1 |
tamiko 17/08/02 00:01:36 |
2 |
|
3 |
Added: |
4 |
00_all_0001-ld-always-warn-about-textrels-in-files.patch |
5 |
00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch |
6 |
00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch |
7 |
00_all_0004-gold-ld-enable-gnu-hash-by-default.patch |
8 |
00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch |
9 |
00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch |
10 |
00_all_0007-CVE-2017-8398.patch |
11 |
00_all_0008-CVE-2017-8393.patch |
12 |
00_all_0009-CVE-2017-8394.patch |
13 |
00_all_0010-CVE-2017-8395.patch |
14 |
00_all_0011-CVE-2017-8396-CVE-2017-8397.patch |
15 |
00_all_0012-CVE-2017-8421.patch |
16 |
00_all_0013-CVE-2017-9038.patch |
17 |
00_all_0014-CVE-2017-9039.patch |
18 |
00_all_0015-CVE-2017-9040-CVE-2017-9042.patch |
19 |
00_all_0016-CVE-2017-9041.patch |
20 |
00_all_0017-CVE-2017-7614.patch |
21 |
00_all_0018-CVE-2017-6965.patch |
22 |
00_all_0019-CVE-2017-6966.patch |
23 |
00_all_0020-CVE-2017-6969.patch |
24 |
00_all_0021-fix-out-of-bounds-access-in-elf.c.patch |
25 |
00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch |
26 |
00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch |
27 |
00_all_0024-CVE-2017-9742.patch |
28 |
00_all_0025-CVE-2017-9954.patch README.history |
29 |
Log: |
30 |
2.28.1 patchset 1.0 |
31 |
|
32 |
Revision Changes Path |
33 |
1.1 src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch |
34 |
|
35 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch?rev=1.1&view=markup |
36 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0001-ld-always-warn-about-textrels-in-files.patch?rev=1.1&content-type=text/plain |
37 |
|
38 |
Index: 00_all_0001-ld-always-warn-about-textrels-in-files.patch |
39 |
=================================================================== |
40 |
From bb101959912073f460669d75097215cde7b20019 Mon Sep 17 00:00:00 2001 |
41 |
From: Mike Frysinger <vapier@g.o> |
42 |
Date: Mon, 16 May 2005 22:10:19 -0400 |
43 |
Subject: [PATCH] ld: always warn about textrels in files |
44 |
|
45 |
textrels are bad for forcing copy-on-write (this affects everyone), and for |
46 |
security/runtime code generation, this affects security ppl. But in either |
47 |
case, it doesn't matter who needs textrels, it's the very fact that they're |
48 |
needed at all. |
49 |
--- |
50 |
ld/ldmain.c | 1 + |
51 |
ld/testsuite/lib/ld-lib.exp | 4 ++++ |
52 |
2 files changed, 5 insertions(+) |
53 |
|
54 |
diff --git a/ld/ldmain.c b/ld/ldmain.c |
55 |
index 1e48b1a2dbbc..f634eaa908a5 100644 |
56 |
--- a/ld/ldmain.c |
57 |
+++ b/ld/ldmain.c |
58 |
@@ -294,6 +294,7 @@ main (int argc, char **argv) |
59 |
link_info.dynamic_undefined_weak = -1; |
60 |
link_info.pei386_auto_import = -1; |
61 |
link_info.spare_dynamic_tags = 5; |
62 |
+ link_info.warn_shared_textrel = TRUE; |
63 |
link_info.path_separator = ':'; |
64 |
#ifdef DEFAULT_FLAG_COMPRESS_DEBUG |
65 |
link_info.compress_debug = COMPRESS_DEBUG_GABI_ZLIB; |
66 |
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp |
67 |
index cf7886b4866f..6c6a0b7a001e 100644 |
68 |
--- a/ld/testsuite/lib/ld-lib.exp |
69 |
+++ b/ld/testsuite/lib/ld-lib.exp |
70 |
@@ -250,6 +250,10 @@ proc default_ld_simple_link { ld target objects } { |
71 |
# symbol, since the default linker script might use ENTRY. |
72 |
regsub -all "(^|\n)(\[^\n\]*: warning: cannot find entry symbol\[^\n\]*\n?)" $exec_output "\\1" exec_output |
73 |
|
74 |
+ # Gentoo tweak: |
75 |
+ # We want to ignore TEXTREL warnings since we force enable them by default |
76 |
+ regsub -all "^lt-ld-new: warning: creating a DT_TEXTREL in object\." $exec_output "\\1" exec_output |
77 |
+ |
78 |
return [string match "" $exec_output] |
79 |
} |
80 |
|
81 |
-- |
82 |
2.11.1 |
83 |
|
84 |
|
85 |
|
86 |
|
87 |
1.1 src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch |
88 |
|
89 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch?rev=1.1&view=markup |
90 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch?rev=1.1&content-type=text/plain |
91 |
|
92 |
Index: 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch |
93 |
=================================================================== |
94 |
From 9c3fda8166172bb9fa818bf2b7fec003847393d8 Mon Sep 17 00:00:00 2001 |
95 |
From: Mike Frysinger <vapier@g.o> |
96 |
Date: Mon, 25 May 2015 04:42:58 -0400 |
97 |
Subject: [PATCH] gold/ld: add support for poisoned system directories |
98 |
|
99 |
This is based on the old CodeSourcery patch written by Joseph Myers to add |
100 |
support to the link for detecting & rejecting bad -L paths when using a |
101 |
cross-compiler. The differences here: |
102 |
* The command line flags are always available. |
103 |
* We can turn on & off the warning via the command line. |
104 |
* The configure option controls the default warning behavior. |
105 |
* Add support for gold. |
106 |
|
107 |
It is not currently upstream, nor has it been submitted at all. There are |
108 |
no plans to do so currently either. |
109 |
|
110 |
BUG=chromium:488360 |
111 |
TEST=`cbuildbot chromiumos-sdk` passes # tests arm/amd64/mipsel/x86 |
112 |
TEST=`cbuildbot panther_moblab-full whirlwind-release` pass |
113 |
TEST=`cbuildbot {x32,arm64}-generic-full` has no new failures |
114 |
TEST=x86_64-cros-linux-gnu-ld throws warnings when using -L/lib (gold & bfd) |
115 |
|
116 |
Reviewed-on: https://chromium-review.googlesource.com/272083 |
117 |
--- |
118 |
gold/options.cc | 33 +++++++++++++++++++++++++++++++++ |
119 |
gold/options.h | 7 +++++++ |
120 |
ld/config.in | 3 +++ |
121 |
ld/configure | 14 ++++++++++++++ |
122 |
ld/configure.ac | 10 ++++++++++ |
123 |
ld/ld.h | 7 +++++++ |
124 |
ld/ld.texinfo | 18 ++++++++++++++++++ |
125 |
ld/ldfile.c | 20 ++++++++++++++++++++ |
126 |
ld/ldlex.h | 3 +++ |
127 |
ld/ldmain.c | 7 +++++++ |
128 |
ld/lexsup.c | 24 ++++++++++++++++++++++++ |
129 |
11 files changed, 146 insertions(+) |
130 |
|
131 |
diff --git a/gold/options.cc b/gold/options.cc |
132 |
index ed63b6f04feb..5de289b5dd2e 100644 |
133 |
--- a/gold/options.cc |
134 |
+++ b/gold/options.cc |
135 |
@@ -1285,6 +1285,39 @@ General_options::finalize() |
136 |
// in the path, as appropriate. |
137 |
this->add_sysroot(); |
138 |
|
139 |
+ // Now check if library_path is poisoned. |
140 |
+ if (this->warn_poison_system_directories()) |
141 |
+ { |
142 |
+ std::vector<std::string> bad_paths; |
143 |
+ |
144 |
+ bad_paths.push_back("/lib"); |
145 |
+ // TODO: This check is disabled for now due to a bunch of packages that |
146 |
+ // use libtool and relink with -L/usr/lib paths (albeit after the right |
147 |
+ // sysroot path). Once those are fixed we can enable. |
148 |
+ // We also need to adjust it so it only rejects one or two levels deep. |
149 |
+ // Gcc's internal paths also live below /usr/lib. |
150 |
+ // http://crbug.com/488360 |
151 |
+ // bad_paths.push_back("/usr/lib"); |
152 |
+ bad_paths.push_back("/usr/local/lib"); |
153 |
+ bad_paths.push_back("/usr/X11R6/lib"); |
154 |
+ |
155 |
+ for (std::vector<std::string>::const_iterator b = bad_paths.begin(); |
156 |
+ b != bad_paths.end(); |
157 |
+ ++b) |
158 |
+ for (Dir_list::iterator p = this->library_path_.value.begin(); |
159 |
+ p != this->library_path_.value.end(); |
160 |
+ ++p) |
161 |
+ if (!p->name().compare(0, b->size(), *b)) |
162 |
+ { |
163 |
+ if (this->error_poison_system_directories()) |
164 |
+ gold_fatal(_("library search path \"%s\" is unsafe for " |
165 |
+ "cross-compilation"), p->name().c_str()); |
166 |
+ else |
167 |
+ gold_warning(_("library search path \"%s\" is unsafe for " |
168 |
+ "cross-compilation"), p->name().c_str()); |
169 |
+ } |
170 |
+ } |
171 |
+ |
172 |
// Now that we've normalized the options, check for contradictory ones. |
173 |
if (this->shared() && this->is_static()) |
174 |
gold_fatal(_("-shared and -static are incompatible")); |
175 |
diff --git a/gold/options.h b/gold/options.h |
176 |
index a8b1d46aa109..b7c725a82539 100644 |
177 |
--- a/gold/options.h |
178 |
+++ b/gold/options.h |
179 |
@@ -1344,6 +1344,13 @@ class General_options |
180 |
DEFINE_bool(warn_multiple_gp, options::TWO_DASHES, '\0', false, |
181 |
N_("Ignored"), NULL); |
182 |
|
183 |
+ DEFINE_bool(warn_poison_system_directories, options::TWO_DASHES, '\0', false, |
184 |
+ N_("Warn for -L options using system directories"), |
185 |
+ N_("Do not warn for -L options using system directories")); |
186 |
+ DEFINE_bool(error_poison_system_directories, options::TWO_DASHES, '\0', false, |
187 |
+ N_("Give an error for -L options using system directories"), |
188 |
+ NULL); |
189 |
+ |
190 |
DEFINE_bool(warn_search_mismatch, options::TWO_DASHES, '\0', true, |
191 |
N_("Warn when skipping an incompatible library"), |
192 |
N_("Don't warn when skipping an incompatible library")); |
193 |
diff --git a/ld/config.in b/ld/config.in |
194 |
index 2c6d698b6ce1..d3cb7e882de9 100644 |
195 |
--- a/ld/config.in |
196 |
+++ b/ld/config.in |
197 |
@@ -17,6 +17,9 @@ |
198 |
language is requested. */ |
199 |
#undef ENABLE_NLS |
200 |
|
201 |
+/* Define to warn for use of native system library directories */ |
202 |
+#undef ENABLE_POISON_SYSTEM_DIRECTORIES |
203 |
+ |
204 |
/* Additional extension a shared object might have. */ |
205 |
#undef EXTRA_SHLIB_EXTENSION |
206 |
|
207 |
diff --git a/ld/configure b/ld/configure |
208 |
index 36af9695b1c8..bd1d677e0920 100755 |
209 |
--- a/ld/configure |
210 |
+++ b/ld/configure |
211 |
@@ -789,6 +789,7 @@ with_lib_path |
212 |
enable_targets |
213 |
enable_64_bit_bfd |
214 |
with_sysroot |
215 |
+enable_poison_system_directories |
216 |
enable_gold |
217 |
enable_got |
218 |
enable_compressed_debug_sections |
219 |
@@ -1446,6 +1447,8 @@ Optional Features: |
220 |
--disable-largefile omit support for large files |
221 |
--enable-targets alternative target configurations |
222 |
--enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes) |
223 |
+ --enable-poison-system-directories |
224 |
+ warn for use of native system library directories |
225 |
--enable-gold[=ARG] build gold [ARG={default,yes,no}] |
226 |
--enable-got=<type> GOT handling scheme (target, single, negative, |
227 |
multigot) |
228 |
@@ -15499,7 +15502,18 @@ else |
229 |
fi |
230 |
|
231 |
|
232 |
+# Check whether --enable-poison-system-directories was given. |
233 |
+if test "${enable_poison_system_directories+set}" = set; then : |
234 |
+ enableval=$enable_poison_system_directories; |
235 |
+else |
236 |
+ enable_poison_system_directories=no |
237 |
+fi |
238 |
+ |
239 |
+if test "x${enable_poison_system_directories}" = "xyes"; then |
240 |
|
241 |
+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h |
242 |
+ |
243 |
+fi |
244 |
|
245 |
# Check whether --enable-got was given. |
246 |
if test "${enable_got+set}" = set; then : |
247 |
diff --git a/ld/configure.ac b/ld/configure.ac |
248 |
index 36a9f5083aea..47f1d33fa58c 100644 |
249 |
--- a/ld/configure.ac |
250 |
+++ b/ld/configure.ac |
251 |
@@ -95,6 +95,16 @@ AC_SUBST(use_sysroot) |
252 |
AC_SUBST(TARGET_SYSTEM_ROOT) |
253 |
AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE) |
254 |
|
255 |
+AC_ARG_ENABLE([poison-system-directories], |
256 |
+ AS_HELP_STRING([--enable-poison-system-directories], |
257 |
+ [warn for use of native system library directories]),, |
258 |
+ [enable_poison_system_directories=no]) |
259 |
+if test "x${enable_poison_system_directories}" = "xyes"; then |
260 |
+ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES], |
261 |
+ [1], |
262 |
+ [Define to warn for use of native system library directories]) |
263 |
+fi |
264 |
+ |
265 |
dnl Use --enable-gold to decide if this linker should be the default. |
266 |
dnl "install_as_default" is set to false if gold is the default linker. |
267 |
dnl "installed_linker" is the installed BFD linker name. |
268 |
diff --git a/ld/ld.h b/ld/ld.h |
269 |
index 104bb8e2376b..e1c3f744862d 100644 |
270 |
--- a/ld/ld.h |
271 |
+++ b/ld/ld.h |
272 |
@@ -172,6 +172,13 @@ typedef struct |
273 |
/* If set, display the target memory usage (per memory region). */ |
274 |
bfd_boolean print_memory_usage; |
275 |
|
276 |
+ /* If TRUE warn for uses of system directories when cross linking. */ |
