2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 936cdc3c98..b60aa8a69d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -65,6 +65,7 @@ SRC_URI = "\
     file://CVE-2017-7227.patch \
     file://CVE-2017-7301.patch \
     file://CVE-2017-7302.patch \
+     file://CVE-2017-7303.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
new file mode 100644
index 0000000000..59a3b17461
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
@@ -0,0 +1,55 @@
+commit a55c9876bb111fd301b4762cf501de0040b8f9db
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 13:35:50 2016 +0000
+    Fix seg-fault attempting to strip a corrupt binary.
+    
+        PR binutils/20922
+        * elf.c (find_link): Check for null headers before attempting to
+        match them.
+Upstream-Status: Backport
+CVE: CVE-2017-7303
+Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-04 16:06:08.996688391 +0530
+++ git/bfd/ChangeLog   2017-09-04 16:09:26.810320541 +0530
+@@ -124,6 +124,10 @@
+        (aout_link_add_symbols): Fix off by one error checking for
+        overflow of string offset.
+ 
+       PR binutils/20922
+       * elf.c (find_link): Check for null headers before attempting to
+       match them.
+
+        PR binutils/20921
+        * aoutx.h (squirt_out_relocs): Check for and report any relocs
+        that could not be recognised.
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c  2017-09-04 16:05:55.612577527 +0530
+++ git/bfd/elf.c       2017-09-04 16:08:35.709900050 +0530
+@@ -1249,13 +1249,19 @@
+   Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
+   unsigned int i;
+ 
+-  if (section_match (oheaders[hint], iheader))
+  BFD_ASSERT (iheader != NULL);
+
+  /* See PR 20922 for a reproducer of the NULL test.  */
+  if (oheaders[hint] != NULL
+      && section_match (oheaders[hint], iheader))
+     return hint;
+ 
+   for (i = 1; i < elf_numsections (obfd); i++)
+     {
+       Elf_Internal_Shdr * oheader = oheaders[i];
+ 
+      if (oheader == NULL)
+       continue;
+       if (section_match (oheader, iheader))
+        /* FIXME: Do we care if there is a potential for
+           multiple matches ?  */

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 936cdc3c98..b60aa8a69d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -65,6 +65,7 @@ SRC_URI = "\
65	file://CVE-2017-7227.patch \	65	file://CVE-2017-7227.patch \
66	file://CVE-2017-7301.patch \	66	file://CVE-2017-7301.patch \
67	file://CVE-2017-7302.patch \	67	file://CVE-2017-7302.patch \
		68	file://CVE-2017-7303.patch \
68	"	69	"
69	S = "${WORKDIR}/git"	70	S = "${WORKDIR}/git"
70		71


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch new file mode 100644 index 0000000000..59a3b17461 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7303.patch
@@ -0,0 +1,55 @@
		1	commit a55c9876bb111fd301b4762cf501de0040b8f9db
		2	Author: Nick Clifton <nickc@redhat.com>
		3	Date: Mon Dec 5 13:35:50 2016 +0000
		4
		5	Fix seg-fault attempting to strip a corrupt binary.
		6
		7	PR binutils/20922
		8	* elf.c (find_link): Check for null headers before attempting to
		9	match them.
		10
		11	Upstream-Status: Backport
		12
		13	CVE: CVE-2017-7303
		14	Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>
		15
		16	Index: git/bfd/ChangeLog
		17	===================================================================
		18	--- git.orig/bfd/ChangeLog 2017-09-04 16:06:08.996688391 +0530
		19	+++ git/bfd/ChangeLog 2017-09-04 16:09:26.810320541 +0530
		20	@@ -124,6 +124,10 @@
		21	(aout_link_add_symbols): Fix off by one error checking for
		22	overflow of string offset.
		23
		24	+ PR binutils/20922
		25	+ * elf.c (find_link): Check for null headers before attempting to
		26	+ match them.
		27	+
		28	PR binutils/20921
		29	* aoutx.h (squirt_out_relocs): Check for and report any relocs
		30	that could not be recognised.
		31	Index: git/bfd/elf.c
		32	===================================================================
		33	--- git.orig/bfd/elf.c 2017-09-04 16:05:55.612577527 +0530
		34	+++ git/bfd/elf.c 2017-09-04 16:08:35.709900050 +0530
		35	@@ -1249,13 +1249,19 @@
		36	Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
		37	unsigned int i;
		38
		39	- if (section_match (oheaders[hint], iheader))
		40	+ BFD_ASSERT (iheader != NULL);
		41	+
		42	+ /* See PR 20922 for a reproducer of the NULL test. */
		43	+ if (oheaders[hint] != NULL
		44	+ && section_match (oheaders[hint], iheader))
		45	return hint;
		46
		47	for (i = 1; i < elf_numsections (obfd); i++)
		48	{
		49	Elf_Internal_Shdr * oheader = oheaders[i];
		50
		51	+ if (oheader == NULL)
		52	+ continue;
		53	if (section_match (oheader, iheader))
		54	/* FIXME: Do we care if there is a potential for
		55	multiple matches ? */