diff options
Diffstat (limited to 'external/poky/meta/recipes-support')
26 files changed, 2285 insertions, 7 deletions
diff --git a/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb b/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb index 7975f58b..0bdb1e37 100644 --- a/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb +++ b/external/poky/meta/recipes-support/atk/at-spi2-core_2.28.0.bb @@ -18,7 +18,7 @@ inherit meson gtk-doc gettext systemd pkgconfig distro_features_check upstream-v REQUIRED_DISTRO_FEATURES = "x11" EXTRA_OEMESON = " -Dsystemd_user_dir=${systemd_user_unitdir} \ - -Ddbus_daemon=${bindir}" + -Ddbus_daemon=${bindir}/dbus-daemon" GTKDOC_ENABLE_FLAG = "-Denable_docs=true" GTKDOC_DISABLE_FLAG = "-Denable_docs=false" diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch new file mode 100644 index 00000000..3776f362 --- /dev/null +++ b/external/poky/meta/recipes-support/curl/curl/CVE-2018-16890.patch @@ -0,0 +1,50 @@ +From 53d3c2f92b4a7561b1006494badf8cf2ef9110c0 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 2 Jan 2019 20:33:08 +0100 +Subject: [PATCH 1/3] NTLM: fix size check condition for type2 received data + +Bug: https://curl.haxx.se/docs/CVE-2018-16890.html +Reported-by: Wenxiang Qian +CVE-2018-16890 + +Upstream-Status: Backport +[https://github.com/curl/curl/commit +/b780b30d1377adb10bbe774835f49e9b237fb9bb] + +CVE: CVE-2018-16890 + +Signed-off-by: Kevin Weng <t-keweng@microsoft.com> +--- + lib/vauth/ntlm.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c +index cdb8d8f0d..0212756ab 100644 +--- a/lib/vauth/ntlm.c ++++ b/lib/vauth/ntlm.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, + target_info_len = Curl_read16_le(&buffer[40]); + target_info_offset = Curl_read32_le(&buffer[44]); + if(target_info_len > 0) { +- if(((target_info_offset + target_info_len) > size) || ++ if((target_info_offset >= size) || ++ ((target_info_offset + target_info_len) > size) || + (target_info_offset < 48)) { + infof(data, "NTLM handshake failure (bad type-2 message). " +- "Target Info Offset Len is set incorrect by the peer\n"); ++ "Target Info Offset Len is set incorrect by the peer\n"); + return CURLE_BAD_CONTENT_ENCODING; + } + +-- +2.22.0 + diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch new file mode 100644 index 00000000..4f612ddd --- /dev/null +++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3822.patch @@ -0,0 +1,47 @@ +From 761b51f66c7b1cd2cd6c71b807bfdb6a27c49b30 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 3 Jan 2019 12:59:28 +0100 +Subject: [PATCH 2/3] ntlm: fix *_type3_message size check to avoid buffer + overflow + +Bug: https://curl.haxx.se/docs/CVE-2019-3822.html +Reported-by: Wenxiang Qian +CVE-2019-3822 + +Upstream-Status: Backport +[https://github.com/curl/curl/commit +/50c9484278c63b958655a717844f0721263939cc] + +CVE: CVE-2019-3822 + +Signed-off-by: Kevin Weng <t-keweng@microsoft.com> +--- + lib/vauth/ntlm.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c +index 0212756ab..3be0403d9 100644 +--- a/lib/vauth/ntlm.c ++++ b/lib/vauth/ntlm.c +@@ -777,11 +777,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, + }); + + #ifdef USE_NTRESPONSES +- if(size < (NTLM_BUFSIZE - ntresplen)) { +- DEBUGASSERT(size == (size_t)ntrespoff); +- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); +- size += ntresplen; ++ /* ntresplen + size should not be risking an integer overflow here */ ++ if(ntresplen + size > sizeof(ntlmbuf)) { ++ failf(data, "incoming NTLM message too big"); ++ return CURLE_OUT_OF_MEMORY; + } ++ DEBUGASSERT(size == (size_t)ntrespoff); ++ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); ++ size += ntresplen; + + DEBUG_OUT({ + fprintf(stderr, "\n ntresp="); +-- +2.22.0 + diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch new file mode 100644 index 00000000..194e6e64 --- /dev/null +++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-3823.patch @@ -0,0 +1,55 @@ +From 40f6c913f63cdbfa81daa7ac7f1c7415bb99edeb Mon Sep 17 00:00:00 2001 +From: Daniel Gustafsson <daniel@yesql.se> +Date: Sat, 19 Jan 2019 00:42:47 +0100 +Subject: [PATCH 3/3] smtp: avoid risk of buffer overflow in strtol + +If the incoming len 5, but the buffer does not have a termination +after 5 bytes, the strtol() call may keep reading through the line +buffer until is exceeds its boundary. Fix by ensuring that we are +using a bounded read with a temporary buffer on the stack. + +Bug: https://curl.haxx.se/docs/CVE-2019-3823.html +Reported-by: Brian Carpenter (Geeknik Labs) +CVE-2019-3823 + +Upstream-Status: Backport +[https://github.com/curl/curl/commit +/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484] + +CVE: CVE-2019-3823 + +Signed-off-by: Kevin Weng <t-keweng@microsoft.com> +--- + lib/smtp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/smtp.c b/lib/smtp.c +index ecf10a41a..1b9f92d30 100644 +--- a/lib/smtp.c ++++ b/lib/smtp.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. ++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, + Section 4. Examples of RFC-4954 but some e-mail servers ignore this and + only send the response code instead as per Section 4.2. */ + if(line[3] == ' ' || len == 5) { ++ char tmpline[6]; ++ + result = TRUE; +- *resp = curlx_sltosi(strtol(line, NULL, 10)); ++ memset(tmpline, '\0', sizeof(tmpline)); ++ memcpy(tmpline, line, (len == 5 ? 5 : 3)); ++ *resp = curlx_sltosi(strtol(tmpline, NULL, 10)); + + /* Make sure real server never sends internal value */ + if(*resp == 1) +-- +2.22.0 + diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch new file mode 100644 index 00000000..91b18669 --- /dev/null +++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch @@ -0,0 +1,68 @@ +From 38319e0717844c32464a6c7630de9be226f1c6f4 Mon Sep 17 00:00:00 2001 +From: Thomas Vegas <> +Date: Sat, 31 Aug 2019 17:30:51 +0200 +Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is + received +Reply-To: muislam@microsoft.com + +Fixes potential buffer overflow from 'recvfrom()', should the server +return an OACK without blksize. + +Bug: https://curl.haxx.se/docs/CVE-2019-5482.html + +CVE: CVE-2019-5482 + +Upstream-Status: Backport + +Signed-off-by: Muminul Islam <muislam@microsoft.com> +--- + lib/tftp.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/lib/tftp.c b/lib/tftp.c +index 064eef318..2c148e3e1 100644 +--- a/lib/tftp.c ++++ b/lib/tftp.c +@@ -969,6 +969,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) + { + tftp_state_data_t *state; + int blksize; ++ int need_blksize; + + blksize = TFTP_BLKSIZE_DEFAULT; + +@@ -983,15 +984,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) + return CURLE_TFTP_ILLEGAL; + } + ++ need_blksize = blksize; ++ /* default size is the fallback when no OACK is received */ ++ if(need_blksize < TFTP_BLKSIZE_DEFAULT) ++ need_blksize = TFTP_BLKSIZE_DEFAULT; ++ + if(!state->rpacket.data) { +- state->rpacket.data = calloc(1, blksize + 2 + 2); ++ state->rpacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->rpacket.data) + return CURLE_OUT_OF_MEMORY; + } + + if(!state->spacket.data) { +- state->spacket.data = calloc(1, blksize + 2 + 2); ++ state->spacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->spacket.data) + return CURLE_OUT_OF_MEMORY; +@@ -1005,7 +1011,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = blksize; ++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = +-- +2.23.0 + diff --git a/external/poky/meta/recipes-support/curl/curl_7.61.0.bb b/external/poky/meta/recipes-support/curl/curl_7.61.0.bb index 1027f75e..cd880f9e 100644 --- a/external/poky/meta/recipes-support/curl/curl_7.61.0.bb +++ b/external/poky/meta/recipes-support/curl/curl_7.61.0.bb @@ -13,6 +13,10 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2018-16842.patch \ file://CVE-2019-5435.patch \ file://CVE-2019-5436.patch \ + file://CVE-2018-16890.patch \ + file://CVE-2019-3822.patch \ + file://CVE-2019-3823.patch \ + file://CVE-2019-5482.patch \ " SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch new file mode 100644 index 00000000..4a280f9d --- /dev/null +++ b/external/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch @@ -0,0 +1,31 @@ +From 0df5800cc2e720aad883a517f7d24a9722fe5845 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 20 Dec 2018 17:37:48 -0800 +Subject: [PATCH] Woverride-init is not needed with gcc 9 + +Fixes +| ../../gnupg-2.2.12/dirmngr/dns.h:525:16: error: lvalue required as +unary '&' operand | +525 | dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__ +}), (P)) + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + dirmngr/dns.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 30d0b45..98fe412 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -154,7 +154,7 @@ DNS_PUBLIC int *dns_debug_p(void); + + #define dns_quietinit(...) \ + DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP +-#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4 ++#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9) + #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") + #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") + #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index 3f1c3aba..c43ecdf8 100644 --- a/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/external/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 8eb4d25c25a1c1323797d94e0727a3e42b7f3287 Mon Sep 17 00:00:00 2001 +From c69c3a49f3295179c247db5ceb3ef8952928a724 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 4d66af9..b9ef235 100644 +index 919ab31..cd58fdb 100644 --- a/configure.ac +++ b/configure.ac -@@ -1848,7 +1848,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1855,7 +1855,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch b/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch index c494ef80..1a5ea4aa 100644 --- a/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/external/poky/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From f9fc214b0bf2f67b515ca8a5333f39c497d1b518 Mon Sep 17 00:00:00 2001 +From 6d31b04d7a75f1d73c3518bf043b5b0a2dc40cb1 Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@intel.com> Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its diff --git a/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb b/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb index 1f381c2d..a02c66a0 100644 --- a/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb +++ b/external/poky/meta/recipes-support/gnupg/gnupg_2.2.12.bb @@ -14,7 +14,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0003-dirmngr-uses-libgpg-error.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ - " + file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + " SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch new file mode 100644 index 00000000..823869e8 --- /dev/null +++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch @@ -0,0 +1,39 @@ +From 367688c05988bc7257d7e1801c5acf17ef7e854d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Tue, 12 Feb 2019 15:09:11 +0100 +Subject: [PATCH 1/3] Automatically NULLify after gnutls_free() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This method prevents direct use-after-free and +double-free issues. + +Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> + +CVE: CVE-2019-3829 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + lib/includes/gnutls/gnutls.h.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in +index 49990b5f5..fa77fd0df 100644 +--- a/lib/includes/gnutls/gnutls.h.in ++++ b/lib/includes/gnutls/gnutls.h.in +@@ -2132,6 +2132,10 @@ extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc; + extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc; + extern _SYM_EXPORT gnutls_free_function gnutls_free; + ++#ifdef GNUTLS_INTERNAL_BUILD ++#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL ++#endif ++ + extern _SYM_EXPORT char *(*gnutls_strdup) (const char *); + + /* a variant of memset that doesn't get optimized out */ +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch new file mode 100644 index 00000000..b3cd0477 --- /dev/null +++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch @@ -0,0 +1,871 @@ +From a57509ef7c4983721193ac325ad5fb1783ea0f57 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Tue, 12 Feb 2019 15:14:07 +0100 +Subject: [PATCH 2/3] Remove redundant resets of variables after free() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> + +CVE: CVE-2019-3829 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + lib/auth.c | 3 --- + lib/auth/rsa.c | 2 ++ + lib/auth/rsa_psk.c | 1 - + lib/auth/srp_sb64.c | 2 -- + lib/cert-cred-x509.c | 3 --- + lib/cert-cred.c | 3 --- + lib/hello_ext.c | 5 ++--- + lib/mpi.c | 1 - + lib/nettle/mpi.c | 2 -- + lib/nettle/pk.c | 3 --- + lib/ocsp-api.c | 1 - + lib/pk.c | 2 -- + lib/pkcs11.c | 1 - + lib/pkcs11_privkey.c | 6 +----- + lib/pkcs11_write.c | 1 - + lib/session_pack.c | 2 -- + lib/srp.c | 1 - + lib/str.c | 2 +- + lib/tls13/certificate_request.c | 2 -- + lib/tpm.c | 2 -- + lib/x509/ocsp.c | 15 +++------------ + lib/x509/pkcs12_bag.c | 1 - + lib/x509/pkcs7-crypt.c | 1 - + lib/x509/pkcs7.c | 6 ------ + lib/x509/privkey_pkcs8.c | 1 - + lib/x509/verify-high2.c | 1 - + lib/x509/virt-san.c | 1 - + lib/x509/x509.c | 4 ---- + lib/x509/x509_ext.c | 1 - + lib/x509_b64.c | 1 - + tests/cert.c | 2 -- + tests/name-constraints-ip.c | 3 +-- + tests/pkcs11/pkcs11-import-url-privkey.c | 2 -- + tests/pkcs11/pkcs11-privkey-always-auth.c | 2 -- + tests/pkcs11/pkcs11-privkey-fork-reinit.c | 1 - + tests/pkcs11/pkcs11-privkey-fork.c | 1 - + tests/pkcs11/pkcs11-privkey-safenet-always-auth.c | 2 -- + tests/pkcs7.c | 2 -- + tests/resume-dtls.c | 1 - + tests/resume.c | 1 - + tests/sign-verify-data.c | 1 - + tests/sign-verify-ext.c | 2 -- + tests/sign-verify-ext4.c | 2 -- + tests/sign-verify.c | 1 - + tests/x509-extensions.c | 1 - + tests/x509sign-verify-error.c | 1 - + 46 files changed, 10 insertions(+), 92 deletions(-) + +diff --git a/lib/auth.c b/lib/auth.c +index 4bdedda38..5f9b8c427 100644 +--- a/lib/auth.c ++++ b/lib/auth.c +@@ -349,8 +349,6 @@ void _gnutls_free_auth_info(gnutls_session_t session) + + gnutls_free(info->raw_certificate_list); + gnutls_free(info->raw_ocsp_list); +- info->raw_certificate_list = NULL; +- info->raw_ocsp_list = NULL; + info->ncerts = 0; + info->nocsp = 0; + +@@ -367,7 +365,6 @@ void _gnutls_free_auth_info(gnutls_session_t session) + } + + gnutls_free(session->key.auth_info); +- session->key.auth_info = NULL; + session->key.auth_info_size = 0; + session->key.auth_info_type = 0; + +diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c +index 6afc91ae6..df6bd7bc6 100644 +--- a/lib/auth/rsa.c ++++ b/lib/auth/rsa.c +@@ -196,6 +196,8 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, + ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data, + rndkey.size); + if (ret < 0) { ++ gnutls_free(session->key.key.data); ++ session->key.key.size = 0; + gnutls_assert(); + goto cleanup; + } +diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c +index 5a29f9183..590ff0f71 100644 +--- a/lib/auth/rsa_psk.c ++++ b/lib/auth/rsa_psk.c +@@ -341,7 +341,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, + ("auth_rsa_psk: Possible PKCS #1 format attack\n"); + if (ret >= 0) { + gnutls_free(plaintext.data); +- plaintext.data = NULL; + } + randomize_key = 1; + } else { +diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c +index 1177e7671..7bfffdf07 100644 +--- a/lib/auth/srp_sb64.c ++++ b/lib/auth/srp_sb64.c +@@ -263,7 +263,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) + tmp = decode(tmpres, datrev); + if (tmp < 0) { + gnutls_free((*result)); +- *result = NULL; + return tmp; + } + +@@ -277,7 +276,6 @@ _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) + tmp = decode(tmpres, (uint8_t *) & data[i]); + if (tmp < 0) { + gnutls_free((*result)); +- *result = NULL; + return tmp; + } + memcpy(&(*result)[j], tmpres, tmp); +diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c +index f342a420b..da9cd647e 100644 +--- a/lib/cert-cred-x509.c ++++ b/lib/cert-cred-x509.c +@@ -296,7 +296,6 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res, + gnutls_pcert_import_x509_list(pcerts, unsorted, &ncerts, GNUTLS_X509_CRT_LIST_SORT); + if (ret < 0) { + gnutls_free(pcerts); +- pcerts = NULL; + gnutls_assert(); + goto cleanup; + } +@@ -540,7 +539,6 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const + goto cleanup; + } + gnutls_free(t.data); +- t.data = NULL; + } + + ret = certificate_credential_append_crt_list(res, key, names, ccert, count); +@@ -991,7 +989,6 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, + while (i--) + gnutls_x509_crt_deinit((*crt_list)[i]); + gnutls_free(*crt_list); +- *crt_list = NULL; + + return gnutls_assert_val(ret); + } +diff --git a/lib/cert-cred.c b/lib/cert-cred.c +index 2150e903f..190a8b3a2 100644 +--- a/lib/cert-cred.c ++++ b/lib/cert-cred.c +@@ -63,7 +63,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) + + for (j = 0; j < sc->certs[i].ocsp_data_length; j++) { + gnutls_free(sc->certs[i].ocsp_data[j].response.data); +- sc->certs[i].ocsp_data[j].response.data = NULL; + } + _gnutls_str_array_clear(&sc->certs[i].names); + gnutls_privkey_deinit(sc->certs[i].pkey); +@@ -71,8 +70,6 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) + + gnutls_free(sc->certs); + gnutls_free(sc->sorted_cert_idx); +- sc->certs = NULL; +- sc->sorted_cert_idx = NULL; + + sc->ncerts = 0; + } +diff --git a/lib/hello_ext.c b/lib/hello_ext.c +index c4907aace..fb2b4db67 100644 +--- a/lib/hello_ext.c ++++ b/lib/hello_ext.c +@@ -464,9 +464,8 @@ void _gnutls_hello_ext_deinit(void) + continue; + + if (extfunc[i]->free_struct != 0) { +- gnutls_free((void*)extfunc[i]->name); +- gnutls_free((void*)extfunc[i]); +- extfunc[i] = NULL; ++ gnutls_free(((hello_ext_entry_st *)extfunc[i])->name); ++ gnutls_free(extfunc[i]); + } + } + } +diff --git a/lib/mpi.c b/lib/mpi.c +index 2bc970d7c..ed208d511 100644 +--- a/lib/mpi.c ++++ b/lib/mpi.c +@@ -88,7 +88,6 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p, + + if (buf_release != 0) { + gnutls_free(buf); +- buf = NULL; + } + + if (r != NULL) { +diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c +index 8a93ac278..96bec4aa4 100644 +--- a/lib/nettle/mpi.c ++++ b/lib/nettle/mpi.c +@@ -122,7 +122,6 @@ static int wrap_nettle_mpi_init_multi(bigint_t *w, ...) + fail: + mpz_clear(TOMPZ(*w)); + gnutls_free(*w); +- *w = NULL; + + va_start(args, w); + +@@ -131,7 +130,6 @@ fail: + if (next != last_failed) { + mpz_clear(TOMPZ(*next)); + gnutls_free(*next); +- *next = NULL; + } + } while(next != last_failed); + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 6dcd2fdd0..f010493c0 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -371,7 +371,6 @@ dh_cleanup: + + if (_gnutls_mem_is_zero(out->data, out->size)) { + gnutls_free(out->data); +- out->data = NULL; + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto cleanup; +@@ -2203,8 +2202,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + params->params_nr = 0; + gnutls_free(params->raw_priv.data); + gnutls_free(params->raw_pub.data); +- params->raw_priv.data = NULL; +- params->raw_pub.data = NULL; + + FAIL_IF_LIB_ERROR; + return ret; +diff --git a/lib/ocsp-api.c b/lib/ocsp-api.c +index d18a1f0c2..a0005e99d 100644 +--- a/lib/ocsp-api.c ++++ b/lib/ocsp-api.c +@@ -473,7 +473,6 @@ gnutls_certificate_set_ocsp_status_request_mem(gnutls_certificate_credentials_t + nresp++; + + gnutls_free(der.data); +- der.data = NULL; + + p.data++; + p.size--; +diff --git a/lib/pk.c b/lib/pk.c +index 1f137f71c..a5bb58b73 100644 +--- a/lib/pk.c ++++ b/lib/pk.c +@@ -537,8 +537,6 @@ void gnutls_pk_params_release(gnutls_pk_params_st * p) + } + gnutls_free(p->raw_priv.data); + gnutls_free(p->raw_pub.data); +- p->raw_priv.data = NULL; +- p->raw_pub.data = NULL; + + p->params_nr = 0; + } +diff --git a/lib/pkcs11.c b/lib/pkcs11.c +index 990912790..fa1b65884 100644 +--- a/lib/pkcs11.c ++++ b/lib/pkcs11.c +@@ -1233,7 +1233,6 @@ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj) + (*obj)->info = p11_kit_uri_new(); + if ((*obj)->info == NULL) { + gnutls_free(*obj); +- *obj = NULL; + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } +diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c +index b721ed125..560a732e3 100644 +--- a/lib/pkcs11_privkey.c ++++ b/lib/pkcs11_privkey.c +@@ -443,7 +443,6 @@ _gnutls_pkcs11_privkey_sign(gnutls_pkcs11_privkey_t key, + } + + gnutls_free(tmp.data); +- tmp.data = NULL; + } else { + signature->size = siglen; + signature->data = tmp.data; +@@ -521,10 +520,8 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, + + memset(&pkey->sinfo, 0, sizeof(pkey->sinfo)); + +- if (pkey->url) { ++ if (pkey->url) + gnutls_free(pkey->url); +- pkey->url = NULL; +- } + + if (pkey->uinfo) { + p11_kit_uri_free(pkey->uinfo); +@@ -613,7 +610,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, + pkey->uinfo = NULL; + } + gnutls_free(pkey->url); +- pkey->url = NULL; + + return ret; + } +diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c +index 35207d554..6e866e2d4 100644 +--- a/lib/pkcs11_write.c ++++ b/lib/pkcs11_write.c +@@ -268,7 +268,6 @@ static void clean_pubkey(struct ck_attribute *a, unsigned a_val) + case CKA_EC_PARAMS: + case CKA_EC_POINT: + gnutls_free(a[i].value); +- a[i].value = NULL; + break; + } + } +diff --git a/lib/session_pack.c b/lib/session_pack.c +index c5801fb32..5d475ea59 100644 +--- a/lib/session_pack.c ++++ b/lib/session_pack.c +@@ -562,8 +562,6 @@ unpack_certificate_auth_info(gnutls_session_t session, + + gnutls_free(info->raw_certificate_list); + gnutls_free(info->raw_ocsp_list); +- info->raw_certificate_list = NULL; +- info->raw_ocsp_list = NULL; + } + + return ret; +diff --git a/lib/srp.c b/lib/srp.c +index c3eb8e684..670642d64 100644 +--- a/lib/srp.c ++++ b/lib/srp.c +@@ -608,7 +608,6 @@ gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res, + if (res->password_conf_file == NULL) { + gnutls_assert(); + gnutls_free(res->password_file); +- res->password_file = NULL; + return GNUTLS_E_MEMORY_ERROR; + } + +diff --git a/lib/str.c b/lib/str.c +index c8d742e91..7408ea6ac 100644 +--- a/lib/str.c ++++ b/lib/str.c +@@ -81,7 +81,7 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str) + return; + gnutls_free(str->allocd); + +- str->data = str->allocd = NULL; ++ str->data = NULL; + str->max_length = 0; + str->length = 0; + } +diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c +index a7ec0e2fd..823adc87f 100644 +--- a/lib/tls13/certificate_request.c ++++ b/lib/tls13/certificate_request.c +@@ -152,7 +152,6 @@ int _gnutls13_recv_certificate_request_int(gnutls_session_t session, gnutls_buff + return gnutls_assert_val(ret); + + gnutls_free(session->internals.post_handshake_cr_context.data); +- session->internals.post_handshake_cr_context.data = NULL; + ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context, + context.data, context.size); + if (ret < 0) +@@ -279,7 +278,6 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) + } + + gnutls_free(session->internals.post_handshake_cr_context.data); +- session->internals.post_handshake_cr_context.data = NULL; + ret = _gnutls_set_datum(&session->internals.post_handshake_cr_context, + rnd, sizeof(rnd)); + if (ret < 0) { +diff --git a/lib/tpm.c b/lib/tpm.c +index ee53c7154..03565acb0 100644 +--- a/lib/tpm.c ++++ b/lib/tpm.c +@@ -1645,10 +1645,8 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits, + gnutls_pubkey_deinit(pub); + privkey_cleanup: + gnutls_free(privkey->data); +- privkey->data = NULL; + cleanup: + gnutls_free(tmpkey.data); +- tmpkey.data = NULL; + err_sa: + pTspi_Context_CloseObject(s.tpm_ctx, key_ctx); + err_cc: +diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c +index db54b3ea2..55cae94c3 100644 +--- a/lib/x509/ocsp.c ++++ b/lib/x509/ocsp.c +@@ -162,7 +162,6 @@ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp) + asn1_delete_structure(&resp->basicresp); + + resp->resp = NULL; +- resp->response_type_oid.data = NULL; + resp->basicresp = NULL; + + gnutls_free(resp->der.data); +@@ -299,7 +298,6 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, + } + + gnutls_free(resp->der.data); +- resp->der.data = NULL; + } + + resp->init = 1; +@@ -1668,18 +1666,12 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, + + return GNUTLS_E_SUCCESS; + fail: +- if (issuer_name_hash) { ++ if (issuer_name_hash) + gnutls_free(issuer_name_hash->data); +- issuer_name_hash->data = NULL; +- } +- if (issuer_key_hash) { ++ if (issuer_key_hash) + gnutls_free(issuer_key_hash->data); +- issuer_key_hash->data = NULL; +- } +- if (serial_number) { ++ if (serial_number) + gnutls_free(serial_number->data); +- serial_number->data = NULL; +- } + return ret; + } + +@@ -1955,7 +1947,6 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp, + } + + gnutls_free(c.data); +- c.data = NULL; + } + + tmpcerts[ctr] = NULL; +diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c +index 26d2142ea..35d12ac4b 100644 +--- a/lib/x509/pkcs12_bag.c ++++ b/lib/x509/pkcs12_bag.c +@@ -62,7 +62,6 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) + _gnutls_free_datum(&bag->element[i].data); + _gnutls_free_datum(&bag->element[i].local_key_id); + gnutls_free(bag->element[i].friendly_name); +- bag->element[i].friendly_name = NULL; + bag->element[i].type = 0; + } + +diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c +index c2b00e61c..39eb7784b 100644 +--- a/lib/x509/pkcs7-crypt.c ++++ b/lib/x509/pkcs7-crypt.c +@@ -1269,7 +1269,6 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, + _gnutls_cipher_init(&ch, ce, &dkey, &d_iv, 0); + + gnutls_free(key); +- key = NULL; + + if (ret < 0) { + gnutls_assert(); +diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c +index 955cb5ae9..8ae7b3e78 100644 +--- a/lib/x509/pkcs7.c ++++ b/lib/x509/pkcs7.c +@@ -692,7 +692,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, + + ret = gnutls_pkcs7_add_attr(&info->signed_attrs, oid, &tmp, 0); + gnutls_free(tmp.data); +- tmp.data = NULL; + + if (ret < 0) { + gnutls_assert(); +@@ -730,7 +729,6 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, + ret = + gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); + gnutls_free(tmp.data); +- tmp.data = NULL; + + if (ret < 0) { + gnutls_assert(); +@@ -842,9 +840,7 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, + } + + gnutls_free(tmp.data); +- tmp.data = NULL; + gnutls_free(tmp2.data); +- tmp2.data = NULL; + } + + if (msg_digest_ok) +@@ -1087,7 +1083,6 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_deinit(issuer); + issuer = NULL; + gnutls_free(tmp.data); +- tmp.data = NULL; + continue; + } + +@@ -1204,7 +1199,6 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_deinit(crt); + crt = NULL; + gnutls_free(tmpdata.data); +- tmpdata.data = NULL; + continue; + } + } else { +diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c +index 92dea06b0..56000ff12 100644 +--- a/lib/x509/privkey_pkcs8.c ++++ b/lib/x509/privkey_pkcs8.c +@@ -600,7 +600,6 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, + cleanup: + if (ret != GNUTLS_E_UNKNOWN_CIPHER_TYPE && oid) { + gnutls_free(*oid); +- *oid = NULL; + } + if (need_free) + _gnutls_free_datum(&_data); +diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c +index 8ba2f2a3e..b9aed5cf4 100644 +--- a/lib/x509/verify-high2.c ++++ b/lib/x509/verify-high2.c +@@ -178,7 +178,6 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) + { + if (strcmp(ca_file, list->pkcs11_token) == 0) { + gnutls_free(list->pkcs11_token); +- list->pkcs11_token = NULL; + } + return 0; + } +diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c +index f3b87135b..a81337e25 100644 +--- a/lib/x509/virt-san.c ++++ b/lib/x509/virt-san.c +@@ -70,7 +70,6 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutl + if (ret < 0) + return gnutls_assert_val(ret); + gnutls_free(san->data); +- san->data = NULL; + + if (othername_oid) { + name->othername_oid.data = (uint8_t *) othername_oid; +diff --git a/lib/x509/x509.c b/lib/x509/x509.c +index 4aff55eba..c149881f6 100644 +--- a/lib/x509/x509.c ++++ b/lib/x509/x509.c +@@ -383,7 +383,6 @@ static int cache_alt_names(gnutls_x509_crt_t cert) + if (ret >= 0) { + ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->san, 0); + gnutls_free(tmpder.data); +- tmpder.data = NULL; + if (ret < 0) + return gnutls_assert_val(ret); + } +@@ -3680,7 +3679,6 