From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from IND01-MA1-obe.outbound.protection.outlook.com (IND01-MA1-obe.outbound.protection.outlook.com [40.107.138.41]) by mx.groups.io with SMTP id smtpd.web08.1372.1616436288333815276 for ; Mon, 22 Mar 2021 11:04:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kpit.com header.s=selector1 header.b=ILgfHTnE; spf=pass (domain: kpit.com, ip: 40.107.138.41, mailfrom: saloni.jain@kpit.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mD1up6Xf9ryGs3Vj9a/7jjyNAY0+umGLcfxnF72jjw8Z5RBFqxRIVHTCDO+3oIfKMC+ejFWPTQsshKLp3P93jd5JIr4cEvCVfpJcThjcnNmTMhDPQd4NYnGVSNNzEdhZuD0ad/Pqi5po6v34HHuV2G7KUijRte9GScc7B6kxfYg4BrAq3mNOzPtQNoTgYqC7d3iDt/obn0d2dAfZcfwq4M2MnCt3eOAajhwuEn0v8TnVOcfqfG4XyQ9KOnkyzxTMOjTpwv3fnc2teVF99W+JPyDECHqhK+wNOxX50gORSwbUHp2EgQek8p0GvkbhLF54icM88PPsOFfqNajTINk4wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vcC4fICvW9ioFouM1k9VkXTwNDfbGujMpyQl06CHwWk=; b=cfVzvCZemG9dZPnuHfA4dSVT4q3jb2O+nyaEqVlXsm6ZZqWIu1YdHLV5oEs+2+9KxYwa0Eb0ym1MYTGIr5GCbxrji3GeI9Syc3gZwqwlqLJle/3OHlGbil8l/e36l+bz5jBgfBC5spVsNe3npJWKDALlOxi5ca2yiMgIwi3XSyfXt6HFpBP6MkHYXv3sFbMo55HsTCzCfbW0OKCO9I7csZsewxvbBOJ23EjdGLoLPLxz6kRA1TTrzD8zgrdzPjTXQdG1sd+t/KlcJcJ7Geb13n5cBcZqTKCVZrrPX2bfYLPuVky/iENjaj8G53QUrkSoQqHJg1JnjV0NuWu5Y/Unwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kpit.com; dmarc=pass action=none header.from=kpit.com; dkim=pass header.d=kpit.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpit.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vcC4fICvW9ioFouM1k9VkXTwNDfbGujMpyQl06CHwWk=; b=ILgfHTnE52BNIsRyHGDhbzVXXRtvLpsv8YzH7/08WzrzifW3cOkj2ADO61/QOuDKVZmAtLPV+aMRPHl2sA3fR40eurj4FOHvc4yA+SUxoQRidVVt9rxC4e+lajdHOwUI98DhOUHHQ6RtKMl6mFNgeqS0jyC+2lrWPkXOeBFjtCY= Received: from MA1PR01MB3257.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:72::14) by MA1PR01MB4338.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a01:a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Mon, 22 Mar 2021 18:04:38 +0000 Received: from MA1PR01MB3257.INDPRD01.PROD.OUTLOOK.COM ([fe80::2d7a:e21b:b924:4765]) by MA1PR01MB3257.INDPRD01.PROD.OUTLOOK.COM ([fe80::2d7a:e21b:b924:4765%3]) with mapi id 15.20.3955.027; Mon, 22 Mar 2021 18:04:38 +0000 From: "saloni" To: Khem Raj , "openembedded-core@lists.openembedded.org" CC: Nisha Parrakat Subject: Re: [poky][dunfell][PATCH] glibc: Add and modify CVEs Thread-Topic: [poky][dunfell][PATCH] glibc: Add and modify CVEs Thread-Index: AQHXHwYISPJPZbbyr0uK1Vy/+qFK5aqQMqaAgAAWZWw= Date: Mon, 22 Mar 2021 18:04:37 +0000 Message-ID: References: <20210322102745.19513-1-Saloni.Jain@kpit.com>, In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=kpit.com; x-originating-ip: [157.34.147.94] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8afd7490-ba97-44f7-8274-08d8ed5cf55e x-ms-traffictypediagnostic: MA1PR01MB4338: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: T8zXJH3Z+stRw9Y/Rr5amNWHZsAP8qkUxus/DdnaN8e0Qn+bFfGF2Wu0hj8QyiNYNK8Y6ZAadwSCHrAqdrBsPPjfBEPUyayVb7kjzGLC9Upp/MfVqGGAFE99SduPJydxVzmJP/hwEbZZpVDoLDtbKu3eFkxbnWPklJGKPOaMMNB5cz3QuWqeWSGKGUrOYoi+Mpcv5y4l8QXSgkpruSENqEiH4P7FHn8vhmOzqaKSfxFUp/i2h3HNL2RAukPkM5oKoDWBvoUogzw70qqNIIyxqpydwd8VZkyNwTrYK+cerxH5n+Z++oLTYU5DjOV05E21M43iOtS+hmAqOZ/WTayAMY//g8Hc8QbWcogYk+udFsIBGxXj3t1+Kd7GeMNLKuIAFWbPMtl/8AoIj2rj31Afa9wqo+hbBHDITqjb5PP5ahCuz+Wq7ZE6J0VBGS5TwP7YPc+4nKU9j2IVK6BY94Ms9D6VtcE0EYURLqoUtTvEbp4dApmo3hRJ+s+LnVb7JDVoBsgZn2H0HOJMNjJ0n2WoVjIlm1tV39lfh+y9rBVpvVfghISVZFMAm93zFQgunzFhcAiDGdJiCp0n9ji4To6iQlc1GxDmkc4WpnRMngjPelbaKQaw1zGheq27rLXAAGdNfFl+kL7EZ6oA+qvWwvn4ru+rcOLiNyC0VHgH7i6OgJeKj9CV+GsrVxgCXFGEfSCP8VyjwGw5j+vyjrYnTrwHnhTNBRiwD9RSZdULLK3nNdv1BkyzbSJ0KevfvKUgBIvt x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MA1PR01MB3257.INDPRD01.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(346002)(39850400004)(376002)(396003)(186003)(53546011)(52536014)(26005)(33656002)(110136005)(5660300002)(966005)(86362001)(478600001)(45080400002)(8676002)(71200400001)(6506007)(30864003)(7696005)(2906002)(166002)(8936002)(107886003)(83380400001)(19627405001)(316002)(66446008)(66476007)(66574015)(9686003)(66556008)(64756008)(55016002)(66946007)(4326008)(38100700001)(76116006)(2004002)(559001)(579004);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?X6jZCOc4fn2OtoRVS5K8PScpj1S54IZo4ZH+DdyqX6ONt4ra4cMjS64xXmXQ?= =?us-ascii?Q?NGGVfAktTD4ZXklz3sTTyP+CXDcUngyMlT18Q2l/kw+K/XggRCV3Xo4UJ8Qd?= =?us-ascii?Q?jgAx3zQVFXwcZq6J57TPHNJyq2QH91Lev07EajSYwCg/UI36Ko91K6GuTAZF?= =?us-ascii?Q?/9+F6KHtdQUQ4FP8zva0O1y72I/HU/sKU053QiXTv+2D1URnMHe88ROSMWZ8?= =?us-ascii?Q?9jHHaLsPbOo4qJZiPA97b/nOyRm36pdGxNT/v0CAlyxZbIIEigDB09dApWii?= =?us-ascii?Q?FdHUu6YJhx9YbddAaxGafXaG/nRpUFJN73BbkEqdPa0kZVbURcdO4cctXD0b?= =?us-ascii?Q?olE7AXP4V6IxMACgyt7S0MrSNsBwnZVy8skMSWOA49qnW4tAUoZ2FYF8S+h6?= =?us-ascii?Q?rWhbyS78ANwXXOxgJ9qqsPOnjm0yeEaahWOl3fHz8BAptVyRFib+Vlr3XQ9J?= =?us-ascii?Q?FfOGr/L7fqj+KWswsHYycq9dHkD+O2B+jw4ArvH8aTmy+apHR6OifvaqUgKH?= =?us-ascii?Q?BDGAoFK0Np3ccp9CbByP+y8TCG8d56tWQLQonFMhysi8wF/TVKMuf5ahjplR?= =?us-ascii?Q?DSseSUatEdgsCvYE5TvmwUbK2ANtzdCwspogmCUIqW/e15pm4YeDRh1AMd3U?= =?us-ascii?Q?+bRVw15NyCbaxd+eTV9yxSlRov/hzG2g0+/JnMAhKu0vjQJg5mCYkGlxcMEj?= =?us-ascii?Q?uketQnGC91Mea1aDgJEb/TRAPoGPNiij4lek1YDA7RCGJGxHbcsVpLl/1Yfn?= =?us-ascii?Q?O1bI9O8Lk14zHbPpeYyW60PVIOJNnRX89yn8d90t2pvgLQrbK0/XgLzvu7XF?= =?us-ascii?Q?jG939nM5QqZUAN4PSXxsVFOs6NTcZA04go5hm0/WqI1r6lJHsuzSA1et6PGD?= =?us-ascii?Q?EyF3CX9XosbUo5kFlFNhxcE+7tbH2kjoSWGo/eyTwwQlHnqCQZHBZ+H6ukNZ?= =?us-ascii?Q?7SWHdPkBlOe6kO7drAJz5lHKZgA4VCzuQKEaU+v6g7tLiMMfaeNOxtbF7DEO?= =?us-ascii?Q?Zekt9512LxY1CRNfIR03wSAHI9j8EKWPNOh7CRiuN9Ji9NihPqkFI7rnS8Q5?= =?us-ascii?Q?5m6jBOWjKqv4NJcRFGqLEVTDSx3YxBEjxzFAaOQC/aERvCTndlwAXFfhJ0Ju?= =?us-ascii?Q?lWiXaxz5QA3XfqJ8Fv3+KJvlCM6P26v2URYyNQmYpnBcjfTFXHWbL16AcuyF?= =?us-ascii?Q?nCGgdQQpPc3j2Lci+kJrhtEFmwFVfKGGkZ1DEBRX7mDUym0jcdMPunEaV6PN?= =?us-ascii?Q?XdU4wErHnw+EmAKzT0n+Rig4jD8FQ7/+ZVXwjaykxAZCgWXA02SGZSfmluV7?= =?us-ascii?Q?3oU=3D?= MIME-Version: 1.0 X-OriginatorOrg: kpit.