[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)

2015-07-12 Thread Laurent Carlier 
Date: Sunday, July 12, 2015 @ 11:53:36
  Author: lcarlier
Revision: 136714

archrelease: copy trunk to multilib-x86_64

Added:
  lib32-elfutils/repos/multilib-x86_64/PKGBUILD
(from rev 136713, lib32-elfutils/trunk/PKGBUILD)
Deleted:
  
lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
  lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch
  lib32-elfutils/repos/multilib-x86_64/PKGBUILD

-+
 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch |   63 ---
 CVE-2014-9447.patch |   53 --
 PKGBUILD|   88 
--
 3 files changed, 38 insertions(+), 166 deletions(-)

Deleted: 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
===
--- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 
2015-07-12 09:53:30 UTC (rev 136713)
+++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 
2015-07-12 09:53:36 UTC (rev 136714)
@@ -1,63 +0,0 @@
-From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001
-From: Mark Wielaard 
-Date: Thu, 15 Jan 2015 13:39:06 +0100
-Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with
- "restricted ptrace".
-
-Some systems might have "restricted ptrace" that doesn't allow process
-inspection of arbitrary processes. Change the deleted testcase to
-explicitly allow any other process to inspect it using the PR_SET_PTRACER
-prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect
-the process itself which should always be allowed.
-
-Reported-by: Anatol Pomozov 
-Signed-off-by: Mark Wielaard 

- tests/ChangeLog  | 5 +
- tests/deleted.c  | 6 ++
- tests/vdsosyms.c | 5 +++--
- 3 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/tests/deleted.c b/tests/deleted.c
-index 32a310b..d071bf7 100644
 a/tests/deleted.c
-+++ b/tests/deleted.c
-@@ -23,6 +23,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- extern void libfunc (void);
- 
-@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv 
__attribute__ ((unused)))
-   assert (!err);
-   err = close (2);
-   assert (!err);
-+  /* Make sure eu-stack -p works on this process even with
-+   "restricted ptrace".  */
-+#ifdef PR_SET_PTRACER_ANY
-+  prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0);
-+#endif
-   libfunc ();
-   abort ();
- }
-diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c
-index c1f8d89..4f12b9a 100644
 a/tests/vdsosyms.c
-+++ b/tests/vdsosyms.c
-@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv 
__attribute__ ((unused)))
-   if (dwfl == NULL)
- error (2, 0, "dwfl_begin: %s", dwfl_errmsg (-1));
- 
--  /* Take our parent as "arbitrary" process to inspect.  */
--  pid_t pid = getppid();
-+  /* Take ourself as "arbitrary" process to inspect.  This should work
-+ even with "restricted ptrace".  */
-+  pid_t pid = getpid();
- 
-   int result = dwfl_linux_proc_report (dwfl, pid);
-   if (result < 0)
--- 
-1.8.3.1
-

Deleted: CVE-2014-9447.patch
===
--- CVE-2014-9447.patch 2015-07-12 09:53:30 UTC (rev 136713)
+++ CVE-2014-9447.patch 2015-07-12 09:53:36 UTC (rev 136714)
@@ -1,53 +0,0 @@
-From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001
-From: Alexander Cherepanov 
-Date: Sun, 28 Dec 2014 19:57:19 +0300
-Subject: libelf: Fix dir traversal vuln in ar extraction.
-
-read_long_names terminates names at the first '/' found but then skips
-one character without checking (it's supposed to be '\n'). Hence the
-next name could start with any character including '/'. This leads to
-a directory traversal vulnerability at the time the contents of the
-archive is extracted.
-
-The danger is mitigated by the fact that only one '/' is possible in a
-resulting filename and only in the leading position. Hence only files
-in the root directory can be written via this vuln and only when ar is
-executed as root.
-
-The fix for the vuln is to not skip any characters while looking
-for '/'.
-
-Signed-off-by: Alexander Cherepanov 
-
-diff --git a/libelf/ChangeLog b/libelf/ChangeLog
-index 3b88d03..447c354 100644
 a/libelf/ChangeLog
-+++ b/libelf/ChangeLog
-@@ -1,3 +1,8 @@
-+2014-12-28  Alexander Cherepanov  
-+
-+  * elf_begin.c (read_long_names): Don't miss '/' right after
-+  another '/'. Fixes a dir traversal vuln in ar extraction.
-+
- 2014-12-18  Ulrich Drepper  
- 
-   * Makefile.am: Suppress output of textrel_check command.
-diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
-index 30abe0b..cd3756c 100644
 a/libelf/elf_begin.c
-+++ b/libelf/elf_begin.c
-@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
-   }
- 
- /* NUL-terminate th

