diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2021-04-23 00:30:12 -0600 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-04-23 00:54:49 -0600 |
| commit | 7ba76a78548769c55cfc17f9bc8f734746632b46 (patch) | |
| tree | d6f0e579ebd0ae22f78e018dc9e69861e1fa6a6e | |
| parent | 01eff515fd61d0e5ca50334d1e74c6d23dadddd1 (diff) | |
| download | aports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.gz aports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.bz2 aports-7ba76a78548769c55cfc17f9bc8f734746632b46.tar.xz | |
main/binutils: add mitigation for CVE-2021-3487
| -rw-r--r-- | main/binutils/APKBUILD | 18 | ||||
| -rw-r--r-- | main/binutils/CVE-2021-3487.patch | 72 |
2 files changed, 83 insertions, 7 deletions
diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD index 91f5f4f777d..d536ade1a3b 100644 --- a/main/binutils/APKBUILD +++ b/main/binutils/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=binutils pkgver=2.32 -pkgrel=0 +pkgrel=1 pkgdesc="Tools necessary to build programs" url="https://www.gnu.org/software/binutils/" makedepends_build="bison flex texinfo" @@ -13,6 +13,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-gold" source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2 binutils-ld-fix-static-linking.patch gold-mips.patch + CVE-2021-3487.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -23,13 +24,15 @@ if [ "$CHOST" != "$CTARGET" ]; then fi # secfixes: +# 2.33.1-r1: +# - CVE-2021-3487 # 2.32-r0: -# - CVE-2018-19931 -# - CVE-2018-19932 -# - CVE-2018-20002 -# - CVE-2018-20712 +# - CVE-2018-19931 +# - CVE-2018-19932 +# - CVE-2018-20002 +# - CVE-2018-20712 # 2.28-r1: -# - CVE-2017-7614 +# - CVE-2017-7614 build() { local _sysroot=/ @@ -113,4 +116,5 @@ gold() { sha512sums="99ec7ed2b5ebfd3ac16cecb1567ec4a72f81ac30717002d601708f7547b2f8122ffcce076c986f22894aede33c54c73012210a4e973ba9b6e2d87a242a2bee12 binutils-2.32.tar.bz2 ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch -f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch" +f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch +b08384ed124a74ad3a424db370c107230f09a54378502ca4385deb738f7cf799857f2af0db52709c7eeab8fa6c0a3d972f891396cce1e2834a21f67682fc4355 CVE-2021-3487.patch" diff --git a/main/binutils/CVE-2021-3487.patch b/main/binutils/CVE-2021-3487.patch new file mode 100644 index 00000000000..db99ae73d97 --- /dev/null +++ b/main/binutils/CVE-2021-3487.patch @@ -0,0 +1,72 @@ +From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Thu, 26 Nov 2020 17:08:33 +0000 +Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt + DWARF debug sections. + + PR 26946 + * dwarf2.c (read_section): Check for debug sections with excessive + sizes. + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 977bf43a6a1..8bbfc81d3e7 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -531,22 +531,24 @@ read_section (bfd * abfd, + bfd_byte ** section_buffer, + bfd_size_type * section_size) + { +- asection *msec; + const char *section_name = sec->uncompressed_name; + bfd_byte *contents = *section_buffer; +- bfd_size_type amt; + + /* The section may have already been read. */ + if (contents == NULL) + { ++ bfd_size_type amt; ++ asection *msec; ++ ufile_ptr filesize; ++ + msec = bfd_get_section_by_name (abfd, section_name); +- if (! msec) ++ if (msec == NULL) + { + section_name = sec->compressed_name; + if (section_name != NULL) + msec = bfd_get_section_by_name (abfd, section_name); + } +- if (! msec) ++ if (msec == NULL) + { + _bfd_error_handler (_("DWARF error: can't find %s section."), + sec->uncompressed_name); +@@ -554,12 +556,23 @@ read_section (bfd * abfd, + return FALSE; + } + +- *section_size = msec->rawsize ? msec->rawsize : msec->size; ++ amt = bfd_get_section_limit_octets (abfd, msec); ++ filesize = bfd_get_file_size (abfd); ++ if (amt >= filesize) ++ { ++ /* PR 26946 */ ++ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"), ++ section_name, (long) amt, (long) filesize); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ *section_size = amt; + /* Paranoia - alloc one extra so that we can make sure a string + section is NUL terminated. */ +- amt = *section_size + 1; ++ amt += 1; + if (amt == 0) + { ++ /* Paranoia - this should never happen. */ + bfd_set_error (bfd_error_no_memory); + return FALSE; + } +-- +2.27.0 + |