On Tue, Dec 27, 2022 at 8:11 AM Randy MacLeod <[email protected]> wrote: > > On 2022-12-27 11:42, Yash Shinde via lists.openembedded.org wrote: > > From: Yash Shinde <[email protected]> > > Yash, > > I know you have a problem with sending email from your WR account so > I suspect that you're trying to ensure that the patch is authored by > your WR email. > > Don't bother, we'll get your email fixed early in 2023. > > Steve, > > I'd drop this version of the CVE fix an take the one sent 10 minutes > earlier.
Done, and I manually changed Yash's email address to the windriver.com one. Steve > Yash, > As I explained offline, you need to tell people why you are sending a > duplicate fix. > In this case if you wanted the new version to be merged (we don't!), > then you should > have replied on the old version to explain that it should not be merged > and explain > why. > > ../Randy > > > > > > Upstream-Status: Backport > > [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > > > Signed-off-by: Yash Shinde <[email protected]> > > --- > > .../binutils/binutils-2.38.inc | 1 + > > .../binutils/0019-CVE-2022-4285.patch | 37 +++++++++++++++++++ > > 2 files changed, 38 insertions(+) > > create mode 100644 > > meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc > > b/meta/recipes-devtools/binutils/binutils-2.38.inc > > index c1904768dc..0a4a0d7bc1 100644 > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc > > @@ -42,5 +42,6 @@ SRC_URI = "\ > > file://0018-CVE-2022-38128-1.patch \ > > file://0018-CVE-2022-38128-2.patch \ > > file://0018-CVE-2022-38128-3.patch \ > > + file://0019-CVE-2022-4285.patch \ > > " > > S = "${WORKDIR}/git" > > diff --git > > a/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > new file mode 100644 > > index 0000000000..e5e404982e > > --- /dev/null > > +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch > > @@ -0,0 +1,37 @@ > > +From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 > > +From: Nick Clifton <[email protected]> > > +Date: Wed, 19 Oct 2022 15:09:12 +0100 > > +Subject: [PATCH] Fix an illegal memory access when parsing an ELF file > > + containing corrupt symbol version information. > > + > > + PR 29699 > > + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field > > + of the section header is zero. > > + > > +Upstream-Status: Backport > > [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] > > +CVE: CVE-2022-4285 > > + > > +Signed-off-by: Yash Shinde <[email protected]> > > +--- > > + bfd/ChangeLog | 6 ++++++ > > + bfd/elf.c | 4 +++- > > + 2 files changed, 9 insertions(+), 1 deletion(-) > > + > > +diff --git a/bfd/elf.c b/bfd/elf.c > > +index fe00e0f9189..7cd7febcf95 100644 > > +--- a/bfd/elf.c > > ++++ b/bfd/elf.c > > +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool > > default_imported_symver) > > + bfd_set_error (bfd_error_file_too_big); > > + goto error_return_verref; > > + } > > +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc > > (abfd, amt); > > ++ if (amt == 0) > > ++ goto error_return_verref; > > ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc > > (abfd, amt); > > + if (elf_tdata (abfd)->verref == NULL) > > + goto error_return_verref; > > + > > +-- > > +2.31.1 > > + > > > > > > > > > > > > -- > # Randy MacLeod > # Wind River Linux >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#175067): https://lists.openembedded.org/g/openembedded-core/message/175067 Mute This Topic: https://lists.openembedded.org/mt/95905716/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
