summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-05 21:57:46 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-06 16:24:02 +0100
commite23d92483830a7e93ba367a282247fee097837d6 (patch)
treec08132474e83c157058bf7cf4c72dca0fd8cb0a3 /meta
parent0112dfc031bae5a15cbfbb29766653d130d64d5a (diff)
downloadpoky-e23d92483830a7e93ba367a282247fee097837d6.tar.gz
binutls: Security fix CVE-2018-7642
Affects <= 2.30 (From OE-Core rev: 8c58ec80990a2c6b8b5e0832b3d5fe2c3f4378ff) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.30.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch51
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 1621e5b422..6b915fa093 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -39,6 +39,7 @@ SRC_URI = "\
39 file://CVE-2018-7643.patch \ 39 file://CVE-2018-7643.patch \
40 file://CVE-2018-6872.patch \ 40 file://CVE-2018-6872.patch \
41 file://CVE-2018-6759.patch \ 41 file://CVE-2018-6759.patch \
42 file://CVE-2018-7642.patch \
42" 43"
43S = "${WORKDIR}/git" 44S = "${WORKDIR}/git"
44 45
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000000..9def46cf56
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
1From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Wed, 28 Feb 2018 22:09:50 +1030
4Subject: [PATCH] PR22887, null pointer dereference in
5 aout_32_swap_std_reloc_out
6
7 PR 22887
8 * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
9
10Upstream-Status: Backport
11Affects: Binutils <= 2.30
12CVE: CVE-2018-7642
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 bfd/ChangeLog | 5 +++++
17 bfd/aoutx.h | 6 ++++--
18 2 files changed, 9 insertions(+), 2 deletions(-)
19
20Index: git/bfd/aoutx.h
21===================================================================
22--- git.orig/bfd/aoutx.h
23+++ git/bfd/aoutx.h
24@@ -2284,10 +2284,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
25 if (r_baserel)
26 r_extern = 1;
27
28- if (r_extern && r_index > symcount)
29+ if (r_extern && r_index >= symcount)
30 {
31 /* We could arrange to return an error, but it might be useful
32- to see the file even if it is bad. */
33+ to see the file even if it is bad. FIXME: Of course this
34+ means that objdump -r *doesn't* see the actual reloc, and
35+ objcopy silently writes a different reloc. */
36 r_extern = 0;
37 r_index = N_ABS;
38 }
39Index: git/bfd/ChangeLog
40===================================================================
41--- git.orig/bfd/ChangeLog
42+++ git/bfd/ChangeLog
43@@ -1,3 +1,8 @@
44+2018-02-28 Alan Modra <amodra@gmail.com>
45+
46+ PR 22887
47+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
48+
49 2018-02-06 Nick Clifton <nickc@redhat.com>
50
51 PR 22794