Date: Wednesday, November 5, 2014 @ 18:25:03 Author: lcarlier Revision: 121972
upgpkg: lib32-elfutils 0.160-1 upstream update 0.160 Modified: lib32-elfutils/trunk/PKGBUILD Deleted: lib32-elfutils/trunk/CVE-2014-0172.patch lib32-elfutils/trunk/fix-run-backtrace-native-core-test.patch ------------------------------------------+ CVE-2014-0172.patch | 37 ------------------------ PKGBUILD | 4 +- fix-run-backtrace-native-core-test.patch | 43 ----------------------------- 3 files changed, 2 insertions(+), 82 deletions(-) Deleted: CVE-2014-0172.patch =================================================================== --- CVE-2014-0172.patch 2014-11-05 17:19:42 UTC (rev 121971) +++ CVE-2014-0172.patch 2014-11-05 17:25:03 UTC (rev 121972) @@ -1,37 +0,0 @@ -From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <[email protected]> -Date: Wed, 9 Apr 2014 11:33:23 +0200 -Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to - uncompress data. - -https://bugzilla.redhat.com/show_bug.cgi?id=1085663 - -Reported-by: Florian Weimer <[email protected]> -Signed-off-by: Mark Wielaard <[email protected]> -diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c -index 79daeac..34ea373 100644 ---- a/libdw/dwarf_begin_elf.c -+++ b/libdw/dwarf_begin_elf.c -@@ -1,5 +1,5 @@ - /* Create descriptor from ELF descriptor for processing file. -- Copyright (C) 2002-2011 Red Hat, Inc. -+ Copyright (C) 2002-2011, 2014 Red Hat, Inc. - This file is part of elfutils. - Written by Ulrich Drepper <[email protected]>, 2002. - -@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) - memcpy (&size, data->d_buf + 4, sizeof size); - size = be64toh (size); - -+ /* Check for unsigned overflow so malloc always allocated -+ enough memory for both the Elf_Data header and the -+ uncompressed section data. */ -+ if (unlikely (sizeof (Elf_Data) + size < size)) -+ break; -+ - Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); - if (unlikely (zdata == NULL)) - break; --- -1.9.2 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-11-05 17:19:42 UTC (rev 121971) +++ PKGBUILD 2014-11-05 17:25:03 UTC (rev 121972) @@ -4,7 +4,7 @@ _pkgbasename=elfutils pkgname=lib32-elfutils -pkgver=0.159 +pkgver=0.160 pkgrel=1 pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)" arch=('x86_64') @@ -13,7 +13,7 @@ depends=('lib32-bzip2' 'lib32-zlib' 'elfutils') makedepends=('gcc-multilib') source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig}) -sha1sums=('4ff214cdb95a10b03cf413f3d018393a838f98fc' +sha1sums=('a300a1cd1543b65532e333a6e9f931db76841558' 'SKIP') build() { Deleted: fix-run-backtrace-native-core-test.patch =================================================================== --- fix-run-backtrace-native-core-test.patch 2014-11-05 17:19:42 UTC (rev 121971) +++ fix-run-backtrace-native-core-test.patch 2014-11-05 17:25:03 UTC (rev 121972) @@ -1,43 +0,0 @@ -From e922ec4e3bcd7c164a9ce424accac4394e7d5afd Mon Sep 17 00:00:00 2001 -From: Matthias Klose <[email protected]> -Date: Tue, 07 Jan 2014 09:25:29 +0000 -Subject: tests: backtrace-subr.sh (check_native_core) should check core file name. - -Needed when /proc/sys/kernel/core_uses_pid is set to 0. Try to rename -the core file, and if it does still fail, skip the test. - -Signed-off-by: Mark Wielaard <[email protected]> ---- -diff --git a/tests/ChangeLog b/tests/ChangeLog -index 63b7bed..7e9dcf4 100644 ---- a/tests/ChangeLog -+++ b/tests/ChangeLog -@@ -1,3 +1,9 @@ -+2014-01-07 Matthias Klose <[email protected]> -+ -+ * backtrace-subr.sh (check_native_core): Check to see if core file -+ was created without ".PID" extension, if so mv core to core.PID. -+ Skip test if no core file was created or could be found. -+ - 2014-01-04 Mark Wielaard <[email protected]> - - * backtrace-data.c (main): Don't assert if raise returns. -diff --git a/tests/backtrace-subr.sh b/tests/backtrace-subr.sh -index e7ece91..62b873c 100644 ---- a/tests/backtrace-subr.sh -+++ b/tests/backtrace-subr.sh -@@ -111,6 +111,11 @@ check_native_core() - - # Skip the test if we cannot adjust core ulimit. - core="core.`ulimit -c unlimited || exit 77; set +ex; testrun ${abs_builddir}/$child --gencore; true`" -+ # see if /proc/sys/kernel/core_uses_pid is set to 0 -+ if [ -f core ]; then -+ mv core "$core" -+ fi -+ if [ ! -f "$core" ]; then exit 77; fi - - if [ "x$SAVED_VALGRIND_CMD" != "x" ]; then - VALGRIND_CMD="$SAVED_VALGRIND_CMD" --- -cgit v0.9.2 -
