[gnome-continuous-yocto/gnomeostree-3.28-rocko: 341/8267] gcc: Security fix CVE-2016-4489

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 341/8267] gcc: Security fix CVE-2016-4489
Date: Sat, 16 Dec 2017 20:17:28 +0000 (UTC)

commit 23f00321e97abebbfe1298691487f5bb0dbcf2b4
Author: Armin Kuster <akuster mvista com>
Date:   Fri May 6 00:11:55 2016 -0700

    gcc: Security fix CVE-2016-4489
    
    (From OE-Core rev: 84a1642f89801648728c61d3af42926b95533e07)
    
    Signed-off-by: Armin Kuster <akuster mvista com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-devtools/gcc/gcc-5.3.inc              |    1 +
 .../gcc/gcc-5.3/CVE-2016-4489.patch                |   56 ++++++++++++++++++++
 2 files changed, 57 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-devtools/gcc/gcc-5.3.inc b/meta/recipes-devtools/gcc/gcc-5.3.inc
index c75d07e..11287e4 100644
--- a/meta/recipes-devtools/gcc/gcc-5.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-5.3.inc
@@ -91,6 +91,7 @@ SRC_URI = "\
            file://0059-libgcc-use-ldflags.patch \
            file://0060-remove-prototypes-cfns.patch \
            file://CVE-2016-4488.patch \
+           file://CVE-2016-4489.patch \
 "
 
 BACKPORTS = ""
diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4489.patch 
b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4489.patch
new file mode 100644
index 0000000..68a0f85
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4489.patch
@@ -0,0 +1,56 @@
+From 053ec2207203a194d2ae82e2f164009aad3f14d2 Mon Sep 17 00:00:00 2001
+From: bernds <bernds@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Fri, 8 Apr 2016 12:06:59 +0000
+Subject: [PATCH] =?UTF-8?q?Handle=20an=20overflow=20case=20(PR70498,=20pat?=
+ =?UTF-8?q?ch=20by=20Marcel=20B=C3=B6hme).?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+       PR c++/70498
+       * cplus-dem.c (gnu_special): Handle case where consume_count returns
+       -1.
+
+
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234828 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport
+CVE: CVE-2016-4489
+
+Signed-off-by: Armin Kuster <akuster mvista com>
+---
+ libiberty/ChangeLog   | 6 ++++++
+ libiberty/cplus-dem.c | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+Index: gcc-5.3.0/libiberty/ChangeLog
+===================================================================
+--- gcc-5.3.0.orig/libiberty/ChangeLog
++++ gcc-5.3.0/libiberty/ChangeLog
+@@ -1,3 +1,9 @@
++2016-04-08  Marcel Böhme  <boehme marcel gmail com>
++
++      PR c++/70498
++      * cplus-dem.c (gnu_special): Handle case where consume_count returns
++      -1.
++
+ 2016-03-31  Mikhail Maltsev  <maltsevm gmail com>
+            Marcel Bohme  boehme marcel gmail com
+ 
+Index: gcc-5.3.0/libiberty/cplus-dem.c
+===================================================================
+--- gcc-5.3.0.orig/libiberty/cplus-dem.c
++++ gcc-5.3.0/libiberty/cplus-dem.c
+@@ -3001,6 +3001,11 @@ gnu_special (struct work_stuff *work, co
+                     success = 1;
+                     break;
+                   }
++                else if (n == -1)
++                  {
++                    success = 0;
++                    break;
++                  }
+               }
+             else
+               {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]