gcc: Security fix CVE-2016-4488

(From OE-Core rev: 07820907d25970f2c22497415aa6ff95fe43dc40) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-05-05 15:12:58 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-17 20:56:25 +0100
commit: e3bf77e3817232127d7dfdaffe163187c6e8998b (patch)
tree: f52a2c94b6e0a86f97b8110216e23f7373080ed1 /meta
parent: 44585dd62a443a491b36b36221f4d63b51d2b68e (diff)
download: poky-e3bf77e3817232127d7dfdaffe163187c6e8998b.tar.gz
2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-5.2.inc b/meta/recipes-devtools/gcc/gcc-5.2.inc
index a6b385ac65..2d9ba6d5cd 100644
--- a/meta/recipes-devtools/gcc/gcc-5.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-5.2.inc
@@ -74,6 +74,7 @@ SRC_URI = "\
           file://0040-nativesdk-gcc-support.patch \
           file://0041-handle-target-sysroot-multilib.patch \
           file://0042-cxxflags-for-build.patch \
+           file://CVE-2016-4488.patch \
          "
 BACKPORTS = ""
diff --git a/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch
new file mode 100644
index 0000000000..02ef8dd8d0
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch
@@ -0,0 +1,70 @@
+From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001
+From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 31 Mar 2016 17:20:53 +0000
+Subject: [PATCH]        * cplus-dem.c (squangle_mop_up): Zero bsize/ksize
+ after freeing  btypevec/ktypevec.      * testsuite/demangle-expected: Add
+ coverage tests.
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4
+Upstream-Status: Backport
+CVE: CVE-2016-4488
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ libiberty/ChangeLog                   |  7 +++++++
+ libiberty/cplus-dem.c                 |  2 ++
+ libiberty/testsuite/demangle-expected | 10 ++++++++++
+ 3 files changed, 19 insertions(+)
+Index: gcc-5.2.0/libiberty/cplus-dem.c
+===================================================================
+--- gcc-5.2.0.orig/libiberty/cplus-dem.c
+++ gcc-5.2.0/libiberty/cplus-dem.c
+@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work
+     {
+       free ((char *) work -> btypevec);
+       work->btypevec = NULL;
+      work->bsize = 0;
+     }
+   if (work -> ktypevec != NULL)
+     {
+       free ((char *) work -> ktypevec);
+       work->ktypevec = NULL;
+      work->ksize = 0;
+     }
+ }
+ 
+Index: gcc-5.2.0/libiberty/testsuite/demangle-expected
+===================================================================
+--- gcc-5.2.0.orig/libiberty/testsuite/demangle-expected
+++ gcc-5.2.0/libiberty/testsuite/demangle-expected
+@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP
+ --format=gnu-v3
+ _Z1fSsB3fooS_
+ f(std::string[abi:foo], std::string[abi:foo])
+#
+# Tests a use-after-free problem
+
+_Q.__0
+::Q.(void)
+#
+# Tests a use-after-free problem
+
+_Q10-__9cafebabe.
+cafebabe.::-(void)
+Index: gcc-5.2.0/libiberty/ChangeLog
+===================================================================
+--- gcc-5.2.0.orig/libiberty/ChangeLog
+++ gcc-5.2.0/libiberty/ChangeLog
+@@ -1,3 +1,10 @@
+2016-03-31  Mikhail Maltsev  <maltsevm@gmail.com>
+           Marcel Bohme  boehme.marcel@gmail.com
+
+       * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
+       btypevec/ktypevec.
+       * testsuite/demangle-expected: Add coverage tests.
+
+ 2015-07-16  Release Manager
+ 
+        * GCC 5.2.0 released.
author	Armin Kuster <akuster@mvista.com>	2016-05-05 15:12:58 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-17 20:56:25 +0100
commit	e3bf77e3817232127d7dfdaffe163187c6e8998b (patch)
tree	f52a2c94b6e0a86f97b8110216e23f7373080ed1 /meta
parent	44585dd62a443a491b36b36221f4d63b51d2b68e (diff)
download	poky-e3bf77e3817232127d7dfdaffe163187c6e8998b.tar.gz

diff --git a/meta/recipes-devtools/gcc/gcc-5.2.inc b/meta/recipes-devtools/gcc/gcc-5.2.inc index a6b385ac65..2d9ba6d5cd 100644 --- a/meta/recipes-devtools/gcc/gcc-5.2.inc +++ b/meta/recipes-devtools/gcc/gcc-5.2.inc
@@ -74,6 +74,7 @@ SRC_URI = "\
74	file://0040-nativesdk-gcc-support.patch \	74	file://0040-nativesdk-gcc-support.patch \
75	file://0041-handle-target-sysroot-multilib.patch \	75	file://0041-handle-target-sysroot-multilib.patch \
76	file://0042-cxxflags-for-build.patch \	76	file://0042-cxxflags-for-build.patch \
		77	file://CVE-2016-4488.patch \
77	"	78	"
78		79
79	BACKPORTS = ""	80	BACKPORTS = ""


diff --git a/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch new file mode 100644 index 0000000000..02ef8dd8d0 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-5.2/CVE-2016-4488.patch
@@ -0,0 +1,70 @@
		1	From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001
		2	From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
		3	Date: Thu, 31 Mar 2016 17:20:53 +0000
		4	Subject: [PATCH] * cplus-dem.c (squangle_mop_up): Zero bsize/ksize
		5	after freeing btypevec/ktypevec. * testsuite/demangle-expected: Add
		6	coverage tests.
		7
		8	git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4
		9
		10	Upstream-Status: Backport
		11	CVE: CVE-2016-4488
		12	Signed-off-by: Armin Kuster <akuster@mvista.com>
		13
		14	---
		15	libiberty/ChangeLog \| 7 +++++++
		16	libiberty/cplus-dem.c \| 2 ++
		17	libiberty/testsuite/demangle-expected \| 10 ++++++++++
		18	3 files changed, 19 insertions(+)
		19
		20	Index: gcc-5.2.0/libiberty/cplus-dem.c
		21	===================================================================
		22	--- gcc-5.2.0.orig/libiberty/cplus-dem.c
		23	+++ gcc-5.2.0/libiberty/cplus-dem.c
		24	@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work
		25	{
		26	free ((char *) work -> btypevec);
		27	work->btypevec = NULL;
		28	+ work->bsize = 0;
		29	}
		30	if (work -> ktypevec != NULL)
		31	{
		32	free ((char *) work -> ktypevec);
		33	work->ktypevec = NULL;
		34	+ work->ksize = 0;
		35	}
		36	}
		37
		38	Index: gcc-5.2.0/libiberty/testsuite/demangle-expected
		39	===================================================================
		40	--- gcc-5.2.0.orig/libiberty/testsuite/demangle-expected
		41	+++ gcc-5.2.0/libiberty/testsuite/demangle-expected
		42	@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP
		43	--format=gnu-v3
		44	_Z1fSsB3fooS_
		45	f(std::string[abi:foo], std::string[abi:foo])
		46	+#
		47	+# Tests a use-after-free problem
		48	+
		49	+_Q.__0
		50	+::Q.(void)
		51	+#
		52	+# Tests a use-after-free problem
		53	+
		54	+_Q10-__9cafebabe.
		55	+cafebabe.::-(void)
		56	Index: gcc-5.2.0/libiberty/ChangeLog
		57	===================================================================
		58	--- gcc-5.2.0.orig/libiberty/ChangeLog
		59	+++ gcc-5.2.0/libiberty/ChangeLog
		60	@@ -1,3 +1,10 @@
		61	+2016-03-31 Mikhail Maltsev <maltsevm@gmail.com>
		62	+ Marcel Bohme boehme.marcel@gmail.com
		63	+
		64	+ * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
		65	+ btypevec/ktypevec.
		66	+ * testsuite/demangle-expected: Add coverage tests.
		67	+
		68	2015-07-16 Release Manager
		69
		70	* GCC 5.2.0 released.