Extend vulnerability fix.

Resolves: #1913744
2021-02-03 09:50:49 +00:00 · 2021-02-03 09:50:49 +00:00 · 83f3ca3a00
commit 83f3ca3a00
parent 5389c6c03a
2 changed files with 178 additions and 1 deletions
--- a/binutils-CVE-2021-20197.patch
+++ b/binutils-CVE-2021-20197.patch
@ -531,3 +531,177 @@ diff -rup binutils.orig/binutils/rename.c binutils-2.35.1/binutils/rename.c
 #endif /* _WIN32 && !__CYGWIN32__ */
 
   return ret;
+diff -rup binutils.orig/binutils/ar.c binutils-2.35.1/binutils/ar.c
+--- binutils.orig/binutils/ar.c	2021-02-02 13:01:42.257734944 +0000
+++ binutils-2.35.1/binutils/ar.c	2021-02-02 13:11:13.340958352 +0000
+@@ -25,7 +25,6 @@
+ 
+ #include "sysdep.h"
+ #include "bfd.h"
+-#include "libbfd.h"
+ #include "libiberty.h"
+ #include "progress.h"
+ #include "getopt.h"
+@@ -1082,7 +1081,7 @@ open_output_file (bfd * abfd)
+ 		 output_filename, base);
+       output_filename = base;
+     }
+-  
+
+   if (output_dir)
+     {
+       size_t len = strlen (output_dir);
+@@ -1099,7 +1098,7 @@ open_output_file (bfd * abfd)
+ 
+   if (verbose)
+     printf ("x - %s\n", output_filename);
+-  
+
+   FILE * ostream = fopen (output_filename, FOPEN_WB);
+   if (ostream == NULL)
+     {
+@@ -1198,10 +1197,8 @@ write_archive (bfd *iarch)
+   bfd *contents_head = iarch->archive_next;
+   int ofd = -1;
+   struct stat target_stat;
+-  bfd_boolean skip_stat = FALSE;
+ 
+-  old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
+-  strcpy (old_name, bfd_get_filename (iarch));
+  old_name = xstrdup (bfd_get_filename (iarch));
+   new_name = make_tempname (old_name, &ofd);
+ 
+   if (new_name == NULL)
+@@ -1246,11 +1243,9 @@ write_archive (bfd *iarch)
+ 
+ #if !defined (_WIN32) || defined (__CYGWIN32__)
+   ofd = dup (ofd);
+-  if (iarch == NULL || iarch->iostream == NULL)
+-    skip_stat = TRUE;
+-  else if (ofd == -1 || fstat (fileno (iarch->iostream), &target_stat) != 0)
+-    bfd_fatal (old_name);
+ #endif
+  if (ofd == -1 || bfd_stat (iarch, &target_stat) != 0)
+    bfd_fatal (old_name);
+ 
+   if (!bfd_close (obfd))
+     bfd_fatal (old_name);
+@@ -1261,7 +1256,7 @@ write_archive (bfd *iarch)
+   /* We don't care if this fails; we might be creating the archive.  */
+   bfd_close (iarch);
+ 
+-  if (smart_rename (new_name, old_name, ofd, skip_stat ? NULL : &target_stat, 0) != 0)
+  if (smart_rename (new_name, old_name, ofd, &target_stat, 0) != 0)
+     xexit (1);
+   free (old_name);
+   free (new_name);
+Only in binutils-2.35.1/binutils/: ar.c.orig
+Only in binutils-2.35.1/binutils/: ar.c.rej
+diff -rup binutils.orig/binutils/arsup.c binutils-2.35.1/binutils/arsup.c
+--- binutils.orig/binutils/arsup.c	2021-02-02 13:01:42.208735269 +0000
+++ binutils-2.35.1/binutils/arsup.c	2021-02-02 13:11:55.725678308 +0000
+@@ -42,6 +42,8 @@ extern int deterministic;
+ 
+ static bfd *obfd;
+ static char *real_name;
+static char *temp_name;
+static int real_ofd;
+ static FILE *outfile;
+ 
+ static void
+@@ -149,27 +151,24 @@ maybequit (void)
+ void
+ ar_open (char *name, int t)
+ {
+-  char *tname;
+-  const char *bname = lbasename (name);
+-  real_name = name;
+-
+-  /* Prepend tmp- to the beginning, to avoid file-name clashes after
+-     truncation on filesystems with limited namespaces (DOS).  */
+-  if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1)
