| Age | Commit message (Collapse) | Author |
|---|
|
Source: binutils-gdb.git
MR: 76766
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3
Description:
PR22209, invalid memory read in find_abstract_instance_name
This patch adds bounds checking for DW_FORM_ref_addr die refs, and
calculates them relative to the first .debug_info section. See the
big comment for why calculating relative to the current .debug_info
section was wrong for relocatable object files.
PR 22209
* dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
(find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
to stash->info_ptr_memory, and check die_ref is within that memory.
Set info_ptr_end correctly when another CU is refd. Check die_ref
for DW_FORM_ref4 etc. is within CU.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 76524
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: 5f22a66eabb228b655605b964ecd350aee700806
Description:
PR22187, infinite loop in find_abstract_instance_name
This patch prevents the simple case of infinite recursion in
find_abstract_instance_name by ensuring that the attributes being
processed are not the same as the previous call.
The patch also does a little cleanup, and leaves in place some changes
to the nested_funcs array that I made when I wrongly thought looping
might occur in scan_unit_for_symbols.
PR 22187
* dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
pname param. Return status. Make name const. Don't abort,
return an error. Formatting. Exit if current info_ptr matches
orig_info_ptr. Update callers.
(scan_unit_for_symbols): Start at nesting_level of zero. Make
nested_funcs an array of structs for extensibility. Formatting.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 76278
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de
Description:
x86: Guard against corrupted PLT
There should be only one entry in PLT for a given symbol. Set howto to
NULL after processing a PLT entry to guard against corrupted PLT so that
the duplicated PLT entries are skipped.
PR binutils/22170
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73893
Type: Security Fix
Disposition: Backport from 'binutils-gdb.git/master' branch
ChangeID: 94c3ef8c1fa2e84e84ad76fb45307848d98817c8
Description:
PR 21665 : Fixed multiple heap based buffer overflow
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73906
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 13858130a02bbe84744fd33ecbf2bbbd2360c09c
Description:
Fix address violation parsing a corrupt texhex format file.
PR binutils/21670
* tekhex.c (getvalue): Check for the source pointer exceeding the
end pointer before the first byte is read.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 74062
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca
Description:
Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
PR binutils/21579
* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73919
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: bd4a354c2a1bd14e26232fc88a736950aa19403a
Description:
Prevent address violation problem when disassembling corrupt aarch64 binary.
PR binutils/21595
* aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
range value.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73932
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8
Description:
i386-dis: Add 2 tests with invalid bnd register
PR binutils/21594
* testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd
register.
* testsuite/gas/i386/x86-64-mpx.s: Likewise.
* testsuite/gas/i386/mpx.d: Updated.
* testsuite/gas/i386/x86-64-mpx.d: Likewise.
i386-dis: Check valid bnd register
Since there are only 4 bnd registers, return "(bad)" for register
number > 3.
PR binutils/21594
* i386-dis.c (OP_E_register): Check valid bnd register.
(OP_G): Likewise.
Affects: <= 2.28
Author: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73958, 73945
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: a39fdc82900af3f5d6ae396c913ac902f4ef7f60
Description:
Fix seg-faults in objdump when disassembling a corrupt versados binary.
PR binutils/21591
* versados.c (versados_mkobject): Zero the allocated tdata structure.
(process_otr): Check for an invalid offset in the otr structure.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73971
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: fe0e1d0f234ed157135818c24f4270c34e093828
Description:
Fix potential address violations when processing a corrupt Alpha VMA binary.
PR binutils/21589
* vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
maximum value for the ascic pointer. Check that name processing
does not read beyond this value.
(_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
end of etir record.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 73997
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 36893e1db9214b4da972a1eeb482be34405f0410
Description:
Fix address violation problems when disassembling a corrupt RX binary.
PR binutils/21587
* rx-decode.opc: Include libiberty.h
(GET_SCALE): New macro - validates access to SCALE array.
(GET_PSCALE): New macro - validates access to PSCALE array.
(DIs, SIs, S2Is, rx_disp): Use new macros.
* rx-decode.c: Regenerate.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 74036
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: b25bffca0b51e9c13ba752534b64bd28a147a135
Description:
Fix address violation parsing a corrupt ieee binary.
