From 28148d9f5c1af49af46495c2df7bbfcaad756c0f Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Tue, 3 Jan 2023 16:43:16 +0100 Subject: [PATCH] Backport patch for CVE-2022-4285 --- CVE-2022-4285.patch | 14 ++++++++++++++ mingw-binutils.spec | 8 +++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-4285.patch diff --git a/CVE-2022-4285.patch b/CVE-2022-4285.patch new file mode 100644 index 0000000..0766ecf --- /dev/null +++ b/CVE-2022-4285.patch @@ -0,0 +1,14 @@ +diff -rupN --no-dereference binutils-2.39/bfd/elf.c binutils-2.39-new/bfd/elf.c +--- binutils-2.39/bfd/elf.c 2023-01-03 14:19:15.884413890 +0100 ++++ binutils-2.39-new/bfd/elf.c 2023-01-03 14:19:28.670166584 +0100 +@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + diff --git a/mingw-binutils.spec b/mingw-binutils.spec index f71ed9b..3483908 100644 --- a/mingw-binutils.spec +++ b/mingw-binutils.spec @@ -3,7 +3,7 @@ Name: mingw-binutils Version: 2.39 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Cross-compiled version of binutils for Win32 and Win64 environments License: GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+ @@ -132,6 +132,9 @@ Patch20: binutils-gas-dwarf-skip-empty-functions.patch # Backport patch for CVE-2022-38533 Patch21: CVE-2022-38533.patch +# Backport patch for CVE-2022-4285 +Patch22: CVE-2022-4285.patch + BuildRequires: make BuildRequires: gcc @@ -464,6 +467,9 @@ rm -rf %{buildroot}%{_mandir}/man1/* %changelog +* Tue Jan 03 2023 Sandro Mani - 2.39-3 +- Backport patch for CVE-2022-4285 + * Sun Oct 30 2022 Sandro Mani - 2.39-2 - Backport patch for CVE-2022-38533