* [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788
@ 2013-11-27 0:51 Gustavo Zacarias
2013-11-27 0:51 ` [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc Gustavo Zacarias
2013-11-28 13:46 ` [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Peter Korsgaard
0 siblings, 2 replies; 8+ messages in thread
From: Gustavo Zacarias @ 2013-11-27 0:51 UTC (permalink / raw)
To: buildroot
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
http://hmarco.org/bugs/CVE-2013-4788.html
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
.../2.17-svnr22064/eglibc-0001-ptr_mangle.patch | 35 ++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch
diff --git a/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch b/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch
new file mode 100644
index 0000000..c9bf107
--- /dev/null
+++ b/package/glibc/2.17-svnr22064/eglibc-0001-ptr_mangle.patch
@@ -0,0 +1,35 @@
+Fix for CVE-2013-4788 from http://hmarco.org/bugs/CVE-2013-4788.html
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -rupN glibc-2.17/csu/libc-start.c glibc-2.17-mangle-fix/csu/libc-start.c
+--- glibc-2.17/libc/csu/libc-start.c 2012-12-25 04:02:13.000000000 +0100
++++ glibc-2.17-mangle-fix/libc/csu/libc-start.c 2013-07-10 00:13:48.000000000 +0200
+@@ -38,6 +38,12 @@ extern void __pthread_initialize_minimal
+ in thread local area. */
+ uintptr_t __stack_chk_guard attribute_relro;
+ # endif
++
++# ifndef THREAD_SET_POINTER_GUARD
++uintptr_t __pointer_chk_guard_local
++ attribute_relro attribute_hidden __attribute__ ((nocommon));
++# endif
++
+ #endif
+
+ #ifdef HAVE_PTR_NTHREADS
+@@ -184,6 +190,14 @@ LIBC_START_MAIN (int (*main) (int, char
+ # else
+ __stack_chk_guard = stack_chk_guard;
+ # endif
++ uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
++ stack_chk_guard);
++# ifdef THREAD_SET_POINTER_GUARD
++ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
++# else
++ __pointer_chk_guard_local = pointer_chk_guard;
++# endif
++
+ #endif
+
+ /* Register the destructor of the dynamic linker if there is any. */
--
1.8.3.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 0:51 [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Gustavo Zacarias
@ 2013-11-27 0:51 ` Gustavo Zacarias
2013-11-27 8:24 ` Thomas Petazzoni
2013-11-27 10:15 ` Markos Chandras
2013-11-28 13:46 ` [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Peter Korsgaard
1 sibling, 2 replies; 8+ messages in thread
From: Gustavo Zacarias @ 2013-11-27 0:51 UTC (permalink / raw)
To: buildroot
It's tested to be far more stable than uClibc.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
board/qemu/mips64-malta/readme.txt | 2 --
configs/qemu_mips64_malta_defconfig | 3 +--
2 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/board/qemu/mips64-malta/readme.txt b/board/qemu/mips64-malta/readme.txt
index 4fa8a19..b655922 100644
--- a/board/qemu/mips64-malta/readme.txt
+++ b/board/qemu/mips64-malta/readme.txt
@@ -6,6 +6,4 @@ The login prompt will appear in the terminal that started Qemu. The
graphical window is the framebuffer. No keyboard support has been
enabled.
-This configuration is known to be flaky.
-
Tested with QEMU 1.6.1
diff --git a/configs/qemu_mips64_malta_defconfig b/configs/qemu_mips64_malta_defconfig
index e1295dd..011b9c6 100644
--- a/configs/qemu_mips64_malta_defconfig
+++ b/configs/qemu_mips64_malta_defconfig
@@ -3,8 +3,7 @@ BR2_mips64=y
BR2_MIPS_NABI64=y
# Toolchain
-# uClibc dynamic loader seems broken for mips64
-BR2_PREFER_STATIC_LIB=y
+BR2_TOOLCHAIN_BUILDROOT_EGLIBC=y
# Filesystem
BR2_TARGET_ROOTFS_EXT2=y
--
1.8.3.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 0:51 ` [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc Gustavo Zacarias
@ 2013-11-27 8:24 ` Thomas Petazzoni
2013-11-27 10:06 ` Gustavo Zacarias
2013-11-27 10:15 ` Markos Chandras
1 sibling, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2013-11-27 8:24 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Tue, 26 Nov 2013 21:51:41 -0300, Gustavo Zacarias wrote:
> # Toolchain
> -# uClibc dynamic loader seems broken for mips64
> -BR2_PREFER_STATIC_LIB=y
I think the broken dynamic loader for mips64 in uClibc is now fixed by
package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 8:24 ` Thomas Petazzoni
@ 2013-11-27 10:06 ` Gustavo Zacarias
2013-11-27 13:03 ` Thomas Petazzoni
0 siblings, 1 reply; 8+ messages in thread
From: Gustavo Zacarias @ 2013-11-27 10:06 UTC (permalink / raw)
To: buildroot
On 11/27/2013 05:24 AM, Thomas Petazzoni wrote:
> I think the broken dynamic loader for mips64 in uClibc is now fixed by
> package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.
