1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
new file mode 100644
index 0000000000..e55dc5a054
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
@@ -0,0 +1,65 @@
+From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 16 Jan 2019 12:25:57 +0100
+Subject: [PATCH] CVE: CVE-2019-7664
+Upstream-Status: Backport
+libelf: Correct overflow check in note_xlate.
+We want to make sure the note_len doesn't overflow and becomes shorter
+than the note header. But the namesz and descsz checks got the note header
+size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
+https://sourceware.org/bugzilla/show_bug.cgi?id=24084
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
+---
+ libelf/ChangeLog    | 13 +++++++++++++
+ libelf/note_xlate.h |  4 ++--
+ 2 files changed, 15 insertions(+), 2 deletions(-)
+diff --git a/libelf/ChangeLog b/libelf/ChangeLog
+index 68c4fbd..892e6e7 100644
+--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
+@@ -1,3 +1,16 @@
+<<<<<<< HEAD
+=======
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
+       * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
+       overflow note_len into note header.
+
+2018-11-17  Mark Wielaard  <mark@klomp.org>
+
+       * elf32_updatefile.c (updatemmap): Make sure to call convert
+       function on a properly aligned destination.
+
+>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
+ 2018-11-16  Mark Wielaard  <mark@klomp.org>
+ 
+        * libebl.h (__elf32_msize): Mark with const attribute.
+diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
+index 9bdc3e2..bc9950f 100644
+--- a/libelf/note_xlate.h
+++ b/libelf/note_xlate.h
+@@ -46,13 +46,13 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode,
+       /* desc needs to be aligned.  */
+       note_len += n->n_namesz;
+       note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
+-      if (note_len > len || note_len < 8)
+      if (note_len > len || note_len < sizeof *n)
+        break;
+ 
+       /* data as a whole needs to be aligned.  */
+       note_len += n->n_descsz;
+       note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
+-      if (note_len > len || note_len < 8)
+      if (note_len > len || note_len < sizeof *n)
+        break;
+ 
+       /* Copy or skip the note data.  */
+-- 
+2.7.4

diff --git a/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch new file mode 100644 index 0000000000..e55dc5a054 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2019-7664.patch
@@ -0,0 +1,65 @@
	1	From 3ed05376e7b2c96c1d6eb24d2842cc25b79a4f07 Mon Sep 17 00:00:00 2001
	2	From: Mark Wielaard <mark@klomp.org>
	3	Date: Wed, 16 Jan 2019 12:25:57 +0100
	4	Subject: [PATCH] CVE: CVE-2019-7664
	5
	6	Upstream-Status: Backport
	7	libelf: Correct overflow check in note_xlate.
	8
	9	We want to make sure the note_len doesn't overflow and becomes shorter
	10	than the note header. But the namesz and descsz checks got the note header
	11	size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
	12
	13	https://sourceware.org/bugzilla/show_bug.cgi?id=24084
	14
	15	Signed-off-by: Mark Wielaard <mark@klomp.org>
	16	Signed-off-by: Ubuntu <lisa@shuagr-yocto-build.mdn4q2lr1oauhmizmzsslly3ad.xx.internal.cloudapp.net>
	17	---
	18	libelf/ChangeLog \| 13 +++++++++++++
	19	libelf/note_xlate.h \| 4 ++--
	20	2 files changed, 15 insertions(+), 2 deletions(-)
	21
	22	diff --git a/libelf/ChangeLog b/libelf/ChangeLog
	23	index 68c4fbd..892e6e7 100644
	24	--- a/libelf/ChangeLog
	25	+++ b/libelf/ChangeLog
	26	@@ -1,3 +1,16 @@
	27	+<<<<<<< HEAD
	28	+=======
	29	+2019-01-16 Mark Wielaard <mark@klomp.org>
	30	+
	31	+ * note_xlate.h (elf_cvt_note): Check n_namesz and n_descsz don't
	32	+ overflow note_len into note header.
	33	+
	34	+2018-11-17 Mark Wielaard <mark@klomp.org>
	35	+
	36	+ * elf32_updatefile.c (updatemmap): Make sure to call convert
	37	+ function on a properly aligned destination.
	38	+
	39	+>>>>>>> e65d91d... libelf: Correct overflow check in note_xlate.
	40	2018-11-16 Mark Wielaard <mark@klomp.org>
	41
	42	* libebl.h (__elf32_msize): Mark with const attribute.
	43	diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
	44	index 9bdc3e2..bc9950f 100644
	45	--- a/libelf/note_xlate.h
	46	+++ b/libelf/note_xlate.h
	47	@@ -46,13 +46,13 @@ elf_cvt_note (void dest, const void src, size_t len, int encode,
	48	/* desc needs to be aligned. */
	49	note_len += n->n_namesz;
	50	note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
	51	- if (note_len > len \|\| note_len < 8)
	52	+ if (note_len > len \|\| note_len < sizeof *n)
	53	break;
	54
	55	/* data as a whole needs to be aligned. */
	56	note_len += n->n_descsz;
	57	note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
	58	- if (note_len > len \|\| note_len < 8)
	59	+ if (note_len > len \|\| note_len < sizeof *n)
	60	break;
	61
	62	/* Copy or skip the note data. */
	63	--
	64	2.7.4
	65