Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Matthias Maier (tamiko)" <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/binutils/2.28.1: 00_all_0001-ld-always-warn-about-textrels-in-files.patch 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch 00_all_0007-CVE-2017-8398.patch 00_all_0008-CVE-2017-8393.patch 00_all_0009-CVE-2017-8394.patch 00_all_0010-CVE-2017-8395.patch 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch 00_all_0012-CVE-2017-8421.patch 00_all_0013-CVE-2017-9038.patch 00_all_0014-CVE-2017-9039.patch 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch 00_all_0016-CVE-2017-9041.patch 00_all_0017-CVE-2017-7614.patch 00_all_0018-CVE-2017-6965.patch 00_all_0019-CVE-2017-6966.patch 00_all_0020-CVE-2017-6969.patch 00_all_0021-fix-out-of-bounds-access-in-elf.c.patch 00_all_0022-fixing -linking-configur e-generated-tests-of-ifunc.patch 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch 00_all_0024-CVE-2017-9742.patch 00_all_0025-CVE-2017-9954.patch README.history
Date: Wed, 02 Aug 2017 00:01:40
Message-Id: 20170802000137.010F475ED@oystercatcher.gentoo.org
1 tamiko 17/08/02 00:01:36
2
3 Added:
4 00_all_0001-ld-always-warn-about-textrels-in-files.patch
5 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch
6 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch
7 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch
8 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch
9 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch
10 00_all_0007-CVE-2017-8398.patch
11 00_all_0008-CVE-2017-8393.patch
12 00_all_0009-CVE-2017-8394.patch
13 00_all_0010-CVE-2017-8395.patch
14 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch
15 00_all_0012-CVE-2017-8421.patch
16 00_all_0013-CVE-2017-9038.patch
17 00_all_0014-CVE-2017-9039.patch
18 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch
19 00_all_0016-CVE-2017-9041.patch
20 00_all_0017-CVE-2017-7614.patch
21 00_all_0018-CVE-2017-6965.patch
22 00_all_0019-CVE-2017-6966.patch
23 00_all_0020-CVE-2017-6969.patch
24 00_all_0021-fix-out-of-bounds-access-in-elf.c.patch
25 00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch
26 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch
27 00_all_0024-CVE-2017-9742.patch
28 00_all_0025-CVE-2017-9954.patch README.history
29 Log:
30 2.28.1 patchset 1.0
31
32 Revision Changes Path
33 1.1 src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch
34
35 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch?rev=1.1&view=markup
36 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch?rev=1.1&content-type=text/plain
37
38 Index: 00_all_0001-ld-always-warn-about-textrels-in-files.patch
39 ===================================================================
40 From bb101959912073f460669d75097215cde7b20019 Mon Sep 17 00:00:00 2001
41 From: Mike Frysinger <vapier@g.o>
42 Date: Mon, 16 May 2005 22:10:19 -0400
43 Subject: [PATCH] ld: always warn about textrels in files
44
45 textrels are bad for forcing copy-on-write (this affects everyone), and for
46 security/runtime code generation, this affects security ppl. But in either
47 case, it doesn't matter who needs textrels, it's the very fact that they're
48 needed at all.
49 ---
50 ld/ldmain.c | 1 +
51 ld/testsuite/lib/ld-lib.exp | 4 ++++
52 2 files changed, 5 insertions(+)
53
54 diff --git a/ld/ldmain.c b/ld/ldmain.c
55 index 1e48b1a2dbbc..f634eaa908a5 100644
56 --- a/ld/ldmain.c
57 +++ b/ld/ldmain.c
58 @@ -294,6 +294,7 @@ main (int argc, char **argv)
59 link_info.dynamic_undefined_weak = -1;
60 link_info.pei386_auto_import = -1;
61 link_info.spare_dynamic_tags = 5;
62 + link_info.warn_shared_textrel = TRUE;
63 link_info.path_separator = ':';
64 #ifdef DEFAULT_FLAG_COMPRESS_DEBUG
65 link_info.compress_debug = COMPRESS_DEBUG_GABI_ZLIB;
66 diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
67 index cf7886b4866f..6c6a0b7a001e 100644
68 --- a/ld/testsuite/lib/ld-lib.exp
69 +++ b/ld/testsuite/lib/ld-lib.exp
70 @@ -250,6 +250,10 @@ proc default_ld_simple_link { ld target objects } {
71 # symbol, since the default linker script might use ENTRY.
72 regsub -all "(^|\n)(\[^\n\]*: warning: cannot find entry symbol\[^\n\]*\n?)" $exec_output "\\1" exec_output
73
74 + # Gentoo tweak:
75 + # We want to ignore TEXTREL warnings since we force enable them by default
76 + regsub -all "^lt-ld-new: warning: creating a DT_TEXTREL in object\." $exec_output "\\1" exec_output
77 +
78 return [string match "" $exec_output]
79 }
80
81 --
82 2.11.1
83
84
85
86
87 1.1 src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch
88
89 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch?rev=1.1&view=markup
90 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch?rev=1.1&content-type=text/plain
91
92 Index: 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch
93 ===================================================================
94 From 9c3fda8166172bb9fa818bf2b7fec003847393d8 Mon Sep 17 00:00:00 2001
95 From: Mike Frysinger <vapier@g.o>
96 Date: Mon, 25 May 2015 04:42:58 -0400
97 Subject: [PATCH] gold/ld: add support for poisoned system directories
98
99 This is based on the old CodeSourcery patch written by Joseph Myers to add
100 support to the link for detecting & rejecting bad -L paths when using a
101 cross-compiler. The differences here:
102 * The command line flags are always available.
103 * We can turn on & off the warning via the command line.
104 * The configure option controls the default warning behavior.
105 * Add support for gold.
106
107 It is not currently upstream, nor has it been submitted at all. There are
108 no plans to do so currently either.
109
110 BUG=chromium:488360
111 TEST=`cbuildbot chromiumos-sdk` passes # tests arm/amd64/mipsel/x86
112 TEST=`cbuildbot panther_moblab-full whirlwind-release` pass
113 TEST=`cbuildbot {x32,arm64}-generic-full` has no new failures
114 TEST=x86_64-cros-linux-gnu-ld throws warnings when using -L/lib (gold & bfd)
115
116 Reviewed-on: https://chromium-review.googlesource.com/272083
117 ---
118 gold/options.cc | 33 +++++++++++++++++++++++++++++++++
119 gold/options.h | 7 +++++++
120 ld/config.in | 3 +++
121 ld/configure | 14 ++++++++++++++
122 ld/configure.ac | 10 ++++++++++
123 ld/ld.h | 7 +++++++
124 ld/ld.texinfo | 18 ++++++++++++++++++
125 ld/ldfile.c | 20 ++++++++++++++++++++
126 ld/ldlex.h | 3 +++
127 ld/ldmain.c | 7 +++++++
128 ld/lexsup.c | 24 ++++++++++++++++++++++++
129 11 files changed, 146 insertions(+)
130
131 diff --git a/gold/options.cc b/gold/options.cc
132 index ed63b6f04feb..5de289b5dd2e 100644
133 --- a/gold/options.cc
134 +++ b/gold/options.cc
135 @@ -1285,6 +1285,39 @@ General_options::finalize()
136 // in the path, as appropriate.
137 this->add_sysroot();
138
139 + // Now check if library_path is poisoned.
140 + if (this->warn_poison_system_directories())
141 + {
142 + std::vector<std::string> bad_paths;
143 +
144 + bad_paths.push_back("/lib");
145 + // TODO: This check is disabled for now due to a bunch of packages that
146 + // use libtool and relink with -L/usr/lib paths (albeit after the right
147 + // sysroot path). Once those are fixed we can enable.
148 + // We also need to adjust it so it only rejects one or two levels deep.
149 + // Gcc's internal paths also live below /usr/lib.
150 + // http://crbug.com/488360
151 + // bad_paths.push_back("/usr/lib");
152 + bad_paths.push_back("/usr/local/lib");
153 + bad_paths.push_back("/usr/X11R6/lib");
154 +
155 + for (std::vector<std::string>::const_iterator b = bad_paths.begin();
156 + b != bad_paths.end();
157 + ++b)
158 + for (Dir_list::iterator p = this->library_path_.value.begin();
159 + p != this->library_path_.value.end();
160 + ++p)
161 + if (!p->name().compare(0, b->size(), *b))
162 + {
163 + if (this->error_poison_system_directories())
164 + gold_fatal(_("library search path \"%s\" is unsafe for "
165 + "cross-compilation"), p->name().c_str());
166 + else
167 + gold_warning(_("library search path \"%s\" is unsafe for "
168 + "cross-compilation"), p->name().c_str());
169 + }
170 + }
171 +
172 // Now that we've normalized the options, check for contradictory ones.
173 if (this->shared() && this->is_static())
174 gold_fatal(_("-shared and -static are incompatible"));
175 diff --git a/gold/options.h b/gold/options.h
176 index a8b1d46aa109..b7c725a82539 100644
177 --- a/gold/options.h
178 +++ b/gold/options.h
179 @@ -1344,6 +1344,13 @@ class General_options
180 DEFINE_bool(warn_multiple_gp, options::TWO_DASHES, '\0', false,
181 N_("Ignored"), NULL);
182
183 + DEFINE_bool(warn_poison_system_directories, options::TWO_DASHES, '\0', false,
184 + N_("Warn for -L options using system directories"),
185 + N_("Do not warn for -L options using system directories"));
186 + DEFINE_bool(error_poison_system_directories, options::TWO_DASHES, '\0', false,
187 + N_("Give an error for -L options using system directories"),
188 + NULL);
189 +
190 DEFINE_bool(warn_search_mismatch, options::TWO_DASHES, '\0', true,
191 N_("Warn when skipping an incompatible library"),
192 N_("Don't warn when skipping an incompatible library"));
193 diff --git a/ld/config.in b/ld/config.in
194 index 2c6d698b6ce1..d3cb7e882de9 100644
195 --- a/ld/config.in
196 +++ b/ld/config.in
197 @@ -17,6 +17,9 @@
198 language is requested. */
199 #undef ENABLE_NLS
200
201 +/* Define to warn for use of native system library directories */
202 +#undef ENABLE_POISON_SYSTEM_DIRECTORIES
203 +
204 /* Additional extension a shared object might have. */
205 #undef EXTRA_SHLIB_EXTENSION
206
207 diff --git a/ld/configure b/ld/configure
208 index 36af9695b1c8..bd1d677e0920 100755
209 --- a/ld/configure
210 +++ b/ld/configure
211 @@ -789,6 +789,7 @@ with_lib_path
212 enable_targets
213 enable_64_bit_bfd
214 with_sysroot
215 +enable_poison_system_directories
216 enable_gold
217 enable_got
218 enable_compressed_debug_sections
219 @@ -1446,6 +1447,8 @@ Optional Features:
220 --disable-largefile omit support for large files
221 --enable-targets alternative target configurations
222 --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
223 + --enable-poison-system-directories
224 + warn for use of native system library directories
225 --enable-gold[=ARG] build gold [ARG={default,yes,no}]
226 --enable-got=<type> GOT handling scheme (target, single, negative,
227 multigot)
228 @@ -15499,7 +15502,18 @@ else
229 fi
230
231
232 +# Check whether --enable-poison-system-directories was given.
233 +if test "${enable_poison_system_directories+set}" = set; then :
234 + enableval=$enable_poison_system_directories;
235 +else
236 + enable_poison_system_directories=no
237 +fi
238 +
239 +if test "x${enable_poison_system_directories}" = "xyes"; then
240
241 +$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
242 +
243 +fi
244
245 # Check whether --enable-got was given.
