diff options
127 files changed, 7532 insertions, 607 deletions
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index bd0d6e3ca6..3014767b8a 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d): # We only care about items that are absolute paths since # any others should be covered by SRC_URI. try: - path = bb.fetch.decodeurl(url)[2] - if not path: + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: raise bb.fetch.MalformedUrl(url) if path[0] == '/': diff --git a/meta/classes/clutter.bbclass b/meta/classes/clutter.bbclass index 167407dfdc..f5cd04f97f 100644 --- a/meta/classes/clutter.bbclass +++ b/meta/classes/clutter.bbclass @@ -14,7 +14,7 @@ REALNAME = "${@get_real_name("${BPN}")}" CLUTTER_SRC_FTP = "${GNOME_MIRROR}/${REALNAME}/${VERMINOR}/${REALNAME}-${PV}.tar.xz;name=archive" -CLUTTER_SRC_GIT = "git://git.gnome.org/${REALNAME}" +CLUTTER_SRC_GIT = "git://gitlab.gnome.org/GNOME/${REALNAME};protocol=https" SRC_URI = "${CLUTTER_SRC_FTP}" S = "${WORKDIR}/${REALNAME}-${PV}" diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass index d353110464..5103ed8533 100644 --- a/meta/classes/license.bbclass +++ b/meta/classes/license.bbclass @@ -226,9 +226,7 @@ def get_deployed_dependencies(d): # The manifest file name contains the arch. Because we are not running # in the recipe context it is necessary to check every arch used. sstate_manifest_dir = d.getVar("SSTATE_MANIFESTS") - sstate_archs = d.getVar("SSTATE_ARCHS") - extra_archs = d.getVar("PACKAGE_EXTRA_ARCHS") - archs = list(set(("%s %s" % (sstate_archs, extra_archs)).split())) + archs = list(set(d.getVar("SSTATE_ARCHS").split())) for dep in depends: # Some recipes have an arch on their own, so we try that first. special_arch = d.getVar("PACKAGE_ARCH_pn-%s" % dep) @@ -336,7 +334,7 @@ def add_package_and_files(d): files = d.getVar('LICENSE_FILES_DIRECTORY') pn = d.getVar('PN') pn_lic = "%s%s" % (pn, d.getVar('LICENSE_PACKAGE_SUFFIX', False)) - if pn_lic in packages: + if pn_lic in packages.split(): bb.warn("%s package already existed in %s." % (pn_lic, pn)) else: # first in PACKAGES to be sure that nothing else gets LICENSE_FILES_DIRECTORY @@ -482,7 +480,9 @@ def find_license_files(d): for url in lic_files.split(): try: - (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url) + if method != "file" or not path: + raise bb.fetch.MalformedUrl() except bb.fetch.MalformedUrl: bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL: %s" % (d.getVar('PF'), url)) # We want the license filename and path diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass index ed53dfbca6..87bba41472 100644 --- a/meta/classes/mirrors.bbclass +++ b/meta/classes/mirrors.bbclass @@ -69,7 +69,7 @@ ${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \ MIRRORS += "\ git://salsa.debian.org/.* git://salsa.debian.org/PATH;protocol=https \n \ -git://git.gnome.org/.* git://git.gnome.org/browse/PATH;protocol=https \n \ +git://git.gnome.org/.* git://gitlab.gnome.org/GNOME/PATH;protocol=https \n \ git://git.savannah.gnu.org/.* git://git.savannah.gnu.org/git/PATH;protocol=https \n \ git://git.yoctoproject.org/.* git://git.yoctoproject.org/git/PATH;protocol=https \n \ git://.*/.* git://HOST/PATH;protocol=https \n \ diff --git a/meta/classes/module-base.bbclass b/meta/classes/module-base.bbclass index 6fe77c01b7..c1fa3ad1c1 100644 --- a/meta/classes/module-base.bbclass +++ b/meta/classes/module-base.bbclass @@ -12,6 +12,8 @@ export CROSS_COMPILE = "${TARGET_PREFIX}" # we didn't pick the name. export KBUILD_OUTPUT = "${STAGING_KERNEL_BUILDDIR}" +DEPENDS += "bc-native" + export KERNEL_VERSION = "${@base_read_file('${STAGING_KERNEL_BUILDDIR}/kernel-abiversion')}" KERNEL_OBJECT_SUFFIX = ".ko" @@ -23,5 +25,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" do_make_scripts() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS make CC="${KERNEL_CC}" LD="${KERNEL_LD}" AR="${KERNEL_AR}" \ - -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts + HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}" \ + -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts prepare } diff --git a/meta/classes/module.bbclass b/meta/classes/module.bbclass index 78d1b21dbd..282900dc6d 100644 --- a/meta/classes/module.bbclass +++ b/meta/classes/module.bbclass @@ -2,7 +2,7 @@ inherit module-base kernel-module-split pkgconfig addtask make_scripts after do_prepare_recipe_sysroot before do_configure do_make_scripts[lockfiles] = "${TMPDIR}/kernel-scripts.lock" -do_make_scripts[depends] += "virtual/kernel:do_shared_workdir" +do_make_scripts[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot" EXTRA_OEMAKE += "KERNEL_SRC=${STAGING_KERNEL_DIR}" diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass index 9bcfe708c7..c9a04dd1d9 100644 --- a/meta/classes/toolchain-scripts.bbclass +++ b/meta/classes/toolchain-scripts.bbclass @@ -62,7 +62,8 @@ toolchain_create_tree_env_script () { script=${TMPDIR}/environment-setup-${REAL_MULTIMACH_TARGET_SYS} rm -f $script touch $script - echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${PATH}' >> $script + echo ". ${COREBASE}/oe-init-build-env ${TOPDIR}" >> $script + echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${STAGING_BINDIR_TOOLCHAIN}:$PATH' >> $script echo 'export PKG_CONFIG_SYSROOT_DIR=${PKG_CONFIG_SYSROOT_DIR}' >> $script echo 'export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}' >> $script echo 'export CONFIG_SITE="${@siteinfo_get_files(d)}"' >> $script diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index e5dc1ac2f7..d4754dd5bf 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -620,7 +620,7 @@ BBLAYERS_FETCH_DIR ??= "${COREBASE}" APACHE_MIRROR = "http://archive.apache.org/dist" DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool" GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles" -GNOME_GIT = "git://git.gnome.org" +GNOME_GIT = "git://gitlab.gnome.org/GNOME" GNOME_MIRROR = "http://ftp.gnome.org/pub/GNOME/sources" GNU_MIRROR = "http://ftp.gnu.org/gnu" GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt" diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index a8e82cb5d7..c5b0556cf8 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,8 +6,9 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.27" +UNINATIVE_MAXGLIBCVERSION = "2.28" + +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/" +UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20" +UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.9/" -UNINATIVE_CHECKSUM[i686] ?= "83a4f927da81d9889ef0cbe5c12cb782e21c6cc11e6155600b94ff0c99576dce" -UNINATIVE_CHECKSUM[x86_64] ?= "c26622a1f27dbf5b25de986b11584b5c5b2f322d9eb367f705a744f58a5561ec" diff --git a/meta/lib/oeqa/runtime/cases/kernelmodule.py b/meta/lib/oeqa/runtime/cases/kernelmodule.py index 11ad7b7f01..de1a5aa445 100644 --- a/meta/lib/oeqa/runtime/cases/kernelmodule.py +++ b/meta/lib/oeqa/runtime/cases/kernelmodule.py @@ -28,7 +28,7 @@ class KernelModuleTest(OERuntimeTestCase): @OETestDepends(['gcc.GccCompileTest.test_gcc_compile']) def test_kernel_module(self): cmds = [ - 'cd /usr/src/kernel && make scripts', + 'cd /usr/src/kernel && make scripts prepare', 'cd /tmp && make', 'cd /tmp && insmod hellomod.ko', 'lsmod | grep hellomod', diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index dbc578e2d8..57f521a6c4 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -7,7 +7,8 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" PV = "20170310" PE = "1" -SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https" + S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb index 2782bd95c4..0ba6c8d835 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb @@ -1,6 +1,6 @@ SUMMARY = "GLib networking extensions" DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies." -HOMEPAGE = "http://git.gnome.org/browse/glib-networking/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/" BUGTRACKER = "http://bugzilla.gnome.org" LICENSE = "LGPLv2" diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 9d1e636bbc..a1a4022ebc 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb @@ -1,13 +1,13 @@ require glibc.inc -LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ +LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" DEPENDS += "gperf-native bison-native" -SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98" +SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6" SRCBRANCH ?= "release/${PV}/master" diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 18e5fab7c7..b24d2cd651 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -22,7 +22,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image module-base setuptools3 -SRCREV ?= "78b61238f2a3eb18d97d31ac5d27bce9566438d2" +SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2" SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb index f988704756..7f3d9cba00 100644 --- a/meta/recipes-core/os-release/os-release.bb +++ b/meta/recipes-core/os-release/os-release.bb @@ -1,7 +1,7 @@ inherit allarch SUMMARY = "Operating system identification" -DESCRIPTION = "The /etc/os-release file contains operating system identification data." +DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data." LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" @@ -42,6 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${sysconfdir} - install -m 0644 os-release ${D}${sysconfdir}/ + install -d ${D}${nonarch_libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${nonarch_libdir}/ + lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release } + +FILES_${PN} += "${nonarch_libdir}/os-release" diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch new file mode 100644 index 0000000000..342fcc6231 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch @@ -0,0 +1,71 @@ +From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-truncation" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to bounded string manipulation functions such as strncat, +> strncpy, and stpncpy that may either truncate the copied string or leave +> the destination unchanged. + +It breaks the BaseTools build with: + +> EfiUtilityMsgs.c: In function 'PrintMessage': +> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying +> between 0 and 511 bytes from a string of length 511 +> [-Werror=stringop-truncation] +> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The right way to fix the warning would be to implement string concat with +snprintf(). However, Microsoft does not appear to support snprintf() +before VS2015 +<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, +so we just have to shut up the warning. The strncat() calls flagged above +are valid BTW. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch new file mode 100644 index 0000000000..a076665c33 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch @@ -0,0 +1,102 @@ +From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wrestrict" in "-Wall". This warning is documented in detail +at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn when an object referenced by a restrict-qualified parameter (or, in +> C++, a __restrict-qualified parameter) is aliased by another argument, +> or when copies between such objects overlap. + +It breaks the BaseTools build (in the Brotli compression library) with: + +> In function 'ProcessCommandsInternal', +> inlined from 'ProcessCommands' at dec/decode.c:1828:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> In function 'ProcessCommandsInternal', +> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: +> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 +> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at +> offset 16 [-Werror=restrict] +> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, +and concluded that the warning is a false positive: + +> This seems safe to me, because it's preceded by: +> +> uint8_t* copy_dst = &s->ringbuffer[pos]; +> uint8_t* copy_src = &s->ringbuffer[src_start]; +> int dst_end = pos + i; +> int src_end = src_start + i; +> if (src_end > pos && dst_end > src_start) { +> /* Regions intersect. */ +> goto CommandPostWrapCopy; +> } +> +> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then +> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). +> +> The if seems okay: +> +> (src_start + i > pos && pos + i > src_start) +> +> which can be rewritten to: +> +> (pos < src_start + i && src_start < pos + i) +> +> Then the numbers are in one of these two orders: +> +> pos <= src_start < pos + i <= src_start + i +> src_start <= pos < src_start + i <= pos + i +> +> These two would be allowed by the "if", but they can only happen if pos +> == src_start so they degenerate to the same two orders above: +> +> pos <= src_start < src_start + i <= pos + i +> src_start <= pos < pos + i <= src_start + i +> +> So it is a false positive in GCC. + +Disable the warning for now. + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
+ BUILD_LFLAGS = $(LDFLAGS)
+ BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch new file mode 100644 index 0000000000..920723e326 --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch @@ -0,0 +1,53 @@ +From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Wed, 7 Mar 2018 10:17:28 +0100 +Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" + options on OSX + +I recently added the gcc-8 specific "-Wno-stringop-truncation" and +"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / +clang, OSX) and otherwise (gcc, Linux / Cygwin). + +I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does +not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and +"-Wno-restrict" options, yet the build completed fine (by GCC design). + +Regarding OSX, my expectation was that + +- XCODE5 / clang would either recognize these warnings options (because + clang does recognize most -W options of gcc), + +- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags + that it didn't recognize. + +Neither is the case; the new flags have broken the BaseTools build on OSX. +Revert them (for OSX only). + +Cc: Liming Gao <liming.gao@intel.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Liming Gao <liming.gao@intel.com> +Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 +Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/Makefiles/header.makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: git/BaseTools/Source/C/Makefiles/header.makefile +=================================================================== +--- git.orig/BaseTools/Source/C/Makefiles/header.makefile ++++ git/BaseTools/Source/C/Makefiles/header.makefile +@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) + BUILD_CPPFLAGS += $(INCLUDE) -O2
+ ifeq ($(DARWIN),Darwin)
+ # assume clang or clang compatible flags on OS X
+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+ else
+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
+ endif
diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch new file mode 100644 index 0000000000..7ad7cdf0ce --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch @@ -0,0 +1,66 @@ +From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek <lersek@redhat.com> +Date: Fri, 2 Mar 2018 17:11:52 +0100 +Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" + warning with memcpy() + +gcc-8 (which is part of Fedora 28) enables the new warning +"-Wstringop-overflow" in "-Wall". This warning is documented in detail at +<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the +introduction says + +> Warn for calls to string manipulation functions such as memcpy and +> strcpy that are determined to overflow the destination buffer. + +It breaks the BaseTools build with: + +> GenVtf.c: In function 'ConvertVersionInfo': +> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length +> of the source argument [-Werror=stringop-overflow=] +> strncpy (TemStr + 4 - Length, Str, Length); +> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +> GenVtf.c:130:14: note: length computed here +> Length = strlen(Str); +> ^~~~~~~~~~~ + +It is a false positive because, while the bound equals the length of the +source argument, the destination pointer is moved back towards the +beginning of the destination buffer by the same amount (and this amount is +range-checked first, so we can't precede the start of the dest buffer). + +Replace both strncpy() calls with memcpy(). + +Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Cc: Cole Robinson <crobinso@redhat.com> +Cc: Liming Gao <liming.gao@intel.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Yonghong Zhu <yonghong.zhu@intel.com> +Reported-by: Cole Robinson <crobinso@redhat.com> +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek <lersek@redhat.com> +Reviewed-by: Liming Gao <liming.gao@intel.com> +--- +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Backport + BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c +index 2ae9a7be2c..0cd33e71e9 100644 +--- a/BaseTools/Source/C/GenVtf/GenVtf.c ++++ b/BaseTools/Source/C/GenVtf/GenVtf.c +@@ -129,9 +129,9 @@ Returns: + } else {
+ Length = strlen(Str);
+ if (Length < 4) {
+- strncpy (TemStr + 4 - Length, Str, Length);
++ memcpy (TemStr + 4 - Length, Str, Length);
+ } else {
+- strncpy (TemStr, Str + Length - 4, 4);
++ memcpy (TemStr, Str + Length - 4, 4);
+ }
+
+ sscanf (
+-- +2.17.0 + diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 959b1c649c..25e5b58e70 100644 --- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch @@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template +DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+ DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index fa0d66291d..fe0850cc03 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ file://0004-ovmf-enable-long-path-file.patch \ file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ + file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ + file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ + file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ + file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" @@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb inherit deploy -PARALLEL_MAKE_class-native = "" +PARALLEL_MAKE = "" S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils-2.29.1.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc index 07a72e2b5a..eccb12828e 100644 --- a/meta/recipes-devtools/binutils/binutils-2.29.1.inc +++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc @@ -18,7 +18,7 @@ BINUPV = "${@binutils_branch_version(d)}" UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)" -SRCREV ?= "90276f15379d380761fc499da2ba24cfb3c12a94" +SRCREV ?= "8efd17cb25686c51b9db6531ae2fbeb2e6ef2399" BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git" SRC_URI = "\ ${BINUTILS_GIT_URI} \ @@ -35,6 +35,48 @@ SRC_URI = "\ file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \ file://0014-Detect-64-bit-MIPS-targets.patch \ file://0015-sync-with-OE-libtool-changes.patch \ + file://CVE-2017-17124.patch \ + file://CVE-2017-14930.patch \ + file://CVE-2017-14932.patch \ + file://CVE-2017-14933_p1.patch \ + file://CVE-2017-14933_p2.patch \ + file://CVE-2017-14934.patch \ + file://CVE-2017-14938.patch \ + file://CVE-2017-14939.patch \ + file://CVE-2017-14940.patch \ + file://CVE-2017-15021.patch \ + file://CVE-2017-15022.patch \ + file://CVE-2017-15023.patch \ + file://CVE-2017-15024.patch \ + file://CVE-2017-15025.patch \ + file://CVE-2017-15225.patch \ + file://CVE-2017-15939.patch \ + file://CVE-2017-15996.patch \ + file://CVE-2017-16826.patch \ + file://CVE-2017-16827.patch \ + file://CVE-2017-16828_p1.patch \ + file://CVE-2017-16828_p2.patch \ + file://CVE-2017-16829.patch \ + file://CVE-2017-16830.patch \ + file://CVE-2017-16831.patch \ + file://CVE-2017-16832.patch \ + file://CVE-2017-17080.patch \ + file://CVE-2017-17121.patch \ + file://CVE-2017-17122.patch \ + file://CVE-2017-17125.patch \ + file://CVE-2017-17123.patch \ + file://CVE-2018-10372.patch \ + file://CVE-2018-10373.patch \ + file://CVE-2018-10534.patch \ + file://CVE-2018-10535.patch \ + file://CVE-2018-13033.patch \ + file://CVE-2018-6323.patch \ + file://CVE-2018-6759.patch \ + file://CVE-2018-7208.patch \ + file://CVE-2018-7568_p1.patch \ + file://CVE-2018-7568_p2.patch \ + file://CVE-2018-7569.patch \ + file://CVE-2018-7642.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch new file mode 100644 index 0000000000..bbd267a959 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch @@ -0,0 +1,53 @@ +From a26a013f22a19e2c16729e64f40ef8a7dfcc086e Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 17:10:14 +0930 +Subject: [PATCH] PR22191, memory leak in dwarf2.c + +table->sequences is a linked list before it is replaced by a bfd_alloc +array in sort_line_sequences. + + PR 22191 + * dwarf2.c (decode_line_info): Properly free line sequences on error. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14930 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 8 ++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2473,8 +2473,12 @@ decode_line_info (struct comp_unit *unit + return table; + + fail: +- if (table->sequences != NULL) +- free (table->sequences); ++ while (table->sequences != NULL) ++ { ++ struct line_sequence* seq = table->sequences; ++ table->sequences = table->sequences->prev_sequence; ++ free (seq); ++ } + if (table->files != NULL) + free (table->files); + if (table->dirs != NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22191 ++ * dwarf2.c (decode_line_info): Properly free line sequences on error. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22507 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch new file mode 100644 index 0000000000..a436031dc2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch @@ -0,0 +1,46 @@ +From e338894dc2e603683bed2172e8e9f25b29051005 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:32:18 +0930 +Subject: [PATCH] PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop + + PR 22204 + * dwarf2.c (decode_line_info): Ensure line_ptr stays within + bounds in inner loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14932 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2269,7 +2269,7 @@ decode_line_info (struct comp_unit *unit + bfd_vma high_pc = 0; + + /* Decode the table. */ +- while (! end_sequence) ++ while (!end_sequence && line_ptr < line_end) + { + op_code = read_1_byte (abfd, line_ptr, line_end); + line_ptr += 1; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22204 ++ * dwarf2.c (decode_line_info): Ensure line_ptr stays within ++ bounds in inner loop. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22191 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch new file mode 100644 index 0000000000..9df8138401 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch @@ -0,0 +1,58 @@ +From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 26 Sep 2017 14:37:47 +0100 +Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF + directory or file name table. + + PR 22210 + * dwarf2.c (read_formatted_entries): Fail early if we know that + the loop parsing data entries will overflow the end of the + section. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Nick Clifton <nickc@redhat.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Fail early if we know that ++ the loop parsing data entries will overflow the end of the ++ section. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22204 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit + + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; ++ ++ /* PR 22210. Paranoia check. Don't bother running the loop ++ if we know that we are going to run out of buffer. */ ++ if (data_count > (bfd_vma) (buf_end - buf)) ++ { ++ _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."), ++ data_count); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + for (datai = 0; datai < data_count; datai++) + { + bfd_byte *format = format_header_data; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch new file mode 100644 index 0000000000..607d92f3d4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch @@ -0,0 +1,102 @@ +From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 23:20:06 +0930 +Subject: [PATCH] Tidy reading data in read_formatted_entries + +Using read_attribute_value accomplishes two things: It checks for +unexpected formats, and ensures the buffer pointer always increments. + + PR 22210 + * dwarf2.c (read_formatted_entries): Use read_attribute_value to + read data. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14933 #2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 37 +++++++------------------------------ + 2 files changed, 13 insertions(+), 30 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22210 ++ * dwarf2.c (read_formatted_entries): Use read_attribute_value to ++ read data. ++ + 2017-09-26 Nick Clifton <nickc@redhat.com> + + PR 22210 +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit + char *string_trash; + char **stringp = &string_trash; + unsigned int uint_trash, *uintp = &uint_trash; ++ struct attribute attr; + + content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read, + FALSE, buf_end); +@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit + form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE, + buf_end); + format += bytes_read; ++ ++ buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end); ++ if (buf == NULL) ++ return FALSE; + switch (form) + { + case DW_FORM_string: +- *stringp = read_string (abfd, buf, buf_end, &bytes_read); +- buf += bytes_read; +- break; +- + case DW_FORM_line_strp: +- *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read); +- buf += bytes_read; ++ *stringp = attr.u.str; + break; + + case DW_FORM_data1: +- *uintp = read_1_byte (abfd, buf, buf_end); +- buf += 1; +- break; +- + case DW_FORM_data2: +- *uintp = read_2_bytes (abfd, buf, buf_end); +- buf += 2; +- break; +- + case DW_FORM_data4: +- *uintp = read_4_bytes (abfd, buf, buf_end); +- buf += 4; +- break; +- + case DW_FORM_data8: +- *uintp = read_8_bytes (abfd, buf, buf_end); +- buf += 8; +- break; +- + case DW_FORM_udata: +- *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, +- buf_end); +- buf += bytes_read; +- break; +- +- case DW_FORM_block: +- /* It is valid only for DW_LNCT_timestamp which is ignored by +- current GDB. */ ++ *uintp = attr.u.val; + break; + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch new file mode 100644 index 0000000000..57733f08cf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch @@ -0,0 +1,63 @@ +From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 27 Sep 2017 10:42:51 +0100 +Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when + encountering a CU structure with a small negative size. + + PR 22219 + * dwarf.c (process_debug_info): Add a check for a negative + cu_length field. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14934 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 11 ++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section + int level, last_level, saved_level; + dwarf_vma cu_offset; + unsigned int offset_size; +- int initial_length_size; ++ unsigned int initial_length_size; + dwarf_vma signature_high = 0; + dwarf_vma signature_low = 0; + dwarf_vma type_offset = 0; +@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section + num_units = unit; + break; + } ++ else if (compunit.cu_length + initial_length_size < initial_length_size) ++ { ++ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"), ++ dwarf_vmatoa ("x", cu_offset), ++ dwarf_vmatoa ("x", compunit.cu_length)); ++ num_units = unit; ++ break; ++ } ++ + tags = hdrptr; + start += compunit.cu_length + initial_length_size; + +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-09-27 Nick Clifton <nickc@redhat.com> ++ ++ PR 22219 ++ * dwarf.c (process_debug_info): Add a check for a negative ++ cu_length field. ++ + 2017-11-01 Alan Modra <amodra@gmail.com> + + Apply from master diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch new file mode 100644 index 0000000000..e62c73c06d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch @@ -0,0 +1,64 @@ +From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:34:57 +0930 +Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation + +The sanity check covers the previous minimim size, plus that the size +is at least enough for sh_info verneed entries. + +Also, since we write all verneed fields or exit with an error, there +isn't any need to zero the memory allocated for verneed entries. + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on + SHT_GNU_verneed section for sanity. Don't zalloc memory for + verref. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14938 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 5 +++-- + 2 files changed, 10 insertions(+), 2 deletions(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + + hdr = &elf_tdata (abfd)->dynverref_hdr; + +- if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed)) ++ if (hdr->sh_info == 0 ++ || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed)) + { + error_return_bad_verref: + _bfd_error_handler +@@ -8219,7 +8220,7 @@ error_return_verref: + goto error_return_verref; + + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) +- bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); ++ bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22166 ++ * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on ++ SHT_GNU_verneed section for sanity. Don't zalloc memory for ++ verref. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22210 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch new file mode 100644 index 0000000000..d1e4c3e609 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch @@ -0,0 +1,56 @@ +From 515f23e63c0074ab531bc954f84ca40c6281a724 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:16 +0930 +Subject: [PATCH] PR22169, heap-based buffer overflow in read_1_byte + +The .debug_line header length field doesn't include the length field +itself, ie. it's the size of the rest of .debug_line. + + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 ++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2084,12 +2084,13 @@ decode_line_info (struct comp_unit *unit + offset_size = 8; + } + +- if (unit->line_offset + lh.total_length > stash->dwarf_line_size) ++ if (lh.total_length > (size_t) (line_end - line_ptr)) + { + _bfd_error_handler + /* xgettext: c-format */ +- (_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"), +- lh.total_length, stash->dwarf_line_size - unit->line_offset); ++ (_("Dwarf Error: Line info data is bigger (%#Lx)" ++ " than the space remaining in the section (%#lx)"), ++ lh.total_length, (unsigned long) (line_end - line_ptr)); + bfd_set_error (bfd_error_bad_value); + return NULL; + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22169 ++ * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22166 + * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch new file mode 100644 index 0000000000..49b0bdc546 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch @@ -0,0 +1,47 @@ +From 0d76029f92182c3682d8be2c833d45bc9a2068fe Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:35:33 +0930 +Subject: [PATCH] PR22167, NULL pointer dereference in scan_unit_for_symbols + + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-14940 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3202,7 +3202,8 @@ scan_unit_for_symbols (struct comp_unit + case DW_FORM_block2: + case DW_FORM_block4: + case DW_FORM_exprloc: +- if (*attr.u.blk->data == DW_OP_addr) ++ if (attr.u.blk->data != NULL ++ && *attr.u.blk->data == DW_OP_addr) + { + var->stack = 0; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,10 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22167 ++ * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22169 + * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch new file mode 100644 index 0000000000..caca7b107e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch @@ -0,0 +1,48 @@ +From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 21:36:18 +0930 +Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1 + + PR 22197 + * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is + within section bounds. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15021 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/opncls.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + /* PR 17597: avoid reading off the end of the buffer. */ + crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset >= bfd_get_section_size (sect)) ++ if (crc_offset + 4 > bfd_get_section_size (sect)) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,5 +1,11 @@ + 2017-09-24 Alan Modra <amodra@gmail.com> + ++ PR 22197 ++ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is ++ within section bounds. ++ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ + PR 22167 + * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL. + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch new file mode 100644 index 0000000000..c9acfa7853 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch @@ -0,0 +1,61 @@ +From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:46:34 +0930 +Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference + +DW_AT_name ought to always have a string value. + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it + has string form. + (parse_comp_unit): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15022 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 6 ++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit + switch (attr.name) + { + case DW_AT_name: +- var->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ var->name = attr.u.str; + break; + + case DW_AT_decl_file: +@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st + break; + + case DW_AT_name: +- unit->name = attr.u.str; ++ if (is_str_attr (attr.form)) ++ unit->name = attr.u.str; + break; + + case DW_AT_low_pc: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22201 ++ * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it ++ has string form. ++ (parse_comp_unit): Likewise. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22197 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch new file mode 100644 index 0000000000..9439b7b55f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch @@ -0,0 +1,52 @@ +From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 19:03:46 +0930 +Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check + +The format_count entry can't be zero unless the count is also zero. + + PR 22200 + * dwarf2.c (read_formatted_entries): Error on format_count zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15023 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 7 +++++++ + 2 files changed, 12 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit + data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); + buf += bytes_read; + ++ if (format_count == 0 && data_count != 0) ++ { ++ _bfd_error_handler (_("Dwarf Error: Zero format count.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ + /* PR 22210. Paranoia check. Don't bother running the loop + if we know that we are going to run out of buffer. */ + if (data_count > (bfd_vma) (buf_end - buf)) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,9 @@ + 2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22200 ++ * dwarf2.c (read_formatted_entries): Error on format_count zero. ++ ++2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22201 + * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch new file mode 100644 index 0000000000..53b072ebaf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch @@ -0,0 +1,227 @@ +From 52a93b95ec0771c97e26f0bb28630a271a667bd2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:37:16 +0930 +Subject: [PATCH] PR22187, infinite loop in find_abstract_instance_name + +This patch prevents the simple case of infinite recursion in +find_abstract_instance_name by ensuring that the attributes being +processed are not the same as the previous call. + +The patch also does a little cleanup, and leaves in place some changes +to the nested_funcs array that I made when I wrongly thought looping +might occur in scan_unit_for_symbols. + + PR 22187 + * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and + pname param. Return status. Make name const. Don't abort, + return an error. Formatting. Exit if current info_ptr matches + orig_info_ptr. Update callers. + (scan_unit_for_symbols): Start at nesting_level of zero. Make + nested_funcs an array of structs for extensibility. Formatting. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15024 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 10 ++++++++ + bfd/dwarf2.c | 76 +++++++++++++++++++++++++++++++++++++++-------------------- + 2 files changed, 61 insertions(+), 25 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2823,9 +2823,11 @@ lookup_symbol_in_variable_table (struct + return FALSE; + } + +-static char * ++static bfd_boolean + find_abstract_instance_name (struct comp_unit *unit, ++ bfd_byte *orig_info_ptr, + struct attribute *attr_ptr, ++ const char **pname, + bfd_boolean *is_linkage) + { + bfd *abfd = unit->abfd; +@@ -2835,7 +2837,7 @@ find_abstract_instance_name (struct comp + struct abbrev_info *abbrev; + bfd_uint64_t die_ref = attr_ptr->u.val; + struct attribute attr; +- char *name = NULL; ++ const char *name = NULL; + + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ +@@ -2844,7 +2846,12 @@ find_abstract_instance_name (struct comp + /* We only support DW_FORM_ref_addr within the same file, so + any relocations should be resolved already. */ + if (!die_ref) +- abort (); ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance DIE ref zero.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + info_ptr = unit->sec_info_ptr + die_ref; + info_ptr_end = unit->end_ptr; +@@ -2879,9 +2886,10 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Unable to read alt ref %u."), die_ref); + bfd_set_error (bfd_error_bad_value); +- return NULL; ++ return FALSE; + } +- info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size; ++ info_ptr_end = (unit->stash->alt_dwarf_info_buffer ++ + unit->stash->alt_dwarf_info_size); + + /* FIXME: Do we need to locate the correct CU, in a similar + fashion to the code in the DW_FORM_ref_addr case above ? */ +@@ -2904,6 +2912,7 @@ find_abstract_instance_name (struct comp + _bfd_error_handler + (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number); + bfd_set_error (bfd_error_bad_value); ++ return FALSE; + } + else + { +@@ -2913,6 +2922,15 @@ find_abstract_instance_name (struct comp + info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; ++ /* It doesn't ever make sense for DW_AT_specification to ++ refer to the same DIE. Stop simple recursion. */ ++ if (info_ptr == orig_info_ptr) ++ { ++ _bfd_error_handler ++ (_("Dwarf Error: Abstract instance recursion detected.")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + switch (attr.name) + { + case DW_AT_name: +@@ -2926,7 +2944,9 @@ find_abstract_instance_name (struct comp + } + break; + case DW_AT_specification: +- name = find_abstract_instance_name (unit, &attr, is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ pname, is_linkage)) ++ return FALSE; + break; + case DW_AT_linkage_name: + case DW_AT_MIPS_linkage_name: +@@ -2944,7 +2964,8 @@ find_abstract_instance_name (struct comp + } + } + } +- return name; ++ *pname = name; ++ return TRUE; + } + + static bfd_boolean +@@ -3005,20 +3026,22 @@ scan_unit_for_symbols (struct comp_unit + bfd *abfd = unit->abfd; + bfd_byte *info_ptr = unit->first_child_die_ptr; + bfd_byte *info_ptr_end = unit->stash->info_ptr_end; +- int nesting_level = 1; +- struct funcinfo **nested_funcs; ++ int nesting_level = 0; ++ struct nest_funcinfo { ++ struct funcinfo *func; ++ } *nested_funcs; + int nested_funcs_size; + + /* Maintain a stack of in-scope functions and inlined functions, which we + can use to set the caller_func field. */ + nested_funcs_size = 32; +- nested_funcs = (struct funcinfo **) +- bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs = (struct nest_funcinfo *) ++ bfd_malloc (nested_funcs_size * sizeof (*nested_funcs)); + if (nested_funcs == NULL) + return FALSE; +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + +- while (nesting_level) ++ while (nesting_level >= 0) + { + unsigned int abbrev_number, bytes_read, i; + struct abbrev_info *abbrev; +@@ -3076,13 +3099,13 @@ scan_unit_for_symbols (struct comp_unit + BFD_ASSERT (!unit->cached); + + if (func->tag == DW_TAG_inlined_subroutine) +- for (i = nesting_level - 1; i >= 1; i--) +- if (nested_funcs[i]) ++ for (i = nesting_level; i-- != 0; ) ++ if (nested_funcs[i].func) + { +- func->caller_func = nested_funcs[i]; ++ func->caller_func = nested_funcs[i].func; + break; + } +- nested_funcs[nesting_level] = func; ++ nested_funcs[nesting_level].func = func; + } + else + { +@@ -3102,12 +3125,13 @@ scan_unit_for_symbols (struct comp_unit + } + + /* No inline function in scope at this nesting level. */ +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + + for (i = 0; i < abbrev->num_attrs; ++i) + { +- info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end); ++ info_ptr = read_attribute (&attr, &abbrev->attrs[i], ++ unit, info_ptr, info_ptr_end); + if (info_ptr == NULL) + goto fail; + +@@ -3126,8 +3150,10 @@ scan_unit_for_symbols (struct comp_unit + + case DW_AT_abstract_origin: + case DW_AT_specification: +- func->name = find_abstract_instance_name (unit, &attr, +- &func->is_linkage); ++ if (!find_abstract_instance_name (unit, info_ptr, &attr, ++ &func->name, ++ &func->is_linkage)) ++ goto fail; + break; + + case DW_AT_name: +@@ -3254,17 +3280,17 @@ scan_unit_for_symbols (struct comp_unit + + if (nesting_level >= nested_funcs_size) + { +- struct funcinfo **tmp; ++ struct nest_funcinfo *tmp; + + nested_funcs_size *= 2; +- tmp = (struct funcinfo **) ++ tmp = (struct nest_funcinfo *) + bfd_realloc (nested_funcs, +- nested_funcs_size * sizeof (struct funcinfo *)); ++ nested_funcs_size * sizeof (*nested_funcs)); + if (tmp == NULL) + goto fail; + nested_funcs = tmp; + } +- nested_funcs[nesting_level] = 0; ++ nested_funcs[nesting_level].func = 0; + } + } + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch new file mode 100644 index 0000000000..ce5315976a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch @@ -0,0 +1,47 @@ +From d8010d3e75ec7194a4703774090b27486b742d48 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sun, 24 Sep 2017 14:36:48 +0930 +Subject: [PATCH] PR22186, divide-by-zero in decode_line_info + + PR 22186 + * dwarf2.c (decode_line_info): Fail on lh.line_range of zero + rather than dividing by zero. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15025 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 2 ++ + 2 files changed, 8 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -2432,6 +2432,8 @@ decode_line_info (struct comp_unit *unit + case DW_LNS_set_basic_block: + break; + case DW_LNS_const_add_pc: ++ if (lh.line_range == 0) ++ goto line_fail; + if (lh.maximum_ops_per_insn == 1) + address += (lh.minimum_instruction_length + * ((255 - lh.opcode_base) / lh.line_range)); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-24 Alan Modra <amodra@gmail.com> ++ ++ PR 22186 ++ * dwarf2.c (decode_line_info): Fail on lh.line_range of zero ++ rather than dividing by zero. ++ ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22200 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch new file mode 100644 index 0000000000..2ef3f53737 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch @@ -0,0 +1,48 @@ +From b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 9 Oct 2017 13:21:44 +1030 +Subject: [PATCH] PR22212, memory leak in nm + + PR 22212 + * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free + funcinfo_hash_table and varinfo_hash_table. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15225 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf2.c | 4 ++++ + 2 files changed, 10 insertions(+) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -4932,6 +4932,10 @@ _bfd_dwarf2_cleanup_debug_info (bfd *abf + } + } + ++ if (stash->funcinfo_hash_table) ++ bfd_hash_table_free (&stash->funcinfo_hash_table->base); ++ if (stash->varinfo_hash_table) ++ bfd_hash_table_free (&stash->varinfo_hash_table->base); + if (stash->dwarf_abbrev_buffer) + free (stash->dwarf_abbrev_buffer); + if (stash->dwarf_line_buffer) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-09 Alan Modra <amodra@gmail.com> ++ ++ PR 22212 ++ * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free ++ funcinfo_hash_table and varinfo_hash_table. ++ + 2017-09-24 Alan Modra <amodra@gmail.com> + + PR 22186 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch new file mode 100644 index 0000000000..bccad763f4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch @@ -0,0 +1,113 @@ +From a54018b72d75abf2e74bf36016702da06399c1d9 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 26 Sep 2017 09:38:26 +0930 +Subject: [PATCH] PR22205, .debug_line file table NULL filename + +The PR22200 fuzzer testcase found one way to put NULLs into .debug_line +file tables. PR22205 finds another. This patch gives up on trying to +prevent NULL files in the file table and instead just copes with them. +Arguably, this is better than giving up and showing no info from +.debug_line. I've also fixed a case where the fairly recent DWARF5 +support in handling broken DWARG could result in uninitialized memory +reads, and made a small tidy. + + PR 22205 + * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. + (read_formatted_entries): Init "fe". + (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15939 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf2.c | 35 +++++++++++++---------------------- + 2 files changed, 20 insertions(+), 22 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1597,6 +1597,8 @@ concat_filename (struct line_info_table + } + + filename = table->files[file - 1].name; ++ if (filename == NULL) ++ return strdup ("<unknown>"); + + if (!IS_ABSOLUTE_PATH (filename)) + { +@@ -1956,6 +1958,7 @@ read_formatted_entries (struct comp_unit + bfd_byte *format = format_header_data; + struct fileinfo fe; + ++ memset (&fe, 0, sizeof fe); + for (formati = 0; formati < format_count; formati++) + { + bfd_vma content_type, form; +@@ -2256,6 +2259,7 @@ decode_line_info (struct comp_unit *unit + unsigned int discriminator = 0; + int is_stmt = lh.default_is_stmt; + int end_sequence = 0; ++ unsigned int dir, xtime, size; + /* eraxxon@alumni.rice.edu: Against the DWARF2 specs, some + compilers generate address sequences that are wildly out of + order using DW_LNE_set_address (e.g. Intel C++ 6.0 compiler +@@ -2330,31 +2334,18 @@ decode_line_info (struct comp_unit *unit + case DW_LNE_define_file: + cur_file = read_string (abfd, line_ptr, line_end, &bytes_read); + line_ptr += bytes_read; +- if ((table->num_files % FILE_ALLOC_CHUNK) == 0) +- { +- struct fileinfo *tmp; +- +- amt = table->num_files + FILE_ALLOC_CHUNK; +- amt *= sizeof (struct fileinfo); +- tmp = (struct fileinfo *) bfd_realloc (table->files, amt); +- if (tmp == NULL) +- goto line_fail; +- table->files = tmp; +- } +- table->files[table->num_files].name = cur_file; +- table->files[table->num_files].dir = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ dir = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].time = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ xtime = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->files[table->num_files].size = +- _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, +- FALSE, line_end); ++ size = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read, ++ FALSE, line_end); + line_ptr += bytes_read; +- table->num_files++; ++ if (!line_info_add_file_name (table, cur_file, dir, ++ xtime, size)) ++ goto line_fail; + break; + case DW_LNE_set_discriminator: + discriminator = +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-26 Alan Modra <amodra@gmail.com> ++ ++ PR 22205 ++ * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename. ++ (read_formatted_entries): Init "fe". ++ (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name. ++ + 2017-10-09 Alan Modra <amodra@gmail.com> + + PR 22212 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch new file mode 100644 index 0000000000..dab8380e33 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch @@ -0,0 +1,84 @@ +From d91f0b20e561e326ee91a09a76206257bde8438b Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 28 Oct 2017 21:31:16 +1030 +Subject: [PATCH] PR22361 readelf buffer overflow on fuzzed archive header + + PR 22361 + * readelf.c (process_archive_index_and_symbols): Ensure ar_size + field is zero terminated for strtoul. + (setup_archive, get_archive_member_name): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-15996 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/elfcomm.c | 11 +++++++++++ + 2 files changed, 18 insertions(+) + +Index: git/binutils/elfcomm.c +=================================================================== +--- git.orig/binutils/elfcomm.c ++++ git/binutils/elfcomm.c +@@ -466,8 +466,12 @@ process_archive_index_and_symbols (struc + { + size_t got; + unsigned long size; ++ char fmag_save; + ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 912bd7de. */ + if ((signed long) size < 0) + { +@@ -655,7 +659,10 @@ setup_archive (struct archive_info *arch + if (const_strneq (arch->arhdr.ar_name, "// ")) + { + /* This is the archive string table holding long member names. */ ++ char fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + /* PR 17531: file: 01068045. */ + if (arch->longnames_size < 8) + { +@@ -758,6 +765,7 @@ get_archive_member_name (struct archive_ + char *endp; + char *member_file_name; + char *member_name; ++ char fmag_save; + + if (arch->longnames == NULL || arch->longnames_size == 0) + { +@@ -766,9 +774,12 @@ get_archive_member_name (struct archive_ + } + + arch->nested_member_origin = 0; ++ fmag_save = arch->arhdr.ar_fmag[0]; ++ arch->arhdr.ar_fmag[0] = 0; + k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10); + if (arch->is_thin_archive && endp != NULL && * endp == ':') + arch->nested_member_origin = strtoul (endp + 1, NULL, 10); ++ arch->arhdr.ar_fmag[0] = fmag_save; + + if (j > arch->longnames_size) + { +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-10-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22361 ++ * readelf.c (process_archive_index_and_symbols): Ensure ar_size ++ field is zero terminated for strtoul. ++ (setup_archive, get_archive_member_name): Likewise. ++ + 2017-09-26 Alan Modra <amodra@gmail.com> + + PR 22205 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch new file mode 100644 index 0000000000..bb24ba8834 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch @@ -0,0 +1,53 @@ +From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 1 Nov 2017 15:21:46 +0000 +Subject: [PATCH] Prevent illegal memory accesses when attempting to read + excessively large COFF line number tables. + + PR 22376 + * coffcode.h (coff_slurp_line_table): Check for an excessively + large line number count. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16826 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 8 ++++++++ + 2 files changed, 14 insertions(+) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti + + BFD_ASSERT (asect->lineno == NULL); + ++ if (asect->lineno_count > asect->size) ++ { ++ _bfd_error_handler ++ (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), ++ abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); ++ return FALSE; ++ } ++ + amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); + lineno_cache = (alent *) bfd_alloc (abfd, amt); + if (lineno_cache == NULL) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-01 Nick Clifton <nickc@redhat.com> ++ ++ PR 22376 ++ * coffcode.h (coff_slurp_line_table): Check for an excessively ++ large line number count. ++ + 2017-10-28 Alan Modra <amodra@gmail.com> + + PR 22361 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch new file mode 100644 index 0000000000..dbc577c8e0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch @@ -0,0 +1,95 @@ +From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 16:43:47 +1030 +Subject: [PATCH] PR22306, Invalid free() in slurp_symtab() + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, + and error for any other size that doesn't cover the header word. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16827 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/aoutx.h | 45 ++++++++++++++++++++++++++++++--------------- + 2 files changed, 36 insertions(+), 15 deletions(-) + +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -1352,27 +1352,42 @@ aout_get_external_symbols (bfd *abfd) + || bfd_bread ((void *) string_chars, amt, abfd) != amt) + return FALSE; + stringsize = GET_WORD (abfd, string_chars); ++ if (stringsize == 0) ++ stringsize = 1; ++ else if (stringsize < BYTES_IN_WORD ++ || (size_t) stringsize != stringsize) ++ { ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + #ifdef USE_MMAP +- if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, +- &obj_aout_string_window (abfd), TRUE)) +- return FALSE; +- strings = (char *) obj_aout_string_window (abfd).data; +-#else +- strings = (char *) bfd_malloc (stringsize + 1); +- if (strings == NULL) +- return FALSE; +- +- /* Skip space for the string count in the buffer for convenience +- when using indexes. */ +- amt = stringsize - BYTES_IN_WORD; +- if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ if (stringsize >= BYTES_IN_WORD) + { +- free (strings); +- return FALSE; ++ if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, ++ &obj_aout_string_window (abfd), TRUE)) ++ return FALSE; ++ strings = (char *) obj_aout_string_window (abfd).data; + } ++ else + #endif ++ { ++ strings = (char *) bfd_malloc (stringsize); ++ if (strings == NULL) ++ return FALSE; + ++ if (stringsize >= BYTES_IN_WORD) ++ { ++ /* Keep the string count in the buffer for convenience ++ when indexing with e_strx. */ ++ amt = stringsize - BYTES_IN_WORD; ++ if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) ++ { ++ free (strings); ++ return FALSE; ++ } ++ } ++ } + /* Ensure that a zero index yields an empty string. */ + strings[0] = '\0'; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22306 ++ * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, ++ and error for any other size that doesn't cover the header word. ++ + 2017-11-01 Nick Clifton <nickc@redhat.com> + + PR 22376 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch new file mode 100644 index 0000000000..310908f86d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch @@ -0,0 +1,79 @@ +From 9c0f3d3f2017829ffd908c9893b85094985c3b58 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 5 Oct 2017 17:32:18 +1030 +Subject: [PATCH] PR22239 - invalid memory read in display_debug_frames + +Pointer comparisons have traps for the unwary. After adding a large +unknown value to "start", the test "start < end" depends on where +"start" is originally in memory. + + PR 22239 + * dwarf.c (read_cie): Don't compare "start" and "end" pointers + after adding a possibly wild length to "start", compare the length + to the difference of the pointers instead. Remove now redundant + "negative" length test. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 8 ++++++++ + binutils/dwarf.c | 15 ++++----------- + 2 files changed, 12 insertions(+), 11 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6652,14 +6652,14 @@ read_cie (unsigned char *start, unsigned + { + READ_ULEB (augmentation_data_len); + augmentation_data = start; +- start += augmentation_data_len; + /* PR 17512: file: 11042-2589-0.004. */ +- if (start > end) ++ if (augmentation_data_len > (size_t) (end - start)) + { + warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (long)((end - start) + augmentation_data_len)); ++ augmentation_data_len, (unsigned long) (end - start)); + return end; + } ++ start += augmentation_data_len; + } + + if (augmentation_data_len) +@@ -6672,14 +6672,7 @@ read_cie (unsigned char *start, unsigned + q = augmentation_data; + qend = q + augmentation_data_len; + +- /* PR 17531: file: 015adfaa. */ +- if (qend < q) +- { +- warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len); +- augmentation_data_len = 0; +- } +- +- while (p < end && q < augmentation_data + augmentation_data_len) ++ while (p < end && q < qend) + { + if (*p == 'L') + q++; +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,11 @@ ++2017-10-05 Alan Modra <amodra@gmail.com> ++ ++ PR 22239 ++ * dwarf.c (read_cie): Don't compare "start" and "end" pointers ++ after adding a possibly wild length to "start", compare the length ++ to the difference of the pointers instead. Remove now redundant ++ "negative" length test. ++ + 2017-09-27 Nick Clifton <nickc@redhat.com> + + PR 22219 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch new file mode 100644 index 0000000000..5073d31ce0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch @@ -0,0 +1,149 @@ +From bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 13:57:15 +0000 +Subject: [PATCH] Fix integer overflow problems when reading an ELF binary with + corrupt augmentation data. + + PR 22386 + * dwarf.c (read_cie): Use bfd_size_type for + augmentation_data_len. + (display_augmentation_data): New function. + (display_debug_frames): Use it. + Check for integer overflow when testing augmentation_data_len. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16828 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 10 +++++++++ + binutils/dwarf.c | 65 +++++++++++++++++++++++++++++++++--------------------- + 2 files changed, 50 insertions(+), 25 deletions(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -6577,13 +6577,13 @@ frame_display_row (Frame_Chunk *fc, int + static unsigned char * + read_cie (unsigned char *start, unsigned char *end, + Frame_Chunk **p_cie, int *p_version, +- unsigned long *p_aug_len, unsigned char **p_aug) ++ bfd_size_type *p_aug_len, unsigned char **p_aug) + { + int version; + Frame_Chunk *fc; + unsigned int length_return; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + + * p_cie = NULL; + /* PR 17512: file: 001-228113-0.004. */ +@@ -6653,10 +6653,11 @@ read_cie (unsigned char *start, unsigned + READ_ULEB (augmentation_data_len); + augmentation_data = start; + /* PR 17512: file: 11042-2589-0.004. */ +- if (augmentation_data_len > (size_t) (end - start)) ++ if (augmentation_data_len > (bfd_size_type) (end - start)) + { +- warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), +- augmentation_data_len, (unsigned long) (end - start)); ++ warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"), ++ dwarf_vmatoa ("x", augmentation_data_len), ++ (unsigned long) (end - start)); + return end; + } + start += augmentation_data_len; +@@ -6701,6 +6702,31 @@ read_cie (unsigned char *start, unsigned + return start; + } + ++/* Prints out the contents on the augmentation data array. ++ If do_wide is not enabled, then formats the output to fit into 80 columns. */ ++ ++static void ++display_augmentation_data (const unsigned char * data, const bfd_size_type len) ++{ ++ bfd_size_type i; ++ ++ i = printf (_(" Augmentation data: ")); ++ ++ if (do_wide || len < ((80 - i) / 3)) ++ for (i = 0; i < len; ++i) ++ printf (" %02x", data[i]); ++ else ++ { ++ for (i = 0; i < len; ++i) ++ { ++ if (i % (80 / 3) == 0) ++ putchar ('\n'); ++ printf (" %02x", data[i]); ++ } ++ } ++ putchar ('\n'); ++} ++ + static int + display_debug_frames (struct dwarf_section *section, + void *file ATTRIBUTE_UNUSED) +@@ -6729,7 +6755,7 @@ display_debug_frames (struct dwarf_secti + Frame_Chunk *cie; + int need_col_headers = 1; + unsigned char *augmentation_data = NULL; +- unsigned long augmentation_data_len = 0; ++ bfd_size_type augmentation_data_len = 0; + unsigned int encoded_ptr_size = saved_eh_addr_size; + unsigned int offset_size; + unsigned int initial_length_size; +@@ -6823,16 +6849,8 @@ display_debug_frames (struct dwarf_secti + printf (" Return address column: %d\n", fc->ra); + + if (augmentation_data_len) +- { +- unsigned long i; ++ display_augmentation_data (augmentation_data, augmentation_data_len); + +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- /* FIXME: If do_wide is FALSE, then we should +- add carriage returns at 80 columns... */ +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); +- } + putchar ('\n'); + } + } +@@ -6988,11 +7006,13 @@ display_debug_frames (struct dwarf_secti + READ_ULEB (augmentation_data_len); + augmentation_data = start; + start += augmentation_data_len; +- /* PR 17512: file: 722-8446-0.004. */ +- if (start >= end || ((signed long) augmentation_data_len) < 0) ++ /* PR 17512 file: 722-8446-0.004 and PR 22386. */ ++ if (start >= end ++ || ((bfd_signed_vma) augmentation_data_len) < 0 ++ || augmentation_data > start) + { +- warn (_("Corrupt augmentation data length: %lx\n"), +- augmentation_data_len); ++ warn (_("Corrupt augmentation data length: 0x%s\n"), ++ dwarf_vmatoa ("x", augmentation_data_len)); + start = end; + augmentation_data = NULL; + augmentation_data_len = 0; +@@ -7014,12 +7034,7 @@ display_debug_frames (struct dwarf_secti + + if (! do_debug_frames_interp && augmentation_data_len) + { +- unsigned long i; +- +- printf (" Augmentation data: "); +- for (i = 0; i < augmentation_data_len; ++i) +- printf (" %02x", augmentation_data[i]); +- putchar ('\n'); ++ display_augmentation_data (augmentation_data, augmentation_data_len); + putchar ('\n'); + } + } diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch new file mode 100644 index 0000000000..f9410e2728 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch @@ -0,0 +1,82 @@ +From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 17 Oct 2017 21:57:29 +1030 +Subject: [PATCH] PR22307, Heap out of bounds read in + _bfd_elf_parse_gnu_properties + +When adding an unbounded increment to a pointer, you can't just check +against the end of the buffer but also must check that overflow +doesn't result in "negative" pointer movement. Pointer comparisons +are signed. Better, check the increment against the space left using +an unsigned comparison. + + PR 22307 + * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz + against size left rather than comparing pointers. Reorganise loop. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16829 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/elf-properties.c | 18 +++++++++--------- + 2 files changed, 15 insertions(+), 9 deletions(-) + +Index: git/bfd/elf-properties.c +=================================================================== +--- git.orig/bfd/elf-properties.c ++++ git/bfd/elf-properties.c +@@ -93,15 +93,20 @@ bad_size: + return FALSE; + } + +- while (1) ++ while (ptr != ptr_end) + { +- unsigned int type = bfd_h_get_32 (abfd, ptr); +- unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4); ++ unsigned int type; ++ unsigned int datasz; + elf_property *prop; + ++ if ((size_t) (ptr_end - ptr) < 8) ++ goto bad_size; ++ ++ type = bfd_h_get_32 (abfd, ptr); ++ datasz = bfd_h_get_32 (abfd, ptr + 4); + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + _bfd_error_handler + (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"), +@@ -182,11 +187,6 @@ bad_size: + + next: + ptr += (datasz + (align_size - 1)) & ~ (align_size - 1); +- if (ptr == ptr_end) +- break; +- +- if (ptr > (ptr_end - 8)) +- goto bad_size; + } + + return TRUE; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2017-10-17 Alan Modra <amodra@gmail.com> ++ ++ PR 22307 ++ * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz ++ against size left rather than comparing pointers. Reorganise loop. ++ ++2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22306 + * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch new file mode 100644 index 0000000000..1382c8e3e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch @@ -0,0 +1,91 @@ +From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001 +From: Mingi Cho <mgcho.minic@gmail.com> +Date: Thu, 2 Nov 2017 17:01:08 +0000 +Subject: [PATCH] Work around integer overflows when readelf is checking for + corrupt ELF notes when run on a 32-bit host. + + PR 22384 + * readelf.c (print_gnu_property_note): Improve overflow checks so + that they will work on a 32-bit host. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16830 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/readelf.c | 33 +++++++++++++++++---------------- + 2 files changed, 23 insertions(+), 16 deletions(-) + +Index: git/binutils/readelf.c +=================================================================== +--- git.orig/binutils/readelf.c ++++ git/binutils/readelf.c +@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No + return; + } + +- while (1) ++ while (ptr < ptr_end) + { + unsigned int j; +- unsigned int type = byte_get (ptr, 4); +- unsigned int datasz = byte_get (ptr + 4, 4); ++ unsigned int type; ++ unsigned int datasz; ++ ++ if ((size_t) (ptr_end - ptr) < 8) ++ { ++ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); ++ break; ++ } ++ ++ type = byte_get (ptr, 4); ++ datasz = byte_get (ptr + 4, 4); + + ptr += 8; + +- if ((ptr + datasz) > ptr_end) ++ if (datasz > (size_t) (ptr_end - ptr)) + { + printf (_("<corrupt type (%#x) datasz: %#x>\n"), + type, datasz); +@@ -16520,19 +16529,11 @@ next: + ptr += ((datasz + (size - 1)) & ~ (size - 1)); + if (ptr == ptr_end) + break; +- else +- { +- if (do_wide) +- printf (", "); +- else +- printf ("\n\t"); +- } + +- if (ptr > (ptr_end - 8)) +- { +- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); +- break; +- } ++ if (do_wide) ++ printf (", "); ++ else ++ printf ("\n\t"); + } + + printf ("\n"); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-02 Mingi Cho <mgcho.minic@gmail.com> ++ ++ PR 22384 ++ * readelf.c (print_gnu_property_note): Improve overflow checks so ++ that they will work on a 32-bit host. ++ + 2017-10-05 Alan Modra <amodra@gmail.com> + + PR 22239 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch new file mode 100644 index 0000000000..7acd5e0f2f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch @@ -0,0 +1,77 @@ +From 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 3 Nov 2017 11:55:21 +0000 +Subject: [PATCH] Fix excessive memory allocation attempts and possible integer + overfloaws when attempting to read a COFF binary with a corrupt symbol count. + + PR 22385 + * coffgen.c (_bfd_coff_get_external_symbols): Check for an + overlarge raw syment count. + (coff_get_normalized_symtab): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16831 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/coffgen.c | 17 +++++++++++++++-- + 2 files changed, 23 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2017-11-03 Mingi Cho <mgcho.minic@gmail.com> ++ Nick Clifton <nickc@redhat.com> ++ ++ PR 22385 ++ * coffgen.c (_bfd_coff_get_external_symbols): Check for an ++ overlarge raw syment count. ++ (coff_get_normalized_symtab): Likewise. ++ + 2017-10-17 Alan Modra <amodra@gmail.com> + + PR 22307 +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf + size = obj_raw_syment_count (abfd) * symesz; + if (size == 0) + return TRUE; ++ /* Check for integer overflow and for unreasonable symbol counts. */ ++ if (size < obj_raw_syment_count (abfd) ++ || (bfd_get_file_size (abfd) > 0 ++ && size > bfd_get_file_size (abfd))) ++ ++ { ++ _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"), ++ abfd, obj_raw_syment_count (abfd)); ++ return FALSE; ++ } + + syms = bfd_malloc (size); + if (syms == NULL) + { + /* PR 21013: Provide an error message when the alloc fails. */ +- _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"), +- abfd, size); ++ _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"), ++ abfd, obj_raw_syment_count (abfd), symesz); + return FALSE; + } + +@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd) + return NULL; + + size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type); ++ /* Check for integer overflow. */ ++ if (size < obj_raw_syment_count (abfd)) ++ return NULL; + internal = (combined_entry_type *) bfd_zalloc (abfd, size); + if (internal == NULL && size != 0) + return NULL; diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch new file mode 100644 index 0000000000..9044bccf95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch @@ -0,0 +1,61 @@ +From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 31 Oct 2017 14:29:40 +0000 +Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary + with a corrupt data dictionary. + + PR 22373 + * peicode.h (pe_bfd_read_buildid): Check for invalid size and data + offset values. + +Upstrem-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-16832 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/peicode.h | 9 ++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + +Index: git/bfd/peicode.h +=================================================================== +--- git.orig/bfd/peicode.h ++++ git/bfd/peicode.h +@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd) + bfd_byte *data = 0; + bfd_size_type dataoff; + unsigned int i; +- + bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress; + bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size; + +@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd) + + dataoff = addr - section->vma; + +- /* PR 20605: Make sure that the data is really there. */ +- if (dataoff + size > section->size) ++ /* PR 20605 and 22373: Make sure that the data is really there. ++ Note - since we are dealing with unsigned quantities we have ++ to be careful to check for potential overflows. */ ++ if (dataoff > section->size ++ || size > section->size ++ || dataoff + size > section->size) + { + _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), + abfd); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-10-31 Nick Clifton <nickc@redhat.com> ++ ++ PR 22373 ++ * peicode.h (pe_bfd_read_buildid): Check for invalid size and data ++ offset values. ++ + 2017-11-03 Mingi Cho <mgcho.minic@gmail.com> + Nick Clifton <nickc@redhat.com> + diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch new file mode 100644 index 0000000000..611a276def --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch @@ -0,0 +1,78 @@ +From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 16 Nov 2017 14:53:32 +0000 +Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly + formated core notes. + + PR 22421 + * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. + (elfcore_grok_openbsd_procinfo): Likewise. + (elfcore_grok_nto_status): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17080 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf.c | 10 ++++++++++ + 2 files changed, 17 insertions(+) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd, + /* Check for version 1 in pr_version. */ + if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1) + return FALSE; ++ + offset = 4; + + /* Skip over pr_psinfosz. */ +@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N + static bfd_boolean + elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x7c + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf + static bfd_boolean + elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note) + { ++ if (note->descsz <= 0x48 + 31) ++ return FALSE; ++ + /* Signal number at offset 0x08. */ + elf_tdata (abfd)->core->signal + = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08); +@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_ + short sig; + unsigned flags; + ++ if (note->descsz < 16) ++ return FALSE; ++ + /* nto_procfs_status 'pid' field is at offset 0. */ + elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-16 Nick Clifton <nickc@redhat.com> ++ ++ PR 22421 ++ * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough. ++ (elfcore_grok_openbsd_procinfo): Likewise. ++ (elfcore_grok_nto_status): Likewise. ++ + 2017-10-31 Nick Clifton <nickc@redhat.com> + + PR 22373 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch new file mode 100644 index 0000000000..4b675f7b72 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch @@ -0,0 +1,366 @@ +From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 13:20:31 +0000 +Subject: [PATCH] Fix a memory access violation when attempting to parse a + corrupt COFF binary with a relocation that points beyond the end of the + section to be relocated. + + PR 22506 + * reloc.c (reloc_offset_in_range): Rename to + bfd_reloc_offset_in_range and export. + (bfd_perform_relocation): Rename function invocation. + (bfd_install_relocation): Likewise. + (bfd_final_link_relocate): Likewise. + * bfd-in2.h: Regenerate. + * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. + * coff-i386.c (coff_i386_reloc): Likewise. + * coff-i860.c (coff_i860_reloc): Likewise. + * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. + * coff-m88k.c (m88k_special_reloc): Likewise. + * coff-mips.c (mips_reflo_reloc): Likewise. + * coff-x86_64.c (coff_amd64_reloc): Likewise. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17121 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 17 +++++++++++++++ + bfd/bfd-in2.h | 6 +++++ + bfd/coff-arm.c | 65 ++++++++++++++++++++++++++++++------------------------- + bfd/coff-i386.c | 5 +++++ + bfd/coff-i860.c | 5 +++++ + bfd/coff-m68k.c | 5 +++++ + bfd/coff-m88k.c | 9 +++++++- + bfd/coff-mips.c | 6 +++++ + bfd/coff-x86_64.c | 16 +++++--------- + bfd/reloc.c | 40 +++++++++++++++++++++++++++++----- + 10 files changed, 126 insertions(+), 48 deletions(-) + +Index: git/bfd/bfd-in2.h +=================================================================== +--- git.orig/bfd/bfd-in2.h ++++ git/bfd/bfd-in2.h +@@ -2661,6 +2661,12 @@ bfd_reloc_status_type bfd_check_overflow + unsigned int addrsize, + bfd_vma relocation); + ++bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ + bfd_reloc_status_type bfd_perform_relocation + (bfd *abfd, + arelent *reloc_entry, +Index: git/bfd/coff-arm.c +=================================================================== +--- git.orig/bfd/coff-arm.c ++++ git/bfd/coff-arm.c +@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd, + x = ((x & ~howto->dst_mask) \ + | (((x & howto->src_mask) + diff) & howto->dst_mask)) + +- if (diff != 0) +- { +- reloc_howto_type *howto = reloc_entry->howto; +- unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ if (diff != 0) ++ { ++ reloc_howto_type *howto = reloc_entry->howto; ++ unsigned char *addr = (unsigned char *) data + reloc_entry->address; ++ ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ switch (howto->size) ++ { ++ case 0: ++ { ++ char x = bfd_get_8 (abfd, addr); ++ DOIT (x); ++ bfd_put_8 (abfd, x, addr); ++ } ++ break; + +- switch (howto->size) ++ case 1: + { +- case 0: +- { +- char x = bfd_get_8 (abfd, addr); +- DOIT (x); +- bfd_put_8 (abfd, x, addr); +- } +- break; +- +- case 1: +- { +- short x = bfd_get_16 (abfd, addr); +- DOIT (x); +- bfd_put_16 (abfd, (bfd_vma) x, addr); +- } +- break; +- +- case 2: +- { +- long x = bfd_get_32 (abfd, addr); +- DOIT (x); +- bfd_put_32 (abfd, (bfd_vma) x, addr); +- } +- break; ++ short x = bfd_get_16 (abfd, addr); ++ DOIT (x); ++ bfd_put_16 (abfd, (bfd_vma) x, addr); ++ } ++ break; + +- default: +- abort (); ++ case 2: ++ { ++ long x = bfd_get_32 (abfd, addr); ++ DOIT (x); ++ bfd_put_32 (abfd, (bfd_vma) x, addr); + } +- } ++ break; ++ ++ default: ++ abort (); ++ } ++ } + + /* Now let bfd_perform_relocation finish everything up. */ + return bfd_reloc_continue; +Index: git/bfd/coff-i386.c +=================================================================== +--- git.orig/bfd/coff-i386.c ++++ git/bfd/coff-i386.c +@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-i860.c +=================================================================== +--- git.orig/bfd/coff-i860.c ++++ git/bfd/coff-i860.c +@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m68k.c +=================================================================== +--- git.orig/bfd/coff-m68k.c ++++ git/bfd/coff-m68k.c +@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd * + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + switch (howto->size) + { + case 0: +Index: git/bfd/coff-m88k.c +=================================================================== +--- git.orig/bfd/coff-m88k.c ++++ git/bfd/coff-m88k.c +@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd, + { + bfd_vma output_base = 0; + bfd_vma addr = reloc_entry->address; +- bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ bfd_vma x; + asection *reloc_target_output_section; + long relocation = 0; + ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ ++ x = bfd_get_16 (abfd, (bfd_byte *) data + addr); ++ + /* Work out which section the relocation is targeted at and the + initial relocation command value. */ + +Index: git/bfd/coff-mips.c +=================================================================== +--- git.orig/bfd/coff-mips.c ++++ git/bfd/coff-mips.c +@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UN + unsigned long vallo; + struct mips_hi *next; + ++ if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd, ++ input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; ++ + /* Do the REFHI relocation. Note that we actually don't + need to know anything about the REFLO itself, except + where to find the low 16 bits of the addend needed by the +Index: git/bfd/coff-x86_64.c +=================================================================== +--- git.orig/bfd/coff-x86_64.c ++++ git/bfd/coff-x86_64.c +@@ -143,16 +143,10 @@ coff_amd64_reloc (bfd *abfd, + reloc_howto_type *howto = reloc_entry->howto; + unsigned char *addr = (unsigned char *) data + reloc_entry->address; + +- /* FIXME: We do not have an end address for data, so we cannot +- accurately range check any addresses computed against it. +- cf: PR binutils/17512: file: 1085-1761-0.004. +- For now we do the best that we can. */ +- if (addr < (unsigned char *) data +- || addr > ((unsigned char *) data) + input_section->size) +- { +- bfd_set_error (bfd_error_bad_value); +- return bfd_reloc_notsupported; +- } ++ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, ++ reloc_entry->address ++ * bfd_octets_per_byte (abfd))) ++ return bfd_reloc_outofrange; + + switch (howto->size) + { +Index: git/bfd/reloc.c +=================================================================== +--- git.orig/bfd/reloc.c ++++ git/bfd/reloc.c +@@ -538,12 +538,31 @@ bfd_check_overflow (enum complain_overfl + return flag; + } + ++/* ++FUNCTION ++ bfd_reloc_offset_in_range ++ ++SYNOPSIS ++ bfd_boolean bfd_reloc_offset_in_range ++ (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type offset); ++ ++DESCRIPTION ++ Returns TRUE if the reloc described by @var{HOWTO} can be ++ applied at @var{OFFSET} octets in @var{SECTION}. ++ ++*/ ++ + /* HOWTO describes a relocation, at offset OCTET. Return whether the + relocation field is within SECTION of ABFD. */ + +-static bfd_boolean +-reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd, +- asection *section, bfd_size_type octet) ++bfd_boolean ++bfd_reloc_offset_in_range (reloc_howto_type *howto, ++ bfd *abfd, ++ asection *section, ++ bfd_size_type octet) + { + bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section); + bfd_size_type reloc_size = bfd_get_reloc_size (howto); +@@ -617,6 +636,11 @@ bfd_perform_relocation (bfd *abfd, + if (howto && howto->special_function) + { + bfd_reloc_status_type cont; ++ ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + cont = howto->special_function (abfd, reloc_entry, symbol, data, + input_section, output_bfd, + error_message); +@@ -637,7 +661,7 @@ bfd_perform_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1003,6 +1027,10 @@ bfd_install_relocation (bfd *abfd, + { + bfd_reloc_status_type cont; + ++ /* Note - we do not call bfd_reloc_offset_in_range here as the ++ reloc_entry->address field might actually be valid for the ++ backend concerned. It is up to the special_function itself ++ to call bfd_reloc_offset_in_range if needed. */ + /* XXX - The special_function calls haven't been fixed up to deal + with creating new relocations and section contents. */ + cont = howto->special_function (abfd, reloc_entry, symbol, +@@ -1025,7 +1053,7 @@ bfd_install_relocation (bfd *abfd, + + /* Is the address of the relocation really within the section? */ + octets = reloc_entry->address * bfd_octets_per_byte (abfd); +- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* Work out which section the relocation is targeted at and the +@@ -1363,7 +1391,7 @@ _bfd_final_link_relocate (reloc_howto_ty + bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); + + /* Sanity check the address. */ +- if (!reloc_offset_in_range (howto, input_bfd, input_section, octets)) ++ if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets)) + return bfd_reloc_outofrange; + + /* This function assumes that we are dealing with a basic relocation +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,20 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22506 ++ * reloc.c (reloc_offset_in_range): Rename to ++ bfd_reloc_offset_in_range and export. ++ (bfd_perform_relocation): Rename function invocation. ++ (bfd_install_relocation): Likewise. ++ (bfd_final_link_relocate): Likewise. ++ * bfd-in2.h: Regenerate. ++ * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. ++ * coff-i386.c (coff_i386_reloc): Likewise. ++ * coff-i860.c (coff_i860_reloc): Likewise. ++ * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. ++ * coff-m88k.c (m88k_special_reloc): Likewise. ++ * coff-mips.c (mips_reflo_reloc): Likewise. ++ * coff-x86_64.c (coff_amd64_reloc): Likewise. ++ + 2017-11-16 Nick Clifton <nickc@redhat.com> + + PR 22421 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch new file mode 100644 index 0000000000..5ae749bcca --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch @@ -0,0 +1,58 @@ +From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 12:40:43 +0000 +Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of + memory when parsing relocs in a corrupt file. + + PR 22508 + * objdump.c (dump_relocs_in_section): Also check the section's + relocation count to make sure that it is reasonable before + attempting to allocate space for the relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17122 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 7 +++++++ + binutils/objdump.c | 11 ++++++++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd, + } + + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 +- && (ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ && (((ufile_ptr) relsize > bfd_get_file_size (abfd)) ++ /* Also check the section's reloc count since if this is negative ++ (or very large) the computation in bfd_get_reloc_upper_bound ++ may have resulted in returning a small, positive integer. ++ See PR 22508 for a reproducer. ++ ++ Note - we check against file size rather than section size as ++ it is possible for there to be more relocs that apply to a ++ section than there are bytes in that section. */ ++ || (section->reloc_count > bfd_get_file_size (abfd)))) + { + printf (" (too many: 0x%x)\n", section->reloc_count); + bfd_set_error (bfd_error_file_truncated); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,10 @@ ++2017-11-29 Nick Clifton <nickc@redhat.com> ++ ++ PR 22508 ++ * objdump.c (dump_relocs_in_section): Also check the section's ++ relocation count to make sure that it is reasonable before ++ attempting to allocate space for the relocs. ++ + 2017-11-02 Mingi Cho <mgcho.minic@gmail.com> + + PR 22384 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch new file mode 100644 index 0000000000..08412108da --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch @@ -0,0 +1,33 @@ +From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 29 Nov 2017 17:12:12 +0000 +Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a + COFF based file. + + PR 22509 + * coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol + pointer when processing relocs. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17123 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffcode.h | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +Index: git/bfd/coffcode.h +=================================================================== +--- git.orig/bfd/coffcode.h ++++ git/bfd/coffcode.h +@@ -5326,7 +5326,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ + #else + cache_ptr->address = dst.r_vaddr; + +- if (dst.r_symndx != -1) ++ if (dst.r_symndx != -1 && symbols != NULL) + { + if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd)) + { diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch new file mode 100644 index 0000000000..16f0768d95 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch @@ -0,0 +1,47 @@ +From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Nov 2017 18:00:29 +0000 +Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in + strings from a COFF binary with a corrupt string table size. + + PR 22507 + * coffgen.c (_bfd_coff_read_string_table): Check for an excessive + size of the external string table. + +Upstream-Status: Backport +Affects binutls <= 2.29.1 +CVE: CVE-2017-17124 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 4 ++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd) + #endif + } + +- if (strsize < STRING_SIZE_SIZE) ++ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) + { + _bfd_error_handler + /* xgettext: c-format */ +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2017-11-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22507 ++ * coffgen.c (_bfd_coff_read_string_table): Check for an excessive ++ size of the external string table. ++ + 2018-03-28 Eric Botcazou <ebotcazou@adacore.com> + + PR ld/22972 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch new file mode 100644 index 0000000000..30dc6d5727 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch @@ -0,0 +1,129 @@ +From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 18 Nov 2017 23:18:22 +1030 +Subject: [PATCH] PR22443, Global buffer overflow in + _bfd_elf_get_symbol_version_string + +Symbols like *ABS* defined in bfd/section.c:global_syms are not +elf_symbol_type. They can appear on relocs and perhaps other places +in an ELF bfd, so a number of places in nm.c and objdump.c are wrong +to cast an asymbol based on the bfd being ELF. I think we lose +nothing by excluding all section symbols, not just the global_syms. + + PR 22443 + * nm.c (sort_symbols_by_size): Don't attempt to access + section symbol internal_elf_sym. + (print_symbol): Likewise. Don't call bfd_get_symbol_version_string + for section symbols. + * objdump.c (compare_symbols): Don't attempt to access + section symbol internal_elf_sym. + (objdump_print_symname): Don't call bfd_get_symbol_version_string + for section symbols. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2017-17125 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 12 ++++++++++++ + binutils/nm.c | 17 ++++++++++------- + binutils/objdump.c | 6 +++--- + 3 files changed, 25 insertions(+), 10 deletions(-) + +Index: git/binutils/nm.c +=================================================================== +--- git.orig/binutils/nm.c ++++ git/binutils/nm.c +@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + asection *sec; + bfd_vma sz; + asymbol *temp; +- int synthetic = (sym->flags & BSF_SYNTHETIC); + + if (from + size < fromend) + { +@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo + sec = bfd_get_section (sym); + + /* Synthetic symbols don't have a full type set of data available, thus +- we can't rely on that information for the symbol size. */ +- if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour) ++ we can't rely on that information for the symbol size. Ditto for ++ bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_get_flavour (abfd) == bfd_target_elf_flavour) + sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size; +- else if (!synthetic && bfd_is_com_section (sec)) ++ else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 ++ && bfd_is_com_section (sec)) + sz = sym->value; + else + { +@@ -874,8 +876,9 @@ print_symbol (bfd * abfd, + + info.sinfo = &syminfo; + info.ssize = ssize; +- /* Synthetic symbols do not have a full symbol type set of data available. */ +- if ((sym->flags & BSF_SYNTHETIC) != 0) ++ /* Synthetic symbols do not have a full symbol type set of data available. ++ Nor do bfd/section.c:global_syms like *ABS*. */ ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0) + { + info.elfinfo = NULL; + info.coffinfo = NULL; +@@ -893,7 +896,7 @@ print_symbol (bfd * abfd, + const char * version_string = NULL; + bfd_boolean hidden = FALSE; + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v + bfd_vma asz, bsz; + + asz = 0; +- if ((a->flags & BSF_SYNTHETIC) == 0) ++ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; + bsz = 0; +- if ((b->flags & BSF_SYNTHETIC) == 0) ++ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; + if (asz != bsz) + return asz > bsz ? -1 : 1; +@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct + name = alloc; + } + +- if ((sym->flags & BSF_SYNTHETIC) == 0) ++ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) + version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); + + if (bfd_is_und_section (bfd_get_section (sym))) +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,15 @@ ++2017-11-18 Alan Modra <amodra@gmail.com> ++ ++ PR 22443 ++ * nm.c (sort_symbols_by_size): Don't attempt to access ++ section symbol internal_elf_sym. ++ (print_symbol): Likewise. Don't call bfd_get_symbol_version_string ++ for section symbols. ++ * objdump.c (compare_symbols): Don't attempt to access ++ section symbol internal_elf_sym. ++ (objdump_print_symname): Don't call bfd_get_symbol_version_string ++ for section symbols. ++ + 2017-11-29 Nick Clifton <nickc@redhat.com> + + PR 22508 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch new file mode 100644 index 0000000000..caaaf2317e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch @@ -0,0 +1,58 @@ +From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 12:35:55 +0100 +Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF + information. + + PR 23064 + * dwarf.c (process_cu_tu_index): Test for a potential buffer + overrun before copying signature pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10372 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 6 ++++++ + binutils/dwarf.c | 13 ++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +Index: git/binutils/dwarf.c +=================================================================== +--- git.orig/binutils/dwarf.c ++++ git/binutils/dwarf.c +@@ -8526,7 +8526,18 @@ process_cu_tu_index (struct dwarf_sectio + } + + if (!do_display) +- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); ++ { ++ size_t num_copy = sizeof (uint64_t); ++ ++ /* PR 23064: Beware of buffer overflow. */ ++ if (ph + num_copy < limit) ++ memcpy (&this_set[row - 1].signature, ph, num_copy); ++ else ++ { ++ warn (_("Signature (%p) extends beyond end of space in section\n"), ph); ++ return 0; ++ } ++ } + + prow = poffsets + (row - 1) * ncols * 4; + /* PR 17531: file: b8ce60a8. */ +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23064 ++ * dwarf.c (process_cu_tu_index): Test for a potential buffer ++ overrun before copying signature pointer. ++ + 2017-11-18 Alan Modra <amodra@gmail.com> + + PR 22443 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch new file mode 100644 index 0000000000..963d767f84 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch @@ -0,0 +1,45 @@ +From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 17 Apr 2018 14:30:07 +0100 +Subject: [PATCH] Add a check for a NULL table pointer before attempting to + compute a DWARF filename. + + PR 23065 + * dwarf2.c (concat_filename): Check for a NULL table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10373 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/dwarf2.