mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 18:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
69,254 Commits 38 Branches 623 Tags
71966f1badb103c7caeed5c3face2c89d1afe8b3
Commit Graph

158 Commits

Author SHA1 Message Date
Yash Shinde
df858d86ed binutils: fix CVE-2025-11840 
CVE-2025-11840

PR 33455
[BUG] A SEGV in vfinfo at ldmisc.c:527
A reloc howto set up with EMPTY_HOWTO has a NULL name.  More than one
place emitting diagnostics assumes a reloc howto won't have a NULL
name.

https://sourceware.org/bugzilla/show_bug.cgi?id=33455

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f6b0f53a36820da91eadfa9f466c22f92e4256e0]

(From OE-Core rev: 85e62aad46eb096cf92907288a3eb1b6f76072c4)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-12-31 07:24:54 -08:00
Yash Shinde
c1f7fcc84f binutils: fix CVE-2025-11839 
CVE-2025-11839

PR 33448
[BUG] Aborted in tg_tag_type at prdbg.c:2452
Remove call to abort in the DGB debug format printing code, thus allowing
the display of a fuzzed input file to complete without triggering an abort.

https://sourceware.org/bugzilla/show_bug.cgi?id=33448

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]

(From OE-Core rev: d99979ea5fa475a59d3c21859d3bbbd81e0cdba4)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-12-31 07:24:54 -08:00
Deepesh Varatharajan
0183740845 binutils: Fix CVE-2025-11494 
Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep
_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output
.eh_frame section is non-empty.

Backport a patch from upstream to fix CVE-2025-11494
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a]

(From OE-Core rev: aa67c21a07dc180a0582be46e239dafd40017ba0)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-12-31 07:24:53 -08:00
Peter Marko
484d31c23d binutils: patch CVE-2025-11413 
Pick commit per NVD CVE report.

Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1108620d7a521f1c85d2f629031ce0fbae14e331
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0

(From OE-Core rev: 98df728e6136d04af0f4922b7ffbeffb704de395)

(From OE-Core rev: 8d1a830c713a299f67fc512ed8bc0be21be4b9f0)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-11-06 07:14:05 -08:00
Peter Marko
aaf9219788 binutils: patch CVE-2025-11412 
Pick commit per NVD CVE report.

(From OE-Core rev: 6b94ff6c584a31d2b1e06d1e1dc19392d759b4b7)

(From OE-Core rev: 9130f3471f4814979cfdfa66ca118929f240cb30)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-11-06 07:14:05 -08:00
Yash Shinde
d0f445a1e2 binutils: fix CVE-2025-8225 
CVE: CVE-2025-8225

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

* dwarf.c (process_debug_info): Don't test num_debug_info_entries
to determine whether debug_information has been allocated,
test alloc_num_debug_info_entries.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]

(From OE-Core rev: 9b5bb098b542a43a7aa97cc376c358f0a38778e3)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-10-31 06:23:13 -07:00
Yash Shinde
0118bd1e10 binutils: fix CVE-2025-11081 
CVE: CVE-2025-11081

Trying to dump .sframe in a PE file results in a segfault accessing
elf_section_data.

	* objdump (dump_sframe_section, dump_dwarf_section): Don't access
	elf_section_type without first checking the file is ELF.

PR 33406 SEGV in dump_dwarf_section
[https://sourceware.org/bugzilla/show_bug.cgi?id=33406]

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b]

(From OE-Core rev: a7d39d40ec867bbcc36d71cf98858a34c619c9fe)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-10-31 06:23:13 -07:00
Peter Marko
f245c680a8 binutils: patch CVE-2025-11083 
Pick patch per link in NVD report.

(From OE-Core rev: 99879f41af7272e597c9a8c4c0260d1b690f9051)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-10-17 07:27:24 -07:00
Peter Marko
2325a1dbc5 binutils: patch CVE-2025-11082 
Pick patch per link in NVD report.

(From OE-Core rev: cdc458b5dd21614058aac56de68a272201283141)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-10-17 07:27:24 -07:00
Deepesh Varatharajan
31dd8d47a6 binutils: Fix CVE-2025-7545 
objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.

Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]

(From OE-Core rev: 4f461ed46b7694fc4815c7f0504b9cefe5da8e19)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-08-04 06:40:00 -07:00
Yash Shinde
47c3b0bc3f binutils: Fix CVE-2025-7546 
Report corrupted group section instead of trying to recover.

CVE: CVE-2025-7546
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
PR  33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050]

(From OE-Core rev: 5860b954681c37ac6685631cce439fd349093689)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-07-30 07:47:48 -07:00
Deepesh Varatharajan
c6848d874c binutils: Fix CVE-2025-5244 & CVE-2025-5245 
PR32858 ld segfault on fuzzed object
We missed one place where it is necessary to check for empty groups.

PR32829, SEGV on objdump function debug_type_samep
u.kenum is always non-NULL, see debug_make_enum_type.

Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
&& [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]

(From OE-Core rev: 7eb29f802b272dec19c5bfdce93155d99bac918d)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-06-13 08:42:35 -07:00
Harish Sadineni
775ca31829 binutils: add CVE-2025-1182 patch file to SRC_URI 
Forgot to add CVE-2025-1182 patch file to SRC_URI in the following commit
https://lists.openembedded.org/g/openembedded-core/message/217350

After rebasing the CVE-2025-1180.patch, we encountered hunk errors while applying the
CVE-2025-1182.patch, so I have modified the patch accordingly.

(From OE-Core rev: 131f93b8efcddac984965a250b5391c43ca54ac8)

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-06-13 08:42:35 -07:00
Harish Sadineni
6fceeca067 binutils: fix CVE-2025-1180 
Backporting the fix from PR 32636 to fix PR 32642 (ld SEGV (illegal read access)
in _bfd_elf_write_section_eh_frame (bfd/elf-eh-frame.c:2234:29) with
 --gc-sections --gc-keep-exported option)

https://nvd.nist.gov/vuln/detail/CVE-2025-1180 is associated with
PR32642 which will get fixed with commit from PR 32636.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=f9978defb6fab0bd8583942d97c112b0932ac814]
CVE: CVE-2025-1180

(From OE-Core rev: 8178f44f18777b2c8acc0afb9fd43921a9a8e76e)

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-06-04 09:06:31 -07:00
Harish Sadineni
94dea33c75 binutils: Fix CVE-2025-1182 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
CVE: CVE-2025-1182

(From OE-Core rev: bbfdd5c44a5629b9158b418b5335ec4f1567b3f9)

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-06-04 09:06:31 -07:00
Deepesh Varatharajan
520ba611e6 binutils: Fix CVE-2025-1178 
Prevent an abort in the bfd linker when attempting to
generate dynamic relocs for a corrupt input file.

PR 32638

Backport a patch from upstream to fix CVE-2025-1178
Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]

(From OE-Core rev: e820e5364c4b3ec52796a77842b480fea8bc7967)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-05-02 08:12:41 -07:00
Deepesh Varatharajan
e9f1ad6922 binutils: Fix CVE-2025-0840 
PR32560 stack-buffer-overflow at objdump disassemble_bytes

Backport a patch from upstream to fix CVE-2025-0840
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893]

(From OE-Core rev: e12ee4b1713aa25465aa3f866d345d84e9eb948a)

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-03-13 08:50:03 -07:00
Yash Shinde
7e19a67813 binutils: internal gdb: Fix CVE-2024-53589 
CVE: CVE-2024-53589

(From OE-Core rev: 2d6df18f4a694d6499b337bbbab10ba8bb6e3fe4)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-02-05 06:54:35 -08:00
Vijay Anusuri
8d93dec85f binutils: Rename CVE-2022-38126 patch to CVE-2022-35205 
CVE-2022-38126 has been marked "REJECT" in the CVE List by NVD.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-38126

As commit changes in 0016-CVE-2022-38126.patch fixes CVE-2022-35205.
Hence renamed the patch.

