* [thud][v2][PATCH] binutils: Security fix for CVE-2019-12972
@ 2019-09-01 0:08 Armin Kuster
2019-09-01 0:32 ` ✗ patchtest: failure for binutils: Security fix for CVE-2019-12972 (rev2) Patchwork
0 siblings, 1 reply; 2+ messages in thread
From: Armin Kuster @ 2019-09-01 0:08 UTC (permalink / raw
To: openembedded-core; +Cc: Armin Kuster
From: Armin Kuster <akuster@mvista.com>
Source: git://sourceware.org / binutils-gdb.git
MR: 98770
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c
Description:
Fixes CVE-2019-12972
Signed-off-by: Armin Kuster <akuster@mvista.com>
[v2]
forgot to refresh inc file before sending
---
meta/recipes-devtools/binutils/binutils-2.31.inc | 1 +
.../binutils/binutils/CVE-2019-12972.patch | 39 ++++++++++++++++++++++
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.31.inc b/meta/recipes-devtools/binutils/binutils-2.31.inc
index 247f779..e1a6673 100644
--- a/meta/recipes-devtools/binutils/binutils-2.31.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.31.inc
@@ -47,6 +47,7 @@ SRC_URI = "\
file://CVE-2018-18606.patch \
file://CVE-2018-18607.patch \
file://CVE-2019-14444.patch \
+ file://CVE-2019-12972.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
new file mode 100644
index 0000000..3e95b92
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch
@@ -0,0 +1,39 @@
+From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 21 Jun 2019 11:51:38 +0930
+Subject: [PATCH] PR24689, string table corruption
+
+The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
+hdr->contents were initialized by setup_group rather than being read
+from the file, thus last byte was not zero and string dereference ran
+off the end of the buffer.
+
+ PR 24689
+ * elfcode.h (elf_object_p): Check type of e_shstrndx section.
+
+Upstream-Status: Backport
+https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031
+
+CVE: CVE-2019-12972
+Affects: <= 2.23.0
+Dropped Changelog
+Signed-off-by Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/elfcode.h | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elfcode.h
+===================================================================
+--- git.orig/bfd/elfcode.h
++++ git/bfd/elfcode.h
+@@ -747,7 +747,8 @@ elf_object_p (bfd *abfd)
+ /* A further sanity check. */
+ if (i_ehdrp->e_shnum != 0)
+ {
+- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
+ {
+ /* PR 2257:
+ We used to just goto got_wrong_format_error here
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* ✗ patchtest: failure for binutils: Security fix for CVE-2019-12972 (rev2)
2019-09-01 0:08 [thud][v2][PATCH] binutils: Security fix for CVE-2019-12972 Armin Kuster
@ 2019-09-01 0:32 ` Patchwork
0 siblings, 0 replies; 2+ messages in thread
From: Patchwork @ 2019-09-01 0:32 UTC (permalink / raw
To: Armin Kuster; +Cc: openembedded-core
== Series Details ==
Series: binutils: Security fix for CVE-2019-12972 (rev2)
Revision: 2
URL : https://patchwork.openembedded.org/series/19614/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch thud (currently at d3d3f44303)
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-01 0:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-01 0:08 [thud][v2][PATCH] binutils: Security fix for CVE-2019-12972 Armin Kuster
2019-09-01 0:32 ` ✗ patchtest: failure for binutils: Security fix for CVE-2019-12972 (rev2) Patchwork
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.