On 2022-12-27 11:42, Yash Shinde via lists.openembedded.org wrote:
From: Yash Shinde <yash.shi...@windriver.com>
Yash,
I know you have a problem with sending email from your WR account so
I suspect that you're trying to ensure that the patch is authored by
your WR email.
Don't bother, we'll get your email fixed early in 2023.
Steve,
I'd drop this version of the CVE fix an take the one sent 10 minutes
earlier.
Yash,
As I explained offline, you need to tell people why you are sending a
duplicate fix.
In this case if you wanted the new version to be merged (we don't!),
then you should
have replied on the old version to explain that it should not be merged
and explain
why.
../Randy
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
Signed-off-by: Yash Shinde <yash.shi...@windriver.com>
---
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0019-CVE-2022-4285.patch | 37 +++++++++++++++++++
2 files changed, 38 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index c1904768dc..0a4a0d7bc1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -42,5 +42,6 @@ SRC_URI = "\
file://0018-CVE-2022-38128-1.patch \
file://0018-CVE-2022-38128-2.patch \
file://0018-CVE-2022-38128-3.patch \
+ file://0019-CVE-2022-4285.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
new file mode 100644
index 0000000000..e5e404982e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
@@ -0,0 +1,37 @@
+From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 19 Oct 2022 15:09:12 +0100
+Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
+ containing corrupt symbol version information.
+
+ PR 29699
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+ of the section header is zero.
+
+Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
+CVE: CVE-2022-4285
+
+Signed-off-by: Yash Shinde <yash.shi...@windriver.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/elf.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool
default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verref;
+ }
+- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd,
amt);
++ if (amt == 0)
++ goto error_return_verref;
++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd,
amt);
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return_verref;
+
+--
+2.31.1
+
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#175033):
https://lists.openembedded.org/g/openembedded-core/message/175033
Mute This Topic: https://lists.openembedded.org/mt/95905716/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
