1 files changed, 102 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
new file mode 100644
index 0000000000..ec3308b4f4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
@@ -0,0 +1,102 @@
+Upstream-Status: Backport
+CVE-2014-8485 fix.
+[YOCTO #7084]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 12:43:16 +0000
+Subject: [PATCH] This patch closes a potential security hole in applications
+ that use the bfd library to parse binaries containing maliciously corrupt
+ section group headers.
+        PR binutils/17510
+        * elf.c (setup_group): Improve handling of corrupt group
+        sections.
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/elf.c     | 34 ++++++++++++++++++++++++++++++----
+ 2 files changed, 36 insertions(+), 4 deletions(-)
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
+++ binutils-2.24/bfd/elf.c
+@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+                  if (shdr->contents == NULL)
+                    {
+                      _bfd_error_handler
+-                       (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+                       (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+                      bfd_set_error (bfd_error_bad_value);
+-                     return FALSE;
+                     -- num_group;
+                     continue;
+                    }
+ 
+                  memset (shdr->contents, 0, amt);
+@@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+                  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+                      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+                          != shdr->sh_size))
+-                   return FALSE;
+                   {
+                     _bfd_error_handler
+                       (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+                     bfd_set_error (bfd_error_bad_value);
+                     -- num_group;
+                     /* PR 17510: If the group contents are even partially
+                        corrupt, do not allow any of the contents to be used.  */
+                     memset (shdr->contents, 0, amt);
+                     continue;
+                   }
+ 
+                  /* Translate raw contents, a flag word followed by an
+                     array of elf section indices all in target byte order,
+@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+                    }
+                }
+            }
+
+         /* PR 17510: Corrupt binaries might contain invalid groups.  */
+         if (num_group != (unsigned) elf_tdata (abfd)->num_group)
+           {
+             elf_tdata (abfd)->num_group = num_group;
+
+             /* If all groups are invalid then fail.  */
+             if (num_group == 0)
+               {
+                 elf_tdata (abfd)->group_sect_ptr = NULL;
+                 elf_tdata (abfd)->num_group = num_group = -1;
+                 (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
+                 bfd_set_error (bfd_error_bad_value);
+               }
+           }
+        }
+     }
+ 
+@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+     {
+       (*_bfd_error_handler) (_("%B: no group info for section %A"),
+                             abfd, newsect);
+      return FALSE;
+     }
+   return TRUE;
+ }
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
+++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,9 @@
+2014-10-27  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/17510
+       * elf.c (setup_group): Improve handling of corrupt group
+       sections.
+
+ 2014-08-29  Alan Modra  <amodra@gmail.com>
+ 
+        * srec.c (srec_scan): Revert last change.  Report an error for

diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch new file mode 100644 index 0000000000..ec3308b4f4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
@@ -0,0 +1,102 @@
	1	Upstream-Status: Backport
	2
	3	CVE-2014-8485 fix.
	4
	5	[YOCTO #7084]
	6
	7	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	8
	9	From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001
	10	From: Nick Clifton <nickc@redhat.com>
	11	Date: Mon, 27 Oct 2014 12:43:16 +0000
	12	Subject: [PATCH] This patch closes a potential security hole in applications
	13	that use the bfd library to parse binaries containing maliciously corrupt
	14	section group headers.
	15
	16	PR binutils/17510
	17	* elf.c (setup_group): Improve handling of corrupt group
	18	sections.
	19	---
	20	bfd/ChangeLog \| 6 ++++++
	21	bfd/elf.c \| 34 ++++++++++++++++++++++++++++++----
	22	2 files changed, 36 insertions(+), 4 deletions(-)
	23
	24	Index: binutils-2.24/bfd/elf.c
	25	===================================================================
	26	--- binutils-2.24.orig/bfd/elf.c
	27	+++ binutils-2.24/bfd/elf.c
	28	@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd
	29	if (shdr->contents == NULL)
	30	{
	31	_bfd_error_handler
	32	- (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
	33	+ (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
	34	bfd_set_error (bfd_error_bad_value);
	35	- return FALSE;
	36	+ -- num_group;
	37	+ continue;
	38	}
	39
	40	memset (shdr->contents, 0, amt);
	41	@@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd
	42	if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
	43	\|\| (bfd_bread (shdr->contents, shdr->sh_size, abfd)
	44	!= shdr->sh_size))
	45	- return FALSE;
	46	+ {
	47	+ _bfd_error_handler
	48	+ (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
	49	+ bfd_set_error (bfd_error_bad_value);
	50	+ -- num_group;
	51	+ /* PR 17510: If the group contents are even partially
	52	+ corrupt, do not allow any of the contents to be used. */
	53	+ memset (shdr->contents, 0, amt);
	54	+ continue;
	55	+ }
	56
	57	/* Translate raw contents, a flag word followed by an
	58	array of elf section indices all in target byte order,
	59	@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd
	60	}
	61	}
	62	}
	63	+
	64	+ /* PR 17510: Corrupt binaries might contain invalid groups. */
	65	+ if (num_group != (unsigned) elf_tdata (abfd)->num_group)
	66	+ {
	67	+ elf_tdata (abfd)->num_group = num_group;
	68	+
	69	+ /* If all groups are invalid then fail. */
	70	+ if (num_group == 0)
	71	+ {
	72	+ elf_tdata (abfd)->group_sect_ptr = NULL;
	73	+ elf_tdata (abfd)->num_group = num_group = -1;
	74	+ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
	75	+ bfd_set_error (bfd_error_bad_value);
	76	+ }
	77	+ }
	78	}
	79	}
	80
	81	@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd
	82	{
	83	(*_bfd_error_handler) (_("%B: no group info for section %A"),
	84	abfd, newsect);
	85	+ return FALSE;
	86	}
	87	return TRUE;
	88	}
	89	Index: binutils-2.24/bfd/ChangeLog
	90	===================================================================
	91	--- binutils-2.24.orig/bfd/ChangeLog
	92	+++ binutils-2.24/bfd/ChangeLog
	93	@@ -1,3 +1,9 @@
	94	+2014-10-27 Nick Clifton <nickc@redhat.com>
	95	+
	96	+ PR binutils/17510
	97	+ * elf.c (setup_group): Improve handling of corrupt group
	98	+ sections.
	99	+
	100	2014-08-29 Alan Modra <amodra@gmail.com>
	101
	102	* srec.c (srec_scan): Revert last change. Report an error for