@@ -34,5 +34,6 @@ SRC_URI = "\
file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
file://0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch \
file://0015-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
+ file://0016-CVE-2023-25586.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,34 @@
+From 5830876a0cca17bef3b2d54908928e72cca53502 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 6 Dec 2022 08:37:52 +1030
+Subject: [PATCH] PR29855, ch_type in bfd_init_section_decompress_status can be
+ uninitialized
+
+ PR 29855
+ * compress.c (bfd_init_section_decompress_status): Set ch_type
+ to zero for zlib-gnu case.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502]
+
+CVE: CVE-2023-25586
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+ bfd/compress.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/bfd/compress.c b/bfd/compress.c
+index 3d8c1d769f1..6b083468ca8 100644
+--- a/bfd/compress.c
++++ b/bfd/compress.c
+@@ -1012,7 +1012,7 @@ bfd_init_section_decompress_status (bfd *abfd, sec_ptr sec)
+ return false;
+ }
+ uncompressed_size = bfd_getb64 (header + 4);
+- ch_type = ch_none;
++ ch_type = 0;
+ }
+ else if (!bfd_check_compression_header (abfd, header, sec,
+ &ch_type,
+--
+2.31.1
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502] Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> --- .../binutils/binutils-2.40.inc | 1 + .../binutils/0016-CVE-2023-25586.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2023-25586.patch