2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 06c69b9f66..82b9be774f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
     file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
     file://CVE-2017-12450_12452_12453_12454_12456.patch \
     file://CVE-2017-7223.patch \
+     file://CVE-2017-7224.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
new file mode 100644
index 0000000000..fb9ce90740
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
@@ -0,0 +1,48 @@
+commit e82ab856bb4689330c29fb9f1c57a8555b26380e
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Dec 1 10:49:39 2016 +0000
+    Fix a seg-fault disassembling a corrupt binary.
+    
+        PR binutils/20892
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+Upstream-Status: Backport
+CVE: CVE-2017-7224
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-04 12:54:37.513859864 +0530
+++ git/bfd/ChangeLog   2017-09-04 13:00:22.891753836 +0530
+@@ -120,6 +120,10 @@
+        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+        the end of the string buffer.
+ 
+       PR binutils/20892
+       * aoutx.h (find_nearest_line): Handle the case where the function
+       name is empty.
+
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR ld/17739
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h        2017-09-04 12:54:35.957851411 +0530
+++ git/bfd/aoutx.h     2017-09-04 12:57:50.634902163 +0530
+@@ -2819,6 +2819,13 @@
+       const char *function = func->name;
+       char *colon;
+ 
+      if (buf == NULL)
+       {
+         /* PR binutils/20892: In a corrupt input file func can be empty.  */
+         * functionname_ptr = NULL;
+         return TRUE;
+       }
+
+       /* The caller expects a symbol name.  We actually have a
+         function name, without the leading underscore.  Put the
+         underscore back in, so that the caller gets a symbol name.  */

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 06c69b9f66..82b9be774f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -60,6 +60,7 @@ SRC_URI = "\
60	file://CVE-2017-12450_12452_12453_12454_12456_1.patch \	60	file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
61	file://CVE-2017-12450_12452_12453_12454_12456.patch \	61	file://CVE-2017-12450_12452_12453_12454_12456.patch \
62	file://CVE-2017-7223.patch \	62	file://CVE-2017-7223.patch \
		63	file://CVE-2017-7224.patch \
63	"	64	"
64	S = "${WORKDIR}/git"	65	S = "${WORKDIR}/git"
65		66


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch new file mode 100644 index 0000000000..fb9ce90740 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
@@ -0,0 +1,48 @@
		1	commit e82ab856bb4689330c29fb9f1c57a8555b26380e
		2	Author: Nick Clifton <nickc@redhat.com>
		3	Date: Thu Dec 1 10:49:39 2016 +0000
		4
		5	Fix a seg-fault disassembling a corrupt binary.
		6
		7	PR binutils/20892
		8	* aoutx.h (find_nearest_line): Handle the case where the function
		9	name is empty.
		10
		11	Upstream-Status: Backport
		12
		13	CVE: CVE-2017-7224
		14	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		15
		16	Index: git/bfd/ChangeLog
		17	===================================================================
		18	--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530
		19	+++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530
		20	@@ -120,6 +120,10 @@
		21	* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
		22	the end of the string buffer.
		23
		24	+ PR binutils/20892
		25	+ * aoutx.h (find_nearest_line): Handle the case where the function
		26	+ name is empty.
		27	+
		28	2016-08-02 Nick Clifton <nickc@redhat.com>
		29
		30	PR ld/17739
		31	Index: git/bfd/aoutx.h
		32	===================================================================
		33	--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530
		34	+++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530
		35	@@ -2819,6 +2819,13 @@
		36	const char *function = func->name;
		37	char *colon;
		38
		39	+ if (buf == NULL)
		40	+ {
		41	+ /* PR binutils/20892: In a corrupt input file func can be empty. */
		42	+ * functionname_ptr = NULL;
		43	+ return TRUE;
		44	+ }
		45	+
		46	/* The caller expects a symbol name. We actually have a
		47	function name, without the leading underscore. Put the
		48	underscore back in, so that the caller gets a symbol name. */