From 49857aac3e56df638ee709d248a99ace75de4598 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 04:47:47 +0000 Subject: import binutils-2.27-34.base.el7 --- diff --git a/SOURCES/binutils-2.27-add-globalaudit-support.patch b/SOURCES/binutils-2.27-add-globalaudit-support.patch new file mode 100644 index 0000000..3eb29b8 --- /dev/null +++ b/SOURCES/binutils-2.27-add-globalaudit-support.patch @@ -0,0 +1,67 @@ +diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em +index 9ac1840316..748f56b844 100644 +--- a/ld/emultempl/elf32.em ++++ b/ld/emultempl/elf32.em +@@ -2676,6 +2676,10 @@ fragment <= table->num_files) ++ if (table == NULL || file - 1 >= table->num_files) + { + /* FILE == 0 means unknown. */ + if (file) diff --git a/SOURCES/binutils-CVE-2018-10534.patch b/SOURCES/binutils-CVE-2018-10534.patch new file mode 100644 index 0000000..4a1fc8a --- /dev/null +++ b/SOURCES/binutils-CVE-2018-10534.patch @@ -0,0 +1,18 @@ +--- binutils.orig/bfd/peXXigen.c 2018-05-17 11:46:03.979280220 +0100 ++++ binutils-2.27/bfd/peXXigen.c 2018-05-17 12:56:36.402304487 +0100 +@@ -2964,6 +2964,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common + bfd_get_section_size (section) - (addr - section->vma)); + return FALSE; + } ++ /* PR 23110. */ ++ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler ++ (_("%pB: Data Directory size (%#lx) is negative"), ++ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size); ++ return FALSE; ++ } + + for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size + / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) diff --git a/SOURCES/binutils-CVE-2018-10535.patch b/SOURCES/binutils-CVE-2018-10535.patch new file mode 100644 index 0000000..212d53c --- /dev/null +++ b/SOURCES/binutils-CVE-2018-10535.patch @@ -0,0 +1,28 @@ +--- binutils.orig/bfd/elf.c 2018-05-17 11:46:03.983280175 +0100 ++++ binutils-2.27/bfd/elf.c 2018-05-17 11:48:01.560955253 +0100 +@@ -3878,16 +3878,23 @@ ignore_section_sym (bfd *abfd, asymbol * + { + elf_symbol_type *type_ptr; + ++ if (sym == NULL) ++ return FALSE; ++ + if ((sym->flags & BSF_SECTION_SYM) == 0) + return FALSE; + ++ if (sym->section == NULL) ++ return TRUE; ++ + type_ptr = elf_symbol_from (abfd, sym); + return ((type_ptr != NULL + && type_ptr->internal_elf_sym.st_shndx != 0 + && bfd_is_abs_section (sym->section)) + || !(sym->section->owner == abfd +- || (sym->section->output_section->owner == abfd +- && sym->section->output_offset == 0) ++ || (sym->section->output_section != NULL ++ && sym->section->output_section->owner == abfd ++ && sym->section->output_offset == 0) + || bfd_is_abs_section (sym->section))); + } + diff --git a/SOURCES/binutils-CVE-2018-7208.patch b/SOURCES/binutils-CVE-2018-7208.patch new file mode 100644 index 0000000..98f0a6b --- /dev/null +++ b/SOURCES/binutils-CVE-2018-7208.patch @@ -0,0 +1,12 @@ +--- binutils.orig/bfd/coffgen.c 2018-05-15 17:25:27.653131326 +0100 ++++ binutils-2.27/bfd/coffgen.c 2018-05-15 17:41:49.604116561 +0100 +@@ -1552,7 +1552,8 @@ coff_pointerize_aux (bfd *abfd, + } + /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can + generate one, so we must be careful to ignore it. */ +- if (auxent->u.auxent.x_sym.x_tagndx.l > 0) ++ if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l ++ < obj_raw_syment_count (abfd)) + { + auxent->u.auxent.x_sym.x_tagndx.p = + table_base + auxent->u.auxent.x_sym.x_tagndx.l; diff --git a/SOURCES/binutils-CVE-2018-7568.patch b/SOURCES/binutils-CVE-2018-7568.patch new file mode 100644 index 0000000..481ea14 --- /dev/null +++ b/SOURCES/binutils-CVE-2018-7568.patch @@ -0,0 +1,80 @@ +--- binutils.orig/bfd/dwarf1.c 2018-05-15 17:25:27.656131299 +0100 ++++ binutils-2.27/bfd/dwarf1.c 2018-05-15 17:29:04.176057372 +0100 +@@ -208,6 +208,7 @@ parse_die (bfd * abfd, + /* Then the attributes. */ + while (xptr < (this_die + aDieInfo->length)) + { ++ unsigned int block_len; + unsigned short attr; + + /* Parse the attribute based on its form. This section +@@ -223,12 +224,15 @@ parse_die (bfd * abfd, + break; + case FORM_DATA4: + case FORM_REF: +- if (attr == AT_sibling) +- aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_stmt_list) ++ if (xptr + 4 <= aDiePtrEnd) + { +- aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); +- aDieInfo->has_stmt_list = 1; ++ if (attr == AT_sibling) ++ aDieInfo->sibling = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_stmt_list) ++ { ++ aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); ++ aDieInfo->has_stmt_list = 1; ++ } + } + xptr += 4; + break; +@@ -236,22 +240,41 @@ parse_die (bfd * abfd, + xptr += 8; + break; + case FORM_ADDR: +- if (attr == AT_low_pc) +- aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); +- else if (attr == AT_high_pc) +- aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ { ++ if (attr == AT_low_pc) ++ aDieInfo->low_pc = bfd_get_32 (abfd, xptr); ++ else if (attr == AT_high_pc) ++ aDieInfo->high_pc = bfd_get_32 (abfd, xptr); ++ } + xptr += 4; + break; + case FORM_BLOCK2: +- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); ++ if (xptr + 2 <= aDiePtrEnd) ++ { ++ block_len = bfd_get_16 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } ++ xptr += 2; + break; + case FORM_BLOCK4: +- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); ++ if (xptr + 4 <= aDiePtrEnd) ++ { ++ block_len = bfd_get_32 (abfd, xptr); ++ if (xptr + block_len > aDiePtrEnd ++ || xptr + block_len < xptr) ++ return FALSE; ++ xptr += block_len; ++ } ++ xptr += 4; + break; + case FORM_STRING: + if (attr == AT_name) + aDieInfo->name = (char *) xptr; +- xptr += strlen ((char *) xptr) + 1; ++ xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; + break; + } + } diff --git a/SOURCES/binutils-CVE-2018-7569.patch b/SOURCES/binutils-CVE-2018-7569.patch new file mode 100644 index 0000000..3141bd9 --- /dev/null +++ b/SOURCES/binutils-CVE-2018-7569.patch @@ -0,0 +1,74 @@ +--- binutils.orig/bfd/dwarf2.c 2018-05-15 17:25:27.661131255 +0100 ++++ binutils-2.27/bfd/dwarf2.c 2018-05-15 17:38:16.900598281 +0100 +@@ -606,14 +606,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf, + } + + static bfd_byte * +-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED, +- bfd_byte *buf, +- bfd_byte *end, +- unsigned int size ATTRIBUTE_UNUSED) ++read_n_bytes (bfd_byte * buf, ++ bfd_byte * end, ++ struct dwarf_block * block) + { +- if (buf + size > end) +- return NULL; +- return buf; ++ unsigned int size = block->size; ++ bfd_byte * block_end = buf + size; ++ ++ if (block_end > end || block_end < buf) ++ { ++ block->data = NULL; ++ block->size = 0; ++ return end; ++ } ++ else ++ { ++ block->data = buf; ++ return block_end; ++ } + } + + /* Scans a NUL terminated string starting at BUF, returning a pointer to it. +@@ -1053,8 +1063,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 2; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block4: +@@ -1064,8 +1073,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end); + info_ptr += 4; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data2: +@@ -1100,8 +1108,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = safe_read_leb128 (abfd, info_ptr, &bytes_read, FALSE, info_ptr_end); + info_ptr += bytes_read; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_block1: +@@ -1111,8 +1118,7 @@ read_attribute_value (struct attribute * + return NULL; + blk->size = read_1_byte (abfd, info_ptr, info_ptr_end); + info_ptr += 1; +- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); +- info_ptr += blk->size; ++ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); + attr->u.blk = blk; + break; + case DW_FORM_data1: diff --git a/SOURCES/binutils-CVE-2018-7642.patch b/SOURCES/binutils-CVE-2018-7642.patch new file mode 100644 index 0000000..dd690ec --- /dev/null +++ b/SOURCES/binutils-CVE-2018-7642.patch @@ -0,0 +1,32 @@ +--- binutils.orig/bfd/aoutx.h 2018-05-29 17:35:09.220062492 +0100 ++++ binutils-2.27/bfd/aoutx.h 2018-05-29 17:37:09.131765293 +0100 +@@ -1713,7 +1713,13 @@ NAME (aout, translate_symbol_table) (bfd + else if (x < strsize) + in->symbol.name = str + x; + else +- return FALSE; ++ { ++ _bfd_error_handler ++ (_("%B: invalid string offset %lx >= %lx"), ++ abfd, (long) x, (long) strsize); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } + + in->symbol.value = GET_SWORD (abfd, ext->e_value); + in->desc = H_GET_16 (abfd, ext->e_desc); +@@ -2261,10 +2267,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf + if (r_baserel) + r_extern = 1; + +- if (r_extern && r_index > symcount) ++ if (r_extern && r_index >= symcount) + { + /* We could arrange to return an error, but it might be useful +- to see the file even if it is bad. */ ++ to see the file even if it is bad. FIXME: Of course this ++ means that objdump -r *doesn't* see the actual reloc, and ++ objcopy silently writes a different