2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.178.bb b/meta/recipes-devtools/elfutils/elfutils_0.178.bb
index c500ae3c19..29a3bbfffb 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.178.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.178.bb
@@ -1,5 +1,6 @@
 SUMMARY = "Utilities and libraries for handling compiled object files"
 HOMEPAGE = "https://sourceware.org/elfutils"
+DESCRIPTION = "elfutils is a collection of utilities and libraries to read, create and modify ELF binary files, find and handle DWARF debug data, symbols, thread state and stacktraces for processes and core files on GNU/Linux."
 SECTION = "base"
 LICENSE = "GPLv2 & LGPLv3+ & GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -33,6 +34,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
           file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \
           file://run-ptest \
           file://ptest.patch \
+           file://CVE-2021-33294.patch \
           "
 SRC_URI_append_libc-musl = " \
           file://0001-musl-obstack-fts.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
new file mode 100644
index 0000000000..0500a4cf83
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
@@ -0,0 +1,72 @@
+From 480b6fa3662ba8ffeee274bf0d37423413c01e55 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 3 Mar 2021 21:40:53 +0100
+Subject: [PATCH] readelf: Sanity check verneed and verdef offsets in handle_symtab.
+We are going through vna_next, vn_next and vd_next in a while loop.
+Make sure that all offsets are sane. We don't want things to wrap
+around so we go in cycles.
+https://sourceware.org/bugzilla/show_bug.cgi?id=27501
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55]
+CVE: CVE-2021-33294
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ChangeLog |  5 +++++
+ src/readelf.c | 10 +++++++++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+diff --git a/src/ChangeLog b/src/ChangeLog
+index 6af977e..f0d9e39 100644
+--- a/src/ChangeLog
+++ b/src/ChangeLog
+@@ -1,3 +1,8 @@
+2021-03-03  Mark Wielaard  <mark@klomp.org>
+
+       * readelf.c (handle_symtab): Sanity check verneed vna_next,
+       vn_next and verdef vd_next offsets.
+
+ 2019-11-26  Mark Wielaard  <mark@klomp.org>
+ 
+        * Makefile.am (BUILD_STATIC): Add libraries needed for libdw.
+diff --git a/src/readelf.c b/src/readelf.c
+index 5994615..ab7a1c1 100644
+--- a/src/readelf.c
+++ b/src/readelf.c
+@@ -2550,7 +2550,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+                                                 &vernaux_mem);
+                      while (vernaux != NULL
+                             && vernaux->vna_other != *versym
+-                            && vernaux->vna_next != 0)
+                            && vernaux->vna_next != 0
+                            && (verneed_data->d_size - vna_offset
+                                >= vernaux->vna_next))
+                        {
+                          /* Update the offset.  */
+                          vna_offset += vernaux->vna_next;
+@@ -2567,6 +2569,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+                        /* Found it.  */
+                        break;
+ 
+                     if (verneed_data->d_size - vn_offset < verneed->vn_next)
+                       break;
+
+                      vn_offset += verneed->vn_next;
+                      verneed = (verneed->vn_next == 0
+                                 ? NULL
+@@ -2602,6 +2607,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+                        /* Found the definition.  */
+                        break;
+ 
+                     if (verdef_data->d_size - vd_offset < verdef->vd_next)
+                       break;
+
+                      vd_offset += verdef->vd_next;
+                      verdef = (verdef->vd_next == 0
+                                ? NULL
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.178.bb b/meta/recipes-devtools/elfutils/elfutils_0.178.bb index c500ae3c19..29a3bbfffb 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.178.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.178.bb
@@ -1,5 +1,6 @@
1	SUMMARY = "Utilities and libraries for handling compiled object files"	1	SUMMARY = "Utilities and libraries for handling compiled object files"
2	HOMEPAGE = "https://sourceware.org/elfutils"	2	HOMEPAGE = "https://sourceware.org/elfutils"
		3	DESCRIPTION = "elfutils is a collection of utilities and libraries to read, create and modify ELF binary files, find and handle DWARF debug data, symbols, thread state and stacktraces for processes and core files on GNU/Linux."
