From 61cb3a6f22a3092aa6020cd9d13df13468c4490f Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Aug 27 2019 16:53:36 +0000 Subject: Sync with binutils-2.32-24 --- diff --git a/binutils-CVE-2019-1010204.patch b/binutils-CVE-2019-1010204.patch new file mode 100644 index 0000000..56434b1 --- /dev/null +++ b/binutils-CVE-2019-1010204.patch @@ -0,0 +1,15 @@ +--- binutils.orig/gold/fileread.cc 2019-08-06 14:22:08.669313110 +0100 ++++ binutils-2.32/gold/fileread.cc 2019-08-06 14:22:28.799177543 +0100 +@@ -381,6 +381,12 @@ File_read::do_read(off_t start, section_ + ssize_t bytes; + if (this->whole_file_view_ != NULL) + { ++ // See PR 23765 for an example of a testcase that triggers this error. ++ if (((ssize_t) start) < 0) ++ gold_fatal(_("%s: read failed, starting offset (%#llx) less than zero"), ++ this->filename().c_str(), ++ static_cast(start)); ++ + bytes = this->size_ - start; + if (static_cast(bytes) >= size) + { diff --git a/binutils-CVE-2019-14250.patch b/binutils-CVE-2019-14250.patch new file mode 100644 index 0000000..c37b92e --- /dev/null +++ b/binutils-CVE-2019-14250.patch @@ -0,0 +1,17 @@ +--- binutils.orig/libiberty/simple-object-elf.c 2019-08-09 14:13:51.677330065 +0100 ++++ binutils-2.32/libiberty/simple-object-elf.c 2019-08-09 14:14:31.177076298 +0100 +@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h + return NULL; + } + ++ if (eor->shstrndx == 0) ++ { ++ *errmsg = "invalid ELF shstrndx == 0"; ++ *err = 0; ++ XDELETE (eor); ++ return NULL; ++ } ++ + return (void *) eor; + } + diff --git a/binutils-CVE-2019-14444.patch b/binutils-CVE-2019-14444.patch new file mode 100644 index 0000000..ad554f5 --- /dev/null +++ b/binutils-CVE-2019-14444.patch @@ -0,0 +1,11 @@ +--- binutils.orig/binutils/readelf.c 2019-08-13 10:03:33.518792590 +0100 ++++ binutils-2.32/binutils/readelf.c 2019-08-13 10:04:22.885418269 +0100 +@@ -13234,7 +13234,7 @@ apply_relocations (Filedata * + } + + rloc = start + rp->r_offset; +- if ((rloc + reloc_size) > end || (rloc < start)) ++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) + { + warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), + (unsigned long) rp->r_offset, diff --git a/binutils-do-not-merge-differing-SHF_EXCLUDE-groups.patch b/binutils-do-not-merge-differing-SHF_EXCLUDE-groups.patch new file mode 100644 index 0000000..e0653f9 --- /dev/null +++ b/binutils-do-not-merge-differing-SHF_EXCLUDE-groups.patch @@ -0,0 +1,18 @@ +--- binutils.orig/ld/emultempl/elf32.em 2019-07-22 13:25:51.601030174 +0100 ++++ binutils-2.32/ld/emultempl/elf32.em 2019-07-22 13:27:36.070394830 +0100 +@@ -2029,10 +2029,12 @@ elf_orphan_compatible (asection *in, ase + if (elf_section_data (out)->this_hdr.sh_info + != elf_section_data (in)->this_hdr.sh_info) + return FALSE; +- /* We can't merge two sections with differing SHF_EXCLUDE when doing +- a relocatable link. */ ++ /* We can't merge with member of output section group nor merge two ++ sections with differing SHF_EXCLUDE when doing a relocatable link. */ + if (bfd_link_relocatable (&link_info) +- && ((elf_section_flags (out) ^ elf_section_flags (in)) & SHF_EXCLUDE) != 0) ++ && (elf_next_in_group (out) != NULL ++ || ((elf_section_flags (out) ^ elf_section_flags (in)) ++ & SHF_EXCLUDE) != 0)) + return FALSE; + return _bfd_elf_match_sections_by_type (link_info.output_bfd, out, + in->owner, in); diff --git a/binutils-do-not-warn-about-debuginfo-files.patch b/binutils-do-not-warn-about-debuginfo-files.patch new file mode 100644 index 0000000..bfe8135 --- /dev/null +++ b/binutils-do-not-warn-about-debuginfo-files.patch @@ -0,0 +1,68 @@ +diff -rup binutils.orig/bfd/elf-bfd.h binutils-2.32/bfd/elf-bfd.h +--- binutils.orig/bfd/elf-bfd.h 2019-07-02 16:03:41.758007318 +0100 ++++ binutils-2.32/bfd/elf-bfd.h 2019-07-02 16:04:02.025862020 +0100 +@@ -2749,6 +2749,8 @@ extern bfd_vma elf64_r_sym (bfd_vma); + extern bfd_vma elf32_r_info (bfd_vma, bfd_vma); + extern bfd_vma elf32_r_sym (bfd_vma); + ++extern bfd_boolean is_debuginfo_file (bfd *); ++ + /* Large common section. */ + extern asection _bfd_elf_large_com_section; + +Only in binutils-2.32/bfd: elf-bfd.h.orig +diff -rup binutils.orig/bfd/elf.c binutils-2.32/bfd/elf.c +--- binutils.orig/bfd/elf.c 2019-07-02 16:03:42.101004858 +0100 ++++ binutils-2.32/bfd/elf.c 2019-07-02 16:04:23.909705141 +0100 +@@ -5807,6 +5807,35 @@ assign_file_positions_for_load_sections + return TRUE; + } + ++/* Determine if a bfd is a debuginfo file. Unfortunately there ++ is no defined method for detecting such files, so we have to ++ use heuristics instead. */ ++ ++bfd_boolean ++is_debuginfo_file (bfd *abfd) ++{ ++ if (abfd == NULL || bfd_get_flavour (abfd) != bfd_target_elf_flavour) ++ return FALSE; ++ ++ Elf_Internal_Shdr **start_headers = elf_elfsections (abfd); ++ Elf_Internal_Shdr **end_headers = start_headers + elf_numsections (abfd); ++ Elf_Internal_Shdr **headerp; ++ ++ for (headerp = start_headers; headerp < end_headers; headerp ++) ++ { ++ Elf_Internal_Shdr *header = * headerp; ++ ++ /* Debuginfo files do not have any allocated SHT_PROGBITS sections. ++ The only allocated sections are SHT_NOBITS or SHT_NOTES. */ ++ if ((header->sh_flags & SHF_ALLOC) == SHF_ALLOC ++ && header->sh_type != SHT_NOBITS ++ && header->sh_type != SHT_NOTE) ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ + /* Assign file positions for the other sections. */ + + static bfd_boolean +@@ -5840,7 +5869,13 @@ assign_file_positions_for_non_load_secti + BFD_ASSERT (hdr->sh_offset == hdr->bfd_section->filepos); + else if ((hdr->sh_flags & SHF_ALLOC) != 0) + { +- if (hdr->sh_size != 0) ++ if (hdr->sh_size != 0 ++ /* PR 24717 - debuginfo files are known to be not strictly ++ compliant with the ELF standard. In particular they often ++ have .note.gnu.property sections that are outside of any ++ loadable segment. This is not a problem for such files, ++ so do not warn about them. */ ++ && ! is_debuginfo_file (abfd)) + _bfd_error_handler + /* xgettext:c-format */ + (_("%pB: warning: allocated section `%s' not in segment"), +Only in binutils-2.32/bfd: elf.c.orig diff --git a/binutils-gas-build-note-relocs.patch b/binutils-gas-build-note-relocs.patch new file mode 100644 index 0000000..52a4c0b --- /dev/null +++ b/binutils-gas-build-note-relocs.patch @@ -0,0 +1,55 @@ +--- binutils.orig/gas/write.c 2019-07-01 16:23:28.133707500 +0100 ++++ binutils-2.32/gas/write.c 2019-07-01 16:24:50.699130611 +0100 +@@ -1891,7 +1891,8 @@ create_obj_attrs_section (void) + static void + create_note_reloc (segT sec, + symbolS * sym, +- bfd_size_type offset, ++ bfd_size_type note_offset, ++ bfd_size_type desc2_offset, + int reloc_type, + bfd_vma addend, + char * note) +@@ -1901,10 +1902,10 @@ create_note_reloc (segT sec, + reloc = XNEW (struct reloc_list); + + /* We create a .b type reloc as resolve_reloc_expr_symbols() has already been called. */ +- reloc->u.b.sec = sec; +- reloc->u.b.s = symbol_get_bfdsym (sym); ++ reloc->u.b.sec = sec; ++ reloc->u.b.s = symbol_get_bfdsym (sym); + reloc->u.b.r.sym_ptr_ptr = & reloc->u.b.s; +- reloc->u.b.r.address = offset; ++ reloc->u.b.r.address = note_offset + desc2_offset; + reloc->u.b.r.addend = addend; + reloc->u.b.r.howto = bfd_reloc_type_lookup (stdoutput, reloc_type); + +@@ -1929,12 +1930,12 @@ create_note_reloc (segT sec, + if (target_big_endian) + { + if (bfd_arch_bits_per_address (stdoutput) <= 32) +- note[offset + 3] = addend; ++ note[desc2_offset + 3] = addend; + else +- note[offset + 7] = addend; ++ note[desc2_offset + 7] = addend; + } + else +- note[offset] = addend; ++ note[desc2_offset] = addend; + } + } + +@@ -2037,10 +2038,10 @@ maybe_generate_build_notes (void) + memcpy (note + 12, "GA$3a1", 8); + + /* Create a relocation to install the start address of the note... */ +- create_note_reloc (sec, sym, total_size + 20, desc_reloc, 0, note); ++ create_note_reloc (sec, sym, total_size, 20, desc_reloc, 0, note); + + /* ...and another one to install the end address. */ +- create_note_reloc (sec, sym, total_size + desc2_offset, desc_reloc, ++ create_note_reloc (sec, sym, total_size, desc2_offset, desc_reloc, + bfd_get_section_size (bsym->section), + note); + diff --git a/binutils-gold-mismatched-section-flags.patch b/binutils-gold-mismatched-section-flags.patch new file mode 100644 index 0000000..4125801 --- /dev/null +++ b/binutils-gold-mismatched-section-flags.patch @@ -0,0 +1,36 @@ +diff -rup binutils.orig/gold/layout.cc binutils-2.32/gold/layout.cc +--- binutils.orig/gold/layout.cc 2019-06-24 14:37:36.013086899 +0100 ++++ binutils-2.32/gold/layout.cc 2019-06-24 14:41:40.054517479 +0100 +@@ -868,6 +868,7 @@ Layout::get_output_section(const char* n + && (same_name->flags() & elfcpp::SHF_TLS) == 0) + os = same_name; + } ++#if 0 /* BZ 1722715, PR 17556. */ + else if ((flags & elfcpp::SHF_TLS) == 0) + { + elfcpp::Elf_Xword zero_flags = 0; +@@ -878,6 +879,7 @@ Layout::get_output_section(const char* n + if (p != this->section_name_map_.end()) + os = p->second; + } ++#endif + } + + if (os == NULL) +diff -rup binutils.orig/gold/object.cc binutils-2.32/gold/object.cc +--- binutils.orig/gold/object.cc 2019-06-24 14:37:36.012086906 +0100 ++++ binutils-2.32/gold/object.cc 2019-06-24 14:39:59.287165501 +0100 +@@ -1644,6 +1644,13 @@ Sized_relobj_file::do_ + omit[i] = true; + } + ++ // Skip empty sections without flags. ++ if (!