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, + + if (ret < 0) { + gnutls_free(*certs); +- *certs = NULL; + return ret; + } + +@@ -4310,7 +4308,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs, + + if (gnutls_x509_crt_equals2(crts[i-1], &issuer)) { + gnutls_free(issuer.data); +- issuer.data = NULL; + break; + } + +@@ -4331,7 +4328,6 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs, + } + + gnutls_free(issuer.data); +- issuer.data = NULL; + } + + *certs = gnutls_malloc(total*sizeof(gnutls_x509_crt_t)); +diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c +index 58c3263d1..477cf03c4 100644 +--- a/lib/x509/x509_ext.c ++++ b/lib/x509/x509_ext.c +@@ -1994,7 +1994,6 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, + ret = + decode_user_notice(td.data, td.size, &txt); + gnutls_free(td.data); +- td.data = NULL; + + if (ret < 0) { + gnutls_assert(); +diff --git a/lib/x509_b64.c b/lib/x509_b64.c +index 9a1037405..3117843be 100644 +--- a/lib/x509_b64.c ++++ b/lib/x509_b64.c +@@ -302,7 +302,6 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size, + + fail: + gnutls_free(result->data); +- result->data = NULL; + + cleanup: + gnutls_free(pdata.data); +diff --git a/tests/cert.c b/tests/cert.c +index da0ab23df..ec566a4a4 100644 +--- a/tests/cert.c ++++ b/tests/cert.c +@@ -89,7 +89,6 @@ static int getnextcert(DIR **dirp, gnutls_datum_t *der, int *exp_ret) + *exp_ret = atoi((char*)local.data); + success("expecting error code %d\n", *exp_ret); + gnutls_free(local.data); +- local.data = NULL; + } + + return 0; +@@ -135,7 +134,6 @@ void doit(void) + + gnutls_x509_crt_deinit(cert); + gnutls_free(der.data); +- der.data = NULL; + der.size = 0; + exp_ret = -1; + } +diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c +index 3dd4ff2cb..ed96109c7 100644 +--- a/tests/name-constraints-ip.c ++++ b/tests/name-constraints-ip.c +@@ -78,7 +78,6 @@ static void check_test_result(int ret, int expected_outcome, + static void parse_cidr(const char* cidr, gnutls_datum_t *datum) { + if (datum->data != NULL) { + gnutls_free(datum->data); +- datum->data = NULL; + } + int ret = gnutls_x509_cidr_to_rfc5280(cidr, datum); + check_for_error(ret); +@@ -699,7 +698,7 @@ static int teardown(void **state) { + gnutls_free(test_vars->ip.data); + gnutls_x509_name_constraints_deinit(test_vars->nc); + gnutls_x509_name_constraints_deinit(test_vars->nc2); +- gnutls_free(test_vars); ++ gnutls_free(*state); + return 0; + } + +diff --git a/tests/pkcs11/pkcs11-import-url-privkey.c b/tests/pkcs11/pkcs11-import-url-privkey.c +index cb44fb1e5..c7e06eb1a 100644 +--- a/tests/pkcs11/pkcs11-import-url-privkey.c ++++ b/tests/pkcs11/pkcs11-import-url-privkey.c +@@ -85,7 +85,6 @@ void doit(void) + for (i=0;i<obj_list_size;i++) + gnutls_pkcs11_obj_deinit(obj_list[i]); + gnutls_free(obj_list); +- obj_list = NULL; + obj_list_size = 0; + + #ifndef _WIN32 +@@ -116,7 +115,6 @@ void doit(void) + for (i=0;i<obj_list_size;i++) + gnutls_pkcs11_obj_deinit(obj_list[i]); + gnutls_free(obj_list); +- obj_list = NULL; + obj_list_size = 0; + } + #endif +diff --git a/tests/pkcs11/pkcs11-privkey-always-auth.c b/tests/pkcs11/pkcs11-privkey-always-auth.c +index 3561c412f..441f63722 100644 +--- a/tests/pkcs11/pkcs11-privkey-always-auth.c ++++ b/tests/pkcs11/pkcs11-privkey-always-auth.c +@@ -175,7 +175,6 @@ void doit(void) + pin_called = 0; + + gnutls_free(sig.data); +- sig.data = NULL; + + /* call again - should re-authenticate */ + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); +@@ -190,7 +189,6 @@ void doit(void) + pin_called = 0; + + gnutls_free(sig.data); +- sig.data = NULL; + + if (debug) + printf("done\n\n\n"); +diff --git a/tests/pkcs11/pkcs11-privkey-fork-reinit.c b/tests/pkcs11/pkcs11-privkey-fork-reinit.c +index 1535d644f..a72584225 100644 +--- a/tests/pkcs11/pkcs11-privkey-fork-reinit.c ++++ b/tests/pkcs11/pkcs11-privkey-fork-reinit.c +@@ -123,7 +123,6 @@ void doit(void) + } + + gnutls_free(sig.data); +- sig.data = NULL; + + pid = fork(); + if (pid != 0) { +diff --git a/tests/pkcs11/pkcs11-privkey-fork.c b/tests/pkcs11/pkcs11-privkey-fork.c +index 9d301d7d6..b99755c73 100644 +--- a/tests/pkcs11/pkcs11-privkey-fork.c ++++ b/tests/pkcs11/pkcs11-privkey-fork.c +@@ -123,7 +123,6 @@ void doit(void) + } + + gnutls_free(sig.data); +- sig.data = NULL; + + pid = fork(); + if (pid != 0) { +diff --git a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c +index 1b5b34054..a4ab5b5aa 100644 +--- a/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c ++++ b/tests/pkcs11/pkcs11-privkey-safenet-always-auth.c +@@ -157,7 +157,6 @@ void doit(void) + pin_called = 0; + + gnutls_free(sig.data); +- sig.data = NULL; + + /* call again - should re-authenticate */ + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); +@@ -172,7 +171,6 @@ void doit(void) + pin_called = 0; + + gnutls_free(sig.data); +- sig.data = NULL; + + if (debug) + printf("done\n\n\n"); +diff --git a/tests/pkcs7.c b/tests/pkcs7.c +index a490976fc..2d5a5548d 100644 +--- a/tests/pkcs7.c ++++ b/tests/pkcs7.c +@@ -90,7 +90,6 @@ static int getnextfile(DIR **dirp, gnutls_datum_t *der, int *exp_ret) + *exp_ret = atoi((char*)local.data); + success("expecting error code %d\n", *exp_ret); + gnutls_free(local.data); +- local.data = NULL; + } + + return 0; +@@ -134,7 +133,6 @@ void doit(void) + + gnutls_pkcs7_deinit(cert); + gnutls_free(der.data); +- der.data = NULL; + der.size = 0; + exp_ret = -1; + } +diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c +index 9e6327c7f..b5b214313 100644 +--- a/tests/resume-dtls.c ++++ b/tests/resume-dtls.c +@@ -363,7 +363,6 @@ static void server(int sds[], struct params_res *params) + } + + gnutls_free(session_ticket_key.data); +- session_ticket_key.data = NULL; + gnutls_anon_free_server_credentials(anoncred); + + if (debug) +diff --git a/tests/resume.c b/tests/resume.c +index 84314b836..3dc225136 100644 +--- a/tests/resume.c ++++ b/tests/resume.c +@@ -873,7 +873,6 @@ static void server(int sds[], struct params_res *params) + } + + gnutls_free(session_ticket_key.data); +- session_ticket_key.data = NULL; + + if (debug) + success("server: finished\n"); +diff --git a/tests/sign-verify-data.c b/tests/sign-verify-data.c +index 3aa261175..558ad2253 100644 +--- a/tests/sign-verify-data.c ++++ b/tests/sign-verify-data.c +@@ -153,7 +153,6 @@ void doit(void) + + /* test the raw interface */ + gnutls_free(signature.data); +- signature.data = NULL; + + gnutls_free(signature.data); + gnutls_x509_crt_deinit(crt); +diff --git a/tests/sign-verify-ext.c b/tests/sign-verify-ext.c +index eecb1f357..cc80bf907 100644 +--- a/tests/sign-verify-ext.c ++++ b/tests/sign-verify-ext.c +@@ -186,9 +186,7 @@ void doit(void) + + /* test the raw interface */ + gnutls_free(signature.data); +- signature.data = NULL; + gnutls_free(signature2.data); +- signature2.data = NULL; + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { +diff --git a/tests/sign-verify-ext4.c b/tests/sign-verify-ext4.c +index 81aa345bf..be582ec14 100644 +--- a/tests/sign-verify-ext4.c ++++ b/tests/sign-verify-ext4.c +@@ -227,7 +227,6 @@ void doit(void) + testfail("gnutls_pubkey_verify_data2\n"); + + gnutls_free(signature.data); +- signature.data = NULL; + + + if (!tests[i].data_only) { +@@ -243,7 +242,6 @@ void doit(void) + testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n"); + + gnutls_free(signature2.data); +- signature2.data = NULL; + } + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == +diff --git a/tests/sign-verify.c b/tests/sign-verify.c +index 1fbed5ece..5a14741fc 100644 +--- a/tests/sign-verify.c ++++ b/tests/sign-verify.c +@@ -206,7 +206,6 @@ void doit(void) + + /* test the raw interface */ + gnutls_free(signature.data); +- signature.data = NULL; + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { +diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c +index d480f8364..a062c1ba8 100644 +--- a/tests/x509-extensions.c ++++ b/tests/x509-extensions.c +@@ -767,7 +767,6 @@ void doit(void) + } + } + gnutls_free(ext.data); +- ext.data = NULL; + } + + if (debug) +diff --git a/tests/x509sign-verify-error.c b/tests/x509sign-verify-error.c +index 54bdc40ab..97c966685 100644 +--- a/tests/x509sign-verify-error.c ++++ b/tests/x509sign-verify-error.c +@@ -181,7 +181,6 @@ void doit(void) + fail("gnutls_privkey_sign_hash\n"); + + gnutls_free(signature2.data); +- signature2.data = NULL; + + _gnutls_lib_simulate_error(); + ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch new file mode 100644 index 00000000..d27ea4a9 --- /dev/null +++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch @@ -0,0 +1,36 @@ +From bf616850cf20af2bec3d68b82e6ac610ee8fc404 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Tue, 12 Feb 2019 15:20:23 +0100 +Subject: [PATCH 3/3] gnutls_x509_crt_init: Fix dereference of NULL pointer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de> + +CVE: CVE-2019-3829 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + lib/x509/x509.