1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
new file mode 100644
index 0000000000..216ac7ae1c
--- /dev/null
+++ b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
@@ -0,0 +1,59 @@
+From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Fri, 7 Oct 2016 14:15:38 +0300
+Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
+This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
+with some additional backporting to make binutils build again.
+Upstream-Status: Backport
+CVE: CVE-2016-6354
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ src/flex.skl | 2 +-
+ src/scan.c   | 2 +-
+ src/skel.c   | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/src/flex.skl b/src/flex.skl
+index ed71627..814d562 100644
+--- a/src/flex.skl
+++ b/src/flex.skl
+@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
+ 
+        else
+                {
+-                       yy_size_t num_to_read =
+                       int num_to_read =
+                        YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+                while ( num_to_read <= 0 )
+diff --git a/src/scan.c b/src/scan.c
+index f1dce75..1949872 100644
+--- a/src/scan.c
+++ b/src/scan.c
+@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
+ 
+        else
+                {
+-                       yy_size_t num_to_read =
+                       int num_to_read =
+                        YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+                while ( num_to_read <= 0 )
+diff --git a/src/skel.c b/src/skel.c
+index 26cc889..0344d18 100644
+--- a/src/skel.c
+++ b/src/skel.c
+@@ -1929,7 +1929,7 @@ const char *skel[] = {
+   "",
+   "    else",
+   "            {",
+-  "                    yy_size_t num_to_read =",
+  "                    int num_to_read =",
+   "                    YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
+   "",
+   "            while ( num_to_read <= 0 )",
+-- 
+2.1.4

diff --git a/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch new file mode 100644 index 0000000000..216ac7ae1c --- /dev/null +++ b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
@@ -0,0 +1,59 @@
	1	From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
	2	From: Jussi Kukkonen <jussi.kukkonen@intel.com>
	3	Date: Fri, 7 Oct 2016 14:15:38 +0300
	4	Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
	5
	6	This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
	7	with some additional backporting to make binutils build again.
	8
	9	Upstream-Status: Backport
	10	CVE: CVE-2016-6354
	11	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
	12	---
	13	src/flex.skl \| 2 +-
	14	src/scan.c \| 2 +-
	15	src/skel.c \| 2 +-
	16	3 files changed, 3 insertions(+), 3 deletions(-)
	17
	18	diff --git a/src/flex.skl b/src/flex.skl
	19	index ed71627..814d562 100644
	20	--- a/src/flex.skl
	21	+++ b/src/flex.skl
	22	@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
	23
	24	else
	25	{
	26	- yy_size_t num_to_read =
	27	+ int num_to_read =
	28	YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
	29
	30	while ( num_to_read <= 0 )
	31	diff --git a/src/scan.c b/src/scan.c
	32	index f1dce75..1949872 100644
	33	--- a/src/scan.c
	34	+++ b/src/scan.c
	35	@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
	36
	37	else
	38	{
	39	- yy_size_t num_to_read =
	40	+ int num_to_read =
	41	YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
	42
	43	while ( num_to_read <= 0 )
	44	diff --git a/src/skel.c b/src/skel.c
	45	index 26cc889..0344d18 100644
	46	--- a/src/skel.c
	47	+++ b/src/skel.c
	48	@@ -1929,7 +1929,7 @@ const char *skel[] = {
	49	"",
	50	" else",
	51	" {",
	52	- " yy_size_t num_to_read =",
	53	+ " int num_to_read =",
	54	" YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
	55	"",
	56	" while ( num_to_read <= 0 )",
	57	--
	58	2.1.4
	59