summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-09-30 11:51:43 -0500
committerMax Rees <maxcrees@me.com>2019-09-30 11:51:43 -0500
commit03714f9c021bca9fa83820d0248e16593217ad01 (patch)
treec5df46b653c94dfc88826589697b4d109be26f42
parent26ea0e09f360bd226d8ba765cbf621c0ca8dd809 (diff)
downloadpackages-03714f9c021bca9fa83820d0248e16593217ad01.tar.gz
packages-03714f9c021bca9fa83820d0248e16593217ad01.tar.bz2
packages-03714f9c021bca9fa83820d0248e16593217ad01.tar.xz
packages-03714f9c021bca9fa83820d0248e16593217ad01.zip
system/binutils: patch CVE-2019-14444 (#174)
-rw-r--r--system/binutils/APKBUILD6
-rw-r--r--system/binutils/CVE-2019-14444.patch28
2 files changed, 33 insertions, 1 deletions
diff --git a/system/binutils/APKBUILD b/system/binutils/APKBUILD
index 33e6579c0..8304e5c7d 100644
--- a/system/binutils/APKBUILD
+++ b/system/binutils/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Adelie Platform Group <adelie-devel@lists.adelielinux.org>
pkgname=binutils
pkgver=2.32
-pkgrel=2
+pkgrel=3
pkgdesc="Tools necessary to build programs"
url="https://www.gnu.org/software/binutils/"
depends=""
@@ -30,6 +30,7 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
CVE-2019-9077.patch
CVE-2019-12972.patch
CVE-2019-14250.patch
+ CVE-2019-14444.patch
BTS-170.patch
BTS-196.patch
"
@@ -59,6 +60,8 @@ fi
# - CVE-2019-9077
# - CVE-2019-12972
# - CVE-2019-14250
+# 2.32-r3:
+# - CVE-2019-14444
build() {
local _sysroot=/
@@ -152,5 +155,6 @@ a46b9211608e2f35219b95363a5ba90506742dcb9e4bd4a43915af6c0b3e74bd8339a8318dc2923c
c0f50f1a843480f29b3895c8814df9801b9f90260edbaff1831aa5738fedd07a9e6b7a79f5b6f9be34df4954dbf02feb5232ebbecc596277fc2fe63673ed347c CVE-2019-9077.patch
9109a6ff9c55f310f86a1561fe6b404534928d402672490059bbe358f77c0c2a7f73c8b67f0a4450f00ba1776452858b63fa60cf2ec0744104a6b077e8fa3e42 CVE-2019-12972.patch
c277202272d9883741c2530a94c6d50d55dd9d0a9efaa43a1f8c9fc7529bd45e635255c0d90035dfc5920d5387010a4259612a4d711260a95d7b3d9fa6500e4f CVE-2019-14250.patch
+0942cc1a4c5ec03e931c6ebd15c5d60eae6be48cd0a3d9b7f6356f97361226bb6d53dbdcb01b20efcca0ccaf23764730d9bbad2c1bbe2ea6ca320e43b43b311b CVE-2019-14444.patch
d4543d2f77808d317d17a5f0eb9af21540ef8543fceaed4e3524213e31e058333321f3ba3b495199e3b57bfd0c4164929cf679369470389e26871b8895cb0110 BTS-170.patch
9cc17d9fe3fc1351d1f6b4fc1c916254529f3304c95db6f4698b867eeb623210b914dc798fb837eafbad2b287b78b31c4ed5482b3151a2992864da04e1dd5fac BTS-196.patch"
diff --git a/system/binutils/CVE-2019-14444.patch b/system/binutils/CVE-2019-14444.patch
new file mode 100644
index 000000000..43d4e2a91
--- /dev/null
+++ b/system/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Aug 2019 10:40:35 +0100
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
+ corrupt binaries.
+
+ PR 24829
+ * readelf.c (apply_relocations): Catch potential integer overflow
+ whilst checking reloc location against section size.
+---
+ binutils/readelf.c | 2 +-
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index b896ad9..e785fde 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
+ }
+
+ rloc = start + rp->r_offset;
+- if ((rloc + reloc_size) > end || (rloc < start))
++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
+ {
+ warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
+ (unsigned long) rp->r_offset,
+--
+2.9.3
+