[arch-commits] Commit in lib32-elfutils/trunk (3 files)
Laurent Carlier
lcarlier at nymeria.archlinux.org
Mon Apr 28 16:40:32 UTC 2014
Date: Monday, April 28, 2014 @ 18:40:31
Author: lcarlier
Revision: 110383
upgpkg: lib32-elfutils 0.158-2
fix CVE-2014-0172
Added:
lib32-elfutils/trunk/CVE-2014-0172.patch
Modified:
lib32-elfutils/trunk/PKGBUILD
Deleted:
lib32-elfutils/trunk/git-fixes.patch
---------------------+
CVE-2014-0172.patch | 37 ++++++++++++++++++++++++
PKGBUILD | 18 ++++++++++--
git-fixes.patch | 75 --------------------------------------------------
3 files changed, 52 insertions(+), 78 deletions(-)
Added: CVE-2014-0172.patch
===================================================================
--- CVE-2014-0172.patch (rev 0)
+++ CVE-2014-0172.patch 2014-04-28 16:40:31 UTC (rev 110383)
@@ -0,0 +1,37 @@
+From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mjw at redhat.com>
+Date: Wed, 9 Apr 2014 11:33:23 +0200
+Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
+ uncompress data.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1085663
+
+Reported-by: Florian Weimer <fweimer at redhat.com>
+Signed-off-by: Mark Wielaard <mjw at redhat.com>
+diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
+index 79daeac..34ea373 100644
+--- a/libdw/dwarf_begin_elf.c
++++ b/libdw/dwarf_begin_elf.c
+@@ -1,5 +1,5 @@
+ /* Create descriptor from ELF descriptor for processing file.
+- Copyright (C) 2002-2011 Red Hat, Inc.
++ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
+ This file is part of elfutils.
+ Written by Ulrich Drepper <drepper at redhat.com>, 2002.
+
+@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
+ memcpy (&size, data->d_buf + 4, sizeof size);
+ size = be64toh (size);
+
++ /* Check for unsigned overflow so malloc always allocated
++ enough memory for both the Elf_Data header and the
++ uncompressed section data. */
++ if (unlikely (sizeof (Elf_Data) + size < size))
++ break;
++
+ Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
+ if (unlikely (zdata == NULL))
+ break;
+--
+1.9.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-28 16:33:31 UTC (rev 110382)
+++ PKGBUILD 2014-04-28 16:40:31 UTC (rev 110383)
@@ -5,7 +5,7 @@
_pkgbasename=elfutils
pkgname=lib32-elfutils
pkgver=0.158
-pkgrel=1
+pkgrel=2
pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)"
arch=('x86_64')
url="https://fedorahosted.org/elfutils/"
@@ -12,9 +12,21 @@
license=('LGPL3' 'GPL' 'GPL3')
depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
makedepends=('gcc-multilib')
-source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2)
-sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d')
+source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2
+ fix-run-backtrace-native-core-test.patch
+ CVE-2014-0172.patch)
+sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d'
+ '8ecef640f3d1229cdf45ffda016a69848c18e61b'
+ '3e776c07d6ca2c7604a384d266f79c3ece1fb179')
+prepare() {
+ cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ patch -Np1 -i ../fix-run-backtrace-native-core-test.patch
+ # merged upstream
+ patch -Np1 -i ../CVE-2014-0172.patch
+}
+
build() {
cd ${srcdir}/${_pkgbasename}-${pkgver}
Deleted: git-fixes.patch
===================================================================
--- git-fixes.patch 2014-04-28 16:33:31 UTC (rev 110382)
+++ git-fixes.patch 2014-04-28 16:40:31 UTC (rev 110383)
@@ -1,75 +0,0 @@
-From 57bd66cabf6e6b9ecf622cdbf350804897a8df58 Mon Sep 17 00:00:00 2001
-From: Roland McGrath <roland at hack.frob.com>
-Date: Tue, 11 Dec 2012 17:42:07 +0000
-Subject: nm: Fix size passed to snprintf for invalid sh_name case.
-
-Signed-off-by: Roland McGrath <roland at hack.frob.com>
----
-(limited to 'src/nm.c')
-
-diff --git a/src/nm.c b/src/nm.c
-index f50da0b..8a1c57a 100644
---- a/src/nm.c
-+++ b/src/nm.c
-@@ -769,8 +769,9 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- if (unlikely (name == NULL))
- {
-- name = alloca (sizeof "[invalid sh_name 0x12345678]");
-- snprintf (name, sizeof name, "[invalid sh_name %#" PRIx32 "]",
-+ const size_t bufsz = sizeof "[invalid sh_name 0x12345678]"
-+ name = alloca (bufsz);
-+ snprintf (name, bufsz, "[invalid sh_name %#" PRIx32 "]",
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- }
- scnnames[elf_ndxscn (scn)] = name;
---
-cgit v0.9.1
-From 7df3d2cd70932cd70515dbeb75e4db66fd27f192 Mon Sep 17 00:00:00 2001
-From: Mark Wielaard <mjw at redhat.com>
-Date: Tue, 11 Dec 2012 21:27:05 +0000
-Subject: Add missing semicolon in show_symbols_sysv
-
-Signed-off-by: Mark Wielaard <mjw at redhat.com>
----
-(limited to 'src/nm.c')
-
-diff --git a/src/nm.c b/src/nm.c
-index 8a1c57a..7aae84b 100644
---- a/src/nm.c
-+++ b/src/nm.c
-@@ -769,7 +769,7 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- if (unlikely (name == NULL))
- {
-- const size_t bufsz = sizeof "[invalid sh_name 0x12345678]"
-+ const size_t bufsz = sizeof "[invalid sh_name 0x12345678]";
- name = alloca (bufsz);
- snprintf (name, bufsz, "[invalid sh_name %#" PRIx32 "]",
- gelf_getshdr (scn, &shdr_mem)->sh_name);
---
-cgit v0.9.1
-From 1a4d0668d18bf1090c5c08cdb5cb3ba2b8eb5410 Mon Sep 17 00:00:00 2001
-From: David Abdurachmanov <David.Abdurachmanov at cern.ch>
-Date: Sun, 13 Jan 2013 15:44:21 +0000
-Subject: ar.c (do_oper_delete): Fix num passed to memset.
-
-Signed-off-by: David Abdurachmanov <David.Abdurachmanov at cern.ch>
----
-(limited to 'src/ar.c')
-
-diff --git a/src/ar.c b/src/ar.c
-index 03da1b7..2d6ad60 100644
---- a/src/ar.c
-+++ b/src/ar.c
-@@ -919,7 +919,7 @@ do_oper_delete (const char *arfname, char **argv, int argc,
- long int instance)
- {
- bool *found = alloca (sizeof (bool) * argc);
-- memset (found, '\0', sizeof (found));
-+ memset (found, '\0', sizeof (bool) * argc);
-
- /* List of the files we keep. */
- struct armem *to_copy = NULL;
---
-cgit v0.9.1
More information about the arch-commits
mailing list