Accepting request 330719 from Base:System

1 OBS-URL: https://build.opensuse.org/request/show/330719 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/elfutils?expand=0&rev=49
2015-10-02 07:22:30 +00:00 · 2015-10-02 07:22:30 +00:00 · 12fc15d5a3
commit 12fc15d5a3
parent f4f2cce73a a79a7670bd
7 changed files with 612 additions and 484 deletions
--- a/elfutils-0.148-dont-crash.diff
+++ b/elfutils-0.148-dont-crash.diff
@ -1,19 +0,0 @@
 From: Stephan Kulow <coolo@novell.com>
 Avoid crash if the header is 0
 ---
 libdw/dwarf_getcfi_elf.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- a/libdw/dwarf_getcfi_elf.c
 +++ b/libdw/dwarf_getcfi_elf.c
@@ -76,7 +76,7 @@ parse_eh_frame_hdr (const uint8_t *hdr,
 {
   const uint8_t *h = hdr;
 -  if (*h++ != 1)		/* version */
 +  if (!h || *h++ != 1)		/* version */
     return (void *) -1l;
   uint8_t eh_frame_ptr_encoding = *h++;
--- a/elfutils-0.161.tar.bz2
+++ b/elfutils-0.161.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:570c91a1783fa5386aaa2dfdd08dda1de777c2b63bf3b9c1437d635ffdd7a070
 size 5524766
--- a/elfutils-0.163.tar.bz2
+++ b/elfutils-0.163.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:7c774f1eef329309f3b05e730bdac50013155d437518a2ec0e24871d312f2e23
 size 6029307
--- a/elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
+++ b/elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
@ -1,54 +0,0 @@
 From: Alexander Cherepanov <cherepan@mccme.ru>
 Subject: libelf: Fix dir traversal vuln in ar extraction
 Date: Sun Dec 28 19:57:19 2014 +0300
 Git-commit: 147018e729e7c22eeabf15b82d26e4bf68a0d18e
 References: bnc#911662, CVE-2014-9447
 Signed-off-by: Tony Jones <tonyj@suse.de>
    libelf: Fix dir traversal vuln in ar extraction.
    read_long_names terminates names at the first '/' found but then skips
    one character without checking (it's supposed to be '\n'). Hence the
    next name could start with any character including '/'. This leads to
    a directory traversal vulnerability at the time the contents of the
    archive is extracted.
    The danger is mitigated by the fact that only one '/' is possible in a
    resulting filename and only in the leading position. Hence only files
    in the root directory can be written via this vuln and only when ar is
    executed as root.
    The fix for the vuln is to not skip any characters while looking
    for '/'.
    Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
 diff --git a/libelf/ChangeLog b/libelf/ChangeLog
 index 3b88d03..447c354 100644
 --- a/libelf/ChangeLog
 +++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
 +2014-12-28  Alexander Cherepanov  <cherepan@mccme.ru>
 +
 +	* elf_begin.c (read_long_names): Don't miss '/' right after
 +	another '/'. Fixes a dir traversal vuln in ar extraction.
 +
 2014-12-18  Ulrich Drepper  <drepper@gmail.com>
 	* Makefile.am: Suppress output of textrel_check command.
 diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
 index 30abe0b..cd3756c 100644
 --- a/libelf/elf_begin.c
 +++ b/libelf/elf_begin.c
@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
 	    }
 	  /* NUL-terminate the string.  */
 -	  *runp = '\0';
 -
 -	  /* Skip the NUL byte and the \012.  */
 -	  runp += 2;
 +	  *runp++ = '\0';
 	  /* A sanity check.  Somebody might have generated invalid
 	     archive.  */
--- a/elfutils-portability-0.163.patch
+++ b/elfutils-portability-0.163.patch
--- a/elfutils.changes
+++ b/elfutils.changes
@ -1,3 +1,28 @@
 -------------------------------------------------------------------
 Fri Sep 11 17:13:14 UTC 2015 - tonyj@suse.com
 - Update to version 0.163
  Drop patch elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
  Drop patch elfutils-0.148-dont-crash.diff (fixed by 9ceebe69)
  Drop patch elfutils-portability-0.161.patch
  Add patch elfutils-portability-0.163.patch
  Changelog:
  0.163:
   - Bug fixes only, no new features.
  0.162:
   -libdw: Install new header elfutils/known-dwarf.h.
       dwarf.h Add preliminary DWARF5 constants DW_TAG_atomic_type,
       DW_LANG_Fortran03, DW_LANG_Fortran08. dwarf_peel_type now also
       handles DW_TAG_atomic_type.
   - addr2line: Input addresses are now always interpreted as hexadecimal
           numbers, never as octal or decimal numbers.
           New option -a, --addresses to print address before each entry.
           New option -C, --demangle to show demangled symbols.
           New option --pretty-print to print all information on one line.
   - ar: CVE-2014-9447 Directory traversal vulnerability in ar extraction.
   - backends: x32 support.
 -------------------------------------------------------------------
 Wed Feb 11 01:28:52 UTC 2015 - tonyj@suse.com
--- a/elfutils.spec
+++ b/elfutils.spec
@ -17,7 +17,7 @@
 Name:           elfutils
-Version:        0.161
+Version:        0.163
 Release:        0
 Summary:        Higher-level library to access ELF
 License:        SUSE-GPL-2.0-with-OSI-exception
@ -34,8 +34,6 @@ Patch2:         elfutils-revert-portability-scanf.patch
 Patch3:         libebl-prototype-fix.diff
 Patch4:         elfutils-uninitialized.diff
 Patch5:         elfutils-0.137-dwarf-header-check-fix.diff
 Patch6:         elfutils-0.148-dont-crash.diff
 Patch7:         elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -148,8 +146,6 @@ to develop applications that require these.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1 
 %patch7 -p1 
 %build
 # Change DATE/TIME macros to use last change time of elfutils.changes
@ -246,6 +242,7 @@ ls -lR $RPM_BUILD_ROOT%{_libdir}/libelf*
 %{_includedir}/elfutils/libdw.h
 %{_includedir}/elfutils/libdwelf.h
 %{_includedir}/elfutils/libdwfl.h
 %{_includedir}/elfutils/known-dwarf.h
 %files lang -f %{name}.lang