rpms/mingw-binutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add fix for broken CVE-2021-20197 fix

Browse Source 
related: rhbz#1951278
This commit is contained in:
Richard W.M. Jones 2021-04-26 16:59:34 +01:00
parent 1a10664509
commit 38486b2c07
2 changed files with 172 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
binutils-gdb.git-6184480d7ce1bcd57669a62867efc68418d0de7c.patch Normal file
View File

@ -0,0 +1,163 @@
diff -ur binutils-2.34.old/binutils/ar.c binutils-2.34.new/binutils/ar.c
--- binutils-2.34.old/binutils/ar.c 2021-04-26 17:02:01.517211609 +0100
+++ binutils-2.34.new/binutils/ar.c 2021-04-26 17:03:25.895213701 +0100
@@ -25,7 +25,6 @@
#include "sysdep.h"
#include "bfd.h"
-#include "libbfd.h"
#include "libiberty.h"
#include "progress.h"
#include "getopt.h"
@@ -1198,10 +1197,8 @@
bfd *contents_head = iarch->archive_next;
int ofd = -1;
struct stat target_stat;
- bfd_boolean skip_stat = FALSE;
- old_name = (char *) xmalloc (strlen (bfd_get_filename (iarch)) + 1);
- strcpy (old_name, bfd_get_filename (iarch));
+ old_name = xstrdup (bfd_get_filename (iarch));
new_name = make_tempname (old_name, &ofd);
if (new_name == NULL)
@@ -1246,11 +1243,9 @@
#if !defined (_WIN32) || defined (__CYGWIN32__)
ofd = dup (ofd);
- if (iarch == NULL || iarch->iostream == NULL)
- skip_stat = TRUE;
- else if (ofd == -1 || fstat (fileno (iarch->iostream), &target_stat) != 0)
- bfd_fatal (old_name);
#endif
+ if (ofd == -1 || bfd_stat (iarch, &target_stat) != 0)
+ bfd_fatal (old_name);
if (!bfd_close (obfd))
bfd_fatal (old_name);
@@ -1261,7 +1256,7 @@
/* We don't care if this fails; we might be creating the archive. */
bfd_close (iarch);
- if (smart_rename (new_name, old_name, ofd, skip_stat ? NULL : &target_stat, 0) != 0)
+ if (smart_rename (new_name, old_name, ofd, &target_stat, 0) != 0)
xexit (1);
free (old_name);
free (new_name);
diff -ur binutils-2.34.old/binutils/arsup.c binutils-2.34.new/binutils/arsup.c
--- binutils-2.34.old/binutils/arsup.c 2021-04-26 17:02:01.517211609 +0100
+++ binutils-2.34.new/binutils/arsup.c 2021-04-26 17:04:43.271215620 +0100
@@ -42,6 +42,8 @@
static bfd *obfd;
static char *real_name;
+static char *temp_name;
+static int real_ofd;
static FILE *outfile;
static void
@@ -149,27 +151,24 @@
void
ar_open (char *name, int t)
{
- char *tname;
- const char *bname = lbasename (name);
- real_name = name;
-
- /* Prepend tmp- to the beginning, to avoid file-name clashes after
- truncation on filesystems with limited namespaces (DOS). */
- if (asprintf (&tname, "%.*stmp-%s", (int) (bname - name), name, bname) == -1)
+ real_name = xstrdup (name);
+ temp_name = make_tempname (real_name, &real_ofd);
+
+ if (temp_name == NULL)
{
- fprintf (stderr, _("%s: Can't allocate memory for temp name (%s)\n"),
+ fprintf (stderr, _("%s: Can't open temporary file (%s)\n"),
program_name, strerror(errno));
maybequit ();
return;
}
- obfd = bfd_openw (tname, NULL);
+ obfd = bfd_fdopenw (temp_name, NULL, real_ofd);
if (!obfd)
{
fprintf (stderr,
_("%s: Can't open output archive %s\n"),
- program_name, tname);