Probably, but besides that it's generally unstable with uClibc (you
almost certainly can't login properly) where with eglibc it just works(tm).
Though maybe it just needs a little kick like the recent SIGBUS mips64
patch from the uclibc mailing list.
Regards.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 0:51 ` [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc Gustavo Zacarias
2013-11-27 8:24 ` Thomas Petazzoni
@ 2013-11-27 10:15 ` Markos Chandras
1 sibling, 0 replies; 8+ messages in thread
From: Markos Chandras @ 2013-11-27 10:15 UTC (permalink / raw)
To: buildroot
On 11/27/2013 12:51 AM, Gustavo Zacarias wrote:
> It's tested to be far more stable than uClibc.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> board/qemu/mips64-malta/readme.txt | 2 --
> configs/qemu_mips64_malta_defconfig | 3 +--
> 2 files changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/board/qemu/mips64-malta/readme.txt b/board/qemu/mips64-malta/readme.txt
> index 4fa8a19..b655922 100644
> --- a/board/qemu/mips64-malta/readme.txt
> +++ b/board/qemu/mips64-malta/readme.txt
> @@ -6,6 +6,4 @@ The login prompt will appear in the terminal that started Qemu. The
> graphical window is the framebuffer. No keyboard support has been
> enabled.
>
> -This configuration is known to be flaky.
> -
> Tested with QEMU 1.6.1
> diff --git a/configs/qemu_mips64_malta_defconfig b/configs/qemu_mips64_malta_defconfig
> index e1295dd..011b9c6 100644
> --- a/configs/qemu_mips64_malta_defconfig
> +++ b/configs/qemu_mips64_malta_defconfig
> @@ -3,8 +3,7 @@ BR2_mips64=y
> BR2_MIPS_NABI64=y
>
> # Toolchain
> -# uClibc dynamic loader seems broken for mips64
> -BR2_PREFER_STATIC_LIB=y
> +BR2_TOOLCHAIN_BUILDROOT_EGLIBC=y
>
> # Filesystem
> BR2_TARGET_ROOTFS_EXT2=y
>
Looks good to me.
Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
--
markos
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 10:06 ` Gustavo Zacarias
@ 2013-11-27 13:03 ` Thomas Petazzoni
2013-11-27 13:10 ` Gustavo Zacarias
0 siblings, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2013-11-27 13:03 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Wed, 27 Nov 2013 07:06:41 -0300, Gustavo Zacarias wrote:
> On 11/27/2013 05:24 AM, Thomas Petazzoni wrote:
>
> > I think the broken dynamic loader for mips64 in uClibc is now fixed
> > by package/uclibc/0.9.33.2/uclibc-0009-mips64-fix-n64-interp.patch.
>
> Probably, but besides that it's generally unstable with uClibc (you
> almost certainly can't login properly) where with eglibc it just
> works(tm). Though maybe it just needs a little kick like the recent
> SIGBUS mips64 patch from the uclibc mailing list.
Ok. Then, should we make (e)glibc the default C library for mips64, so
that users will not have a non-working system if they simply build a
basic default configuration for mips64 (which will use uClibc) ?
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc
2013-11-27 13:03 ` Thomas Petazzoni
@ 2013-11-27 13:10 ` Gustavo Zacarias
0 siblings, 0 replies; 8+ messages in thread
From: Gustavo Zacarias @ 2013-11-27 13:10 UTC (permalink / raw)
To: buildroot
On 11/27/2013 10:03 AM, Thomas Petazzoni wrote:
> Ok. Then, should we make (e)glibc the default C library for mips64, so
> that users will not have a non-working system if they simply build a
> basic default configuration for mips64 (which will use uClibc) ?
Yes, i'll test other combinations (mips64 O32/N32/N64) to see what's
best for each scenario before sending a patch.
Regards.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788
2013-11-27 0:51 [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Gustavo Zacarias
2013-11-27 0:51 ` [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc Gustavo Zacarias
@ 2013-11-28 13:46 ` Peter Korsgaard
1 sibling, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2013-11-28 13:46 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
> http://hmarco.org/bugs/CVE-2013-4788.html
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-11-28 13:46 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-27 0:51 [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Gustavo Zacarias
2013-11-27 0:51 ` [Buildroot] [PATCH 2/2] qemu/mips64-malta: switch to eglibc Gustavo Zacarias
2013-11-27 8:24 ` Thomas Petazzoni
2013-11-27 10:06 ` Gustavo Zacarias
2013-11-27 13:03 ` Thomas Petazzoni
2013-11-27 13:10 ` Gustavo Zacarias
2013-11-27 10:15 ` Markos Chandras
2013-11-28 13:46 ` [Buildroot] [PATCH 1/2] eglibc: add security patch for CVE-2013-4788 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.