All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/uclibc: update to 1.0.39
@ 2021-10-07 18:36 Waldemar Brodkorb
  2021-10-09 10:22 ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Waldemar Brodkorb @ 2021-10-07 18:36 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 ...PIC-builds-with-newer-gcc-binutils-w.patch | 91 -------------------
 package/uclibc/uclibc.hash                    |  4 +-
 package/uclibc/uclibc.mk                      |  2 +-
 3 files changed, 3 insertions(+), 94 deletions(-)
 delete mode 100644 package/uclibc/0001-powerpc-fix-PIE-PIC-builds-with-newer-gcc-binutils-w.patch

diff --git a/package/uclibc/0001-powerpc-fix-PIE-PIC-builds-with-newer-gcc-binutils-w.patch b/package/uclibc/0001-powerpc-fix-PIE-PIC-builds-with-newer-gcc-binutils-w.patch
deleted file mode 100644
index 040699df83..0000000000
--- a/package/uclibc/0001-powerpc-fix-PIE-PIC-builds-with-newer-gcc-binutils-w.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 6c95eccff5eb43c8c3ad865d3b1316b7952cc58e Mon Sep 17 00:00:00 2001
-From: Yann Sionneau <yann@sionneau.net>
-Date: Fri, 28 May 2021 08:59:58 +0200
-Subject: [PATCH] powerpc: fix PIE/PIC builds with newer gcc/binutils which use
- secureplt by default
-
-This patch fixes segfault of all user space processes (including init, which caused a panic) on recent buildroot powerpc32 builds.
-
-The issue has been reported by Romain Naour in this thread: https://mailman.uclibc-ng.org/pipermail/devel/2021-May/002068.html
-
-Recent buildroot toolchain enables secure PLT in powerpc gcc.
-The latter will then supply -msecure-plt to gas invocations by default.
-Recent buildroot also enables PIE by default.
-
-For the secure PLT to work in PIC, the r30 register needs to point to the GOT.
-Old "bss plt" was just a one-instruction-wide PLT slot, pointed-to by a R_PPC_JMP_SLOT relocation, which was written on-the-fly to contain a branch instruction to the correct address. It therefore had to stay writable+executable, which you generally want to avoid for security reasons.
-New secure PLT only contains read-only code which loads the branch address from the writable GOT.
-
-Note: secure PLT without PIC does not need r30 to be set. Because offset between plt stub code and got is known at link-time. In this case the PLT entry looks like:
-1009b3e0 <__uClibc_main@plt>:
-1009b3e0:       3d 60 10 0e     lis     r11,4110
-1009b3e4:       81 6b 03 74     lwz     r11,884(r11)
-1009b3e8:       7d 69 03 a6     mtctr   r11
-1009b3ec:       4e 80 04 20     bctr
-
-Whereas secure PLT with PIC - offset between plt and got is unknown at link-time - looks like this:
-000af800 <00000000.plt_pic32.__uClibc_main>:
-   af800:       81 7e 03 80     lwz     r11,896(r30)
-   af804:       7d 69 03 a6     mtctr   r11
-   af808:       4e 80 04 20     bctr
-   af80c:       60 00 00 00     nop
-
-Upstream status: Pending:
-https://mailman.uclibc-ng.org/pipermail/devel/2021-May/002091.html
-
-Signed-off-by: Yann Sionneau <yann@sionneau.net>
-Signed-off-by: Romain Naour <romain.naour@gmail.com>
----
- Rules.mak                         | 3 ++-
- ldso/ldso/powerpc/dl-startup.h    | 3 +++
- libc/sysdeps/linux/powerpc/crt1.S | 4 ++++
- 3 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/Rules.mak b/Rules.mak
-index 10f88b3de..60ac59b85 100644
---- a/Rules.mak
-+++ b/Rules.mak
-@@ -477,9 +477,10 @@ ifeq ($(TARGET_ARCH),powerpc)
- 	PICFLAG:=-fpic
- 	PIEFLAG_NAME:=-fpie
- 	PPC_HAS_REL16:=$(shell printf "\t.text\n\taddis 11,30,_GLOBAL_OFFSET_TABLE_-.@ha\n" | $(CC) -c -x assembler -o /dev/null -  2> /dev/null && echo -n y || echo -n n)
-+	PPC_HAS_SECUREPLT:=$(shell $(CC) --verbose 2>&1 | grep -- --enable-secureplt > /dev/null && echo -n y || echo -n n)
-+	CPU_CFLAGS-$(PPC_HAS_SECUREPLT) += -DPPC_HAS_SECUREPLT
- 	CPU_CFLAGS-$(PPC_HAS_REL16)+= -DHAVE_ASM_PPC_REL16
- 	CPU_CFLAGS-$(CONFIG_E500) += "-D__NO_MATH_INLINES"
--
- endif
- 
- ifeq ($(TARGET_ARCH),bfin)
-diff --git a/ldso/ldso/powerpc/dl-startup.h b/ldso/ldso/powerpc/dl-startup.h
-index 8b2a517e2..7749395eb 100644
---- a/ldso/ldso/powerpc/dl-startup.h
-+++ b/ldso/ldso/powerpc/dl-startup.h
-@@ -25,6 +25,9 @@ __asm__(
- #else
-     "	bl	_GLOBAL_OFFSET_TABLE_-4@local\n" /*  Put our GOT pointer in r31, */
-     "	mflr	31\n"
-+#endif
-+#ifdef PPC_HAS_SECUREPLT
-+    "   mr      30,31\n"
- #endif
-     "	addi	1,1,16\n" /* Restore SP */
-     "	lwz	7,_dl_skip_args@got(31)\n" /* load EA of _dl_skip_args */
-diff --git a/libc/sysdeps/linux/powerpc/crt1.S b/libc/sysdeps/linux/powerpc/crt1.S
-index 27bfc5a5a..3f5d056c0 100644
---- a/libc/sysdeps/linux/powerpc/crt1.S
-+++ b/libc/sysdeps/linux/powerpc/crt1.S
-@@ -56,6 +56,10 @@ _start:
- # else
- 	bl	_GLOBAL_OFFSET_TABLE_-4@local
- 	mflr	r31
-+# endif
-+	/* in PIC/PIE, plt stubs need r30 to point to the GOT if using secure-plt */
-+# ifdef PPC_HAS_SECUREPLT
-+	mr	30,31
- # endif
- #endif
- 	/* Set up the small data pointer in r13.  */
--- 
-2.31.1
-
diff --git a/package/uclibc/uclibc.hash b/package/uclibc/uclibc.hash
index 2935785f48..25bbabf2ea 100644
--- a/package/uclibc/uclibc.hash
+++ b/package/uclibc/uclibc.hash
@@ -1,4 +1,4 @@
-# From https://downloads.uclibc-ng.org/releases/1.0.38/uClibc-ng-1.0.38.tar.xz.sha256
-sha256  b1a3328330d2c94a2bec8c1436a8f15673f3a9b5895e155efc2e91d4e1882570  uClibc-ng-1.0.38.tar.xz
+# From https://downloads.uclibc-ng.org/releases/1.0.38/uClibc-ng-1.0.39.tar.xz.sha256
+sha256  cb089dfe14867a38f222d6428e85d0e1191dcbb66dd9b1a671484f6bc7c81920  uClibc-ng-1.0.39.tar.xz
 # Locally calculated
 sha256  6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING.LIB
diff --git a/package/uclibc/uclibc.mk b/package/uclibc/uclibc.mk
index 180ed9951e..87e283de2a 100644
--- a/package/uclibc/uclibc.mk
+++ b/package/uclibc/uclibc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-UCLIBC_VERSION = 1.0.38
+UCLIBC_VERSION = 1.0.39
 UCLIBC_SOURCE = uClibc-ng-$(UCLIBC_VERSION).tar.xz
 UCLIBC_SITE = https://downloads.uclibc-ng.org/releases/$(UCLIBC_VERSION)
 UCLIBC_LICENSE = LGPL-2.1+
-- 
2.30.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/uclibc: update to 1.0.39
  2021-10-07 18:36 [Buildroot] [PATCH] package/uclibc: update to 1.0.39 Waldemar Brodkorb
@ 2021-10-09 10:22 ` Peter Korsgaard
  2021-10-09 11:13   ` Waldemar Brodkorb
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2021-10-09 10:22 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: buildroot