246 if test "${enable_got+set}" = set; then :
247 diff --git a/ld/configure.ac b/ld/configure.ac
248 index 36a9f5083aea..47f1d33fa58c 100644
249 --- a/ld/configure.ac
250 +++ b/ld/configure.ac
251 @@ -95,6 +95,16 @@ AC_SUBST(use_sysroot)
252 AC_SUBST(TARGET_SYSTEM_ROOT)
253 AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
254
255 +AC_ARG_ENABLE([poison-system-directories],
256 + AS_HELP_STRING([--enable-poison-system-directories],
257 + [warn for use of native system library directories]),,
258 + [enable_poison_system_directories=no])
259 +if test "x${enable_poison_system_directories}" = "xyes"; then
260 + AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
261 + [1],
262 + [Define to warn for use of native system library directories])
263 +fi
264 +
265 dnl Use --enable-gold to decide if this linker should be the default.
266 dnl "install_as_default" is set to false if gold is the default linker.
267 dnl "installed_linker" is the installed BFD linker name.
268 diff --git a/ld/ld.h b/ld/ld.h
269 index 104bb8e2376b..e1c3f744862d 100644
270 --- a/ld/ld.h
271 +++ b/ld/ld.h
272 @@ -172,6 +172,13 @@ typedef struct
273 /* If set, display the target memory usage (per memory region). */
274 bfd_boolean print_memory_usage;
275
276 + /* If TRUE warn for uses of system directories when cross linking. */
277 + bfd_boolean warn_poison_system_directories;
278 +
279 + /* If TRUE (default FALSE) give an error for uses of system
280 + directories when cross linking instead of a warning. */
281 + bfd_boolean error_poison_system_directories;
282 +
283 /* Big or little endian as set on command line. */
284 enum endian_enum endian;
285
286 diff --git a/ld/ld.texinfo b/ld/ld.texinfo
287 index d393acdd9406..8eb156efb8dd 100644
288 --- a/ld/ld.texinfo
289 +++ b/ld/ld.texinfo
290 @@ -2403,6 +2403,24 @@ string identifying the original linked file does not change.
291
292 Passing @code{none} for @var{style} disables the setting from any
293 @code{--build-id} options earlier on the command line.
294 +
295 +@kindex --warn-poison-system-directories
296 +@item --warn-poison-system-directories
297 +Warn for @option{-L} options using system directories such as
298 +@file{/usr/lib} when cross linking. This option is intended for use
299 +in environments that want to detect and reject incorrect link settings.
300 +
301 +@kindex --no-warn-poison-system-directories
302 +@item --no-warn-poison-system-directories
303 +Do not warn for @option{-L} options using system directories such as
304 +@file{/usr/lib} when cross linking. This option is intended for use
305 +in chroot environments when such directories contain the correct
306 +libraries for the target system rather than the host.
307 +
308 +@kindex --error-poison-system-directories
309 +@item --error-poison-system-directories
310 +Give an error instead of a warning for @option{-L} options using
311 +system directories when cross linking.
312 @end table
313
314 @c man end
315 diff --git a/ld/ldfile.c b/ld/ldfile.c
316 index 0943bb2dfa0f..b3bc22469900 100644
317 --- a/ld/ldfile.c
318 +++ b/ld/ldfile.c
319 @@ -114,6 +114,26 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
320 new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
321 else
322 new_dirs->name = xstrdup (name);
323 +
324 + if (command_line.warn_poison_system_directories
325 + && (!strncmp (name, "/lib", 4)
326 + /* TODO: This check is disabled for now due to a bunch of packages that
327 + * use libtool and relink with -L/usr/lib paths (albeit after the right
328 + * sysroot path). Once those are fixed we can enable.
329 + * We also need to adjust it so it only rejects one or two levels deep.
330 + * Gcc's internal paths also live below /usr/lib.
331 + * http://crbug.com/488360 */
332 + /* || !strncmp (name, "/usr/lib", 8) */
333 + || !strncmp (name, "/usr/local/lib", 14)
334 + || !strncmp (name, "/usr/X11R6/lib", 14)))
335 + {
336 + if (command_line.error_poison_system_directories)
337 + einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
338 + "cross-compilation\n"), name);
339 + else
340 + einfo (_("%P: warning: library search path \"%s\" is unsafe for "
341 + "cross-compilation\n"), name);
342 + }
343 }
344
345 /* Try to open a BFD for a lang_input_statement. */
346 diff --git a/ld/ldlex.h b/ld/ldlex.h
347 index 3ecac2bc865e..7ed67bae3f23 100644
348 --- a/ld/ldlex.h
349 +++ b/ld/ldlex.h
350 @@ -141,6 +141,9 @@ enum option_values
351 OPTION_PRINT_OUTPUT_FORMAT,
352 OPTION_PRINT_SYSROOT,
353 OPTION_IGNORE_UNRESOLVED_SYMBOL,
354 + OPTION_WARN_POISON_SYSTEM_DIRECTORIES,
355 + OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES,
356 + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
357 OPTION_PUSH_STATE,
358 OPTION_POP_STATE,
359 OPTION_PRINT_MEMORY_USAGE,
360 diff --git a/ld/ldmain.c b/ld/ldmain.c
361 index f634eaa908a5..bba193355b0d 100644
362 --- a/ld/ldmain.c
363 +++ b/ld/ldmain.c
364 @@ -270,6 +270,13 @@ main (int argc, char **argv)
365 command_line.warn_mismatch = TRUE;
366 command_line.warn_search_mismatch = TRUE;
367 command_line.check_section_addresses = -1;
368 + command_line.warn_poison_system_directories =
369 +#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
370 + TRUE;
371 +#else
372 + FALSE;
373 +#endif
374 + command_line.error_poison_system_directories = FALSE;
375
376 /* We initialize DEMANGLING based on the environment variable
377 COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
378 diff --git a/ld/lexsup.c b/ld/lexsup.c
379 index 0b7d4976ac90..327b203eeb25 100644
380 --- a/ld/lexsup.c
381 +++ b/ld/lexsup.c
382 @@ -524,6 +524,18 @@ static const struct ld_option ld_options[] =
383 OPTION_IGNORE_UNRESOLVED_SYMBOL},
384 '\0', N_("SYMBOL"),
385 N_("Unresolved SYMBOL will not cause an error or warning"), TWO_DASHES },
386 + { {"warn-poison-system-directories", no_argument, NULL,
387 + OPTION_WARN_POISON_SYSTEM_DIRECTORIES},
388 + '\0', NULL, N_("Warn for -L options using system directories"),
389 + TWO_DASHES },
390 + { {"no-warn-poison-system-directories", no_argument, NULL,
391 + OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES},
392 + '\0', NULL, N_("Do not warn for -L options using system directories"),
393 + TWO_DASHES },
394 + { {"error-poison-system-directories", no_argument, NULL,
395 + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
396 + '\0', NULL, N_("Give an error for -L options using system directories"),
397 + TWO_DASHES },
398 { {"push-state", no_argument, NULL, OPTION_PUSH_STATE},
399 '\0', NULL, N_("Push state of flags governing input file handling"),
400 TWO_DASHES },
401 @@ -1528,6 +1540,18 @@ parse_args (unsigned argc, char **argv)
402 }
403 break;
404
405 + case OPTION_WARN_POISON_SYSTEM_DIRECTORIES:
406 + command_line.warn_poison_system_directories = TRUE;
407 + break;
408 +
409 + case OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES:
410 + command_line.warn_poison_system_directories = FALSE;
411 + break;
412 +
413 + case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
414 + command_line.error_poison_system_directories = TRUE;
415 + break;
416 +
417 case OPTION_PUSH_STATE:
418 input_flags.pushed = xmemdup (&input_flags,
419 sizeof (input_flags),
420 --
421 2.11.1
422
423
424
425
426 1.1 src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch
427
428 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch?rev=1.1&view=markup
429 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch?rev=1.1&content-type=text/plain
430
431 Index: 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch
432 ===================================================================
433 From da0140fb5c8a9bccd0c66166c8e21cb3e37e2f1d Mon Sep 17 00:00:00 2001
434 From: Mike Frysinger <vapier@g.o>
435 Date: Fri, 7 Jan 2005 00:15:53 -0500
436 Subject: [PATCH] ld: enable new dtags by default for linux/gnu targets
437
438 The "new" dtags options have been around for 14+ years now, so for Linux
439 and GNU targets, enable them by default.
440
441 2012-01-21 Mike Frysinger <vapier@g.o>
442
443 * emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set
444 link_info.new_dtags to TRUE for linux/gnu targets.
445 * NEWS: Mention new dtags default.
446
447 2013-01-22 Roland McGrath <mcgrathr@××××××.com>
448
449 * emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set
450 new_dtags to TRUE for *-*-nacl* targets.
451 ---
452 ld/emultempl/elf32.em | 10 ++++++++++
453 1 file changed, 10 insertions(+)
454
455 diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
456 index 84adaef6dfe1..92b7e4aabd0b 100644
457 --- a/ld/emultempl/elf32.em
458 +++ b/ld/emultempl/elf32.em
459 @@ -103,6 +103,16 @@ gld${EMULATION_NAME}_before_parse (void)
460 input_flags.dynamic = ${DYNAMIC_LINK-TRUE};
461 config.has_shared = `if test -n "$GENERATE_SHLIB_SCRIPT" ; then echo TRUE ; else echo FALSE ; fi`;
462 config.separate_code = `if test "x${SEPARATE_CODE}" = xyes ; then echo TRUE ; else echo FALSE ; fi`;
463 +EOF
464 +
465 +case ${target} in
466 + *-*-linux-* | *-*-k*bsd*-* | *-*-gnu* | *-*-nacl*)
467 + fragment <<EOF
468 + link_info.new_dtags = TRUE;
469 +EOF
470 + ;;
471 +esac
472 +fragment <<EOF
473 `if test -n "$CALL_NOP_BYTE" ; then echo link_info.call_nop_byte = $CALL_NOP_BYTE; fi`;
474 link_info.check_relocs_after_open_input = `if test "x${CHECK_RELOCS_AFTER_OPEN_INPUT}" = xyes ; then echo TRUE ; else echo FALSE ; fi`;
475 link_info.relro = DEFAULT_LD_Z_RELRO;
476 --
477 2.11.1
478
479
480
481
482 1.1 src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch
483
484 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch?rev=1.1&view=markup
485 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch?rev=1.1&content-type=text/plain
486
487 Index: 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch
488 ===================================================================
489 From a6c35c40daf508b4f236b870c2b60bfa9b68de9e Mon Sep 17 00:00:00 2001
490 From: Mike Frysinger <vapier@g.o>
491 Date: Sat, 27 Jan 2007 15:01:08 -0500
492 Subject: [PATCH] gold/ld: enable gnu hash by default
493
494 Glibc first added .gnu.hash support to glibc-2.5 (released 29 Sep 2006),
495 and gold was first released after that. Let's default the gnu hash style
496 to the new "gnu" rather than the classic sysv.
497
498 gold/:
499 2012-02-03 Mike Frysinger <vapier@g.o>
500
501 * options.h (General_options): Change default to gnu for hash_style.