(shdr.get_sh_flags() & ~elfcpp::SHF_GROUP) ++ && !shdr.get_sh_size()) ++ { ++ omit[i] = true; ++ } ++ + bool discard = omit[i]; + if (!discard) + { diff --git a/binutils-objcopy-gnu-build-version-notes.patch b/binutils-objcopy-gnu-build-version-notes.patch new file mode 100644 index 0000000..f3f5bd4 --- /dev/null +++ b/binutils-objcopy-gnu-build-version-notes.patch @@ -0,0 +1,57 @@ +--- binutils.orig/binutils/objcopy.c 2019-08-05 16:17:56.908552690 +0100 ++++ binutils-2.32/binutils/objcopy.c 2019-08-05 16:18:14.985435014 +0100 +@@ -1988,7 +1988,6 @@ merge_gnu_build_notes (bfd * abfd, asect + unsigned long previous_open_end = 0; + long relsize; + +- + relsize = bfd_get_reloc_upper_bound (abfd, sec); + if (relsize > 0) + { +@@ -2005,7 +2004,8 @@ merge_gnu_build_notes (bfd * abfd, asect + } + + /* Make a copy of the notes and convert to our internal format. +- Minimum size of a note is 12 bytes. */ ++ Minimum size of a note is 12 bytes. Also locate the version ++ notes and check them. */ + pnote = pnotes = (objcopy_internal_note *) xcalloc ((size / 12), sizeof (* pnote)); + while (remain >= 12) + { +@@ -2174,12 +2174,10 @@ merge_gnu_build_notes (bfd * abfd, asect + attribute_type_byte = version_1_seen ? 1 : 3; + val_start = attribute_type_byte + 1; + +- /* The first note should be the first version note. */ +- if (pnotes[0].note.namedata[attribute_type_byte] != GNU_BUILD_ATTRIBUTE_VERSION) +- { +- err = _("bad GNU build attribute notes: first note not version note"); +- goto done; +- } ++ /* We used to require that the first note be a version note, ++ but this is no longer enforced. Due to the problems with ++ linking sections with the same name (eg .gnu.build.note.hot) ++ we cannot guarantee that the first note will be a version note. */ + + /* Now merge the notes. The rules are: + 1. Preserve the ordering of the notes. +@@ -2196,8 +2194,9 @@ merge_gnu_build_notes (bfd * abfd, asect + with a non-empty description field must also be preserved *OR* the + description field of the note must be changed to contain the starting + address to which it refers. +- 6. Notes with the same start and end address can be deleted. */ +- for (pnote = pnotes + 1; pnote < pnotes_end; pnote ++) ++ 6. Notes with the same start and end address can be deleted. ++ 7. FIXME: Elminate duplicate version notes - even function specific ones ? */ ++ for (pnote = pnotes; pnote < pnotes_end; pnote ++) + { + int note_type; + objcopy_internal_note * back; +@@ -2225,7 +2224,6 @@ merge_gnu_build_notes (bfd * abfd, asect + && back->note.namesz == pnote->note.namesz + && memcmp (back->note.namedata, pnote->note.namedata, pnote->note.namesz) == 0) + { +- fprintf (stderr, "DUP FUNXC\n"); + duplicate_found = TRUE; + pnote->note.type = 0; + break; diff --git a/binutils-rh1736114.patch b/binutils-rh1736114.patch new file mode 100644 index 0000000..b47dde9 --- /dev/null +++ b/binutils-rh1736114.patch @@ -0,0 +1,158 @@ +Backup from binutils-2_32-branch upstream: + +commit df010caac3b33b1d38b6d67024091854c3f77c77 +Author: H.J. Lu +Date: Mon Jun 24 11:08:40 2019 -0700 + + elf: Remove the property after reporting its removal + + commit d2ef37ebd9f771d06edf1fdea37970f60b242b2d + Author: H.J. Lu + Date: Fri Dec 7 08:30:30 2018 -0800 + + elf: Report property change when merging properties + + failed to remove the property after