From 43c6b808244f39abeaa8c7bfca3d9a6e64cf06d6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 09:52:23 +0000 Subject: import binutils-2.27-41.base.el7 --- diff --git a/SOURCES/binutils-2.27-suppress-R_X86_64_GOTPCRELX.patch b/SOURCES/binutils-2.27-suppress-R_X86_64_GOTPCRELX.patch index 434c4ac..39bb368 100644 --- a/SOURCES/binutils-2.27-suppress-R_X86_64_GOTPCRELX.patch +++ b/SOURCES/binutils-2.27-suppress-R_X86_64_GOTPCRELX.patch @@ -1513,3 +1513,49 @@ diff -rup binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp binutils-2.27/ld/tests "Build pr19319.so" \ "-shared" \ "" \ +--- binutils.orig/ld/testsuite/ld-x86-64/x86-64.exp 2019-04-15 13:13:09.203928459 +0100 ++++ binutils-2.27/ld/testsuite/ld-x86-64/x86-64.exp 2019-04-15 13:15:31.960858042 +0100 +@@ -623,7 +623,7 @@ if { [isnative] && [which $CC] != 0 } { + tmpdir/plt-main4.o tmpdir/libplt-lib.so" \ + "" \ + { plt-main5.c } \ +- {{readelf {-Wr} plt-main.rd}} \ ++ {} \ + "plt-main" \ + ] \ + [list \ +@@ -632,7 +632,7 @@ if { [isnative] && [which $CC] != 0 } { + tmpdir/plt-main4.o tmpdir/libplt-lib.so -pie" \ + "-fPIC" \ + { plt-main5.c } \ +- {{readelf {-Wr} plt-main.rd}} \ ++ {} \ + "plt-main" \ + ] \ + [list \ +@@ -866,7 +866,7 @@ if { [isnative] && [which $CC] != 0 } { + tmpdir/plt-main4.o tmpdir/libplt-lib.so -z bndplt" \ + "" \ + { plt-main5.c } \ +- {{objdump {-drw} plt-main-bnd.dd}} \ ++ {} \ + "plt-main-bnd" \ + ] \ + [list \ +@@ -875,7 +875,7 @@ if { [isnative] && [which $CC] != 0 } { + tmpdir/plt-main4.o tmpdir/libplt-lib.so -z bndplt -pie" \ + "-fPIC" \ + { plt-main5.c } \ +- {{objdump {-drw} plt-main-bnd.dd}} \ ++ {} \ + "plt-main-pie-bnd" \ + ] \ + ] +@@ -916,5 +916,5 @@ if { ![istarget "x86_64-*-linux*"]} { + + # Linux only tests + run_dump_test "pr17618" +-run_dump_test "pltgot-1" +-run_dump_test "pltgot-2" ++# run_dump_test "pltgot-1" ++# run_dump_test "pltgot-2" diff --git a/SOURCES/binutils-CVE-2018-1000876.patch b/SOURCES/binutils-CVE-2018-1000876.patch new file mode 100644 index 0000000..caf1f63 --- /dev/null +++ b/SOURCES/binutils-CVE-2018-1000876.patch @@ -0,0 +1,151 @@ +diff -rup binutils.orig/bfd/aoutx.h binutils-2.27/bfd/aoutx.h +--- binutils.orig/bfd/aoutx.h 2019-01-14 16:10:59.344958851 +0000 ++++ binutils-2.27/bfd/aoutx.h 2019-01-14 16:11:46.893598783 +0000 +@@ -118,6 +118,7 @@ DESCRIPTION + #define KEEPIT udata.i + + #include "sysdep.h" ++#include + #include "bfd.h" + #include "safe-ctype.h" + #include "bfdlink.h" +@@ -2465,6 +2466,8 @@ NAME (aout, canonicalize_reloc) (bfd *ab + long + NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect) + { ++ bfd_size_type count; ++ + if (bfd_get_format (abfd) != bfd_object) + { + bfd_set_error (bfd_error_invalid_operation); +@@ -2472,26 +2475,25 @@ NAME (aout, get_reloc_upper_bound) (bfd + } + + if (asect->flags & SEC_CONSTRUCTOR) +- return sizeof (arelent *) * (asect->reloc_count + 1); +- +- if (asect == obj_datasec (abfd)) +- return sizeof (arelent *) +- * ((exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd)) +- + 1); +- +- if (asect == obj_textsec (abfd)) +- return sizeof (arelent *) +- * ((exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd)) +- + 1); +- +- if (asect == obj_bsssec (abfd)) +- return sizeof (arelent *); +- +- if (asect == obj_bsssec (abfd)) +- return 0; ++ count = asect->reloc_count; ++ else if (asect == obj_datasec (abfd)) ++ count = exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd); ++ else if (asect == obj_textsec (abfd)) ++ count = exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd); ++ else if (asect == obj_bsssec (abfd)) ++ count = 0; ++ else ++ { ++ bfd_set_error (bfd_error_invalid_operation); ++ return -1; ++ } + +- bfd_set_error (bfd_error_invalid_operation); +- return -1; ++ if (count >= LONG_MAX / sizeof (arelent *)) ++ { ++ bfd_set_error (bfd_error_file_too_big); ++ return -1; ++ } ++ return (count + 1) * sizeof (arelent *); + } + + long +diff -rup binutils.orig/bfd/elf.c binutils-2.27/bfd/elf.c +--- binutils.orig/bfd/elf.c 2019-01-14 16:10:59.331958950 +0000 ++++ binutils-2.27/bfd/elf.c 2019-01-14 16:11:52.525556135 +0000 +@@ -35,6 +35,7 @@ SECTION + /* For sparc64-cross-sparc32. */ + #define _SYSCALL32 + #include "sysdep.h" ++#include + #include "bfd.h" + #include "bfdlink.h" + #include "libbfd.h" +@@ -7769,11 +7770,16 @@ Unable to find equivalent output section + long + _bfd_elf_get_symtab_upper_bound (bfd *abfd) + { +- long symcount; ++ bfd_size_type symcount; + long symtab_size; + Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr; + + symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; ++ if (symcount >= LONG_MAX / sizeof (asymbol *)) ++ { ++ bfd_set_error (bfd_error_file_too_big); ++ return -1; ++ } + symtab_size = (symcount + 1) * (sizeof (asymbol *)); + if (symcount > 0) + symtab_size -= sizeof (asymbol *); +@@ -7784,7 +7790,7 @@ _bfd_elf_get_symtab_upper_bound (bfd *ab + long + _bfd_elf_get_dynamic_symtab_upper_bound (bfd *abfd) + { +- long symcount; ++ bfd_size_type symcount; + long symtab_size; + Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->dynsymtab_hdr; + +@@ -7795,6 +7801,11 @@ _bfd_elf_get_dynamic_symtab_upper_bound + } + + symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; ++ if (symcount >= LONG_MAX / sizeof (asymbol *)) ++ { ++ bfd_set_error (bfd_error_file_too_big); ++ return -1; ++ } + symtab_size = (symcount + 1) * (sizeof (asymbol *)); + if (symcount > 0) + symtab_size -= sizeof (asymbol *); +@@ -7864,7 +7875,7 @@ _bfd_elf_canonicalize_dynamic_symtab (bf + long + _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd) + { +- long ret; ++ bfd_size_type count; + asection *s; + + if (elf_dynsymtab (abfd) == 0) +@@ -7873,15 +7884,20 @@ _bfd_elf_get_dynamic_reloc_upper_bound ( + return -1; + } + +- ret = sizeof (arelent *); ++ count = 1; + for (s = abfd->sections; s != NULL; s = s->next) + if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd) + && (elf_section_data (s)->this_hdr.sh_type == SHT_REL + || elf_section_data (s)->this_hdr.sh_type == SHT_RELA)) +- ret += ((s->size / elf_section_data (s)->this_hdr.sh_entsize) +- * sizeof (arelent *)); +- +- return ret; ++ { ++ count += s->size / elf_section_data (s)->this_hdr.sh_entsize; ++ if (count > LONG_MAX / sizeof (arelent *)) ++ { ++ bfd_set_error (bfd_error_file_too_big); ++ return -1; ++ } ++ } ++ return count * sizeof (arelent *); + } + + /* Canonicalize the dynamic relocation entries. Note that we return the + diff --git a/SOURCES/binutils-attach-to-group.patch b/SOURCES/binutils-attach-to-group.patch new file mode 100644 index 0000000..9883f68 --- /dev/null +++ b/SOURCES/binutils-attach-to-group.patch @@ -0,0 +1,67 @@ +diff -rup binutils.orig/gas/config/obj-elf.c binutils-2.27/gas/config/obj-elf.c +--- binutils.orig/gas/config/obj-elf.c 2019-01-08 13:52:32.758716536 +0000 ++++ binutils-2.27/gas/config/obj-elf.c 2019-01-08 15:05:34.705763638 +0000 +@@ -78,9 +78,11 @@ static void obj_elf_gnu_attribute (int); + static void obj_elf_tls_common (int); + static void obj_elf_lcomm (int); + static void obj_elf_struct (int); ++static void obj_elf_attach_to_group (int); + + static const pseudo_typeS elf_pseudo_table[] = + { ++ {"attach_to_group", obj_elf_attach_to_group, 0}, + {"comm", obj_elf_common, 0}, + {"common", obj_elf_common, 1}, + {"ident", obj_elf_ident, 0}, +@@ -980,6 +982,27 @@ obj_elf_section_name (void) + return name; + } + ++static void ++obj_elf_attach_to_group (int dummy ATTRIBUTE_UNUSED) ++{ ++ const char * gname = obj_elf_section_name (); ++ ++ if (gname == NULL) ++ { ++ as_warn ("group name not parseable"); ++ return; ++ } ++ ++ if (elf_group_name (now_seg)) ++ { ++ as_warn ("already has a group"); ++ return; ++ } ++ ++ elf_group_name (now_seg) = xstrdup (gname); ++ elf_section_flags (now_seg) |= SHF_GROUP; ++} ++ + void + obj_elf_section (int push) + { +diff -rup binutils.orig/gas/doc/as.texinfo binutils-2.27/gas/doc/as.texinfo +--- binutils.orig/gas/doc/as.texinfo 2019-01-08 13:52:32.766716472 +0000 ++++ binutils-2.27/gas/doc/as.texinfo 2019-01-08 15:05:34.707763621 +0000 +@@ -4312,6 +4312,7 @@ Some machine configurations provide addi + * Altmacro:: @code{.altmacro} + * Ascii:: @code{.ascii "@var{string}"}@dots{} + * Asciz:: @code{.asciz "@var{string}"}@dots{} ++* Attach_to_group:: @code{.attach_to_group @var{name}} + * Balign:: @code{.balign @var{abs-expr} , @var{abs-expr}} + * Bundle directives:: @code{.bundle_align_mode @var{abs-expr}}, etc + * Byte:: @code{.byte @var{expressions}} +@@ -4603,6 +4604,12 @@ trailing zero byte) into consecutive add + @code{.asciz} is just like @code{.ascii}, but each string is followed by + a zero byte. The ``z'' in @samp{.asciz} stands for ``zero''. + ++@node Attach_to_group ++@section @code{.attach_to_group @var{name}} ++Attaches the current section to the named group. This is like declaring ++the section with the @code{G} attribute, but can be done after the section ++has been created. ++ + @node Balign + @section @code{.balign[wl] @var{abs-expr}, @var{abs-expr}, @var{abs-expr}} + diff --git a/SOURCES/binutils-libiberty-demangler.patch b/SOURCES/binutils-libiberty-demangler.patch new file mode 100644 index 0000000..883dff5 --- /dev/null +++ b/SOURCES/binutils-libiberty-demangler.patch @@ -0,0 +1,257 @@ +diff -rup binutils.orig/include/demangle.h binutils-2.27/include/demangle.h +--- binutils.orig/include/demangle.h 2019-01-08 13:52:32.990714670 +0000 ++++ binutils-2.27/include/demangle.h 2019-01-08 13:58:42.269743403 +0000 +@@ -64,9 +64,20 @@ extern "C" { + #define DMGL_GNAT (1 << 15) + #define DMGL_DLANG (1 << 16) + ++/* Disable a limit on the depth of recursion in mangled strings. ++ Note if this limit is disabled then stack exhaustion is possible when ++ demangling pathologically complicated strings. Bug reports about stack ++ exhaustion when the option is enabled will be rejected. */ ++#define DMGL_NO_RECURSE_LIMIT (1 << 17) ++ + /* If none