>>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:

 > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Committed, thanks.

Your announcement mentions something about a DNS security issue, does
this mean that this should also be backported to the stable branches?
Is there an advisory or a CVE available?

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/uclibc: update to 1.0.39
  2021-10-09 10:22 ` Peter Korsgaard
@ 2021-10-09 11:13   ` Waldemar Brodkorb
  2021-10-09 18:04     ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Waldemar Brodkorb @ 2021-10-09 11:13 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: buildroot

Hi,
Peter Korsgaard wrote,

> >>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:
> 
>  > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
> 
> Committed, thanks.
> 
> Your announcement mentions something about a DNS security issue, does
> this mean that this should also be backported to the stable branches?

Could be not bad.

> Is there an advisory or a CVE available?

Not yet as I know.
I asked the reporter on Thursday if they managed to open one.

best regards
 Waldemar
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/uclibc: update to 1.0.39
  2021-10-09 11:13   ` Waldemar Brodkorb
@ 2021-10-09 18:04     ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-10-09 18:04 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: Waldemar Brodkorb, buildroot

>>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:

 > Hi,
 > Peter Korsgaard wrote,

 >> >>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:
 >> 
 >> > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
 >> 
 >> Committed, thanks.
 >> 
 >> Your announcement mentions something about a DNS security issue, does
 >> this mean that this should also be backported to the stable branches?

 > Could be not bad.

 >> Is there an advisory or a CVE available?

 > Not yet as I know.
 > I asked the reporter on Thursday if they managed to open one.

Ok.

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-09 18:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 18:36 [Buildroot] [PATCH] package/uclibc: update to 1.0.39 Waldemar Brodkorb
2021-10-09 10:22 ` Peter Korsgaard
2021-10-09 11:13   ` Waldemar Brodkorb
2021-10-09 18:04     ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.