1 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 0000000000..42793e133b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Apr 26 13:07:49 2017 +0100
+    Fix seg-fault attempting to compress a debug section in a corrupt binary.
+    
+        PR binutils/21431
+        * compress.c (bfd_init_section_compress_status): Check the return
+        value from bfd_malloc.
+Upstream-Status: Backport
+CVE: CVE-2017-8395
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c     2017-09-04 17:55:00.546577566 +0530
+++ git/bfd/compress.c  2017-09-04 17:55:10.770664577 +0530
+@@ -534,7 +534,6 @@
+ {
+   bfd_size_type uncompressed_size;
+   bfd_byte *uncompressed_buffer;
+-  bfd_boolean ret;
+ 
+   /* Error if not opened for read.  */
+   if (abfd->direction != read_direction
+@@ -550,18 +549,18 @@
+   /* Read in the full section contents and compress it.  */
+   uncompressed_size = sec->size;
+   uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
+  /* PR 21431 */
+  if (uncompressed_buffer == NULL)
+    return FALSE;
+
+   if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+                                 0, uncompressed_size))
+-    ret = FALSE;
+-  else
+-    {
+-      uncompressed_size = bfd_compress_section_contents (abfd, sec,
+-                                                        uncompressed_buffer,
+-                                                        uncompressed_size);
+-      ret = uncompressed_size != 0;
+-    }
+    return FALSE;
+ 
+-  return ret;
+  uncompressed_size = bfd_compress_section_contents (abfd, sec,
+                                                    uncompressed_buffer,
+                                                    uncompressed_size);
+  return uncompressed_size != 0;
+ }
+ 
+ /*
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-04 17:55:10.714664101 +0530
+++ git/bfd/ChangeLog   2017-09-04 17:56:40.991431847 +0530
+@@ -73,6 +73,12 @@
+        (evax_bfd_print_egsd): Check for an overlarge record length.
+        (evax_bfd_print_etir): Likewise.
+ 
+2017-04-26  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21431
+       * compress.c (bfd_init_section_compress_status): Check the return
+       value from bfd_malloc.
+
+ 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
+ 
+        * readelf.c (process_mips_specific): Remove error reporting from

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch new file mode 100644 index 0000000000..42793e133b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
	1	commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
	2	Author: Nick Clifton <nickc@redhat.com>
	3	Date: Wed Apr 26 13:07:49 2017 +0100
	4
	5	Fix seg-fault attempting to compress a debug section in a corrupt binary.
	6
	7	PR binutils/21431
	8	* compress.c (bfd_init_section_compress_status): Check the return
	9	value from bfd_malloc.
	10
	11	Upstream-Status: Backport
	12
	13	CVE: CVE-2017-8395
	14	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	15
	16	Index: git/bfd/compress.c
	17	===================================================================
	18	--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530
	19	+++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530
	20	@@ -534,7 +534,6 @@
	21	{
	22	bfd_size_type uncompressed_size;
	23	bfd_byte *uncompressed_buffer;
	24	- bfd_boolean ret;
	25
	26	/* Error if not opened for read. */
	27	if (abfd->direction != read_direction
	28	@@ -550,18 +549,18 @@
	29	/* Read in the full section contents and compress it. */
	30	uncompressed_size = sec->size;
	31	uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
	32	+ /* PR 21431 */
	33	+ if (uncompressed_buffer == NULL)
	34	+ return FALSE;
	35	+
	36	if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
	37	0, uncompressed_size))
	38	- ret = FALSE;
	39	- else
	40	- {
	41	- uncompressed_size = bfd_compress_section_contents (abfd, sec,
	42	- uncompressed_buffer,
	43	- uncompressed_size);
	44	- ret = uncompressed_size != 0;
	45	- }
	46	+ return FALSE;
	47
	48	- return ret;
	49	+ uncompressed_size = bfd_compress_section_contents (abfd, sec,
	50	+ uncompressed_buffer,
	51	+ uncompressed_size);
	52	+ return uncompressed_size != 0;
	53	}
	54
	55	/*
	56	Index: git/bfd/ChangeLog
	57	===================================================================
	58	--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530
	59	+++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530
	60	@@ -73,6 +73,12 @@
	61	(evax_bfd_print_egsd): Check for an overlarge record length.
	62	(evax_bfd_print_etir): Likewise.
	63
	64	+2017-04-26 Nick Clifton <nickc@redhat.com>
	65	+
	66	+ PR binutils/21431
	67	+ * compress.c (bfd_init_section_compress_status): Check the return
	68	+ value from bfd_malloc.
	69	+
	70	2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
	71
	72	* readelf.c (process_mips_specific): Remove error reporting from