binutls: Security fix CVE-2018-10373

Affects <= 2.30 (From OE-Core rev: 3c83b9be884015e238249c0382299aedf4d81459) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-05 22:03:27 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-06 16:24:03 +0100
commit: 6d092834bd4847c2ab965bc55420304b43b579fa (patch)
tree: d6aa8a548c9ff74bd62215940a35fd4088bd6c79 /meta/recipes-devtools
parent: ea6a69cb83fa128ca8606d9e5f5cbb8cd89df1f1 (diff)
download: poky-6d092834bd4847c2ab965bc55420304b43b579fa.tar.gz
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 89957154c1..7b1705e8eb 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
     file://CVE-2018-7208.patch \
     file://CVE-2018-7569.patch \
     file://CVE-2018-7568.patch \
+     file://CVE-2018-10373.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 0000000000..d547cf1154
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+        PR 23065
+        * dwarf2.c (concat_filename): Check for a NULL table pointer.
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
+++ git/bfd/dwarf2.c
+@@ -1565,7 +1565,7 @@ concat_filename (struct line_info_table
+ {
+   char *filename;
+ 
+-  if (file - 1 >= table->num_files)
+  if (table == NULL || file - 1 >= table->num_files)
+     {
+       /* FILE == 0 means unknown.  */
+       if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
+2018-04-17  Nick Clifton  <nickc@redhat.com>
+
+       PR 23065
+       * dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+ 2018-01-29  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22741
author	Armin Kuster <akuster@mvista.com>	2018-08-05 22:03:27 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-06 16:24:03 +0100
commit	6d092834bd4847c2ab965bc55420304b43b579fa (patch)
tree	d6aa8a548c9ff74bd62215940a35fd4088bd6c79 /meta/recipes-devtools
parent	ea6a69cb83fa128ca8606d9e5f5cbb8cd89df1f1 (diff)
download	poky-6d092834bd4847c2ab965bc55420304b43b579fa.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc index 89957154c1..7b1705e8eb 100644 --- a/meta/recipes-devtools/binutils/binutils-2.30.inc +++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
43	file://CVE-2018-7208.patch \	43	file://CVE-2018-7208.patch \
44	file://CVE-2018-7569.patch \	44	file://CVE-2018-7569.patch \
45	file://CVE-2018-7568.patch \	45	file://CVE-2018-7568.patch \
		46	file://CVE-2018-10373.patch \
46	"	47	"
47	S = "${WORKDIR}/git"	48	S = "${WORKDIR}/git"
48		49


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch new file mode 100644 index 0000000000..d547cf1154 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
		1	From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Tue, 17 Apr 2018 14:30:07 +0100
		4	Subject: [PATCH] Add a check for a NULL table pointer before attempting to
		5	compute a DWARF filename.
		6
		7	PR 23065
		8	* dwarf2.c (concat_filename): Check for a NULL table pointer.
		9
		10	Upstream-Status: Backport
		11	Affects: Binutils <= 2.30
		12	CVE: CVE-2018-10373
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 5 +++++
		17	bfd/dwarf2.c \| 2 +-
		18	2 files changed, 6 insertions(+), 1 deletion(-)
		19
		20	Index: git/bfd/dwarf2.c
		21	===================================================================
		22	--- git.orig/bfd/dwarf2.c
		23	+++ git/bfd/dwarf2.c
		24	@@ -1565,7 +1565,7 @@ concat_filename (struct line_info_table
		25	{
		26	char *filename;
		27
		28	- if (file - 1 >= table->num_files)
		29	+ if (table == NULL \|\| file - 1 >= table->num_files)
		30	{
		31	/* FILE == 0 means unknown. */
		32	if (file)
		33	Index: git/bfd/ChangeLog
		34	===================================================================
		35	--- git.orig/bfd/ChangeLog
		36	+++ git/bfd/ChangeLog
		37	@@ -1,3 +1,8 @@
		38	+2018-04-17 Nick Clifton <nickc@redhat.com>
		39	+
		40	+ PR 23065
		41	+ * dwarf2.c (concat_filename): Check for a NULL table pointer.
		42	+
		43	2018-01-29 Alan Modra <amodra@gmail.com>
		44
		45	PR 22741