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/x509/x509.c b/lib/x509/x509.c +index c149881f6..cc232ea50 100644 +--- a/lib/x509/x509.c ++++ b/lib/x509/x509.c +@@ -224,8 +224,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) + if (result < 0) { + gnutls_assert(); + asn1_delete_structure(&tmp->cert); +- gnutls_free(tmp); + gnutls_subject_alt_names_deinit(tmp->san); ++ gnutls_free(tmp); + return result; + } + +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch new file mode 100644 index 00000000..4aeb6893 --- /dev/null +++ b/external/poky/meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch @@ -0,0 +1,35 @@ +From c68195f0ff65144d7e0c32f4de5f264c4012983a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <dueno@redhat.com> +Date: Mon, 25 Mar 2019 16:06:39 +0100 +Subject: [PATCH] handshake: add missing initialization of local variable + +Resolves: #704 + +Signed-off-by: Daiki Ueno <dueno@redhat.com> +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> + +CVE: CVE-2019-3836 +Upstream-Status: Backport +[https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + lib/handshake-tls13.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c +index 06c7c01d2..82689b5d8 100644 +--- a/lib/handshake-tls13.c ++++ b/lib/handshake-tls13.c +@@ -534,6 +534,8 @@ _gnutls13_recv_async_handshake(gnutls_session_t session) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + + do { ++ _gnutls_handshake_buffer_init(&hsk); ++ + /* the received handshake message has already been pushed into + * handshake buffers. As we do not need to use the handshake hash + * buffers we call the lower level receive functions */ +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb b/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb index 6d2a11df..30873f00 100644 --- a/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb +++ b/external/poky/meta/recipes-support/gnutls/gnutls_3.6.4.bb @@ -19,6 +19,10 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ + file://CVE-2019-3829_p1.patch \ + file://CVE-2019-3829_p2.patch \ + file://CVE-2019-3829_p3.patch \ + file://CVE-2019-3836.patch \ " SRC_URI[md5sum] = "63363d1c00601f4d11a5cadc8b5e0799" diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch new file mode 100644 index 00000000..cda52119 --- /dev/null +++ b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch @@ -0,0 +1,176 @@ +From 263ad8ae08f287e32656d4e3e0116479f3d9ad9d Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:27:25 +0300 +Subject: [PATCH] GCM: move look-up table to .data section and unshare between processes +Reply-To: shuagr@microsoft.com + +CVE: CVE-2019-12904_p1 +Upstream-Status: Backport +Signed-off-by: Shubham Agrawal<shuagr@microsoft.com> +Upstream-commit : https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020 + +* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. +(gcmR): Move to 'gcm_table' structure. +(gcm_table): New structure for look-up table with counters before and +after. +(gcmR): New macro. +(prefetch_table): Handle input with length not multiple of 256. +(do_prefetch_tables): Modify pre- and post-table counters to unshare +look-up table pages between processes. +-- +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> +--- + cipher/cipher-gcm.c | 129 ++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 95 insertions(+), 34 deletions(-) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index 6169d14..97a8015 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -30,6 +30,14 @@ + #include "./cipher-internal.h" + + ++/* Helper macro to force alignment to 16 or 64 bytes. */ ++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) ++#else ++# define ATTR_ALIGNED_64 ++#endif ++ ++ + #ifdef GCM_USE_INTEL_PCLMUL + extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c); + +@@ -63,40 +71,93 @@ ghash_armv8_ce_pmull (gcry_cipher_hd_t c, byte *result, const byte *buf, + + + #ifdef GCM_USE_TABLES +-static const u16 gcmR[256] = { +- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, +- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, +- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, +- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, +- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, +- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, +- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, +- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, +- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, +- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, +- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, +- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, +- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, +- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, +- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, +- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, +- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, +- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, +- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, +- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, +- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, +- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, +- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, +- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, +- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, +- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, +- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, +- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, +- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, +- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, +- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, +- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, +-}; ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u16 R[256]; ++ volatile u32 counter_tail; ++} gcm_table ATTR_ALIGNED_64 = ++ { ++ 0, ++ { 0, }, ++ { ++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, ++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, ++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, ++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, ++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, ++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, ++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, ++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, ++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, ++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, ++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, ++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, ++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, ++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, ++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, ++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, ++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, ++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, ++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, ++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, ++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, ++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, ++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, ++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, ++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, ++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, ++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, ++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, ++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, ++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, ++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, ++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, ++ }, ++ 0 ++ }; ++ ++#define gcmR gcm_table.R ++static inline ++void prefetch_table(const void *tab, size_t len) ++{ ++ const volatile byte *vtab = tab; ++ size_t i; ++ ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) ++ { ++ (void)vtab[i + 0 * 32]; ++ (void)vtab[i + 1 * 32]; ++ (void)vtab[i + 2 * 32]; ++ (void)vtab[i + 3 * 32]; ++ (void)vtab[i + 4 * 32]; ++ (void)vtab[i + 5 * 32]; ++ (void)vtab[i + 6 * 32]; ++ (void)vtab[i + 7 * 32]; ++ } ++ for (; i < len; i += 32) ++ { ++ (void)vtab[i]; ++ } ++ ++ (void)vtab[len - 1]; ++} ++ ++static inline void ++do_prefetch_tables (const void *gcmM, size_t gcmM_size) ++{ ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ gcm_table.counter_head++; ++ gcm_table.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ ++ prefetch_table(gcmM, gcmM_size); ++ prefetch_table(&gcm_table, sizeof(gcm_table)); ++} + + #ifdef GCM_TABLES_USE_U64 + static void +-- +2.7.4 + diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch new file mode 100644 index 00000000..0cb503ed --- /dev/null +++ b/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch @@ -0,0 +1,330 @@ +From a5c359cc68a4def9bf39f63070837d89711b4e17 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Fri, 31 May 2019 17:18:09 +0300 +Subject: [PATCH] AES: move look-up tables to .data section and unshare between processes +Reply-To: shuagr@microsoft.com + +CVE: CVE-2019-12904_p2 +Upstream-status: Backport +Signed-off-by: Shubham Agrawal<shuagr@microsoft.com> +Upstream-commit: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762 + +* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. +* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. +(enc_tables): New structure for encryption table with counters before +and after. +(encT): New macro. +(dec_tables): Add counters before and after encryption table; Move +from .rodata to .data section. +(do_encrypt): Change 'encT' to 'enc_tables.T'. +(do_decrypt): Change '&dec_tables' to 'dec_tables.T'. +* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input +with length not multiple of 256. +(prefetch_enc, prefetch_dec): Modify pre- and post-table counters +to unshare look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> +--- + cipher/rijndael-internal.h | 4 +- + cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++-------------------- + cipher/rijndael.c | 35 ++++++++-- + 3 files changed, 118 insertions(+), 76 deletions(-) + +diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h +index 160fb8c..a62d4b7 100644 +--- a/cipher/rijndael-internal.h ++++ b/cipher/rijndael-internal.h +@@ -29,11 +29,13 @@ + #define BLOCKSIZE (128/8) + + +-/* Helper macro to force alignment to 16 bytes. */ ++/* Helper macro to force alignment to 16 or 64 bytes. */ + #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED + # define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) + #else + # define ATTR_ALIGNED_16 ++# define ATTR_ALIGNED_64 + #endif + + +diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h +index 8359470..b54d959 100644 +--- a/cipher/rijndael-tables.h ++++ b/cipher/rijndael-tables.h +@@ -21,80 +21,98 @@ + /* To keep the actual implementation at a readable size we use this + include file to define the tables. */ + +-static const u32 encT[256] = ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u32 T[256]; ++ volatile u32 counter_tail; ++} enc_tables ATTR_ALIGNED_64 = + { +- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, +- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, +- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, +- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, +- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, +- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, +- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, +- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, +- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, +- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, +- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, +- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, +- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, +- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, +- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, +- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, +- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, +- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, +- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, +- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, +- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, +- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, +- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, +- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, +- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, +- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, +- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, +- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, +- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, +- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, +- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, +- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, +- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, +- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, +- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, +- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, +- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, +- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, +- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, +- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, +- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, +- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, +- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, +- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, +- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, +- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, +- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, +- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, +- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, +- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, +- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, +- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, +- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, +- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, +- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, +- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, +- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, +- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, +- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, +- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, +- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, +- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, +- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, +- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ 0, ++ { 0, }, ++ { ++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, ++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, ++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, ++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, ++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, ++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, ++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, ++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, ++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, ++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, ++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, ++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, ++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, ++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, ++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, ++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, ++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, ++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, ++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, ++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, ++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, ++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, ++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, ++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, ++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, ++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, ++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, ++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, ++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, ++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, ++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, ++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, ++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, ++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, ++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, ++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, ++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, ++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, ++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, ++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, ++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, ++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, ++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, ++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, ++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, ++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, ++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, ++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, ++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, ++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, ++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, ++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, ++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, ++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, ++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, ++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, ++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, ++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, ++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, ++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, ++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, ++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, ++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, ++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ }, ++ 0 + }; + +-static const struct ++#define encT enc_tables.T ++ ++static struct + { ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; + u32 T[256]; + byte inv_sbox[256]; +-} dec_tables = ++ volatile u32 counter_tail; ++} dec_tables ATTR_ALIGNED_64 = + { ++ 0, ++ { 0, }, + { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, +@@ -194,7 +212,8 @@ static const struct + 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, + 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, + 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +- } ++ }, ++ 0 + }; + + #define decT dec_tables.T +diff --git a/cipher/rijndael.c b/cipher/rijndael.c +index 8637195..d0edab2 100644 +--- a/cipher/rijndael.c ++++ b/cipher/rijndael.c +@@ -227,11 +227,11 @@ static const char *selftest(void); + + + /* Prefetching for encryption/decryption tables. */ +-static void prefetch_table(const volatile byte *tab, size_t