Link: https://ubuntu.com/security/CVE-2022-35205

(From OE-Core rev: d91af23e4fef0f1999c18fc3a43085b70e98dfd5)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-05-29 05:24:08 -07:00
Deepthi Hemraj
698ba6a8ed binutils: internal gdb: Fix CVE-2023-39130 
CVE: CVE-2023-39130
(From OE-Core rev: 97b5bf2505d68bea6d1c2a66318cfbc51335463a)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-02-09 03:46:50 -10:00
Deepthi Hemraj
1398a0e07f binutils: internal gdb: Fix CVE-2023-39129 
CVE: CVE-2023-39129
(From OE-Core rev: fd3f20e1e8bcd63b75e8800fe60d6194a4fd6bd4)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-02-09 03:46:50 -10:00
Deepthi Hemraj
c771630e99 binutils: Fix CVE-2022-48064 
(From OE-Core rev: 88cbf5eb4a075e677b1f9e6444ec6378a5949978)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-11-28 05:00:32 -10:00
Deepthi Hemraj
39aa7af59b binutils: Fix CVE-2022-47007 
(From OE-Core rev: 03e6ea59d82e613ba3b5d388fa87317cef982f2b)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-11-28 05:00:32 -10:00
Sanjana
f9a95adda5 binutils: Fix CVE-2022-47010 
(From OE-Core rev: 3fd5701a861aa263ad1d912bfd44d4d5826d11a1)

Signed-off-by: Sanjana <Sanjana.Venkatesh@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-11-14 06:49:11 -10:00
Armin Kuster
f550a63161 binutils: CVE-2022-48063 
Source: Binutils
MR: 128800
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
ChangeID: ab04e4ec62d054c90d94f82230adb2342ce1ee1b
Description:

Affects binutils < 2.40

(From OE-Core rev: 80a8d16a4038868469b4583404b6f73e12bae0f1)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:36 -10:00
Deepthi Hemraj
8391218990 binutils: Fix CVE-2022-47011 
(From OE-Core rev: 5ff2e3c880705c2e920a4a61a5165810fadd7b84)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:35 -10:00
Deepthi Hemraj
bdcc4c9909 binutils: Fix CVE-2022-47008 
(From OE-Core rev: 3a299d1610bf085790017569de090b0a41cf809b)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:35 -10:00
Chaitanya Vadrevu
4b721dc5c8 binutils: Mark CVE-2022-47696 as patched 
(From OE-Core rev: bc480221d8091be460a1b8c4d023b9841e1df3c2)

Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:35 -10:00
Chaitanya Vadrevu
455b08d0a9 binutils: Mark CVE-2022-47673 as patched 
(From OE-Core rev: 96fe4b522a35f75a7d2b597d7e650dfc7ae82e27)

Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:35 -10:00
Chaitanya Vadrevu
4537f28311 binutils: Fix CVE-2022-47695 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]

(From OE-Core rev: 4d4732c2e295fea610d266fa12bae3cc01f93dfa)

Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-21 05:21:35 -10:00
Yash Shinde
e77b551dbf binutils: Fix CVE-2022-45703 
(From OE-Core rev: b2fa5b29462a16b238f8a6a40886b45aa483e963)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-18 05:13:24 -10:00
Yash Shinde
600b508c37 binutils: Fix CVE-2022-44840 
(From OE-Core rev: 7a42ae332ebde565cc7c6fca568563f076bd26ba)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-10-18 05:13:24 -10:00
Sanjana
2a7595f1c1 binutils: Fix CVE-2022-48065 
(From OE-Core rev: 860ecdbbf5cfd8737c914522af16dbc8bee0f72f)

Signed-off-by: Sanjana <sanjanasanju1608@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-09-23 05:26:15 -10:00
Deepthi Hemraj
8876f53021 binutils : Fix CVE-2023-25588 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]

(From OE-Core rev: fd0d01aca6f2aea51e9704e0ba48dc35dfd87b81)

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-10 04:19:56 -10:00
Deepthi Hemraj
2396bda079 binutils : Fix CVE-2023-1972 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]

(From OE-Core rev: d46891efa23932a048f7cc4d82c6387e03262f76)

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-10 04:19:56 -10:00
Deepthi Hemraj
2d215bee87 binutils : Fix CVE-2023-25585 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]

(From OE-Core rev: 033db4876844b17de7673970860eb155d15c56e7)

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-10 04:19:56 -10:00
Deepthi Hemraj
614a9a6f9f binutils : Fix CVE-2023-25584 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44]

(From OE-Core rev: 27278ebd5d102ce5a9d45f94a93932065025657b)

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-10 04:19:56 -10:00
Yash Shinde
dea0c1e1f5 binutils : Fix CVE-2023-1579 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd]

(From OE-Core rev: d478e7ea0bb897e13d86c476966924ef9927f11a)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-04-19 04:44:59 -10:00
Richard Purdie
8a01eae89e binutils: Fix nativesdk ld.so search 
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.

