[OE-core] [PATCH 56/61] elfutils_0.148.bb: CVE-2014-9447 fix

Armin Kuster akuster808 at gmail.com
Thu Feb 5 16:04:04 UTC 2015


From: Li xin <lixin.fnst at cn.fujitsu.com>

Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447

(From OE-Core rev: c992868a989926eac6c4b78a6bb9729bce54f2ed)

Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 .../elf_begin.c-CVE-2014-9447-fix.patch            | 36 ++++++++++++++++++++++
 meta/recipes-devtools/elfutils/elfutils_0.148.bb   | 23 +++++++-------
 2 files changed, 48 insertions(+), 11 deletions(-)
 create mode 100644 meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
new file mode 100644
index 0000000..84e8ddc
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
@@ -0,0 +1,36 @@
+From 323ca04a0c9189544075c19b49da67f6443a8950 Mon Sep 17 00:00:00 2001
+From: Li xin <lixin.fnst at cn.fujitsu.com>
+Date: Wed, 21 Jan 2015 09:33:38 +0900
+Subject: [PATCH] elf_begin.c: CVE-2014-9447 fix
+
+this patch is from:
+ https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
+
+Upstream-Status: Backport
+
+Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
+---
+ libelf/elf_begin.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
+index e46add3..e83ba35 100644
+--- a/libelf/elf_begin.c
++++ b/libelf/elf_begin.c
+@@ -736,11 +736,8 @@ read_long_names (Elf *elf)
+ 	    break;
+ 
+ 	  /* NUL-terminate the string.  */
+-	  *runp = '\0';
+-
+-	  /* Skip the NUL byte and the \012.  */
+-	  runp += 2;
+-
++	  *runp++ = '\0';
++ 
+ 	  /* A sanity check.  Somebody might have generated invalid
+ 	     archive.  */
+ 	  if (runp >= newp + len)
+-- 
+1.8.4.2
+
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.148.bb b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
index ab95639..5e75f12 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.148.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
@@ -8,7 +8,7 @@ DEPENDS = "libtool bzip2 zlib virtual/libintl"
 
 PR = "r11"
 
-SRC_URI = "https://fedorahosted.org/releases/e/l/elfutils/elfutils-${PV}.tar.bz2"
+SRC_URI = "https://fedorahosted.org/releases/e/l/${PN}/${BP}.tar.bz2"
 
 SRC_URI[md5sum] = "a0bed1130135f17ad27533b0034dba8d"
 SRC_URI[sha256sum] = "8aebfa4a745db21cf5429c9541fe482729b62efc7e53e9110151b4169fe887da"
@@ -25,14 +25,15 @@ SRC_URI += "\
         file://m68k_backend.diff \
         file://testsuite-ignore-elflint.diff \
         file://elf_additions.diff \
-	file://elfutils-fsize.patch \
-	file://remove-unused.patch \
-	file://mempcpy.patch \
-	file://fix_for_gcc-4.7.patch \
-	file://dso-link-change.patch \
-	file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
-	file://elfutils-ar-c-fix-num-passed-to-memset.patch \
-	file://Fix_elf_cvt_gunhash.patch \
+        file://elfutils-fsize.patch \
+        file://remove-unused.patch \
+        file://mempcpy.patch \
+        file://fix_for_gcc-4.7.patch \
+        file://dso-link-change.patch \
+        file://nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch \
+        file://elfutils-ar-c-fix-num-passed-to-memset.patch \
+        file://Fix_elf_cvt_gunhash.patch \
+        file://elf_begin.c-CVE-2014-9447-fix.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support.patch"
@@ -52,9 +53,9 @@ EXTRA_OECONF_append_class-native = " --without-bzlib"
 EXTRA_OECONF_append_libc-uclibc = " --enable-uclibc"
 
 do_configure_prepend() {
-	sed -i '/^i386_dis.h:/,+4 {/.*/d}' ${S}/libcpu/Makefile.am
+    sed -i '/^i386_dis.h:/,+4 {/.*/d}' ${S}/libcpu/Makefile.am
 
-	cp ${WORKDIR}/*dis.h ${S}/libcpu
+    cp ${WORKDIR}/*dis.h ${S}/libcpu
 }
 
 # we can not build complete elfutils when using uclibc
-- 
1.9.1




More information about the Openembedded-core mailing list