binutls: Secuirty fix CVE-2017-8394

Affects: <= 2.28 (From OE-Core rev: 4684afc0f29beafc0b97a0c7f0479a88c5a69d8e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-26 12:11:27 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-11 22:02:58 +0000
commit: e1092451684ec675af2206d6089b7bdaabe6e20f (patch)
tree: 28da28975b89d0b98167544f1626cbcbb12f2a89 /meta
parent: 6da272440da118f656f432a800491e0ef3b46466 (diff)
download: poky-e1092451684ec675af2206d6089b7bdaabe6e20f.tar.gz
2 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 53299fa013..8334a4c270 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
     file://CVE-2017-7223.patch \
     file://CVE-2017-7614.patch \
     file://CVE-2017-8393.patch \
+     file://CVE-2017-8394.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 0000000000..e6c6b17da4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,118 @@
+From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 23 Apr 2017 15:21:11 +0930
+Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section
+ sym
+        PR 21414
+        * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+        * elf.c (lcomm_sym): New.
+        (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+        * bfd-in2.h: Regenerate.
+Upstream-Status: Backport
+CVE: CVE-2017-8394
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/bfd-in2.h | 12 ++++++++++++
+ bfd/elf.c     |  6 ++++--
+ bfd/section.c | 24 ++++++++++++------------
+ 4 files changed, 36 insertions(+), 14 deletions(-)
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
+++ git/bfd/bfd-in2.h
+@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
+      { NULL }, { NULL }                                                \
+     }
+ 
+/* We use a macro to initialize the static asymbol structures because
+   traditional C does not permit us to initialize a union member while
+   gcc warns if we don't initialize it.
+   the_bfd, name, value, attr, section [, udata]  */
+#ifdef __STDC__
+#define GLOBAL_SYM_INIT(NAME, SECTION) \
+  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+#else
+#define GLOBAL_SYM_INIT(NAME, SECTION) \
+  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+#endif
+
+ void bfd_section_list_clear (bfd *);
+ 
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
+++ git/bfd/elf.c
+@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd
+ 
+ /* It is only used by x86-64 so far.
+    ??? This repeats *COM* id of zero.  sec->id is supposed to be unique,
+-   but current usage would allow all of _bfd_std_section to be zero.  t*/
+   but current usage would allow all of _bfd_std_section to be zero.  */
+static const asymbol lcomm_sym
+  = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+-  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
+  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+                      "LARGE_COMMON", 0, SEC_IS_COMMON);
+ 
+ void
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c
+++ git/bfd/section.c
+@@ -738,20 +738,20 @@ CODE_FRAGMENT
+ .     { NULL }, { NULL }                                               \
+ .    }
+ .
+.{* We use a macro to initialize the static asymbol structures because
+.   traditional C does not permit us to initialize a union member while
+.   gcc warns if we don't initialize it.
+.   the_bfd, name, value, attr, section [, udata]  *}
+.#ifdef __STDC__
+.#define GLOBAL_SYM_INIT(NAME, SECTION) \
+.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+.#else
+.#define GLOBAL_SYM_INIT(NAME, SECTION) \
+.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+.#endif
+.
+ */
+ 
+-/* We use a macro to initialize the static asymbol structures because
+-   traditional C does not permit us to initialize a union member while
+-   gcc warns if we don't initialize it.  */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD.  Therefore, anything
+    that tries to change them is broken, and should be repaired.  */
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,4 +1,12 @@
+
+ 2017-04-23  Alan Modra  <amodra@gmail.com>
+       PR 21414
+       * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+       * elf.c (lcomm_sym): New.
+       (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+       * bfd-in2.h: Regenerate.
+
++2017-04-23  Alan Modra  <amodra@gmail.com>
+  
+        PR 21412
+        * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
author	Armin Kuster <akuster808@gmail.com>	2017-11-26 12:11:27 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-11 22:02:58 +0000
commit	e1092451684ec675af2206d6089b7bdaabe6e20f (patch)
tree	28da28975b89d0b98167544f1626cbcbb12f2a89 /meta
parent	6da272440da118f656f432a800491e0ef3b46466 (diff)
download	poky-e1092451684ec675af2206d6089b7bdaabe6e20f.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 53299fa013..8334a4c270 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
46	file://CVE-2017-7223.patch \	46	file://CVE-2017-7223.patch \
47	file://CVE-2017-7614.patch \	47	file://CVE-2017-7614.patch \
48	file://CVE-2017-8393.patch \	48	file://CVE-2017-8393.patch \
		49	file://CVE-2017-8394.patch \
49	"	50	"
50	S = "${WORKDIR}/git"	51	S = "${WORKDIR}/git"
51		52


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch new file mode 100644 index 0000000000..e6c6b17da4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,118 @@
		1	From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Sun, 23 Apr 2017 15:21:11 +0930
		4	Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section
		5	sym
		6
		7	PR 21414
		8	* section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
		9	* elf.c (lcomm_sym): New.
