[arm-none-eabi-binutils-cs/f21] fix directory traversal vulnerability (#1162657)

[Michal Hlavinka]

commit 0fbbca69b77824d0fd7bdbdc38947427f3bb3eda
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Wed Nov 12 19:00:30 2014 +0100

    fix directory traversal vulnerability (#1162657)
    
    - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
    - fix CVE-2014-8502: heap overflow in objdump
    - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
    - fix CVE-2014-8504: stack overflow in the SREC parser

 .gitignore                     |    1 +
 arm-none-eabi-binutils-cs.spec |   15 ++++++++++-----
 sources                        |    2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 4733104..df25a17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 /binutils-2012.09-63.tar.bz2
 /binutils-2013.05-23.tar.bz2
 /binutils-2013.11-24.tar.bz2
+/binutils-2014.05-28.tar.bz2
diff --git a/arm-none-eabi-binutils-cs.spec b/arm-none-eabi-binutils-cs.spec
index 59956d5..e0344ef 100644
--- a/arm-none-eabi-binutils-cs.spec
+++ b/arm-none-eabi-binutils-cs.spec
@@ -1,8 +1,8 @@
 # CodeSourcery releases are identified by a date, a release number,
 # and a package number for downloading from their web site
-%global cs_date        2013.11
-%global cs_rel         24
-%global cs_pkgnum      12189
+%global cs_date        2014.05
+%global cs_rel         28
+%global cs_pkgnum      12773
 %global binutils_ver   2.23
 
 %global processor_arch arm
@@ -10,7 +10,7 @@
 
 Name:           %{target}-binutils-cs
 Version:        %{cs_date}.%{cs_rel}
-Release:        4%{?dist}
+Release:        2%{?dist}
 Summary:        GNU Binutils for cross-compilation for %{target} target
 Group:          Development/Tools
 # Most of the sources are licensed under GPLv3+ with these exceptions:
@@ -52,6 +52,7 @@ of FSF.
 %prep
 %setup -q -n binutils-%{cs_date}
 cp -p %{SOURCE1} .
+rm -rf gdb sim
 %patch2 -p1 -b .cve_2014_8501
 %patch3 -p1 -b .cve_2014_8502pre
 %patch4 -p1 -b .cve_2014_8502
@@ -64,6 +65,7 @@ cp -p %{SOURCE1} .
             --target=%{target} \
             --enable-interwork \
             --enable-multilib \
+            --enable-plugins \
             --disable-nls \
             --disable-shared \
             --disable-threads \
@@ -98,13 +100,16 @@ rm -r %{buildroot}%{_infodir}
 
 
 %changelog
-* Wed Nov 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 2013.11.24-4
+* Wed Nov 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 2014.05.28-2
 - fix directory traversal vulnerability (#1162657)
 - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
 - fix CVE-2014-8502: heap overflow in objdump
 - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
 - fix CVE-2014-8504: stack overflow in the SREC parser
 
+* Wed Aug 20 2014 Michal Hlavinka <mhlavink at redhat.com> - 2014.05.28-1
+- updated to 2014.05-28
+
 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2013.11.24-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 
diff --git a/sources b/sources
index 006ea7e..3c92d7b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a588664f5e062d0bdac6c820849cd48c  binutils-2013.11-24.tar.bz2
+683ca27cadcbf94c5773596a4d33d57a  binutils-2014.05-28.tar.bz2