-
binutils (2.34-6ubuntu1.9) focal-security; urgency=medium
* SECURITY UPDATE: segmentation fault in objdump.c compare_symbols
- debian/patches/CVE-2022-47695.patch: test symbol flags to exclude
section and synthetic symbols before attempting to check flavour
(compare_symbols).
- CVE-2022-47695
* SECURITY UPDATE: excessive memory allocation in objdump.c
- debian/patches/CVE-2022-48063.patch: check that the amount of memory to
be allocated matches the size of the section
(load_specific_debug_section).
- CVE-2022-48063
* SECURITY UPDATE: Memory leak in find_abstract_instance in dwarf2.c
- debian/patches/CVE-2022-48065.patch: remove memory leaks due to double
allocation of the name variable, and free memory before re-assigning a
new naming variable
- CVE-2022-48065
-- Nick Galanis <email address hidden> Tue, 23 Jan 2024 10:47:04 +0000
-
binutils (2.34-6ubuntu1.8) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in dwarf.c
- debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
pool, rather than indirectly from index entries (process_cu_tu_index).
- CVE-2022-44840
* SECURITY UPDATE: heap buffer overflow in dwarf.c
- debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
element counts, not word counts (display_gdb_index).
- debian/patches/CVE-2022-45703-1.patch: typo fix.
- CVE-2022-45703
* SECURITY UPDATE: memory leak in stabs.c
- debian/patches/CVE-2022-47007.patch: free dt on failure path
(stab_demangle_v3_arg).
- CVE-2022-47007
* SECURITY UPDATE: memory leak in bucomm.c
- debian/patches/CVE-2022-47008.patch: free template on all failure paths
(make_tempdir, make_tempname).
- CVE-2022-47008
* SECURITY UPDATE: memory leak in prdbg.c
- debian/patches/CVE-2022-47010.patch: free "s" on failure path
(pr_function_type).
- CVE-2022-47010
* SECURITY UPDATE: memory leak in stabs.c
- debian/patches/CVE-2022-47011.patch: free "fields" on failure path
(parse_stab_struct_fields).
- CVE-2022-47011
-- Nick Galanis <email address hidden> Tue, 02 Jan 2024 17:48:50 +0200
-
binutils (2.34-6ubuntu1.7) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in libbfd.c
- debian/patches/CVE-2020-19726-1.patch: check that buffer contains
required number of auxents before processing any auxent (coffgen.c) and
only swap in extended file name from auxents for PE (coffswap.h).
- debian/patches/CVE-2020-19726-2.patch: fix off-by-one error in check for
aux entries that overflow the buffer (coff_get_normalized_symtab,
coffgen.c).
- CVE-2020-19726
* SECURITY UPDATE: heap buffer overflow in rddbg.c
- debian/patches/CVE-2021-46174.patch: don't read past end of section when
concatenating stab strings (read_section_stabs_debugging_info).
- CVE-2021-46174
* SECURITY UPDATE: reachable assertion failure in dwarf.c
- debian/patches/CVE-2022-35205.patch: replace assert with a warning
message (display_debug_names).
- CVE-2022-35205
-- Nick Galanis <email address hidden> Thu, 30 Nov 2023 10:16:08 +0000
-
binutils (2.34-6ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: possible denial of service via heap overflow
- debian/patches/CVE-2021-45078.patch: fix bounds checking in
binutils/stabs.c.
- CVE-2021-45078
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2023 09:53:18 -0400
-
binutils (2.34-6ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bound read vulnerability
- debian/patches/CVE-2023-25584.patch: Lack of bounds checking in
vms-alpha.c parse_module
- CVE-2023-25584
* SECURITY UPDATE: segmentation fault due to uninitialized `file_table`
- debian/patches/CVE-2023-25585.patch: Use bfd_zmalloc to alloc
file_table
- CVE-2023-25585
* SECURITY UPDATE: segmentation fault due to uninitialized `the_bfd`
- debian/patches/CVE-2023-25588.patch: Field `the_bfd` of `asymbol` is
uninitialised
- CVE-2023-25588
-- Nishit Majithia <email address hidden> Mon, 22 May 2023 08:11:49 +0530
-
binutils (2.34-6ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2022-38533.patch: strip possibly
heap-buffer-overflow in bfd/coffcode.h.