502 ---
503 gold/options.h | 2 +-
504 ld/emultempl/elf32.em | 13 +++++++++++++
505 ld/testsuite/lib/ld-lib.exp | 4 ++--
506 3 files changed, 16 insertions(+), 3 deletions(-)
507
508 diff --git a/gold/options.h b/gold/options.h
509 index b7c725a82539..ef1756671242 100644
510 --- a/gold/options.h
511 +++ b/gold/options.h
512 @@ -921,7 +921,7 @@ class General_options
513 N_("Min fraction of empty buckets in dynamic hash"),
514 N_("FRACTION"));
515
516 - DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "sysv",
517 + DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "gnu",
518 N_("Dynamic hash style"), N_("[sysv,gnu,both]"),
519 {"sysv", "gnu", "both"});
520
521 diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em
522 index 92b7e4aabd0b..ac2090a54eb1 100644
523 --- a/ld/emultempl/elf32.em
524 +++ b/ld/emultempl/elf32.em
525 @@ -100,6 +100,19 @@ static void
526 gld${EMULATION_NAME}_before_parse (void)
527 {
528 ldfile_set_output_arch ("${OUTPUT_ARCH}", bfd_arch_`echo ${ARCH} | sed -e 's/:.*//'`);
529 +EOF
530 +# Enable gnu hash by default for Linux (non-mips) targets.
531 +# This has been supported since glibc-2.5.
532 +case ${target} in
533 + mips*) ;;
534 + *-*-linux-* | *-*-gnu*)
535 + fragment <<EOF
536 + link_info.emit_hash = FALSE;
537 + link_info.emit_gnu_hash = TRUE;
538 +EOF
539 + ;;
540 +esac
541 +fragment <<EOF
542 input_flags.dynamic = ${DYNAMIC_LINK-TRUE};
543 config.has_shared = `if test -n "$GENERATE_SHLIB_SCRIPT" ; then echo TRUE ; else echo FALSE ; fi`;
544 config.separate_code = `if test "x${SEPARATE_CODE}" = xyes ; then echo TRUE ; else echo FALSE ; fi`;
545 diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
546 index 6c6a0b7a001e..53ad4a15e983 100644
547 --- a/ld/testsuite/lib/ld-lib.exp
548 +++ b/ld/testsuite/lib/ld-lib.exp
549 @@ -147,7 +147,7 @@ proc default_ld_relocate { ld target objects } {
550 global HOSTING_EMU
551
552 remote_file host delete $target
553 - return [run_host_cmd_yesno "$ld" "$HOSTING_EMU -o $target -r $objects"]
554 + return [run_host_cmd_yesno "$ld" "$HOSTING_EMU --hash-style=sysv -o $target -r $objects"]
555 }
556
557 # Check to see if ld is being invoked with a non-endian output format
558 @@ -228,7 +228,7 @@ proc default_ld_link { ld target objects } {
559
560 remote_file host delete $target
561
562 - return [run_host_cmd_yesno "$ld" "$HOSTING_EMU $flags -o $target $objs $libs"]
563 + return [run_host_cmd_yesno "$ld" "$HOSTING_EMU --hash-style=sysv $flags -o $target $objs $libs"]
564 }
565
566 # Link a program using ld, without including any libraries.
567 --
568 2.11.1
569
570
571
572
573 1.1 src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch
574
575 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch?rev=1.1&view=markup
576 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch?rev=1.1&content-type=text/plain
577
578 Index: 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch
579 ===================================================================
580 From bb4bd6b89365800a7b403ce505401d0c02ad02f8 Mon Sep 17 00:00:00 2001
581 From: Mike Frysinger <vapier@g.o>
582 Date: Fri, 7 Jan 2005 00:15:53 -0500
583 Subject: [PATCH] libiberty: install PIC version of libiberty.a
584
585 This will install a PIC version of libiberty.a by overwriting the non-PIC
586 version of libiberty.a while compiling. We do this because there is no
587 shared version of libiberty for random apps to link against which means if
588 someone wants to use this in a shared library or PIE, they're out of luck.
589 It's arguable whether people should be able to use this in a shared lib,
590 but usage in PIE should be fine. You could argue that this penalizes the
591 non-PIE users, but the counter point is that people using this library in
592 general are fairly low, and we'd rather have things work for all of them.
593 ---
594 libiberty/Makefile.in | 1 +
595 1 file changed, 1 insertion(+)
596
597 diff --git a/libiberty/Makefile.in b/libiberty/Makefile.in
598 index 0ff9e45e45ef..55a70330ffb8 100644
599 --- a/libiberty/Makefile.in
600 +++ b/libiberty/Makefile.in
601 @@ -256,6 +256,7 @@ $(TARGETLIB): $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS)
602 $(AR) $(AR_FLAGS) $(TARGETLIB) \
603 $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS); \
604 $(RANLIB) $(TARGETLIB); \
605 + cp $(TARGETLIB) ../ ; \
606 cd ..; \
607 else true; fi; \
608 if [ x"$(NOASANFLAG)" != x ]; then \
609 --
610 2.11.1
611
612
613
614
615 1.1 src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch
616
617 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch?rev=1.1&view=markup
618 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch?rev=1.1&content-type=text/plain
619
620 Index: 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch
621 ===================================================================
622 From 561d984aa3a3b99bbd9c6ddf6ba08dadd107d62c Mon Sep 17 00:00:00 2001
623 From: Mike Frysinger <vapier@g.o>
624 Date: Tue, 5 Jul 2016 20:24:00 +0545
625 Subject: [PATCH] opcodes: link against libbfd.la for rpath deps
626
627 The reason opcodes doesn't link against libbfd.la is to workaround a
628 libtool bug where it uses installed -L paths ahead of DESTDIR paths.
629 The downside is that the library itself lacks rpath tags to find the
630 right version of libbfd.so.
631
632 Since Gentoo has patched the libtool bug for a while, we don't need
633 the workaround. Use the .la file so we get the rpath tags.
634
635 URL: https://bugs.gentoo.org/563934
636 ---
637 opcodes/configure | 2 +-
638 opcodes/configure.ac | 2 +-
639 2 files changed, 2 insertions(+), 2 deletions(-)
640
641 diff --git a/opcodes/configure b/opcodes/configure
642 index be87eb22a5f0..19528bef6906 100755
643 --- a/opcodes/configure
644 +++ b/opcodes/configure
645 @@ -12561,7 +12561,7 @@ if test "$enable_shared" = "yes"; then
646 SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.sl ${SHARED_LIBADD}"
647 ;;
648 *)
649 - SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.so ${SHARED_LIBADD}"
650 + SHARED_LIBADD="../bfd/libbfd.la ${SHARED_LIBADD}"
651 ;;
652 esac
653 SHARED_DEPENDENCIES="../bfd/libbfd.la"
654 diff --git a/opcodes/configure.ac b/opcodes/configure.ac
655 index b9f5eb8a4fdf..b5ff57a341ea 100644
656 --- a/opcodes/configure.ac
657 +++ b/opcodes/configure.ac
658 @@ -185,7 +185,7 @@ changequote([,])dnl
659 SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.sl ${SHARED_LIBADD}"
660 ;;
661 *)
662 - SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.so ${SHARED_LIBADD}"
663 + SHARED_LIBADD="../bfd/libbfd.la ${SHARED_LIBADD}"
664 ;;
665 esac
666 SHARED_DEPENDENCIES="../bfd/libbfd.la"
667 --
668 2.11.1
669
670
671
672
673 1.1 src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch
674
675 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch?rev=1.1&view=markup
676 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch?rev=1.1&content-type=text/plain
677
678 Index: 00_all_0007-CVE-2017-8398.patch
679 ===================================================================
680 From 9e7b0cc09e3b8a9db2fdab786894757b7e1aab4c Mon Sep 17 00:00:00 2001
681 From: Matthias Maier <tamiko@××××.org>
682 Date: Tue, 6 Jun 2017 16:07:32 -0500
683 Subject: [PATCH 01/10] CVE-2017-8398
684
685 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
686 [2] https://bugs.gentoo.org/show_bug.cgi?id=618514
687 ---
688 binutils/dwarf.c | 52 ++++++++++++++++++++++++++++++++++++++--------------
689 1 file changed, 38 insertions(+), 14 deletions(-)
690
691 diff --git a/binutils/dwarf.c b/binutils/dwarf.c
692 index 0184a7a..05efa6e 100644
693 --- a/binutils/dwarf.c
694 +++ b/binutils/dwarf.c
695 @@ -473,15 +473,20 @@ process_extended_line_op (unsigned char * data,
696 printf (_(" Entry\tDir\tTime\tSize\tName\n"));
697 printf (" %d\t", ++state_machine_regs.last_file_entry);
698
699 - name = data;
700 - data += strnlen ((char *) data, end - data) + 1;
701 - printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
702 - data += bytes_read;
703 - printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
704 - data += bytes_read;
705 - printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
706 - data += bytes_read;
707 - printf ("%s\n\n", name);
708 + {
709 + size_t l;
710 +
711 + name = data;
712 + l = strnlen ((char *) data, end - data);
713 + data += len + 1;
714 + printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
715 + data += bytes_read;
716 + printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
717 + data += bytes_read;
718 + printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end)));
719 + data += bytes_read;
720 + printf ("%.*s\n\n", (int) l, name);
721 + }
722
723 if (((unsigned int) (data - orig_data) != len) || data == end)
724 warn (_("DW_LNE_define_file: Bad opcode length\n"));
725 @@ -598,18 +603,28 @@ static const unsigned char *
726 fetch_indirect_string (dwarf_vma offset)
727 {
728 struct dwarf_section *section = &debug_displays [str].section;
729 + const unsigned char * ret;
730
731 if (section->start == NULL)
732 return (const unsigned char *) _("<no .debug_str section>");
733
734 - if (offset > section->size)
735 + if (offset >= section->size)
736 {
737 warn (_("DW_FORM_strp offset too big: %s\n"),
738 dwarf_vmatoa ("x", offset));
739 return (const unsigned char *) _("<offset is too big>");
740 }
741
742 - return (const unsigned char *) section->start + offset;
743 + ret = section->start + offset;
744 + /* Unfortunately we cannot rely upon the .debug_str section ending with a
745 + NUL byte. Since our caller is expecting to receive a well formed C
746 + string we test for the lack of a terminating byte here. */
747 + if (strnlen ((const char *) ret, section->size - offset)
748 + == section->size - offset)
749 + ret = (const unsigned char *)
750 + _("<no NUL byte at end of .debug_str section>");
751 +
752 + return ret;
753 }
754
755 static const char *
756 @@ -622,6 +637,7 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set,
757 struct dwarf_section *str_section = &debug_displays [str_sec_idx].section;
758 dwarf_vma index_offset = idx * offset_size;
759 dwarf_vma str_offset;
760 + const char * ret;
761
762 if (index_section->start == NULL)
763 return (dwo ? _("<no .debug_str_offsets.dwo section>")
764 @@ -629,7 +645,7 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set,
765
766 if (this_set != NULL)
767 index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
768 - if (index_offset > index_section->size)
769 + if (index_offset >= index_section->size)
770 {
771 warn (_("DW_FORM_GNU_str_index offset too big: %s\n"),
772 dwarf_vmatoa ("x", index_offset));
773 @@ -642,14 +658,22 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set,
774
775 str_offset = byte_get (index_section->start + index_offset, offset_size);
776 str_offset -= str_section->address;
777 - if (str_offset > str_section->size)
778 + if (str_offset >= str_section->size)
779 {
780 warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"),
781 dwarf_vmatoa ("x", str_offset));
782 return _("<indirect index offset is too big>");
783 }
784
785 - return (const char *) str_section->start + str_offset;
786 + ret = (const char *) str_section->start + str_offset;
787 + /* Unfortunately we cannot rely upon str_section ending with a NUL byte.
