From 064b017d017f0e52fa31ab155c013483bc5c325a Mon Sep 17 00:00:00 2001 From: Mitch Zhu Date: Thu, 10 Oct 2024 02:38:27 +0000 Subject: [PATCH 1/2] Add patches for CVE --- SPECS/gdb/CVE-2023-39128.patch | 70 +++++++ SPECS/gdb/CVE-2023-39129.patch | 124 +++++++++++++ SPECS/gdb/CVE-2023-39130.patch | 326 +++++++++++++++++++++++++++++++++ SPECS/gdb/gdb.spec | 8 +- 4 files changed, 527 insertions(+), 1 deletion(-) create mode 100644 SPECS/gdb/CVE-2023-39128.patch create mode 100644 SPECS/gdb/CVE-2023-39129.patch create mode 100644 SPECS/gdb/CVE-2023-39130.patch diff --git a/SPECS/gdb/CVE-2023-39128.patch b/SPECS/gdb/CVE-2023-39128.patch new file mode 100644 index 00000000000..c6c58ead043 --- /dev/null +++ b/SPECS/gdb/CVE-2023-39128.patch @@ -0,0 +1,70 @@ +From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001 +From: Tom Tromey +Date: Wed, 16 Aug 2023 11:29:19 -0600 +Subject: [PATCH] Avoid buffer overflow in ada_decode + +A bug report pointed out a buffer overflow in ada_decode, which Keith +helpfully analyzed. ada_decode had a logic error when the input was +all digits. While this isn't valid -- and would probably only appear +in fuzzer tests -- it still should be handled properly. + +This patch adds a missing bounds check. Tested with the self-tests in +an asan build. + +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 +Reviewed-by: Keith Seitz +--- + gdb/ada-lang.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c +index 4a9a6e0f38f..2f934b1e79a 100644 +--- a/gdb/ada-lang.c ++++ b/gdb/ada-lang.c +@@ -57,6 +57,7 @@ + #include "cli/cli-utils.h" + #include "gdbsupport/function-view.h" + #include "gdbsupport/byte-vector.h" ++#include "gdbsupport/selftest.h" + #include + #include "ada-exp.h" + #include "charset.h" +@@ -1377,7 +1378,7 @@ ada_decode (const char *encoded, bool wrap, bool operators) + i -= 1; + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_') + len0 = i - 1; +- else if (encoded[i] == '$') ++ else if (i >= 0 && encoded[i] == '$') + len0 = i; + } + +@@ -1574,6 +1575,18 @@ ada_decode (const char *encoded, bool wrap, bool operators) + return decoded; + } + ++#ifdef GDB_SELF_TEST ++ ++static void ++ada_decode_tests () ++{ ++ /* This isn't valid, but used to cause a crash. PR gdb/30639. The ++ result does not really matter very much. */ ++ SELF_CHECK (ada_decode ("44") == "44"); ++} ++ ++#endif ++ + /* Table for keeping permanent unique copies of decoded names. Once + allocated, names in this table are never released. While this is a + storage leak, it should not be significant unless there are massive +@@ -13984,4 +13997,8 @@ DWARF attribute."), + gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang"); + gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang"); + gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang"); ++ ++#ifdef GDB_SELF_TEST ++ selftests::register_test ("ada-decode", ada_decode_tests); ++#endif + } +-- +2.43.5 diff --git a/SPECS/gdb/CVE-2023-39129.patch b/SPECS/gdb/CVE-2023-39129.patch new file mode 100644 index 00000000000..6e5da59df70 --- /dev/null +++ b/SPECS/gdb/CVE-2023-39129.patch @@ -0,0 +1,124 @@ +From 58abdf887821a5da09ba184c6e400a3bc5cccd5a Mon Sep 17 00:00:00 2001 +From: Keith Seitz +Date: Wed, 2 Aug 2023 08:35:11 -0700 +Subject: [PATCH] Verify COFF symbol stringtab offset + +This patch addresses an issue with malformed/fuzzed debug information that +was recently reported in gdb/30639. That bug specifically deals with +an ASAN issue, but the reproducer provided by the reporter causes a +another failure outside of ASAN: + +$ ./gdb --data-directory data-directory -nx -q UAF_2 +Reading symbols from /home/keiths/UAF_2... + + +Fatal signal: Segmentation fault +----- Backtrace ----- +0x59a53a gdb_internal_backtrace_1 + ../../src/gdb/bt-utils.c:122 +0x59a5dd _Z22gdb_internal_backtracev + ../../src/gdb/bt-utils.c:168 +0x786380 handle_fatal_signal + ../../src/gdb/event-top.c:889 +0x7864ec handle_sigsegv + ../../src/gdb/event-top.c:962 +0x7ff354c5fb6f ??? +0x611f9a process_coff_symbol + ../../src/gdb/coffread.c:1556 +0x611025 coff_symtab_read + ../../src/gdb/coffread.c:1172 +0x60f8ff coff_read_minsyms + ../../src/gdb/coffread.c:549 +0x60fe4b coff_symfile_read + ../../src/gdb/coffread.c:698 +0xbde0f6 read_symbols + ../../src/gdb/symfile.c:772 +0xbde7a3 syms_from_objfile_1 + ../../src/gdb/symfile.c:966 +0xbde867 syms_from_objfile + ../../src/gdb/symfile.c:983 +0xbded42 symbol_file_add_with_addrs + ../../src/gdb/symfile.c:1086 +0xbdf083 _Z24symbol_file_add_from_bfdRKN3gdb7ref_ptrI3bfd18gdb_bfd_ref_policyEEPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaISC_EES8_I12objfile_flagEP7objfile + ../../src/gdb/symfile.c:1166 +0xbdf0d2 _Z15symbol_file_addPKc10enum_flagsI16symfile_add_flagEPSt6vectorI14other_sectionsSaIS5_EES1_I12objfile_flagE + ../../src/gdb/symfile.c:1179 +0xbdf197 symbol_file_add_main_1 + ../../src/gdb/symfile.c:1203 +0xbdf13e _Z20symbol_file_add_mainPKc10enum_flagsI16symfile_add_flagE + ../../src/gdb/symfile.c:1194 +0x90f97f symbol_file_add_main_adapter + ../../src/gdb/main.c:549 +0x90f895 catch_command_errors + ../../src/gdb/main.c:518 +0x9109b6 captured_main_1 + ../../src/gdb/main.c:1203 +0x910fc8 captured_main + ../../src/gdb/main.c:1310 +0x911067 _Z8gdb_mainP18captured_main_args + ../../src/gdb/main.c:1339 +0x418c71 main + ../../src/gdb/gdb.c:39 +--------------------- +A fatal error internal to GDB has been detected, further +debugging is not possible. GDB will now terminate. + +This is a bug, please report it. For instructions, see: +. + +Segmentation fault (core dumped) + +The issue here is that the COFF offset for the fuzzed symbol's +name is outside the string table. That is, the offset is greater +than the actual string table size. + +coffread.c:getsymname actually contains a FIXME about this, and that's +what I've chosen to address to fix this issue, following what is done +in the DWARF reader: + +$ ./gdb --data-directory data-directory -nx -q UAF_2 +Reading symbols from /home/keiths/UAF_2... +COFF Error: string table offset (256) outside string table (length 0) +(gdb) + +Unfortunately, I haven't any idea how else to test this patch since +COFF is not very common anymore. GCC removed support for it five +years ago with GCC 8. +--- + gdb/coffread.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/gdb/coffread.c b/gdb/coffread.c +index f8e14d8ad93..ae7632d49cb 100644 +--- a/gdb/coffread.c ++++ b/gdb/coffread.c +@@ -159,6 +159,7 @@ static file_ptr linetab_offset; + static file_ptr linetab_size; + + static char *stringtab = NULL; ++static long stringtab_length = 0; + + extern void stabsread_clear_cache (void); + +@@ -1303,6 +1304,7 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr *stora + /* This is in target format (probably not very useful, and not + currently used), not host format. */ + memcpy (stringtab, lengthbuf, sizeof lengthbuf); ++ stringtab_length = length; + if (length == sizeof length) /* Empty table -- just the count. */ + return 0; + +@@ -1322,8 +1324,9 @@ getsymname (struct internal_syment *symbol_entry) + + if (symbol_entry->_n._n_n._n_zeroes == 0) + { +- /* FIXME: Probably should be detecting corrupt symbol files by +- seeing whether offset points to within the stringtab. */ ++ if (symbol_entry->_n._n_n._n_offset > stringtab_length) ++ error (_("COFF Error: string table offset (%ld) outside string table (length %ld)"), ++ symbol_entry->_n._n_n._n_offset, stringtab_length); + result = stringtab + symbol_entry->_n._n_n._n_offset; + } + else +-- +2.43.5 diff --git a/SPECS/gdb/CVE-2023-39130.patch b/SPECS/gdb/CVE-2023-39130.patch new file mode 100644 index 00000000000..1bd41fe3994 --- /dev/null +++ b/SPECS/gdb/CVE-2023-39130.patch @@ -0,0 +1,326 @@ +From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 9 Aug 2023 09:58:36 +0930 +Subject: [PATCH] gdb: warn unused result for bfd IO functions + +This fixes the compilation warnings introduced by my bfdio.c patch. + +The removed bfd_seeks in coff_symfile_read date back to 1994, commit +7f4c859520, prior to which the file used stdio rather than bfd to read +symbols. Since it now uses bfd to read the file there should be no +need to synchronise to bfd's idea of the file position. I also fixed +a potential uninitialised memory access. + +Approved-By: Andrew Burgess +--- + gdb/coff-pe-read.c | 114 +++++++++++++++++++++++++++++---------------- + gdb/coffread.c | 27 ++--------- + gdb/dbxread.c | 7 +-- + gdb/xcoffread.c | 5 +- + 4 files changed, 85 insertions(+), 68 deletions(-) + +diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c +index 2b89e8a..c26fc33 100644 +--- a/gdb/coff-pe-read.c ++++ b/gdb/coff-pe-read.c +@@ -257,23 +257,31 @@ read_pe_truncate_name (char *dll_name) + + /* Low-level support functions, direct from the ld module pe-dll.c. */ + static unsigned int +-pe_get16 (bfd *abfd, int where) ++pe_get16 (bfd *abfd, int where, bool *fail) + { + unsigned char b[2]; + +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); +- bfd_bread (b, (bfd_size_type) 2, abfd); ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 ++ || bfd_bread (b, 2, abfd) != 2) ++ { ++ *fail = true; ++ return 0; ++ } + return b[0] + (b[1] << 8); + } + + static unsigned int +-pe_get32 (bfd *abfd, int where) ++pe_get32 (bfd *abfd, int where, bool *fail) + { + unsigned char b[4]; + +- bfd_seek (abfd, (file_ptr) where, SEEK_SET); +- bfd_bread (b, (bfd_size_type) 4, abfd); +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); ++ if (bfd_seek (abfd, where, SEEK_SET) != 0 ++ || bfd_bread (b, 4, abfd) != 4) ++ { ++ *fail = true; ++ return 0; ++ } ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); + } + + static unsigned int +@@ -289,7 +297,7 @@ pe_as32 (void *ptr) + { + unsigned char *b = (unsigned char *) ptr; + +- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24); ++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24); + } + + /* Read the (non-debug) export symbol table from a portable +@@ -338,37 +346,50 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + || strcmp (target, "pei-i386") == 0 + || strcmp (target, "pe-arm-wince-little") == 0 + || strcmp (target, "pei-arm-wince-little") == 0); ++ ++ /* Possibly print a debug message about DLL not having a valid format. */ ++ auto maybe_print_debug_msg = [&] () -> void { ++ if (debug_coff_pe_read) ++ gdb_printf (gdb_stdlog, _("%s doesn't appear to be a DLL\n"), ++ bfd_get_filename (dll)); ++ }; ++ + if (!is_pe32 && !is_pe64) +- { +- /* This is not a recognized PE format file. Abort now, because +- the code is untested on anything else. *FIXME* test on +- further architectures and loosen or remove this test. */ +- return; +- } ++ return maybe_print_debug_msg (); + + /* Get pe_header, optional header and numbers of export entries. */ +- pe_header_offset = pe_get32 (dll, 0x3c); ++ bool fail = false; ++ pe_header_offset = pe_get32 (dll, 0x3c, &fail); ++ if (fail) ++ return maybe_print_debug_msg (); + opthdr_ofs = pe_header_offset + 4 + 20; + if (is_pe64) +- num_entries = pe_get32 (dll, opthdr_ofs + 108); ++ num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail); + else +- num_entries = pe_get32 (dll, opthdr_ofs + 92); ++ num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail); ++ if (fail) ++ return maybe_print_debug_msg (); + + if (num_entries < 1) /* No exports. */ + return; + if (is_pe64) + { +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112); +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116); ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail); ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail); + } + else + { +- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96); +- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100); ++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail); ++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail); + } +- nsections = pe_get16 (dll, pe_header_offset + 4 + 2); ++ if (fail) ++ return maybe_print_debug_msg (); ++ ++ nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail); + secptr = (pe_header_offset + 4 + 20 + +- pe_get16 (dll, pe_header_offset + 4 + 16)); ++ pe_get16 (dll, pe_header_offset + 4 + 16, &fail)); ++ if (fail) ++ return maybe_print_debug_msg (); + expptr = 0; + export_size = 0; + +@@ -377,12 +398,13 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + { + char sname[8]; + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); +- unsigned long vsize = pe_get32 (dll, secptr1 + 16); +- unsigned