elfutils: fix CVE-2018-18520 & CVE-2018-18521 & CVE-2018-18310

These CVE fixes come from upstream master branch and no
new version released, so backport rather than upgrade.

(From OE-Core rev: bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 40 insertions, 0 deletions

diff --git a/meta/recipes-devtools/elfutils/files/0001-size-Handle-recursive-ELF-ar-files.patch b/meta/recipes-devtools/elfutils/files/0001-size-Handle-recursive-ELF-ar-files.patch
new file mode 100644
index 0000000000..6fed82692c
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/0001-size-Handle-recursive-ELF-ar-files.patch
@@ -0,0 +1,40 @@
+From 440d34d0ee37964453245895d38d7fc31bcf3d7d Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 18 Oct 2018 23:15:48 +0200
+Subject: [PATCH] size: Handle recursive ELF ar files.
+
+eu-size didn't handle an ELF ar file that contained an ar file itself
+correctly. handle_ar would recursively call itself but close the ELF
+file before returning. Only close the ELF file at the top-level.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=23787
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+CVE: CVE-2018-18520
+Upstream-Status: Backport [http://sourceware.org/git/elfutils.git]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ src/size.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/size.c b/src/size.c
+index 5ff3f2a..f01fd88 100644
+--- a/src/size.c
++++ b/src/size.c
+@@ -374,8 +374,10 @@ handle_ar (int fd, Elf *elf, const char *prefix, const char *fname)
+        INTERNAL_ERROR (fname);
+     }
+ 
+-  if (unlikely (elf_end (elf) != 0))
+-    INTERNAL_ERROR (fname);
++  /* Only close ELF handle if this was a "top level" ar file.  */
++  if (prefix == NULL)
++    if (unlikely (elf_end (elf) != 0))
++      INTERNAL_ERROR (fname);
+ 
+   return result;
+ }
+-- 
+2.7.4
+