Extend vulnerability fix again.

Resolves: #1925779
2021-02-08 13:08:53 +00:00 · 2021-02-08 13:08:53 +00:00 · 0352349844
parent b9f11b2d26
commit 0352349844
2 changed files with 49 additions and 1 deletions
--- a/binutils-CVE-2021-20197.patch
+++ b/binutils-CVE-2021-20197.patch
@ -731,3 +731,48 @@ Only in binutils-2.35.1/binutils/: objcopy.c.rej
 
       smart_rename (temp_name, real_name, ofd,
 		    skip_stat ? NULL : &target_stat, 0);
+--- binutils.orig/binutils/rename.c	2021-02-08 11:02:58.767933783 +0000
+++ binutils-2.35.1/binutils/rename.c	2021-02-08 11:20:37.539179363 +0000
+@@ -179,7 +179,10 @@ smart_rename (const char *from, const ch
+ 	      int preserve_dates ATTRIBUTE_UNUSED)
+ {
+   int ret = 0;
+-  bfd_boolean exists = target_stat != NULL;
+  struct stat to_stat;
+  bfd_boolean exists;
+
+  exists = lstat (to, &to_stat) == 0;
+ 
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   /* Win32, unlike unix, will not erase `to' in `rename(from, to)' but
+@@ -214,16 +217,16 @@ smart_rename (const char *from, const ch
+      external change.  */
+   if (! exists
+       || (fd >= 0
+-	  && !S_ISLNK (target_stat->st_mode)
+-	  && S_ISREG (target_stat->st_mode)
+-	  && (target_stat->st_mode & S_IWUSR)
+-	  && target_stat->st_nlink == 1)
+	  && !S_ISLNK (to_stat.st_mode)
+	  && S_ISREG (to_stat.st_mode)
+	  && (to_stat.st_mode & S_IWUSR)
+	  && to_stat.st_nlink == 1)
+       )
+     {
+       ret = rename (from, to);
+       if (ret == 0)
+ 	{
+-	  if (exists)
+	  if (exists && target_stat != NULL)
+ 	    try_preserve_permissions (fd, target_stat);
+ 	}
+       else
+@@ -239,7 +242,7 @@ smart_rename (const char *from, const ch
+       if (ret != 0)
+ 	non_fatal (_("unable to copy file '%s'; reason: %s"), to, strerror (errno));
+ 
+-      if (preserve_dates)
+      if (preserve_dates && target_stat != NULL)
+ 	set_times (to, target_stat);
+       unlink (from);
+     }
--- a/binutils.spec
+++ b/binutils.spec
@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.35.1
-Release: 33%{?dist}
+Release: 34%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils

@ -922,6 +922,9 @@ exit 0

 #----------------------------------------------------------------------------
 %changelog
+* Mon Feb 08 2021 Nick Clifton  <nickc@redhat.com> - 2.35.1-34
+- Extend vulnerability fix again.  (#1925779)
+
 * Thu Feb 04 2021 Nick Clifton  <nickc@redhat.com> - 2.35.1-33
 - Preserve debug information in libbfd.a and libopcodes.a.  (#1924068)