len) ++static inline void prefetch_table(const volatile byte *tab, size_t len) + { + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)tab[i + 0 * 32]; + (void)tab[i + 1 * 32]; +@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len) + (void)tab[i + 6 * 32]; + (void)tab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)tab[i]; ++ } + + (void)tab[len - 1]; + } + + static void prefetch_enc(void) + { +- prefetch_table((const void *)encT, sizeof(encT)); ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ enc_tables.counter_head++; ++ enc_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ ++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables)); + } + + static void prefetch_dec(void) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ dec_tables.counter_head++; ++ dec_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table((const void *)&dec_tables, sizeof(dec_tables)); + } + +@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, +- encT); ++ enc_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx, + return ret; + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) +- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); ++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, ++ enc_tables.T); + #else + return do_encrypt_fn (ctx, bx, ax); + #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/ +@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) + return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + #else + return do_decrypt_fn (ctx, bx, ax); + #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/ +-- +2.7.4 + diff --git a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb index fda68a29..13d03788 100644 --- a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb +++ b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb @@ -21,6 +21,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ + file://CVE-2019-12904_p1.patch \ + file://CVE-2019-12904_p2.patch \ " SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573" SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227" diff --git a/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch b/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch new file mode 100644 index 00000000..dc3d558e --- /dev/null +++ b/external/poky/meta/recipes-support/libgpg-error/libgpg-error/libgpg-error-1.35-gawk5-support.patch @@ -0,0 +1,161 @@ +Upstream-Status: Backport [https://dev.gnupg.org/T4459] +Signed-off-by: Sean Nyekjaer <sean@geanix.com> + +From 37069826e497d6af01e3e48fe5d2220ae7f85449 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka <gniibe@fsij.org> +Date: Mon, 15 Apr 2019 15:10:44 +0900 +Subject: [PATCH] awk: Prepare for Gawk 5.0. + +* src/Makefile.am: Use pkg_namespace (instead of namespace). +* src/mkerrnos.awk: Likewise. +* lang/cl/mkerrcodes.awk: Don't escape # in regexp. +* src/mkerrcodes.awk, src/mkerrcodes1.awk, src/mkerrcodes2.awk: Ditto. + +-- + +In Gawk 5.0, regexp routines are replaced by Gnulib implementation, +which only allows escaping specific characters. + +GnuPG-bug-id: 4459 +Reported-by: Marius Schamschula +Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> +--- + lang/cl/mkerrcodes.awk | 2 +- + src/Makefile.am | 2 +- + src/mkerrcodes.awk | 2 +- + src/mkerrcodes1.awk | 2 +- + src/mkerrcodes2.awk | 2 +- + src/mkerrnos.awk | 2 +- + src/mkstrtable.awk | 10 +++++----- + 7 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/lang/cl/mkerrcodes.awk b/lang/cl/mkerrcodes.awk +index ae29043..9a1fc18 100644 +--- a/lang/cl/mkerrcodes.awk ++++ b/lang/cl/mkerrcodes.awk +@@ -122,7 +122,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/Makefile.am b/src/Makefile.am +index 42998e4..0ceac9f 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -281,7 +281,7 @@ code-from-errno.h: mkerrcodes Makefile + + errnos-sym.h: Makefile mkstrtable.awk errnos.in + $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=2 -v nogettext=1 \ +- -v prefix=GPG_ERR_ -v namespace=errnos_ \ ++ -v prefix=GPG_ERR_ -v pkg_namespace=errnos_ \ + $(srcdir)/errnos.in >$@ + + +diff --git a/src/mkerrcodes.awk b/src/mkerrcodes.awk +index 46d436c..e9c857c 100644 +--- a/src/mkerrcodes.awk ++++ b/src/mkerrcodes.awk +@@ -85,7 +85,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrcodes1.awk b/src/mkerrcodes1.awk +index a771a73..4578e29 100644 +--- a/src/mkerrcodes1.awk ++++ b/src/mkerrcodes1.awk +@@ -81,7 +81,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrcodes2.awk b/src/mkerrcodes2.awk +index ea58503..188f7a4 100644 +--- a/src/mkerrcodes2.awk ++++ b/src/mkerrcodes2.awk +@@ -91,7 +91,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkerrnos.awk b/src/mkerrnos.awk +index f79df66..15b1aad 100644 +--- a/src/mkerrnos.awk ++++ b/src/mkerrnos.awk +@@ -83,7 +83,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +diff --git a/src/mkstrtable.awk b/src/mkstrtable.awk +index c9de9c1..285e45f 100644 +--- a/src/mkstrtable.awk ++++ b/src/mkstrtable.awk +@@ -77,7 +77,7 @@ + # + # The variable prefix can be used to prepend a string to each message. + # +-# The variable namespace can be used to prepend a string to each ++# The variable pkg_namespace can be used to prepend a string to each + # variable and macro name. + + BEGIN { +@@ -102,7 +102,7 @@ header { + print "/* The purpose of this complex string table is to produce"; + print " optimal code with a minimum of relocations. */"; + print ""; +- print "static const char " namespace "msgstr[] = "; ++ print "static const char " pkg_namespace "msgstr[] = "; + header = 0; + } + else +@@ -110,7 +110,7 @@ header { + } + + !header { +- sub (/\#.+/, ""); ++ sub (/#.+/, ""); + sub (/[ ]+$/, ""); # Strip trailing space and tab characters. + + if (/^$/) +@@ -150,7 +150,7 @@ END { + else + print " gettext_noop (\"" last_msgstr "\");"; + print ""; +- print "static const int " namespace "msgidx[] ="; ++ print "static const int " pkg_namespace "msgidx[] ="; + print " {"; + for (i = 0; i < coded_msgs; i++) + print " " pos[i] ","; +@@ -158,7 +158,7 @@ END { + print " };"; + print ""; + print "static GPG_ERR_INLINE int"; +- print namespace "msgidxof (int code)"; ++ print pkg_namespace "msgidxof (int code)"; + print "{"; + print " return (0 ? 0"; + +-- +2.23.0 + diff --git a/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb b/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb index e552001c..52ae11a9 100644 --- a/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb +++ b/external/poky/meta/recipes-support/libgpg-error/libgpg-error_1.32.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgpg-error/libgpg-error-${PV}.tar.bz2 \ file://pkgconfig.patch \ file://0001-syscfg-Support-ARC-CPUs-and-simplify-aliasing-table.patch \ file://0002-syscfg-Add-support-for-arc-unknown-linux-gnu.patch \ + file://libgpg-error-1.35-gawk5-support.patch \ " SRC_URI[md5sum] = "ef3d928a5a453fa701ecc3bb22be1c64" SRC_URI[sha256sum] = "c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca" diff --git a/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch new file mode 100644 index 00000000..ef3f2709 --- /dev/null +++ b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13117.patch @@ -0,0 +1,33 @@ +From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 27 Apr 2019 11:19:48 +0200 +Subject: [PATCH] Fix uninitialized read of xsl:number token + +Found by OSS-Fuzz. + +CVE: CVE-2019-13117 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + libxslt/numbers.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index 89e1f668..75c31eba 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format, + tokens->tokens[tokens->nTokens].token = val - 1; + ix += len; + val = xmlStringCurrentChar(NULL, format+ix, &len); +- } ++ } else { ++ tokens->tokens[tokens->nTokens].token = (xmlChar)'0'; ++ tokens->tokens[tokens->nTokens].width = 1; ++ } + } else if ( (val == (xmlChar)'A') || + (val == (xmlChar)'a') || + (val == (xmlChar)'I') || +-- +2.21.0 + diff --git a/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch new file mode 100644 index 00000000..595e6c2f --- /dev/null +++ b/external/poky/meta/recipes-support/libxslt/files/CVE-2019-13118.patch @@ -0,0 +1,76 @@ +From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Mon, 3 Jun 2019 13:14:45 +0200 +Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars + +The character type in xsltFormatNumberConversion was too narrow and +an invalid character/length combination could be passed to +xsltNumberFormatDecimal, resulting in an uninitialized read. + +Found by OSS-Fuzz. + +CVE: CVE-2019-13118 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + libxslt/numbers.c | 5 +++-- + tests/docs/bug-222.xml | 1 + + tests/general/bug-222.out | 2 ++ + tests/general/bug-222.xsl | 6 ++++++ + 4 files changed, 12 insertions(+), 2 deletions(-) + create mode 100644 tests/docs/bug-222.xml + create mode 100644 tests/general/bug-222.out + create mode 100644 tests/general/bug-222.xsl + +diff --git a/libxslt/numbers.c b/libxslt/numbers.c +index f1ed8846..20b99d5a 100644 +--- a/libxslt/numbers.c ++++ b/libxslt/numbers.c +@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER: + number = floor((scale * number + 0.5)) / scale; + if ((self->grouping != NULL) && + (self->grouping[0] != 0)) { ++ int gchar; + + len = xmlStrlen(self->grouping); +- pchar = xsltGetUTF8Char(self->grouping, &len); ++ gchar = xsltGetUTF8Char(self->grouping, &len); + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, + format_info.group, +- pchar, len); ++ gchar, len); + } else + xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0], + format_info.integer_digits, +diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml +new file mode 100644 +index 00000000..69d62f2c +--- /dev/null ++++ b/tests/docs/bug-222.xml +@@ -0,0 +1 @@ ++<doc/> +diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out +new file mode 100644 +index 00000000..e3139698 +--- /dev/null ++++ b/tests/general/bug-222.out +@@ -0,0 +1,2 @@ ++<?xml version="1.0"?