1 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch
new file mode 100644
index 0000000000..01a4fb1562
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch
@@ -0,0 +1,51 @@
+From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 20 Jan 2019 23:05:56 +0100
+Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read.
+When reading the dyn data from the core file check if we got everything,
+or just part of the data.
+https://sourceware.org/bugzilla/show_bug.cgi?id=24103
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Upstream-Status: Backport
+CVE: CVE-2019-7150
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ libdwfl/ChangeLog                    | 5 +++++
+ libdwfl/dwfl_segment_report_module.c | 6 ++++++
+ 2 files changed, 11 insertions(+)
+Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+===================================================================
+--- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c
+++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c
+@@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl,
+   if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0
+       && ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz))
+     {
+      /* dyn_data_size will be zero if we got everything from the initial
+         buffer, otherwise it will be the size of the new buffer that
+         could be read.  */
+      if (dyn_data_size != 0)
+       dyn_filesz = dyn_data_size;
+
+       void *dyns = malloc (dyn_filesz);
+       Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns;
+       Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns;
+Index: elfutils-0.175/libdwfl/ChangeLog
+===================================================================
+--- elfutils-0.175.orig/libdwfl/ChangeLog
+++ elfutils-0.175/libdwfl/ChangeLog
+@@ -1,3 +1,8 @@
+2019-01-20  Mark Wielaard  <mark@klomp.org>
+
+       * dwfl_segment_report_module.c (dwfl_segment_report_module): Check
+       dyn_filesz vs dyn_data_size after read_portion call.
+
+ 2018-10-20  Mark Wielaard  <mark@klomp.org>
+ 
+        * libdwflP.h (__libdw_open_elf): New internal function declaration.

diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch new file mode 100644 index 0000000000..01a4fb1562 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7150.patch
@@ -0,0 +1,51 @@
	1	From da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 Mon Sep 17 00:00:00 2001
	2	From: Mark Wielaard <mark@klomp.org>
	3	Date: Sun, 20 Jan 2019 23:05:56 +0100
	4	Subject: [PATCH] libdwfl: Sanity check partial core file dyn data read.
	5
	6	When reading the dyn data from the core file check if we got everything,
	7	or just part of the data.
	8
	9	https://sourceware.org/bugzilla/show_bug.cgi?id=24103
	10
	11	Signed-off-by: Mark Wielaard <mark@klomp.org>
	12
	13	Upstream-Status: Backport
	14	CVE: CVE-2019-7150
	15	Signed-off-by: Armin Kuster <akuster@mvista.com>
	16
	17	---
	18	libdwfl/ChangeLog \| 5 +++++
	19	libdwfl/dwfl_segment_report_module.c \| 6 ++++++
	20	2 files changed, 11 insertions(+)
	21
	22	Index: elfutils-0.175/libdwfl/dwfl_segment_report_module.c
	23	===================================================================
	24	--- elfutils-0.175.orig/libdwfl/dwfl_segment_report_module.c
	25	+++ elfutils-0.175/libdwfl/dwfl_segment_report_module.c
	26	@@ -783,6 +783,12 @@ dwfl_segment_report_module (Dwfl *dwfl,
	27	if (dyn_filesz != 0 && dyn_filesz % dyn_entsize == 0
	28	&& ! read_portion (&dyn_data, &dyn_data_size, dyn_vaddr, dyn_filesz))
	29	{
	30	+ /* dyn_data_size will be zero if we got everything from the initial
	31	+ buffer, otherwise it will be the size of the new buffer that
	32	+ could be read. */
	33	+ if (dyn_data_size != 0)
	34	+ dyn_filesz = dyn_data_size;
	35	+
	36	void *dyns = malloc (dyn_filesz);
	37	Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = dyns;
	38	Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = dyns;
	39	Index: elfutils-0.175/libdwfl/ChangeLog
	40	===================================================================
	41	--- elfutils-0.175.orig/libdwfl/ChangeLog
	42	+++ elfutils-0.175/libdwfl/ChangeLog
	43	@@ -1,3 +1,8 @@
	44	+2019-01-20 Mark Wielaard <mark@klomp.org>
	45	+
	46	+ * dwfl_segment_report_module.c (dwfl_segment_report_module): Check
	47	+ dyn_filesz vs dyn_data_size after read_portion call.
	48	+
	49	2018-10-20 Mark Wielaard <mark@klomp.org>
	50
	51	* libdwflP.h (__libdw_open_elf): New internal function declaration.