PR binutils/21581
(ieee_archive_p): Use a static buffer to avoid compiler bugs.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 74023
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: efff4d9ed538ff859ab5105a3594690e860d0779
Description:
Avoid a possible compiler bug by using a static buffer instead of a stack local buffer.
PR binutils/21582
* ieee.c (ieee_object_p): Use a static buffer to avoid compiler
bugs.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 74049
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 8dad195531894850a242ccf70990a963cf16f291
Description:
Fix address violation when disassembling a corrupt binary.
PR binutils/21580
binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
printing out rae insns.
ld * testsuite/ld-nds32/diff.d: Adjust expected output.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 74010
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5b89fbcab899af53585b61bd40724a38bff831d3
Description:
Prevent invalid array accesses when disassembling a corrupt bfin binary.
PR binutils/21586
* bfin-dis.c (gregs): Clip index to prevent overflow.
(regs): Likewise.
(regs_lo): Likewise.
(regs_hi): Likewise.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73984
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: b0488808caeeef072f9b00dd174c750da5e58b4b
Description:
Fix address violation when disassembling a corrupt RL78 binary.
PR binutils/21588
* rl78-decode.opc (OP_BUF_LEN): Define.
(GETBYTE): Check for the index exceeding OP_BUF_LEN.
(rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
array.
* rl78-decode.c: Regenerate.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74257
Type: Security Fix
Disposition: Backport from 'embedded-binutils-master'
ChangeID: b55df05e3d3fd21bd30edaea124135892747b1ee
Description:
Linking non-ELF file broken by PR20908 fix
PR ld/20968
PR ld/20908
* elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
reloc counting code later after ELF flavour test.
PR lf/20908
* elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
when following indirect links.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74127
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54
Description:
Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
PR binutils/21438
* dwarf.c (process_extended_line_op): Do not assume that the
string extracted from the section is NUL terminated.
(fetch_indirect_string): If the string retrieved from the section
is not NUL terminated, return an error message.
(fetch_indirect_line_string): Likewise.
(fetch_indexed_string): Likewise.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74166
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: d614742d33a55da6cafede60cd171766afb0aa1d
Description:
PR 21414, null pointer deref of _bfd_elf_large_com_section sym
PR 21414
* section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
* elf.c (lcomm_sym): New.
(_bfd_elf_large_com_section): Use lcomm_sym section symbol.
* bfd-in2.h: Regenerate.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74101
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: db47540066f83529439566f8621d6e35fe86b77c
Description:
buffer overflow in perform_relocation
The existing reloc offset range tests didn't catch small negative
offsets less than the size of the reloc field.
PR 21432
* reloc.c (reloc_offset_in_range): New function.
(bfd_perform_relocation, bfd_install_relocation): Use it.
(_bfd_final_link_relocate): Likewise.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://sourceware.org/
MR: 74244
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da
ChangeID: 69cc8699fcb0655f3a48778e514552dfaea7229c
Description:
Fix seg-fault in the linker when examining a corrupt binary.
PR ld/20909
* aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
for an illegal string offset.
CVE: CVE-2017-7300
Affects: < 2.27-r0.9.1
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Manjunath S Matti <mmatti@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74114
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: d55e7590c08c4db483bba2fa35df8fbb6283686e
Description:
Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses.
PR binutils/21434
* reloc.c (bfd_perform_relocation): Check for a negative address
in the reloc.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74153
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 27dce214c561f9ae6f874990432f9d76a7de29d4
Description:
Fix seg-fault attempting to compress a debug section in a corrupt binary.
PR binutils/21431
* compress.c (bfd_init_section_compress_status): Check the return
value from bfd_malloc.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74179
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 976156cd25454143883090ca42010c38c6d6af0f
Description:
PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
This patch fixes an assumption made by code that runs for objcopy and
strip, that SHT_REL/SHR_RELA sections are always named starting with a
.rel/.rela prefix. I'm also modifying the interface for
elf_backend_get_reloc_section, so any backend function just needs to
handle name mapping.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74192
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 9a4c249becded1b479c0b9e9f175aebb80294317
Description:
Fix seg-fault in strip when copying a corrupt binary.
PR binutils/20931
* elf.c (copy_special_section_fields): Check for an invalid
sh_link field before attempting to follow it.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74205
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: db5bfb63661d39846c3b03353e1383c621759d48
Description:
Fix seg-fault attempting to strip a corrupt binary.
