new file mode 100644

@@ -0,0 +1,80 @@

+From 7e27a9d5f22f9f7ead11738b1546d0b5c737266b Mon Sep 17 00:00:00 2001

+From: "Yuriy M. Kaminskiy" <yumkam@gmail.com>

+Date: Tue, 4 Aug 2015 16:51:53 +0100

+Subject: [PATCH 1/1] Fix stack buffer overflows when parsing corrupt ihex

+ files.

+

+	PR binutils/18750

+	* ihex.c (ihex_scan): Fixes incorrect escape sequence in error message

+	and stack overflow when char is signed and \200-\376 was in place of hex

+	digit; also fixes \377 was handled as EOF instead of "incorrect character".

+	(ihex_read_section): Changed for consistency.

+	(ihex_bad_byte): Prevent (now impossible to trigger) stack

+	overflow and incorrect escape sequence handling.

+	* srec.c (srec_bad_byte): Likewise.

+

+	* readelf.c (process_mips_specific): Fix incorrect escape

+	sequence handling.

+---

+ bfd/ihex.c         |  6 +++---

+ bfd/srec.c         |  2 +-

+ binutils/readelf.c |  2 +-

+ 5 files changed, 28 insertions(+), 5 deletions(-)

+

+diff --git a/bfd/ihex.c b/bfd/ihex.c

+index 8e66372..38112f6 100644

+--- a/bfd/ihex.c

+@@ -219,7 +219,7 @@ ihex_bad_byte (bfd *abfd, unsigned int lineno, int c, bfd_boolean error)

+       char buf[10];

+ 

+       if (! ISPRINT (c))

+-	sprintf (buf, "\\%03o", (unsigned int) c);

++	sprintf (buf, "\\%03o", (unsigned int) c & 0xff);

+       else

+ 	{

+ 	  buf[0] = c;

+@@ -276,7 +276,7 @@ ihex_scan (bfd *abfd)

+       else

+ 	{

+ 	  file_ptr pos;

+-	  char hdr[8];

++	  unsigned char hdr[8];

+ 	  unsigned int i;

+ 	  unsigned int len;

+ 	  bfd_vma addr;

+@@ -553,7 +553,7 @@ ihex_read_section (bfd *abfd, asection *section, bfd_byte *contents)

+   error = FALSE;

+   while ((c = ihex_get_byte (abfd, &error)) != EOF)

+     {

+-      char hdr[8];

++      unsigned char hdr[8];

+       unsigned int len;

+       unsigned int type;

+       unsigned int i;

+diff --git a/bfd/srec.c b/bfd/srec.c

+index 24573cf..96b6a2f 100644

+--- a/bfd/srec.c

+@@ -249,7 +249,7 @@ srec_bad_byte (bfd *abfd,

+       char buf[40];

+ 

+       if (! ISPRINT (c))

+-	sprintf (buf, "\\%03o", (unsigned int) c);

++	sprintf (buf, "\\%03o", (unsigned int) c & 0xff);

+       else

+ 	{

+ 	  buf[0] = c;

+diff --git a/binutils/readelf.c b/binutils/readelf.c

+index a9b9f2d..6298f1e 100644

+--- a/binutils/readelf.c

+@@ -14467,7 +14467,7 @@ process_mips_specific (FILE * file)

+ 	      len = sizeof (* eopt);

+ 	      while (len < option->size)

+ 		{

+-		  char datum = * ((char *) eopt + offset + len);

++		  unsigned char datum = * ((unsigned char *) eopt + offset + len);

+ 

+ 		  if (ISPRINT (datum))

+ 		    printf ("%c", datum);

@@ -1,36 +1,38 @@

-Summary:	Contains a linker, an assembler, and other tools

-Name:		binutils

-Version:	2.25.1

-Release:	2%{?dist}

-License:	GPLv2+

-URL:		http://www.gnu.org/software/binutils

-Group:		System Environment/Base

-Vendor:		VMware, Inc.

-Distribution: 	Photon

-Source0:	http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.bz2

+Summary:    Contains a linker, an assembler, and other tools

+Name:       binutils

+Version:    2.25.1

+Release:    3%{?dist}

+License:    GPLv2+

+URL:        http://www.gnu.org/software/binutils

+Group:      System Environment/Base

+Vendor:     VMware, Inc.

+Distribution:   Photon

+Source0:    http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.bz2

 %define sha1 binutils=1d597ae063e3947a5f61e23ceda8aebf78405fcd

-Patch0:		http://www.linuxfromscratch.org/patches/downloads/binutils/binutils-2.25.1-gold_export_symbols-1.patch

+Patch0:     http://www.linuxfromscratch.org/patches/downloads/binutils/binutils-2.25.1-gold_export_symbols-1.patch

+Patch1:     binutils-CVE-2014-9939.patch

 %description

 The Binutils package contains a linker, an assembler,

 and other tools for handling object files.

-%package	devel

-Summary:	Header and development files for binutils

-Requires:	%{name} = %{version}

-%description	devel

+%package    devel

+Summary:    Header and development files for binutils

+Requires:   %{name} = %{version}

+%description    devel

 It contains the libraries and header files to create applications 

 for handling compiled objects.

 %prep

 %setup -q

 %patch0 -p1

+%patch1 -p1

 rm -fv etc/standards.info

 sed -i.bak '/^INFO/s/standards.info //' etc/Makefile.in

 %build

 install -vdm 755 ../binutils-build

 cd ../binutils-build

 ../%{name}-%{version}/configure \

-	--prefix=%{_prefix} \

-	--enable-shared \

-	--disable-silent-rules

+    --prefix=%{_prefix} \

+    --enable-shared \

+    --disable-silent-rules

 make %{?_smp_mflags} tooldir=%{_prefix}

 %install

 pushd ../binutils-build

@@ -43,8 +45,8 @@ popd

 %check

 cd ../binutils-build

 make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

-%post	-p /sbin/ldconfig

-%postun	-p /sbin/ldconfig

+%post   -p /sbin/ldconfig

+%postun -p /sbin/ldconfig

 %files -f %{name}.lang

 %defattr(-,root,root)

 %{_bindir}/gprof

@@ -168,13 +170,15 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_libdir}/libopcodes.so

 %changelog

-*	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25.1-2

--	GA - Bump release of all rpms

+*   Tue Apr 04 2017 Anish Swaminathan <anishs@vmware.com> 2.25.1-3

+-   Apply patch for CVE-2014-9939

+*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25.1-2

+-   GA - Bump release of all rpms

 *   Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 2.25.1-1

 -   Updated to version 2.25.1

-*	Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 2.25-2

--	Handled locale files with macro find_lang

-*	Mon Apr 6 2015 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25-1

--	Updated to 2.25

-*	Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.24-1

--	Initial build. First version

+*   Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 2.25-2

+-   Handled locale files with macro find_lang

+*   Mon Apr 6 2015 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25-1

+-   Updated to 2.25

+*   Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.24-1

+-   Initial build. First version