Skip to content
Snippets Groups Projects
Commit 0c45de05 authored by Ariadne Conill's avatar Ariadne Conill
Browse files

main/binutils: add patch for CVE-2022-38533, acknowledge CVE-2022-38126

parent 3eb07b5b
No related branches found
No related tags found
1 merge request!39304[3.16] main/expat: security upgrade to 2.4.9
Hide whitespace changes
Inline Side-by-side
main/binutils/APKBUILD
+ 7
1
View file @ 0c45de05
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# Maintainer: Ariadne Conill <ariadne@dereferenced.org> # Maintainer: Ariadne Conill <ariadne@dereferenced.org>
pkgname=binutils pkgname=binutils
pkgver=2.39 pkgver=2.39
pkgrel=1 pkgrel=2
pkgdesc="Tools necessary to build programs" pkgdesc="Tools necessary to build programs"
url="https://www.gnu.org/software/binutils/" url="https://www.gnu.org/software/binutils/"
makedepends_build="bison flex texinfo" makedepends_build="bison flex texinfo"
...@@ -17,6 +17,7 @@ source="https://ftp.gnu.org/gnu/binutils/binutils-$pkgver.tar.xz ...@@ -17,6 +17,7 @@ source="https://ftp.gnu.org/gnu/binutils/binutils-$pkgver.tar.xz
ld-bfd-mips.patch ld-bfd-mips.patch
0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
binutils-mips-disable-assert.patch binutils-mips-disable-assert.patch
CVE-2022-38533.patch
" "
builddir="$srcdir/$pkgname-$pkgver" builddir="$srcdir/$pkgname-$pkgver"
...@@ -31,6 +32,10 @@ if [ "$CHOST" != "$CTARGET" ]; then ...@@ -31,6 +32,10 @@ if [ "$CHOST" != "$CTARGET" ]; then
fi fi
# secfixes: # secfixes:
# 2.39-r2:
# - CVE-2022-38533
# 2.39-r0:
# - CVE-2022-38126
# 2.35.2-r1: # 2.35.2-r1:
# - CVE-2021-3487 # - CVE-2021-3487
# 2.32-r0: # 2.32-r0:
...@@ -140,4 +145,5 @@ f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488 ...@@ -140,4 +145,5 @@ f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488
314d2ef9071c89940aa6c8118e8a1e2f191a5d0a4bf596da1ad9cc84f884d8bc7dea8bd7b9fc3f8f1bddd3fd41c6eb017e1e804044b3bf084df1ed9e6e095e2d ld-bfd-mips.patch 314d2ef9071c89940aa6c8118e8a1e2f191a5d0a4bf596da1ad9cc84f884d8bc7dea8bd7b9fc3f8f1bddd3fd41c6eb017e1e804044b3bf084df1ed9e6e095e2d ld-bfd-mips.patch
70ec22bd72ef6dddecfd970613387dd4a8cdc8730dd3cbf03d5a0c3a7c4d839383167bb06dad21bf7c235329fd44b5dc4aefe762f68544f17155cf002bf1be4a 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch 70ec22bd72ef6dddecfd970613387dd4a8cdc8730dd3cbf03d5a0c3a7c4d839383167bb06dad21bf7c235329fd44b5dc4aefe762f68544f17155cf002bf1be4a 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
609cd90d8b334eb309f586b17b9d335a08d3dbb6def7c3eb5c010028fcb681674031e5b9d853aa7a39a50304356a86afc184b85562b3f228f8197f4d29395c8f binutils-mips-disable-assert.patch 609cd90d8b334eb309f586b17b9d335a08d3dbb6def7c3eb5c010028fcb681674031e5b9d853aa7a39a50304356a86afc184b85562b3f228f8197f4d29395c8f binutils-mips-disable-assert.patch
631726e557524633ace39c597acbc5ac39bfd25f7b292eee1f0b2a80a503f4ff799f027757d12d5a24b2fa3c07c7e14602d8a86d96e19876d6d0d5d1a02817e7 CVE-2022-38533.patch
" "
main/binutils/CVE-2022-38533.patch 0 → 100644
+ 22
0
View file @ 0c45de05
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=bfd%2Fcoffcode.h;h=52027981c3f052d98e043cd0c877f0bb5da97c7f;hp=67aaf158ca1829fe63f0065f31a0b1009b227b36;hb=ef186fe54aa6d281a3ff8a9528417e5cc614c797;hpb=80075150727d653c39e9d037e15c6b87dcef08cd
diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 67aaf158ca1..52027981c3f 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
rec = (bfd_byte *) location;
recend = rec + count;
- while (rec < recend)
+ while (recend - rec >= 4)
{
+ size_t len = bfd_get_32 (abfd, rec);
+ if (len == 0 || len > (size_t) (recend - rec) / 4)
+ break;
+ rec += len * 4;
++section->lma;
- rec += bfd_get_32 (abfd, rec) * 4;
}
BFD_ASSERT (rec == recend);
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment