[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (6 files)
Laurent Carlier
lcarlier at nymeria.archlinux.org
Mon Apr 28 16:40:40 UTC 2014
Date: Monday, April 28, 2014 @ 18:40:40
Author: lcarlier
Revision: 110384
archrelease: copy trunk to multilib-x86_64
Added:
lib32-elfutils/repos/multilib-x86_64/CVE-2014-0172.patch
(from rev 110383, lib32-elfutils/trunk/CVE-2014-0172.patch)
lib32-elfutils/repos/multilib-x86_64/PKGBUILD
(from rev 110383, lib32-elfutils/trunk/PKGBUILD)
lib32-elfutils/repos/multilib-x86_64/fix-run-backtrace-native-core-test.patch
(from rev 110383, lib32-elfutils/trunk/fix-run-backtrace-native-core-test.patch)
Deleted:
lib32-elfutils/repos/multilib-x86_64/PKGBUILD
lib32-elfutils/repos/multilib-x86_64/fix-run-backtrace-native-core-test.patch
lib32-elfutils/repos/multilib-x86_64/git-fixes.patch
------------------------------------------+
CVE-2014-0172.patch | 37 +++++++++++
PKGBUILD | 94 ++++++++++++++++-------------
fix-run-backtrace-native-core-test.patch | 86 +++++++++++++-------------
git-fixes.patch | 75 -----------------------
4 files changed, 133 insertions(+), 159 deletions(-)
Copied: lib32-elfutils/repos/multilib-x86_64/CVE-2014-0172.patch (from rev 110383, lib32-elfutils/trunk/CVE-2014-0172.patch)
===================================================================
--- CVE-2014-0172.patch (rev 0)
+++ CVE-2014-0172.patch 2014-04-28 16:40:40 UTC (rev 110384)
@@ -0,0 +1,37 @@
+From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mjw at redhat.com>
+Date: Wed, 9 Apr 2014 11:33:23 +0200
+Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
+ uncompress data.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1085663
+
+Reported-by: Florian Weimer <fweimer at redhat.com>
+Signed-off-by: Mark Wielaard <mjw at redhat.com>
+diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
+index 79daeac..34ea373 100644
+--- a/libdw/dwarf_begin_elf.c
++++ b/libdw/dwarf_begin_elf.c
+@@ -1,5 +1,5 @@
+ /* Create descriptor from ELF descriptor for processing file.
+- Copyright (C) 2002-2011 Red Hat, Inc.
++ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
+ This file is part of elfutils.
+ Written by Ulrich Drepper <drepper at redhat.com>, 2002.
+
+@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
+ memcpy (&size, data->d_buf + 4, sizeof size);
+ size = be64toh (size);
+
++ /* Check for unsigned overflow so malloc always allocated
++ enough memory for both the Elf_Data header and the
++ uncompressed section data. */
++ if (unlikely (sizeof (Elf_Data) + size < size))
++ break;
++
+ Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
+ if (unlikely (zdata == NULL))
+ break;
+--
+1.9.2
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-28 16:40:31 UTC (rev 110383)
+++ PKGBUILD 2014-04-28 16:40:40 UTC (rev 110384)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
-# Contributor: Andrej Gelenberg <andrej.gelenberg at udo.edu>
-
-_pkgbasename=elfutils
-pkgname=lib32-elfutils
-pkgver=0.158
-pkgrel=1
-pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)"
-arch=('x86_64')
-url="https://fedorahosted.org/elfutils/"
-license=('LGPL3' 'GPL' 'GPL3')
-depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
-makedepends=('gcc-multilib')
-source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2)
-sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d')
-
-build() {
- cd ${srcdir}/${_pkgbasename}-${pkgver}
-
- export CC="gcc -m32"
- export CXX="g++ -m32"
- export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
- CFLAGS+=" -g" # required for test-suite success
-
- ./configure --prefix=/usr --libdir=/usr/lib32
- make
-}
-
-#check() {
-# cd ${srcdir}/${_pkgbasename}-${pkgver}
-#
-# make check
-#}
-
-package() {
- cd ${srcdir}/${_pkgbasename}-${pkgver}
-
- make DESTDIR=${pkgdir} install
- rm -rf ${pkgdir}/usr/{bin,include,share}
-}
Copied: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 110383, lib32-elfutils/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2014-04-28 16:40:40 UTC (rev 110384)
@@ -0,0 +1,53 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault <stephane at archlinux.org>
+# Contributor: Andrej Gelenberg <andrej.gelenberg at udo.edu>
+
+_pkgbasename=elfutils
