Change-Id: If132a31db5ec20b76749e6dad86b9551a1e794b0
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4706
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Divya Thaluru <dthaluru@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,50 +0,0 @@ |
1 |
-From 56933f9e3e90eebf1018ed7417d6c1184b91db6b Mon Sep 17 00:00:00 2001 |
|
2 |
-From: "H.J. Lu" <hjl.tools@gmail.com> |
|
3 |
-Date: Fri, 22 Sep 2017 14:15:40 -0700 |
|
4 |
-Subject: [PATCH 1/1] x86: Guard against corrupted PLT |
|
5 |
- |
|
6 |
-There should be only one entry in PLT for a given symbol. Set howto to |
|
7 |
-NULL after processing a PLT entry to guard against corrupted PLT so that |
|
8 |
-the duplicated PLT entries are skipped. |
|
9 |
- |
|
10 |
- PR binutils/22170 |
|
11 |
- * elf32-i386.c (elf_i386_get_synthetic_symtab): Guard against |
|
12 |
- corrupted PLT. |
|
13 |
- * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. |
|
14 |
- |
|
15 |
-(cherry picked from commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360) |
|
16 |
- bfd/elf32-i386.c | 4 ++++ |
|
17 |
- bfd/elf64-x86-64.c | 4 ++++ |
|
18 |
- 2 files changed, 8 insertions(+) |
|
19 |
- |
|
20 |
-diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c |
|
21 |
-index 9dc2d25..ba50c93 100644 |
|
22 |
-+++ b/bfd/elf32-i386.c |
|
23 |
-@@ -6616,6 +6616,10 @@ bad_return: |
|
24 |
- size += sizeof ("+0x") - 1 + 8; |
|
25 |
- n++; |
|
26 |
- s++; |
|
27 |
-+ /* There should be only one entry in PLT for a given |
|
28 |
-+ symbol. Set howto to NULL after processing a PLT |
|
29 |
-+ entry to guard against corrupted PLT. */ |
|
30 |
-+ p->howto = NULL; |
|
31 |
- } |
|
32 |
- offset += plt_entry_size; |
|
33 |
- } |
|
34 |
-diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c |
|
35 |
-index 558db98..d9225ad 100644 |
|
36 |
-+++ b/bfd/elf64-x86-64.c |
|
37 |
-@@ -6970,6 +6970,10 @@ bad_return: |
|
38 |
- size += sizeof ("+0x") - 1 + 8 + 8 * ABI_64_P (abfd); |
|
39 |
- n++; |
|
40 |
- s++; |
|
41 |
-+ /* There should be only one entry in PLT for a given |
|
42 |
-+ symbol. Set howto to NULL after processing a PLT |
|
43 |
-+ entry to guard against corrupted PLT. */ |
|
44 |
-+ p->howto = NULL; |
|
45 |
- } |
|
46 |
- offset += plt_entry_size; |
|
47 |
- } |
48 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,139 +0,0 @@ |
1 |
-From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Alan Modra <amodra@gmail.com> |
|
3 |
-Date: Mon, 25 Sep 2017 20:20:38 +0930 |
|
4 |
-Subject: [PATCH] PR22202, buffer overflow in parse_die |
|
5 |
- |
|
6 |
-There was a complete lack of sanity checking in dwarf1.c |
|
7 |
- |
|
8 |
- PR 22202 |
|
9 |
- * dwarf1.c (parse_die): Sanity check pointer against section limit |
|
10 |
- before dereferencing. |
|
11 |
- (parse_line_table): Likewise. |
|
12 |
- bfd/dwarf1.c | 56 ++++++++++++++++++++++++++++++++++++++------------------ |
|
13 |
- 1 file changed, 38 insertions(+), 18 deletions(-) |
|
14 |
- |
|
15 |
-diff --git a/bfd/dwarf1.c b/bfd/dwarf1.c |
|
16 |
-index 37d0e82..2d641a7 100644 |
|
17 |
-+++ b/bfd/dwarf1.c |
|
18 |
-@@ -189,11 +189,14 @@ parse_die (bfd * abfd, |
|
19 |
- memset (aDieInfo, 0, sizeof (* aDieInfo)); |
|
20 |
- |
|
21 |
- /* First comes the length. */ |
|
22 |
-- aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
23 |
-+ if (xptr + 4 > aDiePtrEnd) |
|
24 |
-+ return FALSE; |
|
25 |
-+ aDieInfo->length = bfd_get_32 (abfd, xptr); |
|
26 |
- xptr += 4; |
|
27 |
- if (aDieInfo->length == 0 |
|
28 |
-- || (this_die + aDieInfo->length) >= aDiePtrEnd) |
|
29 |
-+ || this_die + aDieInfo->length > aDiePtrEnd) |
|
30 |
- return FALSE; |
|
31 |
-+ aDiePtrEnd = this_die + aDieInfo->length; |
|
32 |
- if (aDieInfo->length < 6) |
|
33 |
- { |
|
34 |
- /* Just padding bytes. */ |
|
35 |
-@@ -202,18 +205,20 @@ parse_die (bfd * abfd, |
|
36 |
- } |
|
37 |
- |
|
38 |
- /* Then the tag. */ |
|
39 |
-- aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr); |
|
40 |
-+ if (xptr + 2 > aDiePtrEnd) |
|
41 |
-+ return FALSE; |
|
42 |
-+ aDieInfo->tag = bfd_get_16 (abfd, xptr); |
|
43 |
- xptr += 2; |
|
44 |
- |
|
45 |
- /* Then the attributes. */ |
|
46 |
-- while (xptr < (this_die + aDieInfo->length)) |
|
47 |
-+ while (xptr + 2 <= aDiePtrEnd) |
|
48 |
- { |
|
49 |
- unsigned short attr; |
|
50 |
- |
|
51 |
- /* Parse the attribute based on its form. This section |
|
52 |
- must handle all dwarf1 forms, but need only handle the |
|
53 |
- actual attributes that we care about. */ |
|
54 |
-- attr = bfd_get_16 (abfd, (bfd_byte *) xptr); |
|
55 |
-+ attr = bfd_get_16 (abfd, xptr); |
|
56 |
- xptr += 2; |
|
57 |
- |
|
58 |
- switch (FORM_FROM_ATTR (attr)) |
|
59 |
-@@ -223,12 +228,15 @@ parse_die (bfd * abfd, |
|
60 |
- break; |
|
61 |
- case FORM_DATA4: |
|
62 |
- case FORM_REF: |
|
63 |
-- if (attr == AT_sibling) |
|
64 |
-- aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
65 |
-- else if (attr == AT_stmt_list) |
|
66 |
-+ if (xptr + 4 <= aDiePtrEnd) |
|
67 |
- { |
|
68 |
-- aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
69 |
-- aDieInfo->has_stmt_list = 1; |
|
70 |
-+ if (attr == AT_sibling) |
|
71 |
-+ aDieInfo->sibling = bfd_get_32 (abfd, xptr); |
|
72 |
-+ else if (attr == AT_stmt_list) |
|
73 |
-+ { |
|
74 |
-+ aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); |
|
75 |
-+ aDieInfo->has_stmt_list = 1; |
|
76 |
-+ } |
|
77 |
- } |
|
78 |
- xptr += 4; |
|
79 |
- break; |
|
80 |
-@@ -236,22 +244,29 @@ parse_die (bfd * abfd, |
|
81 |
- xptr += 8; |
|
82 |
- break; |
|
83 |
- case FORM_ADDR: |
|
84 |
-- if (attr == AT_low_pc) |
|
85 |
-- aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
86 |
-- else if (attr == AT_high_pc) |
|
87 |
-- aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
88 |
-+ if (xptr + 4 <= aDiePtrEnd) |
|
89 |
-+ { |
|
90 |
-+ if (attr == AT_low_pc) |
|
91 |
-+ aDieInfo->low_pc = bfd_get_32 (abfd, xptr); |
|
92 |
-+ else if (attr == AT_high_pc) |
|
93 |
-+ aDieInfo->high_pc = bfd_get_32 (abfd, xptr); |
|
94 |
-+ } |
|
95 |
- xptr += 4; |
|
96 |
- break; |
|
97 |
- case FORM_BLOCK2: |
|
98 |
-- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); |
|
99 |
-+ if (xptr + 2 <= aDiePtrEnd) |
|
100 |
-+ xptr += bfd_get_16 (abfd, xptr); |
|
101 |
-+ xptr += 2; |
|
102 |
- break; |
|
103 |
- case FORM_BLOCK4: |
|
104 |
-- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); |
|
105 |
-+ if (xptr + 4 <= aDiePtrEnd) |
|
106 |
-+ xptr += bfd_get_32 (abfd, xptr); |
|
107 |
-+ xptr += 4; |
|
108 |
- break; |
|
109 |
- case FORM_STRING: |
|
110 |
- if (attr == AT_name) |
|
111 |
- aDieInfo->name = (char *) xptr; |
