Stop potential illegal memory access when disassembling an EFI binary.

Resolves: #1685727

binutils-CVE-2018-20002.patch

@@ -0,0 +1,56 @@
+diff -rup binutils.ori/bfd/syms.c binutils-2.31.1/bfd/syms.c
+--- binutils.ori/bfd/syms.c	2019-01-03 13:51:05.784005438 +0000
++++ binutils-2.31.1/bfd/syms.c	2019-01-03 13:53:43.238815129 +0000
+@@ -822,10 +822,18 @@ _bfd_generic_read_minisymbols (bfd *abfd
+   if (symcount < 0)
+     goto error_return;
+ 
+-  *minisymsp = syms;
+-  *sizep = sizeof (asymbol *);
++  if (symcount == 0)
++    /* We return 0 above when storage is 0.  Exit in the same state
++       here, so as to not complicate callers with having to deal with
++       freeing memory for zero symcount.  */
++    free (syms);
++  else
++    {
++      *minisymsp = syms;
++      *sizep = sizeof (asymbol *);
++    }
+ 
+-  return symcount;
++ return symcount;
+ 
+  error_return:
+   bfd_set_error (bfd_error_no_symbols);
+diff -rup binutils.ori/binutils/nm.c binutils-2.31.1/binutils/nm.c
+--- binutils.ori/binutils/nm.c	2019-01-03 13:51:06.337001258 +0000
++++ binutils-2.31.1/binutils/nm.c	2019-01-03 13:52:37.542311774 +0000
+@@ -1162,13 +1162,11 @@ display_rel_file (bfd *abfd, bfd *archiv
+       if (synth_count > 0)
+ 	{
+ 	  asymbol **symp;
+-	  void *new_mini;
+ 	  long i;
+ 
+-	  new_mini = xmalloc ((symcount + synth_count + 1) * sizeof (*symp));
+-	  symp = (asymbol **) new_mini;
+-	  memcpy (symp, minisyms, symcount * sizeof (*symp));
+-	  symp += symcount;
++	  minisyms = xrealloc (minisyms,
++			       (symcount + synth_count + 1) * sizeof (*symp));
++	  symp = (asymbol **) minisyms + symcount;
+ 	  for (i = 0; i < synth_count; i++)
+ 	    *symp++ = synthsyms + i;
+ 	  *symp = 0;
+diff -rup binutils.orig/binutils/nm.c binutils-2.31.1/binutils/nm.c
+--- binutils.orig/binutils/nm.c	2019-01-03 14:18:21.086458519 +0000
++++ binutils-2.31.1/binutils/nm.c	2019-01-03 14:18:23.642438853 +0000
+@@ -1170,7 +1170,6 @@ display_rel_file (bfd *abfd, bfd *archiv
+ 	  for (i = 0; i < synth_count; i++)
+ 	    *symp++ = synthsyms + i;
+ 	  *symp = 0;
+-	  minisyms = new_mini;
+ 	  symcount += synth_count;
+ 	}
+     }

binutils-CVE-2019-9073.patch

@@ -0,0 +1,13 @@
+--- binutils.orig/binutils/objdump.c	2019-02-25 16:12:30.394056901 +0000
++++ binutils-2.31.1/binutils/objdump.c	2019-02-25 16:13:07.224778005 +0000
+@@ -2993,7 +2993,9 @@ dump_bfd_header (bfd *abfd)
+ static void
+ dump_bfd_private_header (bfd *abfd)
+ {
+-  bfd_print_private_bfd_data (abfd, stdout);
++  if (!bfd_print_private_bfd_data (abfd, stdout))
++    non_fatal (_("warning: private headers incomplete: %s"),
++              bfd_errmsg (bfd_get_error ()));
+ }
+ 
+ static void

binutils-CVE-2019-9074.patch

@@ -0,0 +1,32 @@
+--- binutils.orig/bfd/pei-x86_64.c	2019-02-25 16:12:29.798061414 +0000
++++ binutils-2.31.1/bfd/pei-x86_64.c	2019-02-25 17:09:02.783425236 +0000
+@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd
+   /* virt_size might be zero for objects.  */
+   if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
+     {
+-      stop = (datasize / onaline) * onaline;
++      stop = datasize;
+       virt_size_is_zero = TRUE;
+     }
+   else if (datasize < stop)
+@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd
+ 		 _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
+ 		 pdata_section->name, (unsigned long) datasize,
+ 		 (unsigned long) stop);
+-	/* Be sure not to read passed datasize.  */
+-	stop = datasize / onaline;
++	/* Be sure not to read past datasize.  */
++	stop = datasize;
+       }
+ 
+   /* Display functions table.  */
+@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd
+ 	      altent += imagebase;
+ 
+ 	      if (altent >= pdata_vma
+-		  && (altent + PDATA_ROW_SIZE <= pdata_vma
+-		      + pei_section_data (abfd, pdata_section)->virt_size))
++		  && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
+ 		{
+ 		  pex64_get_runtime_function
+ 		    (abfd, &arf, &pdata[altent - pdata_vma]);

binutils-CVE-2019-9075.patch

@@ -0,0 +1,73 @@
+diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
+--- binutils.orig/bfd/archive64.c	2019-02-26 11:17:11.882530151 +0000
++++ binutils-2.31.1/bfd/archive64.c	2019-02-26 11:19:18.422488805 +0000
+@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
+     return FALSE;
+   carsyms = ardata->symdefs;
+   stringbase = ((char *) ardata->symdefs) + carsym_size;
+-  stringbase[stringsize] = 0;
+-  stringend = stringbase + stringsize;
+ 
+   raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
+   if (raw_armap == NULL)
+@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
+       goto release_raw_armap;
+     }
+ 
++  stringend = stringbase + stringsize;
++  *stringend = 0;
+   for (i = 0; i < nsymz; i++)
+     {
+       carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
+       carsyms->name = stringbase;
+-      if (stringbase < stringend)
+-	stringbase += strlen (stringbase) + 1;
++      stringbase += strlen (stringbase);
++      if (stringbase != stringend)
++	++stringbase;
+       ++carsyms;
+     }
+-  *stringbase = '\0';
+ 
+   ardata->symdef_count = nsymz;
+   ardata->first_file_filepos = bfd_tell (abfd);
+diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
+--- binutils.orig/bfd/archive.c	2019-02-26 11:17:11.884530134 +0000
++++ binutils-2.31.1/bfd/archive.c	2019-02-26 11:18:33.354859687 +0000
+@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
+   int *raw_armap, *rawptr;
+   struct artdata *ardata = bfd_ardata (abfd);
+   char *stringbase;
++  char *stringend;
+   bfd_size_type stringsize;
+   bfd_size_type parsed_size;
+   carsym *carsyms;
+@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
+     }
+ 
+   /* OK, build the carsyms.  */
+-  for (i = 0; i < nsymz && stringsize > 0; i++)
++  stringend = stringbase + stringsize;
++  *stringend = 0;
++  for (i = 0; i < nsymz; i++)
+     {
+       bfd_size_type len;
+ 
+       rawptr = raw_armap + i;
+       carsyms->file_offset = swap ((bfd_byte *) rawptr);
+       carsyms->name = stringbase;
+-      /* PR 17512: file: 4a1d50c1.  */
+-      len = strnlen (stringbase, stringsize);
+-      if (len < stringsize)
+-	len ++;
+-      stringbase += len;
+-      stringsize -= len;
++      stringbase += strlen (stringbase);
++      if (stringbase != stringend)
++	++stringbase;
+       carsyms++;
+     }
+-  *stringbase = 0;
+ 
+   ardata->symdef_count = nsymz;
+   ardata->first_file_filepos = bfd_tell (abfd);

