summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* ruby: Update to 2.4.4Armin Kuster2018-05-151-2/+2
| | | | | | | | | | | | | | | | | | | The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for Morty context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ruby: fix typo in gmp PACKAGECONFIG optionAndre McCurdy2018-05-151-1/+1
| | | | | | | | | | | | | (From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) (From OE-Core rev: a9b55cbec9f5ff11f92f50c529049e83ac898043) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ruby: remove spurious db build dependencyRoss Burton2018-05-151-1/+1
| | | | | | | | | | | | | | The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) (From OE-Core rev: 20d9821e9131c3d715ed629ad38eed802f737056) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* distcc: Change SRC_URIArmin Kuster2018-04-051-1/+1
| | | | | | | | | | | | | | | ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source. ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch [v2] upstream deleted the branch and the hash no longer exists. Took the git snapshot from yocto and created a copy on my github. There was no offical 3.2 release, only rc versions. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* e2fsprogs: fix compatibility with glibc 2.27Tanu Kaskinen2018-04-052-0/+63
| | | | | | | | | | | | | | | | | glibc 2.27 added function copy_file_range(), and e2fsprogs happens to have a different function with the same name. The conflict made e2fsprogs-native build fail. Here's a backport of a fix from upstream, the fix was released in e2fsprogs 1.43.8. The master branch doesn't need this fix, since it has new enough e2fsprogs version. At least rocko, pyro and morty need this, I haven't checked older stable branches. Apparently the problematic function was introduced in e2fsprogs version 1.43. Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qemu: fix memfd_create with glibc 2.27Ross Burton2018-04-052-0/+58
| | | | | | | | | | glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so take a patch from upstream to fix building with glibc 2.27. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* unfs3: Fix libtirpc usage for unfs3-native versionRichard Purdie2018-03-151-2/+2
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unfs3: Fix build with muslKhem Raj2018-03-152-3/+44
| | | | | | | | | Should also fix build on new build hosts where with glibc 2.27 rpc support is dropped in favor of libtirpc Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Remove patch causing ICE on x86_64 valgrind compileRichard Purdie2018-03-112-52/+0
| | | | | | | | | | | | | | | | | ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c: In function 'iselInt64Expr': | ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c:3270:1: internal compiler error: Segmentation fault | } | ^ | Please submit a full bug report, | with preprocessed source if appropriate. | See <http://gcc.gnu.org/bugs.html> for instructions. | rm -f libvexmultiarch-amd64-linux.a | Makefile:1813: recipe for target 'priv/libvex_amd64_linux_a-host_ppc_isel.o' failed Remove the patch to gcc causing this until the issue can be figured out. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc6: Backport few more patchesJuro Bystricky2018-03-1113-0/+7207
| | | | | | | | | Backported series of patches from https://github.com/hjl-tools/gcc.git branch /hjl/indirect/gcc-6-branch/master which contains an IA patch series for security related issues Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* gcc6: enable FL_LPAE flag for armv7ve coresAndre McCurdy2018-03-112-0/+68
| | | | | | | | | | | | | | | | | | | | | | | The following commit added the FL_LPAE flag to FL_FOR_ARCH7VE, but neglected to also add it to the armv7ve compatible cores defined in arm-cores.def. https://github.com/gcc-mirror/gcc/commit/af2d9b9e58e8be576c53d94f30c48c68146b0c98 The result is that gcc 6.4 now refuses to allow -march=armv7ve and -mcpu=XXX to be used together, even when -mcpu is set to an armv7ve compatible core: arm-linux-gnueabi-gcc -march=armv7ve -mcpu=cortex-a7 -Werror ... error: switch -mcpu=cortex-a7 conflicts with -march=armv7ve switch [-Werror] Fix by defining flags for armv7ve compatible cores directly from FL_FOR_ARCH7VE, rather than re-creating the armv7ve flags independently by combining FL_FOR_ARCH7A with the armv7ve specific FL_THUMB_DIV and FL_ARM_DIV flags. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* gcc6: Fix unaligned STRD issue on ARMKhem Raj2018-03-112-0/+195
| | | | | | | | | | | Backport https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82445 Fixes [YOCTO 12297] Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 568227133be3f9f015679df3525f6c4f86304fd0)
* gcc6: Upgrade to 6.4Khem Raj2018-03-1166-81/+24
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 7874fa86cb583fe6a178b95ead09430486197197)
