1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
new file mode 100644
index 0000000000..3634421923
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
@@ -0,0 +1,89 @@
+commit 7211ae501eb0de1044983f2dfb00091a58fbd66c
+Author: Alan Modra <amodra@gmail.com>
+Date:   Tue Jun 27 09:45:04 2017 +0930
+    More fixes for bfd_get_section_contents change
+    
+        PR binutils/21665
+        * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+        Use unsigned file pointer type, and remove cast.
+        * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+        Add "count", not "sz".
+Upstream-Status: Backport
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/libbfd.c
+===================================================================
+--- git.orig/bfd/libbfd.c       2017-09-21 18:04:47.316362760 +0530
+++ git/bfd/libbfd.c    2017-09-21 18:04:47.300362638 +0530
+@@ -780,7 +780,7 @@
+                                   bfd_size_type count)
+ {
+   bfd_size_type sz;
+-  file_ptr filesz;
+  ufile_ptr filesz;
+   if (count == 0)
+     return TRUE;
+ 
+@@ -803,14 +803,9 @@
+   else
+     sz = section->size;
+   filesz = bfd_get_file_size (abfd);
+-  if (filesz < 0)
+-    {
+-      /* This should never happen.  */
+-      abort ();
+-    }
+   if (offset + count < count
+       || offset + count > sz
+-      || (section->filepos + offset + count) > (bfd_size_type) filesz)
+      || section->filepos + offset + count > filesz)
+     {
+       bfd_set_error (bfd_error_invalid_operation);
+       return FALSE;
+@@ -833,7 +828,7 @@
+ {
+ #ifdef USE_MMAP
+   bfd_size_type sz;
+-  file_ptr filesz;
+  ufile_ptr filesz;
+ 
+   if (count == 0)
+     return TRUE;
+@@ -867,13 +862,8 @@
+   else
+     sz = section->size;
+   filesz = bfd_get_file_size (abfd);
+-  if (filesz < 0)
+-    {
+-      /* This should never happen.  */
+-      abort ();
+-    }
+   if (offset + count > sz
+-      || (section->filepos + offset + sz) > (bfd_size_type) filesz
+      || section->filepos + offset + count > filesz
+       || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
+                                TRUE))
+     return FALSE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-21 18:03:42.955872017 +0530
+++ git/bfd/ChangeLog   2017-09-21 18:06:39.973228125 +0530
+@@ -11,6 +11,14 @@
+        of end pointer.
+        (evax_bfd_print_emh): Check for invalid string lengths.
+ 
+2017-06-27  Alan Modra  <amodra@gmail.com>
+
+       PR binutils/21665
+       * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+       Use unsigned file pointer type, and remove cast.
+       * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+       Add "count", not "sz".
+
+ 2017-06-26  Pedro Alves  <palves@redhat.com>
+ 
+        PR binutils/21665

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch new file mode 100644 index 0000000000..3634421923 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
@@ -0,0 +1,89 @@
	1	commit 7211ae501eb0de1044983f2dfb00091a58fbd66c
	2	Author: Alan Modra <amodra@gmail.com>
	3	Date: Tue Jun 27 09:45:04 2017 +0930
	4
	5	More fixes for bfd_get_section_contents change
	6
	7	PR binutils/21665
	8	* libbfd.c (_bfd_generic_get_section_contents): Delete abort.
	9	Use unsigned file pointer type, and remove cast.
	10	* libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
	11	Add "count", not "sz".
	12
	13	Upstream-Status: Backport
	14
	15	CVE: CVE-2017-9955
	16	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	17
	18	Index: git/bfd/libbfd.c
	19	===================================================================
	20	--- git.orig/bfd/libbfd.c 2017-09-21 18:04:47.316362760 +0530
	21	+++ git/bfd/libbfd.c 2017-09-21 18:04:47.300362638 +0530
	22	@@ -780,7 +780,7 @@
	23	bfd_size_type count)
	24	{
	25	bfd_size_type sz;
	26	- file_ptr filesz;
	27	+ ufile_ptr filesz;
	28	if (count == 0)
	29	return TRUE;
	30
	31	@@ -803,14 +803,9 @@
	32	else
	33	sz = section->size;
	34	filesz = bfd_get_file_size (abfd);
	35	- if (filesz < 0)
	36	- {
	37	- /* This should never happen. */
	38	- abort ();
	39	- }
	40	if (offset + count < count
	41	\|\| offset + count > sz
	42	- \|\| (section->filepos + offset + count) > (bfd_size_type) filesz)
	43	+ \|\| section->filepos + offset + count > filesz)
	44	{
	45	bfd_set_error (bfd_error_invalid_operation);
	46	return FALSE;
	47	@@ -833,7 +828,7 @@
	48	{
	49	#ifdef USE_MMAP
	50	bfd_size_type sz;
	51	- file_ptr filesz;
	52	+ ufile_ptr filesz;
	53
	54	if (count == 0)
	55	return TRUE;
	56	@@ -867,13 +862,8 @@
	57	else
	58	sz = section->size;
	59	filesz = bfd_get_file_size (abfd);
	60	- if (filesz < 0)
	61	- {
	62	- /* This should never happen. */
	63	- abort ();
	64	- }
	65	if (offset + count > sz
	66	- \|\| (section->filepos + offset + sz) > (bfd_size_type) filesz
	67	+ \|\| section->filepos + offset + count > filesz
	68	\|\| ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
	69	TRUE))
	70	return FALSE;
	71	Index: git/bfd/ChangeLog
	72	===================================================================
	73	--- git.orig/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
	74	+++ git/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530
	75	@@ -11,6 +11,14 @@
	76	of end pointer.
	77	(evax_bfd_print_emh): Check for invalid string lengths.
	78
	79	+2017-06-27 Alan Modra <amodra@gmail.com>
	80	+
	81	+ PR binutils/21665
	82	+ * libbfd.c (_bfd_generic_get_section_contents): Delete abort.
	83	+ Use unsigned file pointer type, and remove cast.
	84	+ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
	85	+ Add "count", not "sz".
	86	+
	87	2017-06-26 Pedro Alves <palves@redhat.com>
	88
	89	PR binutils/21665