|
112 |
-- xptr += strlen ((char *) xptr) + 1; |
|
113 |
-+ xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; |
|
114 |
- break; |
|
115 |
- } |
|
116 |
- } |
|
117 |
-@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) |
|
118 |
- } |
|
119 |
- |
|
120 |
- xptr = stash->line_section + aUnit->stmt_list_offset; |
|
121 |
-- if (xptr < stash->line_section_end) |
|
122 |
-+ if (xptr + 8 <= stash->line_section_end) |
|
123 |
- { |
|
124 |
- unsigned long eachLine; |
|
125 |
- bfd_byte *tblend; |
|
126 |
-@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) |
|
127 |
- |
|
128 |
- for (eachLine = 0; eachLine < aUnit->line_count; eachLine++) |
|
129 |
- { |
|
130 |
-+ if (xptr + 10 > stash->line_section_end) |
|
131 |
-+ { |
|
132 |
-+ aUnit->line_count = eachLine; |
|
133 |
-+ break; |
|
134 |
-+ } |
|
135 |
- /* A line number. */ |
|
136 |
- aUnit->linenumber_table[eachLine].linenumber |
|
137 |
- = bfd_get_32 (stash->abfd, (bfd_byte *) xptr); |
138 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,30 +0,0 @@ |
1 |
-From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Wed, 1 Nov 2017 15:21:46 +0000 |
|
4 |
-Subject: [PATCH] Prevent illegal memory accesses when attempting to read |
|
5 |
- excessively large COFF line number tables. |
|
6 |
- |
|
7 |
- PR 22376 |
|
8 |
- * coffcode.h (coff_slurp_line_table): Check for an excessively |
|
9 |
- large line number count. |
|
10 |
-diff --git a/bfd/coffcode.h b/bfd/coffcode.h |
|
11 |
-index 21308de..6da0afa 100644 |
|
12 |
-+++ b/bfd/coffcode.h |
|
13 |
-@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asection *asect) |
|
14 |
- |
|
15 |
- BFD_ASSERT (asect->lineno == NULL); |
|
16 |
- |
|
17 |
-+ if (asect->lineno_count > asect->size) |
|
18 |
-+ { |
|
19 |
-+ _bfd_error_handler |
|
20 |
-+ (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), |
|
21 |
-+ abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); |
|
22 |
-+ return FALSE; |
|
23 |
-+ } |
|
24 |
-+ |
|
25 |
- amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); |
|
26 |
- lineno_cache = (alent *) bfd_alloc (abfd, amt); |
|
27 |
- if (lineno_cache == NULL) |
|
28 |
-2.9.3 |
29 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,73 +0,0 @@ |
1 |
-From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Alan Modra <amodra@gmail.com> |
|
3 |
-Date: Tue, 17 Oct 2017 16:43:47 +1030 |
|
4 |
-Subject: [PATCH] PR22306, Invalid free() in slurp_symtab() |
|
5 |
- |
|
6 |
- PR 22306 |
|
7 |
- * aoutx.h (aout_get_external_symbols): Handle stringsize of zero, |
|
8 |
- and error for any other size that doesn't cover the header word. |
|
9 |
-diff --git a/bfd/aoutx.h b/bfd/aoutx.h |
|
10 |
-index 3d38fda..d096ed5 100644 |
|
11 |
-+++ b/bfd/aoutx.h |
|
12 |
-@@ -1351,27 +1351,42 @@ aout_get_external_symbols (bfd *abfd) |
|
13 |
- || bfd_bread ((void *) string_chars, amt, abfd) != amt) |
|
14 |
- return FALSE; |
|
15 |
- stringsize = GET_WORD (abfd, string_chars); |
|
16 |
-+ if (stringsize == 0) |
|
17 |
-+ stringsize = 1; |
|
18 |
-+ else if (stringsize < BYTES_IN_WORD |
|
19 |
-+ || (size_t) stringsize != stringsize) |
|
20 |
-+ { |
|
21 |
-+ bfd_set_error (bfd_error_bad_value); |
|
22 |
-+ return FALSE; |
|
23 |
-+ } |
|
24 |
- |
|
25 |
- #ifdef USE_MMAP |
|
26 |
-- if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, |
|
27 |
-- &obj_aout_string_window (abfd), TRUE)) |
|
28 |
-- return FALSE; |
|
29 |
-- strings = (char *) obj_aout_string_window (abfd).data; |
|
30 |
--#else |
|
31 |
-- strings = (char *) bfd_malloc (stringsize + 1); |
|
32 |
-- if (strings == NULL) |
|
33 |
-- return FALSE; |
|
34 |
-- |
|
35 |
-- /* Skip space for the string count in the buffer for convenience |
|
36 |
-- when using indexes. */ |
|
37 |
-- amt = stringsize - BYTES_IN_WORD; |
|
38 |
-- if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) |
|
39 |
-+ if (stringsize >= BYTES_IN_WORD) |
|
40 |
- { |
|
41 |
-- free (strings); |
|
42 |
-- return FALSE; |
|
43 |
-+ if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, |
|
44 |
-+ &obj_aout_string_window (abfd), TRUE)) |
|
45 |
-+ return FALSE; |
|
46 |
-+ strings = (char *) obj_aout_string_window (abfd).data; |
|
47 |
- } |
|
48 |
-+ else |
|
49 |
- #endif |
|
50 |
-+ { |
|
51 |
-+ strings = (char *) bfd_malloc (stringsize); |
|
52 |
-+ if (strings == NULL) |
|
53 |
-+ return FALSE; |
|
54 |
- |
|
55 |
-+ if (stringsize >= BYTES_IN_WORD) |
|
56 |
-+ { |
|
57 |
-+ /* Keep the string count in the buffer for convenience |
|
58 |
-+ when indexing with e_strx. */ |
|
59 |
-+ amt = stringsize - BYTES_IN_WORD; |
|
60 |
-+ if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) |
|
61 |
-+ { |
|
62 |
-+ free (strings); |
|
63 |
-+ return FALSE; |
|
64 |
-+ } |
|
65 |
-+ } |
|
66 |
-+ } |
|
67 |
- /* Ensure that a zero index yields an empty string. */ |
|
68 |
- strings[0] = '\0'; |
|
69 |
- |
|
70 |
-2.9.3 |
|
71 |
- |
72 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,182 +0,0 @@ |
1 |
-diff -rup binutils-2.29.1/binutils/dwarf.c binutils-2.29.1-new/binutils/dwarf.c |
|
2 |
-+++ binutils-2.29.1-new/binutils/dwarf.c 2017-12-05 16:42:59.548836797 -0800 |
|
3 |
-@@ -6225,7 +6225,7 @@ typedef struct Frame_Chunk |
|
4 |
- int data_factor; |
|
5 |
- dwarf_vma pc_begin; |
|
6 |
- dwarf_vma pc_range; |
|
7 |
-- int cfa_reg; |
|
8 |
-+ unsigned int cfa_reg; |
|
9 |
- dwarf_vma cfa_offset; |
|
10 |
- unsigned int ra; |
|
11 |
- unsigned char fde_encoding; |
|
12 |
-@@ -6568,13 +6568,13 @@ frame_display_row (Frame_Chunk *fc, int |
|
13 |
- static unsigned char * |
|
14 |
- read_cie (unsigned char *start, unsigned char *end, |
|
15 |
- Frame_Chunk **p_cie, int *p_version, |
|
16 |
-- unsigned long *p_aug_len, unsigned char **p_aug) |
|
17 |
-+ bfd_size_type *p_aug_len, unsigned char **p_aug) |
|
18 |
- { |
|
19 |
- int version; |
|
20 |
- Frame_Chunk *fc; |
|
21 |
- unsigned int length_return; |
|
22 |
- unsigned char *augmentation_data = NULL; |
|
23 |
-- unsigned long augmentation_data_len = 0; |
|
24 |
-+ bfd_size_type augmentation_data_len = 0; |
|
25 |
- |
|
26 |
- * p_cie = NULL; |
|
27 |
- /* PR 17512: file: 001-228113-0.004. */ |
|
28 |
-@@ -6643,14 +6643,15 @@ read_cie (unsigned char *start, unsigned |
|
29 |
- { |
|
30 |
- READ_ULEB (augmentation_data_len); |
|
31 |
- augmentation_data = start; |
|
32 |
-- start += augmentation_data_len; |
|
33 |
- /* PR 17512: file: 11042-2589-0.004. */ |
|
34 |
-- if (start > end) |
|
35 |
-+ if (augmentation_data_len > (bfd_size_type) (end - start)) |
|
36 |
- { |
|
37 |
-- warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"), |