788 + Since our caller is expecting to receive a well formed C string we test
789 + for the lack of a terminating byte here. */
790 + if (strnlen (ret, str_section->size - str_offset)
791 + == str_section->size - str_offset)
792 + ret = (const char *) _("<no NUL byte at end of section>");
793 +
794 + return ret;
795 }
796
797 static const char *
798 --
799 2.13.0
800
801
802
803
804 1.1 src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch
805
806 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch?rev=1.1&view=markup
807 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch?rev=1.1&content-type=text/plain
808
809 Index: 00_all_0008-CVE-2017-8393.patch
810 ===================================================================
811 From 86b4e5aeedbcf022e4d02810b48cb3e1a9d52d32 Mon Sep 17 00:00:00 2001
812 From: Matthias Maier <tamiko@××××.org>
813 Date: Tue, 6 Jun 2017 16:13:05 -0500
814 Subject: [PATCH 02/10] CVE-2017-8393
815
816 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
817 [2] https://bugs.gentoo.org/show_bug.cgi?id=618516
818 ---
819 bfd/elf-bfd.h | 8 ++++---
820 bfd/elf.c | 61 +++++++++++++++++++++++++++++++-----------------------
821 bfd/elf64-ppc.c | 1 +
822 bfd/elfxx-target.h | 2 +-
823 4 files changed, 42 insertions(+), 30 deletions(-)
824
825 diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
826 index 5de9ab6..366660a 100644
827 --- a/bfd/elf-bfd.h
828 +++ b/bfd/elf-bfd.h
829 @@ -1322,8 +1322,10 @@ struct elf_backend_data
830 bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
831 bfd_vma *code_off);
832
833 - /* Return the section which RELOC_SEC applies to. */
834 - asection *(*get_reloc_section) (asection *reloc_sec);
835 + /* Given NAME, the name of a relocation section stripped of its
836 + .rel/.rela prefix, return the section in ABFD to which the
837 + relocations apply. */
838 + asection *(*get_reloc_section) (bfd *abfd, const char *name);
839
840 /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
841 has a type >= SHT_LOOS. Returns TRUE if the fields were initialised,
842 @@ -2392,7 +2394,7 @@ extern bfd_boolean _bfd_elf_is_function_type (unsigned int);
843 extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
844 bfd_vma *);
845
846 -extern asection *_bfd_elf_get_reloc_section (asection *);
847 +extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
848
849 extern int bfd_elf_get_default_section_type (flagword);
850
851 diff --git a/bfd/elf.c b/bfd/elf.c
852 index 94726ba..4ddcb1f 100644
853 --- a/bfd/elf.c
854 +++ b/bfd/elf.c
855 @@ -3532,17 +3532,39 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
856 H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
857 }
858
859 -/* Return the section which RELOC_SEC applies to. */
860 +/* Given NAME, the name of a relocation section stripped of its
861 + .rel/.rela prefix, return the section in ABFD to which the
862 + relocations apply. */
863
864 asection *
865 -_bfd_elf_get_reloc_section (asection *reloc_sec)
866 +_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
867 +{
868 + /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
869 + section likely apply to .got.plt or .got section. */
870 + if (get_elf_backend_data (abfd)->want_got_plt
871 + && strcmp (name, ".plt") == 0)
872 + {
873 + asection *sec;
874 +
875 + name = ".got.plt";
876 + sec = bfd_get_section_by_name (abfd, name);
877 + if (sec != NULL)
878 + return sec;
879 + name = ".got";
880 + }
881 +
882 + return bfd_get_section_by_name (abfd, name);
883 +}
884 +
885 +/* Return the section to which RELOC_SEC applies. */
886 +
887 +static asection *
888 +elf_get_reloc_section (asection *reloc_sec)
889 {
890 const char *name;
891 unsigned int type;
892 bfd *abfd;
893 -
894 - if (reloc_sec == NULL)
895 - return NULL;
896 + const struct elf_backend_data *bed;
897
898 type = elf_section_data (reloc_sec)->this_hdr.sh_type;
899 if (type != SHT_REL && type != SHT_RELA)
900 @@ -3550,28 +3572,15 @@ _bfd_elf_get_reloc_section (asection *reloc_sec)
901
902 /* We look up the section the relocs apply to by name. */
903 name = reloc_sec->name;
904 - if (type == SHT_REL)
905 - name += 4;
906 - else
907 - name += 5;
908 + if (strncmp (name, ".rel", 4) != 0)
909 + return NULL;
910 + name += 4;
911 + if (type == SHT_RELA && *name++ != 'a')
912 + return NULL;
913
914 - /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
915 - section apply to .got.plt section. */
916 abfd = reloc_sec->owner;
917 - if (get_elf_backend_data (abfd)->want_got_plt
918 - && strcmp (name, ".plt") == 0)
919 - {
920 - /* .got.plt is a linker created input section. It may be mapped
921 - to some other output section. Try two likely sections. */
922 - name = ".got.plt";
923 - reloc_sec = bfd_get_section_by_name (abfd, name);
924 - if (reloc_sec != NULL)
925 - return reloc_sec;
926 - name = ".got";
927 - }
928 -
929 - reloc_sec = bfd_get_section_by_name (abfd, name);
930 - return reloc_sec;
931 + bed = get_elf_backend_data (abfd);
932 + return bed->get_reloc_section (abfd, name);
933 }
934
935 /* Assign all ELF section numbers. The dummy first section is handled here
936 @@ -3833,7 +3842,7 @@ assign_section_numbers (bfd *abfd, struct bfd_link_info *link_info)
937 if (s != NULL)
938 d->this_hdr.sh_link = elf_section_data (s)->this_idx;
939
940 - s = get_elf_backend_data (abfd)->get_reloc_section (sec);
941 + s = elf_get_reloc_section (sec);
942 if (s != NULL)
943 {
944 d->this_hdr.sh_info = elf_section_data (s)->this_idx;
945 diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
946 index e7d4792..81eccd8 100644
947 --- a/bfd/elf64-ppc.c
948 +++ b/bfd/elf64-ppc.c
949 @@ -121,6 +121,7 @@ static bfd_vma opd_entry_value
950 #define elf_backend_special_sections ppc64_elf_special_sections
951 #define elf_backend_merge_symbol_attribute ppc64_elf_merge_symbol_attribute
952 #define elf_backend_merge_symbol ppc64_elf_merge_symbol
953 +#define elf_backend_get_reloc_section bfd_get_section_by_name
954
955 /* The name of the dynamic interpreter. This is put in the .interp
956 section. */
957 diff --git a/bfd/elfxx-target.h b/bfd/elfxx-target.h
958 index d063fb7..ad8c5d9 100644
959 --- a/bfd/elfxx-target.h
960 +++ b/bfd/elfxx-target.h
961 @@ -706,7 +706,7 @@
962 #endif
963
964 #ifndef elf_backend_get_reloc_section
965 -#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section
966 +#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section
967 #endif
968
969 #ifndef elf_backend_copy_special_section_fields
970 --
971 2.13.0
972
973
974
975
976 1.1 src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch
977
978 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch?rev=1.1&view=markup
979 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch?rev=1.1&content-type=text/plain
980
981 Index: 00_all_0009-CVE-2017-8394.patch
982 ===================================================================
983 From d33b8e5e50b3eb33313e3c61039cf93d31e840b9 Mon Sep 17 00:00:00 2001
984 From: Matthias Maier <tamiko@××××.org>
985 Date: Tue, 6 Jun 2017 16:15:05 -0500
986 Subject: [PATCH 03/10] CVE-2017-8394
987
988 [1] https://bugs.gentoo.org/show_bug.cgi?id=618516
989 [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2
990 ---
991 bfd/bfd-in2.h | 12 ++++++++++++
992 bfd/elf.c | 6 ++++--
993 bfd/section.c | 24 ++++++++++++------------
994 3 files changed, 28 insertions(+), 14 deletions(-)
995
996 diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
997 index 6288c3b..44e8711 100644
998 --- a/bfd/bfd-in2.h
999 +++ b/bfd/bfd-in2.h
1000 @@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
1001 { NULL }, { NULL } \
1002 }
1003
1004 +/* We use a macro to initialize the static asymbol structures because
1005 + traditional C does not permit us to initialize a union member while
1006 + gcc warns if we don't initialize it.
1007 + the_bfd, name, value, attr, section [, udata] */
1008 +#ifdef __STDC__
1009 +#define GLOBAL_SYM_INIT(NAME, SECTION) \
1010 + { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
1011 +#else
1012 +#define GLOBAL_SYM_INIT(NAME, SECTION) \
1013 + { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
1014 +#endif
1015 +
1016 void bfd_section_list_clear (bfd *);
1017
1018 asection *bfd_get_section_by_name (bfd *abfd, const char *name);
1019 diff --git a/bfd/elf.c b/bfd/elf.c
1020 index 4ddcb1f..22c199a 100644
1021 --- a/bfd/elf.c
1022 +++ b/bfd/elf.c
1023 @@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd,
1024
1025 /* It is only used by x86-64 so far.
1026 ??? This repeats *COM* id of zero. sec->id is supposed to be unique,
1027 - but current usage would allow all of _bfd_std_section to be zero. t*/
1028 + but current usage would allow all of _bfd_std_section to be zero. */
1029 +static const asymbol lcomm_sym
1030 + = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
1031 asection _bfd_elf_large_com_section
1032 - = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
1033 + = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym,
1034 "LARGE_COMMON", 0, SEC_IS_COMMON);
1035
1036 void
1037 diff --git a/bfd/section.c b/bfd/section.c
1038 index 4b3cf6a..28eee7f 100644
1039 --- a/bfd/section.c
1040 +++ b/bfd/section.c
1041 @@ -738,20 +738,20 @@ CODE_FRAGMENT
1042 . { NULL }, { NULL } \
1043 . }
1044 .
1045 +.{* We use a macro to initialize the static asymbol structures because
1046 +. traditional C does not permit us to initialize a union member while
1047 +. gcc warns if we don't initialize it.
1048 +. the_bfd, name, value, attr, section [, udata] *}
1049 +.#ifdef __STDC__
1050 +.#define GLOBAL_SYM_INIT(NAME, SECTION) \
1051 +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
1052 +.#else
1053 +.#define GLOBAL_SYM_INIT(NAME, SECTION) \
1054 +. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
1055 +.#endif
1056 +.
