commit: 185c785c239b6e5f7fcadc14be183c2f5fb37cfe Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com> AuthorDate: Fri May 21 19:36:03 2021 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sun May 23 16:53:07 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=185c785c
app-arch/upx: fix CVE-2020-24119 Bug: https://bugs.gentoo.org/790281 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com> Closes: https://github.com/gentoo/gentoo/pull/20914 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> app-arch/upx/files/upx-3.96_CVE-2020-24119.patch | 34 +++++++++++++++++++++ app-arch/upx/upx-3.96-r2.ebuild | 39 ++++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch b/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch new file mode 100644 index 00000000000..7e6de04948b --- /dev/null +++ b/app-arch/upx/files/upx-3.96_CVE-2020-24119.patch @@ -0,0 +1,34 @@ +From 87b73e5cfdc12da94c251b2cd83bb01c7d9f616c Mon Sep 17 00:00:00 2001 +From: John Reiser <jrei...@bitwagon.com> +Date: Wed, 22 Jul 2020 19:34:27 -0700 +Subject: [PATCH] Unpack: Phdrs must be within expansion of first compressed + block + +https://github.com/upx/upx/issues/388 + modified: p_lx_elf.cpp +--- + src/p_lx_elf.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp +index cd9e4ec97..453d5c457 100644 +--- a/src/p_lx_elf.cpp ++++ b/src/p_lx_elf.cpp +@@ -4550,7 +4550,7 @@ void PackLinuxElf64::unpack(OutputFile *fo) + unsigned c_adler = upx_adler32(NULL, 0); + unsigned u_adler = upx_adler32(NULL, 0); + #define MAX_ELF_HDR 1024 +- if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) { ++ if ((umin64(MAX_ELF_HDR, ph.u_len) - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) { + throwCantUnpack("bad compressed e_phnum"); + } + #undef MAX_ELF_HDR +@@ -5617,7 +5617,7 @@ void PackLinuxElf32::unpack(OutputFile *fo) + unsigned c_adler = upx_adler32(NULL, 0); + unsigned u_adler = upx_adler32(NULL, 0); + #define MAX_ELF_HDR 512 +- if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) { ++ if ((umin(MAX_ELF_HDR, ph.u_len) - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) { + throwCantUnpack("bad compressed e_phnum"); + } + #undef MAX_ELF_HDR diff --git a/app-arch/upx/upx-3.96-r2.ebuild b/app-arch/upx/upx-3.96-r2.ebuild new file mode 100644 index 00000000000..cf9f4c4f87d --- /dev/null +++ b/app-arch/upx/upx-3.96-r2.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs + +DESCRIPTION="Ultimate Packer for eXecutables (free version using UCL compression and not NRV)" +HOMEPAGE="https://upx.github.io/"; +SRC_URI="https://github.com/upx/upx/releases/download/v${PV}/${P}-src.tar.xz"; + +LICENSE="GPL-2+ UPX-exception" # Read the exception before applying any patches +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="" + +DEPEND=">=dev-libs/ucl-1.03 + sys-libs/zlib" +RDEPEND="${RDEPEND} + !app-arch/upx-bin" +BDEPEND="dev-lang/perl" + +S="${WORKDIR}/${P}-src" + +PATCHES=( + "${FILESDIR}/${P}_CVE-2020-24119.patch" + "${FILESDIR}/${P}_CVE-2021-20285.patch" +) + +src_compile() { + tc-export CXX + emake CXXFLAGS_WERROR="" all +} + +src_install() { + newbin src/upx.out upx + dodoc BUGS NEWS PROJECTS README* THANKS doc/*.txt doc/upx.html + doman doc/upx.1 +}