binutils-CVE-2019-9077.patch

@@ -0,0 +1,16 @@
+--- binutils.orig/binutils/readelf.c	2019-02-26 11:17:12.414525772 +0000
++++ binutils-2.31.1/binutils/readelf.c	2019-02-26 12:11:40.642876742 +0000
+@@ -16009,6 +16009,13 @@ process_mips_specific (Filedata * fileda
+ 	  return FALSE;
+ 	}
+ 
++      /* PR 24243  */
++      if (sect->sh_size < sizeof (* eopt))
++	{
++	  error (_("The MIPS options section is too small.\n"));
++	  return FALSE;
++	}
++
+       eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
+                                                 sect->sh_size, _("options"));
+       if (eopt)

binutils-alignment-of-decompressed-sections.patch

@@ -0,0 +1,447 @@
+diff -rup binutils.orig/bfd/bfd.c binutils-2.31.1/bfd/bfd.c
+--- binutils.orig/bfd/bfd.c	2019-02-18 11:53:32.155652114 +0000
++++ binutils-2.31.1/bfd/bfd.c	2019-02-18 12:03:21.591459682 +0000
+@@ -2332,6 +2332,8 @@ bfd_update_compression_header (bfd *abfd
+ 		  bfd_put_32 (abfd, sec->size, &echdr->ch_size);
+ 		  bfd_put_32 (abfd, 1 << sec->alignment_power,
+ 			      &echdr->ch_addralign);
++		  /* bfd_log2 (alignof (Elf32_Chdr)).  */
++		  bfd_set_section_alignment (abfd, sec, 2);
+ 		}
+ 	      else
+ 		{
+@@ -2342,6 +2344,8 @@ bfd_update_compression_header (bfd *abfd
+ 		  bfd_put_64 (abfd, sec->size, &echdr->ch_size);
+ 		  bfd_put_64 (abfd, 1 << sec->alignment_power,
+ 			      &echdr->ch_addralign);
++		  /* bfd_log2 (alignof (Elf64_Chdr)).  */
++		  bfd_set_section_alignment (abfd, sec, 3);
+ 		}
+ 	    }
+ 	  else
+@@ -2354,6 +2358,8 @@ bfd_update_compression_header (bfd *abfd
+ 		 order.  */
+ 	      memcpy (contents, "ZLIB", 4);
+ 	      bfd_putb64 (sec->size, contents + 4);
++	      /* No way to keep the original alignment, just use 1 always.  */
++	      bfd_set_section_alignment (abfd, sec, 0);
+ 	    }
+ 	}
+     }
+@@ -2368,12 +2374,15 @@ bfd_update_compression_header (bfd *abfd
+    SYNOPSIS
+ 	bfd_boolean bfd_check_compression_header
+ 	  (bfd *abfd, bfd_byte *contents, asection *sec,
+-	  bfd_size_type *uncompressed_size);
++          bfd_size_type *uncompressed_size,
++          unsigned int *uncompressed_alignment_power);
++
+ 
+ DESCRIPTION
+ 	Check the compression header at CONTENTS of SEC in ABFD and
+-	store the uncompressed size in UNCOMPRESSED_SIZE if the
+-	compression header is valid.
++        store the uncompressed size in UNCOMPRESSED_SIZE and the
++        uncompressed data alignment in UNCOMPRESSED_ALIGNMENT_POWER
++        if the compression header is valid.
+ 
+ RETURNS
+ 	Return TRUE if the compression header is valid.
+@@ -2382,7 +2391,8 @@ RETURNS
+ bfd_boolean
+ bfd_check_compression_header (bfd *abfd, bfd_byte *contents,
+ 			      asection *sec,
+-			      bfd_size_type *uncompressed_size)
++			      bfd_size_type *uncompressed_size,
++			      unsigned int *uncompressed_alignment_power)
+ {
+   if (bfd_get_flavour (abfd) == bfd_target_elf_flavour
+       && (elf_section_flags (sec) & SHF_COMPRESSED) != 0)
+@@ -2404,9 +2414,10 @@ bfd_check_compression_header (bfd *abfd,
+ 	  chdr.ch_addralign = bfd_get_64 (abfd, &echdr->ch_addralign);
+ 	}
+       if (chdr.ch_type == ELFCOMPRESS_ZLIB
+-	  && chdr.ch_addralign == 1U << sec->alignment_power)
++	  && chdr.ch_addralign == (1U << bfd_log2 (chdr.ch_addralign)))
+ 	{
+ 	  *uncompressed_size = chdr.ch_size;
++	  *uncompressed_alignment_power = bfd_log2 (chdr.ch_addralign);
+ 	  return TRUE;
+ 	}
+     }
+diff -rup binutils.orig/bfd/bfd-in2.h binutils-2.31.1/bfd/bfd-in2.h
+--- binutils.orig/bfd/bfd-in2.h	2019-02-18 11:53:32.156652107 +0000
++++ binutils-2.31.1/bfd/bfd-in2.h	2019-02-18 12:00:23.849723903 +0000
+@@ -7274,7 +7274,8 @@ void bfd_update_compression_header
+ 
+ bfd_boolean bfd_check_compression_header
+    (bfd *abfd, bfd_byte *contents, asection *sec,
+-    bfd_size_type *uncompressed_size);
++    bfd_size_type *uncompressed_size,
++    unsigned int *uncompressed_alignment_power);
+ 
+ int bfd_get_compression_header_size (bfd *abfd, asection *sec);
+ 
+@@ -7850,7 +7851,8 @@ void bfd_cache_section_contents
+ bfd_boolean bfd_is_section_compressed_with_header
+    (bfd *abfd, asection *section,
+     int *compression_header_size_p,
+-    bfd_size_type *uncompressed_size_p);
++    bfd_size_type *uncompressed_size_p,
++    unsigned int *uncompressed_alignment_power_p);
+ 
+ bfd_boolean bfd_is_section_compressed
+    (bfd *abfd, asection *section);
+diff -rup binutils.orig/bfd/compress.c binutils-2.31.1/bfd/compress.c
+--- binutils.orig/bfd/compress.c	2019-02-18 11:53:32.153652128 +0000
++++ binutils-2.31.1/bfd/compress.c	2019-02-18 12:11:44.899886376 +0000
+@@ -84,11 +84,13 @@ bfd_compress_section_contents (bfd *abfd
+   int zlib_size = 0;
+   int orig_compression_header_size;
+   bfd_size_type orig_uncompressed_size;
++  unsigned int orig_uncompressed_alignment_pow;
+   int header_size = bfd_get_compression_header_size (abfd, NULL);
+   bfd_boolean compressed
+     = bfd_is_section_compressed_with_header (abfd, sec,
+ 					     &orig_compression_header_size,
+-					     &orig_uncompressed_size);
++					     &orig_uncompressed_size,
++					     &orig_uncompressed_alignment_pow);
+ 
+   /* Either ELF compression header or the 12-byte, "ZLIB" + 8-byte size,
+      overhead in .zdebug* section.  */
+@@ -153,6 +155,8 @@ bfd_compress_section_contents (bfd *abfd
+ 	      return 0;
+ 	    }
+ 	  free (uncompressed_buffer);
++	  bfd_set_section_alignment (abfd, sec,
++				     orig_uncompressed_alignment_pow);
+ 	  sec->contents = buffer;
+ 	  sec->compress_status = COMPRESS_SECTION_DONE;
+ 	  return orig_uncompressed_size;
+@@ -364,20 +368,25 @@ SYNOPSIS
+ 	bfd_boolean bfd_is_section_compressed_with_header
+ 	  (bfd *abfd, asection *section,
+ 	  int *compression_header_size_p,
+-	  bfd_size_type *uncompressed_size_p);
++	  bfd_size_type *uncompressed_size_p,
++	  unsigned int *uncompressed_alignment_power_p);
++
+ 
+ DESCRIPTION
+ 	Return @code{TRUE} if @var{section} is compressed.  Compression
+-	header size is returned in @var{compression_header_size_p} and
+-	uncompressed size is returned in @var{uncompressed_size_p}.  If
