From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Sun, 16 Dec 2018 17:11:34 -0800 Subject: reset upstream subtrees to yocto 2.6 Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop --- .../u-boot/files/CVE-2018-1000205-1.patch | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch (limited to 'poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch') diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch new file mode 100644 index 000000000..fed3c3dcb --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/files/CVE-2018-1000205-1.patch @@ -0,0 +1,59 @@ +From 7346c1e192d63cd35f99c7e845e53c5d4d0bdc24 Mon Sep 17 00:00:00 2001 +From: Teddy Reed +Date: Sat, 9 Jun 2018 11:45:20 -0400 +Subject: [PATCH] vboot: Do not use hashed-strings offset + +The hashed-strings signature property includes two uint32_t values. +The first is unneeded as there should never be a start offset into the +strings region. The second, the size, is needed because the added +signature node appends to this region. + +See tools/image-host.c, where a static 0 value is used for the offset. + +Signed-off-by: Teddy Reed +Reviewed-by: Simon Glass + +Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit; + h=7346c1e192d63cd35f99c7e845e53c5d4d0bdc24] + +CVE: CVE-2018-1000205 + +Signed-off-by: Changqing Li +--- + common/image-sig.c | 7 +++++-- + tools/image-host.c | 1 + + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index 8d2fd10..5a269d3 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -377,8 +377,11 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode, + /* Add the strings */ + strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); + if (strings) { +- fdt_regions[count].offset = fdt_off_dt_strings(fit) + +- fdt32_to_cpu(strings[0]); ++ /* ++ * The strings region offset must be a static 0x0. ++ * This is set in tool/image-host.c ++ */ ++ fdt_regions[count].offset = fdt_off_dt_strings(fit); + fdt_regions[count].size = fdt32_to_cpu(strings[1]); + count++; + } +diff --git a/tools/image-host.c b/tools/image-host.c +index 8e43671..be2d59b 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -135,6 +135,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, + + ret = fdt_setprop(fit, noffset, "hashed-nodes", + region_prop, region_proplen); ++ /* This is a legacy offset, it is unused, and must remain 0. */ + strdata[0] = 0; + strdata[1] = cpu_to_fdt32(string_size); + if (!ret) { +-- +2.7.4 + -- cgit v1.2.3