From aaa1c3e16e22eb600e0558930d640fadf0b93c4b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 03 2022 22:11:10 +0000 Subject: import binutils-2.30-117.el8 --- diff --git a/SOURCES/binutils-coffgen-buffer-overrun.patch b/SOURCES/binutils-coffgen-buffer-overrun.patch new file mode 100644 index 0000000..88f46c7 --- /dev/null +++ b/SOURCES/binutils-coffgen-buffer-overrun.patch @@ -0,0 +1,14 @@ +--- binutils.orig/bfd/coffgen.c 2022-04-25 13:43:52.724745386 +0100 ++++ binutils-2.30/bfd/coffgen.c 2022-04-25 13:46:39.583596137 +0100 +@@ -1838,10 +1838,7 @@ coff_get_normalized_symtab (bfd *abfd) + internal_ptr->is_sym = TRUE; + + /* PR 17512: file: 1353-1166-0.004. */ +- if (symbol_ptr->u.syment.n_sclass == C_FILE +- && symbol_ptr->u.syment.n_numaux > 0 +- && raw_src + symesz + symbol_ptr->u.syment.n_numaux +- * symesz > raw_end) ++ if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz) + { + bfd_release (abfd, internal); + return NULL; diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec index e08853b..89119a1 100644 --- a/SPECS/binutils.spec +++ b/SPECS/binutils.spec @@ -43,7 +43,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.30 -Release: 116%{?dist} +Release: 117%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -623,6 +623,10 @@ Patch99: binutils-aarch64-rng.patch # Lifetime: Fixed in 2.39 Patch100: binutils-s390-z16.patch +# Purpose: Fix a potential buffer overrun in the BFD library. +# Lifetime: Fixed in 2.35 +Patch101: binutils-coffgen-buffer-overrun.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -860,6 +864,7 @@ using libelf instead of BFD. %patch98 -p1 %patch99 -p1 %patch100 -p1 +%patch101 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -1309,6 +1314,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Mon Apr 25 2022 Nick Clifton - 2.30-117 +- Fix a potential buffer overrun in the BFD library's PE handling code. (#2076973) + * Mon Apr 11 2022 Nick Clifton - 2.30-116 - Allow z16 to be used as an alias for the s390 architecture's arch14 extensions. (#2073384)