From 88c575c673f1e935c7358035436cdfdb5b2bf545 Mon Sep 17 00:00:00 2001
From: Leonardo Arena <rnalrd@alpinelinux.org>
Date: Tue, 25 Apr 2017 13:49:37 +0000
Subject: [PATCH] main/binutils: security fixes #7168 (CVE-2017-7614)

---
 main/binutils/APKBUILD            | 10 +++-
 main/binutils/CVE-2017-7614.patch | 84 +++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 main/binutils/CVE-2017-7614.patch

diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD
index bf2eb3e9aab6..2b72c1b74a09 100644
--- a/main/binutils/APKBUILD
+++ b/main/binutils/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=binutils
 pkgver=2.28
-pkgrel=0
+pkgrel=1
 pkgdesc="Tools necessary to build programs"
 url="http://www.gnu.org/software/binutils/"
 depends=""
@@ -21,9 +21,14 @@ fi
 source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2
 	binutils-ld-fix-static-linking.patch
 	hash-style-gnu.patch
+	CVE-2017-7614.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
+# secfixes:
+#   2.28-r1:
+#   - CVE-2017-7614
+
 build() {
 	local _sysroot=/
 	local _cross_configure="--enable-install-libiberty"
@@ -94,4 +99,5 @@ gold() {
 
 sha512sums="ede2e4e59a800260eea8c14eafbaee94e30abadafd5c419a3370f9f62213cf027d6400a1d4970b6958bd4d220e675dcd483a708107016e7abd5c99d7392ba8fd  binutils-2.28.tar.bz2
 ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49  binutils-ld-fix-static-linking.patch
-24e853bf4b58621a77921087e599da2ace47ba3079e2d50fb5d08ae399be5f060c5fdd7f65257bcc0526aebc66e68b98aafd45d714c035da8ea2bdc3d8d4e375  hash-style-gnu.patch"
+24e853bf4b58621a77921087e599da2ace47ba3079e2d50fb5d08ae399be5f060c5fdd7f65257bcc0526aebc66e68b98aafd45d714c035da8ea2bdc3d8d4e375  hash-style-gnu.patch
+03e2329a216eaaaebc00a2b487a8ffa57657845ea3428f24a1029eabaca2103cb00f39cb4824fe6b70ce9c124e0f850c893746fcf203a6a69288d19df624c60a  CVE-2017-7614.patch"
diff --git a/main/binutils/CVE-2017-7614.patch b/main/binutils/CVE-2017-7614.patch
new file mode 100644
index 000000000000..5f3b550f2633
--- /dev/null
+++ b/main/binutils/CVE-2017-7614.patch
@@ -0,0 +1,84 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+	PR binutils/21342
+	* elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+	dereference.
+	(bfd_elf_final_link): Only initialize the extended symbol index
+	section if there are extended symbol tables to list.
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 776357f..9bf75c8 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ 	 defined in shared libraries can't be overridden, because we
+ 	 lose the link to the bfd which is via the symbol section.  */
+       h->root.type = bfd_link_hash_new;
++      bh = &h->root;
+     }
++  else
++    bh = NULL;
+ 
+-  bh = &h->root;
+   bed = get_elf_backend_data (abfd);
+   if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ 					 sec, 0, NULL, FALSE, bed->collect,
+ 					 &bh))
+     return NULL;
+   h = (struct elf_link_hash_entry *) bh;
++  BFD_ASSERT (h != NULL);
+   h->def_regular = 1;
+   h->non_elf = 0;
+   h->root.linker_def = 1;
+@@ -12038,24 +12041,28 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info)
+     {
+       /* Finish up and write out the symbol string table (.strtab)
+ 	 section.  */
+-      Elf_Internal_Shdr *symstrtab_hdr;
++      Elf_Internal_Shdr *symstrtab_hdr = NULL;
+       file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+ 
+-      symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+-      if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++      if (elf_symtab_shndx_list (abfd))
+ 	{
+-	  symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+-	  symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+-	  symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+-	  amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+-	  symtab_shndx_hdr->sh_size = amt;
++	  symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+ 
+-	  off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+-							   off, TRUE);
++	  if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++	    {
++	      symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++	      symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++	      symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++	      amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++	      symtab_shndx_hdr->sh_size = amt;
+ 
+-	  if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+-	      || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+-	    return FALSE;
++	      off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++							       off, TRUE);
++
++	      if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++		  || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++		return FALSE;
++	    }
+ 	}
+ 
+       symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+-- 
+2.9.3
+
-- 
GitLab