* gcc: Fix libssh_nonshared linker specs for ppc/muslKhem Raj2018-03-111-5/+50
| | | | | | | | | | | | | | The change to link libssp_nonshared.a only for musl was to move spec file changes to config/linux.h under a conditional when DEFAULT_LIBC == LIBC_MUSL which worked fine for all but ppc since gcc for ppc provided its own linux.h overrides which are used. This patch duplicates the change in those headers too Cherry-picked from oe-core master 9d39168a6acfa1f289a4448271c0bf9caaea10ec Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* gcc: Link libssp_nonshared.a only on musl targetsKhem Raj2018-03-113-29/+43
| | | | | | | | | | | | | | | | | glibc already provides the content for libssp_nonshared in libc_nonshared.a therefore we dont need to make it universal. This also fixed build issues on glibc when linking statically and using -fstack-protector Fixed errors like /mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libc.a(stack_chk_fail.o): In function `__stack_chk_fail': /usr/src/debug/glibc/2.26-r0/git/debug/stack_chk_fail.c:27: multiple definition of `__stack_chk_fail_local' /mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libssp_nonshared.a(libssp_nonshared_la-ssp-local.o):/usr/src/debug/gcc-runtime/7.1.0-r0/gcc-7.1.0/build.i586-bec-linux.i586-bec-linux/i586-bec-linux/libssp/../../../../../../../../work-shared/gcc-7.1.0-r0/gcc-7.1.0/libssp/ssp-local.c:47: first defined here collect2: error: ld returned 1 exit status Cherry-picked from oe-core master d71eba26850838b2878efea3f8c392a2eb2ebbfb Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* gcc-runtime: Disable libitm on riscvKhem Raj2018-03-101-0/+2
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 21caa8bcda93ce67ef58548f7b85d0569d13d0b9)
* gcc-6.3: Backport patch to fix ICE on ARMKhem Raj2018-03-102-0/+52
| | | | | | | | | Fixes internal compiler error: Max. number of generated reload insns per insn is achieved (90) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d2631f45a057c53797b7ba657662f35f66a2b04e)
* gcc-6.3.inc: Use ucontext_t not struct ucontext.Juro Bystricky2018-03-102-0/+140
| | | | | | | | | | | | | | | | | | | | Use ucontext_t not struct ucontext in linux-unwind.h files. Current glibc no longer gives the ucontext_t type the tag struct ucontext, to conform with POSIX namespace rules. This requires various linux-unwind.h files in libgcc, that were previously using struct ucontext, to be fixed to use ucontext_t instead. This is similar to the removal of the struct siginfo tag from siginfo_t some years ago. Backport of patches by Joseph Myers, taken from https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957 [YOCTO #12083] Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit ec1c18d866c137b1fa523d0fcc29f65a28f59f44)
* gcc: Remove unused patchJussi Kukkonen2018-03-101-290/+0
| | | | | | | | CVE-2016-4490 applied to gcc < 6.1.1, our version is 6.3 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d8329861bf6f48f6e541a04062b8d1f373dfcd78)
* gcc: Fix CVE-2016-6131 in libibertyYuanjie Huang2018-03-104-0/+504
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NVD] -- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6131 The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. [BZ #71696] -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696 2016-08-04 Marcel Böhme <boehme.marcel@gmail.com> PR c++/71696 * cplus-dem.c: Prevent infinite recursion when there is a cycle in the referencing of remembered mangled types. (work_stuff): New stack to keep track of the remembered mangled types that are currently being processed. (push_processed_type): New method to push currently processed remembered type onto the stack. (pop_processed_type): New method to pop currently processed remembered type from the stack. (work_stuff_copy_to_from): Copy values of new variables. (delete_non_B_K_work_stuff): Free stack memory. (demangle_args): Push/Pop currently processed remembered type. (do_type): Do not demangle a cyclic reference and push/pop referenced remembered type. cherry-picked from commit of git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4 (From OE-Core rev: 3c288b181a4cfecc80b48994f4dd2df285e4d1d0) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 96a16c4181d18b8580dad243350d589586cb2b07)
* gcc-6: Add fix for missing no-PIE flagsStephen Arnold2018-03-102-0/+23
| | | | | | | | | | | | | | | | Fixes build on hardened PAX host with gcc-5 (linker error on relocs). Completes no-PIE config by adding to ALL_* flags variables. Borrowed from Gentoo gcc patches, tested on 2 hardened amd64 hosts. Upstream-Status: Inappropriate [configuration] Commited by: Gentoo Toolchain Project <toolchain@gentoo.org> (From OE-Core rev: c178791cd78d5a9ebc4d7b7790e647a9bafe9cf2) Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fcb236ea7cd1ac052719187fefed60ebf1a30ac8)
