rpms/binutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unretire the CVE 2021-20197 patch.

Browse Source 
Fix merging ppc64le notes (again).  (#1928936)
This commit is contained in:
Nick Clifton 2021-02-22 16:49:04 +00:00
parent e184e98697
commit 0b119dd9d5
3 changed files with 373 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

333
binutils-CVE-2021-20197.patch Normal file
View File

@ -0,0 +1,333 @@
diff -rup binutils.orig/binutils/ar.c binutils-2.36.1/binutils/ar.c
--- binutils.orig/binutils/ar.c 2021-02-19 16:46:54.037875215 +0000
+++ binutils-2.36.1/binutils/ar.c 2021-02-19 16:54:24.412453329 +0000
@@ -25,7 +25,6 @@
#include "sysdep.h"
#include "bfd.h"
-#include "libbfd.h"
#include "libiberty.h"
#include "progress.h"
#include "getopt.h"
@@ -1255,8 +1254,7 @@ write_archive (bfd *iarch)
bfd *contents_head = iarch->archive_next;
int ofd = -1;
- old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
- strcpy (old_name, bfd_get_filename (iarch));
+ old_name = xstrdup (bfd_get_filename (iarch));
new_name = make_tempname (old_name, &ofd);
if (new_name == NULL)
@@ -1308,7 +1306,7 @@ write_archive (bfd *iarch)
/* We don't care if this fails; we might be creating the archive. */
bfd_close (iarch);
- if (smart_rename (new_name, old_name, 0) != 0)
+ if (smart_rename (new_name, old_name, NULL) != 0)
xexit (1);
free (old_name);
free (new_name);
diff -rup binutils.orig/binutils/arsup.c binutils-2.36.1/binutils/arsup.c
--- binutils.orig/binutils/arsup.c 2021-02-19 16:46:54.043875196 +0000
+++ binutils-2.36.1/binutils/arsup.c 2021-02-19 16:53:30.988621989 +0000
@@ -42,6 +42,8 @@ extern int deterministic;
static bfd *obfd;
static char *real_name;
+static char *temp_name;
+static int real_ofd;
static FILE *outfile;
static void
@@ -149,27 +151,24 @@ maybequit (void)
void
ar_open (char *name, int t)
{
- char *tname;
- const char *bname = lbasename (name);
- real_name = name;
-
- /* Prepend tmp- to the beginning, to avoid file-name clashes after
- truncation on filesystems with limited namespaces (DOS). */
- if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1)
+ real_name = xstrdup (name);
+ temp_name = make_tempname (real_name, &real_ofd);
+
+ if (temp_name == NULL)
{
- fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"),
+ fprintf (stderr, _("%s: Can't open temporary file (%s)\n"),
program_name, strerror(errno));
maybequit ();
return;
}
- obfd = bfd_openw (tname, NULL);
+ obfd = bfd_fdopenw (temp_name, NULL, real_ofd);
if (!obfd)
{
fprintf (stderr,
_("%s: Can't open output archive %s\n"),
- program_name, tname);
+ program_name, temp_name);
maybequit ();
}
@@ -344,16 +343,31 @@ ar_save (void)
}
else
{
- char *ofilename = xstrdup (bfd_get_filename (obfd));
+ struct stat target_stat;
if (deterministic > 0)
obfd->flags |= BFD_DETERMINISTIC_OUTPUT;
bfd_close (obfd);
- smart_rename (ofilename, real_name, 0);
- obfd = 0;
- free (ofilename);
+ if (stat (real_name, &target_stat) != 0)
+ {
+ /* The temp file created in ar_open has mode 0600 as per mkstemp.
+ Create the real empty output file here so smart_rename will
+ update the mode according to the process umask. */
+ obfd = bfd_openw (real_name, NULL);
+ if (obfd != NULL)
+ {
+ bfd_set_format (obfd, bfd_archive);
+ bfd_close (obfd);
+ }
+ }
+
+ smart_rename (temp_name, real_name, NULL);
+ obfd = NULL;
+ free (temp_name);
+ free (real_name);
+ temp_name = real_name = NULL;
}
}
diff -rup binutils.orig/binutils/bucomm.c binutils-2.36.1/binutils/bucomm.c
--- binutils.orig/binutils/bucomm.c 2021-02-19 16:46:54.052875168 +0000
+++ binutils-2.36.1/binutils/bucomm.c 2021-02-19 16:56:01.837145730 +0000
@@ -623,6 +623,21 @@ get_file_size (const char * file_name)
else if (statbuf.st_size < 0)
non_fatal (_("Warning: '%s' has negative size, probably it is too large"),
file_name);
+#if defined (_WIN32) && !defined (__CYGWIN__)
+ else if (statbuf.st_size == 0)
+ {
+ /* MS-Windows 'stat' reports the null device as a regular file;
+ fix that. */
+ int fd = open (file_name, O_RDONLY | O_BINARY);
+ if (isatty (fd))
+ {
+ close (fd);
+ non_fatal (_("Warning: '%s' is not an ordinary file"),
+ /* libtool wants to see /dev/null in the output. */
+ strcasecmp (file_name, "nul") ? file_name : "/dev/null");
+ }
+ }
+#endif
else
return statbuf.st_size;
diff -rup binutils.orig/binutils/bucomm.h binutils-2.36.1/binutils/bucomm.h
--- binutils.orig/binutils/bucomm.h 2021-02-19 16:46:54.043875196 +0000
+++ binutils-2.36.1/binutils/bucomm.h 2021-02-19 16:55:22.653269446 +0000
@@ -71,7 +71,7 @@ extern void print_version (const char *)
/* In rename.c. */
extern void set_times (const char *, const struct stat *);
-extern int smart_rename (const char *, const char *, int);
+extern int smart_rename (const char *, const char *, struct stat *);
/* In libiberty. */
void *xmalloc (size_t);
diff -rup binutils.orig/binutils/objcopy.c binutils-2.36.1/binutils/objcopy.c
--- binutils.orig/binutils/objcopy.c 2021-02-19 16:46:54.052875168 +0000
