binutils: several security fixes

CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] (From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c) (From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba) (From OE-Core rev: 2343cdb81ddef875dc3d52b07565b4ce9b3a14a4) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2015-03-06 13:43:36 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-03-10 11:54:04 +0000
commit: 7c0d759c5529daf15482dfcb42bd9c6c4884958a (patch)
tree: 9df730feba0958a1c5eb9bbbfb278ed4ad9fa846 /meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
parent: 9ca89fe495349099125b9bef4888ed1da7ea230d (diff)
download: poky-7c0d759c5529daf15482dfcb42bd9c6c4884958a.tar.gz
1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
new file mode 100644
index 0000000000..05af65bad1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
+Upstream-Status: Backport
+CVE-2014-8502 fix.
+[YOCTO #7084]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 15:42:56 +0000
+Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
+        PR binutils/17512
+        * elf.c (bfd_section_from_shdr): Allocate and free the recursion
+        detection table on a per-bfd basis.
+        * peXXigen.c (pe_print_edata): Handle binaries with a truncated
+        export table.
+---
+ bfd/ChangeLog  |  8 ++++++++
+ bfd/elf.c      | 16 +++++++++++++---
+ bfd/peXXigen.c |  9 +++++++++
+ 3 files changed, 30 insertions(+), 3 deletions(-)
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
+++ binutils-2.24/bfd/peXXigen.c
+@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
+        }
+     }
+ 
+  /* PR 17512: Handle corrupt PE binaries.  */
+  if (datasize < 36)
+    {
+      fprintf (file,
+              _("\nThere is an export table in %s, but it is too small (%d)\n"),
+              section->name, (int) datasize);
+      return TRUE;
+    }
+
+   fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
+           section->name, (unsigned long) addr);
+ 
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
+++ binutils-2.24/bfd/elf.c
+@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   const char *name;
+   bfd_boolean ret = TRUE;
+   static bfd_boolean * sections_being_created = NULL;
+  static bfd * sections_being_created_abfd = NULL;
+   static unsigned int nesting = 0;
+ 
+   if (shindex >= elf_numsections (abfd))
+@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
+         loop.  Detect this here, by refusing to load a section that we are
+         already in the process of loading.  We only trigger this test if
+         we have nested at least three sections deep as normal ELF binaries
+-        can expect to recurse at least once.  */
+        can expect to recurse at least once.  
+     
+     FIXME: It would be better if this array was attached to the bfd,
+     rather than being held in a static pointer.  */
+     
+      if (sections_being_created_abfd != abfd)
+        sections_being_created = NULL;
+       
+       if (sections_being_created == NULL)
+        {
+          /* FIXME: It would be more efficient to attach this array to the bfd somehow.  */
+          sections_being_created = (bfd_boolean *)
+            bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
+        sections_being_created_abfd = abfd;
+        }
+       if (sections_being_created [shindex])
+        {
+@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   if (sections_being_created)
+     sections_being_created [shindex] = FALSE;
+   if (-- nesting == 0)
+  {
+     sections_being_created = NULL;
+    sections_being_created_abfd = abfd;
+  }
+   return ret;
+ }
+
author	Armin Kuster <akuster808@gmail.com>	2015-03-06 13:43:36 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-03-10 11:54:04 +0000
commit	7c0d759c5529daf15482dfcb42bd9c6c4884958a (patch)
tree	9df730feba0958a1c5eb9bbbfb278ed4ad9fa846 /meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
parent	9ca89fe495349099125b9bef4888ed1da7ea230d (diff)
download	poky-7c0d759c5529daf15482dfcb42bd9c6c4884958a.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch new file mode 100644 index 0000000000..05af65bad1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
	1	Upstream-Status: Backport
	2
	3	CVE-2014-8502 fix.
	4
	5	[YOCTO #7084]
	6
	7	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	8
	9	From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
	10	From: Nick Clifton <nickc@redhat.com>
	11	Date: Tue, 28 Oct 2014 15:42:56 +0000
	12	Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
	13
	14	PR binutils/17512
	15	* elf.c (bfd_section_from_shdr): Allocate and free the recursion
	16	detection table on a per-bfd basis.
	17	* peXXigen.c (pe_print_edata): Handle binaries with a truncated
	18	export table.
	19	---
	20	bfd/ChangeLog \| 8 ++++++++
	21	bfd/elf.c \| 16 +++++++++++++---
	22	bfd/peXXigen.c \| 9 +++++++++
	23	3 files changed, 30 insertions(+), 3 deletions(-)
	24
	25	Index: binutils-2.24/bfd/peXXigen.c
	26	===================================================================
	27	--- binutils-2.24.orig/bfd/peXXigen.c
	28	+++ binutils-2.24/bfd/peXXigen.c
	29	@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
	30	}
	31	}
	32
	33	+ /* PR 17512: Handle corrupt PE binaries. */
	34	+ if (datasize < 36)
	35	+ {
	36	+ fprintf (file,
	37	+ _("\nThere is an export table in %s, but it is too small (%d)\n"),
	38	+ section->name, (int) datasize);
	39	+ return TRUE;
	40	+ }
	41	+
	42	fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
	43	section->name, (unsigned long) addr);
	44
	45	Index: binutils-2.24/bfd/elf.c
	46	===================================================================
	47	--- binutils-2.24.orig/bfd/elf.c
	48	+++ binutils-2.24/bfd/elf.c
	49	@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
	50	const char *name;
	51	bfd_boolean ret = TRUE;
	52	static bfd_boolean * sections_being_created = NULL;
	53	+ static bfd * sections_being_created_abfd = NULL;
	54	static unsigned int nesting = 0;
	55
	56	if (shindex >= elf_numsections (abfd))
	57	@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
	58	loop. Detect this here, by refusing to load a section that we are
	59	already in the process of loading. We only trigger this test if
	60	we have nested at least three sections deep as normal ELF binaries
	61	- can expect to recurse at least once. */
	62	+ can expect to recurse at least once.
	63	+
	64	+ FIXME: It would be better if this array was attached to the bfd,
	65	+ rather than being held in a static pointer. */
	66	+
	67	+ if (sections_being_created_abfd != abfd)
	68	+ sections_being_created = NULL;
	69
	70	if (sections_being_created == NULL)
	71	{
	72	/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
	73	sections_being_created = (bfd_boolean *)
	74	bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
	75	+ sections_being_created_abfd = abfd;
	76	}
	77	if (sections_being_created [shindex])
	78	{
	79	@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
	80	if (sections_being_created)
	81	sections_being_created [shindex] = FALSE;
	82	if (-- nesting == 0)
	83	+ {
	84	sections_being_created = NULL;
	85	+ sections_being_created_abfd = abfd;
	86	+ }
	87	return ret;
	88	}
	89