Date: Monday, March 2, 2015 @ 22:05:28 Author: lcarlier Revision: 128587
archrelease: copy trunk to multilib-x86_64 Added: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (from rev 128586, lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch) lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch (from rev 128586, lib32-elfutils/trunk/CVE-2014-9447.patch) lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 128586, lib32-elfutils/trunk/PKGBUILD) Deleted: lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch -----------------------------------------------------------------+ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch | 63 +++++ CVE-2014-9447.patch | 106 +++++----- PKGBUILD | 50 ++++ 3 files changed, 166 insertions(+), 53 deletions(-) Copied: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (from rev 128586, lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch) =================================================================== --- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch (rev 0) +++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-03-02 21:05:28 UTC (rev 128587) @@ -0,0 +1,63 @@ +From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001 +From: Mark Wielaard <m...@redhat.com> +Date: Thu, 15 Jan 2015 13:39:06 +0100 +Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with + "restricted ptrace". + +Some systems might have "restricted ptrace" that doesn't allow process +inspection of arbitrary processes. Change the deleted testcase to +explicitly allow any other process to inspect it using the PR_SET_PTRACER +prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect +the process itself which should always be allowed. + +Reported-by: Anatol Pomozov <anatol.pomo...@gmail.com> +Signed-off-by: Mark Wielaard <m...@redhat.com> +--- + tests/ChangeLog | 5 +++++ + tests/deleted.c | 6 ++++++ + tests/vdsosyms.c | 5 +++-- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/tests/deleted.c b/tests/deleted.c +index 32a310b..d071bf7 100644 +--- a/tests/deleted.c ++++ b/tests/deleted.c +@@ -23,6 +23,7 @@ + #include <stdio.h> + #include <error.h> + #include <errno.h> ++#include <sys/prctl.h> + + extern void libfunc (void); + +@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) + assert (!err); + err = close (2); + assert (!err); ++ /* Make sure eu-stack -p works on this process even with ++ "restricted ptrace". */ ++#ifdef PR_SET_PTRACER_ANY ++ prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0); ++#endif + libfunc (); + abort (); + } +diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c +index c1f8d89..4f12b9a 100644 +--- a/tests/vdsosyms.c ++++ b/tests/vdsosyms.c +@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) + if (dwfl == NULL) + error (2, 0, "dwfl_begin: %s", dwfl_errmsg (-1)); + +- /* Take our parent as "arbitrary" process to inspect. */ +- pid_t pid = getppid(); ++ /* Take ourself as "arbitrary" process to inspect. This should work ++ even with "restricted ptrace". */ ++ pid_t pid = getpid(); + + int result = dwfl_linux_proc_report (dwfl, pid); + if (result < 0) +-- +1.8.3.1 + Deleted: CVE-2014-9447.patch =================================================================== --- CVE-2014-9447.patch 2015-03-02 21:03:41 UTC (rev 128586) +++ CVE-2014-9447.patch 2015-03-02 21:05:28 UTC (rev 128587) @@ -1,53 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov <chere...@mccme.ru> -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: libelf: Fix dir traversal vuln in ar extraction. - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov <chere...@mccme.ru> - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 ---- a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov <chere...@mccme.ru> -+ -+ * elf_begin.c (read_long_names): Don't miss '/' right after -+ another '/'. Fixes a dir traversal vuln in ar extraction. -+ - 2014-12-18 Ulrich Drepper <drep...