diff options
3 files changed, 163 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 2b35cb154d..961364c81c 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -86,6 +86,8 @@ SRC_URI = "\ | |||
86 | file://CVE-2017-9750.patch \ | 86 | file://CVE-2017-9750.patch \ |
87 | file://CVE-2017-9752.patch \ | 87 | file://CVE-2017-9752.patch \ |
88 | file://CVE-2017-9753_9754.patch \ | 88 | file://CVE-2017-9753_9754.patch \ |
89 | file://CVE-2017-9755_1.patch \ | ||
90 | file://CVE-2017-9755_2.patch \ | ||
89 | " | 91 | " |
90 | S = "${WORKDIR}/git" | 92 | S = "${WORKDIR}/git" |
91 | 93 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch new file mode 100644 index 0000000000..3ad32189b1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_1.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | commit 0d96e4df4812c3bad77c229dfef47a9bc115ac12 | ||
2 | Author: H.J. Lu <hjl.tools@gmail.com> | ||
3 | Date: Thu Jun 15 06:40:17 2017 -0700 | ||
4 | |||
5 | i386-dis: Check valid bnd register | ||
6 | |||
7 | Since there are only 4 bnd registers, return "(bad)" for register | ||
8 | number > 3. | ||
9 | |||
10 | PR binutils/21594 | ||
11 | * i386-dis.c (OP_E_register): Check valid bnd register. | ||
12 | (OP_G): Likewise. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | CVE: CVE-2017-9755 | ||
17 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
18 | |||
19 | Index: git/opcodes/i386-dis.c | ||
20 | =================================================================== | ||
21 | --- git.orig/opcodes/i386-dis.c 2017-09-21 15:38:46.907182525 +0530 | ||
22 | +++ git/opcodes/i386-dis.c 2017-09-21 15:38:54.703174976 +0530 | ||
23 | @@ -15211,6 +15211,11 @@ | ||
24 | names = address_mode == mode_64bit ? names64 : names32; | ||
25 | break; | ||
26 | case bnd_mode: | ||
27 | + if (reg > 0x3) | ||
28 | + { | ||
29 | + oappend ("(bad)"); | ||
30 | + return; | ||
31 | + } | ||
32 | names = names_bnd; | ||
33 | break; | ||
34 | case indir_v_mode: | ||
35 | @@ -15751,6 +15756,11 @@ | ||
36 | oappend (names64[modrm.reg + add]); | ||
37 | break; | ||
38 | case bnd_mode: | ||
39 | + if (modrm.reg > 0x3) | ||
40 | + { | ||
41 | + oappend ("(bad)"); | ||
42 | + return; | ||
43 | + } | ||
44 | oappend (names_bnd[modrm.reg]); | ||
45 | break; | ||
46 | case v_mode: | ||
47 | Index: git/opcodes/ChangeLog | ||
48 | =================================================================== | ||
49 | --- git.orig/opcodes/ChangeLog 2017-09-21 15:38:54.531175122 +0530 | ||
50 | +++ git/opcodes/ChangeLog 2017-09-21 15:45:32.264491166 +0530 | ||
51 | @@ -1,3 +1,9 @@ | ||
52 | +2017-06-15 H.J. Lu <hongjiu.lu@intel.com> | ||
53 | + | ||
54 | + PR binutils/21594 | ||
55 | + * i386-dis.c (OP_E_register): Check valid bnd register. | ||
56 | + (OP_G): Likewise. | ||
57 | + | ||
58 | 2017-06-15 Nick Clifton <nickc@redhat.com> | ||
59 | |||
60 | PR binutils/21586 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch new file mode 100644 index 0000000000..69e1607d8b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755_2.patch | |||
@@ -0,0 +1,101 @@ | |||
1 | commit 8cac017d35ef374e65acc98818a17cf8a652cbd0 | ||
2 | Author: H.J. Lu <hjl.tools@gmail.com> | ||
3 | Date: Thu Jun 15 08:21:48 2017 -0700 | ||
4 | |||
5 | i386-dis: Add 2 tests with invalid bnd register | ||
6 | |||
7 | PR binutils/21594 | ||
8 | * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd | ||
9 | register. | ||
10 | * testsuite/gas/i386/x86-64-mpx.s: Likewise. | ||
11 | * testsuite/gas/i386/mpx.d: Updated. | ||
