Fix a potential buffer overrun when parsing a corrupt ELF file. (#1632912)

Add a .attach_to_group pseuo-op to assembler (for use by annobin).  (#1630574)
Stop the binutils from statically linking with libstdc++.  (#1630550)
Include gold testsuite results in test logs.
Disable readelf's reporting of gaps in build notes.  (#1623556)

binutils-CVE-2018-17358.patch

@@ -0,0 +1,101 @@
+diff -rup binutils.orig/bfd/dwarf2.c binutils-2.30/bfd/dwarf2.c
+--- binutils.orig/bfd/dwarf2.c	2018-09-26 15:07:47.162863937 +0100
++++ binutils-2.30/bfd/dwarf2.c	2018-09-26 15:08:50.868368183 +0100
+@@ -527,6 +527,7 @@ read_section (bfd *	      abfd,
+   asection *msec;
+   const char *section_name = sec->uncompressed_name;
+   bfd_byte *contents = *section_buffer;
++  bfd_size_type amt;
+ 
+   /* The section may have already been read.  */
+   if (contents == NULL)
+@@ -549,7 +550,14 @@ read_section (bfd *	      abfd,
+       *section_size = msec->rawsize ? msec->rawsize : msec->size;
+       /* Paranoia - alloc one extra so that we can make sure a string
+ 	 section is NUL terminated.  */
+-      contents = (bfd_byte *) bfd_malloc (*section_size + 1);
++      amt = *section_size + 1;
++      if (amt == 0)
++	{
++	  bfd_set_error (bfd_error_no_memory);
++	  return FALSE;
++	}
++      contents = (bfd_byte *) bfd_malloc (amt);
++
+       if (contents == NULL)
+ 	return FALSE;
+       if (syms
+diff -rup binutils.orig/bfd/syms.c binutils-2.30/bfd/syms.c
+--- binutils.orig/bfd/syms.c	2018-09-26 15:07:47.162863937 +0100
++++ binutils-2.30/bfd/syms.c	2018-09-26 15:11:41.671038993 +0100
+@@ -1035,6 +1035,10 @@ _bfd_stab_section_find_nearest_line (bfd
+ 					 0, strsize))
+ 	return FALSE;
+ 
++      /* Stab strings ought to be nul terminated.  Ensure the last one
++	 is, to prevent running off the end of the buffer.  */
++      info->strs[strsize - 1] = 0;
++
+       /* If this is a relocatable object file, we have to relocate
+ 	 the entries in .stab.  This should always be simple 32 bit
+ 	 relocations against symbols defined in this object file, so
+@@ -1073,7 +1077,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 		  || r->howto->bitsize != 32
+ 		  || r->howto->pc_relative
+ 		  || r->howto->bitpos != 0
+-		  || r->howto->dst_mask != 0xffffffff)
++		  || r->howto->dst_mask != 0xffffffff
++		  || r->address * bfd_octets_per_byte (abfd) + 4 > stabsize)
+ 		{
+ 		  _bfd_error_handler
+ 		    (_("unsupported .stab relocation"));
+@@ -1195,7 +1200,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 		{
+ 		  nul_fun = stab;
+ 		  nul_str = str;
+-		  if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
++		  if (file_name >= (char *) info->strs + strsize
++		      || file_name < (char *) str)
+ 		    file_name = NULL;
+ 		  if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize
+ 		      && *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO)
+@@ -1206,7 +1212,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 		      directory_name = file_name;
+ 		      file_name = ((char *) str
+ 				   + bfd_get_32 (abfd, stab + STRDXOFF));
+-		      if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
++		      if (file_name >= (char *) info->strs + strsize
++			  || file_name < (char *) str)
+ 			file_name = NULL;
+ 		    }
+ 		}
+@@ -1217,7 +1224,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 	      file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
+ 	      /* PR 17512: file: 0c680a1f.  */
+ 	      /* PR 17512: file: 5da8aec4.  */
+-	      if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
++	      if (file_name >= (char *) info->strs + strsize
++		  || file_name < (char *) str)
+ 		file_name = NULL;
+ 	      break;
+ 
+@@ -1226,7 +1234,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 	      function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
+ 	      if (function_name == (char *) str)
+ 		continue;
+-	      if (function_name >= (char *) info->strs + strsize)
++	      if (function_name >= (char *) info->strs + strsize
++		  || function_name < (char *) str)
+ 		function_name = NULL;
+ 
+ 	      nul_fun = NULL;
+@@ -1335,7 +1344,8 @@ _bfd_stab_section_find_nearest_line (bfd
+ 	  if (val <= offset)
+ 	    {
+ 	      file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
+-	      if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
++	      if (file_name >= (char *) info->strs + strsize
++		  || file_name < (char *) str)
+ 		file_name = NULL;
+ 	      *pline = 0;
+ 	    }

