From 20ffc82c3dee52c70769340e2e2d4a63b91dae60 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 25 Feb 2019 16:58:49 +0000 Subject: [PATCH] Improve objdump's handling of corrupt input files. Resolves: #1680663 --- binutils-CVE-2019-9073.patch | 13 +++++++++++++ binutils.spec | 10 +++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2019-9073.patch diff --git a/binutils-CVE-2019-9073.patch b/binutils-CVE-2019-9073.patch new file mode 100644 index 0000000..37256f4 --- /dev/null +++ b/binutils-CVE-2019-9073.patch @@ -0,0 +1,13 @@ +--- binutils.orig/binutils/objdump.c 2019-02-25 16:12:30.394056901 +0000 ++++ binutils-2.31.1/binutils/objdump.c 2019-02-25 16:13:07.224778005 +0000 +@@ -2993,7 +2993,9 @@ dump_bfd_header (bfd *abfd) + static void + dump_bfd_private_header (bfd *abfd) + { +- bfd_print_private_bfd_data (abfd, stdout); ++ if (!bfd_print_private_bfd_data (abfd, stdout)) ++ non_fatal (_("warning: private headers incomplete: %s"), ++ bfd_errmsg (bfd_get_error ())); + } + + static void diff --git a/binutils.spec b/binutils.spec index ee956c1..45ba600 100644 --- a/binutils.spec +++ b/binutils.spec @@ -75,7 +75,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.32 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -172,6 +172,10 @@ Patch12: binutils-special-sections-in-groups.patch # Lifetime: Fixed in 2.33 (possibly) Patch13: binutils-fix-testsuite-failures.patch +# Purpose: Improve objdump's handling of corrupt input files. +# Lifetime: Fixed in 2.33 +Patch14: binutils-CVE-2019-9073.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -303,6 +307,7 @@ using libelf instead of BFD. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -704,6 +709,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Mon Feb 25 2019 Nick Clifton - 2.32-3 +- Improve objdump's handling of corrupt input files. (#1680663) + * Wed Feb 20 2019 Nick Clifton - 2.32-2 - Fix some bfd linker testsuite failures.