Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package radare2 for openSUSE:Factory checked in at 2021-08-10 10:27:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/radare2 (Old) and /work/SRC/openSUSE:Factory/.radare2.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "radare2" Tue Aug 10 10:27:28 2021 rev:3 rq:910802 version:5.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/radare2/radare2.changes 2021-07-20 15:39:48.069508550 +0200 +++ /work/SRC/openSUSE:Factory/.radare2.new.1899/radare2.changes 2021-08-10 10:27:36.797802327 +0200 @@ -1,0 +2,6 @@ +Tue Aug 3 22:29:17 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de> + +- Add CVE-2021-3673.patch, fixing CVE-2021-3673 (boo#1189009): + resource exhaustion and DoS + +------------------------------------------------------------------- New: ---- CVE-2021-3673.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ radare2.spec ++++++ --- /var/tmp/diff_new_pack.j6d7io/_old 2021-08-10 10:27:39.349799368 +0200 +++ /var/tmp/diff_new_pack.j6d7io/_new 2021-08-10 10:27:39.353799363 +0200 @@ -1,7 +1,7 @@ # # spec file for package radare2 # -# Copyright (c) 2021 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,7 @@ Group: Development/Tools/Debuggers URL: https://www.radare.org Source: https://github.com/radareorg/radare2/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d.patch#/CVE-2021-3673.patch BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: file-devel @@ -42,7 +43,7 @@ %package devel Summary: Devel files for radare2 -License: LGPL-3.0 +License: LGPL-3.0-only Group: Development/Tools/Debuggers Requires: %{name} = %{version} Requires: file-devel @@ -57,6 +58,7 @@ %prep %setup -q -n %{name}-%{version} +%patch -p1 %build export CFLAGS="%{optflags}" ++++++ CVE-2021-3673.patch ++++++ >From d7ea20fb2e1433ebece9f004d87ad8f2377af23d Mon Sep 17 00:00:00 2001 From: pancake <panc...@nowsecure.com> Date: Fri, 23 Jul 2021 09:29:54 +0200 Subject: [PATCH] Fix #18923 - Fix resource exhaustion bug in LE binary (#18926) --- libr/bin/format/le/le.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libr/bin/format/le/le.c b/libr/bin/format/le/le.c index b2d4abf59b7..537f2004e57 100644 --- a/libr/bin/format/le/le.c +++ b/libr/bin/format/le/le.c @@ -1,4 +1,4 @@ -/* radare - LGPL - Copyright 2019 - GustavoLCR */ +/* radare - LGPL - Copyright 2019-2021 - GustavoLCR */ #include "le.h" #include <r_bin.h> @@ -366,7 +366,11 @@ RList *r_bin_le_get_sections(r_bin_le_obj_t *bin) { int cur_idx = entry->page_tbl_idx + j - 1; ut64 page_entry_off = objpageentrysz * cur_idx + objmaptbloff; - r_buf_read_at (bin->buf, page_entry_off, (ut8 *)&page, sizeof (page)); + int r = r_buf_read_at (bin->buf, page_entry_off, (ut8 *)&page, sizeof (page)); + if (r < sizeof (page)) { + R_LOG_WARN ("Cannot read out of bounds page table entry."); + break; + } if (cur_idx < next_idx) { // If not true rest of pages will be zeroes if (bin->is_le) { // Why is it big endian???