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table + { + char *filename; + +- if (file - 1 >= table->num_files) ++ if (table == NULL || file - 1 >= table->num_files) + { + /* FILE == 0 means unknown. */ + if (file) +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-04-17 Nick Clifton <nickc@redhat.com> ++ ++ PR 23065 ++ * dwarf2.c (concat_filename): Check for a NULL table pointer. ++ + 2017-11-28 Nick Clifton <nickc@redhat.com> + + PR 22506 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch new file mode 100644 index 0000000000..27e86285a2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch @@ -0,0 +1,2443 @@ +From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:31:27 +0100 +Subject: [PATCH] Fix an illegal memory access when copying a PE format file + with corrupt debug information. + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for + a negative PE_DEBUG_DATA size before iterating over the debug data. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10534 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 + + bfd/peXXigen.c | 9 + + bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------ + 3 files changed, 2662 insertions(+), 2984 deletions(-) + +Index: git/bfd/peXXigen.c +=================================================================== +--- git.orig/bfd/peXXigen.c ++++ git/bfd/peXXigen.c +@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common + bfd_get_section_size (section) - (addr - section->vma)); + return FALSE; + } ++ /* PR 23110. */ ++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler ++ (_("%pB: Data Directory size (%#lx) is negative"), ++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size); ++ return FALSE; ++ } + + for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size + / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) +Index: git/bfd/po/bfd.pot +=================================================================== +--- git.orig/bfd/po/bfd.pot ++++ git/bfd/po/bfd.pot +@@ -6119,1961 +6119,1932 @@ msgstr "" + #. Rotate. + #. Redefine symbol to current location. + #. Define a literal. +-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395 ++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396 + #, c-format + msgid "%s: not supported" + msgstr "" + +-#: vms-alpha.c:2121 ++#: vms-alpha.c:2122 + #, c-format + msgid "%s: not implemented" + msgstr "" + +-#: vms-alpha.c:2379 ++#: vms-alpha.c:2380 + #, c-format + msgid "invalid use of %s with contexts" + msgstr "" + +-#: vms-alpha.c:2413 ++#: vms-alpha.c:2414 + #, c-format + msgid "reserved cmd %d" + msgstr "" + +-#: vms-alpha.c:2497 +-msgid "Corrupt EEOM record - size is too small" ++#: vms-alpha.c:2498 ++msgid "corrupt EEOM record - size is too small" + msgstr "" + +-#: vms-alpha.c:2506 +-msgid "Object module NOT error-free !\n" ++#: vms-alpha.c:2507 ++msgid "object module not error-free !" + msgstr "" + +-#: vms-alpha.c:3830 ++#: vms-alpha.c:3831 + #, c-format +-msgid "SEC_RELOC with no relocs in section %A" ++msgid "SEC_RELOC with no relocs in section %pA" + msgstr "" + +-#: vms-alpha.c:3882 vms-alpha.c:4095 ++#: vms-alpha.c:3883 vms-alpha.c:4096 + #, c-format +-msgid "Size error in section %A" ++msgid "size error in section %pA" + msgstr "" + +-#: vms-alpha.c:4041 +-msgid "Spurious ALPHA_R_BSR reloc" ++#: vms-alpha.c:4042 ++msgid "spurious ALPHA_R_BSR reloc" + msgstr "" + +-#: vms-alpha.c:4082 ++#: vms-alpha.c:4083 + #, c-format +-msgid "Unhandled relocation %s" ++msgid "unhandled relocation %s" + msgstr "" + +-#: vms-alpha.c:4375 ++#: vms-alpha.c:4376 + #, c-format + msgid "unknown source command %d" + msgstr "" + +-#: vms-alpha.c:4436 +-msgid "DST__K_SET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4442 +-msgid "DST__K_SET_LINUM_INCR_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4448 +-msgid "DST__K_RESET_LINUM_INCR not implemented" +-msgstr "" +- +-#: vms-alpha.c:4454 +-msgid "DST__K_BEG_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4460 +-msgid "DST__K_END_STMT_MODE not implemented" +-msgstr "" +- +-#: vms-alpha.c:4487 +-msgid "DST__K_SET_PC not implemented" +-msgstr "" +- +-#: vms-alpha.c:4493 +-msgid "DST__K_SET_PC_W not implemented" +-msgstr "" +- +-#: vms-alpha.c:4499 +-msgid "DST__K_SET_PC_L not implemented" +-msgstr "" +- +-#: vms-alpha.c:4505 +-msgid "DST__K_SET_STMTNUM not implemented" ++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455 ++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500 ++#: vms-alpha.c:4506 ++#, c-format ++msgid "%s not implemented" + msgstr "" + +-#: vms-alpha.c:4548 ++#: vms-alpha.c:4549 + #, c-format + msgid "unknown line command %d" + msgstr "" + +-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057 +-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095 ++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058 ++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096 + #, c-format +-msgid "Unknown reloc %s + %s" ++msgid "unknown reloc %s + %s" + msgstr "" + +-#: vms-alpha.c:5150 ++#: vms-alpha.c:5151 + #, c-format +-msgid "Unknown reloc %s" ++msgid "unknown reloc %s" + msgstr "" + +-#: vms-alpha.c:5163 +-msgid "Invalid section index in ETIR" ++#: vms-alpha.c:5164 ++msgid "invalid section index in ETIR" + msgstr "" + +-#: vms-alpha.c:5172 +-msgid "Relocation for non-REL psect" ++#: vms-alpha.c:5173 ++msgid "relocation for non-REL psect" + msgstr "" + +-#: vms-alpha.c:5219 ++#: vms-alpha.c:5220 + #, c-format +-msgid "Unknown symbol in command %s" ++msgid "unknown symbol in command %s" + msgstr "" + +-#: vms-alpha.c:5629 ++#: vms-alpha.c:5630 + #, c-format + msgid "reloc (%d) is *UNKNOWN*" + msgstr "" + +-#: vms-alpha.c:5745 ++#: vms-alpha.c:5746 + #, c-format + msgid " EMH %u (len=%u): " + msgstr "" + +-#: vms-alpha.c:5750 ++#: vms-alpha.c:5751 + #, c-format + msgid " Error: The length is less than the length of an EMH record\n" + msgstr "" + +-#: vms-alpha.c:5767 ++#: vms-alpha.c:5768 + #, c-format + msgid "" + " Error: The record length is less than the size of an EMH_MHD record\n" + msgstr "" + +-#: vms-alpha.c:5770 ++#: vms-alpha.c:5771 + #, c-format + msgid "Module header\n" + msgstr "" + +-#: vms-alpha.c:5771 ++#: vms-alpha.c:5772 + #, c-format + msgid " structure level: %u\n" + msgstr "" + +-#: vms-alpha.c:5772 ++#: vms-alpha.c:5773 + #, c-format + msgid " max record size: %u\n" + msgstr "" + +-#: vms-alpha.c:5778 ++#: vms-alpha.c:5779 + #, c-format + msgid " Error: The module name is missing\n" + msgstr "" + +-#: vms-alpha.c:5784 ++#: vms-alpha.c:5785 + #, c-format + msgid " Error: The module name is too long\n" + msgstr "" + +-#: vms-alpha.c:5787 ++#: vms-alpha.c:5788 + #, c-format + msgid " module name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5791 ++#: vms-alpha.c:5792 + #, c-format + msgid " Error: The module version is missing\n" + msgstr "" + +-#: vms-alpha.c:5797 ++#: vms-alpha.c:5798 + #, c-format + msgid " Error: The module version is too long\n" + msgstr "" + +-#: vms-alpha.c:5800 ++#: vms-alpha.c:5801 + #, c-format + msgid " module version : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5803 ++#: vms-alpha.c:5804 + #, c-format + msgid " Error: The compile date is truncated\n" + msgstr "" + +-#: vms-alpha.c:5805 ++#: vms-alpha.c:5806 + #, c-format + msgid " compile date : %.17s\n" + msgstr "" + +-#: vms-alpha.c:5810 ++#: vms-alpha.c:5811 + #, c-format + msgid "Language Processor Name\n" + msgstr "" + +-#: vms-alpha.c:5811 ++#: vms-alpha.c:5812 + #, c-format + msgid " language name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5815 ++#: vms-alpha.c:5816 + #, c-format + msgid "Source Files Header\n" + msgstr "" + +-#: vms-alpha.c:5816 ++#: vms-alpha.c:5817 + #, c-format + msgid " file: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5820 ++#: vms-alpha.c:5821 + #, c-format + msgid "Title Text Header\n" + msgstr "" + +-#: vms-alpha.c:5821 ++#: vms-alpha.c:5822 + #, c-format + msgid " title: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5825 ++#: vms-alpha.c:5826 + #, c-format + msgid "Copyright Header\n" + msgstr "" + +-#: vms-alpha.c:5826 ++#: vms-alpha.c:5827 + #, c-format + msgid " copyright: %.*s\n" + msgstr "" + +-#: vms-alpha.c:5830 ++#: vms-alpha.c:5831 + #, c-format + msgid "unhandled emh subtype %u\n" + msgstr "" + +-#: vms-alpha.c:5840 ++#: vms-alpha.c:5841 + #, c-format + msgid " EEOM (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5845 ++#: vms-alpha.c:5846 + #, c-format + msgid " Error: The length is less than the length of an EEOM record\n" + msgstr "" + +-#: vms-alpha.c:5849 ++#: vms-alpha.c:5850 + #, c-format + msgid " number of cond linkage pairs: %u\n" + msgstr "" + +-#: vms-alpha.c:5851 ++#: vms-alpha.c:5852 + #, c-format + msgid " completion code: %u\n" + msgstr "" + +-#: vms-alpha.c:5855 ++#: vms-alpha.c:5856 + #, c-format + msgid " transfer addr flags: 0x%02x\n" + msgstr "" + +-#: vms-alpha.c:5856 ++#: vms-alpha.c:5857 + #, c-format + msgid " transfer addr psect: %u\n" + msgstr "" + +-#: vms-alpha.c:5858 ++#: vms-alpha.c:5859 + #, c-format + msgid " transfer address : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5867 ++#: vms-alpha.c:5868 + msgid " WEAK" + msgstr "" + +-#: vms-alpha.c:5869 ++#: vms-alpha.c:5870 + msgid " DEF" + msgstr "" + +-#: vms-alpha.c:5871 ++#: vms-alpha.c:5872 + msgid " UNI" + msgstr "" + +-#: vms-alpha.c:5873 vms-alpha.c:5894 ++#: vms-alpha.c:5874 vms-alpha.c:5895 + msgid " REL" + msgstr "" + +-#: vms-alpha.c:5875 ++#: vms-alpha.c:5876 + msgid " COMM" + msgstr "" + +-#: vms-alpha.c:5877 ++#: vms-alpha.c:5878 + msgid " VECEP" + msgstr "" + +-#: vms-alpha.c:5879 ++#: vms-alpha.c:5880 + msgid " NORM" + msgstr "" + +-#: vms-alpha.c:5881 ++#: vms-alpha.c:5882 + msgid " QVAL" + msgstr "" + +-#: vms-alpha.c:5888 ++#: vms-alpha.c:5889 + msgid " PIC" + msgstr "" + +-#: vms-alpha.c:5890 ++#: vms-alpha.c:5891 + msgid " LIB" + msgstr "" + +-#: vms-alpha.c:5892 ++#: vms-alpha.c:5893 + msgid " OVR" + msgstr "" + +-#: vms-alpha.c:5896 ++#: vms-alpha.c:5897 + msgid " GBL" + msgstr "" + +-#: vms-alpha.c:5898 ++#: vms-alpha.c:5899 + msgid " SHR" + msgstr "" + +-#: vms-alpha.c:5900 ++#: vms-alpha.c:5901 + msgid " EXE" + msgstr "" + +-#: vms-alpha.c:5902 ++#: vms-alpha.c:5903 + msgid " RD" + msgstr "" + +-#: vms-alpha.c:5904 ++#: vms-alpha.c:5905 + msgid " WRT" + msgstr "" + +-#: vms-alpha.c:5906 ++#: vms-alpha.c:5907 + msgid " VEC" + msgstr "" + +-#: vms-alpha.c:5908 ++#: vms-alpha.c:5909 + msgid " NOMOD" + msgstr "" + +-#: vms-alpha.c:5910 ++#: vms-alpha.c:5911 + msgid " COM" + msgstr "" + +-#: vms-alpha.c:5912 ++#: vms-alpha.c:5913 + msgid " 64B" + msgstr "" + +-#: vms-alpha.c:5921 ++#: vms-alpha.c:5922 + #, c-format + msgid " EGSD (len=%u):\n" + msgstr "" + +-#: vms-alpha.c:5934 ++#: vms-alpha.c:5935 + #, c-format + msgid " EGSD entry %2u (type: %u, len: %u): " + msgstr "" + +-#: vms-alpha.c:5940 vms-alpha.c:6191 ++#: vms-alpha.c:5941 vms-alpha.c:6192 + #, c-format + msgid " Error: length larger than remaining space in record\n" + msgstr "" + +-#: vms-alpha.c:5952 ++#: vms-alpha.c:5953 + #, c-format + msgid "PSC - Program section definition\n" + msgstr "" + +-#: vms-alpha.c:5953 vms-alpha.c:5970 ++#: vms-alpha.c:5954 vms-alpha.c:5971 + #, c-format + msgid " alignment : 2**%u\n" + msgstr "" + +-#: vms-alpha.c:5954 vms-alpha.c:5971 ++#: vms-alpha.c:5955 vms-alpha.c:5972 + #, c-format + msgid " flags : 0x%04x" + msgstr "" + +-#: vms-alpha.c:5958 ++#: vms-alpha.c:5959 + #, c-format + msgid " alloc (len): %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065 ++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5969 ++#: vms-alpha.c:5970 + #, c-format + msgid "SPSC - Shared Image Program section def\n" + msgstr "" + +-#: vms-alpha.c:5975 ++#: vms-alpha.c:5976 + #, c-format + msgid " alloc (len) : %u (0x%08x)\n" + msgstr "" + +-#: vms-alpha.c:5976 ++#: vms-alpha.c:5977 + #, c-format + msgid " image offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5978 ++#: vms-alpha.c:5979 + #, c-format + msgid " symvec offset : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:5980 ++#: vms-alpha.c:5981 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:5993 ++#: vms-alpha.c:5994 + #, c-format + msgid "SYM - Global symbol definition\n" + msgstr "" + +-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094 ++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:5997 ++#: vms-alpha.c:5998 + #, c-format + msgid " psect offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6001 ++#: vms-alpha.c:6002 + #, c-format + msgid " code address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6003 ++#: vms-alpha.c:6004 + #, c-format + msgid " psect index for entry point : %u\n" + msgstr "" + +-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101 ++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102 + #, c-format + msgid " psect index : %u\n" + msgstr "" + +-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103 ++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104 + #, c-format + msgid " name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6015 ++#: vms-alpha.c:6016 + #, c-format + msgid "SYM - Global symbol reference\n" + msgstr "" + +-#: vms-alpha.c:6027 ++#: vms-alpha.c:6028 + #, c-format + msgid "IDC - Ident Consistency check\n" + msgstr "" + +-#: vms-alpha.c:6028 ++#: vms-alpha.c:6029 + #, c-format + msgid " flags : 0x%08x" + msgstr "" + +-#: vms-alpha.c:6032 ++#: vms-alpha.c:6033 + #, c-format + msgid " id match : %x\n" + msgstr "" + +-#: vms-alpha.c:6034 ++#: vms-alpha.c:6035 + #, c-format + msgid " error severity: %x\n" + msgstr "" + +-#: vms-alpha.c:6037 ++#: vms-alpha.c:6038 + #, c-format + msgid " entity name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6039 ++#: vms-alpha.c:6040 + #, c-format + msgid " object name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6042 ++#: vms-alpha.c:6043 + #, c-format + msgid " binary ident : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6045 ++#: vms-alpha.c:6046 + #, c-format + msgid " ascii ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:6053 ++#: vms-alpha.c:6054 + #, c-format + msgid "SYMG - Universal symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6057 ++#: vms-alpha.c:6058 + #, c-format + msgid " symbol vector offset: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6059 ++#: vms-alpha.c:6060 + #, c-format + msgid " entry point: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6061 ++#: vms-alpha.c:6062 + #, c-format + msgid " proc descr : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6063 ++#: vms-alpha.c:6064 + #, c-format + msgid " psect index: %u\n" + msgstr "" + +-#: vms-alpha.c:6074 ++#: vms-alpha.c:6075 + #, c-format + msgid "SYMV - Vectored symbol definition\n" + msgstr "" + +-#: vms-alpha.c:6078 ++#: vms-alpha.c:6079 + #, c-format + msgid " vector : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6080 vms-alpha.c:6099 ++#: vms-alpha.c:6081 vms-alpha.c:6100 + #, c-format + msgid " psect offset: %u\n" + msgstr "" + +-#: vms-alpha.c:6093 ++#: vms-alpha.c:6094 + #, c-format + msgid "SYMM - Global symbol definition with version\n" + msgstr "" + +-#: vms-alpha.c:6097 ++#: vms-alpha.c:6098 + #, c-format + msgid " version mask: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6108 ++#: vms-alpha.c:6109 + #, c-format + msgid "unhandled egsd entry type %u\n" + msgstr "" + +-#: vms-alpha.c:6143 ++#: vms-alpha.c:6144 + #, c-format + msgid " linkage index: %u, replacement insn: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6147 ++#: vms-alpha.c:6148 + #, c-format + msgid " psect idx 1: %u, offset 1: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6152 ++#: vms-alpha.c:6153 + #, c-format + msgid " psect idx 2: %u, offset 2: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6158 ++#: vms-alpha.c:6159 + #, c-format + msgid " psect idx 3: %u, offset 3: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6163 ++#: vms-alpha.c:6164 + #, c-format + msgid " global name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6174 ++#: vms-alpha.c:6175 + #, c-format + msgid " %s (len=%u+%u):\n" + msgstr "" + +-#: vms-alpha.c:6196 ++#: vms-alpha.c:6197 + #, c-format + msgid " (type: %3u, size: 4+%3u): " + msgstr "" + +-#: vms-alpha.c:6200 ++#: vms-alpha.c:6201 + #, c-format + msgid "STA_GBL (stack global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6204 ++#: vms-alpha.c:6205 + #, c-format + msgid "STA_LW (stack longword) 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6208 ++#: vms-alpha.c:6209 + #, c-format + msgid "STA_QW (stack quadword) 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6213 ++#: vms-alpha.c:6214 + #, c-format + msgid "STA_PQ (stack psect base + offset)\n" + msgstr "" + +-#: vms-alpha.c:6215 ++#: vms-alpha.c:6216 + #, c-format + msgid " psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6221 ++#: vms-alpha.c:6222 + #, c-format + msgid "STA_LI (stack literal)\n" + msgstr "" + +-#: vms-alpha.c:6224 ++#: vms-alpha.c:6225 + #, c-format + msgid "STA_MOD (stack module)\n" + msgstr "" + +-#: vms-alpha.c:6227 ++#: vms-alpha.c:6228 + #, c-format + msgid "STA_CKARG (compare procedure argument)\n" + msgstr "" + +-#: vms-alpha.c:6231 ++#: vms-alpha.c:6232 + #, c-format + msgid "STO_B (store byte)\n" + msgstr "" + +-#: vms-alpha.c:6234 ++#: vms-alpha.c:6235 + #, c-format + msgid "STO_W (store word)\n" + msgstr "" + +-#: vms-alpha.c:6237 ++#: vms-alpha.c:6238 + #, c-format + msgid "STO_LW (store longword)\n" + msgstr "" + +-#: vms-alpha.c:6240 ++#: vms-alpha.c:6241 + #, c-format + msgid "STO_QW (store quadword)\n" + msgstr "" + +-#: vms-alpha.c:6246 ++#: vms-alpha.c:6247 + #, c-format + msgid "STO_IMMR (store immediate repeat) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6253 ++#: vms-alpha.c:6254 + #, c-format + msgid "STO_GBL (store global) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6257 ++#: vms-alpha.c:6258 + #, c-format + msgid "STO_CA (store code address) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6261 ++#: vms-alpha.c:6262 + #, c-format + msgid "STO_RB (store relative branch)\n" + msgstr "" + +-#: vms-alpha.c:6264 ++#: vms-alpha.c:6265 + #, c-format + msgid "STO_AB (store absolute branch)\n" + msgstr "" + +-#: vms-alpha.c:6267 ++#: vms-alpha.c:6268 + #, c-format + msgid "STO_OFF (store offset to psect)\n" + msgstr "" + +-#: vms-alpha.c:6273 ++#: vms-alpha.c:6274 + #, c-format + msgid "STO_IMM (store immediate) %u bytes\n" + msgstr "" + +-#: vms-alpha.c:6280 ++#: vms-alpha.c:6281 + #, c-format + msgid "STO_GBL_LW (store global longword) %.*s\n" + msgstr "" + +-#: vms-alpha.c:6284 ++#: vms-alpha.c:6285 + #, c-format + msgid "STO_OFF (store LP with procedure signature)\n" + msgstr "" + +-#: vms-alpha.c:6287 ++#: vms-alpha.c:6288 + #, c-format + msgid "STO_BR_GBL (store branch global) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6290 ++#: vms-alpha.c:6291 + #, c-format + msgid "STO_BR_PS (store branch psect + offset) *todo*\n" + msgstr "" + +-#: vms-alpha.c:6294 ++#: vms-alpha.c:6295 + #, c-format + msgid "OPR_NOP (no-operation)\n" + msgstr "" + +-#: vms-alpha.c:6297 ++#: vms-alpha.c:6298 + #, c-format + msgid "OPR_ADD (add)\n" + msgstr "" + +-#: vms-alpha.c:6300 ++#: vms-alpha.c:6301 + #, c-format + msgid "OPR_SUB (subtract)\n" + msgstr "" + +-#: vms-alpha.c:6303 ++#: vms-alpha.c:6304 + #, c-format + msgid "OPR_MUL (multiply)\n" + msgstr "" + +-#: vms-alpha.c:6306 ++#: vms-alpha.c:6307 + #, c-format + msgid "OPR_DIV (divide)\n" + msgstr "" + +-#: vms-alpha.c:6309 ++#: vms-alpha.c:6310 + #, c-format + msgid "OPR_AND (logical and)\n" + msgstr "" + +-#: vms-alpha.c:6312 ++#: vms-alpha.c:6313 + #, c-format + msgid "OPR_IOR (logical inclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6315 ++#: vms-alpha.c:6316 + #, c-format + msgid "OPR_EOR (logical exclusive or)\n" + msgstr "" + +-#: vms-alpha.c:6318 ++#: vms-alpha.c:6319 + #, c-format + msgid "OPR_NEG (negate)\n" + msgstr "" + +-#: vms-alpha.c:6321 ++#: vms-alpha.c:6322 + #, c-format + msgid "OPR_COM (complement)\n" + msgstr "" + +-#: vms-alpha.c:6324 ++#: vms-alpha.c:6325 + #, c-format + msgid "OPR_INSV (insert field)\n" + msgstr "" + +-#: vms-alpha.c:6327 ++#: vms-alpha.c:6328 + #, c-format + msgid "OPR_ASH (arithmetic shift)\n" + msgstr "" + +-#: vms-alpha.c:6330 ++#: vms-alpha.c:6331 + #, c-format + msgid "OPR_USH (unsigned shift)\n" + msgstr "" + +-#: vms-alpha.c:6333 ++#: vms-alpha.c:6334 + #, c-format + msgid "OPR_ROT (rotate)\n" + msgstr "" + +-#: vms-alpha.c:6336 ++#: vms-alpha.c:6337 + #, c-format + msgid "OPR_SEL (select)\n" + msgstr "" + +-#: vms-alpha.c:6339 ++#: vms-alpha.c:6340 + #, c-format + msgid "OPR_REDEF (redefine symbol to curr location)\n" + msgstr "" + +-#: vms-alpha.c:6342 ++#: vms-alpha.c:6343 + #, c-format + msgid "OPR_REDEF (define a literal)\n" + msgstr "" + +-#: vms-alpha.c:6346 ++#: vms-alpha.c:6347 + #, c-format + msgid "STC_LP (store cond linkage pair)\n" + msgstr "" + +-#: vms-alpha.c:6350 ++#: vms-alpha.c:6351 + #, c-format + msgid "STC_LP_PSB (store cond linkage pair + signature)\n" + msgstr "" + +-#: vms-alpha.c:6352 ++#: vms-alpha.c:6353 + #, c-format + msgid " linkage index: %u, procedure: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6355 ++#: vms-alpha.c:6356 + #, c-format + msgid " signature: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6358 ++#: vms-alpha.c:6359 + #, c-format + msgid "STC_GBL (store cond global)\n" + msgstr "" + +-#: vms-alpha.c:6360 ++#: vms-alpha.c:6361 + #, c-format + msgid " linkage index: %u, global: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6364 ++#: vms-alpha.c:6365 + #, c-format + msgid "STC_GCA (store cond code address)\n" + msgstr "" + +-#: vms-alpha.c:6366 ++#: vms-alpha.c:6367 + #, c-format + msgid " linkage index: %u, procedure name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:6370 ++#: vms-alpha.c:6371 + #, c-format + msgid "STC_PS (store cond psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6373 ++#: vms-alpha.c:6374 + #, c-format + msgid " linkage index: %u, psect: %u, offset: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:6380 ++#: vms-alpha.c:6381 + #, c-format + msgid "STC_NOP_GBL (store cond NOP at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6384 ++#: vms-alpha.c:6385 + #, c-format + msgid "STC_NOP_PS (store cond NOP at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6388 ++#: vms-alpha.c:6389 + #, c-format + msgid "STC_BSR_GBL (store cond BSR at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6392 ++#: vms-alpha.c:6393 + #, c-format + msgid "STC_BSR_PS (store cond BSR at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6396 ++#: vms-alpha.c:6397 + #, c-format + msgid "STC_LDA_GBL (store cond LDA at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6400 ++#: vms-alpha.c:6401 + #, c-format + msgid "STC_LDA_PS (store cond LDA at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6404 ++#: vms-alpha.c:6405 + #, c-format + msgid "STC_BOH_GBL (store cond BOH at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6408 ++#: vms-alpha.c:6409 + #, c-format + msgid "STC_BOH_PS (store cond BOH at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6413 ++#: vms-alpha.c:6414 + #, c-format + msgid "STC_NBH_GBL (store cond or hint at global addr)\n" + msgstr "" + +-#: vms-alpha.c:6417 ++#: vms-alpha.c:6418 + #, c-format + msgid "STC_NBH_PS (store cond or hint at psect + offset)\n" + msgstr "" + +-#: vms-alpha.c:6421 ++#: vms-alpha.c:6422 + #, c-format + msgid "CTL_SETRB (set relocation base)\n" + msgstr "" + +-#: vms-alpha.c:6427 ++#: vms-alpha.c:6428 + #, c-format + msgid "CTL_AUGRB (augment relocation base) %u\n" + msgstr "" + +-#: vms-alpha.c:6431 ++#: vms-alpha.c:6432 + #, c-format + msgid "CTL_DFLOC (define location)\n" + msgstr "" + +-#: vms-alpha.c:6434 ++#: vms-alpha.c:6435 + #, c-format + msgid "CTL_STLOC (set location)\n" + msgstr "" + +-#: vms-alpha.c:6437 ++#: vms-alpha.c:6438 + #, c-format + msgid "CTL_STKDL (stack defined location)\n" + msgstr "" + +-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990 ++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991 + #, c-format + msgid "*unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6470 vms-alpha.c:6509 ++#: vms-alpha.c:6471 vms-alpha.c:6510 + #, c-format + msgid "cannot read GST record length\n" + msgstr "" + + #. Ill-formed. +-#: vms-alpha.c:6491 ++#: vms-alpha.c:6492 + #, c-format + msgid "cannot find EMH in first GST record\n" + msgstr "" + +-#: vms-alpha.c:6517 ++#: vms-alpha.c:6518 + #, c-format + msgid "cannot read GST record header\n" + msgstr "" + +-#: vms-alpha.c:6530 ++#: vms-alpha.c:6531 + #, c-format + msgid " corrupted GST\n" + msgstr "" + +-#: vms-alpha.c:6538 ++#: vms-alpha.c:6539 + #, c-format + msgid "cannot read GST record\n" + msgstr "" + +-#: vms-alpha.c:6567 ++#: vms-alpha.c:6568 + #, c-format + msgid " unhandled EOBJ record type %u\n" + msgstr "" + +-#: vms-alpha.c:6591 ++#: vms-alpha.c:6592 + #, c-format + msgid " bitcount: %u, base addr: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6605 ++#: vms-alpha.c:6606 + #, c-format + msgid " bitmap: 0x%08x (count: %u):\n" + msgstr "" + +-#: vms-alpha.c:6612 ++#: vms-alpha.c:6613 + #, c-format + msgid " %08x" + msgstr "" + +-#: vms-alpha.c:6638 ++#: vms-alpha.c:6639 + #, c-format + msgid " image %u (%u entries)\n" + msgstr "" + +-#: vms-alpha.c:6644 ++#: vms-alpha.c:6645 + #, c-format + msgid " offset: 0x%08x, val: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6666 ++#: vms-alpha.c:6667 + #, c-format + msgid " image %u (%u entries), offsets:\n" + msgstr "" + +-#: vms-alpha.c:6673 ++#: vms-alpha.c:6674 + #, c-format + msgid " 0x%08x" + msgstr "" + + #. 