+-	compression is unsupported, compression header size is returned
+-	with -1 and uncompressed size is returned with 0.
++	header size is returned in @var{compression_header_size_p},
++        uncompressed size is returned in @var{uncompressed_size_p}
++        and the uncompressed data alignement power is returned in
++        @var{uncompressed_align_pow_p}.  If compression is
++        unsupported, compression header size is returned with -1
++        and uncompressed size is returned with 0.
+ */
+ 
+ bfd_boolean
+ bfd_is_section_compressed_with_header (bfd *abfd, sec_ptr sec,
+ 				       int *compression_header_size_p,
+-				       bfd_size_type *uncompressed_size_p)
++				       bfd_size_type *uncompressed_size_p,
++				       unsigned int *uncompressed_align_pow_p)
+ {
+   bfd_byte header[MAX_COMPRESSION_HEADER_SIZE];
+   int compression_header_size;
+@@ -385,6 +394,8 @@ bfd_is_section_compressed_with_header (b
+   unsigned int saved = sec->compress_status;
+   bfd_boolean compressed;
+ 
++  *uncompressed_align_pow_p = 0;
++
+   compression_header_size = bfd_get_compression_header_size (abfd, sec);
+   if (compression_header_size > MAX_COMPRESSION_HEADER_SIZE)
+     abort ();
+@@ -412,7 +423,8 @@ bfd_is_section_compressed_with_header (b
+       if (compression_header_size != 0)
+ 	{
+ 	  if (!bfd_check_compression_header (abfd, header, sec,
+-					     uncompressed_size_p))
++					     uncompressed_size_p,
++					     uncompressed_align_pow_p))
+ 	    compression_header_size = -1;
+ 	}
+       /* Check for the pathalogical case of a debug string section that
+@@ -449,9 +461,11 @@ bfd_is_section_compressed (bfd *abfd, se
+ {
+   int compression_header_size;
+   bfd_size_type uncompressed_size;
++  unsigned int uncompressed_align_power;
+   return (bfd_is_section_compressed_with_header (abfd, sec,
+ 						 &compression_header_size,
+-						 &uncompressed_size)
++						 &uncompressed_size,
++						 &uncompressed_align_power)
+ 	  && compression_header_size >= 0
+ 	  && uncompressed_size > 0);
+ }
+@@ -480,6 +494,7 @@ bfd_init_section_decompress_status (bfd
+   int compression_header_size;
+   int header_size;
+   bfd_size_type uncompressed_size;
++  unsigned int uncompressed_alignment_power = 0;
+ 
+   compression_header_size = bfd_get_compression_header_size (abfd, sec);
+   if (compression_header_size > MAX_COMPRESSION_HEADER_SIZE)
+@@ -508,7 +523,8 @@ bfd_init_section_decompress_status (bfd
+       uncompressed_size = bfd_getb64 (header + 4);
+     }
+   else if (!bfd_check_compression_header (abfd, header, sec,
+-					 &uncompressed_size))
++					  &uncompressed_size,
++					  &uncompressed_alignment_power))
+     {
+       bfd_set_error (bfd_error_wrong_format);
+       return FALSE;
+@@ -516,6 +532,7 @@ bfd_init_section_decompress_status (bfd
+ 
+   sec->compressed_size = sec->size;
+   sec->size = uncompressed_size;
++  bfd_set_section_alignment (abfd, sec, uncompressed_alignment_power);
+   sec->compress_status = DECOMPRESS_SECTION_SIZED;
+ 
+   return TRUE;
+diff -rup binutils.orig/bfd/elf.c binutils-2.31.1/bfd/elf.c
+--- binutils.orig/bfd/elf.c	2019-02-18 11:53:32.161652071 +0000
++++ binutils-2.31.1/bfd/elf.c	2019-02-18 12:08:52.135108638 +0000
+@@ -1177,10 +1177,12 @@ _bfd_elf_make_section_from_shdr (bfd *ab
+       enum { nothing, compress, decompress } action = nothing;
+       int compression_header_size;
+       bfd_size_type uncompressed_size;
++      unsigned int uncompressed_align_power;
+       bfd_boolean compressed
+ 	= bfd_is_section_compressed_with_header (abfd, newsect,
+ 						 &compression_header_size,
+-						 &uncompressed_size);
++						 &uncompressed_size,
++						 &uncompressed_align_power);
+ 
+       if (compressed)
+ 	{
+diff -rup binutils.orig/binutils/readelf.c binutils-2.31.1/binutils/readelf.c
+--- binutils.orig/binutils/readelf.c	2019-02-18 11:53:32.947646480 +0000
++++ binutils-2.31.1/binutils/readelf.c	2019-02-18 12:10:13.142535034 +0000
+@@ -13366,12 +13366,6 @@ dump_section_as_strings (Elf_Internal_Sh
+ 		    printable_section_name (filedata, section), chdr.ch_type);
+ 	      return FALSE;
+ 	    }
+-	  else if (chdr.ch_addralign != section->sh_addralign)
+-	    {
+-	      warn (_("compressed section '%s' is corrupted\n"),
+-		    printable_section_name (filedata, section));
+-	      return FALSE;
+-	    }
+ 	  uncompressed_size = chdr.ch_size;
+ 	  start += compression_header_size;
+ 	  new_size -= compression_header_size;
+@@ -13513,12 +13507,6 @@ dump_section_as_bytes (Elf_Internal_Shdr
+ 		    printable_section_name (filedata, section), chdr.ch_type);
+ 	      return FALSE;
+ 	    }
+-	  else if (chdr.ch_addralign != section->sh_addralign)
+-	    {
+-	      warn (_("compressed section '%s' is corrupted\n"),
+-		    printable_section_name (filedata, section));
+-	      return FALSE;
+-	    }
+ 	  uncompressed_size = chdr.ch_size;
+ 	  start += compression_header_size;
+ 	  new_size -= compression_header_size;
+@@ -13688,12 +13676,6 @@ load_specific_debug_section (enum dwarf_
+ 		    section->name, chdr.ch_type);
+ 	      return FALSE;
+ 	    }
+-	  else if (chdr.ch_addralign != sec->sh_addralign)
+-	    {
+-	      warn (_("compressed section '%s' is corrupted\n"),
+-		    section->name);
+-	      return FALSE;
+-	    }
+ 	  uncompressed_size = chdr.ch_size;
+ 	  start += compression_header_size;
+ 	  size -= compression_header_size;
+diff -rup binutils.orig/binutils/testsuite/binutils-all/dw2-3.rS binutils-2.31.1/binutils/testsuite/binutils-all/dw2-3.rS
+--- binutils.orig/binutils/testsuite/binutils-all/dw2-3.rS	2019-02-18 11:53:32.908646758 +0000
++++ binutils-2.31.1/binutils/testsuite/binutils-all/dw2-3.rS	2019-02-18 12:10:40.884338917 +0000
+@@ -1,3 +1,3 @@
+ #...
+- +\[[ 0-9]+\] .debug_info +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ [0-9a-f]+ +C +0 +0 +1
++ +\[[ 0-9]+\] .debug_info +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ [0-9a-f]+ +C +0 +0 +(4|8)
+ #pass
+diff -rup binutils.orig/binutils/testsuite/binutils-all/dw2-3.rt binutils-2.31.1/binutils/testsuite/binutils-all/dw2-3.rt
+--- binutils.orig/binutils/testsuite/binutils-all/dw2-3.rt	2019-02-18 11:53:32.905646779 +0000
