):
layer.conf: fix sanity error for PATH variable in extensible SDK workflow
Stacy Gaikovaia (2):
valgrind: drd: fix pthread intercept test failures
bitbake: main: Handle cooker daemon startup error
Tim Orling (1):
bitbake: lib/bb/ui/knotty: fix typo in parseprogress
Victor Kamensky (3):
Revert "qemumips: use 34Kf-64tlb CPU emulation"
Revert "qemu: add 34Kf-64tlb fictitious cpu type"
qemu: change TLBs number to 64 in 34Kf mips cpu model
Yi Zhao (1):
dhcpcd: add PACKAGECONFIG for ntp/chrony/ypbind hooks
Zang Ruochen (1):
harfbuzz: Refresh patch
akuster (2):
busybox: add rev and pgrep
kea: add init scripts
leimaohui (1):
docs: Updated the status of spdx module.
zangrc (1):
classes: Fixed the problem of undefined variables when compiling meta-toolchain.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic45bc219b94960751896a0ae3d4923a9f5849e70
Diffstat (limited to 'poky/meta/recipes-bsp')
-rw-r--r-- | poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch | 73 | ||||
-rw-r--r-- | poky/meta/recipes-bsp/grub/grub2.inc | 1 |
2 files changed, 74 insertions, 0 deletions
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch b/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch new file mode 100644 index 000000000..c507ed3ea --- /dev/null +++ b/poky/meta/recipes-bsp/grub/files/CVE-2020-10713.patch @@ -0,0 +1,73 @@ +From a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e Mon Sep 17 00:00:00 2001 +From: Peter Jones <pjones@redhat.com> +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones <pjones@redhat.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e] +CVE: CVE-2020-10713 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37b7..b7203c823 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ +-- +cgit v1.2.1 + diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc index 628ca6492..345554e7a 100644 --- a/poky/meta/recipes-bsp/grub/grub2.inc +++ b/poky/meta/recipes-bsp/grub/grub2.inc @@ -18,6 +18,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://autogen.sh-exclude-pc.patch \ file://grub-module-explicitly-keeps-symbole-.module_license.patch \ file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \ + file://CVE-2020-10713.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" |