(From OE-Core rev: 47528fa2aa590b3e04e4cc2b66704143419a92d1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2023-03-20 17:20:44 +00:00
Yash Shinde
6a1554f16d binutils : Fix CVE-2023-22608 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09]

(From OE-Core rev: 3dd27bbe8c19aa358916de940453de81d3831510)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2023-03-09 13:19:02 +00:00
Yash.Shinde@windriver.com
47edd3bbdd binutils : Fix CVE-2022-4285 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]

(From OE-Core rev: 1f269e532a8fd463de2869be2768feb79ad36bd7)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2023-01-06 17:33:23 +00:00
pgowda
1b2fb9a1a5 binutils : Fix CVE-2022-38128 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f07c08e115e27cddf5a0030dc6332bbee1bd9c6a]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=175b91507b83ad42607d2f6dadaf55b7b511bdbe]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff]

(From OE-Core rev: 21fb0b441096ec8b5cfa1d5b645f9a3a2ace1e09)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-10-20 15:36:01 +01:00
pgowda
401ced2671 binutils : Fix CVE-2022-38127 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199]
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed]

(From OE-Core rev: e384b754eb0223928c239db42ece93c06dce6daa)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-10-11 21:56:13 +01:00
pgowda
7935b3f5a1 binutils: fix CVE-2022-38126 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5]

(From OE-Core rev: 1c3eaf29fc21579a8e4aa8ab6c356d773f8a38f5)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-28 08:02:10 +01:00
pgowda
72aa63fcf5 binutils : CVE-2022-38533 
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

(From OE-Core rev: 9644d9a38dac8d2c0263f4e8a67624da7a8bc55b)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:47 +01:00
Pgowda
2a59abcb90 binutils : CVE-2019-1010204 
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d]

(From OE-Core rev: 4bc6bb36dba96a534998928959acf637f9360775)

Signed-off-by: Pgowda <pgowda.cve@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0c55355a83130c2c0a59e9fb94f8914499943dd4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-07-08 08:27:15 +01:00
Pgowda
967ff0e2af binutils: Avoid Race condition in as.info 
The race condition in binutils/gas folder was introduced with the
following patch. The patch avoids recursive make into the doc folder.
It would speed up the build process slightly. However, the as.info
is installed twice which resulted in the race condition sometimes.
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bde299e063de090bf36c1fe51874d1e9f4d94c3c

On debugging the code, it was found that the issue was related to
install-data-local. On further analysis, there is already a patch in
binutils that removes install-data-local.
On applying the patch as.info is installed once as expected and there’s
no possibility of any race condition.
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=9a84a44d5df4618dd616137fa755bd71b7eacc5f

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=9a84a44d5df4618dd616137fa755bd71b7eacc5f]

[YOCTO #14725]

(From OE-Core rev: c08a245990eb46906476dc0f6ade0482c7be241d)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-03-04 17:14:15 +00:00
Khem Raj
6957ff06a0 binutils: Upgrade to 2.38 release 
Release Notes are here [1]

[1] https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00009.html

(From OE-Core rev: 77a1038828e638518dceda969da0817aa13eb5d3)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-16 09:46:28 +00:00
Richard Purdie
1dfa8537a3 binutils: Add fix for CVE-2021-45078 
Backport a fix for CVE-2021-45078.

(From OE-Core rev: f3128fd1b2e5cbf3683dc69eabc56fbc0bd0e7d5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-07 10:08:59 +00:00
pgowda
3cb504ceba binutils: CVE-2021-42574 
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5]

[RP: Merge uint -> unsigned int change]
(From OE-Core rev: fa242a41f3436f1d73eabee335573c1801bf7888)

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-12-22 23:11:45 +00:00