forked from pool/elfutils
Accepting request 330583 from home:jones_tony:branches:Base:System
OBS-URL: https://build.opensuse.org/request/show/330583 OBS-URL: https://build.opensuse.org/package/show/Base:System/elfutils?expand=0&rev=70
This commit is contained in:
Tony Jones
Git OBS Bridge
parent
278d5ea1be
commit
254bb48cb4
@ -1,19 +0,0 @@
|
||||
From: Stephan Kulow <coolo@novell.com>
|
||||
|
||||
Avoid crash if the header is 0
|
||||
|
||||
---
|
||||
libdw/dwarf_getcfi_elf.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/libdw/dwarf_getcfi_elf.c
|
||||
+++ b/libdw/dwarf_getcfi_elf.c
|
||||
@@ -76,7 +76,7 @@ parse_eh_frame_hdr (const uint8_t *hdr,
|
||||
{
|
||||
const uint8_t *h = hdr;
|
||||
|
||||
- if (*h++ != 1) /* version */
|
||||
+ if (!h || *h++ != 1) /* version */
|
||||
return (void *) -1l;
|
||||
|
||||
uint8_t eh_frame_ptr_encoding = *h++;
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:570c91a1783fa5386aaa2dfdd08dda1de777c2b63bf3b9c1437d635ffdd7a070
|
||||
size 5524766
|
||||
3
elfutils-0.163.tar.bz2
Normal file
3
elfutils-0.163.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7c774f1eef329309f3b05e730bdac50013155d437518a2ec0e24871d312f2e23
|
||||
size 6029307
|
||||
@ -1,54 +0,0 @@
|
||||
From: Alexander Cherepanov <cherepan@mccme.ru>
|
||||
Subject: libelf: Fix dir traversal vuln in ar extraction
|
||||
Date: Sun Dec 28 19:57:19 2014 +0300
|
||||
Git-commit: 147018e729e7c22eeabf15b82d26e4bf68a0d18e
|
||||
References: bnc#911662, CVE-2014-9447
|
||||
Signed-off-by: Tony Jones <tonyj@suse.de>
|
||||
|
||||
libelf: Fix dir traversal vuln in ar extraction.
|
||||
|
||||
read_long_names terminates names at the first '/' found but then skips
|
||||
one character without checking (it's supposed to be '\n'). Hence the
|
||||
next name could start with any character including '/'. This leads to
|
||||
a directory traversal vulnerability at the time the contents of the
|
||||
archive is extracted.
|
||||
|
||||
The danger is mitigated by the fact that only one '/' is possible in a
|
||||
resulting filename and only in the leading position. Hence only files
|
||||
in the root directory can be written via this vuln and only when ar is
|
||||
executed as root.
|
||||
|
||||
The fix for the vuln is to not skip any characters while looking
|
||||
for '/'.
|
||||
|
||||
Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
|
||||
|
||||
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
|
||||
index 3b88d03..447c354 100644
|
||||
--- a/libelf/ChangeLog
|
||||
+++ b/libelf/ChangeLog
|
||||
@@ -1,3 +1,8 @@
|
||||
+2014-12-28 Alexander Cherepanov <cherepan@mccme.ru>
|
||||
+
|
||||
+ * elf_begin.c (read_long_names): Don't miss '/' right after
|
||||
+ another '/'. Fixes a dir traversal vuln in ar extraction.
|
||||
+
|
||||
2014-12-18 Ulrich Drepper <drepper@gmail.com>
|
||||
|
||||
* Makefile.am: Suppress output of textrel_check command.
|
||||
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
|
||||
index 30abe0b..cd3756c 100644
|
||||
--- a/libelf/elf_begin.c
|
||||
+++ b/libelf/elf_begin.c
|
||||
@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
|
||||
}
|
||||
|
||||
/* NUL-terminate the string. */
|
||||
- *runp = '\0';
|
||||
-
|
||||
- /* Skip the NUL byte and the \012. */
|
||||
- runp += 2;
|
||||
+ *runp++ = '\0';
|
||||
|
||||
/* A sanity check. Somebody might have generated invalid
|
||||
archive. */
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 11 17:13:14 UTC 2015 - tonyj@suse.com
|
||||
|
||||
- Update to version 0.163
|
||||
Drop patch elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
|
||||
Drop patch elfutils-0.148-dont-crash.diff (fixed by 9ceebe69)
|
||||
|
||||
Changelog:
|
||||
0.163:
|
||||
- Bug fixes only, no new features.
|
||||
0.162:
|
||||
-libdw: Install new header elfutils/known-dwarf.h.
|
||||
dwarf.h Add preliminary DWARF5 constants DW_TAG_atomic_type,
|
||||
DW_LANG_Fortran03, DW_LANG_Fortran08. dwarf_peel_type now also
|
||||
handles DW_TAG_atomic_type.
|
||||
- addr2line: Input addresses are now always interpreted as hexadecimal
|
||||
numbers, never as octal or decimal numbers.
|
||||
New option -a, --addresses to print address before each entry.
|
||||
New option -C, --demangle to show demangled symbols.
|
||||
New option --pretty-print to print all information on one line.
|
||||
- ar: CVE-2014-9447 Directory traversal vulnerability in ar extraction.
|
||||
- backends: x32 support.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 11 01:28:52 UTC 2015 - tonyj@suse.com
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: elfutils
|
||||
Version: 0.161
|
||||
Version: 0.163
|
||||
Release: 0
|
||||
Summary: Higher-level library to access ELF
|
||||
License: SUSE-GPL-2.0-with-OSI-exception
|
||||
@ -34,8 +34,6 @@ Patch2: elfutils-revert-portability-scanf.patch
|
||||
Patch3: libebl-prototype-fix.diff
|
||||
Patch4: elfutils-uninitialized.diff
|
||||
Patch5: elfutils-0.137-dwarf-header-check-fix.diff
|
||||
Patch6: elfutils-0.148-dont-crash.diff
|
||||
Patch7: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -148,8 +146,6 @@ to develop applications that require these.
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
# Change DATE/TIME macros to use last change time of elfutils.changes
|
||||
@ -246,6 +242,7 @@ ls -lR $RPM_BUILD_ROOT%{_libdir}/libelf*
|
||||
%{_includedir}/elfutils/libdw.h
|
||||
%{_includedir}/elfutils/libdwelf.h
|
||||
%{_includedir}/elfutils/libdwfl.h
|
||||
%{_includedir}/elfutils/known-dwarf.h
|
||||
|
||||
%files lang -f %{name}.lang
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user