- CVE-2022-38533
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 30 Aug 2022 09:53:48 -0300
-
binutils (2.34-6ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: Use after free in bfd_hash_lookup
- debian/patches/CVE-2020-16592.patch: don't use a pointer into strings
that may be freed for section name in bfd/peXXigen.c.
- CVE-2020-16592
* SECURITY UPDATE: DoS via memory consumption in DWARF debug sections
- debian/patches/CVE-2021-3487.patch: check for debug sections with
excessive sizes in bfd/dwarf2.c.
- CVE-2021-3487
-- Marc Deslauriers <email address hidden> Wed, 20 Oct 2021 07:09:55 -0400
-
binutils (2.34-6ubuntu1.1) focal; urgency=medium
* Backporting upstream commit 26b6ab7a0e to accept vector alignment
hints on z13 (LP: #1889742)
-- William 'jawn-smith' Wilson <email address hidden> Thu, 21 Jan 2021 09:23:33 -0600
-
binutils (2.34-6ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.34-6) unstable; urgency=medium
* Update from the binutils 2.34 branch:
- Fix PR lto/94249, typo in a macro usage, improve endianess detection.
- PR25745, powerpc64-ld overflows string buffer in --stats mode.
- plugin: Don't invoke LTO-wrapper.
- PR binutils/25640, plugin: Use LDPT_ADD_SYMBOLS_V2 to get symbol type.
- Fix dwarf.c build with GCC 10.
- PR binutils/25717, build failure with GCC 10.
-- Matthias Klose <email address hidden> Tue, 07 Apr 2020 13:42:51 +0200
-
binutils (2.34-5ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.34-5) unstable; urgency=medium
* Update from the binutils 2.34 branch:
- Fix PR gas/25660, vadd/vsub with lt and le condition codes for MVE.
- Fix powerpc64-ld infinite loop.
-- Matthias Klose <email address hidden> Thu, 19 Mar 2020 20:55:01 +0100
-
binutils (2.34-4ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.34-4) unstable; urgency=medium
* Update from the binutils 2.34 branch:
- Fix PR24511, nm should not mark symbols in .init_array as "t".
- Fix PR binutils/25584, don't call lto-wrapper for ar and ranlib.
-- Matthias Klose <email address hidden> Fri, 28 Feb 2020 12:22:48 +0100
-
binutils (2.34-3ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.34-3) unstable; urgency=medium
* Update from the binutils 2.34 branch:
- Fix PR gas/25516, Accept Intel64 only instruction by default.
- Fix PR 25447, prevents a potential illegal memory access when parsing
PE binaries.
- Fix PR binutils/25355, import fixes for using the LTO plugin with nm.
- Fix PR 25585, PHDR segment not covered by LOAD segment.
- MSP430 updates.
- Mention x86 assembler options to align branches.
- AArch64: Fix MOVPRFX markup for bf16 conversions.
* Make the test summary files reproducible. Addresses: #950585.
binutils (2.34-2) unstable; urgency=medium
* Regenerate the control file.
-- Matthias Klose <email address hidden> Sat, 22 Feb 2020 10:24:03 +0100
-
binutils (2.34-1ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.34-1) unstable; urgency=medium
* New upstream release.
* Bump standards version.
-- Matthias Klose <email address hidden> Sun, 02 Feb 2020 09:06:42 +0100
-
binutils (2.33.90.20200122-1ubuntu2) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.33.90.20200122-1) unstable; urgency=medium
* New upstream snapshot, taken from the 2.34 release branch.
binutils (2.33.50.20200115-2) unstable; urgency=high
[YunQiang Su]
* refresh and re-enable: mips64-default-n64.diff
binutils (2.33.50.20200115-1) unstable; urgency=medium
* New upstream snapshot.
* Tighten the build dependency to 2.33.50.20200114-1 for this upload.
