This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
9eb0aa979e
commit
a8ef7cee52
46
cve-2008-4865.diff
Normal file
46
cve-2008-4865.diff
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
--- docs/xml/manual-core.xml
|
||||||
|
+++ docs/xml/manual-core.xml
|
||||||
|
@@ -1255,7 +1255,9 @@ processed earlier; for example, options
|
||||||
|
precedence over those in
|
||||||
|
<computeroutput>~/.valgrindrc</computeroutput>. The first two
|
||||||
|
are particularly useful for setting the default tool to
|
||||||
|
-use.</para>
|
||||||
|
+use. Please note that the .valgrindrc file is ignored if
|
||||||
|
+it is world writeable or not owned by the current user.
|
||||||
|
+</para>
|
||||||
|
|
||||||
|
<para>Any tool-specific options put in
|
||||||
|
<computeroutput>$VALGRIND_OPTS</computeroutput> or the
|
||||||
|
--- coregrind/m_commandline.c
|
||||||
|
+++ coregrind/m_commandline.c
|
||||||
|
@@ -57,21 +57,24 @@ static HChar* read_dot_valgrindrc ( HCha
|
||||||
|
{
|
||||||
|
Int n;
|
||||||
|
SysRes fd;
|
||||||
|
- Int size;
|
||||||
|
+ struct vki_stat stat_buf;
|
||||||
|
HChar* f_clo = NULL;
|
||||||
|
HChar filename[VKI_PATH_MAX];
|
||||||
|
|
||||||
|
VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc",
|
||||||
|
( NULL == dir ? "" : dir ) );
|
||||||
|
fd = VG_(open)(filename, 0, VKI_S_IRUSR);
|
||||||
|
+
|
||||||
|
if ( !fd.isError ) {
|
||||||
|
- size = VG_(fsize)(fd.res);
|
||||||
|
- if (size > 0) {
|
||||||
|
- f_clo = VG_(malloc)(size+1);
|
||||||
|
+ Int res = VG_(fstat)( fd.res, &stat_buf );
|
||||||
|
+ // Ignore if not owned by current user or world writeable (CVE-2008-4865)
|
||||||
|
+ if (!res && stat_buf.st_size > 0 && stat_buf.st_uid == VG_(geteuid)()
|
||||||
|
+ && (!stat_buf.st_mode & (VKI_S_IWOTH))) {
|
||||||
|
+ f_clo = VG_(malloc)(stat_buf.st_size+1);
|
||||||
|
vg_assert(f_clo);
|
||||||
|
- n = VG_(read)(fd.res, f_clo, size);
|
||||||
|
+ n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
|
||||||
|
if (n == -1) n = 0;
|
||||||
|
- vg_assert(n >= 0 && n <= size+1);
|
||||||
|
+ vg_assert(n >= 0 && n <= stat_buf.st_size+1);
|
||||||
|
f_clo[n] = '\0';
|
||||||
|
}
|
||||||
|
VG_(close)(fd.res);
|
||||||
139
glibc-2.9-support.diff
Normal file
139
glibc-2.9-support.diff
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
--- configure.in
|
||||||
|
+++ configure.in
|
||||||
|
@@ -479,6 +479,16 @@ AC_EGREP_CPP([GLIBC_28], [
|
||||||
|
],
|
||||||
|
libc="2.8")
|
||||||
|
|
||||||
|
+AC_EGREP_CPP([GLIBC_29], [
|
||||||
|
+#include <features.h>
|
||||||
|
+#ifdef __GNU_LIBRARY__
|
||||||
|
+ #if (__GLIBC__ == 2 && __GLIBC_MINOR__ == 9)
|
||||||
|
+ GLIBC_29
|
||||||
|
+ #endif
|
||||||
|
+#endif
|
||||||
|
+],
|
||||||
|
+libc="2.9")
|
||||||
|
+
|
||||||
|
AC_EGREP_CPP([AIX5_LIBC], [
|
||||||
|
#include <standards.h>
|
||||||
|
#if defined(_AIXVERSION_510) || defined(_AIXVERSION_520) || defined(_AIXVERSION_530)
|
||||||
|
@@ -535,6 +545,12 @@ case "${libc}" in
|
||||||
|
DEFAULT_SUPP="glibc-2.8.supp ${DEFAULT_SUPP}"
|
||||||
|
DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
|
||||||
|
;;
|
||||||
|
+ 2.9)
|
||||||
|
+ AC_MSG_RESULT(2.9 family)
|
||||||
|
+ AC_DEFINE([GLIBC_2_9], 1, [Define to 1 if you're using glibc 2.9.x])
|
||||||
|
+ DEFAULT_SUPP="glibc-2.9.supp ${DEFAULT_SUPP}"
|
||||||
|
+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
|
||||||
|
+ ;;
|
||||||
|
aix5)
|
||||||
|
AC_MSG_RESULT(AIX 5.1 or 5.2 or 5.3)
|
||||||
|
AC_DEFINE([AIX5_LIBC], 1, [Define to 1 if you're using AIX 5.1 or 5.2 or 5.3])
|
||||||
|
@@ -543,7 +559,7 @@ case "${libc}" in
|
||||||
|
|
||||||
|
*)
|
||||||
|
AC_MSG_RESULT(unsupported version)
|
||||||
|
- AC_MSG_ERROR([Valgrind requires glibc version 2.2 - 2.7])
|
||||||
|
+ AC_MSG_ERROR([Valgrind requires glibc version 2.2 - 2.9])
|
||||||
|
AC_MSG_ERROR([or AIX 5.1 or 5.2 or 5.3 libc])
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
--- glibc-2.9.supp
|
||||||
|
+++ glibc-2.9.supp
|
||||||
|
@@ -0,0 +1,95 @@
|
||||||
|
+
|
||||||
|
+# Errors to suppress by default with glibc 2.8.x
|
||||||
|
+
|
||||||
|
+# Format of this file is:
|
||||||
|
+# {
|
||||||
|
+# name_of_suppression
|
||||||
|
+# tool_name:supp_kind
|
||||||
|
+# (optional extra info for some suppression types)
|
||||||
|
+# caller0 name, or /name/of/so/file.so
|
||||||
|
+# caller1 name, or ditto
|
||||||
|
+# (optionally: caller2 name)
|
||||||
|
+# (optionally: caller3 name)
|
||||||
|
+# }
|
||||||
|
+#
|
||||||
|
+# For Memcheck, the supp_kinds are:
|
||||||
|
+#
|
||||||
|
+# Param Value1 Value2 Value4 Value8 Value16 Jump
|
||||||
|
+# Free Addr1 Addr2 Addr4 Addr8 Addr16
|
||||||
|
+# Cond (previously known as Value0)
|
||||||
|
+#
|
||||||
|
+# and the optional extra info is:
|
||||||
|
+# if Param: name of system call param
|
||||||
|
+
|
||||||
|
+{
|
||||||
|
+ dl-hack3-cond-1
|
||||||
|
+ Memcheck:Cond
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack3-cond-2
|
||||||
|
+ Memcheck:Cond
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/libc-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack3-cond-3
|
||||||
|
+ Memcheck:Cond
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/libc-2.8*.so*
|
||||||
|
+ obj:/lib*/libc-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack3-cond-4
|
||||||
|
+ Memcheck:Cond
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/libdl-2.8*.so*
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+{
|
||||||
|
+ dl-hack4-64bit-addr-1
|
||||||
|
+ Memcheck:Addr8
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack4-64bit-addr-2
|
||||||
|
+ Memcheck:Addr8
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/libc-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack4-64bit-addr-3
|
||||||
|
+ Memcheck:Addr8
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/ld-2.8*.so*
|
||||||
|
+ obj:/lib*/libdl-2.8*.so*
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+{
|
||||||
|
+ dl-hack5-32bit-addr-1
|
||||||
|
+ Memcheck:Addr4
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack5-32bit-addr-3
|
||||||
|
+ Memcheck:Addr4
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+ obj:/lib/libdl-2.8*.so*
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
+ dl-hack5-32bit-addr-4
|
||||||
|
+ Memcheck:Addr4
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+ obj:/lib/libdl-2.8*.so*
|
||||||
|
+ obj:/lib/ld-2.8*.so
|
||||||
|
+}
|
||||||
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 20 00:32:49 CET 2008 - dmueller@suse.de
|
||||||
|
|
||||||
|
- fix .valgrindrc reading vulnerability (CVE-2008-4865, bnc#445013)
|
||||||
|
- add support for glibc 2.9
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 5 13:58:49 CET 2008 - dmueller@suse.de
|
Wed Nov 5 13:58:49 CET 2008 - dmueller@suse.de
|
||||||
|
|
||||||
|
|||||||
@ -28,7 +28,7 @@ Group: Development/Tools/Debuggers
|
|||||||
Summary: Valgrind Suite of Tools for Debugging and Profiling
|
Summary: Valgrind Suite of Tools for Debugging and Profiling
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Version: 3.3.1
|
Version: 3.3.1
|
||||||
Release: 31
|
Release: 32
|
||||||
Source0: %{name}-%{version}.tar.bz2
|
Source0: %{name}-%{version}.tar.bz2
|
||||||
# svn di svn://svn.valgrind.org/valgrind/tags/VALGRIND_3_2_1 svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_2_BRANCH > 3_2_BRANCH.diff
|
# svn di svn://svn.valgrind.org/valgrind/tags/VALGRIND_3_2_1 svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_2_BRANCH > 3_2_BRANCH.diff
|
||||||
# svn di svn://svn.valgrind.org/vex/tags/VEX_3_2_1 svn://svn.valgrind.org/vex/branches/VEX_3_2_BRANCH > VEX_3_2_BRANCH.diff
|
# svn di svn://svn.valgrind.org/vex/tags/VEX_3_2_1 svn://svn.valgrind.org/vex/branches/VEX_3_2_BRANCH > VEX_3_2_BRANCH.diff
|
||||||
@ -38,6 +38,8 @@ Patch10: update-suppressions.diff
|
|||||||
Patch12: xcb-update.diff
|
Patch12: xcb-update.diff
|
||||||
Patch13: fadvice64.diff
|
Patch13: fadvice64.diff
|
||||||
Patch14: r8730.diff
|
Patch14: r8730.diff
|
||||||
|
Patch15: cve-2008-4865.diff
|
||||||
|
Patch16: glibc-2.9-support.diff
|
||||||
Provides: callgrind = %version
|
Provides: callgrind = %version
|
||||||
Obsoletes: callgrind < %version
|
Obsoletes: callgrind < %version
|
||||||
ExclusiveArch: %ix86 x86_64 ppc ppc64
|
ExclusiveArch: %ix86 x86_64 ppc ppc64
|
||||||
@ -126,6 +128,8 @@ cd ..
|
|||||||
%patch12
|
%patch12
|
||||||
%patch13
|
%patch13
|
||||||
%patch14
|
%patch14
|
||||||
|
%patch15
|
||||||
|
%patch16
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="$RPM_OPT_FLAGS"
|
export CFLAGS="$RPM_OPT_FLAGS"
|
||||||
@ -155,6 +159,9 @@ mv $RPM_BUILD_ROOT/usr/share/doc/valgrind $RPM_BUILD_ROOT/usr/share/doc/packages
|
|||||||
%_libdir/valgrind/*/*.a
|
%_libdir/valgrind/*/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 20 2008 dmueller@suse.de
|
||||||
|
- fix .valgrindrc reading vulnerability (CVE-2008-4865, bnc#445013)
|
||||||
|
- add support for glibc 2.9
|
||||||
* Wed Nov 05 2008 dmueller@suse.de
|
* Wed Nov 05 2008 dmueller@suse.de
|
||||||
- add syscall wrappers for pipe2
|
- add syscall wrappers for pipe2
|
||||||
* Tue Jun 24 2008 schwab@suse.de
|
* Tue Jun 24 2008 schwab@suse.de
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user