diff options
-rw-r--r-- | abs/core/elfutils/CVE-2014-0172.patch | 37 | ||||
-rw-r--r-- | abs/core/elfutils/PKGBUILD | 28 | ||||
-rw-r--r-- | abs/core/elfutils/fix-run-backtrace-native-core-test.patch | 43 |
3 files changed, 6 insertions, 102 deletions
diff --git a/abs/core/elfutils/CVE-2014-0172.patch b/abs/core/elfutils/CVE-2014-0172.patch deleted file mode 100644 index 5f9541d..0000000 --- a/abs/core/elfutils/CVE-2014-0172.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <mjw@redhat.com> -Date: Wed, 9 Apr 2014 11:33:23 +0200 -Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to - uncompress data. - -https://bugzilla.redhat.com/show_bug.cgi?id=1085663 - -Reported-by: Florian Weimer <fweimer@redhat.com> -Signed-off-by: Mark Wielaard <mjw@redhat.com> -diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c -index 79daeac..34ea373 100644 ---- a/libdw/dwarf_begin_elf.c -+++ b/libdw/dwarf_begin_elf.c -@@ -1,5 +1,5 @@ - /* Create descriptor from ELF descriptor for processing file. -- Copyright (C) 2002-2011 Red Hat, Inc. -+ Copyright (C) 2002-2011, 2014 Red Hat, Inc. - This file is part of elfutils. - Written by Ulrich Drepper <drepper@redhat.com>, 2002. - -@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) - memcpy (&size, data->d_buf + 4, sizeof size); - size = be64toh (size); - -+ /* Check for unsigned overflow so malloc always allocated -+ enough memory for both the Elf_Data header and the -+ uncompressed section data. */ -+ if (unlikely (sizeof (Elf_Data) + size < size)) -+ break; -+ - Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); - if (unlikely (zdata == NULL)) - break; --- -1.9.2 - diff --git a/abs/core/elfutils/PKGBUILD b/abs/core/elfutils/PKGBUILD index 6a7485d..b971e94 100644 --- a/abs/core/elfutils/PKGBUILD +++ b/abs/core/elfutils/PKGBUILD @@ -3,32 +3,18 @@ # Contributor: Andrej Gelenberg <andrej.gelenberg@udo.edu> pkgname=elfutils -pkgver=0.158 -pkgrel=2 +pkgver=0.163 +pkgrel=1 pkgdesc="Libraries and utilities to handle ELF object files and DWARF debugging information" arch=('i686' 'x86_64') url="https://fedorahosted.org/elfutils/" license=('LGPL3' 'GPL' 'GPL3') depends=('gcc-libs' 'zlib' 'bzip2' 'xz') -provides=('libelf') -replaces=('libelf') -conflicts=('libelf') -source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig} - fix-run-backtrace-native-core-test.patch - CVE-2014-0172.patch) +source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig}) options=('staticlibs') -sha1sums=('09adbbf0f3a35bb1bcb77c2eaa40de8d3443af4d' - 'SKIP' - '8ecef640f3d1229cdf45ffda016a69848c18e61b' - '3e776c07d6ca2c7604a384d266f79c3ece1fb179') - -prepare() { - cd ${pkgname}-${pkgver} - - patch -Np1 -i ../fix-run-backtrace-native-core-test.patch - # merged upstream - patch -Np1 -i ../CVE-2014-0172.patch -} +sha1sums=('7931b4961364a8a17c708138c70c552ae2881227' + 'SKIP') +validpgpkeys=('47CC0331081B8BC6D0FD4DA08370665B57816A6A') # Mark J. Wielaard <mark@klomp.org> build() { cd ${pkgname}-${pkgver} @@ -49,6 +35,4 @@ package() { cd ${pkgname}-${pkgver} make DESTDIR="${pkgdir}" install - - rm "${pkgdir}"/usr/lib/lib{asm,dw,elf}.a } diff --git a/abs/core/elfutils/fix-run-backtrace-native-core-test.patch b/abs/core/elfutils/fix-run-backtrace-native-core-test.patch deleted file mode 100644 index 5088ea5..0000000 --- a/abs/core/elfutils/fix-run-backtrace-native-core-test.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e922ec4e3bcd7c164a9ce424accac4394e7d5afd Mon Sep 17 00:00:00 2001 -From: Matthias Klose <doko@ubuntu.com> -Date: Tue, 07 Jan 2014 09:25:29 +0000 -Subject: tests: backtrace-subr.sh (check_native_core) should check core file name. - -Needed when /proc/sys/kernel/core_uses_pid is set to 0. Try to rename -the core file, and if it does still fail, skip the test. - -Signed-off-by: Mark Wielaard <mjw@redhat.com> ---- -diff --git a/tests/ChangeLog b/tests/ChangeLog -index 63b7bed..7e9dcf4 100644 ---- a/tests/ChangeLog -+++ b/tests/ChangeLog -@@ -1,3 +1,9 @@ -+2014-01-07 Matthias Klose <doko@ubuntu.com> -+ -+ * backtrace-subr.sh (check_native_core): Check to see if core file -+ was created without ".PID" extension, if so mv core to core.PID. -+ Skip test if no core file was created or could be found. -+ - 2014-01-04 Mark Wielaard <mjw@redhat.com> - - * backtrace-data.c (main): Don't assert if raise returns. -diff --git a/tests/backtrace-subr.sh b/tests/backtrace-subr.sh -index e7ece91..62b873c 100644 ---- a/tests/backtrace-subr.sh -+++ b/tests/backtrace-subr.sh -@@ -111,6 +111,11 @@ check_native_core() - - # Skip the test if we cannot adjust core ulimit. - core="core.`ulimit -c unlimited || exit 77; set +ex; testrun ${abs_builddir}/$child --gencore; true`" -+ # see if /proc/sys/kernel/core_uses_pid is set to 0 -+ if [ -f core ]; then -+ mv core "$core" -+ fi -+ if [ ! -f "$core" ]; then exit 77; fi - - if [ "x$SAVED_VALGRIND_CMD" != "x" ]; then - VALGRIND_CMD="$SAVED_VALGRIND_CMD" --- -cgit v0.9.2 - |