openembedded-core.git/meta/recipes-devtools/elfutils, branch thud Mirror of openembedded-core elfutils: 0.174 -> 0.175 2019-01-08T20:12:01+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-23T07:47:20+00:00 81ae67e603087166ec5583cc9686a60f769be799 - Drop backport CVE patches 0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch 0001-size-Handle-recursive-ELF-ar-files.patch 0001-arlib-Check-that-sh_entsize-isn-t-zero.patch - Drop patches that upstream has fixed 0005-fix-a-stack-usage-warning.patch [9a74c19 backends: ppc use define instead of const for size of dwarf_regs array.] - Update debian patches to 0.175 - Rebase local patch to 0.175 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch (From OE-Core rev: 8748de4df5a4ece303f07f8bbb248920a199478a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
- Drop backport CVE patches
  0001-libdwfl-Sanity-check-partial-core-file-data-reads.patch
  0001-size-Handle-recursive-ELF-ar-files.patch
  0001-arlib-Check-that-sh_entsize-isn-t-zero.patch

- Drop patches that upstream has fixed
  0005-fix-a-stack-usage-warning.patch [9a74c19 backends: ppc use define
  instead of const for size of dwarf_regs array.]

- Update debian patches to 0.175

- Rebase local patch to 0.175
  0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch

(From OE-Core rev: 8748de4df5a4ece303f07f8bbb248920a199478a)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
elfutils: fix CVE-2018-18520 & CVE-2018-18521 & CVE-2018-18310 2018-11-06T11:54:30+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-02T09:52:51+00:00 bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c These CVE fixes come from upstream master branch and no new version released, so backport rather than upgrade. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
These CVE fixes come from upstream master branch and no
new version released, so backport rather than upgrade.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
elfutils: 0.173 -> 0.174 2018-11-06T11:54:30+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-11-02T09:52:50+00:00 777c1f8b6e20643964c304400e2d746dc2926524 - Drop backport fixes CVE-2018-16062.patch 0001-libdw-Check-end-of-attributes-list-consistently.patch 0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch - Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
- Drop backport fixes
  CVE-2018-16062.patch
  0001-libdw-Check-end-of-attributes-list-consistently.patch
  0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch

- Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
elfutils: fix CVE-2018-16403 & CVE-2018-16402 2018-10-03T14:25:36+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-09-28T06:29:27+00:00 a7c3c897d2cbe7e473a7fb057a3f74ebc9e04023 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
elfutils: CVE-2018-16062 2018-09-06T09:36:25+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2018-09-05T02:42:46+00:00 bcca86fca317c16a8f6c138c7df369b944e50700 Backport the CVE patch from the upstream: https://sourceware.org/git/?p=elfutils.git;a=commit; h=29e31978ba51c1051743a503ee325b5ebc03d7e9 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Backport the CVE patch from the upstream:
https://sourceware.org/git/?p=elfutils.git;a=commit;
h=29e31978ba51c1051743a503ee325b5ebc03d7e9

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
elfutils: Fix prelink libqb error on mips and mips64 2018-08-30T15:16:06+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-29T10:11:40+00:00 8e280aff908b980d641c762946f691a6d376b87b The previous patch 0001-libelf-elf_end.c-check-data_list.data.d.d_buf-before.patch fixed segmentation fault error on other arches except mips and mips64, now update it to fix mips and mips64 too, also submitted to upstream. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The previous patch
0001-libelf-elf_end.c-check-data_list.data.d.d_buf-before.patch
fixed segmentation fault error on other arches except mips and mips64, now
update it to fix mips and mips64 too, also submitted to upstream.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
elfutils: 0.172 -> 0.173 2018-08-23T17:02:19+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-23T08:11:25+00:00 ab3f8e58485d0e90da3a0255d771737852ba345b Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
elfutils: check data_list.data.d.d_buf before free it 2018-08-16T09:44:07+00:00 Robert Yang liezhi.yang@windriver.com 2018-08-16T02:38:22+00:00 560154e8525dce4beb8199ffc0d7c964da9d665a [YOCTO #12791] The one which actually saves the data is data_list.data.d.d_buf, so check it before free rawdata_base. This can fix a segmentation fault when prelink libqb_1.0.3: prelink: /usr/lib/libqb.so.0.18.2: Symbol section index outside of section numbers The segmentation fault happens when prelink call elf_end(). Fixed: MACHINE="qemux86-64" IMAGE_INSTALL_append = " libqb" #libqp is from meta-openembedded $ bitbake core-image-minimal Segmention fault Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
[YOCTO #12791]

The one which actually saves the data is data_list.data.d.d_buf, so check it
before free rawdata_base.

This can fix a segmentation fault when prelink libqb_1.0.3:
prelink: /usr/lib/libqb.so.0.18.2: Symbol section index outside of section numbers

The segmentation fault happens when prelink call elf_end().

Fixed:
MACHINE="qemux86-64"
IMAGE_INSTALL_append = " libqb" #libqp is from meta-openembedded
$ bitbake core-image-minimal
Segmention fault

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
elfutils: clean up patches 2018-07-04T11:28:36+00:00 Ross Burton ross.burton@intel.com 2018-07-04T09:15:12+00:00 b039b26958655aab496b588f4e41a5dea1bfaac1 In the upgrade a large number of Upstream-Status tags were dropped, so add them back. I'm taking the stand that copying a patch Debian is carrying doesn't count as a backport. Remove two Debian-specific patches (one for Hurd, one for kfreebsd) so we're not carrying useless patches. Remove two patches that are no longer applied. Signed-off-by: Ross Burton <ross.burton@intel.com> 
In the upgrade a large number of Upstream-Status tags were dropped, so add them
back.  I'm taking the stand that copying a patch Debian is carrying doesn't
count as a backport.

Remove two Debian-specific patches (one for Hurd, one for kfreebsd) so
we're not carrying useless patches.

Remove two patches that are no longer applied.

Signed-off-by: Ross Burton <ross.burton@intel.com>
elfutils: 0.170 -> 0.172 2018-07-03T07:24:34+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-07-02T05:57:09+00:00 dbbe9c1d1f822cf13a4c16b79bccf6bf5c4b91e4 - Update debian 0.170 patches and rebase them for 0.172; - Drop 0001-Use-fallthrough-attribute.patch which was accepted by upstream; - Drop 0001-Ensure-that-packed-structs-follow-the-gcc-memory-lay.patch which was backported from upstream; Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
- Update debian 0.170 patches and rebase them for 0.172;

- Drop 0001-Use-fallthrough-attribute.patch which was
  accepted by upstream;

- Drop 0001-Ensure-that-packed-structs-follow-the-gcc-memory-lay.patch
  which was backported from upstream;

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>