of these are set, use 'current_demangling_style' as the default. */ + #define DMGL_STYLE_MASK (DMGL_AUTO|DMGL_GNU|DMGL_LUCID|DMGL_ARM|DMGL_HP|DMGL_EDG|DMGL_GNU_V3|DMGL_JAVA|DMGL_GNAT|DMGL_DLANG) + ++/* If DMGL_NO_RECURSE_LIMIT is not enabled, then this is the value used as ++ the maximum depth of recursion allowed. It should be enough for any ++ real-world mangled name. */ ++#define DEMANGLE_RECURSION_LIMIT 2048 ++ + /* Enumeration of possible demangling styles. + + Lucid and ARM styles are still kept logically distinct, even though +Only in binutils-2.27/include: demangle.h.orig +Only in binutils-2.27/include: #demangle.h.rej# +Only in binutils-2.27/include: .#demangle.h.rej +Only in binutils-2.27/include: demangle.h.rej +diff -rup binutils.orig/libiberty/cp-demangle.c binutils-2.27/libiberty/cp-demangle.c +--- binutils.orig/libiberty/cp-demangle.c 2019-01-08 13:52:33.161713294 +0000 ++++ binutils-2.27/libiberty/cp-demangle.c 2019-01-08 13:53:30.002255949 +0000 +@@ -2725,21 +2725,35 @@ d_ref_qualifier (struct d_info *di, stru + static struct demangle_component * + d_function_type (struct d_info *di) + { +- struct demangle_component *ret; ++ struct demangle_component *ret = NULL; + +- if (! d_check_char (di, 'F')) +- return NULL; +- if (d_peek_char (di) == 'Y') ++ if ((di->options & DMGL_NO_RECURSE_LIMIT) == 0) + { +- /* Function has C linkage. We don't print this information. +- FIXME: We should print it in verbose mode. */ +- d_advance (di, 1); ++ if (di->recursion_level > DEMANGLE_RECURSION_LIMIT) ++ /* FIXME: There ought to be a way to report ++ that the recursion limit has been reached. */ ++ return NULL; ++ ++ di->recursion_level ++; + } +- ret = d_bare_function_type (di, 1); +- ret = d_ref_qualifier (di, ret); + +- if (! d_check_char (di, 'E')) +- return NULL; ++ if (d_check_char (di, 'F')) ++ { ++ if (d_peek_char (di) == 'Y') ++ { ++ /* Function has C linkage. We don't print this information. ++ FIXME: We should print it in verbose mode. */ ++ d_advance (di, 1); ++ } ++ ret = d_bare_function_type (di, 1); ++ ret = d_ref_qualifier (di, ret); ++ ++ if (! d_check_char (di, 'E')) ++ ret = NULL; ++ } ++ ++ if ((di->options & DMGL_NO_RECURSE_LIMIT) == 0) ++ di->recursion_level --; + return ret; + } + +@@ -5898,6 +5912,7 @@ cplus_demangle_init_info (const char *ma + di->expansion = 0; + di->is_expression = 0; + di->is_conversion = 0; ++ di->recursion_level = 0; + } + + /* Internal implementation for the demangler. If MANGLED is a g++ v3 ABI +@@ -5937,6 +5952,20 @@ d_demangle_callback (const char *mangled + + cplus_demangle_init_info (mangled, options, strlen (mangled), &di); + ++ /* PR 87675 - Check for a mangled string that is so long ++ that we do not have enough stack space to demangle it. */ ++ if (((options & DMGL_NO_RECURSE_LIMIT) == 0) ++ /* This check is a bit arbitrary, since what we really want to do is to ++ compare the sizes of the di.comps and di.subs arrays against the ++ amount of stack space remaining. But there is no portable way to do ++ this, so instead we use the recursion limit as a guide to the maximum ++ size of the arrays. */ ++ && (unsigned long) di.num_comps > DEMANGLE_RECURSION_LIMIT) ++ { ++ /* FIXME: We need a way to indicate that a stack limit has been reached. */ ++ return 0; ++ } ++ + { + #ifdef