binutils-attach-to-group.patch

@@ -0,0 +1,68 @@
+diff -rup binutils.orig/gas/config/obj-elf.c binutils-2.30/gas/config/obj-elf.c
+--- binutils.orig/gas/config/obj-elf.c	2018-09-24 17:50:06.974172867 +0100
++++ binutils-2.30/gas/config/obj-elf.c	2018-09-25 15:19:33.559830794 +0100
+@@ -82,9 +82,11 @@ static void obj_elf_gnu_attribute (int);
+ static void obj_elf_tls_common (int);
+ static void obj_elf_lcomm (int);
+ static void obj_elf_struct (int);
++static void obj_elf_attach_to_group (int);
+ 
+ static const pseudo_typeS elf_pseudo_table[] =
+ {
++  {"attach_to_group", obj_elf_attach_to_group, 0},
+   {"comm", obj_elf_common, 0},
+   {"common", obj_elf_common, 1},
+   {"ident", obj_elf_ident, 0},
+@@ -1007,6 +1009,27 @@ obj_elf_section_name (void)
+   return name;
+ }
+ 
++static void
++obj_elf_attach_to_group (int dummy ATTRIBUTE_UNUSED)
++{
++  const char * gname = obj_elf_section_name ();
++
++  if (gname == NULL)
++    {
++      as_warn ("group name not parseable");
++      return;
++    }
++
++  if (elf_group_name (now_seg))
++    {
++      as_warn ("already has a group");
++      return;
++    }
++
++  elf_group_name (now_seg) = xstrdup (gname);
++  elf_section_flags (now_seg) |= SHF_GROUP;
++}
++
+ void
+ obj_elf_section (int push)
+ {
+diff -rup binutils.orig/gas/doc/as.texinfo binutils-2.30/gas/doc/as.texinfo
+--- binutils.orig/gas/doc/as.texi	2018-09-24 17:50:06.984172788 +0100
++++ binutils-2.30/gas/doc/as.texi	2018-09-25 15:19:43.557748972 +0100
+@@ -4407,6 +4407,7 @@ Some machine configurations provide addi
+ * Altmacro::                    @code{.altmacro}
+ * Ascii::                       @code{.ascii "@var{string}"}@dots{}
+ * Asciz::                       @code{.asciz "@var{string}"}@dots{}
++* Attach_to_group::             @code{.attach_to_group @var{name}}
+ * Balign::                      @code{.balign @var{abs-expr} , @var{abs-expr}}
+ * Bundle directives::           @code{.bundle_align_mode @var{abs-expr}}, etc
+ * Byte::                        @code{.byte @var{expressions}}
+@@ -4703,6 +4704,12 @@ trailing zero byte) into consecutive add
+ @code{.asciz} is just like @code{.ascii}, but each string is followed by
+ a zero byte.  The ``z'' in @samp{.asciz} stands for ``zero''.
+ 
++@node Attach_to_group
++@section @code{.attach_to_group @var{name}}
++Attaches the current section to the named group.  This is like declaring
++the section with the @code{G} attribute, but can be done after the section
++has been created.
++
+ @node Balign
+ @section @code{.balign[wl] @var{abs-expr}, @var{abs-expr}, @var{abs-expr}}
+ 
+

