1 files changed, 0 insertions, 119 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch
deleted file mode 100644
index bcb1310f16..0000000000
--- a/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 8abac8031ed369a2734b1cdb7df28a39a54b4b49 Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Wed, 20 Feb 2019 08:21:24 +1030
-Subject: [PATCH] PR24236, Heap buffer overflow in
- _bfd_archive_64_bit_slurp_armap
-        PR 24236
-        * archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
-        sentinel NUL to string buffer nearer to loop where it is used.
-        Don't go past sentinel when scanning strings, and don't write
-        NUL again.
-        * archive.c (do_slurp_coff_armap): Simplify string handling to
-        archive64.c style.
-Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/8abac8031ed369a2734b1cdb7df28a39a54b4b49]
-CVE: CVE-2019-9075
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> 
---
- bfd/ChangeLog   | 10 ++++++++++
- bfd/archive.c   | 17 +++++++----------
- bfd/archive64.c | 10 +++++-----
- 3 files changed, 22 insertions(+), 15 deletions(-)
-diff --git a/bfd/ChangeLog b/bfd/ChangeLog
-index 72c87c7..e39bb12 100644
--- a/bfd/ChangeLog
-+++ b/bfd/ChangeLog
-@@ -1,3 +1,13 @@
-+2019-02-20  Alan Modra  <amodra@gmail.com>
-+
-+       PR 24236
-+       * archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
-+       sentinel NUL to string buffer nearer to loop where it is used.
-+       Don't go past sentinel when scanning strings, and don't write
-+       NUL again.
-+       * archive.c (do_slurp_coff_armap): Simplify string handling to
-+       archive64.c style.
-+
- 2019-02-19  Alan Modra  <amodra@gmail.com>
- 
-        PR 24235
-diff --git a/bfd/archive.c b/bfd/archive.c
-index d2d9b72..68a92a3 100644
--- a/bfd/archive.c
-+++ b/bfd/archive.c
-@@ -1012,6 +1012,7 @@ do_slurp_coff_armap (bfd *abfd)
-   int *raw_armap, *rawptr;
-   struct artdata *ardata = bfd_ardata (abfd);
-   char *stringbase;
-+  char *stringend;
-   bfd_size_type stringsize;
-   bfd_size_type parsed_size;
-   carsym *carsyms;
-@@ -1071,22 +1072,18 @@ do_slurp_coff_armap (bfd *abfd)
-     }
- 
-   /* OK, build the carsyms.  */
-  for (i = 0; i < nsymz && stringsize > 0; i++)
-+  stringend = stringbase + stringsize;
-+  *stringend = 0;
-+  for (i = 0; i < nsymz; i++)
-     {
-      bfd_size_type len;
-
-       rawptr = raw_armap + i;
-       carsyms->file_offset = swap ((bfd_byte *) rawptr);
-       carsyms->name = stringbase;
-      /* PR 17512: file: 4a1d50c1.  */
-      len = strnlen (stringbase, stringsize);
-      if (len < stringsize)
-       len ++;
-      stringbase += len;
-      stringsize -= len;
-+      stringbase += strlen (stringbase);
-+      if (stringbase != stringend)
-+       ++stringbase;
-       carsyms++;
-     }
-  *stringbase = 0;
- 
-   ardata->symdef_count = nsymz;
-   ardata->first_file_filepos = bfd_tell (abfd);
-diff --git a/bfd/archive64.c b/bfd/archive64.c
-index 312bf82..42f6ed9 100644
--- a/bfd/archive64.c
-+++ b/bfd/archive64.c
-@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
-     return FALSE;
-   carsyms = ardata->symdefs;
-   stringbase = ((char *) ardata->symdefs) + carsym_size;
-  stringbase[stringsize] = 0;
-  stringend = stringbase + stringsize;
- 
-   raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
-   if (raw_armap == NULL)
-@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
-       goto release_raw_armap;
-     }
- 
-+  stringend = stringbase + stringsize;
-+  *stringend = 0;
-   for (i = 0; i < nsymz; i++)
-     {
-       carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
-       carsyms->name = stringbase;
-      if (stringbase < stringend)
-       stringbase += strlen (stringbase) + 1;
-+      stringbase += strlen (stringbase);
-+      if (stringbase != stringend)
-+       ++stringbase;
-       ++carsyms;
-     }
-  *stringbase = '\0';
- 
-   ardata->symdef_count = nsymz;
-   ardata->first_file_filepos = bfd_tell (abfd);
-- 
-2.7.4

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch deleted file mode 100644 index bcb1310f16..0000000000 --- a/meta/recipes-devtools/binutils/binutils/CVE-2019-9075.patch +++ /dev/null
@@ -1,119 +0,0 @@
1	From 8abac8031ed369a2734b1cdb7df28a39a54b4b49 Mon Sep 17 00:00:00 2001
2	From: Alan Modra <amodra@gmail.com>
3	Date: Wed, 20 Feb 2019 08:21:24 +1030
4	Subject: [PATCH] PR24236, Heap buffer overflow in
5	_bfd_archive_64_bit_slurp_armap
6
7	PR 24236
8	* archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
9	sentinel NUL to string buffer nearer to loop where it is used.
