From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Sun, 16 Dec 2018 17:11:34 -0800
Subject: reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../binutils/binutils/CVE-2018-18605.patch         | 47 ++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch

(limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch')

diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
new file mode 100644
index 000000000..d6c706771
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
@@ -0,0 +1,47 @@
+From ab419ddbb2cdd17ca83618990f2cacf904ce1d61 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 23 Oct 2018 18:29:24 +1030
+Subject: [PATCH] PR23804, buffer overflow in sec_merge_hash_lookup
+
+	PR 23804
+	* merge.c (_bfd_add_merge_section): Don't attempt to merge
+	sections where size is not a multiple of entsize.
+
+Upstream-Status: Backport
+CVE: CVE-2018-18605
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/merge.c   | 3 +++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index 31ff3d6..da423b1 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-10-23  Alan Modra  <amodra@gmail.com>
++
++	PR 23804
++	* merge.c (_bfd_add_merge_section): Don't attempt to merge
++	sections where size is not a multiple of entsize.
++
+ 2018-10-13  Alan Modra  <amodra@gmail.com>
+ 
+ 	PR 23770
+diff --git a/bfd/merge.c b/bfd/merge.c
+index 7904552..5e3bba0 100644
+--- a/bfd/merge.c
++++ b/bfd/merge.c
+@@ -376,6 +376,9 @@ _bfd_add_merge_section (bfd *abfd, void **psinfo, asection *sec,
+       || sec->entsize == 0)
+     return TRUE;
+ 
++  if (sec->size % sec->entsize != 0)
++    return TRUE;
++
+   if ((sec->flags & SEC_RELOC) != 0)
+     {
+       /* We aren't prepared to handle relocations in merged sections.  */
+-- 
+2.9.3
-- 
cgit v1.2.1