Fixed
Created: Sep 2, 2015
Updated: Sep 8, 2018
Resolved Date: Sep 14, 2015
Found In Version: 7.0.0.8
Fix Version: 7.0.0.10
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Toolchain
Problem description:
powerpc64-wrs-linux-strip in generated SDK returns error:
# powerpc64-wrs-linux-strip build/libnl/image/usr/lib64/libnl-3.a -o libnl-3.a
powerpc64-wrs-linux-strip: illegal pathname found in archive member: addr.o
Scenario:
1. Configure project and build SDK
2. Source env.sh in SDK
3. Try to strip a library with powerpc64-wrs-linux-strip from SDK
Reproduced on: WR Linux 700.8
BSP: fsl-t4xxx
Analysis:
This problem seems to be introduced by a CVE patch in binutils package in oe-core layer.
commit e39c16f2d30ceae59864615a0b338e2c2b873bf7: binutils: Security Advisory - binutils - CVE-2014-8737
The resulting code with this patch does not work as intended:
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index 14f6b96..a4baca1 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -2206,6 +2206,18 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target,
+ bfd_boolean del = TRUE;
+ bfd_boolean ok_object;
+
++ /* PR binutils/17533: Do not allow directory traversal
++ outside of the current directory tree by archive members. */
++ if (! is_valid_archive_path (bfd_get_filename (this_element)))
++ fatal (_("illegal pathname found in archive member: %s"),
++ bfd_get_filename (this_element));
++ {
++ non_fatal (_("illegal pathname found in archive member: %s"),
++ bfd_get_filename (this_element));
++ status = 1;
++ goto cleanup_and_exit;
++ }
++
By applying the attached patch file to binutils package the is working again.
apply the attached patch
echo 'USE_SDK_BINUTILS = "0"' > local.conf