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MA1PR01MB3257.INDPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 8afd7490-ba97-44f7-8274-08d8ed5cf55e X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2021 18:04:38.0062 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3539451e-b46e-4a26-a242-ff61502855c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: V9j3GCCRPqdDn0TxABrV67EQ5hpnj8/LqdXhCEwc7q54WlXi9NblaIZJQPbgzkwy3Yh9A2zir9gFh2hrhTC2YQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA1PR01MB4338 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MA1PR01MB3257204AD1DE47E30A709C1087659MA1PR01MB3257INDP_" --_000_MA1PR01MB3257204AD1DE47E30A709C1087659MA1PR01MB3257INDP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello Raj, Yes, checked the discussion and patch on the mailing list in the evening. https://lists.openembedded.org/g/openembedded-core/topic/dunfell_patch_glib= c_pull/81482348?p=3D,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,40,81482348 Updating to latest 2.31 version will make the below patches obsolete and wi= ll be whitelisted, hence below changes can be ignored. Thanks & Regards, Saloni Jain ________________________________ From: Khem Raj Sent: Monday, March 22, 2021 9:58 PM To: Saloni Jain ; openembedded-core@lists.openembedde= d.org Cc: Nisha Parrakat Subject: Re: [poky][dunfell][PATCH] glibc: Add and modify CVEs There is another patch on mailing lists to update to latest 2.31 which should perhaps address these ? On 3/22/21 3:27 AM, Saloni Jain wrote: > Below patch is modified: > 1. CVE-2019-25013 > The previous patch was modified for dunfell > context and causing conflict for CVE-2021-3326. > Hence, the original patch is backported. > Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2= Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-27618&data=3D04%7C01%= 7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4= a26a242ff61502855c7%7C0%7C0%7C637520273080304204%7CUnknown%7CTWFpbGZsb3d8ey= JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&= ;sdata=3D6CnKJfxFf4NpxDANqbuB4wcc3tiRRNF5D%2FKBm18Dq%2FA%3D&reserved=3D= 0 > Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2= Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D9a99c682144bdbd4= 0792ebf822fe9264e0376fb5&data=3D04%7C01%7CSaloni.Jain%40kpit.com%7C35f4= f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C6= 37520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM= zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3Dis4p3gAjo7AJjCtWRldupy= sJakNlQWLhkxaxNcIPvMI%3D&reserved=3D0 > > Below patch is added: > 1. CVE-2021-3326 > Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2= Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1932589&data=3D04%7C01%7CSal= oni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a2= 42ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjo= iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdat= a=3DQIfO6Z9aDldMkDe4nTGwPJO0bF%2F0ovXj%2FEk3nio62sU%3D&reserved=3D0 > Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2= Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Ddca565886b5e8bd7= 966e15f0ca42ee5cff686673&data=3D04%7C01%7CSaloni.Jain%40kpit.com%7C35f4= f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C6= 37520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM= zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3DxNOEDHc6hkgt4hYNZ5pHan= GB9bLrpoUSqda33FAoldI%3D&reserved=3D0 > > Signed-off-by: Saloni Jain > --- > .../glibc/glibc/CVE-2019-25013.patch | 52 +-- > .../glibc/glibc/CVE-2021-3326.patch | 297 ++++++++++++++++++ > meta/recipes-core/glibc/glibc_2.31.bb | 3 +- > 3 files changed, 328 insertions(+), 24 deletions(-) > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/re= cipes-core/glibc/glibc/CVE-2019-25013.patch > index 73df1da868..3e446f2818 100644 > --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > @@ -8,12 +8,14 @@ area and is not allowed. The from_euc_kr function used= to skip two bytes > when told to skip over the unknown designation, potentially running ove= r > the buffer end. > > -Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.co= m/?url=3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%= 3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999b&data=3D04%7C01%7CSaloni.= Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff= 61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4= wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3D= R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3D&reserved=3D0] > CVE: CVE-2019-25013 > -Signed-off-by: Scott Murray > -[Refreshed for Dundell context; Makefile changes] > -Signed-off-by: Armin Kuster > +Upstream Status: Backport [https://apc01.safelinks.protection.outlook.co= m/?url=3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%= 3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999b&data=3D04%7C01%7CSaloni.= Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff= 61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4= wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3D= R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3D&reserved=3D0] > +Comment: No change in any hunk > > +The previous change was modified for dunfell context, causing conflict > +for CVE-2021-3326. Hence, the original patch is backported. > + > +Signed-off-by: Saloni Jain > --- > iconvdata/Makefile | 3 ++- > iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++ > @@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster > 4 files changed, 59 insertions(+), 9 deletions(-) > create mode 100644 iconvdata/bug-iconv13.c > > -Index: git/iconvdata/Makefile > -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > ---- git.orig/iconvdata/Makefile > -+++ git/iconvdata/Makefile > -@@ -73,7 +73,7 @@ modules.so :=3D $(addsuffix .so, $(modules > +diff --git a/iconvdata/Makefile b/iconvdata/Makefile > +index 4ec2741cdc..85009f3390 100644 > +--- a/iconvdata/Makefile > ++++ b/iconvdata/Makefile > +@@ -73,7 +73,8 @@ > ifeq (yes,$(build-shared)) > tests =3D bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-i= conv4 \ > tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv= 9 \ > - bug-iconv10 bug-iconv11 bug-iconv12 > -+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 > ++ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4= \ > ++ bug-iconv13 > ifeq ($(have-thread-library),yes) > tests +=3D bug-iconv3 > endif > -Index: git/iconvdata/bug-iconv13.c > -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c > +new file mode 100644 > +index 0000000000..87aaff398e > --- /dev/null > -+++ git/iconvdata/bug-iconv13.c > ++++ b/iconvdata/bug-iconv13.c > @@ -0,0 +1,53 @@ > +/* bug 24973: Test EUC-KR module > + Copyright (C) 2020 Free Software Foundation, Inc. > @@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c > +} > + > +#include > -Index: git/iconvdata/euc-kr.c > -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > ---- git.orig/iconvdata/euc-kr.c > -+++ git/iconvdata/euc-kr.c > -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c > +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c > +index b0d56cf3ee..1045bae926 100644 > +--- a/iconvdata/euc-kr.c > ++++ b/iconvdata/euc-kr.c > +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) > = \ > if (ch <=3D 0x9f) = \ > ++inptr; = \ > @@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c > { = \ > /* This is illegal. */ = \ > STANDARD_FROM_LOOP_ERR_HANDLER (1); = \ > -Index: git/iconvdata/ksc5601.h > -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > ---- git.orig/iconvdata/ksc5601.h > -+++ git/iconvdata/ksc5601.h > -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s > +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h > +index d3eb3a4ff8..f5cdc72797 100644 > +--- a/iconvdata/ksc5601.h > ++++ b/iconvdata/ksc5601.h > +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t ava= il, unsigned char offset) > unsigned char ch2; > int idx; > > @@ -133,3 +137,5 @@ Index: git/iconvdata/ksc5601.h > ch2 =3D (*s)[1]; > if (ch2 < offset || (ch2 - offset) <=3D 0x20 || (ch2 - offset) >=3D = 0x7f) > return __UNKNOWN_10646_CHAR; > +-- > +2.27.0 > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-3326.patch b/meta/rec= ipes-core/glibc/glibc/CVE-2021-3326.patch > new file mode 100644 > index 0000000000..5f4270a6c8 > --- /dev/null > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-3326.patch > @@ -0,0 +1,297 @@ > +From 7d88c6142c6efc160c0ee5e4f85cde382c072888 Mon Sep 17 00:00:00 2001 > +From: Florian Weimer > +Date: Wed, 27 Jan 2021 13:36:12 +0100 > +Subject: [PATCH] gconv: Fix assertion failure in ISO-2022-JP-3 module (b= ug > + 27256) > + > +The conversion loop to the internal encoding does not follow > +the interface contract that __GCONV_FULL_OUTPUT is only returned > +after the internal wchar_t buffer has been filled completely. This > +is enforced by the first of the two asserts in iconv/skeleton.c: > + > + /* We must run out of output buffer space in this > + rerun. */ > + assert (outbuf =3D=3D outerr); > + assert (nstatus =3D=3D __GCONV_FULL_OUTPUT); > + > +This commit solves this issue by queuing a second wide character > +which cannot be written immediately in the state variable, like > +other converters already do (e.g., BIG5-HKSCS or TSCII). > + > +Reported-by: Tavis Ormandy > + > +CVE: CVE-2021-3326 > +Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.co= m/?url=3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%= 3Bh%3D7d88c6142c6efc160c0ee5e4f85cde382c072888&data=3D04%7C01%7CSaloni.= Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff= 61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4= wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3D= pA1%2BGkOYj%2B%2BYxP2MoiI31NKk5a%2FAwYdivLPnDViRpKE%3D&reserved=3D0] > +Comment: Refreshed only one hunk in Makefile > + > +Signed-off-by: Saloni Jain > +--- > + iconvdata/Makefile | 4 +- > + iconvdata/bug-iconv14.c | 127 ++++++++++++++++++++++++++++++++++++++ > + iconvdata/iso-2022-jp-3.c | 67 ++++++++++++++------ > + 3 files changed, 178 insertions(+), 20 deletions(-) > + create mode 100644 iconvdata/bug-iconv14.c > + > +diff --git a/iconvdata/Makefile b/iconvdata/Makefile > +index c8c532a3e4..55c527a5f7 100644 > +--- a/iconvdata/Makefile > ++++ b/iconvdata/Makefile > +@@ -74,7 +74,7 @@ > + tests =3D bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-ic= onv4 \ > + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9= \ > + bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4= \ > +- bug-iconv13 > ++ bug-iconv13 bug-iconv14 > + ifeq ($(have-thread-library),yes) > + tests +=3D bug-iconv3 > + endif > +@ -322,6 +322,8 @@ $(objpfx)bug-iconv10.out: $(objpfx)gconv-modules \ > + $(addprefix $(objpfx),$(modules.so)) > + $(objpfx)bug-iconv12.out: $(objpfx)gconv-modules \ > + $(addprefix $(objpfx),$(modules.so)) > ++$(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \ > ++ $(addprefix $(objpfx),$(modules.so)) > + > + $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \ > + $(addprefix $(objpfx),$(modules.so)) \ > +diff --git a/iconvdata/bug-iconv14.c b/iconvdata/bug-iconv14.c > +new file mode 100644 > +index 0000000000..902f140fa9 > +--- /dev/null > ++++ b/iconvdata/bug-iconv14.c > +@@ -0,0 +1,127 @@ > ++/* Assertion in ISO-2022-JP-3 due to two-character sequence (bug 27256)= . > ++ Copyright (C) 2021 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ . */ > ++ > ++#include > ++#include > ++#include > ++#include > ++ > ++/* Use an escape sequence to return to the initial state. */ > ++static void > ++with_escape_sequence (void) > ++{ > ++ iconv_t c =3D iconv_open ("UTF-8", "ISO-2022-JP-3"); > ++ TEST_VERIFY_EXIT (c !=3D (iconv_t) -1); > ++ > ++ char in[] =3D "\e$(O+D\e(B"; > ++ char *inbuf =3D in; > ++ size_t inleft =3D strlen (in); > ++ char out[3]; /* Space for one output character. */ > ++ char *outbuf; > ++ size_t outleft; > ++ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t)= -1); > ++ TEST_COMPARE (errno, E2BIG); > ++ TEST_COMPARE (inleft, 3); > ++ TEST_COMPARE (inbuf - in, strlen (in) - 3); > ++ TEST_COMPARE (outleft, sizeof (out) - 2); > ++ TEST_COMPARE (outbuf - out, 2); > ++ TEST_COMPARE (out[0] & 0xff, 0xc3); > ++ TEST_COMPARE (out[1] & 0xff, 0xa6); > ++ > ++ /* Return to the initial shift state, producing the pending > ++ character. */ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), 0); > ++ TEST_COMPARE (inleft, 0); > ++ TEST_COMPARE (inbuf - in, strlen (in)); > ++ TEST_COMPARE (outleft, sizeof (out) - 2); > ++ TEST_COMPARE (outbuf - out, 2); > ++ TEST_COMPARE (out[0] & 0xff, 0xcc); > ++ TEST_COMPARE (out[1] & 0xff, 0x80); > ++ > ++ /* Nothing should be flushed the second time. */ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0); > ++ TEST_COMPARE (outleft, sizeof (out)); > ++ TEST_COMPARE (outbuf - out, 0); > ++ TEST_COMPARE (out[0] & 0xff, 0xcc); > ++ TEST_COMPARE (out[1] & 0xff, 0x80); > ++ > ++ TEST_COMPARE (iconv_close (c), 0); > ++} > ++ > ++/* Use an explicit flush to return to the initial state. */ > ++static void > ++with_flush (void) > ++{ > ++ iconv_t c =3D iconv_open ("UTF-8", "ISO-2022-JP-3"); > ++ TEST_VERIFY_EXIT (c !