Change logs for binutils source package in Focal

  • binutils (2.34-6ubuntu1.9) focal-security; urgency=medium
    
      * SECURITY UPDATE: segmentation fault in objdump.c compare_symbols
        - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude
          section and synthetic symbols before attempting to check flavour
          (compare_symbols).
        - CVE-2022-47695
      * SECURITY UPDATE: excessive memory allocation in objdump.c
        - debian/patches/CVE-2022-48063.patch: check that the amount of memory to
          be allocated matches the size of the section
          (load_specific_debug_section).
        - CVE-2022-48063
      * SECURITY UPDATE: Memory leak in find_abstract_instance in dwarf2.c
        - debian/patches/CVE-2022-48065.patch: remove memory leaks due to double
          allocation of the name variable, and free memory before re-assigning a
          new naming variable
        - CVE-2022-48065
    
     -- Nick Galanis <email address hidden>  Tue, 23 Jan 2024 10:47:04 +0000
  • binutils (2.34-6ubuntu1.8) focal-security; urgency=medium
    
      * SECURITY UPDATE: heap buffer overflow in dwarf.c
        - debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
          and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
          pool, rather than indirectly from index entries (process_cu_tu_index).
        - CVE-2022-44840
      * SECURITY UPDATE: heap buffer overflow in dwarf.c
        - debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
          element counts, not word counts (display_gdb_index).
        - debian/patches/CVE-2022-45703-1.patch: typo fix.
        - CVE-2022-45703
      * SECURITY UPDATE: memory leak in stabs.c
        - debian/patches/CVE-2022-47007.patch: free dt on failure path
          (stab_demangle_v3_arg).
        - CVE-2022-47007
      * SECURITY UPDATE: memory leak in bucomm.c
        - debian/patches/CVE-2022-47008.patch: free template on all failure paths
          (make_tempdir, make_tempname).
        - CVE-2022-47008
      * SECURITY UPDATE: memory leak in prdbg.c
        - debian/patches/CVE-2022-47010.patch: free "s" on failure path
          (pr_function_type).
        - CVE-2022-47010
      * SECURITY UPDATE: memory leak in stabs.c
        - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
          (parse_stab_struct_fields).
        - CVE-2022-47011
    
     -- Nick Galanis <email address hidden>  Tue, 02 Jan 2024 17:48:50 +0200
  • binutils (2.34-6ubuntu1.7) focal-security; urgency=medium
    
      * SECURITY UPDATE: heap buffer overflow in libbfd.c
        - debian/patches/CVE-2020-19726-1.patch: check that buffer contains
          required number of auxents before processing any auxent (coffgen.c) and
          only swap in extended file name from auxents for PE (coffswap.h).
        - debian/patches/CVE-2020-19726-2.patch: fix off-by-one error in check for
          aux entries that overflow the buffer (coff_get_normalized_symtab,
          coffgen.c).
        - CVE-2020-19726
    
      * SECURITY UPDATE: heap buffer overflow in rddbg.c
        - debian/patches/CVE-2021-46174.patch: don't read past end of section when
          concatenating stab strings (read_section_stabs_debugging_info).
        - CVE-2021-46174
    
      * SECURITY UPDATE: reachable assertion failure in dwarf.c
        - debian/patches/CVE-2022-35205.patch: replace assert with a warning
          message (display_debug_names).
        - CVE-2022-35205
    
     -- Nick Galanis <email address hidden>  Thu, 30 Nov 2023 10:16:08 +0000
  • binutils (2.34-6ubuntu1.6) focal-security; urgency=medium
    
      * SECURITY UPDATE: possible denial of service via heap overflow
        - debian/patches/CVE-2021-45078.patch: fix bounds checking in
          binutils/stabs.c.
        - CVE-2021-45078
    
     -- Marc Deslauriers <email address hidden>  Tue, 13 Jun 2023 09:53:18 -0400
  • binutils (2.34-6ubuntu1.5) focal-security; urgency=medium
    
      * SECURITY UPDATE: out-of-bound read vulnerability
        - debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
          vms-alpha.c parse_module
        - CVE-2023-25584
      * SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
        - debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
          file_table
        - CVE-2023-25585
      * SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
        - debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
          uninitialised
        - CVE-2023-25588
    
