binutils: Security fix for CVE-2017-9745

Affects: <= 2.28 (From OE-Core rev: da1960fb6d9de9620ac507256554659e1bbe7083) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-26 16:19:46 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-11 22:02:58 +0000
commit: 10b391060b5246f50ea235a5178d76223bc6d3c6 (patch)
tree: 55a22283e091709359aeb748c56f4a58538d25b9
parent: 266586ff4c1e73ba941ebb66102381166d57bea5 (diff)
download: poky-10b391060b5246f50ea235a5178d76223bc6d3c6.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 815e2bf5fb..d555d5f421 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -56,6 +56,7 @@ SRC_URI = "\
     file://CVE-2017-9040_9042.patch \
     file://CVE-2017-9742.patch \
     file://CVE-2017-9744.patch \
+     file://CVE-2017-9745.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000000..0b3885b947
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,35 @@
+From 76800cba595efc3fe95a446c2d664e42ae4ee869 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 12:08:57 +0100
+Subject: [PATCH] Handle EITR records in VMS Alpha binaries with overlarge
+ command length parameters.
+        PR binutils/21579
+        * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+Upstream-Status: Backport
+CVE: CVE-2017-9745
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog   |  5 +++++
+ bfd/vms-alpha.c | 16 ++++++++--------
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c
+++ git/bfd/vms-alpha.c
+@@ -1741,6 +1741,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+       _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+ 
+#if VMS_DEBUG
+      _bfd_vms_debug (4, "etir: %s(%d)\n",
+                      _bfd_vms_etir_name (cmd), cmd);
+      _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+#endif
+
+       switch (cmd)
+         {
+           /* Stack global
author	Armin Kuster <akuster808@gmail.com>	2017-11-26 16:19:46 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-11 22:02:58 +0000
commit	10b391060b5246f50ea235a5178d76223bc6d3c6 (patch)
tree	55a22283e091709359aeb748c56f4a58538d25b9
parent	266586ff4c1e73ba941ebb66102381166d57bea5 (diff)
download	poky-10b391060b5246f50ea235a5178d76223bc6d3c6.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 815e2bf5fb..d555d5f421 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -56,6 +56,7 @@ SRC_URI = "\
56	file://CVE-2017-9040_9042.patch \	56	file://CVE-2017-9040_9042.patch \
57	file://CVE-2017-9742.patch \	57	file://CVE-2017-9742.patch \
58	file://CVE-2017-9744.patch \	58	file://CVE-2017-9744.patch \
		59	file://CVE-2017-9745.patch \
59	"	60	"
60	S = "${WORKDIR}/git"	61	S = "${WORKDIR}/git"
61		62


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch new file mode 100644 index 0000000000..0b3885b947 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,35 @@
		1	From 76800cba595efc3fe95a446c2d664e42ae4ee869 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Thu, 15 Jun 2017 12:08:57 +0100
		4	Subject: [PATCH] Handle EITR records in VMS Alpha binaries with overlarge
		5	command length parameters.
		6
		7	PR binutils/21579
		8	* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
		9
		10	Upstream-Status: Backport
		11	CVE: CVE-2017-9745
		12	Signed-off-by: Armin Kuster <akuster@mvista.com>
		13
		14	---
		15	bfd/ChangeLog \| 5 +++++
		16	bfd/vms-alpha.c \| 16 ++++++++--------
		17	2 files changed, 13 insertions(+), 8 deletions(-)
		18
		19	Index: git/bfd/vms-alpha.c
		20	===================================================================
		21	--- git.orig/bfd/vms-alpha.c
		22	+++ git/bfd/vms-alpha.c
		23	@@ -1741,6 +1741,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
		24	_bfd_hexdump (8, ptr, cmd_length - 4, 0);
		25	#endif
		26
		27	+#if VMS_DEBUG
		28	+ _bfd_vms_debug (4, "etir: %s(%d)\n",
		29	+ _bfd_vms_etir_name (cmd), cmd);
		30	+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
		31	+#endif
		32	+
		33	switch (cmd)
		34	{
		35	/* Stack global