|
38 |
-- augmentation_data_len, (long)((end - start) + augmentation_data_len)); |
|
39 |
-+ warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"), |
|
40 |
-+ dwarf_vmatoa ("x", augmentation_data_len), |
|
41 |
-+ (unsigned long) (end - start)); |
|
42 |
- return end; |
|
43 |
- } |
|
44 |
-+ start += augmentation_data_len; |
|
45 |
- } |
|
46 |
- |
|
47 |
- if (augmentation_data_len) |
|
48 |
-@@ -6663,14 +6664,7 @@ read_cie (unsigned char *start, unsigned |
|
49 |
- q = augmentation_data; |
|
50 |
- qend = q + augmentation_data_len; |
|
51 |
- |
|
52 |
-- /* PR 17531: file: 015adfaa. */ |
|
53 |
-- if (qend < q) |
|
54 |
-- { |
|
55 |
-- warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len); |
|
56 |
-- augmentation_data_len = 0; |
|
57 |
-- } |
|
58 |
-- |
|
59 |
-- while (p < end && q < augmentation_data + augmentation_data_len) |
|
60 |
-+ while (p < end && q < qend) |
|
61 |
- { |
|
62 |
- if (*p == 'L') |
|
63 |
- q++; |
|
64 |
-@@ -6699,6 +6693,31 @@ read_cie (unsigned char *start, unsigned |
|
65 |
- return start; |
|
66 |
- } |
|
67 |
- |
|
68 |
-+/* Prints out the contents on the augmentation data array. |
|
69 |
-+ If do_wide is not enabled, then formats the output to fit into 80 columns. */ |
|
70 |
-+ |
|
71 |
-+static void |
|
72 |
-+display_augmentation_data (const unsigned char * data, const bfd_size_type len) |
|
73 |
-+{ |
|
74 |
-+ bfd_size_type i; |
|
75 |
-+ |
|
76 |
-+ i = printf (_(" Augmentation data: ")); |
|
77 |
-+ |
|
78 |
-+ if (do_wide || len < ((80 - i) / 3)) |
|
79 |
-+ for (i = 0; i < len; ++i) |
|
80 |
-+ printf (" %02x", data[i]); |
|
81 |
-+ else |
|
82 |
-+ { |
|
83 |
-+ for (i = 0; i < len; ++i) |
|
84 |
-+ { |
|
85 |
-+ if (i % (80 / 3) == 0) |
|
86 |
-+ putchar ('\n'); |
|
87 |
-+ printf (" %02x", data[i]); |
|
88 |
-+ } |
|
89 |
-+ } |
|
90 |
-+ putchar ('\n'); |
|
91 |
-+} |
|
92 |
-+ |
|
93 |
- static int |
|
94 |
- display_debug_frames (struct dwarf_section *section, |
|
95 |
- void *file ATTRIBUTE_UNUSED) |
|
96 |
-@@ -6727,7 +6746,7 @@ display_debug_frames (struct dwarf_secti |
|
97 |
- Frame_Chunk *cie; |
|
98 |
- int need_col_headers = 1; |
|
99 |
- unsigned char *augmentation_data = NULL; |
|
100 |
-- unsigned long augmentation_data_len = 0; |
|
101 |
-+ bfd_size_type augmentation_data_len = 0; |
|
102 |
- unsigned int encoded_ptr_size = saved_eh_addr_size; |
|
103 |
- unsigned int offset_size; |
|
104 |
- unsigned int initial_length_size; |
|
105 |
-@@ -6821,16 +6840,8 @@ display_debug_frames (struct dwarf_secti |
|
106 |
- printf (" Return address column: %d\n", fc->ra); |
|
107 |
- |
|
108 |
- if (augmentation_data_len) |
|
109 |
-- { |
|
110 |
-- unsigned long i; |
|
111 |
-+ display_augmentation_data (augmentation_data, augmentation_data_len); |
|
112 |
- |
|
113 |
-- printf (" Augmentation data: "); |
|
114 |
-- for (i = 0; i < augmentation_data_len; ++i) |
|
115 |
-- /* FIXME: If do_wide is FALSE, then we should |
|
116 |
-- add carriage returns at 80 columns... */ |
|
117 |
-- printf (" %02x", augmentation_data[i]); |
|
118 |
-- putchar ('\n'); |
|
119 |
-- } |
|
120 |
- putchar ('\n'); |
|
121 |
- } |
|
122 |
- } |
|
123 |
-@@ -6986,11 +6997,13 @@ display_debug_frames (struct dwarf_secti |
|
124 |
- READ_ULEB (augmentation_data_len); |
|
125 |
- augmentation_data = start; |
|
126 |
- start += augmentation_data_len; |
|
127 |
-- /* PR 17512: file: 722-8446-0.004. */ |
|
128 |
-- if (start >= end || ((signed long) augmentation_data_len) < 0) |
|
129 |
-+ /* PR 17512 file: 722-8446-0.004 and PR 22386. */ |
|
130 |
-+ if (start >= end |
|
131 |
-+ || ((bfd_signed_vma) augmentation_data_len) < 0 |
|
132 |
-+ || augmentation_data > start) |
|
133 |
- { |
|
134 |
-- warn (_("Corrupt augmentation data length: %lx\n"), |
|
135 |
-- augmentation_data_len); |
|
136 |
-+ warn (_("Corrupt augmentation data length: 0x%s\n"), |
|
137 |
-+ dwarf_vmatoa ("x", augmentation_data_len)); |
|
138 |
- start = end; |
|
139 |
- augmentation_data = NULL; |
|
140 |
- augmentation_data_len = 0; |
|
141 |
-@@ -7012,12 +7025,7 @@ display_debug_frames (struct dwarf_secti |
|
142 |
- |
|
143 |
- if (! do_debug_frames_interp && augmentation_data_len) |
|
144 |
- { |
|
145 |
-- unsigned long i; |
|
146 |
-- |
|
147 |
-- printf (" Augmentation data: "); |
|
148 |
-- for (i = 0; i < augmentation_data_len; ++i) |
|
149 |
-- printf (" %02x", augmentation_data[i]); |
|
150 |
-- putchar ('\n'); |
|
151 |
-+ display_augmentation_data (augmentation_data, augmentation_data_len); |
|
152 |
- putchar ('\n'); |
|
153 |
- } |
|
154 |
- } |
|
155 |
-@@ -7449,7 +7457,7 @@ display_debug_frames (struct dwarf_secti |
|
156 |
- break; |
|
157 |
- |
|
158 |
- case DW_CFA_def_cfa: |
|
159 |
-- READ_SLEB (fc->cfa_reg); |
|
160 |
-+ READ_ULEB (fc->cfa_reg); |
|
161 |
- READ_ULEB (fc->cfa_offset); |
|
162 |
- fc->cfa_exp = 0; |
|
163 |
- if (! do_debug_frames_interp) |
|
164 |
-@@ -7458,7 +7466,7 @@ display_debug_frames (struct dwarf_secti |
|
165 |
- break; |
|
166 |
- |
|
167 |
- case DW_CFA_def_cfa_register: |
|
168 |
-- READ_SLEB (fc->cfa_reg); |
|
169 |
-+ READ_ULEB (fc->cfa_reg); |
|
170 |
- fc->cfa_exp = 0; |
|
171 |
- if (! do_debug_frames_interp) |
|
172 |
- printf (" DW_CFA_def_cfa_register: %s\n", |
|
173 |
-@@ -7577,7 +7585,7 @@ display_debug_frames (struct dwarf_secti |
|
174 |
- break; |
|
175 |
- |
|
176 |
- case DW_CFA_def_cfa_sf: |
|
177 |
-- READ_SLEB (fc->cfa_reg); |
|
178 |
-+ READ_ULEB (fc->cfa_reg); |
|
179 |
- READ_ULEB (fc->cfa_offset); |
|
180 |
- fc->cfa_offset = fc->cfa_offset * fc->data_factor; |
|
181 |
- fc->cfa_exp = 0; |
182 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,59 +0,0 @@ |
1 |
-From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Alan Modra <amodra@gmail.com> |
|
3 |
-Date: Tue, 17 Oct 2017 21:57:29 +1030 |
|
4 |
-Subject: [PATCH] PR22307, Heap out of bounds read in |
|
5 |
- _bfd_elf_parse_gnu_properties |
|
6 |
- |
|
7 |
-When adding an unbounded increment to a pointer, you can't just check |
|
8 |
-against the end of the buffer but also must check that overflow |
|
9 |
-doesn't result in "negative" pointer movement. Pointer comparisons |
|
10 |
-are signed. Better, check the increment against the space left using |
|
11 |
-an unsigned comparison. |
|
12 |
- |
|
13 |
- PR 22307 |
|
14 |
- * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz |
|
15 |
- against size left rather than comparing pointers. Reorganise loop. |
|
16 |
-diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c |
|
17 |
-index f367aa6..bfb106e 100644 |
|
18 |
