From patchwork Thu Nov 29 11:42:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 152393 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp2272177ljp; Thu, 29 Nov 2018 03:42:25 -0800 (PST) X-Google-Smtp-Source: AFSGD/W5MarsyIh8ZuzHxf4lWVZQmeGU5xD5LHQzH0kyVDNK3hQulMrCWNNzycfO3wTKR/92qBmL X-Received: by 2002:a17:902:28e9:: with SMTP id f96mr1120120plb.169.1543491744956; Thu, 29 Nov 2018 03:42:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543491744; cv=none; d=google.com; s=arc-20160816; b=N7z/za533jRGvSqCzzw8kBAtpdzDq1+LBFs4D0xGg4SCPkZTCK8pGNqUkKxRtRfMQr 5pV8eCBpXr2z3naUWnr62QOqA1w2muMYJgKDirQxvTb1XSPIMfT//CGBr/jeokyLbAJO 71whZvro9QCSDuU6SOht0igq0dk0PP3iFfFbrlwkHOUQMwRq8ALNHW2F2HMNp0gVyRdJ 7Ik5H/4jBbjCXg5fIXc6gdiz0DqS9/0Ygd8fnAMEFnnJ0RcmJBQyBeMS4rs0hPhXvgwD uEVvs3NMZAONluRVHcsbCDv+hcRGkQhLcWmt/sR0MiAF4U9uOB3gHBTbgEBf+xy8z6+a 4LiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=wTeBS9eLmbZwUn6jLIMyquu7qTgcJuQXSgpm2hlb/MI=; b=jiWkK5COEYVVwVtMdEAnRoYT0t69tb5HMkvfm0G3t3UpZptVvmTfkMxsXIWZMMEH1+ 3g2mF89vgbGGfR5wItKJt5JszDoEV44kjw9dPekS8qgKI0vvzuWWKphfpe3Q3Nu+UQPT uUSqUOCIKhIYMfftb3lGQz2shAtIw3AUt7y+X/uBuTRN84rjhn9PUyFQiJSDOH7mkphZ BG8KkHBlRSdgGXoHZm0LW06AvmKD1DZchzheuTXYbfq+Y3/ACJW4oPMnwCHgAao13d1m 5LxsXx+KzoDl6jMl8Y0gq0djTbseG6NfiueppJUOc5yi7lcrXxDa6EfUgLJevK0xLjkM 3DNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=E332hWvh; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id y27si1738727pga.459.2018.11.29.03.42.24; Thu, 29 Nov 2018 03:42:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=E332hWvh; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from 165.28.230.35.bc.googleusercontent.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id C4A5B6D539; Thu, 29 Nov 2018 11:42:19 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mail.openembedded.org (Postfix) with ESMTP id 3C2146C0E1 for ; Thu, 29 Nov 2018 11:42:18 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id y139so1896302wmc.5 for ; Thu, 29 Nov 2018 03:42:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=WFKs7sFSKxzqOVDvpJI9OSJrZjJilyOKcujQPaTt1EA=; b=E332hWvhyahUHgMiH3XsVLTit+M76GeqU3KWFS0OSY1t0RQHB4AE6SXw7yTwz1yRuQ BsOMF5Mz6XqrYGyzhE6n6eXUJN225KeGwTofwGYosLS9GR2yEBwWjKWHvlNFjzs6ZcSs SzVoRihn/jJRToDYO5A0gfyvZugjbs0/cF8U6JkA1J/bGX/EkeYCX9VfrmWhFZfFQt4Q 3N7CtuAeHTeGAoxoYstR1xmwdl9TuB07bLVVTMc4wYPoY2yrVNm2hI6xo4/nTP763oSK 93tR9CiEHOElnrLgMsq4tWsTTPWfzUTmNf9oyWt2/fUO4zwILz4mGLTEAil/hiVng1fE fauA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=WFKs7sFSKxzqOVDvpJI9OSJrZjJilyOKcujQPaTt1EA=; b=oETVkrW1yBhBmDwACo4UHiFVS6H3l4jrFfQke2tjAJ1aesAIHy5BtWHNhaztQY19k1 boN+zVGb92On00zyMRwzGsWf3pyC3KCmz56U2C5UECbDttl6s+W3s0pyCpvNtMAU0Oty ib3hiZduDDXsSpDP4ZmTVsbn2X+kaoZ5pir7nBf69rydoI+ERGMuWiOJOhkUfq/jG0RA 7LF2/EcXfA2Z9y0sPh/xd+HxEDufJESR8SasxV5TXEJBn+thjFhBUIA8n5XE4qF700l0 bv61aRBWTV2gWr/NnilunzuxAOxwO9qstakFi47rKMPd127TzICL71yB8UJ4LE5R2UJc B3uA== X-Gm-Message-State: AA+aEWZREZo+cs915S/iR26dl9IYM5zCnkFKYWUG1pNhyCHNGcZha6bp Nwi6LP9IpsCUwMtq/hwHE2WDerYZonc= X-Received: by 2002:a1c:cc1:: with SMTP id 184-v6mr1502282wmm.102.1543491738448; Thu, 29 Nov 2018 03:42:18 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id q12sm1568081wrx.31.2018.11.29.03.42.