From b25b0811ad427c673aadfa81552ec8fe2bd14f51 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 28 Sep 2018 14:19:31 +0100 Subject: [PATCH] Fix a potential buffer overrun when parsing a corrupt ELF file. (#1632912) Add a .attach_to_group pseuo-op to assembler (for use by annobin). (#1630574) Stop the binutils from statically linking with libstdc++. (#1630550) Include gold testsuite results in test logs. Disable readelf's reporting of gaps in build notes. (#1623556) --- binutils-CVE-2018-17358.patch | 101 ++++++++++++++++++ binutils-attach-to-group.patch | 68 ++++++++++++ binutils-disable-readelf-gap-reports.patch | 16 +++ ...ls-do-not-link-with-static-libstdc++.patch | 83 ++++++++++++++ binutils.spec | 57 ++++++++-- 5 files changed, 318 insertions(+), 7 deletions(-) create mode 100644 binutils-CVE-2018-17358.patch create mode 100644 binutils-attach-to-group.patch create mode 100644 binutils-disable-readelf-gap-reports.patch create mode 100644 binutils-do-not-link-with-static-libstdc++.patch diff --git a/binutils-CVE-2018-17358.patch b/binutils-CVE-2018-17358.patch new file mode 100644 index 0000000..fd91fda --- /dev/null +++ b/binutils-CVE-2018-17358.patch @@ -0,0 +1,101 @@ +diff -rup binutils.orig/bfd/dwarf2.c binutils-2.30/bfd/dwarf2.c +--- binutils.orig/bfd/dwarf2.c 2018-09-26 15:07:47.162863937 +0100 ++++ binutils-2.30/bfd/dwarf2.c 2018-09-26 15:08:50.868368183 +0100 +@@ -527,6 +527,7 @@ read_section (bfd * abfd, + asection *msec; + const char *section_name = sec->uncompressed_name; + bfd_byte *contents = *section_buffer; ++ bfd_size_type amt; + + /* The section may have already been read. */ + if (contents == NULL) +@@ -549,7 +550,14 @@ read_section (bfd * abfd, + *section_size = msec->rawsize ? msec->rawsize : msec->size; + /* Paranoia - alloc one extra so that we can make sure a string + section is NUL terminated. */ +- contents = (bfd_byte *) bfd_malloc (*section_size + 1); ++ amt = *section_size + 1; ++ if (amt == 0) ++ { ++ bfd_set_error (bfd_error_no_memory); ++ return FALSE; ++ } ++ contents = (bfd_byte *) bfd_malloc (amt); ++ + if (contents == NULL) + return FALSE; + if (syms +diff -rup binutils.orig/bfd/syms.c binutils-2.30/bfd/syms.c +--- binutils.orig/bfd/syms.c 2018-09-26 15:07:47.162863937 +0100 ++++ binutils-2.30/bfd/syms.c 2018-09-26 15:11:41.671038993 +0100 +@@ -1035,6 +1035,10 @@ _bfd_stab_section_find_nearest_line (bfd + 0, strsize)) + return FALSE; + ++ /* Stab strings ought to be nul terminated. Ensure the last one ++ is, to prevent running off the end of the buffer. */ ++ info->strs[strsize - 1] = 0; ++ + /* If this is a relocatable object file, we have to relocate + the entries in .stab. This should always be simple 32 bit + relocations against symbols defined in this object file, so +@@ -1073,7 +1077,8 @@ _bfd_stab_section_find_nearest_line (bfd + || r->howto->bitsize != 32 + || r->howto->pc_relative + || r->howto->bitpos != 0 +- || r->howto->dst_mask != 0xffffffff) ++ || r->howto->dst_mask != 0xffffffff ++ || r->address * bfd_octets_per_byte (abfd) + 4 > stabsize) + { + _bfd_error_handler + (_("unsupported .stab relocation")); +@@ -1195,7 +1200,8 @@ _bfd_stab_section_find_nearest_line (bfd + { + nul_fun = stab; + nul_str = str; +- if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) ++ if (file_name >= (char *) info->strs + strsize ++ || file_name < (char *) str) + file_name = NULL; + if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize + && *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO) +@@ -1206,7 +1212,8 @@ _bfd_stab_section_find_nearest_line (bfd + directory_name = file_name; + file_name = ((char *) str + + bfd_get_32 (abfd, stab + STRDXOFF)); +- if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) ++ if (file_name >= (char *) info->strs + strsize ++ || file_name < (char *) str) + file_name = NULL; + } + } +@@ -1217,7 +1224,8 @@ _bfd_stab_section_find_nearest_line (bfd + file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + /* PR 17512: file: 0c680a1f. */ + /* PR 17512: file: 5da8aec4. */ +- if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) ++ if (file_name >= (char *) info->strs + strsize ++ || file_name < (char *) str) + file_name = NULL; + break; + +@@ -1226,7 +1234,8 @@ _bfd_stab_section_find_nearest_line (bfd + function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + if (function_name == (char *) str) + continue; +- if (function_name >= (char *) info->strs + strsize) ++ if (function_name >= (char *) info->strs + strsize ++ || function_name < (char *) str) + function_name = NULL; + + nul_fun = NULL; +@@ -1335,7 +1344,8 @@ _bfd_stab_section_find_nearest_line (bfd + if (val <= offset) + { + file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); +- if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) ++ if (file_name >= (char *) info->strs + strsize ++ || file_name < (char *) str) + file_name = NULL; + *pline = 0; + } diff --git a/binutils-attach-to-group.patch b/binutils-attach-to-group.patch new file mode 100644 index 0000000..7bb5348 --- /dev/null +++ b/binutils-attach-to-group.patch @@ -0,0 +1,68 @@ +diff -rup binutils.orig/gas/config/obj-elf.c binutils-2.30/gas/config/obj-elf.c +--- binutils.orig/gas/config/obj-elf.c 2018-09-24 17:50:06.974172867 +0100 ++++ binutils-2.30/gas/config/obj-elf.c 2018-09-25 15:19:33.559830794 +0100 +@@ -82,9 +82,11 @@ static void obj_elf_gnu_attribute (int); + static void obj_elf_tls_common (int); + static void obj_elf_lcomm (int); + static void obj_elf_struct (int); ++static void obj_elf_attach_to_group (int); + + static const pseudo_typeS elf_pseudo_table[] = + { ++ {"attach_to_group", obj_elf_attach_to_group, 0}, + {"comm", obj_elf_common, 0}, + {"common", obj_elf_common, 1}, + {"ident", obj_elf_ident, 0}, +@@ -1007,6 +1009,27 @@ obj_elf_section_name (void) + return name; + } + ++static void ++obj_elf_attach_to_group (int dummy ATTRIBUTE_UNUSED) ++{ ++ const char * gname = obj_elf_section_name (); ++ ++ if (gname == NULL) ++ { ++ as_warn ("group name not parseable"); ++ return; ++ } ++ ++ if (elf_group_name (now_seg)) ++ { ++ as_warn ("already has a group"); ++ return; ++ } ++ ++ elf_group_name (now_seg) = xstrdup (gname); ++ elf_section_flags (now_seg) |= SHF_GROUP; ++} ++ + void + obj_elf_section (int push) + { +diff -rup binutils.orig/gas/doc/as.texinfo binutils-2.30/gas/doc/as.texinfo +--- binutils.orig/gas/doc/as.texi 2018-09-24 17:50:06.984172788 +0100 ++++ binutils-2.30/gas/doc/as.texi 2018-09-25 15:19:43.557748972 +0100 +@@ -4407,6 +4407,7 @@ Some machine configurations provide addi + * Altmacro:: @code{.altmacro} + * Ascii:: @code{.ascii "@var{string}"}@dots{} + * Asciz:: @code{.asciz "@var{string}"}@dots{} ++* Attach_to_group:: @code{.attach_to_group @var{name}} + * Balign:: @code{.balign @var{abs-expr} , @var{abs-expr}} + * Bundle directives:: @code{.bundle_align_mode @var{abs-expr}}, etc + * Byte:: @code{.byte @var{expressions}} +@@ -4703,6 +4704,12 @@ trailing zero byte) into consecutive add + @code{.asciz} is just like @code{.ascii}, but each string is followed by + a zero byte. The ``z'' in @samp{.asciz} stands for ``zero''. + ++@node Attach_to_group ++@section @code{.attach_to_group @var{name}} ++Attaches the current section to the named group. This is like declaring ++the section with the @code{G} attribute, but can be done after the section ++has been created. ++ + @node Balign + @section @code{.balign[wl] @var{abs-expr}, @var{abs-expr}, @var{abs-expr}} + + diff --git a/binutils-disable-readelf-gap-reports.patch b/binutils-disable-readelf-gap-reports.patch new file mode 100644 index 0000000..cee63ba --- /dev/null +++ b/binutils-disable-readelf-gap-reports.patch @@ -0,0 +1,16 @@ +--- binutils.orig/binutils/readelf.c 2018-09-05 14:08:22.733186922 +0100 ++++ binutils-2.30/binutils/readelf.c 2018-09-05 15:35:38.009749485 +0100 +@@ -17634,11 +17634,12 @@ print_gnu_build_attribute_description (E + + if (is_open_attr) + { ++#if 0 + /* FIXME: Need to properly allow for section alignment. 