1057 */
1058
1059 -/* We use a macro to initialize the static asymbol structures because
1060 - traditional C does not permit us to initialize a union member while
1061 - gcc warns if we don't initialize it. */
1062 - /* the_bfd, name, value, attr, section [, udata] */
1063 -#ifdef __STDC__
1064 -#define GLOBAL_SYM_INIT(NAME, SECTION) \
1065 - { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
1066 -#else
1067 -#define GLOBAL_SYM_INIT(NAME, SECTION) \
1068 - { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
1069 -#endif
1070 -
1071 /* These symbols are global, not specific to any BFD. Therefore, anything
1072 that tries to change them is broken, and should be repaired. */
1073
1074 --
1075 2.13.0
1076
1077
1078
1079
1080 1.1 src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch
1081
1082 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch?rev=1.1&view=markup
1083 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch?rev=1.1&content-type=text/plain
1084
1085 Index: 00_all_0010-CVE-2017-8395.patch
1086 ===================================================================
1087 From a5e7c6c6fcc0aa2ad70a7b02c928f2b075140a5e Mon Sep 17 00:00:00 2001
1088 From: Matthias Maier <tamiko@××××.org>
1089 Date: Tue, 6 Jun 2017 16:16:39 -0500
1090 Subject: [PATCH 04/10] CVE-2017-8395
1091
1092 [1] https://bugs.gentoo.org/show_bug.cgi?id=618516
1093 [2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3
1094 ---
1095 bfd/compress.c | 19 +++++++++----------
1096 1 file changed, 9 insertions(+), 10 deletions(-)
1097
1098 diff --git a/bfd/compress.c b/bfd/compress.c
1099 index 1ed7d74..4a2d98a 100644
1100 --- a/bfd/compress.c
1101 +++ b/bfd/compress.c
1102 @@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *abfd, sec_ptr sec)
1103 {
1104 bfd_size_type uncompressed_size;
1105 bfd_byte *uncompressed_buffer;
1106 - bfd_boolean ret;
1107
1108 /* Error if not opened for read. */
1109 if (abfd->direction != read_direction
1110 @@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *abfd, sec_ptr sec)
1111 /* Read in the full section contents and compress it. */
1112 uncompressed_size = sec->size;
1113 uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
1114 + /* PR 21431 */
1115 + if (uncompressed_buffer == NULL)
1116 + return FALSE;
1117 +
1118 if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
1119 0, uncompressed_size))
1120 - ret = FALSE;
1121 - else
1122 - {
1123 - uncompressed_size = bfd_compress_section_contents (abfd, sec,
1124 - uncompressed_buffer,
1125 - uncompressed_size);
1126 - ret = uncompressed_size != 0;
1127 - }
1128 + return FALSE;
1129
1130 - return ret;
1131 + uncompressed_size = bfd_compress_section_contents (abfd, sec,
1132 + uncompressed_buffer,
1133 + uncompressed_size);
1134 + return uncompressed_size != 0;
1135 }
1136
1137 /*
1138 --
1139 2.13.0
1140
1141
1142
1143
1144 1.1 src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch
1145
1146 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch?rev=1.1&view=markup
1147 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch?rev=1.1&content-type=text/plain
1148
1149 Index: 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch
1150 ===================================================================
1151 From b3ef1a9331f8eaf178084393f1525ab9150c39d8 Mon Sep 17 00:00:00 2001
1152 From: Matthias Maier <tamiko@××××.org>
1153 Date: Tue, 6 Jun 2017 16:20:20 -0500
1154 Subject: [PATCH 05/10] CVE-2017-8396, CVE-2017-8397
1155
1156 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
1157 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
1158 [2] https://bugs.gentoo.org/show_bug.cgi?id=618516
1159 ---
1160 bfd/reloc.c | 29 ++++++++++++++++++++---------
1161 1 file changed, 20 insertions(+), 9 deletions(-)
1162
1163 diff --git a/bfd/reloc.c b/bfd/reloc.c
1164 index 9021a52..80986b3 100644
1165 --- a/bfd/reloc.c
1166 +++ b/bfd/reloc.c
1167 @@ -538,6 +538,22 @@ bfd_check_overflow (enum complain_overflow how,
1168 return flag;
1169 }
1170
1171 +/* HOWTO describes a relocation, at offset OCTET. Return whether the
1172 + relocation field is within SECTION of ABFD. */
1173 +
1174 +static bfd_boolean
1175 +reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
1176 + asection *section, bfd_size_type octet)
1177 +{
1178 + bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
1179 + bfd_size_type reloc_size = bfd_get_reloc_size (howto);
1180 +
1181 + /* The reloc field must be contained entirely within the section.
1182 + Allow zero length fields (marker relocs or NONE relocs where no
1183 + relocation will be performed) at the end of the section. */
1184 + return octet <= octet_end && octet + reloc_size <= octet_end;
1185 +}
1186 +
1187 /*
1188 FUNCTION
1189 bfd_perform_relocation
1190 @@ -619,12 +635,9 @@ bfd_perform_relocation (bfd *abfd,
1191 if (howto == NULL)
1192 return bfd_reloc_undefined;
1193
1194 - /* Is the address of the relocation really within the section?
1195 - Include the size of the reloc in the test for out of range addresses.
1196 - PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
1197 + /* Is the address of the relocation really within the section? */
1198 octets = reloc_entry->address * bfd_octets_per_byte (abfd);
1199 - if (octets + bfd_get_reloc_size (howto)
1200 - > bfd_get_section_limit_octets (abfd, input_section))
1201 + if (!reloc_offset_in_range (howto, abfd, input_section, octets))
1202 return bfd_reloc_outofrange;
1203
1204 /* Work out which section the relocation is targeted at and the
1205 @@ -1012,8 +1025,7 @@ bfd_install_relocation (bfd *abfd,
1206
1207 /* Is the address of the relocation really within the section? */
1208 octets = reloc_entry->address * bfd_octets_per_byte (abfd);
1209 - if (octets + bfd_get_reloc_size (howto)
1210 - > bfd_get_section_limit_octets (abfd, input_section))
1211 + if (!reloc_offset_in_range (howto, abfd, input_section, octets))
1212 return bfd_reloc_outofrange;
1213
1214 /* Work out which section the relocation is targeted at and the
1215 @@ -1351,8 +1363,7 @@ _bfd_final_link_relocate (reloc_howto_type *howto,
1216 bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
1217
1218 /* Sanity check the address. */
1219 - if (octets + bfd_get_reloc_size (howto)
1220 - > bfd_get_section_limit_octets (input_bfd, input_section))
1221 + if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
1222 return bfd_reloc_outofrange;
1223
1224 /* This function assumes that we are dealing with a basic relocation
1225 --
1226 2.13.0
1227
1228
1229
1230
1231 1.1 src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch
1232
1233 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch?rev=1.1&view=markup
1234 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch?rev=1.1&content-type=text/plain
1235
1236 Index: 00_all_0012-CVE-2017-8421.patch
1237 ===================================================================
1238 From a25bb8053a025a07741c4798720dc186800792da Mon Sep 17 00:00:00 2001
1239 From: Matthias Maier <tamiko@××××.org>
1240 Date: Tue, 6 Jun 2017 16:27:20 -0500
1241 Subject: [PATCH 06/10] CVE-2017-8421
1242
1243 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
1244 [2] https://bugs.gentoo.org/show_bug.cgi?id=618520
1245 ---
1246 binutils/objdump.c | 8 ++++++++
1247 1 file changed, 8 insertions(+)
1248
1249 diff --git a/binutils/objdump.c b/binutils/objdump.c
1250 index f61968b..0ec31f2 100644
1251 --- a/binutils/objdump.c
1252 +++ b/binutils/objdump.c
1253 @@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd,
1254 return;
1255 }
1256
1257 + if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
1258 + && relsize > get_file_size (bfd_get_filename (abfd)))
1259 + {
1260 + printf (" (too many: 0x%x)\n", section->reloc_count);
1261 + bfd_set_error (bfd_error_file_truncated);
1262 + bfd_fatal (bfd_get_filename (abfd));
1263 + }
1264 +
1265 relpp = (arelent **) xmalloc (relsize);
1266 relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
1267
1268 --
1269 2.13.0
1270
1271
1272
1273
1274 1.1 src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch
1275
1276 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch?rev=1.1&view=markup
1277 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch?rev=1.1&content-type=text/plain
1278
1279 Index: 00_all_0013-CVE-2017-9038.patch
1280 ===================================================================
1281 From 02debfb464c87f7981db56e2d3e0372c8060c112 Mon Sep 17 00:00:00 2001
1282 From: Matthias Maier <tamiko@××××.org>
1283 Date: Tue, 6 Jun 2017 16:29:36 -0500
1284 Subject: [PATCH 07/10] CVE-2017-9038
1285
1286 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
1287 [2] https://bugs.gentoo.org/show_bug.cgi?id=618826
1288 ---
1289 binutils/readelf.c | 6 +++---
1290 1 file changed, 3 insertions(+), 3 deletions(-)
1291
1292 diff --git a/binutils/readelf.c b/binutils/readelf.c
1293 index 8dca490..76b0446 100644
1294 --- a/binutils/readelf.c
1295 +++ b/binutils/readelf.c
1296 @@ -7965,9 +7965,9 @@ get_unwind_section_word (struct arm_unw_aux_info * aux,
1297 return FALSE;
1298
1299 /* If the offset is invalid then fail. */
1300 - if (word_offset > (sec->sh_size - 4)
1301 - /* PR 18879 */
1302 - || (sec->sh_size < 5 && word_offset >= sec->sh_size)
1303 + if (/* PR 21343 *//* PR 18879 */
1304 + sec->sh_size < 4
1305 + || word_offset > (sec->sh_size - 4)
1306 || ((bfd_signed_vma) word_offset) < 0)
1307 return FALSE;
1308
1309 --
1310 2.13.0
1311
1312
1313
1314
1315 1.1 src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch
1316
1317 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch?rev=1.1&view=markup
1318 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch?rev=1.1&content-type=text/plain
1319
1320 Index: 00_all_0014-CVE-2017-9039.patch
1321 ===================================================================
1322 From cbd6b5d21e987c7799db6bc237ace666762e8ab9 Mon Sep 17 00:00:00 2001
1323 From: Matthias Maier <tamiko@××××.org>
1324 Date: Tue, 6 Jun 2017 16:33:56 -0500
1325 Subject: [PATCH 08/10] CVE-2017-9039
1326
1327 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
1328 [2] https://bugs.gentoo.org/show_bug.cgi?id=618826
1329 ---
1330 binutils/readelf.c | 14 ++++++++++++--
1331 1 file changed, 12 insertions(+), 2 deletions(-)
1332
1333 diff --git a/binutils/readelf.c b/binutils/readelf.c
1334 index 76b0446..659b777 100644
1335 --- a/binutils/readelf.c
1336 +++ b/binutils/readelf.c
1337 @@ -4758,9 +4758,19 @@ get_program_headers (FILE * file)
1338 if (program_headers != NULL)
1339 return 1;
1340
1341 - phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
1342 - sizeof (Elf_Internal_Phdr));
1343 + /* Be kind to memory checkers by looking for
1344 + e_phnum values which we know must be invalid. */
1345 + if (elf_header.e_phnum
1346 + * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr))
1347 + >= current_file_size)
1348 + {
1349 + error (_("Too many program headers - %#x - the file is not that big\n"),
1350 + elf_header.e_phnum);
1351 + return FALSE;
1352 + }
1353
1354 + phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
1355 + sizeof (Elf_Internal_Phdr));
1356 if (phdrs == NULL)
1357 {
1358 error (_("Out of memory reading %u program headers\n"),
1359 --
1360 2.13.0
1361
1362
1363
1364
1365 1.1 src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch
1366
1367 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch?rev=1.1&view=markup
1368 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch?rev=1.1&content-type=text/plain
1369
1370 Index: 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch
1371 ===================================================================
1372 From 5eeab6e574d9712efe1f2ddaf48b6dddba69dc52 Mon Sep 17 00:00:00 2001
1373 From: Matthias Maier <tamiko@××××.org>
1374 Date: Tue, 6 Jun 2017 16:37:58 -0500
1375 Subject: [PATCH 09/10] CVE-2017-9040, CVE-2017-9042
1376
1377 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
1378 [2] https://bugs.gentoo.org/show_bug.cgi?id=618826
1379 ---
1380 binutils/readelf.c | 15 +++++++++++++++
1381 1 file changed, 15 insertions(+)
1382
1383 diff --git a/binutils/readelf.c b/binutils/readelf.c
1384 index 659b777..74e4c3a 100644
1385 --- a/binutils/readelf.c
1386 +++ b/binutils/readelf.c
1387 @@ -9299,6 +9299,12 @@ process_dynamic_section (FILE * file)
1388 processing that. This is overkill, I know, but it
1389 should work. */
1390 section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
1391 + if ((bfd_size_type) section.sh_offset > current_file_size)
1392 + {
1393 + /* See PR 21379 for a reproducer. */
1394 + error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset);
1395 + return FALSE;
1396 + }
1397
1398 if (archive_file_offset != 0)
1399 section.sh_size = archive_file_size - section.sh_offset;
1400 @@ -15081,6 +15087,15 @@ process_mips_specific (FILE * file)
1401 return 0;
1402 }
1403
1404 + /* PR 21345 - print a slightly more helpful error message
1405 + if we are sure that the cmalloc will fail. */
1406 + if (conflictsno * sizeof (* iconf) > current_file_size)
1407 + {
1408 + error (_("Overlarge number of conflicts detected: %lx\n"),
1409 + (long) conflictsno);
1410 + return FALSE;
1411 + }
1412 +
1413 iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
1414 if (iconf == NULL)
1415 {
1416 --
1417 2.13.0
1418
1419
1420
1421
1422 1.1 src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch
1423
1424 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch?rev=1.1&view=markup
1425 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch?rev=1.1&content-type=text/plain
1426
1427 Index: 00_all_0016-CVE-2017-9041.patch
1428 ===================================================================
1429 From 936856858aebc77e8d480f25c69e486057b05dfe Mon Sep 17 00:00:00 2001
1430 From: Matthias Maier <tamiko@××××.org>
1431 Date: Tue, 6 Jun 2017 16:41:59 -0500
1432 Subject: [PATCH 10/10] CVE-2017-9041
1433
1434 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
1435 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
1436 [2] https://bugs.gentoo.org/show_bug.cgi?id=618826
1437 ---
1438 binutils/readelf.c | 7 +++++++
1439 1 file changed, 7 insertions(+)
1440
1441 diff --git a/binutils/readelf.c b/binutils/readelf.c
1442 index 74e4c3a..5507663 100644
1443 --- a/binutils/readelf.c
1444 +++ b/binutils/readelf.c
1445 @@ -15211,7 +15211,14 @@ process_mips_specific (FILE * file)
1446 printf (_(" Lazy resolver\n"));
1447 if (ent == (bfd_vma) -1)
1448 goto got_print_fail;
1449 +
1450 + /* Check for the MSB of GOT[1] being set, denoting a GNU object.