277 |
+ bfd_boolean warn_poison_system_directories; |
278 |
+ |
279 |
+ /* If TRUE (default FALSE) give an error for uses of system |
280 |
+ directories when cross linking instead of a warning. */ |
281 |
+ bfd_boolean error_poison_system_directories; |
282 |
+ |
283 |
/* Big or little endian as set on command line. */ |
284 |
enum endian_enum endian; |
285 |
|
286 |
diff --git a/ld/ld.texinfo b/ld/ld.texinfo |
287 |
index d393acdd9406..8eb156efb8dd 100644 |
288 |
--- a/ld/ld.texinfo |
289 |
+++ b/ld/ld.texinfo |
290 |
@@ -2403,6 +2403,24 @@ string identifying the original linked file does not change. |
291 |
|
292 |
Passing @code{none} for @var{style} disables the setting from any |
293 |
@code{--build-id} options earlier on the command line. |
294 |
+ |
295 |
+@kindex --warn-poison-system-directories |
296 |
+@item --warn-poison-system-directories |
297 |
+Warn for @option{-L} options using system directories such as |
298 |
+@file{/usr/lib} when cross linking. This option is intended for use |
299 |
+in environments that want to detect and reject incorrect link settings. |
300 |
+ |
301 |
+@kindex --no-warn-poison-system-directories |
302 |
+@item --no-warn-poison-system-directories |
303 |
+Do not warn for @option{-L} options using system directories such as |
304 |
+@file{/usr/lib} when cross linking. This option is intended for use |
305 |
+in chroot environments when such directories contain the correct |
306 |
+libraries for the target system rather than the host. |
307 |
+ |
308 |
+@kindex --error-poison-system-directories |
309 |
+@item --error-poison-system-directories |
310 |
+Give an error instead of a warning for @option{-L} options using |
311 |
+system directories when cross linking. |
312 |
@end table |
313 |
|
314 |
@c man end |
315 |
diff --git a/ld/ldfile.c b/ld/ldfile.c |
316 |
index 0943bb2dfa0f..b3bc22469900 100644 |
317 |
--- a/ld/ldfile.c |
318 |
+++ b/ld/ldfile.c |
319 |
@@ -114,6 +114,26 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline) |
320 |
new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL); |
321 |
else |
322 |
new_dirs->name = xstrdup (name); |
323 |
+ |
324 |
+ if (command_line.warn_poison_system_directories |
325 |
+ && (!strncmp (name, "/lib", 4) |
326 |
+ /* TODO: This check is disabled for now due to a bunch of packages that |
327 |
+ * use libtool and relink with -L/usr/lib paths (albeit after the right |
328 |
+ * sysroot path). Once those are fixed we can enable. |
329 |
+ * We also need to adjust it so it only rejects one or two levels deep. |
330 |
+ * Gcc's internal paths also live below /usr/lib. |
331 |
+ * http://crbug.com/488360 */ |
332 |
+ /* || !strncmp (name, "/usr/lib", 8) */ |
333 |
+ || !strncmp (name, "/usr/local/lib", 14) |
334 |
+ || !strncmp (name, "/usr/X11R6/lib", 14))) |
335 |
+ { |
336 |
+ if (command_line.error_poison_system_directories) |
337 |
+ einfo (_("%X%P: error: library search path \"%s\" is unsafe for " |
338 |
+ "cross-compilation\n"), name); |
339 |
+ else |
340 |
+ einfo (_("%P: warning: library search path \"%s\" is unsafe for " |
341 |
+ "cross-compilation\n"), name); |
342 |
+ } |
343 |
} |
344 |
|
345 |
/* Try to open a BFD for a lang_input_statement. */ |
346 |
diff --git a/ld/ldlex.h b/ld/ldlex.h |
347 |
index 3ecac2bc865e..7ed67bae3f23 100644 |
348 |
--- a/ld/ldlex.h |
349 |
+++ b/ld/ldlex.h |
350 |
@@ -141,6 +141,9 @@ enum option_values |
351 |
OPTION_PRINT_OUTPUT_FORMAT, |
352 |
OPTION_PRINT_SYSROOT, |
353 |
OPTION_IGNORE_UNRESOLVED_SYMBOL, |
354 |
+ OPTION_WARN_POISON_SYSTEM_DIRECTORIES, |
355 |
+ OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES, |
356 |
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES, |
357 |
OPTION_PUSH_STATE, |
358 |
OPTION_POP_STATE, |
359 |
OPTION_PRINT_MEMORY_USAGE, |
360 |
diff --git a/ld/ldmain.c b/ld/ldmain.c |
361 |
index f634eaa908a5..bba193355b0d 100644 |
362 |
--- a/ld/ldmain.c |
363 |
+++ b/ld/ldmain.c |
364 |
@@ -270,6 +270,13 @@ main (int argc, char **argv) |
365 |
command_line.warn_mismatch = TRUE; |
366 |
command_line.warn_search_mismatch = TRUE; |
367 |
command_line.check_section_addresses = -1; |
368 |
+ command_line.warn_poison_system_directories = |
369 |
+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES |
370 |
+ TRUE; |
371 |
+#else |
372 |
+ FALSE; |
373 |
+#endif |
374 |
+ command_line.error_poison_system_directories = FALSE; |
375 |
|
376 |
/* We initialize DEMANGLING based on the environment variable |
377 |
COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the |
378 |
diff --git a/ld/lexsup.c b/ld/lexsup.c |
379 |
index 0b7d4976ac90..327b203eeb25 100644 |
380 |
--- a/ld/lexsup.c |
381 |
+++ b/ld/lexsup.c |
382 |
@@ -524,6 +524,18 @@ static const struct ld_option ld_options[] = |
383 |
OPTION_IGNORE_UNRESOLVED_SYMBOL}, |
384 |
'\0', N_("SYMBOL"), |
385 |
N_("Unresolved SYMBOL will not cause an error or warning"), TWO_DASHES }, |
386 |
+ { {"warn-poison-system-directories", no_argument, NULL, |
387 |
+ OPTION_WARN_POISON_SYSTEM_DIRECTORIES}, |
388 |
+ '\0', NULL, N_("Warn for -L options using system directories"), |
389 |
+ TWO_DASHES }, |
390 |
+ { {"no-warn-poison-system-directories", no_argument, NULL, |
391 |
+ OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES}, |
392 |
+ '\0', NULL, N_("Do not warn for -L options using system directories"), |
393 |
+ TWO_DASHES }, |
394 |
+ { {"error-poison-system-directories", no_argument, NULL, |
395 |
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES}, |
396 |
+ '\0', NULL, N_("Give an error for -L options using system directories"), |
397 |
+ TWO_DASHES }, |
398 |
{ {"push-state", no_argument, NULL, OPTION_PUSH_STATE}, |
399 |
'\0', NULL, N_("Push state of flags governing input file handling"), |
400 |
TWO_DASHES }, |
401 |
@@ -1528,6 +1540,18 @@ parse_args (unsigned argc, char **argv) |
402 |
} |
403 |
break; |
404 |
|
405 |
+ case OPTION_WARN_POISON_SYSTEM_DIRECTORIES: |
406 |
+ command_line.warn_poison_system_directories = TRUE; |
407 |
+ break; |
408 |
+ |
409 |
+ case OPTION_NO_WARN_POISON_SYSTEM_DIRECTORIES: |
410 |
+ command_line.warn_poison_system_directories = FALSE; |
411 |
+ break; |
412 |
+ |
413 |
+ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES: |
414 |
+ command_line.error_poison_system_directories = TRUE; |
415 |
+ break; |
416 |
+ |
417 |
case OPTION_PUSH_STATE: |
418 |
input_flags.pushed = xmemdup (&input_flags, |
419 |
sizeof (input_flags), |
420 |
-- |
421 |
2.11.1 |
422 |
|
423 |
|
424 |
|
425 |
|
426 |
1.1 src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch |
427 |
|
428 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch?rev=1.1&view=markup |
429 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch?rev=1.1&content-type=text/plain |
430 |
|
431 |
Index: 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch |
432 |
=================================================================== |
433 |
From da0140fb5c8a9bccd0c66166c8e21cb3e37e2f1d Mon Sep 17 00:00:00 2001 |
434 |
From: Mike Frysinger <vapier@g.o> |
435 |
Date: Fri, 7 Jan 2005 00:15:53 -0500 |
436 |
Subject: [PATCH] ld: enable new dtags by default for linux/gnu targets |
437 |
|
438 |
The "new" dtags options have been around for 14+ years now, so for Linux |
439 |
and GNU targets, enable them by default. |
440 |
|
441 |
2012-01-21 Mike Frysinger <vapier@g.o> |
442 |
|
443 |
* emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set |
444 |
link_info.new_dtags to TRUE for linux/gnu targets. |
445 |
* NEWS: Mention new dtags default. |
446 |
|
447 |
2013-01-22 Roland McGrath <mcgrathr@××××××.com> |
448 |
|
449 |
* emultempl/elf32.em (gld${EMULATION_NAME}_before_parse): Set |
450 |
new_dtags to TRUE for *-*-nacl* targets. |
451 |
--- |
452 |
ld/emultempl/elf32.em | 10 ++++++++++ |
453 |
1 file changed, 10 insertions(+) |
454 |
|
455 |
diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em |
456 |
index 84adaef6dfe1..92b7e4aabd0b 100644 |
457 |
--- a/ld/emultempl/elf32.em |
458 |
+++ b/ld/emultempl/elf32.em |
459 |
@@ -103,6 +103,16 @@ gld${EMULATION_NAME}_before_parse (void) |
460 |
input_flags.dynamic = ${DYNAMIC_LINK-TRUE}; |
461 |
config.has_shared = `if test -n "$GENERATE_SHLIB_SCRIPT" ; then echo TRUE ; else echo FALSE ; fi`; |
462 |
config.separate_code = `if test "x${SEPARATE_CODE}" = xyes ; then echo TRUE ; else echo FALSE ; fi`; |
463 |
+EOF |
464 |
+ |
465 |
+case ${target} in |
466 |
+ *-*-linux-* | *-*-k*bsd*-* | *-*-gnu* | *-*-nacl*) |
467 |
+ fragment <<EOF |
468 |
+ link_info.new_dtags = TRUE; |
469 |
+EOF |
470 |
+ ;; |
471 |
+esac |
472 |
+fragment <<EOF |
473 |
`if test -n "$CALL_NOP_BYTE" ; then echo link_info.call_nop_byte = $CALL_NOP_BYTE; fi`; |
474 |
link_info.check_relocs_after_open_input = `if test "x${CHECK_RELOCS_AFTER_OPEN_INPUT}" = xyes ; then echo TRUE ; else echo FALSE ; fi`; |
475 |
link_info.relro = DEFAULT_LD_Z_RELRO; |
476 |
-- |
477 |
2.11.1 |
478 |
|
479 |
|
480 |
|
481 |
|
482 |
1.1 src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch |
483 |
|
484 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch?rev=1.1&view=markup |
485 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0004-gold-ld-enable-gnu-hash-by-default.patch?rev=1.1&content-type=text/plain |
486 |
|
487 |
Index: 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch |
488 |
=================================================================== |
489 |
From a6c35c40daf508b4f236b870c2b60bfa9b68de9e Mon Sep 17 00:00:00 2001 |
490 |
From: Mike Frysinger <vapier@g.o> |
491 |
Date: Sat, 27 Jan 2007 15:01:08 -0500 |
492 |
Subject: [PATCH] gold/ld: enable gnu hash by default |
493 |
|
494 |
Glibc first added .gnu.hash support to glibc-2.5 (released 29 Sep 2006), |
495 |
and gold was first released after that. Let's default the gnu hash style |
496 |
to the new "gnu" rather than the classic sysv. |
497 |
|
498 |
gold/: |
499 |
2012-02-03 Mike Frysinger <vapier@g.o> |
500 |
|
501 |
* options.h (General_options): Change default to gnu for hash_style. |
502 |
--- |
503 |
gold/options.h | 2 +- |
504 |
ld/emultempl/elf32.em | 13 +++++++++++++ |
505 |
ld/testsuite/lib/ld-lib.exp | 4 ++-- |
506 |
3 files changed, 16 insertions(+), 3 deletions(-) |
507 |
|
508 |
diff --git a/gold/options.h b/gold/options.h |
509 |
index b7c725a82539..ef1756671242 100644 |
510 |
--- a/gold/options.h |
511 |
+++ b/gold/options.h |
512 |
@@ -921,7 +921,7 @@ class General_options |
513 |
N_("Min fraction of empty buckets in dynamic hash"), |
514 |
N_("FRACTION")); |
515 |
|
516 |
- DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "sysv", |
517 |
+ DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "gnu", |
518 |
N_("Dynamic hash style"), N_("[sysv,gnu,both]"), |
519 |
{"sysv", "gnu", "both"}); |
520 |
|
521 |
diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em |
522 |
index 92b7e4aabd0b..ac2090a54eb1 100644 |
523 |
--- a/ld/emultempl/elf32.em |
524 |
+++ b/ld/emultempl/elf32.em |
525 |
@@ -100,6 +100,19 @@ static void |
526 |
gld${EMULATION_NAME}_before_parse (void) |
527 |
{ |
528 |
ldfile_set_output_arch ("${OUTPUT_ARCH}", bfd_arch_`echo ${ARCH} | sed -e 's/:.*//'`); |
529 |
+EOF |
530 |
+# Enable gnu hash by default for Linux (non-mips) targets. |
531 |
+# This has been supported since glibc-2.5. |
532 |
+case ${target} in |
533 |
+ mips*) ;; |
534 |
+ *-*-linux-* | *-*-gnu*) |
535 |
+ fragment <<EOF |
536 |
+ link_info.emit_hash = FALSE; |
537 |
+ link_info.emit_gnu_hash = TRUE; |
538 |
+EOF |
539 |
+ ;; |
540 |
+esac |
541 |
+fragment <<EOF |
542 |
input_flags.dynamic = ${DYNAMIC_LINK-TRUE}; |
543 |
config.has_shared = `if test -n "$GENERATE_SHLIB_SCRIPT" ; then echo TRUE ; else echo FALSE ; fi`; |
544 |
config.separate_code = `if test "x${SEPARATE_CODE}" = xyes ; then echo TRUE ; else echo FALSE ; fi`; |
545 |
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp |
546 |
index 6c6a0b7a001e..53ad4a15e983 100644 |
547 |
--- a/ld/testsuite/lib/ld-lib.exp |
548 |
+++ b/ld/testsuite/lib/ld-lib.exp |
549 |
@@ -147,7 +147,7 @@ proc default_ld_relocate { ld target objects } { |
550 |
global HOSTING_EMU |
551 |
|
552 |
remote_file host delete $target |
553 |