reloc. */ + r_extern = 0; + r_index = N_ABS; + } diff --git a/SOURCES/binutils-CVE-2018-7643.patch b/SOURCES/binutils-CVE-2018-7643.patch new file mode 100644 index 0000000..7a4ed19 --- /dev/null +++ b/SOURCES/binutils-CVE-2018-7643.patch @@ -0,0 +1,17 @@ +diff -rup binutils.orig/binutils/dwarf.c binutils-2.27/binutils/dwarf.c +--- binutils.orig/binutils/dwarf.c 2018-05-30 09:57:23.401080405 +0100 ++++ binutils-2.27/binutils/dwarf.c 2018-05-30 09:57:33.578971357 +0100 +@@ -5195,6 +5195,13 @@ display_debug_ranges (struct dwarf_secti + continue; + } + ++ if (next < section_begin || next >= finish) ++ { ++ warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"), ++ (unsigned long) offset, i); ++ continue; ++ } ++ + if (dwarf_check != 0 && i > 0) + { + if (start < next) diff --git a/SOURCES/binutils-CVE-2018-8945.patch b/SOURCES/binutils-CVE-2018-8945.patch new file mode 100644 index 0000000..de25cba --- /dev/null +++ b/SOURCES/binutils-CVE-2018-8945.patch @@ -0,0 +1,30 @@ +diff -rup binutils.orig/bfd/elf-attrs.c binutils-2.27/bfd/elf-attrs.c +--- binutils.orig/bfd/elf-attrs.c 2018-05-30 09:57:23.385080577 +0100 ++++ binutils-2.27/bfd/elf-attrs.c 2018-05-30 10:01:03.528712202 +0100 +@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El + /* PR 17512: file: 2844a11d. */ + if (hdr->sh_size == 0) + return; ++ if (hdr->sh_size > bfd_get_size (abfd)) ++ { ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%B: error: attribute section '%A' too big: %#llx"), ++ abfd, hdr->bfd_section, (long long) hdr->sh_size); ++ bfd_set_error (bfd_error_invalid_operation); ++ return; ++ } ++ + contents = (bfd_byte *) bfd_malloc (hdr->sh_size); + if (!contents) + return; +diff -rup binutils.orig/bfd/elf.c binutils-2.27/bfd/elf.c +--- binutils.orig/bfd/elf.c 2018-05-30 09:57:23.382080610 +0100 ++++ binutils-2.27/bfd/elf.c 2018-05-30 10:01:52.766182199 +0100 +@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi + /* Allocate and clear an extra byte at the end, to prevent crashes + in case the string table is not terminated. */ + if (shstrtabsize + 1 <= 1 ++ || shstrtabsize > bfd_get_size (abfd) + || bfd_seek (abfd, offset, SEEK_SET) != 0 + || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL) + shstrtab = NULL; diff --git a/SOURCES/binutils-strip-unknown-relocs.patch b/SOURCES/binutils-strip-unknown-relocs.patch new file mode 100644 index 0000000..73f6912 --- /dev/null +++ b/SOURCES/binutils-strip-unknown-relocs.patch @@ -0,0 +1,544 @@ +diff -rup binutils.orig/bfd/elf32-i386.c binutils-2.30/bfd/elf32-i386.c +--- binutils.orig/bfd/elf32-i386.c 2018-02-27 17:25:53.961140597 +0000 ++++ binutils-2.30/bfd/elf32-i386.c 2018-02-27 17:27:14.115133477 +0000 +@@ -383,7 +383,7 @@ elf_i386_rtype_to_howto (bfd *abfd, unsi + { + (*_bfd_error_handler) (_("%B: invalid relocation type %d"), + abfd, (int) r_type); +- indx = R_386_NONE; ++ return NULL; + } + /* PR 17512: file: 0f67f69d. */ + if (elf_howto_table [indx].type != r_type) +diff -rup binutils.orig/bfd/elf64-ppc.c binutils-2.30/bfd/elf64-ppc.c +--- binutils.orig/bfd/elf64-ppc.c 2018-02-27 17:25:53.969140496 +0000 ++++ binutils-2.30/bfd/elf64-ppc.c 2018-02-27 17:27:56.213604518 +0000 +@@ -2516,9 +2516,12 @@ ppc64_elf_info_to_howto (bfd *abfd, arel + { + (*_bfd_error_handler) (_("%B: invalid relocation type %d"), + abfd, (int) type); +- type = R_PPC64_NONE; ++ cache_ptr->howto = NULL; + } +- cache_ptr->howto = ppc64_elf_howto_table[type]; ++ else ++ cache_ptr->howto = ppc64_elf_howto_table[type]; ++ if (cache_ptr->howto == NULL || cache_ptr->howto->name == NULL) ++ _bfd_error_handler (_("%B: invalid relocation type %d"), abfd, type); + } + + /* Handle the R_PPC64_ADDR16_HA and similar relocs. */ +diff -rup binutils.orig/bfd/elf64-s390.c binutils-2.30/bfd/elf64-s390.c +--- binutils.orig/bfd/elf64-s390.c 2018-02-27 17:25:53.968140509 +0000 ++++ binutils-2.30/bfd/elf64-s390.c 2018-02-27 17:28:24.632247443 +0000 +@@ -372,9 +372,10 @@ elf_s390_info_to_howto (bfd *abfd ATTRIB + { + (*_bfd_error_handler) (_("%B: invalid relocation type %d"), + abfd, (int) r_type); +- r_type = R_390_NONE; ++ cache_ptr->howto = NULL; + } +- cache_ptr->howto = &elf_howto_table[r_type]; ++ else ++ cache_ptr->howto = &elf_howto_table[r_type]; + } + } + +diff -rup binutils.orig/bfd/elf64-x86-64.c binutils-2.30/bfd/elf64-x86-64.c +--- binutils.orig/bfd/elf64-x86-64.c 2018-02-27 17:25:53.964140559 +0000 ++++ binutils-2.30/bfd/elf64-x86-64.c 2018-02-27 17:29:12.554645307 +0000 +@@ -284,7 +284,7 @@ elf_x86_64_rtype_to_howto (bfd *abfd, un + { + (*_bfd_error_handler) (_("%B: invalid relocation type %d"), + abfd, (int) r_type); +- r_type = R_X86_64_NONE; ++ return NULL; + } + i = r_type; + } +@@ -347,7 +347,6 @@ elf_x86_64_info_to_howto (bfd *abfd ATTR + + r_type = ELF32_R_TYPE (dst->r_info); + cache_ptr->howto = elf_x86_64_rtype_to_howto (abfd, r_type); +- BFD_ASSERT (r_type == cache_ptr->howto->type); + } + + /* Support for core dump NOTE sections. */ +diff -rup binutils.orig/bfd/elfcode.h binutils-2.30/bfd/elfcode.h +--- binutils.orig/bfd/elfcode.h 2018-02-27 17:25:53.964140559 +0000 ++++ binutils-2.30/bfd/elfcode.h 2018-02-27 17:26:57.234345581 +0000 +@@ -1474,6 +1474,12 @@ elf_slurp_reloc_table_from_section (bfd + (*ebd->elf_info_to_howto) (abfd, relent, &rela); + else + (*ebd->elf_info_to_howto_rel) (abfd, relent, &rela); ++ ++ if (relent->howto == NULL) ++ { ++ bfd_set_error (bfd_error_bad_value); ++ goto error_return; ++ } + } + + if (allocated != NULL) +diff -rup binutils.orig/binutils/objcopy.c binutils-2.30/binutils/objcopy.c +--- binutils.orig/binutils/objcopy.c 2018-02-27 17:25:53.185150347 +0000 ++++ binutils-2.30/binutils/objcopy.c 2018-02-27 17:30:05.806976202 +0000 +@@ -3022,10 +3022,19 @@ copy_object (bfd *ibfd, bfd *obfd, const + haven't been set yet. mark_symbols_used_in_relocations will + ignore input sections which have no corresponding output + section. */ ++ bfd_set_error (bfd_error_no_error); + if (strip_symbols != STRIP_ALL) +- bfd_map_over_sections (ibfd, +- mark_symbols_used_in_relocations, +- isympp); ++ { ++ bfd_map_over_sections (ibfd, ++ mark_symbols_used_in_relocations, ++ isympp); ++ if (bfd_get_error () != bfd_error_no_error) ++ { ++ status = 1; ++ return FALSE; ++ } ++ } ++ + osympp = (asymbol **) xmalloc ((symcount + add_symbols + 1) * sizeof (asymbol *)); + symcount = filter_symbols (ibfd, obfd, osympp, isympp, symcount); + } +diff -rup binutils.orig/binutils/testsuite/binutils-all/objcopy.exp binutils-2.27/binutils/testsuite/binutils-all/objcopy.exp +--- binutils.orig/binutils/testsuite/binutils-all/objcopy.exp 2018-04-11 12:34:04.671683298 +0100 ++++ binutils-2.27/binutils/testsuite/binutils-all/objcopy.exp 2018-04-11 12:36:50.053734109 +0100 +@@ -1083,6 +1083,29 @@ if [is_elf_format] { + } + run_dump_test "strip-11" $extra_strip11 + ++ if { [istarget "mips64*-*-openbsd*"] } { ++ set reloc_format mips64 ++ } elseif { [istarget "arm-*"] \ ++ || [istarget "d10v-*"] \ ++ || [istarget "dlx-*"] \ ++ || [istarget "i*86-*"] \ ++ || [istarget "i960-*"] \ ++ || [istarget "m681*-*"] \ ++ || [istarget "m68hc1*-*"] \ ++ || ([istarget "mips*-*"] \ ++ && ![istarget "mips64*-ps2-elf*"] \ ++ && ![istarget "*-*-irix6*"] \ ++ && ![istarget "mips64*-*-freebsd*"] \ ++ && ![istarget "mips64*-*-kfreebsd*-gnu"] \ ++ && ![istarget "mips64*-*-linux*"]) \ ++ || [istarget "score*-*"] \ ++ || [istarget "xgate-*"] } { ++ set reloc_format rel ++ } else { ++ set reloc_format rela ++ } ++ run_dump_test "strip-13" [list [list source strip-13${reloc_format}.s]] ++ + if { [istarget "i*86-*"] || [istarget "x86_64-*-*"] } { + # Check to make sure we don't strip a symbol named in relocations. + set test "objcopy keeps symbols needed by relocs" +diff -rup binutils.orig/binutils/testsuite/lib/utils-lib.exp binutils-2.27/binutils/testsuite/lib/utils-lib.exp +--- binutils.orig/binutils/testsuite/lib/utils-lib.exp 2018-04-11 12:34:04.674683263 +0100 ++++ binutils-2.27/binutils/testsuite/lib/utils-lib.exp 2018-04-11 12:54:56.097850613 +0100 +@@ -1,4 +1,4 @@ +-# Copyright (C) 1993-2016 Free Software Foundation, Inc. ++# Copyright (C) 1993-2018 Free Software Foundation, Inc. + + # This program is free software; you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -51,12 +51,17 @@ proc binutil_version { prog } { + # default_binutils_run + # run a program, returning the output + # sets binutils_run_failed if the program does not exist ++# sets binutils_run_status to the exit status of the program + # + proc default_binutils_run { prog progargs } { + global binutils_run_failed ++ global binutils_run_status + global host_triplet + + set binutils_run_failed 0 ++ if [info exists binutils_run_status] { ++ unset binutils_run_status ++ } + + if ![is_remote host] { + if {[which $prog] == 0} then { +@@ -83,6 +88,7 @@ proc