1451 + This entry will be used by some runtime loaders, to store the
1452 + module pointer. Otherwise this is an ordinary local entry.
1453 + PR 21344: Check for the entry being fully available before
1454 + fetching it. */
1455 if (data
1456 + && data + ent - pltgot + addr_size <= data_end
1457 && (byte_get (data + ent - pltgot, addr_size)
1458 >> (addr_size * 8 - 1)) != 0)
1459 {
1460 --
1461 2.13.0
1462
1463
1464
1465
1466 1.1 src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch
1467
1468 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch?rev=1.1&view=markup
1469 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch?rev=1.1&content-type=text/plain
1470
1471 Index: 00_all_0017-CVE-2017-7614.patch
1472 ===================================================================
1473 From 398dc44e4596294a24f74771db0ea6006034b501 Mon Sep 17 00:00:00 2001
1474 From: Matthias Maier <tamiko@××××.org>
1475 Date: Tue, 6 Jun 2017 17:12:24 -0500
1476 Subject: [PATCH] CVE-2017-7614
1477
1478 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
1479 [2] https://bugs.gentoo.org/show_bug.cgi?id=618006
1480 ---
1481 bfd/elflink.c | 35 +++++++++++++++++++++--------------
1482 1 file changed, 21 insertions(+), 14 deletions(-)
1483
1484 diff --git a/bfd/elflink.c b/bfd/elflink.c
1485 index 69b66f2..96f74be 100644
1486 --- a/bfd/elflink.c
1487 +++ b/bfd/elflink.c
1488 @@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
1489 defined in shared libraries can't be overridden, because we
1490 lose the link to the bfd which is via the symbol section. */
1491 h->root.type = bfd_link_hash_new;
1492 + bh = &h->root;
1493 }
1494 + else
1495 + bh = NULL;
1496
1497 - bh = &h->root;
1498 bed = get_elf_backend_data (abfd);
1499 if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
1500 sec, 0, NULL, FALSE, bed->collect,
1501 &bh))
1502 return NULL;
1503 h = (struct elf_link_hash_entry *) bh;
1504 + BFD_ASSERT (h != NULL);
1505 h->def_regular = 1;
1506 h->non_elf = 0;
1507 h->root.linker_def = 1;
1508 @@ -11973,24 +11976,28 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info)
1509 {
1510 /* Finish up and write out the symbol string table (.strtab)
1511 section. */
1512 - Elf_Internal_Shdr *symstrtab_hdr;
1513 + Elf_Internal_Shdr *symstrtab_hdr = NULL;
1514 file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
1515
1516 - symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
1517 - if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
1518 + if (elf_symtab_shndx_list (abfd))
1519 {
1520 - symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
1521 - symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
1522 - symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
1523 - amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
1524 - symtab_shndx_hdr->sh_size = amt;
1525 + symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
1526
1527 - off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
1528 - off, TRUE);
1529 + if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
1530 + {
1531 + symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
1532 + symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
1533 + symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
1534 + amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
1535 + symtab_shndx_hdr->sh_size = amt;
1536
1537 - if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
1538 - || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
1539 - return FALSE;
1540 + off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
1541 + off, TRUE);
1542 +
1543 + if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
1544 + || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
1545 + return FALSE;
1546 + }
1547 }
1548
1549 symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
1550 --
1551 2.13.0
1552
1553
1554
1555
1556 1.1 src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch
1557
1558 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch?rev=1.1&view=markup
1559 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch?rev=1.1&content-type=text/plain
1560
1561 Index: 00_all_0018-CVE-2017-6965.patch
1562 ===================================================================
1563 From 00e45d8e07536e7eee850f00a6101011e7088171 Mon Sep 17 00:00:00 2001
1564 From: Matthias Maier <tamiko@××××.org>
1565 Date: Wed, 7 Jun 2017 09:29:37 -0500
1566 Subject: [PATCH 1/3] CVE-2017-6965
1567
1568 [PATCH] Fix readelf writing to illegal addresses whilst processing corrupt input files containing symbol-difference relocations.
1569
1570 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
1571 [2] https://bugs.gentoo.org/show_bug.cgi?id=621130
1572 ---
1573 binutils/readelf.c | 30 +++++++++++++++++++++++++-----
1574 1 file changed, 25 insertions(+), 5 deletions(-)
1575
1576 diff --git a/binutils/readelf.c b/binutils/readelf.c
1577 index 5507663..7a908a1 100644
1578 --- a/binutils/readelf.c
1579 +++ b/binutils/readelf.c
1580 @@ -11600,6 +11600,7 @@ process_syminfo (FILE * file ATTRIBUTE_UNUSED)
1581 static bfd_boolean
1582 target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1583 unsigned char * start,
1584 + unsigned char * end,
1585 Elf_Internal_Sym * symtab)
1586 {
1587 unsigned int reloc_type = get_reloc_type (reloc->r_info);
1588 @@ -11640,13 +11641,19 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1589 handle_sym_diff:
1590 if (saved_sym != NULL)
1591 {
1592 + int reloc_size = reloc_type == 1 ? 4 : 2;
1593 bfd_vma value;
1594
1595 value = reloc->r_addend
1596 + (symtab[get_reloc_symindex (reloc->r_info)].st_value
1597 - saved_sym->st_value);
1598
1599 - byte_put (start + reloc->r_offset, value, reloc_type == 1 ? 4 : 2);
1600 + if (start + reloc->r_offset + reloc_size >= end)
1601 + /* PR 21137 */
1602 + error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"),
1603 + start + reloc->r_offset + reloc_size, end);
1604 + else
1605 + byte_put (start + reloc->r_offset, value, reloc_size);
1606
1607 saved_sym = NULL;
1608 return TRUE;
1609 @@ -11677,13 +11684,18 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1610 case 2: /* R_MN10300_16 */
1611 if (saved_sym != NULL)
1612 {
1613 + int reloc_size = reloc_type == 1 ? 4 : 2;
1614 bfd_vma value;
1615
1616 value = reloc->r_addend
1617 + (symtab[get_reloc_symindex (reloc->r_info)].st_value
1618 - saved_sym->st_value);
1619
1620 - byte_put (start + reloc->r_offset, value, reloc_type == 1 ? 4 : 2);
1621 + if (start + reloc->r_offset + reloc_size >= end)
1622 + error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"),
1623 + start + reloc->r_offset + reloc_size, end);
1624 + else
1625 + byte_put (start + reloc->r_offset, value, reloc_size);
1626
1627 saved_sym = NULL;
1628 return TRUE;
1629 @@ -11718,12 +11730,20 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1630 break;
1631
1632 case 0x41: /* R_RL78_ABS32. */
1633 - byte_put (start + reloc->r_offset, value, 4);
1634 + if (start + reloc->r_offset + 4 >= end)
1635 + error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"),
1636 + start + reloc->r_offset + 2, end);
1637 + else
1638 + byte_put (start + reloc->r_offset, value, 4);
1639 value = 0;
1640 return TRUE;
1641
1642 case 0x43: /* R_RL78_ABS16. */
1643 - byte_put (start + reloc->r_offset, value, 2);
1644 + if (start + reloc->r_offset + 2 >= end)
1645 + error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"),
1646 + start + reloc->r_offset + 2, end);
1647 + else
1648 + byte_put (start + reloc->r_offset, value, 2);
1649 value = 0;
1650 return TRUE;
1651
1652 @@ -12340,7 +12360,7 @@ apply_relocations (void * file,
1653
1654 reloc_type = get_reloc_type (rp->r_info);
1655
1656 - if (target_specific_reloc_handling (rp, start, symtab))
1657 + if (target_specific_reloc_handling (rp, start, end, symtab))
1658 continue;
1659 else if (is_none_reloc (reloc_type))
1660 continue;
1661 --
1662 2.13.0
1663
1664
1665
1666
1667 1.1 src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch
1668
1669 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch?rev=1.1&view=markup
1670 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch?rev=1.1&content-type=text/plain
1671
1672 Index: 00_all_0019-CVE-2017-6966.patch
1673 ===================================================================
1674 From f25ff3ce9735df03fcbe7ecc1897cf8e0de4b6ae Mon Sep 17 00:00:00 2001
1675 From: Matthias Maier <tamiko@××××.org>
1676 Date: Wed, 7 Jun 2017 09:31:53 -0500
1677 Subject: [PATCH 2/3] CVE-2017-6966
1678
1679 [PATCH] Fix read-after-free error in readelf when processing multiple, relocated sections in an MSP430 binary.
1680
1681 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
1682 [2] https://bugs.gentoo.org/show_bug.cgi?id=621130
1683 ---
1684 binutils/readelf.c | 109 +++++++++++++++++++++++++++++++++++++++++------------
1685 1 file changed, 84 insertions(+), 25 deletions(-)
1686
1687 diff --git a/binutils/readelf.c b/binutils/readelf.c
1688 index 7a908a1..fd23b6b 100644
1689 --- a/binutils/readelf.c
1690 +++ b/binutils/readelf.c
1691 @@ -11595,15 +11595,27 @@ process_syminfo (FILE * file ATTRIBUTE_UNUSED)
1692
1693 /* Check to see if the given reloc needs to be handled in a target specific
1694 manner. If so then process the reloc and return TRUE otherwise return
1695 - FALSE. */
1696 + FALSE.
