From ac69b488c6ecf0e6df8321218006f23211c45e46 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Wed, 2 Jun 2021 12:28:27 -0700 Subject: poky: subtree update:2dcd1f2a21..9d1b332292 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alejandro Hernandez Samaniego (2): baremetal-helloworld: Enable RISC-V 64 port baremetal-image: Fix post process command rootfs_update_timestamp Alexander Kanavin (94): python3: add markdown/smartypants/typogrify modules gi-docgen: add a recipe and class gdk-pixbuf/pango: replace gtk-doc with gi-docgen vala: upgrade 0.50.4 -> 0.52.2 xkbcomp: upgrade 1.4.4 -> 1.4.5 stress-ng: upgrade 0.12.05 -> 0.12.06 xserver-xorg: upgrade 1.20.10 -> 1.20.11 xorgproto: upgrade 2020.1 -> 2021.3 dpkg: update 1.20.7.1 -> 1.20.9 puzzles: update to latest revision cmake: update 3.19.5 -> 3.20.1 meson: update 0.57.1 -> 0.57.2 systemd: backport a patch to avoid unnecessary rsync dependency with latest meson pulseaudio: unbreak build with latest meson libdnf: upgrade 0.58.0 -> 0.62.0 bluez5: upgrade 5.56 -> 5.58 libxkbcommon: update 1.0.3 -> 1.2.1 libgudev: update 234 -> 236 vulkan-samples: update to latest revision gnupg: upgrade 2.2.27 -> 2.3.1 virglrenderer: update 0.8.2 -> 0.9.1 webkitgtk: update 2.30.6 -> 2.32.0 acl: upgrade 2.2.53 -> 2.3.1 bind: upgrade 9.16.12 -> 9.16.13 bison: upgrade 3.7.5 -> 3.7.6 createrepo-c: upgrade 0.17.0 -> 0.17.2 cronie: upgrade 1.5.5 -> 1.5.7 dnf: upgrade 4.6.0 -> 4.7.0 e2fsprogs: upgrade 1.46.1 -> 1.46.2 gnu-efi: upgrade 3.0.12 -> 3.0.13 systemd-boot: backport a fix to address failures with new gnu-efi gobject-introspection: upgrade 1.66.1 -> 1.68.0 gtk+3: upgrade 3.24.25 -> 3.24.28 harfbuzz: upgrade 2.7.4 -> 2.8.0 less: upgrade 563 -> 581 libfm: upgrade 1.3.1 -> 1.3.2 libinput: upgrade 1.16.4 -> 1.17.1 libwpe: upgrade 1.8.0 -> 1.10.0 libxres: upgrade 1.2.0 -> 1.2.1 linux-firmware: upgrade 20210208 -> 20210315 pango: upgrade 1.48.2 -> 1.48.4 piglit: upgrade to latest revision pkgconf: upgrade 1.7.3 -> 1.7.4 python3-hypothesis: upgrade 6.2.0 -> 6.9.1 python3-importlib-metadata: upgrade 3.4.0 -> 3.10.1 python3-pytest: upgrade 6.2.2 -> 6.2.3 python3-setuptools-scm: upgrade 5.0.1 -> 6.0.1 x264: upgrade to latest revision ptest: add a test for orphaned ptests, and restore ones found by it swig: fix upstream version check liberation-fonts: fix upstream version check Revert "go: Use dl.google.com for SRC_URI" powertop: update 2.13 -> 2.14 mesa: add lmsensors PACKAGECONFIG ffmpeg: update 4.3.2 -> 4.4 qemu: use 4 cores in qemu guests avahi: disable gtk bits gdk-pixbuf: rewrite the cross-build support for tests gnome: drop upstream even condition from a few recipes expat: upgrade 2.2.10 -> 2.3.0 meson.bbclass: split python routines into a separate class gstreamer1.0-plugins-base: backport a patch to fix meson 0.58 builds meson: update 0.57.2 -> 0.58.0 qemu: backport a patch to fix meson 0.58 builds nativesdk-meson: correctly set cpu_family bitbake: fetch2/wget: when checking latest versions, consider all numerical directories mklibs: remove recipes and class local.conf: Drop support for mklibs u-boot: upgrade 2021.01 -> 2021.04 gdk-pixbuf: update a patch status systemd: update 247.6 -> 248.3 systemd-conf: do not version in lockstep with systemd gnu-config: update to latest revision mmc-utils: update to latest revision python3-smartypants: fix upstream version check at: upgrade 3.2.1 -> 3.2.2 gnomebase: trim the SRC_URI directory from the back gsettings-desktop-schemas: upgrade 3.38.0 -> 40.0 igt-gpu-tools: upgrade 1.25 -> 1.26 mesa: update 21.0.3 -> 21.1.1 vulkan-samples: update to latest revision libgpg-error: update 1.41 -> 1.42 webkitgtk: update 2.32.0 -> 2.32.1 glib-2.0: update 2.68.1 -> 2.68.2 apt: upgrade 2.2.2 -> 2.2.3 cmake: update 3.20.1 -> 3.20.2 libdnf: update 0.62.0 -> 0.63.0 harfbuzz: update 2.8.0 -> 2.8.1 curl: update 7.76.0 -> 7.76.1 systemtap: update 4.4 -> 4.5 wayland: package target binaries into -tools, not into -dev ptest: add newly discovered missing runtime dependencies across recipes images: remove sato/weston ptest images images: add ptest images based on core-image-minimal Andreas Müller (1): gstreamer1.0-plugins-good: fix build with gcc11 Andrej Valek (1): expat: upgrade 2.3.0 -> 2.4.1 Anuj Mittal (1): lsb-release: fix reproducibility failure Armin Kuster (5): bitbake: hashserv/server.py: drop unused imports bitbake: hashserver/client.py: drop unused imports poky.yaml: fedora33: add missing pkgs systemctl: Stop tracebacks use formated error messages package_manager/rpm: decode systemctl failures Bastian Krause (1): ccache: version bump 4.2.1 -> 4.3 Bruce Ashfield (18): linux-yocto/5.4: qemuppc32: reduce serial shutdown issues kern-tools: Kconfiglib: add support for bare 'modules' keyword lttng-modules: update devupstream to v2.13-rc lttng-modules: update to v2.12.6 kernel-yocto: provide debug / summary information for metadata linux-yocto/5.10: update to v5.10.35 linux-yocto/5.4: update to v5.4.117 linux-yocto/5.10: ktypes/standard: disable obsolete crypto options by default linux-yocto/5.10: update to v5.10.36 linux-yocto/5.4: update to v5.4.118 linux-yocto/5.10: update to v5.10.37 linux-yocto/5.4: update to v5.4.119 kernel-devsrc: adjust NM and OBJTOOL variables for target linux-yocto/5.10: update to v5.10.38 linux-yocto-dev: bump to v5.13+ linux-yocto/5.4: update to v5.4.120 linux-yocto/5.10: update to v5.10.41 linux-yocto/5.4: update to v5.4.123 Carlos Rafael Giani (1): ffmpeg: Add libopus packageconfig Changqing Li (2): unfs3: correct configure option pkgconfig: update SRC_URI Chen Qi (3): db: update CVE_PRODUCT rt-tests: update SRCREV xxhash: backport patch to fix special char problem Daniel McGregor (3): lib/oe/gpg_sign.py: Fix gpg verification sstate: Ignore sstate signing key bison: Make libtextstyle and libreadline optional Daniel Wagenknecht (1): kernel-dev: document KCONFIG_MODE Douglas Royds (3): Revert "icecc: Don't use icecc when INHIBIT_DEFAULT_DEPS is set" icecc: Demote "could not get ICECC_CC" warning to note icecc-create-env: Silence warning: invalid ICECC_ENV_EXEC Drew Moseley (1): manuals: fix a few incorrect option specifications. Guillaume Champagne (1): image-live.bbclass: order do_bootimg after do_rootfs Joshua Watt (1): zstd: Add patch to fix MinGW builds Kai Kang (1): grub2.inc: remove '-O2' from CFLAGS Khem Raj (17): swig: Upgrade to 4.0.2 python3-markdown: Upgrade to 3.3.4 ffmpeg: Fix build on mips npth: Check for pthread_create for including lpthread gcc: Add target gcc include search for musl config too gcc: Extend .gccrelocprefix section support