> ++1⠢0 +diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl +new file mode 100644 +index 00000000..e32dc473 +--- /dev/null ++++ b/tests/general/bug-222.xsl +@@ -0,0 +1,6 @@ ++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> ++ <xsl:decimal-format name="f" grouping-separator="⠢"/> ++ <xsl:template match="/"> ++ <xsl:value-of select="format-number(10,'#⠢0','f')"/> ++ </xsl:template> ++</xsl:stylesheet> +-- +2.21.0 + diff --git a/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch b/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch new file mode 100644 index 00000000..83ca8a3c --- /dev/null +++ b/external/poky/meta/recipes-support/libxslt/libxslt/CVE-2019-11068.patch @@ -0,0 +1,128 @@ +From aed812d8dbbb6d1337312652aa72aa7f44d2b07d Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sun, 24 Mar 2019 09:51:39 +0100 +Subject: [PATCH] Fix security framework bypass + +xsltCheckRead and xsltCheckWrite return -1 in case of error but callers +don't check for this condition and allow access. With a specially +crafted URL, xsltCheckRead could be tricked into returning an error +because of a supposedly invalid URL that would still be loaded +succesfully later on. + +Fixes #12. + +Thanks to Felix Wilhelm for the report. + +Signed-off-by: Muminul Islam <muminul.islam@microsoft.com> + +CVE: CVE-2019-11068 + +Upstream-Status: Backport + +https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 +--- + libxslt/documents.c | 18 ++++++++++-------- + libxslt/imports.c | 9 +++++---- + libxslt/transform.c | 9 +++++---- + libxslt/xslt.c | 9 +++++---- + 4 files changed, 25 insertions(+), 20 deletions(-) + +diff --git a/libxslt/documents.c b/libxslt/documents.c +index 3f3a7312..4aad11bb 100644 +--- a/libxslt/documents.c ++++ b/libxslt/documents.c +@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) { + int res; + + res = xsltCheckRead(ctxt->sec, ctxt, URI); +- if (res == 0) { +- xsltTransformError(ctxt, NULL, NULL, +- "xsltLoadDocument: read rights for %s denied\n", +- URI); ++ if (res <= 0) { ++ if (res == 0) ++ xsltTransformError(ctxt, NULL, NULL, ++ "xsltLoadDocument: read rights for %s denied\n", ++ URI); + return(NULL); + } + } +@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) { + int res; + + res = xsltCheckRead(sec, NULL, URI); +- if (res == 0) { +- xsltTransformError(NULL, NULL, NULL, +- "xsltLoadStyleDocument: read rights for %s denied\n", +- URI); ++ if (res <= 0) { ++ if (res == 0) ++ xsltTransformError(NULL, NULL, NULL, ++ "xsltLoadStyleDocument: read rights for %s denied\n", ++ URI); + return(NULL); + } + } +diff --git a/libxslt/imports.c b/libxslt/imports.c +index 7262aab9..b62e0877 100644 +--- a/libxslt/imports.c ++++ b/libxslt/imports.c +@@ -131,10 +131,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) { + int secres; + + secres = xsltCheckRead(sec, NULL, URI); +- if (secres == 0) { +- xsltTransformError(NULL, NULL, NULL, +- "xsl:import: read rights for %s denied\n", +- URI); ++ if (secres <= 0) { ++ if (secres == 0) ++ xsltTransformError(NULL, NULL, NULL, ++ "xsl:import: read rights for %s denied\n", ++ URI); + goto error; + } + } +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 560f43ca..46eef553 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -3485,10 +3485,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node, + */ + if (ctxt->sec != NULL) { + ret = xsltCheckWrite(ctxt->sec, ctxt, filename); +- if (ret == 0) { +- xsltTransformError(ctxt, NULL, inst, +- "xsltDocumentElem: write rights for %s denied\n", +- filename); ++ if (ret <= 0) { ++ if (ret == 0) ++ xsltTransformError(ctxt, NULL, inst, ++ "xsltDocumentElem: write rights for %s denied\n", ++ filename); + xmlFree(URL); + xmlFree(filename); + return; +diff --git a/libxslt/xslt.c b/libxslt/xslt.c +index 54a39de9..359913e4 100644 +--- a/libxslt/xslt.c ++++ b/libxslt/xslt.c +@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) { + int res; + + res = xsltCheckRead(sec, NULL, filename); +- if (res == 0) { +- xsltTransformError(NULL, NULL, NULL, +- "xsltParseStylesheetFile: read rights for %s denied\n", +- filename); ++ if (res <= 0) { ++ if (res == 0) ++ xsltTransformError(NULL, NULL, NULL, ++ "xsltParseStylesheetFile: read rights for %s denied\n", ++ filename); + return(NULL); + } + } +-- +2.23.0 + diff --git a/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb b/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb index f0fa5e72..e2a515f8 100644 --- a/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb +++ b/external/poky/meta/recipes-support/libxslt/libxslt_1.1.32.bb @@ -10,7 +10,10 @@ DEPENDS = "libxml2" SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ file://fix-rvts-handling.patch \ - " + file://CVE-2019-11068.patch \ + file://CVE-2019-13117.patch \ + file://CVE-2019-13118.patch \ +" SRC_URI[md5sum] = "1fc72f98e98bf4443f1651165f3aa146" SRC_URI[sha256sum] = "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460" diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch new file mode 100644 index 00000000..5883774e --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch @@ -0,0 +1,126 @@ +From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001 +From: Shubham Agrawal <shuagr@microsoft.com> +Date: Mon, 23 Sep 2019 20:58:47 +0000 +Subject: [PATCH] sqlite: fix for CVE-2019-8457 + +Upstream-Status: Backport +CVE: CVE-2019-8457 +Signed-off-by: Shubham Agrawal <shuagr@microsoft.com> +--- + sqlite3.c | 50 +++++++++++++++++++++++++++++++------------------- + 1 file changed, 31 insertions(+), 19 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 00513d4..5c8c7f4 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -172325,6 +172325,33 @@ + } + + ++/* Allocate and initialize a new dynamic string object */ ++StrAccum *sqlite3_str_new(sqlite3 *db){ ++ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p)); ++ if( p ){ ++ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH); ++ } ++ return p; ++} ++ ++/* Finalize a string created using sqlite3_str_new(). ++*/ ++ ++char *sqlite3_str_finish(StrAccum *p){ ++ char *z; ++ if( p ){ ++ z = sqlite3StrAccumFinish(p); ++ sqlite3DbFree(p->db, p); ++ }else{ ++ z = 0; ++ } ++ return z; ++} ++/* Return any error code associated with p */ ++int sqlite3_str_errcode(StrAccum *p){ ++ return p ? p->accError : SQLITE_NOMEM; ++} ++ + /* + ** Implementation of a scalar function that decodes r-tree nodes to + ** human readable strings. This can be used for debugging and analysis. +@@ -172342,49 +172369,53 @@ + ** <num-dimension>*2 coordinates. + */ + static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ +- char *zText = 0; ++ + RtreeNode node; + Rtree tree; + int ii; ++ int nData; ++ int errCode; ++ StrAccum *pOut; + + UNUSED_PARAMETER(nArg); + memset(&node, 0, sizeof(RtreeNode)); + memset(&tree, 0, sizeof(Rtree)); + tree.nDim = (u8)sqlite3_value_int(apArg[0]); ++ if( tree.nDim<1 || tree.nDim>5 ) return; + tree.nDim2 = tree.nDim*2; + tree.nBytesPerCell = 8 + 8 * tree.nDim; + node.zData = (u8 *)sqlite3_value_blob(apArg[1]); ++ nData = sqlite3_value_bytes(apArg[1]); ++ if( nData<4 ) return; ++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; + ++ pOut = sqlite3_str_new(0); + for(ii=0; ii<NCELL(&node); ii++){ +- char zCell[512]; +- int nCell = 0; ++ ++ + RtreeCell cell; + int jj; + + nodeGetCell(&tree, &node, ii, &cell); +- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); +- nCell = (int)strlen(zCell); ++ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1); ++ sqlite3XPrintf(pOut, "{%lld", cell.iRowid); ++ + for(jj=0; jj<tree.nDim2; jj++){ + #ifndef SQLITE_RTREE_INT_ONLY +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", +- (double)cell.aCoord[jj].f); ++ ++ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f); + #else +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", +- cell.aCoord[jj].i); ++ ++ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i); + #endif +- nCell = (int)strlen(zCell); +- } + +- if( zText ){ +- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); +- sqlite3_free(zText); +- zText = zTextNew; +- }else{ +- zText = sqlite3_mprintf("{%s}", zCell); + } ++ sqlite3StrAccumAppend(pOut, "}", 1); + } +- +- sqlite3_result_text(ctx, zText, -1, sqlite3_free); ++ ++ errCode = sqlite3_str_errcode(pOut); ++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); ++ sqlite3_result_error_code(ctx, errCode); + } + + /* This routine implements an SQL function that returns the "depth" parameter +-- +2.7.4 + diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb index d214ea15..7df61cd1 100644 --- a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb +++ b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb @@ -7,6 +7,7 @@ SRC_URI = "\ http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2018-20505.patch \ file://CVE-2018-20506.patch \ + file://CVE-2019-8457.patch \ " SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa" SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25" |