[MEDIUM] Patch gcc for CVE-2021-32256 (microsoft#13503)

Co-authored-by: kgodara912 <[email protected]>

Author: archana25-ms

SPECS/gcc/CVE-2021-32256.patch

@@ -0,0 +1,87 @@
+From c20164630509c015414c4dbef467a04377dbc6ca Mon Sep 17 00:00:00 2001
+From: archana25-ms <[email protected]>
+Date: Fri, 18 Apr 2025 08:04:25 +0000
+Subject: [PATCH] Address CVE-2021-32256
+Upstream Patch Reference : https://gcc.gnu.org/pipermail/gcc-patches/attachments/20220324/63021510/attachment.bin
+---
+ libiberty/rust-demangle.c | 29 ++++++++++++++++++++---------
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index 449941b56..13c3e7b20 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -120,7 +120,7 @@ parse_integer_62 (struct rust_demangler *rdm)
+     return 0;
+ 
+   x = 0;
+-  while (!eat (rdm, '_'))
++  while (!eat (rdm, '_') && !rdm->errored)
+     {
+       c = next (rdm);
+       x *= 62;
+@@ -1114,6 +1114,15 @@ demangle_const (struct rust_demangler *rdm)
+   if (rdm->errored)
+     return;
+ 
++  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    {
++      ++ rdm->recursion;
++      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++	/* FIXME: There ought to be a way to report
++	   that the recursion limit has been reached.  */
++	goto fail_return;
++    }
++  
+   if (eat (rdm, 'B'))
+     {
+       backref = parse_integer_62 (rdm);
+@@ -1124,7 +1133,7 @@ demangle_const (struct rust_demangler *rdm)
+           demangle_const (rdm);
+           rdm->next = old_next;
+         }
+-      return;
++      goto pass_return;
+     }
+ 
+   ty_tag = next (rdm);
+@@ -1133,7 +1142,7 @@ demangle_const (struct rust_demangler *rdm)
+     /* Placeholder. */
+     case 'p':
+       PRINT ("_");
+-      return;
++      goto pass_return;
+ 
+     /* Unsigned integer types. */
+     case 'h':
+@@ -1166,18 +1175,21 @@ demangle_const (struct rust_demangler *rdm)
+       break;
+ 
+     default:
+-      rdm->errored = 1;
+-      return;
++      goto fail_return;
+     }
+ 
+-  if (rdm->errored)
+-    return;
+-
+-  if (rdm->verbose)
++  if (!rdm->errored && rdm->verbose)
+     {
+       PRINT (": ");
+       PRINT (basic_type (ty_tag));
+     }
++
++ goto pass_return;
++ fail_return:
++  rdm->errored = 1;
++ pass_return:
++  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    -- rdm->recursion;
+ }
+ 
+ static void
+-- 
+2.45.3
+