+ program_name, temp_name);
maybequit ();
}
@@ -344,10 +343,9 @@
}
else
{
- char *ofilename = xstrdup (bfd_get_filename (obfd));
bfd_boolean skip_stat = FALSE;
struct stat target_stat;
- int ofd = -1;
+ int ofd = real_ofd;
if (deterministic > 0)
obfd->flags |= BFD_DETERMINISTIC_OUTPUT;
@@ -355,17 +353,32 @@
#if !defined (_WIN32) || defined (__CYGWIN32__)
/* It's OK to fail; at worst it will result in SMART_RENAME using a slow
copy fallback to write the output. */
- ofd = dup (fileno (obfd->iostream));
- if (lstat (real_name, &target_stat) != 0)
- skip_stat = TRUE;
+ ofd = dup (ofd);
#endif
bfd_close (obfd);
- smart_rename (ofilename, real_name, ofd,
+ if (lstat (real_name, &target_stat) != 0)
+ {
+ /* The temp file created in ar_open has mode 0600 as per mkstemp.
+ Create the real empty output file here so smart_rename will
+ update the mode according to the process umask. */
+ obfd = bfd_openw (real_name, NULL);
+ if (obfd == NULL
+ || bfd_stat (obfd, &target_stat) != 0)
+ skip_stat = TRUE;
+ if (obfd != NULL)
+ {
+ bfd_set_format (obfd, bfd_archive);
+ bfd_close (obfd);
+ }
+ }
+
+ smart_rename (temp_name, real_name, ofd,
skip_stat ? NULL : &target_stat, 0);
obfd = 0;
- free (ofilename);
+ free (temp_name);
+ free (real_name);
}
}
diff -ur binutils-2.34.old/binutils/objcopy.c binutils-2.34.new/binutils/objcopy.c
--- binutils-2.34.old/binutils/objcopy.c 2021-04-26 17:02:01.517211609 +0100
+++ binutils-2.34.new/binutils/objcopy.c 2021-04-26 17:05:17.876216478 +0100
@@ -20,7 +20,6 @@
#include "sysdep.h"
#include "bfd.h"
-#include "libbfd.h"
#include "progress.h"
#include "getopt.h"
#include "libiberty.h"
@@ -3704,7 +3703,7 @@
/* To allow us to do "strip *" without dying on the first
non-object file, failures are nonfatal. */
ibfd = bfd_openr (input_filename, input_target);
- if (ibfd == NULL || fstat (fileno (ibfd->iostream), in_stat) != 0)
+ if (ibfd == NULL || bfd_stat (ibfd, in_stat) != 0)
{
bfd_nonfatal_message (input_filename, NULL, NULL, NULL);
status = 1;

10
mingw-binutils.spec
View File

@ -2,7 +2,7 @@
Name: mingw-binutils
Version: 2.34
Release: 8%{?dist}
Release: 9%{?dist}
Summary: Cross-compiled version of binutils for Win32 and Win64 environments
License: GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+
@ -104,6 +104,10 @@ Patch19: binutils-gdb.git-365f5fb6d0f0da83817431a275e99e6f6babbe04.patch
Patch20: binutils-gdb.git-1a1c3b4cc17687091cff5a368bd6f13742bcfdf8.patch
Patch21: binutils-gdb.git-014cc7f849e8209623fc99264814bce7b3b6faf2.patch
# This fixes CVE-2021-20197 patches above. See:
# https://sourceware.org/bugzilla/show_bug.cgi?id=27270
Patch22: binutils-gdb.git-6184480d7ce1bcd57669a62867efc68418d0de7c.patch
### MINGW specific patches
Patch102: binutils-config.patch
@ -369,6 +373,10 @@ rm -rf %{buildroot}/multilib
%changelog
* Mon Apr 26 2021 Richard W.M. Jones <rjones@redhat.com> - 2.34-9
- Add fix for broken CVE-2021-20197 fix
related: rhbz#1951278
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.34-8
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937