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Nov 2018 03:42:17 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Thu, 29 Nov 2018 11:42:14 +0000 Message-Id: <20181129114215.4679-1-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 Subject: [OE-core] [PATCH 1/2] cpio: fix crash when appending to archives X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory bug when appending to an existing archive, which is an operation we perform when building an image. Signed-off-by: Ross Burton --- .../cpio-2.12/0001-Fix-segfault-with-append.patch | 87 ++++++++++++++++++++++ meta/recipes-extended/cpio/cpio_2.12.bb | 1 + 2 files changed, 88 insertions(+) create mode 100644 meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch new file mode 100644 index 00000000000..2043c890cde --- /dev/null +++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch @@ -0,0 +1,87 @@ +Upstream-Status: Submitted [bugs-cpio] +Signed-off-by: Ross Burton + +From 3f0bd5a40ad0ceaee78c74a52a7166ed7f08db81 Mon Sep 17 00:00:00 2001 +From: Pavel Raiskup +Date: Thu, 29 Nov 2018 07:03:48 +0100 +Subject: [PATCH] Fix segfault with --append + +The --append mode combines both process_copy_in() and +process_copy_out() methods, each of them working with different +(local) file_hdr->c_name buffers. So ensure that +cpio_set_c_name() isn't using the same static variable for +maintaining length of different buffers. + +Complements d36ec5f4e93130efb24fb9. Thanks to Ross Burton. + +* src/copyin.c (process_copy_in): Always initialize file_hdr. +* src/copyout.c (process_copy_out): Likewise. +* src/cpiohdr.h (cpio_file_stat): Add c_name_buflen variable. +* src/util.c (cpio_set_c_name): Use file_hdr->c_name_buflen. +--- + src/copyin.c | 1 + + src/copyout.c | 1 + + src/cpiohdr.h | 1 + + src/util.c | 3 ++- + 4 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/copyin.c b/src/copyin.c +index ba887ae..767c2f8 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -1213,6 +1213,7 @@ process_copy_in () + + newdir_umask = umask (0); /* Reset umask to preserve modes of + created files */ ++ memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); + + /* Initialize the copy in. */ + if (pattern_file_name) +diff --git a/src/copyout.c b/src/copyout.c +index 7532dac..fb890cb 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -594,6 +594,7 @@ process_copy_out () + + /* Initialize the copy out. */ + ds_init (&input_name, 128); ++ memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); + file_hdr.c_magic = 070707; + + /* Check whether the output file might be a tape. */ +diff --git a/src/cpiohdr.h b/src/cpiohdr.h +index 588135b..cf64f3e 100644 +--- a/src/cpiohdr.h ++++ b/src/cpiohdr.h +@@ -127,6 +127,7 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ + uint32_t c_chksum; + char *c_name; + char *c_tar_linkname; ++ size_t c_name_buflen; + }; + + void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); +diff --git a/src/util.c b/src/util.c +index 10486dc..1256469 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1413,7 +1413,7 @@ set_file_times (int fd, + void + cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) + { +- static size_t buflen = 0; ++ size_t buflen = file_hdr->c_name_buflen; + size_t len = strlen (name) + 1; + + if (buflen == 0) +@@ -1430,6 +1430,7 @@ cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) + } + + file_hdr->c_namesize = len; ++ file_hdr->c_name_buflen = buflen; + memmove (file_hdr->c_name, name, len); + } + +-- +2.11.0 + diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb index 69d36983e39..6ba8337e5d9 100644 --- a/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/meta/recipes-extended/cpio/cpio_2.12.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0001-Fix-CVE-2015-1197.patch \ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \ + file://0001-Fix-segfault-with-append.patch \ " SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86" From patchwork Thu Nov 29 11:42:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 152394 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp2272461ljp; Thu, 29 Nov 2018 03:42:42 -0800 (PST) X-Google-Smtp-Source: AFSGD/WWJ6hGIxzJgfGOPHgum33dEZuVPvso4MO0X5+IzJeFuvRzvInM+PvaayFPknO6zgWsLq2L X-Received: by 2002:a17:902:7c85:: with SMTP id y5mr1109210pll.63.1543491762014; Thu, 29 Nov 2018 03:42:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543491762; cv=none; d=google.com; s=arc-20160816; b=zZtNWbHiasmCvSZT2zmeD8WVNmFtygcHsO8sIdLKj8+0aY/5eRlD0E6l1QoBki923a O6BdM4PTL9mh5RK0bS8lvm3pgoo3ZkoW0WjmQv2dbOY/v9c3ir85BBXhfdOzmJmQ87ex Y7n1nZU3J5Fru5VGh3Uzo1/AbR6EoEgHErb3sXL2TkP6Ffny1W0ua52IwPH4f40L/P5T XpTgWsZeLww7RGzK/FDmZIKgHWUkervyOxHZqWQ47XxRLpEPHAfpjLOWokQ3k6UtFfaG /fM/N2jSdbJQZz5vhL7EQQtPUYpQFboqrRkjY7aEnJ2RR39FO5Y+avVKIFSwDr9wFC7x y0hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=CdsXzfwldU3yxTobLJLGM0DxNZtWtJnHHDt+Vnqeqec=; b=d0sr0OT5tQz+K2yOqMRRlMP4MSArlRi3JhcGAd8SDXDtvfu46e0ffINl85jAhgCIoz PH1N5IhAL6SA4++xH0C0b5cuk44971kOChCHoBd/d4gPSWlFkcwKDW8YMsoWEWO+laby j7ytJpgaw/JlzPxNuzYn3k2esGT+1GCL1bZ/e8tefTPNif/p0daFNRfL46jxroS/ieTt Xnx3ZpkLRp36TZSXRlEQ8s7VcXuRqpf81rQimOp8UUUN065iyg34GdAUGIxSqW2IP+g/ RAxLoD8NwBZ29Zs7qfPwTU6jIxM/5SLdbj7mDVQZNkAzszvxmbGOr6dmoTlbOSefyjGA XM/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=zkJDs4S8; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id n4si1659415pgv.512.2018.11.29.03.42.41; Thu, 29 Nov 2018 03:42:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=zkJDs4S8; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from 165.28.230.35.bc.googleusercontent.