-+++ b/bfd/elf-properties.c |
|
19 |
-@@ -93,15 +93,20 @@ bad_size: |
|
20 |
- return FALSE; |
|
21 |
- } |
|
22 |
- |
|
23 |
-- while (1) |
|
24 |
-+ while (ptr != ptr_end) |
|
25 |
- { |
|
26 |
-- unsigned int type = bfd_h_get_32 (abfd, ptr); |
|
27 |
-- unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4); |
|
28 |
-+ unsigned int type; |
|
29 |
-+ unsigned int datasz; |
|
30 |
- elf_property *prop; |
|
31 |
- |
|
32 |
-+ if ((size_t) (ptr_end - ptr) < 8) |
|
33 |
-+ goto bad_size; |
|
34 |
-+ |
|
35 |
-+ type = bfd_h_get_32 (abfd, ptr); |
|
36 |
-+ datasz = bfd_h_get_32 (abfd, ptr + 4); |
|
37 |
- ptr += 8; |
|
38 |
- |
|
39 |
-- if ((ptr + datasz) > ptr_end) |
|
40 |
-+ if (datasz > (size_t) (ptr_end - ptr)) |
|
41 |
- { |
|
42 |
- _bfd_error_handler |
|
43 |
- (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"), |
|
44 |
-@@ -183,11 +188,6 @@ bad_size: |
|
45 |
- |
|
46 |
- next: |
|
47 |
- ptr += (datasz + (align_size - 1)) & ~ (align_size - 1); |
|
48 |
-- if (ptr == ptr_end) |
|
49 |
-- break; |
|
50 |
-- |
|
51 |
-- if (ptr > (ptr_end - 8)) |
|
52 |
-- goto bad_size; |
|
53 |
- } |
|
54 |
- |
|
55 |
- return TRUE; |
|
56 |
-2.9.3 |
|
57 |
- |
58 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,69 +0,0 @@ |
1 |
-From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Mingi Cho <mgcho.minic@gmail.com> |
|
3 |
-Date: Thu, 2 Nov 2017 17:01:08 +0000 |
|
4 |
-Subject: [PATCH] Work around integer overflows when readelf is checking for |
|
5 |
- corrupt ELF notes when run on a 32-bit host. |
|
6 |
- |
|
7 |
- PR 22384 |
|
8 |
- * readelf.c (print_gnu_property_note): Improve overflow checks so |
|
9 |
- that they will work on a 32-bit host. |
|
10 |
-diff --git a/binutils/readelf.c b/binutils/readelf.c |
|
11 |
-index 9af5d42..cfd37eb 100644 |
|
12 |
-+++ b/binutils/readelf.c |
|
13 |
-@@ -16519,15 +16519,24 @@ print_gnu_property_note (Elf_Internal_Note * pnote) |
|
14 |
- return; |
|
15 |
- } |
|
16 |
- |
|
17 |
-- while (1) |
|
18 |
-+ while (ptr < ptr_end) |
|
19 |
- { |
|
20 |
- unsigned int j; |
|
21 |
-- unsigned int type = byte_get (ptr, 4); |
|
22 |
-- unsigned int datasz = byte_get (ptr + 4, 4); |
|
23 |
-+ unsigned int type; |
|
24 |
-+ unsigned int datasz; |
|
25 |
-+ |
|
26 |
-+ if ((size_t) (ptr_end - ptr) < 8) |
|
27 |
-+ { |
|
28 |
-+ printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); |
|
29 |
-+ break; |
|
30 |
-+ } |
|
31 |
-+ |
|
32 |
-+ type = byte_get (ptr, 4); |
|
33 |
-+ datasz = byte_get (ptr + 4, 4); |
|
34 |
- |
|
35 |
- ptr += 8; |
|
36 |
- |
|
37 |
-- if ((ptr + datasz) > ptr_end) |
|
38 |
-+ if (datasz > (size_t) (ptr_end - ptr)) |
|
39 |
- { |
|
40 |
- printf (_("<corrupt type (%#x) datasz: %#x>\n"), |
|
41 |
- type, datasz); |
|
42 |
-@@ -16608,19 +16617,11 @@ next: |
|
43 |
- ptr += ((datasz + (size - 1)) & ~ (size - 1)); |
|
44 |
- if (ptr == ptr_end) |
|
45 |
- break; |
|
46 |
-- else |
|
47 |
-- { |
|
48 |
-- if (do_wide) |
|
49 |
-- printf (", "); |
|
50 |
-- else |
|
51 |
-- printf ("\n\t"); |
|
52 |
-- } |
|
53 |
- |
|
54 |
-- if (ptr > (ptr_end - 8)) |
|
55 |
-- { |
|
56 |
-- printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); |
|
57 |
-- break; |
|
58 |
-- } |
|
59 |
-+ if (do_wide) |
|
60 |
-+ printf (", "); |
|
61 |
-+ else |
|
62 |
-+ printf ("\n\t"); |
|
63 |
- } |
|
64 |
- |
|
65 |
- printf ("\n"); |
|
66 |
-2.9.3 |
|
67 |
- |
68 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,39 +0,0 @@ |
1 |
-diff -rup binutils-2.29.1/bfd/coffgen.c binutils-2.29.1-new/bfd/coffgen.c |
|
2 |
-+++ binutils-2.29.1-new/bfd/coffgen.c 2017-12-05 17:03:17.232545359 -0800 |
|
3 |
-@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf |
|
4 |
- size = obj_raw_syment_count (abfd) * symesz; |
|
5 |
- if (size == 0) |
|
6 |
- return TRUE; |
|
7 |
-+ /* Check for integer overflow and for unreasonable symbol counts. */ |
|
8 |
-+ if (size < obj_raw_syment_count (abfd) |
|
9 |
-+ || (bfd_get_file_size (abfd) > 0 |
|
10 |
-+ && size > bfd_get_file_size (abfd))) |
|
11 |
-+ |
|
12 |
-+ { |
|
13 |
-+ _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"), |
|
14 |
-+ abfd, obj_raw_syment_count (abfd)); |
|
15 |
-+ return FALSE; |
|
16 |
-+ } |
|
17 |
- |
|
18 |
- syms = bfd_malloc (size); |
|
19 |
- if (syms == NULL) |
|
20 |
- { |
|
21 |
- /* PR 21013: Provide an error message when the alloc fails. */ |
|
22 |
-- _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"), |
|
23 |
-- abfd, size); |
|
24 |
-+ _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"), |
|
25 |
-+ abfd, obj_raw_syment_count (abfd), symesz); |
|
26 |
- return FALSE; |
|
27 |
- } |
|
28 |
- |
|
29 |
-@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd) |
|
30 |
- return NULL; |
|
31 |
- |
|
32 |
- size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type); |
|
33 |
-+ /* Check for integer overflow. */ |
|
34 |
-+ if (size < obj_raw_syment_count (abfd)) |
|
35 |
-+ return NULL; |
|
36 |
- internal = (combined_entry_type *) bfd_zalloc (abfd, size); |
|
37 |
- if (internal == NULL && size != 0) |
|
38 |
- return NULL; |
39 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,39 +0,0 @@ |
1 |
-From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Tue, 31 Oct 2017 14:29:40 +0000 |
|
4 |
-Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary |
|
5 |
- with a corrupt data dictionary. |
|
6 |
- |
|
7 |
- PR 22373 |
|
8 |
- * peicode.h (pe_bfd_read_buildid): Check for invalid size and data |
|
9 |
- offset values. |
|
10 |
-diff --git a/bfd/peicode.h b/bfd/peicode.h |
|
11 |
-index 2dffb12..f3b759c 100644 |
|
12 |
-+++ b/bfd/peicode.h |
|
13 |
-@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd) |
|
14 |
- bfd_byte *data = 0; |
|
15 |
- bfd_size_type dataoff; |
|
16 |
- unsigned int i; |
|
17 |
-- |
|
18 |
- bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress; |
|
19 |
- bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size; |
|
20 |
- |
|
21 |
-@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd) |
|
22 |
- |
|
23 |
- dataoff = addr - section->vma; |
|
24 |
- |
|
25 |
-- /* PR 20605: Make sure that the data is really there. */ |
|
26 |
-- if (dataoff + size > section->size) |
|
27 |
-+ /* PR 20605 and 22373: Make sure that the data is really there. |
|
28 |
-+ Note - since we are dealing with unsigned quantities we have |
|
29 |
-+ to be careful to check for potential overflows. */ |
|
30 |
-+ if (dataoff > section->size |
|
31 |
-+ || size > section->size |
|
32 |
-+ || dataoff + size > section->size) |
|
33 |
- { |
|
34 |
- _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), |
