diff --git a/gnu/local.mk b/gnu/local.mk index 12b279ea66..73f5eaf100 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -538,6 +538,7 @@ dist_patch_DATA = \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ %D%/packages/patches/bcftools-regidx-unsigned-char.patch \ + %D%/packages/patches/binutils-CVE-2017-14729.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 20f5ab7de6..7b5b5f87d7 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -393,15 +393,16 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.28.1") + (version "2.29.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939")) - (patches (search-patches "binutils-ld-new-dtags.patch" + "1k2mziqn0pbxpxnkwxrl824xnmivcqdkb0insap71yv92gsdy28m")) + (patches (search-patches "binutils-CVE-2017-14729.patch" + "binutils-ld-new-dtags.patch" "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) diff --git a/gnu/packages/patches/binutils-CVE-2017-14729.patch b/gnu/packages/patches/binutils-CVE-2017-14729.patch new file mode 100644 index 0000000000..ccf3d3570e --- /dev/null +++ b/gnu/packages/patches/binutils-CVE-2017-14729.patch @@ -0,0 +1,58 @@ +https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/ + +this patch is modified slightly to apply to our binutils + +From 56933f9e3e90eebf1018ed7417d6c1184b91db6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 22 Sep 2017 14:15:40 -0700 +Subject: [PATCH] x86: Guard against corrupted PLT + +There should be only one entry in PLT for a given symbol. Set howto to +NULL after processing a PLT entry to guard against corrupted PLT so that +the duplicated PLT entries are skipped. + + PR binutils/22170 + * elf32-i386.c (elf_i386_get_synthetic_symtab): Guard against + corrupted PLT. + * elf64-x86-64.c (elf_x86_64_get_synthetic_symtab): Likewise. + +(cherry picked from commit 61e3bf5f83f7e505b6bc51ef65426e5b31e6e360) +--- + bfd/ChangeLog | 7 +++++++ + bfd/elf32-i386.c | 4 ++++ + bfd/elf64-x86-64.c | 4 ++++ + 3 files changed, 15 insertions(+) + +diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c +index 9dc2d25..ba50c93 100644 +--- a/bfd/elf32-i386.c ++++ b/bfd/elf32-i386.c +@@ -6616,6 +6616,10 @@ bad_return: + size += sizeof ("+0x") - 1 + 8; + n++; + s++; ++ /* There should be only one entry in PLT for a given ++ symbol. Set howto to NULL after processing a PLT ++ entry to guard against corrupted PLT. */ ++ p->howto = NULL; + } + offset += plt_entry_size; + } +diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c +index 558db98..d9225ad 100644 +--- a/bfd/elf64-x86-64.c ++++ b/bfd/elf64-x86-64.c +@@ -6970,6 +6970,10 @@ bad_return: + size += sizeof ("+0x") - 1 + 8 + 8 * ABI_64_P (abfd); + n++; + s++; ++ /* There should be only one entry in PLT for a given ++ symbol. Set howto to NULL after processing a PLT ++ entry to guard against corrupted PLT. */ ++ p->howto = NULL; + } + offset += plt_entry_size; + } +-- +2.9.3 +