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id F37C16D523; Thu, 29 Nov 2018 11:42:38 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by mail.openembedded.org (Postfix) with ESMTP id 5F3DC6C108 for ; Thu, 29 Nov 2018 11:42:19 +0000 (UTC) Received: by mail-wr1-f65.google.com with SMTP id j2so1576955wrw.1 for ; Thu, 29 Nov 2018 03:42:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=K9KUa7QNiihkKshb4uf6HMiXuxs2D1pCkv3EeOUZnUo=; b=zkJDs4S8y76QxdDu8m1EqxDR57Mg9UI5Tww/Dt02ndJZ2h8xP3fmNKqeWW4ZFF+gvV LGDbWpT6tBv7DkF09F5lDEMtwPD0/Rw1sxHv6K0BKXUCJfol5WKjj22myYXsX4utZlpG /d3fBtlJqdVN6QLS+7+OipesTRAE1tTbVpGBOqrvuY8W0M84C2LlC4ozG2l8LXCfwAii rUZ0N1hgp0NKRvYfd6jxnnUzp9FnE05kq9u6irIliNY8Y6jdzTqt3rBsy/aaMIdyLmJr a7/06os2RucSvjWoa0uEfifFcjJvEIEO0qdJRljs6zpje8cTfGcT5VK8+sbtC0o24P93 VEiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=K9KUa7QNiihkKshb4uf6HMiXuxs2D1pCkv3EeOUZnUo=; b=LFioE0nXlYo7RjEvRsk/1gxiZoGuphD1Za6YDVUnHNWwssfSvBlLO/pycljxbWgip/ DakulCGlrJpH11lS86VFCJgBBkr0ADEieCJCH1cOC2AKVPF+V6GfJsg7H+EBXScULxit OFTzY383OP4VH0kssQhXvgesJUkLzBy4+v51R5iPOdpcN+mU00Wf5vScgFrj6bGZL3y/ rVZo2xMoTUX2NqVjbYEDearSzuPmwOrzeWfpTqjsYJ0YxYC2v8nhIv3iXDmtA/CkmbWF sjoGZ5LX8+x8zaXNwYNRZ9QJ5tjtldOMvQpTViGzNhiJqMn2iJsNfKKC3gGvXLiD0usj avBQ== X-Gm-Message-State: AA+aEWaw2gXB0C9sQtF+65FTw2bGyHx7kMH/xIQe8+m4rVnCooSTzk47 lFZLUlPZHFc94/IuC39ANxHCgSTf9Pg= X-Received: by 2002:adf:9287:: with SMTP id 7-v6mr1106559wrn.3.1543491739586; Thu, 29 Nov 2018 03:42:19 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id q12sm1568081wrx.31.2018.11.29.03.42.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Nov 2018 03:42:18 -0800 (PST) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Thu, 29 Nov 2018 11:42:15 +0000 Message-Id: <20181129114215.4679-2-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181129114215.4679-1-ross.burton@intel.com> References: <20181129114215.4679-1-ross.burton@intel.com> Subject: [OE-core] [PATCH 2/2] image_types: use cpio-native to build cpio images X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org As per the previous commit, upstream cpio has a bug which means it crashes on append. If the image being built has already had testimage ran then cpio-native will be in the sysroot. It's also possible that some distributions are shipping this broken CVE patch too. Now that our cpio-native is fixed, until we can be sure that the host cpio isn't broken depend on cpio-native if building a cpio image. [ YOCTO #13042 ] Signed-off-by: Ross Burton --- meta/classes/image_types.bbclass | 1 + 1 file changed, 1 insertion(+) -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass index 5c406481ef0..70bd3153067 100644 --- a/meta/classes/image_types.bbclass +++ b/meta/classes/image_types.bbclass @@ -239,6 +239,7 @@ EXTRA_IMAGECMD_ext4 ?= "-i 4096" EXTRA_IMAGECMD_btrfs ?= "-n 4096" EXTRA_IMAGECMD_f2fs ?= "" +do_image_cpio[depends] += "cpio-native:do_populate_sysroot" do_image_jffs2[depends] += "mtd-utils-native:do_populate_sysroot" do_image_cramfs[depends] += "util-linux-native:do_populate_sysroot" do_image_ext2[depends] += "e2fsprogs-native:do_populate_sysroot"