to musl configs gcc: Refresh patch to fix patch fuzz musl: Fix __NR_fstatat syscall name for riscv libxfixes: Update to 6.0.0 release xorgproto: Upgrade to 2021.4 release glibc: Update to latest 2.33 branch systemd: Fix 248.3 on musl glibc: Enable memory tagging for aarch64 gcc: Update to latest on release/gcc-11 branch apt: Add missing header ovmf: Fix VLA warnings with GCC 11 libucontext: Switch to meson build system Martin Jansa (4): gcc-sanitizers: Package up static hwasan files as well webkitgtk: fix build without opengl in DISTRO_FEATURES binutils: backport DWARF-5 support for gold sstatesig.py: make it fatal error when sstate manifest isn't found Michael Halstead (3): releases: update to include 3.2.4 uninative: Upgrade to 3.2 (gcc11 support) releases: update to include 3.3.1 Michael Opdenacker (8): manuals: reduce verbosity with "worry about" expression manuals: reduce verbosity related to "the following" expression ref-manual: simplify style kernel-dev manual: simplify style dev-manual: simplify style sdk-manual: simplify style and fix formating overview-manual: simplify style and add missings references manuals: simplify style Mike Crowe (2): npm.bbclass: Allow nodedir to be overridden by NPM_NODEDIR libnotify: Make gtk+3 dependency optional Ming Liu (4): kernel-fitimage.bbclass: fix a wrong conditional check initramfs-framework:rootfs: fix wrong indentions kernel-fitimage.bbclass: drop unit addresses from bootscr sections uboot-sign/kernel-fitimage: split generate_rsa_keys task Nikolay Papenkov (1): flex: correct license information Nisha Parrakat (1): squashfs-tools: package squashfs-fs.h Peter Kjellerstedt (3): libcap: Configure Make variables correctly without a horrible hack util-linux.inc: Do not modify BPN native.bbclass: Do not remove "-native" in the middle of recipe names Petr Vorel (1): ltp: Update to 20210524 Richard Purdie (92): oeqa/qemurunner: Fix binary vs str issue oeqa/qemurunner: Improve handling of run_serial for shutdown commands ptest-packagelists: Add expat-ptest to fast ptests puzzles: Upstream changed to main branch for development grub2: Add CVE whitelist entries for issues fixed in 2.06 glibc: Document and whitelist CVE-2019-1010022-25 qemu: Exclude CVE-2017-5957 from cve-check qemu: Exclude CVE-2007-0998 from cve-check qemu: Exclude CVE-2018-18438 from cve-check jquery: Exclude CVE-2007-2379 from cve-check logrotate: Exclude CVE-2011-1548,1549,1550 from cve-check openssh: Exclude CVE-2007-2768 from cve-check ovmf: Improve reproducibility by enabling prefix mapping bind: Exclude CVE-2019-6470 from cve-check openssh: Exclude CVE-2008-3844 from cve-check unzip: Exclude CVE-2008-0888 from cve-check cpio: Exclude CVE-2010-4226 from cve-check xinetd: Exclude CVE-2013-4342 from cve-check ghostscript: Exclude CVE-2013-6629 from cve-check bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-check tiff: Exclude CVE-2015-7313 from cve-check ovmf: Disable lto to aid reproducibility ovmf: Fix other reproducibility issues rpm: Exclude CVE-2021-20271 from cve-check coreutils: Exclude CVE-2016-2781 from cve-check librsvg: Exclude CVE-2018-1000041 from cve-check avahi: Exclude CVE-2021-26720 from cve-check qemu: Set SMP to 4 cpus for arm/x86 only qemuboot-x86: Switch to IvyBridge and q35 instead of pc qemu-x86: Add commandline options to improve boot sstate: Handle manifest 'corruption' issue lttng-ust: Upgrade 2.12.1 -> 2.12.2 qemu: Upgrade 5.2.0 -> 6.0.0 python3-markupsafe: Upgrade 1.1.1 -> 2.0.0 python3-jinja2: Upgrade 2.11.3 -> 3.0.0 ofono: upgrade 1.31 -> 1.32 libnss-mdns: upgrade 0.14.1 -> 0.15 python3-git: upgrade 3.1.14 -> 3.1.17 bind: upgrade 9.16.13 -> 9.16.15 vala: upgrade 0.52.2 -> 0.52.3 libjpeg-turbo: upgrade 2.0.6 -> 2.1.0 btrfs-tools: upgrade 5.12 -> 5.12.1 python3-hypothesis: upgrade 6.9.1 -> 6.12.0 python3-numpy: upgrade 1.20.2 -> 1.20.3 gtk+3: upgrade 3.24.28 -> 3.24.29 sudo: upgrade 1.9.6p1 -> 1.9.7 stress-ng: upgrade 0.12.06 -> 0.12.08 less: upgrade 581 -> 586 libtirpc: upgrade 1.3.1 -> 1.3.2 libinput: upgrade 1.17.1 -> 1.17.2 zstd: upgrade 1.4.9 -> 1.5.0 hdparm: upgrade 9.61 -> 9.62 libxkbcommon: upgrade 1.2.1 -> 1.3.0 spirv-tools: upgrade 2020.7 -> 2021.1 diffoscope: upgrade 172 -> 175 mpg123: upgrade 1.26.5 -> 1.27.2 sqlite3: upgrade 3.35.3 -> 3.35.5 wayland-protocols: upgrade 1.20 -> 1.21 shaderc: upgrade 2020.5 -> 2021.0 wpebackend-fdo: upgrade 1.8.3 -> 1.8.4 libxcrypt-compat: upgrade 4.4.19 -> 4.4.20 Revert "cml1.bbclass: Return sorted list of cfg files" bitbake: server/process: Handle error in heartbeat funciton in OOM case glibc: Add 8GB VM usage cap for usermode test suite cve-extra-exclusions.inc: add exclusion list for intractable CVE's rpm: Drop CVE exclusion as database fixed to handle cve-extra-exclusions: Fix typos grub: Exclude CVE-2019-14865 from cve-check cve-extra-exclusions.inc: Clean up merged CPE updates ltp: Disable problematic tests causing autobuilder hangs python3-setuptools: upgrade 56.0.0 -> 56.2.0 distro/maintainers: Fix up the ptest image entries oeqa/runtime/rpm: Drop log message counting test component linux-firmware: upgrade 20210315 -> 20210511 libxcrypt: Upgrade 4.4.20 -> 4.4.22 iproute2: upgrade 5.11.0 -> 5.12.0 libx11: upgrade 1.7.0 -> 1.7.1 python3-hypothesis: upgrade 6.12.0 -> 6.13.7 pango: upgrade 1.48.4 -> 1.48.5 python3-importlib-metadata: upgrade 4.0.1 -> 4.3.0 libmodulemd: upgrade 2.12.0 -> 2.12.1 vte: upgrade 0.64.0 -> 0.64.1 libinput: upgrade 1.17.2 -> 1.17.3 gi-docgen: upgrade 2021.5 -> 2021.6 kmod: upgrade 28 -> 29 xorgproto: upgrade 2021.4 -> 2021.4.99.1 libpcre2: upgrade 10.36 -> 10.37 libepoxy: upgrade 1.5.5 -> 1.5.8 python3-jinja2: upgrade 3.0.0 -> 3.0.1 curl: upgrade 7.76.1 -> 7.77.0 python3-setuptools: upgrade 56.2.0 -> 57.0.0 oeqa/qemurunner: Improve timeout handling Richard Weinberger (1): Add support for erofs filesystems Robert Joslyn (3): liberation-fonts: Update to 2.1.4 epiphany: Update to 40.1 btrfs-tools: Update to 5.12 Robert P. J. Day (8): sdk-manual: couple minor fixes in using.rst sdk-manual: various cleanups to intro.rst ref-manual: delete references to dead LSB compliance ref-manual: delete extraneous back quote image.bbclass: fix comment "pacackages" -> "packages" meta/lib/oe/rootfs.py: Fix typo "Restoreing" -> "Restoring" bitbake.conf: alphabetize contents of ASSUME_PROVIDED ref-manual: add links to some variables in glossary Romain Naour (1): dejagnu: needs expect at runtime Ross Burton (12): cairo: backport patch for CVE-2020-35492 libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings) builder: whitelist