- return [run_host_cmd_yesno "$ld" "$HOSTING_EMU -o $target -r $objects"] |
554 |
+ return [run_host_cmd_yesno "$ld" "$HOSTING_EMU --hash-style=sysv -o $target -r $objects"] |
555 |
} |
556 |
|
557 |
# Check to see if ld is being invoked with a non-endian output format |
558 |
@@ -228,7 +228,7 @@ proc default_ld_link { ld target objects } { |
559 |
|
560 |
remote_file host delete $target |
561 |
|
562 |
- return [run_host_cmd_yesno "$ld" "$HOSTING_EMU $flags -o $target $objs $libs"] |
563 |
+ return [run_host_cmd_yesno "$ld" "$HOSTING_EMU --hash-style=sysv $flags -o $target $objs $libs"] |
564 |
} |
565 |
|
566 |
# Link a program using ld, without including any libraries. |
567 |
-- |
568 |
2.11.1 |
569 |
|
570 |
|
571 |
|
572 |
|
573 |
1.1 src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch |
574 |
|
575 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch?rev=1.1&view=markup |
576 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch?rev=1.1&content-type=text/plain |
577 |
|
578 |
Index: 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch |
579 |
=================================================================== |
580 |
From bb4bd6b89365800a7b403ce505401d0c02ad02f8 Mon Sep 17 00:00:00 2001 |
581 |
From: Mike Frysinger <vapier@g.o> |
582 |
Date: Fri, 7 Jan 2005 00:15:53 -0500 |
583 |
Subject: [PATCH] libiberty: install PIC version of libiberty.a |
584 |
|
585 |
This will install a PIC version of libiberty.a by overwriting the non-PIC |
586 |
version of libiberty.a while compiling. We do this because there is no |
587 |
shared version of libiberty for random apps to link against which means if |
588 |
someone wants to use this in a shared library or PIE, they're out of luck. |
589 |
It's arguable whether people should be able to use this in a shared lib, |
590 |
but usage in PIE should be fine. You could argue that this penalizes the |
591 |
non-PIE users, but the counter point is that people using this library in |
592 |
general are fairly low, and we'd rather have things work for all of them. |
593 |
--- |
594 |
libiberty/Makefile.in | 1 + |
595 |
1 file changed, 1 insertion(+) |
596 |
|
597 |
diff --git a/libiberty/Makefile.in b/libiberty/Makefile.in |
598 |
index 0ff9e45e45ef..55a70330ffb8 100644 |
599 |
--- a/libiberty/Makefile.in |
600 |
+++ b/libiberty/Makefile.in |
601 |
@@ -256,6 +256,7 @@ $(TARGETLIB): $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS) |
602 |
$(AR) $(AR_FLAGS) $(TARGETLIB) \ |
603 |
$(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS); \ |
604 |
$(RANLIB) $(TARGETLIB); \ |
605 |
+ cp $(TARGETLIB) ../ ; \ |
606 |
cd ..; \ |
607 |
else true; fi; \ |
608 |
if [ x"$(NOASANFLAG)" != x ]; then \ |
609 |
-- |
610 |
2.11.1 |
611 |
|
612 |
|
613 |
|
614 |
|
615 |
1.1 src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch |
616 |
|
617 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch?rev=1.1&view=markup |
618 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch?rev=1.1&content-type=text/plain |
619 |
|
620 |
Index: 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch |
621 |
=================================================================== |
622 |
From 561d984aa3a3b99bbd9c6ddf6ba08dadd107d62c Mon Sep 17 00:00:00 2001 |
623 |
From: Mike Frysinger <vapier@g.o> |
624 |
Date: Tue, 5 Jul 2016 20:24:00 +0545 |
625 |
Subject: [PATCH] opcodes: link against libbfd.la for rpath deps |
626 |
|
627 |
The reason opcodes doesn't link against libbfd.la is to workaround a |
628 |
libtool bug where it uses installed -L paths ahead of DESTDIR paths. |
629 |
The downside is that the library itself lacks rpath tags to find the |
630 |
right version of libbfd.so. |
631 |
|
632 |
Since Gentoo has patched the libtool bug for a while, we don't need |
633 |
the workaround. Use the .la file so we get the rpath tags. |
634 |
|
635 |
URL: https://bugs.gentoo.org/563934 |
636 |
--- |
637 |
opcodes/configure | 2 +- |
638 |
opcodes/configure.ac | 2 +- |
639 |
2 files changed, 2 insertions(+), 2 deletions(-) |
640 |
|
641 |
diff --git a/opcodes/configure b/opcodes/configure |
642 |
index be87eb22a5f0..19528bef6906 100755 |
643 |
--- a/opcodes/configure |
644 |
+++ b/opcodes/configure |
645 |
@@ -12561,7 +12561,7 @@ if test "$enable_shared" = "yes"; then |
646 |
SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.sl ${SHARED_LIBADD}" |
647 |
;; |
648 |
*) |
649 |
- SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.so ${SHARED_LIBADD}" |
650 |
+ SHARED_LIBADD="../bfd/libbfd.la ${SHARED_LIBADD}" |
651 |
;; |
652 |
esac |
653 |
SHARED_DEPENDENCIES="../bfd/libbfd.la" |
654 |
diff --git a/opcodes/configure.ac b/opcodes/configure.ac |
655 |
index b9f5eb8a4fdf..b5ff57a341ea 100644 |
656 |
--- a/opcodes/configure.ac |
657 |
+++ b/opcodes/configure.ac |
658 |
@@ -185,7 +185,7 @@ changequote([,])dnl |
659 |
SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.sl ${SHARED_LIBADD}" |
660 |
;; |
661 |
*) |
662 |
- SHARED_LIBADD="-Wl,`pwd`/../bfd/.libs/libbfd.so ${SHARED_LIBADD}" |
663 |
+ SHARED_LIBADD="../bfd/libbfd.la ${SHARED_LIBADD}" |
664 |
;; |
665 |
esac |
666 |
SHARED_DEPENDENCIES="../bfd/libbfd.la" |
667 |
-- |
668 |
2.11.1 |
669 |
|
670 |
|
671 |
|
672 |
|
673 |
1.1 src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch |
674 |
|
675 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch?rev=1.1&view=markup |
676 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0007-CVE-2017-8398.patch?rev=1.1&content-type=text/plain |
677 |
|
678 |
Index: 00_all_0007-CVE-2017-8398.patch |
679 |
=================================================================== |
680 |
From 9e7b0cc09e3b8a9db2fdab786894757b7e1aab4c Mon Sep 17 00:00:00 2001 |
681 |
From: Matthias Maier <tamiko@××××.org> |
682 |
Date: Tue, 6 Jun 2017 16:07:32 -0500 |
683 |
Subject: [PATCH 01/10] CVE-2017-8398 |
684 |
|
685 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 |
686 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618514 |
687 |
--- |
688 |
binutils/dwarf.c | 52 ++++++++++++++++++++++++++++++++++++++-------------- |
689 |
1 file changed, 38 insertions(+), 14 deletions(-) |
690 |
|
691 |
diff --git a/binutils/dwarf.c b/binutils/dwarf.c |
692 |
index 0184a7a..05efa6e 100644 |
693 |
--- a/binutils/dwarf.c |
694 |
+++ b/binutils/dwarf.c |
695 |
@@ -473,15 +473,20 @@ process_extended_line_op (unsigned char * data, |
696 |
printf (_(" Entry\tDir\tTime\tSize\tName\n")); |
697 |
printf (" %d\t", ++state_machine_regs.last_file_entry); |
698 |
|
699 |
- name = data; |
700 |
- data += strnlen ((char *) data, end - data) + 1; |
701 |
- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
702 |
- data += bytes_read; |
703 |
- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
704 |
- data += bytes_read; |
705 |
- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
706 |
- data += bytes_read; |
707 |
- printf ("%s\n\n", name); |
708 |
+ { |
709 |
+ size_t l; |
710 |
+ |
711 |
+ name = data; |
712 |
+ l = strnlen ((char *) data, end - data); |
713 |
+ data += len + 1; |
714 |
+ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
715 |
+ data += bytes_read; |
716 |
+ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
717 |
+ data += bytes_read; |
718 |
+ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read, end))); |
719 |
+ data += bytes_read; |
720 |
+ printf ("%.*s\n\n", (int) l, name); |
721 |
+ } |
722 |
|
723 |
if (((unsigned int) (data - orig_data) != len) || data == end) |
724 |
warn (_("DW_LNE_define_file: Bad opcode length\n")); |
725 |
@@ -598,18 +603,28 @@ static const unsigned char * |
726 |
fetch_indirect_string (dwarf_vma offset) |
727 |
{ |
728 |
struct dwarf_section *section = &debug_displays [str].section; |
729 |
+ const unsigned char * ret; |
730 |
|
731 |
if (section->start == NULL) |
732 |
return (const unsigned char *) _("<no .debug_str section>"); |
733 |
|
734 |
- if (offset > section->size) |
735 |
+ if (offset >= section->size) |
736 |
{ |
737 |
warn (_("DW_FORM_strp offset too big: %s\n"), |
738 |
dwarf_vmatoa ("x", offset)); |
739 |
return (const unsigned char *) _("<offset is too big>"); |
740 |
} |
741 |
|
742 |
- return (const unsigned char *) section->start + offset; |
743 |
+ ret = section->start + offset; |
744 |
+ /* Unfortunately we cannot rely upon the .debug_str section ending with a |
745 |
+ NUL byte. Since our caller is expecting to receive a well formed C |
746 |
+ string we test for the lack of a terminating byte here. */ |
747 |
+ if (strnlen ((const char *) ret, section->size - offset) |
748 |
+ == section->size - offset) |
749 |
+ ret = (const unsigned char *) |
750 |
+ _("<no NUL byte at end of .debug_str section>"); |
751 |
+ |
752 |
+ return ret; |
753 |
} |
754 |
|
755 |
static const char * |
756 |
@@ -622,6 +637,7 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set, |
757 |
struct dwarf_section *str_section = &debug_displays [str_sec_idx].section; |
758 |
dwarf_vma index_offset = idx * offset_size; |
759 |
dwarf_vma str_offset; |
760 |
+ const char * ret; |
761 |
|
762 |
if (index_section->start == NULL) |
763 |
return (dwo ? _("<no .debug_str_offsets.dwo section>") |
764 |
@@ -629,7 +645,7 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set, |
765 |
|
766 |
if (this_set != NULL) |
767 |
index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS]; |
768 |
- if (index_offset > index_section->size) |
769 |
+ if (index_offset >= index_section->size) |
770 |
{ |
771 |
warn (_("DW_FORM_GNU_str_index offset too big: %s\n"), |
772 |
dwarf_vmatoa ("x", index_offset)); |
773 |
@@ -642,14 +658,22 @@ fetch_indexed_string (dwarf_vma idx, struct cu_tu_set *this_set, |
774 |
|
775 |
str_offset = byte_get (index_section->start + index_offset, offset_size); |
776 |
str_offset -= str_section->address; |
777 |
- if (str_offset > str_section->size) |
778 |
+ if (str_offset >= str_section->size) |
779 |
{ |
780 |
warn (_("DW_FORM_GNU_str_index indirect offset too big: %s\n"), |
781 |
dwarf_vmatoa ("x", str_offset)); |
782 |
return _("<indirect index offset is too big>"); |
783 |
} |
784 |
|
785 |
- return (const char *) str_section->start + str_offset; |
786 |
+ ret = (const char *) str_section->start + str_offset; |
787 |
+ /* Unfortunately we cannot rely upon str_section ending with a NUL byte. |
788 |
+ Since our caller is expecting to receive a well formed C string we test |
789 |
+ for the lack of a terminating byte here. */ |
790 |
+ if (strnlen (ret, str_section->size - str_offset) |
791 |
+ == str_section->size - str_offset) |
792 |
+ ret = (const char *) _("<no NUL byte at end of section>"); |
793 |
+ |
794 |
+ return ret; |
795 |
} |
796 |
|
797 |
static const char * |
798 |
-- |
799 |
2.13.0 |
800 |
|
801 |
|
802 |
|
803 |
|
804 |
1.1 src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch |
805 |
|
806 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch?rev=1.1&view=markup |
807 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0008-CVE-2017-8393.patch?rev=1.1&content-type=text/plain |
808 |
|
809 |
Index: 00_all_0008-CVE-2017-8393.patch |
810 |
=================================================================== |
811 |
From 86b4e5aeedbcf022e4d02810b48cb3e1a9d52d32 Mon Sep 17 00:00:00 2001 |
812 |
From: Matthias Maier <tamiko@××××.org> |
813 |
Date: Tue, 6 Jun 2017 16:13:05 -0500 |
814 |
Subject: [PATCH 02/10] CVE-2017-8393 |
815 |
|
816 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 |
817 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618516 |
818 |
--- |
819 |
bfd/elf-bfd.h | 8 ++++--- |
820 |
bfd/elf.c | 61 +++++++++++++++++++++++++++++++----------------------- |
821 |
bfd/elf64-ppc.c | 1 + |
822 |
bfd/elfxx-target.h | 2 +- |
823 |
4 files changed, 42 insertions(+), 30 deletions(-) |
824 |
|
825 |
diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h |
826 |
index 5de9ab6..366660a 100644 |
827 |
--- a/bfd/elf-bfd.h |
828 |
+++ b/bfd/elf-bfd.h |
829 |
@@ -1322,8 +1322,10 @@ struct elf_backend_data |
830 |
bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec, |
831 |
bfd_vma *code_off); |
832 |
|
833 |
- /* Return the section which RELOC_SEC applies to. */ |
834 |