64 bits. +-#: vms-alpha.c:6795 ++#: vms-alpha.c:6796 + #, c-format + msgid "64 bits *unhandled*\n" + msgstr "" + +-#: vms-alpha.c:6800 ++#: vms-alpha.c:6801 + #, c-format + msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6811 ++#: vms-alpha.c:6812 + #, c-format + msgid "non-contiguous array of %s\n" + msgstr "" + +-#: vms-alpha.c:6816 ++#: vms-alpha.c:6817 + #, c-format + msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n" + msgstr "" + +-#: vms-alpha.c:6821 ++#: vms-alpha.c:6822 + #, c-format + msgid "arsize: %u, a0: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6825 ++#: vms-alpha.c:6826 + #, c-format + msgid "Strides:\n" + msgstr "" + +-#: vms-alpha.c:6835 ++#: vms-alpha.c:6836 + #, c-format + msgid "Bounds:\n" + msgstr "" + +-#: vms-alpha.c:6841 ++#: vms-alpha.c:6842 + #, c-format + msgid "[%u]: Lower: %u, upper: %u\n" + msgstr "" + +-#: vms-alpha.c:6853 ++#: vms-alpha.c:6854 + #, c-format + msgid "unaligned bit-string of %s\n" + msgstr "" + +-#: vms-alpha.c:6858 ++#: vms-alpha.c:6859 + #, c-format + msgid "base: %u, pos: %u\n" + msgstr "" + +-#: vms-alpha.c:6879 ++#: vms-alpha.c:6880 + #, c-format + msgid "vflags: 0x%02x, value: 0x%08x " + msgstr "" + +-#: vms-alpha.c:6885 ++#: vms-alpha.c:6886 + #, c-format + msgid "(no value)\n" + msgstr "" + +-#: vms-alpha.c:6888 ++#: vms-alpha.c:6889 + #, c-format + msgid "(not active)\n" + msgstr "" + +-#: vms-alpha.c:6891 ++#: vms-alpha.c:6892 + #, c-format + msgid "(not allocated)\n" + msgstr "" + +-#: vms-alpha.c:6894 ++#: vms-alpha.c:6895 + #, c-format + msgid "(descriptor)\n" + msgstr "" + +-#: vms-alpha.c:6898 ++#: vms-alpha.c:6899 + #, c-format + msgid "(trailing value)\n" + msgstr "" + +-#: vms-alpha.c:6901 ++#: vms-alpha.c:6902 + #, c-format + msgid "(value spec follows)\n" + msgstr "" + +-#: vms-alpha.c:6904 ++#: vms-alpha.c:6905 + #, c-format + msgid "(at bit offset %u)\n" + msgstr "" + +-#: vms-alpha.c:6908 ++#: vms-alpha.c:6909 + #, c-format + msgid "(reg: %u, disp: %u, indir: %u, kind: " + msgstr "" + +-#: vms-alpha.c:6915 ++#: vms-alpha.c:6916 + msgid "literal" + msgstr "" + +-#: vms-alpha.c:6918 ++#: vms-alpha.c:6919 + msgid "address" + msgstr "" + +-#: vms-alpha.c:6921 ++#: vms-alpha.c:6922 + msgid "desc" + msgstr "" + +-#: vms-alpha.c:6924 ++#: vms-alpha.c:6925 + msgid "reg" + msgstr "" + +-#: vms-alpha.c:6941 ++#: vms-alpha.c:6942 + #, c-format + msgid "len: %2u, kind: %2u " + msgstr "" + +-#: vms-alpha.c:6947 ++#: vms-alpha.c:6948 + #, c-format + msgid "atomic, type=0x%02x %s\n" + msgstr "" + +-#: vms-alpha.c:6951 ++#: vms-alpha.c:6952 + #, c-format + msgid "indirect, defined at 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:6955 ++#: vms-alpha.c:6956 + #, c-format + msgid "typed pointer\n" + msgstr "" + +-#: vms-alpha.c:6959 ++#: vms-alpha.c:6960 + #, c-format + msgid "pointer\n" + msgstr "" + +-#: vms-alpha.c:6967 ++#: vms-alpha.c:6968 + #, c-format + msgid "array, dim: %u, bitmap: " + msgstr "" + +-#: vms-alpha.c:6974 ++#: vms-alpha.c:6975 + #, c-format + msgid "array descriptor:\n" + msgstr "" + +-#: vms-alpha.c:6981 ++#: vms-alpha.c:6982 + #, c-format + msgid "type spec for element:\n" + msgstr "" + +-#: vms-alpha.c:6983 ++#: vms-alpha.c:6984 + #, c-format + msgid "type spec for subscript %u:\n" + msgstr "" + +-#: vms-alpha.c:7001 ++#: vms-alpha.c:7002 + #, c-format + msgid "Debug symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7012 ++#: vms-alpha.c:7013 + #, c-format + msgid "cannot read DST header\n" + msgstr "" + +-#: vms-alpha.c:7018 ++#: vms-alpha.c:7019 + #, c-format + msgid " type: %3u, len: %3u (at 0x%08x): " + msgstr "" + +-#: vms-alpha.c:7032 ++#: vms-alpha.c:7033 + #, c-format + msgid "cannot read DST symbol\n" + msgstr "" + +-#: vms-alpha.c:7075 ++#: vms-alpha.c:7076 + #, c-format + msgid "standard data: %s\n" + msgstr "" + +-#: vms-alpha.c:7078 vms-alpha.c:7166 ++#: vms-alpha.c:7079 vms-alpha.c:7167 + #, c-format + msgid " name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7085 ++#: vms-alpha.c:7086 + #, c-format + msgid "modbeg\n" + msgstr "" + +-#: vms-alpha.c:7087 ++#: vms-alpha.c:7088 + #, c-format + msgid " flags: %d, language: %u, major: %u, minor: %u\n" + msgstr "" + +-#: vms-alpha.c:7093 vms-alpha.c:7367 ++#: vms-alpha.c:7094 vms-alpha.c:7368 + #, c-format + msgid " module name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7096 ++#: vms-alpha.c:7097 + #, c-format + msgid " compiler : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7101 ++#: vms-alpha.c:7102 + #, c-format + msgid "modend\n" + msgstr "" + +-#: vms-alpha.c:7108 ++#: vms-alpha.c:7109 + msgid "rtnbeg\n" + msgstr "" + +-#: vms-alpha.c:7110 ++#: vms-alpha.c:7111 + #, c-format + msgid " flags: %u, address: 0x%08x, pd-address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7115 ++#: vms-alpha.c:7116 + #, c-format + msgid " routine name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7123 ++#: vms-alpha.c:7124 + #, c-format + msgid "rtnend: size 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7131 ++#: vms-alpha.c:7132 + #, c-format + msgid "prolog: bkpt address 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7140 ++#: vms-alpha.c:7141 + #, c-format + msgid "epilog: flags: %u, count: %u\n" + msgstr "" + +-#: vms-alpha.c:7150 ++#: vms-alpha.c:7151 + #, c-format + msgid "blkbeg: address: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7159 ++#: vms-alpha.c:7160 + #, c-format + msgid "blkend: size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7165 ++#: vms-alpha.c:7166 + #, c-format + msgid "typspec (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7172 ++#: vms-alpha.c:7173 + #, c-format + msgid "septyp, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7181 ++#: vms-alpha.c:7182 + #, c-format + msgid "recbeg: name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7183 ++#: vms-alpha.c:7184 + #, c-format + msgid " len: %u bits\n" + msgstr "" + +-#: vms-alpha.c:7188 ++#: vms-alpha.c:7189 + #, c-format + msgid "recend\n" + msgstr "" + +-#: vms-alpha.c:7192 ++#: vms-alpha.c:7193 + #, c-format + msgid "enumbeg, len: %u, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7196 ++#: vms-alpha.c:7197 + #, c-format + msgid "enumelt, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7200 ++#: vms-alpha.c:7201 + #, c-format + msgid "enumend\n" + msgstr "" + +-#: vms-alpha.c:7205 ++#: vms-alpha.c:7206 + #, c-format + msgid "label, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7207 ++#: vms-alpha.c:7208 + #, c-format + msgid " address: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7217 ++#: vms-alpha.c:7218 + #, c-format + msgid "discontiguous range (nbr: %u)\n" + msgstr "" + +-#: vms-alpha.c:7220 ++#: vms-alpha.c:7221 + #, c-format + msgid " address: 0x%08x, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7230 ++#: vms-alpha.c:7231 + #, c-format + msgid "line num (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7247 ++#: vms-alpha.c:7248 + #, c-format + msgid "delta_pc_w %u\n" + msgstr "" + +-#: vms-alpha.c:7254 ++#: vms-alpha.c:7255 + #, c-format + msgid "incr_linum(b): +%u\n" + msgstr "" + +-#: vms-alpha.c:7260 ++#: vms-alpha.c:7261 + #, c-format + msgid "incr_linum_w: +%u\n" + msgstr "" + +-#: vms-alpha.c:7266 ++#: vms-alpha.c:7267 + #, c-format + msgid "incr_linum_l: +%u\n" + msgstr "" + +-#: vms-alpha.c:7272 ++#: vms-alpha.c:7273 + #, c-format + msgid "set_line_num(w) %u\n" + msgstr "" + +-#: vms-alpha.c:7277 ++#: vms-alpha.c:7278 + #, c-format + msgid "set_line_num_b %u\n" + msgstr "" + +-#: vms-alpha.c:7282 ++#: vms-alpha.c:7283 + #, c-format + msgid "set_line_num_l %u\n" + msgstr "" + +-#: vms-alpha.c:7287 ++#: vms-alpha.c:7288 + #, c-format + msgid "set_abs_pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7291 ++#: vms-alpha.c:7292 + #, c-format + msgid "delta_pc_l: +0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7296 ++#: vms-alpha.c:7297 + #, c-format + msgid "term(b): 0x%02x" + msgstr "" + +-#: vms-alpha.c:7298 ++#: vms-alpha.c:7299 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7303 ++#: vms-alpha.c:7304 + #, c-format + msgid "term_w: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7305 ++#: vms-alpha.c:7306 + #, c-format + msgid " pc: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7311 ++#: vms-alpha.c:7312 + #, c-format + msgid "delta pc +%-4d" + msgstr "" + +-#: vms-alpha.c:7315 ++#: vms-alpha.c:7316 + #, c-format + msgid " pc: 0x%08x line: %5u\n" + msgstr "" + +-#: vms-alpha.c:7320 ++#: vms-alpha.c:7321 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7335 ++#: vms-alpha.c:7336 + #, c-format + msgid "source (len: %u)\n" + msgstr "" + +-#: vms-alpha.c:7350 ++#: vms-alpha.c:7351 + #, c-format + msgid " declfile: len: %u, flags: %u, fileid: %u\n" + msgstr "" + +-#: vms-alpha.c:7355 ++#: vms-alpha.c:7356 + #, c-format + msgid " rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n" + msgstr "" + +-#: vms-alpha.c:7364 ++#: vms-alpha.c:7365 + #, c-format + msgid " filename : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7373 ++#: vms-alpha.c:7374 + #, c-format + msgid " setfile %u\n" + msgstr "" + +-#: vms-alpha.c:7378 vms-alpha.c:7383 ++#: vms-alpha.c:7379 vms-alpha.c:7384 + #, c-format + msgid " setrec %u\n" + msgstr "" + +-#: vms-alpha.c:7388 vms-alpha.c:7393 ++#: vms-alpha.c:7389 vms-alpha.c:7394 + #, c-format + msgid " setlnum %u\n" + msgstr "" + +-#: vms-alpha.c:7398 vms-alpha.c:7403 ++#: vms-alpha.c:7399 vms-alpha.c:7404 + #, c-format + msgid " deflines %u\n" + msgstr "" + +-#: vms-alpha.c:7407 ++#: vms-alpha.c:7408 + #, c-format + msgid " formfeed\n" + msgstr "" + +-#: vms-alpha.c:7411 ++#: vms-alpha.c:7412 + #, c-format + msgid " *unhandled* cmd %u\n" + msgstr "" + +-#: vms-alpha.c:7423 ++#: vms-alpha.c:7424 + #, c-format + msgid "*unhandled* dst type %u\n" + msgstr "" + +-#: vms-alpha.c:7455 ++#: vms-alpha.c:7456 + #, c-format + msgid "cannot read EIHD\n" + msgstr "" + +-#: vms-alpha.c:7459 ++#: vms-alpha.c:7460 + #, c-format + msgid "EIHD: (size: %u, nbr blocks: %u)\n" + msgstr "" + +-#: vms-alpha.c:7463 ++#: vms-alpha.c:7464 + #, c-format + msgid " majorid: %u, minorid: %u\n" + msgstr "" + +-#: vms-alpha.c:7471 ++#: vms-alpha.c:7472 + msgid "executable" + msgstr "" + +-#: vms-alpha.c:7474 ++#: vms-alpha.c:7475 + msgid "linkable image" + msgstr "" + +-#: vms-alpha.c:7481 ++#: vms-alpha.c:7482 + #, c-format + msgid " image type: %u (%s)" + msgstr "" + +-#: vms-alpha.c:7487 ++#: vms-alpha.c:7488 + msgid "native" + msgstr "" + +-#: vms-alpha.c:7490 ++#: vms-alpha.c:7491 + msgid "CLI" + msgstr "" + +-#: vms-alpha.c:7497 ++#: vms-alpha.c:7498 + #, c-format + msgid ", subtype: %u (%s)\n" + msgstr "" + +-#: vms-alpha.c:7504 ++#: vms-alpha.c:7505 + #, c-format + msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n" + msgstr "" + +-#: vms-alpha.c:7508 ++#: vms-alpha.c:7509 + #, c-format + msgid " fixup info rva: " + msgstr "" + +-#: vms-alpha.c:7510 ++#: vms-alpha.c:7511 + #, c-format + msgid ", symbol vector rva: " + msgstr "" + +-#: vms-alpha.c:7513 ++#: vms-alpha.c:7514 + #, c-format + msgid "" + "\n" + " version array off: %u\n" + msgstr "" + +-#: vms-alpha.c:7518 ++#: vms-alpha.c:7519 + #, c-format + msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n" + msgstr "" + +-#: vms-alpha.c:7524 ++#: vms-alpha.c:7525 + #, c-format + msgid " linker flags: %08x:" + msgstr "" + +-#: vms-alpha.c:7555 ++#: vms-alpha.c:7556 + #, c-format + msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n" + msgstr "" + +-#: vms-alpha.c:7561 ++#: vms-alpha.c:7562 + #, c-format + msgid " BPAGE: %u" + msgstr "" + +-#: vms-alpha.c:7568 ++#: vms-alpha.c:7569 + #, c-format + msgid ", ext fixup offset: %u, no_opt psect off: %u" + msgstr "" + +-#: vms-alpha.c:7571 ++#: vms-alpha.c:7572 + #, c-format + msgid ", alias: %u\n" + msgstr "" + +-#: vms-alpha.c:7579 ++#: vms-alpha.c:7580 + #, c-format + msgid "system version array information:\n" + msgstr "" + +-#: vms-alpha.c:7583 ++#: vms-alpha.c:7584 + #, c-format + msgid "cannot read EIHVN header\n" + msgstr "" + +-#: vms-alpha.c:7593 ++#: vms-alpha.c:7594 + #, c-format + msgid "cannot read EIHVN version\n" + msgstr "" + +-#: vms-alpha.c:7596 ++#: vms-alpha.c:7597 + #, c-format + msgid " %02u " + msgstr "" + +-#: vms-alpha.c:7600 ++#: vms-alpha.c:7601 + msgid "BASE_IMAGE " + msgstr "" + +-#: vms-alpha.c:7603 ++#: vms-alpha.c:7604 + msgid "MEMORY_MANAGEMENT" + msgstr "" + +-#: vms-alpha.c:7606 ++#: vms-alpha.c:7607 + msgid "IO " + msgstr "" + +-#: vms-alpha.c:7609 ++#: vms-alpha.c:7610 + msgid "FILES_VOLUMES " + msgstr "" + +-#: vms-alpha.c:7612 ++#: vms-alpha.c:7613 + msgid "PROCESS_SCHED " + msgstr "" + +-#: vms-alpha.c:7615 ++#: vms-alpha.c:7616 + msgid "SYSGEN " + msgstr "" + +-#: vms-alpha.c:7618 ++#: vms-alpha.c:7619 + msgid "CLUSTERS_LOCKMGR " + msgstr "" + +-#: vms-alpha.c:7621 ++#: vms-alpha.c:7622 + msgid "LOGICAL_NAMES " + msgstr "" + +-#: vms-alpha.c:7624 ++#: vms-alpha.c:7625 + msgid "SECURITY " + msgstr "" + +-#: vms-alpha.c:7627 ++#: vms-alpha.c:7628 + msgid "IMAGE_ACTIVATOR " + msgstr "" + +-#: vms-alpha.c:7630 ++#: vms-alpha.c:7631 + msgid "NETWORKS " + msgstr "" + +-#: vms-alpha.c:7633 ++#: vms-alpha.c:7634 + msgid "COUNTERS " + msgstr "" + +-#: vms-alpha.c:7636 ++#: vms-alpha.c:7637 + msgid "STABLE " + msgstr "" + +-#: vms-alpha.c:7639 ++#: vms-alpha.c:7640 + msgid "MISC " + msgstr "" + +-#: vms-alpha.c:7642 ++#: vms-alpha.c:7643 + msgid "CPU " + msgstr "" + +-#: vms-alpha.c:7645 ++#: vms-alpha.c:7646 + msgid "VOLATILE " + msgstr "" + +-#: vms-alpha.c:7648 ++#: vms-alpha.c:7649 + msgid "SHELL " + msgstr "" + +-#: vms-alpha.c:7651 ++#: vms-alpha.c:7652 + msgid "POSIX " + msgstr "" + +-#: vms-alpha.c:7654 ++#: vms-alpha.c:7655 + msgid "MULTI_PROCESSING " + msgstr "" + +-#: vms-alpha.c:7657 ++#: vms-alpha.c:7658 + msgid "GALAXY " + msgstr "" + +-#: vms-alpha.c:7660 ++#: vms-alpha.c:7661 + msgid "*unknown* " + msgstr "" + +-#: vms-alpha.c:7676 vms-alpha.c:7951 ++#: vms-alpha.c:7677 vms-alpha.c:7952 + #, c-format + msgid "cannot read EIHA\n" + msgstr "" + +-#: vms-alpha.c:7679 ++#: vms-alpha.c:7680 + #, c-format + msgid "Image activation: (size=%u)\n" + msgstr "" + +-#: vms-alpha.c:7682 ++#: vms-alpha.c:7683 + #, c-format + msgid " First address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7686 ++#: vms-alpha.c:7687 + #, c-format + msgid " Second address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7690 ++#: vms-alpha.c:7691 + #, c-format + msgid " Third address : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7694 ++#: vms-alpha.c:7695 + #, c-format + msgid " Fourth address: 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7698 ++#: vms-alpha.c:7699 + #, c-format + msgid " Shared image : 0x%08x 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7709 ++#: vms-alpha.c:7710 + #, c-format + msgid "cannot read EIHI\n" + msgstr "" + +-#: vms-alpha.c:7713 ++#: vms-alpha.c:7714 + #, c-format + msgid "Image identification: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7716 ++#: vms-alpha.c:7717 + #, c-format + msgid " image name : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7718 ++#: vms-alpha.c:7719 + #, c-format + msgid " link time : %s\n" + msgstr "" + +-#: vms-alpha.c:7720 ++#: vms-alpha.c:7721 + #, c-format + msgid " image ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7722 ++#: vms-alpha.c:7723 + #, c-format + msgid " linker ident : %.*s\n" + msgstr "" + +-#: vms-alpha.c:7724 ++#: vms-alpha.c:7725 + #, c-format + msgid " image build ident: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7734 ++#: vms-alpha.c:7735 + #, c-format + msgid "cannot read EIHS\n" + msgstr "" + +-#: vms-alpha.c:7738 ++#: vms-alpha.c:7739 + #, c-format + msgid "Image symbol & debug table: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7744 ++#: vms-alpha.c:7745 + #, c-format + msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n" + msgstr "" + +-#: vms-alpha.c:7749 ++#: vms-alpha.c:7750 + #, c-format + msgid " global symbol table: vbn: %u, records: %u\n" + msgstr "" + +-#: vms-alpha.c:7754 ++#: vms-alpha.c:7755 + #, c-format + msgid " debug module table : vbn: %u, size: %u\n" + msgstr "" + +-#: vms-alpha.c:7767 ++#: vms-alpha.c:7768 + #, c-format + msgid "cannot read EISD\n" + msgstr "" + +-#: vms-alpha.c:7778 ++#: vms-alpha.c:7779 + #, c-format + msgid "" + "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n" + msgstr "" + +-#: vms-alpha.c:7786 ++#: vms-alpha.c:7787 + #, c-format + msgid " section: base: 0x%08x%08x size: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7791 ++#: vms-alpha.c:7792 + #, c-format + msgid " flags: 0x%04x" + msgstr "" + +-#: vms-alpha.c:7829 ++#: vms-alpha.c:7830 + #, c-format + msgid " vbn: %u, pfc: %u, matchctl: %u type: %u (" + msgstr "" + +-#: vms-alpha.c:7835 ++#: vms-alpha.c:7836 + msgid "NORMAL" + msgstr "" + +-#: vms-alpha.c:7838 ++#: vms-alpha.c:7839 + msgid "SHRFXD" + msgstr "" + +-#: vms-alpha.c:7841 ++#: vms-alpha.c:7842 + msgid "PRVFXD" + msgstr "" + +-#: vms-alpha.c:7844 ++#: vms-alpha.c:7845 + msgid "SHRPIC" + msgstr "" + +-#: vms-alpha.c:7847 ++#: vms-alpha.c:7848 + msgid "PRVPIC" + msgstr "" + +-#: vms-alpha.c:7850 ++#: vms-alpha.c:7851 + msgid "USRSTACK" + msgstr "" + +-#: vms-alpha.c:7856 ++#: vms-alpha.c:7857 + msgid ")\n" + msgstr "" + +-#: vms-alpha.c:7859 ++#: vms-alpha.c:7860 + #, c-format + msgid " ident: 0x%08x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:7869 ++#: vms-alpha.c:7870 + #, c-format + msgid "cannot read DMT\n" + msgstr "" + +-#: vms-alpha.c:7873 ++#: vms-alpha.c:7874 + #, c-format + msgid "Debug module table:\n" + msgstr "" + +-#: vms-alpha.c:7882 ++#: vms-alpha.c:7883 + #, c-format + msgid "cannot read DMT header\n" + msgstr "" + +-#: vms-alpha.c:7888 ++#: vms-alpha.c:7889 + #, c-format + msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n" + msgstr "" + +-#: vms-alpha.c:7898 ++#: vms-alpha.c:7899 + #, c-format + msgid "cannot read DMT psect\n" + msgstr "" + +-#: vms-alpha.c:7902 ++#: vms-alpha.c:7903 + #, c-format + msgid " psect start: 0x%08x, length: %u\n" + msgstr "" + +-#: vms-alpha.c:7915 ++#: vms-alpha.c:7916 + #, c-format + msgid "cannot read DST\n" + msgstr "" + +-#: vms-alpha.c:7925 ++#: vms-alpha.c:7926 + #, c-format + msgid "cannot read GST\n" + msgstr "" + +-#: vms-alpha.c:7929 ++#: vms-alpha.c:7930 + #, c-format + msgid "Global symbol table:\n" + msgstr "" + +-#: vms-alpha.c:7958 ++#: vms-alpha.c:7959 + #, c-format + msgid "Image activator fixup: (major: %u, minor: %u)\n" + msgstr "" + +-#: vms-alpha.c:7962 ++#: vms-alpha.c:7963 + #, c-format + msgid " iaflink : 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7966 ++#: vms-alpha.c:7967 + #, c-format + msgid " fixuplnk: 0x%08x %08x\n" + msgstr "" + +-#: vms-alpha.c:7969 ++#: vms-alpha.c:7970 + #, c-format + msgid " size : %u\n" + msgstr "" + +-#: vms-alpha.c:7971 ++#: vms-alpha.c:7972 + #, c-format + msgid " flags: 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:7976 ++#: vms-alpha.c:7977 + #, c-format + msgid " qrelfixoff: %5u, lrelfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7981 ++#: vms-alpha.c:7982 + #, c-format + msgid " qdotadroff: %5u, ldotadroff: %5u\n" + msgstr "" + +-#: vms-alpha.c:7986 ++#: vms-alpha.c:7987 + #, c-format + msgid " codeadroff: %5u, lpfixoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7989 ++#: vms-alpha.c:7990 + #, c-format + msgid " chgprtoff : %5u\n" + msgstr "" + +-#: vms-alpha.c:7993 ++#: vms-alpha.c:7994 + #, c-format + msgid " shlstoff : %5u, shrimgcnt : %5u\n" + msgstr "" + +-#: vms-alpha.c:7996 ++#: vms-alpha.c:7997 + #, c-format + msgid " shlextra : %5u, permctx : %5u\n" + msgstr "" + +-#: vms-alpha.c:7999 ++#: vms-alpha.c:8000 + #, c-format + msgid " base_va : 0x%08x\n" + msgstr "" + +-#: vms-alpha.c:8001 ++#: vms-alpha.c:8002 + #, c-format + msgid " lppsbfixoff: %5u\n" + msgstr "" + +-#: vms-alpha.c:8009 ++#: vms-alpha.c:8010 + #, c-format + msgid " Shareable images:\n" + msgstr "" + +-#: vms-alpha.c:8014 ++#: vms-alpha.c:8015 + #, c-format + msgid " %u: size: %u, flags: 0x%02x, name: %.*s\n" + msgstr "" + +-#: vms-alpha.c:8021 ++#: vms-alpha.c:8022 + #, c-format + msgid " quad-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8026 ++#: vms-alpha.c:8027 + #, c-format + msgid " long-word relocation fixups:\n" + msgstr "" + +-#: vms-alpha.c:8031 ++#: vms-alpha.c:8032 + #, c-format + msgid " quad-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8036 ++#: vms-alpha.c:8037 + #, c-format + msgid " long-word .address reference fixups:\n" + msgstr "" + +-#: vms-alpha.c:8041 ++#: vms-alpha.c:8042 + #, c-format + msgid " Code Address Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8046 ++#: vms-alpha.c:8047 + #, c-format + msgid " Linkage Pairs Reference Fixups:\n" + msgstr "" + +-#: vms-alpha.c:8055 ++#: vms-alpha.c:8056 + #, c-format + msgid " Change Protection (%u entries):\n" + msgstr "" + +-#: vms-alpha.c:8061 ++#: vms-alpha.c:8062 + #, c-format + msgid " base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x " + msgstr "" + + #. FIXME: we do not yet support relocatable link. It is not obvious + #. how to do it for debug infos. +-#: vms-alpha.c:8901 ++#: vms-alpha.c:8902 + msgid "%P: relocatable link is not supported\n" + msgstr "" + +-#: vms-alpha.c:8972 ++#: vms-alpha.c:8973 + #, c-format +-msgid "%P: multiple entry points: in modules %B and %B\n" ++msgid "%P: multiple entry points: in modules %pB and %pB\n" + msgstr "" + + #: vms-lib.c:1445 +@@ -8537,7 +8508,7 @@ msgstr "" + #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906 + #: pex64igen.c:2103 + #, c-format +-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n" ++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n" + msgstr "" + + #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910 +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23110 ++ * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for ++ a negative PE_DEBUG_DATA size before iterating over the debug data. ++ + 2018-04-17 Nick Clifton <nickc@redhat.com> + + PR 23065 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch new file mode 100644 index 0000000000..29b834337e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch @@ -0,0 +1,63 @@ +From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 24 Apr 2018 16:57:04 +0100 +Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF + binary with corrupt section symbols. + + PR 23113 + * elf.c (ignore_section_sym): Check for the output_section pointer + being NULL before dereferencing it. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-10535 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 4 ++++ + bfd/elf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol * + { + elf_symbol_type *type_ptr; + ++ if (sym == NULL) ++ return FALSE; ++ + if ((sym->flags & BSF_SECTION_SYM) == 0) + return FALSE; + ++ if (sym->section == NULL) ++ return TRUE; ++ + type_ptr = elf_symbol_from (abfd, sym); + return ((type_ptr != NULL + && type_ptr->internal_elf_sym.st_shndx != 0 + && bfd_is_abs_section (sym->section)) + || !(sym->section->owner == abfd +- || (sym->section->output_section->owner == abfd ++ || (sym->section->output_section != NULL ++ && sym->section->output_section->owner == abfd + && sym->section->output_offset == 0) + || bfd_is_abs_section (sym->section))); + } +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,10 @@ + 2018-04-24 Nick Clifton <nickc@redhat.com> ++ ++ PR 23113 ++ * elf.c (ignore_section_sym): Check for the output_section pointer ++ being NULL before dereferencing it. ++ ++2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23110 + * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch new file mode 100644 index 0000000000..3fa852c951 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch @@ -0,0 +1,71 @@ +From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 8 May 2018 12:51:06 +0100 +Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a + fuzzed input file with corrupt string and attribute sections. + + PR 22809 + * elf.c (bfd_elf_get_str_section): Check for an excessively large + string section. + * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the + attribute section is larger than the size of the file. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-13033 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/elf-attrs.c | 9 +++++++++ + bfd/elf.c | 1 + + 3 files changed, 18 insertions(+) + +Index: git/bfd/elf-attrs.c +=================================================================== +--- git.orig/bfd/elf-attrs.c ++++ git/bfd/elf-attrs.c +@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El + /* PR 17512: file: 2844a11d. */ + if (hdr->sh_size == 0) + return; ++ if (hdr->sh_size > bfd_get_file_size (abfd)) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"), ++ abfd, hdr->bfd_section, (long long) hdr->sh_size); ++ bfd_set_error (bfd_error_invalid_operation); ++ return; ++ } ++ + contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1); + if (!contents) + return; +Index: git/bfd/elf.c +=================================================================== +--- git.orig/bfd/elf.c ++++ git/bfd/elf.c +@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi + /* Allocate and clear an extra byte at the end, to prevent crashes + in case the string table is not terminated. */ + if (shstrtabsize + 1 <= 1 ++ || shstrtabsize > bfd_get_file_size (abfd) + || bfd_seek (abfd, offset, SEEK_SET) != 0 + || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL) + shstrtab = NULL; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2018-05-08 Nick Clifton <nickc@redhat.com> ++ ++ PR 22809 ++ * elf.c (bfd_elf_get_str_section): Check for an excessively large ++ string section. ++ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the ++ attribute section is larger than the size of the file. ++ + 2018-04-24 Nick Clifton <nickc@redhat.com> + + PR 23113 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch new file mode 100644 index 0000000000..2c6b1b2427 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch @@ -0,0 +1,55 @@ +From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 25 Jan 2018 21:47:41 +1030 +Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file + +Avoid unsigned int overflow by performing bfd_size_type multiplication. + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + +Upstream-Status: Backport +Affects: <= 2.29.1 +CVE: CVE-2018-6323 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +Index: git/bfd/elfcode.h +=================================================================== +--- git.orig/bfd/elfcode.h ++++ git/bfd/elfcode.h +@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) + goto got_wrong_format_error; + #endif +- amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; ++ amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; + i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); + if (!i_shdrp) + goto got_no_match; +@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) + if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) + goto got_wrong_format_error; + #endif +- amt = i_ehdrp->e_phnum * sizeof (*i_phdr); ++ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); + elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); + if (elf_tdata (abfd)->phdr == NULL) + goto got_no_match; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-01-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22746 ++ * elfcode.h (elf_object_p): Avoid integer overflow. ++ + 2018-05-08 Nick Clifton <nickc@redhat.com> + + PR 22809 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch new file mode 100644 index 0000000000..3b0e98a0a3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch @@ -0,0 +1,108 @@ +From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 6 Feb 2018 15:48:29 +0000 +Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by + chacking the size of debuglink sections. + + PR 22794 + * opncls.c (bfd_get_debug_link_info_1): Check the size of the + section before attempting to read it in. + (bfd_get_alt_debug_link_info): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-6759 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/opncls.c | 22 +++++++++++++++++----- + 2 files changed, 24 insertions(+), 5 deletions(-) + +Index: git/bfd/opncls.c +=================================================================== +--- git.orig/bfd/opncls.c ++++ git/bfd/opncls.c +@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + bfd_byte *contents; + unsigned int crc_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (crc32_out); +@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ ++ /* PR 22794: Make sure that the section has a reasonable size. */ ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, &contents)) + { + if (contents != NULL) +@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo + + /* CRC value is stored after the filename, aligned up to 4 bytes. */ + name = (char *) contents; +- /* PR 17597: avoid reading off the end of the buffer. */ +- crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ /* PR 17597: Avoid reading off the end of the buffer. */ ++ crc_offset = strnlen (name, size) + 1; + crc_offset = (crc_offset + 3) & ~3; +- if (crc_offset + 4 > bfd_get_section_size (sect)) ++ if (crc_offset + 4 > size) + return NULL; + + *crc32 = bfd_get_32 (abfd, contents + crc_offset); +@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd, + bfd_byte *contents; + unsigned int buildid_offset; + char *name; ++ bfd_size_type size; + + BFD_ASSERT (abfd); + BFD_ASSERT (buildid_len); +@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd, + if (sect == NULL) + return NULL; + ++ size = bfd_get_section_size (sect); ++ if (size < 8 || size >= bfd_get_size (abfd)) ++ return NULL; ++ + if (!bfd_malloc_and_get_section (abfd, sect, & contents)) + { + if (contents != NULL) +@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd, + + /* BuildID value is stored after the filename. */ + name = (char *) contents; +- buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1; ++ buildid_offset = strnlen (name, size) + 1; + if (buildid_offset >= bfd_get_section_size (sect)) + return NULL; + +- *buildid_len = bfd_get_section_size (sect) - buildid_offset; ++ *buildid_len = size - buildid_offset; + *buildid_out = bfd_malloc (*buildid_len); + memcpy (*buildid_out, contents + buildid_offset, *buildid_len); + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2018-02-06 Nick Clifton <nickc@redhat.com> ++ ++ PR 22794 ++ * opncls.c (bfd_get_debug_link_info_1): Check the size of the ++ section before attempting to read it in. ++ (bfd_get_alt_debug_link_info): Likewise. ++ + 2018-01-25 Alan Modra <amodra@gmail.com> + + PR 22746 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch new file mode 100644 index 0000000000..7d78db7eb3 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch @@ -0,0 +1,47 @@ +From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Sat, 27 Jan 2018 08:19:33 +1030 +Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object + + PR 22741 + * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in + range before converting to a symbol table pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7208 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/coffgen.c | 3 ++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +Index: git/bfd/coffgen.c +=================================================================== +--- git.orig/bfd/coffgen.c ++++ git/bfd/coffgen.c +@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd, + } + /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can + generate one, so we must be careful to ignore it. */ +- if (auxent->u.auxent.x_sym.x_tagndx.l > 0) ++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l ++ < obj_raw_syment_count (abfd)) + { + auxent->u.auxent.x_sym.x_tagndx.p = + table_base + auxent->u.auxent.x_sym.x_tagndx.l; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-01-29 Alan Modra <amodra@gmail.com> ++ ++ PR 22741 ++ * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in ++ range before converting to a symbol table pointer. ++ + 2018-02-06 Nick Clifton <nickc@redhat.com> + + PR 22794 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch new file mode 100644 index 0000000000..b014080a7e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch @@ -0,0 +1,161 @@ +From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Mon, 25 Sep 2017 20:20:38 +0930 +Subject: [PATCH] PR22202, buffer overflow in parse_die + +There was a complete lack of sanity checking in dwarf1.c + + PR 22202 + * dwarf1.c (parse_die): Sanity check pointer against section limit + before dereferencing. + (parse_line_table): Likewise. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 7 +++++++ + bfd/dwarf1.c | 56 ++++++++++++++++++++++++++++++++++++++------------------ + 2 files changed, 45 insertions(+), 18 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -189,11 +189,14 @@ parse_die (bfd * abfd, + memset (aDieInfo, 0, sizeof (* aDieInfo)); + + /* First comes the length. */ +- aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->length = bfd_get_32 (abfd, xptr); + xptr += 4; + if (aDieInfo->length == 0 +- || (this_die + aDieInfo->length) >= aDiePtrEnd) ++ || this_die + aDieInfo->length > aDiePtrEnd) + return FALSE; ++ aDiePtrEnd = this_die + aDieInfo->length; + if (aDieInfo->length < 6) + { + /* Just padding bytes. */ +@@ -202,18 +205,20 @@ parse_die (bfd * abfd, + } + + /* Then the tag. */ +- aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 > aDiePtrEnd) ++ return FALSE; ++ aDieInfo->tag = bfd_get_16 (abfd, xptr); + xptr += 2; + + /* Then the attributes. */ +- while (xptr < (this_die + aDieInfo->length)) ++ while (xptr + 2 <= aDiePtrEnd) + { + unsigned short attr; + + /* Parse the attribute based on its form. This section + must handle all dwarf1 forms, but need only handle the + actual attributes that we care about. */ +- attr = bfd_get_16 (abfd, (bfd_byte *) xptr); ++ attr = bfd_get_16 (abfd, xptr); + xptr += 2; + + switch (FORM_FROM_ATTR (attr)) +@@ -223,12 +228,15 @@ parse_die (bfd * abfd, + break; + case FORM_DATA4: + case FORM_REF: +- if (attr == AT_sibling) +- aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_stmt_list) ++ if (xptr + 4 <= aDiePtrEnd) + { +- aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); +- aDieInfo->has_stmt_list = 1; ++ if (attr == AT_sibling) ++ aDieInfo->sibling = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_stmt_list) ++ { ++ aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); ++ aDieInfo->has_stmt_list = 1; ++ } + } + xptr += 4; + break; +@@ -236,22 +244,29 @@ parse_die (bfd * abfd, + xptr += 8; + break; + case FORM_ADDR: +- if (attr == AT_low_pc) +- aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_high_pc) +- aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ { ++ if (attr == AT_low_pc) ++ aDieInfo->low_pc = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_high_pc) ++ aDieInfo->high_pc = bfd_get_32 (abfd, xptr); ++ } + xptr += 4; + break; + case FORM_BLOCK2: +- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 <= aDiePtrEnd) ++ xptr += bfd_get_16 (abfd, xptr); ++ xptr += 2; + break; + case FORM_BLOCK4: +- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ xptr += bfd_get_32 (abfd, xptr); ++ xptr += 4; + break; + case FORM_STRING: + if (attr == AT_name) + aDieInfo->name = (char *) xptr; +- xptr += strlen ((char *) xptr) + 1; ++ xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; + break; + } + } +@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* s + } + + xptr = stash->line_section + aUnit->stmt_list_offset; +- if (xptr < stash->line_section_end) ++ if (xptr + 8 <= stash->line_section_end) + { + unsigned long eachLine; + bfd_byte *tblend; +@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* s + + for (eachLine = 0; eachLine < aUnit->line_count; eachLine++) + { ++ if (xptr + 10 > stash->line_section_end) ++ { ++ aUnit->line_count = eachLine; ++ break; ++ } + /* A line number. */ + aUnit->linenumber_table[eachLine].linenumber + = bfd_get_32 (stash->abfd, (bfd_byte *) xptr); +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,10 @@ ++2017-09-25 Alan Modra <amodra@gmail.com> ++ ++ PR 22202 ++ * dwarf1.c (parse_die): Sanity check pointer against section limit ++ before dereferencing. ++ (parse_line_table): Likewise. ++ + 2018-01-29 Alan Modra <amodra@gmail.com> + + PR 22741 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch new file mode 100644 index 0000000000..b5511d7d8a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch @@ -0,0 +1,73 @@ +From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 10:13:54 +0000 +Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1 + debug information. + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before + advancing the data pointer. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7568 patch2 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 6 ++++++ + bfd/dwarf1.c | 17 +++++++++++++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +Index: git/bfd/dwarf1.c +=================================================================== +--- git.orig/bfd/dwarf1.c ++++ git/bfd/dwarf1.c +@@ -213,6 +213,7 @@ parse_die (bfd * abfd, + /* Then the attributes. */ + while (xptr + 2 <= aDiePtrEnd) + { ++ unsigned int block_len; + unsigned short attr; + + /* Parse the attribute based on its form. This section +@@ -255,12 +256,24 @@ parse_die (bfd * abfd, + break; + case FORM_BLOCK2: + if (xptr + 2 <= aDiePtrEnd) +- xptr += bfd_get_16 (abfd, xptr); ++ { ++ block_len = bfd_get_16 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 2; + break; + case FORM_BLOCK4: + if (xptr + 4 <= aDiePtrEnd) +- xptr += bfd_get_32 (abfd, xptr); ++ { ++ block_len = bfd_get_32 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } + xptr += 4; + break; + case FORM_STRING: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22894 ++ * dwarf1.c (parse_die): Check the length of form blocks before ++ advancing the data pointer. ++ + 2017-09-25 Alan Modra <amodra@gmail.com> + + PR 22202 diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch new file mode 100644 index 0000000000..e77118bc13 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch @@ -0,0 +1,120 @@ +From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 28 Feb 2018 11:50:49 +0000 +Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF + FORM blocks. + + PR 22895 + PR 22893 + * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block + pointer. Drop unused abfd parameter. Check the size of the block + before initialising the data field. Return the end pointer if the + size is invalid. + (read_attribute_value): Adjust invocations of read_n_bytes. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7569 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 8 ++++++++ + bfd/dwarf2.c | 36 +++++++++++++++++++++--------------- + 2 files changed, 29 insertions(+), 15 deletions(-) + +Index: git/bfd/dwarf2.c +=================================================================== +--- git.orig/bfd/dwarf2.c ++++ git/bfd/dwarf2.c +@@ -649,14 +649,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf, + } + + static bfd_byte * +-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED, +- bfd_byte *buf, +- bfd_byte *end, +- unsigned int size ATTRIBUTE_UNUSED) +-{ +- if (buf + size > end) +- return NULL; +- return buf; ++read_n_bytes (bfd_byte * buf, ++ bfd_byte * end, ++ struct dwarf_block * block) ++{ ++ unsigned int size = block->size; ++ bfd_byte * block_end = buf + size; ++ ++ if (block_end > end || block_end < buf) ++ { ++ block->data = NULL; ++ block->size = 0; ++ return end; ++ } ++ else ++ { ++ block->data = buf; ++ return block_end; ++ } + } + + /* Scans a NUL terminated string starting at BUF, returning a pointer to it. +@@ -1154,8 +1164,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 2; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block4: +@@ -1165,8 +1174,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 4; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data2: +@@ -1206,8 +1214,7 @@ read_attribute_value (struct attribute * + blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read, + FALSE, info_ptr_end); + info_ptr += bytes_read; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block1: +@@ -1217,8 +1224,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_1_byte (abfd, info_ptr, info_ptr_end); + info_ptr += 1; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data1: +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,4 +1,14 @@ + 2018-02-28 Nick Clifton <nickc@redhat.com> ++ ++ PR 22895 ++ PR 22893 ++ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block ++ pointer. Drop unused abfd parameter. Check the size of the block ++ before initialising the data field. Return the end pointer if the ++ size is invalid. ++ (read_attribute_value): Adjust invocations of read_n_bytes. ++ ++2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22894 + * dwarf1.c (parse_die): Check the length of form blocks before diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch new file mode 100644 index 0000000000..14b233e2c1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch @@ -0,0 +1,51 @@ +From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 28 Feb 2018 22:09:50 +1030 +Subject: [PATCH] PR22887, null pointer dereference in + aout_32_swap_std_reloc_out + + PR 22887 + * aoutx.h (swap_std_reloc_in): Correct r_index bound check. + +Upstream-Status: Backport +Affects: <= 2.30 +CVE: CVE-2018-7642 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + bfd/ChangeLog | 5 +++++ + bfd/aoutx.h | 6 ++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog ++++ git/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2018-02-28 Alan Modra <amodra@gmail.com> ++ ++ PR 22887 ++ * aoutx.h (swap_std_reloc_in): Correct r_index bound check. ++ + 2018-02-28 Nick Clifton <nickc@redhat.com> + + PR 22895 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h ++++ git/bfd/aoutx.h +@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf + || r_type == (unsigned int) RELOC_BASE22) + r_extern = 1; + +- if (r_extern && r_index > symcount) ++ if (r_extern && r_index >= symcount) + { + /* We could arrange to return an error, but it might be useful +- to see the file even if it is bad. */ ++ to see the file even if it is bad. FIXME: Of course this ++ means that objdump -r *doesn't* see the actual reloc, and ++ objcopy silently writes a different reloc. */ + r_extern = 0; + r_index = N_ABS; + } diff --git a/meta/recipes-devtools/make/make.inc b/meta/recipes-devtools/make/make.inc index 849b74299c..b8905bc6d3 100644 --- a/meta/recipes-devtools/make/make.inc +++ b/meta/recipes-devtools/make/make.inc @@ -5,7 +5,10 @@ called the makefile, which lists each of the non-source files and how to compute HOMEPAGE = "http://www.gnu.org/software/make/" SECTION = "devel" -SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2" +SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \ + file://0001-glob-Do-not-assume-glibc-glob-internals.patch \ + file://0002-glob-Do-not-assume-glibc-glob-internals.patch \ + " inherit autotools gettext pkgconfig texinfo diff --git a/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..2b6e4d40c3 --- /dev/null +++ b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,70 @@ +From c90a7dda6c572f79b8e78da44b6ebf8704edef65 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 1/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport +Signed-off-by: Khem Raj <raj.khem@gmail.com> + + dir.c | 29 +++++++++++++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +diff --git a/dir.c b/dir.c +index f34bbf5..12eef30 100644 +--- a/dir.c ++++ b/dir.c +@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf) + } + #endif + ++/* Similarly for lstat. */ ++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) ++# ifndef VMS ++# ifndef HAVE_SYS_STAT_H ++int lstat (const char *path, struct stat *sbuf); ++# endif ++# else ++ /* We are done with the fake lstat. Go back to the real lstat */ ++# ifdef lstat ++# undef lstat ++# endif ++# endif ++# define local_lstat lstat ++#elif defined(WINDOWS32) ++/* Windows doesn't support lstat(). */ ++# define local_lstat local_stat ++#else ++static int ++local_lstat (const char *path, struct stat *buf) ++{ ++ int e; ++ EINTRLOOP (e, lstat (path, buf)); ++ return e; ++} ++#endif ++ + void + dir_setup_glob (glob_t *gl) + { + gl->gl_opendir = open_dirstream; + gl->gl_readdir = read_dirstream; + gl->gl_closedir = free; ++ gl->gl_lstat = local_lstat; + gl->gl_stat = local_stat; +- /* We don't bother setting gl_lstat, since glob never calls it. +- The slot is only there for compatibility with 4.4 BSD. */ + } + + void +-- +2.16.1 + diff --git a/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch new file mode 100644 index 0000000000..d49acd9f6e --- /dev/null +++ b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch @@ -0,0 +1,38 @@ +From 9858702dbd1e137262c06765919937660879f63c Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sun, 24 Sep 2017 09:12:58 -0400 +Subject: [PATCH 2/2] glob: Do not assume glibc glob internals. + +It has been proposed that glibc glob start using gl_lstat, +which the API allows it to do. GNU 'make' should not get in +the way of this. See: +https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html + +* dir.c (local_lstat): New function, like local_stat. +(dir_setup_glob): Use it to initialize gl_lstat too, as the API +requires. +--- +Upstream-Status: Backport + + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 64ec870..e87901c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -399,10 +399,9 @@ AC_CACHE_CHECK([if system libc has GNU glob], [make_cv_sys_gnu_glob], + #include <glob.h> + #include <fnmatch.h> + +-#define GLOB_INTERFACE_VERSION 1 + #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1 + # include <gnu-versions.h> +-# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION ++if _GNU_GLOB_INTERFACE_VERSION == 1 || _GNU_GLOB_INTERFACE_VERSION == 2 + gnu glob + # endif + #endif], +-- +2.16.1 + diff --git a/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch new file mode 100644 index 0000000000..049149eb9e --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch @@ -0,0 +1,36 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: [PATCH] Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +Signed-off-by: Andreas Gruenbacher <agruen@gnu.org> + +Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git] +CVE: CVE-2018-6952 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; +-- +2.10.2 + diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 823486dd0a..85b0db7333 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -5,6 +5,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-Fix-segfault-with-mangled-rename-patch.patch \ file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \ file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ + file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ " SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" diff --git a/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch new file mode 100644 index 0000000000..c5db1b7060 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch @@ -0,0 +1,126 @@ +From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001 +From: Dominic Hargreaves <dom@earth.li> +Date: Sat, 14 Oct 2017 16:27:53 +0200 +Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set + +These are tests which tend not to be useful for downstream packagers + +t/porting/customized.t change originally from Todd Rinaldo + +Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + INSTALL | 3 ++- + MANIFEST | 1 + + PACKAGING | 30 ++++++++++++++++++++++++++++++ + regen/lib_cleanup.pl | 5 +++++ + t/porting/customized.t | 1 + + t/test.pl | 3 +++ + 6 files changed, 42 insertions(+), 1 deletion(-) + create mode 100644 PACKAGING + +diff --git a/INSTALL b/INSTALL +index 636f4bd52f..1285fc69a2 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under + the same terms as perl itself, with the following additional request: + If you are distributing a modified version of perl (perhaps as part of + a larger package) please B<do> modify these installation instructions +-and the contact information to match your distribution. ++and the contact information to match your distribution. Additional ++information for packagers is in F<PACKAGING>. +diff --git a/MANIFEST b/MANIFEST +index b3207030a9..32de824ca1 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -4932,6 +4932,7 @@ os2/perlrexx.c Support perl interpreter embedded in REXX + os2/perlrexx.cmd Test perl interpreter embedded in REXX + overload.h generated overload enum (public) + overload.inc generated overload name table (implementation) ++PACKAGING notes and best practice for packaging perl 5 + packsizetables.inc The generated packprops array used in pp_pack.c + pad.c Scratchpad functions + pad.h Scratchpad headers +diff --git a/PACKAGING b/PACKAGING +new file mode 100644 +index 0000000000..0c69b87ba6 +--- /dev/null ++++ b/PACKAGING +@@ -0,0 +1,30 @@ ++If you read this file _as_is_, just ignore the funny characters you ++see. It is written in the POD format (see pod/perlpod.pod) which is ++specifically designed to be readable as is. ++ ++=head1 NAME ++ ++PACKAGING - notes and best practice for packaging perl 5 ++ ++=head1 SYNOPSIS ++ ++This document is aimed at anyone who is producing their own version of ++perl for distribution to other users. It is intended as a collection ++of useful tips, advice and best practice, rather than being a complete ++packaging manual. The starting point for installing perl remains ++F<INSTALL>. ++ ++=head1 Customizing test running ++ ++A small number of porting tests (those in t/porting) are not well suited ++to typical distribution packaging scenarios. For example, they assume ++they are working in a git clone of the upstream Perl repository, or ++enforce rules which are not relevant to downstream packagers. These can ++be skipped by setting the environment variable PERL_BUILD_PACKAGING. ++A complete list of tests which this applied to can be found by searching ++the codebase for this string. ++ ++An alternative strategy would be to skip all porting tests, but many of ++them are useful if additional patches might be applied. ++ ++=cut +diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl +index 5e40b405a4..6caf74a563 100644 +--- a/regen/lib_cleanup.pl ++++ b/regen/lib_cleanup.pl +@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') { + exit 0; + } + ++if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n"; ++ exit 0; ++} ++ + $fh = open_new('lib/.gitignore', '>', + { by => $0, + from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'}); +diff --git a/t/porting/customized.t b/t/porting/customized.t +index 45fcafb100..5c3739198c 100644 +--- a/t/porting/customized.t ++++ b/t/porting/customized.t +@@ -13,6 +13,7 @@ BEGIN { + @INC = qw(lib Porting t); + require 'test.pl'; + skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC; ++ skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'}; + } + + use strict; +diff --git a/t/test.pl b/t/test.pl +index 79e6e25e95..1782dcf73c 100644 +--- a/t/test.pl ++++ b/t/test.pl +@@ -212,6 +212,9 @@ sub find_git_or_skip { + } else { + $reason = 'not being run from a git checkout'; + } ++ if ($ENV{'PERL_BUILD_PACKAGING'}) { ++ $reason = 'PERL_BUILD_PACKAGING is set'; ++ } + skip_all($reason) if $_[0] && $_[0] eq 'all'; + skip($reason, @_); + } +-- +2.17.1 + diff --git a/meta/recipes-devtools/perl/perl/perl-test-customized.patch b/meta/recipes-devtools/perl/perl/perl-test-customized.patch deleted file mode 100644 index 90e4dcd5fb..0000000000 --- a/meta/recipes-devtools/perl/perl/perl-test-customized.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 64df09205b6ccb5a434a4e53e8e0a32377ab634f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> -Date: Thu, 24 Nov 2016 10:49:55 -0600 -Subject: [PATCH] The OE core recipies customize some ExtUtils-MakeMaker - modules, which causes their MD5 sum to mismatch the provided table and the - corresponding tests to fail. Also, we patch several test files with a - backported patch. Update list of hashes to reflect the patched files. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Bill Randle <william.c.randle@intel.com> -Signed-off-by: AnÃbal Limón <anibal.limon@linux.intel.com> ---- - t/porting/customized.dat | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/t/porting/customized.dat b/t/porting/customized.dat -index defeae1..b5d3c46 100644 ---- a/t/porting/customized.dat -+++ b/t/porting/customized.dat -@@ -18,12 +18,12 @@ Encode cpan/Encode/bin/unidump 715f47c2fcc661268f3c6cd3de0d27c72b745cd2 - Encode cpan/Encode/Encode.pm e146861ff2e6aaa62defa4887eade68dd7b17c8e - Encode cpan/Encode/encoding.pm 51c19efc9bfe8467d6ae12a4654f6e7f980715bf - ExtUtils::Constant cpan/ExtUtils-Constant/t/Constant.t a0369c919e216fb02767a637666bb4577ad79b02 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 5bc04a0173b8b787f465271b6186220326ae8eef -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 2070fe968fa344d89aea1bdc6a8dbb0c467d0612 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command.pm e3a372e07392179711ea9972087c1105a2780fad - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command/MM.pm b72721bd6aa9bf7ec328bda99a8fdb63cac6114d - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist.pm 0e1e4c25eddb999fec6c4dc66593f76db34cfd16 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm bfd2aa00ca4ed251f342e1d1ad704abbaf5a615e --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm 5529ae3064365eafd99536621305d52f4ab31b45 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm d593d8fdc5c0ebcb6d3701c70fc6640c50d93455 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm bf9174c70a0e50ff2fee4552c7df89b37d292da1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Config.pm bc88b275af73b8faac6abd59a9aad3f625925810 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/FAQ.pod 062e5d14a803fbbec8d61803086a3d7997e8a473 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Tutorial.pod a8a9cab7d67922ed3d6883c864e1fe29aaa6ad89 -@@ -33,7 +33,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mkbootstrap.pm 412e95c3 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 8559ef191b4371d0c381472464856a8a73825b2a - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM.pm 09d579ed9daea95c3bf47de2e0b8fe3aa0ff6447 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_AIX.pm f720c13748293b792f7073aa96e7daecb590b183 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm 243649a399d293ae7ad0f26b7eab2668aa864ce8 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm ec39f68802a6fee8daaa914fc7131f40533cfc23 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm b63c90129303b2c17d084fb828aa2c02a2ad85b8 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm cabd1c97eaa427067811d92807e34c17940c7350 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm 6a185d897a600c34615a6073f4de0ac2f54fef3e -@@ -42,7 +42,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_MacOS.pm 1f5eb772eed - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_NW5.pm de777d7809c0d73e5d4622a29921731c7e5dff48 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_OS2.pm 01e8f08a82b5304009574e3ac0892b4066ff7639 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_QNX.pm 5340052b58557a6764f5ac9f8b807fefec404a06 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 3c3b93f431b0a51b9592b3d69624dbf5409f6f74 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 0d6ed5e4bdcdcd28e968e8629a592fdd0cc84818 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_UWIN.pm 40397f4cd2d49700b80b4ef490da98add24c5b37 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VMS.pm 147e97fbabb74841f0733dbd5d1b9f3fa51f87c1 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VOS.pm 3f13ed7045ff3443bcb4dd6c95c98b9bd705820f -@@ -51,7 +51,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Win95.pm 48e8a2fe176 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MY.pm 6fefe99045b64459905d4721f3a494d8d50f7ab9 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/testlib.pm 172778ad21c065a89cd270668eb9f99a7364b41c - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/cd.t 0a71fbd646a7be8358b07b6f64f838243cc0aef4 --ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 37aec8f794c52e037540757eb5b2556f79419ff7 -+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 1a93dd8834e4bb0e5facf08204e782807567b2eb - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/lib/MakeMaker/Test/NoXS.pm 371cdff1b2375017907cfbc9c8f4a31f5ad10582 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/prereq.t 53bda2c549fd13a6b6c13a070ca6bc79883081c0 - ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/vstrings.t 90035a2bdbf45f15b9c3196d072d7cba7e662871 -@@ -165,7 +165,7 @@ bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9 - bignum cpan/bignum/lib/Math/BigFloat/Trace.pm a6b4b995e18f4083252e6dc72e9bef69671893dd - bignum cpan/bignum/lib/Math/BigInt/Trace.pm d9596963673760cae3eeeb752c1eeeec50bb2290 - libnet cpan/libnet/lib/Net/Cmd.pm a44a10c939a4c35f923c4638054178c32f1d283a --libnet cpan/libnet/lib/Net/Config.pm 9bd49bf4de0dc438bceee0ef4baf8ba7a6633327 -+libnet cpan/libnet/lib/Net/Config.pm 2873da5efbffed67934dd297ef6f360b3558cb0b - libnet cpan/libnet/lib/Net/Domain.pm 1bbed50f70fd1ff3e1cdf087b19a9349cddfaced - libnet cpan/libnet/lib/Net/FTP.pm 40dba553c8d44e1530daec2d07a6e50910401f2e - libnet cpan/libnet/lib/Net/FTP/A.pm c570b10730b168990034dcf9cb00e305a100f336 -@@ -176,6 +176,6 @@ libnet cpan/libnet/lib/Net/FTP/L.pm ac1599c775faee0474710e4f75051c8949f13df2 - libnet cpan/libnet/lib/Net/Netrc.pm 009cfc08f8a5bf247257acb64a21e1b6ad8b2c9c - libnet cpan/libnet/lib/Net/NNTP.pm 6325fc05fd9ef81dc8d461a77b2a3f56ad1ae114 - libnet cpan/libnet/lib/Net/POP3.pm 2d8065646df80061dae5a9e3465a36a6557165fd --libnet cpan/libnet/lib/Net/SMTP.pm f3ed7a177b49ee0ba65ac1c414de797cdbbe6886 -+libnet cpan/libnet/lib/Net/SMTP.pm f1beb42bfbef4333ed24ad63d5dd1aa5c67b20c7 - libnet cpan/libnet/lib/Net/Time.pm b3df8bbaa3bc253fbf77e8386c59a1b2aae13627 - version cpan/version/lib/version.pm ff75e2076be10bd4c05133cd979fda0b38ca8653 --- -2.1.4 - diff --git a/meta/recipes-devtools/perl/perl/run-ptest b/meta/recipes-devtools/perl/perl/run-ptest index 1e2dd1b66d..dad4d42916 100644 --- a/meta/recipes-devtools/perl/perl/run-ptest +++ b/meta/recipes-devtools/perl/perl/run-ptest @@ -1,2 +1,2 @@ #!/bin/sh -cd t && ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' +cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|' diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb index ac78dda4fe..1a9b8d1c3e 100644 --- a/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl_5.24.1.bb @@ -64,7 +64,6 @@ SRC_URI += " \ file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://perl-errno-generation-gcc5.patch \ file://perl-fix-conflict-between-skip_all-and-END.patch \ - file://perl-test-customized.patch \ file://perl-5.26.1-guard_old_libcrypt_fix.patch \ file://CVE-2017-12883.patch \ file://CVE-2017-12837.patch \ @@ -74,6 +73,7 @@ SRC_URI += " \ SRC_URI_append_class-target = " \ file://test/dist-threads-t-join.t-adjust-ps-option.patch \ file://test/ext-DynaLoader-t-DynaLoader.t-fix-calling-dl_findfil.patch \ + file://0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch \ " SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" diff --git a/meta/recipes-devtools/python/python-3.5-manifest.inc b/meta/recipes-devtools/python/python-3.5-manifest.inc index 0260e87e75..710b22eaa3 100644 --- a/meta/recipes-devtools/python/python-3.5-manifest.inc +++ b/meta/recipes-devtools/python/python-3.5-manifest.inc @@ -194,7 +194,7 @@ FILES_${PN}-readline="${libdir}/python3.5/lib-dynload/readline.*.so ${libdir}/py SUMMARY_${PN}-reprlib="Python alternate repr() implementation" RDEPENDS_${PN}-reprlib="${PN}-core" -FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.py ${libdir}/python3.5/__pycache__/reprlib.py " +FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.* ${libdir}/python3.5/__pycache__/reprlib.* " SUMMARY_${PN}-resource="Python resource control interface" RDEPENDS_${PN}-resource="${PN}-core" diff --git a/meta/recipes-devtools/python/python-native_2.7.13.bb b/meta/recipes-devtools/python/python-native_2.7.14.bb index 7edf153489..5373ce6690 100644 --- a/meta/recipes-devtools/python/python-native_2.7.13.bb +++ b/meta/recipes-devtools/python/python-native_2.7.14.bb @@ -1,7 +1,7 @@ require python.inc EXTRANATIVEPATH += "bzip2-native" -DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native" +DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native" PR = "${INC_PR}.1" SRC_URI += "\ @@ -17,6 +17,7 @@ SRC_URI += "\ file://builddir.patch \ file://parallel-makeinst-create-bindir.patch \ file://revert_use_of_sysconfigdata.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" @@ -39,6 +40,12 @@ do_configure_append() { autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi } +# Regenerate all of the generated files +# This ensures that pgen and friends get created during the compile phase +do_compile_prepend() { + oe_runmake regen-all +} + do_install() { oe_runmake 'DESTDIR=${D}' install install -d ${D}${bindir}/${PN} diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index b40f551ab3..979b601bf1 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -5,12 +5,12 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz" -SRC_URI[md5sum] = "53b43534153bb2a0363f08bae8b9d990" -SRC_URI[sha256sum] = "35d543986882f78261f97787fd3e06274bfa6df29fac9b4a94f73930ff98f731" +SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b" +SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x diff --git a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch index 366ce3e400..e795a74b91 100644 --- a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch +++ b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch @@ -9,6 +9,9 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Rebased for python-2.7.9 Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> +Rebased for python-2.7.14 +Signed-off-by: Derek Straka <derek@asterius.io> + Index: Python-2.7.13/Makefile.pre.in =================================================================== --- Python-2.7.13.orig/Makefile.pre.in @@ -30,14 +33,14 @@ Index: Python-2.7.13/Makefile.pre.in # Create build directory and generate the sysconfig build-time data there. # pybuilddir.txt contains the name of the build dir and is used for -@@ -681,7 +682,7 @@ Modules/pwdmodule.o: $(srcdir)/Modules/p - - $(GRAMMAR_H): @GENERATED_COMMENT@ $(GRAMMAR_INPUT) $(PGEN) +@@ -663,7 +663,7 @@ + # Regenerate Include/graminit.h and Python/graminit.c + # from Grammar/Grammar using pgen @$(MKDIR_P) Include -- $(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) -+ $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) - $(GRAMMAR_C): @GENERATED_COMMENT@ $(GRAMMAR_H) - touch $(GRAMMAR_C) +- $(PGEN) $(srcdir)/Grammar/Grammar \ ++ $(HOSTPGEN) $(srcdir)/Grammar/Grammar \ + $(srcdir)/Include/graminit.h \ + $(srcdir)/Python/graminit.c @@ -1121,27 +1122,27 @@ libinstall: build_all $(srcdir)/Lib/$(PL $(DESTDIR)$(LIBDEST)/distutils/tests ; \ diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch deleted file mode 100644 index 38e53778dc..0000000000 --- a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-Status: Backport - -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. - -(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227) ---- - Python/random.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index b4bc1f3..f3f5d14 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - } - - /* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). diff --git a/meta/recipes-devtools/python/python/fix-gc-alignment.patch b/meta/recipes-devtools/python/python/fix-gc-alignment.patch new file mode 100644 index 0000000000..b63cd08747 --- /dev/null +++ b/meta/recipes-devtools/python/python/fix-gc-alignment.patch @@ -0,0 +1,43 @@ +Upstream-Status: Submitted +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Fix for over-aligned GC info +Patch by Florian Weimer + +See: https://bugzilla.redhat.com/show_bug.cgi?id=1540316 +Upstream discussion: https://mail.python.org/pipermail/python-dev/2018-January/152000.html + +diff --git a/Include/objimpl.h b/Include/objimpl.h +index 55e83eced6..aa906144dc 100644 +--- a/Include/objimpl.h ++++ b/Include/objimpl.h +@@ -248,6 +248,18 @@ PyAPI_FUNC(PyVarObject *) _PyObject_GC_Resize(PyVarObject *, Py_ssize_t); + /* for source compatibility with 2.2 */ + #define _PyObject_GC_Del PyObject_GC_Del + ++/* Former over-aligned definition of PyGC_Head, used to compute the ++ size of the padding for the new version below. */ ++union _gc_head; ++union _gc_head_old { ++ struct { ++ union _gc_head *gc_next; ++ union _gc_head *gc_prev; ++ Py_ssize_t gc_refs; ++ } gc; ++ long double dummy; ++}; ++ + /* GC information is stored BEFORE the object structure. */ + typedef union _gc_head { + struct { +@@ -255,7 +267,8 @@ typedef union _gc_head { + union _gc_head *gc_prev; + Py_ssize_t gc_refs; + } gc; +- long double dummy; /* force worst-case alignment */ ++ double dummy; /* force worst-case alignment */ ++ char dummy_padding[sizeof(union _gc_head_old)]; + } PyGC_Head; + + extern PyGC_Head *_PyGC_generation0; +
