summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-08 21:05:09 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-15 09:22:45 (GMT)
commitb33d89d5ea8604657a59b83a30c3374079c34fd2 (patch)
tree63fbf6ada0e632e3523368fde2a97d7901d504d4
parentbdb39814660ec744aae1ddae0b09bbdc8847b823 (diff)
downloadpoky-b33d89d5ea8604657a59b83a30c3374079c34fd2.tar.gz
Binutils: Security fix for CVE-2018-7642
Affects: <= 2.30 (From OE-Core rev: a424ac771bfceed2cef4dad8c0fd698764bc62a6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.29.1.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch51
2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index cfde35c..eccb128 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -76,6 +76,7 @@ SRC_URI = "\
76 file://CVE-2018-7568_p1.patch \ 76 file://CVE-2018-7568_p1.patch \
77 file://CVE-2018-7568_p2.patch \ 77 file://CVE-2018-7568_p2.patch \
78 file://CVE-2018-7569.patch \ 78 file://CVE-2018-7569.patch \
79 file://CVE-2018-7642.patch \
79" 80"
80S = "${WORKDIR}/git" 81S = "${WORKDIR}/git"
81 82
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000..14b233e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
1From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Wed, 28 Feb 2018 22:09:50 +1030
4Subject: [PATCH] PR22887, null pointer dereference in
5 aout_32_swap_std_reloc_out
6
7 PR 22887
8 * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
9
10Upstream-Status: Backport
11Affects: <= 2.30
12CVE: CVE-2018-7642
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 bfd/ChangeLog | 5 +++++
17 bfd/aoutx.h | 6 ++++--
18 2 files changed, 9 insertions(+), 2 deletions(-)
19
20Index: git/bfd/ChangeLog
21===================================================================
22--- git.orig/bfd/ChangeLog
23+++ git/bfd/ChangeLog
24@@ -1,3 +1,8 @@
25+2018-02-28 Alan Modra <amodra@gmail.com>
26+
27+ PR 22887
28+ * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
29+
30 2018-02-28 Nick Clifton <nickc@redhat.com>
31
32 PR 22895
33Index: git/bfd/aoutx.h
34===================================================================
35--- git.orig/bfd/aoutx.h
36+++ git/bfd/aoutx.h
37@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf
38 || r_type == (unsigned int) RELOC_BASE22)
39 r_extern = 1;
40
41- if (r_extern && r_index > symcount)
42+ if (r_extern && r_index >= symcount)
43 {
44 /* We could arrange to return an error, but it might be useful
45- to see the file even if it is bad. */
46+ to see the file even if it is bad. FIXME: Of course this
47+ means that objdump -r *doesn't* see the actual reloc, and
48+ objcopy silently writes a different reloc. */
49 r_extern = 0;
50 r_index = N_ABS;
51 }