++++ binutils-2.31.1/binutils/testsuite/binutils-all/dw2-3.rt	2019-02-18 12:11:13.476108521 +0000
+@@ -1,6 +1,6 @@
+ #...
+  +\[[ 0-9]+\] .debug_info
+- +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ +[0-9a-f]+ +0 +0 +1
++ +(PROGBITS|MIPS_DWARF) +0+ +[0-9a-f]+ +[0-9a-f]+ +[0-9a-f]+ +0 +0 +(4|8)
+  +\[0+800\]: COMPRESSED
+  +ZLIB, 0+9d, 1
+ #pass
+diff -rup binutils.orig/gold/merge.cc binutils-2.31.1/gold/merge.cc
+--- binutils.orig/gold/merge.cc	2019-02-18 11:53:32.210651723 +0000
++++ binutils-2.31.1/gold/merge.cc	2019-02-18 12:12:59.027362334 +0000
+@@ -440,9 +440,11 @@ Output_merge_string<Char_type>::do_add_i
+ {
+   section_size_type sec_len;
+   bool is_new;
++  uint64_t addralign = this->addralign();
+   const unsigned char* pdata = object->decompressed_section_contents(shndx,
+ 								     &sec_len,
+-								     &is_new);
++								     &is_new,
++								     &addralign);
+ 
+   const Char_type* p = reinterpret_cast<const Char_type*>(pdata);
+   const Char_type* pend = p + sec_len / sizeof(Char_type);
+@@ -494,7 +496,7 @@ Output_merge_string<Char_type>::do_add_i
+   // aligned, so each string within the section must retain the same
+   // modulo.
+   uintptr_t init_align_modulo = (reinterpret_cast<uintptr_t>(pdata)
+-				 & (this->addralign() - 1));
++				 & (addralign - 1));
+   bool has_misaligned_strings = false;
+ 
+   while (p < pend)
+@@ -503,7 +505,7 @@ Output_merge_string<Char_type>::do_add_i
+ 
+       // Within merge input section each string must be aligned.
+       if (len != 0
+-	  && ((reinterpret_cast<uintptr_t>(p) & (this->addralign() - 1))
++	  && ((reinterpret_cast<uintptr_t>(p) & (addralign - 1))
+ 	      != init_align_modulo))
+ 	  has_misaligned_strings = true;
+ 
+diff -rup binutils.orig/gold/object.cc binutils-2.31.1/gold/object.cc
+--- binutils.orig/gold/object.cc	2019-02-18 11:53:32.208651737 +0000
++++ binutils-2.31.1/gold/object.cc	2019-02-18 12:16:35.938828914 +0000
+@@ -751,11 +751,13 @@ build_compressed_section_map(
+ 	      const unsigned char* contents =
+ 		  obj->section_contents(i, &len, false);
+ 	      uint64_t uncompressed_size;
++	      Compressed_section_info info;
+ 	      if (is_zcompressed)
+ 		{
+ 		  // Skip over the ".zdebug" prefix.
+ 		  name += 7;
+ 		  uncompressed_size = get_uncompressed_size(contents, len);
++		  info.addralign = shdr.get_sh_addralign();
+ 		}
+ 	      else
+ 		{
+@@ -763,8 +765,8 @@ build_compressed_section_map(
+ 		  name += 6;
+ 		  elfcpp::Chdr<size, big_endian> chdr(contents);
+ 		  uncompressed_size = chdr.get_ch_size();
++		  info.addralign = chdr.get_ch_addralign();
+ 		}
+-	      Compressed_section_info info;
+ 	      info.size = convert_to_section_size_type(uncompressed_size);
+ 	      info.flag = shdr.get_sh_flags();
+ 	      info.contents = NULL;
+@@ -3060,7 +3062,8 @@ const unsigned char*
+ Object::decompressed_section_contents(
+     unsigned int shndx,
+     section_size_type* plen,
+-    bool* is_new)
++    bool* is_new,
++    uint64_t* palign)
+ {
+   section_size_type buffer_size;
+   const unsigned char* buffer = this->do_section_contents(shndx, &buffer_size,
+@@ -3087,6 +3090,8 @@ Object::decompressed_section_contents(
+     {
+       *plen = uncompressed_size;
+       *is_new = false;
++      if (palign != NULL)
++	*palign = p->second.addralign;
+       return p->second.contents;
+     }
+ 
+@@ -3108,6 +3113,8 @@ Object::decompressed_section_contents(
+   // once in this pass.
+   *plen = uncompressed_size;
+   *is_new = true;
++  if (palign != NULL)
++    *palign = p->second.addralign;
+   return uncompressed_data;
+ }
+ 
+diff -rup binutils.orig/gold/object.h binutils-2.31.1/gold/object.h
+--- binutils.orig/gold/object.h	2019-02-18 11:53:32.210651723 +0000
++++ binutils-2.31.1/gold/object.h	2019-02-18 12:17:50.625300926 +0000
+@@ -373,6 +373,7 @@ struct Compressed_section_info
+ {
+   section_size_type size;
+   elfcpp::Elf_Xword flag;
++  uint64_t addralign;
+   const unsigned char* contents;
+ };
+ typedef std::map<unsigned int, Compressed_section_info> Compressed_section_map;
+@@ -808,7 +809,8 @@ class Object
+ 
+   bool
+   section_is_compressed(unsigned int shndx,
+-			section_size_type* uncompressed_size) const
++			section_size_type* uncompressed_size,
++			elfcpp::Elf_Xword* palign = NULL) const
+   {
+     if (this->compressed_sections_ == NULL)
+       return false;
+@@ -818,6 +820,8 @@ class Object
+       {
+ 	if (uncompressed_size != NULL)
+ 	  *uncompressed_size = p->second.size;
++	if (palign != NULL)
++	  *palign = p->second.addralign;
+ 	return true;
+       }
+     return false;
+@@ -828,7 +832,7 @@ class Object
+   // by the caller.
+   const unsigned char*
+   decompressed_section_contents(unsigned int shndx, section_size_type* plen,
+-				bool* is_cached);
++				bool* is_cached, uint64_t* palign = NULL);
+ 
+   // Discard any buffers of decompressed sections.  This is done
+   // at the end of the Add_symbols task.
+diff -rup binutils.orig/gold/output.cc binutils-2.31.1/gold/output.cc
+--- binutils.orig/gold/output.cc	2019-02-18 11:53:32.209651729 +0000
++++ binutils-2.31.1/gold/output.cc	2019-02-18 12:18:39.729953797 +0000
+@@ -2448,7 +2448,14 @@ Output_section::add_input_section(Layout
+ 				  unsigned int reloc_shndx,
+ 				  bool have_sections_script)
+ {
++  section_size_type input_section_size = shdr.get_sh_size();
++  section_size_type uncompressed_size;
+   elfcpp::Elf_Xword addralign = shdr.get_sh_addralign();
++
++  if (object->section_is_compressed(shndx, &uncompressed_size,
++                                   &addralign))
++    input_section_size = uncompressed_size;
++
+   if ((addralign & (addralign - 1)) != 0)
+     {
+       object->error(_("invalid alignment %lu for section \"%s\""),
+@@ -2498,11 +2505,6 @@ Output_section::add_input_section(Layout
+ 	}
+     }
+ 
+-  section_size_type input_section_size = shdr.get_sh_size();
+-  section_size_type uncompressed_size;
+-  if (object->section_is_compressed(shndx, &uncompressed_size))
+-    input_section_size = uncompressed_size;
+-
+   off_t offset_in_section;
+ 
+   if (this->has_fixed_layout())

