diff options
Diffstat (limited to 'poky/meta/recipes-devtools')
4 files changed, 225 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc index 37243db1bc..35d7d9b93f 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.30.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.30.inc @@ -47,6 +47,7 @@ SRC_URI = "\ file://CVE-2018-10372.patch \ file://CVE-2018-10535.patch \ file://CVE-2018-10534.patch \ + file://0001-Change-the-ARM-assembler-s-ADR-and-ADRl-pseudo-ops-s.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/0001-Change-the-ARM-assembler-s-ADR-and-ADRl-pseudo-ops-s.patch b/poky/meta/recipes-devtools/binutils/binutils/0001-Change-the-ARM-assembler-s-ADR-and-ADRl-pseudo-ops-s.patch new file mode 100644 index 0000000000..8604e678da --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0001-Change-the-ARM-assembler-s-ADR-and-ADRl-pseudo-ops-s.patch @@ -0,0 +1,176 @@ +From fc6141f097056f830a412afebed8d81a9d72b696 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 20 Jun 2018 12:38:10 +0100 +Subject: [PATCH] Change the ARM assembler's ADR and ADRl pseudo-ops so that + they will only set the bottom bit of imported thumb function symbols if the + -mthumb-interwork option is active. + +For more information see the email thread starting here: +https://www.sourceware.org/ml/binutils/2018-05/msg00348.html + + PR 21458 + * tc-arm.c (do_adr): Only set the bottom bit of an imported thumb + function symbol address if -mthumb-interwork is active. + (do_adrl): Likewise. + * doc/c-arm.texi: Update descriptions of the -mthumb-interwork + option and the ADR and ADRL pseudo-ops. + * NEWS: Mention the new behaviour of the ADR and ADRL pseudo-ops. + * testsuite/gas/arm/pr21458.d: Add -mthumb-interwork option to + assembler command line. + * testsuite/gas/arm/adr.d: Likewise. + * testsuite/gas/arm/adrl.d: Likewise. +--- + gas/ChangeLog | 14 ++++++++++++++ + gas/NEWS | 4 ++++ + gas/config/tc-arm.c | 10 ++++++---- + gas/doc/c-arm.texi | 17 ++++++++++++++++- + gas/testsuite/gas/arm/adr.d | 1 + + gas/testsuite/gas/arm/adrl.d | 1 + + gas/testsuite/gas/arm/pr21458.d | 3 ++- + 7 files changed, 44 insertions(+), 6 deletions(-) + +Index: git/gas/config/tc-arm.c +=================================================================== +--- git.orig/gas/config/tc-arm.c ++++ git/gas/config/tc-arm.c +@@ -8410,11 +8410,12 @@ do_adr (void) + inst.reloc.pc_rel = 1; + inst.reloc.exp.X_add_number -= 8; + +- if (inst.reloc.exp.X_op == O_symbol ++ if (support_interwork ++ && inst.reloc.exp.X_op == O_symbol + && inst.reloc.exp.X_add_symbol != NULL + && S_IS_DEFINED (inst.reloc.exp.X_add_symbol) + && THUMB_IS_FUNC (inst.reloc.exp.X_add_symbol)) +- inst.reloc.exp.X_add_number += 1; ++ inst.reloc.exp.X_add_number |= 1; + } + + /* This is a pseudo-op of the form "adrl rd, label" to be converted +@@ -8434,11 +8435,12 @@ do_adrl (void) + inst.size = INSN_SIZE * 2; + inst.reloc.exp.X_add_number -= 8; + +- if (inst.reloc.exp.X_op == O_symbol ++ if (support_interwork ++ && inst.reloc.exp.X_op == O_symbol + && inst.reloc.exp.X_add_symbol != NULL + && S_IS_DEFINED (inst.reloc.exp.X_add_symbol) + && THUMB_IS_FUNC (inst.reloc.exp.X_add_symbol)) +- inst.reloc.exp.X_add_number += 1; ++ inst.reloc.exp.X_add_number |= 1; + } + + static void +Index: git/gas/doc/c-arm.texi +=================================================================== +--- git.orig/gas/doc/c-arm.texi ++++ git/gas/doc/c-arm.texi +@@ -317,7 +317,8 @@ instructions; that is, it should behave + @cindex @code{-mthumb-interwork} command line option, ARM + @item -mthumb-interwork + This option specifies that the output generated by the assembler should +-be marked as supporting interworking. ++be marked as supporting interworking. It also affects the behaviour ++of the @code{ADR} and @code{ADRL} pseudo opcodes. + + @cindex @code{-mimplicit-it} command line option, ARM + @item -mimplicit-it=never +@@ -1060,6 +1061,16 @@ out of range, or if it is not defined in + the ADR instruction, then an error will be generated. This instruction + will not make use of the literal pool. + ++If @var{label} is a thumb function symbol, and thumb interworking has ++been enabled via the @option{-mthumb-interwork} option then the bottom ++bit of the value stored into @var{register} will be set. This allows ++the following sequence to work as expected: ++ ++@smallexample ++ adr r0, thumb_function ++ blx r0 ++@end smallexample ++ + @cindex @code{ADRL reg,<label>} pseudo op, ARM + @item ADRL + @smallexample +@@ -1076,6 +1087,10 @@ If the label is out of range, or if it i + (and section) as the ADRL instruction, then an error will be generated. + This instruction will not make use of the literal pool. + ++If @var{label} is a thumb function symbol, and thumb interworking has ++been enabled via the @option{-mthumb-interwork} option then the bottom ++bit of the value stored into @var{register} will be set. ++ + @end table + + For information on the ARM or Thumb instruction sets, see @cite{ARM +Index: git/gas/testsuite/gas/arm/adr.d +=================================================================== +--- git.orig/gas/testsuite/gas/arm/adr.d ++++ git/gas/testsuite/gas/arm/adr.d +@@ -1,3 +1,4 @@ ++#as: -mthumb-interwork + #objdump: -dr --prefix-addresses --show-raw-insn + #name: ADR + +Index: git/gas/testsuite/gas/arm/adrl.d +=================================================================== +--- git.orig/gas/testsuite/gas/arm/adrl.d ++++ git/gas/testsuite/gas/arm/adrl.d +@@ -1,3 +1,4 @@ ++#as: -mthumb-interwork + #objdump: -dr --prefix-addresses --show-raw-insn + #name: ADRL + +Index: git/gas/ChangeLog +=================================================================== +--- git.orig/gas/ChangeLog ++++ git/gas/ChangeLog +@@ -1,3 +1,17 @@ ++2018-06-20 Nick Clifton <nickc@redhat.com> ++ ++ PR 21458 ++ * tc-arm.c (do_adr): Only set the bottom bit of an imported thumb ++ function symbol address if -mthumb-interwork is active. ++ (do_adrl): Likewise. ++ * doc/c-arm.texi: Update descriptions of the -mthumb-interwork ++ option and the ADR and ADRL pseudo-ops. ++ * NEWS: Mention the new behaviour of the ADR and ADRL pseudo-ops. ++ * testsuite/gas/arm/pr21458.d: Add -mthumb-interwork option to ++ assembler command line. ++ * testsuite/gas/arm/adr.d: Likewise. ++ * testsuite/gas/arm/adrl.d: Likewise. ++ + 2018-02-05 Nick Clifton <nickc@redhat.com> + + * po/ru.po: Updated Russian translation. +Index: git/gas/NEWS +=================================================================== +--- git.orig/gas/NEWS ++++ git/gas/NEWS +@@ -1,5 +1,9 @@ + -*- text -*- + ++* The ADR and ADRL pseudo-instructions supported by the ARM assembler ++ now only set the bottom bit of the address of thumb function symbols ++ if the -mthumb-interwork command line option is active. ++ + Changes in 2.30: + + * Add support for loaction views in DWARF debug line information. +Index: git/gas/testsuite/gas/arm/pr21458.d +=================================================================== +--- git.orig/gas/testsuite/gas/arm/pr21458.d ++++ git/gas/testsuite/gas/arm/pr21458.d +@@ -1,8 +1,9 @@ ++#as: -mthumb-interwork + #objdump: -d --prefix-addresses --show-raw-insn + #name: ADR(L) for Thumb functions + #skip: *-*-pe *-wince-* *-*-coff *-*-vxworks + +-# Test that using ADR(L) on thumb function symbols sets the T bit. ++# Test that using ADR(L) on thumb function symbols sets the T bit when -mthumb-interwork is active. + + .*: +file format .*arm.* + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch new file mode 100644 index 0000000000..2261ea94b7 --- /dev/null +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch @@ -0,0 +1,47 @@ +From 3c0d67184d6edb63f3b7d6d5eb81531daa6388f3 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Tue, 28 Aug 2018 16:25:36 +0800 +Subject: [PATCH] squashfs-tools: patch for CVE-2015-4645(6) + +Upstream-Status: Backport[https://github.com/devttys0/sasquatch/pull/ + 5/commits/6777e08cc38bc780d27c69c1d8c272867b74524f] + +CVE: CVE-2015-4645 CVE-2015-4646 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + squashfs-tools/unsquash-4.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ecdaac7..692ae25 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -43,6 +43,11 @@ int read_fragment_table_4(long long *directory_table_end) + *directory_table_end = sBlk.s.fragment_table_start; + return TRUE; + } ++ ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); + + fragment_table = malloc(bytes); + if(fragment_table == NULL) +-- +2.7.4 + diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index a8baca51e3..1eb0154fd7 100644 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \ file://0001-mksquashfs.c-get-inline-functions-work-with-C99.patch;striplevel=2 \ file://squashfs-tools-4.3-sysmacros.patch;striplevel=2 \ file://fix-compat.patch \ + file://0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch;striplevel=2 \ " UPSTREAM_CHECK_COMMITS = "1" SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759" |