1 files changed, 0 insertions, 251 deletions

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-18309.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-18309.patch
deleted file mode 100644
index 010e6b5d53..0000000000
--- a/meta/recipes-devtools/binutils/binutils/CVE-2018-18309.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From 0930cb3021b8078b34cf216e79eb8608d017864f Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Sat, 13 Oct 2018 22:03:02 +1030
-Subject: [PATCH] _bfd_clear_contents bounds checking
-
-This PR shows a fuzzed binary triggering a segfault via a bad
-relocation in .debug_line.  It turns out that unlike normal
-relocations applied to a section, the linker applies those with
-symbols from discarded sections via _bfd_clear_contents without
-checking that the relocation is within the section bounds.  The same
-thing now happens when reading debug sections since commit
-a4cd947aca23, the PR23425 fix.
-
-	PR 23770
-	PR 23425
-	* reloc.c (_bfd_clear_contents): Replace "location" param with
-	"buf" and "off".  Bounds check "off".  Return status.
-	* cofflink.c (_bfd_coff_generic_relocate_section): Update
-	_bfd_clear_contents call.
-	* elf-bfd.h (RELOC_AGAINST_DISCARDED_SECTION): Likewise.
-	* elf32-arc.c (elf_arc_relocate_section): Likewise.
-	* elf32-i386.c (elf_i386_relocate_section): Likewise.
-	* elf32-metag.c (metag_final_link_relocate): Likewise.
-	* elf32-nds32.c (nds32_elf_get_relocated_section_contents): Likewise.
-	* elf32-ppc.c (ppc_elf_relocate_section): Likewise.
-	* elf32-visium.c (visium_elf_relocate_section): Likewise.
-	* elf64-ppc.c (ppc64_elf_relocate_section): Likewise.
-	* elf64-x86-64.c *(elf_x86_64_relocate_section): Likewise.
-	* libbfd-in.h (_bfd_clear_contents): Update prototype.
-	* libbfd.h: Regenerate.
-
-Upstream-Status: Backport
-CVE: CVE-2018-18605
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- bfd/ChangeLog      | 20 ++++++++++++++++++++
- bfd/cofflink.c     |  2 +-
- bfd/elf-bfd.h      |  2 +-
- bfd/elf32-arc.c    |  2 +-
- bfd/elf32-i386.c   |  2 +-
- bfd/elf32-metag.c  |  2 +-
- bfd/elf32-nds32.c  |  8 ++++----
- bfd/elf32-ppc.c    |  2 +-
- bfd/elf32-visium.c |  2 +-
- bfd/elf64-ppc.c    |  2 +-
- bfd/elf64-x86-64.c |  2 +-
- bfd/libbfd-in.h    |  4 ++--
- bfd/libbfd.h       |  4 ++--
- bfd/reloc.c        | 19 +++++++++++++------
- 14 files changed, 50 insertions(+), 23 deletions(-)
-
---- a/bfd/cofflink.c
-+++ b/bfd/cofflink.c
-@@ -3080,7 +3080,7 @@ _bfd_coff_generic_relocate_section (bfd
-       if (sec != NULL && discarded_section (sec))
- 	{
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + (rel->r_vaddr - input_section->vma));
-+			       contents, rel->r_vaddr - input_section->vma);
- 	  continue;
- 	}
- 
---- a/bfd/elf-bfd.h
-+++ b/bfd/elf-bfd.h
-@@ -2811,7 +2811,7 @@ extern asection _bfd_elf_large_com_secti
-   {									\
-     int i_;								\
-     _bfd_clear_contents (howto, input_bfd, input_section,		\
--			 contents + rel[index].r_offset);		\
-+			 contents, rel[index].r_offset);		\
- 									\
-     if (bfd_link_relocatable (info)					\
- 	&& (input_section->flags & SEC_DEBUGGING))			\
---- a/bfd/elf32-arc.c
-+++ b/bfd/elf32-arc.c
-@@ -1552,7 +1552,7 @@ elf_arc_relocate_section (bfd *			  outp
-       if (sec != NULL && discarded_section (sec))
- 	{
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 	  rel->r_info = 0;
- 	  rel->r_addend = 0;
- 
---- a/bfd/elf32-i386.c
-+++ b/bfd/elf32-i386.c
-@@ -2197,7 +2197,7 @@ elf_i386_relocate_section (bfd *output_b
-       if (sec != NULL && discarded_section (sec))
- 	{
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 	  wrel->r_offset = rel->r_offset;
- 	  wrel->r_info = 0;
- 	  wrel->r_addend = 0;
---- a/bfd/elf32-metag.c
-+++ b/bfd/elf32-metag.c
-@@ -1396,7 +1396,7 @@ metag_final_link_relocate (reloc_howto_t
- 					      rel, relend, howto, contents) \
-   {									\
-     _bfd_clear_contents (howto, input_bfd, input_section,		\
--			 contents + rel->r_offset);			\
-+			 contents, rel->r_offset);			\
- 									\
-     if (bfd_link_relocatable (info)					\
- 	&& (input_section->flags & SEC_DEBUGGING))			\
---- a/bfd/elf32-nds32.c
-+++ b/bfd/elf32-nds32.c
-@@ -12582,14 +12582,14 @@ nds32_elf_get_relocated_section_contents
- 	  symbol = *(*parent)->sym_ptr_ptr;
- 	  if (symbol->section && discarded_section (symbol->section))
- 	    {
--	      bfd_byte *p;
-+	      bfd_vma off;
- 	      static reloc_howto_type none_howto
- 		= HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, NULL,
- 			 "unused", FALSE, 0, 0, FALSE);
- 
