diff options
| author | Armin Kuster <akuster@mvista.com> | 2019-08-31 08:40:01 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-30 16:44:42 +0100 |
| commit | feb1ac93fd928137e62e4ca09d7e157e2495526d (patch) | |
| tree | 8a5206c97e784e399b1ab9330224fff4f6186e36 /meta | |
| parent | b174d936e91902c3e2ab800856bb7bc492d096a0 (diff) | |
| download | poky-feb1ac93fd928137e62e4ca09d7e157e2495526d.tar.gz | |
gcc-8.3: Security fix for CVE-2019-14250
Affects < 9.2
(From OE-Core rev: 125c77be468adf8b3be8d00f99d80bd77f7d2e1e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-devtools/gcc/gcc-8.3.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch | 44 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-8.3.inc b/meta/recipes-devtools/gcc/gcc-8.3.inc index dce85a2943..80f716aeac 100644 --- a/meta/recipes-devtools/gcc/gcc-8.3.inc +++ b/meta/recipes-devtools/gcc/gcc-8.3.inc | |||
| @@ -74,6 +74,7 @@ SRC_URI = "\ | |||
| 74 | file://0041-Add-a-recursion-limit-to-libiberty-s-demangling-code.patch \ | 74 | file://0041-Add-a-recursion-limit-to-libiberty-s-demangling-code.patch \ |
| 75 | file://0042-PR-debug-86964.patch \ | 75 | file://0042-PR-debug-86964.patch \ |
| 76 | file://0043-PR85434-Prevent-spilling-of-stack-protector-guard-s-.patch \ | 76 | file://0043-PR85434-Prevent-spilling-of-stack-protector-guard-s-.patch \ |
| 77 | file://CVE-2019-14250.patch \ | ||
| 77 | " | 78 | " |
| 78 | SRC_URI[md5sum] = "65b210b4bfe7e060051f799e0f994896" | 79 | SRC_URI[md5sum] = "65b210b4bfe7e060051f799e0f994896" |
| 79 | SRC_URI[sha256sum] = "64baadfe6cc0f4947a84cb12d7f0dfaf45bb58b7e92461639596c21e02d97d2c" | 80 | SRC_URI[sha256sum] = "64baadfe6cc0f4947a84cb12d7f0dfaf45bb58b7e92461639596c21e02d97d2c" |
diff --git a/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch b/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch new file mode 100644 index 0000000000..e327684e16 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | From a4f1b58eb48b349a5f353bc69c30be553506d33b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4> | ||
| 3 | Date: Thu, 25 Jul 2019 10:48:26 +0000 | ||
| 4 | Subject: [PATCH] 2019-07-25 Richard Biener <rguenther@suse.de> | ||
| 5 | |||
| 6 | PR lto/90924 | ||
| 7 | Backport from mainline | ||
| 8 | 2019-07-12 Ren Kimura <rkx1209dev@gmail.com> | ||
| 9 | |||
| 10 | * simple-object-elf.c (simple_object_elf_match): Check zero value | ||
| 11 | shstrndx. | ||
| 12 | |||
| 13 | |||
| 14 | git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-8-branch@273794 138bc75d-0d04-0410-961f-82ee72b054a4 | ||
| 15 | |||
| 16 | Upstream-Status: Backport | ||
| 17 | Affectes: < 9.2 | ||
| 18 | CVE: CVE-2019-14250 | ||
| 19 | Dropped changelog | ||
| 20 | Signed-off-by: Armin Kuster <Akustre@mvista.com> | ||
| 21 | |||
| 22 | --- | ||
| 23 | libiberty/simple-object-elf.c | 8 ++++++++ | ||
| 24 | 2 files changed, 17 insertions(+) | ||
| 25 | |||
| 26 | Index: gcc-8.2.0/libiberty/simple-object-elf.c | ||
| 27 | =================================================================== | ||
| 28 | --- gcc-8.2.0.orig/libiberty/simple-object-elf.c | ||
| 29 | +++ gcc-8.2.0/libiberty/simple-object-elf.c | ||
| 30 | @@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h | ||
| 31 | return NULL; | ||
| 32 | } | ||
| 33 | |||
| 34 | + if (eor->shstrndx == 0) | ||
| 35 | + { | ||
| 36 | + *errmsg = "invalid ELF shstrndx == 0"; | ||
| 37 | + *err = 0; | ||
| 38 | + XDELETE (eor); | ||
| 39 | + return NULL; | ||
| 40 | + } | ||
| 41 | + | ||
| 42 | return (void *) eor; | ||
| 43 | } | ||
| 44 | |||