Wind River Support Network


LIN7-4690 : binutils: error when trying to strip library

Created: Sep 2, 2015    Updated: Sep 8, 2018
Resolved Date: Sep 14, 2015
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Toolchain


Problem description: 
powerpc64-wrs-linux-strip in generated SDK returns error: 
# powerpc64-wrs-linux-strip build/libnl/image/usr/lib64/libnl-3.a -o libnl-3.a 
powerpc64-wrs-linux-strip: illegal pathname found in archive member: addr.o 

1. Configure project and build SDK 
2. Source in SDK 
3. Try to strip a library with powerpc64-wrs-linux-strip from SDK 

Reproduced on: WR Linux 700.8 
BSP: fsl-t4xxx 

This problem seems to be introduced by a CVE patch in binutils package in oe-core layer. 
commit e39c16f2d30ceae59864615a0b338e2c2b873bf7: binutils: Security Advisory - binutils - CVE-2014-8737 

The resulting code with this patch does not work as intended: 
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c 
+index 14f6b96..a4baca1 100644 
+--- a/binutils/objcopy.c 
++++ b/binutils/objcopy.c 
+@@ -2206,6 +2206,18 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target, 
+ bfd_boolean del = TRUE; 
+ bfd_boolean ok_object; 
++ /* PR binutils/17533: Do not allow directory traversal 
++ outside of the current directory tree by archive members. */ 
++ if (! is_valid_archive_path (bfd_get_filename (this_element))) 
++ fatal (_("illegal pathname found in archive member: %s"), 
++ bfd_get_filename (this_element)); 
++ { 
++ non_fatal (_("illegal pathname found in archive member: %s"), 
++ bfd_get_filename (this_element)); 
++ status = 1; 
++ goto cleanup_and_exit; 
++ } 
By applying the attached patch file to binutils package the is working again. 


apply the attached patch

echo 'USE_SDK_BINUTILS = "0"' > local.conf

Other Downloads

Live chat