=3D (iconv_t) -1); > ++ > ++ char in[] =3D "\e$(O+D"; > ++ char *inbuf =3D in; > ++ size_t inleft =3D strlen (in); > ++ char out[3]; /* Space for one output character. */ > ++ char *outbuf; > ++ size_t outleft; > ++ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t)= -1); > ++ TEST_COMPARE (errno, E2BIG); > ++ TEST_COMPARE (inleft, 0); > ++ TEST_COMPARE (inbuf - in, strlen (in)); > ++ TEST_COMPARE (outleft, sizeof (out) - 2); > ++ TEST_COMPARE (outbuf - out, 2); > ++ TEST_COMPARE (out[0] & 0xff, 0xc3); > ++ TEST_COMPARE (out[1] & 0xff, 0xa6); > ++ > ++ /* Flush the pending character. */ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0); > ++ TEST_COMPARE (outleft, sizeof (out) - 2); > ++ TEST_COMPARE (outbuf - out, 2); > ++ TEST_COMPARE (out[0] & 0xff, 0xcc); > ++ TEST_COMPARE (out[1] & 0xff, 0x80); > ++ > ++ /* Nothing should be flushed the second time. */ > ++ outbuf =3D out; > ++ outleft =3D sizeof (out); > ++ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0); > ++ TEST_COMPARE (outleft, sizeof (out)); > ++ TEST_COMPARE (outbuf - out, 0); > ++ TEST_COMPARE (out[0] & 0xff, 0xcc); > ++ TEST_COMPARE (out[1] & 0xff, 0x80); > ++ > ++ TEST_COMPARE (iconv_close (c), 0); > ++} > ++ > ++static int > ++do_test (void) > ++{ > ++ with_escape_sequence (); > ++ with_flush (); > ++ return 0; > ++} > ++ > ++#include > +diff --git a/iconvdata/iso-2022-jp-3.c b/iconvdata/iso-2022-jp-3.c > +index 3eaa847ad9..c8ba88cdc9 100644 > +--- a/iconvdata/iso-2022-jp-3.c > ++++ b/iconvdata/iso-2022-jp-3.c > +@@ -67,23 +67,34 @@ enum > + CURRENT_SEL_MASK =3D 7 << 3 > + }; > + > +-/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the s= tate > +- also contains the last two bytes to be output, shifted by 6 bits, an= d a > +- one-bit indicator whether they must be preceded by the shift sequenc= e, > +- in bit 22. */ > ++/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the > ++ state also contains the last two bytes to be output, shifted by 6 > ++ bits, and a one-bit indicator whether they must be preceded by the > ++ shift sequence, in bit 22. During ISO-2022-JP-3 to UCS-4 > ++ conversion, COUNT may also contain a non-zero pending wide > ++ character, shifted by six bits. This happens for certain inputs in > ++ JISX0213_1_2004_set and JISX0213_2_set if the second wide character > ++ in a combining sequence cannot be written because the buffer is > ++ full. */ > + > + /* Since this is a stateful encoding we have to provide code which rese= ts > + the output state to the initial state. This has to be done during t= he > + flushing. */ > + #define EMIT_SHIFT_TO_INIT \ > +- if ((data->__statep->__count & ~7) !=3D ASCII_set) = \ > ++ if (data->__statep->__count !=3D ASCII_set) \ > + { = \ > + if (FROM_DIRECTION) = \ > + { = \ > +- /* It's easy, we don't have to emit anything, we just reset the= \ > +- state for the input. */ = \ > +- data->__statep->__count &=3D 7; = \ > +- data->__statep->__count |=3D ASCII_set; = \ > ++ if (__glibc_likely (outbuf + 4 <=3D outend)) = \ > ++ { = \ > ++ /* Write out the last character. */ = \ > ++ *((uint32_t *) outbuf) =3D data->__statep->__count >> 6; = \ > ++ outbuf +=3D sizeof (uint32_t); = \ > ++ data->__statep->__count =3D ASCII_set; = \ > ++ } = \ > ++ else = \ > ++ /* We don't have enough room in the output buffer. */ = \ > ++ status =3D __GCONV_FULL_OUTPUT; = \ > + } = \ > + else = \ > + { = \ > +@@ -151,7 +162,21 @@ enum > + #define LOOPFCT FROM_LOOP > + #define BODY \ > + { = \ > +- uint32_t ch =3D *inptr; = \ > ++ uint32_t ch; = \ > ++ = \ > ++ /* Output any pending character. */ = \ > ++ ch =3D set >> 6; = \ > ++ if (__glibc_unlikely (ch !=3D 0)) = \ > ++ { = \ > ++ put32 (outptr, ch); = \ > ++ outptr +=3D 4; = \ > ++ /* Remove the pending character, but preserve state bits. */ = \ > ++ set &=3D (1 << 6) - 1; = \ > ++ continue; = \ > ++ } = \ > ++ = \ > ++ /* Otherwise read the next input byte. */ = \ > ++ ch =3D *inptr; = \ > + = \ > + /* Recognize escape sequences. */ = \ > + if (__glibc_unlikely (ch =3D=3D ESC)) = \ > +@@ -297,21 +322,25 @@ enum > + uint32_t u1 =3D __jisx0213_to_ucs_combining[ch - 1][0]; = \ > + uint32_t u2 =3D __jisx0213_to_ucs_combining[ch - 1][1]; = \ > + = \ > ++ inptr +=3D 2; = \ > ++ = \ > ++ put32 (outptr, u1); = \ > ++ outptr +=3D 4; = \ > ++ = \ > + /* See whether we have room for two characters. */ = \ > +- if (outptr + 8 <=3D outend) = \ > ++ if (outptr + 4 <=3D outend) = \ > + { = \ > +- inptr +=3D 2; = \ > +- put32 (outptr, u1); = \ > +- outptr +=3D 4; = \ > + put32 (outptr, u2); = \ > + outptr +=3D 4; = \ > + continue; = \ > + } = \ > +- else = \ > +- { = \ > +- result =3D __GCONV_FULL_OUTPUT; = \ > +- break; = \ > +- } = \ > ++ = \ > ++ /* Otherwise store only the first character now, and = \ > ++ put the second one into the queue. */ = \ > ++ set |=3D u2 << 6; = \ > ++ /* Tell the caller why we terminate the loop. */ = \ > ++ result =3D __GCONV_FULL_OUTPUT; = \ > ++ break; = \ > + } = \ > + = \ > + inptr +=3D 2; = \ > +-- > +2.27.0 > diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/gl= ibc/glibc_2.31.bb > index b75bbb4196..77eb5b481b 100644 > --- a/meta/recipes-core/glibc/glibc_2.31.bb > +++ b/meta/recipes-core/glibc/glibc_2.31.bb > @@ -41,9 +41,10 @@ SRC_URI =3D "${GLIBC_GIT_URI};branch=3D${SRCBRANCH};n= ame=3Dglibc \ > file://0027-intl-Emit-no-lines-in-bison-generated-files.patc= h \ > file://0028-inject-file-assembly-directives.patch \ > file://0029-locale-prevent-maybe-uninitialized-errors-with-O= s-BZ.patch \ > + file://CVE-2019-25013.patch \ > file://CVE-2020-29562.patch \ > file://CVE-2020-29573.patch \ > - file://CVE-2019-25013.patch \ > + file://CVE-2021-3326.patch \ > " > S =3D "${WORKDIR}/git" > B =3D "${WORKDIR}/build-${TARGET_SYS}" > -- > 2.17.1 > > This message contains information that may be privileged or confidential = and is the property of the KPIT Technologies Ltd. It is intended only for t= he person to whom it is addressed. If you are not the intended recipient, y= ou are not authorized to read, print, retain copy, disseminate, distribute,= or use this message or any part thereof. If you receive this message in er= ror, please notify the sender immediately and delete all copies of this mes= sage. KPIT Technologies Ltd. does not accept any liability for virus infect= ed mails. > This message contains information that may be privileged or confidential an= d is the property of the KPIT Technologies Ltd. It is intended only for the= person to whom it is addressed. If you are not the intended recipient, you= are not authorized to read, print, retain copy, disseminate, distribute, o= r use this message or any part thereof. If you receive this message in erro= r, please notify the sender immediately and delete all copies of this messa= ge. KPIT Technologies Ltd. does not accept any liability for virus infected= mails. --_000_MA1PR01MB3257204AD1DE47E30A709C1087659MA1PR01MB3257INDP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello Raj,

Yes, checked the discussion and patch on the mailing list in the eveni= ng.

Updating to latest 2.31 version will make the below patches obsolete a= nd will be whitelisted, hence below changes can be ignored.

Thanks & Regards,
Saloni Jain
From: Khem Raj <raj.khem= @gmail.com>
Sent: Monday, March 22, 2021 9:58 PM
To: Saloni Jain <Saloni.Jain@kpit.com>; openembedded-core@list= s.openembedded.org <openembedded-core@lists.openembedded.org>
Cc: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Subject: Re: [poky][dunfell][PATCH] glibc: Add and modify CVEs
 
There is another patch on mailing lists to update = to latest 2.31 which
should perhaps address these ?

On 3/22/21 3:27 AM, Saloni Jain wrote:
> Below patch is modified:
> 1. CVE-2019-25013
> The previous patch was modified for dunfell
> context and causing conflict for CVE-2021-3326.
> Hence, the original patch is backported.
> Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fsecurit= y-tracker.debian.org%2Ftracker%2FCVE-2020-27618&amp;data=3D04%7C01%7CSa= loni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a= 242ff61502855c7%7C0%7C0%7C637520273080304204%7CUnknown%7CTWFpbGZsb3d8eyJWIj= oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp= ;sdata=3D6CnKJfxFf4NpxDANqbuB4wcc3tiRRNF5D%2FKBm18Dq%2FA%3D&amp;reserve= d=3D0
> Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fsourcew= are.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D9a99c682144bdbd40792ebf8= 22fe9264e0376fb5&amp;data=3D04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714= 238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C63752= 0273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL= CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=3Dis4p3gAjo7AJjCtWRldupy= sJakNlQWLhkxaxNcIPvMI%3D&amp;reserved=3D0
>
> Below patch is added:
> 1. CVE-2021-3326
> Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzill= a.redhat.com%2Fshow_bug.cgi%3Fid%3D1932589&amp;data=3D04%7C01%7CSaloni.= Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff= 61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4= wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdat= a=3DQIfO6Z9aDldMkDe4nTGwPJO0bF%2F0ovXj%2FEk3nio62sU%3D&amp;reserved=3D0=
> Link: https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fsourcew= are.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Ddca565886b5e8bd7966e15f0= ca42ee5cff686673&amp;data=3D04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714= 238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C63752= 0273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL= CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=3DxNOEDHc6hkgt4hYNZ5pHan= GB9bLrpoUSqda33FAoldI%3D&amp;reserved=3D0
>
> Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
> ---
>   .../glibc/glibc/CVE-2019-25013.patch   &nbs= p;      |  52 +--
>   .../glibc/glibc/CVE-2021-3326.patch    = ;       | 297 ++++++++++++++++++
>   meta/recipes-core/glibc/glibc_2.31.bb   &nb= sp;     |   3 +-
>   3 files changed, 328 insertions(+), 24 deletions(-)
>   create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-= 3326.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta= /recipes-core/glibc/glibc/CVE-2019-25013.patch
> index 73df1da868..3e446f2818 100644
> --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
> +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
> @@ -8,12 +8,14 @@ area and is not allowed.  The from_euc_kr funct= ion used to skip two bytes
>   when told to skip over the unknown designation, potentiall= y running over
>   the buffer end.
>
> -Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.com/?url= =3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D= ee7a3144c9922808181009b7b3e50e852fb4999b&amp;data=3D04%7C01%7CSaloni.Ja= in%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61= 502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL= jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata= =3DR5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3D&amp;reserved=3D0<= /a>]
>   CVE: CVE-2019-25013
> -Signed-off-by: Scott Murray <scott.murray@konsulko.com>
> -[Refreshed for Dundell context; Makefile changes]
> -Signed-off-by: Armin Kuster <akuster@mvista.com>
> +Upstream Status: Backport [https://apc01.safelinks.protection.outlook.com/?url= =3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D= ee7a3144c9922808181009b7b3e50e852fb4999b&amp;data=3D04%7C01%7CSaloni.Ja= in%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61= 502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL= jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata= =3DR5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3D&amp;reserved=3D0<= /a>]
> +Comment: No change in any hunk
>
> +The previous change was modified for dunfell context, causing conflic= t
> +for CVE-2021-3326. Hence, the original patch is backported.
