diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-11-26 12:11:27 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-12-11 22:02:58 +0000 |
commit | e1092451684ec675af2206d6089b7bdaabe6e20f (patch) | |
tree | 28da28975b89d0b98167544f1626cbcbb12f2a89 | |
parent | 6da272440da118f656f432a800491e0ef3b46466 (diff) | |
download | poky-e1092451684ec675af2206d6089b7bdaabe6e20f.tar.gz |
binutls: Secuirty fix CVE-2017-8394
Affects: <= 2.28
(From OE-Core rev: 4684afc0f29beafc0b97a0c7f0479a88c5a69d8e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.28.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch | 118 |
2 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 53299fa013..8334a4c270 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
@@ -46,6 +46,7 @@ SRC_URI = "\ | |||
46 | file://CVE-2017-7223.patch \ | 46 | file://CVE-2017-7223.patch \ |
47 | file://CVE-2017-7614.patch \ | 47 | file://CVE-2017-7614.patch \ |
48 | file://CVE-2017-8393.patch \ | 48 | file://CVE-2017-8393.patch \ |
49 | file://CVE-2017-8394.patch \ | ||
49 | " | 50 | " |
50 | S = "${WORKDIR}/git" | 51 | S = "${WORKDIR}/git" |
51 | 52 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch new file mode 100644 index 0000000000..e6c6b17da4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch | |||
@@ -0,0 +1,118 @@ | |||
1 | From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sun, 23 Apr 2017 15:21:11 +0930 | ||
4 | Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section | ||
5 | sym | ||
6 | |||
7 | PR 21414 | ||
8 | * section.c (GLOBAL_SYM_INIT): Make available in bfd.h. | ||
9 | * elf.c (lcomm_sym): New. | ||
10 | (_bfd_elf_large_com_section): Use lcomm_sym section symbol. | ||
11 | * bfd-in2.h: Regenerate. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2017-8394 | ||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | bfd/ChangeLog | 8 ++++++++ | ||
19 | bfd/bfd-in2.h | 12 ++++++++++++ | ||
20 | bfd/elf.c | 6 ++++-- | ||
21 | bfd/section.c | 24 ++++++++++++------------ | ||
22 | 4 files changed, 36 insertions(+), 14 deletions(-) | ||
23 | |||
24 | Index: git/bfd/bfd-in2.h | ||
25 | =================================================================== | ||
26 | --- git.orig/bfd/bfd-in2.h | ||
27 | +++ git/bfd/bfd-in2.h | ||
28 | @@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4]; | ||
29 | { NULL }, { NULL } \ | ||
30 | } | ||
31 | |||
32 | +/* We use a macro to initialize the static asymbol structures because | ||
33 | + traditional C does not permit us to initialize a union member while | ||
34 | + gcc warns if we don't initialize it. | ||
35 | + the_bfd, name, value, attr, section [, udata] */ | ||
36 | +#ifdef __STDC__ | ||
37 | +#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
38 | + { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} | ||
39 | +#else | ||
40 | +#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
41 | + { 0, NAME, 0, BSF_SECTION_SYM, SECTION } | ||
42 | +#endif | ||
43 | + | ||
44 | void bfd_section_list_clear (bfd *); | ||
45 | |||
46 | asection *bfd_get_section_by_name (bfd *abfd, const char *name); | ||
47 | Index: git/bfd/elf.c | ||
48 | =================================================================== | ||
49 | --- git.orig/bfd/elf.c | ||
50 | +++ git/bfd/elf.c | ||
51 | @@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd | ||
52 | |||
53 | /* It is only used by x86-64 so far. | ||
54 | ??? This repeats *COM* id of zero. sec->id is supposed to be unique, | ||
55 | - but current usage would allow all of _bfd_std_section to be zero. t*/ | ||
56 | + but current usage would allow all of _bfd_std_section to be zero. */ | ||
57 | +static const asymbol lcomm_sym | ||
58 | + = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section); | ||
59 | asection _bfd_elf_large_com_section | ||
60 | - = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL, | ||
61 | + = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym, | ||
62 | "LARGE_COMMON", 0, SEC_IS_COMMON); | ||
63 | |||
64 | void | ||
65 | Index: git/bfd/section.c | ||
66 | =================================================================== | ||
67 | --- git.orig/bfd/section.c | ||
68 | +++ git/bfd/section.c | ||
69 | @@ -738,20 +738,20 @@ CODE_FRAGMENT | ||
70 | . { NULL }, { NULL } \ | ||
71 | . } | ||
72 | . | ||
73 | +.{* We use a macro to initialize the static asymbol structures because | ||
74 | +. traditional C does not permit us to initialize a union member while | ||
75 | +. gcc warns if we don't initialize it. | ||
76 | +. the_bfd, name, value, attr, section [, udata] *} | ||
77 | +.#ifdef __STDC__ | ||
78 | +.#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
79 | +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} | ||
80 | +.#else | ||
81 | +.#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
82 | +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION } | ||
83 | +.#endif | ||
84 | +. | ||
85 | */ | ||
86 | |||
87 | -/* We use a macro to initialize the static asymbol structures because | ||
88 | - traditional C does not permit us to initialize a union member while | ||
89 | - gcc warns if we don't initialize it. */ | ||
90 | - /* the_bfd, name, value, attr, section [, udata] */ | ||
91 | -#ifdef __STDC__ | ||
92 | -#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
93 | - { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} | ||
94 | -#else | ||
95 | -#define GLOBAL_SYM_INIT(NAME, SECTION) \ | ||
96 | - { 0, NAME, 0, BSF_SECTION_SYM, SECTION } | ||
97 | -#endif | ||
98 | - | ||
99 | /* These symbols are global, not specific to any BFD. Therefore, anything | ||
100 | that tries to change them is broken, and should be repaired. */ | ||
101 | |||
102 | Index: git/bfd/ChangeLog | ||
103 | =================================================================== | ||
104 | --- git.orig/bfd/ChangeLog | ||
105 | +++ git/bfd/ChangeLog | ||
106 | @@ -1,4 +1,12 @@ | ||
107 | + | ||
108 | 2017-04-23 Alan Modra <amodra@gmail.com> | ||
109 | + PR 21414 | ||
110 | + * section.c (GLOBAL_SYM_INIT): Make available in bfd.h. | ||
111 | + * elf.c (lcomm_sym): New. | ||
112 | + (_bfd_elf_large_com_section): Use lcomm_sym section symbol. | ||
113 | + * bfd-in2.h: Regenerate. | ||
114 | + | ||
115 | ++2017-04-23 Alan Modra <amodra@gmail.com> | ||
116 | |||
117 | PR 21412 | ||
118 | * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change | ||