binutls: Security fix CVE-2018-7642

Affects <= 2.30 (From OE-Core rev: 8c58ec80990a2c6b8b5e0832b3d5fe2c3f4378ff) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2018-08-05 21:57:46 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-06 16:24:02 +0100
commit: e23d92483830a7e93ba367a282247fee097837d6 (patch)
tree: c08132474e83c157058bf7cf4c72dca0fd8cb0a3 /meta
parent: 0112dfc031bae5a15cbfbb29766653d130d64d5a (diff)
download: poky-e23d92483830a7e93ba367a282247fee097837d6.tar.gz
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 1621e5b422..6b915fa093 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -39,6 +39,7 @@ SRC_URI = "\
     file://CVE-2018-7643.patch \
     file://CVE-2018-6872.patch \ 
     file://CVE-2018-6759.patch \
+     file://CVE-2018-7642.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000000..9def46cf56
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+        PR 22887
+        * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h   | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
+++ git/bfd/aoutx.h
+@@ -2284,10 +2284,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
+   if (r_baserel)
+     r_extern = 1;
+ 
+-  if (r_extern && r_index > symcount)
+  if (r_extern && r_index >= symcount)
+     {
+       /* We could arrange to return an error, but it might be useful
+-        to see the file even if it is bad.  */
+        to see the file even if it is bad.  FIXME: Of course this
+        means that objdump -r *doesn't* see the actual reloc, and
+        objcopy silently writes a different reloc.  */
+       r_extern = 0;
+       r_index = N_ABS;
+     }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
+2018-02-28  Alan Modra  <amodra@gmail.com>
+
+       PR 22887
+       * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+ 2018-02-06  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22794
author	Armin Kuster <akuster@mvista.com>	2018-08-05 21:57:46 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-06 16:24:02 +0100
commit	e23d92483830a7e93ba367a282247fee097837d6 (patch)
tree	c08132474e83c157058bf7cf4c72dca0fd8cb0a3 /meta
parent	0112dfc031bae5a15cbfbb29766653d130d64d5a (diff)
download	poky-e23d92483830a7e93ba367a282247fee097837d6.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc index 1621e5b422..6b915fa093 100644 --- a/meta/recipes-devtools/binutils/binutils-2.30.inc +++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -39,6 +39,7 @@ SRC_URI = "\
39	file://CVE-2018-7643.patch \	39	file://CVE-2018-7643.patch \
40	file://CVE-2018-6872.patch \	40	file://CVE-2018-6872.patch \
41	file://CVE-2018-6759.patch \	41	file://CVE-2018-6759.patch \
		42	file://CVE-2018-7642.patch \
42	"	43	"
43	S = "${WORKDIR}/git"	44	S = "${WORKDIR}/git"
44		45


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch new file mode 100644 index 0000000000..9def46cf56 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
		1	From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Wed, 28 Feb 2018 22:09:50 +1030
		4	Subject: [PATCH] PR22887, null pointer dereference in
		5	aout_32_swap_std_reloc_out
		6
		7	PR 22887
		8	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
		9
		10	Upstream-Status: Backport
		11	Affects: Binutils <= 2.30
		12	CVE: CVE-2018-7642
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	bfd/ChangeLog \| 5 +++++
		17	bfd/aoutx.h \| 6 ++++--
		18	2 files changed, 9 insertions(+), 2 deletions(-)
		19
		20	Index: git/bfd/aoutx.h
		21	===================================================================
		22	--- git.orig/bfd/aoutx.h
		23	+++ git/bfd/aoutx.h
		24	@@ -2284,10 +2284,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
		25	if (r_baserel)
		26	r_extern = 1;
		27
		28	- if (r_extern && r_index > symcount)
		29	+ if (r_extern && r_index >= symcount)
		30	{
		31	/* We could arrange to return an error, but it might be useful
		32	- to see the file even if it is bad. */
		33	+ to see the file even if it is bad. FIXME: Of course this
		34	+ means that objdump -r doesn't see the actual reloc, and
		35	+ objcopy silently writes a different reloc. */
		36	r_extern = 0;
		37	r_index = N_ABS;
		38	}
		39	Index: git/bfd/ChangeLog
		40	===================================================================
		41	--- git.orig/bfd/ChangeLog
		42	+++ git/bfd/ChangeLog
		43	@@ -1,3 +1,8 @@
		44	+2018-02-28 Alan Modra <amodra@gmail.com>
		45	+
		46	+ PR 22887
		47	+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
		48	+
		49	2018-02-06 Nick Clifton <nickc@redhat.com>
		50
		51	PR 22794