CP_DYNAMIC_ARRAYS + __extension__ struct demangle_component comps[di.num_comps]; +Only in binutils-2.27/libiberty: cp-demangle.c.orig +diff -rup binutils.orig/libiberty/cp-demangle.h binutils-2.27/libiberty/cp-demangle.h +--- binutils.orig/libiberty/cp-demangle.h 2019-01-08 13:52:33.161713294 +0000 ++++ binutils-2.27/libiberty/cp-demangle.h 2019-01-08 13:53:30.003255941 +0000 +@@ -127,6 +127,9 @@ struct d_info + /* Non-zero if we are parsing the type operand of a conversion + operator, but not when in an expression. */ + int is_conversion; ++ /* If DMGL_NO_RECURSE_LIMIT is not active then this is set to ++ the current recursion level. */ ++ unsigned int recursion_level; + }; + + /* To avoid running past the ending '\0', don't: +Only in binutils-2.27/libiberty: cp-demangle.h.orig +diff -rup binutils.orig/libiberty/cplus-dem.c binutils-2.27/libiberty/cplus-dem.c +--- binutils.orig/libiberty/cplus-dem.c 2019-01-08 13:52:33.161713294 +0000 ++++ binutils-2.27/libiberty/cplus-dem.c 2019-01-08 14:10:00.057340821 +0000 +@@ -137,6 +137,7 @@ struct work_stuff + string* previous_argument; /* The last function argument demangled. */ + int nrepeats; /* The number of times to repeat the previous + argument. */ ++ unsigned int recursion_level; + }; + + #define PRINT_ANSI_QUALIFIERS (work -> options & DMGL_ANSI) +@@ -1237,11 +1238,15 @@ squangle_mop_up (struct work_stuff *work + { + free ((char *) work -> btypevec); + work->btypevec = NULL; ++ work->bsize = 0; ++ work->numb = 0; + } + if (work -> ktypevec != NULL) + { + free ((char *) work -> ktypevec); + work->ktypevec = NULL; ++ work->ksize = 0; ++ work->numk = 0; + } + } + +@@ -1275,8 +1280,15 @@ work_stuff_copy_to_from (struct work_stu + + for (i = 0; i < from->numk; i++) + { +- int len = strlen (from->ktypevec[i]) + 1; ++ int len; + ++ if (from->ktypevec[i] == NULL) ++ { ++ to->ktypevec[i] = NULL; ++ continue; ++ } ++ ++ len = strlen (from->ktypevec[i]) + 1; + to->ktypevec[i] = XNEWVEC (char, len); + memcpy (to->ktypevec[i], from->ktypevec[i], len); + } +@@ -1286,8 +1298,15 @@ work_stuff_copy_to_from (struct work_stu + + for (i = 0; i < from->numb; i++) + { +- int len = strlen (from->btypevec[i]) + 1; ++ int len; + ++ if (from->btypevec[i] == NULL) ++ { ++ to->btypevec[i] = NULL; ++ continue; ++ } ++ ++ len = strlen (from->btypevec[i]) + 1; + to->btypevec[i] = XNEWVEC (char , len); + memcpy (to->btypevec[i], from->btypevec[i], len); + } +@@ -1335,6 +1354,7 @@ delete_non_B_K_work_stuff (struct work_s + + free ((char*) work->tmpl_argvec); + work->tmpl_argvec = NULL; ++ work->ntmpl_args = 0; + } + if (work->previous_argument) + { +@@ -3347,6 +3367,20 @@ demangle_qualified (struct work_stuff *w + success = 0; + } + ++ if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0) ++ { ++ /* PR 87241: Catch malicious input that will try to trick this code into ++ allocating a ridiculous amount of memory via the remember_Ktype() ++ function. ++ The choice of DEMANGLE_RECURSION_LIMIT is somewhat arbitrary. Possibly ++ a better solution would be to track how much memory remember_Ktype ++ allocates and abort when some upper limit is reached. */ ++ if (qualifiers > DEMANGLE_RECURSION_LIMIT) ++ /* FIXME: We ought to have some way to tell the user that ++ this limit has been reached. */ ++ success = 0; ++ } ++ + if (!success) + return success; + +@@ -4335,6 +4369,7 @@ remember_Btype (struct work_stuff *work, + } + + /* Lose all the info related to B and K type codes. */ ++ + static void + forget_B_and_K_types (struct work_stuff *work) + { +@@ -4360,6 +4395,7 @@ forget_B_and_K_types (struct work_stuff + } + } + } ++ + /* Forget the remembered types, but not the type vector itself. */ + + static void +@@ -4551,6 +4587,16 @@ demangle_nested_args (struct work_stuff + int result; + int saved_nrepeats; + ++ if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0) ++ { ++ if (work->recursion_level > DEMANGLE_RECURSION_LIMIT) ++ /* FIXME: There ought to be a way to report ++ that the recursion limit has been reached. */ ++ return 0; ++ ++ work->recursion_level ++; ++ } ++ + /* The G++ name-mangling algorithm does not remember types on nested + argument lists, unless -fsquangling is used, and in that case the + type vector updated by remember_type is not used. So, we turn +@@ -4577,6 +4623,9 @@ demangle_nested_args (struct work_stuff + --work->forgetting_types; + work->nrepeats = saved_nrepeats; + ++ if ((work->options & DMGL_NO_RECURSE_LIMIT) == 0) ++ --work->recursion_level; ++ + return result; + } + +Only in binutils-2.27/libiberty: cplus-dem.c.orig +Only in binutils-2.27/libiberty: cplus-dem.c.rej diff --git a/SOURCES/binutils-strip-fix.patch b/SOURCES/binutils-strip-fix.patch new file mode 100644 index 0000000..f6737b5 --- /dev/null +++ b/SOURCES/binutils-strip-fix.patch @@ -0,0 +1,23 @@ +--- b/bfd/elf.c 2018-10-31 12:25:51.693217184 +0530 ++++ a/bfd/elf.c 2018-10-31 12:27:54.243952676 +0530 +@@ -1249,13 +1249,19 @@ + Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd); + unsigned int i; + +- if (section_match (oheaders[hint], iheader)) ++ BFD_ASSERT (iheader != NULL); ++ ++ /* See PR 20922 for a reproducer of the NULL test. */ ++ if (oheaders[hint] != NULL ++ && section_match (oheaders[hint], iheader)) + return hint; + + for (i = 1; i < elf_numsections (obfd); i++) + { + Elf_Internal_Shdr * oheader = oheaders[i]; + ++ if (oheader == NULL) ++ continue; + if (section_match (oheader, iheader)) + /* FIXME: Do we care if there is a potential for + multiple matches ? */ diff --git a/SOURCES/binutils-x86_64-disable-PLT-elision.patch b/SOURCES/binutils-x86_64-disable-PLT-elision.patch new file mode 100644 index 0000000..070e7b7 --- /dev/null +++ b/SOURCES/binutils-x86_64-disable-PLT-elision.patch @@ -0,0 +1,20 @@ +diff -rup binutils.orig/bfd/elf64-x86-64.c binutils-2.27/bfd/elf64-x86-64.c +--- binutils.orig/bfd/elf64-x86-64.c 2019-01-08 15:54:01.806611101 +0000 ++++ binutils-2.27/bfd/elf64-x86-64.c 2019-01-08 15:55:30.790890607 +0000 +@@ -3032,7 +3032,7 @@ elf_x86_64_allocate_dynrelocs (struct el + resolved_to_zero = UNDEFINED_WEAK_RESOLVED_TO_ZERO (info, + eh->has_got_reloc, + eh); +- ++#if 0 + /* We can't use the GOT PLT if pointer equality is needed since + finish_dynamic_symbol won't clear symbol value and the dynamic + linker won't update the GOT slot. We will get into an infinite +@@ -3050,6 +3050,7 @@ elf_x86_64_allocate_dynrelocs (struct el + /* Use the GOT PLT. */ + eh->plt_got.refcount = 1; + } ++#endif + + /* Clear the reference count of function pointer relocations if + symbol isn't a normal function. */ diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec index 8106e84..3fa8574 100644 --- a/SPECS/binutils.spec +++ b/SPECS/binutils.spec @@ -54,7 +54,7 @@ Version: 2.27 # Note: The Release string *must* be different from that used by any of the # devtoolset binutils associated with this release. That is why ".base" # has been appended here. See BZ 1337617 for more details. -Release: 34.base%{?dist} +Release: 41.base%{?dist} License: GPLv3+ Group: Development/Tools URL: http://sources.redhat.com/binutils @@ -341,6 +341,27 @@ Patch54: binutils-CVE-2018-7643.patch # Lifetime: Fixed in 2.31 Patch55: binutils-CVE-2018-8945.patch +# Purpose: Stop strip from crashing whilst removing .comment sections. +# Lifetime: Fixed in 2.31 +Patch56: binutils-strip-fix.patch + +# Purpose: Prevent resource exhaustion attacks on the libiberty name +# demangling code. +# Lifetime: Fixed in 2.32 +Patch57: binutils-libiberty-demangler.patch + +# Purpose: Add the .attach-to-group pseudo-op to the assembler. +# Lifetime: Permanent. +Patch58: binutils-attach-to-group.patch + +# Purpose: Stop the x86_64 linker from optimizing PLT entries. +# Lifetime: Permanent. +Patch59: binutils-x86_64-disable-PLT-elision.patch + +# Purpose: Fix a possible memory corruption due to an integer overflow +# when running the binutils as 32-bit binaries. +# Lifetime: Fixed in 2.32 +Patch60: binutils-CVE-2018-1000876.patch # Purpose: A *temporary* patch to disable the generation of @@ -365,7 +386,7 @@ Patch999: binutils-SUPPRESS-PPC-TLBIE-CHECK.patch Provides: bundled(libiberty) -%define gold_arches %ix86 x86_64 %arm aarch64 +%define gold_arches %ix86 x86_64 %arm aarch64 %{power64} s390x %if %{with bootstrap} %define build_gold no @@ -536,6 +557,11 @@ using libelf instead of BFD. %patch53 -p1 %patch54 -p1 %patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 # TEMPORARY patches. %patch998 -p1 @@ -600,8 +626,13 @@ case %{binutils_target} in ppc*|ppc64*) ;; esac +case %{binutils_target} in ppc64-*) + CARGS="$CARGS --enable-targets=powerpc64le-linux" + ;; +esac + case %{binutils_target} in ppc64le*) - CARGS="$CARGS --enable-targets=spu,powerpc-linux" + CARGS="$CARGS --enable-targets=powerpc-linux" ;; esac @@ -942,6 +973,27 @@ exit 0 #--------------------------------------------------------------------------------- %changelog +* Mon Apr 15 2019 Nick Clifton 2.27-41.base +- Fix up some linker tests that fail because of the R_x86_64_GOTPCRELX patch. (#1699745) + +* Mon Jan 28 2019 Nick Clifton 2.27-40.base +- Enable gold for PowerPC and s390x. (#1670014) + +* Mon Jan 14 2019 Nick Clifton 2.27-39.base +- Fix a potential illegal memory access triggered by an integer overflow. (#1665884) + +* Tue Jan 08 2019 Nick Clifton 2.27-38.base +- Disable optimizations of x06_64 PLT entries. (#1624779) + +* Tue Jan 08 2019 Nick Clifton 2.27-37.base +- Add the .attach-to-group pseudo-op to the assembler. (#1652587) + +* Tue Jan 08 2019 Nick Clifton 2.27-36.base +- Prevent resource exhaustion attacks on libiberty's name demangling code. (#1598561) + +* Tue Jan 08 2019 Nick Clifton 2.27-35.base +- Stop strip crashing when removing .comment sections. (#1644632) + * Wed May 30 2018 Nick Clifton 2.27-34.base - Fix seg-fault parsing corrupt AOUT format files. (#1579799) - Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802)