Revert "binutils: Fix CVE-2022-47007"

Message ID	20231123145903.3607252-1-richard.purdie@linuxfoundation.org
State	Accepted, archived
Commit	212affe748e2f628ecf11f26485b07dd303fe6e3
Headers	show Return-Path: <richard.purdie@linuxfoundation.org> ip: 209.85.128.52, mailfrom: richard.purdie@linuxfoundation.org) From: Richard Purdie <richard.purdie@linuxfoundation.org> To: openembedded-core@lists.openembedded.org Subject: [PATCH] Revert "binutils: Fix CVE-2022-47007" Date: Thu, 23 Nov 2023 14:59:03 +0000 Message-Id: <20231123145903.3607252-1-richard.purdie@linuxfoundation.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Revert "binutils: Fix CVE-2022-47007" \| expand Revert "binutils: Fix CVE-2022-47007"

Message ID

20231123145903.3607252-1-richard.purdie@linuxfoundation.org

State

Accepted, archived

Commit

212affe748e2f628ecf11f26485b07dd303fe6e3

Headers

From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] Revert "binutils: Fix CVE-2022-47007"
Date: Thu, 23 Nov 2023 14:59:03 +0000
Message-Id: <20231123145903.3607252-1-richard.purdie@linuxfoundation.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Revert "binutils: Fix CVE-2022-47007" | expand

Commit Message

Richard Purdie Nov. 23, 2023, 2:59 p.m. UTC

This reverts commit 3f335913bbbabf48db1749d197c3bfaac9fb7236.

This CVE shouldn't affect master, it is for binutils versions 2.34
thru 2.38, while master is 2.41

See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007

Later in commit:

https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19cacf672930cee20feaf1f3468e3d5ac3099ffd

elements of the CVE fix are reverted deliberately so match upstream for this
and drop this 'fix'.
---
 .../binutils/binutils-2.41.inc                |  1 -
 .../binutils/0016-CVE-2022-47007.patch        | 35 -------------------
 2 files changed, 36 deletions(-)
 delete mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.41.inc b/meta/recipes-devtools/binutils/binutils-2.41.inc
index bba87abba2c..b4934c02a89 100644
--- a/meta/recipes-devtools/binutils/binutils-2.41.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.41.inc
@@ -34,6 +34,5 @@  SRC_URI = "\
      file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
      file://0015-gprofng-Fix-build-with-64bit-file-offset-on-32bit-ma.patch \
-     file://0016-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
deleted file mode 100644
index 75ad6ad3ba0..00000000000
--- a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
+++ /dev/null
@@ -1,35 +0,0 @@ 
-From: Alan Modra <amodra@gmail.com>
-Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
-Subject: PR29254, memory leak in stab_demangle_v3_arg
-X-Git-Tag: binutils-2_39~237
-X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
-
-PR29254, memory leak in stab_demangle_v3_arg
-
-	PR 29254
-	* stabs.c (stab_demangle_v3_arg): Free dt on failure path.
-
-Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
-
-CVE: CVE-2022-47007
-
-Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
-
----
-
-diff --git a/binutils/stabs.c b/binutils/stabs.c
-index 2b5241637c1..796ff85b86a 100644
---- a/binutils/stabs.c
-+++ b/binutils/stabs.c
-@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle *info,
- 					  dc->u.s_binary.right,
- 					  &varargs);
- 	if (pargs == NULL)
--	  return NULL;
-+	  {
-+	    free (dt);
-+	    return NULL;
-+	  }
- 
- 	return debug_make_function_type (dhandle, dt, pargs, varargs);
-       }

Revert "binutils: Fix CVE-2022-47007"

Commit Message

Patch