|
35 |
- abfd); |
|
36 |
-2.9.3 |
|
37 |
- |
38 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,337 +0,0 @@ |
1 |
-From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Tue, 28 Nov 2017 13:20:31 +0000 |
|
4 |
-Subject: [PATCH] Fix a memory access violation when attempting to parse a |
|
5 |
- corrupt COFF binary with a relocation that points beyond the end of the |
|
6 |
- section to be relocated. |
|
7 |
- |
|
8 |
- PR 22506 |
|
9 |
- * reloc.c (reloc_offset_in_range): Rename to |
|
10 |
- bfd_reloc_offset_in_range and export. |
|
11 |
- (bfd_perform_relocation): Rename function invocation. |
|
12 |
- (bfd_install_relocation): Likewise. |
|
13 |
- (bfd_final_link_relocate): Likewise. |
|
14 |
- * bfd-in2.h: Regenerate. |
|
15 |
- * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range. |
|
16 |
- * coff-i386.c (coff_i386_reloc): Likewise. |
|
17 |
- * coff-i860.c (coff_i860_reloc): Likewise. |
|
18 |
- * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise. |
|
19 |
- * coff-m88k.c (m88k_special_reloc): Likewise. |
|
20 |
- * coff-mips.c (mips_reflo_reloc): Likewise. |
|
21 |
- * coff-x86_64.c (coff_amd64_reloc): Likewise. |
|
22 |
- bfd/bfd-in2.h | 6 +++++ |
|
23 |
- bfd/coff-arm.c | 65 ++++++++++++++++++++++++++++++------------------------- |
|
24 |
- bfd/coff-i386.c | 5 +++++ |
|
25 |
- bfd/coff-i860.c | 5 +++++ |
|
26 |
- bfd/coff-m68k.c | 5 +++++ |
|
27 |
- bfd/coff-m88k.c | 9 +++++++- |
|
28 |
- bfd/coff-mips.c | 6 +++++ |
|
29 |
- bfd/coff-x86_64.c | 16 +++++--------- |
|
30 |
- bfd/reloc.c | 40 +++++++++++++++++++++++++++++----- |
|
31 |
- |
|
32 |
-diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h |
|
33 |
-index 1b483bd..db1c480 100644 |
|
34 |
-+++ b/bfd/bfd-in2.h |
|
35 |
-@@ -2662,6 +2662,12 @@ bfd_reloc_status_type bfd_check_overflow |
|
36 |
- unsigned int addrsize, |
|
37 |
- bfd_vma relocation); |
|
38 |
- |
|
39 |
-+bfd_boolean bfd_reloc_offset_in_range |
|
40 |
-+ (reloc_howto_type *howto, |
|
41 |
-+ bfd *abfd, |
|
42 |
-+ asection *section, |
|
43 |
-+ bfd_size_type offset); |
|
44 |
-+ |
|
45 |
- bfd_reloc_status_type bfd_perform_relocation |
|
46 |
- (bfd *abfd, |
|
47 |
- arelent *reloc_entry, |
|
48 |
-diff --git a/bfd/coff-arm.c b/bfd/coff-arm.c |
|
49 |
-index 8a2fe1a..1e66cbc 100644 |
|
50 |
-+++ b/bfd/coff-arm.c |
|
51 |
-@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd, |
|
52 |
- x = ((x & ~howto->dst_mask) \ |
|
53 |
- | (((x & howto->src_mask) + diff) & howto->dst_mask)) |
|
54 |
- |
|
55 |
-- if (diff != 0) |
|
56 |
-- { |
|
57 |
-- reloc_howto_type *howto = reloc_entry->howto; |
|
58 |
-- unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
59 |
-+ if (diff != 0) |
|
60 |
-+ { |
|
61 |
-+ reloc_howto_type *howto = reloc_entry->howto; |
|
62 |
-+ unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
63 |
- |
|
64 |
-- switch (howto->size) |
|
65 |
-- { |
|
66 |
-- case 0: |
|
67 |
-- { |
|
68 |
-- char x = bfd_get_8 (abfd, addr); |
|
69 |
-- DOIT (x); |
|
70 |
-- bfd_put_8 (abfd, x, addr); |
|
71 |
-- } |
|
72 |
-- break; |
|
73 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
74 |
-+ reloc_entry->address |
|
75 |
-+ * bfd_octets_per_byte (abfd))) |
|
76 |
-+ return bfd_reloc_outofrange; |
|
77 |
- |
|
78 |
-- case 1: |
|
79 |
-- { |
|
80 |
-- short x = bfd_get_16 (abfd, addr); |
|
81 |
-- DOIT (x); |
|
82 |
-- bfd_put_16 (abfd, (bfd_vma) x, addr); |
|
83 |
-- } |
|
84 |
-- break; |
|
85 |
-+ switch (howto->size) |
|
86 |
-+ { |
|
87 |
-+ case 0: |
|
88 |
-+ { |
|
89 |
-+ char x = bfd_get_8 (abfd, addr); |
|
90 |
-+ DOIT (x); |
|
91 |
-+ bfd_put_8 (abfd, x, addr); |
|
92 |
-+ } |
|
93 |
-+ break; |
|
94 |
- |
|
95 |
-- case 2: |
|
96 |
-- { |
|
97 |
-- long x = bfd_get_32 (abfd, addr); |
|
98 |
-- DOIT (x); |
|
99 |
-- bfd_put_32 (abfd, (bfd_vma) x, addr); |
|
100 |
-- } |
|
101 |
-- break; |
|
102 |
-+ case 1: |
|
103 |
-+ { |
|
104 |
-+ short x = bfd_get_16 (abfd, addr); |
|
105 |
-+ DOIT (x); |
|
106 |
-+ bfd_put_16 (abfd, (bfd_vma) x, addr); |
|
107 |
-+ } |
|
108 |
-+ break; |
|
109 |
- |
|
110 |
-- default: |
|
111 |
-- abort (); |
|
112 |
-+ case 2: |
|
113 |
-+ { |
|
114 |
-+ long x = bfd_get_32 (abfd, addr); |
|
115 |
-+ DOIT (x); |
|
116 |
-+ bfd_put_32 (abfd, (bfd_vma) x, addr); |
|
117 |
- } |
|
118 |
-- } |
|
119 |
-+ break; |
|
120 |
-+ |
|
121 |
-+ default: |
|
122 |
-+ abort (); |
|
123 |
-+ } |
|
124 |
-+ } |
|
125 |
- |
|
126 |
- /* Now let bfd_perform_relocation finish everything up. */ |
|
127 |
- return bfd_reloc_continue; |
|
128 |
-diff --git a/bfd/coff-i386.c b/bfd/coff-i386.c |
|
129 |
-index b6ef597..91371d8 100644 |
|
130 |
-+++ b/bfd/coff-i386.c |
|
131 |
-@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd, |
|
132 |
- reloc_howto_type *howto = reloc_entry->howto; |
|
133 |
- unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
134 |
- |
|
135 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
136 |
-+ reloc_entry->address |
|
137 |
-+ * bfd_octets_per_byte (abfd))) |
|
138 |
-+ return bfd_reloc_outofrange; |
|
139 |
-+ |
|
140 |
- switch (howto->size) |
|
141 |
- { |
|
142 |
- case 0: |
|
143 |
-diff --git a/bfd/coff-i860.c b/bfd/coff-i860.c |
|
144 |
-index a3c22c6..e2e49f9 100644 |
|
145 |
-+++ b/bfd/coff-i860.c |
|
146 |
-@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd, |
|
147 |
- reloc_howto_type *howto = reloc_entry->howto; |
|
148 |
- unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
149 |
- |
|
150 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
151 |
-+ reloc_entry->address |
|
152 |
-+ * bfd_octets_per_byte (abfd))) |
|
153 |
-+ return bfd_reloc_outofrange; |
|
154 |
-+ |
|
155 |
- switch (howto->size) |
|
156 |
- { |
|
157 |
- case 0: |
|
158 |
-diff --git a/bfd/coff-m68k.c b/bfd/coff-m68k.c |
|
159 |
-index dff6e1d..1730c11 100644 |
|
160 |
-+++ b/bfd/coff-m68k.c |
|
161 |
-@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd *abfd, |
|
162 |
- reloc_howto_type *howto = reloc_entry->howto; |
|
163 |
- unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
164 |
- |
|
165 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
166 |
-+ reloc_entry->address |
|
167 |
-+ * bfd_octets_per_byte (abfd))) |
|
168 |
-+ return bfd_reloc_outofrange; |
|
169 |
-+ |
|
170 |
- switch (howto->size) |
|
171 |
- { |
|
172 |
- case 0: |
|
173 |
-diff --git a/bfd/coff-m88k.c b/bfd/coff-m88k.c |
|
174 |
-index ebe4fd3..6314bd3 100644 |
|
175 |
-+++ b/bfd/coff-m88k.c |
|
176 |
-@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd, |
|
177 |
- { |
|
178 |
- bfd_vma output_base = 0; |
|
179 |
