gcc: Security fix CVE-2016-4488

(From OE-Core rev: de673641ec75b20a73eda81f3e7e8a8259993a14) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-05-05 15:12:58 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-17 20:53:36 +0100
commit: 5a1ac4ea59e2e0f1c175a9250c9aa9bd8c6c7d97 (patch)
tree: 4b2778591a8e3222c3e5f425e22dc2bd6c1ab9f6 /meta/recipes-devtools
parent: 3aa988ef77d20f954b2c635c7997cd51a1dbf90f (diff)
download: poky-5a1ac4ea59e2e0f1c175a9250c9aa9bd8c6c7d97.tar.gz
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-5.3.inc b/meta/recipes-devtools/gcc/gcc-5.3.inc
index 118ddb9dd4..e4185c2a44 100644
--- a/meta/recipes-devtools/gcc/gcc-5.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-5.3.inc
@@ -89,6 +89,7 @@ SRC_URI = "\
           file://0057-unwind-fix-for-musl.patch \
           file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \
           file://0059-libgcc-use-ldflags.patch \
+           file://CVE-2016-4488.patch \
 "
 BACKPORTS = ""
diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch
new file mode 100644
index 0000000000..30e0ffeace
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch
@@ -0,0 +1,73 @@
+From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001
+From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 31 Mar 2016 17:20:53 +0000
+Subject: [PATCH]        * cplus-dem.c (squangle_mop_up): Zero bsize/ksize
+ after freeing  btypevec/ktypevec.      * testsuite/demangle-expected: Add
+ coverage tests.
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
+CVE:  CVE-2016-4488
+patched ChangeLog and demangle-expected as patch is from tip.
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ libiberty/ChangeLog                   |  7 +++++++
+ libiberty/cplus-dem.c                 |  2 ++
+ libiberty/testsuite/demangle-expected | 10 ++++++++++
+ 3 files changed, 19 insertions(+)
+Index: gcc-5.3.0/libiberty/cplus-dem.c
+===================================================================
+--- gcc-5.3.0.orig/libiberty/cplus-dem.c
+++ gcc-5.3.0/libiberty/cplus-dem.c
+@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work
+     {
+       free ((char *) work -> btypevec);
+       work->btypevec = NULL;
+      work->bsize = 0;
+     }
+   if (work -> ktypevec != NULL)
+     {
+       free ((char *) work -> ktypevec);
+       work->ktypevec = NULL;
+      work->ksize = 0;
+     }
+ }
+ 
+Index: gcc-5.3.0/libiberty/testsuite/demangle-expected
+===================================================================
+--- gcc-5.3.0.orig/libiberty/testsuite/demangle-expected
+++ gcc-5.3.0/libiberty/testsuite/demangle-expected
+@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP
+ --format=gnu-v3
+ _Z1fSsB3fooS_
+ f(std::string[abi:foo], std::string[abi:foo])
+#
+# Tests a use-after-free problem
+
+_Q.__0
+::Q.(void)
+#
+# Tests a use-after-free problem
+
+_Q10-__9cafebabe.
+cafebabe.::-(void)
+Index: gcc-5.3.0/libiberty/ChangeLog
+===================================================================
+--- gcc-5.3.0.orig/libiberty/ChangeLog
+++ gcc-5.3.0/libiberty/ChangeLog
+@@ -1,3 +1,10 @@
+2016-03-31  Mikhail Maltsev  <maltsevm@gmail.com>
+           Marcel Bohme  boehme.marcel@gmail.com
+
+       * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
+       btypevec/ktypevec.
+       * testsuite/demangle-expected: Add coverage tests.
+
+ 2015-12-04  Release Manager
+ 
+        * GCC 5.3.0 released.
author	Armin Kuster <akuster@mvista.com>	2016-05-05 15:12:58 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-17 20:53:36 +0100
commit	5a1ac4ea59e2e0f1c175a9250c9aa9bd8c6c7d97 (patch)
tree	4b2778591a8e3222c3e5f425e22dc2bd6c1ab9f6 /meta/recipes-devtools
parent	3aa988ef77d20f954b2c635c7997cd51a1dbf90f (diff)
download	poky-5a1ac4ea59e2e0f1c175a9250c9aa9bd8c6c7d97.tar.gz

