Overview

File _patchinfo of Package patchinfo.16623

<patchinfo incident="16623">
  <issue tracker="jsc" id="SLE-7464"/>
  <issue tracker="jsc" id="SLE-7903"/>
  <issue tracker="jsc" id="ECO-2373"/>
  <issue tracker="bnc" id="1140126">VUL-1: CVE-2019-12972: binutils: heap-based buffer over-read in _bfd_doprnt in bfd.c</issue>
  <issue tracker="bnc" id="1153768">VUL-1: CVE-2019-17451: binutils: an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c</issue>
  <issue tracker="bnc" id="1126829">VUL-0: CVE-2019-9075: binutils: heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.</issue>
  <issue tracker="bnc" id="1142649">VUL-1: CVE-2019-14250: binutils: simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow</issue>
  <issue tracker="bnc" id="1126831">VUL-1: CVE-2019-9074: binutils: out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from</issue>
  <issue tracker="bnc" id="1160254">libtool failure with -fno-common</issue>
  <issue tracker="bnc" id="1160590">SLES 15 SP2 Beta1 - Please add IBM z15 cpu name patch to binutils</issue>
  <issue tracker="bnc" id="1157755">LD from binutils 2.33.1 is broken on aarch64</issue>
  <issue tracker="bnc" id="1153770">VUL-1: CVE-2019-17450: binutils: denial of service in find_abstract_instance in dwarf2.c</issue>
  <issue tracker="bnc" id="1143609">VUL-1: CVE-2019-14444: binutils: apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file</issue>
  <issue tracker="bnc" id="1163333">LTO: binutils build fails</issue>
  <issue tracker="bnc" id="1126826">VUL-1: CVE-2019-9077: binutils: heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.</issue>
  <issue tracker="bnc" id="1163744">QtWebEngine video playback doesn't start (after update to Qt 5.14.1)</issue>
  <issue tracker="cve" id="2019-9075"/>
  <issue tracker="cve" id="2019-12972"/>
  <issue tracker="cve" id="2019-14444"/>
  <issue tracker="cve" id="2019-14250"/>
  <issue tracker="cve" id="2019-17451"/>
  <issue tracker="cve" id="2019-9077"/>
  <issue tracker="cve" id="2019-17450"/>
  <issue tracker="cve" id="2019-9074"/>
  <packager>matz2</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for binutils</summary>
  <description>This update for binutils fixes the following issues:

binutils was updated to version 2.35. (jsc#ECO-2373)

Update to binutils 2.35:

* The assembler can now produce DWARF-5 format line number tables.
* Readelf now has a "lint" mode to enable extra checks of the files it is processing.
* Readelf will now display "[...]" when it has to truncate a symbol name.  
  The old behaviour - of displaying as many characters as possible, up to
  the 80 column limit - can be restored by the use of the --silent-truncation
  option.
* The linker can now produce a dependency file listing the inputs that it
  has processed, much like the -M -MP option supported by the compiler.

- fix DT_NEEDED order with -flto [bsc#1163744]


Update to binutils 2.34:

* The disassembler (objdump --disassemble) now has an option to
  generate ascii art thats show the arcs between that start and end
  points of control flow instructions.
* The binutils tools now have support for debuginfod.  Debuginfod is a 
  HTTP service for distributing ELF/DWARF debugging information as
  well as source code.  The tools can now connect to debuginfod
  servers in order to download debug information about the files that
  they are processing.
* The assembler and linker now support the generation of ELF format
  files for the Z80 architecture.

- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to bsc#1163333.
- Includes fixes for these CVEs:
  bsc#1153768 aka CVE-2019-17451 aka PR25070
  bsc#1153770 aka CVE-2019-17450 aka PR25078

- fix various build fails on aarch64 (PR25210, bsc#1157755).

Update to binutils 2.33.1:

* Adds support for the Arm Scalable Vector Extension version 2
  (SVE2) instructions, the Arm Transactional Memory Extension (TME)
  instructions and the Armv8.1-M Mainline and M-profile Vector
  Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
  processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
  Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
  encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
  Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
  configure time option to set the default behavior. Set the default
  if the configure option is not used to "no".
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
  which workaround to use.  The option --fix-cortex-a53-843419 now
  takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
  which can be used to force a particular workaround to be used.
  See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
  GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
  in the AArch64 ELF linker. 
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
  on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI 
  on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=&lt;txt&gt;] option to objdump which if present,
  provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment &lt;section-name&gt;=&lt;power-of-2-align&gt;
  option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
  control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
  and --debug-dump=follow) and objdump (--dwarf=links and
  --dwarf=follow-links) will now display and/or follow multiple
  links if more than one are present in a file.  (This usually
  happens when gcc's -gsplit-dwarf option is used).
  In addition objdump's --dwarf=follow-links now also affects its
  other display options, so that for example, when combined with
  --syms it will cause the symbol tables in any linked debug info
  files to also be displayed.  In addition when combined with
  --disassemble the --dwarf= follow-links option will ensure that
  any symbol tables in the linked files are read and used when
  disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
  to objdump and readelf.
- Includes fixes for these CVEs:
  bsc#1126826 aka CVE-2019-9077 aka PR1126826
  bsc#1126829 aka CVE-2019-9075 aka PR1126829
  bsc#1126831 aka CVE-2019-9074 aka PR24235
  bsc#1140126 aka CVE-2019-12972 aka PR23405
  bsc#1143609 aka CVE-2019-14444 aka PR24829
  bsc#1142649 aka CVE-2019-14250 aka PR90924

* Add xBPF target
* Fix various problems with DWARF 5 support in gas
* fix nm -B for objects compiled with -flto and -fcommon.

  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places