1 files changed, 97 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
new file mode 100644
index 0000000000..6dae0f6c24
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
@@ -0,0 +1,97 @@
+commit bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Jun 19 14:52:36 2017 +0100
+    Fix address violations when reading corrupt VMS records.
+    
+        PR binutils/21618
+        * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+        length.
+        (evax_bfd_print_eeom): Likewise.
+        (evax_bfd_print_egsd): Check for an overlarge record length.
+        (evax_bfd_print_etir): Likewise.
+Upstream-Status: Backport
+CVE: CVE-2017-12449_12455_12457
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c    2017-08-30 17:08:27.408159234 +0530
+++ git/bfd/vms-alpha.c 2017-08-30 17:12:07.289044702 +0530
+@@ -5567,6 +5567,13 @@
+ 
+   fprintf (file, _("  EMH %u (len=%u): "), subtype, rec_len);
+ 
+  /* PR 21618: Check for invalid lengths.  */
+  if (rec_len < sizeof (* emh))
+    {
+      fprintf (file, _("   Error: The length is less than the length of an EMH record\n"));
+      return;
+    }
+  
+   switch (subtype)
+     {
+     case EMH__C_MHD:
+@@ -5630,6 +5637,14 @@
+   struct vms_eeom *eeom = (struct vms_eeom *)rec;
+ 
+   fprintf (file, _("  EEOM (len=%u):\n"), rec_len);
+
+  /* PR 21618: Check for invalid lengths.  */
+  if (rec_len < sizeof (* eeom))
+    {
+      fprintf (file, _("   Error: The length is less than the length of an EEOM record\n"));
+      return;
+    }
+  
+   fprintf (file, _("   number of cond linkage pairs: %u\n"),
+            (unsigned)bfd_getl32 (eeom->total_lps));
+   fprintf (file, _("   completion code: %u\n"),
+@@ -5718,6 +5733,12 @@
+                n, type, len);
+       n++;
+ 
+      if (off + len > rec_len || off + len < off)
+       {
+         fprintf (file, _("   Error: length larger than remaining space in record\n"));
+         return;
+       }
+
+       switch (type)
+         {
+         case EGSD__C_PSC:
+@@ -5958,6 +5979,12 @@
+       size = bfd_getl16 (etir->size);
+       buf = rec + off + sizeof (struct vms_etir);
+ 
+      if (off + size > rec_len || off + size < off)
+       {
+         fprintf (file, _("   Error: length larger than remaining space in record\n"));
+         return;
+       }
+
+       fprintf (file, _("   (type: %3u, size: 4+%3u): "), type, size - 4);
+       switch (type)
+         {
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-08-30 17:08:43.612213596 +0530
+++ git/bfd/ChangeLog   2017-08-30 17:13:27.217438742 +0530
+@@ -5,6 +5,15 @@
+        correct magic bytes at the start, set the error to wrong format
+        and clear the format selector before returning NULL.
+ 
+ 2017-06-19  Nick Clifton  <nickc@redhat.com>
+ 
+       PR binutils/21618
+       * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+       length.
+       (evax_bfd_print_eeom): Likewise.
+       (evax_bfd_print_egsd): Check for an overlarge record length.
+       (evax_bfd_print_etir): Likewise.
+
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch new file mode 100644 index 0000000000..6dae0f6c24 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12449_12455_12457_1.patch
@@ -0,0 +1,97 @@
	1	commit bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1
	2	Author: Nick Clifton <nickc@redhat.com>
	3	Date: Mon Jun 19 14:52:36 2017 +0100
	4
	5	Fix address violations when reading corrupt VMS records.
	6
	7	PR binutils/21618
	8	* vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
	9	length.
	10	(evax_bfd_print_eeom): Likewise.
	11	(evax_bfd_print_egsd): Check for an overlarge record length.
	12	(evax_bfd_print_etir): Likewise.
	13
	14	Upstream-Status: Backport
	15
	16	CVE: CVE-2017-12449_12455_12457
	17	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	18
	19	Index: git/bfd/vms-alpha.c
	20	===================================================================
	21	--- git.orig/bfd/vms-alpha.c 2017-08-30 17:08:27.408159234 +0530
	22	+++ git/bfd/vms-alpha.c 2017-08-30 17:12:07.289044702 +0530
	23	@@ -5567,6 +5567,13 @@
	24
	25	fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
	26
	27	+ /* PR 21618: Check for invalid lengths. */
	28	+ if (rec_len < sizeof (* emh))
	29	+ {
	30	+ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
	31	+ return;
	32	+ }
	33	+
	34	switch (subtype)
	35	{
	36	case EMH__C_MHD:
	37	@@ -5630,6 +5637,14 @@
	38	struct vms_eeom eeom = (struct vms_eeom )rec;
	39
	40	fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
	41	+
	42	+ /* PR 21618: Check for invalid lengths. */
	43	+ if (rec_len < sizeof (* eeom))
	44	+ {
	45	+ fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
	46	+ return;
	47	+ }
	48	+
	49	fprintf (file, _(" number of cond linkage pairs: %u\n"),
	50	(unsigned)bfd_getl32 (eeom->total_lps));
	51	fprintf (file, _(" completion code: %u\n"),
	52	@@ -5718,6 +5733,12 @@
	53	n, type, len);
	54	n++;
	55
	56	+ if (off + len > rec_len \|\| off + len < off)
	57	+ {
	58	+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
	59	+ return;
	60	+ }
	61	+
	62	switch (type)
	63	{
	64	case EGSD__C_PSC:
	65	@@ -5958,6 +5979,12 @@
	66	size = bfd_getl16 (etir->size);
	67	buf = rec + off + sizeof (struct vms_etir);
	68
	69	+ if (off + size > rec_len \|\| off + size < off)
	70	+ {
	71	+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
	72	+ return;
	73	+ }
	74	+
	75	fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
	76	switch (type)
	77	{
	78	Index: git/bfd/ChangeLog
	79	===================================================================
	80	--- git.orig/bfd/ChangeLog 2017-08-30 17:08:43.612213596 +0530
	81	+++ git/bfd/ChangeLog 2017-08-30 17:13:27.217438742 +0530
	82	@@ -5,6 +5,15 @@
	83	correct magic bytes at the start, set the error to wrong format
	84	and clear the format selector before returning NULL.
	85
	86	+ 2017-06-19 Nick Clifton <nickc@redhat.com>
	87	+
	88	+ PR binutils/21618
	89	+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
	90	+ length.
	91	+ (evax_bfd_print_eeom): Likewise.
	92	+ (evax_bfd_print_egsd): Check for an overlarge record length.
	93	+ (evax_bfd_print_etir): Likewise.
	94	+
	95	2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
	96
	97	* readelf.c (process_mips_specific): Remove error reporting from