Date: Sunday, July 12, 2015 @ 11:53:36 Author: lcarlier Revision: 136714
archrelease: copy trunk to multilib-x86_64 Added: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 136713, lib32-elfutils/trunk/PKGBUILD) Deleted: lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch lib32-elfutils/repos/multilib-x86_64/PKGBUILD -----------------------------------------------------------------+ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch | 63 ------- CVE-2014-9447.patch | 53 ------ PKGBUILD | 88 ++++------ 3 files changed, 38 insertions(+), 166 deletions(-) Deleted: 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch =================================================================== --- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-07-12 09:53:30 UTC (rev 136713) +++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 2015-07-12 09:53:36 UTC (rev 136714) @@ -1,63 +0,0 @@ -From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <m...@redhat.com> -Date: Thu, 15 Jan 2015 13:39:06 +0100 -Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with - "restricted ptrace". - -Some systems might have "restricted ptrace" that doesn't allow process -inspection of arbitrary processes. Change the deleted testcase to -explicitly allow any other process to inspect it using the PR_SET_PTRACER -prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect -the process itself which should always be allowed. - -Reported-by: Anatol Pomozov <anatol.pomo...@gmail.com> -Signed-off-by: Mark Wielaard <m...@redhat.com> ---- - tests/ChangeLog | 5 +++++ - tests/deleted.c | 6 ++++++ - tests/vdsosyms.c | 5 +++-- - 3 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/tests/deleted.c b/tests/deleted.c -index 32a310b..d071bf7 100644 ---- a/tests/deleted.c -+++ b/tests/deleted.c -@@ -23,6 +23,7 @@ - #include <stdio.h> - #include <error.h> - #include <errno.h> -+#include <sys/prctl.h> - - extern void libfunc (void); - -@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) - assert (!err); - err = close (2); - assert (!err); -+ /* Make sure eu-stack -p works on this process even with -+ "restricted ptrace". */ -+#ifdef PR_SET_PTRACER_ANY -+ prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0); -+#endif - libfunc (); - abort (); - } -diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c -index c1f8d89..4f12b9a 100644 ---- a/tests/vdsosyms.c -+++ b/tests/vdsosyms.c -@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv __attribute__ ((unused))) - if (dwfl == NULL) - error (2, 0, "dwfl_begin: %s", dwfl_errmsg (-1)); - -- /* Take our parent as "arbitrary" process to inspect. */ -- pid_t pid = getppid(); -+ /* Take ourself as "arbitrary" process to inspect. This should work -+ even with "restricted ptrace". */ -+ pid_t pid = getpid(); - - int result = dwfl_linux_proc_report (dwfl, pid); - if (result < 0) --- -1.8.3.1 - Deleted: CVE-2014-9447.patch =================================================================== --- CVE-2014-9447.patch 2015-07-12 09:53:30 UTC (rev 136713) +++ CVE-2014-9447.patch 2015-07-12 09:53:36 UTC (rev 136714) @@ -1,53 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov <chere...@mccme.ru> -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: libelf: Fix dir traversal vuln in ar extraction. - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov <chere...@mccme.ru> - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 ---- a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov <chere...@mccme.ru> -+ -+ * elf_begin.c (read_long_names): Don't miss '/' right after -+ another '/'. Fixes a dir traversal vuln in ar extraction. -+ - 2014-12-18 Ulrich Drepper <drep...@gmail.com> - - * Makefile.am: Suppress output of textrel_check command. -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 30abe0b..cd3756c 100644 ---- a/libelf/elf_begin.c -+++ b/libelf/elf_begin.c -@@ -749,10 +749,7 @@ read_long_names (Elf *elf) - } - - /* NUL-terminate the string. */ -- *runp = '\0'; -- -- /* Skip the NUL byte and the \012. */ -- runp += 2; -+ *runp++ = '\0'; - - /* A sanity check. Somebody might have generated invalid - archive. */ --- -cgit v0.10.2 - Deleted: PKGBUILD =================================================================== --- PKGBUILD 2015-07-12 09:53:30 UTC (rev 136713) +++ PKGBUILD 2015-07-12 09:53:36 UTC (rev 136714) @@ -1,50 +0,0 @@ -# $Id$ -# Maintainer: Stéphane Gaudreault <steph...@archlinux.org> -# Contributor: Andrej Gelenberg <andrej.gelenb...@udo.edu> - -_pkgbasename=elfutils -pkgname=lib32-elfutils -pkgver=0.161 -pkgrel=2 -pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)" -arch=('x86_64') -url="https://fedorahosted.org/elfutils/" -license=('LGPL3' 'GPL' 'GPL3') -depends=('lib32-bzip2' 'lib32-zlib' 'elfutils') -makedepends=('gcc-multilib') -source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig} - 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch - CVE-2014-9447.patch) -options=('staticlibs') -sha1sums=('85d48e18359c51e843c49b1894b2f54b85e88ae2' - 'SKIP' - '86947fb8d0f51a65e19142350925f428ad0c7cb1' - 'd3e0e8275695fcc6347b8730bd1eb141a022f756') -validpgpkeys=('47CC0331081B8BC6D0FD4DA08370665B57816A6A') # Mark J. Wielaard <m...@klomp.org> - -prepare() { - cd ${_pkgbasename}-${pkgver} - - # https://lists.fedorahosted.org/pipermail/elfutils-devel/2015-January/004541.html - patch -p1 < "$srcdir"/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch - patch -p1 < "$srcdir"/CVE-2014-9447.patch -} - -build() { - cd ${srcdir}/${_pkgbasename}-${pkgver} - - export CC="gcc -m32" - export CXX="g++ -m32" - export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" - CFLAGS+=" -g" # required for test-suite success - - ./configure --prefix=/usr --libdir=/usr/lib32 - make -} - -package() { - cd ${srcdir}/${_pkgbasename}-${pkgver} - - make DESTDIR=${pkgdir} install - rm -rf ${pkgdir}/usr/{bin,include,share} -} Copied: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 136713, lib32-elfutils/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2015-07-12 09:53:36 UTC (rev 136714) @@ -0,0 +1,38 @@ +# $Id$ +# Maintainer: Stéphane Gaudreault <steph...@archlinux.org> +# Contributor: Andrej Gelenberg <andrej.gelenb...@udo.edu> + +_pkgbasename=elfutils +pkgname=lib32-elfutils +pkgver=0.163 +pkgrel=1 +pkgdesc="Collection of libraries for working with ELF object files and DWARF debugging information (32-bit)" +arch=('x86_64') +url="https://fedorahosted.org/elfutils/" +license=('LGPL3' 'GPL' 'GPL3') +depends=('lib32-bzip2' 'lib32-zlib' 'elfutils') +makedepends=('gcc-multilib') +source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig}) +options=('staticlibs') +sha1sums=('7931b4961364a8a17c708138c70c552ae2881227' + 'SKIP') +validpgpkeys=('47CC0331081B8BC6D0FD4DA08370665B57816A6A') # Mark J. Wielaard <m...@klomp.org> + +build() { + cd ${srcdir}/${_pkgbasename}-${pkgver} + + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + CFLAGS+=" -g" # required for test-suite success + + ./configure --prefix=/usr --libdir=/usr/lib32 + make +} + +package() { + cd ${srcdir}/${_pkgbasename}-${pkgver} + + make DESTDIR=${pkgdir} install + rm -rf ${pkgdir}/usr/{bin,include,share} +}