3	SECTION = "base"	4	SECTION = "base"
4	LICENSE = "GPLv2 & LGPLv3+ & GPLv3+"	5	LICENSE = "GPLv2 & LGPLv3+ & GPLv3+"
5	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"	6	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -33,6 +34,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
33	file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \	34	file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \
34	file://run-ptest \	35	file://run-ptest \
35	file://ptest.patch \	36	file://ptest.patch \
		37	file://CVE-2021-33294.patch \
36	"	38	"
37	SRC_URI_append_libc-musl = " \	39	SRC_URI_append_libc-musl = " \
38	file://0001-musl-obstack-fts.patch \	40	file://0001-musl-obstack-fts.patch \


diff --git a/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch new file mode 100644 index 0000000000..0500a4cf83 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
@@ -0,0 +1,72 @@
		1	From 480b6fa3662ba8ffeee274bf0d37423413c01e55 Mon Sep 17 00:00:00 2001
		2	From: Mark Wielaard <mark@klomp.org>
		3	Date: Wed, 3 Mar 2021 21:40:53 +0100
		4	Subject: [PATCH] readelf: Sanity check verneed and verdef offsets in handle_symtab.
		5
		6	We are going through vna_next, vn_next and vd_next in a while loop.
		7	Make sure that all offsets are sane. We don't want things to wrap
		8	around so we go in cycles.
		9
		10	https://sourceware.org/bugzilla/show_bug.cgi?id=27501
		11
		12	Signed-off-by: Mark Wielaard <mark@klomp.org>
		13
		14	Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55]
		15	CVE: CVE-2021-33294
		16	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		17	---
		18	src/ChangeLog \| 5 +++++
		19	src/readelf.c \| 10 +++++++++-
		20	2 files changed, 14 insertions(+), 1 deletion(-)
		21
		22	diff --git a/src/ChangeLog b/src/ChangeLog
		23	index 6af977e..f0d9e39 100644
		24	--- a/src/ChangeLog
		25	+++ b/src/ChangeLog
		26	@@ -1,3 +1,8 @@
		27	+2021-03-03 Mark Wielaard <mark@klomp.org>
		28	+
		29	+ * readelf.c (handle_symtab): Sanity check verneed vna_next,
		30	+ vn_next and verdef vd_next offsets.
		31	+
		32	2019-11-26 Mark Wielaard <mark@klomp.org>
		33
		34	* Makefile.am (BUILD_STATIC): Add libraries needed for libdw.
		35	diff --git a/src/readelf.c b/src/readelf.c
		36	index 5994615..ab7a1c1 100644
		37	--- a/src/readelf.c
		38	+++ b/src/readelf.c
		39	@@ -2550,7 +2550,9 @@ handle_symtab (Ebl ebl, Elf_Scn scn, GElf_Shdr *shdr)
		40	&vernaux_mem);
		41	while (vernaux != NULL
		42	&& vernaux->vna_other != *versym
		43	- && vernaux->vna_next != 0)
		44	+ && vernaux->vna_next != 0
		45	+ && (verneed_data->d_size - vna_offset
		46	+ >= vernaux->vna_next))
		47	{
		48	/* Update the offset. */
		49	vna_offset += vernaux->vna_next;
		50	@@ -2567,6 +2569,9 @@ handle_symtab (Ebl ebl, Elf_Scn scn, GElf_Shdr *shdr)
		51	/* Found it. */
		52	break;
		53
		54	+ if (verneed_data->d_size - vn_offset < verneed->vn_next)
		55	+ break;
		56	+
		57	vn_offset += verneed->vn_next;
		58	verneed = (verneed->vn_next == 0
		59	? NULL
		60	@@ -2602,6 +2607,9 @@ handle_symtab (Ebl ebl, Elf_Scn scn, GElf_Shdr *shdr)
		61	/* Found the definition. */
		62	break;
		63
		64	+ if (verdef_data->d_size - vd_offset < verdef->vd_next)
		65	+ break;
		66	+
		67	vd_offset += verdef->vd_next;
		68	verdef = (verdef->vd_next == 0
		69	? NULL
		70	--
		71	2.25.1
		72