From 4faea7ded66f399986938622dedf614780ede6a5 Mon Sep 17 00:00:00 2001 From: Alexandra Hájková Date: Sep 21 2023 13:00:28 +0000 Subject: Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961, CVE-2022-48064, (Alan Modra). --- diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include index 16fd86c..256f146 100644 --- a/_gdb.spec.Patch.include +++ b/_gdb.spec.Patch.include @@ -219,3 +219,7 @@ Patch049: gdb-bz2237515-debuginfod-double-free.patch # obstack allocation that wold lead to memory corruption. Patch050: gdb-bz2237392-dwarf-obstack-allocation.patch +# Backport PR29922, SHT_NOBITS section +# avoids section size sanity check. +Patch051: gdb-rhbz2233961-CVE-2022-4806.patch + diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include index f84adba..161654d 100644 --- a/_gdb.spec.patch.include +++ b/_gdb.spec.patch.include @@ -48,3 +48,4 @@ %patch -p1 -P048 %patch -p1 -P049 %patch -p1 -P050 +%patch -p1 -P051 diff --git a/_patch_order b/_patch_order index 959fc97..fc6dc9a 100644 --- a/_patch_order +++ b/_patch_order @@ -48,3 +48,4 @@ gdb-rhbz2160211-excessive-core-file-warnings.patch gdb-bz2196395-debuginfod-legacy-openssl-crash.patch gdb-bz2237515-debuginfod-double-free.patch gdb-bz2237392-dwarf-obstack-allocation.patch +gdb-rhbz2233961-CVE-2022-4806.patch diff --git a/gdb-rhbz2233961-CVE-2022-4806.patch b/gdb-rhbz2233961-CVE-2022-4806.patch new file mode 100644 index 0000000..57713b0 --- /dev/null +++ b/gdb-rhbz2233961-CVE-2022-4806.patch @@ -0,0 +1,50 @@ +From FEDORA_PATCHES Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= +Date: Thu, 21 Sep 2023 12:34:31 +0200 +Subject: gdb-rhbz2233961-CVE-2022-4806.patch + +;; Backport PR29922, SHT_NOBITS section +;; avoids section size sanity check. + +PR29922, SHT_NOBITS section avoids section size sanity check + + PR 29922 + * dwarf2.c (find_debug_info): Ignore sections without + SEC_HAS_CONTENTS. + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + { + look = debug_sections[debug_info].uncompressed_name; + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of ++ course debug sections always have contents. */ ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + + look = debug_sections[debug_info].compressed_name; + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + + for (msec = abfd->sections; msec != NULL; msec = msec->next) +- if (startswith (msec->name, GNU_LINKONCE_INFO)) ++ if ((msec->flags & SEC_HAS_CONTENTS) != 0 ++ && startswith (msec->name, GNU_LINKONCE_INFO)) + return msec; + + return NULL; +@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + + for (msec = after_sec->next; msec != NULL; msec = msec->next) + { ++ if ((msec->flags & SEC_HAS_CONTENTS) == 0) ++ continue; ++ + look = debug_sections[debug_info].uncompressed_name; + if (strcmp (msec->name, look) == 0) + return msec; diff --git a/gdb.spec b/gdb.spec index 9eef81a..5d712dc 100644 --- a/gdb.spec +++ b/gdb.spec @@ -57,7 +57,7 @@ Version: 13.2 # The release always contains a leading reserved number, start it at 1. # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing. -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL # Do not provide URL for snapshots as the file lasts there only for 2 days. @@ -1252,6 +1252,10 @@ fi %endif %changelog +* Thu Sep 21 2023 Alexandra Hájková - 13.2-9 +- Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961, + CVE-2022-48064, (Alan Modra). + * Fri Sep 15 2023 Andrew Burgess - 13.2-8 - Bump release to 13.2-8.