linux/poky.git/meta/recipes-devtools/elfutils, branch thud Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=thud 2019-10-10T15:52:30+00:00 elfutils: CVE fix for elfutils 2019-10-10T15:52:30+00:00 Shubham Agrawal shuagr@microsoft.com 2019-09-23T21:26:16+00:00 urn:sha1:2d699f84a3002a9c159dab571f14fba79aea5c59 CVE: CVE-2019-7664.patch CVE: CVE-2019-7665.patch Sign off: Shubham Agrawal <shuagr@microsoft.com> (From OE-Core rev: 8ca80002aa21897834b8c9869137461221e50225) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: Security fixes CVE-2019-7146,7149,7150 2019-07-27T17:05:17+00:00 Armin Kuster akuster@mvista.com 2019-05-28T23:11:08+00:00 urn:sha1:cd7f7bf38584be1df287e77e78bbdf659a07c385 Source: http://sourceware.org/git/elfutils.git MR: 97563, 97568, 97558 Type: Security Fix Disposition: Backport from http://sourceware.org/git/elfutils.git ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24 Description: Affects <= 0.175 Fixes: CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 (From OE-Core rev: ac5dca7dc68519b36aa976dfd25d8efa76af74ec) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: 0.174 -> 0.175 2019-01-08T20:14:42+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-23T07:47:20+00:00 urn:sha1:d50041ea78ae164eaf9fde1d83d296f52312e4d4 - Drop backport CVE patches 0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch 0001-size-Handle-recursive-ELF-ar-files.patch 0001-arlib-Check-that-sh_entsize-isn-t-zero.patch - Drop patches that upstream has fixed 0005-fix-a-stack-usage-warning.patch [9a74c19 backends: ppc use define instead of const for size of dwarf_regs array.] - Update debian patches to 0.175 - Rebase local patch to 0.175 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch (From OE-Core rev: 8748de4df5a4ece303f07f8bbb248920a199478a) (From OE-Core rev: 81ae67e603087166ec5583cc9686a60f769be799) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: fix CVE-2018-18520 & CVE-2018-18521 & CVE-2018-18310 2018-11-07T23:08:54+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-02T09:52:51+00:00 urn:sha1:918c8a13b67b0eece6fcdf4dad43ad032acacca5 These CVE fixes come from upstream master branch and no new version released, so backport rather than upgrade. (From OE-Core rev: bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: 0.173 -> 0.174 2018-11-07T23:08:54+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-02T09:52:50+00:00 urn:sha1:4f6bb406d0834ae7e6b376fa18958c6089635ae9 - Drop backport fixes CVE-2018-16062.patch 0001-libdw-Check-end-of-attributes-list-consistently.patch 0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch - Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch (From OE-Core rev: 777c1f8b6e20643964c304400e2d746dc2926524) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: fix CVE-2018-16403 & CVE-2018-16402 2018-10-04T13:21:41+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-09-28T06:29:27+00:00 urn:sha1:eafcef938b7891f8b8df2751a7598a03f4406b69 (From OE-Core rev: a7c3c897d2cbe7e473a7fb057a3f74ebc9e04023) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: CVE-2018-16062 2018-09-06T09:36:31+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2018-09-05T02:42:46+00:00 urn:sha1:a33c82de39e1835662b55ccd01dcdc1e25ffb21d Backport the CVE patch from the upstream: https://sourceware.org/git/?p=elfutils.git;a=commit; h=29e31978ba51c1051743a503ee325b5ebc03d7e9 (From OE-Core rev: bcca86fca317c16a8f6c138c7df369b944e50700) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: Fix prelink libqb error on mips and mips64 2018-09-04T10:03:55+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-29T10:11:40+00:00 urn:sha1:7f10f6a57a1396ae8fc020c82c0077a6577cce59 The previous patch 0001-libelf-elf_end.c-check-data_list.data.d.d_buf-before.patch fixed segmentation fault error on other arches except mips and mips64, now update it to fix mips and mips64 too, also submitted to upstream. (From OE-Core rev: 8e280aff908b980d641c762946f691a6d376b87b) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: 0.172 -> 0.173 2018-08-23T17:02:23+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-23T08:11:25+00:00 urn:sha1:11f58843df60b516b30f25883463325ed689f760 (From OE-Core rev: ab3f8e58485d0e90da3a0255d771737852ba345b) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> elfutils: check data_list.data.d.d_buf before free it 2018-08-16T21:40:27+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-16T02:38:22+00:00 urn:sha1:1faa551931e061367bb5ba8047dfa7badf726aff [YOCTO #12791] The one which actually saves the data is data_list.data.d.d_buf, so check it before free rawdata_base. This can fix a segmentation fault when prelink libqb_1.0.3: prelink: /usr/lib/libqb.so.0.18.2: Symbol section index outside of section numbers The segmentation fault happens when prelink call elf_end(). Fixed: MACHINE="qemux86-64" IMAGE_INSTALL_append = " libqb" #libqp is from meta-openembedded $ bitbake core-image-minimal Segmention fault (From OE-Core rev: 560154e8525dce4beb8199ffc0d7c964da9d665a) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>