CVS commit: pkgsrc/devel/binutils

["Frederic Cambus" <fcambus%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   fcambus
Date:           Sun Dec 11 16:43:11 UTC 2022

Modified Files:
        pkgsrc/devel/binutils: Makefile distinfo
Added Files:
        pkgsrc/devel/binutils/patches: patch-bfd_coffcode.h

Log Message:
binutils: add fix for CVE-2022-38533 (heap buffer-overflow in strip).

>From upstream commit log:

PR29482 - strip: heap-buffer-overflow

PR 29482
* coffcode.h (coff_set_section_contents): Sanity check _LIB.


To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/devel/binutils/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/binutils/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/binutils/patches/patch-bfd_coffcode.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/binutils/Makefile
diff -u pkgsrc/devel/binutils/Makefile:1.107 pkgsrc/devel/binutils/Makefile:1.108
--- pkgsrc/devel/binutils/Makefile:1.107        Sat Aug  6 09:49:32 2022
+++ pkgsrc/devel/binutils/Makefile      Sun Dec 11 16:43:10 2022
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.107 2022/08/06 09:49:32 fcambus Exp $
+# $NetBSD: Makefile,v 1.108 2022/12/11 16:43:10 fcambus Exp $
 
 DISTNAME=      binutils-2.39
+PKGREVISION=   1
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GNU:=binutils/}
 EXTRACT_SUFX=  .tar.bz2

Index: pkgsrc/devel/binutils/distinfo
diff -u pkgsrc/devel/binutils/distinfo:1.48 pkgsrc/devel/binutils/distinfo:1.49
--- pkgsrc/devel/binutils/distinfo:1.48 Sat Aug  6 09:49:32 2022
+++ pkgsrc/devel/binutils/distinfo      Sun Dec 11 16:43:10 2022
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.48 2022/08/06 09:49:32 fcambus Exp $
+$NetBSD: distinfo,v 1.49 2022/12/11 16:43:10 fcambus Exp $
 
 BLAKE2s (binutils-2.39.tar.bz2) = 79c9e003be8c3793764b1a79ac04ce9de89425360f6e7c9573d10fe92c6149b1
 SHA512 (binutils-2.39.tar.bz2) = faa592dd48fc715901ad704ac96dbd34b1792c51e77c7a92a387964b0700703c74be07de45cc4751945c8c0674368c73dc17bbc563d1d2cd235b5ebd8c6e7efb
 Size (binutils-2.39.tar.bz2) = 36782148 bytes
 SHA1 (patch-bfd_cache.c) = e2d96bad350552eacdffa83532f9dc9e15ee9be9
+SHA1 (patch-bfd_coffcode.h) = c8fe60982a21219b724c3851220df27f6a98ed1f
 SHA1 (patch-gold_Makefile.in) = e01d973f9625a1653851f796c123efec37102fbd
 SHA1 (patch-gold_options.h) = 03816bbf157d781820d96a4d3af0885dc2bbbaa9
 SHA1 (patch-gold_system.h) = 9b4130b5315763daa66e0a91a8be6d1df0d10344

Added files:

Index: pkgsrc/devel/binutils/patches/patch-bfd_coffcode.h
diff -u /dev/null pkgsrc/devel/binutils/patches/patch-bfd_coffcode.h:1.1
--- /dev/null   Sun Dec 11 16:43:11 2022
+++ pkgsrc/devel/binutils/patches/patch-bfd_coffcode.h  Sun Dec 11 16:43:11 2022
@@ -0,0 +1,24 @@
+$NetBSD: patch-bfd_coffcode.h,v 1.1 2022/12/11 16:43:11 fcambus Exp $
+
+Fix for CVE-2022-38533: heap buffer overflow in strip (Binutils PR29482).
+
+Upstream commit ef186fe54aa6d281a3ff8a9528417e5cc614c797.
+
+--- bfd/coffcode.h.orig        2022-07-08 09:46:47.000000000 +0000
++++ bfd/coffcode.h
+@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+       rec = (bfd_byte *) location;
+       recend = rec + count;
+-      while (rec < recend)
++      while (recend - rec >= 4)
+         {
++          size_t len = bfd_get_32 (abfd, rec);
++          if (len == 0 || len > (size_t) (recend - rec) / 4)
++            break;
++          rec += len * 4;
+           ++section->lma;
+-          rec += bfd_get_32 (abfd, rec) * 4;
+         }
+ 
+       BFD_ASSERT (rec == recend);