> +
> +Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
>   ---
>    iconvdata/Makefile      |&n= bsp; 3 ++-
>    iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++= ++++++++++++++++++
> @@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster <akuster@mvista.com= >
>    4 files changed, 59 insertions(+), 9 deletions(-) >    create mode 100644 iconvdata/bug-iconv13.c
>
> -Index: git/iconvdata/Makefile
> -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> ---- git.orig/iconvdata/Makefile
> -+++ git/iconvdata/Makefile
> -@@ -73,7 +73,7 @@ modules.so :=3D $(addsuffix .so, $(modules
> +diff --git a/iconvdata/Makefile b/iconvdata/Makefile
> +index 4ec2741cdc..85009f3390 100644
> +--- a/iconvdata/Makefile
> ++++ b/iconvdata/Makefile
> +@@ -73,7 +73,8 @@
>    ifeq (yes,$(build-shared))
>    tests =3D bug-iconv1 bug-iconv2 tst-loading tst-e2bi= g tst-iconv4 bug-iconv4 \
>          tst-iconv6 bug-i= conv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
>   -      bug-iconv10 bug-iconv11 bu= g-iconv12
> -+      bug-iconv10 bug-iconv11 bug-iconv12 b= ug-iconv13
> ++      bug-iconv10 bug-iconv11 bug-iconv12 t= st-iconv-big5-hkscs-to-2ucs4 \
> ++       bug-iconv13
>    ifeq ($(have-thread-library),yes)
>    tests +=3D bug-iconv3
>    endif
> -Index: git/iconvdata/bug-iconv13.c
> -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
> +new file mode 100644
> +index 0000000000..87aaff398e
>   --- /dev/null
> -+++ git/iconvdata/bug-iconv13.c
> ++++ b/iconvdata/bug-iconv13.c
>   @@ -0,0 +1,53 @@
>   +/* bug 24973: Test EUC-KR module
>   +   Copyright (C) 2020 Free Software Foundation,= Inc.
> @@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c
>   +}
>   +
>   +#include <support/test-driver.c>
> -Index: git/iconvdata/euc-kr.c
> -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> ---- git.orig/iconvdata/euc-kr.c
> -+++ git/iconvdata/euc-kr.c
> -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c
> +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
> +index b0d56cf3ee..1045bae926 100644
> +--- a/iconvdata/euc-kr.c
> ++++ b/iconvdata/euc-kr.c
> +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) >            = ;            &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;     \
>        if (ch <=3D 0x9f) &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;     \
>          ++inptr; &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;      \
> @@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c
>          {  &nb= sp;            =             &nb= sp;            =             &nb= sp;            =             \
>          /* This is illeg= al.  */          &nb= sp;            =             &nb= sp;           \
>          STANDARD_FROM_LO= OP_ERR_HANDLER (1);         &n= bsp;            = ;             \=
> -Index: git/iconvdata/ksc5601.h
> -=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> ---- git.orig/iconvdata/ksc5601.h
> -+++ git/iconvdata/ksc5601.h
> -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s
> +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
> +index d3eb3a4ff8..f5cdc72797 100644
> +--- a/iconvdata/ksc5601.h
> ++++ b/iconvdata/ksc5601.h
> +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t = avail, unsigned char offset)
>      unsigned char ch2;
>      int idx;
>
> @@ -133,3 +137,5 @@ Index: git/iconvdata/ksc5601.h
>      ch2 =3D (*s)[1];
>      if (ch2 < offset || (ch2 - offset) &l= t;=3D 0x20 || (ch2 - offset) >=3D 0x7f)
>        return __UNKNOWN_10646_CHAR;=
> +--
> +2.27.0
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-3326.patch b/meta/= recipes-core/glibc/glibc/CVE-2021-3326.patch
> new file mode 100644
> index 0000000000..5f4270a6c8
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2021-3326.patch
> @@ -0,0 +1,297 @@
> +From 7d88c6142c6efc160c0ee5e4f85cde382c072888 Mon Sep 17 00:00:00 200= 1
> +From: Florian Weimer <fweimer@redhat.com>
> +Date: Wed, 27 Jan 2021 13:36:12 +0100
> +Subject: [PATCH] gconv: Fix assertion failure in ISO-2022-JP-3 module= (bug
> + 27256)
> +
> +The conversion loop to the internal encoding does not follow
> +the interface contract that __GCONV_FULL_OUTPUT is only returned
> +after the internal wchar_t buffer has been filled completely.  T= his
> +is enforced by the first of the two asserts in iconv/skeleton.c:
> +
> +           &nb= sp; /* We must run out of output buffer space in this
> +           &nb= sp;    rerun.  */
> +           &nb= sp; assert (outbuf =3D=3D outerr);
> +           &nb= sp; assert (nstatus =3D=3D __GCONV_FULL_OUTPUT);
> +
> +This commit solves this issue by queuing a second wide character
> +which cannot be written immediately in the state variable, like
> +other converters already do (e.g., BIG5-HKSCS or TSCII).
> +
> +Reported-by: Tavis Ormandy <taviso@gmail.com>
> +
> +CVE: CVE-2021-3326
> +Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.com/?u= rl=3Dhttps%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%= 3D7d88c6142c6efc160c0ee5e4f85cde382c072888&amp;data=3D04%7C01%7CSaloni.= Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff= 61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4= wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdat= a=3DpA1%2BGkOYj%2B%2BYxP2MoiI31NKk5a%2FAwYdivLPnDViRpKE%3D&amp;reserved= =3D0]
> +Comment: Refreshed only one hunk in Makefile
> +
> +Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
> +---
> + iconvdata/Makefile        | =   4 +-
> + iconvdata/bug-iconv14.c   | 127 ++++++++++++++++++++++++++= ++++++++++++
> + iconvdata/iso-2022-jp-3.c |  67 ++++++++++++++------
> + 3 files changed, 178 insertions(+), 20 deletions(-)
> + create mode 100644 iconvdata/bug-iconv14.c
> +
> +diff --git a/iconvdata/Makefile b/iconvdata/Makefile
> +index c8c532a3e4..55c527a5f7 100644
> +--- a/iconvdata/Makefile
> ++++ b/iconvdata/Makefile
> +@@ -74,7 +74,7 @@
> + tests =3D bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug= -iconv4 \
> +       tst-iconv6 bug-iconv5 bug-iconv6= tst-iconv7 bug-iconv8 bug-iconv9 \
> +       bug-iconv10 bug-iconv11 bug-icon= v12 tst-iconv-big5-hkscs-to-2ucs4 \
> +-       bug-iconv13
> ++       bug-iconv13 bug-iconv14
> + ifeq ($(have-thread-library),yes)
> + tests +=3D bug-iconv3
> + endif
> +@ -322,6 +322,8 @@ $(objpfx)bug-iconv10.out: $(objpfx)gconv-modules \=
> +           &nb= sp;            = $(addprefix $(objpfx),$(modules.so))
> + $(objpfx)bug-iconv12.out: $(objpfx)gconv-modules \
> +           &nb= sp;            = $(addprefix $(objpfx),$(modules.so))
> ++$(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \
> ++           &n= bsp;            $(ad= dprefix $(objpfx),$(modules.so))
> +
> + $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \<= br> > +           &nb= sp;            $(add= prefix $(objpfx),$(modules.so)) \
> +diff --git a/iconvdata/bug-iconv14.c b/iconvdata/bug-iconv14.c
> +new file mode 100644
> +index 0000000000..902f140fa9
> +--- /dev/null
> ++++ b/iconvdata/bug-iconv14.c
> +@@ -0,0 +1,127 @@
> ++/* Assertion in ISO-2022-JP-3 due to two-character sequence (bug 272= 56).
> ++   Copyright (C) 2021 Free Software Foundation, Inc.
> ++   This file is part of the GNU C Library.
> ++
> ++   The GNU C Library is free software; you can redistribut= e it and/or
> ++   modify it under the terms of the GNU Lesser General Pub= lic
> ++   License as published by the Free Software Foundation; e= ither
> ++   version 2.1 of the License, or (at your option) any lat= er version.
> ++
> ++   The GNU C Library is distributed in the hope that it wi= ll be useful,
> ++   but WITHOUT ANY WARRANTY; without even the implied warr= anty of
> ++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.&nb= sp; See the GNU
> ++   Lesser General Public License for more details.