binutils-disable-readelf-gap-reports.patch

@@ -0,0 +1,16 @@
+--- binutils.orig/binutils/readelf.c	2018-09-05 14:08:22.733186922 +0100
++++ binutils-2.30/binutils/readelf.c	2018-09-05 15:35:38.009749485 +0100
+@@ -17634,11 +17634,12 @@ print_gnu_build_attribute_description (E
+ 
+   if (is_open_attr)
+     {
++#if 0
+       /* FIXME: Need to properly allow for section alignment.  16 is just the alignment used on x86_64.  */
+       if (global_end > 0 && start > BFD_ALIGN (global_end, 16))
+ 	warn (_("Gap in build notes detected from %#lx to %#lx\n"),
+ 	      global_end + 1, start - 1);
+-
++#endif
+       printf (_("    Applies to region from %#lx"), start);
+       global_offset = start;
+ 

binutils-do-not-link-with-static-libstdc++.patch

@@ -0,0 +1,83 @@
+diff -rup binutils.orig/configure binutils-2.30/configure
+--- binutils.orig/configure	2018-09-24 17:50:06.967172922 +0100
++++ binutils-2.30/configure	2018-09-24 17:51:16.648624865 +0100
+@@ -4996,49 +4996,6 @@ if test -z "$LD"; then
+   fi
+ fi
+ 
+-# Check whether -static-libstdc++ -static-libgcc is supported.
+-have_static_libs=no
+-if test "$GCC" = yes; then
+-  saved_LDFLAGS="$LDFLAGS"
+-
+-  LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc"
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether g++ accepts -static-libstdc++ -static-libgcc" >&5
+-$as_echo_n "checking whether g++ accepts -static-libstdc++ -static-libgcc... " >&6; }
+-  ac_ext=cpp
+-ac_cpp='$CXXCPP $CPPFLAGS'
+-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+-
+-
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-
+-#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
+-#error -static-libstdc++ not implemented
+-#endif
+-int main() {}
+-_ACEOF
+-if ac_fn_cxx_try_link "$LINENO"; then :
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }; have_static_libs=yes
+-else
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+-    conftest$ac_exeext conftest.$ac_ext
+-  ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-
+-
+-  LDFLAGS="$saved_LDFLAGS"
+-fi
+-
+-
+ 
+ 
+ if test -n "$ac_tool_prefix"; then
+diff -rup binutils.orig/configure.ac binutils-2.30/configure.ac
+--- binutils.orig/configure.ac	2018-09-24 17:50:07.241170767 +0100
++++ binutils-2.30/configure.ac	2018-09-24 17:50:29.908992486 +0100
+@@ -1288,26 +1288,6 @@ if test -z "$LD"; then
+   fi
+ fi
+ 
+-# Check whether -static-libstdc++ -static-libgcc is supported.
+-have_static_libs=no
+-if test "$GCC" = yes; then
+-  saved_LDFLAGS="$LDFLAGS"
+-
+-  LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc"
+-  AC_MSG_CHECKING([whether g++ accepts -static-libstdc++ -static-libgcc])
+-  AC_LANG_PUSH(C++)
+-  AC_LINK_IFELSE([AC_LANG_SOURCE([
+-#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
+-#error -static-libstdc++ not implemented
+-#endif
+-int main() {}])],
+-    [AC_MSG_RESULT([yes]); have_static_libs=yes],
+-    [AC_MSG_RESULT([no])])
+-  AC_LANG_POP(C++)
+-
+-  LDFLAGS="$saved_LDFLAGS"
+-fi
+-
+ ACX_PROG_GNAT
+ ACX_PROG_CMP_IGNORE_INITIAL
+ 

binutils.spec

@@ -46,7 +46,7 @@
 
 %if %{with debug}
 %undefine with_testsuite
-%endif1599521)
+%endif
 
 %if 0%{!?binutils_target:1}
 %define binutils_target %{_target_platform}
@@ -69,7 +69,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.31.1
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -186,6 +186,23 @@ Patch16: binutils-detect-corrupt-sym-version-info.patch
 # Lifetime: Fixed in 2.32
 Patch17: binutils-delay-ld-script-constant-eval.patch
 
