Stop a potential infinite loop in the binutils DWARF parser.

Resolves: #2122675

binutils-CVE-38128-dwarf-abbrev-parsing.patch

@@ -0,0 +1,15 @@
+--- binutils.orig/binutils/dwarf.c	2022-08-31 11:58:08.918685348 +0100
++++ binutils-2.39/binutils/dwarf.c	2022-08-31 15:24:13.881865797 +0100
+@@ -6365,7 +6365,11 @@ display_debug_abbrev (struct dwarf_secti
+ 	  list->start_of_next_abbrevs = start;
+ 	}
+       else
+-	start = list->start_of_next_abbrevs;
++	{
++	  if (start == list->start_of_next_abbrevs)
++	    break;
++	  start = list->start_of_next_abbrevs;
++	}
+ 
+       if (list->first_abbrev == NULL)
+ 	continue;

binutils.spec

@@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.39
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -299,6 +299,10 @@ Patch19: binutils-package-metadata.patch
 # Lifetime: Fixed in 2.40
 Patch20: binutils-gas-dwarf-skip-empty-functions.patch
 
+# Purpose:  Stop an infinite loop in the binutils DWARF decoder.  (CVE 2022-38128)
+# Lifetime: Fixed in 2.40
+Patch21: binutils-CVE-38128-dwarf-abbrev-parsing.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -955,6 +959,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Wed Aug 31 2022 Nick Clifton  <nickc@redhat.com> - 2.39-3
+- Stop a potential infinite loop in the binutils DWARF parser.  (#2122675)
+
 * Tue Aug 16 2022 Nick Clifton  <nickc@redhat.com> - 2.39-2
 - Move gprofng related files into the gprofng sub-package.