CVE-2008-4178 (a different builder) libarchive: disable redundant libxml2 PACKAGECONFIG meson: update patch status cups: whitelist CVE-2021-25317 libsolv: add missing db dependency rpm: turn Berkeley DB hard dependency into PACKAGECONFIG python3: update status on upstreamed patch ref-manual: Ubuntu 20.04 is also LTS package_rpm: pass XZ_THREADS to rpm gcc: revert libstc++-gdb.py installation changes Samuli Piippo (3): gcc-cross-canadian: add symlinks for ld.bfd and ld.gold libarchive: enable zstd support cmake-native: enabled zstd support Stefan Ghinea (1): boost: fix do_fetch failure Steve Sakoman (1): expat: set CVE_PRODUCT Tony Tascioglu (3): libxml2: Reformat runtest.patch libxml2: Add bash dependency for ptests. libxml2: Update to 2.9.12 Trevor Gamblin (2): python3: upgrade 3.9.4 -> 3.9.5 bind: upgrade 9.16.15 -> 9.16.16 Ulrich Ölmann (1): local.conf.sample: fix typo Vinícius Ossanes Aquino (1): lttng-modules: backport patches to fix build against 5.12+ kernel Yann Dirson (1): linux-firmware: include all relevant files in -bcm4356 hongxu (1): gdk-pixbuf: fix nativesdk do_configure failed wangmy (21): python3-pygments: upgrade 2.8.1 -> 2.9.0 at-spi2-core: upgrade 2.40.0 -> 2.40.1 ell: upgrade 0.39 -> 0.40 kexec-tools: upgrade 2.0.21 -> 2.0.22 go: upgrade 1.16.3 -> 1.16.4 python3-attrs: upgrade 20.3.0 -> 21.2.0 python3-six: upgrade 1.15.0 -> 1.16.0 vulkan-samples: update to latest revision vulkan-headers: upgrade 1.2.170.0 -> 1.2.176.0 vulkan-tools: upgrade 1.2.170.0 -> 1.2.176.0 vulkan-loader: upgrade 1.2.170.0 -> 1.2.176.0 distcc: upgrade 3.3.5 -> 3.4 libdrm: upgrade 2.4.105 -> 2.4.106 libidn2: upgrade 2.3.0 -> 2.3.1 libtasn1: upgrade 4.16.0 -> 4.17.0 python3-libarchive-c: upgrade 2.9 -> 3.0 python3-markupsafe: upgrade 2.0.0 -> 2.0.1 python3-more-itertools: upgrade 8.7.0 -> 8.8.0 python3-pytest: upgrade 6.2.3 -> 6.2.4 logrotate: upgrade 3.18.0 -> 3.18.1 stress-ng: upgrade 0.12.08 -> 0.12.09 zhengruoqin (10): busybox: upgrade 1.33.0 -> 1.33.1 rng-tools: upgrade 6.11 -> 6.12 rpcbind: upgrade 1.2.5 -> 1.2.6 sysklogd: upgrade 2.2.2 -> 2.2.3 python3-importlib-metadata: upgrade 3.10.1 -> 4.0.1 python3-sortedcontainers: upgrade 2.3.0 -> 2.4.0 rxvt-unicode: upgrade 9.22 -> 9.26 libedit: upgrade 20210419-3.1 -> 20210522-3.1 libtest-needs-perl: upgrade 0.002006 -> 0.002009 libucontext: upgrade 0.10 -> 1.1 Change-Id: I5e5148036ac2a7918974733e5751c3392139b17e Signed-off-by: William A. Kennington III --- .../u-boot/files/0001-add-valid-fdt-check.patch | 36 -- .../u-boot/files/CVE-2021-27097-1.patch | 71 ---- .../u-boot/files/CVE-2021-27097-2.patch | 419 --------------------- .../u-boot/files/CVE-2021-27097-3.patch | 105 ------ .../u-boot/files/CVE-2021-27097-4.patch | 73 ---- .../u-boot/files/CVE-2021-27138-1.patch | 245 ------------ .../u-boot/files/CVE-2021-27138-2.patch | 109 ------ poky/meta/recipes-bsp/u-boot/u-boot-common.inc | 9 +- .../recipes-bsp/u-boot/u-boot-tools_2021.01.bb | 3 - .../recipes-bsp/u-boot/u-boot-tools_2021.04.bb | 3 + poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb | 6 - poky/meta/recipes-bsp/u-boot/u-boot_2021.04.bb | 6 + 12 files changed, 10 insertions(+), 1075 deletions(-) delete mode 100644 poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch delete mode 100644 poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.01.bb create mode 100644 poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.04.bb delete mode 100644 poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb create mode 100644 poky/meta/recipes-bsp/u-boot/u-boot_2021.04.bb (limited to 'poky/meta/recipes-bsp/u-boot') diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch b/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch deleted file mode 100644 index d4ac9e2ed..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/0001-add-valid-fdt-check.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ea1a9ec5f430359720d9a0621ed1acfbba6a142a Mon Sep 17 00:00:00 2001 -From: Heinrich Schuchardt -Date: Wed, 13 Jan 2021 02:09:12 +0100 -Subject: [PATCH] image-fit: fit_check_format check for valid FDT - -fit_check_format() must check that the buffer contains a flattened device -tree before calling any device tree library functions. - -Failure to do may cause segmentation faults. - -Signed-off-by: Heinrich Schuchardt - -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/ea1a9ec5f430359720d9a0621ed1acfbba6a142a] -Signed-off-by: Scott Murray - ---- - common/image-fit.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/common/image-fit.c b/common/image-fit.c -index 6a8787ca0a..21c44bdf69 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -1553,6 +1553,12 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) - */ - int fit_check_format(const void *fit) - { -+ /* A FIT image must be a valid FDT */ -+ if (fdt_check_header(fit)) { -+ debug("Wrong FIT format: not a flattened device tree\n"); -+ return 0; -+ } -+ - /* mandatory / node 'description' property */ - if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { - debug("Wrong FIT format: no description\n"); diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch deleted file mode 100644 index 98ec2c709..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 8a7d4cf9820ea16fabd25a6379351b4dc291204b Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:05 -0700 -Subject: [PATCH] fdt_region: Check for a single root node of the correct name - -At present fdt_find_regions() assumes that the FIT is a valid devicetree. -If the FIT has two root nodes this is currently not detected in this -function, nor does libfdt's fdt_check_full() notice. Also it is possible -for the root node to have a name even though it should not. - -Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is -detected. - -CVE-2021-27097 - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27097 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b] -Signed-off-by: Scott Murray - ---- - common/fdt_region.