Re: [OE-core] [PATCH RESEND] gdb: Bump from 8.3 to 8.3.1
master is frozen for non-bug-fixes becuase we're past M3, this is queued in ross/mut until master re-opens when 3.0 is released. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH RESEND] gdb: Bump from 8.3 to 8.3.1
On Tue, Oct 8, 2019 at 10:49 AM akuster808 wrote: > > > > On 10/8/19 8:50 AM, Alistair Francis wrote: > > Signed-off-by: Alistair Francis > > --- > > .../gdb/{gdb-8.3.inc => gdb-8.3.1.inc}| 5 +- > > ...ian_8.3.bb => gdb-cross-canadian_8.3.1.bb} | 0 > > .../{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} | 0 > > .../gdb/gdb/CVE-2017-9778.patch | 98 --- > > .../gdb/{gdb_8.3.bb => gdb_8.3.1.bb} | 0 > > 5 files changed, 2 insertions(+), 101 deletions(-) > > rename meta/recipes-devtools/gdb/{gdb-8.3.inc => gdb-8.3.1.inc} (85%) > > rename meta/recipes-devtools/gdb/{gdb-cross-canadian_8.3.bb => > > gdb-cross-canadian_8.3.1.bb} (100%) > > rename meta/recipes-devtools/gdb/{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} > > (100%) > > delete mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > > rename meta/recipes-devtools/gdb/{gdb_8.3.bb => gdb_8.3.1.bb} (100%) > > is this a bug fix only update? I think so, but I don't know for sure. Alistair > > - armin > > > > diff --git a/meta/recipes-devtools/gdb/gdb-8.3.inc > > b/meta/recipes-devtools/gdb/gdb-8.3.1.inc > > similarity index 85% > > rename from meta/recipes-devtools/gdb/gdb-8.3.inc > > rename to meta/recipes-devtools/gdb/gdb-8.3.1.inc > > index 070c17d4a1..39f1c48cc7 100644 > > --- a/meta/recipes-devtools/gdb/gdb-8.3.inc > > +++ b/meta/recipes-devtools/gdb/gdb-8.3.1.inc > > @@ -16,7 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ > > file://0009-Change-order-of-CFLAGS.patch \ > > file://0010-resolve-restrict-keyword-conflict.patch \ > > file://0011-Fix-invalid-sigprocmask-call.patch \ > > - file://CVE-2017-9778.patch \ > > " > > -SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" > > -SRC_URI[sha256sum] = > > "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" > > +SRC_URI[md5sum] = "73b6a5d8141672c62bf851cd34c4aa83" > > +SRC_URI[sha256sum] = > > "1e55b4d7cdca7b34be12f4ceae651623aa73b2fd640152313f9f66a7149757c4" > > diff --git a/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb > > b/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb > > similarity index 100% > > rename from meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb > > rename to meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb > > diff --git a/meta/recipes-devtools/gdb/gdb-cross_8.3.bb > > b/meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb > > similarity index 100% > > rename from meta/recipes-devtools/gdb/gdb-cross_8.3.bb > > rename to meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb > > diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > > b/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > > deleted file mode 100644 > > index f142ed00d7..00 > > --- a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > > +++ /dev/null > > @@ -1,98 +0,0 @@ > > -From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001 > > -From: Sandra Loosemore > > -Date: Thu, 25 Apr 2019 07:27:02 -0700 > > -Subject: [PATCH] Detect invalid length field in debug frame FDE header. > > - > > -GDB was failing to catch cases where a corrupt ELF or core file > > -contained an invalid length value in a Dwarf debug frame FDE header. > > -It was checking for buffer overflow but not cases where the length was > > -negative or caused pointer wrap-around. > > - > > -In addition to the additional validity check, this patch cleans up the > > -multiple signed/unsigned conversions on the length field so that an > > -unsigned representation is used consistently throughout. > > - > > -This patch fixes CVE-2017-9778 and PR gdb/21600. > > - > > -2019-04-25 Sandra Loosemore > > - Kang Li > > - > > - PR gdb/21600 > > - > > - * dwarf2-frame.c (read_initial_length): Be consistent about using > > - unsigned representation of length. > > - (decode_frame_entry_1): Likewise. Check for wraparound of > > - end pointer as well as buffer overflow. > > - > > -Upstream-Status: Backport > > -CVE: CVE-2017-9778 > > -Signed-off-by: Anuj Mittal > > > > - gdb/ChangeLog | 10 ++ > > - gdb/dwarf2-frame.c | 14 +++--- > > - 2 files changed, 17 insertions(+), 7 deletions(-) > > - > > -diff --git a/gdb/ChangeLog b/gdb/ChangeLog > > -index 1c125de..d028d2b 100644 > > a/gdb/ChangeLog > > -+++ b/gdb/ChangeLog > > -@@ -1,3 +1,13 @@ > > -+2019-04-25 Sandra Loosemore > > -+Kang Li > > -+ > > -+PR gdb/21600 > > -+ > > -+* dwarf2-frame.c (read_initial_length): Be consistent about using > > -+unsigned representation of length. > > -+(decode_frame_entry_1): Likewise. Check for wraparound of > > -+end pointer as well as buffer overflow. > > -+ > > - 2019-05-11 Joel Brobecker > > - > > - * version.in: Set GDB version number to 8.3. > > -diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c > > -index 178ac44..dc5d3b3 100644 > > a/gdb/dwarf2-frame.c > > -+++ b/gdb/dwarf2-frame.c > > -@@ -1488,7
Re: [OE-core] [PATCH RESEND] gdb: Bump from 8.3 to 8.3.1
On 10/8/19 8:50 AM, Alistair Francis wrote: > Signed-off-by: Alistair Francis > --- > .../gdb/{gdb-8.3.inc => gdb-8.3.1.inc}| 5 +- > ...ian_8.3.bb => gdb-cross-canadian_8.3.1.bb} | 0 > .../{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} | 0 > .../gdb/gdb/CVE-2017-9778.patch | 98 --- > .../gdb/{gdb_8.3.bb => gdb_8.3.1.bb} | 0 > 5 files changed, 2 insertions(+), 101 deletions(-) > rename meta/recipes-devtools/gdb/{gdb-8.3.inc => gdb-8.3.1.inc} (85%) > rename meta/recipes-devtools/gdb/{gdb-cross-canadian_8.3.bb => > gdb-cross-canadian_8.3.1.bb} (100%) > rename meta/recipes-devtools/gdb/{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} > (100%) > delete mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > rename meta/recipes-devtools/gdb/{gdb_8.3.bb => gdb_8.3.1.bb} (100%) is this a bug fix only update? - armin > > diff --git a/meta/recipes-devtools/gdb/gdb-8.3.inc > b/meta/recipes-devtools/gdb/gdb-8.3.1.inc > similarity index 85% > rename from meta/recipes-devtools/gdb/gdb-8.3.inc > rename to meta/recipes-devtools/gdb/gdb-8.3.1.inc > index 070c17d4a1..39f1c48cc7 100644 > --- a/meta/recipes-devtools/gdb/gdb-8.3.inc > +++ b/meta/recipes-devtools/gdb/gdb-8.3.1.inc > @@ -16,7 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ > file://0009-Change-order-of-CFLAGS.patch \ > file://0010-resolve-restrict-keyword-conflict.patch \ > file://0011-Fix-invalid-sigprocmask-call.patch \ > - file://CVE-2017-9778.patch \ > " > -SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" > -SRC_URI[sha256sum] = > "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" > +SRC_URI[md5sum] = "73b6a5d8141672c62bf851cd34c4aa83" > +SRC_URI[sha256sum] = > "1e55b4d7cdca7b34be12f4ceae651623aa73b2fd640152313f9f66a7149757c4" > diff --git a/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb > b/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb > similarity index 100% > rename from meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb > rename to meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb > diff --git a/meta/recipes-devtools/gdb/gdb-cross_8.3.bb > b/meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb > similarity index 100% > rename from meta/recipes-devtools/gdb/gdb-cross_8.3.bb > rename to meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb > diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > b/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > deleted file mode 100644 > index f142ed00d7..00 > --- a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch > +++ /dev/null > @@ -1,98 +0,0 @@ > -From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001 > -From: Sandra Loosemore > -Date: Thu, 25 Apr 2019 07:27:02 -0700 > -Subject: [PATCH] Detect invalid length field in debug frame FDE header. > - > -GDB was failing to catch cases where a corrupt ELF or core file > -contained an invalid length value in a Dwarf debug frame FDE header. > -It was checking for buffer overflow but not cases where the length was > -negative or caused pointer wrap-around. > - > -In addition to the additional validity check, this patch cleans up the > -multiple signed/unsigned conversions on the length field so that an > -unsigned representation is used consistently throughout. > - > -This patch fixes CVE-2017-9778 and PR gdb/21600. > - > -2019-04-25 Sandra Loosemore > - Kang Li > - > - PR gdb/21600 > - > - * dwarf2-frame.c (read_initial_length): Be consistent about using > - unsigned representation of length. > - (decode_frame_entry_1): Likewise. Check for wraparound of > - end pointer as well as buffer overflow. > - > -Upstream-Status: Backport > -CVE: CVE-2017-9778 > -Signed-off-by: Anuj Mittal > > - gdb/ChangeLog | 10 ++ > - gdb/dwarf2-frame.c | 14 +++--- > - 2 files changed, 17 insertions(+), 7 deletions(-) > - > -diff --git a/gdb/ChangeLog b/gdb/ChangeLog > -index 1c125de..d028d2b 100644 > a/gdb/ChangeLog > -+++ b/gdb/ChangeLog > -@@ -1,3 +1,13 @@ > -+2019-04-25 Sandra Loosemore > -+Kang Li > -+ > -+PR gdb/21600 > -+ > -+* dwarf2-frame.c (read_initial_length): Be consistent about using > -+unsigned representation of length. > -+(decode_frame_entry_1): Likewise. Check for wraparound of > -+end pointer as well as buffer overflow. > -+ > - 2019-05-11 Joel Brobecker > - > - * version.in: Set GDB version number to 8.3. > -diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c > -index 178ac44..dc5d3b3 100644 > a/gdb/dwarf2-frame.c > -+++ b/gdb/dwarf2-frame.c > -@@ -1488,7 +1488,7 @@ static ULONGEST > - read_initial_length (bfd *abfd, const gdb_byte *buf, > - unsigned int *bytes_read_ptr) > - { > -- LONGEST result; > -+ ULONGEST result; > - > - result = bfd_get_32 (abfd, buf); > - if (result == 0x) > -@@ -1789,7 +1789,7 @@ decode_frame_entry_1 (struct comp_unit *unit
[OE-core] [PATCH RESEND] gdb: Bump from 8.3 to 8.3.1
Signed-off-by: Alistair Francis --- .../gdb/{gdb-8.3.inc => gdb-8.3.1.inc}| 5 +- ...ian_8.3.bb => gdb-cross-canadian_8.3.1.bb} | 0 .../{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} | 0 .../gdb/gdb/CVE-2017-9778.patch | 98 --- .../gdb/{gdb_8.3.bb => gdb_8.3.1.bb} | 0 5 files changed, 2 insertions(+), 101 deletions(-) rename meta/recipes-devtools/gdb/{gdb-8.3.inc => gdb-8.3.1.inc} (85%) rename meta/recipes-devtools/gdb/{gdb-cross-canadian_8.3.bb => gdb-cross-canadian_8.3.1.bb} (100%) rename meta/recipes-devtools/gdb/{gdb-cross_8.3.bb => gdb-cross_8.3.1.bb} (100%) delete mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch rename meta/recipes-devtools/gdb/{gdb_8.3.bb => gdb_8.3.1.bb} (100%) diff --git a/meta/recipes-devtools/gdb/gdb-8.3.inc b/meta/recipes-devtools/gdb/gdb-8.3.1.inc similarity index 85% rename from meta/recipes-devtools/gdb/gdb-8.3.inc rename to meta/recipes-devtools/gdb/gdb-8.3.1.inc index 