16 is just the alignment used on x86_64. */ + if (global_end > 0 && start > BFD_ALIGN (global_end, 16)) + warn (_("Gap in build notes detected from %#lx to %#lx\n"), + global_end + 1, start - 1); +- ++#endif + printf (_(" Applies to region from %#lx"), start); + global_offset = start; + diff --git a/binutils-do-not-link-with-static-libstdc++.patch b/binutils-do-not-link-with-static-libstdc++.patch new file mode 100644 index 0000000..49d46c2 --- /dev/null +++ b/binutils-do-not-link-with-static-libstdc++.patch @@ -0,0 +1,83 @@ +diff -rup binutils.orig/configure binutils-2.30/configure +--- binutils.orig/configure 2018-09-24 17:50:06.967172922 +0100 ++++ binutils-2.30/configure 2018-09-24 17:51:16.648624865 +0100 +@@ -4996,49 +4996,6 @@ if test -z "$LD"; then + fi + fi + +-# Check whether -static-libstdc++ -static-libgcc is supported. +-have_static_libs=no +-if test "$GCC" = yes; then +- saved_LDFLAGS="$LDFLAGS" +- +- LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc" +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether g++ accepts -static-libstdc++ -static-libgcc" >&5 +-$as_echo_n "checking whether g++ accepts -static-libstdc++ -static-libgcc... " >&6; } +- ac_ext=cpp +-ac_cpp='$CXXCPP $CPPFLAGS' +-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +- +- +-cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +-#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5) +-#error -static-libstdc++ not implemented +-#endif +-int main() {} +-_ACEOF +-if ac_fn_cxx_try_link "$LINENO"; then : +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; }; have_static_libs=yes +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- ac_ext=c +-ac_cpp='$CPP $CPPFLAGS' +-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +-ac_compiler_gnu=$ac_cv_c_compiler_gnu +- +- +- LDFLAGS="$saved_LDFLAGS" +-fi +- +- + + + if test -n "$ac_tool_prefix"; then +diff -rup binutils.orig/configure.ac binutils-2.30/configure.ac +--- binutils.orig/configure.ac 2018-09-24 17:50:07.241170767 +0100 ++++ binutils-2.30/configure.ac 2018-09-24 17:50:29.908992486 +0100 +@@ -1288,26 +1288,6 @@ if test -z "$LD"; then + fi + fi + +-# Check whether -static-libstdc++ -static-libgcc is supported. +-have_static_libs=no +-if test "$GCC" = yes; then +- saved_LDFLAGS="$LDFLAGS" +- +- LDFLAGS="$LDFLAGS -static-libstdc++ -static-libgcc" +- AC_MSG_CHECKING([whether g++ accepts -static-libstdc++ -static-libgcc]) +- AC_LANG_PUSH(C++) +- AC_LINK_IFELSE([AC_LANG_SOURCE([ +-#if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 5) +-#error -static-libstdc++ not implemented +-#endif +-int main() {}])], +- [AC_MSG_RESULT([yes]); have_static_libs=yes], +- [AC_MSG_RESULT([no])]) +- AC_LANG_POP(C++) +- +- LDFLAGS="$saved_LDFLAGS" +-fi +- + ACX_PROG_GNAT + ACX_PROG_CMP_IGNORE_INITIAL + diff --git a/binutils.spec b/binutils.spec index a42b0b7..ac774d2 100644 --- a/binutils.spec +++ b/binutils.spec @@ -46,7 +46,7 @@ %if %{with debug} %undefine with_testsuite -%endif1599521) +%endif %if 0%{!?binutils_target:1} %define binutils_target %{_target_platform} @@ -69,7 +69,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.31.1 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -186,6 +186,23 @@ Patch16: binutils-detect-corrupt-sym-version-info.patch # Lifetime: Fixed in 2.32 Patch17: binutils-delay-ld-script-constant-eval.patch +# Purpose: Stop readelf's reports of gaps in build notes - they are unreliable. +# Lifetime: Unknown. +Patch18: binutils-disable-readelf-gap-reports.patch + +# Purpose: Stop the binutils from statically linking with libstdc++. +# Lifetime: Permanent. +Patch20: binutils-do-not-link-with-static-libstdc++.patch + +# Purpose: Add a .attach_to_group pseudo-op to the assembler for +# use by the annobin gcc plugin. +# Lifetime: Permanent. +Patch21: binutils-attach-to-group.patch + +# Purpose: Fix a potential buffer overrun when parsing a corrupt ELF file. +# Lifetime: Fixed in 2.32. +Patch22: binutils-CVE-2018-17358.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -314,7 +331,6 @@ using libelf instead of BFD. %patch02 -p1 %patch03 -p1 %patch04 -p1 -#% patch05 -p1 %patch06 -p1 %patch07 -p1 %patch08 -p1 @@ -327,8 +343,13 @@ using libelf instead of BFD. %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. +# FIXME - this is no longer true. Maybe try reinstating autotool use ? # On ppc64 and aarch64, we might use 64KiB pages sed -i -e '/#define.*ELF_COMMONPAGESIZE/s/0x1000$/0x10000/' bfd/elf*ppc.c @@ -475,7 +496,7 @@ export LDFLAGS=$RPM_LD_FLAGS %make_build %{_smp_mflags} tooldir=%{_prefix} MAKEINFO=true all %endif -# Do not use %%check as it is run after %%install where libbfd.so is rebuild +# Do not use %%check as it is run after %%install where libbfd.so is rebuilt # with -fvisibility=hidden no longer being usable in its shared form. %if %{without testsuite} echo ====================TESTSUITE DISABLED========================= @@ -483,14 +504,29 @@ echo ====================TESTSUITE DISABLED========================= make -k check < /dev/null || : echo ====================TESTING========================= cat {gas/testsuite/gas,ld/ld,binutils/binutils}.sum +%if "%{build_gold}" == "both" +if [ -f gold/test-suite.log ]; then + cat gold/test-suite.log +fi +if [ -f gold/testsuite/test-suite.log ]; then + cat gold/testsuite/*.log +fi +%endif echo ====================TESTING END===================== for file in {gas/testsuite/gas,ld/ld,binutils/binutils}.{sum,log} do ln $file binutils-%{_target_platform}-$(basename $file) || : done -tar cjf binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}-*.{sum,log} -uuencode binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}.tar.bz2 -rm -f binutils-%{_target_platform}.tar.bz2 binutils-%{_target_platform}-*.{sum,log} +tar cjf binutils-%{_target_platform}.tar.xz binutils-%{_target_platform}-*.{sum,log} +uuencode binutils-%{_target_platform}.tar.xz binutils-%{_target_platform}.tar.xz +rm -f binutils-%{_target_platform}.tar.xz binutils-%{_target_platform}-*.{sum,log} +%if "%{build_gold}" == "both" +if [-f gold/testsuite/test-suite.log ]; then + tar cjf binutils-%{_target_platform}-gold.log.tar.xz gold/testsuite/*.log + uuencode binutils-%{_target_platform}-gold.log.tar.xz binutils-%{_target_platform}-gold.log.tar.xz + rm -f binutils-%{_target_platform}-gold.log.tar.xz +fi +%endif %endif #---------------------------------------------------------------------------- @@ -734,6 +770,13 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Sep 28 2018 Nick Clifton - 2.31.1-14 +- Fix a potential buffer overrun when parsing a corrupt ELF file. (#1632912) +- Add a .attach_to_group pseuo-op to assembler (for use by annobin). (#1630574) +- Stop the binutils from statically linking with libstdc++. (#1630550) +- Include gold testsuite results in test logs. +- Disable readelf's reporting of gaps in build notes. (#1623556) + * Tue Sep 04 2018 Nick Clifton - 2.31.1-13 - Delay the evaluation of linker script constants until after the configuration options have been set. (#1624751)