+pkgname=lib32-elfutils
+pkgver=0.158
+pkgrel=2
+pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)"
+arch=('x86_64')
+url="https://fedorahosted.org/elfutils/"
+license=('LGPL3' 'GPL' 'GPL3')
+depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
+makedepends=('gcc-multilib')
+source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2
+ fix-run-backtrace-native-core-test.patch
+ CVE-2014-0172.patch)
+sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d'
+ '8ecef640f3d1229cdf45ffda016a69848c18e61b'
+ '3e776c07d6ca2c7604a384d266f79c3ece1fb179')
+
+prepare() {
+ cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ patch -Np1 -i ../fix-run-backtrace-native-core-test.patch
+ # merged upstream
+ patch -Np1 -i ../CVE-2014-0172.patch
+}
+
+build() {
+ cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+ export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+ CFLAGS+=" -g" # required for test-suite success
+
+ ./configure --prefix=/usr --libdir=/usr/lib32
+ make
+}
+
+#check() {
+# cd ${srcdir}/${_pkgbasename}-${pkgver}
+#
+# make check
+#}
+
+package() {
+ cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ make DESTDIR=${pkgdir} install
+ rm -rf ${pkgdir}/usr/{bin,include,share}
+}
Deleted: fix-run-backtrace-native-core-test.patch
===================================================================
--- fix-run-backtrace-native-core-test.patch 2014-04-28 16:40:31 UTC (rev 110383)
+++ fix-run-backtrace-native-core-test.patch 2014-04-28 16:40:40 UTC (rev 110384)
@@ -1,43 +0,0 @@
-From e922ec4e3bcd7c164a9ce424accac4394e7d5afd Mon Sep 17 00:00:00 2001
-From: Matthias Klose <doko at ubuntu.com>
-Date: Tue, 07 Jan 2014 09:25:29 +0000
-Subject: tests: backtrace-subr.sh (check_native_core) should check core file name.
-
-Needed when /proc/sys/kernel/core_uses_pid is set to 0. Try to rename
-the core file, and if it does still fail, skip the test.
-
-Signed-off-by: Mark Wielaard <mjw at redhat.com>
----
-diff --git a/tests/ChangeLog b/tests/ChangeLog
-index 63b7bed..7e9dcf4 100644
---- a/tests/ChangeLog
-+++ b/tests/ChangeLog
-@@ -1,3 +1,9 @@
-+2014-01-07 Matthias Klose <doko at ubuntu.com>
-+
-+ * backtrace-subr.sh (check_native_core): Check to see if core file
-+ was created without ".PID" extension, if so mv core to core.PID.
-+ Skip test if no core file was created or could be found.
-+
- 2014-01-04 Mark Wielaard <mjw at redhat.com>
-
- * backtrace-data.c (main): Don't assert if raise returns.
-diff --git a/tests/backtrace-subr.sh b/tests/backtrace-subr.sh
-index e7ece91..62b873c 100644
---- a/tests/backtrace-subr.sh
-+++ b/tests/backtrace-subr.sh
-@@ -111,6 +111,11 @@ check_native_core()
-
- # Skip the test if we cannot adjust core ulimit.
- core="core.`ulimit -c unlimited || exit 77; set +ex; testrun ${abs_builddir}/$child --gencore; true`"
-+ # see if /proc/sys/kernel/core_uses_pid is set to 0
-+ if [ -f core ]; then
-+ mv core "$core"
-+ fi
-+ if [ ! -f "$core" ]; then exit 77; fi
-
- if [ "x$SAVED_VALGRIND_CMD" != "x" ]; then
- VALGRIND_CMD="$SAVED_VALGRIND_CMD"
---
-cgit v0.9.2
-
Copied: lib32-elfutils/repos/multilib-x86_64/fix-run-backtrace-native-core-test.patch (from rev 110383, lib32-elfutils/trunk/fix-run-backtrace-native-core-test.patch)
===================================================================
--- fix-run-backtrace-native-core-test.patch (rev 0)
+++ fix-run-backtrace-native-core-test.patch 2014-04-28 16:40:40 UTC (rev 110384)
@@ -0,0 +1,43 @@
+From e922ec4e3bcd7c164a9ce424accac4394e7d5afd Mon Sep 17 00:00:00 2001
+From: Matthias Klose <doko at ubuntu.com>
+Date: Tue, 07 Jan 2014 09:25:29 +0000
+Subject: tests: backtrace-subr.sh (check_native_core) should check core file name.
+
+Needed when /proc/sys/kernel/core_uses_pid is set to 0. Try to rename
+the core file, and if it does still fail, skip the test.
+
+Signed-off-by: Mark Wielaard <mjw at redhat.com>
+---
+diff --git a/tests/ChangeLog b/tests/ChangeLog
+index 63b7bed..7e9dcf4 100644
+--- a/tests/ChangeLog
++++ b/tests/ChangeLog
+@@ -1,3 +1,9 @@
++2014-01-07 Matthias Klose <doko at ubuntu.com>
++
++ * backtrace-subr.sh (check_native_core): Check to see if core file
++ was created without ".PID" extension, if so mv core to core.PID.