\ No newline at end of file diff --git a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch index 669112dab0..90dcd57c04 100644 --- a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch +++ b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch @@ -15,7 +15,7 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in +TESTOPTS= -l -v $(EXTRATESTOPTS) TESTPROG= $(srcdir)/Lib/test/regrtest.py -TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) --test: all platform +-test: @DEF_MAKE_RULE@ platform - -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f +TESTPYTHON= $(RUNSHARED) $(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS) +test: build-test @@ -26,8 +26,8 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in -$(TESTPYTHON) $(TESTPROG) $(TESTOPTS) $(TESTPYTHON) $(TESTPROG) $(TESTOPTS) -+build-test: all platform ++build-test: @DEF_MAKE_RULE@ platform + - testall: all platform + testall: @DEF_MAKE_RULE@ platform -find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f $(TESTPYTHON) $(srcdir)/Lib/compileall.py diff --git a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch index 951cb466ff..abab41e957 100644 --- a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch +++ b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch @@ -8,12 +8,12 @@ Upstream-Status: Pending --- Python-2.7.3.orig/Makefile.pre.in +++ Python-2.7.3/Makefile.pre.in -@@ -1008,7 +1008,7 @@ LIBPL= $(LIBP)/config +@@ -1187,7 +1187,7 @@ LIBPC= $(LIBDIR)/pkgconfig - - libainstall: all python-config + + libainstall: @DEF_MAKE_RULE@ python-config - @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \ + @for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC) $(BINDIR); \ - do \ - if test ! -d $(DESTDIR)$$i; then \ - echo "Creating directory $$i"; \ + do \ + if test ! -d $(DESTDIR)$$i; then \ + echo "Creating directory $$i"; \ diff --git a/meta/recipes-devtools/python/python_2.7.13.bb b/meta/recipes-devtools/python/python_2.7.14.bb index 754c029097..35b6324970 100644 --- a/meta/recipes-devtools/python/python_2.7.13.bb +++ b/meta/recipes-devtools/python/python_2.7.14.bb @@ -26,9 +26,9 @@ SRC_URI += "\ file://parallel-makeinst-create-bindir.patch \ file://use_sysroot_ncurses_instead_of_host.patch \ file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ - file://Don-t-use-getentropy-on-Linux.patch \ file://pass-missing-libraries-to-Extension-for-mul.patch \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ + file://fix-gc-alignment.patch \ " S = "${WORKDIR}/Python-${PV}" diff --git a/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch new file mode 100644 index 0000000000..39b624d9f6 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch @@ -0,0 +1,82 @@ +From fb5362f205b37c5060fcd764a7ed393abe4f2f3d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:39:37 +0800 +Subject: [PATCH 1/2] fix opcode not supported on mips32-linux + +While build tests(`make check') on mips32-linux, there are +serial failures such as: +[snip] +| mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -c +-o atomic_incs-atomic_incs.o `test -f 'atomic_incs.c' || echo +'../../../valgrind-3.13.0/memcheck/tests/'`atomic_incs.c +| /tmp/ccqrmINN.s: Assembler messages: +| /tmp/ccqrmINN.s:247: Error: opcode not supported on this +processor: mips1 (mips1) `ll $t3,0($t1)' +| /tmp/ccqrmINN.s:249: Error: opcode not supported on this +processor: mips1 (mips1) `sc $t3,0($t1)' +[snip] + +Since the following commit applied, it defines CLFAGS for mips32, +but missed to pass them to tests which caused the above failure +... +3e344c57f Merge in a port for mips32-linux +... + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396905] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/Makefile.am | 5 +++++ + memcheck/tests/Makefile.am | 5 +++++ + none/tests/mips32/Makefile.am | 4 ++++ + 3 files changed, 14 insertions(+) + +diff --git a/helgrind/tests/Makefile.am b/helgrind/tests/Makefile.am +index ad1af191a..6209d35a7 100644 +--- a/helgrind/tests/Makefile.am ++++ b/helgrind/tests/Makefile.am +@@ -214,6 +214,11 @@ check_PROGRAMS += annotate_rwlock + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + LDADD = -lpthread +diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am +index 84e49405f..aff861a32 100644 +--- a/memcheck/tests/Makefile.am ++++ b/memcheck/tests/Makefile.am +@@ -443,6 +443,11 @@ check_PROGRAMS += reach_thread_register + endif + + AM_CFLAGS += $(AM_FLAG_M3264_PRI) ++ ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CXXFLAGS += $(AM_FLAG_M3264_PRI) + + if VGCONF_PLATFORMS_INCLUDE_ARM_LINUX +diff --git a/none/tests/mips32/Makefile.am b/none/tests/mips32/Makefile.am +index d11591d45..602cd26f6 100644 +--- a/none/tests/mips32/Makefile.am ++++ b/none/tests/mips32/Makefile.am +@@ -99,6 +99,10 @@ check_PROGRAMS = \ + round_fpu64 \ + fpu_branches + ++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX ++AM_CFLAGS += $(AM_CFLAGS_MIPS32_LINUX) ++endif ++ + AM_CFLAGS += @FLAG_M32@ + AM_CXXFLAGS += @FLAG_M32@ + AM_CCASFLAGS += @FLAG_M32@ +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch new file mode 100644 index 0000000000..6df295f8a2 --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch @@ -0,0 +1,47 @@ +From 63ce36396348e7c4c021cffa652d2e3d20f7963a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Fri, 27 Jul 2018 17:51:54 +0800 +Subject: [PATCH 2/2] fix broken inline asm in tests on mips32-linux + +While build tests(`make check') with gcc 8.1.0 on mips32-linux, +there is a failure +[snip] +|mips-wrsmllib32-linux-gcc -meb -mabi=32 -mhard-float -march=mips32 +-c -o tc08_hbl2-tc08_hbl2.o `test -f 'tc08_hbl2.c' || echo '../../../ +valgrind-3.13.0/helgrind/tests/'`tc08_hbl2.c +|/tmp/cc37aJxQ.s: Assembler messages: +|/tmp/cc37aJxQ.s:275: Error: symbol `L1xyzzy1main' is already defined +|Makefile:1323: recipe for target 'tc08_hbl2-tc08_hbl2.o' failed +[snip] + +Remove the duplicated L1xyzzy1main, and use local symbol to replace. +http://tigcc.ticalc.org/doc/gnuasm.html#SEC46 + +Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396906] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + helgrind/tests/tc08_hbl2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/helgrind/tests/tc08_hbl2.c b/helgrind/tests/tc08_hbl2.c +index 2a757a008..f660d82dd 100644 +--- a/helgrind/tests/tc08_hbl2.c ++++ b/helgrind/tests/tc08_hbl2.c +@@ -121,12 +121,12 @@ + #elif defined(PLAT_mips32_linux) || defined(PLAT_mips64_linux) + # define INC(_lval,_lqual) \ + __asm__ __volatile__ ( \ +- "L1xyzzy1" _lqual":\n" \ ++ "1:\n" \ + " move $t0, %0\n" \ + " ll $t1, 0($t0)\n" \ + " addiu $t1, $t1, 1\n" \ + " sc $t1, 0($t0)\n" \ +- " beqz $t1, L1xyzzy1" _lqual \ ++ " beqz $t1, 1b\n" \ + : /*out*/ : /*in*/ "r"(&(_lval)) \ + : /*trash*/ "t0", "t1", "memory" \ + ) +-- +2.17.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch b/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch deleted file mode 100644 index e9112da0cb..0000000000 --- a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f96cf1f4eaa72860ab8b5e18ad10fdc704d78c5f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 15 Dec 2015 15:01:34 +0200 -Subject: [PATCH 2/5] remove rpath - -Upstream-Status: Inappropriate [embedded config] -Signed-off-by: Saul Wold <sgw@linux.intel.com> ---- - none/tests/Makefile.am | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am -index 54f2a7e..25b0f49 100644 ---- a/none/tests/Makefile.am -+++ b/none/tests/Makefile.am -@@ -326,7 +326,6 @@ threadederrno_CFLAGS += --std=c99 - endif - tls_SOURCES = tls.c tls2.c - tls_DEPENDENCIES = tls.so tls2.so --tls_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests - tls_LDADD = tls.so tls2.so -lpthread - tls_so_SOURCES = tls_so.c - tls_so_DEPENDENCIES = tls2.so -@@ -334,7 +333,7 @@ if VGCONF_OS_IS_DARWIN - tls_so_LDFLAGS = -dynamic -dynamiclib -all_load -fpic - tls_so_LDADD = `pwd`/tls2.so - else -- tls_so_LDFLAGS = -Wl,-rpath,$(abs_top_builddir)/none/tests -shared -fPIC -+ tls_so_LDFLAGS = -shared -fPIC - tls_so_LDADD = tls2.so - endif - tls_so_CFLAGS = $(AM_CFLAGS) -fPIC --- -2.6.2 - diff --git a/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch new file mode 100644 index 0000000000..89a95b82fe --- /dev/null +++ b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch @@ -0,0 +1,36 @@ +Fix runtime Valgrind failure + +This patch is derived from +https://bugzilla.redhat.com/show_bug.cgi?id=1464211 + +At runtime it will fails like this: + +ARM64 front end: branch_etc +disInstr(arm64): unhandled instruction 0xD5380001 +disInstr(arm64): 1101'0101 0011'1000 0000'0000 0000'0001 ==2082== +valgrind: Unrecognised instruction at address 0x4014e64. + +This patch is a workaround by masking all HWCAP + +Upstream-Status: Pending + +Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> + +Index: valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c +=================================================================== + +--- valgrind-3.13.0.orig/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:22:17.698572675 -0800 ++++ valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c 2018-03-04 22:23:25.727815624 -0800 +@@ -703,6 +703,12 @@ + (and anything above) are not supported by Valgrind. */ + auxv->u.a_val &= VKI_HWCAP_S390_TE - 1; + } ++# elif defined(VGP_arm64_linux) ++ { ++ /* Linux 4.11 started populating this for arm64, but we ++ currently don't support any. */ ++ auxv->u.a_val = 0; ++ } + # endif + break; + # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) diff --git a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch index 51259db001..4b531b42ea 100644 --- a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch +++ b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch @@ -12,6 +12,11 @@ The #ifdef HAS_VSX guard is wrongly placed. It makes the standard include headers not be used. Causing a build failure. Fix by moving the #ifdef HAS_VSX after the standard includes. +[v2 changes] +- Add #ifdef HAS_VSX guard correctly for ppc64 test_isa_2_06_partx.c + test cases. The changes are similar to what was done for ppc32. + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Index: none/tests/ppc32/test_isa_2_06_part3.c =================================================================== --- a/none/tests/ppc32/test_isa_2_06_part3.c (revision 16449) @@ -85,3 +90,76 @@ Index: none/tests/ppc32/test_isa_2_06_part2.c #ifndef __powerpc64__ typedef uint32_t HWord_t; #else +Index: none/tests/ppc64/test_isa_2_06_part3.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part3.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part3.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else +Index: none/tests/ppc64/test_isa_2_06_part1.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part1.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part1.c (revision 16450) +@@ -20,13 +20,14 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> ++ ++#ifdef HAS_VSX ++ + #include <altivec.h> + + #ifndef __powerpc64__ +Index: none/tests/ppc64/test_isa_2_06_part2.c +=================================================================== +--- a/none/tests/ppc64/test_isa_2_06_part2.c (revision 16449) ++++ b/none/tests/ppc64/test_isa_2_06_part2.c (revision 16450) +@@ -20,17 +20,18 @@ + The GNU General Public License is contained in the file COPYING. + */ + +-#ifdef HAS_VSX +- + #include <stdio.h> + #include <stdint.h> + #include <stdlib.h> + #include <string.h> + #include <malloc.h> +-#include <altivec.h> + #include <math.h> + #include <unistd.h> // getopt + ++#ifdef HAS_VSX ++ ++#include <altivec.h> ++ + #ifndef __powerpc64__ + typedef uint32_t HWord_t; + #else diff --git a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb index bf3cfd7f36..39ec6f5cc8 100644 --- a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb +++ b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb @@ -16,7 +16,6 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://fixed-perl-path.patch \ file://Added-support-for-PPC-instructions-mfatbu-mfatbl.patch \ file://run-ptest \ - file://0002-remove-rpath.patch \ file://0004-Fix-out-of-tree-builds.patch \ file://0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch \ file://0001-Remove-tests-that-fail-to-build-on-some-PPC32-config.patch \ @@ -37,6 +36,9 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \ file://0003-tests-seg_override-Replace-__modify_ldt-with-syscall.patch \ file://link-gz-tests.patch \ file://ppc-headers.patch \ + file://mask-CPUID-support-in-HWCAP-on-aarch64.patch \ + file://0001-fix-opcode-not-supported-on-mips32-linux.patch \ + file://0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch \ " SRC_URI[md5sum] = "817dd08f1e8a66336b9ff206400a5369" SRC_URI[sha256sum] = "d76680ef03f00cd5e970bbdcd4e57fb1f6df7d2e2c071635ef2be74790190c3b" @@ -54,7 +56,6 @@ COMPATIBLE_HOST_linux-gnux32 = 'null' COMPATIBLE_HOST_linux-muslx32 = 'null' # Disable for some MIPS variants -COMPATIBLE_HOST_mipsarchn32 = 'null' COMPATIBLE_HOST_mipsarchr6 = 'null' inherit autotools ptest multilib_header @@ -86,6 +87,8 @@ def get_mcpu(d): do_configure_prepend () { rm -rf ${S}/config.h + sed -i -e 's:$(abs_top_builddir):$(pkglibdir)/ptest:g' ${S}/none/tests/Makefile.am + sed -i -e 's:$(top_builddir):$(pkglibdir)/ptest:g' ${S}/memcheck/tests/Makefile.am } do_install_append () { diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index de668d6d2b..acbf80a685 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -2,13 +2,13 @@ SUMMARY = "Very high-quality data compression program" DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \ Huffman coding. Compression is generally considerably better than that achieved by more conventional \ LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors." -HOMEPAGE = "http://www.bzip.org/" +HOMEPAGE = "https://sourceware.org/bzip2/" SECTION = "console/utils" LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" -SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ +SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ @@ -19,7 +19,7 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd" -UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html" +UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/" PACKAGES =+ "libbz2" diff --git a/meta/recipes-extended/lsb/lsbtest/packages_list b/meta/recipes-extended/lsb/lsbtest/packages_list index 959f931504..1a6c11699a 100644 --- a/meta/recipes-extended/lsb/lsbtest/packages_list +++ b/meta/recipes-extended/lsb/lsbtest/packages_list @@ -1,7 +1,7 @@ LSB_RELEASE="released-5.0" LSB_ARCH="lsbarch" -BASE_PACKAGES_LIST="lsb-setup-4.1.0-1.noarch.rpm" +BASE_PACKAGES_LIST="lsb-setup-5.0.0-2.noarch.rpm" RUNTIME_BASE_PACKAGES_LIST="lsb-dist-checker-5.0.0.1-1.targetarch.rpm \ lsb-tet3-lite-3.7-27.lsb5.targetarch.rpm \ diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb b/meta/recipes-extended/lsof/lsof_4.89.bb index 14546db23c..b58b8281f9 100644 --- a/meta/recipes-extended/lsof/lsof_4.89.bb +++ b/meta/recipes-extended/lsof/lsof_4.89.bb @@ -11,12 +11,12 @@ LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429 # https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be # the most commonly used alternative. -SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2 \ +SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz \ file://lsof-remove-host-information.patch \ " -SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386" -SRC_URI[sha256sum] = "81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718" +SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f" +SRC_URI[sha256sum] = "5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9" LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar" diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch new file mode 100644 index 0000000000..bdaba5eecd --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch @@ -0,0 +1,48 @@ +From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krahmer@suse.com> +Date: Wed, 3 Aug 2016 11:51:07 -0500 +Subject: [PATCH] Simplify getulong + +Use strtoul to read an unsigned long, rather than reading +a signed long long and casting it. + +https://bugzilla.suse.com/show_bug.cgi?id=979282 + +Upstream-Status: Backport +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + lib/getulong.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/lib/getulong.c b/lib/getulong.c +index 61579ca..08d2c1a 100644 +--- a/lib/getulong.c ++++ b/lib/getulong.c +@@ -44,22 +44,19 @@ + */ + int getulong (const char *numstr, /*@out@*/unsigned long int *result) + { +- long long int val; ++ unsigned long int val; + char *endptr; + + errno = 0; +- val = strtoll (numstr, &endptr, 0); ++ val = strtoul (numstr, &endptr, 0); + if ( ('\0' == *numstr) + || ('\0' != *endptr) + || (ERANGE == errno) +- /*@+ignoresigns@*/ +- || (val != (unsigned long int)val) +- /*@=ignoresigns@*/ + ) { + return 0; + } + +- *result = (unsigned long int)val; ++ *result = val; + return 1; + } + +-- +1.9.1 diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch new file mode 100644 index 0000000000..ee728f0952 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch @@ -0,0 +1,64 @@ +shadow-4.2.1: Fix CVE-2017-2616 + +[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 + +su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] +CVE: CVE-2017-2616 +bug: 855943 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/su.c b/src/su.c +index 3704217..1efcd61 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); + (void) kill (-pid_child, caught); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch new file mode 100644 index 0000000000..36887d44ee --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch @@ -0,0 +1,186 @@ +From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Thu, 15 Feb 2018 23:49:40 +1100 +Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group + +This is necessary to match the kernel-side policy of "self-mapping in a +user namespace is fine, but you cannot drop groups" -- a policy that was +created in order to stop user namespaces from allowing trivial privilege +escalation by dropping supplementary groups that were "blacklisted" from +certain paths. + +This is the simplest fix for the underlying issue, and effectively makes +it so that unless a user has a valid mapping set in /etc/subgid (which +only administrators can modify) -- and they are currently trying to use +that mapping -- then /proc/$pid/setgroups will be set to deny. This +workaround is only partial, because ideally it should be possible to set +an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow +administrators to further restrict newgidmap(1). + +We also don't write anything in the "allow" case because "allow" is the +default, and users may have already written "deny" even if they +technically are allowed to use setgroups. And we don't write anything if +the setgroups policy is already "deny". + +Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 +Fixes: CVE-2018-7169 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0] +Reported-by: Craig Furman <craig.furman89@gmail.com> +Signed-off-by: Aleksa Sarai <asarai@suse.de> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 80 insertions(+), 9 deletions(-) + +diff --git a/src/newgidmap.c b/src/newgidmap.c +index b1e33513..59a2e75c 100644 +--- a/src/newgidmap.c ++++ b/src/newgidmap.c +@@ -46,32 +46,37 @@ + */ + const char *Prog; + +-static bool verify_range(struct passwd *pw, struct map_range *range) ++ ++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) + { + /* An empty range is invalid */ + if (range->count == 0) + return false; + +- /* Test /etc/subgid */ +- if (have_sub_gids(pw->pw_name, range->lower, range->count)) ++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ ++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) { ++ *allow_setgroups = true; + return true; ++ } + +- /* Allow a process to map it's own gid */ +- if ((range->count == 1) && (pw->pw_gid == range->lower)) ++ /* Allow a process to map its own gid. */ ++ if ((range->count == 1) && (pw->pw_gid == range->lower)) { ++ /* noop -- if setgroups is enabled already we won't disable it. */ + return true; ++ } + + return false; + } + + static void verify_ranges(struct passwd *pw, int ranges, +- struct map_range *mappings) ++ struct map_range *mappings, bool *allow_setgroups) + { + struct map_range *mapping; + int idx; + + mapping = mappings; + for (idx = 0; idx < ranges; idx++, mapping++) { +- if (!verify_range(pw, mapping)) { ++ if (!verify_range(pw, mapping, allow_setgroups)) { + fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), + Prog, + mapping->upper, +@@ -89,6 +94,70 @@ static void usage(void) + exit(EXIT_FAILURE); + } + ++void write_setgroups(int proc_dir_fd, bool allow_setgroups) ++{ ++ int setgroups_fd; ++ char *policy, policy_buffer[4096]; ++ ++ /* ++ * Default is "deny", and any "allow" will out-rank a "deny". We don't ++ * forcefully write an "allow" here because the process we are writing ++ * mappings for may have already set themselves to "deny" (and "allow" ++ * is the default anyway). So allow_setgroups == true is a noop. ++ */ ++ policy = "deny\n"; ++ if (allow_setgroups) ++ return; ++ ++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC); ++ if (setgroups_fd < 0) { ++ /* ++ * If it's an ENOENT then we are on too old a kernel for the setgroups ++ * code to exist. Emit a warning and bail on this. ++ */ ++ if (ENOENT == errno) { ++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog); ++ goto out; ++ } ++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* ++ * Check whether the policy is already what we want. /proc/self/setgroups ++ * is write-once, so attempting to write after it's already written to will ++ * fail. ++ */ ++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) { ++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (!strncmp(policy_buffer, policy, strlen(policy))) ++ goto out; ++ ++ /* Write the policy. */ ++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) { ++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"), ++ Prog, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (dprintf(setgroups_fd, "%s", policy) < 0) { ++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"), ++ Prog, ++ policy, ++ strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++out: ++ close(setgroups_fd); ++} ++ + /* + * newgidmap - Set the gid_map for the specified process + */ +@@ -103,6 +172,7 @@ int main(int argc, char **argv) + struct stat st; + struct passwd *pw; + int written; ++ bool allow_setgroups = false; + + Prog = Basename (argv[0]); + +@@ -145,7 +215,7 @@ int main(int argc, char **argv) + (unsigned long) getuid ())); + return EXIT_FAILURE; + } +- ++ + /* Get the effective uid and effective gid of the target process */ + if (fstat(proc_dir_fd, &st) < 0) { + fprintf(stderr, _("%s: Could not stat directory for target %u\n"), +@@ -177,8 +247,9 @@ int main(int argc, char **argv) + if (!mappings) + usage(); + +- verify_ranges(pw, ranges, mappings); ++ verify_ranges(pw, ranges, mappings, &allow_setgroups); + ++ write_setgroups(proc_dir_fd, allow_setgroups); + write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); + sub_gid_close(); + +-- +2.13.3 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index ccae09183c..f3f5bf6f07 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -19,7 +19,10 @@ SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ file://0001-useradd-copy-extended-attributes-of-home.patch \ file://0001-shadow-CVE-2017-12424 \ + file://CVE-2017-2616.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://CVE-2018-7169.patch \ + file://CVE-2016-6252.patch \ " SRC_URI_append_class-target = " \ @@ -130,7 +133,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ diff --git a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch b/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch deleted file mode 100644 index e49fa09647..0000000000 --- a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch +++ /dev/null @@ -1,174 +0,0 @@ -From b520d20b8122a783f99f088758b78d928f70ee34 Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 11:42:45 -0700 -Subject: [PATCH] Fix Makefile quoting bug - -Problem with INSTALLARGS reported by Zefram in: -https://mm.icann.org/pipermail/tz/2017-October/025360.html -Fix similar problems too. -* Makefile (ZIC_INSTALL, VALIDATE_ENV, CC, install) -(INSTALL, version, INSTALLARGS, right_posix, posix_right) -(check_public): Use apostrophes to prevent undesirable -interpretation of names by the shell. We still do not support -directory names containing apostrophes or newlines, but this is -good enough. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - -* NEWS: Mention this. ---- - Makefile | 64 ++++++++++++++++++++++++++++++++-------------------------------- - NEWS | 8 ++++++++ - 2 files changed, 40 insertions(+), 32 deletions(-) - -diff --git a/Makefile b/Makefile -index c92edc0..97649ca 100644 ---- a/Makefile -+++ b/Makefile -@@ -313,7 +313,7 @@ ZFLAGS= - - # How to use zic to install tz binary files. - --ZIC_INSTALL= $(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS) -+ZIC_INSTALL= $(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS) - - # The name of a Posix-compliant 'awk' on your system. - AWK= awk -@@ -341,8 +341,8 @@ SGML_CATALOG_FILES= \ - VALIDATE = nsgmls - VALIDATE_FLAGS = -s -B -wall -wno-unused-param - VALIDATE_ENV = \ -- SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \ -- SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \ -+ SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \ -+ SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \ - SP_CHARSET_FIXED=YES \ - SP_ENCODING=UTF-8 - -@@ -396,7 +396,7 @@ GZIPFLAGS= -9n - #MAKE= make - - cc= cc --CC= $(cc) -DTZDIR=\"$(TZDIR)\" -+CC= $(cc) -DTZDIR='"$(TZDIR)"' - - AR= ar - -@@ -473,29 +473,29 @@ all: tzselect yearistype zic zdump libtz.a $(TABDATA) - ALL: all date $(ENCHILADA) - - install: all $(DATA) $(REDO) $(MANS) -- mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \ -- $(DESTDIR)$(LIBDIR) \ -- $(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \ -- $(DESTDIR)$(MANDIR)/man8 -+ mkdir -p '$(DESTDIR)$(ETCDIR)' '$(DESTDIR)$(TZDIR)' \ -+ '$(DESTDIR)$(LIBDIR)' \ -+ '$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \ -+ '$(DESTDIR)$(MANDIR)/man8' - $(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES) -- cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/. -- cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/. -- cp libtz.a $(DESTDIR)$(LIBDIR)/. -- $(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a -- cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/. -- cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/. -- cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/. -+ cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.' -+ cp tzselect zic zdump '$(DESTDIR)$(ETCDIR)/.' -+ cp libtz.a '$(DESTDIR)$(LIBDIR)/.' -+ $(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a' -+ cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.' -+ cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.' -+ cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.' - - INSTALL: ALL install date.1 -- mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1 -- cp date $(DESTDIR)$(BINDIR)/. -- cp -f date.1 $(DESTDIR)$(MANDIR)/man1/. -+ mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1' -+ cp date '$(DESTDIR)$(BINDIR)/.' -+ cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.' - - version: $(VERSION_DEPS) - { (type git) >/dev/null 2>&1 && \ - V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \ - --abbrev=7 --dirty` || \ -- V=$(VERSION); } && \ -+ V='$(VERSION)'; } && \ - printf '%s\n' "$$V" >$@.out - mv $@.out $@ - -@@ -529,12 +529,12 @@ leapseconds: $(LEAP_DEPS) - # Arguments to pass to submakes of install_data. - # They can be overridden by later submake arguments. - INSTALLARGS = \ -- BACKWARD=$(BACKWARD) \ -- DESTDIR=$(DESTDIR) \ -+ BACKWARD='$(BACKWARD)' \ -+ DESTDIR='$(DESTDIR)' \ - LEAPSECONDS='$(LEAPSECONDS)' \ - PACKRATDATA='$(PACKRATDATA)' \ -- TZDIR=$(TZDIR) \ -- YEARISTYPE=$(YEARISTYPE) \ -+ TZDIR='$(TZDIR)' \ -+ YEARISTYPE='$(YEARISTYPE)' \ - ZIC='$(ZIC)' - - # 'make install_data' installs one set of tz binary files. -@@ -558,16 +558,16 @@ right_only: - # You must replace all of $(TZDIR) to switch from not using leap seconds - # to using them, or vice versa. - right_posix: right_only -- rm -fr $(DESTDIR)$(TZDIR)-leaps -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -+ rm -fr '$(DESTDIR)$(TZDIR)-leaps' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only - - posix_right: posix_only -- rm -fr $(DESTDIR)$(TZDIR)-posix -- ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \ -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only -- $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only -+ rm -fr '$(DESTDIR)$(TZDIR)-posix' -+ ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \ -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only -+ $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only - - # This obsolescent rule is present for backwards compatibility with - # tz releases 2014g through 2015g. It should go away eventually. -@@ -764,7 +764,7 @@ set-timestamps.out: $(ENCHILADA) - - check_public: - $(MAKE) maintainer-clean -- $(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL -+ $(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL - mkdir -p public.dir - for i in $(TDATA) tzdata.zi; do \ - $(zic) -v -d public.dir $$i 2>&1 || exit; \ -diff --git a/NEWS b/NEWS -index bd2bec2..75ab095 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,5 +1,13 @@ - News for the tz database - -+Unreleased, experimental changes -+ -+ Changes to build procedure -+ -+ The Makefile now quotes values like BACKWARD more carefully when -+ passing them to the shell. (Problem reported by Zefram.) -+ -+ - Release 2017c - 2017-10-20 14:49:34 -0700 - - Briefly: --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch b/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch deleted file mode 100644 index 87afe47694..0000000000 --- a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e231da4fb2beb17c60b4b1a5c276366d6a6e433f Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 23 Oct 2017 17:58:36 -0700 -Subject: [PATCH] Port zdump to C90 + snprintf -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Problem reported by Jon Skeet in: -https://mm.icann.org/pipermail/tz/2017-October/025362.html -* NEWS: Mention this. -* zdump.c (my_snprintf): New macro or function. If a macro, it is -just snprintf. If a function, it is the same as the old snprintf -static function, with an ATTRIBUTE_FORMAT to pacify modern GCC. -All uses of snprintf changed to use my_snprintf. This way, -installers don’t need to specify -DHAVE_SNPRINTF if they are using -a pre-C99 compiler with a library that has snprintf. - -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - NEWS | 4 ++++ - zdump.c | 29 ++++++++++++++++------------- - 2 files changed, 20 insertions(+), 13 deletions(-) - -diff --git a/NEWS b/NEWS -index 75ab095..dea08b8 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,6 +7,10 @@ Unreleased, experimental changes - The Makefile now quotes values like BACKWARD more carefully when - passing them to the shell. (Problem reported by Zefram.) - -+ Builders no longer need to specify -DHAVE_SNPRINTF on platforms -+ that have snprintf and use pre-C99 compilers. (Problem reported -+ by Jon Skeet.) -+ - - Release 2017c - 2017-10-20 14:49:34 -0700 - -diff --git a/zdump.c b/zdump.c -index 8e3bf3e..d4e6084 100644 ---- a/zdump.c -+++ b/zdump.c -@@ -795,12 +795,14 @@ show(timezone_t tz, char *zone, time_t t, bool v) - abbrok(abbr(tmp), zone); - } - --#if !HAVE_SNPRINTF -+#if HAVE_SNPRINTF -+# define my_snprintf snprintf -+#else - # include <stdarg.h> - - /* A substitute for snprintf that is good enough for zdump. */ --static int --snprintf(char *s, size_t size, char const *format, ...) -+static int ATTRIBUTE_FORMAT((printf, 3, 4)) -+my_snprintf(char *s, size_t size, char const *format, ...) - { - int n; - va_list args; -@@ -839,10 +841,10 @@ format_local_time(char *buf, size_t size, struct tm const *tm) - { - int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour; - return (ss -- ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) -+ ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss) - : mm -- ? snprintf(buf, size, "%02d:%02d", hh, mm) -- : snprintf(buf, size, "%02d", hh)); -+ ? my_snprintf(buf, size, "%02d:%02d", hh, mm) -+ : my_snprintf(buf, size, "%02d", hh)); - } - - /* Store into BUF, of size SIZE, a formatted UTC offset for the -@@ -877,10 +879,10 @@ format_utc_offset(char *buf, size_t size, struct tm const *tm, time_t t) - mm = off / 60 % 60; - hh = off / 60 / 60; - return (ss || 100 <= hh -- ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) -+ ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss) - : mm -- ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -- : snprintf(buf, size, "%c%02ld", sign, hh)); -+ ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm) -+ : my_snprintf(buf, size, "%c%02ld", sign, hh)); - } - - /* Store into BUF (of size SIZE) a quoted string representation of P. -@@ -983,15 +985,16 @@ istrftime(char *buf, size_t size, char const *time_fmt, - for (abp = ab; is_alpha(*abp); abp++) - continue; - len = (!