diff --git a/binutils-CVE-2023-1972.patch b/binutils-CVE-2023-1972.patch new file mode 100644 index 0000000..dd637fc --- /dev/null +++ b/binutils-CVE-2023-1972.patch @@ -0,0 +1,20 @@ +--- binutils.orig/bfd/elf.c 2023-04-17 16:26:08.720347439 +0100 ++++ binutils-2.40/bfd/elf.c 2023-04-17 16:28:03.286317601 +0100 +@@ -9050,6 +9050,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + bfd_set_error (bfd_error_file_too_big); + goto error_return_verdef; + } ++ if (amt == 0) ++ goto error_return_verdef; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return_verdef; +@@ -9153,6 +9155,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd + bfd_set_error (bfd_error_file_too_big); + goto error_return; + } ++ if (amt == 0) ++ goto error_return; + elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verdef == NULL) + goto error_return; diff --git a/binutils.spec b/binutils.spec index 60c6cde..cea98c5 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.40 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -270,6 +270,11 @@ Patch19: binutils-testsuite-fixes.patch # Lifetime: Fixed in 2.41 Patch20: binutils-reloc-symtab.patch +# Purpose: Stop an illegal memory access in the BFD library when loading +# a file with corrupt symbol version information. +# Lifetime: Fixed in 2.41 +Patch21: binutils-CVE-2023-1972.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -527,7 +532,7 @@ done # The -print is there just to confirm that the command is working. %if %{without docs} find . -name *.info -print -exec touch {} \; -%esle +%else # If we are creating the docs, touch the texi files so that the info and # man pages will be rebuilt. find . -name *.texi -print -exec touch {} \; @@ -1142,25 +1147,31 @@ exit 0 %license COPYING COPYING3 COPYING3.LIB COPYING.LIB %doc README %{_bindir}/[!l]* -%exclude %{_bindir}/gp-* -%exclude %{_bindir}/gprofng # %%verify(symlink) does not work for some reason, so using "owner" instead. %verify(owner) %{_bindir}/ld %{_bindir}/ld.bfd +%if %{with gprofng} +%exclude %{_bindir}/gp-* +%exclude %{_bindir}/gprofng +%endif + %if %{with docs} %{_mandir}/man1/ %exclude %{_mandir}/man1/gp-* %exclude %{_mandir}/man1/gprofng* %{_infodir}/as.info.* %{_infodir}/binutils.info.* -%{_infodir}/gprof.info.* %{_infodir}/ld.info.* %{_infodir}/bfd.info.* %{_infodir}/ctf-spec.info.* +%{_infodir}/gprof.info.* %{_infodir}/sframe-spec.info.* + +%if %{with gprofng} %exclude %{_infodir}/gprofng* %endif +%endif %if %{enable_shared} %{_libdir}/lib*.so @@ -1169,6 +1180,7 @@ exit 0 %exclude %{_libdir}/libopcodes.so %exclude %{_libdir}/libctf.a %exclude %{_libdir}/libctf-nobfd.a + %dir %{_libdir}/bfd-plugins # %%{_libdir}/bfd-plugins/libdep.a %{_libdir}/bfd-plugins/libdep.so @@ -1180,6 +1192,7 @@ exit 0 %{_libdir}/lib*.a %{_libdir}/libbfd.so %{_libdir}/libopcodes.so +%exclude %{_libdir}/lib*.la %if %{with gold} %files gold @@ -1228,6 +1241,10 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Mon Apr 17 2023 Nick Clifton - 2.40-7 +- Spec File: Fix typo. (#2186396) +- BFD library: Fix illegal memory access when loading corrupt symbol version info. (#2186579) + * Thu Mar 30 2023 Nick Clifton - 2.40-6 - Linker: Do not associate allocated reloc sections with the .symtab section. (#2166419)