SPECS/gcc/fix-infinite-recursion.patch

@@ -0,0 +1,123 @@
+From f10bec5ffa487ad3033ed5f38cfd0fc7d696deab Mon Sep 17 00:00:00 2001
+From: Nick Clifton <[email protected]>
+Date: Mon, 31 Jan 2022 14:28:42 +0000
+Subject: libiberty: Fix infinite recursion in rust demangler.
+
+libiberty/
+	PR demangler/98886
+	PR demangler/99935
+	* rust-demangle.c (struct rust_demangler): Add a recursion
+	counter.
+	(demangle_path): Increment/decrement the recursion counter upon
+	entry and exit.  Fail if the counter exceeds a fixed limit.
+	(demangle_type): Likewise.
+	(rust_demangle_callback): Initialise the recursion counter,
+	disabling if requested by the option flags.
+---
+ libiberty/rust-demangle.c | 47 +++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 41 insertions(+), 6 deletions(-)
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index 18c760491bdc..3b24d63892a9 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -74,6 +74,12 @@ struct rust_demangler
+   /* Rust mangling version, with legacy mangling being -1. */
+   int version;
+ 
++  /* Recursion depth.  */
++  unsigned int recursion;
++  /* Maximum number of times demangle_path may be called recursively.  */
++#define RUST_MAX_RECURSION_COUNT  1024
++#define RUST_NO_RECURSION_LIMIT   ((unsigned int) -1)
++
+   uint64_t bound_lifetime_depth;
+ };
+ 
+@@ -671,6 +677,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+   if (rdm->errored)
+     return;
+ 
++  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    {
++      ++ rdm->recursion;
++      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++	/* FIXME: There ought to be a way to report
++	   that the recursion limit has been reached.  */
++	goto fail_return;
++    }
++
+   switch (tag = next (rdm))
+     {
+     case 'C':
+@@ -688,10 +703,7 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+     case 'N':
+       ns = next (rdm);
+       if (!ISLOWER (ns) && !ISUPPER (ns))
+-        {
+-          rdm->errored = 1;
+-          return;
+-        }
++	goto fail_return;
+ 
+       demangle_path (rdm, in_value);
+ 
+@@ -776,9 +788,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+         }
+       break;
+     default:
+-      rdm->errored = 1;
+-      return;
++      goto fail_return;
+     }
++  goto pass_return;
++
++ fail_return:
++  rdm->errored = 1;
++ pass_return:
++  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    -- rdm->recursion;
+ }
+ 
+ static void
+@@ -870,6 +888,19 @@ demangle_type (struct rust_demangler *rdm)
+       return;
+     }
+ 
++   if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    {
++      ++ rdm->recursion;
++      if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++	/* FIXME: There ought to be a way to report
++	   that the recursion limit has been reached.  */
++	{
++	  rdm->errored = 1;
++	  -- rdm->recursion;
++	  return;
++	}
++    }
++
+   switch (tag)
+     {
+     case 'R':
+@@ -1030,6 +1061,9 @@ demangle_type (struct rust_demangler *rdm)
+       rdm->next--;
+       demangle_path (rdm, 0);
+     }
++
++  if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++    -- rdm->recursion;
+ }
+ 
+ /* A trait in a trait object may have some "existential projections"
+@@ -1320,6 +1354,7 @@ rust_demangle_callback (const char *mangled, int options,
+   rdm.skipping_printing = 0;
+   rdm.verbose = (options & DMGL_VERBOSE) != 0;
+   rdm.version = 0;
++  rdm.recursion = (options & DMGL_NO_RECURSE_LIMIT) ? RUST_NO_RECURSION_LIMIT : 0;
+   rdm.bound_lifetime_depth = 0;
+ 
+   /* Rust symbols always start with _R (v0) or _ZN (legacy). */
+-- 
+cgit 
+

SPECS/gcc/gcc.spec

@@ -56,14 +56,16 @@
 Summary:        Contains the GNU compiler collection
 Name:           gcc
 Version:        11.2.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Development/Tools
 URL:            https://gcc.gnu.org/
 Source0:        https://ftp.gnu.org/gnu/gcc/%{name}-%{version}/%{name}-%{version}.tar.xz
 Patch0:         CVE-2023-4039.patch
+Patch1:         fix-infinite-recursion.patch
+Patch2:         CVE-2021-32256.patch
 
 BuildRequires:  gmp-devel
 BuildRequires:  mpfr-devel
@@ -397,6 +399,12 @@ chmod +x %{__ar_no_strip}
 %undefine __strip
 %global __strip %{__ar_no_strip}
 
+# Copy libcc1 library files on the systems where it is not copied
+if [[ ! -f %{buildroot}%{_libdir}/libcc1.so ]]
+then
+    cp -p %{buildroot}%{_lib64dir}/libcc1.* %{buildroot}%{_libdir}/
+fi
+
 %check
 ulimit -s 32768
 
@@ -425,6 +433,8 @@ $tests_ok
 %exclude %{_bindir}/*gfortran
 %exclude %{_bindir}/*c++
 %exclude %{_bindir}/*g++
+%exclude %{_lib64dir}/libcc1.*
+%exclude %{_libdir}/libcc1.*
 %{_bindir}/*
 # Libraries
 %{_lib64dir}/*
@@ -520,6 +530,9 @@ $tests_ok
 %do_files aarch64-linux-gnu %{build_cross}
 
 %changelog
+* Fri Apr 18 2025 Archana Shettigar <[email protected]> - 11.2.0-9
+- Patch CVE-2021-32256 along with supporting patch
+
 * Mon Dec 11 2023 Pawel Winogrodzki <[email protected]> - 11.2.0-8
 - Added cross-compilation support for aarch64.
 - Used Fedora 36 spec (license: MIT) for guidance.

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -20,15 +20,15 @@ mpfr-4.1.0-2.cm2.aarch64.rpm
 mpfr-devel-4.1.0-2.cm2.aarch64.rpm
 libmetalink-0.1.3-1.cm2.aarch64.rpm
 libmpc-1.2.1-1.cm2.aarch64.rpm
-libgcc-11.2.0-8.cm2.aarch64.rpm
-libgcc-atomic-11.2.0-8.cm2.aarch64.rpm
-libgcc-devel-11.2.0-8.cm2.aarch64.rpm
-libstdc++-11.2.0-8.cm2.aarch64.rpm
-libstdc++-devel-11.2.0-8.cm2.aarch64.rpm
-libgomp-11.2.0-8.cm2.aarch64.rpm
-libgomp-devel-11.2.0-8.cm2.aarch64.rpm
-gcc-11.2.0-8.cm2.aarch64.rpm
-gcc-c++-11.2.0-8.cm2.aarch64.rpm
+libgcc-11.2.0-9.cm2.aarch64.rpm
+libgcc-atomic-11.2.0-9.cm2.aarch64.rpm
+libgcc-devel-11.2.0-9.cm2.aarch64.rpm
+libstdc++-11.2.0-9.cm2.aarch64.rpm
+libstdc++-devel-11.2.0-9.cm2.aarch64.rpm
+libgomp-11.2.0-9.cm2.aarch64.rpm
+libgomp-devel-11.2.0-9.cm2.aarch64.rpm
+gcc-11.2.0-9.cm2.aarch64.rpm
+gcc-c++-11.2.0-9.cm2.aarch64.rpm
 libpkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -20,15 +20,15 @@ mpfr-4.1.0-2.cm2.x86_64.rpm
 mpfr-devel-4.1.0-2.cm2.x86_64.rpm
 libmetalink-0.1.3-1.cm2.x86_64.rpm
 libmpc-1.2.1-1.cm2.x86_64.rpm
-libgcc-11.2.0-8.cm2.x86_64.rpm
-libgcc-atomic-11.2.0-8.cm2.x86_64.rpm
-libgcc-devel-11.2.0-8.cm2.x86_64.rpm
-libstdc++-11.2.0-8.cm2.x86_64.rpm
-libstdc++-devel-11.2.0-8.cm2.x86_64.rpm
-libgomp-11.2.0-8.cm2.x86_64.rpm
-libgomp-devel-11.2.0-8.cm2.x86_64.rpm
-gcc-11.2.0-8.cm2.x86_64.rpm
-gcc-c++-11.2.0-8.cm2.x86_64.rpm
+libgcc-11.2.0-9.cm2.x86_64.rpm
+libgcc-atomic-11.2.0-9.cm2.x86_64.rpm
+libgcc-devel-11.2.0-9.cm2.x86_64.rpm
+libstdc++-11.2.0-9.cm2.x86_64.rpm
+libstdc++-devel-11.2.0-9.cm2.x86_64.rpm
+libgomp-11.2.0-9.cm2.x86_64.rpm
+libgomp-devel-11.2.0-9.cm2.x86_64.rpm
+gcc-11.2.0-9.cm2.x86_64.rpm
+gcc-c++-11.2.0-9.cm2.x86_64.rpm
 libpkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -91,16 +91,16 @@ flex-debuginfo-2.6.4-7.cm2.aarch64.rpm
 flex-devel-2.6.4-7.cm2.aarch64.rpm
 gawk-5.1.1-1.cm2.aarch64.rpm
 gawk-debuginfo-5.1.1-1.cm2.aarch64.rpm
-gcc-11.2.0-8.cm2.aarch64.rpm
-gcc-c++-11.2.0-8.cm2.aarch64.rpm
-gcc-debuginfo-11.2.0-8.cm2.aarch64.rpm
+gcc-11.2.0-9.cm2.aarch64.rpm