-- Matthias Klose <email address hidden> Wed, 22 Jan 2020 06:29:07 +0100
-
binutils (2.33.90.20200122-1ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
-- Matthias Klose <email address hidden> Wed, 22 Jan 2020 06:29:07 +0100
-
binutils (2.33.50.20200114-0ubuntu1) focal; urgency=medium
* New upstream snapshot.
-- Matthias Klose <email address hidden> Tue, 14 Jan 2020 13:31:32 +0100
-
binutils (2.33.50.20200111-1ubuntu1) focal; urgency=medium
* New upstream snapshot.
binutils (2.33.50.20200111-1) unstable; urgency=medium
* New upstream snapshot.
* Make autopkgtests cross-test-friendly (Steve Langasek).
-- Matthias Klose <email address hidden> Sat, 11 Jan 2020 15:01:26 +0100
-
binutils (2.33.50.20200107-1ubuntu1) focal; urgency=medium
* New upstream snapshot.
-- Matthias Klose <email address hidden> Tue, 07 Jan 2020 23:37:20 +0100
-
binutils (2.33.1-6ubuntu3) focal; urgency=medium
* Fix autopkgtest failure when not cross.
-- Steve Langasek <email address hidden> Sat, 21 Dec 2019 16:45:31 -0600
-
binutils (2.33.1-6ubuntu2) focal; urgency=medium
* Make autopkgtests cross-test-friendly.
-- Steve Langasek <email address hidden> Thu, 19 Dec 2019 22:13:07 -0600
-
binutils (2.33.1-6ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
* Cherry-pick from binutils master branch:
PR25237, set no file contents PT_LOAD p_offset to first page (LP: #1843479)
binutils (2.33.1-6) unstable; urgency=medium
* Update from the binutils 2.33 branch:
- [gas] Implement .cfi_negate_ra_state directive (AArch64).
-- Balint Reczey <email address hidden> Fri, 13 Dec 2019 16:24:27 +0100
-
binutils (2.33.1-5ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't generate control file entries for any native mips* packages.
binutils (2.33.1-5) unstable; urgency=medium
* Revert configuring with --enable-mips-fix-loongson3-llsc=yes on mipsel,
mips64el, mipsn32el. Causes GCC bootstrap comparison failures.
binutils (2.33.1-4) unstable; urgency=medium
* Configure with --enable-mips-fix-loongson3-llsc=yes on mipsel, mips64el,
mipsn32el (YunQiang Su).
* Enable building mipsel and mips64el targets on arm64 and ppc64el (YunQiang
Su). Addresses: #938979.
binutils (2.33.1-2) unstable; urgency=medium
* Update from the binutils 2.33 branch:
- Arm: Fix out of range conditional branch (PR/24991).
- [bfd] Revise import stubs on hppa.
- [bfd] Provide 8-byte minimum alignment for .plt section on hppa.
* Drop amd64 cross compiler from the build dependencies on x32.
-- Matthias Klose <email address hidden> Thu, 05 Dec 2019 20:12:03 +0100
-
binutils (2.33.1-1ubuntu1) focal; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't build the powerpcspe package.
- Don't generate control file entries for any native mips* packages.
binutils (2.33.1-1) unstable; urgency=medium
* Binutils 2.33.1 release.
-- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:01:50 +0200
-
binutils (2.33-2ubuntu1) eoan; urgency=medium
* Merge with Debian; remaining changes:
- Build from upstream sources.
- Don't build the powerpcspe package.
- Don't generate control file entries for any native mips* packages.
binutils (2.33-2) unstable; urgency=medium
* Update from the binutils 2.33 branch:
- Fix PR25079, "ar s" stopped working. Closes: #941921.
- PowerPC TLS miscounting PLT for __tls_get_addr.
- PowerPC section flag tidy.
- PowerPC PIC vs. DLL TLS issues.
- PR25046, readelf "Reading xxx bytes extends past end of file for dynamic section".
- PR24262, plugin search dir doesn't respect --libdir.
-- Matthias Klose <email address hidden> Wed, 09 Oct 2019 10:52:19 +0200