* gcc-6: Sync gcc stddef.h with musl stddef.hKhem Raj2018-03-103-92/+92
| | | | | | | | | | | | | GCC provides some of std* headers including stddef.h and it syncs with glibc definitions via __needed* defines to find which datatypes are expected to be defined on top of glibc. we need same for musl. Drop unused 0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 7da04721a620ad741ea50adf116e6b5afd47caa5)
* gcc6: Upgrade to 6.3.0Khem Raj2018-03-1063-5/+5
| | | | | | | | | | 6.3.0 is a bugfix release in gcc 6 series Cherry-picked from oe-core master 36ffcd1d7d2ab9dcc91e9c09623a6613a248bc69 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* ruby: update to 2.4.3Armin Kuster2018-03-032-356/+2
| | | | | | | | | | | | | | | | | | | | | | | This fixes a segfault in arm64 multilib. Drop CVE-2017-14064.patch Additional CVE included are 2.4.3: CVE-2017-17405: Command injection vulnerability in Net::FTP Additional CVE included are 2.4.2: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON Ruby Gems: DNS request hijacking vulnerability. (CVE-2017-0902) ANSI escape sequence vulnerability. (CVE-2017-0899) DoS vulnerability in the query command. (CVE-2017-0900) vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pax-utils: update SRC_URIMaxin B. John2018-01-251-2/+1
| | | | | | | | | | The gentoo.osuosl.org mirror doesn't store all versions of pax-utils, so use the maintainers own mirror which stores them all. Fixes [YOCTO #11559] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: update to 2.4.0Alexander Kanavin2018-01-1315-437/+516
| | | | | | | | | | | | | | | Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby (up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python.inc: set CVE_PRODUCT to pythonMikko Rapeli2018-01-071-0/+2
| | | | | | | | | | | | | All python versions are just python in NVD like this CVE for python 3.4.4: https://nvd.nist.gov/vuln/detail/CVE-2016-5699 Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 848e1be494e8ea10c729f95f02acb366e1843d75) Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cmake: avoid configure failures if CFLAGS contains -Wstrict-prototypesAndre McCurdy2018-01-072-0/+43
| | | | | | | Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 0c89b010ce2e426f55ac7c6f94befef988913834) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-15938Thiruvadi Rajaraman2018-01-072-0/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 76766 Type: Security Fix Disposition: Backport from binutils master ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3 Description: PR22209, invalid memory read in find_abstract_instance_name This patch adds bounds checking for DW_FORM_ref_addr die refs, and calculates them relative to the first .debug_info section. See the big comment for why calculating relative to the current .debug_info section was wrong for relocatable object files. PR 22209 * dwarf2.c (struct comp_unit): Delete sec_info_ptr field. (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative to stash->info_ptr_memory, and check die_ref is within that memory. Set info_ptr_end correctly when another CU is refd. Check die_ref for DW_FORM_ref4 etc. is within CU. Affects: <= 2.29 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-15024Thiruvadi Rajaraman2018-01-072-0/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 76524 Type: Security Fix Disposition: Backport from binutils master ChangeID: 5f22a66eabb228b655605b964ecd350aee700806 Description: PR22187, infinite loop in find_abstract_instance_name This patch prevents the simple case of infinite recursion in find_abstract_instance_name by ensuring that the attributes being processed are not the same as the previous call. The patch also does a little cleanup, and leaves in place some changes to the nested_funcs array that I made when I wrongly thought looping might occur in scan_unit_for_symbols. PR 22187 * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and pname param. Return status. Make name const. Don't abort, return an error. Formatting. Exit if current info_ptr matches orig_info_ptr. Update callers. (scan_unit_for_symbols): Start at nesting_level of zero. Make nested_funcs an array of structs for extensibility. Formatting. Affects: <= 2.29 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-14729Thiruvadi Rajaraman2018-01-072-0/+46
| | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 76278 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de Description: x86: Guard against corrupted PLT There should be only one entry in PLT for a given symbol. Set howto to NULL after processing a PLT entry to guard against corrupted PLT so that the duplicated PLT entries are skipped. PR binutils/22170 Affects: <= 2.29 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9955Thiruvadi Rajaraman2018-01-0710-0/+1061
| | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73893 Type: Security Fix Disposition: Backport from 'binutils-gdb.git/master' branch ChangeID: 94c3ef8c1fa2e84e84ad76fb45307848d98817c8 Description: PR 21665 : Fixed multiple heap based buffer overflow Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9954Thiruvadi Rajaraman2018-01-072-0/+59
| | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73906 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 13858130a02bbe84744fd33ecbf2bbbd2360c09c Description: Fix address violation parsing a corrupt texhex format file. PR binutils/21670 * tekhex.c (getvalue): Check for the source pointer exceeding the end pointer before the first byte is read. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9745Thiruvadi Rajaraman2018-01-072-0/+63
| | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 74062 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca Description: Handle EITR records in VMS Alpha binaries with overlarge command length parameters. PR binutils/21579 * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9756Thiruvadi Rajaraman2018-01-072-0/+44
| | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73919 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: bd4a354c2a1bd14e26232fc88a736950aa19403a Description: Prevent address violation problem when disassembling corrupt aarch64 binary. PR binutils/21595 * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of range value. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9755Thiruvadi Rajaraman2018-01-073-0/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73932 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8 Description: i386-dis: Add 2 tests with invalid bnd register PR binutils/21594 * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd register. * testsuite/gas/i386/x86-64-mpx.s: Likewise. * testsuite/gas/i386/mpx.d: Updated. * testsuite/gas/i386/x86-64-mpx.d: Likewise. i386-dis: Check valid bnd register Since there are only 4 bnd registers, return "(bad)" for register number > 3. PR binutils/21594 * i386-dis.c (OP_E_register): Check valid bnd register. (OP_G): Likewise. Affects: <= 2.28 Author: H.J. Lu <hjl.tools@gmail.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9753_and_CVE-2017-9754Thiruvadi Rajaraman2018-01-072-0/+77
| | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73958, 73945 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: a39fdc82900af3f5d6ae396c913ac902f4ef7f60 Description: Fix seg-faults in objdump when disassembling a corrupt versados binary. PR binutils/21591 * versados.c (versados_mkobject): Zero the allocated tdata structure. (process_otr): Check for an invalid offset in the otr structure. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9752Thiruvadi Rajaraman2018-01-072-0/+205
| | | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73971 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: fe0e1d0f234ed157135818c24f4270c34e093828 Description: Fix potential address violations when processing a corrupt Alpha VMA binary. PR binutils/21589 * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the maximum value for the ascic pointer. Check that name processing does not read beyond this value. (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the end of etir record. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9750Thiruvadi Rajaraman2018-01-072-0/+263
| | | | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 73997 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 36893e1db9214b4da972a1eeb482be34405f0410 Description: Fix address violation problems when disassembling a corrupt RX binary. PR binutils/21587 * rx-decode.opc: Include libiberty.h (GET_SCALE): New macro - validates access to SCALE array. (GET_PSCALE): New macro - validates access to PSCALE array. (DIs, SIs, S2Is, rx_disp): Use new macros. * rx-decode.c: Regenerate. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9747Thiruvadi Rajaraman2018-01-072-0/+41
| | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 74036 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: b25bffca0b51e9c13ba752534b64bd28a147a135 Description: Fix address violation parsing a corrupt ieee binary. PR binutils/21581 (ieee_archive_p): Use a static buffer to avoid compiler bugs. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9748Thiruvadi Rajaraman2018-01-072-0/+46
| | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 74023 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: efff4d9ed538ff859ab5105a3594690e860d0779 Description: Avoid a possible compiler bug by using a static buffer instead of a stack local buffer. PR binutils/21582 * ieee.c (ieee_object_p): Use a static buffer to avoid compiler bugs. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9746Thiruvadi Rajaraman2018-01-072-0/+89
| | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 74049 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 8dad195531894850a242ccf70990a963cf16f291 Description: Fix address violation when disassembling a corrupt binary. PR binutils/21580 binutils * objdump.c (disassemble_bytes): Check for buffer overrun when printing out rae insns. ld * testsuite/ld-nds32/diff.d: Adjust expected output. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9749Thiruvadi Rajaraman2018-01-072-0/+76
| | | | | | | | | | | | | | | | | | | | | | | | Source: binutils-gdb.git MR: 74010 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 5b89fbcab899af53585b61bd40724a38bff831d3 Description: Prevent invalid array accesses when disassembling a corrupt bfin binary. PR binutils/21586 * bfin-dis.c (gregs): Clip index to prevent overflow. (regs): Likewise. (regs_lo): Likewise. (regs_hi): Likewise. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-9751Thiruvadi Rajaraman2018-01-072-0/+3739
| | | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 73984 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: b0488808caeeef072f9b00dd174c750da5e58b4b Description: Fix address violation when disassembling a corrupt RL78 binary. PR binutils/21588 * rl78-decode.opc (OP_BUF_LEN): Define. (GETBYTE): Check for the index exceeding OP_BUF_LEN. (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf array. * rl78-decode.c: Regenerate. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-7299Thiruvadi Rajaraman2018-01-073-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 74257 Type: Security Fix Disposition: Backport from 'embedded-binutils-master' ChangeID: b55df05e3d3fd21bd30edaea124135892747b1ee Description: Linking non-ELF file broken by PR20908 fix PR ld/20968 PR ld/20908 * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move reloc counting code later after ELF flavour test. PR lf/20908 * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries when following indirect links. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-8398Thiruvadi Rajaraman2018-01-072-0/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 74127 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54 Description: Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary. PR binutils/21438 * dwarf.c (process_extended_line_op): Do not assume that the string extracted from the section is NUL terminated. (fetch_indirect_string): If the string retrieved from the section is not NUL terminated, return an error message. (fetch_indirect_line_string): Likewise. (fetch_indexed_string): Likewise. Affects: <= 2.29 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-8394Thiruvadi Rajaraman2018-01-073-0/+196
| | | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 74166 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: d614742d33a55da6cafede60cd171766afb0aa1d Description: PR 21414, null pointer deref of _bfd_elf_large_com_section sym PR 21414 * section.c (GLOBAL_SYM_INIT): Make available in bfd.h. * elf.c (lcomm_sym): New. (_bfd_elf_large_com_section): Use lcomm_sym section symbol. * bfd-in2.h: Regenerate. Affects: <= 2.29 Author: Alan Modra <amodra@gmail.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-8421Thiruvadi Rajaraman2018-01-072-0/+52
| | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 74140 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c Description: Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs. PR 21440 * objdump.c (dump_relocs_in_section): Check for an excessive number of relocs before attempting to dump them. Affects: <= 2.29 Author: Alan Modra <amodra@gmail.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* binutils: CVE-2017-8396Thiruvadi Rajaraman2018-01-072-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git MR: 74101 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: db47540066f83529439566f8621d6e35fe86b77c Description: buffer overflow in perform_relocation The existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. PR 21432 * reloc.c (reloc_offset_in_range): New function. (bfd_perform_relocation, bfd_install_relocation): Use it. (_bfd_final_link_relocate): Likewise. Affects: <= 2.29 Author: Alan Modra <amodra@gmail.com> Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix seg-fault in the linker when examining a corrupt binary.Manjunath S Matti2018-01-072-0/+56
| | | | | | | | | | | | | | | | | | | | | | Source: https://sourceware.org/ MR: 74244 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c Description: Fix seg-fault in the linker when examining a corrupt binary. PR ld/20909 * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check for an illegal string offset. CVE: CVE-2017-7300 Affects: < 2.27-r0.9.1 Author: Nick Clifton <nickc@redhat.com> Signed-off-by: Manjunath S Matti <mmatti@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>