[OE-core] [PATCH] Revert "binutils: Fix CVE-2022-47007"

[Richard Purdie]

This reverts commit 3f335913bbbabf48db1749d197c3bfaac9fb7236.

This CVE shouldn't affect master, it is for binutils versions 2.34
thru 2.38, while master is 2.41

See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007

Later in commit:

https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19cacf672930cee20feaf1f3468e3d5ac3099ffd

elements of the CVE fix are reverted deliberately so match upstream for this
and drop this 'fix'.
---
 .../binutils/binutils-2.41.inc                |  1 -
 .../binutils/0016-CVE-2022-47007.patch        | 35 -------------------
 2 files changed, 36 deletions(-)
 delete mode 100644 
meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.41.inc 
b/meta/recipes-devtools/binutils/binutils-2.41.inc
index bba87abba2c..b4934c02a89 100644
--- a/meta/recipes-devtools/binutils/binutils-2.41.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.41.inc
@@ -34,6 +34,5 @@ SRC_URI = "\
      file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
      file://0015-gprofng-Fix-build-with-64bit-file-offset-on-32bit-ma.patch \
-     file://0016-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch 
b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
deleted file mode 100644
index 75ad6ad3ba0..00000000000
--- a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Alan Modra <amo...@gmail.com>
-Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
-Subject: PR29254, memory leak in stab_demangle_v3_arg
-X-Git-Tag: binutils-2_39~237
-X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
-
-PR29254, memory leak in stab_demangle_v3_arg
-
-       PR 29254
-       * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
-
-Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
-
-CVE: CVE-2022-47007
-
-Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com>
-
----
-
-diff --git a/binutils/stabs.c b/binutils/stabs.c
-index 2b5241637c1..796ff85b86a 100644
---- a/binutils/stabs.c
-+++ b/binutils/stabs.c
-@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle 
*info,
-                                         dc->u.s_binary.right,
-                                         &varargs);
-       if (pargs == NULL)
--        return NULL;
-+        {
-+          free (dt);
-+          return NULL;
-+        }
- 
-       return debug_make_function_type (dhandle, dt, pargs, varargs);
-       }
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191167): 
https://lists.openembedded.org/g/openembedded-core/message/191167
Mute This Topic: https://lists.openembedded.org/mt/102767861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-