Binutils: Security fix for CVE-2018-7642

Affects: <= 2.30 (From OE-Core rev: a424ac771bfceed2cef4dad8c0fd698764bc62a6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-08 14:05:09 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-15 10:22:45 +0100
commit: b33d89d5ea8604657a59b83a30c3374079c34fd2 (patch)
tree: 63fbf6ada0e632e3523368fde2a97d7901d504d4
parent: bdb39814660ec744aae1ddae0b09bbdc8847b823 (diff)
download: poky-b33d89d5ea8604657a59b83a30c3374079c34fd2.tar.gz
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index cfde35cecd..eccb12828e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -76,6 +76,7 @@ SRC_URI = "\
     file://CVE-2018-7568_p1.patch \
     file://CVE-2018-7568_p2.patch \
     file://CVE-2018-7569.patch \
+     file://CVE-2018-7642.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000000..14b233e2c1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+        PR 22887
+        * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h   | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
+2018-02-28  Alan Modra  <amodra@gmail.com>
+
+       PR 22887
+       * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+ 2018-02-28  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22895
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
+++ git/bfd/aoutx.h
+@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf
+       || r_type == (unsigned int) RELOC_BASE22)
+     r_extern = 1;
+ 
+-  if (r_extern && r_index > symcount)
+  if (r_extern && r_index >= symcount)
+     {
+       /* We could arrange to return an error, but it might be useful
+-         to see the file even if it is bad.  */
+        to see the file even if it is bad.  FIXME: Of course this
+        means that objdump -r *doesn't* see the actual reloc, and
+        objcopy silently writes a different reloc.  */
+       r_extern = 0;
+       r_index = N_ABS;
+     }
author	Armin Kuster <akuster@mvista.com>	2018-08-08 14:05:09 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-15 10:22:45 +0100
commit	b33d89d5ea8604657a59b83a30c3374079c34fd2 (patch)
tree	63fbf6ada0e632e3523368fde2a97d7901d504d4
parent	bdb39814660ec744aae1ddae0b09bbdc8847b823 (diff)
download	poky-b33d89d5ea8604657a59b83a30c3374079c34fd2.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index cfde35cecd..eccb12828e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -76,6 +76,7 @@ SRC_URI = "\
76	file://CVE-2018-7568_p1.patch \	76	file://CVE-2018-7568_p1.patch \
77	file://CVE-2018-7568_p2.patch \	77	file://CVE-2018-7568_p2.patch \
78	file://CVE-2018-7569.patch \	78	file://CVE-2018-7569.patch \
		79	file://CVE-2018-7642.patch \
79	"	80	"
80	S = "${WORKDIR}/git"	81	S = "${WORKDIR}/git"
81		82


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch new file mode 100644 index 0000000000..14b233e2c1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
		1	From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Wed, 28 Feb 2018 22:09:50 +1030
		4	Subject: [PATCH] PR22887, null pointer dereference in
		5	aout_32_swap_std_reloc_out
		6
		7	PR 22887
		8	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
		9
		10	Upstream-Status: Backport
		11	Affects: <= 2.30
		12	CVE: CVE-2018-7642
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 5 +++++
		17	bfd/aoutx.h \| 6 ++++--
		18	2 files changed, 9 insertions(+), 2 deletions(-)
		19
		20	Index: git/bfd/ChangeLog
		21	===================================================================
		22	--- git.orig/bfd/ChangeLog
		23	+++ git/bfd/ChangeLog
		24	@@ -1,3 +1,8 @@
		25	+2018-02-28 Alan Modra <amodra@gmail.com>
		26	+
		27	+ PR 22887
		28	+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
		29	+
		30	2018-02-28 Nick Clifton <nickc@redhat.com>
		31
		32	PR 22895
		33	Index: git/bfd/aoutx.h
		34	===================================================================
		35	--- git.orig/bfd/aoutx.h
		36	+++ git/bfd/aoutx.h
		37	@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf
		38	\|\| r_type == (unsigned int) RELOC_BASE22)
		39	r_extern = 1;
		40
		41	- if (r_extern && r_index > symcount)
		42	+ if (r_extern && r_index >= symcount)
		43	{
		44	/* We could arrange to return an error, but it might be useful
		45	- to see the file even if it is bad. */
		46	+ to see the file even if it is bad. FIXME: Of course this
		47	+ means that objdump -r doesn't see the actual reloc, and
		48	+ objcopy silently writes a different reloc. */
		49	r_extern = 0;
		50	r_index = N_ABS;
		51	}