> ++
> ++   You should have received a copy of the GNU Lesser Gener= al Public
> ++   License along with the GNU C Library; if not, see
> ++   <https://apc01.safelinks.protection.outlook.com/?url=3Dhttps%3A= %2F%2Fwww.gnu.org%2Flicenses%2F&amp;data=3D04%7C01%7CSaloni.Jain%40kpit= .com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%= 7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLC= JQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=3DATC4wLl= R055Je1BzlOKc5TPiEaO2FzX2q0dgiv%2F%2BAck%3D&amp;reserved=3D0>.&n= bsp; */
> ++
> ++#include <iconv.h>
> ++#include <string.h>
> ++#include <errno.h>
> ++#include <support/check.h>
> ++
> ++/* Use an escape sequence to return to the initial state.  */ > ++static void
> ++with_escape_sequence (void)
> ++{
> ++  iconv_t c =3D iconv_open ("UTF-8", "ISO-2022-J= P-3");
> ++  TEST_VERIFY_EXIT (c !=3D (iconv_t) -1);
> ++
> ++  char in[] =3D "\e$(O+D\e(B";
> ++  char *inbuf =3D in;
> ++  size_t inleft =3D strlen (in);
> ++  char out[3];        &= nbsp;         /* Space for one outp= ut character.  */
> ++  char *outbuf;
> ++  size_t outleft;
> ++
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf,= &outleft), (size_t) -1);
> ++  TEST_COMPARE (errno, E2BIG);
> ++  TEST_COMPARE (inleft, 3);
> ++  TEST_COMPARE (inbuf - in, strlen (in) - 3);
> ++  TEST_COMPARE (outleft, sizeof (out) - 2);
> ++  TEST_COMPARE (outbuf - out, 2);
> ++  TEST_COMPARE (out[0] & 0xff, 0xc3);
> ++  TEST_COMPARE (out[1] & 0xff, 0xa6);
> ++
> ++  /* Return to the initial shift state, producing the pending > ++     character.  */
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf,= &outleft), 0);
> ++  TEST_COMPARE (inleft, 0);
> ++  TEST_COMPARE (inbuf - in, strlen (in));
> ++  TEST_COMPARE (outleft, sizeof (out) - 2);
> ++  TEST_COMPARE (outbuf - out, 2);
> ++  TEST_COMPARE (out[0] & 0xff, 0xcc);
> ++  TEST_COMPARE (out[1] & 0xff, 0x80);
> ++
> ++  /* Nothing should be flushed the second time.  */
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), = 0);
> ++  TEST_COMPARE (outleft, sizeof (out));
> ++  TEST_COMPARE (outbuf - out, 0);
> ++  TEST_COMPARE (out[0] & 0xff, 0xcc);
> ++  TEST_COMPARE (out[1] & 0xff, 0x80);
> ++
> ++  TEST_COMPARE (iconv_close (c), 0);
> ++}
> ++
> ++/* Use an explicit flush to return to the initial state.  */ > ++static void
> ++with_flush (void)
> ++{
> ++  iconv_t c =3D iconv_open ("UTF-8", "ISO-2022-J= P-3");
> ++  TEST_VERIFY_EXIT (c !=3D (iconv_t) -1);
> ++
> ++  char in[] =3D "\e$(O+D";
> ++  char *inbuf =3D in;
> ++  size_t inleft =3D strlen (in);
> ++  char out[3];        &= nbsp;         /* Space for one outp= ut character.  */
> ++  char *outbuf;
> ++  size_t outleft;
> ++
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf,= &outleft), (size_t) -1);
> ++  TEST_COMPARE (errno, E2BIG);
> ++  TEST_COMPARE (inleft, 0);
> ++  TEST_COMPARE (inbuf - in, strlen (in));
> ++  TEST_COMPARE (outleft, sizeof (out) - 2);
> ++  TEST_COMPARE (outbuf - out, 2);
> ++  TEST_COMPARE (out[0] & 0xff, 0xc3);
> ++  TEST_COMPARE (out[1] & 0xff, 0xa6);
> ++
> ++  /* Flush the pending character.  */
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), = 0);
> ++  TEST_COMPARE (outleft, sizeof (out) - 2);
> ++  TEST_COMPARE (outbuf - out, 2);
> ++  TEST_COMPARE (out[0] & 0xff, 0xcc);
> ++  TEST_COMPARE (out[1] & 0xff, 0x80);
> ++
> ++  /* Nothing should be flushed the second time.  */
> ++  outbuf =3D out;
> ++  outleft =3D sizeof (out);
> ++  TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), = 0);
> ++  TEST_COMPARE (outleft, sizeof (out));
> ++  TEST_COMPARE (outbuf - out, 0);
> ++  TEST_COMPARE (out[0] & 0xff, 0xcc);
> ++  TEST_COMPARE (out[1] & 0xff, 0x80);
> ++
> ++  TEST_COMPARE (iconv_close (c), 0);
> ++}
> ++
> ++static int
> ++do_test (void)
> ++{
> ++  with_escape_sequence ();
> ++  with_flush ();
> ++  return 0;
> ++}
> ++
> ++#include <support/test-driver.c>
> +diff --git a/iconvdata/iso-2022-jp-3.c b/iconvdata/iso-2022-jp-3.c > +index 3eaa847ad9..c8ba88cdc9 100644
> +--- a/iconvdata/iso-2022-jp-3.c
> ++++ b/iconvdata/iso-2022-jp-3.c
> +@@ -67,23 +67,34 @@ enum
> +   CURRENT_SEL_MASK =3D 7 << 3
> + };
> +
> +-/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of th= e state
> +-   also contains the last two bytes to be output, shifted = by 6 bits, and a
> +-   one-bit indicator whether they must be preceded by the = shift sequence,
> +-   in bit 22.  */
> ++/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of th= e
> ++   state also contains the last two bytes to be output, sh= ifted by 6
> ++   bits, and a one-bit indicator whether they must be prec= eded by the
> ++   shift sequence, in bit 22.  During ISO-2022-JP-3 t= o UCS-4
> ++   conversion, COUNT may also contain a non-zero pending w= ide
> ++   character, shifted by six bits.  This happens for = certain inputs in
> ++   JISX0213_1_2004_set and JISX0213_2_set if the second wi= de character
> ++   in a combining sequence cannot be written because the b= uffer is
> ++   full.  */
> +
> + /* Since this is a stateful encoding we have to provide code which r= esets
> +    the output state to the initial state.  This = has to be done during the
> +    flushing.  */
> + #define EMIT_SHIFT_TO_INIT \
> +-  if ((data->__statep->__count & ~7) !=3D ASCII_set)&= nbsp;           &nbs= p;             = \
> ++  if (data->__statep->__count !=3D ASCII_set)  =             &nb= sp;          \
> +     {       &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +       if (FROM_DIRECTION)  &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;           \
> +       {     &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +-        /* It's easy, we don't ha= ve to emit anything, we just reset the     \
> +-           state f= or the input.  */         = ;            &n= bsp;            = ;       \
> +-        data->__statep->__c= ount &=3D 7;          = ;            &n= bsp;            = ;    \
> +-        data->__statep->__c= ount |=3D ASCII_set;         &= nbsp;           &nbs= p;         \
> ++        if (__glibc_likely (outbu= f + 4 <=3D outend))         = ;            &n= bsp;    \
> ++          {  =             &nb= sp;            =             &nb= sp;            =              \<= br> > ++            /= * Write out the last character.  */      = ;            &n= bsp;         \
> ++            *= ((uint32_t *) outbuf) =3D data->__statep->__count >> 6; &n= bsp;        \
> ++            o= utbuf +=3D sizeof (uint32_t);       &nbs= p;            &= nbsp;           &nbs= p;   \
> ++            d= ata->__statep->__count =3D ASCII_set;     &n= bsp;            = ;    \
> ++          }  =             &nb= sp;            =             &nb= sp;            =              \<= br> > ++        else   &nb= sp;            =             &nb= sp;            =             &nb= sp;          \
> ++          /* We don't h= ave enough room in the output buffer.  */     = ;       \
> ++          status =3D __= GCONV_FULL_OUTPUT;         &nb= sp;            =             &nb= sp;  \
> +       }     &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +       else    &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;           \
> +       {     &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +@@ -151,7 +162,21 @@ enum
> + #define LOOPFCT         = ;            &n= bsp; FROM_LOOP
