binutils: address CVE-2022-35205, CVE-2022-48063, CVE-2023-1972 (#11082)

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
Co-authored-by: Francisco Huelsz Prince <frhuelsz@microsoft.com>

Author: trungams

SPECS/binutils/CVE-2022-35205.patch

@@ -0,0 +1,18 @@
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 79bd2eeed42..409fd895688 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -9782,7 +9782,12 @@ display_debug_names (struct dwarf_section *section, void *file)
+       printf (_("Out of %lu items there are %zu bucket clashes"
+ 		" (longest of %zu entries).\n"),
+ 	      (unsigned long) name_count, hash_clash_count, longest_clash);
+-      assert (name_count == buckets_filled + hash_clash_count);
++      
++	  if (name_count != buckets_filled + hash_clash_count)
++	    warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"),
++		  (unsigned long) name_count,
++		  (unsigned long) buckets_filled,
++		  (unsigned long) hash_clash_count);
+ 
+       struct abbrev_lookup_entry
+       {

SPECS/binutils/CVE-2022-48063.patch

@@ -0,0 +1,15 @@
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index a7b8303b992..1e2e83959bf 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -3630,7 +3630,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
+   section->size = bfd_section_size (sec);
+   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+   alloced = amt = section->size + 1;
+-  if (alloced != amt || alloced == 0)
++  if (alloced != amt
++      || alloced == 0
++      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
+     {
+       section->start = NULL;
+       free_debug_section (debug);

SPECS/binutils/CVE-2023-1972.patch

@@ -0,0 +1,23 @@
+diff --git a/bfd/elf.c b/bfd/elf.c
+index eddc6304e1c..05bb9c99d5f 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8925,6 +8925,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verdef;
+ 	}
++
++      if (amt == 0)
++	goto error_return_verdef;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+ 	goto error_return_verdef;
+@@ -9028,6 +9031,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return;
+ 	}
++      if (amt == 0)
++	goto error_return;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+ 	goto error_return;

SPECS/binutils/binutils.spec

@@ -21,7 +21,7 @@
 Summary:        Contains a linker, an assembler, and other tools
 Name:           binutils
 Version:        2.37
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -42,6 +42,9 @@ Patch7:         CVE-2022-47007.patch
 Patch8:         CVE-2022-47008.patch
 Patch9:         CVE-2022-47010.patch
 Patch10:        CVE-2022-47011.patch
+Patch11:         CVE-2022-48063.patch
+Patch12:         CVE-2023-1972.patch
+Patch13:         CVE-2022-35205.patch
 Provides:       bundled(libiberty)
 
 # Moving macro before the "SourceX" tags breaks PR checks parsing the specs.
@@ -298,6 +301,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %do_files aarch64-linux-gnu %{build_aarch64}
 
 %changelog
+* Thu Nov 14 2024 Thien Trung Vuong <tvuong@microsoft.com> - 2.37-10
+- Added patch to fix CVE-2023-1972, CVE-2022-48063, CVE-2022-35205
+
 * Mon Nov 04 2024 Nicolas Guibourge <nicolasg@microsoft.com> - 2.37-9
 - Address CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011.
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.aarch64.rpm
 file-5.40-3.cm2.aarch64.rpm
 file-devel-5.40-3.cm2.aarch64.rpm
 file-libs-5.40-3.cm2.aarch64.rpm
-binutils-2.37-9.cm2.aarch64.rpm
-binutils-devel-2.37-9.cm2.aarch64.rpm
+binutils-2.37-10.cm2.aarch64.rpm
+binutils-devel-2.37-10.cm2.aarch64.rpm
 gmp-6.2.1-4.cm2.aarch64.rpm
 gmp-devel-6.2.1-4.cm2.aarch64.rpm
 mpfr-4.1.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.x86_64.rpm
 file-5.40-3.cm2.x86_64.rpm
 file-devel-5.40-3.cm2.x86_64.rpm
 file-libs-5.40-3.cm2.x86_64.rpm
-binutils-2.37-9.cm2.x86_64.rpm
-binutils-devel-2.37-9.cm2.x86_64.rpm
+binutils-2.37-10.cm2.x86_64.rpm
+binutils-devel-2.37-10.cm2.x86_64.rpm
 gmp-6.2.1-4.cm2.x86_64.rpm
 gmp-devel-6.2.1-4.cm2.x86_64.rpm
 mpfr-4.1.0-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -9,9 +9,9 @@ bash-5.1.8-4.cm2.aarch64.rpm
 bash-debuginfo-5.1.8-4.cm2.aarch64.rpm
 bash-devel-5.1.8-4.cm2.aarch64.rpm
 bash-lang-5.1.8-4.cm2.aarch64.rpm
-binutils-2.37-9.cm2.aarch64.rpm
-binutils-debuginfo-2.37-9.cm2.aarch64.rpm
-binutils-devel-2.37-9.cm2.aarch64.rpm
+binutils-2.37-10.cm2.aarch64.rpm
+binutils-debuginfo-2.37-10.cm2.aarch64.rpm
+binutils-devel-2.37-10.cm2.aarch64.rpm
 bison-3.7.6-2.cm2.aarch64.rpm
 bison-debuginfo-3.7.6-2.cm2.aarch64.rpm
 bzip2-1.0.8-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -9,10 +9,10 @@ bash-5.1.8-4.cm2.x86_64.rpm
 bash-debuginfo-5.1.8-4.cm2.x86_64.rpm
 bash-devel-5.1.8-4.cm2.x86_64.rpm
 bash-lang-5.1.8-4.cm2.x86_64.rpm
-binutils-2.37-9.cm2.x86_64.rpm
-binutils-aarch64-linux-gnu-2.37-9.cm2.x86_64.rpm
-binutils-debuginfo-2.37-9.cm2.x86_64.rpm
-binutils-devel-2.37-9.cm2.x86_64.rpm
+binutils-2.37-10.cm2.x86_64.rpm
+binutils-aarch64-linux-gnu-2.37-10.cm2.x86_64.rpm
+binutils-debuginfo-2.37-10.cm2.x86_64.rpm
+binutils-devel-2.37-10.cm2.x86_64.rpm
 bison-3.7.6-2.cm2.x86_64.rpm
 bison-debuginfo-3.7.6-2.cm2.x86_64.rpm
 bzip2-1.0.8-1.cm2.x86_64.rpm
@@ -47,7 +47,7 @@ cracklib-lang-2.9.7-5.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm
-cross-binutils-common-2.37-9.cm2.noarch.rpm
+cross-binutils-common-2.37-10.cm2.noarch.rpm
 cross-gcc-common-11.2.0-8.cm2.noarch.rpm
 curl-8.8.0-3.cm2.x86_64.rpm
 curl-debuginfo-8.8.0-3.cm2.x86_64.rpm