diff options
| author |   Yash Shinde <yashinde145@gmail.com> | 2023-03-16 16:39:44 +0530 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-03-17 17:16:58 +0000 |
| commit | c8b9196d8ae2452c36bc8c2863a3cca740b4999e (patch) | |
| tree | a1d1b5623fdd37dc7f46b4e8f536d8b5a9a72132 /meta/recipes-devtools | |
| parent | d88ec936065f45851dd2a15bd8549c75e7746c75 (diff) | |
| download | openembedded-core-contrib-c8b9196d8ae2452c36bc8c2863a3cca740b4999e.tar.gz | |
binutils: Fix CVE-2023-25586
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502]
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.40.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch | 34 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.40.inc b/meta/recipes-devtools/binutils/binutils-2.40.inc index c2b926bb32..93631ca3d7 100644 --- a/meta/recipes-devtools/binutils/binutils-2.40.inc +++ b/meta/recipes-devtools/binutils/binutils-2.40.inc @@ -34,5 +34,6 @@ SRC_URI = "\ file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \ file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ + file://0016-CVE-2023-25586.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch new file mode 100644 index 0000000000..43e36caf3f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch @@ -0,0 +1,34 @@ +From 5830876a0cca17bef3b2d54908928e72cca53502 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 6 Dec 2022 08:37:52 +1030 +Subject: [PATCH] PR29855, ch_type in bfd_init_section_decompress_status can be + uninitialized + + PR 29855 + * compress.c (bfd_init_section_decompress_status): Set ch_type + to zero for zlib-gnu case. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502] + +CVE: CVE-2023-25586 + +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- + bfd/compress.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/bfd/compress.c b/bfd/compress.c +index 3d8c1d769f1..6b083468ca8 100644 +--- a/bfd/compress.c ++++ b/bfd/compress.c +@@ -1012,7 +1012,7 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec) + return false; + } + uncompressed_size = bfd_getb64 (header + 4); +- ch_type = ch_none; ++ ch_type = 0; + } + else if (!bfd_check_compression_header (abfd, header, sec, + &ch_type, +-- +2.31.1 |