@gmail.com> - - * Makefile.am: Suppress output of textrel_check command. -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 30abe0b..cd3756c 100644 ---- a/libelf/elf_begin.c -+++ b/libelf/elf_begin.c -@@ -749,10 +749,7 @@ read_long_names (Elf *elf) - } - - /* NUL-terminate the string. */ -- *runp = '\0'; -- -- /* Skip the NUL byte and the \012. */ -- runp += 2; -+ *runp++ = '\0'; - - /* A sanity check. Somebody might have generated invalid - archive. */ --- -cgit v0.10.2 - Copied: lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch (from rev 128586, lib32-elfutils/trunk/CVE-2014-9447.patch) =================================================================== --- CVE-2014-9447.patch (rev 0) +++ CVE-2014-9447.patch 2015-03-02 21:05:28 UTC (rev 128587) @@ -0,0 +1,53 @@ +From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 +From: Alexander Cherepanov <chere...@mccme.ru> +Date: Sun, 28 Dec 2014 19:57:19 +0300 +Subject: libelf: Fix dir traversal vuln in ar extraction. + +read_long_names terminates names at the first '/' found but then skips +one character without checking (it's supposed to be '\n'). Hence the +next name could start with any character including '/'. This leads to +a directory traversal vulnerability at the time the contents of the +archive is extracted. + +The danger is mitigated by the fact that only one '/' is possible in a +resulting filename and only in the leading position. Hence only files +in the root directory can be written via this vuln and only when ar is +executed as root. + +The fix for the vuln is to not skip any characters while looking +for '/'. + +Signed-off-by: Alexander Cherepanov <chere...@mccme.ru> + +diff --git a/libelf/ChangeLog b/libelf/ChangeLog +index 3b88d03..447c354 100644 +--- a/libelf/ChangeLog ++++ b/libelf/ChangeLog +@@ -1,3 +1,8 @@ ++2014-12-28 Alexander Cherepanov <chere...@mccme.ru> ++ ++ * elf_begin.c (read_long_names): Don't miss '/' right after ++ another '/'. Fixes a dir traversal vuln in ar extraction. ++ + 2014-12-18 Ulrich Drepper <drep...@gmail.com> + + * Makefile.am: Suppress output of textrel_check command. +diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c +index 30abe0b..cd3756c 100644 +--- a/libelf/elf_begin.c ++++ b/libelf/elf_begin.c +@@ -749,10 +749,7 @@ read_long_names (Elf *elf) + } + + /* NUL-terminate the string. */ +- *runp = '\0'; +- +- /* Skip the NUL byte and the \012. */ +- runp += 2; ++ *runp++ = '\0'; + + /* A sanity check. Somebody might have generated invalid + archive. */ +-- +cgit v0.10.2 + Copied: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 128586, lib32-elfutils/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2015-03-02 21:05:28 UTC (rev 128587) @@ -0,0 +1,50 @@ +# $Id$ +# Maintainer: Stéphane Gaudreault <steph...@archlinux.org> +# Contributor: Andrej Gelenberg <andrej.gelenb...@udo.edu> + +_pkgbasename=elfutils +pkgname=lib32-elfutils +pkgver=0.161 +pkgrel=2 +pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)" +arch=('x86_64') +url="https://fedorahosted.org/elfutils/" +license=('LGPL3' 'GPL' 'GPL3') +depends=('lib32-bzip2' 'lib32-zlib' 'elfutils') +makedepends=('gcc-multilib') +source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig} + 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch + CVE-2014-9447.patch) +options=('staticlibs') +sha1sums=('85d48e18359c51e843c49b1894b2f54b85e88ae2' + 'SKIP' + '86947fb8d0f51a65e19142350925f428ad0c7cb1' + 'd3e0e8275695fcc6347b8730bd1eb141a022f756') +validpgpkeys=('47CC0331081B8BC6D0FD4DA08370665B57816A6A') # Mark J. Wielaard <m...@klomp.org> + +prepare() { + cd ${_pkgbasename}-${pkgver} + + # https://lists.fedorahosted.org/pipermail/elfutils-devel/2015-January/004541.html + patch -p1 < "$srcdir"/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch + patch -p1 < "$srcdir"/CVE-2014-9447.patch +} + +build() { + cd ${srcdir}/${_pkgbasename}-${pkgver} + + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + CFLAGS+=" -g" # required for test-suite success + + ./configure --prefix=/usr --libdir=/usr/lib32 + make +} + +package() { + cd ${srcdir}/${_pkgbasename}-${pkgver} + + make DESTDIR=${pkgdir} install + rm -rf ${pkgdir}/usr/{bin,include,share} +}