default_binutils_run { prog progarg + regsub -all "\\$" "$progargs" "\\$" progargs + + set state [remote_exec host $prog $progargs] ++ set binutils_run_status [lindex $state 0] + set exec_output [prune_warnings [lindex $state 1]] + if {![string match "" $exec_output]} then { + send_log "$exec_output\n" +@@ -127,7 +133,6 @@ proc default_binutils_assemble_flags { s + } else { + send_log "$exec_output\n" + verbose "$exec_output" +- perror "$source: assembly failed" + return 0 + } + } +@@ -214,6 +219,11 @@ proc exe_ext {} { + # Assemble the file SOURCE.s. If omitted, this defaults to FILE.s. + # This is useful if several .d files want to share a .s file. + # ++# dump: DUMP ++# Match against DUMP.d. If omitted, this defaults to FILE.d. This ++# is useful if several .d files differ by options only. Options are ++# always read from FILE.d. ++# + # target: GLOBS... + # Run this test only on a specified list of targets. More precisely, + # each glob in the space-separated list is passed to "istarget"; if +@@ -237,22 +247,22 @@ proc exe_ext {} { + # + # error: REGEX + # An error with message matching REGEX must be emitted for the test +-# to pass. The PROG, objdump, nm and objcopy options have no +-# meaning and need not supplied if this is present. ++# to pass. The DUMPPROG, addr2line, nm, objdump, readelf and size ++# options have no meaning and need not supplied if this is present. ++# Multiple "error" directives append to the expected error message. ++# ++# error_output: FILE ++# Means the same as 'error', except the regular expression lines ++# are contains in FILE. + # + # warning: REGEX +-# Expect a gas warning matching REGEX. It is an error to issue +-# both "error" and "warning". +-# +-# stderr: FILE +-# FILE contains regexp lines to be matched against the diagnostic +-# output of the assembler. This does not preclude the use of +-# PROG, nm, objdump, or objcopy. +-# +-# error-output: FILE +-# Means the same as 'stderr', but also indicates that the assembler +-# is expected to exit unsuccessfully (therefore PROG, objdump, nm, +-# and objcopy have no meaning and should not be supplied). ++# Expect a warning matching REGEX. It is an error to issue both ++# "error" and "warning". Multiple "warning" directives append to ++# the expected linker warning message. ++# ++# warning_output: FILE ++# Means the same as 'warning', except the regular expression ++# lines are contains in FILE. + # + # Each option may occur at most once. + # +@@ -266,6 +276,7 @@ proc run_dump_test { name {extra_options + global OBJDUMP NM OBJCOPY READELF STRIP + global OBJDUMPFLAGS NMFLAGS OBJCOPYFLAGS READELFFLAGS STRIPFLAGS + global ELFEDIT ELFEDITFLAGS ++ global binutils_run_status + global host_triplet + global env + global copyfile +@@ -299,6 +310,11 @@ proc run_dump_test { name {extra_options + set opts(PROG) {} + set opts(DUMPPROG) {} + set opts(source) {} ++ set opts(dump) {} ++ set opts(error) {} ++ set opts(warning) {} ++ set opts(error_output) {} ++ set opts(warning_output) {} + set opts(target) {} + set opts(not-target) {} + set opts(skip) {} +@@ -317,12 +333,18 @@ proc run_dump_test { name {extra_options + # directory. + regsub -all "\\\$srcdir" "$opt_val" "$srcdir/$subdir" opt_val + +- if [string length $opts($opt_name)] { +- perror "option $opt_name multiply set in $file.d" +- unresolved $subdir/$name +- return ++ switch -- $opt_name { ++ warning {} ++ error {} ++ default { ++ if [string length $opts($opt_name)] { ++ perror "option $opt_name multiply set in $file.d" ++ unresolved $subdir/$name ++ return ++ } ++ } + } +- set opts($opt_name) $opt_val ++ append opts($opt_name) $opt_val + } + + foreach i $extra_options { +@@ -340,7 +362,8 @@ proc run_dump_test { name {extra_options + + # add extra option to end of existing option, adding space + # if necessary. +- if [string length $opts($opt_name)] { ++ if { ![regexp "warning|error" $opt_name] ++ && [string length $opts($opt_name)] } { + append opts($opt_name) " " + } + append opts($opt_name) $opt_val +@@ -378,28 +401,35 @@ proc run_dump_test { name {extra_options + } + + set dumpprogram "" +- if { $opts(DUMPPROG) != "" } { +- switch -- $opts(DUMPPROG) { +- addr2line { set dumpprogram addr2line } +- nm { set dumpprogram nm } +- objdump { set dumpprogram objdump } +- readelf { set dumpprogram readelf } +- size { set dumpprogram size } +- default { +- perror "unrecognized dump