++ Skip test if no core file was created or could be found.
++
+ 2014-01-04 Mark Wielaard <mjw at redhat.com>
+
+ * backtrace-data.c (main): Don't assert if raise returns.
+diff --git a/tests/backtrace-subr.sh b/tests/backtrace-subr.sh
+index e7ece91..62b873c 100644
+--- a/tests/backtrace-subr.sh
++++ b/tests/backtrace-subr.sh
+@@ -111,6 +111,11 @@ check_native_core()
+
+ # Skip the test if we cannot adjust core ulimit.
+ core="core.`ulimit -c unlimited || exit 77; set +ex; testrun ${abs_builddir}/$child --gencore; true`"
++ # see if /proc/sys/kernel/core_uses_pid is set to 0
++ if [ -f core ]; then
++ mv core "$core"
++ fi
++ if [ ! -f "$core" ]; then exit 77; fi
+
+ if [ "x$SAVED_VALGRIND_CMD" != "x" ]; then
+ VALGRIND_CMD="$SAVED_VALGRIND_CMD"
+--
+cgit v0.9.2
+
Deleted: git-fixes.patch
===================================================================
--- git-fixes.patch 2014-04-28 16:40:31 UTC (rev 110383)
+++ git-fixes.patch 2014-04-28 16:40:40 UTC (rev 110384)
@@ -1,75 +0,0 @@
-From 57bd66cabf6e6b9ecf622cdbf350804897a8df58 Mon Sep 17 00:00:00 2001
-From: Roland McGrath <roland at hack.frob.com>
-Date: Tue, 11 Dec 2012 17:42:07 +0000
-Subject: nm: Fix size passed to snprintf for invalid sh_name case.
-
-Signed-off-by: Roland McGrath <roland at hack.frob.com>
----
-(limited to 'src/nm.c')
-
-diff --git a/src/nm.c b/src/nm.c
-index f50da0b..8a1c57a 100644
---- a/src/nm.c
-+++ b/src/nm.c
-@@ -769,8 +769,9 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- if (unlikely (name == NULL))
- {
-- name = alloca (sizeof "[invalid sh_name 0x12345678]");
-- snprintf (name, sizeof name, "[invalid sh_name %#" PRIx32 "]",
-+ const size_t bufsz = sizeof "[invalid sh_name 0x12345678]"
-+ name = alloca (bufsz);
-+ snprintf (name, bufsz, "[invalid sh_name %#" PRIx32 "]",
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- }
- scnnames[elf_ndxscn (scn)] = name;
---
-cgit v0.9.1
-From 7df3d2cd70932cd70515dbeb75e4db66fd27f192 Mon Sep 17 00:00:00 2001
-From: Mark Wielaard <mjw at redhat.com>
-Date: Tue, 11 Dec 2012 21:27:05 +0000
-Subject: Add missing semicolon in show_symbols_sysv
-
-Signed-off-by: Mark Wielaard <mjw at redhat.com>
----
-(limited to 'src/nm.c')
-
-diff --git a/src/nm.c b/src/nm.c
-index 8a1c57a..7aae84b 100644
---- a/src/nm.c
-+++ b/src/nm.c
-@@ -769,7 +769,7 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
- gelf_getshdr (scn, &shdr_mem)->sh_name);
- if (unlikely (name == NULL))
- {
-- const size_t bufsz = sizeof "[invalid sh_name 0x12345678]"
-+ const size_t bufsz = sizeof "[invalid sh_name 0x12345678]";
- name = alloca (bufsz);
- snprintf (name, bufsz, "[invalid sh_name %#" PRIx32 "]",
- gelf_getshdr (scn, &shdr_mem)->sh_name);
---
-cgit v0.9.1
-From 1a4d0668d18bf1090c5c08cdb5cb3ba2b8eb5410 Mon Sep 17 00:00:00 2001
-From: David Abdurachmanov <David.Abdurachmanov at cern.ch>
-Date: Sun, 13 Jan 2013 15:44:21 +0000
-Subject: ar.c (do_oper_delete): Fix num passed to memset.
-
-Signed-off-by: David Abdurachmanov <David.Abdurachmanov at cern.ch>
----
-(limited to 'src/ar.c')
-
-diff --git a/src/ar.c b/src/ar.c
-index 03da1b7..2d6ad60 100644
---- a/src/ar.c
-+++ b/src/ar.c
-@@ -919,7 +919,7 @@ do_oper_delete (const char *arfname, char **argv, int argc,
- long int instance)
- {
- bool *found = alloca (sizeof (bool) * argc);
-- memset (found, '\0', sizeof (found));
-+ memset (found, '\0', sizeof (bool) * argc);
-
- /* List of the files we keep. */
- struct armem *to_copy = NULL;
---
-cgit v0.9.1
More information about the arch-commits
mailing list