From f44b483e75fc548de76032bf552f937ee2b3a533 Mon Sep 17 00:00:00 2001 From: yahmad Date: Thu, 17 Nov 2022 16:07:26 +0100 Subject: [PATCH] - Fic configuration of s390x binutils so that it does not include support for extraneous targets. (#2139143) - Fix readelf's decoding of files with no sections. (#2131609) - Stop potential infinite loop in the binutils DWARF parser. (#2122675) --- binutils-CVE-38128-dwarf-abbrev-parsing.patch | 15 ++++++++++ binutils-readelf-no-sections.patch | 29 +++++++++++++++++++ binutils.spec | 27 ++++++++++++----- sources | 2 +- 4 files changed, 65 insertions(+), 8 deletions(-) create mode 100644 binutils-CVE-38128-dwarf-abbrev-parsing.patch create mode 100644 binutils-readelf-no-sections.patch diff --git a/binutils-CVE-38128-dwarf-abbrev-parsing.patch b/binutils-CVE-38128-dwarf-abbrev-parsing.patch new file mode 100644 index 0000000..a175bb7 --- /dev/null +++ b/binutils-CVE-38128-dwarf-abbrev-parsing.patch @@ -0,0 +1,15 @@ +--- binutils.orig/binutils/dwarf.c 2022-08-31 11:58:08.918685348 +0100 ++++ binutils-2.39/binutils/dwarf.c 2022-08-31 15:24:13.881865797 +0100 +@@ -6365,7 +6365,11 @@ display_debug_abbrev (struct dwarf_secti + list->start_of_next_abbrevs = start; + } + else +- start = list->start_of_next_abbrevs; ++ { ++ if (start == list->start_of_next_abbrevs) ++ break; ++ start = list->start_of_next_abbrevs; ++ } + + if (list->first_abbrev == NULL) + continue; diff --git a/binutils-readelf-no-sections.patch b/binutils-readelf-no-sections.patch new file mode 100644 index 0000000..728d9c0 --- /dev/null +++ b/binutils-readelf-no-sections.patch @@ -0,0 +1,29 @@ +--- binutils.orig/binutils/readelf.c 2022-10-03 13:20:42.707527855 +0100 ++++ binutils-2.39/binutils/readelf.c 2022-10-03 13:21:25.785436781 +0100 +@@ -6357,6 +6357,13 @@ get_32bit_section_headers (Filedata * fi + /* PR binutils/17531: Cope with unexpected section header sizes. */ + if (size == 0 || num == 0) + return false; ++ ++ /* The section header cannot be at the start of the file - that is ++ where the ELF file header is located. A file with absolutely no ++ sections in it will use a shoff of 0. */ ++ if (filedata->file_header.e_shoff == 0) ++ return false; ++ + if (size < sizeof * shdrs) + { + if (! probe) +@@ -6421,6 +6428,12 @@ get_64bit_section_headers (Filedata * fi + if (size == 0 || num == 0) + return false; + ++ /* The section header cannot be at the start of the file - that is ++ where the ELF file header is located. A file with absolutely no ++ sections in it will use a shoff of 0. */ ++ if (filedata->file_header.e_shoff == 0) ++ return false; ++ + if (size < sizeof * shdrs) + { + if (! probe) diff --git a/binutils.spec b/binutils.spec index af490b5..f7d01b7 100644 --- a/binutils.spec +++ b/binutils.spec @@ -39,7 +39,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.38 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -341,6 +341,14 @@ Patch31: binutils-add-splay-tree-for-info_ptr.patch # Purpose: Fixing bug 2120752 # Lifetime: Fixed in 2.39 Patch32: binutils-reduce-O-n2-performance-overhead-when-parsing-DWARF.patch + +# Purpose: Stop an infinite loop in the binutils DWARF decoder. (CVE 2022-38128) +# Lifetime: Fixed in 2.40 +Patch33: binutils-CVE-38128-dwarf-abbrev-parsing.patch + +# Purpose: Stop readelf from incorrectly decoding ELF files with no sections. +# Lifetime: Fixed in 2.40 +Patch34: binutils-readelf-no-sections.patch #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -594,11 +602,11 @@ CARGS="$CARGS --enable-64-bit-bfd" # Also enable the BPF target so that strip will work on BPF files. case %{binutils_target} in s390*) - # FIXME: For some unknown reason settting --enable-targets=x86_64-pep - # here breaks the building of GOLD. I have no idea why, and not enough - # knowledge of how gold is configured to fix quickly. So instead I have - # found that supporting "all" targets works. - CARGS="$CARGS --enable-targets=all" + # Note - The s390-linux target is there so that the GOLD linker will + # build. By default, if configured for just s390x-linux, the GOLD + # configure system will only include support for 64-bit targets, but + # the s390x gold backend uses both 32-bit and 64-bit templates. + CARGS="$CARGS --enable-targets=s390-linux,s390x-linux,x86_64-pep,bpf-unknown-none" ;; ia64*) CARGS="$CARGS --enable-targets=ia64-linux,x86_64-pep,bpf-unknown-none" @@ -955,7 +963,12 @@ exit 0 #---------------------------------------------------------------------------- %changelog -* Wed Aug 31 2022 Yara Ahmad - 2.38-24 +* Wed Nov 16 2022 Yara Ahmad - 2.38-25 +- Fic configuration of s390x binutils so that it does not include support for extraneous targets. (#2139143) +- Fix readelf's decoding of files with no sections. (#2131609) +- Stop potential infinite loop in the binutils DWARF parser. (#2122675) + +* Wed Sep 7 2022 Yara Ahmad - 2.38-24 - Improving the performance of bfd function lookup_func_by_offset * Thu Aug 04 2022 Nick Clifton - 2.38-23 diff --git a/sources b/sources index bdbede3..7f0ee0f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (binutils-2.19.50.0.1-output-format.sed) = 2f8686b0c8af13c98cda056824c2820416f6e2d003f70b78ccf5314525b9ee3684d421dfa83e638a2d42d06ea4d4bdaf5226b64d6ec26f7ff59c44ffb2a23dd2 SHA512 (binutils-2.38.tar.xz) = 8bf0b0d193c9c010e0518ee2b2e5a830898af206510992483b427477ed178396cd210235e85fd7bd99a96fc6d5eedbeccbd48317a10f752b7336ada8b2bb826d +SHA512 (binutils-2.19.50.0.1-output-format.sed) = 2f8686b0c8af13c98cda056824c2820416f6e2d003f70b78ccf5314525b9ee3684d421dfa83e638a2d42d06ea4d4bdaf5226b64d6ec26f7ff59c44ffb2a23dd2