OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 26-May-2006 21:10:50
Branch: OPENPKG_2_5_SOLID Handle: 2006052620104901
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/binutils binutils.patch binutils.spec
Log:
Security Issue (PR binutils/2584, CVE-2006-2362)
Summary:
Revision Changes Path
1.15.2.1 +233 -0 openpkg-src/binutils/binutils.patch
1.66.2.2 +1 -1 openpkg-src/binutils/binutils.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/binutils/binutils.patch
============================================================================
$ cvs diff -u -r1.15 -r1.15.2.1 binutils.patch
--- openpkg-src/binutils/binutils.patch 21 Sep 2005 19:29:45 -0000
1.15
+++ openpkg-src/binutils/binutils.patch 26 May 2006 19:10:49 -0000
1.15.2.1
@@ -112,3 +112,236 @@
EMUL = @EMUL@
EMULATION_OFILES = @EMULATION_OFILES@
+
+-----------------------------------------------------------------------------
+
+Security Issue (PR binutils/2584, CVE-2006-2362)
+
+Index: bfd/tekhex.c
+--- bfd/tekhex.c.orig 2004-10-08 16:54:02 +0200
++++ bfd/tekhex.c 2006-05-26 20:21:02 +0200
+@@ -99,7 +99,7 @@
+ #define ISHEX(x) hex_p(x)
+
+ static void tekhex_init PARAMS ((void));
+-static bfd_vma getvalue PARAMS ((char **));
++static bfd_boolean getvalue PARAMS ((char **, bfd_vma *));
+ static void tekhex_print_symbol
+ PARAMS ((bfd *, PTR, asymbol *, bfd_print_symbol_type));
+ static void tekhex_get_symbol_info PARAMS ((bfd *, asymbol *, symbol_info
*));
+@@ -121,11 +121,11 @@
+ static bfd_boolean tekhex_mkobject PARAMS ((bfd *));
+ static long tekhex_get_symtab_upper_bound PARAMS ((bfd *));
+ static long tekhex_canonicalize_symtab PARAMS ((bfd *, asymbol **));
+-static void pass_over PARAMS ((bfd *, void (*) (bfd*, int, char *)));
+-static void first_phase PARAMS ((bfd *, int, char *));
++static bfd_boolean pass_over PARAMS ((bfd *, bfd_boolean (*) (bfd*, int,
char *)));
++static bfd_boolean first_phase PARAMS ((bfd *, int, char *));
+ static void insert_byte PARAMS ((bfd *, int, bfd_vma));
+ static struct data_struct *find_chunk PARAMS ((bfd *, bfd_vma));
+-static unsigned int getsym PARAMS ((char *, char **));
++static bfd_boolean getsym PARAMS ((char *, char **, unsigned int *));
+
+ /*
+ Here's an example
+@@ -304,40 +304,53 @@
+
+ #define enda(x) (x->vma + x->size)
+
+-static bfd_vma
+-getvalue (srcp)
++static bfd_boolean
++getvalue (srcp, valuep)
+ char **srcp;
++ bfd_vma *valuep;
+ {
+ char *src = *srcp;
+ bfd_vma value = 0;
+- unsigned int len = hex_value(*src++);
++ unsigned int len;
++
++ if (!ISHEX(*src))
++ return FALSE;
+
++ len = hex_value(*src++);
+ if (len == 0)
+ len = 16;
+ while (len--)
+ {
++ if (!ISHEX(*src))
++ return FALSE;
+ value = value << 4 | hex_value(*src++);
+ }
+ *srcp = src;
+- return value;
++ *valuep = value;
++ return TRUE;
+ }
+
+-static unsigned int
+-getsym (dstp, srcp)
++static bfd_boolean
++getsym (dstp, srcp, lenp)
+ char *dstp;
+ char **srcp;
++ unsigned int *lenp;
+ {
+ char *src = *srcp;
+ unsigned int i;
+- unsigned int len = hex_value(*src++);
++ unsigned int len;
+
++ if (!ISHEX(*src))
++ return FALSE;
++ len = hex_value(*src++);
+ if (len == 0)
+ len = 16;
+ for (i = 0; i < len; i++)
+ dstp[i] = src[i];
+ dstp[i] = 0;
+ *srcp = src + i;
+- return len;
++ *lenp = len;
++ return TRUE;
+ }
+
+ static struct data_struct *
+@@ -383,7 +396,7 @@
+
+ /* The first pass is to find the names of all the sections, and see
+ how big the data is */
+-static void
++static bfd_boolean
+ first_phase (abfd, type, src)