12 | * testsuite/gas/i386/x86-64-mpx.d: Likewise. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | CVE: CVE-2017-9755 | ||
17 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
18 | |||
19 | Index: git/gas/testsuite/gas/i386/mpx.d | ||
20 | =================================================================== | ||
21 | --- git.orig/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.640640603 +0530 | ||
22 | +++ git/gas/testsuite/gas/i386/mpx.d 2017-09-21 15:45:57.616640460 +0530 | ||
23 | @@ -130,4 +130,8 @@ | ||
24 | |||
25 | [a-f0-9]+ <foo>: | ||
26 | [ ]*[a-f0-9]+: f2 c3 bnd ret | ||
27 | + | ||
28 | +[a-f0-9]+ <bad>: | ||
29 | +[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%eax\),\(bad\) | ||
30 | +[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0 | ||
31 | #pass | ||
32 | Index: git/gas/testsuite/gas/i386/mpx.s | ||
33 | =================================================================== | ||
34 | --- git.orig/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.640640603 +0530 | ||
35 | +++ git/gas/testsuite/gas/i386/mpx.s 2017-09-21 15:45:57.616640460 +0530 | ||
36 | @@ -157,3 +157,15 @@ | ||
37 | bnd ret | ||
38 | |||
39 | foo: bnd ret | ||
40 | + | ||
41 | +bad: | ||
42 | + # bndldx (%eax),(bad) | ||
43 | + .byte 0x0f | ||
44 | + .byte 0x1a | ||
45 | + .byte 0x30 | ||
46 | + | ||
47 | + # bndmov (bad),%bnd0 | ||
48 | + .byte 0x66 | ||
49 | + .byte 0x0f | ||
50 | + .byte 0x1a | ||
51 | + .byte 0xc4 | ||
52 | Index: git/gas/testsuite/gas/i386/x86-64-mpx.d | ||
53 | =================================================================== | ||
54 | --- git.orig/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.640640603 +0530 | ||
55 | +++ git/gas/testsuite/gas/i386/x86-64-mpx.d 2017-09-21 15:45:57.616640460 +0530 | ||
56 | @@ -182,4 +182,8 @@ | ||
57 | |||
58 | [a-f0-9]+ <foo>: | ||
59 | [ ]*[a-f0-9]+: f2 c3 bnd retq | ||
60 | + | ||
61 | +[a-f0-9]+ <bad>: | ||
62 | +[ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\) | ||
63 | +[ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0 | ||
64 | #pass | ||
65 | Index: git/gas/testsuite/gas/i386/x86-64-mpx.s | ||
66 | =================================================================== | ||
67 | --- git.orig/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.640640603 +0530 | ||
68 | +++ git/gas/testsuite/gas/i386/x86-64-mpx.s 2017-09-21 15:45:57.616640460 +0530 | ||
69 | @@ -209,3 +209,15 @@ | ||
70 | bnd ret | ||
71 | |||
72 | foo: bnd ret | ||
73 | + | ||
74 | +bad: | ||
75 | + # bndldx (%eax),(bad) | ||
76 | + .byte 0x0f | ||
77 | + .byte 0x1a | ||
78 | + .byte 0x30 | ||
79 | + | ||
80 | + # bndmov (bad),%bnd0 | ||
81 | + .byte 0x66 | ||
82 | + .byte 0x0f | ||
83 | + .byte 0x1a | ||
84 | + .byte 0xc4 | ||
85 | Index: git/gas/ChangeLog | ||
86 | =================================================================== | ||
87 | --- git.orig/gas/ChangeLog 2017-09-21 15:38:53.143176323 +0530 | ||
88 | +++ git/gas/ChangeLog 2017-09-21 15:48:07.134368927 +0530 | ||
89 | @@ -1,3 +1,12 @@ | ||
90 | +2017-06-15 H.J. Lu <hongjiu.lu@intel.com> | ||
91 | + | ||
92 | + PR binutils/21594 | ||
93 | + * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd | ||
94 | + register. | ||
95 | + * testsuite/gas/i386/x86-64-mpx.s: Likewise. | ||
96 | + * testsuite/gas/i386/mpx.d: Updated. | ||
97 | + * testsuite/gas/i386/x86-64-mpx.d: Likewise. | ||
98 | + | ||
99 | 2016-12-01 Nick Clifton <nickc@redhat.com> | ||
100 | |||
101 | PR gas/20898 | ||