- Fic configuration of s390x binutils so that it does not include support for extraneous targets. (#2139143)

- Fix readelf's decoding of files with no sections. (#2131609) - Stop potential infinite loop in the binutils DWARF parser. (#2122675)
2022-11-17 16:07:26 +01:00 · 2022-11-17 16:07:26 +01:00 · f44b483e75
commit f44b483e75
parent aff59727ba
4 changed files with 65 additions and 8 deletions
--- a/binutils-CVE-38128-dwarf-abbrev-parsing.patch
+++ b/binutils-CVE-38128-dwarf-abbrev-parsing.patch
@ -0,0 +1,15 @@
+--- binutils.orig/binutils/dwarf.c	2022-08-31 11:58:08.918685348 +0100
+++ binutils-2.39/binutils/dwarf.c	2022-08-31 15:24:13.881865797 +0100
+@@ -6365,7 +6365,11 @@ display_debug_abbrev (struct dwarf_secti
+ 	  list->start_of_next_abbrevs = start;
+ 	}
+       else
+-	start = list->start_of_next_abbrevs;
+	{
+	  if (start == list->start_of_next_abbrevs)
+	    break;
+	  start = list->start_of_next_abbrevs;
+	}
+ 
+       if (list->first_abbrev == NULL)
+ 	continue;
--- a/binutils-readelf-no-sections.patch
+++ b/binutils-readelf-no-sections.patch
@ -0,0 +1,29 @@
+--- binutils.orig/binutils/readelf.c	2022-10-03 13:20:42.707527855 +0100
+++ binutils-2.39/binutils/readelf.c	2022-10-03 13:21:25.785436781 +0100
+@@ -6357,6 +6357,13 @@ get_32bit_section_headers (Filedata * fi
+   /* PR binutils/17531: Cope with unexpected section header sizes.  */
+   if (size == 0 || num == 0)
+     return false;
+
+  /* The section header cannot be at the start of the file - that is
+     where the ELF file header is located.  A file with absolutely no
+     sections in it will use a shoff of 0.  */
+  if (filedata->file_header.e_shoff == 0)
+    return false;
+
+   if (size < sizeof * shdrs)
+     {
+       if (! probe)
+@@ -6421,6 +6428,12 @@ get_64bit_section_headers (Filedata * fi
+   if (size == 0 || num == 0)
+     return false;
+ 
+  /* The section header cannot be at the start of the file - that is
+     where the ELF file header is located.  A file with absolutely no
+     sections in it will use a shoff of 0.  */
+  if (filedata->file_header.e_shoff == 0)
+    return false;
+
+   if (size < sizeof * shdrs)
+     {
+       if (! probe)
--- a/binutils.spec
+++ b/binutils.spec
@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.38
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils

@ -341,6 +341,14 @@ Patch31: binutils-add-splay-tree-for-info_ptr.patch
 # Purpose: Fixing bug 2120752
 # Lifetime: Fixed in 2.39 
 Patch32: binutils-reduce-O-n2-performance-overhead-when-parsing-DWARF.patch
+
+# Purpose:  Stop an infinite loop in the binutils DWARF decoder.  (CVE 2022-38128)
+# Lifetime: Fixed in 2.40
+Patch33: binutils-CVE-38128-dwarf-abbrev-parsing.patch
+
+# Purpose:  Stop readelf from incorrectly decoding ELF files with no sections.
+# Lifetime: Fixed in 2.40
+Patch34: binutils-readelf-no-sections.patch
 #----------------------------------------------------------------------------

 Provides: bundled(libiberty)
@ -594,11 +602,11 @@ CARGS="$CARGS --enable-64-bit-bfd"
 # Also enable the BPF target so that strip will work on BPF files.
 case %{binutils_target} in
    s390*)
-        # FIXME: For some unknown reason settting --enable-targets=x86_64-pep
-        # here breaks the building of GOLD.  I have no idea why, and not enough
-        # knowledge of how gold is configured to fix quickly.  So instead I have
-        # found that supporting "all" targets works.
-	CARGS="$CARGS --enable-targets=all"
+	# Note - The s390-linux target is there so that the GOLD linker will
+	# build.  By default, if configured for just s390x-linux, the GOLD
+	# configure system will only include support for 64-bit targets, but
+	# the s390x gold backend uses both 32-bit and 64-bit templates.
+	CARGS="$CARGS --enable-targets=s390-linux,s390x-linux,x86_64-pep,bpf-unknown-none"
 	;;
    ia64*)
 	CARGS="$CARGS --enable-targets=ia64-linux,x86_64-pep,bpf-unknown-none"
@ -955,7 +963,12 @@ exit 0

 #----------------------------------------------------------------------------
 %changelog
-* Wed Aug 31 2022 Yara Ahmad  <yahmad@redhat.com> - 2.38-24
+* Wed Nov 16 2022 Yara Ahmad <yahmad@redhat.com> - 2.38-25
+- Fic configuration of s390x binutils so that it does not include support for extraneous targets. (#2139143)
+- Fix readelf's decoding of files with no sections.  (#2131609) 
+- Stop potential infinite loop in the binutils DWARF parser.  (#2122675)
+
+* Wed Sep 7 2022 Yara Ahmad  <yahmad@redhat.com> - 2.38-24
 - Improving the performance of bfd function lookup_func_by_offset

 * Thu Aug 04 2022 Nick Clifton  <nickc@redhat.com> - 2.38-23
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-SHA512 (binutils-2.19.50.0.1-output-format.sed) = 2f8686b0c8af13c98cda056824c2820416f6e2d003f70b78ccf5314525b9ee3684d421dfa83e638a2d42d06ea4d4bdaf5226b64d6ec26f7ff59c44ffb2a23dd2
 SHA512 (binutils-2.38.tar.xz) = 8bf0b0d193c9c010e0518ee2b2e5a830898af206510992483b427477ed178396cd210235e85fd7bd99a96fc6d5eedbeccbd48317a10f752b7336ada8b2bb826d
+SHA512 (binutils-2.19.50.0.1-output-format.sed) = 2f8686b0c8af13c98cda056824c2820416f6e2d003f70b78ccf5314525b9ee3684d421dfa83e638a2d42d06ea4d4bdaf5226b64d6ec26f7ff59c44ffb2a23dd2