+++ binutils-2.36.1/binutils/objcopy.c 2021-02-19 16:57:30.156866883 +0000
@@ -20,7 +20,6 @@
#include "sysdep.h"
#include "bfd.h"
-#include "libbfd.h"
#include "progress.h"
#include "getopt.h"
#include "libiberty.h"
@@ -2798,8 +2797,7 @@ copy_object (bfd *ibfd, bfd *obfd, const
pe->timestamp = pe_data (ibfd)->coff.timestamp;
}
- if (isympp)
- free (isympp);
+ free (isympp);
if (osympp != isympp)
free (osympp);
@@ -4617,8 +4615,7 @@ mark_symbols_used_in_relocations (bfd *i
(*relpp[i]->sym_ptr_ptr)->flags |= BSF_KEEP;
}
- if (relpp != NULL)
- free (relpp);
+ free (relpp);
}
/* Write out debugging information. */
@@ -4866,12 +4863,10 @@ strip_main (int argc, char *argv[])
output_target, NULL);
if (status == 0)
{
- if (preserve_dates)
- set_times (tmpname, &statbuf);
if (output_file != tmpname)
status = (smart_rename (tmpname,
output_file ? output_file : argv[i],
- preserve_dates) != 0);
+ preserve_dates ? &statbuf : NULL) != 0);
if (status == 0)
status = hold_status;
}
@@ -5936,11 +5931,9 @@ copy_main (int argc, char *argv[])
output_target, input_arch);
if (status == 0)
{
- if (preserve_dates)
- set_times (tmpname, &statbuf);
if (tmpname != output_filename)
status = (smart_rename (tmpname, input_filename,
- preserve_dates) != 0);
+ preserve_dates ? &statbuf : NULL) != 0);
}
else
unlink_if_ordinary (tmpname);
@@ -5987,26 +5980,13 @@ copy_main (int argc, char *argv[])
}
}
- if (strip_specific_buffer)
- free (strip_specific_buffer);
-
- if (strip_unneeded_buffer)
- free (strip_unneeded_buffer);
-
- if (keep_specific_buffer)
- free (keep_specific_buffer);
-
- if (localize_specific_buffer)
- free (localize_specific_buffer);
-
- if (globalize_specific_buffer)
- free (globalize_specific_buffer);
-
- if (keepglobal_specific_buffer)
- free (keepglobal_specific_buffer);
-
- if (weaken_specific_buffer)
- free (weaken_specific_buffer);
+ free (strip_specific_buffer);
+ free (strip_unneeded_buffer);
+ free (keep_specific_buffer);
+ free (localize_specific_buffer);
+ free (globalize_specific_buffer);
+ free (keepglobal_specific_buffer);
+ free (weaken_specific_buffer);
return 0;
}
diff -rup binutils.orig/binutils/rename.c binutils-2.36.1/binutils/rename.c
--- binutils.orig/binutils/rename.c 2021-02-19 16:46:54.052875168 +0000
+++ binutils-2.36.1/binutils/rename.c 2021-02-19 16:58:27.771684984 +0000
@@ -122,26 +122,19 @@ set_times (const char *destination, cons
non_fatal (_("%s: cannot set time: %s"), destination, strerror (errno));
}
-#ifndef S_ISLNK
-#ifdef S_IFLNK
-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
-#else
-#define S_ISLNK(m) 0
-#define lstat stat
-#endif
-#endif
-
-/* Rename FROM to TO, copying if TO is a link.
- Return 0 if ok, -1 if error. */
+/* Rename FROM to TO, copying if TO exists. TARGET_STAT has the file status
+ that, if non-NULL, is used to fix up timestamps after rename. Return 0 if
+ ok, -1 if error. */
int
-smart_rename (const char *from, const char *to, int preserve_dates ATTRIBUTE_UNUSED)
+smart_rename (const char *from, const char *to,
+ struct stat *target_stat ATTRIBUTE_UNUSED)
{
- bfd_boolean exists;
- struct stat s;
int ret = 0;
+ struct stat to_stat;
+ bfd_boolean exists;
- exists = lstat (to, &s) == 0;
+ exists = lstat (to, &to_stat) == 0;
#if defined (_WIN32) && !defined (__CYGWIN32__)
/* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
@@ -158,38 +151,10 @@ smart_rename (const char *from, const ch
unlink (from);
}
#else
- /* Use rename only if TO is not a symbolic link and has
- only one hard link, and we have permission to write to it. */
- if (! exists
- || (!S_ISLNK (s.st_mode)
- && S_ISREG (s.st_mode)
- && (s.st_mode & S_IWUSR)
- && s.st_nlink == 1)
- )
+ /* Avoid a full copy and use rename if TO does not exist. */
+ if (!exists)
{
- ret = rename (from, to);
- if (ret == 0)
- {
- if (exists)
- {
- /* Try to preserve the permission bits and ownership of
- TO. First get the mode right except for the setuid
- bit. Then change the ownership. Then fix the setuid
- bit. We do the chmod before the chown because if the
- chown succeeds, and we are a normal user, we won't be
- able to do the chmod afterward. We don't bother to
- fix the setuid bit first because that might introduce
- a fleeting security problem, and because the chown
- will clear the setuid bit anyhow. We only fix the
- setuid bit if the chown succeeds, because we don't
- want to introduce an unexpected setuid file owned by
- the user running objcopy. */
- chmod (to, s.st_mode & 0777);
- if (chown (to, s.st_uid, s.st_gid) >= 0)
- chmod (to, s.st_mode & 07777);
- }
- }
- else
+ if ((ret = rename (from, to)) != 0)
{
/* We have to clean up here. */
non_fatal (_("unable to rename '%s'; reason: %s"), to, strerror (errno));
@@ -202,8 +167,8 @@ smart_rename (const char *from, const ch
if (ret != 0)
non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
- if (preserve_dates)
- set_times (to, &s);
+ if (target_stat != NULL)
+ set_times (to, target_stat);
unlink (from);
}
#endif /* _WIN32 && !__CYGWIN32__ */

