@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.35/master"
PV = "2.35"
-SRCREV_glibc ?= "1c7f51c75ae300fe52ccb636e71b8e28cb20824c"
+SRCREV_glibc ?= "cbceb903c4d770acc7e4ba5641036516830ed69b"
SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
deleted file mode 100644
@@ -1,82 +0,0 @@
-From 952aff5c00ad7c6b83c3f310f2643939538827f8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?=
- =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= <leo@yuriev.ru>
-Date: Sat, 4 Feb 2023 14:41:38 +0300
-Subject: [PATCH] gmon: Fix allocated buffer overflow (bug 29444)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The `__monstartup()` allocates a buffer used to store all the data
-accumulated by the monitor.
-
-The size of this buffer depends on the size of the internal structures
-used and the address range for which the monitor is activated, as well
-as on the maximum density of call instructions and/or callable functions
-that could be potentially on a segment of executable code.
-
-In particular a hash table of arcs is placed at the end of this buffer.
-The size of this hash table is calculated in bytes as
- p->fromssize = p->textsize / HASHFRACTION;
-
-but actually should be
- p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
-
-This results in writing beyond the end of the allocated buffer when an
-added arc corresponds to a call near from the end of the monitored
-address range, since `_mcount()` check the incoming caller address for
-monitored range but not the intermediate result hash-like index that
-uses to write into the table.
-
-It should be noted that when the results are output to `gmon.out`, the
-table is read to the last element calculated from the allocated size in
-bytes, so the arcs stored outside the buffer boundary did not fall into
-`gprof` for analysis. Thus this "feature" help me to found this bug
-during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438
-
-Just in case, I will explicitly note that the problem breaks the
-`make test t=gmon/tst-gmon-dso` added for Bug 29438.
-There, the arc of the `f3()` call disappears from the output, since in
-the DSO case, the call to `f3` is located close to the end of the
-monitored range.
-
-Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
-
-Another minor error seems a related typo in the calculation of
-`kcountsize`, but since kcounts are smaller than froms, this is
-actually to align the p->froms data.
-
-Co-authored-by: DJ Delorie <dj@redhat.com>
-Reviewed-by: Carlos O'Donell <carlos@redhat.com>
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc]
-CVE: CVE-2023-0687
-Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
----
- gmon/gmon.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/gmon/gmon.c b/gmon/gmon.c
-index dee6480..bf76358 100644
---- a/gmon/gmon.c
-+++ b/gmon/gmon.c
-@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc)
- p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
- p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
- p->textsize = p->highpc - p->lowpc;
-+ /* This looks like a typo, but it's here to align the p->froms
-+ section. */
- p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
- p->hashfraction = HASHFRACTION;
- p->log_hashfraction = -1;
-@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc)
- instead of integer division. Precompute shift amount. */
- p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
- }
-- p->fromssize = p->textsize / HASHFRACTION;
-+ p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
- p->tolimit = p->textsize * ARCDENSITY / 100;
- if (p->tolimit < MINARCS)
- p->tolimit = MINARCS;
---
-2.7.4
@@ -50,7 +50,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
\
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
- file://CVE-2023-0687.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"