| Message ID | 20221227164202.3700000-1-yashinde145@gmail.com |
|---|---|
| State | Accepted, archived |
| Commit | 1f269e532a8fd463de2869be2768feb79ad36bd7 |
| Headers | show |
| Series | [kirkstone,v3] binutils : Fix CVE-2022-4285 | expand |
On 2022-12-27 11:42, Yash Shinde via lists.openembedded.org wrote: > From: Yash Shinde <Yash.Shinde@windriver.com> Yash, I know you have a problem with sending email from your WR account so I suspect that you're trying to ensure that the patch is authored by your WR email. Don't bother, we'll get your email fixed early in 2023. Steve, I'd drop this version of the CVE fix an take the one sent 10 minutes earlier. Yash, As I explained offline, you need to tell people why you are sending a duplicate fix. In this case if you wanted the new version to be merged (we don't!), then you should have replied on the old version to explain that it should not be merged and explain why. ../Randy > > Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > --- > .../binutils/binutils-2.38.inc | 1 + > .../binutils/0019-CVE-2022-4285.patch | 37 +++++++++++++++++++ > 2 files changed, 38 insertions(+) > create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > index c1904768dc..0a4a0d7bc1 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > @@ -42,5 +42,6 @@ SRC_URI = "\ > file://0018-CVE-2022-38128-1.patch \ > file://0018-CVE-2022-38128-2.patch \ > file://0018-CVE-2022-38128-3.patch \ > + file://0019-CVE-2022-4285.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > new file mode 100644 > index 0000000000..e5e404982e > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > @@ -0,0 +1,37 @@ > +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 > +From: Nick Clifton <nickc@redhat.com> > +Date: Wed, 19 Oct 2022 15:09:12 +0100 > +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file > + containing corrupt symbol version information. > + > + PR 29699 > + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field > + of the section header is zero. > + > +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > +CVE: CVE-2022-4285 > + > +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > +--- > + bfd/ChangeLog | 6 ++++++ > + bfd/elf.c | 4 +++- > + 2 files changed, 9 insertions(+), 1 deletion(-) > + > +diff --git a/bfd/elf.c b/bfd/elf.c > +index fe00e0f9189..7cd7febcf95 100644 > +--- a/bfd/elf.c > ++++ b/bfd/elf.c > +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > + bfd_set_error (bfd_error_file_too_big); > + goto error_return_verref; > + } > +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); > ++ if (amt == 0) > ++ goto error_return_verref; > ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); > + if (elf_tdata (abfd)->verref == NULL) > + goto error_return_verref; > + > +-- > +2.31.1 > + > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#175030): https://lists.openembedded.org/g/openembedded-core/message/175030 > Mute This Topic: https://lists.openembedded.org/mt/95905716/3616765 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Tue, Dec 27, 2022 at 8:11 AM Randy MacLeod <randy.macleod@windriver.com> wrote: > > On 2022-12-27 11:42, Yash Shinde via lists.openembedded.org wrote: > > From: Yash Shinde <Yash.Shinde@windriver.com> > > Yash, > > I know you have a problem with sending email from your WR account so > I suspect that you're trying to ensure that the patch is authored by > your WR email. > > Don't bother, we'll get your email fixed early in 2023. > > Steve, > > I'd drop this version of the CVE fix an take the one sent 10 minutes > earlier. Done, and I manually changed Yash's email address to the windriver.com one. Steve > Yash, > As I explained offline, you need to tell people why you are sending a > duplicate fix. > In this case if you wanted the new version to be merged (we don't!), > then you should > have replied on the old version to explain that it should not be merged > and explain > why. > > ../Randy > > > > > > Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > > > Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > > --- > > .../binutils/binutils-2.38.inc | 1 + > > .../binutils/0019-CVE-2022-4285.patch | 37 +++++++++++++++++++ > > 2 files changed, 38 insertions(+) > > create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc > > index c1904768dc..0a4a0d7bc1 100644 > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > > @@ -42,5 +42,6 @@ SRC_URI = "\ > > file://0018-CVE-2022-38128-1.patch \ > > file://0018-CVE-2022-38128-2.patch \ > > file://0018-CVE-2022-38128-3.patch \ > > + file://0019-CVE-2022-4285.patch \ > > " > > S = "${WORKDIR}/git" > > diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > new file mode 100644 > > index 0000000000..e5e404982e > > --- /dev/null > > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > @@ -0,0 +1,37 @@ > > +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 > > +From: Nick Clifton <nickc@redhat.com> > > +Date: Wed, 19 Oct 2022 15:09:12 +0100 > > +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file > > + containing corrupt symbol version information. > > + > > + PR 29699 > > + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field > > + of the section header is zero. > > + > > +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > +CVE: CVE-2022-4285 > > + > > +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> > > +--- > > + bfd/ChangeLog | 6 ++++++ > > + bfd/elf.c | 4 +++- > > + 2 files changed, 9 insertions(+), 1 deletion(-) > > + > > +diff --git a/bfd/elf.c b/bfd/elf.c > > +index fe00e0f9189..7cd7febcf95 100644 > > +--- a/bfd/elf.c > > ++++ b/bfd/elf.c > > +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) > > + bfd_set_error (bfd_error_file_too_big); > > + goto error_return_verref; > > + } > > +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); > > ++ if (amt == 0) > > ++ goto error_return_verref; > > ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); > > + if (elf_tdata (abfd)->verref == NULL) > > + goto error_return_verref; > > + > > +-- > > +2.31.1 > > + > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#175030): https://lists.openembedded.org/g/openembedded-core/message/175030 > > Mute This Topic: https://lists.openembedded.org/mt/95905716/3616765 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > -- > # Randy MacLeod > # Wind River Linux >
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index c1904768dc..0a4a0d7bc1 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -42,5 +42,6 @@ SRC_URI = "\ file://0018-CVE-2022-38128-1.patch \ file://0018-CVE-2022-38128-2.patch \ file://0018-CVE-2022-38128-3.patch \ + file://0019-CVE-2022-4285.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch new file mode 100644 index 0000000000..e5e404982e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch @@ -0,0 +1,37 @@ +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 19 Oct 2022 15:09:12 +0100 +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file + containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] +CVE: CVE-2022-4285 + +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf.c | 4 +++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 +