diff --git a/CVE-2019-17451.patch b/CVE-2019-17451.patch new file mode 100644 index 0000000000000000000000000000000000000000..593206ec6f60d9df540b454d51f0b16518775e9b --- /dev/null +++ b/CVE-2019-17451.patch @@ -0,0 +1,21 @@ +diff -Naru "binutils-2.32 copy/bfd/dwarf2.c" binutils-2.32/bfd/dwarf2.c +--- "binutils-2.32 copy/bfd/dwarf2.c" 2022-07-22 16:04:52.129812000 +0800 ++++ binutils-2.32/bfd/dwarf2.c 2022-07-22 16:48:12.165638000 +0800 +@@ -4426,7 +4426,16 @@ + for (total_size = 0; + msec; + msec = find_debug_info (debug_bfd, debug_sections, msec)) +- total_size += msec->size; + { + /* Catch PR25070 testcase overflowing size calculation here. */ + if (total_size + msec->size < total_size + || total_size + msec->size < msec->size) + { + bfd_set_error (bfd_error_no_memory); + return FALSE; + } + total_size += msec->size; + } + + stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); + if (stash->info_ptr_memory == NULL) diff --git a/mingw-binutils.spec b/mingw-binutils.spec index f8322e77936a7feb44089da23e1c9833b165c442..d1337b8aabd458ee9afdbe2a9949702717e6d188 100644 --- a/mingw-binutils.spec +++ b/mingw-binutils.spec @@ -2,7 +2,7 @@ Name: mingw-binutils Version: 2.32 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Cross-compiled version of binutils for Win32 and Win64 environments License: GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+ @@ -158,7 +158,7 @@ Patch100: 0001-Plugin-target-handling.patch # Backport https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=2219ae0b0ebe14373850b000c2abaa31dab1d741 # Fixes an LTO issue (#1475237) Patch101: binutils_24267.patch - +Patch102: CVE-2019-17451.patch BuildRequires: gcc BuildRequires: flex BuildRequires: bison @@ -399,5 +399,8 @@ rm -rf $RPM_BUILD_ROOT/multilib %changelog +* Fri Jul 22 2022 dengyuyu -2.32.8 +- fix CVE-2019-17451 + * Thu Oct 08 2020 Zhiyi Weng - 2.32-7 - Initial version