- asection *(*get_reloc_section) (asection *reloc_sec); |
835 |
+ /* Given NAME, the name of a relocation section stripped of its |
836 |
+ .rel/.rela prefix, return the section in ABFD to which the |
837 |
+ relocations apply. */ |
838 |
+ asection *(*get_reloc_section) (bfd *abfd, const char *name); |
839 |
|
840 |
/* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which |
841 |
has a type >= SHT_LOOS. Returns TRUE if the fields were initialised, |
842 |
@@ -2392,7 +2394,7 @@ extern bfd_boolean _bfd_elf_is_function_type (unsigned int); |
843 |
extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *, |
844 |
bfd_vma *); |
845 |
|
846 |
-extern asection *_bfd_elf_get_reloc_section (asection *); |
847 |
+extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *); |
848 |
|
849 |
extern int bfd_elf_get_default_section_type (flagword); |
850 |
|
851 |
diff --git a/bfd/elf.c b/bfd/elf.c |
852 |
index 94726ba..4ddcb1f 100644 |
853 |
--- a/bfd/elf.c |
854 |
+++ b/bfd/elf.c |
855 |
@@ -3532,17 +3532,39 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) |
856 |
H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); |
857 |
} |
858 |
|
859 |
-/* Return the section which RELOC_SEC applies to. */ |
860 |
+/* Given NAME, the name of a relocation section stripped of its |
861 |
+ .rel/.rela prefix, return the section in ABFD to which the |
862 |
+ relocations apply. */ |
863 |
|
864 |
asection * |
865 |
-_bfd_elf_get_reloc_section (asection *reloc_sec) |
866 |
+_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name) |
867 |
+{ |
868 |
+ /* If a target needs .got.plt section, relocations in rela.plt/rel.plt |
869 |
+ section likely apply to .got.plt or .got section. */ |
870 |
+ if (get_elf_backend_data (abfd)->want_got_plt |
871 |
+ && strcmp (name, ".plt") == 0) |
872 |
+ { |
873 |
+ asection *sec; |
874 |
+ |
875 |
+ name = ".got.plt"; |
876 |
+ sec = bfd_get_section_by_name (abfd, name); |
877 |
+ if (sec != NULL) |
878 |
+ return sec; |
879 |
+ name = ".got"; |
880 |
+ } |
881 |
+ |
882 |
+ return bfd_get_section_by_name (abfd, name); |
883 |
+} |
884 |
+ |
885 |
+/* Return the section to which RELOC_SEC applies. */ |
886 |
+ |
887 |
+static asection * |
888 |
+elf_get_reloc_section (asection *reloc_sec) |
889 |
{ |
890 |
const char *name; |
891 |
unsigned int type; |
892 |
bfd *abfd; |
893 |
- |
894 |
- if (reloc_sec == NULL) |
895 |
- return NULL; |
896 |
+ const struct elf_backend_data *bed; |
897 |
|
898 |
type = elf_section_data (reloc_sec)->this_hdr.sh_type; |
899 |
if (type != SHT_REL && type != SHT_RELA) |
900 |
@@ -3550,28 +3572,15 @@ _bfd_elf_get_reloc_section (asection *reloc_sec) |
901 |
|
902 |
/* We look up the section the relocs apply to by name. */ |
903 |
name = reloc_sec->name; |
904 |
- if (type == SHT_REL) |
905 |
- name += 4; |
906 |
- else |
907 |
- name += 5; |
908 |
+ if (strncmp (name, ".rel", 4) != 0) |
909 |
+ return NULL; |
910 |
+ name += 4; |
911 |
+ if (type == SHT_RELA && *name++ != 'a') |
912 |
+ return NULL; |
913 |
|
914 |
- /* If a target needs .got.plt section, relocations in rela.plt/rel.plt |
915 |
- section apply to .got.plt section. */ |
916 |
abfd = reloc_sec->owner; |
917 |
- if (get_elf_backend_data (abfd)->want_got_plt |
918 |
- && strcmp (name, ".plt") == 0) |
919 |
- { |
920 |
- /* .got.plt is a linker created input section. It may be mapped |
921 |
- to some other output section. Try two likely sections. */ |
922 |
- name = ".got.plt"; |
923 |
- reloc_sec = bfd_get_section_by_name (abfd, name); |
924 |
- if (reloc_sec != NULL) |
925 |
- return reloc_sec; |
926 |
- name = ".got"; |
927 |
- } |
928 |
- |
929 |
- reloc_sec = bfd_get_section_by_name (abfd, name); |
930 |
- return reloc_sec; |
931 |
+ bed = get_elf_backend_data (abfd); |
932 |
+ return bed->get_reloc_section (abfd, name); |
933 |
} |
934 |
|
935 |
/* Assign all ELF section numbers. The dummy first section is handled here |
936 |
@@ -3833,7 +3842,7 @@ assign_section_numbers (bfd *abfd, struct bfd_link_info *link_info) |
937 |
if (s != NULL) |
938 |
d->this_hdr.sh_link = elf_section_data (s)->this_idx; |
939 |
|
940 |
- s = get_elf_backend_data (abfd)->get_reloc_section (sec); |
941 |
+ s = elf_get_reloc_section (sec); |
942 |
if (s != NULL) |
943 |
{ |
944 |
d->this_hdr.sh_info = elf_section_data (s)->this_idx; |
945 |
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c |
946 |
index e7d4792..81eccd8 100644 |
947 |
--- a/bfd/elf64-ppc.c |
948 |
+++ b/bfd/elf64-ppc.c |
949 |
@@ -121,6 +121,7 @@ static bfd_vma opd_entry_value |
950 |
#define elf_backend_special_sections ppc64_elf_special_sections |
951 |
#define elf_backend_merge_symbol_attribute ppc64_elf_merge_symbol_attribute |
952 |
#define elf_backend_merge_symbol ppc64_elf_merge_symbol |
953 |
+#define elf_backend_get_reloc_section bfd_get_section_by_name |
954 |
|
955 |
/* The name of the dynamic interpreter. This is put in the .interp |
956 |
section. */ |
957 |
diff --git a/bfd/elfxx-target.h b/bfd/elfxx-target.h |
958 |
index d063fb7..ad8c5d9 100644 |
959 |
--- a/bfd/elfxx-target.h |
960 |
+++ b/bfd/elfxx-target.h |
961 |
@@ -706,7 +706,7 @@ |
962 |
#endif |
963 |
|
964 |
#ifndef elf_backend_get_reloc_section |
965 |
-#define elf_backend_get_reloc_section _bfd_elf_get_reloc_section |
966 |
+#define elf_backend_get_reloc_section _bfd_elf_plt_get_reloc_section |
967 |
#endif |
968 |
|
969 |
#ifndef elf_backend_copy_special_section_fields |
970 |
-- |
971 |
2.13.0 |
972 |
|
973 |
|
974 |
|
975 |
|
976 |
1.1 src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch |
977 |
|
978 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch?rev=1.1&view=markup |
979 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0009-CVE-2017-8394.patch?rev=1.1&content-type=text/plain |
980 |
|
981 |
Index: 00_all_0009-CVE-2017-8394.patch |
982 |
=================================================================== |
983 |
From d33b8e5e50b3eb33313e3c61039cf93d31e840b9 Mon Sep 17 00:00:00 2001 |
984 |
From: Matthias Maier <tamiko@××××.org> |
985 |
Date: Tue, 6 Jun 2017 16:15:05 -0500 |
986 |
Subject: [PATCH 03/10] CVE-2017-8394 |
987 |
|
988 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=618516 |
989 |
[2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2 |
990 |
--- |
991 |
bfd/bfd-in2.h | 12 ++++++++++++ |
992 |
bfd/elf.c | 6 ++++-- |
993 |
bfd/section.c | 24 ++++++++++++------------ |
994 |
3 files changed, 28 insertions(+), 14 deletions(-) |
995 |
|
996 |
diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h |
997 |
index 6288c3b..44e8711 100644 |
998 |
--- a/bfd/bfd-in2.h |
999 |
+++ b/bfd/bfd-in2.h |
1000 |
@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4]; |
1001 |
{ NULL }, { NULL } \ |
1002 |
} |
1003 |
|
1004 |
+/* We use a macro to initialize the static asymbol structures because |
1005 |
+ traditional C does not permit us to initialize a union member while |
1006 |
+ gcc warns if we don't initialize it. |
1007 |
+ the_bfd, name, value, attr, section [, udata] */ |
1008 |
+#ifdef __STDC__ |
1009 |
+#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1010 |
+ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
1011 |
+#else |
1012 |
+#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1013 |
+ { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
1014 |
+#endif |
1015 |
+ |
1016 |
void bfd_section_list_clear (bfd *); |
1017 |
|
1018 |
asection *bfd_get_section_by_name (bfd *abfd, const char *name); |
1019 |
diff --git a/bfd/elf.c b/bfd/elf.c |
1020 |
index 4ddcb1f..22c199a 100644 |
1021 |
--- a/bfd/elf.c |
1022 |
+++ b/bfd/elf.c |
1023 |
@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd, |
1024 |
|
1025 |
/* It is only used by x86-64 so far. |
1026 |
??? This repeats *COM* id of zero. sec->id is supposed to be unique, |
1027 |
- but current usage would allow all of _bfd_std_section to be zero. t*/ |
1028 |
+ but current usage would allow all of _bfd_std_section to be zero. */ |
1029 |
+static const asymbol lcomm_sym |
1030 |
+ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section); |
1031 |
asection _bfd_elf_large_com_section |
1032 |
- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL, |
1033 |
+ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, &lcomm_sym, |
1034 |
"LARGE_COMMON", 0, SEC_IS_COMMON); |
1035 |
|
1036 |
void |
1037 |
diff --git a/bfd/section.c b/bfd/section.c |
1038 |
index 4b3cf6a..28eee7f 100644 |
1039 |
--- a/bfd/section.c |
1040 |
+++ b/bfd/section.c |
1041 |
@@ -738,20 +738,20 @@ CODE_FRAGMENT |
1042 |
. { NULL }, { NULL } \ |
1043 |
. } |
1044 |
. |
1045 |
+.{* We use a macro to initialize the static asymbol structures because |
1046 |
+. traditional C does not permit us to initialize a union member while |
1047 |
+. gcc warns if we don't initialize it. |
1048 |
+. the_bfd, name, value, attr, section [, udata] *} |
1049 |
+.#ifdef __STDC__ |
1050 |
+.#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1051 |
+. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
1052 |
+.#else |
1053 |
+.#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1054 |
+. { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
1055 |
+.#endif |
1056 |
+. |
1057 |
*/ |
1058 |
|
1059 |
-/* We use a macro to initialize the static asymbol structures because |
1060 |
- traditional C does not permit us to initialize a union member while |
1061 |
- gcc warns if we don't initialize it. */ |
1062 |
- /* the_bfd, name, value, attr, section [, udata] */ |
1063 |
-#ifdef __STDC__ |
1064 |
-#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1065 |
- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }} |
1066 |
-#else |
1067 |
-#define GLOBAL_SYM_INIT(NAME, SECTION) \ |
1068 |
- { 0, NAME, 0, BSF_SECTION_SYM, SECTION } |
1069 |
-#endif |
1070 |
- |
1071 |
/* These symbols are global, not specific to any BFD. Therefore, anything |
1072 |
that tries to change them is broken, and should be repaired. */ |
1073 |
|
1074 |
-- |
1075 |
2.13.0 |
1076 |
|
1077 |
|
1078 |
|
1079 |
|
1080 |
1.1 src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch |
1081 |
|
1082 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch?rev=1.1&view=markup |
1083 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0010-CVE-2017-8395.patch?rev=1.1&content-type=text/plain |
1084 |
|
1085 |
Index: 00_all_0010-CVE-2017-8395.patch |
1086 |
=================================================================== |
1087 |
From a5e7c6c6fcc0aa2ad70a7b02c928f2b075140a5e Mon Sep 17 00:00:00 2001 |
1088 |
From: Matthias Maier <tamiko@××××.org> |
1089 |
Date: Tue, 6 Jun 2017 16:16:39 -0500 |
1090 |
Subject: [PATCH 04/10] CVE-2017-8395 |
1091 |
|
1092 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=618516 |
1093 |
[2] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 |
1094 |
--- |
1095 |
bfd/compress.c | 19 +++++++++---------- |
1096 |
1 file changed, 9 insertions(+), 10 deletions(-) |
1097 |
|
1098 |
diff --git a/bfd/compress.c b/bfd/compress.c |
1099 |
index 1ed7d74..4a2d98a 100644 |
1100 |
--- a/bfd/compress.c |
1101 |
+++ b/bfd/compress.c |
1102 |
@@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *abfd, sec_ptr sec) |
1103 |
{ |
1104 |
bfd_size_type uncompressed_size; |
1105 |
bfd_byte *uncompressed_buffer; |
1106 |
- bfd_boolean ret; |
1107 |
|
1108 |
/* Error if not opened for read. */ |
1109 |
if (abfd->direction != read_direction |
1110 |
@@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *abfd, sec_ptr sec) |
1111 |
/* Read in the full section contents and compress it. */ |
1112 |
uncompressed_size = sec->size; |
1113 |
uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size); |
1114 |
+ /* PR 21431 */ |
1115 |
+ if (uncompressed_buffer == NULL) |
1116 |
+ return FALSE; |
1117 |
+ |
1118 |
if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer, |
1119 |
0, uncompressed_size)) |
1120 |
- ret = FALSE; |
1121 |
- else |
1122 |
- { |
1123 |
- uncompressed_size = bfd_compress_section_contents (abfd, sec, |
1124 |
- uncompressed_buffer, |
1125 |
- uncompressed_size); |
1126 |
- ret = uncompressed_size != 0; |
1127 |
- } |
1128 |
+ return FALSE; |
1129 |
|
1130 |
- return ret; |
1131 |
+ uncompressed_size = bfd_compress_section_contents (abfd, sec, |
