Source: binutils-gdb.git
MR: 73971
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: fe0e1d0f234ed157135818c24f4270c34e093828
Description:
Fix potential address violations when processing a corrupt Alpha VMA binary.
PR binutils/21589
* vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
maximum value for the ascic pointer. Check that name processing
does not read beyond this value.
(_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
end of etir record.
Affects: <= 2.28
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: ea89dfe868085b463dfc24df78b49d1703989484)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74127
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54
Description:
Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.
PR binutils/21438
* dwarf.c (process_extended_line_op): Do not assume that the
string extracted from the section is NUL terminated.
(fetch_indirect_string): If the string retrieved from the section
is not NUL terminated, return an error message.
(fetch_indirect_line_string): Likewise.
(fetch_indexed_string): Likewise.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: 1e19e656a97caf61f26ab4f52339b9413d3bb29f)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74140
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 5f6dd48c427de8663c5a80af6db44ce5c579d42c
Description:
Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
PR 21440
* objdump.c (dump_relocs_in_section): Check for an excessive
number of relocs before attempting to dump them.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: 09c642a70e2a12dcc01ffe45c333011a142c02a7)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74179
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 976156cd25454143883090ca42010c38c6d6af0f
Description:
PR 21412, get_reloc_section assumes .rel/.rela name for SHT_REL/RELA.
This patch fixes an assumption made by code that runs for objcopy and
strip, that SHT_REL/SHR_RELA sections are always named starting with a
.rel/.rela prefix. I'm also modifying the interface for
elf_backend_get_reloc_section, so any backend function just needs to
handle name mapping.
Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: 24124406a2a1657b80ba2933bef40ccf798c8097)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74296
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: d2cf3ab15c89351c941c92e4cdf28c2bfa9dcda8
Description:
Fix seg-fault running addr2line on a corrupt binary.
PR binutils/20891
* aoutx.h (find_nearest_line): Handle the case where the main file
name and the directory name are both empty.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: ba01ee6899c8d36e6469f6d02d40866fb0502af9)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73854, 73827, 73814, 73801, 73775
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: fb23096307f9903872a04edf171d1fd2099e35c5
Description:
Fix address violation errors parsing corrupt binary files.
PR 21813
binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
string whilst concatenating symbol names.
bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address
of the relocs to the canonicalize_one_reloc routine.
* mach-o.h (struct bfd_mach_o_backend_data): Update the prototype
for the _bfd_mach_o_canonicalize_one_reloc field.
* mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add
res_base parameter. Use to check for corrupt pair relocs.
* mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc):
Likewise.
* mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc):
Likewise.
* mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc):
Likewise.
* vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is
enough data in the record before attempting to parse it.
(_bfd_vms_slurp_eeom): Likewise.
(_bfd_vms_slurp_egsd): Check for an invalid section index.
(image_set_ptr): Likewise.
(alpha_vms_slurp_relocs): Likewise.
Affects: <= 2.29
(From OE-Core rev: 2cc3922462c9dd86f50a419a2a4abb0f3b5b4745)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: git://sourceware.org/git/binutils-gdb.git
MR: 73880
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 6ef7c8e941d7a1c069b29e4671178c0d02427e3f
Description:
Fix use-after-free error when parsing a corrupt nested archive.
PR 21787
* archive.c (bfd_generic_archive_p): If the bfd does not have the
correct magic bytes at the start, set the error to wrong format
and clear the format selector before returning NULL.
Affects: <= 2.29
(From OE-Core rev: 996e7af41b48107bab5eca0ea26f507541382bd5)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For various reasons we need to be able to set and override this from
auto.conf on our test infrastructure. We have tried forcing the variable
but this then breaks other selftests. In the interests of not complicating
things further and needing to modify the tests across releases, weaken
the default assignment.
(From meta-yocto rev: 19d23e22922c2536e207e1f577f508f510c85b59)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a superfluous section in toaster start/stop script that was
setting the TOASTER_DIR and had a set of comments around that setting.
This was done in two places and only the last one was effective. This
patch removes the spurious section to make it clearer what was
happening and what TOASTER_DIR was actually getting set to.
(Bitbake rev: aeed732ff6e8c1009c5efad3aadbbd3b0bbaeea7)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The toaster.sqlite database was located in TOASTER_DIR/build. This
meant that if you named your build directory something else (like cow),
Toaster would fail to make/find the database. TOASTER_DIR is on the
whitelist unlike BUILDDIR and we need to be able to write there anyway
given our current layout so this should not disrupt anything.
[YOCTO #9992]
(Bitbake rev: 32b13d52ae37be343962cc1cf504f3d569fb1153)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some of the tinfoil2 changes resulted in TOASTER_DIR being cleared by
the memory resident bitbake server toaster starts up. This prevented
toaster from being able to connect to its sqlite database. Adding
TOASTER_DIR to the BB_ENV_EXTRAWHITE list stops the cooker from clearing
out the TOASTER_DIR variable.
[YOCTO #9252]
(Bitbake rev: 30da2715cd6a114faf99b09c74e73c5d84767b91)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When the fetcher retrieves file:// URLs, there is no lock file being
used. This means that in case two separate tasks (typically from two
concurrent invocations of bitbake) want to download the same file://
URL at the same time, there is a very small chance that they also end
up wanting to create a symbolic link to the file at the same time.
This would previously lead to one of the tasks failing as the other
task would have created the link.
(Bitbake rev: 5f5e13bacde95a93633f621ec6b94a022c476a58)
Signed-off-by: Peter Kjellerstedt <pkj@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The data we read from an HTTPConnection comes in the form of bytes, but
we need it as a string, so in Python 3 we need to decode it (missed in
the Python 3 migration).
(Bitbake rev: e75c68819086788bac1c4ca8a35aebeaf604e624)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For uninative to work, it relies on it being updated to new versions as
newer glibcs are built. This means the uninative generated by the current
build may not be as recent as the uninative that is being downloaded by
uninative.bbclass.
If this occurs, we can get symbol mismatch errors.
Ultimately, the sstate and the uninative versions need to match so we
should use the same tarball as uninative.bbclass is using, not the one
we built.
[YOCTO #12405]
(From OE-Core rev: 1e6beee55d2bbe40de54c09f7a48fcb1240a426e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We've been seeing hangs in smart on the autobuilders where it hangs in
pthread futex calls. It appears to happen when some components are
installed from sstate (which use the interpreter from uninative)
and other components are built natively (and use the host's interpreter).
Its primarily affecting software which uses shared memory with futexs in
for locking purposes (which bdb does called from librpm from smart).
This isn't an issue in pyro and rocko and beyond since they use recipe
specific sysroots which included a change to always change to the
uninative interpreter. We could backport those changes but they're
fairly invasive changes to the sstate code. This patch is a more
minimal change which ensures binaries are always using the uninative
interpreter regardless of whether they're built locally or installed
from sstate.
This is only an issue if you're using an sstate mirror and hosts
with a variety of different libc versions. It has only become an issue
on recent libc versions where there was clearly some forwards compatibility
issue introduced.
(From OE-Core rev: 6b149a88cd33c65c7f306f785f4d24ee2909809c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gnu-efi needs to be build for 64bit since it is a boot time tool. It
needs these 2 headers to be in 64 bit versions, we can use the existing
32bit ones as there is not really any difference.
[YOCTO #11051]
(From OE-Core rev: 3398552663e1e18aaf352d682a77a8ad3af94e5a)
(From OE-Core rev: 7dcf05c29da3faac5ed8129a2b9cc6b00129fb07)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
