[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)
Date: Sunday, July 12, 2015 @ 11:53:36 Author: lcarlier Revision: 136714 archrelease: copy trunk to multilib-x86_64 Added: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 136713, lib32-elfutils/trunk/PKGBUILD) Deleted: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch lib32-elfutils/repos/multilib-x86_64/PKGBUILD -+ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch | 63 --- CVE-2014-9447.patch | 53 -- PKGBUILD| 88 -- 3 files changed, 38 insertions(+), 166 deletions(-) Deleted: 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch === --- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-07-12 09:53:30 UTC (rev 136713) +++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-07-12 09:53:36 UTC (rev 136714) @@ -1,63 +0,0 @@ -From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard m...@redhat.com -Date: Thu, 15 Jan 2015 13:39:06 +0100 -Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with - restricted ptrace. - -Some systems might have restricted ptrace that doesn't allow process -inspection of arbitrary processes. Change the deleted testcase to -explicitly allow any other process to inspect it using the PR_SET_PTRACER -prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect -the process itself which should always be allowed. - -Reported-by: Anatol Pomozov anatol.pomo...@gmail.com -Signed-off-by: Mark Wielaard m...@redhat.com - tests/ChangeLog | 5 + - tests/deleted.c | 6 ++ - tests/vdsosyms.c | 5 +++-- - 3 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/tests/deleted.c b/tests/deleted.c -index 32a310b..d071bf7 100644 a/tests/deleted.c -+++ b/tests/deleted.c -@@ -23,6 +23,7 @@ - #include stdio.h - #include error.h - #include errno.h -+#include sys/prctl.h - - extern void libfunc (void); - -@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) - assert (!err); - err = close (2); - assert (!err); -+ /* Make sure eu-stack -p works on this process even with -+ restricted ptrace. */ -+#ifdef PR_SET_PTRACER_ANY -+ prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0); -+#endif - libfunc (); - abort (); - } -diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c -index c1f8d89..4f12b9a 100644 a/tests/vdsosyms.c -+++ b/tests/vdsosyms.c -@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) - if (dwfl == NULL) - error (2, 0, dwfl_begin: %s, dwfl_errmsg (-1)); - -- /* Take our parent as arbitrary process to inspect. */ -- pid_t pid = getppid(); -+ /* Take ourself as arbitrary process to inspect. This should work -+ even with restricted ptrace. */ -+ pid_t pid = getpid(); - - int result = dwfl_linux_proc_report (dwfl, pid); - if (result 0) --- -1.8.3.1 - Deleted: CVE-2014-9447.patch === --- CVE-2014-9447.patch 2015-07-12 09:53:30 UTC (rev 136713) +++ CVE-2014-9447.patch 2015-07-12 09:53:36 UTC (rev 136714) @@ -1,53 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov chere...@mccme.ru -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: libelf: Fix dir traversal vuln in ar extraction. - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov chere...@mccme.ru - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov chere...@mccme.ru -+ -+ * elf_begin.c (read_long_names): Don't miss '/' right after -+ another '/'. Fixes a dir traversal vuln in ar extraction. -+ - 2014-12-18 Ulrich Drepper drep...@gmail.com - - * Makefile.am: Suppress output of textrel_check command. -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 30abe0b..cd3756c 100644
[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)
Date: Monday, March 2, 2015 @ 22:05:28 Author: lcarlier Revision: 128587 archrelease: copy trunk to multilib-x86_64 Added: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (from rev 128586, lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch) lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch (from rev 128586, lib32-elfutils/trunk/CVE-2014-9447.patch) lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 128586, lib32-elfutils/trunk/PKGBUILD) Deleted: lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch -+ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch | 63 + CVE-2014-9447.patch | 106 +- PKGBUILD| 50 3 files changed, 166 insertions(+), 53 deletions(-) Copied: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (from rev 128586, lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch) === --- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (rev 0) +++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-03-02 21:05:28 UTC (rev 128587) @@ -0,0 +1,63 @@ +From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001 +From: Mark Wielaard m...@redhat.com +Date: Thu, 15 Jan 2015 13:39:06 +0100 +Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with + restricted ptrace. + +Some systems might have restricted ptrace that doesn't allow process +inspection of arbitrary processes. Change the deleted testcase to +explicitly allow any other process to inspect it using the PR_SET_PTRACER +prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect +the process itself which should always be allowed. + +Reported-by: Anatol Pomozov anatol.pomo...@gmail.com +Signed-off-by: Mark Wielaard m...