binutils-delay-ld-script-constant-eval.patch

@@ -0,0 +1,196 @@
+diff -rup binutils.orig/ld/emultempl/pe.em binutils-2.31.1/ld/emultempl/pe.em
+--- binutils.orig/ld/emultempl/pe.em	2018-09-04 11:00:05.546667021 +0100
++++ binutils-2.31.1/ld/emultempl/pe.em	2018-09-04 11:00:58.427292612 +0100
+@@ -2165,7 +2165,7 @@ gld_${EMULATION_NAME}_place_orphan (asec
+ 			       &add_child);
+       if (bfd_link_relocatable (&link_info))
+ 	{
+-	  os->section_alignment = s->alignment_power;
++	  os->section_alignment = exp_intop (1U << s->alignment_power);
+ 	  os->bfd_section->alignment_power = s->alignment_power;
+ 	}
+     }
+diff -rup binutils.orig/ld/emultempl/pep.em binutils-2.31.1/ld/emultempl/pep.em
+--- binutils.orig/ld/emultempl/pep.em	2018-09-04 11:00:05.545667029 +0100
++++ binutils-2.31.1/ld/emultempl/pep.em	2018-09-04 11:01:29.340073740 +0100
+@@ -1962,7 +1962,7 @@ gld_${EMULATION_NAME}_place_orphan (asec
+ 			       &add_child);
+       if (bfd_link_relocatable (&link_info))
+ 	{
+-	  os->section_alignment = s->alignment_power;
++	  os->section_alignment = exp_intop (1U << s->alignment_power);
+ 	  os->bfd_section->alignment_power = s->alignment_power;
+ 	}
+     }
+diff -rup binutils.orig/ld/ldexp.c binutils-2.31.1/ld/ldexp.c
+--- binutils.orig/ld/ldexp.c	2018-09-04 11:00:05.535667100 +0100
++++ binutils-2.31.1/ld/ldexp.c	2018-09-04 11:03:29.179225246 +0100
+@@ -1528,6 +1528,28 @@ exp_get_value_int (etree_type *tree, int
+   return exp_get_vma (tree, def, name);
+ }
+ 
++/* Return the smallest non-negative integer such that two raised to
++   that power is at least as large as the vma evaluated at TREE, if
++   TREE is a non-NULL expression that can be resolved.  If TREE is
++   NULL or cannot be resolved, return -1.  */
++
++signed int
++exp_get_power (etree_type *tree, char *name)
++{
++  bfd_vma x = exp_get_vma (tree, -1, name);
++  bfd_vma p2;
++  int n;
++
++  if (x == (bfd_vma) -1)
++    return -1;
++
++  for (n = 0, p2 = 1; p2 < x; ++n, p2 <<= 1)
++    if (p2 == 0)
++      break;
++
++  return n;
++}
++
+ fill_type *
+ exp_get_fill (etree_type *tree, fill_type *def, char *name)
+ {
+diff -rup binutils.orig/ld/ldexp.h binutils-2.31.1/ld/ldexp.h
+--- binutils.orig/ld/ldexp.h	2018-09-04 11:00:05.536667092 +0100
++++ binutils-2.31.1/ld/ldexp.h	2018-09-04 11:04:12.937915422 +0100
+@@ -231,6 +231,8 @@ bfd_vma exp_get_vma
+   (etree_type *, bfd_vma, char *);
+ int exp_get_value_int
+   (etree_type *, int, char *);
++signed int exp_get_power
++  (etree_type *, char *);
+ fill_type *exp_get_fill
+   (etree_type *, fill_type *, char *);
+ bfd_vma exp_get_abs_int
+diff -rup binutils.orig/ld/ldlang.c binutils-2.31.1/ld/ldlang.c
+--- binutils.orig/ld/ldlang.c	2018-09-04 11:00:05.536667092 +0100
++++ binutils-2.31.1/ld/ldlang.c	2018-09-04 11:07:42.249433438 +0100
+@@ -1199,8 +1199,8 @@ output_section_statement_newfunc (struct
+   ret = (struct out_section_hash_entry *) entry;
+   memset (&ret->s, 0, sizeof (ret->s));
+   ret->s.header.type = lang_output_section_statement_enum;
+-  ret->s.output_section_statement.subsection_alignment = -1;
+-  ret->s.output_section_statement.section_alignment = -1;
++  ret->s.output_section_statement.subsection_alignment = NULL;
++  ret->s.output_section_statement.section_alignment = NULL;
+   ret->s.output_section_statement.block_value = 1;
+   lang_list_init (&ret->s.output_section_statement.children);
+   lang_statement_append (stat_ptr, &ret->s, &ret->s.header.next);
+@@ -2193,8 +2193,9 @@ init_os (lang_output_section_statement_t
+     exp_init_os (s->load_base);
+ 
+   /* If supplied an alignment, set it.  */
+-  if (s->section_alignment != -1)
+-    s->bfd_section->alignment_power = s->section_alignment;
++  if (s->section_alignment != NULL)
++    s->bfd_section->alignment_power = exp_get_power (s->section_alignment,
++                                                    "section alignment");
+ }
+ 
+ /* Make sure that all output sections mentioned in an expression are
+@@ -4706,8 +4707,10 @@ size_input_section
+ 	 is greater than any seen before, then record it too.  Perform
+ 	 the alignment by inserting a magic 'padding' statement.  */
+ 
+-      if (output_section_statement->subsection_alignment != -1)
+-	i->alignment_power = output_section_statement->subsection_alignment;
++      if (output_section_statement->subsection_alignment != NULL)
++	i->alignment_power
++	  = exp_get_power (output_section_statement->subsection_alignment,
++			   "subsection alignment");
+ 
+       if (o->alignment_power < i->alignment_power)
+ 	o->alignment_power = i->alignment_power;
+@@ -5147,7 +5150,8 @@ lang_size_sections_1
+ 		    section_alignment = os->bfd_section->alignment_power;
+ 		  }
+ 		else
+-		  section_alignment = os->section_alignment;
++                 section_alignment = exp_get_power (os->section_alignment,