- bfd_vma addr = reloc_entry->address; |
|
180 |
-- bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr); |
|
181 |
-+ bfd_vma x; |
|
182 |
- asection *reloc_target_output_section; |
|
183 |
- long relocation = 0; |
|
184 |
- |
|
185 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
186 |
-+ reloc_entry->address |
|
187 |
-+ * bfd_octets_per_byte (abfd))) |
|
188 |
-+ return bfd_reloc_outofrange; |
|
189 |
-+ |
|
190 |
-+ x = bfd_get_16 (abfd, (bfd_byte *) data + addr); |
|
191 |
-+ |
|
192 |
- /* Work out which section the relocation is targeted at and the |
|
193 |
- initial relocation command value. */ |
|
194 |
- |
|
195 |
-diff --git a/bfd/coff-mips.c b/bfd/coff-mips.c |
|
196 |
-index c3ade62..ac2b934 100644 |
|
197 |
-+++ b/bfd/coff-mips.c |
|
198 |
-@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UNUSED, |
|
199 |
- unsigned long vallo; |
|
200 |
- struct mips_hi *next; |
|
201 |
- |
|
202 |
-+ if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd, |
|
203 |
-+ input_section, |
|
204 |
-+ reloc_entry->address |
|
205 |
-+ * bfd_octets_per_byte (abfd))) |
|
206 |
-+ return bfd_reloc_outofrange; |
|
207 |
-+ |
|
208 |
- /* Do the REFHI relocation. Note that we actually don't |
|
209 |
- need to know anything about the REFLO itself, except |
|
210 |
- where to find the low 16 bits of the addend needed by the |
|
211 |
-diff --git a/bfd/coff-x86_64.c b/bfd/coff-x86_64.c |
|
212 |
-index de22822..4d0bf18 100644 |
|
213 |
-+++ b/bfd/coff-x86_64.c |
|
214 |
-@@ -142,17 +142,11 @@ coff_amd64_reloc (bfd *abfd, |
|
215 |
- { |
|
216 |
- reloc_howto_type *howto = reloc_entry->howto; |
|
217 |
- unsigned char *addr = (unsigned char *) data + reloc_entry->address; |
|
218 |
-- |
|
219 |
-- /* FIXME: We do not have an end address for data, so we cannot |
|
220 |
-- accurately range check any addresses computed against it. |
|
221 |
-- cf: PR binutils/17512: file: 1085-1761-0.004. |
|
222 |
-- For now we do the best that we can. */ |
|
223 |
-- if (addr < (unsigned char *) data |
|
224 |
-- || addr > ((unsigned char *) data) + input_section->size) |
|
225 |
-- { |
|
226 |
-- bfd_set_error (bfd_error_bad_value); |
|
227 |
-- return bfd_reloc_notsupported; |
|
228 |
-- } |
|
229 |
-+ |
|
230 |
-+ if (! bfd_reloc_offset_in_range (howto, abfd, input_section, |
|
231 |
-+ reloc_entry->address |
|
232 |
-+ * bfd_octets_per_byte (abfd))) |
|
233 |
-+ return bfd_reloc_outofrange; |
|
234 |
- |
|
235 |
- switch (howto->size) |
|
236 |
- { |
|
237 |
-diff --git a/bfd/reloc.c b/bfd/reloc.c |
|
238 |
-index 7ee7844..0fe93be 100644 |
|
239 |
-+++ b/bfd/reloc.c |
|
240 |
-@@ -540,12 +540,31 @@ bfd_check_overflow (enum complain_overflow how, |
|
241 |
- return flag; |
|
242 |
- } |
|
243 |
- |
|
244 |
-+/* |
|
245 |
-+FUNCTION |
|
246 |
-+ bfd_reloc_offset_in_range |
|
247 |
-+ |
|
248 |
-+SYNOPSIS |
|
249 |
-+ bfd_boolean bfd_reloc_offset_in_range |
|
250 |
-+ (reloc_howto_type *howto, |
|
251 |
-+ bfd *abfd, |
|
252 |
-+ asection *section, |
|
253 |
-+ bfd_size_type offset); |
|
254 |
-+ |
|
255 |
-+DESCRIPTION |
|
256 |
-+ Returns TRUE if the reloc described by @var{HOWTO} can be |
|
257 |
-+ applied at @var{OFFSET} octets in @var{SECTION}. |
|
258 |
-+ |
|
259 |
-+*/ |
|
260 |
-+ |
|
261 |
- /* HOWTO describes a relocation, at offset OCTET. Return whether the |
|
262 |
- relocation field is within SECTION of ABFD. */ |
|
263 |
- |
|
264 |
--static bfd_boolean |
|
265 |
--reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd, |
|
266 |
-- asection *section, bfd_size_type octet) |
|
267 |
-+bfd_boolean |
|
268 |
-+bfd_reloc_offset_in_range (reloc_howto_type *howto, |
|
269 |
-+ bfd *abfd, |
|
270 |
-+ asection *section, |
|
271 |
-+ bfd_size_type octet) |
|
272 |
- { |
|
273 |
- bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section); |
|
274 |
- bfd_size_type reloc_size = bfd_get_reloc_size (howto); |
|
275 |
-@@ -619,6 +638,11 @@ bfd_perform_relocation (bfd *abfd, |
|
276 |
- if (howto && howto->special_function) |
|
277 |
- { |
|
278 |
- bfd_reloc_status_type cont; |
|
279 |
-+ |
|
280 |
-+ /* Note - we do not call bfd_reloc_offset_in_range here as the |
|
281 |
-+ reloc_entry->address field might actually be valid for the |
|
282 |
-+ backend concerned. It is up to the special_function itself |
|
283 |
-+ to call bfd_reloc_offset_in_range if needed. */ |
|
284 |
- cont = howto->special_function (abfd, reloc_entry, symbol, data, |
|
285 |
- input_section, output_bfd, |
|
286 |
- error_message); |
|
287 |
-@@ -639,7 +663,7 @@ bfd_perform_relocation (bfd *abfd, |
|
288 |
- |
|
289 |
- /* Is the address of the relocation really within the section? */ |
|
290 |
- octets = reloc_entry->address * bfd_octets_per_byte (abfd); |
|
291 |
-- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) |
|
292 |
-+ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) |
|
293 |
- return bfd_reloc_outofrange; |
|
294 |
- |
|
295 |
- /* Work out which section the relocation is targeted at and the |
|
296 |
-@@ -1005,6 +1029,10 @@ bfd_install_relocation (bfd *abfd, |
|
297 |
- { |
|
298 |
- bfd_reloc_status_type cont; |
|
299 |
- |
|
300 |
-+ /* Note - we do not call bfd_reloc_offset_in_range here as the |
|
301 |
-+ reloc_entry->address field might actually be valid for the |
|
302 |
-+ backend concerned. It is up to the special_function itself |
|
303 |
-+ to call bfd_reloc_offset_in_range if needed. */ |
|
304 |
- /* XXX - The special_function calls haven't been fixed up to deal |
|
305 |
- with creating new relocations and section contents. */ |
|
306 |
- cont = howto->special_function (abfd, reloc_entry, symbol, |
|
307 |
-@@ -1027,7 +1055,7 @@ bfd_install_relocation (bfd *abfd, |
|
308 |
- |
|
309 |
- /* Is the address of the relocation really within the section? */ |
|
310 |
- octets = reloc_entry->address * bfd_octets_per_byte (abfd); |
|
311 |
-- if (!reloc_offset_in_range (howto, abfd, input_section, octets)) |
|
312 |
-+ if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets)) |
|
313 |
- return bfd_reloc_outofrange; |
|
314 |
- |
|
315 |
- /* Work out which section the relocation is targeted at and the |
|
316 |
-@@ -1365,7 +1393,7 @@ _bfd_final_link_relocate (reloc_howto_type *howto, |
|
317 |
- bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); |
|
318 |
- |
|
319 |
- /* Sanity check the address. */ |
|
320 |
-- if (!reloc_offset_in_range (howto, input_bfd, input_section, octets)) |
|
321 |
-+ if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets)) |
|
322 |
- return bfd_reloc_outofrange; |
|
323 |
- |
|
324 |
