1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/meta/recipes-devtools/file/file/CVE-2019-8906.patch
new file mode 100644
index 0000000000..1079ac6675
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2019-8906.patch
@@ -0,0 +1,27 @@
+From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 2 Jan 2019 19:44:14 +0000
+Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
+Upstream-Status: Backport
+CVE: CVE-2019-8906
+Affects < 5.36
+[Fixup for thud context]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+Index: git/src/readelf.c
+===================================================================
+--- git.orig/src/readelf.c
+++ git/src/readelf.c
+@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig
+                        char sbuf[512];
+                        struct NetBSD_elfcore_procinfo pi;
+                        memset(&pi, 0, sizeof(pi));
+-                       memcpy(&pi, nbuf + doff, descsz);
+                       memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+ 
+                        if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+                            "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",

diff --git a/meta/recipes-devtools/file/file/CVE-2019-8906.patch b/meta/recipes-devtools/file/file/CVE-2019-8906.patch new file mode 100644 index 0000000000..1079ac6675 --- /dev/null +++ b/meta/recipes-devtools/file/file/CVE-2019-8906.patch
@@ -0,0 +1,27 @@
	1	From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
	2	From: Christos Zoulas <christos@zoulas.com>
	3	Date: Wed, 2 Jan 2019 19:44:14 +0000
	4	Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
	5
	6	Upstream-Status: Backport
	7	CVE: CVE-2019-8906
	8	Affects < 5.36
	9	[Fixup for thud context]
	10	Signed-off-by: Armin Kuster <akuster@mvista.com>
	11	---
	12	src/readelf.c \| 4 ++--
	13	1 file changed, 2 insertions(+), 2 deletions(-)
	14
	15	Index: git/src/readelf.c
	16	===================================================================
	17	--- git.orig/src/readelf.c
	18	+++ git/src/readelf.c
	19	@@ -745,7 +745,7 @@ do_core_note(struct magic_set *ms, unsig
	20	char sbuf[512];
	21	struct NetBSD_elfcore_procinfo pi;
	22	memset(&pi, 0, sizeof(pi));
	23	- memcpy(&pi, nbuf + doff, descsz);
	24	+ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
	25
	26	if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
	27	"gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",