@redhat.com +--- + tests/ChangeLog | 5 + + tests/deleted.c | 6 ++ + tests/vdsosyms.c | 5 +++-- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/tests/deleted.c b/tests/deleted.c +index 32a310b..d071bf7 100644 +--- a/tests/deleted.c b/tests/deleted.c +@@ -23,6 +23,7 @@ + #include stdio.h + #include error.h + #include errno.h ++#include sys/prctl.h + + extern void libfunc (void); + +@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) + assert (!err); + err = close (2); + assert (!err); ++ /* Make sure eu-stack -p works on this process even with ++ restricted ptrace. */ ++#ifdef PR_SET_PTRACER_ANY ++ prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0); ++#endif + libfunc (); + abort (); + } +diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c +index c1f8d89..4f12b9a 100644 +--- a/tests/vdsosyms.c b/tests/vdsosyms.c +@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) + if (dwfl == NULL) + error (2, 0, dwfl_begin: %s, dwfl_errmsg (-1)); + +- /* Take our parent as arbitrary process to inspect. */ +- pid_t pid = getppid(); ++ /* Take ourself as arbitrary process to inspect. This should work ++ even with restricted ptrace. */ ++ pid_t pid = getpid(); + + int result = dwfl_linux_proc_report (dwfl, pid); + if (result 0) +-- +1.8.3.1 + Deleted: CVE-2014-9447.patch === --- CVE-2014-9447.patch 2015-03-02 21:03:41 UTC (rev 128586) +++ CVE-2014-9447.patch 2015-03-02 21:05:28 UTC (rev 128587) @@ -1,53 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov chere...@mccme.ru -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: libelf: Fix dir traversal vuln in ar extraction. - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov chere...@mccme.ru - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov chere...@mccme.ru -+ -+ * elf_begin.c
[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)
Date: Wednesday, November 5, 2014 @ 18:25:11
Author: lcarlier
Revision: 121973
archrelease: copy trunk to multilib-x86_64
Added:
lib32-elfutils/repos/multilib-x86_64/PKGBUILD
(from rev 121972, lib32-elfutils/trunk/PKGBUILD)
Deleted:
lib32-elfutils/repos/multilib-x86_64/CVE-2014-0172.patch
lib32-elfutils/repos/multilib-x86_64/PKGBUILD
lib32-elfutils/repos/multilib-x86_64/fix-run-backtrace-native-core-test.patch
--+
CVE-2014-0172.patch | 37
PKGBUILD | 84 ++---
fix-run-backtrace-native-core-test.patch | 43 --
3 files changed, 42 insertions(+), 122 deletions(-)
Deleted: CVE-2014-0172.patch
===
--- CVE-2014-0172.patch 2014-11-05 17:25:03 UTC (rev 121972)
+++ CVE-2014-0172.patch 2014-11-05 17:25:11 UTC (rev 121973)
@@ -1,37 +0,0 @@
-From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
-From: Mark Wielaard m...@redhat.com
-Date: Wed, 9 Apr 2014 11:33:23 +0200
-Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
- uncompress data.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1085663
-
-Reported-by: Florian Weimer fwei...@redhat.com
-Signed-off-by: Mark Wielaard m...@redhat.com
-diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
-index 79daeac..34ea373 100644
a/libdw/dwarf_begin_elf.c
-+++ b/libdw/dwarf_begin_elf.c
-@@ -1,5 +1,5 @@
- /* Create descriptor from ELF descriptor for processing file.
-- Copyright (C) 2002-2011 Red Hat, Inc.
-+ Copyright (C) 2002-2011, 2014 Red Hat, Inc.
-This file is part of elfutils.
-Written by Ulrich Drepper drep...@redhat.com, 2002.
-
-@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn
*scn, bool inscngrp)
- memcpy (size, data-d_buf + 4, sizeof size);
- size = be64toh (size);
-
-+ /* Check for unsigned overflow so malloc always allocated
-+ enough memory for both the Elf_Data header and the
-+ uncompressed section data. */
-+ if (unlikely (sizeof (Elf_Data) + size size))
-+break;
-+
- Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
- if (unlikely (zdata == NULL))
- break;
---
-1.9.2
-
Deleted: PKGBUILD
===
--- PKGBUILD2014-11-05 17:25:03 UTC (rev 121972)
+++ PKGBUILD2014-11-05 17:25:11 UTC (rev 121973)
@@ -1,42 +0,0 @@
-# $Id$
-# Maintainer: Stéphane Gaudreault steph...@archlinux.org
-# Contributor: Andrej Gelenberg andrej.gelenb...@udo.edu
-
-_pkgbasename=elfutils
-pkgname=lib32-elfutils
-pkgver=0.159
-pkgrel=1
-pkgdesc=Collection of libraries for working with ELF object files and DWARF
debugging information (32-bit)
-arch=('x86_64')
-url=https://fedorahosted.org/elfutils/;
-license=('LGPL3' 'GPL' 'GPL3')
-depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
-makedepends=('gcc-multilib')
-source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig})
-sha1sums=('4ff214cdb95a10b03cf413f3d018393a838f98fc'
- 'SKIP')
-
-build() {
- cd ${srcdir}/${_pkgbasename}-${pkgver}
-
- export CC=gcc -m32
- export CXX=g++ -m32
- export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
- CFLAGS+= -g # required for test-suite success
-
- ./configure --prefix=/usr --libdir=/usr/lib32
- make
-}
-
-#check() {
-# cd ${srcdir}/${_pkgbasename}-${pkgver}
-#
-# make check
-#}
-
-package() {
- cd ${srcdir}/${_pkgbasename}-${pkgver}
-
- make DESTDIR=${pkgdir} install
- rm -rf ${pkgdir}/usr/{bin,include,share}
-}
Copied: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 121972,
lib32-elfutils/trunk/PKGBUILD)
===
--- PKGBUILD(rev 0)
+++ PKGBUILD2014-11-05 17:25:11 UTC (rev 121973)
@@ -0,0 +1,42 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault steph...@archlinux.org
+# Contributor: Andrej Gelenberg andrej.gelenb...@udo.edu
+
+_pkgbasename=elfutils
+pkgname=lib32-elfutils
+pkgver=0.160
+pkgrel=1
+pkgdesc=Collection of libraries for working with ELF object files and DWARF
debugging information (32-bit)
+arch=('x86_64')
+url=https://fedorahosted.org/elfutils/;
+license=('LGPL3' 'GPL' 'GPL3')
+depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
+makedepends=('gcc-multilib')
+source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig})
+sha1sums=('a300a1cd1543b65532e333a6e9f931db76841558'
+ 'SKIP')
+
+build() {
+ cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ export CC=gcc -m32
+ export CXX=g++ -m32
+ export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
+ CFLAGS+= -g # required for test-suite success
+
+ ./configure --prefix=/usr --libdir=/usr/lib32
+ make
+}
+
+#check() {
+# cd
