From 5cef9601f1b0539c87d20308c17ca01bbdf523a9 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 4 Feb 2021 11:18:37 +0000 Subject: [PATCH] Extend vulnerability fix again. Resolves: #1913744 --- binutils-CVE-2021-20197.patch | 26 ++++++++++++++++++++++++++ binutils.spec | 5 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/binutils-CVE-2021-20197.patch b/binutils-CVE-2021-20197.patch index 9623da3..7b121cb 100644 --- a/binutils-CVE-2021-20197.patch +++ b/binutils-CVE-2021-20197.patch @@ -705,3 +705,29 @@ diff -rup binutils.orig/binutils/objcopy.c binutils-2.35.1/binutils/objcopy.c status = 1; Only in binutils-2.35.1/binutils/: objcopy.c.orig Only in binutils-2.35.1/binutils/: objcopy.c.rej +--- binutils.orig/binutils/arsup.c 2021-02-04 10:42:03.265729780 +0000 ++++ binutils-2.35.1/binutils/arsup.c 2021-02-04 10:45:48.439166658 +0000 +@@ -357,8 +357,21 @@ ar_save (void) + #endif + bfd_close (obfd); + +- if (ofd == -1 || fstat (ofd, &target_stat) != 0) +- skip_stat = TRUE; ++ if (lstat (real_name, &target_stat) != 0) ++ { ++ /* The temp file created in ar_open has mode 0600 as per mkstemp. ++ Create the real empty output file here so smart_rename will ++ update the mode according to the process umask. */ ++ obfd = bfd_openw (real_name, NULL); ++ if (obfd == NULL ++ || bfd_stat (obfd, &target_stat) != 0) ++ skip_stat = TRUE; ++ if (obfd != NULL) ++ { ++ bfd_set_format (obfd, bfd_archive); ++ bfd_close (obfd); ++ } ++ } + + smart_rename (temp_name, real_name, ofd, + skip_stat ? NULL : &target_stat, 0); diff --git a/binutils.spec b/binutils.spec index 9f0b1e9..fe31dec 100644 --- a/binutils.spec +++ b/binutils.spec @@ -39,7 +39,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.35.1 -Release: 31%{?dist} +Release: 32%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -908,6 +908,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Thu Feb 04 2021 Nick Clifton - 2.35.1-32 +- Extend vulnerability fix again. (#1913744) + * Wed Feb 03 2021 Nick Clifton - 2.35.1-31 - Enable PEP support for all targets. (#1920373)