> + #define BODY \
> +   {         &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +-    uint32_t ch =3D *inptr;    &n= bsp;            = ;            &n= bsp;            = ;         \
> ++    uint32_t ch;      &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;   \
> ++           &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \
> ++    /* Output any pending character.  */ &n= bsp;            = ;            &n= bsp;         \
> ++    ch =3D set >> 6;    &nb= sp;            =             &nb= sp;            =             &nb= sp;   \
> ++    if (__glibc_unlikely (ch !=3D 0))  &nbs= p;            &= nbsp;           &nbs= p;             = \
> ++      {      =             &nb= sp;            =             &nb= sp;            =             &nb= sp;        \
> ++      put32 (outptr, ch);   =             &nb= sp;            =             &nb= sp;          \
> ++      outptr +=3D 4;    = ;            &n= bsp;            = ;            &n= bsp;            = ;    \
> ++      /* Remove the pending character, but = preserve state bits.  */       &nbs= p; \
> ++      set &=3D (1 << 6) - 1; = ;            &n= bsp;            = ;            &n= bsp;           \
> ++      continue;    &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;      \
> ++      }      =             &nb= sp;            =             &nb= sp;            =             &nb= sp;        \
> ++           &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \
> ++    /* Otherwise read the next input byte.  */&n= bsp;            = ;            &n= bsp;            \ > ++    ch =3D *inptr;      = ;            &n= bsp;            = ;            &n= bsp;            = ;    \
> +           &nb= sp;            =             &nb= sp;            =             &nb= sp;            =    \
> +     /* Recognize escape sequences.  */ = ;            &n= bsp;            = ;            &n= bsp;       \
> +     if (__glibc_unlikely (ch =3D=3D ESC)) &= nbsp;           &nbs= p;            &= nbsp;            \ > +@@ -297,21 +322,25 @@ enum
> +           uint32_t= u1 =3D __jisx0213_to_ucs_combining[ch - 1][0];    &nbs= p;        \
> +           uint32_t= u2 =3D __jisx0213_to_ucs_combining[ch - 1][1];    &nbs= p;        \
> +           &nb= sp;            =             &nb= sp;            =             &nb= sp;            =    \
> ++          inptr +=3D 2;=             &nb= sp;            =             &nb= sp;            =      \
> ++           &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \
> ++          put32 (outptr= , u1);           &nb= sp;            =             &nb= sp;          \
> ++          outptr +=3D 4= ;            &n= bsp;            = ;            &n= bsp;            = ;    \
> ++           &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \
> +           /* See w= hether we have room for two characters.  */    &nb= sp;          \
> +-          if (outptr + = 8 <=3D outend)         &nbs= p;            &= nbsp;           &nbs= p;      \
> ++          if (outptr + = 4 <=3D outend)         &nbs= p;            &= nbsp;           &nbs= p;      \
> +           &nb= sp; {           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +-           &n= bsp;  inptr +=3D 2;        &nb= sp;            =             &nb= sp;            =      \
> +-           &n= bsp;  put32 (outptr, u1);       &nb= sp;            =             &nb= sp;          \
> +-           &n= bsp;  outptr +=3D 4;        &n= bsp;            = ;            &n= bsp;            = ;    \
> +           &nb= sp;   put32 (outptr, u2);      &nbs= p;            &= nbsp;           &nbs= p;           \
> +           &nb= sp;   outptr +=3D 4;       &nb= sp;            =             &nb= sp;            =      \
> +           &nb= sp;   continue;        &n= bsp;            = ;            &n= bsp;            = ;       \
> +           &nb= sp; }           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +-          else &nb= sp;            =             &nb= sp;            =             &nb= sp;          \
> +-            {=             &nb= sp;            =             &nb= sp;            =              \<= br> > +-           &n= bsp;  result =3D __GCONV_FULL_OUTPUT;     &nb= sp;            =             &nb= sp;  \
> +-           &n= bsp;  break;         &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;        \
> +-            }=             &nb= sp;            =             &nb= sp;            =              \<= br> > ++           &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;            = ;  \
> ++          /* Otherwise = store only the first character now, and      =         \
> ++           &n= bsp; put the second one into the queue.  */    &nb= sp;            =         \
> ++          set |=3D u2 &= lt;< 6;           = ;            &n= bsp;            = ;            &n= bsp;  \
> ++          /* Tell the c= aller why we terminate the loop.  */     &nbs= p;           \
> ++          result =3D __= GCONV_FULL_OUTPUT;         &nb= sp;            =             &nb= sp;  \
> ++          break; &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;        \
> +         }   &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; \
> +           &nb= sp;            =             &nb= sp;            =             &nb= sp;            =    \
> +       inptr +=3D 2;   &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     \
> +--
> +2.27.0
> diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core= /glibc/glibc_2.31.bb
> index b75bbb4196..77eb5b481b 100644
> --- a/meta/recipes-core/glibc/glibc_2.31.bb
> +++ b/meta/recipes-core/glibc/glibc_2.31.bb
> @@ -41,9 +41,10 @@ SRC_URI =3D  "${GLIBC_GIT_URI};branch=3D$= {SRCBRANCH};name=3Dglibc \
>            = ;  file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
>            = ;  file:= //0028-inject-file-assembly-directives.patch \
>            = ;  file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch = \
> +           file://CVE-2019-25013.patch \
>            = ;  file://CVE-2020-29562.patch= \
>            = ;  file://CVE-2020-29573.patch= \
> -           file://CVE-2019-25013.patch \
> +           file://CVE-2021-3326.patch \
>            = ;  "
>   S =3D "${WORKDIR}/git"
>   B =3D "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.17.1
>
> This message contains information that may be privileged or confidenti= al and is the property of the KPIT Technologies Ltd. It is intended only fo= r the person to whom it is addressed. If you are not the intended recipient= , you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part ther= eof. If you receive this message in error, please notify the sender immedia= tely and delete all copies of this message. KPIT Technologies Ltd. does not= accept any liability for virus infected mails.
>
This message contains information that may be privileged or confidential an= d is the property of the KPIT Technologies Ltd. It is intended only for the= person to whom it is addressed. If you are not the intended recipient, you= are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part ther= eof. If you receive this message in error, please notify the sender immedia= tely and delete all copies of this message. KPIT Technologies Ltd. does not= accept any liability for virus infected mails. --_000_MA1PR01MB3257204AD1DE47E30A709C1087659MA1PR01MB3257INDP_--