++                                                    "section alignment");
+ 
+ 		/* Align to what the section needs.  */
+ 		if (section_alignment > 0)
+@@ -5225,7 +5229,8 @@ lang_size_sections_1
+ 		       only align according to the value in the output
+ 		       statement.  */
+ 		    if (os->lma_region != os->region)
+-		      section_alignment = os->section_alignment;
++		      section_alignment = exp_get_power (os->section_alignment,
++							 "section alignment");
+ 		    if (section_alignment > 0)
+ 		      lma = align_power (lma, section_alignment);
+ 		  }
+@@ -6673,25 +6678,6 @@ lang_add_output (const char *name, int f
+     }
+ }
+ 
+-static int
+-topower (int x)
+-{
+-  unsigned int i = 1;
+-  int l;
+-
+-  if (x < 0)
+-    return -1;
+-
+-  for (l = 0; l < 32; l++)
+-    {
+-      if (i >= (unsigned int) x)
+-	return l;
+-      i <<= 1;
+-    }
+-
+-  return 0;
+-}
+-
+ lang_output_section_statement_type *
+ lang_enter_output_section_statement (const char *output_section_statement_name,
+ 				     etree_type *address_exp,
+@@ -6727,10 +6713,8 @@ lang_enter_output_section_statement (con
+     einfo (_("%F%P:%pS: error: align with input and explicit align specified\n"),
+ 	   NULL);
+ 
+-  os->subsection_alignment =
+-    topower (exp_get_value_int (subalign, -1, "subsection alignment"));
+-  os->section_alignment =
+-    topower (exp_get_value_int (align, -1, "section alignment"));
++  os->subsection_alignment = subalign;
++  os->section_alignment = align;
+ 
+   os->load_base = ebase;
+   return os;
+@@ -7748,7 +7732,7 @@ lang_new_phdr (const char *name,
+   n = (struct lang_phdr *) stat_alloc (sizeof (struct lang_phdr));
+   n->next = NULL;
+   n->name = name;
+-  n->type = exp_get_value_int (type, 0, "program header type");
++  n->type = exp_get_vma (type, 0, "program header type");
+   n->filehdr = filehdr;
+   n->phdrs = phdrs;
+   n->at = at;
+diff -rup binutils.orig/ld/ldlang.h binutils-2.31.1/ld/ldlang.h
+--- binutils.orig/ld/ldlang.h	2018-09-04 11:00:05.533667114 +0100
++++ binutils-2.31.1/ld/ldlang.h	2018-09-04 11:08:29.224100845 +0100
+@@ -143,6 +143,8 @@ typedef struct lang_output_section_state
+   fill_type *fill;
+   union etree_union *addr_tree;
+   union etree_union *load_base;
++  union etree_union *section_alignment;
++  union etree_union *subsection_alignment;
+ 
+   /* If non-null, an expression to evaluate after setting the section's
+      size.  The expression is evaluated inside REGION (above) with '.'
+@@ -153,8 +155,6 @@ typedef struct lang_output_section_state
+   lang_output_section_phdr_list *phdrs;
+ 
+   unsigned int block_value;
+-  int subsection_alignment;	/* Alignment of components.  */
+-  int section_alignment;	/* Alignment of start of section.  */
+   int constraint;
+   flagword flags;
+   enum section_type sectype;

binutils-detect-corrupt-sym-version-info.patch

@@ -0,0 +1,52 @@
+diff -rup binutils,orig/bfd/elf.c binutils-2.31.1/bfd/elf.c
+--- binutils,orig/bfd/elf.c	2018-08-28 12:38:29.987511521 +0100
++++ binutils-2.31.1/bfd/elf.c	2018-08-28 12:39:35.010036349 +0100
+@@ -1877,7 +1877,7 @@ _bfd_elf_get_symbol_version_string (bfd
+ 	{
+ 	  Elf_Internal_Verneed *t;
+ 
+-	  version_string = "";
++	  version_string = _("<corrupt>");
+ 	  for (t = elf_tdata (abfd)->verref;
+ 	       t != NULL;
+ 	       t = t->vn_nextref)
+diff -rup binutils,orig/binutils/readelf.c binutils-2.31.1/binutils/readelf.c
+--- binutils,orig/binutils/readelf.c	2018-08-28 12:38:30.552507392 +0100
++++ binutils-2.31.1/binutils/readelf.c	2018-08-28 12:42:04.625942967 +0100
+@@ -11263,6 +11263,7 @@ get_symbol_version_string (Filedata *
+   unsigned char data[2];
+   unsigned short vers_data;
+   unsigned long offset;
++  unsigned short max_vd_ndx;
+ 
+   if (!is_dynsym
+       || version_info[DT_VERSIONTAGIDX (DT_VERSYM)] == 0)
+@@ -11280,6 +11281,8 @@ get_symbol_version_string (Filedata *
+   if ((vers_data & VERSYM_HIDDEN) == 0 && vers_data == 0)
+     return NULL;
+ 
++  max_vd_ndx = 0;
++
+   /* Usually we'd only see verdef for defined symbols, and verneed for
+      undefined symbols.  However, symbols defined by the linker in
+      .dynbss for variables copied from a shared library in order to
+@@ -11322,6 +11325,9 @@ get_symbol_version_string (Filedata *
+ 	      ivd.vd_flags = BYTE_GET (evd.vd_flags);
+ 	    }
+ 
++	  if ((ivd.vd_ndx & VERSYM_VERSION) > max_vd_ndx)
++	    max_vd_ndx = ivd.vd_ndx & VERSYM_VERSION;
++
+ 	  off += ivd.vd_next;
+ 	}
+       while (ivd.vd_ndx != (vers_data & VERSYM_VERSION) && ivd.vd_next != 0);
+@@ -11413,6 +11419,9 @@ get_symbol_version_string (Filedata *
+ 	  return (ivna.vna_name < strtab_size
+ 		  ? strtab + ivna.vna_name : _("<corrupt>"));
+ 	}
++      else if ((max_vd_ndx || (vers_data & VERSYM_VERSION) != 1)
++	       && (vers_data & VERSYM_VERSION) > max_vd_ndx)
++	return _("<corrupt>");
+     }
+   return NULL;
+ }

binutils-disassembling-efi-files.patch

@@ -0,0 +1,39 @@
+diff -rup binutils.orig/bfd/coffgen.c binutils-2.31.1/bfd/coffgen.c
+--- binutils.orig/bfd/coffgen.c	2019-03-06 08:49:19.500586870 +0000
++++ binutils-2.31.1/bfd/coffgen.c	2019-03-06 08:49:45.798394582 +0000
+@@ -2289,7 +2289,7 @@ coff_find_nearest_line_with_names (bfd *
+      information.  So try again, using a bias against the address sought.  */
+   if (coff_data (abfd)->dwarf2_find_line_info != NULL)
+     {
+-      bfd_signed_vma bias;
++      bfd_signed_vma bias = 0;
+ 
+       /* Create a cache of the result for the next call.  */
+       if (sec_data == NULL && section->owner == abfd)
+@@ -2301,10 +2301,11 @@ coff_find_nearest_line_with_names (bfd *
+ 
+       if (sec_data != NULL && sec_data->saved_bias)
+ 	bias = sec_data->saved_bias;
+-      else
++      else if (symbols)
+ 	{
+ 	  bias = _bfd_dwarf2_find_symbol_bias (symbols,
+ 					       & coff_data (abfd)->dwarf2_find_line_info);
++
+ 	  if (sec_data)
+ 	    {
+ 	      sec_data->saved_bias = TRUE;
+Only in binutils-2.31.1/bfd: coffgen.c.orig
+diff -rup binutils.orig/bfd/dwarf2.c binutils-2.31.1/bfd/dwarf2.c
+--- binutils.orig/bfd/dwarf2.c	2019-03-06 08:49:19.498586884 +0000
++++ binutils-2.31.1/bfd/dwarf2.c	2019-03-06 08:49:45.799394575 +0000
+@@ -4463,7 +4463,7 @@ _bfd_dwarf2_find_symbol_bias (asymbol **
+ 
+   stash = (struct dwarf2_debug *) *pinfo;
+ 
+-  if (stash == NULL)
++  if (stash == NULL || symbols == NULL)
+     return 0;
+ 
+   for (unit = stash->all_comp_units; unit; unit = unit->next_unit)
+Only in binutils-2.31.1/bfd: dwarf2.c.orig

binutils-gas-input-matches-output.patch

@@ -0,0 +1,37 @@
+--- binutils.orig/gas/as.c	2019-01-30 11:02:04.055574300 +0000
++++ binutils-2.31.1/gas/as.c	2019-01-30 11:03:12.212050935 +0000
+@@ -1254,14 +1254,27 @@ main (int argc, char ** argv)
+ 	{
+ 	  struct stat sib;
+ 
+-	  if (stat (argv[i], &sib) == 0)
++	  /* Check that the input file and output file are different.  */
++	  if (stat (argv[i], &sib) == 0
++	      && sib.st_ino == sob.st_ino
++	      /* POSIX emulating systems may support stat() but if the
++		 underlying file system does not support a file serial number
++		 of some kind then they will return 0 for the inode.  So
++		 two files with an inode of 0 may not actually be the same.
++		 On real POSIX systems no ordinary file will ever have an
++		 inode of 0.  */
++	      && sib.st_ino != 0
++	      /* Different files may have the same inode number if they
++		 reside on different devices, so check the st_dev field as
++		 well.  */
++	      && sib.st_dev == sob.st_dev)
+ 	    {
+-	      if (sib.st_ino == sob.st_ino && sib.st_ino != 0)
+-		{
+-		  /* Don't let as_fatal remove the output file!  */
+-		  out_file_name = NULL;
+-		  as_fatal (_("The input and output files must be distinct"));
+-		}
++	      const char *saved_out_file_name = out_file_name;
++
++	      /* Don't let as_fatal remove the output file!  */
++	      out_file_name = NULL;
++	      as_fatal (_("The input '%s' and output '%s' files are the same"),
++			argv[i], saved_out_file_name);
+ 	    }
+ 	}
+     }

binutils-gold-discard-version-info.patch

@@ -0,0 +1,35 @@
+diff -rup binutils.orig/gold/options.h binutils-2.31.1/gold/options.h
+--- binutils.orig/gold/options.h	2018-11-28 13:43:45.192094029 +0000
++++ binutils-2.31.1/gold/options.h	2018-11-28 13:44:30.616758345 +0000
+@@ -1358,6 +1358,10 @@ class General_options
+ 	      N_("Warn about duplicate common symbols"),
+ 	      N_("Do not warn about duplicate common symbols"));
+ 
++  DEFINE_bool(warn_drop_version, options::TWO_DASHES, '\0', false,
++             N_("Warn when discarding version information"),
++             N_("Do not warn when discarding version information"));
++
+   DEFINE_bool_ignore(warn_constructors, options::TWO_DASHES, '\0',
+ 		     N_("Ignored"), N_("Ignored"));
+ 
+diff -rup binutils.orig/gold/symtab.cc binutils-2.31.1/gold/symtab.cc
+--- binutils.orig/gold/symtab.cc	2018-11-28 13:43:45.193094021 +0000
++++ binutils-2.31.1/gold/symtab.cc	2018-11-28 13:45:13.479441595 +0000
+@@ -2623,11 +2623,12 @@ Symbol_table::set_dynsym_indexes(unsigne
+ 		versions->record_version(this, dynpool, sym);
+ 	      else
+ 		{
+-		  gold_warning(_("discarding version information for "
+-				 "%s@%s, defined in unused shared library %s "
+-				 "(linked with --as-needed)"),
+-			       sym->name(), sym->version(),
+-			       sym->object()->name().c_str());
++		  if (parameters->options().warn_drop_version())
++		    gold_warning(_("discarding version information for "
++                                  "%s@%s, defined in unused shared library %s "
++                                  "(linked with --as-needed)"),
++                                sym->name(), sym->version(),
++                                sym->object()->name().c_str());
+ 		  sym->clear_version();
+ 		}
+ 	    }

binutils-note-merge-improvements.patch

@@ -9,7 +9,7 @@
  	must be preserved.
       4. Combine the numeric value of any NT_GNU_BUILD_ATTRIBUTE_OPEN notes
          of type GNU_BUILD_ATTRIBUTE_STACK_SIZE.
-@@ -2182,16 +2182,48 @@ merge_gnu_build_notes (bfd * abfd, asect
+@@ -2182,16 +2182,47 @@ merge_gnu_build_notes (bfd * abfd, asect
          its description field is empty then the nearest preceeding OPEN note
  	with a non-empty description field must also be preserved *OR* the
  	description field of the note must be changed to contain the starting
@@ -45,7 +45,6 @@
 +		  && back->note.namesz == pnote->note.namesz
 +		  && memcmp (back->note.namedata, pnote->note.namedata, pnote->note.namesz) == 0)
 +		{
-+ fprintf (stderr, "DUP FUNXC\n");
 +		  duplicate_found = TRUE;
 +		  pnote->note.type = 0;
 +		  break;

binutils-ppc64-local-ifunc-relocs.patch

@@ -0,0 +1,12 @@
+--- binutils.orig/bfd/elf64-ppc.c	2019-02-20 10:58:09.700552616 +0000
++++ binutils-2.31.1/bfd/elf64-ppc.c	2019-02-20 10:59:15.989062349 +0000
+@@ -13530,7 +13530,8 @@ write_plt_relocs_for_local_syms (struct
+ 		}
+ 
+ 	      val = sym->st_value + ent->addend;
+-	      val += PPC64_LOCAL_ENTRY_OFFSET (sym->st_other);
++	      if (ELF_ST_TYPE (sym->st_info) != STT_GNU_IFUNC)
++		val += PPC64_LOCAL_ENTRY_OFFSET (sym->st_other);
+ 	      if (sym_sec != NULL && sym_sec->output_section != NULL)
+ 		val += sym_sec->output_offset + sym_sec->output_section->vma;
+ 

binutils.spec

@@ -46,7 +46,7 @@
 
 %if %{with debug}
 %undefine with_testsuite
-%endif1599521)
+%endif
 
 %if 0%{!?binutils_target:1}
 %define binutils_target %{_target_platform}
@@ -69,7 +69,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.31.1
-Release: 11%{?dist}
+Release: 24%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -177,6 +177,56 @@ Patch14: binutils-merge-attribute-sections.patch
 # Lifetime: Fixed in 2.32
 Patch15: binutils-note-merge-improvements.patch
 
+# Purpose:  Detect and report corrupt symbol version information.
+# Lifetime: Fixed in 2.32
+Patch16: binutils-detect-corrupt-sym-version-info.patch
+
+# Purpose:  Delay the evaluation of linker script constants until
+#            after the configuration options have been set.
+# Lifetime: Fixed in 2.32
+Patch17: binutils-delay-ld-script-constant-eval.patch
+
+# Purpose:  Stop gold from issuing warnings about dropped version
+#            information, unless explicitly requested otherwise.
+# Lifetime: Fixed in 2.32
+Patch18: binutils-gold-discard-version-info.patch
+
+# Purpose:  Fix a memory leak reading minisymbols.
+# Lifetime: Fixed in 2.32
+Patch19: binutils-CVE-2018-20002.patch
+
+# Purpose:  Fix assembler check for an output file matching an input file.
+# Lifetime: Fixed in 2.32
+Patch20: binutils-gas-input-matches-output.patch
+
+# Purpose:  Ensure that decompressed sections have the correct alignment.
+# Lifetime: Fixed in 2.32
+Patch21: binutils-alignment-of-decompressed-sections.patch
+
+# Purpose:  Correct the generation of relocations for local ifuncs on PowerPC64
+# Lifetime: Fixed in 2.32
+Patch22: binutils-ppc64-local-ifunc-relocs.patch
+
+# Purpose:  Improve objdump's handling of corrupt input files.
+# Lifetime: Fixed in 2.33
+Patch23: binutils-CVE-2019-9073.patch
+
+# Purpose:  Stop illegal memory access parsing corrupt PE files.
+# Lifetime: Fixed in 2.33
+Patch24: binutils-CVE-2019-9074.patch
+
+# Purpose:  Stop illegal memory access parsing corrupt archives.
+# Lifetime: Fixed in 2.33
+Patch25: binutils-CVE-2019-9075.patch
+
+# Purpose:  Stop illegal memory access parsing a corrupt MIPS binary.
+# Lifetime: Fixed in 2.33
+Patch26: binutils-CVE-2019-9077.patch
+
+# Purpose:  Stop a seg-fault when disassembling an EFI binary.
+# Lifetime: Fixed in 2.33
+Patch27: binutils-disassembling-efi-files.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -305,7 +355,6 @@ using libelf instead of BFD.
 %patch02 -p1
 %patch03 -p1
 %patch04 -p1
-#% patch05 -p1
 %patch06 -p1
 %patch07 -p1
 %patch08 -p1
@@ -316,6 +365,18 @@ using libelf instead of BFD.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch27 -p1
 
 # We cannot run autotools as there is an exact requirement of autoconf-2.59.
 
@@ -464,7 +525,7 @@ export LDFLAGS=$RPM_LD_FLAGS
 %make_build %{_smp_mflags} tooldir=%{_prefix} MAKEINFO=true all
 %endif
 
-# Do not use %%check as it is run after %%install where libbfd.so is rebuild
+# Do not use %%check as it is run after %%install where libbfd.so is rebuilt
 # with -fvisibility=hidden no longer being usable in its shared form.
 %if %{without testsuite}
 echo ====================TESTSUITE DISABLED=========================
@@ -723,6 +784,45 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Wed Mar 06 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-24
+- Stop potential illegal memory access when disassembling an EFI binary.  (#1685727)
+
+* Tue Feb 26 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-23
+- Stop potential illegal memory access when parsing a corrupt MIPS binary.  (#1680676)
+
+* Tue Feb 26 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-22
+- Stop potential illegal memory access when parsing corrupt archives.  (#1680670)
+
+* Mon Feb 25 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-21
+- Stop potential illegal memory access when parsing corrupt PE files.  (#1680682)
+
+* Mon Feb 25 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-20
+- Improve objdump's handling of corrupt input files.  (#1680663)
+
+* Wed Feb 20 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-19
+- Correct the generation of relocations for PowerPC local ifuncs.  (PR 23937)
+
+* Mon Feb 18 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-18
+- Ensure that decompressed sections have the correct alignment.  (#1678204)
+
+* Wed Jan 30 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-17
+- Fix the assembler's check that the output file is not also one of the input files.  (#1660279)
+
+* Thu Jan 03 2019 Nick Clifton  <nickc@redhat.com> - 2.31.1-16
+- Fix a memory leak reading minisymbols.  (#1661535)
+
+* Wed Nov 28 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-15
+- Stop gold from warning about discard version information unless explicitly requested.  (#1654153)
+
+* Thu Nov 15 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-14
+- Remove debugging fprintf statement accidentally left in patch.  (#1645828)
+
+* Tue Sep 04 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-13
+- Delay the evaluation of linker script constants until after the configuration options have been set.  (#1624751)
+
+* Tue Aug 28 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-12
+- Detect and report corrupt symbol version information.  (#1599521)
+
 * Tue Aug 14 2018 Nick Clifton  <nickc@redhat.com> - 2.31.1-11
 - Remove the version information from a dynamic symbol that is being overridden.  (#1614920)