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/common/fdt_region.c b/common/fdt_region.c -index ff12c518e9..e4ef0ca770 100644 ---- a/common/fdt_region.c -+++ b/common/fdt_region.c -@@ -43,6 +43,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - int depth = -1; - int want = 0; - int base = fdt_off_dt_struct(fdt); -+ bool expect_end = false; - - end = path; - *end = '\0'; -@@ -59,6 +60,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - tag = fdt_next_tag(fdt, offset, &nextoffset); - stop_at = nextoffset; - -+ /* If we see two root nodes, something is wrong */ -+ if (expect_end && tag != FDT_END) -+ return -FDT_ERR_BADLAYOUT; -+ - switch (tag) { - case FDT_PROP: - include = want >= 2; -@@ -81,6 +86,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - if (depth == FDT_MAX_DEPTH) - return -FDT_ERR_BADSTRUCTURE; - name = fdt_get_name(fdt, offset, &len); -+ -+ /* The root node must have an empty name */ -+ if (!depth && *name) -+ return -FDT_ERR_BADLAYOUT; - if (end - path + 2 + len >= path_len) - return -FDT_ERR_NOSPACE; - if (end != path + 1) -@@ -108,6 +117,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - while (end > path && *--end != '/') - ; - *end = '\0'; -+ if (depth == -1) -+ expect_end = true; - break; - - case FDT_END: diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch deleted file mode 100644 index b13c44e78..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-2.patch +++ /dev/null @@ -1,419 +0,0 @@ -From c5819701a3de61e2ba2ef7ad0b616565b32305e5 Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:09 -0700 -Subject: [PATCH] image: Adjust the workings of fit_check_format() - -At present this function does not accept a size for the FIT. This means -that it must be read from the FIT itself, introducing potential security -risk. Update the function to include a size parameter, which can be -invalid, in which case fit_check_format() calculates it. - -For now no callers pass the size, but this can be updated later. - -Also adjust the return value to an error code so that all the different -types of problems can be distinguished by the user. - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27097 CVE-2021-27138 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/c5819701a3de61e2ba2ef7ad0b616565b32305e5] -Signed-off-by: Scott Murray - ---- - arch/arm/cpu/armv8/sec_firmware.c | 2 +- - cmd/bootm.c | 6 ++--- - cmd/disk.c | 2 +- - cmd/fpga.c | 2 +- - cmd/nand.c | 2 +- - cmd/source.c | 2 +- - cmd/ximg.c | 2 +- - common/image-fdt.c | 2 +- - common/image-fit.c | 46 +++++++++++++++++--------------------- - common/splash_source.c | 6 ++--- - common/update.c | 4 ++-- - drivers/fpga/socfpga_arria10.c | 6 ++--- - drivers/net/fsl-mc/mc.c | 2 +- - drivers/net/pfe_eth/pfe_firmware.c | 2 +- - include/image.h | 21 ++++++++++++++++- - tools/fit_common.c | 3 ++- - tools/fit_image.c | 2 +- - tools/mkimage.h | 2 ++ - 18 files changed, 65 insertions(+), 49 deletions(-) - -diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c -index bfc0fac3ef..0561f5efd1 100644 ---- a/arch/arm/cpu/armv8/sec_firmware.c -+++ b/arch/arm/cpu/armv8/sec_firmware.c -@@ -316,7 +316,7 @@ __weak bool sec_firmware_is_valid(const void *sec_firmware_img) - return false; - } - -- if (!fit_check_format(sec_firmware_img)) { -+ if (fit_check_format(sec_firmware_img, IMAGE_SIZE_INVAL)) { - printf("SEC Firmware: Bad firmware image (bad FIT header)\n"); - return false; - } -diff --git a/cmd/bootm.c b/cmd/bootm.c -index e6b0e04413..a0f823f968 100644 ---- a/cmd/bootm.c -+++ b/cmd/bootm.c -@@ -291,7 +291,7 @@ static int image_info(ulong addr) - case IMAGE_FORMAT_FIT: - puts(" FIT image found\n"); - -- if (!fit_check_format(hdr)) { -+ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { - puts("Bad FIT image format!\n"); - unmap_sysmem(hdr); - return 1; -@@ -368,7 +368,7 @@ static int do_imls_nor(void) - #endif - #if defined(CONFIG_FIT) - case IMAGE_FORMAT_FIT: -- if (!fit_check_format(hdr)) -+ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) - goto next_sector; - - printf("FIT Image at %08lX:\n", (ulong)hdr); -@@ -448,7 +448,7 @@ static int nand_imls_fitimage(struct mtd_info *mtd, int nand_dev, loff_t off, - return ret; - } - -- if (!fit_check_format(imgdata)) { -+ if (fit_check_format(imgdata, IMAGE_SIZE_INVAL)) { - free(imgdata); - return 0; - } -diff --git a/cmd/disk.c b/cmd/disk.c -index 8060e753eb..3195db9127 100644 ---- a/cmd/disk.c -+++ b/cmd/disk.c -@@ -114,7 +114,7 @@ int common_diskboot(struct cmd_tbl *cmdtp, const char *intf, int argc, - /* This cannot be done earlier, - * we need complete FIT image in RAM first */ - if (genimg_get_format((void *) addr) == IMAGE_FORMAT_FIT) { -- if (!fit_check_format(fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - bootstage_error(BOOTSTAGE_ID_IDE_FIT_READ); - puts("** Bad FIT image format\n"); - return 1; -diff --git a/cmd/fpga.c b/cmd/fpga.c -index 8ae1c936fb..51410a8e42 100644 ---- a/cmd/fpga.c -+++ b/cmd/fpga.c -@@ -330,7 +330,7 @@ static int do_fpga_loadmk(struct cmd_tbl *cmdtp, int flag, int argc, - return CMD_RET_FAILURE; - } - -- if (!fit_check_format(fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - puts("Bad FIT image format\n"); - return CMD_RET_FAILURE; - } -diff --git a/cmd/nand.c b/cmd/nand.c -index 92d039af8f..97e117a979 100644 ---- a/cmd/nand.c -+++ b/cmd/nand.c -@@ -917,7 +917,7 @@ static int nand_load_image(struct cmd_tbl *cmdtp, struct mtd_info *mtd, - #if defined(CONFIG_FIT) - /* This cannot be done earlier, we need complete FIT image in RAM first */ - if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { -- if (!fit_check_format (fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - bootstage_error(BOOTSTAGE_ID_NAND_FIT_READ); - puts ("** Bad FIT image format\n"); - return 1; -diff --git a/cmd/source.c b/cmd/source.c -index b6c709a3d2..71f71528ad 100644 ---- a/cmd/source.c -+++ b/cmd/source.c -@@ -107,7 +107,7 @@ int image_source_script(ulong addr, const char *fit_uname) - #if defined(CONFIG_FIT) - case IMAGE_FORMAT_FIT: - fit_hdr = buf; -- if (!fit_check_format (fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - puts ("Bad FIT image format\n"); - return 1; - } -diff --git a/cmd/ximg.c b/cmd/ximg.c -index 159ba51648..ef738ebfa2 100644 ---- a/cmd/ximg.c -+++ b/cmd/ximg.c -@@ -136,7 +136,7 @@ do_imgextract(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) - "at %08lx ...