1132 |
+ uncompressed_buffer, |
1133 |
+ uncompressed_size); |
1134 |
+ return uncompressed_size != 0; |
1135 |
} |
1136 |
|
1137 |
/* |
1138 |
-- |
1139 |
2.13.0 |
1140 |
|
1141 |
|
1142 |
|
1143 |
|
1144 |
1.1 src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch |
1145 |
|
1146 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch?rev=1.1&view=markup |
1147 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0011-CVE-2017-8396-CVE-2017-8397.patch?rev=1.1&content-type=text/plain |
1148 |
|
1149 |
Index: 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch |
1150 |
=================================================================== |
1151 |
From b3ef1a9331f8eaf178084393f1525ab9150c39d8 Mon Sep 17 00:00:00 2001 |
1152 |
From: Matthias Maier <tamiko@××××.org> |
1153 |
Date: Tue, 6 Jun 2017 16:20:20 -0500 |
1154 |
Subject: [PATCH 05/10] CVE-2017-8396, CVE-2017-8397 |
1155 |
|
1156 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 |
1157 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab |
1158 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618516 |
1159 |
--- |
1160 |
bfd/reloc.c | 29 ++++++++++++++++++++--------- |
1161 |
1 file changed, 20 insertions(+), 9 deletions(-) |
1162 |
|
1163 |
diff --git a/bfd/reloc.c b/bfd/reloc.c |
1164 |
index 9021a52..80986b3 100644 |
1165 |
--- a/bfd/reloc.c |
1166 |
+++ b/bfd/reloc.c |
1167 |
@@ -538,6 +538,22 @@ bfd_check_overflow (enum complain_overflow how, |
1168 |
return flag; |
1169 |
} |
1170 |
|
1171 |
+/* HOWTO describes a relocation, at offset OCTET. Return whether the |
1172 |
+ relocation field is within SECTION of ABFD. */ |
1173 |
+ |
1174 |
+static bfd_boolean |
1175 |
+reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd, |
1176 |
+ asection *section, bfd_size_type octet) |
1177 |
+{ |
1178 |
+ bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section); |
1179 |
+ bfd_size_type reloc_size = bfd_get_reloc_size (howto); |
1180 |
+ |
1181 |
+ /* The reloc field must be contained entirely within the section. |
1182 |
+ Allow zero length fields (marker relocs or NONE relocs where no |
1183 |
+ relocation will be performed) at the end of the section. */ |
1184 |
+ return octet <= octet_end && octet + reloc_size <= octet_end; |
1185 |
+} |
1186 |
+ |
1187 |
/* |
1188 |
FUNCTION |
1189 |
bfd_perform_relocation |
1190 |
@@ -619,12 +635,9 @@ bfd_perform_relocation (bfd *abfd, |
1191 |
if (howto == NULL) |
1192 |
return bfd_reloc_undefined; |
1193 |
|
1194 |
- /* Is the address of the relocation really within the section? |
1195 |
- Include the size of the reloc in the test for out of range addresses. |
1196 |
- PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */ |
1197 |
+ /* Is the address of the relocation really within the section? */ |
1198 |
octets = reloc_entry->address * bfd_octets_per_byte (abfd); |
1199 |
- if (octets + bfd_get_reloc_size (howto) |
1200 |
- > bfd_get_section_limit_octets (abfd, input_section)) |
1201 |
+ if (!reloc_offset_in_range (howto, abfd, input_section, octets)) |
1202 |
return bfd_reloc_outofrange; |
1203 |
|
1204 |
/* Work out which section the relocation is targeted at and the |
1205 |
@@ -1012,8 +1025,7 @@ bfd_install_relocation (bfd *abfd, |
1206 |
|
1207 |
/* Is the address of the relocation really within the section? */ |
1208 |
octets = reloc_entry->address * bfd_octets_per_byte (abfd); |
1209 |
- if (octets + bfd_get_reloc_size (howto) |
1210 |
- > bfd_get_section_limit_octets (abfd, input_section)) |
1211 |
+ if (!reloc_offset_in_range (howto, abfd, input_section, octets)) |
1212 |
return bfd_reloc_outofrange; |
1213 |
|
1214 |
/* Work out which section the relocation is targeted at and the |
1215 |
@@ -1351,8 +1363,7 @@ _bfd_final_link_relocate (reloc_howto_type *howto, |
1216 |
bfd_size_type octets = address * bfd_octets_per_byte (input_bfd); |
1217 |
|
1218 |
/* Sanity check the address. */ |
1219 |
- if (octets + bfd_get_reloc_size (howto) |
1220 |
- > bfd_get_section_limit_octets (input_bfd, input_section)) |
1221 |
+ if (!reloc_offset_in_range (howto, input_bfd, input_section, octets)) |
1222 |
return bfd_reloc_outofrange; |
1223 |
|
1224 |
/* This function assumes that we are dealing with a basic relocation |
1225 |
-- |
1226 |
2.13.0 |
1227 |
|
1228 |
|
1229 |
|
1230 |
|
1231 |
1.1 src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch |
1232 |
|
1233 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch?rev=1.1&view=markup |
1234 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0012-CVE-2017-8421.patch?rev=1.1&content-type=text/plain |
1235 |
|
1236 |
Index: 00_all_0012-CVE-2017-8421.patch |
1237 |
=================================================================== |
1238 |
From a25bb8053a025a07741c4798720dc186800792da Mon Sep 17 00:00:00 2001 |
1239 |
From: Matthias Maier <tamiko@××××.org> |
1240 |
Date: Tue, 6 Jun 2017 16:27:20 -0500 |
1241 |
Subject: [PATCH 06/10] CVE-2017-8421 |
1242 |
|
1243 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb |
1244 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618520 |
1245 |
--- |
1246 |
binutils/objdump.c | 8 ++++++++ |
1247 |
1 file changed, 8 insertions(+) |
1248 |
|
1249 |
diff --git a/binutils/objdump.c b/binutils/objdump.c |
1250 |
index f61968b..0ec31f2 100644 |
1251 |
--- a/binutils/objdump.c |
1252 |
+++ b/binutils/objdump.c |
1253 |
@@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd, |
1254 |
return; |
1255 |
} |
1256 |
|
1257 |
+ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0 |
1258 |
+ && relsize > get_file_size (bfd_get_filename (abfd))) |
1259 |
+ { |
1260 |
+ printf (" (too many: 0x%x)\n", section->reloc_count); |
1261 |
+ bfd_set_error (bfd_error_file_truncated); |
1262 |
+ bfd_fatal (bfd_get_filename (abfd)); |
1263 |
+ } |
1264 |
+ |
1265 |
relpp = (arelent **) xmalloc (relsize); |
1266 |
relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms); |
1267 |
|
1268 |
-- |
1269 |
2.13.0 |
1270 |
|
1271 |
|
1272 |
|
1273 |
|
1274 |
1.1 src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch |
1275 |
|
1276 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch?rev=1.1&view=markup |
1277 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0013-CVE-2017-9038.patch?rev=1.1&content-type=text/plain |
1278 |
|
1279 |
Index: 00_all_0013-CVE-2017-9038.patch |
1280 |
=================================================================== |
1281 |
From 02debfb464c87f7981db56e2d3e0372c8060c112 Mon Sep 17 00:00:00 2001 |
1282 |
From: Matthias Maier <tamiko@××××.org> |
1283 |
Date: Tue, 6 Jun 2017 16:29:36 -0500 |
1284 |
Subject: [PATCH 07/10] CVE-2017-9038 |
1285 |
|
1286 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d |
1287 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618826 |
1288 |
--- |
1289 |
binutils/readelf.c | 6 +++--- |
1290 |
1 file changed, 3 insertions(+), 3 deletions(-) |
1291 |
|
1292 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1293 |
index 8dca490..76b0446 100644 |
1294 |
--- a/binutils/readelf.c |
1295 |
+++ b/binutils/readelf.c |
1296 |
@@ -7965,9 +7965,9 @@ get_unwind_section_word (struct arm_unw_aux_info * aux, |
1297 |
return FALSE; |
1298 |
|
1299 |
/* If the offset is invalid then fail. */ |
1300 |
- if (word_offset > (sec->sh_size - 4) |
1301 |
- /* PR 18879 */ |
1302 |
- || (sec->sh_size < 5 && word_offset >= sec->sh_size) |
1303 |
+ if (/* PR 21343 *//* PR 18879 */ |
1304 |
+ sec->sh_size < 4 |
1305 |
+ || word_offset > (sec->sh_size - 4) |
1306 |
|| ((bfd_signed_vma) word_offset) < 0) |
1307 |
return FALSE; |
1308 |
|
1309 |
-- |
1310 |
2.13.0 |
1311 |
|
1312 |
|
1313 |
|
1314 |
|
1315 |
1.1 src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch |
1316 |
|
1317 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch?rev=1.1&view=markup |
1318 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0014-CVE-2017-9039.patch?rev=1.1&content-type=text/plain |
1319 |
|
1320 |
Index: 00_all_0014-CVE-2017-9039.patch |
1321 |
=================================================================== |
1322 |
From cbd6b5d21e987c7799db6bc237ace666762e8ab9 Mon Sep 17 00:00:00 2001 |
1323 |
From: Matthias Maier <tamiko@××××.org> |
1324 |
Date: Tue, 6 Jun 2017 16:33:56 -0500 |
1325 |
Subject: [PATCH 08/10] CVE-2017-9039 |
1326 |
|
1327 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5 |
1328 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618826 |
1329 |
--- |
1330 |
binutils/readelf.c | 14 ++++++++++++-- |
1331 |
1 file changed, 12 insertions(+), 2 deletions(-) |
1332 |
|
1333 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1334 |
index 76b0446..659b777 100644 |
1335 |
--- a/binutils/readelf.c |
1336 |
+++ b/binutils/readelf.c |
1337 |
@@ -4758,9 +4758,19 @@ get_program_headers (FILE * file) |
1338 |
if (program_headers != NULL) |
1339 |
return 1; |
1340 |
|
1341 |
- phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, |
1342 |
- sizeof (Elf_Internal_Phdr)); |
1343 |
+ /* Be kind to memory checkers by looking for |
1344 |
+ e_phnum values which we know must be invalid. */ |
1345 |
+ if (elf_header.e_phnum |
1346 |
+ * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof (Elf64_External_Phdr)) |
1347 |
+ >= current_file_size) |
1348 |
+ { |
1349 |
+ error (_("Too many program headers - %#x - the file is not that big\n"), |
1350 |
+ elf_header.e_phnum); |
1351 |
+ return FALSE; |
1352 |
+ } |
1353 |
|
1354 |
+ phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum, |
1355 |
+ sizeof (Elf_Internal_Phdr)); |
1356 |
if (phdrs == NULL) |
1357 |
{ |
1358 |
error (_("Out of memory reading %u program headers\n"), |
1359 |
-- |
1360 |
2.13.0 |
1361 |
|
1362 |
|
1363 |
|
1364 |
|
1365 |
1.1 src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch |
1366 |
|
1367 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch?rev=1.1&view=markup |
1368 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0015-CVE-2017-9040-CVE-2017-9042.patch?rev=1.1&content-type=text/plain |
1369 |
|
1370 |
Index: 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch |
1371 |
=================================================================== |
1372 |
From 5eeab6e574d9712efe1f2ddaf48b6dddba69dc52 Mon Sep 17 00:00:00 2001 |
1373 |
From: Matthias Maier <tamiko@××××.org> |
1374 |
Date: Tue, 6 Jun 2017 16:37:58 -0500 |
1375 |
Subject: [PATCH 09/10] CVE-2017-9040, CVE-2017-9042 |
1376 |
|
1377 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf |
1378 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618826 |
1379 |
--- |
1380 |
binutils/readelf.c | 15 +++++++++++++++ |
1381 |
1 file changed, 15 insertions(+) |
1382 |
|
1383 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1384 |
index 659b777..74e4c3a 100644 |
1385 |
--- a/binutils/readelf.c |
1386 |
+++ b/binutils/readelf.c |
1387 |
@@ -9299,6 +9299,12 @@ process_dynamic_section (FILE * file) |
1388 |
processing that. This is overkill, I know, but it |
1389 |
should work. */ |
1390 |
section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0); |
1391 |
+ if ((bfd_size_type) section.sh_offset > current_file_size) |
1392 |
+ { |
1393 |
+ /* See PR 21379 for a reproducer. */ |
1394 |
+ error (_("Invalid DT_SYMTAB entry: %lx"), (long) section.sh_offset); |
1395 |
+ return FALSE; |
1396 |
+ } |
1397 |
|
1398 |
if (archive_file_offset != 0) |
1399 |
section.sh_size = archive_file_size - section.sh_offset; |
1400 |
@@ -15081,6 +15087,15 @@ process_mips_specific (FILE * file) |
1401 |
return 0; |
1402 |
} |
1403 |
|
1404 |
+ /* PR 21345 - print a slightly more helpful error message |
1405 |
+ if we are sure that the cmalloc will fail. */ |
1406 |
+ if (conflictsno * sizeof (* iconf) > current_file_size) |
1407 |
+ { |
1408 |
+ error (_("Overlarge number of conflicts detected: %lx\n"), |
1409 |
+ (long) conflictsno); |
1410 |
+ return FALSE; |
1411 |
+ } |
1412 |
+ |
1413 |
iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf)); |
1414 |
if (iconf == NULL) |
1415 |
{ |
1416 |
-- |
1417 |
2.13.0 |
1418 |
|
1419 |
|
1420 |
|
1421 |
|
1422 |
1.1 src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch |
1423 |
|
1424 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch?rev=1.1&view=markup |
