Subject: pkg/32190: Security fix devel/binutils
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Andreas Hallmann,,, <root@ahatec.de>
List: pkgsrc-bugs
Date: 11/29/2005 12:14:00
>Number:         32190
>Category:       pkg
>Synopsis:       Security fix devel/binutils
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 29 12:14:00 +0000 2005
>Originator:     Andreas Hallmann
>Release:        NetBSD 1.6.2_STABLE
>Organization:
	Hallmann EDV Dienstleistungen
>Environment:
System: NetBSD nda 1.6.2_STABLE NetBSD 1.6.2_STABLE (AHAv8#2) #11: Mon May 23 09:22:03 CEST 2005 toor@nda:/mounts/netbsd/src/sys/arch/sparc/compile/AHAv8#2 sparc
Architecture: sparc
Machine: sparc
>Description:
	binutils are vulnarable by buffer overflow
	Version 2.16.1 is said to be fixed with respect this issue by gentoo linux security advisory GLSA 200506-01/binutils (who detected the bug)
	Therefor this upgrade.
	ATTENTION: Our security audit should be updated to accept binutils >=2.16.1.0
	Since this VULNERABILITY is remote exploitable ... a pull up to pkgsrc-2005Q3 should be considered.

>How-To-Repeat:
>Fix:

Index: devel/binutils/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/devel/binutils/Makefile,v
retrieving revision 1.27
diff -r1.27 Makefile
3,4c3,4
< DISTNAME=	binutils-2.15
< PKGNAME=	binutils-2.15.0.0
---
> DISTNAME=	binutils-2.16.1
> PKGNAME=	binutils-2.16.1.0
Index: devel/binutils/PLIST.common
===================================================================
RCS file: /cvsroot/pkgsrc/devel/binutils/PLIST.common,v
retrieving revision 1.9
diff -r1.9 PLIST.common
34a35
> ${PKGLOCALEDIR}/locale/ro/LC_MESSAGES/binutils.mo
49a51
> ${NO_GPROF}${PKGLOCALEDIR}/locale/vi/LC_MESSAGES/gprof.mo
Index: devel/binutils/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/devel/binutils/distinfo,v
retrieving revision 1.5
diff -r1.5 distinfo
3,6c3,6
< SHA1 (binutils-2.15.tar.gz) = 4caf693b8cbaf1118d2bfddb40a2fc91eaf51a6f
< RMD160 (binutils-2.15.tar.gz) = d23535cb8ba5f68f095e34b7c5f7163c9c15c80e
< Size (binutils-2.15.tar.gz) = 15134701 bytes
< SHA1 (patch-aa) = 34f4efe9ab793c38eccb016bd9498a7db1494953
---
> SHA1 (binutils-2.16.1.tar.gz) = df79ed47b4388a205adf3089d4e36ce47724c940
> RMD160 (binutils-2.16.1.tar.gz) = 304b2b53f9aa15794962af842f4f93b71308c495
> Size (binutils-2.16.1.tar.gz) = 16378360 bytes
> SHA1 (patch-aa) = 3f0b6cc9c0aff0dd2e400334f08da4a22cfc443e
Index: devel/binutils/patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/devel/binutils/patches/patch-aa,v
retrieving revision 1.2
diff -r1.2 patch-aa
1c1
< $NetBSD: patch-aa,v 1.2 2003/07/14 19:01:36 fredb Exp $
---
> $NetBSD$
3c3
< --- configure.orig	Mon Jul 14 09:36:26 2003
---
> --- configure.orig	Mon Feb 28 15:06:59 2005
5c5
< @@ -784,7 +784,7 @@ host_libs="intl mmalloc libiberty opcode
---
> @@ -914,7 +914,7 @@ host_libs="intl mmalloc libiberty opcode
9,10c9,10
< -host_tools="texinfo byacc flex bison binutils gas ld gcc sid sim gdb make patch prms send-pr gprof etc expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar"
< +host_tools="texinfo byacc flex bison binutils gas ld gcc sid sim gdb make patch prms send-pr gprof expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar"
---
> -host_tools="texinfo byacc flex bison binutils gas ld fixincludes gcc sid sim gdb make patch prms send-pr gprof etc expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar gnattools"
> +host_tools="texinfo byacc flex bison binutils gas ld fixincludes gcc sid sim gdb make patch prms send-pr gprof expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar gnattools"