\n", uname, addr); - - fit_hdr = (const void *)addr; -- if (!fit_check_format(fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - puts("Bad FIT image format\n"); - return 1; - } -diff --git a/common/image-fdt.c b/common/image-fdt.c -index 327a8c4c39..4105259212 100644 ---- a/common/image-fdt.c -+++ b/common/image-fdt.c -@@ -399,7 +399,7 @@ int boot_get_fdt(int flag, int argc, char *const argv[], uint8_t arch, - */ - #if CONFIG_IS_ENABLED(FIT) - /* check FDT blob vs FIT blob */ -- if (fit_check_format(buf)) { -+ if (!fit_check_format(buf, IMAGE_SIZE_INVAL)) { - ulong load, len; - - fdt_noffset = boot_get_fdt_fit(images, -diff --git a/common/image-fit.c b/common/image-fit.c -index 9637d747fb..402f08fc9d 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -8,6 +8,8 @@ - * Wolfgang Denk, DENX Software Engineering, wd@denx.de. - */ - -+#define LOG_CATEGORY LOGC_BOOT -+ - #ifdef USE_HOSTCC - #include "mkimage.h" - #include -@@ -1550,49 +1552,41 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) - return (comp == image_comp); - } - --/** -- * fit_check_format - sanity check FIT image format -- * @fit: pointer to the FIT format image header -- * -- * fit_check_format() runs a basic sanity FIT image verification. -- * Routine checks for mandatory properties, nodes, etc. -- * -- * returns: -- * 1, on success -- * 0, on failure -- */ --int fit_check_format(const void *fit) -+int fit_check_format(const void *fit, ulong size) - { -+ int ret; -+ - /* A FIT image must be a valid FDT */ -- if (fdt_check_header(fit)) { -- debug("Wrong FIT format: not a flattened device tree\n"); -- return 0; -+ ret = fdt_check_header(fit); -+ if (ret) { -+ log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n", -+ ret); -+ return -ENOEXEC; - } - - /* mandatory / node 'description' property */ -- if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { -- debug("Wrong FIT format: no description\n"); -- return 0; -+ if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { -+ log_debug("Wrong FIT format: no description\n"); -+ return -ENOMSG; - } - - if (IMAGE_ENABLE_TIMESTAMP) { - /* mandatory / node 'timestamp' property */ -- if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) { -- debug("Wrong FIT format: no timestamp\n"); -- return 0; -+ if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) { -+ log_debug("Wrong FIT format: no timestamp\n"); -+ return -ENODATA; - } - } - - /* mandatory subimages parent '/images' node */ - if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { -- debug("Wrong FIT format: no images parent node\n"); -- return 0; -+ log_debug("Wrong FIT format: no images parent node\n"); -+ return -ENOENT; - } - -- return 1; -+ return 0; - } - -- - /** - * fit_conf_find_compat - * @fit: pointer to the FIT format image header -@@ -1929,7 +1923,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, - printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); - - bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); -- if (!fit_check_format(fit)) { -+ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { - printf("Bad FIT %s image format!\n", prop_name); - bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); - return -ENOEXEC; -diff --git a/common/splash_source.c b/common/splash_source.c -index f51ca5ddf3..bad9a7790a 100644 ---- a/common/splash_source.c -+++ b/common/splash_source.c -@@ -336,10 +336,10 @@ static int splash_load_fit(struct splash_location *location, u32 bmp_load_addr) - if (res < 0) - return res; - -- res = fit_check_format(fit_header); -- if (!res) { -+ res = fit_check_format(fit_header, IMAGE_SIZE_INVAL); -+ if (res) { - debug("Could not find valid FIT image\n"); -- return -EINVAL; -+ return res; - } - - /* Get the splash image node */ -diff --git a/common/update.c b/common/update.c -index a5879cb52c..f0848954e5 100644 ---- a/common/update.c -+++ b/common/update.c -@@ -286,7 +286,7 @@ int update_tftp(ulong addr, char *interface, char *devstring) - got_update_file: - fit = map_sysmem(addr, 0); - -- if (!fit_check_format((void *)fit)) { -+ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { - printf("Bad FIT format of the update file, aborting " - "auto-update\n"); - return 1; -@@ -363,7 +363,7 @@ int fit_update(const void *fit) - if (!fit) - return -EINVAL; - -- if (!fit_check_format((void *)fit)) { -+ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { - printf("Bad FIT format of the update file, aborting auto-update\n"); - return -EINVAL; - } -diff --git a/drivers/fpga/socfpga_arria10.c b/drivers/fpga/socfpga_arria10.c -index 44e1ac54c3..18f99676d2 100644 ---- a/drivers/fpga/socfpga_arria10.c -+++ b/drivers/fpga/socfpga_arria10.c -@@ -565,10 +565,10 @@ static int first_loading_rbf_to_buffer(struct udevice *dev, - if (ret < 0) - return ret; - -- ret = fit_check_format(buffer_p); -- if (!ret) { -+ ret = fit_check_format(buffer_p, IMAGE_SIZE_INVAL); -+ if (ret) { - debug("FPGA: No valid FIT image was found.\n"); -- return -EBADF; -+ return ret; - } - - confs_noffset = fdt_path_offset(buffer_p, FIT_CONFS_PATH); -diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c -index 84db6be624..81265ee356 100644 ---- a/drivers/net/fsl-mc/mc.c -+++ b/drivers/net/fsl-mc/mc.c -@@ -141,7 +141,7 @@ int parse_mc_firmware_fit_image(u64 mc_fw_addr, - return -EINVAL; - } - -- if (!fit_check_format(fit_hdr)) { -+ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { - printf("fsl-mc: ERR: Bad firmware image (bad FIT header)\n"); - return -EINVAL; - } -diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c -index 41999e176d..eee70a2e73 100644 ---- a/drivers/net/pfe_eth/pfe_firmware.c -+++ b/drivers/net/pfe_eth/pfe_firmware.c -@@ -160,7 +160,7 @@ static int pfe_fit_check(void) - return ret; - } - -- if (!fit_check_format(pfe_fit_addr)) { -+ if (fit_check_format(pfe_fit_addr, IMAGE_SIZE_INVAL)) { - printf("PFE Firmware: Bad firmware image (bad FIT header)\n"); - ret = -1; - return ret; -diff --git a/include/image.h b/include/image.h -index 41473dbb9c..8c152c5c5f 100644 ---- a/include/image.h -+++ b/include/image.h -@@ -134,6 +134,9 @@ extern ulong image_load_addr; /* Default Load Address */ - extern ulong image_save_addr; /* Default Save Address */ - extern ulong image_save_size; /* Default Save Size */ - -+/* An invalid size, meaning that the image size is not known */ -+#define IMAGE_SIZE_INVAL (-1UL) -+ - enum ih_category { - IH_ARCH, - IH_COMP, -@@ -1141,7 +1144,23 @@ int fit_image_check_os(const void *fit, int noffset, uint8_t os); - int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); - int fit_image_check_type(const void *fit, int noffset, uint8_t type); - int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); --int fit_check_format(const void *fit); -+ -+/** -+ * fit_check_format() - Check that the FIT is valid -+ * -+ * This performs various checks on the FIT to make sure it is suitable for -+ * use, looking for mandatory properties, nodes, etc. -+ * -+ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make -+ * sure that there are no strange tags or broken nodes in the FIT. -+ * -+ * @fit: pointer to the FIT format image header -+ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check -+ * failed (e.g. due to bad structure), -ENOMSG if the description is -+ * missing, -ENODATA if the timestamp is missing, -ENOENT if the /images -+ * path is missing -+ */ -+int fit_check_format(const void *fit, ulong size); - - int fit_conf_find_compat(const void *fit, const void *fdt); - -diff --git a/tools/fit_common.c b/tools/fit_common.c -index cdf987d3c1..52b63296f8 100644 ---- a/tools/fit_common.c -+++ b/tools/fit_common.c -@@ -26,7 +26,8 @@ - int fit_verify_header(unsigned char *ptr, int image_size, - struct image_tool_params *params) - { -- if (fdt_check_header(ptr) != EXIT_SUCCESS || !fit_check_format(ptr)) -+ if (fdt_check_header(ptr) != EXIT_SUCCESS || -+ fit_check_format(ptr, IMAGE_SIZE_INVAL)) - return EXIT_FAILURE; - - return EXIT_SUCCESS; -diff --git a/tools/fit_image.c b/tools/fit_image.c -index 06faeda7c2..d440d143c6 100644 ---- a/tools/fit_image.c -+++ b/tools/fit_image.c -@@ -883,7 +883,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params) - /* Indent string is defined in header image.h */ - p = IMAGE_INDENT_STRING; - -- if (!fit_check_format(fit)) { -+ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { - printf("Bad FIT image format\n"); - return -1; - } -diff --git a/tools/mkimage.h b/tools/mkimage.h -index 5b096a545b..0d3148444c 100644 ---- a/tools/mkimage.h -+++ b/tools/mkimage.h -@@ -29,6 +29,8 @@ - #define debug(fmt,args...) - #endif /* MKIMAGE_DEBUG */ - -+#define log_debug(fmt, args...) debug(fmt, ##args) -+ - static inline void *map_sysmem(ulong paddr, unsigned long len) - { - return (void *)(uintptr_t)paddr; diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch deleted file mode 100644 index 86f7e8ce5..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-3.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:10 -0700 -Subject: [PATCH] image: Add an option to do a full check of the FIT - -Some strange modifications of the FIT can introduce security risks. Add an -option to check it thoroughly, using libfdt's fdt_check_full() function. - -Enable this by default if signature verification is enabled. - -CVE-2021-27097 - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27097 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] -Signed-off-by: Scott Murray - ---- - common/Kconfig.boot | 20 ++++++++++++++++++++ - common/image-fit.c | 16 ++++++++++++++++ - 2 files changed, 36 insertions(+) - -diff --git a/common/Kconfig.boot b/common/Kconfig.boot -index 5eaabdfc27..7532e55edb 100644 ---- a/common/Kconfig.boot -+++ b/common/Kconfig.boot -@@ -63,6 +63,15 @@ config FIT_ENABLE_SHA512_SUPPORT - SHA512 checksum is a 512-bit (64-byte) hash value used to check that - the image contents have not been corrupted. - -+config FIT_FULL_CHECK -+ bool "Do a full check of the FIT before using it" -+ default y -+ help -+ Enable this do a full check of the FIT to make sure it is valid. This -+ helps to protect against carefully crafted FITs which take advantage -+ of bugs or omissions in the code. This includes a bad structure, -+ multiple root nodes and the like. -+ - config FIT_SIGNATURE - bool "Enable signature verification of FIT uImages" - depends on DM -@@ -70,6 +79,7 @@ config FIT_SIGNATURE - select RSA - select RSA_VERIFY - select IMAGE_SIGN_INFO -+ select FIT_FULL_CHECK - help - This option enables signature verification of FIT uImages, - using a hash signed and verified using RSA. If -@@ -159,6 +169,15 @@ config SPL_FIT_PRINT - help - Support printing the content of the fitImage in a verbose manner in SPL. - -+config SPL_FIT_FULL_CHECK -+ bool "Do a full check of the FIT before using it" -+ help -+ Enable this do a full check of the FIT to make sure it is valid. This -+ helps to protect against carefully crafted FITs which take advantage -+ of bugs or omissions in the code. This includes a bad structure, -+ multiple root nodes and the like. -+ -+ - config SPL_FIT_SIGNATURE - bool "Enable signature verification of FIT firmware within SPL" - depends on SPL_DM -@@ -168,6 +187,7 @@ config SPL_FIT_SIGNATURE - select SPL_RSA - select SPL_RSA_VERIFY - select SPL_IMAGE_SIGN_INFO -+ select SPL_FIT_FULL_CHECK - - config SPL_LOAD_FIT - bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)" -diff --git a/common/image-fit.c b/common/image-fit.c -index f6c0428a96..bcf395f6a1 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -1580,6 +1580,22 @@ int fit_check_format(const void *fit, ulong size) - return -ENOEXEC; - } - -+ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { -+ /* -+ * If we are not given the size, make do wtih calculating it. -+ * This is not as secure, so we should consider a flag to -+ * control this. -+ */ -+ if (size == IMAGE_SIZE_INVAL) -+ size = fdt_totalsize(fit); -+ ret = fdt_check_full(fit, size); -+ -+ if (ret) { -+ log_debug("FIT check error %d\n", ret); -+ return -EINVAL; -+ } -+ } -+ - /* mandatory / node 'description' property */ - if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { - log_debug("Wrong FIT format: no description\n"); diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch deleted file mode 100644 index 060cac1cf..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-4.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 124c255731c76a2b09587378b2bcce561bcd3f2d Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:11 -0700 -Subject: [PATCH] libfdt: Check for multiple/invalid root nodes - -It is possible to construct a devicetree blob with multiple root nodes. -Update fdt_check_full() to check for this, along with a root node with an -invalid name. - -CVE-2021-27097 - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27097 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/124c255731c76a2b09587378b2bcce561bcd3f2d] -Signed-off-by: Scott Murray - ---- - scripts/dtc/libfdt/fdt_ro.c | 17 +++++++++++++++++ - test/py/tests/test_vboot.py | 3 ++- - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/scripts/dtc/libfdt/fdt_ro.c b/scripts/dtc/libfdt/fdt_ro.c -index d984bab036..efe7efe921 100644 ---- a/scripts/dtc/libfdt/fdt_ro.c -+++ b/scripts/dtc/libfdt/fdt_ro.c -@@ -867,6 +867,7 @@ int fdt_check_full(const void *fdt, size_t bufsize) - unsigned depth = 0; - const void *prop; - const char *propname; -+ bool expect_end = false; - - if (bufsize < FDT_V1_SIZE) - return -FDT_ERR_TRUNCATED; -@@ -887,6 +888,10 @@ int fdt_check_full(const void *fdt, size_t bufsize) - if (nextoffset < 0) - return nextoffset; - -+ /* If we see two root nodes, something is wrong */ -+ if (expect_end && tag != FDT_END) -+ return -FDT_ERR_BADLAYOUT; -+ - switch (tag) { - case FDT_NOP: - break; -@@ -900,12 +905,24 @@ int fdt_check_full(const void *fdt, size_t bufsize) - depth++; - if (depth > INT_MAX) - return -FDT_ERR_BADSTRUCTURE; -+ -+ /* The root node must have an empty name */ -+ if (depth == 1) { -+ const char *name; -+ int len; -+ -+ name = fdt_get_name(fdt, offset, &len); -+ if (*name || len) -+ return -FDT_ERR_BADLAYOUT; -+ } - break; - - case FDT_END_NODE: - if (depth == 0) - return -FDT_ERR_BADSTRUCTURE; - depth--; -+ if (depth == 0) -+ expect_end = true; - break; - - case FDT_PROP: diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch deleted file mode 100644 index 562f8151b..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-1.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:06 -0700 -Subject: [PATCH] fit: Don't allow verification of images with @ nodes - -When searching for a node called 'fred', any unit address appended to the -name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This -means that we cannot be sure that the node originally intended is the one -that is used. - -Disallow use of nodes with unit addresses. - -Update the forge test also, since it uses @ addresses. - -CVE-2021-27138 - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27138 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4] -Signed-off-by: Scott Murray - ---- - common/image-fit-sig.c | 22 ++++++++++++++++++++-- - common/image-fit.c | 20 +++++++++++++++----- - test/py/tests/test_fit.py | 24 ++++++++++++------------ - test/py/tests/vboot_forge.py | 12 ++++++------ - 4 files changed, 53 insertions(+), 25 deletions(-) - -diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c -index 897e04c7a3..34ebb8edfe 100644 ---- a/common/image-fit-sig.c -+++ b/common/image-fit-sig.c -@@ -149,6 +149,14 @@ static int fit_image_verify_sig(const void *fit, int image_noffset, - fdt_for_each_subnode(noffset, fit, image_noffset) { - const char *name = fit_get_name(fit, noffset, NULL); - -+ /* -+ * We don't support this since libfdt considers names with the -+ * name root but different @ suffix to be equal -+ */ -+ if (strchr(name, '@')) { -+ err_msg = "Node name contains @"; -+ goto error; -+ } - if (!strncmp(name, FIT_SIG_NODENAME, - strlen(FIT_SIG_NODENAME))) { - ret = fit_image_check_sig(fit, noffset, data, -@@ -398,9 +406,10 @@ error: - return -EPERM; - } - --int fit_config_verify_required_sigs(const void *fit, int conf_noffset, -- const void *sig_blob) -+static int fit_config_verify_required_sigs(const void *fit, int conf_noffset, -+ const void *sig_blob) - { -+ const char *name = fit_get_name(fit, conf_noffset, NULL); - int noffset; - int sig_node; - int verified = 0; -@@ -408,6 +417,15 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, - bool reqd_policy_all = true; - const char *reqd_mode; - -+ /* -+ * We don't support this since libfdt considers names with the -+ * name root but different @ suffix to be equal -+ */ -+ if (strchr(name, '@')) { -+ printf("Configuration node '%s' contains '@'\n", name); -+ return -EPERM; -+ } -+ - /* Work out what we need to verify */ - sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); - if (sig_node < 0) { -diff --git a/common/image-fit.c b/common/image-fit.c -index adc3e551de..c3dc814115 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -1369,21 +1369,31 @@ error: - */ - int fit_image_verify(const void *fit, int image_noffset) - { -+ const char *name = fit_get_name(fit, image_noffset, NULL); - const void *data; - size_t size; -- int noffset = 0; - char *err_msg = ""; - -+ if (strchr(name, '@')) { -+ /* -+ * We don't support this since libfdt considers names with the -+ * name root but different @ suffix to be equal -+ */ -+ err_msg = "Node name contains @"; -+ goto err; -+ } - /* Get image data and data length */ - if (fit_image_get_data_and_size(fit, image_noffset, &data, &size)) { - err_msg = "Can't get image data/size"; -- printf("error!\n%s for '%s' hash node in '%s' image node\n", -- err_msg, fit_get_name(fit, noffset, NULL), -- fit_get_name(fit, image_noffset, NULL)); -- return 0; -+ goto err; - } - - return fit_image_verify_with_data(fit, image_noffset, data, size); -+ -+err: -+ printf("error!\n%s in '%s' image node\n", err_msg, -+ fit_get_name(fit, image_noffset, NULL)); -+ return 0; - } - - /** -diff --git a/test/py/tests/test_fit.py b/test/py/tests/test_fit.py -index 84b3f95850..6d5b43c3ba 100755 ---- a/test/py/tests/test_fit.py -+++ b/test/py/tests/test_fit.py -@@ -17,7 +17,7 @@ base_its = ''' - #address-cells = <1>; - - images { -- kernel@1 { -+ kernel-1 { - data = /incbin/("%(kernel)s"); - type = "kernel"; - arch = "sandbox"; -@@ -26,7 +26,7 @@ base_its = ''' - load = <0x40000>; - entry = <0x8>; - }; -- kernel@2 { -+ kernel-2 { - data = /incbin/("%(loadables1)s"); - type = "kernel"; - arch = "sandbox"; -@@ -35,19 +35,19 @@ base_its = ''' - %(loadables1_load)s - entry = <0x0>; - }; -- fdt@1 { -+ fdt-1 { - description = "snow"; - data = /incbin/("%(fdt)s"); - type = "flat_dt"; - arch = "sandbox"; - %(fdt_load)s - compression = "%(compression)s"; -- signature@1 { -+ signature-1 { - algo = "sha1,rsa2048"; - key-name-hint = "dev"; - }; - }; -- ramdisk@1 { -+ ramdisk-1 { - description = "snow"; - data = /incbin/("%(ramdisk)s"); - type = "ramdisk"; -@@ -56,7 +56,7 @@ base_its = ''' - %(ramdisk_load)s - compression = "%(compression)s"; - }; -- ramdisk@2 { -+ ramdisk-2 { - description = "snow"; - data = /incbin/("%(loadables2)s"); - type = "ramdisk"; -@@ -67,10 +67,10 @@ base_its = ''' - }; - }; - configurations { -- default = "conf@1"; -- conf@1 { -- kernel = "kernel@1"; -- fdt = "fdt@1"; -+ default = "conf-1"; -+ conf-1 { -+ kernel = "kernel-1"; -+ fdt = "fdt-1"; - %(ramdisk_config)s - %(loadables_config)s - }; -@@ -410,7 +410,7 @@ def test_fit(u_boot_console): - - # Try a ramdisk - with cons.log.section('Kernel + FDT + Ramdisk load'): -- params['ramdisk_config'] = 'ramdisk = "ramdisk@1";' -+ params['ramdisk_config'] = 'ramdisk = "ramdisk-1";' - params['ramdisk_load'] = 'load = <%#x>;' % params['ramdisk_addr'] - fit = make_fit(mkimage, params) - cons.restart_uboot() -@@ -419,7 +419,7 @@ def test_fit(u_boot_console): - - # Configuration with some Loadables - with cons.log.section('Kernel + FDT + Ramdisk load + Loadables'): -- params['loadables_config'] = 'loadables = "kernel@2", "ramdisk@2";' -+ params['loadables_config'] = 'loadables = "kernel-2", "ramdisk-2";' - params['loadables1_load'] = ('load = <%#x>;' % - params['loadables1_addr']) - params['loadables2_load'] = ('load = <%#x>;' % -diff --git a/test/py/tests/vboot_forge.py b/test/py/tests/vboot_forge.py -index 0fb7ef4024..b41105bd0e 100644 ---- a/test/py/tests/vboot_forge.py -+++ b/test/py/tests/vboot_forge.py -@@ -376,12 +376,12 @@ def manipulate(root, strblock): - """ - Maliciously manipulates the structure to create a crafted FIT