long fptr = pe_get32 (dll, secptr1 + 20); ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); ++ unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail); ++ unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail); + +- bfd_seek (dll, (file_ptr) secptr1, SEEK_SET); +- bfd_bread (sname, (bfd_size_type) sizeof (sname), dll); ++ if (fail ++ || bfd_seek (dll, secptr1, SEEK_SET) != 0 ++ || bfd_bread (sname, sizeof (sname), dll) != sizeof (sname)) + + if ((strcmp (sname, ".edata") == 0) + || (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize)) +@@ -423,16 +445,18 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + for (i = 0; i < nsections; i++) + { + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vsize = pe_get32 (dll, secptr1 + 8); +- unsigned long vaddr = pe_get32 (dll, secptr1 + 12); +- unsigned long characteristics = pe_get32 (dll, secptr1 + 36); ++ unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail); ++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail); ++ unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail); + char sec_name[SCNNMLEN + 1]; + int sectix; + unsigned int bfd_section_index; + asection *section; + +- bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET); +- bfd_bread (sec_name, (bfd_size_type) SCNNMLEN, dll); ++ if (fail ++ || bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0 ++ || bfd_bread (sec_name, SCNNMLEN, dll) != SCNNMLEN) ++ return maybe_print_debug_msg (); + sec_name[SCNNMLEN] = '\0'; + + sectix = read_pe_section_index (sec_name); +@@ -471,8 +495,9 @@ read_pe_exported_syms (minimal_symbol_reader &reader, + gdb::def_vector expdata_storage (export_size); + expdata = expdata_storage.data (); + +- bfd_seek (dll, (file_ptr) expptr, SEEK_SET); +- bfd_bread (expdata, (bfd_size_type) export_size, dll); ++ if (bfd_seek (dll, expptr, SEEK_SET) != 0 ++ || bfd_bread (expdata, export_size, dll) != export_size) ++ return maybe_print_debug_msg (); + erva = expdata - export_rva; + + nexp = pe_as32 (expdata + 24); +@@ -629,20 +654,27 @@ pe_text_section_offset (struct bfd *abfd) + } + + /* Get pe_header, optional header and numbers of sections. */ +- pe_header_offset = pe_get32 (abfd, 0x3c); +- nsections = pe_get16 (abfd, pe_header_offset + 4 + 2); ++ bool fail = false; ++ pe_header_offset = pe_get32 (abfd, 0x3c, &fail); ++ if (fail) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; ++ nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail); + secptr = (pe_header_offset + 4 + 20 + +- pe_get16 (abfd, pe_header_offset + 4 + 16)); ++ pe_get16 (abfd, pe_header_offset + 4 + 16, &fail)); ++ if (fail) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; + + /* Get the rva and size of the export section. */ + for (i = 0; i < nsections; i++) + { + char sname[SCNNMLEN + 1]; + unsigned long secptr1 = secptr + 40 * i; +- unsigned long vaddr = pe_get32 (abfd, secptr1 + 12); ++ unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail); + +- bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET); +- bfd_bread (sname, (bfd_size_type) SCNNMLEN, abfd); ++ if (fail ++ || bfd_seek (abfd, secptr1, SEEK_SET) != 0 ++ || bfd_bread (sname, SCNNMLEN, abfd) != SCNNMLEN) ++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET; + sname[SCNNMLEN] = '\0'; + if (strcmp (sname, ".text") == 0) + return vaddr; +diff --git a/gdb/coffread.c b/gdb/coffread.c +index 4950a73..490ebaa 100644 +--- a/gdb/coffread.c ++++ b/gdb/coffread.c +@@ -716,8 +716,6 @@ coff_symfile_read (struct objfile *objfile, symfile_add_flags symfile_flags) + + /* FIXME: dubious. Why can't we use something normal like + bfd_get_section_contents? */ +- bfd_seek (abfd, abfd->where, 0); +- + stabstrsize = bfd_section_size (info->stabstrsect); + + coffstab_build_psymtabs (objfile, +@@ -804,22 +802,6 @@ coff_symtab_read (minimal_symbol_reader &reader, + + scoped_free_pendings free_pending; + +- /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous.... +- it's hard to know I've really worked around it. The fix should +- be harmless, anyway). The symptom of the bug is that the first +- fread (in read_one_sym), will (in my example) actually get data +- from