diff --git a/meta/recipes-devtools/gcc/gcc-5.3.inc b/meta/recipes-devtools/gcc/gcc-5.3.inc index 118ddb9dd4..e4185c2a44 100644 --- a/meta/recipes-devtools/gcc/gcc-5.3.inc +++ b/meta/recipes-devtools/gcc/gcc-5.3.inc
@@ -89,6 +89,7 @@ SRC_URI = "\
89	file://0057-unwind-fix-for-musl.patch \	89	file://0057-unwind-fix-for-musl.patch \
90	file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \	90	file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \
91	file://0059-libgcc-use-ldflags.patch \	91	file://0059-libgcc-use-ldflags.patch \
		92	file://CVE-2016-4488.patch \
92	"	93	"
93		94
94	BACKPORTS = ""	95	BACKPORTS = ""


diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch new file mode 100644 index 0000000000..30e0ffeace --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch
@@ -0,0 +1,73 @@
		1	From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001
		2	From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
		3	Date: Thu, 31 Mar 2016 17:20:53 +0000
		4	Subject: [PATCH] * cplus-dem.c (squangle_mop_up): Zero bsize/ksize
		5	after freeing btypevec/ktypevec. * testsuite/demangle-expected: Add
		6	coverage tests.
		7
		8	git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4
		9
		10	Upstream-Status: Backport
		11	CVE: CVE-2016-4488
		12
		13	patched ChangeLog and demangle-expected as patch is from tip.
		14	Signed-off-by: Armin Kuster <akuster@mvista.com>
		15
		16
		17	---
		18	libiberty/ChangeLog \| 7 +++++++
		19	libiberty/cplus-dem.c \| 2 ++
		20	libiberty/testsuite/demangle-expected \| 10 ++++++++++
		21	3 files changed, 19 insertions(+)
		22
		23	Index: gcc-5.3.0/libiberty/cplus-dem.c
		24	===================================================================
		25	--- gcc-5.3.0.orig/libiberty/cplus-dem.c
		26	+++ gcc-5.3.0/libiberty/cplus-dem.c
		27	@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work
		28	{
		29	free ((char *) work -> btypevec);
		30	work->btypevec = NULL;
		31	+ work->bsize = 0;
		32	}
		33	if (work -> ktypevec != NULL)
		34	{
		35	free ((char *) work -> ktypevec);
		36	work->ktypevec = NULL;
		37	+ work->ksize = 0;
		38	}
		39	}
		40
		41	Index: gcc-5.3.0/libiberty/testsuite/demangle-expected
		42	===================================================================
		43	--- gcc-5.3.0.orig/libiberty/testsuite/demangle-expected
		44	+++ gcc-5.3.0/libiberty/testsuite/demangle-expected
		45	@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP
		46	--format=gnu-v3
		47	_Z1fSsB3fooS_
		48	f(std::string[abi:foo], std::string[abi:foo])
		49	+#
		50	+# Tests a use-after-free problem
		51	+
		52	+_Q.__0
		53	+::Q.(void)
		54	+#
		55	+# Tests a use-after-free problem
		56	+
		57	+_Q10-__9cafebabe.
		58	+cafebabe.::-(void)
		59	Index: gcc-5.3.0/libiberty/ChangeLog
		60	===================================================================
		61	--- gcc-5.3.0.orig/libiberty/ChangeLog
		62	+++ gcc-5.3.0/libiberty/ChangeLog
		63	@@ -1,3 +1,10 @@
		64	+2016-03-31 Mikhail Maltsev <maltsevm@gmail.com>
		65	+ Marcel Bohme boehme.marcel@gmail.com
		66	+
		67	+ * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
		68	+ btypevec/ktypevec.
		69	+ * testsuite/demangle-expected: Add coverage tests.
		70	+
		71	2015-12-04 Release Manager
		72
		73	* GCC 5.3.0 released.