From 2489107f5683784f411d357437c155868258c69399424a0eaf097a635f9f86e3 Mon Sep 17 00:00:00 2001 From: Michael Matz Date: Tue, 25 Oct 2022 15:43:19 +0000 Subject: [PATCH] Another SLE patch and updating CVE mentions in .changes - Add binutils-maxpagesize.diff for a problem on old code streams, where we would generate too large binaries. - This fixes these CVEs relative to 2.37: [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648 [bsc#1193929] aka PR28694 aka CVE-2021-45078 [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195 [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943 [bsc#1202966] aka PR29289 aka CVE-2022-38126 [bsc#1202967] aka PR29290 aka CVE-2022-38127 [bsc#1202969] aka CVE-2021-3826 OBS-URL: https://build.opensuse.org/package/show/devel:gcc/binutils?expand=0&rev=424 --- binutils-maxpagesize.diff | 54 +++++++++++++++++++++++++++++++++++++++ binutils.changes | 14 ++++++++++ binutils.spec | 2 ++ 3 files changed, 70 insertions(+) create mode 100644 binutils-maxpagesize.diff diff --git a/binutils-maxpagesize.diff b/binutils-maxpagesize.diff new file mode 100644 index 0000000..9529719 --- /dev/null +++ b/binutils-maxpagesize.diff @@ -0,0 +1,54 @@ +commit a2267dbfc9e1dd955f78561c40f00afa9ddbe619 +Author: Michael Matz +Date: Thu Oct 20 16:06:57 2022 +0200 + + x86-64: Use only one default max-page-size + + On x86-64 the default ELF_MAXPAGESIZE depends on a configure + option (--disable-separate-code). Since 9833b775 + ("PR28824, relro security issues") we use max-page-size for relro + alignment (with a short interval, from 31b4d3a ("PR28824, relro + security issues, x86 keep COMMONPAGESIZE relro") to its revert + a1faa5ea, where x86-64 only used COMMONPAGESIZE as relro alignment + target). + + But that means that a linker configured with --disable-separate-code + behaves different from one configured with --enable-separate-code + (the default), _even if using "-z {no,}separate-code" option to use + the non-configured behaviour_ . In particular it means that when + configuring with --disable-separate-code the linker will produce + binaries aligned to 2MB pages on disk, and hence generate 2MB + executables for a hello world (and even 6MB when linked with + "-z separate-code"). + + Generally we can't have constants that ultimately land in static + variables be depending on configure options if those only influence + behaviour that is overridable by command line options. + + So, do away with that, make the default MAXPAGESIZE be 4k (as is default + for most x86-64 configs anyway, as most people won't configure with + --disable-separate-code). If people need more they can use the + "-z max-page-size" (with would have been required right now for a + default configure binutils). + + bfd/ + * elf64-x86-64.c (ELF_MAXPAGESIZE): Don't depend on + DEFAULT_LD_Z_SEPARATE_CODE. + +diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c +index f3b54400013..2ae8dffba0f 100644 +--- a/bfd/elf64-x86-64.c ++++ b/bfd/elf64-x86-64.c +@@ -5259,11 +5259,7 @@ elf_x86_64_special_sections[]= + #define ELF_ARCH bfd_arch_i386 + #define ELF_TARGET_ID X86_64_ELF_DATA + #define ELF_MACHINE_CODE EM_X86_64 +-#if DEFAULT_LD_Z_SEPARATE_CODE +-# define ELF_MAXPAGESIZE 0x1000 +-#else +-# define ELF_MAXPAGESIZE 0x200000 +-#endif ++#define ELF_MAXPAGESIZE 0x1000 + #define ELF_COMMONPAGESIZE 0x1000 + + #define elf_backend_can_gc_sections 1 diff --git a/binutils.changes b/binutils.changes index b9cc0c4..2a4713f 100644 --- a/binutils.changes +++ b/binutils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 25 14:52:30 UTC 2022 - Michael Matz + +- Add binutils-maxpagesize.diff for a problem on old code + streams, where we would generate too large binaries. + ------------------------------------------------------------------- Tue Oct 25 12:54:34 UTC 2022 - Andreas Schwab @@ -11,6 +17,14 @@ Mon Oct 17 15:16:23 UTC 2022 - Michael Matz binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff, binutils-add-z16-name.diff. +- This fixes these CVEs relative to 2.37: + [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648 + [bsc#1193929] aka PR28694 aka CVE-2021-45078 + [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195 + [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943 + [bsc#1202966] aka PR29289 aka CVE-2022-38126 + [bsc#1202967] aka PR29290 aka CVE-2022-38127 + [bsc#1202969] aka CVE-2021-3826 ------------------------------------------------------------------- Fri Aug 26 13:24:35 UTC 2022 - Michael Matz diff --git a/binutils.spec b/binutils.spec index 865828b..bc2ce10 100644 --- a/binutils.spec +++ b/binutils.spec @@ -140,6 +140,7 @@ Patch42: binutils-compat-old-behaviour.diff Patch43: binutils-revert-hlasm-insns.diff Patch44: binutils-revert-rela.diff Patch45: binutils-pr29482.diff +Patch46: binutils-maxpagesize.diff Patch100: add-ulp-section.diff Patch90: cross-avr-nesc-as.patch Patch92: cross-avr-omit_section_dynsym.patch @@ -264,6 +265,7 @@ cp ld/ldgram.y ld/ldgram.y.orig %patch44 -p1 %endif %patch45 -p1 +%patch46 -p1 %patch100 -p1 %if "%{TARGET}" == "avr" cp gas/config/tc-avr.h gas/config/tc-avr-nesc.h