+# Purpose:  Stop readelf's reports of gaps in build notes - they are unreliable.
+# Lifetime: Unknown.
+Patch18: binutils-disable-readelf-gap-reports.patch
+
+# Purpose:  Stop the binutils from statically linking with libstdc++.
+# Lifetime: Permanent.
+Patch20: binutils-do-not-link-with-static-libstdc++.patch
+
+# Purpose:  Add a .attach_to_group pseudo-op to the assembler for
+#           use by the annobin gcc plugin.
+# Lifetime: Permanent.
+Patch21: binutils-attach-to-group.patch
+
+# Purpose:  Fix a potential buffer overrun when parsing a corrupt ELF file.
+# Lifetime: Fixed in 2.32.
+Patch22: binutils-CVE-2018-17358.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -314,7 +331,6 @@ using libelf instead of BFD.
 %patch02 -p1
 %patch03 -p1
 %patch04 -p1
-#% patch05 -p1
 %patch06 -p1
 %patch07 -p1
 %patch08 -p1
@@ -327,8 +343,13 @@ using libelf instead of BFD.
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
 
 # We cannot run autotools as there is an exact requirement of autoconf-2.59.
+# FIXME - this is no longer true.  Maybe try reinstating autotool use ?
 
 # On ppc64 and aarch64, we might use 64KiB pages
 sed -i -e '/#define.*ELF_COMMONPAGESIZE/s/0x1000$/0x10000/' bfd/elf*ppc.c
@@ -475,7 +496,7 @@ export LDFLAGS=$RPM_LD_FLAGS
 %make_build %{_smp_mflags} tooldir=%{_prefix} MAKEINFO=true all
 %endif
 
-# Do not use %%check as it is run after %%install where libbfd.so is rebuild
+# Do not use %%check as it is run after %%install where libbfd.so is rebuilt
 # with -fvisibility=hidden no longer being usable in its shared form.
 %if %{without testsuite}
 echo ====================TESTSUITE DISABLED=========================
@@ -483,14 +504,29 @@ echo ====================TESTSUITE DISABLED=========================
 make -k check < /dev/null || :
 echo ====================TESTING=========================
 cat {gas/testsuite/gas,ld/ld,binutils/binutils}.sum
+%if "%{build_gold}" == "both"
+if [ -f gold/test-suite.log ]; then
+    cat gold/test-suite.log
+fi
+if [ -f gold/testsuite/test-suite.log ]; then
+    cat gold/testsuite/*.log
+fi
+%endif
 echo ====================TESTING END=====================
 for file in {gas/testsuite/gas,ld/ld,binutils/binutils}.{sum,log}
 do
   ln $file binutils-%{_target_platform}-$(basename $file) || :
 done
-tar cjf binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}-*.{sum,log}
-uuencode binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}.tar.bz2
-rm -f binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}-*.{sum,log}
+tar cjf binutils-%{_target_platform}.tar.xz  binutils-%{_target_platform}-*.{sum,log}
+uuencode binutils-%{_target_platform}.tar.xz binutils-%{_target_platform}.tar.xz
+rm -f binutils-%{_target_platform}.tar.xz    binutils-%{_target_platform}-*.{sum,log}
+%if "%{build_gold}" == "both"
+if [-f gold/testsuite/test-suite.log ]; then
+  tar cjf  binutils-%{_target_platform}-gold.log.tar.xz gold/testsuite/*.log
+  uuencode binutils-%{_target_platform}-gold.log.tar.xz binutils-%{_target_platform}-gold.log.tar.xz
+  rm -f    binutils-%{_target_platform}-gold.log.tar.xz
+fi
+%endif
 %endif
 
 #----------------------------------------------------------------------------
@@ -734,6 +770,13 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Fri Sep 28 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-14
+- Fix a potential buffer overrun when parsing a corrupt ELF file.  (#1632912)
+- Add a .attach_to_group pseuo-op to assembler (for use by annobin).  (#1630574)
+- Stop the binutils from statically linking with libstdc++.  (#1630550)
+- Include gold testsuite results in test logs.
+- Disable readelf's reporting of gaps in build notes.  (#1623556)
+
 * Tue Sep 04 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-13
 - Delay the evaluation of linker script constants until after the configuration options have been set.  (#1624751)