*abp && *ab -- ? snprintf(b, s, "%s", ab) -+ ? my_snprintf(b, s, "%s", ab) - : format_quoted_string(b, s, ab)); - if (s <= len) - return false; - b += len, s -= len; - } -- formatted_len = (tm->tm_isdst -- ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -- : 0); -+ formatted_len -+ = (tm->tm_isdst -+ ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst) -+ : 0); - } - break; - } --- -2.7.4 - diff --git a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb index 85e9b70ace..816e34d00f 100644 --- a/meta/recipes-extended/tzcode/tzcode-native_2018c.bb +++ b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb @@ -11,10 +11,10 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.md5sum] = "e6e0d4b2ce3fa6906f303157bed2612e" -SRC_URI[tzcode.sha256sum] = "31fa7fc0f94a6ff2d6bc878c0a35e8ab8b5aa0e8b01445a1d4a8f14777d0e665" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" +SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f" +SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70" S = "${WORKDIR}" diff --git a/meta/recipes-extended/tzdata/tzdata_2018c.bb b/meta/recipes-extended/tzdata/tzdata_2018f.bb index a521ad6b4a..b167540608 100644 --- a/meta/recipes-extended/tzdata/tzdata_2018c.bb +++ b/meta/recipes-extended/tzdata/tzdata_2018f.bb @@ -9,8 +9,8 @@ DEPENDS = "tzcode-native" SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzdata.md5sum] = "c412b1531adef1be7a645ab734f86acc" -SRC_URI[tzdata.sha256sum] = "2825c3e4b7ef520f24d393bcc02942f9762ffd3e7fc9b23850789ed8f22933f6" +SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15" +SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2" inherit allarch diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb index c71ab1165d..9d8fb28281 100644 --- a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb +++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb @@ -5,7 +5,7 @@ DESCRIPTION = "The Cantarell font typeface is designed as a \ on-screen reading; in particular, reading web pages on an \ HTC Dream mobile phone." -HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/" +HOMEPAGE = "https://gitlab.gnome.org/GNOME/cantarell-fonts/" SECTION = "fonts" LICENSE = "OFL-1.1" LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" PV = "0.0.24" SRCREV = "07b6ea2cbbebfc360aa4668612a376be5e214eaa" -SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master" +SRC_URI = "git://gitlab.gnome.org/GNOME/cantarell-fonts;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!0\.13)(?!0\.10\.1)\d+\.\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch new file mode 100644 index 0000000000..9a1b12e4f4 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch @@ -0,0 +1,75 @@ +From 4794b5dd34688158fb51a2943032569d3780c4b8 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sat, 21 Oct 2017 23:47:52 +0200 +Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612) + +It is possible to trigger heap overflows due to an integer overflow +while parsing images and a signedness issue while parsing comments. + +The integer overflow occurs because the chosen limit 0x10000 for +dimensions is too large for 32 bit systems, because each pixel takes +4 bytes. Properly chosen values allow an overflow which in turn will +lead to less allocated memory than needed for subsequent reads. + +The signedness bug is triggered by reading the length of a comment +as unsigned int, but casting it to int when calling the function +XcursorCommentCreate. Turning length into a negative value allows the +check against XCURSOR_COMMENT_MAX_LEN to pass, and the following +addition of sizeof (XcursorComment) + 1 makes it possible to allocate +less memory than needed for subsequent reads. + +Upstream-Status: Backport from v1.1.15 +CVE: CVE-2017-16612 + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/file.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/file.c b/src/file.c +index 43163c2..da16277 100644 +--- a/src/file.c ++++ b/src/file.c +@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height) + { + XcursorImage *image; + ++ if (width < 0 || height < 0) ++ return NULL; ++ if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE) ++ return NULL; ++ + image = malloc (sizeof (XcursorImage) + + width * height * sizeof (XcursorPixel)); + if (!image) +@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length) + { + XcursorComment *comment; + +- if (length > XCURSOR_COMMENT_MAX_LEN) ++ if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN) + return NULL; + + comment = malloc (sizeof (XcursorComment) + length + 1); +@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile *file, + if (!_XcursorReadUInt (file, &head.delay)) + return NULL; + /* sanity check data */ +- if (head.width >= 0x10000 || head.height > 0x10000) ++ if (head.width > XCURSOR_IMAGE_MAX_SIZE || ++ head.height > XCURSOR_IMAGE_MAX_SIZE) + return NULL; + if (head.width == 0 || head.height == 0) + return NULL; +@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile *file, + + /* Create the image and initialize it */ + image = XcursorImageCreate (head.width, head.height); ++ if (image == NULL) ++ return NULL; + if (chunkHeader.version < image->version) + image->version = chunkHeader.version; + image->size = chunkHeader.subtype; +-- +cgit v1.1 + diff --git a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb index 17629047b7..ccc4347820 100644 --- a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb +++ b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb @@ -16,6 +16,8 @@ BBCLASSEXTEND = "native nativesdk" PE = "1" +SRC_URI += "file://CVE-2017-16612.patch" + XORG_PN = "libXcursor" SRC_URI[md5sum] = "1e7c17afbbce83e2215917047c57d1b3" diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb index 552eb6abaa..6052650c95 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb +++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb @@ -9,6 +9,8 @@ DEPENDS += "cryptodev-linux" SRC_URI += " \ file://0001-Disable-installing-header-file-provided-by-another-p.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \ +file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \ " EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc index 50366e7202..ab15bc1d97 100644 --- a/meta/recipes-kernel/cryptodev/cryptodev.inc +++ b/meta/recipes-kernel/cryptodev/cryptodev.inc @@ -3,11 +3,9 @@ HOMEPAGE = "http://cryptodev-linux.org/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" +SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux" +SRCREV = "87d959d9a279c055b361de8e730fab6a7144edd7" -SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d" -SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950" - -S = "${WORKDIR}/cryptodev-linux-${PV}" +S = "${WORKDIR}/git" CLEANBROKEN = "1" diff --git a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch index 3f0298b0b0..84fd27e681 100644 --- a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch +++ b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch @@ -14,37 +14,37 @@ Upstream-Status: Pending tests/Makefile | 8 ++++++++ 2 files changed, 14 insertions(+), 0 deletions(-) -diff --git a/Makefile b/Makefile -index 31c4b3f..2ecf2a9 100644 ---- a/Makefile -+++ b/Makefile -@@ -34,6 +34,9 @@ modules_install: - @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." - @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h +Index: git/Makefile +=================================================================== +--- git.orig/Makefile ++++ git/Makefile +@@ -35,6 +35,9 @@ modules_install: + $(MAKE) $(KERNEL_MAKE_OPTS) modules_install + install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h +install_tests: + make -C tests install DESTDIR=$(PREFIX) + clean: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean + $(MAKE) $(KERNEL_MAKE_OPTS) clean rm -f $(hostprogs) *~ -@@ -42,6 +45,9 @@ clean: +@@ -43,6 +46,9 @@ clean: check: - CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check +testprogs: + KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs + CPOPTS = - ifneq (${SHOW_TYPES},) + ifneq ($(SHOW_TYPES),) CPOPTS += --show-types -diff --git a/tests/Makefile b/tests/Makefile -index c9f04e8..cd202af 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o - example-async-speed-objs := async_speed.o - example-hashcrypt-speed-objs := hashcrypt_speed.c +Index: git/tests/Makefile +=================================================================== +--- git.orig/tests/Makefile ++++ git/tests/Makefile +@@ -23,6 +23,12 @@ bindir = $(execprefix)/bin + + all: $(hostprogs) +install: + install -d $(DESTDIR)/usr/bin/tests_cryptodev @@ -55,9 +55,9 @@ index c9f04e8..cd202af 100644 check: $(hostprogs) ./cipher ./hmac -@@ -28,6 +34,8 @@ check: $(hostprogs) - ./cipher-gcm - ./cipher-aead +@@ -38,6 +44,8 @@ install: + install -m 755 $$prog $(DESTDIR)/$(bindir); \ + done +testprogs: $(hostprogs) + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch new file mode 100644 index 0000000000..a41efacdd9 --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch @@ -0,0 +1,49 @@ +From f0d69774afb27ffc62bf353465fba145e70cb85a Mon Sep 17 00:00:00 2001 +From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Date: Mon, 4 Sep 2017 11:05:08 +0200 +Subject: [PATCH] ioctl.c: Fix build with linux 4.13 + +git/ioctl.c:1127:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ +note: (near initialization for 'verbosity_ctl_dir[1]') +git/ioctl.c:1136:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init] + {0, }, + ^ + +Linux kernel has added -Werror=designated-init around 4.11 (c834f0e8a8b) +triggering build errors with gcc 5 and 6 (but not with gcc 4) + +Upstream-Status: Backport + +Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com> +Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> +--- + ioctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 0385203..8d4a162 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1124,7 +1124,7 @@ static struct ctl_table verbosity_ctl_dir[] = { + .mode = 0644, + .proc_handler = proc_dointvec, + }, +- {0, }, ++ {}, + }; + + static struct ctl_table verbosity_ctl_root[] = { +@@ -1133,7 +1133,7 @@ static struct ctl_table verbosity_ctl_root[] = { + .mode = 0555, + .child = verbosity_ctl_dir, + }, +- {0, }, ++ {}, + }; + static struct ctl_table_header *verbosity_sysctl_header; + static int __init init_cryptodev(void) +-- +2.7.4 + diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch new file mode 100644 index 0000000000..5881d1c4ee --- /dev/null +++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch @@ -0,0 +1,43 @@ +From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com> +Date: Wed, 23 May 2018 18:43:39 +0300 +Subject: [PATCH] ioctl.c: Fix build with linux 4.17 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly: +819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel") + +Since cryptodev uses sys_close() - and this has been removed in commit: +2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()") +cryptodev has to be updated to use the ksys_close() wrapper. + +Signed-off-by: Horia Geantă <horia.geanta@nxp.com> + +Upstream-Status: Backport + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + ioctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ioctl.c b/ioctl.c +index d831b0c..2571034 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + fd = clonefd(filp); + ret = put_user(fd, p); + if (unlikely(ret)) { ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0)) + sys_close(fd); ++#else ++ ksys_close(fd); ++#endif + return ret; + } + return ret; +-- +2.7.4 + diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb index f3dd772020..2c3f8cd323 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb @@ -232,6 +232,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \ ${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \ ${PN}-vt6656-license ${PN}-vt6656 \ ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \ + ${PN}-rtl8168 \ ${PN}-broadcom-license \ ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \ ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \ @@ -440,6 +441,7 @@ LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware" LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware" +LICENSE_${PN}-rtl8168 = "WHENCE" FILES_${PN}-rtl-license = " \ ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \ @@ -462,6 +464,9 @@ FILES_${PN}-rtl8723 = " \ FILES_${PN}-rtl8821 = " \ ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \ " +FILES_${PN}-rtl8168 = " \ + ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \ +" RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license" @@ -469,6 +474,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license" RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license" RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license" +RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license" # For ti-connectivity LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity" diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index c1b5b7786d..8bbfa23e4b 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -69,6 +69,13 @@ do_install() { cp ${B}/arch/powerpc/lib/crtsavres.o $kerneldir/arch/powerpc/lib/crtsavres.o fi + # Remove fixdep/objtool as they won't be target binaries + for i in fixdep objtool; do + if [ -e $kerneldir/tools/objtool/$i ]; then + rm -rf $kerneldir/tools/objtool/$i + fi + done + chown -R root:root ${D} } # Ensure we don't race against "make scripts" during cpio diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb index b7c03ee79a..e6061f7293 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "705d03507a0c10dcbf9cad3ff70f5d60b70f2d99" -SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80" +SRCREV_machine ?= "ef88c3326f62cec4b98340324ddbe7f7f7704fd5" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.12.24" +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb index 97538e28bb..cd6e0aa17b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "d5efeeeb928a0111fc187fd1e8d03d2e4e35d4a0" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "515e72c4bbb5d99964669052220fe459177b7329" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb index 5c016ed7c2..539865cae7 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "90d1ffa36cbd36722638c97c1bb46a5874dbe28e" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "3ba839d695fd3681e6920373fc260a2a3f812b8f" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb index 31307a6385..cb4ef3a659 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.12.24" +LINUX_VERSION ?= "4.12.28" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb index 8a98189d4c..fcf0c6a68c 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb index 4d4680254d..78b2a9640e 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb @@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/meta/recipes-kernel/linux/linux-yocto_4.12.bb index 8d560127f0..0aea05b83f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.12.bb @@ -11,22 +11,22 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "45824c60ca37f414a5ac5783e970338db9a5a2af" -SRCREV_machine_qemuarm64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_machine_qemumips ?= "66f741b0b3d093e6b6df0f44120913ef3a259e23" -SRCREV_machine_qemuppc ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_machine_qemux86 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_machine_qemux86-64 ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_machine_qemumips64 ?= "c5d838c9e26bd657b49dfe28b115e5bc4b580850" -SRCREV_machine ?= "f9d67777b07ac97966186c1b56db78afe2a16f92" -SRCREV_meta ?= "46171de19220c49d670544017cfbeffc1ec70e80" +SRCREV_machine_qemuarm ?= "b84ecefc243a6ed67d8b6020394963de1240a9f0" +SRCREV_machine_qemuarm64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips ?= "15b1ab68f73fa60dd95a74c640e87e05fad1716d" +SRCREV_machine_qemuppc ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemux86-64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_machine_qemumips64 ?= "57a3f72a020fc84f2da5b0b4c5de4cdbc22b3284" +SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a" +SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}" DEPENDS += "openssl-native util-linux-native" -LINUX_VERSION ?= "4.12.24" +LINUX_VERSION ?= "4.12.28" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb index 97c16d59dd..9d0724712a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "400c0f39b954cd8fffdf53e6ec97852b73fea7af" -SRCREV_machine_qemuarm64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips ?= "fb03a9472367b6c177729ac631326aafd5d17c92" -SRCREV_machine_qemuppc ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemux86-64 ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_machine_qemumips64 ?= "26b8ba186a6d39728fc1510bd2264110c75842f5" -SRCREV_machine ?= "4d31a8b7661509ff1044abcf9050750cc2478e20" -SRCREV_meta ?= "b149d14ccae8349ab33e101f6af233a12f4b17ba" +SRCREV_machine_qemuarm ?= "a68a73dbd3c37ec21239dd97060eef308f1ff958" +SRCREV_machine_qemuarm64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips ?= "3c0e62ea8803a1757e389dcd6233e3d6acba8d2c" +SRCREV_machine_qemuppc ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemux86-64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_machine_qemumips64 ?= "eaed2a94a20c7f65afa342d9243f19337f63b434" +SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623" +SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.4.113" +LINUX_VERSION ?= "4.4.162" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_4.9.bb b/meta/recipes-kernel/linux/linux-yocto_4.9.bb index a5a165f760..5826ba6e2a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_4.9.bb +++ b/meta/recipes-kernel/linux/linux-yocto_4.9.bb @@ -11,20 +11,20 @@ KBRANCH_qemux86 ?= "standard/base" KBRANCH_qemux86-64 ?= "standard/base" KBRANCH_qemumips64 ?= "standard/mti-malta64" -SRCREV_machine_qemuarm ?= "23369eb7e07c839fa73a8c1e85aba37a07bf14c1" -SRCREV_machine_qemuarm64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips ?= "cab9e059447878f5383f91a05db12813f69cbfc1" -SRCREV_machine_qemuppc ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemux86-64 ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_machine_qemumips64 ?= "c2e5ef83b612d50f50fafeed9930dbea302fbe8c" -SRCREV_machine ?= "eb3b2079ea43b451e06be443f8bc146736f9c4bc" -SRCREV_meta ?= "0774eacea2a7d3a150594533b8c80d0c0bfdfded" +SRCREV_machine_qemuarm ?= "cd831469d8eb4d900fe65985921d2003c59f3a86" +SRCREV_machine_qemuarm64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips ?= "24b020741e8762ec8aeb5be95f842332083b2028" +SRCREV_machine_qemuppc ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemux86-64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_machine_qemumips64 ?= "100a1682529e34d118d5552c9db773635cd2c621" +SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07" +SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e" SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;name=machine;branch=${KBRANCH}; \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}" -LINUX_VERSION ?= "4.9.82" +LINUX_VERSION ?= "4.9.113" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index b79b973947..6fd23d63e3 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -22,6 +22,9 @@ PACKAGECONFIG[libnuma] = ",NO_LIBNUMA=1" PACKAGECONFIG[systemtap] = ",NO_SDT=1,systemtap" PACKAGECONFIG[jvmti] = ",NO_JVMTI=1" +# libaudit support would need scripting to be enabled +PACKAGECONFIG[audit] = ",NO_LIBAUDIT=1,audit" + DEPENDS = " \ virtual/${MLPREFIX}libc \ ${MLPREFIX}elfutils \ @@ -56,7 +59,7 @@ export PERL_ARCHLIB = "${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version inherit kernelsrc -B = "${WORKDIR}/${BPN}-${PV}" +S = "${WORKDIR}/${BP}" SPDX_S = "${S}/tools/perf" # The LDFLAGS is required or some old kernels fails due missing @@ -92,6 +95,24 @@ EXTRA_OEMAKE += "\ 'infodir=${@os.path.relpath(infodir, prefix)}' \ " +# During do_configure, we might run a 'make clean'. That often breaks +# when done in parallel, so disable parallelism for do_configure. Note +# that it has to be done this way rather than by passing -j1, since +# perf's build system by default ignores any -j argument, but does +# honour a JOBS variable. +EXTRA_OEMAKE_append_task-configure = " JOBS=1" + +PERF_SRC ?= "Makefile \ + include \ + tools/arch \ + tools/build \ + tools/include \ + tools/lib \ + tools/Makefile \ + tools/perf \ + tools/scripts \ +" + PERF_EXTRA_LDFLAGS = "" # MIPS N32 @@ -114,11 +135,22 @@ do_install() { fi } -do_configure_prepend () { - # Fix for rebuilding - rm -rf ${B}/ - mkdir -p ${B}/ +do_configure[prefuncs] += "copy_perf_source_from_kernel" +python copy_perf_source_from_kernel() { + sources = (d.getVar("PERF_SRC") or "").split() + src_dir = d.getVar("STAGING_KERNEL_DIR") + dest_dir = d.getVar("S") + bb.utils.mkdirhier(dest_dir) + for s in sources: + src = oe.path.join(src_dir, s) + dest = oe.path.join(dest_dir, s) + if os.path.isdir(src): + oe.path.copyhardlinktree(src, dest) + else: + bb.utils.copyfile(src, dest) +} +do_configure_prepend () { # If building a multlib based perf, the incorrect library path will be # detected by perf, since it triggers via: ifeq ($(ARCH),x86_64). In a 32 bit # build, with a 64 bit multilib, the arch won't match and the detection of a @@ -214,7 +246,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" RDEPENDS_${PN} += "elfutils bash" RDEPENDS_${PN}-doc += "man" RDEPENDS_${PN}-archive =+ "bash" -RDEPENDS_${PN}-python =+ "bash python python-modules" +RDEPENDS_${PN}-python =+ "bash python python-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}" RDEPENDS_${PN}-perl =+ "bash perl perl-modules" RDEPENDS_${PN}-tests =+ "python" diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 0000000000..7564d92879 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch @@ -0,0 +1,33 @@ +From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Wed, 9 May 2018 14:56:59 -0700 +Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. + +CVE: CVE-2017-14160 +CVE: CVE-2018-10393 +Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 + +Signed-off-by: Thomas Daede <daede003@umn.edu> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/psy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +-- +2.7.4 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch new file mode 100644 index 0000000000..f1ef6fb9c7 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,29 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. +CVE: CVE-2018-10392 +Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b] + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +2.13.3 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 20f887c252..615b53963b 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -9,12 +9,15 @@ LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \ file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb" DEPENDS = "libogg" +PR = "r1" SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://0001-configure-Check-for-clang.patch \ file://CVE-2017-14633.patch \ file://CVE-2017-14632.patch \ file://CVE-2018-5146.patch \ + file://CVE-2017-14160.patch \ + file://CVE-2018-10392.patch \ " SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch index 5a178e2ef1..19c524b0ac 100644 --- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch +++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch @@ -3,7 +3,7 @@ The terms `FAIL` instead of `FAILED` and `SKIP` instead of `SKIPPED` match what Automake does Upstream-Status: Accepted -[ https://git.gnome.org/browse/gnome-desktop-testing/commit/?id=048850731a640532ef55a61df7357fcc6d2ad501 ] +[ https://gitlab.gnome.org/GNOME/gnome-desktop-testing/commit/048850731a640532ef55a61df7357fcc6d2ad501 ] Signed-off-by: Maxin B. John <maxin.john@intel.com> --- diff --git a/scripts/contrib/python/generate-manifest-3.5.py b/scripts/contrib/python/generate-manifest-3.5.py index 6352f8f120..750d4fc754 100755 --- a/scripts/contrib/python/generate-manifest-3.5.py +++ b/scripts/contrib/python/generate-manifest-3.5.py @@ -371,7 +371,7 @@ if __name__ == "__main__": "lib-dynload/readline.*.so rlcompleter.*" ) m.addPackage( "${PN}-reprlib", "Python alternate repr() implementation", "${PN}-core", - "reprlib.py" ) + "reprlib.*" ) m.addPackage( "${PN}-resource", "Python resource control interface", "${PN}-core", "lib-dynload/resource.*.so" ) diff --git a/scripts/lib/devtool/sdk.py b/scripts/lib/devtool/sdk.py index f46577c2ab..4616753797 100644 --- a/scripts/lib/devtool/sdk.py +++ b/scripts/lib/devtool/sdk.py @@ -145,6 +145,9 @@ def sdk_update(args, config, basepath, workspace): # Fetch manifest from server tmpmanifest = os.path.join(tmpsdk_dir, 'conf', 'sdk-conf-manifest') ret = subprocess.call("wget -q -O %s %s/conf/sdk-conf-manifest" % (tmpmanifest, updateserver), shell=True) + if ret != 0: + logger.error("Cannot dowload files from %s" % updateserver) + return ret changedfiles = check_manifest(tmpmanifest, basepath) if not changedfiles: logger.info("Already up-to-date") diff --git a/scripts/lib/wic/filemap.py b/scripts/lib/wic/filemap.py index 77e32b9add..a72fa09ef5 100644 --- a/scripts/lib/wic/filemap.py +++ b/scripts/lib/wic/filemap.py @@ -37,7 +37,15 @@ def get_block_size(file_obj): # Get the block size of the host file-system for the image file by calling # the FIGETBSZ ioctl (number 2). binary_data = fcntl.ioctl(file_obj, 2, struct.pack('I', 0)) - return struct.unpack('I', binary_data)[0] + bsize = struct.unpack('I', binary_data)[0] + if not bsize: + import os + stat = os.fstat(file_obj.fileno()) + if hasattr(stat, 'st_blksize'): + bsize = stat.st_blksize + else: + raise IOError("Unable to determine block size") + return bsize class ErrorNotSupp(Exception): """ diff --git a/scripts/multilib_header_wrapper.h b/scripts/multilib_header_wrapper.h index f516673b63..9660225fdd 100644 --- a/scripts/multilib_header_wrapper.h +++ b/scripts/multilib_header_wrapper.h @@ -22,7 +22,9 @@ */ -#if defined (__arm__) +#if defined (__bpf__) +#define __MHWORDSIZE 64 +#elif defined (__arm__) #define __MHWORDSIZE 32 #elif defined (__aarch64__) && defined ( __LP64__) #define __MHWORDSIZE 64 |