1425 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0016-CVE-2017-9041.patch?rev=1.1&content-type=text/plain |
1426 |
|
1427 |
Index: 00_all_0016-CVE-2017-9041.patch |
1428 |
=================================================================== |
1429 |
From 936856858aebc77e8d480f25c69e486057b05dfe Mon Sep 17 00:00:00 2001 |
1430 |
From: Matthias Maier <tamiko@××××.org> |
1431 |
Date: Tue, 6 Jun 2017 16:41:59 -0500 |
1432 |
Subject: [PATCH 10/10] CVE-2017-9041 |
1433 |
|
1434 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 |
1435 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 |
1436 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618826 |
1437 |
--- |
1438 |
binutils/readelf.c | 7 +++++++ |
1439 |
1 file changed, 7 insertions(+) |
1440 |
|
1441 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1442 |
index 74e4c3a..5507663 100644 |
1443 |
--- a/binutils/readelf.c |
1444 |
+++ b/binutils/readelf.c |
1445 |
@@ -15211,7 +15211,14 @@ process_mips_specific (FILE * file) |
1446 |
printf (_(" Lazy resolver\n")); |
1447 |
if (ent == (bfd_vma) -1) |
1448 |
goto got_print_fail; |
1449 |
+ |
1450 |
+ /* Check for the MSB of GOT[1] being set, denoting a GNU object. |
1451 |
+ This entry will be used by some runtime loaders, to store the |
1452 |
+ module pointer. Otherwise this is an ordinary local entry. |
1453 |
+ PR 21344: Check for the entry being fully available before |
1454 |
+ fetching it. */ |
1455 |
if (data |
1456 |
+ && data + ent - pltgot + addr_size <= data_end |
1457 |
&& (byte_get (data + ent - pltgot, addr_size) |
1458 |
>> (addr_size * 8 - 1)) != 0) |
1459 |
{ |
1460 |
-- |
1461 |
2.13.0 |
1462 |
|
1463 |
|
1464 |
|
1465 |
|
1466 |
1.1 src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch |
1467 |
|
1468 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch?rev=1.1&view=markup |
1469 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0017-CVE-2017-7614.patch?rev=1.1&content-type=text/plain |
1470 |
|
1471 |
Index: 00_all_0017-CVE-2017-7614.patch |
1472 |
=================================================================== |
1473 |
From 398dc44e4596294a24f74771db0ea6006034b501 Mon Sep 17 00:00:00 2001 |
1474 |
From: Matthias Maier <tamiko@××××.org> |
1475 |
Date: Tue, 6 Jun 2017 17:12:24 -0500 |
1476 |
Subject: [PATCH] CVE-2017-7614 |
1477 |
|
1478 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 |
1479 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=618006 |
1480 |
--- |
1481 |
bfd/elflink.c | 35 +++++++++++++++++++++-------------- |
1482 |
1 file changed, 21 insertions(+), 14 deletions(-) |
1483 |
|
1484 |
diff --git a/bfd/elflink.c b/bfd/elflink.c |
1485 |
index 69b66f2..96f74be 100644 |
1486 |
--- a/bfd/elflink.c |
1487 |
+++ b/bfd/elflink.c |
1488 |
@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd, |
1489 |
defined in shared libraries can't be overridden, because we |
1490 |
lose the link to the bfd which is via the symbol section. */ |
1491 |
h->root.type = bfd_link_hash_new; |
1492 |
+ bh = &h->root; |
1493 |
} |
1494 |
+ else |
1495 |
+ bh = NULL; |
1496 |
|
1497 |
- bh = &h->root; |
1498 |
bed = get_elf_backend_data (abfd); |
1499 |
if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL, |
1500 |
sec, 0, NULL, FALSE, bed->collect, |
1501 |
&bh)) |
1502 |
return NULL; |
1503 |
h = (struct elf_link_hash_entry *) bh; |
1504 |
+ BFD_ASSERT (h != NULL); |
1505 |
h->def_regular = 1; |
1506 |
h->non_elf = 0; |
1507 |
h->root.linker_def = 1; |
1508 |
@@ -11973,24 +11976,28 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info) |
1509 |
{ |
1510 |
/* Finish up and write out the symbol string table (.strtab) |
1511 |
section. */ |
1512 |
- Elf_Internal_Shdr *symstrtab_hdr; |
1513 |
+ Elf_Internal_Shdr *symstrtab_hdr = NULL; |
1514 |
file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size; |
1515 |
|
1516 |
- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr; |
1517 |
- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0) |
1518 |
+ if (elf_symtab_shndx_list (abfd)) |
1519 |
{ |
1520 |
- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX; |
1521 |
- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx); |
1522 |
- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx); |
1523 |
- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx); |
1524 |
- symtab_shndx_hdr->sh_size = amt; |
1525 |
+ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr; |
1526 |
|
1527 |
- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr, |
1528 |
- off, TRUE); |
1529 |
+ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0) |
1530 |
+ { |
1531 |
+ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX; |
1532 |
+ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx); |
1533 |
+ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx); |
1534 |
+ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx); |
1535 |
+ symtab_shndx_hdr->sh_size = amt; |
1536 |
|
1537 |
- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0 |
1538 |
- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt)) |
1539 |
- return FALSE; |
1540 |
+ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr, |
1541 |
+ off, TRUE); |
1542 |
+ |
1543 |
+ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0 |
1544 |
+ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt)) |
1545 |
+ return FALSE; |
1546 |
+ } |
1547 |
} |
1548 |
|
1549 |
symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr; |
1550 |
-- |
1551 |
2.13.0 |
1552 |
|
1553 |
|
1554 |
|
1555 |
|
1556 |
1.1 src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch |
1557 |
|
1558 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch?rev=1.1&view=markup |
1559 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0018-CVE-2017-6965.patch?rev=1.1&content-type=text/plain |
1560 |
|
1561 |
Index: 00_all_0018-CVE-2017-6965.patch |
1562 |
=================================================================== |
1563 |
From 00e45d8e07536e7eee850f00a6101011e7088171 Mon Sep 17 00:00:00 2001 |
1564 |
From: Matthias Maier <tamiko@××××.org> |
1565 |
Date: Wed, 7 Jun 2017 09:29:37 -0500 |
1566 |
Subject: [PATCH 1/3] CVE-2017-6965 |
1567 |
|
1568 |
[PATCH] Fix readelf writing to illegal addresses whilst processing corrupt input files containing symbol-difference relocations. |
1569 |
|
1570 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493 |
1571 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=621130 |
1572 |
--- |
1573 |
binutils/readelf.c | 30 +++++++++++++++++++++++++----- |
1574 |
1 file changed, 25 insertions(+), 5 deletions(-) |
1575 |
|
1576 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1577 |
index 5507663..7a908a1 100644 |
1578 |
--- a/binutils/readelf.c |
1579 |
+++ b/binutils/readelf.c |
1580 |
@@ -11600,6 +11600,7 @@ process_syminfo (FILE * file ATTRIBUTE_UNUSED) |
1581 |
static bfd_boolean |
1582 |
target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1583 |
unsigned char * start, |
1584 |
+ unsigned char * end, |
1585 |
Elf_Internal_Sym * symtab) |
1586 |
{ |
1587 |
unsigned int reloc_type = get_reloc_type (reloc->r_info); |
1588 |
@@ -11640,13 +11641,19 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1589 |
handle_sym_diff: |
1590 |
if (saved_sym != NULL) |
1591 |
{ |
1592 |
+ int reloc_size = reloc_type == 1 ? 4 : 2; |
1593 |
bfd_vma value; |
1594 |
|
1595 |
value = reloc->r_addend |
1596 |
+ (symtab[get_reloc_symindex (reloc->r_info)].st_value |
1597 |
- saved_sym->st_value); |
1598 |
|
1599 |
- byte_put (start + reloc->r_offset, value, reloc_type == 1 ? 4 : 2); |
1600 |
+ if (start + reloc->r_offset + reloc_size >= end) |
1601 |
+ /* PR 21137 */ |
1602 |
+ error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"), |
1603 |
+ start + reloc->r_offset + reloc_size, end); |
1604 |
+ else |
1605 |
+ byte_put (start + reloc->r_offset, value, reloc_size); |
1606 |
|
1607 |
saved_sym = NULL; |
1608 |
return TRUE; |
1609 |
@@ -11677,13 +11684,18 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1610 |
case 2: /* R_MN10300_16 */ |
1611 |
if (saved_sym != NULL) |
1612 |
{ |
1613 |
+ int reloc_size = reloc_type == 1 ? 4 : 2; |
1614 |
bfd_vma value; |
1615 |
|
1616 |
value = reloc->r_addend |
1617 |
+ (symtab[get_reloc_symindex (reloc->r_info)].st_value |
1618 |
- saved_sym->st_value); |
1619 |
|
1620 |
- byte_put (start + reloc->r_offset, value, reloc_type == 1 ? 4 : 2); |
1621 |
+ if (start + reloc->r_offset + reloc_size >= end) |
1622 |
+ error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"), |
1623 |
+ start + reloc->r_offset + reloc_size, end); |
1624 |
+ else |
1625 |
+ byte_put (start + reloc->r_offset, value, reloc_size); |
1626 |
|
1627 |
saved_sym = NULL; |
1628 |
return TRUE; |
1629 |
@@ -11718,12 +11730,20 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1630 |
break; |
1631 |
|
1632 |
case 0x41: /* R_RL78_ABS32. */ |
1633 |
- byte_put (start + reloc->r_offset, value, 4); |
1634 |
+ if (start + reloc->r_offset + 4 >= end) |
1635 |
+ error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"), |
1636 |
+ start + reloc->r_offset + 2, end); |
1637 |
+ else |
1638 |
+ byte_put (start + reloc->r_offset, value, 4); |
1639 |
value = 0; |
1640 |
return TRUE; |
1641 |
|
1642 |
case 0x43: /* R_RL78_ABS16. */ |
1643 |
- byte_put (start + reloc->r_offset, value, 2); |
1644 |
+ if (start + reloc->r_offset + 2 >= end) |
1645 |
+ error (_("RL78 sym diff reloc writes past end of section (%p vs %p)\n"), |
1646 |
+ start + reloc->r_offset + 2, end); |
1647 |
+ else |
1648 |
+ byte_put (start + reloc->r_offset, value, 2); |
1649 |
value = 0; |
1650 |
return TRUE; |
1651 |
|
1652 |
@@ -12340,7 +12360,7 @@ apply_relocations (void * file, |
1653 |
|
1654 |
reloc_type = get_reloc_type (rp->r_info); |
1655 |
|
1656 |
- if (target_specific_reloc_handling (rp, start, symtab)) |
1657 |
+ if (target_specific_reloc_handling (rp, start, end, symtab)) |
1658 |
continue; |
1659 |
else if (is_none_reloc (reloc_type)) |
1660 |
continue; |
1661 |
-- |
1662 |
2.13.0 |
1663 |
|
1664 |
|
1665 |
|
1666 |
|
1667 |
1.1 src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch |
1668 |
|
1669 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch?rev=1.1&view=markup |
1670 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0019-CVE-2017-6966.patch?rev=1.1&content-type=text/plain |
1671 |
|
1672 |
Index: 00_all_0019-CVE-2017-6966.patch |
1673 |
=================================================================== |
1674 |
From f25ff3ce9735df03fcbe7ecc1897cf8e0de4b6ae Mon Sep 17 00:00:00 2001 |
1675 |
From: Matthias Maier <tamiko@××××.org> |
1676 |
Date: Wed, 7 Jun 2017 09:31:53 -0500 |
1677 |
Subject: [PATCH 2/3] CVE-2017-6966 |
1678 |
|
1679 |
[PATCH] Fix read-after-free error in readelf when processing multiple, relocated sections in an MSP430 binary. |
1680 |
|
1681 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9 |
1682 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=621130 |
1683 |
--- |
1684 |
binutils/readelf.c | 109 +++++++++++++++++++++++++++++++++++++++++------------ |
1685 |
1 file changed, 84 insertions(+), 25 deletions(-) |
1686 |
|
1687 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1688 |
index 7a908a1..fd23b6b 100644 |
1689 |
--- a/binutils/readelf.c |
1690 |
+++ b/binutils/readelf.c |
1691 |
@@ -11595,15 +11595,27 @@ process_syminfo (FILE * file ATTRIBUTE_UNUSED) |
1692 |
|
1693 |
/* Check to see if the given reloc needs to be handled in a target specific |
1694 |
manner. If so then process the reloc and return TRUE otherwise return |
1695 |
- FALSE. */ |
1696 |
+ FALSE. |
1697 |
+ |
1698 |
+ If called with reloc == NULL, then this is a signal that reloc processing |
1699 |
+ for the current section has finished, and any saved state should be |
1700 |
+ discarded. */ |
1701 |
|
1702 |
static bfd_boolean |
1703 |
target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1704 |
unsigned char * start, |
1705 |
unsigned char * end, |
1706 |
- Elf_Internal_Sym * symtab) |
1707 |
+ Elf_Internal_Sym * symtab, |
1708 |
+ unsigned long num_syms) |
1709 |
{ |
1710 |
- unsigned int reloc_type = get_reloc_type (reloc->r_info); |
1711 |
+ unsigned int reloc_type = 0; |
