Fixed
Created: May 29, 2019
Updated: Aug 21, 2019
Resolved Date: Jun 13, 2019
Found In Version: 8.0
Fix Version: 8.0.0.31
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Build & Config
This bug was already fixed in binutils mainline, please see: https://sourceware.org/bugzilla/show_bug.cgi?id=23425
The problem is that bug fix has two commits, and only one of them was included in WRL LTS18 through CVE-2018-18309.patch, while the other fix is missing.
"...
commit a4cd947aca23d58966ead843e120f4c19db01030
Author: Alan Modra <[amodra@gmail.com|mailto:amodra@gmail.com]>
Date: Tue Sep 11 23:50:15 2018 +0930
[PR23425|https://sourceware.org/bugzilla/show_bug.cgi?id=23425], *unresolved symbol diagnostic* -->> this patch is not applied
….
commit 0930cb3021b8078b34cf216e79eb8608d017864f
Author: Alan Modra <[amodra@gmail.com|mailto:amodra@gmail.com]>
Date: Sat Oct 13 22:03:02 2018 +1030
*_bfd_clear_contents bounds checking"*
The second patch is there, but this patch is required for fix something from a previous patch, while the previous patch isn’t there,
Please make the necessary effort to include both fixes in the next RCPL.
Start in a WRL LTS18 project directory.
$ find . -name binutils
./oe-core/meta/recipes-devtools/binutils
./oe-core/meta/recipes-devtools/binutils/binutils
$ cd oe-core/meta/recipes-devtools/binutils/binutils
--> this directory has all the patches. We grep the whole dir for our desired string:
$ grep "unresolved symbol diagnostic" * --> nothing came out, then we check for the other string
$ grep "bfd_clear_contents bounds checking" *
CVE-2018-18309.patch:Subject: [PATCH] _bfd_clear_contents bounds checking
So this patch is relevant for the second thing fixed in that bugzilla link. And it doesn’t include the fix from the first patch.