10	Don't go past sentinel when scanning strings, and don't write
11	NUL again.
12	* archive.c (do_slurp_coff_armap): Simplify string handling to
13	archive64.c style.
14
15	Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/8abac8031ed369a2734b1cdb7df28a39a54b4b49]
16	CVE: CVE-2019-9075
17	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
18	---
19	bfd/ChangeLog \| 10 ++++++++++
20	bfd/archive.c \| 17 +++++++----------
21	bfd/archive64.c \| 10 +++++-----
22	3 files changed, 22 insertions(+), 15 deletions(-)
23
24	diff --git a/bfd/ChangeLog b/bfd/ChangeLog
25	index 72c87c7..e39bb12 100644
26	--- a/bfd/ChangeLog
27	+++ b/bfd/ChangeLog
28	@@ -1,3 +1,13 @@
29	+2019-02-20 Alan Modra <amodra@gmail.com>
30	+
31	+ PR 24236
32	+ * archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
33	+ sentinel NUL to string buffer nearer to loop where it is used.
34	+ Don't go past sentinel when scanning strings, and don't write
35	+ NUL again.
36	+ * archive.c (do_slurp_coff_armap): Simplify string handling to
37	+ archive64.c style.
38	+
39	2019-02-19 Alan Modra <amodra@gmail.com>
40
41	PR 24235
42	diff --git a/bfd/archive.c b/bfd/archive.c
43	index d2d9b72..68a92a3 100644
44	--- a/bfd/archive.c
45	+++ b/bfd/archive.c
46	@@ -1012,6 +1012,7 @@ do_slurp_coff_armap (bfd *abfd)
47	int raw_armap, rawptr;
48	struct artdata *ardata = bfd_ardata (abfd);
49	char *stringbase;
50	+ char *stringend;
51	bfd_size_type stringsize;
52	bfd_size_type parsed_size;
53	carsym *carsyms;
54	@@ -1071,22 +1072,18 @@ do_slurp_coff_armap (bfd *abfd)
55	}
56
57	/* OK, build the carsyms. */
58	- for (i = 0; i < nsymz && stringsize > 0; i++)
59	+ stringend = stringbase + stringsize;
60	+ *stringend = 0;
61	+ for (i = 0; i < nsymz; i++)
62	{
63	- bfd_size_type len;
64	-
65	rawptr = raw_armap + i;
66	carsyms->file_offset = swap ((bfd_byte *) rawptr);
67	carsyms->name = stringbase;
68	- /* PR 17512: file: 4a1d50c1. */
69	- len = strnlen (stringbase, stringsize);
70	- if (len < stringsize)
71	- len ++;
72	- stringbase += len;
73	- stringsize -= len;
74	+ stringbase += strlen (stringbase);
75	+ if (stringbase != stringend)
76	+ ++stringbase;
77	carsyms++;
78	}
79	- *stringbase = 0;
80
81	ardata->symdef_count = nsymz;
82	ardata->first_file_filepos = bfd_tell (abfd);
83	diff --git a/bfd/archive64.c b/bfd/archive64.c
84	index 312bf82..42f6ed9 100644
85	--- a/bfd/archive64.c
86	+++ b/bfd/archive64.c
87	@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
88	return FALSE;
89	carsyms = ardata->symdefs;
90	stringbase = ((char *) ardata->symdefs) + carsym_size;
91	- stringbase[stringsize] = 0;
92	- stringend = stringbase + stringsize;
93
94	raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
95	if (raw_armap == NULL)
96	@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
97	goto release_raw_armap;
98	}
99
100	+ stringend = stringbase + stringsize;
101	+ *stringend = 0;
102	for (i = 0; i < nsymz; i++)
103	{
104	carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
105	carsyms->name = stringbase;
106	- if (stringbase < stringend)
107	- stringbase += strlen (stringbase) + 1;
108	+ stringbase += strlen (stringbase);
109	+ if (stringbase != stringend)
110	+ ++stringbase;
111	++carsyms;
112	}
113	- *stringbase = '\0';
114
115	ardata->symdef_count = nsymz;
116	ardata->first_file_filepos = bfd_tell (abfd);
117	--
118	2.7.4
119