2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 4833552ca9..54cdcc7bb5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -62,6 +62,7 @@ SRC_URI = "\
     file://CVE-2017-7223.patch \
     file://CVE-2017-7224.patch \
     file://CVE-2017-7225.patch \
+     file://CVE-2017-7227.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
new file mode 100644
index 0000000000..1fa98e19be
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
@@ -0,0 +1,49 @@
+commit 406bd128dba2a59d0736839fc87a59bce319076c
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Dec 5 16:00:43 2016 +0000
+    Fix seg-fault in linker when passed a bogus input script.
+    
+        PR ld/20906
+        * ldlex.l: Check for bogus strings in linker scripts.
+Upstream-Status: backport
+CVE: CVE-2017-7227
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/ld/ChangeLog
+===================================================================
+--- git.orig/ld/ChangeLog       2017-09-04 13:18:09.660584245 +0530
+++ git/ld/ChangeLog    2017-09-04 13:20:34.286155911 +0530
+@@ -1,3 +1,8 @@
+2016-12-05  Nick Clifton  <nickc@redhat.com>
+
+       PR ld/20906
+       * ldlex.l: Check for bogus strings in linker scripts.
+
+ 2016-08-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR ld/17739
+Index: git/ld/ldlex.l
+===================================================================
+--- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530
+++ git/ld/ldlex.l      2017-09-04 13:22:54.483583368 +0530
+@@ -416,9 +416,15 @@
+ 
+ <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
+                                        /* No matter the state, quotes
+-                                          give what's inside */
+                                          give what's inside.  */
+                                        bfd_size_type len;
+                                        yylval.name = xstrdup (yytext + 1);
+-                                       yylval.name[yyleng - 2] = 0;
+                                        /* PR ld/20906.  A corrupt input file
+                                           can contain bogus strings.  */
+                                        len = strlen (yylval.name);
+                                        if (len > yyleng - 2)
+                                          len = yyleng - 2;
+                                        yylval.name[len] = 0;
+                                        return NAME;
+                                }
+ <BOTH,SCRIPT,EXPRESSION>"\n"           { lineno++;}

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 4833552ca9..54cdcc7bb5 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -62,6 +62,7 @@ SRC_URI = "\
62	file://CVE-2017-7223.patch \	62	file://CVE-2017-7223.patch \
63	file://CVE-2017-7224.patch \	63	file://CVE-2017-7224.patch \
64	file://CVE-2017-7225.patch \	64	file://CVE-2017-7225.patch \
		65	file://CVE-2017-7227.patch \
65	"	66	"
66	S = "${WORKDIR}/git"	67	S = "${WORKDIR}/git"
67		68


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch new file mode 100644 index 0000000000..1fa98e19be --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7227.patch
@@ -0,0 +1,49 @@
		1	commit 406bd128dba2a59d0736839fc87a59bce319076c
		2	Author: Nick Clifton <nickc@redhat.com>
		3	Date: Mon Dec 5 16:00:43 2016 +0000
		4
		5	Fix seg-fault in linker when passed a bogus input script.
		6
		7	PR ld/20906
		8	* ldlex.l: Check for bogus strings in linker scripts.
		9
		10	Upstream-Status: backport
		11
		12	CVE: CVE-2017-7227
		13	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		14
		15	Index: git/ld/ChangeLog
		16	===================================================================
		17	--- git.orig/ld/ChangeLog 2017-09-04 13:18:09.660584245 +0530
		18	+++ git/ld/ChangeLog 2017-09-04 13:20:34.286155911 +0530
		19	@@ -1,3 +1,8 @@
		20	+2016-12-05 Nick Clifton <nickc@redhat.com>
		21	+
		22	+ PR ld/20906
		23	+ * ldlex.l: Check for bogus strings in linker scripts.
		24	+
		25	2016-08-02 Nick Clifton <nickc@redhat.com>
		26
		27	PR ld/17739
		28	Index: git/ld/ldlex.l
		29	===================================================================
		30	--- git.orig/ld/ldlex.l 2017-09-04 13:18:09.692584605 +0530
		31	+++ git/ld/ldlex.l 2017-09-04 13:22:54.483583368 +0530
		32	@@ -416,9 +416,15 @@
		33
		34	<EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
		35	/* No matter the state, quotes
		36	- give what's inside */
		37	+ give what's inside. */
		38	+ bfd_size_type len;
		39	yylval.name = xstrdup (yytext + 1);
		40	- yylval.name[yyleng - 2] = 0;
		41	+ /* PR ld/20906. A corrupt input file
		42	+ can contain bogus strings. */
		43	+ len = strlen (yylval.name);
		44	+ if (len > yyleng - 2)
		45	+ len = yyleng - 2;
		46	+ yylval.name[len] = 0;
		47	return NAME;
		48	}
		49	<BOTH,SCRIPT,EXPRESSION>"\n" { lineno++;}