On Wed, Jan 10, 2024, 2:56 PM Randy MacLeod <[email protected]> wrote:
> On 2024-01-09 6:17 a.m., [email protected] wrote: > > From: Sanjana <[email protected]> > <[email protected]> > > Issue: LIN1022-4855 > > Signed-off-by: Sanjana <[email protected]> > <[email protected]> > --- > meta/recipes-devtools/gdb/gdb.inc | 1 + > .../gdb/gdb/0013-CVE-2023-39130.patch | 326 ++++++++++++++++++ > 2 files changed, 327 insertions(+) > create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > > diff --git a/meta/recipes-devtools/gdb/gdb.inc > b/meta/recipes-devtools/gdb/gdb.inc > index 099bd2d8f5..62b813d5cb 100644 > --- a/meta/recipes-devtools/gdb/gdb.inc > +++ b/meta/recipes-devtools/gdb/gdb.inc > @@ -15,5 +15,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ > file://0009-Fix-invalid-sigprocmask-call.patch \ > file://0010-gdbserver-ctrl-c-handling.patch \ > file://0011-CVE-2023-39128.patch \ > + file://0013-CVE-2023-39130.patch \ > " > SRC_URI[sha256sum] = > "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" > diff --git a/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > new file mode 100644 > index 0000000000..c659f8a08c > --- /dev/null > +++ b/meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch > @@ -0,0 +1,326 @@ > +From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001 > +From: Alan Modra <[email protected]> <[email protected]> > +Date: Wed, 9 Aug 2023 09:58:36 +0930 > +Subject: [PATCH] gdb: warn unused result for bfd IO functions > + > +This fixes the compilation warnings introduced by my bfdio.c patch. > + > +The removed bfd_seeks in coff_symfile_read date back to 1994, commit > +7f4c859520, prior to which the file used stdio rather than bfd to read > +symbols. Since it now uses bfd to read the file there should be no > +need to synchronise to bfd's idea of the file position. I also fixed > +a potential uninitialised memory access. > + > +Approved-By: Andrew Burgess <[email protected]> <[email protected]> > > + > +Upstream-Status: Backport from > [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80] > +CVE: CVE-2023-39130 > +Signed-off-by: Sanjana Venkatesh <[email protected]> > <[email protected]> > > Hi Sanjana, > > I was looking in the gdb git repo to see if you had to adjust the commit > at all > since it's a fairly large patch. It seems you didn't change anything which > is good! > > but... > > I think you need this follow-up commit: > > commit ec2479e820c32ef443382a622a1d555a71730f64 > Author: Alan Modra <[email protected]> <[email protected]> > Date: Sat Aug 12 19:26:12 2023 > > Re: gdb: warn unused result for bfd IO functions > > Add a missing return statement. > > It would be nice to be able to test that these toolchain changes don't > cause any regressions. > > The code here is only "Used as a last resort if no debugging symbols > recognized." so that's a bit of a challenge. What runtime testing, if any, > did you do so far? Do you know or can you easily determine if any of the > tests in gdb cover the code that changed here? > > It looks like Steve already has your patch in his queue so unless he says > otherwise, just send a commit to add the patch above > Since I haven't merged it yet you can send a V3 or a follow-up patch. Whichever you prefer is fine! Steve >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193533): https://lists.openembedded.org/g/openembedded-core/message/193533 Mute This Topic: https://lists.openembedded.org/mt/103617733/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