file - """ -- # locate /images/kernel@1 (frankly, it just expects it to be the first one) -+ # locate /images/kernel-1 (frankly, it just expects it to be the first one) - kernel_node = root[0][0] - # clone it to save time filling all the properties - fake_kernel = kernel_node.clone() - # rename the node -- fake_kernel.name = b'kernel@2' -+ fake_kernel.name = b'kernel-2' - # get rid of signatures/hashes - fake_kernel.children = [] - # NOTE: this simply replaces the first prop... either description or data -@@ -391,13 +391,13 @@ def manipulate(root, strblock): - root[0].children.append(fake_kernel) - - # modify the default configuration -- root[1].props[0].value = b'conf@2\x00' -+ root[1].props[0].value = b'conf-2\x00' - # clone the first (only?) configuration - fake_conf = root[1][0].clone() - # rename and change kernel and fdt properties to select the crafted kernel -- fake_conf.name = b'conf@2' -- fake_conf.props[0].value = b'kernel@2\x00' -- fake_conf.props[1].value = b'fdt@1\x00' -+ fake_conf.name = b'conf-2' -+ fake_conf.props[0].value = b'kernel-2\x00' -+ fake_conf.props[1].value = b'fdt-1\x00' - # insert the new configuration under /configurations - root[1].children.append(fake_conf) - diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch deleted file mode 100644 index 946196c37..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27138-2.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 3f04db891a353f4b127ed57279279f851c6b4917 Mon Sep 17 00:00:00 2001 -From: Simon Glass -Date: Mon, 15 Feb 2021 17:08:12 -0700 -Subject: [PATCH] image: Check for unit addresses in FITs - -Using unit addresses in a FIT is a security risk. Add a check for this -and disallow it. - -CVE-2021-27138 - -Signed-off-by: Simon Glass -Reported-by: Bruce Monroe -Reported-by: Arie Haenel -Reported-by: Julien Lenoir - -CVE: CVE-2021-27138 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917] -Signed-off-by: Scott Murray - ---- - common/image-fit.c | 56 +++++++++++++++++++++++++++++++++++++++++---- - test/py/tests/test_vboot.py | 9 ++++---- - 2 files changed, 57 insertions(+), 8 deletions(-) - -diff --git a/common/image-fit.c b/common/image-fit.c -index bcf395f6a1..28b3d2b191 100644 ---- a/common/image-fit.c -+++ b/common/image-fit.c -@@ -1568,6 +1568,34 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) - return (comp == image_comp); - } - -+/** -+ * fdt_check_no_at() - Check for nodes whose names contain '@' -+ * -+ * This checks the parent node and all subnodes recursively -+ * -+ * @fit: FIT to check -+ * @parent: Parent node to check -+ * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@' -+ */ -+static int fdt_check_no_at(const void *fit, int parent) -+{ -+ const char *name; -+ int node; -+ int ret; -+ -+ name = fdt_get_name(fit, parent, NULL); -+ if (!name || strchr(name, '@')) -+ return -EADDRNOTAVAIL; -+ -+ fdt_for_each_subnode(node, fit, parent) { -+ ret = fdt_check_no_at(fit, node); -+ if (ret) -+ return ret; -+ } -+ -+ return 0; -+} -+ - int fit_check_format(const void *fit, ulong size) - { - int ret; -@@ -1589,10 +1617,27 @@ int fit_check_format(const void *fit, ulong size) - if (size == IMAGE_SIZE_INVAL) - size = fdt_totalsize(fit); - ret = fdt_check_full(fit, size); -+ if (ret) -+ ret = -EINVAL; -+ -+ /* -+ * U-Boot stopped using unit addressed in 2017. Since libfdt -+ * can match nodes ignoring any unit address, signature -+ * verification can see the wrong node if one is inserted with -+ * the same name as a valid node but with a unit address -+ * attached. Protect against this by disallowing unit addresses. -+ */ -+ if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) { -+ ret = fdt_check_no_at(fit, 0); - -+ if (ret) { -+ log_debug("FIT check error %d\n", ret); -+ return ret; -+ } -+ } - if (ret) { - log_debug("FIT check error %d\n", ret); -- return -EINVAL; -+ return ret; - } - } - -@@ -1955,10 +2000,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr, - printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); - - bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); -- if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { -- printf("Bad FIT %s image format!\n", prop_name); -+ ret = fit_check_format(fit, IMAGE_SIZE_INVAL); -+ if (ret) { -+ printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret); -+ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL) -+ printf("Signature checking prevents use of unit addresses (@) in nodes\n"); - bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); -- return -ENOEXEC; -+ return ret; - } - bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); - if (fit_uname) { diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc index 993478a73..dbbb9ff14 100644 --- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -12,16 +12,9 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "c4fddedc48f336eabc4ce3f74940e6aa372de18c" +SRCREV = "b46dd116ce03e235f2a7d4843c6278e1da44b5e1" SRC_URI = "git://git.denx.de/u-boot.git \ - file://0001-add-valid-fdt-check.patch \ - file://CVE-2021-27097-1.patch \ - file://CVE-2021-27097-2.patch \ - file://CVE-2021-27097-3.patch \ - file://CVE-2021-27097-4.patch \ - file://CVE-2021-27138-1.patch \ - file://CVE-2021-27138-2.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.01.bb deleted file mode 100644 index ef386f76e..000000000 --- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.01.bb +++ /dev/null @@ -1,3 +0,0 @@ -require u-boot-common.inc -require u-boot-tools.inc - diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.04.bb new file mode 100644 index 000000000..ef386f76e --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2021.04.bb @@ -0,0 +1,3 @@ +require u-boot-common.inc +require u-boot-tools.inc + diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb deleted file mode 100644 index bbbc99bf8..000000000 --- a/poky/meta/recipes-bsp/u-boot/u-boot_2021.01.bb +++ /dev/null @@ -1,6 +0,0 @@ -require u-boot-common.inc -require u-boot.inc - -SRC_URI_append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch" - -DEPENDS += "bc-native dtc-native python3-setuptools-native" diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2021.04.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2021.04.bb new file mode 100644 index 000000000..bbbc99bf8 --- /dev/null +++ b/poky/meta/recipes-bsp/u-boot/u-boot_2021.04.bb @@ -0,0 +1,6 @@ +require u-boot-common.inc +require u-boot.inc + +SRC_URI_append = " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch" + +DEPENDS += "bc-native dtc-native python3-setuptools-native" -- cgit v1.2.3