program option $opts(DUMPPROG) in $file.d" +- unresolved $testname +- return } +- } +- } else { +- # Guess which program to run, by seeing which option was specified. +- foreach p {addr2line nm objdump readelf size} { +- if {$opts($p) != ""} { +- if {$dumpprogram != ""} { +- perror "more than one possible dump program specified in $file.d" ++ # It's meaningless to require an output-testing method when we ++ # expect an error. ++ if { $opts(error) == "" && $opts(error_output) == "" } { ++ if { $opts(DUMPPROG) != "" } { ++ switch -- $opts(DUMPPROG) { ++ addr2line { set dumpprogram addr2line } ++ nm { set dumpprogram nm } ++ objdump { set dumpprogram objdump } ++ readelf { set dumpprogram readelf } ++ size { set dumpprogram size } ++ default { ++ perror "unrecognized dump program option $opts(DUMPPROG)\ ++ in $file.d" + unresolved $testname + return +- } else { +- set dumpprogram $p ++ } ++ } ++ } else { ++ # Guess which program to run, by seeing which option was specified. ++ foreach p {addr2line nm objdump readelf size} { ++ if {$opts($p) != ""} { ++ if {$dumpprogram != ""} { ++ perror "more than one possible dump program specified\ ++ in $file.d" ++ unresolved $testname ++ return ++ } else { ++ set dumpprogram $p ++ } + } + } + } +@@ -456,6 +486,12 @@ proc run_dump_test { name {extra_options + set srcfile $srcdir/$subdir/$opts(source) + } + ++ if { $opts(dump) == "" } { ++ set dumpfile ${file}.d ++ } else { ++ set dumpfile $srcdir/$subdir/$opts(dump) ++ } ++ + if { $opts(as) == "binary" } { + while {[file type $srcfile] eq "link"} { + set newfile [file readlink $srcfile] +@@ -464,7 +500,8 @@ proc run_dump_test { name {extra_options + } + set srcfile $newfile + } +- file copy -force ${srcfile} $tempfile ++ # Make sure we copy the file if we are doing remote host testing. ++ remote_download host ${srcfile} $tempfile + } else { + set exec_output [binutils_assemble_flags ${srcfile} $tempfile $opts(as)] + if [string match "" $exec_output] then { +@@ -475,16 +512,95 @@ proc run_dump_test { name {extra_options + } + } + ++ if { (($opts(warning) != "") && ($opts(error) != "")) \ ++ || (($opts(warning) != "") && ($opts(error_output) != "")) \ ++ || (($opts(warning) != "") && ($opts(warning_output) != "")) \ ++ || (($opts(error) != "") && ($opts(warning_output) != "")) \ ++ || (($opts(error) != "") && ($opts(error_output) != "")) \ ++ || (($opts(warning_output) != "") && ($opts(error_output) != "")) } { ++ perror "bad mix of warning, error, warning_output, and error_output\ ++ test-directives" ++ unresolved $testname ++ return ++ } ++ ++ set check_prog(source) "" ++ set check_prog(terminal) 0 ++ if { $opts(error) != "" \ ++ || $opts(warning) != "" \ ++ || $opts(error_output) != "" \ ++ || $opts(warning_output) != "" } { ++ ++ if { $opts(error) != "" || $opts(error_output) != "" } { ++ set check_prog(terminal) 1 ++ } else { ++ set check_prog(terminal) 0 ++ } ++ ++ if { $opts(error) != "" || $opts(warning) != "" } { ++ set check_prog(source) "regex" ++ if { $opts(error) != "" } { ++ set check_prog(regex) $opts(error) ++ } else { ++ set check_prog(regex) $opts(warning) ++ } ++ } else { ++ set check_prog(source) "file" ++ if { $opts(error_output) != "" } { ++ set check_prog(file) $opts(error_output) ++ } else { ++ set check_prog(file) $opts(warning_output) ++ } ++ } ++ } ++ + set progopts1 $opts($program) + eval set progopts \$[string toupper $program]FLAGS + eval set binary \$[string toupper $program] + + set exec_output [binutils_run $binary "$progopts $progopts1 $tempfile $destopt ${copyfile}.o"] +- if ![string match "" $exec_output] { +- send_log "$exec_output\n" ++ set cmdret 0 ++ if [info exists binutils_run_status] { ++ set cmdret $binutils_run_status ++ } ++ ++ regsub "\n$" $exec_output "" exec_output ++ if { $cmdret != 0 || $exec_output != "" || $check_prog(source) != "" } { ++ set exitstat "succeeded" ++ if { $cmdret != 0 } { ++ set exitstat "failed" ++ } ++ ++ if { $check_prog(source) == "regex" } { ++ verbose -log "$exitstat with: <$exec_output>,\ ++ expected: <$check_prog(regex)>" ++ } elseif { $check_prog(source) == "file" } { ++ verbose -log "$exitstat with: <$exec_output>,\ ++ expected in file $check_prog(file)" ++ set_file_contents "tmpdir/prog.messages" "$exec_output" ++ } else { ++ verbose -log "$exitstat with: <$exec_output>, no expected output" ++ } ++ send_log -- "$exec_output\n" + verbose "$exec_output" +- fail $testname +- return ++ ++ if { (($check_prog(source) == "") == ($exec_output == "")) \ ++ && (($cmdret == 0) == ($check_prog(terminal) == 0)) \ ++ && ((($check_prog(source) == "regex") \ ++ && ($check_prog(regex) == "") == ($exec_output == "") \ ++ && [regexp -- $check_prog(regex) $exec_output]) \ ++ || (($check_prog(source) == "file") \ ++ && (![regexp_diff "tmpdir/prog.messages" \ ++ "$srcdir/$subdir/$check_prog(file)"]))) } { ++ # We have the expected output from prog. ++ if { $check_prog(terminal) || $program == "" } { ++ pass $testname ++ return ++ } ++ } else { ++ fail $testname ++ return ++ } + } + + set progopts1 $opts($dumpprogram) +@@ -534,7 +650,7 @@ proc run_dump_test { name {extra_options + } + + verbose_eval {[file_contents "tmpdir/dump.out"]} 3 +- if { [regexp_diff "tmpdir/dump.out" "${file}.d"] } then { ++ if { [regexp_diff "tmpdir/dump.out" "${dumpfile}"] } then { + fail $testname + verbose "output is [file_contents "tmpdir/dump.out"]" 2 + return +--- /dev/null 2018-04-11 08:10:00.466225454 +0100 ++++ binutils-2.27/binutils/testsuite/binutils-all/strip-13.d 2018-04-11 12:55:42.481306111 +0100 +@@ -0,0 +1,10 @@ ++#PROG: strip ++#strip: -g ++#error: \A[^\n]*: invalid relocation type 143\n ++#error: [^\n]*: Bad value\Z ++#not-target: h8300-* ip2k-* m6811-* m68hc11-* rx-* ++# The H8300-*, IP2K and 68HC11 targets use 16-bit addressing, so `.dc.a' ++# does not work for manual relocation data construction. ++# The RX targets do not complain about unrecognised relocs, unless they ++# are actually used ++# (which is what should really happen with the other targets...) +--- /dev/null 2018-04-11 08:10:00.466225454 +0100 ++++ binutils-2.27/binutils/testsuite/binutils-all/strip-13mips64.s 2018-04-11 12:37:17.195412074 +0100 +@@ -0,0 +1,14 @@ ++ .text ++foo: ++ .dc.l 0x12345678 ++ ++ .section .rela.text ++ .dc.a 0 ++ .dc.l 0 ++ .dc.b 0, 0, 0, 0x8f ++ .dc.a 0x0000008f ++ ++ .dc.a 0 ++ .dc.l 0 ++ .dc.b 0, 0, 0, 0 ++ .dc.a 0 +--- /dev/null 2018-04-11 08:10:00.466225454 +0100 ++++ binutils-2.27/binutils/testsuite/binutils-all/strip-13rela.s 2018-04-11 12:37:17.195412074 +0100 +@@ -0,0 +1,12 @@ ++ .text ++foo: ++ .dc.l 0x12345678 ++ ++ .section .rela.text ++ .dc.a 0 ++ .dc.a 0x0000008f ++ .dc.a 0x0000008f ++ ++ .dc.a 0 ++ .dc.a 0 ++ .dc.a 0 +--- /dev/null 2018-04-11 08:10:00.466225454 +0100 ++++ binutils-2.27/binutils/testsuite/binutils-all/strip-13rel.s 2018-04-11 12:37:17.195412074 +0100 +@@ -0,0 +1,10 @@ ++ .text ++foo: ++ .dc.l 0x12345678 ++ ++ .section .rel.text ++ .dc.a 0 ++ .dc.a 0x0000008f ++ ++ .dc.a 0 ++ .dc.a 0 +--- binutils.orig/bfd/elfnn-aarch64.c 2018-04-11 12:34:04.649683557 +0100 ++++ binutils-2.27/bfd/elfnn-aarch64.c 2018-04-11 13:33:08.539305994 +0100 +@@ -1977,6 +1977,8 @@ elfNN_aarch64_info_to_howto (bfd *abfd A + + r_type = ELFNN_R_TYPE (elf_reloc->r_info); + bfd_reloc->howto = elfNN_aarch64_howto_from_type (r_type); ++ if (bfd_reloc->howto == NULL) ++ _bfd_error_handler (_("%B: invalid relocation type %d"), abfd, r_type); + } + + static reloc_howto_type * diff --git a/SOURCES/binutils-x86_64-do-not-convert-abs-relocs.patch b/SOURCES/binutils-x86_64-do-not-convert-abs-relocs.patch new file mode 100644 index 0000000..f66fab7 --- /dev/null +++ b/SOURCES/binutils-x86_64-do-not-convert-abs-relocs.patch @@ -0,0 +1,12 @@ +--- binutils.orig/bfd/elf64-x86-64.c 2018-03-19 11:50:18.770407381 +0000 ++++ binutils-2.27/bfd/elf64-x86-64.c 2018-03-19 12:01:12.177534677 +0000 +@@ -1931,6 +1931,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd + { + bfd_signed_vma distance; + ++ if (tsec->output_section == NULL) ++ return TRUE; ++ + /* At this point, we don't know the load addresses of TSEC + section nor SEC section. We estimate the distrance between + SEC and TSEC. We store the estimated distances in the diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec index 9dc20df..8106e84 100644 --- a/SPECS/binutils.spec +++ b/SPECS/binutils.spec @@ -54,7 +54,7 @@ Version: 2.27 # Note: The Release string *must* be different from that used by any of the # devtoolset binutils associated with this release. That is why ".base" # has been appended here. See BZ 1337617 for more details. -Release: 28.base%{?dist}.1 +Release: 34.base%{?dist} License: GPLv3+ Group: Development/Tools URL: http://sources.redhat.com/binutils @@ -283,9 +283,65 @@ Patch40: binutils-2.27-power9.3.patch # Lifetime: Fixed in 2.30. Patch41: binutils-2.27-ppc64-discarded-plt-sections.patch +# Purpose: Fix a seg-fault in the x86_64 linker when attempting to convert +# relocations against the absolute section. +# Lifetime: Fixed in 2.30. +Patch42: binutils-x86_64-do-not-convert-abs-relocs.patch + +# Purpose: Add support for a "-z globalaudit" linker command line option. +# Lifetime: Fixed in 2.30. +Patch43: binutils-2.27-add-globalaudit-support.patch + +# Purpose: Stop strip from replacing unknown relocs with null relocs. Make +# it return an error status and not strip the file instead. +# Lifetime: Fixed in 2.31. +Patch44: binutils-strip-unknown-relocs.patch + # Purpose: Allow "lea foo@GOT, %reg" in PIC mode on the x86. # Lifetime: Fixed in 2.28 -Patch42: binutils-x86-lea-addressing.patch +Patch45: binutils-x86-lea-addressing.patch + +# Purpose: Fix seg-fault parsing corrupt DWARF1 debug information. +# Lifetime: Fixed in 2.31 +Patch46: binutils-CVE-2018-7568.patch + +# Purpose: Fix seg-fault parsing corrupt DWARF debug information. +# Lifetime: Fixed in 2.31 +Patch47: binutils-CVE-2018-7569.patch + +# Purpose: Fix seg-fault parsing corrupt COFF files. +# Lifetime: Fixed in 2.31 +Patch48: binutils-CVE-2018-7208.patch + +# Purpose: Fix seg-fault parsing corrupt ELF files. +# Lifetime: Fixed in 2.31 +Patch49: binutils-CVE-2018-10535.patch + +# Purpose: Fix seg-fault parsing corrupt DWARF debug information. +# Lifetime: Fixed in 2.31 +Patch50: binutils-CVE-2018-10373.patch + +# Purpose: Fix seg-fault parsing corrupt DWARF debug information. +# Lifetime: Fixed in 2.31 +Patch51: binutils-CVE-2018-10372.patch + +# Purpose: Fix seg-fault parsing a corrupt PE format file. +# Lifetime: Fixed in 2.31 +Patch52: binutils-CVE-2018-10534.patch + +# Purpose: Fix seg-fault parsing a corrupt AOUT format file. +# Lifetime: Fixed in 2.31 +Patch53: binutils-CVE-2018-7642.patch + +# Purpose: Fix seg-fault parsing corrupt DWARF debug information. +# Lifetime: Fixed in 2.31 +Patch54: binutils-CVE-2018-7643.patch + +# Purpose: Fix seg-fault parsing corrupt ELF files. +# Lifetime: Fixed in 2.31 +Patch55: binutils-CVE-2018-8945.patch + + # Purpose: A *temporary* patch to disable the generation of # R_X86_64_GOTPCRELX and R_X86_64_REX_GETPCRELX relocations by the @@ -467,6 +523,19 @@ using libelf instead of BFD. %patch40 -p1 %patch41 -p1 %patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch46 -p1 +%patch47 -p1 +%patch48 -p1 +%patch49 -p1 +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 +%patch55 -p1 # TEMPORARY patches. %patch998 -p1 @@ -873,15 +942,37 @@ exit 0 #--------------------------------------------------------------------------------- %changelog -* Tue May 29 2018 Nick Clifton 2.27-28.base.1 -- Fix the N-V-R for z-stream release. - -* Fri May 25 2018 Marek Polacek 2.27-28.base.0.0.hotfix.1.bz1582602 -- Hotfix build. - -* Fri May 25 2018 Marek Polacek 2.27-28.base -- Allow "lea foo@GOT, %reg" in PIC mode on the x86. - (#1582602) +* Wed May 30 2018 Nick Clifton 2.27-34.base +- Fix seg-fault parsing corrupt AOUT format files. (#1579799) +- Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802) +- Fix seg-fault parsing corrupt ELF format files. (#1579801) + +* Thu May 17 2018 Nick Clifton 2.27-33.base +- Fix seg-fault parsing ELF files. (#1578979) +- Fix seg-fault parsing DWARF-2 information. (#1579065) +- Fix seg-fault parsing DWARF-2 information. (#1579051) +- Fix seg-fault parsing a PE format file. (#1579019) + +* Wed May 16 2018 Nick Clifton 2.27-32.base +- Fix seg-fault parsing DWARF-1 information. (#1569580) +- Fix seg-fault parsing DWARF-2 information. (#1569891) +- Fix seg-fault parsing COFF files. (#1571917) + +* Wed May 02 2018 Nick Clifton 2.27-31.base +- Allow "lea foo@GOT, %reg" in PIC mode on the x86. (#1573872) + +* Fri Apr 20 2018 Nick Clifton 2.27-30.base +- Version bump in order to allow a rebuild, in order to work around a transient problem with the compose database. + +* Wed Apr 11 2018 Nick Clifton 2.27-29.base +- Add support for the GLOBALAUDIT dynamic linker tag. + (#1439351) + +* Wed Apr 11 2018 Nick Clifton 2.27-28.base +- Stop the x86_64 linker from crashing when asked to convert a reloc against the ABS section. + (#1557346) +- Stop strip from replacing unknown relocs with null relocs. + (#1545386) * Thu Jan 11 2018 Nick Clifton 2.27-27.base - Do enable relro by default for the PowerPC64 architecture.