1712 |
+ unsigned long sym_index = 0; |
1713 |
+ |
1714 |
+ if (reloc) |
1715 |
+ { |
1716 |
+ reloc_type = get_reloc_type (reloc->r_info); |
1717 |
+ sym_index = get_reloc_symindex (reloc->r_info); |
1718 |
+ } |
1719 |
|
1720 |
switch (elf_header.e_machine) |
1721 |
{ |
1722 |
@@ -11612,6 +11624,12 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1723 |
{ |
1724 |
static Elf_Internal_Sym * saved_sym = NULL; |
1725 |
|
1726 |
+ if (reloc == NULL) |
1727 |
+ { |
1728 |
+ saved_sym = NULL; |
1729 |
+ return TRUE; |
1730 |
+ } |
1731 |
+ |
1732 |
switch (reloc_type) |
1733 |
{ |
1734 |
case 10: /* R_MSP430_SYM_DIFF */ |
1735 |
@@ -11619,7 +11637,12 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1736 |
break; |
1737 |
/* Fall through. */ |
1738 |
case 21: /* R_MSP430X_SYM_DIFF */ |
1739 |
- saved_sym = symtab + get_reloc_symindex (reloc->r_info); |
1740 |
+ /* PR 21139. */ |
1741 |
+ if (sym_index >= num_syms) |
1742 |
+ error (_("MSP430 SYM_DIFF reloc contains invalid symbol index %lu\n"), |
1743 |
+ sym_index); |
1744 |
+ else |
1745 |
+ saved_sym = symtab + sym_index; |
1746 |
return TRUE; |
1747 |
|
1748 |
case 1: /* R_MSP430_32 or R_MSP430_ABS32 */ |
1749 |
@@ -11644,16 +11667,21 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1750 |
int reloc_size = reloc_type == 1 ? 4 : 2; |
1751 |
bfd_vma value; |
1752 |
|
1753 |
- value = reloc->r_addend |
1754 |
- + (symtab[get_reloc_symindex (reloc->r_info)].st_value |
1755 |
- - saved_sym->st_value); |
1756 |
- |
1757 |
- if (start + reloc->r_offset + reloc_size >= end) |
1758 |
- /* PR 21137 */ |
1759 |
- error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"), |
1760 |
- start + reloc->r_offset + reloc_size, end); |
1761 |
+ if (sym_index >= num_syms) |
1762 |
+ error (_("MSP430 reloc contains invalid symbol index %lu\n"), |
1763 |
+ sym_index); |
1764 |
else |
1765 |
- byte_put (start + reloc->r_offset, value, reloc_size); |
1766 |
+ { |
1767 |
+ value = reloc->r_addend + (symtab[sym_index].st_value |
1768 |
+ - saved_sym->st_value); |
1769 |
+ |
1770 |
+ if (start + reloc->r_offset + reloc_size >= end) |
1771 |
+ /* PR 21137 */ |
1772 |
+ error (_("MSP430 sym diff reloc writes past end of section (%p vs %p)\n"), |
1773 |
+ start + reloc->r_offset + reloc_size, end); |
1774 |
+ else |
1775 |
+ byte_put (start + reloc->r_offset, value, reloc_size); |
1776 |
+ } |
1777 |
|
1778 |
saved_sym = NULL; |
1779 |
return TRUE; |
1780 |
@@ -11673,13 +11701,24 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1781 |
{ |
1782 |
static Elf_Internal_Sym * saved_sym = NULL; |
1783 |
|
1784 |
+ if (reloc == NULL) |
1785 |
+ { |
1786 |
+ saved_sym = NULL; |
1787 |
+ return TRUE; |
1788 |
+ } |
1789 |
+ |
1790 |
switch (reloc_type) |
1791 |
{ |
1792 |
case 34: /* R_MN10300_ALIGN */ |
1793 |
return TRUE; |
1794 |
case 33: /* R_MN10300_SYM_DIFF */ |
1795 |
- saved_sym = symtab + get_reloc_symindex (reloc->r_info); |
1796 |
+ if (sym_index >= num_syms) |
1797 |
+ error (_("MN10300_SYM_DIFF reloc contains invalid symbol index %lu\n"), |
1798 |
+ sym_index); |
1799 |
+ else |
1800 |
+ saved_sym = symtab + sym_index; |
1801 |
return TRUE; |
1802 |
+ |
1803 |
case 1: /* R_MN10300_32 */ |
1804 |
case 2: /* R_MN10300_16 */ |
1805 |
if (saved_sym != NULL) |
1806 |
@@ -11687,15 +11726,20 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1807 |
int reloc_size = reloc_type == 1 ? 4 : 2; |
1808 |
bfd_vma value; |
1809 |
|
1810 |
- value = reloc->r_addend |
1811 |
- + (symtab[get_reloc_symindex (reloc->r_info)].st_value |
1812 |
- - saved_sym->st_value); |
1813 |
- |
1814 |
- if (start + reloc->r_offset + reloc_size >= end) |
1815 |
- error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"), |
1816 |
- start + reloc->r_offset + reloc_size, end); |
1817 |
+ if (sym_index >= num_syms) |
1818 |
+ error (_("MN10300 reloc contains invalid symbol index %lu\n"), |
1819 |
+ sym_index); |
1820 |
else |
1821 |
- byte_put (start + reloc->r_offset, value, reloc_size); |
1822 |
+ { |
1823 |
+ value = reloc->r_addend + (symtab[sym_index].st_value |
1824 |
+ - saved_sym->st_value); |
1825 |
+ |
1826 |
+ if (start + reloc->r_offset + reloc_size >= end) |
1827 |
+ error (_("MN10300 sym diff reloc writes past end of section (%p vs %p)\n"), |
1828 |
+ start + reloc->r_offset + reloc_size, end); |
1829 |
+ else |
1830 |
+ byte_put (start + reloc->r_offset, value, reloc_size); |
1831 |
+ } |
1832 |
|
1833 |
saved_sym = NULL; |
1834 |
return TRUE; |
1835 |
@@ -11715,12 +11759,24 @@ target_specific_reloc_handling (Elf_Internal_Rela * reloc, |
1836 |
static bfd_vma saved_sym2 = 0; |
1837 |
static bfd_vma value; |
1838 |
|
1839 |
+ if (reloc == NULL) |
1840 |
+ { |
1841 |
+ saved_sym1 = saved_sym2 = 0; |
1842 |
+ return TRUE; |
1843 |
+ } |
1844 |
+ |
1845 |
switch (reloc_type) |
1846 |
{ |
1847 |
case 0x80: /* R_RL78_SYM. */ |
1848 |
saved_sym1 = saved_sym2; |
1849 |
- saved_sym2 = symtab[get_reloc_symindex (reloc->r_info)].st_value; |
1850 |
- saved_sym2 += reloc->r_addend; |
1851 |
+ if (sym_index >= num_syms) |
1852 |
+ error (_("RL78_SYM reloc contains invalid symbol index %lu\n"), |
1853 |
+ sym_index); |
1854 |
+ else |
1855 |
+ { |
1856 |
+ saved_sym2 = symtab[sym_index].st_value; |
1857 |
+ saved_sym2 += reloc->r_addend; |
1858 |
+ } |
1859 |
return TRUE; |
1860 |
|
1861 |
case 0x83: /* R_RL78_OPsub. */ |
1862 |
@@ -12360,7 +12416,7 @@ apply_relocations (void * file, |
1863 |
|
1864 |
reloc_type = get_reloc_type (rp->r_info); |
1865 |
|
1866 |
- if (target_specific_reloc_handling (rp, start, end, symtab)) |
1867 |
+ if (target_specific_reloc_handling (rp, start, end, symtab, num_syms)) |
1868 |
continue; |
1869 |
else if (is_none_reloc (reloc_type)) |
1870 |
continue; |
1871 |
@@ -12456,6 +12512,9 @@ apply_relocations (void * file, |
1872 |
} |
1873 |
|
1874 |
free (symtab); |
1875 |
+ /* Let the target specific reloc processing code know that |
1876 |
+ we have finished with these relocs. */ |
1877 |
+ target_specific_reloc_handling (NULL, NULL, NULL, NULL, 0); |
1878 |
|
1879 |
if (relocs_return) |
1880 |
{ |
1881 |
-- |
1882 |
2.13.0 |
1883 |
|
1884 |
|
1885 |
|
1886 |
|
1887 |
1.1 src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch |
1888 |
|
1889 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch?rev=1.1&view=markup |
1890 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0020-CVE-2017-6969.patch?rev=1.1&content-type=text/plain |
1891 |
|
1892 |
Index: 00_all_0020-CVE-2017-6969.patch |
1893 |
=================================================================== |
1894 |
From bb8c412a9450141286bf4eef04b14fe47bbc364f Mon Sep 17 00:00:00 2001 |
1895 |
From: Matthias Maier <tamiko@××××.org> |
1896 |
Date: Wed, 7 Jun 2017 09:35:35 -0500 |
1897 |
Subject: [PATCH 3/3] CVE-2017-6969 |
1898 |
|
1899 |
[PATCH] Fix illegal memory accesses in readelf when parsing a corrupt binary. |
1900 |
[PATCH] Fix another memory access error in readelf when parsing a corrupt binary. |
1901 |
|
1902 |
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456 |
1903 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14 |
1904 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=621130 |
1905 |
--- |
1906 |
binutils/dwarf.c | 34 ++++++++++++++++++++-------------- |
1907 |
binutils/readelf.c | 10 ++++++++-- |
1908 |
2 files changed, 28 insertions(+), 16 deletions(-) |
1909 |
|
1910 |
diff --git a/binutils/dwarf.c b/binutils/dwarf.c |
1911 |
index 05efa6e..3312bc5 100644 |
1912 |
--- a/binutils/dwarf.c |
1913 |
+++ b/binutils/dwarf.c |
1914 |
@@ -76,7 +76,6 @@ int dwarf_check = 0; |
1915 |
as a zero-terminated list of section indexes comprising one set of debug |
1916 |
sections from a .dwo file. */ |
1917 |
|
1918 |
-static int cu_tu_indexes_read = 0; |
1919 |
static unsigned int *shndx_pool = NULL; |
1920 |
static unsigned int shndx_pool_size = 0; |
1921 |
static unsigned int shndx_pool_used = 0; |
1922 |
@@ -99,7 +98,7 @@ static int tu_count = 0; |
1923 |
static struct cu_tu_set *cu_sets = NULL; |
1924 |
static struct cu_tu_set *tu_sets = NULL; |
1925 |
|
1926 |
-static void load_cu_tu_indexes (void *file); |
1927 |
+static bfd_boolean load_cu_tu_indexes (void *); |
1928 |
|
1929 |
/* Values for do_debug_lines. */ |
1930 |
#define FLAG_DEBUG_LINES_RAW 1 |
1931 |
@@ -2739,7 +2738,7 @@ load_debug_info (void * file) |
1932 |
return num_debug_info_entries; |
1933 |
|
1934 |
/* If this is a DWARF package file, load the CU and TU indexes. */ |
1935 |
- load_cu_tu_indexes (file); |
1936 |
+ (void) load_cu_tu_indexes (file); |
1937 |
|
1938 |
if (load_debug_section (info, file) |
1939 |
&& process_debug_info (&debug_displays [info].section, file, abbrev, 1, 0)) |
1940 |
@@ -7402,21 +7401,27 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) |
1941 |
section sets that we can use to associate a .debug_info.dwo section |
1942 |
with its associated .debug_abbrev.dwo section in a .dwp file. */ |
1943 |
|
1944 |
-static void |
1945 |
+static bfd_boolean |
1946 |
load_cu_tu_indexes (void *file) |
1947 |
{ |
1948 |
+ static int cu_tu_indexes_read = -1; /* Tri-state variable. */ |
1949 |
+ |
1950 |
/* If we have already loaded (or tried to load) the CU and TU indexes |
1951 |
then do not bother to repeat the task. */ |
1952 |
- if (cu_tu_indexes_read) |
1953 |
- return; |
1954 |
- |
1955 |
- if (load_debug_section (dwp_cu_index, file)) |
1956 |
- process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0); |
1957 |
- |
1958 |
- if (load_debug_section (dwp_tu_index, file)) |
1959 |
- process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0); |
1960 |
+ if (cu_tu_indexes_read == -1) |
1961 |
+ { |
1962 |
+ cu_tu_indexes_read = TRUE; |
1963 |
+ |
1964 |
+ if (load_debug_section (dwp_cu_index, file)) |
1965 |
+ if (! process_cu_tu_index (&debug_displays [dwp_cu_index].section, 0)) |
1966 |
+ cu_tu_indexes_read = FALSE; |
1967 |
+ |
1968 |
+ if (load_debug_section (dwp_tu_index, file)) |
1969 |
+ if (! process_cu_tu_index (&debug_displays [dwp_tu_index].section, 0)) |
1970 |
+ cu_tu_indexes_read = FALSE; |
1971 |
+ } |
1972 |
|
1973 |
- cu_tu_indexes_read = 1; |
1974 |
+ return (bfd_boolean) cu_tu_indexes_read; |
1975 |
} |
1976 |
|
1977 |
/* Find the set of sections that includes section SHNDX. */ |
1978 |
@@ -7426,7 +7431,8 @@ find_cu_tu_set (void *file, unsigned int shndx) |
1979 |
{ |
1980 |
unsigned int i; |
1981 |
|
1982 |
- load_cu_tu_indexes (file); |
1983 |
+ if (! load_cu_tu_indexes (file)) |
1984 |
+ return NULL; |
1985 |
|
1986 |
/* Find SHNDX in the shndx pool. */ |
1987 |
for (i = 0; i < shndx_pool_used; i++) |
1988 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
1989 |
index fd23b6b..3950412 100644 |
1990 |
--- a/binutils/readelf.c |
1991 |
+++ b/binutils/readelf.c |
1992 |
@@ -675,8 +675,14 @@ find_section_in_set (const char * name, unsigned int * set) |
1993 |
if (set != NULL) |
1994 |
{ |
1995 |
while ((i = *set++) > 0) |
1996 |
- if (streq (SECTION_NAME (section_headers + i), name)) |
1997 |
- return section_headers + i; |
1998 |
+ { |
1999 |
+ /* See PR 21156 for a reproducer. */ |
2000 |
+ if (i >= elf_header.e_shnum) |
2001 |
+ continue; /* FIXME: Should we issue an error message ? */ |
2002 |
+ |
2003 |
+ if (streq (SECTION_NAME (section_headers + i), name)) |
2004 |
+ return section_headers + i; |
2005 |
+ } |
2006 |
} |
2007 |
|
2008 |
return find_section (name); |
2009 |
-- |
2010 |
2.13.0 |
2011 |
|
2012 |
|
2013 |
|
2014 |
|
2015 |
1.1 src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch |
2016 |
|
2017 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch?rev=1.1&view=markup |
2018 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0021-fix-out-of-bounds-access-in-elf.c.patch?rev=1.1&content-type=text/plain |
2019 |
|
2020 |
Index: 00_all_0021-fix-out-of-bounds-access-in-elf.c.patch |
2021 |
=================================================================== |
2022 |
From 5cc4ca837deac7dc962d8a3741aa120c50ab41da Mon Sep 17 00:00:00 2001 |
2023 |
From: Sergei Trofimovich <slyfox@g.o> |
2024 |
Date: Sat, 24 Jun 2017 18:40:41 +0100 |
2025 |
Subject: [PATCH] fix out-of-bounds access in elf.c:find_link |
2026 |
|
2027 |
