From 859fb4d9ec6974be9ce755e4ffefd9b199f3604c Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster808@gmail.com>
Date: Fri, 26 Dec 2014 08:51:53 -0800
Subject: binutils: several security fixes

CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737

and one supporting patch.

[Yocto # 7084]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../binutils/binutils/binutils_CVE-2014-8501.patch | 60 ++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch

(limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch')

diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
new file mode 100644
index 0000000000..a48fe9b23b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
@@ -0,0 +1,60 @@
+Upstream-Status: Backport
+
+CVE-2014-8501 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 14:45:06 +0000
+Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a
+ corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field
+ of the AOUT header.
+
+	PR binutils/17512
+	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
+	with an invalid value for NumberOfRvaAndSizes.
+---
+ bfd/ChangeLog  |  4 ++++
+ bfd/peXXigen.c | 12 ++++++++++++
+ 2 files changed, 16 insertions(+)
+
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+   {
+     int idx;
+ 
++    /* PR 17512: Corrupt PE binaries can cause seg-faults.  */
++    if (a->NumberOfRvaAndSizes > 16)
++      {
++	(*_bfd_error_handler)
++	  (_("%B: aout header specifies an invalid number of data-directory entries: %d"),
++	   abfd, a->NumberOfRvaAndSizes);
++	/* Paranoia: If the number is corrupt, then assume that the
++	   actual entries themselves might be corrupt as well.  */
++	a->NumberOfRvaAndSizes = 0;
++      }
++
++
+     for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+       {
+         /* If data directory is empty, rva also should be 0.  */
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2014-10-27  Nick Clifton  <nickc@redhat.com>
+ 
++       PR binutils/17512
++       * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
++       with an invalid value for NumberOfRvaAndSizes.
++
+        PR binutils/17510
+        * elf.c (setup_group): Improve handling of corrupt group
+        sections.
-- 
cgit 1.2.3-korg