binutils: Security fix CVE-2017-7223

Affects <= 2.28 (From OE-Core rev: 04ca81f0539a7549d4c527377c8a05b396247220) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-26 11:42:46 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-11 22:02:58 +0000
commit: 722c61d4f4ce2a756e28c85a079d1f6bba201c12 (patch)
tree: 7ad0ac20605ef666ef4fc8266e5fe6e6790fa3f4
parent: 673999ac76a0cacb03dfaac7b35b45ccb574a633 (diff)
download: poky-722c61d4f4ce2a756e28c85a079d1f6bba201c12.tar.gz
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 40b518bf7a..f09bcdc4c1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
     file://CVE-2017-6969_2.patch \
     file://CVE-2017-7209.patch \
     file://CVE-2017-7210.patch \
+     file://CVE-2017-7223.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
new file mode 100644
index 0000000000..c78c8bf00a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,52 @@
+From 69ace2200106348a1b00d509a6a234337c104c17 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 1 Dec 2016 15:20:19 +0000
+Subject: [PATCH] Fix seg fault attempting to unget an EOF character.
+        PR gas/20898
+        * app.c (do_scrub_chars): Do not attempt to unget EOF.
+Affects: <= 2.28
+Upstream-Status: Backport
+CVE: CVE-2017-7223
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ gas/ChangeLog | 3 +++
+ gas/app.c     | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+Index: git/gas/ChangeLog
+===================================================================
+--- git.orig/gas/ChangeLog
+++ git/gas/ChangeLog
+@@ -1,3 +1,8 @@
+2016-12-01  Nick Clifton  <nickc@redhat.com>
+ 
+       PR gas/20898
+       * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+ 2017-03-02  Tristan Gingold  <gingold@adacore.com>
+ 
+        * configure: Regenerate.
+@@ -198,7 +203,6 @@
+        * config/tc-pru.c (md_number_to_chars): Fix parameter to be
+        valueT, as declared in tc.h.
+        (md_apply_fix): Fix to work on 32-bit hosts.
+->>>>>>> 0115611... RISC-V/GAS: Correct branch relaxation for weak symbols.
+ 
+ 2017-01-02  Alan Modra  <amodra@gmail.com>
+ 
+Index: git/gas/app.c
+===================================================================
+--- git.orig/gas/app.c
+++ git/gas/app.c
+@@ -1350,7 +1350,7 @@ do_scrub_chars (size_t (*get) (char *, s
+                  PUT (ch);
+                  break;
+                }
+-             else
+             else if (ch2 != EOF)
+                {
+                  state = 9;
+                  if (ch == EOF || !IS_SYMBOL_COMPONENT (ch))
author	Armin Kuster <akuster808@gmail.com>	2017-11-26 11:42:46 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-11 22:02:58 +0000
commit	722c61d4f4ce2a756e28c85a079d1f6bba201c12 (patch)
tree	7ad0ac20605ef666ef4fc8266e5fe6e6790fa3f4
parent	673999ac76a0cacb03dfaac7b35b45ccb574a633 (diff)
download	poky-722c61d4f4ce2a756e28c85a079d1f6bba201c12.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 40b518bf7a..f09bcdc4c1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
43	file://CVE-2017-6969_2.patch \	43	file://CVE-2017-6969_2.patch \
44	file://CVE-2017-7209.patch \	44	file://CVE-2017-7209.patch \
45	file://CVE-2017-7210.patch \	45	file://CVE-2017-7210.patch \
		46	file://CVE-2017-7223.patch \
46	"	47	"
47	S = "${WORKDIR}/git"	48	S = "${WORKDIR}/git"
48		49


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch new file mode 100644 index 0000000000..c78c8bf00a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,52 @@
		1	From 69ace2200106348a1b00d509a6a234337c104c17 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Thu, 1 Dec 2016 15:20:19 +0000
		4	Subject: [PATCH] Fix seg fault attempting to unget an EOF character.
		5
		6	PR gas/20898
		7	* app.c (do_scrub_chars): Do not attempt to unget EOF.
		8
		9	Affects: <= 2.28
		10	Upstream-Status: Backport
		11	CVE: CVE-2017-7223
		12	Signed-off-by: Armin Kuster <akuster@mvista.com>
		13
		14	---
		15	gas/ChangeLog \| 3 +++
		16	gas/app.c \| 2 +-
		17	2 files changed, 4 insertions(+), 1 deletion(-)
		18
		19	Index: git/gas/ChangeLog
		20	===================================================================
		21	--- git.orig/gas/ChangeLog
		22	+++ git/gas/ChangeLog
		23	@@ -1,3 +1,8 @@
		24	+2016-12-01 Nick Clifton <nickc@redhat.com>
		25	+
		26	+ PR gas/20898
		27	+ * app.c (do_scrub_chars): Do not attempt to unget EOF.
		28	+
		29	2017-03-02 Tristan Gingold <gingold@adacore.com>
		30
		31	* configure: Regenerate.
		32	@@ -198,7 +203,6 @@
		33	* config/tc-pru.c (md_number_to_chars): Fix parameter to be
		34	valueT, as declared in tc.h.
		35	(md_apply_fix): Fix to work on 32-bit hosts.
		36	->>>>>>> 0115611... RISC-V/GAS: Correct branch relaxation for weak symbols.
		37
		38	2017-01-02 Alan Modra <amodra@gmail.com>
		39
		40	Index: git/gas/app.c
		41	===================================================================
		42	--- git.orig/gas/app.c
		43	+++ git/gas/app.c
		44	@@ -1350,7 +1350,7 @@ do_scrub_chars (size_t (get) (char , s
		45	PUT (ch);
		46	break;
		47	}
		48	- else
		49	+ else if (ch2 != EOF)
		50	{
		51	state = 9;
		52	if (ch == EOF \|\| !IS_SYMBOL_COMPONENT (ch))