+ bfd *abfd;
+ int type;
+@@ -391,6 +404,7 @@
+ {
+ asection *section = bfd_abs_section_ptr;
+ unsigned int len;
++ bfd_vma val;
+ char sym[17]; /* A symbol can only be 16chars long */
+
+ switch (type)
+@@ -398,7 +412,10 @@
+ case '6':
+ /* Data record - read it and store it */
+ {
+- bfd_vma addr = getvalue (&src);
++ bfd_vma addr;
++
++ if (!getvalue (&src, &addr))
++ return FALSE;
+
+ while (*src)
+ {
+@@ -408,17 +425,18 @@
+ }
+ }
+
+- return;
++ return TRUE;
+ case '3':
+ /* Symbol record, read the segment */
+- len = getsym (sym, &src);
++ if (!getsym (sym, &src, &len))
++ return FALSE;
+ section = bfd_get_section_by_name (abfd, sym);
+ if (section == (asection *) NULL)
+ {
+ char *n = bfd_alloc (abfd, (bfd_size_type) len + 1);
+
+ if (!n)
+- abort (); /* FIXME */
++ return FALSE;
+ memcpy (n, sym, len + 1);
+ section = bfd_make_section (abfd, n);
+ }
+@@ -428,8 +446,11 @@
+ {
+ case '1': /* section range */
+ src++;
+- section->vma = getvalue (&src);
+- section->size = getvalue (&src) - section->vma;
++ if (!getvalue (&src, §ion->vma))
++ return FALSE;
++ if (!getvalue (&src, &val))
++ return FALSE;
++ section->size = val - section->vma;
+ section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
+ break;
+ case '0':
+@@ -447,37 +468,43 @@
+ char stype = (*src);
+
+ if (!new)
+- abort (); /* FIXME */
++ return FALSE;
+ new->symbol.the_bfd = abfd;
+ src++;
+ abfd->symcount++;
+ abfd->flags |= HAS_SYMS;
+ new->prev = abfd->tdata.tekhex_data->symbols;
+ abfd->tdata.tekhex_data->symbols = new;
+- len = getsym (sym, &src);
++ if (!getsym (sym, &src, &len))
++ return FALSE;
+ new->symbol.name = bfd_alloc (abfd, (bfd_size_type) len + 1);
+ if (!new->symbol.name)
+- abort (); /* FIXME */
++ return FALSE;
+ memcpy ((char *) (new->symbol.name), sym, len + 1);
+ new->symbol.section = section;
+ if (stype <= '4')
+ new->symbol.flags = (BSF_GLOBAL | BSF_EXPORT);
+ else
+ new->symbol.flags = BSF_LOCAL;
+- new->symbol.value = getvalue (&src) - section->vma;
++ if (!getvalue (&src, &val))
++ return FALSE;
++ new->symbol.value = val - section->vma;
+ }
++ default:
++ return FALSE;
+ }
+ }
+ }
++ return TRUE;
+ }
+
+ /* Pass over a tekhex, calling one of the above functions on each
+ record. */
+
+-static void
++static bfd_boolean
+ pass_over (abfd, func)
+ bfd *abfd;
+- void (*func) PARAMS ((bfd *, int, char *));
++ bfd_boolean (*func) PARAMS ((bfd *, int, char *));
+ {
+ unsigned int chars_on_line;
+ bfd_boolean eof = FALSE;
+@@ -516,9 +543,10 @@
+ abort (); /* FIXME */
+ src[chars_on_line] = 0; /* put a null at the end */
+
+- func (abfd, type, src);
++ if (!func (abfd, type, src))
++ return FALSE;
+ }
+-
++ return TRUE;
+ }
+
+ static long
+@@ -585,7 +613,9 @@
+
+ tekhex_mkobject (abfd);
+
+- pass_over (abfd, first_phase);
++ if (!pass_over (abfd, first_phase))
++ return NULL;
++
+ return abfd->xvec;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/binutils/binutils.spec
============================================================================
$ cvs diff -u -r1.66.2.1 -r1.66.2.2 binutils.spec
--- openpkg-src/binutils/binutils.spec 11 Oct 2005 12:49:26 -0000
1.66.2.1
+++ openpkg-src/binutils/binutils.spec 26 May 2006 19:10:50 -0000
1.66.2.2
@@ -33,7 +33,7 @@
Group: Utility
License: GPL
Version: 2.16.1
-Release: 2.5.0
+Release: 2.5.1
# list of sources
Source0:
ftp://sources.redhat.com/pub/binutils/releases/binutils-%{version}.tar.bz2
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
