[Bug ld/25243] static linking with exceptions and iostream is broken on ARM
https://sourceware.org/bugzilla/show_bug.cgi?id=25243 --- Comment #5 from Michael Olbrich --- Thanks. I've tested the patch in my setup and it works as expected. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/25244] --print-memory-usage, division by zero if MEMORY length is zero
https://sourceware.org/bugzilla/show_bug.cgi?id=25244 --- Comment #4 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2410edcd3176d81d0ab8d24afe69f0d59649f69e commit 2410edcd3176d81d0ab8d24afe69f0d59649f69e Author: Alan Modra Date: Thu Dec 5 21:29:21 2019 +1030 Re: PR25244, --print-memory-usage, division by zero if MEMORY length is zero Do print the linefeed when length is zero. PR 25244 * ldlang.c (lang_print_memory_usage): Correct last patch. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/25244] --print-memory-usage, division by zero if MEMORY length is zero
https://sourceware.org/bugzilla/show_bug.cgi?id=25244 --- Comment #5 from Alan Modra --- (In reply to Pekka Seppänen from comment #3) > I think there's a slight issue with this patch: It also omits the linefeed > for that particular memory region, should the length be zero. Thanks for noticiing. -- You are receiving this mail because: You are on the CC list for the bug.
Re: Bug Report ( sensitive information on Github )
Any update on this? On Sun 1 Dec, 2019, 10:15 PM kunal mhaske, wrote: > Any update on this? > > On Sun 17 Nov, 2019, 5:49 PM kunal mhaske, > wrote: > >> Title: Leaking sensitive information on Github (Database connection >> And username, password) >> >> Vulnerability Name: Information Leak - Github >> >> Target: https://www.redhat.com/ >> >> Summary: >> Accidental leakage of secret keys in such code repositories is a real >> problem, I decided to dig deeper than the previous report and looking >> to some random profiles in Github, and doing some dirty work I was >> able to access to the developer’s company’s internal chats and files >> on Slack. And not only that, there’s no easy way to see if someone is >> eavesdropping on the communication. In the worst case scenario, these >> chats can leak production database credentials, source code, files >> with passwords and highly sensitive information. >> >> Description: >> After some research, I found a leak on GitHub that might lead to >> accessing sensitive data of employees or clients (not sure based on >> the code). I have not confirmed what kind of data is in there to >> avoid potential legal issues. I will let you guys figure that out >> >> I am not sure who is the owner of the repository, but I can tell you >> that the SAP credentials are for someone at apple. >> >> 1.On The following link You can see the users information link ( see >> screenshot 1&2) : >> >> https://github.com/search?p=3&q=%22leaseweb%22language%3Abash+password&type=Code >> >> 2. I have check the user profile on LinedIn( For Proof See the "Proof" >> Image ) : https://de.linkedin.com/in/sebastian-hetze-3609b228 >> >> 3. Sebastian Hetze is Senior Solution Architect at Red Hat >> >> >> Step: >> >> 1.search the "Red Hat" password in the github. >> >> 2.Select sort: recent indexed >> >> 3.then click on the code and see the Database connection. >> >> 4.then you can see their is many users. >> >> 5.then you see their is someone users secret is display. >> >> Impact >> High potential of an unauthorized access to PII data. >> >
[Bug ld/25029] Invalid PE file caused by discarded .rdata section
https://sourceware.org/bugzilla/show_bug.cgi?id=25029 Nick Clifton changed: What|Removed |Added Status|WAITING |RESOLVED Resolution|--- |FIXED --- Comment #15 from Nick Clifton --- Patch applied. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug ld/25029] Invalid PE file caused by discarded .rdata section
https://sourceware.org/bugzilla/show_bug.cgi?id=25029 --- Comment #14 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a23e9ba17f6ab8bef1f2cc02686e8567bdc728ca commit a23e9ba17f6ab8bef1f2cc02686e8567bdc728ca Author: Nick Clifton Date: Thu Dec 5 13:56:07 2019 + Fix a problem computing the size fields in the PE format header. PR 25029 * peXXigen.c (_bfd_XXi_swap_aouthdr_out): Ignore empty sections when computing the sizes stored in the headers. -- You are receiving this mail because: You are on the CC list for the bug.
