From 70ab9c2b90378fb16a90fc3b41886bb4bf38139a Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 4 Oct 2019 10:59:30 +0100 Subject: [PATCH] Remove support for old file formats (ihex, tekhex, verilog) as they are a constant source of CVEs. --- binutils-remove-old-formats.patch | 90 +++++++++++++++++++++++++++++++ binutils.spec | 10 +++- 2 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 binutils-remove-old-formats.patch diff --git a/binutils-remove-old-formats.patch b/binutils-remove-old-formats.patch new file mode 100644 index 0000000..5cbd785 --- /dev/null +++ b/binutils-remove-old-formats.patch @@ -0,0 +1,90 @@ +diff -rup binutils.orig/bfd/Makefile.am binutils-2.32/bfd/Makefile.am +--- binutils.orig/bfd/Makefile.am 2019-10-04 09:38:45.255326417 +0100 ++++ binutils-2.32/bfd/Makefile.am 2019-10-04 09:43:18.295336820 +0100 +@@ -74,7 +74,7 @@ BFD32_LIBS = \ + coff-bfd.lo compress.lo corefile.lo elf-properties.lo format.lo \ + hash.lo init.lo libbfd.lo linker.lo merge.lo opncls.lo reloc.lo \ + section.lo simple.lo stab-syms.lo stabs.lo syms.lo targets.lo \ +- binary.lo ihex.lo srec.lo tekhex.lo verilog.lo ++ binary.lo srec.lo + + BFD64_LIBS = archive64.lo + +@@ -83,7 +83,7 @@ BFD32_LIBS_CFILES = \ + compress.c corefile.c elf-properties.c format.c hash.c \ + init.c libbfd.c linker.c merge.c opncls.c reloc.c \ + section.c simple.c stab-syms.c stabs.c syms.c targets.c \ +- binary.c ihex.c srec.c tekhex.c verilog.c ++ binary.c srec.c + + BFD64_LIBS_CFILES = archive64.c + +diff -rup binutils.orig/bfd/Makefile.in binutils-2.32/bfd/Makefile.in +--- binutils.orig/bfd/Makefile.in 2019-10-04 09:38:45.262326366 +0100 ++++ binutils-2.32/bfd/Makefile.in 2019-10-04 09:44:04.951996839 +0100 +@@ -185,8 +185,7 @@ am__objects_1 = archive.lo archures.lo b + cache.lo coff-bfd.lo compress.lo corefile.lo elf-properties.lo \ + format.lo hash.lo init.lo libbfd.lo linker.lo merge.lo \ + opncls.lo reloc.lo section.lo simple.lo stab-syms.lo stabs.lo \ +- syms.lo targets.lo binary.lo ihex.lo srec.lo tekhex.lo \ +- verilog.lo ++ syms.lo targets.lo binary.lo srec.lo + am_libbfd_la_OBJECTS = $(am__objects_1) + libbfd_la_OBJECTS = $(am_libbfd_la_OBJECTS) + AM_V_lt = $(am__v_lt_@AM_V@) +@@ -498,7 +497,7 @@ BFD32_LIBS = \ + coff-bfd.lo compress.lo corefile.lo elf-properties.lo format.lo \ + hash.lo init.lo libbfd.lo linker.lo merge.lo opncls.lo reloc.lo \ + section.lo simple.lo stab-syms.lo stabs.lo syms.lo targets.lo \ +- binary.lo ihex.lo srec.lo tekhex.lo verilog.lo ++ binary.lo srec.lo + + BFD64_LIBS = archive64.lo + BFD32_LIBS_CFILES = \ +@@ -506,7 +505,7 @@ BFD32_LIBS_CFILES = \ + compress.c corefile.c elf-properties.c format.c hash.c \ + init.c libbfd.c linker.c merge.c opncls.c reloc.c \ + section.c simple.c stab-syms.c stabs.c syms.c targets.c \ +- binary.c ihex.c srec.c tekhex.c verilog.c ++ binary.c srec.c + + BFD64_LIBS_CFILES = archive64.c + +@@ -1514,7 +1513,6 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/i386bsd.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/i386lynx.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/i386msdos.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ihex.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irix-core.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libbfd.Plo@am__quote@ +@@ -1566,11 +1564,9 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stabs.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syms.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/targets.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tekhex.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trad-core.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vax1knetbsd.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vaxnetbsd.Plo@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verilog.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vms-alpha.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vms-lib.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vms-misc.Plo@am__quote@ +diff -rup binutils.orig/bfd/targets.c binutils-2.32/bfd/targets.c +--- binutils.orig/bfd/targets.c 2019-10-04 09:38:45.268326323 +0100 ++++ binutils-2.32/bfd/targets.c 2019-10-04 09:42:54.118512989 +0100 +@@ -1289,14 +1289,8 @@ static const bfd_target * const _bfd_tar + /* Always support S-records, for convenience. */ + &srec_vec, + &symbolsrec_vec, +-/* And verilog. */ +- &verilog_vec, +-/* And tekhex */ +- &tekhex_vec, + /* Likewise for binary output. */ + &binary_vec, +-/* Likewise for ihex. */ +- &ihex_vec, + + /* Add any required traditional-core-file-handler. */ + diff --git a/binutils.spec b/binutils.spec index 8ff42e8..dd9f475 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.32 -Release: 26%{?dist} +Release: 27%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -271,6 +271,10 @@ Patch29: binutils-CVE-2019-14444.patch # Lifetime: Fixed in 2.34 Patch30: binutils-gcc-10-fixes.patch +# Purpose: Remove support for old file formats (ihex, tekhex, verilog) +# Lifetime: Permanent. +Patch31: binutils-remove-old-formats.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -436,6 +440,7 @@ Conflicts: gcc-c++ < 4.0.0 %patch28 -p1 %patch29 -p1 %patch30 -p1 +%patch31 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -841,6 +846,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Oct 04 2019 Nick Clifton - 2.32-27 +- Remove support for old file formats (ihex, tekhex, verilog) as they are a constant source of CVEs. + * Wed Sep 25 2019 Nick Clifton - 2.32-26 - Add an option to build using clang instead of gcc.