Thread (15 messages) 15 messages, 4 authors, 2021-07-13

Re: [OE-core] [hardknott][PATCH] Binutils: Fix CVE-2021-20197

From: Vinay Kumar <hidden>
Date: 2021-07-02 11:40:05 

Hi Randy, Anuj,

Sent for review with 3 separate patches.
https://lists.openembedded.org/g/openembedded-core/message/153462

Regards,
Vinay

On Tue, Jun 29, 2021 at 6:56 PM Randy MacLeod
[off-list ref] wrote:
On 2021-05-07 10:48 a.m., Vinay Kumar wrote:
quoted
Hi Anuj,
quoted
quoted
Right now, the patch header is wrong as it's not the upstream commit that it is claiming to be.
Created 3 patches.
For the patch of commit "d3edaa91d4cf7202ec14342410194841e2f67f12"
planning to use
below patch header from the commit it is cherry picked.
Also, mentioning that in "Upstream-Status" section as below,
====================================
quoted
From 95b91a043aeaeb546d2fea556d84a2de1e917770 Mon Sep 17 00:00:00 2001
From: Alan Modra <redacted>
Date: Mon, 1 Feb 2021 02:04:41 +1030
Subject: [PATCH] pr27270 and pr27284, ar segfaults and wrong file mode

         PR 27270
         PR 27284
         PR 26945
         * ar.c: Don't include libbfd.h.
         (write_archive): Replace xmalloc+strcpy with xstrdup.  Use
         bfd_stat rather than fstat on iostream.  Move stat and fd tests
         outside of _WIN32 ifdef.  Delete skip_stat variable.
         * arsup.c (temp_name, real_ofd): New static variables.
         (ar_open): Use make_tempname and bfd_fdopenw.
         (ar_save): Adjust to suit ar_open changes.  Move stat output
         of _WIN32 ifdef.
         * objcopy.c: Don't include libbfd.h.
         (copy_file): Use bfd_stat.

Upstream-Status:
Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=95b91a043aeaeb546d2fea556d84a2de1e917770]
Used commit "d3edaa91d4cf7202ec14342410194841e2f67f12" cherry picked from commit
"95b91a043aeaeb546d2fea556d84a2de1e917770"
CVE: CVE-2021-20197
Signed-off-by: Vinay Kumar <redacted>
====================================

Other 2 commits ids patch headers are identical to the cherry picked
from commits.

Regards,
Vinay
Seems that this patch was not merged to hardknott.
I didn't see the version split into 3 patch on the list.

Vinay, can you please re-submit if you agree
that splitting it up into 3 patches makes sense.

--
# Randy MacLeod
# Wind River Linux
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help