The out-of-bounds access is reproducible on 'ia64-strip' command |
2028 |
(see sample from https://bugs.gentoo.org/show_bug.cgi?id=622500) |
2029 |
|
2030 |
The output file contains less section than original one. |
2031 |
This tricks 'hint' access to go out-of-bounds: |
2032 |
|
2033 |
* elf.c (find_link): Bounds check "hint". |
2034 |
--- |
2035 |
bfd/elf.c | 6 ++++-- |
2036 |
2 files changed, 8 insertions(+), 2 deletions(-) |
2037 |
|
2038 |
diff --git a/bfd/elf.c b/bfd/elf.c |
2039 |
index 5f37e7f..76c6a5c 100644 |
2040 |
--- a/bfd/elf.c |
2041 |
+++ b/bfd/elf.c |
2042 |
@@ -1283,7 +1283,8 @@ section_match (const Elf_Internal_Shdr * a, |
2043 |
to be the correct section. */ |
2044 |
|
2045 |
static unsigned int |
2046 |
-find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned int hint) |
2047 |
+find_link (const bfd *obfd, const Elf_Internal_Shdr *iheader, |
2048 |
+ const unsigned int hint) |
2049 |
{ |
2050 |
Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd); |
2051 |
unsigned int i; |
2052 |
@@ -1291,7 +1292,8 @@ find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned i |
2053 |
BFD_ASSERT (iheader != NULL); |
2054 |
|
2055 |
/* See PR 20922 for a reproducer of the NULL test. */ |
2056 |
- if (oheaders[hint] != NULL |
2057 |
+ if (hint < elf_numsections (obfd) |
2058 |
+ && oheaders[hint] != NULL |
2059 |
&& section_match (oheaders[hint], iheader)) |
2060 |
return hint; |
2061 |
|
2062 |
-- |
2063 |
2.9.3 |
2064 |
|
2065 |
|
2066 |
|
2067 |
|
2068 |
1.1 src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch |
2069 |
|
2070 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch?rev=1.1&view=markup |
2071 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch?rev=1.1&content-type=text/plain |
2072 |
|
2073 |
Index: 00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch |
2074 |
=================================================================== |
2075 |
From 4b48e2f6a50e85e5acc316289c4a6af693ad98f0 Mon Sep 17 00:00:00 2001 |
2076 |
From: Nick Clifton <nickc@××××××.com> |
2077 |
Date: Fri, 16 Jun 2017 15:16:19 +0100 |
2078 |
Subject: [PATCH 1/1] Fixing linking configure generated tests of ifunc |
2079 |
support. |
2080 |
|
2081 |
* elflink.c (bfd_elf_size_dynsym_hash_dynstr): Do not fail if the |
2082 |
bucketlist is empty because there are no symbols to add to the |
2083 |
list. |
2084 |
|
2085 |
http://bugs.gentoo.org/622036 |
2086 |
|
2087 |
--- |
2088 |
bfd/ChangeLog | 6 ++++++ |
2089 |
bfd/elflink.c | 2 +- |
2090 |
2 files changed, 7 insertions(+), 1 deletion(-) |
2091 |
|
2092 |
diff --git a/bfd/elflink.c b/bfd/elflink.c |
2093 |
index 1a83b88..e35ec63 100644 |
2094 |
--- a/bfd/elflink.c |
2095 |
+++ b/bfd/elflink.c |
2096 |
@@ -6940,7 +6940,7 @@ bfd_elf_size_dynsym_hash_dynstr (bfd *output_bfd, struct bfd_link_info *info) |
2097 |
= compute_bucket_count (info, hashcodes, nsyms, 0); |
2098 |
free (hashcodes); |
2099 |
|
2100 |
- if (bucketcount == 0) |
2101 |
+ if (bucketcount == 0 && nsyms > 0) |
2102 |
return FALSE; |
2103 |
|
2104 |
elf_hash_table (info)->bucketcount = bucketcount; |
2105 |
-- |
2106 |
2.9.3 |
2107 |
|
2108 |
|
2109 |
|
2110 |
|
2111 |
1.1 src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch |
2112 |
|
2113 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch?rev=1.1&view=markup |
2114 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch?rev=1.1&content-type=text/plain |
2115 |
|
2116 |
Index: 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch |
2117 |
=================================================================== |
2118 |
Subject: [PATCH] readelf: Don't error on .debug files with NOBITS .dynamic section. |
2119 |
From: Mark Wielaard <mark@×××××.org> |
2120 |
|
2121 |
The fix for PR binutils/17512 added a check for the dynamic segment being |
2122 |
inside the actual ELF file. If not an error message would be produced: |
2123 |
|
2124 |
readelf: Error: the dynamic segment offset + size exceeds the size of the file |
2125 |
|
2126 |
Unfortunately for separate debuginfo files it is common for the dynamic |
2127 |
segment not being inside the file because the .dynamic section is NOBITS. |
2128 |
|
2129 |
Since the check is done unconditionally in process_program_headers and |
2130 |
process_program_headers is always called (to setup dynamic_addr in case |
2131 |
it is needed). The error is produced on any operations done on any .debug |
2132 |
file (even if no program headers or the dynamic segment is used). |
2133 |
|
2134 |
If there are section headers then a cross check is done to see if the |
2135 |
.dynamic section is NOBITS in which case dynamic_addr is set to zero |
2136 |
without a warning or error (which is then checked first before any |
2137 |
operation on the dynamic segement is done). |
2138 |
|
2139 |
Move the check for the dynamic segment being inside the actual ELF file |
2140 |
after the cross check with the section headers to suppress the error for |
2141 |
.debug files. |
2142 |
|
2143 |
binutils/ChangeLog: |
2144 |
|
2145 |
* readelf.c (process_program_headers): Move dynamic_addr check |
2146 |
after .dynamic section cross check. |
2147 |
--- |
2148 |
binutils/ChangeLog | 5 +++++ |
2149 |
binutils/readelf.c | 16 ++++++++++------ |
2150 |
2 files changed, 15 insertions(+), 6 deletions(-) |
2151 |
|
2152 |
diff --git a/binutils/readelf.c b/binutils/readelf.c |
2153 |
index ad65f07..8b1d924 100644 |
2154 |
--- a/binutils/readelf.c |
2155 |
+++ b/binutils/readelf.c |
2156 |
@@ -4997,12 +4997,6 @@ process_program_headers (FILE * file) |
2157 |
section in the DYNAMIC segment. */ |
2158 |
dynamic_addr = segment->p_offset; |
2159 |
dynamic_size = segment->p_filesz; |
2160 |
- /* PR binutils/17512: Avoid corrupt dynamic section info in the segment. */ |
2161 |
- if (dynamic_addr + dynamic_size >= current_file_size) |
2162 |
- { |
2163 |
- error (_("the dynamic segment offset + size exceeds the size of the file\n")); |
2164 |
- dynamic_addr = dynamic_size = 0; |
2165 |
- } |
2166 |
|
2167 |
/* Try to locate the .dynamic section. If there is |
2168 |
a section header table, we can easily locate it. */ |
2169 |
@@ -5037,6 +5031,16 @@ process_program_headers (FILE * file) |
2170 |
warn (_("the .dynamic section is not the first section" |
2171 |
" in the dynamic segment.\n")); |
2172 |
} |
2173 |
+ |
2174 |
+ /* PR binutils/17512: Avoid corrupt dynamic section info in the |
2175 |
+ segment. Check this after matching against the section headers |
2176 |
+ so we don't warn on debuginfo file (which have NOBITS .dynamic |
2177 |
+ sections). */ |
2178 |
+ if (dynamic_addr + dynamic_size >= current_file_size) |
2179 |
+ { |
2180 |
+ error (_("the dynamic segment offset + size exceeds the size of the file\n")); |
2181 |
+ dynamic_addr = dynamic_size = 0; |
2182 |
+ } |
2183 |
break; |
2184 |
|
2185 |
case PT_INTERP: |
2186 |
-- |
2187 |
1.8.3.1 |
2188 |
|
2189 |
|
2190 |
|
2191 |
1.1 src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch |
2192 |
|
2193 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch?rev=1.1&view=markup |
2194 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0024-CVE-2017-9742.patch?rev=1.1&content-type=text/plain |
2195 |
|
2196 |
Index: 00_all_0024-CVE-2017-9742.patch |
2197 |
=================================================================== |
2198 |
From e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e Mon Sep 17 00:00:00 2001 |
2199 |
From: Nick Clifton <nickc@××××××.com> |
2200 |
Date: Wed, 14 Jun 2017 17:10:28 +0100 |
2201 |
Subject: [PATCH] Fix seg-fault when trying to disassemble a corrupt score |
2202 |
binary. |
2203 |
|
2204 |
PR binutils/21576 |
2205 |
* score7-dis.c (score_opcodes): Add sentinel. |
2206 |
--- |
2207 |
opcodes/score7-dis.c | 3 ++- |
2208 |
2 files changed, 7 insertions(+), 1 deletion(-) |
2209 |
|
2210 |
diff --git a/opcodes/score7-dis.c b/opcodes/score7-dis.c |
2211 |
index c50a60f..8d0d969 100644 |
2212 |
--- a/opcodes/score7-dis.c |
2213 |
+++ b/opcodes/score7-dis.c |
2214 |
@@ -513,7 +513,8 @@ static struct score_opcode score_opcodes[] = |
2215 |
{0x00000d05, 0x00007f0f, "tvc!"}, |
2216 |
{0x00000026, 0x3e0003ff, "xor\t\t%20-24r, %15-19r, %10-14r"}, |
2217 |
{0x00000027, 0x3e0003ff, "xor.c\t\t%20-24r, %15-19r, %10-14r"}, |
2218 |
- {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"} |
2219 |
+ {0x00002007, 0x0000700f, "xor!\t\t%8-11r, %4-7r"}, |
2220 |
+ { 0, 0, NULL } |
2221 |
}; |
2222 |
|
2223 |
typedef struct |
2224 |
-- |
2225 |
2.9.3 |
2226 |
|
2227 |
|
2228 |
|
2229 |
|
2230 |
1.1 src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch |
2231 |
|
2232 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch?rev=1.1&view=markup |
2233 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/00_all_0025-CVE-2017-9954.patch?rev=1.1&content-type=text/plain |
2234 |
|
2235 |
Index: 00_all_0025-CVE-2017-9954.patch |
2236 |
=================================================================== |
2237 |
From 04e15b4a9462cb1ae819e878a6009829aab8020b Mon Sep 17 00:00:00 2001 |
2238 |
From: Nick Clifton <nickc@××××××.com> |
2239 |
Date: Mon, 26 Jun 2017 15:46:34 +0100 |
2240 |
Subject: [PATCH] Fix address violation parsing a corrupt texhex format file. |
2241 |
|
2242 |
PR binutils/21670 |
2243 |
* tekhex.c (getvalue): Check for the source pointer exceeding the |
2244 |
end pointer before the first byte is read. |
2245 |
--- |
2246 |
bfd/tekhex.c | 6 +++++- |
2247 |
2 files changed, 11 insertions(+), 1 deletion(-) |
2248 |
|
2249 |
diff --git a/bfd/tekhex.c b/bfd/tekhex.c |
2250 |
index 214b54a..cfa75d5 100644 |
2251 |
--- a/bfd/tekhex.c |
2252 |
+++ b/bfd/tekhex.c |
2253 |
@@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep, char * endp) |
2254 |
bfd_vma value = 0; |
2255 |
unsigned int len; |
2256 |
|
2257 |
+ if (src >= endp) |
2258 |
+ return FALSE; |
2259 |
+ |
2260 |
if (!ISHEX (*src)) |
2261 |
return FALSE; |
2262 |
|
2263 |
@@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *)) |
2264 |
/* To the front of the file. */ |
2265 |
if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0) |
2266 |
return FALSE; |
2267 |
+ |
2268 |
while (! is_eof) |
2269 |
{ |
2270 |
- char src[MAXCHUNK]; |
2271 |
+ static char src[MAXCHUNK]; |
2272 |
char type; |
2273 |
|
2274 |
/* Find first '%'. */ |
2275 |
-- |
2276 |
2.9.3 |
2277 |
|
2278 |
|
2279 |
|
2280 |
|
2281 |
1.1 src/patchsets/binutils/2.28.1/README.history |
2282 |
|
2283 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/README.history?rev=1.1&view=markup |
2284 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/binutils/2.28.1/README.history?rev=1.1&content-type=text/plain |
2285 |
|
2286 |
Index: README.history |
2287 |
=================================================================== |
2288 |
1.0 01 Aug 2017 |
2289 |
+ 00_all_0001-ld-always-warn-about-textrels-in-files.patch |
2290 |
+ 00_all_0002-gold-ld-add-support-for-poisoned-system-directories.patch |
2291 |
+ 00_all_0003-ld-enable-new-dtags-by-default-for-linux-gnu-targets.patch |
2292 |
+ 00_all_0004-gold-ld-enable-gnu-hash-by-default.patch |
2293 |
+ 00_all_0005-libiberty-install-PIC-version-of-libiberty.a.patch |
2294 |
+ 00_all_0006-opcodes-link-against-libbfd.la-for-rpath-deps.patch |
2295 |
+ 00_all_0007-CVE-2017-8398.patch |
2296 |
+ 00_all_0008-CVE-2017-8393.patch |
2297 |
+ 00_all_0009-CVE-2017-8394.patch |
2298 |
+ 00_all_0010-CVE-2017-8395.patch |
2299 |
+ 00_all_0011-CVE-2017-8396-CVE-2017-8397.patch |
2300 |
+ 00_all_0012-CVE-2017-8421.patch |
2301 |
+ 00_all_0013-CVE-2017-9038.patch |
2302 |
+ 00_all_0014-CVE-2017-9039.patch |
2303 |
+ 00_all_0015-CVE-2017-9040-CVE-2017-9042.patch |
2304 |
+ 00_all_0016-CVE-2017-9041.patch |
2305 |
+ 00_all_0017-CVE-2017-7614.patch |
2306 |
+ 00_all_0018-CVE-2017-6965.patch |
2307 |
+ 00_all_0019-CVE-2017-6966.patch |
2308 |
+ 00_all_0020-CVE-2017-6969.patch |
2309 |
+ 00_all_0021-fix-out-of-bounds-access-in-elf.c |
2310 |
+ 00_all_0022-fixing-linking-configure-generated-tests-of-ifunc.patch |
2311 |
+ 00_all_0023-readelf-dont-error-on-.debug-files-with-NOBITS-.dynamic-sectio.patch |
2312 |
+ 00_all_0024-CVE-2017-9742.patch |
2313 |
+ 00_all_0025-CVE-2017-9954.patch |