PR binutils/20922
* elf.c (find_link): Check for null headers before attempting to
match them.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74218
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 11677f4fb24c7a49efc23ea7d54de1bf85e74b12
Description:
Fix seg-fault running strip on a corrupt binary.
PR binutils/20921
* aoutx.h (squirt_out_relocs): Check for and report any relocs
that could not be recognised.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74231
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: 1fbae9f71e3ad90f930f8b25d550de964e05c259
Description:
Fix seg-fault in linker parsing a corrupt input file.
PR ld/20924
(aout_link_add_symbols): Fix off by one error checking for
overflow of string offset.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74270
Type: Security Fix
Disposition: Backport from binutils-2_28-branch
ChangeID: e4e88f56ba13671afb5b3194ca4c1c59601e5fd5
Description:
Fix seg-fault in linker when passed a bogus input script.
PR ld/20906
* ldlex.l: Check for bogus strings in linker scripts.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74296
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: d2cf3ab15c89351c941c92e4cdf28c2bfa9dcda8
Description:
Fix seg-fault running addr2line on a corrupt binary.
PR binutils/20891
* aoutx.h (find_nearest_line): Handle the case where the main file
name and the directory name are both empty.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74309
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 640c2ad711ead368a65079a464c55368851e8744
Description:
Fix a seg-fault disassembling a corrupt binary.
PR binutils/20892
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74322
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: c7e14cdaab09996e736a6294834d3470ac9ddb6c
Description:
Fix seg fault attempting to unget an EOF character.
PR gas/20898
* app.c (do_scrub_chars): Do not attempt to unget EOF.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73854, 73827, 73814, 73801, 73775
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: fb23096307f9903872a04edf171d1fd2099e35c5
Description:
Fix address violation errors parsing corrupt binary files.
PR 21813
binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
string whilst concatenating symbol names.
bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
of the relocs to the canonicalize_one_reloc routine.
* mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
for the _bfd_mach_o_canonicalize_one_reloc field.
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
res_base parameter. Use to check for corrupt pair relocs.
* mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
Likewise.
* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
Likewise.
* vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
enough data in the record before attempting to parse it.
(_bfd_vms_slurp_eeom): Likewise.
(_bfd_vms_slurp_egsd): Check for an invalid section index.
(image_set_ptr): Likewise.
(alpha_vms_slurp_relocs): Likewise.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73840
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 582c686f18c059d665189a6a09df3a8cc4a3b093
Description:
Fix address violation when attempting to read a corrupt field in a COFF archive header structure.
PR 21786
* coff-rs6000.c (_bfd_strntol): New function.
(_bfd_strntoll): New function.
(GET_VALUE_IN_FIELD): New macro.
(EQ_VALUE_IN_FIELD): new macro.
(_bfd_xcoff_slurp_armap): Use new macros.
(_bfd_xcoff_archive_p): Likewise.
(_bfd_xcoff_read_ar_hdr): Likewise.
(_bfd_xcoff_openr_next_archived_file): Likewise.
(_bfd_xcoff_stat_arch_elt): Likewise.
Extend previous fix to coff-rs6000.c to coff64-rs6000.c
PR 21786
* coff64-rs6000.c (_bfd_strntol): New function.
(_bfd_strntoll): New function.
(GET_VALUE_IN_FIELD): New macro.
(xcoff64_slurp_armap): Use new macros.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2017-12459
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73867, 73788, 73762, 73749, 73734
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 29a1fd75a879d40560b3891305b7d9577e26ffe5
Description:
Fix address violation issues encountered when parsing corrupt binaries.
PR 21840
* mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
size is -1.
* nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
with error return.
* section.c (bfd_make_section_with_flags): Fail if the name or bfd
are NULL.
* vms-alpha.c (bfd_make_section_with_flags): Correct computation
of end pointer.
(evax_bfd_print_emh): Check for invalid string lengths.
Fix address violations when reading corrupt VMS records.
PR binutils/21618
* vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
length.
(evax_bfd_print_eeom): Likewise.
(evax_bfd_print_egsd): Check for an overlarge record length.
