On 2024-01-09 6:17 a.m., sanjana.venkat...@windriver.com wrote:
From: Sanjana<sanjana.venkat...@windriver.com>
Issue: LIN1022-4855
Signed-off-by: Sanjana<sanjana.venkat...@windriver.com>
---
meta/recipes-devtools/gdb/gdb.inc | 1 +
.../gdb/gdb/0013-CVE-2023-39130.patch | 326 ++++++++++++++++++
2 files changed, 327 insertions(+)
create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
diff --git a/meta/recipes-devtools/gdb/gdb.inc
b/meta/recipes-devtools/gdb/gdb.inc
index 099bd2d8f5..62b813d5cb 100644
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -15,5 +15,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
file://0009-Fix-invalid-sigprocmask-call.patch \
file://0010-gdbserver-ctrl-c-handling.patch \
file://0011-CVE-2023-39128.patch \
+file://0013-CVE-2023-39130.patch \
"
SRC_URI[sha256sum] =
"1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"
diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
new file mode 100644
index 0000000000..c659f8a08c
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch
@@ -0,0 +1,326 @@
+From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001
+From: Alan Modra<amo...@gmail.com>
+Date: Wed, 9 Aug 2023 09:58:36 +0930
+Subject: [PATCH] gdb: warn unused result for bfd IO functions
+
+This fixes the compilation warnings introduced by my bfdio.c patch.
+
+The removed bfd_seeks in coff_symfile_read date back to 1994, commit
+7f4c859520, prior to which the file used stdio rather than bfd to read
+symbols. Since it now uses bfd to read the file there should be no
+need to synchronise to bfd's idea of the file position. I also fixed
+a potential uninitialised memory access.
+
+Approved-By: Andrew Burgess<aburg...@redhat.com>
+
+Upstream-Status: Backport from
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80]
+CVE: CVE-2023-39130
+Signed-off-by: Sanjana Venkatesh<sanjana.venkat...@windriver.com>
Hi Sanjana,
I was looking in the gdb git repo to see if you had to adjust the commit
at all
since it's a fairly large patch. It seems you didn't change anything
which is good!
but...
I think you need this follow-up commit:
commit ec2479e820c32ef443382a622a1d555a71730f64
Author: Alan Modra <amo...@gmail.com>
Date: Sat Aug 12 19:26:12 2023
Re: gdb: warn unused result for bfd IO functions
Add a missing return statement.
It would be nice to be able to test that these toolchain changes don't
cause any regressions.
The code here is only "Used as a last resort if no debugging symbols
recognized." so that's a bit of a challenge. What runtime testing, if
any, did you do so far? Do you know or can you easily determine if any
of the tests in gdb cover the code that changed here?
It looks like Steve already has your patch in his queue so unless he
says otherwise, just send a commit to add the patch above.
../Randy
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193532):
https://lists.openembedded.org/g/openembedded-core/message/193532
Mute This Topic: https://lists.openembedded.org/mt/103617733/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
