Binutils: Security fix for CVE-2018-10373

Affects: <= 2.30 (From OE-Core rev: bea11092ddf2e6778bd55af1f2044a9e9fa1383b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-08 11:14:51 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-15 10:22:45 +0100
commit: 711e5e7b082a33382d6d28d4c37c84e21fc4027d (patch)
tree: 8362bad106cf64219572ecab88f1b5f1c947660f
parent: 2d7d54a5c52e528bb3e1da8e3d64bcb427abc472 (diff)
download: poky-711e5e7b082a33382d6d28d4c37c84e21fc4027d.tar.gz
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 7830b87d46..191674333d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -66,6 +66,7 @@ SRC_URI = "\
     file://CVE-2017-17125.patch \
     file://CVE-2017-17123.patch \
     file://CVE-2018-10372.patch \
+     file://CVE-2018-10373.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 0000000000..963d767f84
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+        PR 23065
+        * dwarf2.c (concat_filename): Check for a NULL table pointer.
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
+++ git/bfd/dwarf2.c
+@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table
+ {
+   char *filename;
+ 
+-  if (file - 1 >= table->num_files)
+  if (table == NULL || file - 1 >= table->num_files)
+     {
+       /* FILE == 0 means unknown.  */
+       if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
+2018-04-17  Nick Clifton  <nickc@redhat.com>
+
+       PR 23065
+       * dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+ 2017-11-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22506
author	Armin Kuster <akuster@mvista.com>	2018-08-08 11:14:51 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-15 10:22:45 +0100
commit	711e5e7b082a33382d6d28d4c37c84e21fc4027d (patch)
tree	8362bad106cf64219572ecab88f1b5f1c947660f
parent	2d7d54a5c52e528bb3e1da8e3d64bcb427abc472 (diff)
download	poky-711e5e7b082a33382d6d28d4c37c84e21fc4027d.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 7830b87d46..191674333d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -66,6 +66,7 @@ SRC_URI = "\
66	file://CVE-2017-17125.patch \	66	file://CVE-2017-17125.patch \
67	file://CVE-2017-17123.patch \	67	file://CVE-2017-17123.patch \
68	file://CVE-2018-10372.patch \	68	file://CVE-2018-10372.patch \
		69	file://CVE-2018-10373.patch \
69	"	70	"
70	S = "${WORKDIR}/git"	71	S = "${WORKDIR}/git"
71		72


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch new file mode 100644 index 0000000000..963d767f84 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
		1	From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Tue, 17 Apr 2018 14:30:07 +0100
		4	Subject: [PATCH] Add a check for a NULL table pointer before attempting to
		5	compute a DWARF filename.
		6
		7	PR 23065
		8	* dwarf2.c (concat_filename): Check for a NULL table pointer.
		9
		10	Upstream-Status: Backport
		11	Affects: <= 2.30
		12	CVE: CVE-2018-10373
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 5 +++++
		17	bfd/dwarf2.c \| 2 +-
		18	2 files changed, 6 insertions(+), 1 deletion(-)
		19
		20	Index: git/bfd/dwarf2.c
		21	===================================================================
		22	--- git.orig/bfd/dwarf2.c
		23	+++ git/bfd/dwarf2.c
		24	@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table
		25	{
		26	char *filename;
		27
		28	- if (file - 1 >= table->num_files)
		29	+ if (table == NULL \|\| file - 1 >= table->num_files)
		30	{
		31	/* FILE == 0 means unknown. */
		32	if (file)
		33	Index: git/bfd/ChangeLog
		34	===================================================================
		35	--- git.orig/bfd/ChangeLog
		36	+++ git/bfd/ChangeLog
		37	@@ -1,3 +1,8 @@
		38	+2018-04-17 Nick Clifton <nickc@redhat.com>
		39	+
		40	+ PR 23065
		41	+ * dwarf2.c (concat_filename): Check for a NULL table pointer.
		42	+
		43	2017-11-28 Nick Clifton <nickc@redhat.com>
		44
		45	PR 22506