+  real_name = xstrdup (name);
+  temp_name = make_tempname (real_name, &real_ofd);
+
+  if (temp_name == NULL)
+     {
+-      fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"),
+      fprintf (stderr, _("%s: Can't open temporary file (%s)\n"),
+ 	       program_name, strerror(errno));
+       maybequit ();
+       return;
+     }
+ 
+-  obfd = bfd_openw (tname, NULL);
+  obfd = bfd_fdopenw (temp_name, NULL, real_ofd);
+ 
+   if (!obfd)
+     {
+       fprintf (stderr,
+ 	       _("%s: Can't open output archive %s\n"),
+-	       program_name,  tname);
+	       program_name, temp_name);
+ 
+       maybequit ();
+     }
+@@ -344,10 +343,9 @@ ar_save (void)
+     }
+   else
+     {
+-      char *ofilename = xstrdup (bfd_get_filename (obfd));
+       bfd_boolean skip_stat = FALSE;
+       struct stat target_stat;
+-      int ofd = -1;
+      int ofd = real_ofd;
+ 
+       if (deterministic > 0)
+         obfd->flags |= BFD_DETERMINISTIC_OUTPUT;
+@@ -355,17 +353,18 @@ ar_save (void)
+ #if !defined (_WIN32) || defined (__CYGWIN32__)
+       /* It's OK to fail; at worst it will result in SMART_RENAME using a slow
+          copy fallback to write the output.  */
+-      ofd = dup (fileno (obfd->iostream));
+-      if (lstat (real_name, &target_stat) != 0)
+-	skip_stat = TRUE;
+      ofd = dup (ofd);
+ #endif
+-
+       bfd_close (obfd);
+ 
+-      smart_rename (ofilename, real_name, ofd,
+      if (ofd == -1 || fstat (ofd, &target_stat) != 0)
+	skip_stat = TRUE;
+
+      smart_rename (temp_name, real_name, ofd,
+ 		    skip_stat ? NULL : &target_stat, 0);
+       obfd = 0;
+-      free (ofilename);
+      free (temp_name);
+      free (real_name);
+     }
+ }
+ 
+Only in binutils-2.35.1/binutils/: arsup.c.orig
+Only in binutils-2.35.1/binutils/: arsup.c.rej
+diff -rup binutils.orig/binutils/objcopy.c binutils-2.35.1/binutils/objcopy.c
+--- binutils.orig/binutils/objcopy.c	2021-02-02 13:01:42.214735229 +0000
+++ binutils-2.35.1/binutils/objcopy.c	2021-02-02 13:13:27.613071192 +0000
+@@ -20,7 +20,6 @@
+ 
+ #include "sysdep.h"
+ #include "bfd.h"
+-#include "libbfd.h"
+ #include "progress.h"
+ #include "getopt.h"
+ #include "libiberty.h"
+@@ -3733,7 +3732,7 @@ copy_file (const char *input_filename, c
+   /* To allow us to do "strip *" without dying on the first
+      non-object file, failures are nonfatal.  */
+   ibfd = bfd_openr (input_filename, input_target);
+-  if (ibfd == NULL || fstat (fileno (ibfd->iostream), in_stat) != 0)
+  if (ibfd == NULL || bfd_stat (ibfd, in_stat) != 0)
+     {
+       bfd_nonfatal_message (input_filename, NULL, NULL, NULL);
+       status = 1;
+Only in binutils-2.35.1/binutils/: objcopy.c.orig
+Only in binutils-2.35.1/binutils/: objcopy.c.rej
--- a/binutils.spec
+++ b/binutils.spec
@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.35.1
-Release: 29%{?dist}
+Release: 30%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils

@ -916,6 +916,9 @@ exit 0

 #----------------------------------------------------------------------------
 %changelog
+* Tue Feb 02 2021 Nick Clifton  <nickc@redhat.com> - 2.35.1-30
+- Extend vulnerability fix.  (#1913744)
+
 * Mon Feb 01 2021 Nick Clifton  <nickc@redhat.com> - 2.35.1-29
 - Add support for DWARF-5 sections to the bfd linker's scripts.  (#1922707)