+gcc-c++-11.2.0-9.cm2.aarch64.rpm
+gcc-debuginfo-11.2.0-9.cm2.aarch64.rpm
 gdbm-1.21-1.cm2.aarch64.rpm
 gdbm-debuginfo-1.21-1.cm2.aarch64.rpm
 gdbm-devel-1.21-1.cm2.aarch64.rpm
 gdbm-lang-1.21-1.cm2.aarch64.rpm
 gettext-0.21-3.cm2.aarch64.rpm
 gettext-debuginfo-0.21-3.cm2.aarch64.rpm
-gfortran-11.2.0-8.cm2.aarch64.rpm
+gfortran-11.2.0-9.cm2.aarch64.rpm
 glib-2.71.0-7.cm2.aarch64.rpm
 glib-debuginfo-2.71.0-7.cm2.aarch64.rpm
 glib-devel-2.71.0-7.cm2.aarch64.rpm
@@ -150,7 +150,7 @@ libarchive-devel-3.6.1-7.cm2.aarch64.rpm
 libassuan-2.5.5-2.cm2.aarch64.rpm
 libassuan-debuginfo-2.5.5-2.cm2.aarch64.rpm
 libassuan-devel-2.5.5-2.cm2.aarch64.rpm
-libbacktrace-static-11.2.0-8.cm2.aarch64.rpm
+libbacktrace-static-11.2.0-9.cm2.aarch64.rpm
 libcap-2.60-4.cm2.aarch64.rpm
 libcap-debuginfo-2.60-4.cm2.aarch64.rpm
 libcap-devel-2.60-4.cm2.aarch64.rpm
@@ -160,14 +160,14 @@ libcap-ng-devel-0.8.2-2.cm2.aarch64.rpm
 libffi-3.4.2-3.cm2.aarch64.rpm
 libffi-debuginfo-3.4.2-3.cm2.aarch64.rpm
 libffi-devel-3.4.2-3.cm2.aarch64.rpm
-libgcc-11.2.0-8.cm2.aarch64.rpm
-libgcc-atomic-11.2.0-8.cm2.aarch64.rpm
-libgcc-devel-11.2.0-8.cm2.aarch64.rpm
+libgcc-11.2.0-9.cm2.aarch64.rpm
+libgcc-atomic-11.2.0-9.cm2.aarch64.rpm
+libgcc-devel-11.2.0-9.cm2.aarch64.rpm
 libgcrypt-1.10.3-1.cm2.aarch64.rpm
 libgcrypt-debuginfo-1.10.3-1.cm2.aarch64.rpm
 libgcrypt-devel-1.10.3-1.cm2.aarch64.rpm
-libgomp-11.2.0-8.cm2.aarch64.rpm
-libgomp-devel-11.2.0-8.cm2.aarch64.rpm
+libgomp-11.2.0-9.cm2.aarch64.rpm
+libgomp-devel-11.2.0-9.cm2.aarch64.rpm
 libgpg-error-1.46-1.cm2.aarch64.rpm
 libgpg-error-debuginfo-1.46-1.cm2.aarch64.rpm
 libgpg-error-devel-1.46-1.cm2.aarch64.rpm
@@ -202,8 +202,8 @@ libsolv-tools-0.7.24-1.cm2.aarch64.rpm
 libssh2-1.9.0-4.cm2.aarch64.rpm
 libssh2-debuginfo-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
-libstdc++-11.2.0-8.cm2.aarch64.rpm
-libstdc++-devel-11.2.0-8.cm2.aarch64.rpm
+libstdc++-11.2.0-9.cm2.aarch64.rpm
+libstdc++-devel-11.2.0-9.cm2.aarch64.rpm
 libtasn1-4.19.0-2.cm2.aarch64.rpm
 libtasn1-debuginfo-4.19.0-2.cm2.aarch64.rpm
 libtasn1-devel-4.19.0-2.cm2.aarch64.rpm