- /* This function assumes that we are dealing with a basic relocation |
|
325 |
-2.9.3 |
|
326 |
- |
327 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,38 +0,0 @@ |
1 |
-From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Wed, 29 Nov 2017 12:40:43 +0000 |
|
4 |
-Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of |
|
5 |
- memory when parsing relocs in a corrupt file. |
|
6 |
- |
|
7 |
- PR 22508 |
|
8 |
- * objdump.c (dump_relocs_in_section): Also check the section's |
|
9 |
- relocation count to make sure that it is reasonable before |
|
10 |
- attempting to allocate space for the relocs. |
|
11 |
- binutils/objdump.c | 11 ++++++++++- |
|
12 |
- |
|
13 |
-diff --git a/binutils/objdump.c b/binutils/objdump.c |
|
14 |
-index 40b4acf..e7d91e8 100644 |
|
15 |
-+++ b/binutils/objdump.c |
|
16 |
-@@ -3427,7 +3427,16 @@ dump_relocs_in_section (bfd *abfd, |
|
17 |
- } |
|
18 |
- |
|
19 |
- if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 |
|
20 |
-- && (ufile_ptr) relsize > bfd_get_file_size (abfd)) |
|
21 |
-+ && (((ufile_ptr) relsize > bfd_get_file_size (abfd)) |
|
22 |
-+ /* Also check the section's reloc count since if this is negative |
|
23 |
-+ (or very large) the computation in bfd_get_reloc_upper_bound |
|
24 |
-+ may have resulted in returning a small, positive integer. |
|
25 |
-+ See PR 22508 for a reproducer. |
|
26 |
-+ |
|
27 |
-+ Note - we check against file size rather than section size as |
|
28 |
-+ it is possible for there to be more relocs that apply to a |
|
29 |
-+ section than there are bytes in that section. */ |
|
30 |
-+ || (section->reloc_count > bfd_get_file_size (abfd)))) |
|
31 |
- { |
|
32 |
- printf (" (too many: 0x%x)\n", section->reloc_count); |
|
33 |
- bfd_set_error (bfd_error_file_truncated); |
|
34 |
-2.9.3 |
|
35 |
- |
36 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,28 +0,0 @@ |
1 |
-From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Wed, 29 Nov 2017 17:12:12 +0000 |
|
4 |
-Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a |
|
5 |
- COFF based file. |
|
6 |
- |
|
7 |
- PR 22509 |
|
8 |
- * coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol |
|
9 |
- pointer when processing relocs. |
|
10 |
- bfd/coffcode.h | 2 +- |
|
11 |
- |
|
12 |
-diff --git a/bfd/coffcode.h b/bfd/coffcode.h |
|
13 |
-index 604ba6d..d30cd58 100644 |
|
14 |
-+++ b/bfd/coffcode.h |
|
15 |
-@@ -5335,7 +5335,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ptr asect, asymbol ** symbols) |
|
16 |
- #else |
|
17 |
- cache_ptr->address = dst.r_vaddr; |
|
18 |
- |
|
19 |
-- if (dst.r_symndx != -1) |
|
20 |
-+ if (dst.r_symndx != -1 && symbols != NULL) |
|
21 |
- { |
|
22 |
- if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd)) |
|
23 |
- { |
|
24 |
-2.9.3 |
|
25 |
- |
26 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,37 +0,0 @@ |
1 |
-From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Clifton <nickc@redhat.com> |
|
3 |
-Date: Tue, 28 Nov 2017 18:00:29 +0000 |
|
4 |
-Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in |
|
5 |
- strings from a COFF binary with a corrupt string table size. |
|
6 |
- |
|
7 |
- PR 22507 |
|
8 |
- * coffgen.c (_bfd_coff_read_string_table): Check for an excessive |
|
9 |
- size of the external string table. |
|
10 |
- bfd/coffgen.c | 4 ++-- |
|
11 |
- |
|
12 |
-diff --git a/bfd/coffgen.c b/bfd/coffgen.c |
|
13 |
-index 81efd9b..7798dfc 100644 |
|
14 |
-+++ b/bfd/coffgen.c |
|
15 |
-@@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd) |
|
16 |
- #endif |
|
17 |
- } |
|
18 |
- |
|
19 |
-- if (strsize < STRING_SIZE_SIZE) |
|
20 |
-+ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) |
|
21 |
- { |
|
22 |
- _bfd_error_handler |
|
23 |
- /* xgettext: c-format */ |
|
24 |
-@@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd) |
|
25 |
- bfd_set_error (bfd_error_bad_value); |
|
26 |
- return NULL; |
|
27 |
- } |
|
28 |
-- |
|
29 |
-+ |
|
30 |
- strings = (char *) bfd_malloc (strsize + 1); |
|
31 |
- if (strings == NULL) |
|
32 |
- return NULL; |
|
33 |
-2.9.3 |
|
34 |
- |
35 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,103 +0,0 @@ |
1 |
-From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Alan Modra <amodra@gmail.com> |
|
3 |
-Date: Sat, 18 Nov 2017 23:18:22 +1030 |
|
4 |
-Subject: [PATCH] PR22443, Global buffer overflow in |
|
5 |
- _bfd_elf_get_symbol_version_string |
|
6 |
- |
|
7 |
-Symbols like *ABS* defined in bfd/section.c:global_syms are not |
|
8 |
-elf_symbol_type. They can appear on relocs and perhaps other places |
|
9 |
-in an ELF bfd, so a number of places in nm.c and objdump.c are wrong |
|
10 |
-to cast an asymbol based on the bfd being ELF. I think we lose |
|
11 |
-nothing by excluding all section symbols, not just the global_syms. |
|
12 |
- |
|
13 |
- PR 22443 |
|
14 |
- * nm.c (sort_symbols_by_size): Don't attempt to access |
|
15 |
- section symbol internal_elf_sym. |
|
16 |
- (print_symbol): Likewise. Don't call bfd_get_symbol_version_string |
|
17 |
- for section symbols. |
|
18 |
- * objdump.c (compare_symbols): Don't attempt to access |
|
19 |
- section symbol internal_elf_sym. |
|
20 |
- (objdump_print_symname): Don't call bfd_get_symbol_version_string |
|
21 |
- for section symbols. |
|
22 |
- binutils/nm.c | 17 ++++++++++------- |
|
23 |
- binutils/objdump.c | 6 +++--- |
|
24 |
-diff --git a/binutils/nm.c b/binutils/nm.c |
|
25 |
-index 5b421785..dd49f09 100644 |
|
26 |
-+++ b/binutils/nm.c |
|
27 |
-@@ -763,7 +763,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boolean is_dynamic, void *minisyms, |
|
28 |
- asection *sec; |
|
29 |
- bfd_vma sz; |
|
30 |
- asymbol *temp; |
|
31 |
-- int synthetic = (sym->flags & BSF_SYNTHETIC); |
|
32 |
- |
|
33 |
- if (from + size < fromend) |
|
34 |
- { |
|
35 |
-@@ -780,10 +779,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boolean is_dynamic, void *minisyms, |
|
36 |
- sec = bfd_get_section (sym); |
|
37 |
- |
|
38 |
- /* Synthetic symbols don't have a full type set of data available, thus |
|
39 |
-- we can't rely on that information for the symbol size. */ |
|
40 |
-- if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour) |
|
41 |
-+ we can't rely on that information for the symbol size. Ditto for |
|
42 |
-+ bfd/section.c:global_syms like *ABS*. */ |
|
43 |
-+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 |
|
44 |
-+ && bfd_get_flavour (abfd) == bfd_target_elf_flavour) |
|
45 |
- sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size; |
|
46 |
-- else if (!synthetic && bfd_is_com_section (sec)) |
|
47 |