--	      p = data + (*parent)->address * bfd_octets_per_byte (input_bfd);
--	      _bfd_clear_contents ((*parent)->howto, input_bfd, input_section,
--				   p);
-+	      off = (*parent)->address * bfd_octets_per_byte (input_bfd);
-+	      _bfd_clear_contents ((*parent)->howto, input_bfd,
-+				   input_section, data, off);
- 	      (*parent)->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
- 	      (*parent)->addend = 0;
- 	      (*parent)->howto = &none_howto;
---- a/bfd/elf32-ppc.c
-+++ b/bfd/elf32-ppc.c
-@@ -8232,7 +8232,7 @@ ppc_elf_relocate_section (bfd *output_bf
- 	    howto = ppc_elf_howto_table[r_type];
- 
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 	  wrel->r_offset = rel->r_offset;
- 	  wrel->r_info = 0;
- 	  wrel->r_addend = 0;
---- a/bfd/elf32-visium.c
-+++ b/bfd/elf32-visium.c
-@@ -621,7 +621,7 @@ visium_elf_relocate_section (bfd *output
- 	     or sections discarded by a linker script, we just want the
- 	     section contents zeroed.  Avoid any special processing.  */
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 
- 	  rel->r_info = 0;
- 	  rel->r_addend = 0;
---- a/bfd/elf64-ppc.c
-+++ b/bfd/elf64-ppc.c
-@@ -14074,7 +14074,7 @@ ppc64_elf_relocate_section (bfd *output_
- 	{
- 	  _bfd_clear_contents (ppc64_elf_howto_table[r_type],
- 			       input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 	  wrel->r_offset = rel->r_offset;
- 	  wrel->r_info = 0;
- 	  wrel->r_addend = 0;
---- a/bfd/elf64-x86-64.c
-+++ b/bfd/elf64-x86-64.c
-@@ -2490,7 +2490,7 @@ elf_x86_64_relocate_section (bfd *output
-       if (sec != NULL && discarded_section (sec))
- 	{
- 	  _bfd_clear_contents (howto, input_bfd, input_section,
--			       contents + rel->r_offset);
-+			       contents, rel->r_offset);
- 	  wrel->r_offset = rel->r_offset;
- 	  wrel->r_info = 0;
- 	  wrel->r_addend = 0;
---- a/bfd/libbfd-in.h
-+++ b/bfd/libbfd-in.h
-@@ -696,8 +696,8 @@ extern bfd_reloc_status_type _bfd_reloca
-   (reloc_howto_type *, bfd *, bfd_vma, bfd_byte *) ATTRIBUTE_HIDDEN;
- 
- /* Clear a given location using a given howto.  */
--extern void _bfd_clear_contents
--  (reloc_howto_type *, bfd *, asection *, bfd_byte *) ATTRIBUTE_HIDDEN;
-+extern bfd_reloc_status_type _bfd_clear_contents
-+  (reloc_howto_type *, bfd *, asection *, bfd_byte *, bfd_vma) ATTRIBUTE_HIDDEN;
- 
- /* Link stabs in sections in the first pass.  */
- 
---- a/bfd/libbfd.h
-+++ b/bfd/libbfd.h
-@@ -701,8 +701,8 @@ extern bfd_reloc_status_type _bfd_reloca
-   (reloc_howto_type *, bfd *, bfd_vma, bfd_byte *) ATTRIBUTE_HIDDEN;
- 
- /* Clear a given location using a given howto.  */
--extern void _bfd_clear_contents
--  (reloc_howto_type *, bfd *, asection *, bfd_byte *) ATTRIBUTE_HIDDEN;
-+extern bfd_reloc_status_type _bfd_clear_contents
-+  (reloc_howto_type *, bfd *, asection *, bfd_byte *, bfd_vma) ATTRIBUTE_HIDDEN;
- 
- /* Link stabs in sections in the first pass.  */
- 
---- a/bfd/reloc.c
-+++ b/bfd/reloc.c
-@@ -1613,16 +1613,22 @@ _bfd_relocate_contents (reloc_howto_type
-    relocations against discarded symbols, to make ignorable debug or unwind
-    information more obvious.  */
- 
--void
-+bfd_reloc_status_type
- _bfd_clear_contents (reloc_howto_type *howto,
- 		     bfd *input_bfd,
- 		     asection *input_section,
--		     bfd_byte *location)
-+		     bfd_byte *buf,
-+		     bfd_vma off)
- {
-   int size;
-   bfd_vma x = 0;
-+  bfd_byte *location;
-+
-+  if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, off))
-+    return bfd_reloc_outofrange;
- 
-   /* Get the value we are going to relocate.  */
-+  location = buf + off;
-   size = bfd_get_reloc_size (howto);
-   switch (size)
-     {
-@@ -1681,6 +1687,7 @@ _bfd_clear_contents (reloc_howto_type *h
- #endif
-       break;
-     }
-+  return bfd_reloc_ok;
- }
- 
- /*
-@@ -8268,14 +8275,14 @@ bfd_generic_get_relocated_section_conten
- 
- 	  if (symbol->section && discarded_section (symbol->section))
- 	    {
--	      bfd_byte *p;
-+	      bfd_vma off;
- 	      static reloc_howto_type none_howto
- 		= HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, NULL,
- 			 "unused", FALSE, 0, 0, FALSE);
- 
--	      p = data + (*parent)->address * bfd_octets_per_byte (input_bfd);
--	      _bfd_clear_contents ((*parent)->howto, input_bfd, input_section,
--				   p);
-+	      off = (*parent)->address * bfd_octets_per_byte (input_bfd);
-+	      _bfd_clear_contents ((*parent)->howto, input_bfd,
-+				   input_section, data, off);
- 	      (*parent)->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
- 	      (*parent)->addend = 0;
- 	      (*parent)->howto = &none_howto;