		10	(_bfd_elf_large_com_section): Use lcomm_sym section symbol.
		11	* bfd-in2.h: Regenerate.
		12
		13	Upstream-Status: Backport
		14	CVE: CVE-2017-8394
		15	Signed-off-by: Armin Kuster <akuster@mvista.com>
		16
		17	---
		18	bfd/ChangeLog \| 8 ++++++++
		19	bfd/bfd-in2.h \| 12 ++++++++++++
		20	bfd/elf.c \| 6 ++++--
		21	bfd/section.c \| 24 ++++++++++++------------
		22	4 files changed, 36 insertions(+), 14 deletions(-)
		23
		24	Index: git/bfd/bfd-in2.h
		25	===================================================================
		26	--- git.orig/bfd/bfd-in2.h
		27	+++ git/bfd/bfd-in2.h
		28	@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
		29	{ NULL }, { NULL } \
		30	}
		31
		32	+/* We use a macro to initialize the static asymbol structures because
		33	+ traditional C does not permit us to initialize a union member while
		34	+ gcc warns if we don't initialize it.
		35	+ the_bfd, name, value, attr, section [, udata] */
		36	+#ifdef __STDC__
		37	+#define GLOBAL_SYM_INIT(NAME, SECTION) \
		38	+ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
		39	+#else
		40	+#define GLOBAL_SYM_INIT(NAME, SECTION) \
		41	+ { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
		42	+#endif
		43	+
		44	void bfd_section_list_clear (bfd *);
		45
		46	asection bfd_get_section_by_name (bfd abfd, const char *name);
		47	Index: git/bfd/elf.c
		48	===================================================================
		49	--- git.orig/bfd/elf.c
		50	+++ git/bfd/elf.c
		51	@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd
		52
		53	/* It is only used by x86-64 so far.
		54	??? This repeats COM id of zero. sec->id is supposed to be unique,
		55	- but current usage would allow all of _bfd_std_section to be zero. t*/
		56	+ but current usage would allow all of _bfd_std_section to be zero. */
		57	+static const asymbol lcomm_sym
		58	+ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
		59	asection _bfd_elf_large_com_section
		60	- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
		61	+ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
		62	"LARGE_COMMON", 0, SEC_IS_COMMON);
		63
		64	void
		65	Index: git/bfd/section.c
		66	===================================================================
		67	--- git.orig/bfd/section.c
		68	+++ git/bfd/section.c
		69	@@ -738,20 +738,20 @@ CODE_FRAGMENT
		70	. { NULL }, { NULL } \
		71	. }
		72	.
		73	+.{* We use a macro to initialize the static asymbol structures because
		74	+. traditional C does not permit us to initialize a union member while
		75	+. gcc warns if we don't initialize it.
		76	+. the_bfd, name, value, attr, section [, udata] *}
		77	+.#ifdef __STDC__
		78	+.#define GLOBAL_SYM_INIT(NAME, SECTION) \
		79	+. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
		80	+.#else
		81	+.#define GLOBAL_SYM_INIT(NAME, SECTION) \
		82	+. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
		83	+.#endif
		84	+.
		85	*/
		86
		87	-/* We use a macro to initialize the static asymbol structures because
		88	- traditional C does not permit us to initialize a union member while
		89	- gcc warns if we don't initialize it. */
		90	- /* the_bfd, name, value, attr, section [, udata] */
		91	-#ifdef __STDC__
		92	-#define GLOBAL_SYM_INIT(NAME, SECTION) \
		93	- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
		94	-#else
		95	-#define GLOBAL_SYM_INIT(NAME, SECTION) \
		96	- { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
		97	-#endif
		98	-
		99	/* These symbols are global, not specific to any BFD. Therefore, anything
		100	that tries to change them is broken, and should be repaired. */
		101
		102	Index: git/bfd/ChangeLog
		103	===================================================================
		104	--- git.orig/bfd/ChangeLog
		105	+++ git/bfd/ChangeLog
		106	@@ -1,4 +1,12 @@
		107	+
		108	2017-04-23 Alan Modra <amodra@gmail.com>
		109	+ PR 21414
		110	+ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
		111	+ * elf.c (lcomm_sym): New.
		112	+ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
		113	+ * bfd-in2.h: Regenerate.
		114	+
		115	++2017-04-23 Alan Modra <amodra@gmail.com>
		116
		117	PR 21412
		118	* elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change