     -- Nishit Majithia <email address hidden>  Mon, 22 May 2023 08:11:49 +0530
  • binutils (2.34-6ubuntu1.4) focal-security; urgency=medium
    
      * SECURITY UPDATE: Heap-buffer-overflow
        - debian/patches/CVE-2022-38533.patch: strip possibly
          heap-buffer-overflow in bfd/coffcode.h.
        - CVE-2022-38533
    
     -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 30 Aug 2022 09:53:48 -0300
  • binutils (2.34-6ubuntu1.3) focal-security; urgency=medium
    
      * SECURITY UPDATE: Use after free in bfd_hash_lookup
        - debian/patches/CVE-2020-16592.patch: don't use a pointer into strings
          that may be freed for section name in bfd/peXXigen.c.
        - CVE-2020-16592
      * SECURITY UPDATE: DoS via memory consumption in DWARF debug sections
        - debian/patches/CVE-2021-3487.patch: check for debug sections with
          excessive sizes in bfd/dwarf2.c.
        - CVE-2021-3487
    
     -- Marc Deslauriers <email address hidden>  Wed, 20 Oct 2021 07:09:55 -0400
  • binutils (2.34-6ubuntu1.1) focal; urgency=medium
    
      * Backporting upstream commit 26b6ab7a0e to accept vector alignment
        hints on z13 (LP: #1889742)
    
     -- William 'jawn-smith' Wilson <email address hidden>  Thu, 21 Jan 2021 09:23:33 -0600
  • binutils (2.34-6ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.34-6) unstable; urgency=medium
    
      * Update from the binutils 2.34 branch:
        - Fix PR lto/94249, typo in a macro usage, improve endianess detection.
        - PR25745, powerpc64-ld overflows string buffer in --stats mode.
        - plugin: Don't invoke LTO-wrapper.
        - PR binutils/25640, plugin: Use LDPT_ADD_SYMBOLS_V2 to get symbol type.
        - Fix dwarf.c build with GCC 10.
        - PR binutils/25717, build failure with GCC 10.
    
     -- Matthias Klose <email address hidden>  Tue, 07 Apr 2020 13:42:51 +0200
  • binutils (2.34-5ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.34-5) unstable; urgency=medium
    
      * Update from the binutils 2.34 branch:
        - Fix PR gas/25660, vadd/vsub with lt and le condition codes for MVE.
        - Fix powerpc64-ld infinite loop.
    
     -- Matthias Klose <email address hidden>  Thu, 19 Mar 2020 20:55:01 +0100
  • binutils (2.34-4ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.34-4) unstable; urgency=medium
    
      * Update from the binutils 2.34 branch:
        - Fix PR24511, nm should not mark symbols in .init_array as "t".
        - Fix PR binutils/25584, don't call lto-wrapper for ar and ranlib.
    
     -- Matthias Klose <email address hidden>  Fri, 28 Feb 2020 12:22:48 +0100
  • binutils (2.34-3ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.34-3) unstable; urgency=medium
    
      * Update from the binutils 2.34 branch:
        - Fix PR gas/25516, Accept Intel64 only instruction by default.
        - Fix PR 25447, prevents a potential illegal memory access when parsing
          PE binaries.
        - Fix PR binutils/25355, import fixes for using the LTO plugin with nm.
        - Fix PR 25585, PHDR segment not covered by LOAD segment.
        - MSP430 updates.
        - Mention x86 assembler options to align branches.
        - AArch64: Fix MOVPRFX markup for bf16 conversions.
      * Make the test summary files reproducible. Addresses: #950585.
    
    binutils (2.34-2) unstable; urgency=medium
    
      * Regenerate the control file.
    
     -- Matthias Klose <email address hidden>  Sat, 22 Feb 2020 10:24:03 +0100
  • binutils (2.34-1ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.34-1) unstable; urgency=medium
    
      * New upstream release.
      * Bump standards version.
    
     -- Matthias Klose <email address hidden>  Sun, 02 Feb 2020 09:06:42 +0100
  • binutils (2.33.90.20200122-1ubuntu2) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.33.90.20200122-1) unstable; urgency=medium
    
      * New upstream snapshot, taken from the 2.34 release branch.
    
    binutils (2.33.50.20200115-2) unstable; urgency=high
    
      [YunQiang Su]
      * refresh and re-enable: mips64-default-n64.diff
    
    binutils (2.33.50.20200115-1) unstable; urgency=medium
    
      * New upstream snapshot.
      * Tighten the build dependency to 2.33.50.20200114-1 for this upload.
    
     -- Matthias Klose <email address hidden>  Wed, 22 Jan 2020 06:29:07 +0100
  • binutils (2.33.90.20200122-1ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
     -- Matthias Klose <email address hidden>  Wed, 22 Jan 2020 06:29:07 +0100
  • binutils (2.33.50.20200114-0ubuntu1) focal; urgency=medium
    
      * New upstream snapshot.
    
     -- Matthias Klose <email address hidden>  Tue, 14 Jan 2020 13:31:32 +0100
  • binutils (2.33.50.20200111-1ubuntu1) focal; urgency=medium
    
      * New upstream snapshot.
    
    binutils (2.33.50.20200111-1) unstable; urgency=medium
    
      * New upstream snapshot.
      * Make autopkgtests cross-test-friendly (Steve Langasek).
    
     -- Matthias Klose <email address hidden>  Sat, 11 Jan 2020 15:01:26 +0100
  • binutils (2.33.50.20200107-1ubuntu1) focal; urgency=medium
    
      * New upstream snapshot.
    
     -- Matthias Klose <email address hidden>  Tue, 07 Jan 2020 23:37:20 +0100
  • binutils (2.33.1-6ubuntu3) focal; urgency=medium
    
      * Fix autopkgtest failure when not cross.
    
     -- Steve Langasek <email address hidden>  Sat, 21 Dec 2019 16:45:31 -0600
  • binutils (2.33.1-6ubuntu2) focal; urgency=medium
    
      * Make autopkgtests cross-test-friendly.
    
     -- Steve Langasek <email address hidden>  Thu, 19 Dec 2019 22:13:07 -0600
  • binutils (2.33.1-6ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
      * Cherry-pick from binutils master branch:
        PR25237, set no file contents PT_LOAD p_offset to first page (LP: #1843479)
    
    binutils (2.33.1-6) unstable; urgency=medium
    
      * Update from the binutils 2.33 branch:
        - [gas] Implement .cfi_negate_ra_state directive (AArch64).
    
     -- Balint Reczey <email address hidden>  Fri, 13 Dec 2019 16:24:27 +0100
  • binutils (2.33.1-5ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.33.1-5) unstable; urgency=medium
    
      * Revert configuring with --enable-mips-fix-loongson3-llsc=yes on mipsel,
        mips64el, mipsn32el. Causes GCC bootstrap comparison failures.
    
    binutils (2.33.1-4) unstable; urgency=medium
    
      * Configure with --enable-mips-fix-loongson3-llsc=yes on mipsel, mips64el,
        mipsn32el (YunQiang Su).
      * Enable building mipsel and mips64el targets on arm64 and ppc64el (YunQiang
        Su). Addresses: #938979.
    
    binutils (2.33.1-2) unstable; urgency=medium
    
      * Update from the binutils 2.33 branch:
        - Arm: Fix out of range conditional branch (PR/24991).
        - [bfd] Revise import stubs on hppa.
        - [bfd] Provide 8-byte minimum alignment for .plt section on hppa.
      * Drop amd64 cross compiler from the build dependencies on x32.
    
     -- Matthias Klose <email address hidden>  Thu, 05 Dec 2019 20:12:03 +0100
  • binutils (2.33.1-1ubuntu1) focal; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't build the powerpcspe package.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.33.1-1) unstable; urgency=medium
    
      * Binutils 2.33.1 release.
    
     -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 19:01:50 +0200
  • binutils (2.33-2ubuntu1) eoan; urgency=medium
    
      * Merge with Debian; remaining changes:
        - Build from upstream sources.
        - Don't build the powerpcspe package.
        - Don't generate control file entries for any native mips* packages.
    
    binutils (2.33-2) unstable; urgency=medium
    
      * Update from the binutils 2.33 branch:
        - Fix PR25079, "ar s" stopped working. Closes: #941921.
        - PowerPC TLS miscounting PLT for __tls_get_addr.
        - PowerPC section flag tidy.
        - PowerPC PIC vs. DLL TLS issues.
        - PR25046, readelf "Reading xxx bytes extends past end of file for dynamic section".
        - PR24262, plugin search dir doesn't respect --libdir.
    
     -- Matthias Klose <email address hidden>  Wed, 09 Oct 2019 10:52:19 +0200