Re: Bug Report ( sensitive information on Github )
kunal mhaske writes: > Any update on this? I don't understand why you are reporting this to bug-binutils@gnu.org. Ian
Issue 18681 in oss-fuzz: binutils:fuzz_disassemble: Null-dereference READ in objdump_sprintf
Updates: Labels: -restrict-view-commit Comment #3 on issue 18681 by sheriff...@chromium.org: binutils:fuzz_disassemble: Null-dereference READ in objdump_sprintf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18681#c3 This bug has been fixed for 30 days. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 18687 in oss-fuzz: binutils:fuzz_disassemble: Global-buffer-overflow in disassemble
Updates: Labels: -restrict-view-commit Comment #3 on issue 18687 by sheriff...@chromium.org: binutils:fuzz_disassemble: Global-buffer-overflow in disassemble https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18687#c3 This bug has been fixed for 30 days. It has been opened to the public. - Your friendly Sheriffbot -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
[Bug ld/25236] common symbol: don't consider definitions in shared objects
https://sourceware.org/bugzilla/show_bug.cgi?id=25236 Alan Modra changed: What|Removed |Added CC||amodra at gmail dot com --- Comment #2 from Alan Modra --- Let's ignore symbol versioning for now. What is the correct result when linking ld -shared -o a.so a.o b.so? In b.so we have a STB_GLOBAL STT_OBJECT mpi_fortran_argvs_null_ defined in .bss, treated by ld as a common symbol. In a.o we have a STB_GLOBAL STT_OBJECT mpi_fortran_argvs_null_ SHN_COMMON symbol. The ELF spec says of STT_COMMON symbols: "When the dynamic linker encounters a reference to a symbol that resolves to a definition of type STT_COMMON, it may (but is not required to) change its symbol resolution rules as follows: instead of binding the reference to the first symbol found with the given name, the dynamic linker searches for the first symbol with that name with type other than STT_COMMON. If no such symbol is found, it looks for the STT_COMMON definition of that name that has the largest size." OK, so we don't have STT_COMMON here (ld.bfd was implemented before STT_COMMON was added to the ELF spec), but the behaviour of common symbols is clear. If at runtime the dynamic linker may choose the common symbol with the largest size, then it's quite correct for ld to do so too. This is old established behaviour, dating back to at least 1997. I believe it is a bug that lld and gold do not do this. I haven't yet looked at why ld.bfd makes mpi_fortran_argvs_null_ versioned local, that does seem odd. -- You are receiving this mail because: You are on the CC list for the bug.
Re: Bug Report ( sensitive information on Github )
Because the github leak the your engineers id and password On Thu 5 Dec, 2019, 9:41 PM Ian Lance Taylor, wrote: > kunal mhaske writes: > > > Any update on this? > > I don't understand why you are reporting this to bug-binutils@gnu.org. > > Ian >
Re: Bug Report ( sensitive information on Github )
This is very harmfull..fix this .. On Fri 6 Dec, 2019, 7:47 AM kunal mhaske, wrote: > Because the github leak the your engineers id and password > > On Thu 5 Dec, 2019, 9:41 PM Ian Lance Taylor, wrote: > >> kunal mhaske writes: >> >> > Any update on this? >> >> I don't understand why you are reporting this to bug-binutils@gnu.org. >> >> Ian >> >
Re: Bug Report ( sensitive information on Github )
Any Attacker get that engineer credentials through github.. On Fri 6 Dec, 2019, 7:47 AM kunal mhaske, wrote: > This is very harmfull..fix this .. > > On Fri 6 Dec, 2019, 7:47 AM kunal mhaske, > wrote: > >> Because the github leak the your engineers id and password >> >> On Thu 5 Dec, 2019, 9:41 PM Ian Lance Taylor, wrote: >> >>> kunal mhaske writes: >>> >>> > Any update on this? >>> >>> I don't understand why you are reporting this to bug-binutils@gnu.org. >>> >>> Ian >>> >>
