[pyro][PATCH 04/26] binutls: Secuirty fix CVE-2017-8394

[Armin Kuster <akuster808@gmail.com>]

Affects: <= 2.28

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta/recipes-devtools/binutils/binutils-2.28.inc   |   1 +
 .../binutils/binutils/CVE-2017-8394.patch          | 118 +++++++++++++++++++++
 2 files changed, 119 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 53299fa..8334a4c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
      file://CVE-2017-7223.patch \
      file://CVE-2017-7614.patch \
      file://CVE-2017-8393.patch \
+     file://CVE-2017-8394.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 0000000..e6c6b17
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,118 @@
+From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 23 Apr 2017 15:21:11 +0930
+Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section
+ sym
+
+	PR 21414
+	* section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+	* elf.c (lcomm_sym): New.
+	(_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+	* bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8394
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/bfd-in2.h | 12 ++++++++++++
+ bfd/elf.c     |  6 ++++--
+ bfd/section.c | 24 ++++++++++++------------
+ 4 files changed, 36 insertions(+), 14 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
++++ git/bfd/bfd-in2.h
+@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
+      { NULL }, { NULL }                                                \
+     }
+ 
++/* We use a macro to initialize the static asymbol structures because
++   traditional C does not permit us to initialize a union member while
++   gcc warns if we don't initialize it.
++   the_bfd, name, value, attr, section [, udata]  */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+ 
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd
+ 
+ /* It is only used by x86-64 so far.
+    ??? This repeats *COM* id of zero.  sec->id is supposed to be unique,
+-   but current usage would allow all of _bfd_std_section to be zero.  t*/
++   but current usage would allow all of _bfd_std_section to be zero.  */
++static const asymbol lcomm_sym
++  = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+-  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++  = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
+ 		      "LARGE_COMMON", 0, SEC_IS_COMMON);
+ 
+ void
+Index: git/bfd/section.c
+===================================================================
+--- git.orig/bfd/section.c
++++ git/bfd/section.c
+@@ -738,20 +738,20 @@ CODE_FRAGMENT
+ .     { NULL }, { NULL }						\
+ .    }
+ .
++.{* We use a macro to initialize the static asymbol structures because
++.   traditional C does not permit us to initialize a union member while
++.   gcc warns if we don't initialize it.
++.   the_bfd, name, value, attr, section [, udata]  *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++.  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+ 
+-/* We use a macro to initialize the static asymbol structures because
+-   traditional C does not permit us to initialize a union member while
+-   gcc warns if we don't initialize it.  */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+-  { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD.  Therefore, anything
+    that tries to change them is broken, and should be repaired.  */
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,12 @@
++
+ 2017-04-23  Alan Modra  <amodra@gmail.com>
++       PR 21414
++       * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
++       * elf.c (lcomm_sym): New.
++       (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
++       * bfd-in2.h: Regenerate.
++
+++2017-04-23  Alan Modra  <amodra@gmail.com>
+  
+        PR 21412
+        * elf-bfd.h (struct elf_backend_data <get_reloc_section>): Change
-- 
2.7.4