summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils
diff options
context:
space:
mode:
authorYash Shinde <yashinde145@gmail.com>2023-03-16 16:39:44 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-03-17 17:17:42 +0000
commitdc2ac3ca4f8146e8f75682543596639a537e5695 (patch)
tree2a92fcf62c0da7552e0863f913a1f340b8061746 /meta/recipes-devtools/binutils
parent033d1edc423b97c644fb669ed0b73923182310ee (diff)
downloadpoky-dc2ac3ca4f8146e8f75682543596639a537e5695.tar.gz
binutils: Fix CVE-2023-25586
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502] (From OE-Core rev: c8b9196d8ae2452c36bc8c2863a3cca740b4999e) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.40.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch34
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc b/meta/recipes-devtools/binutils/binutils-2.40.inc
index c2b926bb32..93631ca3d7 100644
--- a/meta/recipes-devtools/binutils/binutils-2.40.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.40.inc
@@ -34,5 +34,6 @@ SRC_URI = "\
34 file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ 34 file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
35 file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \ 35 file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \
36 file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ 36 file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
37 file://0016-CVE-2023-25586.patch \
37" 38"
38S = "${WORKDIR}/git" 39S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch
new file mode 100644
index 0000000000..43e36caf3f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch
@@ -0,0 +1,34 @@
1From 5830876a0cca17bef3b2d54908928e72cca53502 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Tue, 6 Dec 2022 08:37:52 +1030
4Subject: [PATCH] PR29855, ch_type in bfd_init_section_decompress_status can be
5 uninitialized
6
7 PR 29855
8 * compress.c (bfd_init_section_decompress_status): Set ch_type
9 to zero for zlib-gnu case.
10
11Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502]
12
13CVE: CVE-2023-25586
14
15Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
16---
17 bfd/compress.c | 1 +
18 1 file changed, 1 insertion(+)
19
20diff --git a/bfd/compress.c b/bfd/compress.c
21index 3d8c1d769f1..6b083468ca8 100644
22--- a/bfd/compress.c
23+++ b/bfd/compress.c
24@@ -1012,7 +1012,7 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec)
25 return false;
26 }
27 uncompressed_size = bfd_getb64 (header + 4);
28- ch_type = ch_none;
29+ ch_type = 0;
30 }
31 else if (!bfd_check_compression_header (abfd, header, sec,
32 &ch_type,
33--
342.31.1
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-11 22:06:15 +0000