mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 20:23:04 +01:00
1e47fd8e44
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] (From OE-Core rev: 15635eb807ea1cbf0fd04e0cbe9cf169df107a05) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
42 lines
2.0 KiB
PHP
42 lines
2.0 KiB
PHP
LIC_FILES_CHKSUM="\
|
|
file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552\
|
|
file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674\
|
|
file://COPYING3;md5=d32239bcb673463ab874e80d47fae504\
|
|
file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6\
|
|
file://gas/COPYING;md5=d32239bcb673463ab874e80d47fae504\
|
|
file://include/COPYING;md5=59530bdf33659b29e73d4adb9f9f6552\
|
|
file://include/COPYING3;md5=d32239bcb673463ab874e80d47fae504\
|
|
file://libiberty/COPYING.LIB;md5=a916467b91076e631dd8edb7424769c7\
|
|
file://bfd/COPYING;md5=d32239bcb673463ab874e80d47fae504\
|
|
"
|
|
|
|
# When upgrading to 2.42, please make sure there is no trailing .0, so
|
|
# that upstream version check can work correctly.
|
|
PV = "2.42"
|
|
CVE_VERSION = "2.42"
|
|
SRCBRANCH ?= "binutils-2_42-branch"
|
|
|
|
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
|
|
|
|
CVE_STATUS[CVE-2023-25584] = "cpe-incorrect: Applies only for version 2.40 and earlier"
|
|
|
|
SRCREV ?= "09ba78f051319e8f8861b26fb9340e21ca973c70"
|
|
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
|
|
SRC_URI = "\
|
|
${BINUTILS_GIT_URI} \
|
|
file://0004-Point-scripts-location-to-libdir.patch \
|
|
file://0005-don-t-let-the-distro-compiler-point-to-the-wrong-ins.patch \
|
|
file://0006-warn-for-uses-of-system-directories-when-cross-linki.patch \
|
|
file://0007-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
|
|
file://0008-Use-libtool-2.4.patch \
|
|
file://0009-Fix-rpath-in-libtool-when-sysroot-is-enabled.patch \
|
|
file://0010-sync-with-OE-libtool-changes.patch \
|
|
file://0011-Check-for-clang-before-checking-gcc-version.patch \
|
|
file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
|
|
file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
|
|
file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
|
|
file://0015-gprofng-change-use-of-bignum-to-bigint.patch \
|
|
file://0016-CVE-2024-53589.patch \
|
|
"
|
|
S = "${WORKDIR}/git"
|