-+ else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 |
|
48 |
-+ && bfd_is_com_section (sec)) |
|
49 |
- sz = sym->value; |
|
50 |
- else |
|
51 |
- { |
|
52 |
-@@ -872,8 +874,9 @@ print_symbol (bfd * abfd, |
|
53 |
- |
|
54 |
- info.sinfo = &syminfo; |
|
55 |
- info.ssize = ssize; |
|
56 |
-- /* Synthetic symbols do not have a full symbol type set of data available. */ |
|
57 |
-- if ((sym->flags & BSF_SYNTHETIC) != 0) |
|
58 |
-+ /* Synthetic symbols do not have a full symbol type set of data available. |
|
59 |
-+ Nor do bfd/section.c:global_syms like *ABS*. */ |
|
60 |
-+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0) |
|
61 |
- { |
|
62 |
- info.elfinfo = NULL; |
|
63 |
- info.coffinfo = NULL; |
|
64 |
-@@ -891,7 +894,7 @@ print_symbol (bfd * abfd, |
|
65 |
- const char * version_string = NULL; |
|
66 |
- bfd_boolean hidden = FALSE; |
|
67 |
- |
|
68 |
-- if ((sym->flags & BSF_SYNTHETIC) == 0) |
|
69 |
-+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) |
|
70 |
- version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); |
|
71 |
- |
|
72 |
- if (bfd_is_und_section (bfd_get_section (sym))) |
|
73 |
-diff --git a/binutils/objdump.c b/binutils/objdump.c |
|
74 |
-index 1a1e32f..40b4acf 100644 |
|
75 |
-+++ b/binutils/objdump.c |
|
76 |
-@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const void *bp) |
|
77 |
- bfd_vma asz, bsz; |
|
78 |
- |
|
79 |
- asz = 0; |
|
80 |
-- if ((a->flags & BSF_SYNTHETIC) == 0) |
|
81 |
-+ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) |
|
82 |
- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; |
|
83 |
- bsz = 0; |
|
84 |
-- if ((b->flags & BSF_SYNTHETIC) == 0) |
|
85 |
-+ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) |
|
86 |
- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; |
|
87 |
- if (asz != bsz) |
|
88 |
- return asz > bsz ? -1 : 1; |
|
89 |
-@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct disassemble_info *inf, |
|
90 |
- name = alloc; |
|
91 |
- } |
|
92 |
- |
|
93 |
-- if ((sym->flags & BSF_SYNTHETIC) == 0) |
|
94 |
-+ if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) |
|
95 |
- version_string = bfd_get_symbol_version_string (abfd, sym, &hidden); |
|
96 |
- |
|
97 |
- if (bfd_is_und_section (bfd_get_section (sym))) |
|
98 |
-2.9.3 |
|
99 |
- |
... | ... |
@@ -1,66 +1,39 @@ |
1 |
-Summary: Contains a linker, an assembler, and other tools |
|
2 |
-Name: binutils |
|
3 |
-Version: 2.29.1 |
|
4 |
-Release: 5%{?dist} |
|
5 |
-License: GPLv2+ |
|
6 |
-URL: http://www.gnu.org/software/binutils |
|
7 |
-Group: System Environment/Base |
|
8 |
-Vendor: VMware, Inc. |
|
9 |
-Distribution: Photon |
|
10 |
-Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz |
|
11 |
-%define sha1 binutils=172244a349d07ec205c39c0321cbc354c125e78e |
|
12 |
-Patch0: binutils-2.29.1-CVE-2017-14729.patch |
|
13 |
-Patch1: binutils-2.29.1-CVE-2017-15020.patch |
|
14 |
-Patch2: binutils-2.29.1-CVE-2017-16826.patch |
|
15 |
-Patch3: binutils-2.29.1-CVE-2017-16827.patch |
|
16 |
-Patch4: binutils-2.29.1-CVE-2017-16828.patch |
|
17 |
-Patch5: binutils-2.29.1-CVE-2017-16829.patch |
|
18 |
-Patch6: binutils-2.29.1-CVE-2017-16830.patch |
|
19 |
-Patch7: binutils-2.29.1-CVE-2017-16831.patch |
|
20 |
-Patch8: binutils-2.29.1-CVE-2017-16832.patch |
|
21 |
-Patch9: binutils-2.29.1-CVE-2017-17121.patch |
|
22 |
-Patch10: binutils-2.29.1-CVE-2017-17122.patch |
|
23 |
-Patch11: binutils-2.29.1-CVE-2017-17123.patch |
|
24 |
-Patch12: binutils-2.29.1-CVE-2017-17124.patch |
|
25 |
-Patch13: binutils-2.29.1-CVE-2017-17125.patch |
|
1 |
+Summary: Contains a linker, an assembler, and other tools |
|
2 |
+Name: binutils |
|
3 |
+Version: 2.30 |
|
4 |
+Release: 1%{?dist} |
|
5 |
+License: GPLv2+ |
|
6 |
+URL: http://www.gnu.org/software/binutils |
|
7 |
+Group: System Environment/Base |
|
8 |
+Vendor: VMware, Inc. |
|
9 |
+Distribution: Photon |
|
10 |
+Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz |
|
11 |
+%define sha1 binutils=574d3b5650413d6ee65195a4f5ecbddc3a38f718 |
|
12 |
+ |
|
26 | 13 |
%description |
27 | 14 |
The Binutils package contains a linker, an assembler, |
28 | 15 |
and other tools for handling object files. |
29 |
-%package devel |
|
30 |
-Summary: Header and development files for binutils |
|
31 |
-Requires: %{name} = %{version} |
|
32 |
-%description devel |
|
16 |
+%package devel |
|
17 |
+Summary: Header and development files for binutils |
|
18 |
+Requires: %{name} = %{version} |
|
19 |
+%description devel |
|
33 | 20 |
It contains the libraries and header files to create applications |
34 | 21 |
for handling compiled objects. |
35 | 22 |
%prep |
36 | 23 |
%setup -q |
37 |
-%patch0 -p1 |
|
38 |
-%patch1 -p1 |
|
39 |
-%patch2 -p1 |
|
40 |
-%patch3 -p1 |
|
41 |
-%patch4 -p1 |
|
42 |
-%patch5 -p1 |
|
43 |
-%patch6 -p1 |
|
44 |
-%patch7 -p1 |
|
45 |
-%patch8 -p1 |
|
46 |
-%patch9 -p1 |
|
47 |
-%patch10 -p1 |
|
48 |
-%patch11 -p1 |
|
49 |
-%patch12 -p1 |
|
50 |
-%patch13 -p1 |
|
51 | 24 |
|
52 | 25 |
%build |
53 | 26 |
install -vdm 755 ../binutils-build |
54 | 27 |
cd ../binutils-build |
55 | 28 |
../%{name}-%{version}/configure \ |
56 |
- --prefix=%{_prefix} \ |
|
57 |
- --enable-gold \ |
|
58 |
- --enable-ld=default \ |
|
59 |
- --enable-plugins \ |
|
60 |
- --enable-shared \ |
|
61 |
- --disable-werror \ |
|
62 |
- --with-system-zlib \ |
|
63 |
- --disable-silent-rules |
|
29 |
+ --prefix=%{_prefix} \ |
|
30 |
+ --enable-gold \ |
|
31 |
+ --enable-ld=default \ |
|
32 |
+ --enable-plugins \ |
|
33 |
+ --enable-shared \ |
|
34 |
+ --disable-werror \ |
|
35 |
+ --with-system-zlib \ |
|
36 |
+ --disable-silent-rules |
|
64 | 37 |
make %{?_smp_mflags} tooldir=%{_prefix} |
65 | 38 |
%install |
66 | 39 |
pushd ../binutils-build |
... | ... |
@@ -77,8 +50,8 @@ sed -i 's/testsuite/ /g' gold/Makefile |
77 | 77 |
make %{?_smp_mflags} check |
78 | 78 |
|
79 | 79 |
|
80 |
-%post -p /sbin/ldconfig |
|
81 |
-%postun -p /sbin/ldconfig |
|
80 |
+%post -p /sbin/ldconfig |
|
81 |
+%postun -p /sbin/ldconfig |
|
82 | 82 |
%files -f %{name}.lang |
83 | 83 |
%defattr(-,root,root) |
84 | 84 |
%{_bindir}/dwp |
... | ... |
@@ -135,6 +108,8 @@ make %{?_smp_mflags} check |
135 | 135 |
%{_libdir}/libopcodes.so |
136 | 136 |
|
137 | 137 |
%changelog |
138 |
+* Mon Jan 29 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-1 |
|
139 |
+- Update to version 2.30 |
|
138 | 140 |
* Mon Dec 18 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-5 |
139 | 141 |
- Fix CVEs CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, |
140 | 142 |
- CVE-2017-17124, CVE-2017-17125 |