(evax_bfd_print_etir): Likewise.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73880
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 6ef7c8e941d7a1c069b29e4671178c0d02427e3f
Description:
Fix use-after-free error when parsing a corrupt nested archive.
PR 21787
* archive.c (bfd_generic_archive_p): If the bfd does not have the
correct magic bytes at the start, set the error to wrong format
and clear the format selector before returning NULL.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74283
Type: Security Fix
Disposition: Backport from binutils_v2_28
ChangeID: 82097a4b98d3d576e1b1bfb7ac9ae17fd153c909
Description:
Use strnlen to avoid running over the end of the string buffer.
Affects: <= 2.28
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 72791
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=919383ac718c2a3187ee2a9ad659daa22da26258
ChangeID: 7b4588368a367a4d57efbfdcd9c00fcc0875af7b
Description:
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gdb.git
MR: 72756, 72805
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
ChangeID: af83ec9e8322e0e051bb684bd2fee5fe8a506fbc
Description:
excluded some changes as the code does not exist in our version. Does not affect fix.
Affects: <= Binutils 2017-04-12
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gbd.git
MR: 72742
Type: Security Fix
Disposition: Backport from git://sourceware.org/binutils-gdb.git
ChangeID: 280f36838862ea67fdcd65b162c1a4835cf924dc
Description:
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: Binutils.org
MR: 72728
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
ChangeID: 7e242783945a87af0a821b924bd16624a0f18fb3
Description:
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: binutils-gbd.git
MR: 71732
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
ChangeID: 44d3f2d902013f6e8faf485bf736106a11603e16
Description:
minor change to get changelog to apply
Affects: binutils < 2.28
Signed-off-by: Armin Kuster <akuster@mvista.com>
Reviewed-by Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: git://sourceware.org/git/glibc.git
MR: 76647
Type: Security Fix
Disposition: Backport from glibc-2.27
ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b
Description:
CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Affects: glibc < 2.27
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: https://sourceware.org
MR: 74337
Type: Security Fix
Disposition: Backport from https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
ChangeID: c8c51220e40185dd0ac3d657046e70b82cb94bee
Description:
CVE-2017-8804
sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
Affects: glibc < 2.25
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Add backported patches from the upstream release/2.24/master branch to
fix CVE-2017-1000366. Also add a backported patch that resolves SSE
related build problems introduced by these patches.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add backported patch to fix CVE-2015-5180 from the upstream
release/2.24/master branch.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
With out this patch, one can not login to a mips64 machine like qumumips64 or Octeon mips64 when
systemd is enabled.
remove PACKAGECONFIG option too
affects: systemd < 2.3.2
Reviewed-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
This was not working in multilib or x32 setups and amazingly, was not
noticed until now.
The actual modification is in Lib/site.py, the rest is just devtool moving things around in the patch.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
glibc 2.25 will come with TS 18661-1 macro definitions in limits.h which ends with following errors
| ../../fontconfig-2.12.1/src/fcmatch.c:324:63: error: 'PRI_CHAR_WIDTH_STRONG' undeclared here (not in a function)
| #define FC_OBJECT(NAME, Type, Cmp) { FC_##NAME##_OBJECT, Cmp, PRI_##NAME##_STRONG, PRI_##NAME##_WEAK },
| ^
| ../../fontconfig-2.12.1/src/fcobjs.h:54:1: note: in expansion of macro 'FC_OBJECT'
| FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL)
| ^~~~~~~~~
| ../../fontconfig-2.12.1/src/fcmatch.c:324:84: error: 'PRI_CHAR_WIDTH_WEAK' undeclared here (not in a function)
| #define FC_OBJECT(NAME, Type, Cmp) { FC_##NAME##_OBJECT, Cmp, PRI_##NAME##_STRONG, PRI_##NAME##_WEAK },
| ^
| ../../fontconfig-2.12.1/src/fcobjs.h:54:1: note: in expansion of macro 'FC_OBJECT'
| FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL)
| ^~~~~~~~~
| make[3]: *** [Makefile:632: fcmatch.lo] Error 1
(From OE-Core rev: 3575826752e7140da493c7f560fb5fcf483fc9b4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
Thiruvadi Rajaraman
Manjunath S Matti
Armin Kuster
Rajkumar Veer
George McCollister
Alexander Kanavin
Khem Raj