OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 26-May-2006 21:10:50 Branch: OPENPKG_2_5_SOLID Handle: 2006052620104901 Modified files: (Branch: OPENPKG_2_5_SOLID) openpkg-src/binutils binutils.patch binutils.spec Log: Security Issue (PR binutils/2584, CVE-2006-2362) Summary: Revision Changes Path 1.15.2.1 +233 -0 openpkg-src/binutils/binutils.patch 1.66.2.2 +1 -1 openpkg-src/binutils/binutils.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/binutils/binutils.patch ============================================================================ $ cvs diff -u -r1.15 -r1.15.2.1 binutils.patch --- openpkg-src/binutils/binutils.patch 21 Sep 2005 19:29:45 -0000 1.15 +++ openpkg-src/binutils/binutils.patch 26 May 2006 19:10:49 -0000 1.15.2.1 @@ -112,3 +112,236 @@ EMUL = @EMUL@ EMULATION_OFILES = @EMULATION_OFILES@ + +----------------------------------------------------------------------------- + +Security Issue (PR binutils/2584, CVE-2006-2362) + +Index: bfd/tekhex.c +--- bfd/tekhex.c.orig 2004-10-08 16:54:02 +0200 ++++ bfd/tekhex.c 2006-05-26 20:21:02 +0200 +@@ -99,7 +99,7 @@ + #define ISHEX(x) hex_p(x) + + static void tekhex_init PARAMS ((void)); +-static bfd_vma getvalue PARAMS ((char **)); ++static bfd_boolean getvalue PARAMS ((char **, bfd_vma *)); + static void tekhex_print_symbol + PARAMS ((bfd *, PTR, asymbol *, bfd_print_symbol_type)); + static void tekhex_get_symbol_info PARAMS ((bfd *, asymbol *, symbol_info *)); +@@ -121,11 +121,11 @@ + static bfd_boolean tekhex_mkobject PARAMS ((bfd *)); + static long tekhex_get_symtab_upper_bound PARAMS ((bfd *)); + static long tekhex_canonicalize_symtab PARAMS ((bfd *, asymbol **)); +-static void pass_over PARAMS ((bfd *, void (*) (bfd*, int, char *))); +-static void first_phase PARAMS ((bfd *, int, char *)); ++static bfd_boolean pass_over PARAMS ((bfd *, bfd_boolean (*) (bfd*, int, char *))); ++static bfd_boolean first_phase PARAMS ((bfd *, int, char *)); + static void insert_byte PARAMS ((bfd *, int, bfd_vma)); + static struct data_struct *find_chunk PARAMS ((bfd *, bfd_vma)); +-static unsigned int getsym PARAMS ((char *, char **)); ++static bfd_boolean getsym PARAMS ((char *, char **, unsigned int *)); + + /* + Here's an example +@@ -304,40 +304,53 @@ + + #define enda(x) (x->vma + x->size) + +-static bfd_vma +-getvalue (srcp) ++static bfd_boolean ++getvalue (srcp, valuep) + char **srcp; ++ bfd_vma *valuep; + { + char *src = *srcp; + bfd_vma value = 0; +- unsigned int len = hex_value(*src++); ++ unsigned int len; ++ ++ if (!ISHEX(*src)) ++ return FALSE; + ++ len = hex_value(*src++); + if (len == 0) + len = 16; + while (len--) + { ++ if (!ISHEX(*src)) ++ return FALSE; + value = value << 4 | hex_value(*src++); + } + *srcp = src; +- return value; ++ *valuep = value; ++ return TRUE; + } + +-static unsigned int +-getsym (dstp, srcp) ++static bfd_boolean ++getsym (dstp, srcp, lenp) + char *dstp; + char **srcp; ++ unsigned int *lenp; + { + char *src = *srcp; + unsigned int i; +- unsigned int len = hex_value(*src++); ++ unsigned int len; + ++ if (!ISHEX(*src)) ++ return FALSE; ++ len = hex_value(*src++); + if (len == 0) + len = 16; + for (i = 0; i < len; i++) + dstp[i] = src[i]; + dstp[i] = 0; + *srcp = src + i; +- return len; ++ *lenp = len; ++ return TRUE; + } + + static struct data_struct * +@@ -383,7 +396,7 @@ + + /* The first pass is to find the names of all the sections, and see + how big the data is */ +-static void ++static bfd_boolean + first_phase (abfd, type, src) + bfd *abfd; + int type; +@@ -391,6 +404,7 @@ + { + asection *section = bfd_abs_section_ptr; + unsigned int len; ++ bfd_vma val; + char sym[17]; /* A symbol can only be 16chars long */ + + switch (type) +@@ -398,7 +412,10 @@ + case '6': + /* Data record - read it and store it */ + { +- bfd_vma addr = getvalue (&src); ++ bfd_vma addr; ++ ++ if (!getvalue (&src, &addr)) ++ return FALSE; + + while (*src) + { +@@ -408,17 +425,18 @@ + } + } + +- return; ++ return TRUE; + case '3': + /* Symbol record, read the segment */ +- len = getsym (sym, &src); ++ if (!getsym (sym, &src, &len)) ++ return FALSE; + section = bfd_get_section_by_name (abfd, sym); + if (section == (asection *) NULL) + { + char *n = bfd_alloc (abfd, (bfd_size_type) len + 1); + + if (!n) +- abort (); /* FIXME */ ++ return FALSE; + memcpy (n, sym, len + 1); + section = bfd_make_section (abfd, n); + } +@@ -428,8 +446,11 @@ + { + case '1': /* section range */ + src++; +- section->vma = getvalue (&src); +- section->size = getvalue (&src) - section->vma; ++ if (!getvalue (&src, §ion->vma)) ++ return FALSE; ++ if (!getvalue (&src, &val)) ++ return FALSE; ++ section->size = val - section->vma; + section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC; + break; + case '0': +@@ -447,37 +468,43 @@ + char stype = (*src); + + if (!new) +- abort (); /* FIXME */ ++ return FALSE; + new->symbol.the_bfd = abfd; + src++; + abfd->symcount++; + abfd->flags |= HAS_SYMS; + new->prev = abfd->tdata.tekhex_data->symbols; + abfd->tdata.tekhex_data->symbols = new; +- len = getsym (sym, &src); ++ if (!getsym (sym, &src, &len)) ++ return FALSE; + new->symbol.name = bfd_alloc (abfd, (bfd_size_type) len + 1); + if (!new->symbol.name) +- abort (); /* FIXME */ ++ return FALSE; + memcpy ((char *) (new->symbol.name), sym, len + 1); + new->symbol.section = section; + if (stype <= '4') + new->symbol.flags = (BSF_GLOBAL | BSF_EXPORT); + else + new->symbol.flags = BSF_LOCAL; +- new->symbol.value = getvalue (&src) - section->vma; ++ if (!getvalue (&src, &val)) ++ return FALSE; ++ new->symbol.value = val - section->vma; + } ++ default: ++ return FALSE; + } + } + } ++ return TRUE; + } + + /* Pass over a tekhex, calling one of the above functions on each + record. */ + +-static void ++static bfd_boolean + pass_over (abfd, func) + bfd *abfd; +- void (*func) PARAMS ((bfd *, int, char *)); ++ bfd_boolean (*func) PARAMS ((bfd *, int, char *)); + { + unsigned int chars_on_line; + bfd_boolean eof = FALSE; +@@ -516,9 +543,10 @@ + abort (); /* FIXME */ + src[chars_on_line] = 0; /* put a null at the end */ + +- func (abfd, type, src); ++ if (!func (abfd, type, src)) ++ return FALSE; + } +- ++ return TRUE; + } + + static long +@@ -585,7 +613,9 @@ + + tekhex_mkobject (abfd); + +- pass_over (abfd, first_phase); ++ if (!pass_over (abfd, first_phase)) ++ return NULL; ++ + return abfd->xvec; + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/binutils/binutils.spec ============================================================================ $ cvs diff -u -r1.66.2.1 -r1.66.2.2 binutils.spec --- openpkg-src/binutils/binutils.spec 11 Oct 2005 12:49:26 -0000 1.66.2.1 +++ openpkg-src/binutils/binutils.spec 26 May 2006 19:10:50 -0000 1.66.2.2 @@ -33,7 +33,7 @@ Group: Utility License: GPL Version: 2.16.1 -Release: 2.5.0 +Release: 2.5.1 # list of sources Source0: ftp://sources.redhat.com/pub/binutils/releases/binutils-%{version}.tar.bz2 @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org