1697 +
1698 + If called with reloc == NULL, then this is a signal that reloc processing
1699 + for the current section has finished, and any saved state should be
1700 + discarded. */
1701
1702 static bfd_boolean
1703 target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1704 unsigned char * start,
1705 unsigned char * end,
1706 - Elf_Internal_Sym * symtab)
1707 + Elf_Internal_Sym * symtab,
1708 + unsigned long num_syms)
1709 {
1710 - unsigned int reloc_type = get_reloc_type (reloc->r_info);
1711 + unsigned int reloc_type = 0;
1712 + unsigned long sym_index = 0;
1713 +
1714 + if (reloc)
1715 + {
1716 + reloc_type = get_reloc_type (reloc->r_info);
1717 + sym_index = get_reloc_symindex (reloc->r_info);
1718 + }
1719
1720 switch (elf_header.e_machine)
1721 {
1722 @@ -11612,6 +11624,12 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1723 {
1724 static Elf_Internal_Sym * saved_sym = NULL;
1725
1726 + if (reloc == NULL)
1727 + {
1728 + saved_sym = NULL;
1729 + return TRUE;
1730 + }
1731 +
1732 switch (reloc_type)
1733 {
1734 case 10: /* R_MSP430_SYM_DIFF */
1735 @@ -11619,7 +11637,12 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1736 break;
1737 /* Fall through. */
1738 case 21: /* R_MSP430X_SYM_DIFF */
1739 - saved_sym = symtab + get_reloc_symindex (reloc->r_info);
1740 + /* PR 21139. */
1741 + if (sym_index >= num_syms)
1742 + error (_("MSP430 SYM_DIFF reloc contains invalid symbol index %lu\n"),
1743 + sym_index);
1744 + else
1745 + saved_sym = symtab + sym_index;
1746 return TRUE;
1747
1748 case 1: /* R_MSP430_32 or R_MSP430_ABS32 */
1749 @@ -11644,16 +11667,21 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1750 int reloc_size = reloc_type == 1 ? 4 : 2;
1751 bfd_vma value;
1752
1753 - value = reloc->r_addend
1754 - + (symtab[get_reloc_symindex (reloc->r_info)].st_value
1755 - - saved_sym->st_value);
1756 -
1757 - if (start + reloc->r_offset + reloc_size >= end)
1758 - /* PR 21137 */
1759 - error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"),
1760 - start + reloc->r_offset + reloc_size, end);
1761 + if (sym_index >= num_syms)
1762 + error (_("MSP430 reloc contains invalid symbol index %lu\n"),
1763 + sym_index);
1764 else
1765 - byte_put (start + reloc->r_offset, value, reloc_size);
1766 + {
1767 + value = reloc->r_addend + (symtab[sym_index].st_value
1768 + - saved_sym->st_value);
1769 +
1770 + if (start + reloc->r_offset + reloc_size >= end)
1771 + /* PR 21137 */
1772 + error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"),
1773 + start + reloc->r_offset + reloc_size, end);
1774 + else
1775 + byte_put (start + reloc->r_offset, value, reloc_size);
1776 + }
1777
1778 saved_sym = NULL;
1779 return TRUE;
1780 @@ -11673,13 +11701,24 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1781 {
1782 static Elf_Internal_Sym * saved_sym = NULL;
1783
1784 + if (reloc == NULL)
1785 + {
1786 + saved_sym = NULL;
1787 + return TRUE;
1788 + }
1789 +
1790 switch (reloc_type)
1791 {
1792 case 34: /* R_MN10300_ALIGN */
1793 return TRUE;
1794 case 33: /* R_MN10300_SYM_DIFF */
1795 - saved_sym = symtab + get_reloc_symindex (reloc->r_info);
1796 + if (sym_index >= num_syms)
1797 + error (_("MN10300_SYM_DIFF reloc contains invalid symbol index %lu\n"),
1798 + sym_index);
1799 + else
1800 + saved_sym = symtab + sym_index;
1801 return TRUE;
1802 +
1803 case 1: /* R_MN10300_32 */
1804 case 2: /* R_MN10300_16 */
1805 if (saved_sym != NULL)
1806 @@ -11687,15 +11726,20 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1807 int reloc_size = reloc_type == 1 ? 4 : 2;
1808 bfd_vma value;
1809
1810 - value = reloc->r_addend
1811 - + (symtab[get_reloc_symindex (reloc->r_info)].st_value
1812 - - saved_sym->st_value);
1813 -
1814 - if (start + reloc->r_offset + reloc_size >= end)
1815 - error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"),
1816 - start + reloc->r_offset + reloc_size, end);
1817 + if (sym_index >= num_syms)
1818 + error (_("MN10300 reloc contains invalid symbol index %lu\n"),
1819 + sym_index);
1820 else
1821 - byte_put (start + reloc->r_offset, value, reloc_size);
1822 + {
1823 + value = reloc->r_addend + (symtab[sym_index].st_value
1824 + - saved_sym->st_value);
1825 +
1826 + if (start + reloc->r_offset + reloc_size >= end)
1827 + error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"),
1828 + start + reloc->r_offset + reloc_size, end);
1829 + else
1830 + byte_put (start + reloc->r_offset, value, reloc_size);
1831 + }
1832
1833 saved_sym = NULL;
1834 return TRUE;
1835 @@ -11715,12 +11759,24 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc,
1836 static bfd_vma saved_sym2 = 0;
1837 static bfd_vma value;
1838
1839 + if (reloc == NULL)
1840 + {
1841 + saved_sym1 = saved_sym2 = 0;
1842 + return TRUE;
1843 + }
1844 +
1845 switch (reloc_type)
1846 {
1847 case 0x80: /* R_RL78_SYM. */
1848 saved_sym1 = saved_sym2;
1849 - saved_sym2 = symtab[get_reloc_symindex (reloc->r_info)].st_value;
1850 - saved_sym2 += reloc->r_addend;
1851 + if (sym_index >= num_syms)
1852 + error (_("RL78_SYM reloc contains invalid symbol index %lu\n"),
1853 + sym_index);
1854 + else
1855 + {
1856 + saved_sym2 = symtab[sym_index].st_value;
1857 + saved_sym2 += reloc->r_addend;
1858 + }
1859 return TRUE;
1860
1861 case 0x83: /* R_RL78_OPsub. */
1862 @@ -12360,7 +12416,7 @@ apply_relocations (void * file,
1863
1864 reloc_type = get_reloc_type (rp->r_info);
1865
1866 - if (target_specific_reloc_handling (rp, start, end, symtab))
1867 + if (target_specific_reloc_handling (rp, start, end, symtab, num_syms))
1868 continue;
1869 else if (is_none_reloc (reloc_type))
1870 continue;
1871 @@ -12456,6 +12512,9 @@ apply_relocations (void * file,
1872 }
1873
1874 free (symtab);
1875 + /* Let the target specific reloc processing code know that
1876 + we have finished with these relocs. */
1877 + target_specific_reloc_handling (NULL, NULL, NULL, NULL, 0);
1878
1879 if (relocs_return)
1880 {
1881 --
1882 2.13.0
1883
1884
1885
1886
1887 1.1 src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch
1888
1889 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch?rev=1.1&view=markup
1890 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch?rev=1.1&content-type=text/plain
1891
1892 Index: 00_all_0020-CVE-2017-6969.patch
1893 ===================================================================
1894 From bb8c412a9450141286bf4eef04b14fe47bbc364f Mon Sep 17 00:00:00 2001
1895 From: Matthias Maier <tamiko@××××.org>
1896 Date: Wed, 7 Jun 2017 09:35:35 -0500
1897 Subject: [PATCH 3/3] CVE-2017-6969
1898
1899 [PATCH] Fix illegal memory accesses in readelf when parsing a corrupt binary.
1900 [PATCH] Fix another memory access error in readelf when parsing a corrupt binary.
1901
1902 [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
1903 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14
1904 [2] https://bugs.gentoo.org/show_bug.cgi?id=621130
1905 ---
1906 binutils/dwarf.c | 34 ++++++++++++++++++++--------------
1907 binutils/readelf.c | 10 ++++++++--
1908 2 files changed, 28 insertions(+), 16 deletions(-)
1909
1910 diff --git a/binutils/dwarf.c b/binutils/dwarf.c
1911 index 05efa6e..3312bc5 100644
1912 --- a/binutils/dwarf.c
1913 +++ b/binutils/dwarf.c
1914 @@ -76,7 +76,6 @@ int dwarf_check = 0;
1915 as a zero-terminated list of section indexes comprising one set of debug
1916 sections from a .dwo file. */
1917
1918 -static int cu_tu_indexes_read = 0;
1919 static unsigned int *shndx_pool = NULL;
1920 static unsigned int shndx_pool_size = 0;
1921 static unsigned int shndx_pool_used = 0;
1922 @@ -99,7 +98,7 @@ static int tu_count = 0;
1923 static struct cu_tu_set *cu_sets = NULL;
1924 static struct cu_tu_set *tu_sets = NULL;
1925
1926 -static void load_cu_tu_indexes (void *file);
1927 +static bfd_boolean load_cu_tu_indexes (void *);
1928
1929 /* Values for do_debug_lines. */
1930 #define FLAG_DEBUG_LINES_RAW 1
1931 @@ -2739,7 +2738,7 @@ load_debug_info (void * file)
1932 return num_debug_info_entries;
1933
1934 /* If this is a DWARF package file, load the CU and TU indexes. */
1935 - load_cu_tu_indexes (file);
1936 + (void) load_cu_tu_indexes (file);
1937
1938 if (load_debug_section (info, file)
1939 && process_debug_info (&debug_displays [info].section, file, abbrev, 1, 0))
1940 @@ -7402,21 +7401,27 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
1941 section sets that we can use to associate a .debug_info.dwo section
1942 with its associated .debug_abbrev.dwo section in a .dwp file. */
1943
1944 -static void
1945 +static bfd_boolean
1946 load_cu_tu_indexes (void *file)
1947 {
1948 + static int cu_tu_indexes_read = -1; /* Tri-state variable. */
1949 +
1950 /* If we have already loaded (or tried to load) the CU and TU indexes
1951 then do not bother to repeat the task. */
1952 - if (cu_tu_indexes_read)
1953 - return;
1954 -
1955 - if (load_debug_section (dwp_cu_index, file))
1956 - process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0);
1957 -
1958 - if (load_debug_section (dwp_tu_index, file))
1959 - process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0);
1960 + if (cu_tu_indexes_read == -1)
1961 + {
1962 + cu_tu_indexes_read = TRUE;
1963 +
1964 + if (load_debug_section (dwp_cu_index, file))
1965 + if (! process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0))
1966 + cu_tu_indexes_read = FALSE;
1967 +
1968 + if (load_debug_section (dwp_tu_index, file))
1969 + if (! process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0))
1970 + cu_tu_indexes_read = FALSE;
1971 + }
1972
1973 - cu_tu_indexes_read = 1;
1974 + return (bfd_boolean) cu_tu_indexes_read;
1975 }
1976
1977 /* Find the set of sections that includes section SHNDX. */
1978 @@ -7426,7 +7431,8 @@ find_cu_tu_set (void *file, unsigned int shndx)
1979 {
1980 unsigned int i;
1981
1982 - load_cu_tu_indexes (file);
1983 + if (! load_cu_tu_indexes (file))
1984 + return NULL;
1985
1986 /* Find SHNDX in the shndx pool. */
1987 for (i = 0; i < shndx_pool_used; i++)
1988 diff --git a/binutils/readelf.c b/binutils/readelf.c
1989 index fd23b6b..3950412 100644
1990 --- a/binutils/readelf.c
1991 +++ b/binutils/readelf.c
1992 @@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set)
1993 if (set != NULL)
1994 {
1995 while ((i = *set++) > 0)
1996 - if (streq (SECTION_NAME (section_headers + i), name))
1997 - return section_headers + i;
1998 + {
1999 + /* See PR 21156 for a reproducer. */
2000 + if (i >= elf_header.e_shnum)
2001 + continue; /* FIXME: Should we issue an error message ? */
2002 +
2003 + if (streq (SECTION_NAME (section_headers + i), name))
2004 + return section_headers + i;
2005 + }
2006 }
2007
2008 return find_section (name);
2009 --
2010 2.13.0
2011
2012
2013
2014
2015 1.1 src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch
2016
2017 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch?rev=1.1&view=markup
2018 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch?rev=1.1&content-type=text/plain
2019
2020 Index: 00_all_0021-fix-out-of-bounds-access-in-elf.c.patch
2021 ===================================================================
2022 From 5cc4ca837deac7dc962d8a3741aa120c50ab41da Mon Sep 17 00:00:00 2001
2023 From: Sergei Trofimovich <slyfox@g.o>
2024 Date: Sat, 24 Jun 2017 18:40:41 +0100
2025 Subject: [PATCH] fix out-of-bounds access in elf.c:find_link
2026
2027 The out-of-bounds access is reproducible on 'ia64-strip' command
2028 (see sample from https://bugs.gentoo.org/show_bug.cgi?id=622500)
2029
2030 The output file contains less section than original one.
2031 This tricks 'hint' access to go out-of-bounds:
2032
2033 * elf.c (find_link): Bounds check "hint".
2034 ---
2035 bfd/elf.c | 6 ++++--
2036 2 files changed, 8 insertions(+), 2 deletions(-)
2037
2038 diff --git a/bfd/elf.c b/bfd/elf.c
2039 index 5f37e7f..76c6a5c 100644
2040 --- a/bfd/elf.c
2041 +++ b/bfd/elf.c
2042 @@ -1283,7 +1283,8 @@ section_match (const Elf_Internal_Shdr * a,
2043 to be the correct section. */
2044
2045 static unsigned int
2046 -find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned int hint)
2047 +find_link (const bfd *obfd, const Elf_Internal_Shdr *iheader,
2048 + const unsigned int hint)
2049 {
2050 Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
2051 unsigned int i;
2052 @@ -1291,7 +1292,8 @@ find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned i
2053 BFD_ASSERT (iheader != NULL);
2054
2055 /* See PR 20922 for a reproducer of the NULL test. */
2056 - if (oheaders[hint] != NULL
2057 + if (hint < elf_numsections (obfd)
2058 + && oheaders[hint] != NULL
2059 && section_match (oheaders[hint], iheader))
2060 return hint;
2061
2062 --
2063 2.9.3
2064
2065
2066
2067
2068 1.1 src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch
2069
2070 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch?rev=1.1&view=markup
2071 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch?rev=1.1&content-type=text/plain
2072
2073 Index: 00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch
2074 ===================================================================
2075 From 4b48e2f6a50e85e5acc316289c4a6af693ad98f0 Mon Sep 17 00:00:00 2001
2076 From: Nick Clifton <nickc@××××××.com>
2077 Date: Fri, 16 Jun 2017 15:16:19 +0100
2078 Subject: [PATCH 1/1] Fixing linking configure generated tests of ifunc
2079 support.
2080
2081 * elflink.c (bfd_elf_size_dynsym_hash_dynstr): Do not fail if the
2082 bucketlist is empty because there are no symbols to add to the
2083 list.
2084
2085 http://bugs.gentoo.org/622036
2086
2087 ---
2088 bfd/ChangeLog | 6 ++++++
2089 bfd/elflink.c | 2 +-
2090 2 files changed, 7 insertions(+), 1 deletion(-)
2091
2092 diff --git a/bfd/elflink.c b/bfd/elflink.c
2093 index 1a83b88..e35ec63 100644
2094 --- a/bfd/elflink.c
2095 +++ b/bfd/elflink.c
2096 @@ -6940,7 +6940,7 @@ bfd_elf_size_dynsym_hash_dynstr (bfd *output_bfd, struct bfd_link_info *info)
2097 = compute_bucket_count (info, hashcodes, nsyms, 0);
2098 free (hashcodes);
2099
2100 - if (bucketcount == 0)
2101 + if (bucketcount == 0 && nsyms > 0)
2102 return FALSE;
2103
2104 elf_hash_table (info)->bucketcount = bucketcount;
2105 --
2106 2.9.3
2107
2108
2109
2110
2111 1.1 src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch
2112
2113 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch?rev=1.1&view=markup
2114 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch?rev=1.1&content-type=text/plain
2115
2116 Index: 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch
2117 ===================================================================
2118 Subject: [PATCH] readelf: Don't error on .debug files with NOBITS .dynamic section.
2119 From: Mark Wielaard <mark@×××××.org>
2120
2121 The fix for PR binutils/17512 added a check for the dynamic segment being
2122 inside the actual ELF file. If not an error message would be produced:
2123
2124 readelf: Error: the dynamic segment offset + size exceeds the size of the file
2125
2126 Unfortunately for separate debuginfo files it is common for the dynamic
2127 segment not being inside the file because the .dynamic section is NOBITS.
2128
2129 Since the check is done unconditionally in process_program_headers and
2130 process_program_headers is always called (to setup dynamic_addr in case
2131 it is needed). The error is produced on any operations done on any .debug
2132 file (even if no program headers or the dynamic segment is used).
2133
2134 If there are section headers then a cross check is done to see if the
2135 .dynamic section is NOBITS in which case dynamic_addr is set to zero
2136 without a warning or error (which is then checked first before any
2137 operation on the dynamic segement is done).
2138
2139 Move the check for the dynamic segment being inside the actual ELF file
2140 after the cross check with the section headers to suppress the error for
2141 .debug files.
2142
2143 binutils/ChangeLog:
2144
2145 * readelf.c (process_program_headers): Move dynamic_addr check
2146 after .dynamic section cross check.
2147 ---
2148 binutils/ChangeLog | 5 +++++
2149 binutils/readelf.c | 16 ++++++++++------
2150 2 files changed, 15 insertions(+), 6 deletions(-)
2151
2152 diff --git a/binutils/readelf.c b/binutils/readelf.c
2153 index ad65f07..8b1d924 100644
2154 --- a/binutils/readelf.c
2155 +++ b/binutils/readelf.c
2156 @@ -4997,12 +4997,6 @@ process_program_headers (FILE * file)
2157 section in the DYNAMIC segment. */
2158 dynamic_addr = segment->p_offset;
2159 dynamic_size = segment->p_filesz;
2160 - /* PR binutils/17512: Avoid corrupt dynamic section info in the segment. */
2161 - if (dynamic_addr + dynamic_size >= current_file_size)
2162 - {
2163 - error (_("the dynamic segment offset + size exceeds the size of the file\n"));
2164 - dynamic_addr = dynamic_size = 0;
2165 - }
2166
2167 /* Try to locate the .dynamic section. If there is
2168 a section header table, we can easily locate it. */
2169 @@ -5037,6 +5031,16 @@ process_program_headers (FILE * file)
2170 warn (_("the .dynamic section is not the first section"
2171 " in the dynamic segment.\n"));
2172 }
2173 +
2174 + /* PR binutils/17512: Avoid corrupt dynamic section info in the
2175 + segment. Check this after matching against the section headers
2176 + so we don't warn on debuginfo file (which have NOBITS .dynamic
2177 + sections). */
2178 + if (dynamic_addr + dynamic_size >= current_file_size)
2179 + {
2180 + error (_("the dynamic segment offset + size exceeds the size of the file\n"));
2181 + dynamic_addr = dynamic_size = 0;
2182 + }
2183 break;
2184
2185 case PT_INTERP:
2186 --
2187 1.8.3.1
2188
2189
2190
2191 1.1 src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch
2192
2193 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch?rev=1.1&view=markup
2194 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch?rev=1.1&content-type=text/plain
2195
2196 Index: 00_all_0024-CVE-2017-9742.patch
2197 ===================================================================
2198 From e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e Mon Sep 17 00:00:00 2001
2199 From: Nick Clifton <nickc@××××××.com>
2200 Date: Wed, 14 Jun 2017 17:10:28 +0100
2201 Subject: [PATCH] Fix seg-fault when trying to disassemble a corrupt score
2202 binary.
2203
2204 PR binutils/21576
2205 * score7-dis.c (score_opcodes): Add sentinel.
2206 ---
2207 opcodes/score7-dis.c | 3 ++-
2208 2 files changed, 7 insertions(+), 1 deletion(-)
2209
2210 diff --git a/opcodes/score7-dis.c b/opcodes/score7-dis.c
2211 index c50a60f..8d0d969 100644
2212 --- a/opcodes/score7-dis.c
2213 +++ b/opcodes/score7-dis.c
2214 @@ -513,7 +513,8 @@ static struct score_opcode score_opcodes[] =
2215 {0x00000d05, 0x00007f0f, "tvc!"},
2216 {0x00000026, 0x3e0003ff, "xor\t\t%20-24r, %15-19r, %10-14r"},
2217 {0x00000027, 0x3e0003ff, "xor.c\t\t%20-24r, %15-19r, %10-14r"},
2218 - {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"}
2219 + {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"},
2220 + { 0, 0, NULL }
2221 };
2222
2223 typedef struct
2224 --
2225 2.9.3
2226
2227
2228
2229
2230 1.1 src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch
2231
2232 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch?rev=1.1&view=markup
2233 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch?rev=1.1&content-type=text/plain
2234
2235 Index: 00_all_0025-CVE-2017-9954.patch
2236 ===================================================================
2237 From 04e15b4a9462cb1ae819e878a6009829aab8020b Mon Sep 17 00:00:00 2001
2238 From: Nick Clifton <nickc@××××××.com>
2239 Date: Mon, 26 Jun 2017 15:46:34 +0100
2240 Subject: [PATCH] Fix address violation parsing a corrupt texhex format file.
2241
2242 PR binutils/21670
2243 * tekhex.c (getvalue): Check for the source pointer exceeding the
2244 end pointer before the first byte is read.
2245 ---
2246 bfd/tekhex.c | 6 +++++-
2247 2 files changed, 11 insertions(+), 1 deletion(-)
2248
2249 diff --git a/bfd/tekhex.c b/bfd/tekhex.c
2250 index 214b54a..cfa75d5 100644
2251 --- a/bfd/tekhex.c
2252 +++ b/bfd/tekhex.c
2253 @@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep, char * endp)
2254 bfd_vma value = 0;
2255 unsigned int len;
2256
2257 + if (src >= endp)
2258 + return FALSE;
2259 +
2260 if (!ISHEX (*src))
2261 return FALSE;
2262
2263 @@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *))
2264 /* To the front of the file. */
2265 if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
2266 return FALSE;
2267 +
2268 while (! is_eof)
2269 {
2270 - char src[MAXCHUNK];
2271 + static char src[MAXCHUNK];
2272 char type;
2273
2274 /* Find first '%'. */
2275 --
2276 2.9.3
2277
2278
2279
2280
2281 1.1 src/patchsets/binutils/2.28.1/README.history
2282
2283 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/README.history?rev=1.1&view=markup
2284 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/README.history?rev=1.1&content-type=text/plain
2285
2286 Index: README.history
2287 ===================================================================
2288 1.0 01 Aug 2017
2289 + 00_all_0001-ld-always-warn-about-textrels-in-files.patch
2290 + 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch
2291 + 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch
2292 + 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch
2293 + 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch
2294 + 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch
2295 + 00_all_0007-CVE-2017-8398.patch
2296 + 00_all_0008-CVE-2017-8393.patch
2297 + 00_all_0009-CVE-2017-8394.patch
2298 + 00_all_0010-CVE-2017-8395.patch
2299 + 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch
2300 + 00_all_0012-CVE-2017-8421.patch
2301 + 00_all_0013-CVE-2017-9038.patch
2302 + 00_all_0014-CVE-2017-9039.patch
2303 + 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch
2304 + 00_all_0016-CVE-2017-9041.patch
2305 + 00_all_0017-CVE-2017-7614.patch
2306 + 00_all_0018-CVE-2017-6965.patch
2307 + 00_all_0019-CVE-2017-6966.patch
2308 + 00_all_0020-CVE-2017-6969.patch
2309 + 00_all_0021-fix-out-of-bounds-access-in-elf.c
2310 + 00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch
2311 + 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch
2312 + 00_all_0024-CVE-2017-9742.patch
2313 + 00_all_0025-CVE-2017-9954.patch
Report Message
Find on MARC Find on Google Groups