aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-04-23 00:30:12 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-04-23 00:54:49 -0600
commit7ba76a78548769c55cfc17f9bc8f734746632b46 (patch)
treed6f0e579ebd0ae22f78e018dc9e69861e1fa6a6e
parent01eff515fd61d0e5ca50334d1e74c6d23dadddd1 (diff)
downloadaports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.gz
aports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.bz2
aports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.xz
main/binutils: add mitigation for CVE-2021-3487
-rw-r--r--main/binutils/APKBUILD18
-rw-r--r--main/binutils/CVE-2021-3487.patch72
2 files changed, 83 insertions, 7 deletions
diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD
index 91f5f4f777..d536ade1a3 100644
--- a/main/binutils/APKBUILD
+++ b/main/binutils/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=binutils
pkgver=2.32
-pkgrel=0
+pkgrel=1
pkgdesc="Tools necessary to build programs"
url="https://www.gnu.org/software/binutils/"
makedepends_build="bison flex texinfo"
@@ -13,6 +13,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-gold"
source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2
binutils-ld-fix-static-linking.patch
gold-mips.patch
+ CVE-2021-3487.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -23,13 +24,15 @@ if [ "$CHOST" != "$CTARGET" ]; then
fi
# secfixes:
+# 2.33.1-r1:
+# - CVE-2021-3487
# 2.32-r0:
-# - CVE-2018-19931
-# - CVE-2018-19932
-# - CVE-2018-20002
-# - CVE-2018-20712
+# - CVE-2018-19931
+# - CVE-2018-19932
+# - CVE-2018-20002
+# - CVE-2018-20712
# 2.28-r1:
-# - CVE-2017-7614
+# - CVE-2017-7614
build() {
local _sysroot=/
@@ -113,4 +116,5 @@ gold() {
sha512sums="99ec7ed2b5ebfd3ac16cecb1567ec4a72f81ac30717002d601708f7547b2f8122ffcce076c986f22894aede33c54c73012210a4e973ba9b6e2d87a242a2bee12 binutils-2.32.tar.bz2
ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch
-f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch"
+f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch
+b08384ed124a74ad3a424db370c107230f09a54378502ca4385deb738f7cf799857f2af0db52709c7eeab8fa6c0a3d972f891396cce1e2834a21f67682fc4355 CVE-2021-3487.patch"
diff --git a/main/binutils/CVE-2021-3487.patch b/main/binutils/CVE-2021-3487.patch
new file mode 100644
index 0000000000..db99ae73d9
--- /dev/null
+++ b/main/binutils/CVE-2021-3487.patch
@@ -0,0 +1,72 @@
+From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 26 Nov 2020 17:08:33 +0000
+Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt
+ DWARF debug sections.
+
+ PR 26946
+ * dwarf2.c (read_section): Check for debug sections with excessive
+ sizes.
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 977bf43a6a1..8bbfc81d3e7 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -531,22 +531,24 @@ read_section (bfd * abfd,
+ bfd_byte ** section_buffer,
+ bfd_size_type * section_size)
+ {
+- asection *msec;
+ const char *section_name = sec->uncompressed_name;
+ bfd_byte *contents = *section_buffer;
+- bfd_size_type amt;
+
+ /* The section may have already been read. */
+ if (contents == NULL)
+ {
++ bfd_size_type amt;
++ asection *msec;
++ ufile_ptr filesize;
++
+ msec = bfd_get_section_by_name (abfd, section_name);
+- if (! msec)
++ if (msec == NULL)
+ {
+ section_name = sec->compressed_name;
+ if (section_name != NULL)
+ msec = bfd_get_section_by_name (abfd, section_name);
+ }
+- if (! msec)
++ if (msec == NULL)
+ {
+ _bfd_error_handler (_("DWARF error: can't find %s section."),
+ sec->uncompressed_name);
+@@ -554,12 +556,23 @@ read_section (bfd * abfd,
+ return FALSE;
+ }
+
+- *section_size = msec->rawsize ? msec->rawsize : msec->size;
++ amt = bfd_get_section_limit_octets (abfd, msec);
++ filesize = bfd_get_file_size (abfd);
++ if (amt >= filesize)
++ {
++ /* PR 26946 */
++ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
++ section_name, (long) amt, (long) filesize);
++ bfd_set_error (bfd_error_bad_value);
++ return FALSE;
++ }
++ *section_size = amt;
+ /* Paranoia - alloc one extra so that we can make sure a string
+ section is NUL terminated. */
+- amt = *section_size + 1;
++ amt += 1;
+ if (amt == 0)
+ {
++ /* Paranoia - this should never happen. */
+ bfd_set_error (bfd_error_no_memory);
+ return FALSE;
+ }
+--
+2.27.0
+