| Age | Commit message (Collapse) | Author |
|---|
|
Source: http://sourceware.org/git/elfutils.git
MR: 97563, 97568, 97558
Type: Security Fix
Disposition: Backport from http://sourceware.org/git/elfutils.git
ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24
Description:
Affects <= 0.175
Fixes:
CVE-2019-7146
CVE-2019-7149
CVE-2019-7150
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
- Drop backport CVE patches
0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch
0001-size-Handle-recursive-ELF-ar-files.patch
0001-arlib-Check-that-sh_entsize-isn-t-zero.patch
- Drop patches that upstream has fixed
0005-fix-a-stack-usage-warning.patch [9a74c19 backends: ppc use define
instead of const for size of dwarf_regs array.]
- Update debian patches to 0.175
- Rebase local patch to 0.175
0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch
(From OE-Core rev: 8748de4df5a4ece303f07f8bbb248920a199478a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
These CVE fixes come from upstream master branch and no
new version released, so backport rather than upgrade.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Drop backport fixes
CVE-2018-16062.patch
0001-libdw-Check-end-of-attributes-list-consistently.patch
0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch
- Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport the CVE patch from the upstream:
https://sourceware.org/git/?p=elfutils.git;a=commit;
h=29e31978ba51c1051743a503ee325b5ebc03d7e9
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous patch
0001-libelf-elf_end.c-check-data_list.data.d.d_buf-before.patch
fixed segmentation fault error on other arches except mips and mips64, now
update it to fix mips and mips64 too, also submitted to upstream.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #12791]
The one which actually saves the data is data_list.data.d.d_buf, so check it
before free rawdata_base.
This can fix a segmentation fault when prelink libqb_1.0.3:
prelink: /usr/lib/libqb.so.0.18.2: Symbol section index outside of section numbers
The segmentation fault happens when prelink call elf_end().
Fixed:
MACHINE="qemux86-64"
IMAGE_INSTALL_append = " libqb" #libqp is from meta-openembedded
$ bitbake core-image-minimal
Segmention fault
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
In the upgrade a large number of Upstream-Status tags were dropped, so add them
back. I'm taking the stand that copying a patch Debian is carrying doesn't
count as a backport.
Remove two Debian-specific patches (one for Hurd, one for kfreebsd) so
we're not carrying useless patches.
Remove two patches that are no longer applied.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- Update debian 0.170 patches and rebase them for 0.172;
- Drop 0001-Use-fallthrough-attribute.patch which was
accepted by upstream;
- Drop 0001-Ensure-that-packed-structs-follow-the-gcc-memory-lay.patch
which was backported from upstream;
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Allow devtool to organize the SRC_URI
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Patches elfutils to use the fallthrough attribute instead of comments to
satisfy the -Wimplicit-fallthrough warning. Using comments is
insufficient when compiling remotely with Icecream because the file gets
pre-processed locally, removing the comments
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The 0.170 Fixed CVE issues
- CVE-2017-7608
- CVE-2017-7612
- CVE-2017-7611
- CVE-2017-7610
- CVE-2016-10255
- CVE-2017-7613
- CVE-2017-7609
- CVE-2016-10254
- CVE-2017-7607
Rebase patches to 0.170
- dso-link-change.patch -> 0001
- Fix_elf_cvt_gunhash.patch -> 0002
- fixheadercheck.patch -> 0003
- 0001-remove-the-unneed-checking.patch -> 0004
- 0001-fix-a-stack-usage-warning.patch -> 0005
- aarch64_uio.patch -> 0006
- shadow.patch -> 0007
- 0001-build-Provide-alternatives-for-glibc-assumptions-hel.patch -> 0008
- debian/mips_backend.diff -> debian/mips_backend.patch
Drop obsolete patches
- 0001-elf_getarsym-Silence-Werror-maybe-uninitialized-fals.patch
Upstream fixed it
https://sourceware.org/git/?p=elfutils.git;a=commit;h=7114c513fbebcca8b76796b7f64b57447ba383e1
- Fix_one_GCC7_warning.patch
It is a backported patch
https://sourceware.org/git/?p=elfutils.git;a=commit;h=93c51144c3f664d4e9709da75a1d0fa00ea0fe95
- Drop debian patches, they modify test case.
debian/testsuite-ignore-elflint.diff
debian/kfreebsd_path.patch
debian/hurd_path.patch
debian/ignore_strmerge.diff
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Armin Kuster
Hongxu Jia
Zhixiong Chi
Robert Yang
Ross Burton
Khem Raj
Joshua Watt