28
binutils-ppc64le-note-merge.patch
View File

@ -12,3 +12,31 @@
if (is_open_note (pnote))
{
if (start)
--- binutils.orig/binutils/objcopy.c 2021-02-22 10:36:15.710374328 +0000
+++ binutils-2.36.1/binutils/objcopy.c 2021-02-22 16:47:11.702344502 +0000
@@ -2246,23 +2246,8 @@ merge_gnu_build_notes (bfd * ab
break;
case 8:
- if (! is_64bit (abfd))
- {
- start = bfd_get_32 (abfd, pnote->note.descdata);
- end = bfd_get_32 (abfd, pnote->note.descdata + 4);
- }
- else
- {
- start = bfd_get_64 (abfd, pnote->note.descdata);
- /* FIXME: For version 1 and 2 notes we should try to
- calculate the end address by finding a symbol whose
- value is START, and then adding in its size.
-
- For now though, since v1 and v2 was not intended to
- handle gaps, we chose an artificially large end
- address. */
- end = (bfd_vma) -1;
- }
+ start = bfd_get_32 (abfd, pnote->note.descdata);
+ end = bfd_get_32 (abfd, pnote->note.descdata + 4);
break;
case 16:

14
binutils.spec
View File

@ -39,7 +39,7 @@
Summary: A GNU collection of binary utilities
Name: binutils%{?name_cross}%{?_with_debug:-debug}
Version: 2.36.1
Release: 4%{?dist}
Release: 6%{?dist}
License: GPLv3+
URL: https://sourceware.org/binutils
@ -269,6 +269,10 @@ Patch18: binutils-ppc64le-note-merge.patch
# Lifetime: Fixed in 2.37
Patch19: binutils-s390-arch14-insns.patch
# Purpose: Avoid renaming over existing files.
# Lifetime: Fixed in 2.37
Patch20: binutils-CVE-2021-20197.patch
#----------------------------------------------------------------------------
Provides: bundled(libiberty)
@ -856,7 +860,13 @@ exit 0
#----------------------------------------------------------------------------
%changelog
* Fri Feb 19 2021 Nick Clifton <nickc@redhat.com> - 2.35.1-4
* Mon Feb 22 2021 Nick Clifton <nickc@redhat.com> - 2.36.1-6
- Fix merging ppc64le notes (again). (#1928936)
* Fri Feb 19 2021 Nick Clifton <nickc@redhat.com> - 2.36.1-5
- Unretire the CVE 2021-20197 patch.
* Fri Feb 19 2021 Nick Clifton <nickc@redhat.com> - 2.36.1-4
- Add support for the Z extensions to the s390x architecture.
* Thu Feb 18 2021 Nick Clifton <nickc@redhat.com> - 2.36.1-3