Fix CVE-2021-42574

2022-01-19 18:02:07 +08:00 · 2022-01-19 18:02:07 +08:00 · 017ee0bbe1
commit 017ee0bbe1
parent 475bd5eb8f
3 changed files with 1935 additions and 2 deletions
--- a/backport-0001-CVE-2021-42574.patch
+++ b/backport-0001-CVE-2021-42574.patch
--- a/backport-0002-CVE-2021-42574.patch
+++ b/backport-0002-CVE-2021-42574.patch
@ -0,0 +1,33 @@
+From 584294c4066d0101161e4e04744a46cce7a7863e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 29 Nov 2021 15:37:24 +0000
+Subject: [PATCH] strings: Replace references to -u option with references to
+ -U.
+
+	PR 28632
+---
+ binutils/strings.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/strings.c b/binutils/strings.c
+index f594299939f9..f85cb03406c9 100644
+--- a/binutils/strings.c
+++ b/binutils/strings.c
+@@ -57,7 +57,7 @@
+ 		Specify a non-default object file format.
+ 
+   --unicode={default|locale|invalid|hex|escape|highlight}
+-  -u {d|l|i|x|e|h}
+  -U {d|l|i|x|e|h}
+ 		Determine how to handle UTF-8 unicode characters.  The default
+ 		is no special treatment.  All other versions of this option
+ 		only apply if the encoding is valid and enabling the option
+@@ -1333,7 +1333,7 @@ usage (FILE *stream, int status)
+   -e --encoding={s,S,b,l,B,L} Select character size and endianness:\n\
+                             s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit\n\
+   --unicode={default|show|invalid|hex|escape|highlight}\n\
+-  -u {d|s|i|x|e|h}          Specify how to treat UTF-8 encoded unicode characters\n\
+  -U {d|s|i|x|e|h}          Specify how to treat UTF-8 encoded unicode characters\n\
+   -s --output-separator=<string> String used to separate strings in output.\n\
+   @<file>                   Read options from <file>\n\
+   -h --help                 Display this information\n\
--- a/binutils.spec
+++ b/binutils.spec
@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.34
-Release: 18
+Release: 19
 License: GPLv3+
 URL:     https://sourceware.org/binutils

@ -55,6 +55,8 @@ Patch38: backport-PR27456-lstat-in-rename.c-on-MinGW.patch
 Patch39: backport-Use-make_tempname-file-descriptor-in-smart_rename.patch
 Patch40: backport-Fix-demangle-style-usage-info.patch
 Patch41: backport-CVE-2021-45078.patch
+Patch42: backport-0001-CVE-2021-42574.patch
+Patch43: backport-0002-CVE-2021-42574.patch

 Provides: bundled(libiberty)

@ -333,6 +335,12 @@ fi
 %{_infodir}/bfd*info*

 %changelog
+* Wed Jan 19 2022 panxiaohe <panxiaohe@huawei.com> - 2.34-19
+- Type:CVE
+- ID:CVE-2021-42574
+- SUG:NA
+- DESC:Fix CVE-2021-42574
+
 * Fri Dec 24 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.34-18
 - Type:CVE
 - ID:CVE-2021-45078
@ -358,7 +366,7 @@ fi
 - DESC:fix erroneous decoding of LEB128 values
       heap-buffer-overflow on readelf -Ww

-* Wed Aug 29 2021 panxiaohe <panxiaohe@huawei.com> - 2.34-14
+* Wed Aug 18 2021 panxiaohe <panxiaohe@huawei.com> - 2.34-14
 - Type:bugfix
 - ID:NA
 - SUG:NA