file offset 268, when the fseek was to 264 (and ftell shows +- 264). This causes all hell to break loose. I was unable to +- reproduce this on a short test program which operated on the same +- file, performing (I think) the same sequence of operations. +- +- It stopped happening when I put in this (former) rewind(). +- +- FIXME: Find out if this has been reported to Sun, whether it has +- been fixed in a later release, etc. */ +- +- bfd_seek (objfile->obfd.get (), 0, 0); +- + /* Position to read the symbol table. */ + val = bfd_seek (objfile->obfd.get (), symtab_offset, 0); + if (val < 0) +@@ -1302,12 +1284,13 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr *stora + if (bfd_seek (abfd, offset, 0) < 0) + return -1; + +- val = bfd_bread ((char *) lengthbuf, sizeof lengthbuf, abfd); +- length = bfd_h_get_32 (symfile_bfd, lengthbuf); +- ++ val = bfd_bread (lengthbuf, sizeof lengthbuf, abfd); + /* If no string table is needed, then the file may end immediately + after the symbols. Just return with `stringtab' set to null. */ +- if (val != sizeof lengthbuf || length < sizeof lengthbuf) ++ if (val != sizeof lengthbuf) ++ return 0; ++ length = bfd_h_get_32 (symfile_bfd, lengthbuf); ++ if (length < sizeof lengthbuf) + return 0; + + storage->reset ((char *) xmalloc (length)); +diff --git a/gdb/dbxread.c b/gdb/dbxread.c +index ab0734f..a977b2c 100644 +--- a/gdb/dbxread.c ++++ b/gdb/dbxread.c +@@ -809,7 +809,8 @@ stabs_seek (int sym_offset) + symbuf_left -= sym_offset; + } + else +- bfd_seek (symfile_bfd, sym_offset, SEEK_CUR); ++ if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0) ++ perror_with_name (bfd_get_filename (symfile_bfd)); + } + + #define INTERNALIZE_SYMBOL(intern, extern, abfd) \ +@@ -2133,8 +2134,8 @@ dbx_expand_psymtab (legacy_psymtab *pst, struct objfile *objfile) + symbol_size = SYMBOL_SIZE (pst); + + /* Read in this file's symbols. */ +- bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET); +- read_ofile_symtab (objfile, pst); ++ if (bfd_seek (objfile->obfd.get (), SYMBOL_OFFSET (pst), SEEK_SET) == 0) ++ read_ofile_symtab (objfile, pst); + } + + pst->readin = true; +diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c +index 52ae3ae..480b0e8 100644 +--- a/gdb/xcoffread.c ++++ b/gdb/xcoffread.c +@@ -780,8 +780,9 @@ enter_line_range (struct subfile *subfile, unsigned beginoffset, + + while (curoffset <= limit_offset) + { +- bfd_seek (abfd, curoffset, SEEK_SET); +- bfd_bread (ext_lnno, linesz, abfd); ++ if (bfd_seek (abfd, curoffset, SEEK_SET) != 0 ++ || bfd_bread (ext_lnno, linesz, abfd) != linesz) ++ return; + bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno); + + /* Find the address this line represents. */ +-- +2.34.1 + diff --git a/SPECS/gdb/gdb.spec b/SPECS/gdb/gdb.spec index b79a5c8bbd2..0fcfe43b197 100644 --- a/SPECS/gdb/gdb.spec +++ b/SPECS/gdb/gdb.spec @@ -1,13 +1,16 @@ Summary: C debugger Name: gdb Version: 13.2 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux Group: Development/Tools URL: https://www.gnu.org/software/gdb Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz +Patch0: CVE-2023-39128.patch +Patch1: CVE-2023-39129.patch +Patch2: CVE-2023-39130.patch BuildRequires: expat-devel BuildRequires: gcc-c++ BuildRequires: gcc-gfortran @@ -100,6 +103,9 @@ make check TESTS='gdb.base/default.exp' %{_mandir}/*/* %changelog +* Wed Oct 09 2024 Mitch Zhu - 13.3 +- Fix CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 + * Fri Aug 16 2024 Andrew Phelps - 13.2-2 - Fix package tests - Enable and run unit tests From 0c34dd0b3ec57cb03a477c2f8b4fc85adbf27477 Mon Sep 17 00:00:00 2001 From: Mitch Zhu Date: Fri, 18 Oct 2024 00:14:03 +0000 Subject: [PATCH 2/2] Fix typo --- SPECS/gdb/gdb.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/gdb/gdb.spec b/SPECS/gdb/gdb.spec index 0fcfe43b197..fdd72a9362b 100644 --- a/SPECS/gdb/gdb.spec +++ b/SPECS/gdb/gdb.spec @@ -103,7 +103,7 @@ make check TESTS='gdb.base/default.exp' %{_mandir}/*/* %changelog -* Wed Oct 09 2024 Mitch Zhu - 13.3 +* Wed Oct 09 2024 Mitch Zhu - 13.2-3 - Fix CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 * Fri Aug 16 2024 Andrew Phelps - 13.2-2