reporting it has been removed. This + patch corrects it. + + bfd/ + + PR ld/24721 + * elf-properties.c (elf_merge_gnu_property_list): Remove the + property after reporting property removal. + + ld/ + + PR ld/24721 + * testsuite/ld-x86-64/x86-64.exp: Run PR ld/24721 tests. + * testsuite/ld-x86-64/pr24721-x32.d: New file. + * testsuite/ld-x86-64/pr24721.d: Likewise. + * testsuite/ld-x86-64/pr24721.map: Likewise. + * testsuite/ld-x86-64/pr24721a.s: Likewise. + * testsuite/ld-x86-64/pr24721b.s: Likewise. + + (cherry picked from commit f93ab3a0b8039a1667a666f013cca50b03d67f9b) + +Conflicts: + ld/testsuite/ld-x86-64/x86-64.exp + (Missing backports of PR24151, PR24458.) + +diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c +index 5e48d75faa269453..4a9907ff7edad5e0 100644 +--- a/bfd/elf-properties.c ++++ b/bfd/elf-properties.c +@@ -322,12 +322,10 @@ elf_merge_gnu_property_list (struct bfd_link_info *info, bfd *first_pbfd, + (bfd_vma) p->property.pr_type, first_pbfd, abfd); + } + } +- else +- { +- /* Remove this property. */ +- *lastp = p->next; +- continue; +- } ++ ++ /* Remove this property. */ ++ *lastp = p->next; ++ continue; + } + else if (number_p) + { +diff --git a/ld/testsuite/ld-x86-64/pr24721-x32.d b/ld/testsuite/ld-x86-64/pr24721-x32.d +new file mode 100644 +index 0000000000000000..9b067efdc11a4824 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr24721-x32.d +@@ -0,0 +1,6 @@ ++#source: pr24721a.s ++#source: pr24721b.s ++#as: --x32 -mx86-used-note=no ++#ld: -r -m elf32_x86_64 -Map tmpdir/pr24721.map ++#readelf: -n ++#map: pr24721.map +diff --git a/ld/testsuite/ld-x86-64/pr24721.d b/ld/testsuite/ld-x86-64/pr24721.d +new file mode 100644 +index 0000000000000000..efa88db2b3c7e9c5 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr24721.d +@@ -0,0 +1,6 @@ ++#source: pr24721a.s ++#source: pr24721b.s ++#as: --64 -defsym __64_bit__=1 -mx86-used-note=no ++#ld: -r -melf_x86_64 -Map tmpdir/pr24721.map ++#readelf: -n ++#map: pr24721.map +diff --git a/ld/testsuite/ld-x86-64/pr24721.map b/ld/testsuite/ld-x86-64/pr24721.map +new file mode 100644 +index 0000000000000000..9e63fff27557b983 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr24721.map +@@ -0,0 +1,3 @@ ++#... ++Removed property 0xc0000002 to merge tmpdir/pr24721a.o \(0x1\) and tmpdir/pr24721b.o \(not found\) ++#pass +diff --git a/ld/testsuite/ld-x86-64/pr24721a.s b/ld/testsuite/ld-x86-64/pr24721a.s +new file mode 100644 +index 0000000000000000..b229d19b02dc9809 +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr24721a.s +@@ -0,0 +1,34 @@ ++ .text ++ .globl foo ++ .type foo,@function ++ .p2align 4 ++foo: ++ ret ++ ++ .section ".note.gnu.property", "a" ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++ .long 1f - 0f /* name length */ ++ .long 5f - 2f /* data length */ ++ .long 5 /* note type */ ++0: .asciz "GNU" /* vendor name */ ++1: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++2: .long 0xc0000002 /* pr_type. */ ++ .long 4f - 3f /* pr_datasz. */ ++3: ++ .long 0x1 ++4: ++.ifdef __64_bit__ ++ .p2align 3 ++.else ++ .p2align 2 ++.endif ++5: +diff --git a/ld/testsuite/ld-x86-64/pr24721b.s b/ld/testsuite/ld-x86-64/pr24721b.s +new file mode 100644 +index 0000000000000000..3d11691166751bfa +--- /dev/null ++++ b/ld/testsuite/ld-x86-64/pr24721b.s +@@ -0,0 +1,6 @@ ++ .text ++ .globl bar ++ .type bar,@function ++ .p2align 4 ++bar: ++ ret +diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp +index 0d65801a942dbddd..3e02531e6f90aff9 100644 +--- a/ld/testsuite/ld-x86-64/x86-64.exp ++++ b/ld/testsuite/ld-x86-64/x86-64.exp +@@ -424,6 +424,8 @@ run_dump_test "pr23486d-x32" + run_dump_test "pr23854" + run_dump_test "pr23930" + run_dump_test "pr23930-x32" ++run_dump_test "pr24721" ++run_dump_test "pr24721-x32" + + if { ![istarget "x86_64-*-linux*"] && ![istarget "x86_64-*-nacl*"]} { + return diff --git a/cross-binutils.spec b/cross-binutils.spec index 5022374..71ffe54 100644 --- a/cross-binutils.spec +++ b/cross-binutils.spec @@ -65,7 +65,7 @@ Summary: A GNU collection of cross-compilation binary utilities Name: %{cross}-binutils Version: 2.32 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -191,6 +191,48 @@ Patch19: binutils-CVE-2019-9071.patch # Lifetime: Fixed in 2.33 Patch20: binutils-aarch64-gold-PLT-for-MOVW_ABS.patch +# Purpose: Stop gold from aborting when input sections with the same name +# have different flags. +# Lifetime: Fixed in 2.33 (probably) +Patch21: binutils-gold-mismatched-section-flags.patch + +# Purpose: Corrcect a memory corruption when generating relocs for build +# notes in the assembler. +# Lifetime: Fixed in 2.33 +Patch22: binutils-gas-build-note-relocs.patch + +# Purpose: Stop the BFD library from issueing warning messages about allocated +# sections being found outside of loadable segments, if they are +# found inside debuginfo files. +# Lifetime: Fixed in 2.33 +Patch23: binutils-do-not-warn-about-debuginfo-files.patch + +# Purpose: Stops the linker from merging section groups with different exclusion flags. +# Lifetime: Fixed in 2.33 +Patch24: binutils-do-not-merge-differing-SHF_EXCLUDE-groups.patch + +# Purpose: Fix -Map and property merging +# Lifetime: Fixed in 2.33 +Patch25: binutils-rh1736114.patch + +# Purpose: Change objcopy/strip so that they do not complain if the +# first note in a sequence of build notes is not a version note. +# Lifetime: Fixed in 2.33 +Patch26: binutils-objcopy-gnu-build-version-notes.patch + +# Purpose: Add a check to the GOLD linker for a corrupt input file +# with a fuzzed section offset. +# Lifetime: Fixed in 2.33 +Patch27: binutils-CVE-2019-1010204.patch + +# Purpose: Add check to libiberty library in order to prevent an integer overflow in the gold linker. +# Lifetime: Fixed in 2.33 +Patch28: binutils-CVE-2019-14250.patch + +# Purpose: Add check to readelf in order to prevent an integer overflow. +# Lifetime: Fixed in 2.33 +Patch29: binutils-CVE-2019-14444.patch + #---------------------------------------------------------------------------- BuildRequires: texinfo >= 4.0, gettext, flex, bison, zlib-devel @@ -786,6 +828,9 @@ cd - %do_files xtensa-linux-gnu %{build_xtensa} %changelog +* Tue Aug 27 2019 Peter Robinson 2.32-3 +- Sync with binutils-2.32-24 + * Wed Jul 24 2019 Fedora Release Engineering - 2.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild