SHA256
3
0
forked from pool/elfutils

Accepting request 280219 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/280219
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/elfutils?expand=0&rev=47
This commit is contained in:
Dominique Leuenberger 2015-01-10 22:04:51 +00:00 committed by Git OBS Bridge
commit 96a303c1d1
10 changed files with 639 additions and 2368 deletions

View File

@ -16,14 +16,14 @@ semantic error: libdw failure (dwarf_getsrcfiles): invalid DWARF
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -306,8 +306,10 @@ dwarf_getsrclines (Dwarf_Die *cudie, Dwa
/* Consistency check. */
if (unlikely (linep != header_start + header_length))
{
@@ -293,8 +293,10 @@
/* Consistency check. */
if (unlikely (linep != header_start + header_length))
{
+#if 0
__libdw_seterrno (DWARF_E_INVALID_DWARF);
goto out;
__libdw_seterrno (DWARF_E_INVALID_DWARF);
goto out;
+#endif
}
}
/* We are about to process the statement program. Initialize the
/* We are about to process the statement program. Initialize the

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:be27af5c21352f53e010342bf1c68e0b9e18232dbf3adec7e2f9b41f6bbe397d
size 4931570

3
elfutils-0.161.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:570c91a1783fa5386aaa2dfdd08dda1de777c2b63bf3b9c1437d635ffdd7a070
size 5524766

View File

@ -1,38 +0,0 @@
From: Mark Wielaard <mjw@redhat.com>
Subject: Check for overflow before calling malloc to uncompress data.
Date: Wed Apr 9 11:33:23 2014 +0200
Git-commit: 7f1eec317db79627b473c5b149a22a1b20d1f68f
References: CVE-2014-0172, bnc#872785
Signed-off-by: Tony Jones <tonyj@suse.de>
CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
index 79daeac..34ea373 100644
--- a/libdw/dwarf_begin_elf.c
+++ b/libdw/dwarf_begin_elf.c
@@ -1,5 +1,5 @@
/* Create descriptor from ELF descriptor for processing file.
- Copyright (C) 2002-2011 Red Hat, Inc.
+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
This file is part of elfutils.
Written by Ulrich Drepper <drepper@redhat.com>, 2002.
@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
memcpy (&size, data->d_buf + 4, sizeof size);
size = be64toh (size);
+ /* Check for unsigned overflow so malloc always allocated
+ enough memory for both the Elf_Data header and the
+ uncompressed section data. */
+ if (unlikely (sizeof (Elf_Data) + size < size))
+ break;
+
Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
if (unlikely (zdata == NULL))
break;

View File

@ -0,0 +1,54 @@
From: Alexander Cherepanov <cherepan@mccme.ru>
Subject: libelf: Fix dir traversal vuln in ar extraction
Date: Sun Dec 28 19:57:19 2014 +0300
Git-commit: 147018e729e7c22eeabf15b82d26e4bf68a0d18e
References: bnc#911662, CVE-2014-9447
Signed-off-by: Tony Jones <tonyj@suse.de>
libelf: Fix dir traversal vuln in ar extraction.
read_long_names terminates names at the first '/' found but then skips
one character without checking (it's supposed to be '\n'). Hence the
next name could start with any character including '/'. This leads to
a directory traversal vulnerability at the time the contents of the
archive is extracted.
The danger is mitigated by the fact that only one '/' is possible in a
resulting filename and only in the leading position. Hence only files
in the root directory can be written via this vuln and only when ar is
executed as root.
The fix for the vuln is to not skip any characters while looking
for '/'.
Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 3b88d03..447c354 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-28 Alexander Cherepanov <cherepan@mccme.ru>
+
+ * elf_begin.c (read_long_names): Don't miss '/' right after
+ another '/'. Fixes a dir traversal vuln in ar extraction.
+
2014-12-18 Ulrich Drepper <drepper@gmail.com>
* Makefile.am: Suppress output of textrel_check command.
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 30abe0b..cd3756c 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
}
/* NUL-terminate the string. */
- *runp = '\0';
-
- /* Skip the NUL byte and the \012. */
- runp += 2;
+ *runp++ = '\0';
/* A sanity check. Somebody might have generated invalid
archive. */

View File

@ -1,31 +0,0 @@
From: unknown
Upstream: no
Subject: do not build po and tests components
---
Makefile.am | 2 +-
Makefile.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,7 +24,7 @@ pkginclude_HEADERS = version.h
# Add doc back when we have some real content.
SUBDIRS = config m4 lib libelf libebl libdwfl libdw libcpu libasm backends \
- src po tests
+ src
EXTRA_DIST = elfutils.spec GPG-KEY NOTES CONTRIBUTING \
COPYING COPYING-GPLV2 COPYING-LGPLV3
--- a/Makefile.in
+++ b/Makefile.in
@@ -360,7 +360,7 @@ pkginclude_HEADERS = version.h
# Add doc back when we have some real content.
SUBDIRS = config m4 lib libelf libebl libdwfl libdw libcpu libasm backends \
- src po tests
+ src
EXTRA_DIST = elfutils.spec GPG-KEY NOTES CONTRIBUTING \
COPYING COPYING-GPLV2 COPYING-LGPLV3

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Wed Jan 7 21:19:10 UTC 2015 - tonyj@suse.com
- CVE-2014-9447: elfutils: Directory traversal vulnerability (bnc#911662)
Add patch: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
-------------------------------------------------------------------
Wed Jan 7 00:45:34 UTC 2015 - p.drouand@gmail.com
- Update to version 0.161
+ libdw: New function dwarf_peel_type. dwarf_aggregate_size now uses
dwarf_peel_type to also provide the sizes of qualified types.
dwarf_getmacros will now serve either of .debug_macro and
.debug_macinfo transparently. New interfaces
dwarf_getmacros_off, dwarf_macro_getsrcfiles,
dwarf_macro_getparamcnt, and dwarf_macro_param are available
for more generalized inspection of macros and their parameters.
dwarf.h: Add DW_AT_GNU_deleted, DW_AT_noreturn, DW_LANG_C11,
DW_LANG_C_plus_plus_11 and DW_LANG_C_plus_plus_14.
- Remove merged patches
+ elfutils-robustify.patch
+ elfutils-no-po-test-build.diff
+ elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
- Refreshed patch (from Fedora sources)
+ elfutils-portability.patch > elfutils-portability-0.161.patch
- Add a lang subpackage
-------------------------------------------------------------------
Wed Oct 15 15:06:23 UTC 2014 - jengelh@inai.de

View File

@ -1,7 +1,7 @@
#
# spec file for package elfutils
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: elfutils
Version: 0.158
Version: 0.161
Release: 0
Summary: Higher-level library to access ELF
License: SUSE-GPL-2.0-with-OSI-exception
@ -29,21 +29,20 @@ Source: https://fedorahosted.org/releases/e/l/%{name}/%{version}/%{name}
Source1: README-BEFORE-ADDING-PATCHES
Source2: baselibs.conf
Source3: %{name}.changes
Patch1: https://fedorahosted.org/releases/e/l/%{name}/%{version}/elfutils-portability.patch
Patch2: https://fedorahosted.org/releases/e/l/%{name}/%{version}/elfutils-robustify.patch
Patch3: elfutils-no-po-test-build.diff
Patch4: libebl-prototype-fix.diff
Patch5: elfutils-uninitialized.diff
Patch6: elfutils-0.137-dwarf-header-check-fix.diff
Patch7: elfutils-0.148-dont-crash.diff
Patch8: elfutils-revert-portability-scanf.patch
Patch9: elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
Patch1: https://fedorahosted.org/releases/e/l/%{name}/%{version}/elfutils-portability-%{version}.patch
Patch2: elfutils-revert-portability-scanf.patch
Patch3: libebl-prototype-fix.diff
Patch4: elfutils-uninitialized.diff
Patch5: elfutils-0.137-dwarf-header-check-fix.diff
Patch6: elfutils-0.148-dont-crash.diff
Patch7: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison
BuildRequires: flex
BuildRequires: libbz2-devel
BuildRequires: xz-devel
BuildRequires: zlib-devel
Recommends: %{name}.lang
%description
This package provides a higher-level library to access ELF files. This
@ -138,17 +137,17 @@ Requires: libelf-devel = %{version}
This package contains all necessary include files and libraries needed
to develop applications that require these.
%lang_package
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch2 -p1 -R
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1 -R
%patch9 -p1
%patch6 -p1
%patch7 -p1
%build
# Change DATE/TIME macros to use last change time of elfutils.changes
@ -169,6 +168,7 @@ make DESTDIR=$RPM_BUILD_ROOT install
# remove unneeded files
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
ls -lR $RPM_BUILD_ROOT%{_libdir}/libelf*
%find_lang %{name}
%post -n libebl1 -p /sbin/ldconfig
@ -237,6 +237,9 @@ ls -lR $RPM_BUILD_ROOT%{_libdir}/libelf*
%{_includedir}/dwarf.h
%dir %{_includedir}/elfutils
%{_includedir}/elfutils/libdw.h
%{_includedir}/elfutils/libdwelf.h
%{_includedir}/elfutils/libdwfl.h
%files lang -f %{name}.lang
%changelog