diff --git a/SOURCES/binutils-memory-access-when-parsing-an-elf-file.patch b/SOURCES/binutils-memory-access-when-parsing-an-elf-file.patch new file mode 100644 index 0000000..089bc54 --- /dev/null +++ b/SOURCES/binutils-memory-access-when-parsing-an-elf-file.patch @@ -0,0 +1,11 @@ +--- binutils.orig/bfd/elf.c 2023-04-28 12:54:08.090737942 +0100 ++++ binutils-2.30/bfd/elf.c 2023-04-28 12:53:28.602795763 +0100 +@@ -8398,6 +8398,8 @@ error_return_verref: + || bfd_bread (contents, hdr->sh_size, abfd) != hdr->sh_size) + goto error_return_verref; + ++ if (hdr->sh_info == 0) ++ goto error_return_verref; + elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) + bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed)); + diff --git a/SPECS/binutils.spec b/SPECS/binutils.spec index 4134250..1596eec 100644 --- a/SPECS/binutils.spec +++ b/SPECS/binutils.spec @@ -43,7 +43,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.30 -Release: 119%{?dist} +Release: 119%{?dist}.2 License: GPLv3+ URL: https://sourceware.org/binutils @@ -631,6 +631,10 @@ Patch101: binutils-coffgen-buffer-overrun.patch # Lifetime: Fixed in 2.35 Patch102: binutils-plugin-search.patch +# Purpose: Fix an illegal memory access when parsing an elf file containing corrupt symbol version information +# Lifetime: 2.39 +Patch103: binutils-memory-access-when-parsing-an-elf-file.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -870,6 +874,7 @@ using libelf instead of BFD. %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -1319,6 +1324,12 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Oct 20 2023 Nick Clifton - 2.30-119.2 +- Backport: Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information. (RHEL-12956) + +* Thu Oct 12 2023 Nick Clifton - 2.30-119.1 +- Backport: Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information. (#2164700) + * Mon Sep 05 2022 Nick Clifton - 2.30-119 - NVR Bump in order to allow rebuild now that the rhel-8.8.0-candidate tag is available.