070c17d4a1..39f1c48cc7 100644 --- a/meta/recipes-devtools/gdb/gdb-8.3.inc +++ b/meta/recipes-devtools/gdb/gdb-8.3.1.inc @@ -16,7 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0009-Change-order-of-CFLAGS.patch \ file://0010-resolve-restrict-keyword-conflict.patch \ file://0011-Fix-invalid-sigprocmask-call.patch \ - file://CVE-2017-9778.patch \ " -SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" -SRC_URI[sha256sum] = "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" +SRC_URI[md5sum] = "73b6a5d8141672c62bf851cd34c4aa83" +SRC_URI[sha256sum] = "1e55b4d7cdca7b34be12f4ceae651623aa73b2fd640152313f9f66a7149757c4" diff --git a/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb b/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb similarity index 100% rename from meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb rename to meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb diff --git a/meta/recipes-devtools/gdb/gdb-cross_8.3.bb b/meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb similarity index 100% rename from meta/recipes-devtools/gdb/gdb-cross_8.3.bb rename to meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch b/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch deleted file mode 100644 index f142ed00d7..00 --- a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001 -From: Sandra Loosemore -Date: Thu, 25 Apr 2019 07:27:02 -0700 -Subject: [PATCH] Detect invalid length field in debug frame FDE header. - -GDB was failing to catch cases where a corrupt ELF or core file -contained an invalid length value in a Dwarf debug frame FDE header. -It was checking for buffer overflow but not cases where the length was -negative or caused pointer wrap-around. - -In addition to the additional validity check, this patch cleans up the -multiple signed/unsigned conversions on the length field so that an -unsigned representation is used consistently throughout. - -This patch fixes CVE-2017-9778 and PR gdb/21600. - -2019-04-25 Sandra Loosemore - Kang Li - - PR gdb/21600 - - * dwarf2-frame.c (read_initial_length): Be consistent about using - unsigned representation of length. - (decode_frame_entry_1): Likewise. Check for wraparound of - end pointer as well as buffer overflow. - -Upstream-Status: Backport -CVE: CVE-2017-9778 -Signed-off-by: Anuj Mittal - gdb/ChangeLog | 10 ++ - gdb/dwarf2-frame.c | 14 +++--- - 2 files changed, 17 insertions(+), 7 deletions(-) - -diff --git a/gdb/ChangeLog b/gdb/ChangeLog -index 1c125de..d028d2b 100644 a/gdb/ChangeLog -+++ b/gdb/ChangeLog -@@ -1,3 +1,13 @@ -+2019-04-25 Sandra Loosemore -+ Kang Li -+ -+ PR gdb/21600 -+ -+ * dwarf2-frame.c (read_initial_length): Be consistent about using -+ unsigned representation of length. -+ (decode_frame_entry_1): Likewise. Check for wraparound of -+ end pointer as well as buffer overflow. -+ - 2019-05-11 Joel Brobecker - - * version.in: Set GDB version number to 8.3. -diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c -index 178ac44..dc5d3b3 100644 a/gdb/dwarf2-frame.c -+++ b/gdb/dwarf2-frame.c -@@ -1488,7 +1488,7 @@ static ULONGEST - read_initial_length (bfd *abfd, const gdb_byte *buf, -unsigned int *bytes_read_ptr) - { -- LONGEST result; -+ ULONGEST result; - - result = bfd_get_32 (abfd, buf); - if (result == 0x) -@@ -1789,7 +1789,7 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start, - { - struct gdbarch *gdbarch = get_objfile_arch (unit->objfile); - const gdb_byte *buf, *end; -- LONGEST length; -+ ULONGEST length; - unsigned int bytes_read; - int dwarf64_p; - ULONGEST cie_id; -@@ -1800,15 +1800,15 @@ decode_frame_entry_1 (struct comp_uni