[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)

2015-03-02 Thread Laurent Carlier 
Date: Monday, March 2, 2015 @ 22:05:28
  Author: lcarlier
Revision: 128587

archrelease: copy trunk to multilib-x86_64

Added:
  
lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
(from rev 128586, 
lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch)
  lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch
(from rev 128586, lib32-elfutils/trunk/CVE-2014-9447.patch)
  lib32-elfutils/repos/multilib-x86_64/PKGBUILD
(from rev 128586, lib32-elfutils/trunk/PKGBUILD)
Deleted:
  lib32-elfutils/repos/multilib-x86_64/CVE-2014-9447.patch

-+
 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch |   63 +
 CVE-2014-9447.patch |  106 
+-
 PKGBUILD|   50 
 3 files changed, 166 insertions(+), 53 deletions(-)

Copied: 
lib32-elfutils/repos/multilib-x86_64/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
 (from rev 128586, 
lib32-elfutils/trunk/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch)
===
--- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 
(rev 0)
+++ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch 
2015-03-02 21:05:28 UTC (rev 128587)
@@ -0,0 +1,63 @@
+From 224e6776cfe6fc23a207cd05bf75b1e3548853a0 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Thu, 15 Jan 2015 13:39:06 +0100
+Subject: [PATCH] tests: Make deleted and vdsosyms testcases work with
+ "restricted ptrace".
+
+Some systems might have "restricted ptrace" that doesn't allow process
+inspection of arbitrary processes. Change the deleted testcase to
+explicitly allow any other process to inspect it using the PR_SET_PTRACER
+prctl set to PR_SET_PTRACER_ANY. Change the vdsosyms testcase to inspect
+the process itself which should always be allowed.
+
+Reported-by: Anatol Pomozov 
+Signed-off-by: Mark Wielaard 
+---
+ tests/ChangeLog  | 5 +
+ tests/deleted.c  | 6 ++
+ tests/vdsosyms.c | 5 +++--
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/tests/deleted.c b/tests/deleted.c
+index 32a310b..d071bf7 100644
+--- a/tests/deleted.c
 b/tests/deleted.c
+@@ -23,6 +23,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ extern void libfunc (void);
+ 
+@@ -42,6 +43,11 @@ main (int argc __attribute__ ((unused)), char **argv 
__attribute__ ((unused)))
+   assert (!err);
+   err = close (2);
+   assert (!err);
++  /* Make sure eu-stack -p works on this process even with
++   "restricted ptrace".  */
++#ifdef PR_SET_PTRACER_ANY
++  prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY, 0, 0, 0);
++#endif
+   libfunc ();
+   abort ();
+ }
+diff --git a/tests/vdsosyms.c b/tests/vdsosyms.c
+index c1f8d89..4f12b9a 100644
+--- a/tests/vdsosyms.c
 b/tests/vdsosyms.c
+@@ -80,8 +80,9 @@ main (int argc __attribute__ ((unused)), char **argv 
__attribute__ ((unused)))
+   if (dwfl == NULL)
+ error (2, 0, "dwfl_begin: %s", dwfl_errmsg (-1));
+ 
+-  /* Take our parent as "arbitrary" process to inspect.  */
+-  pid_t pid = getppid();
++  /* Take ourself as "arbitrary" process to inspect.  This should work
++ even with "restricted ptrace".  */
++  pid_t pid = getpid();
+ 
+   int result = dwfl_linux_proc_report (dwfl, pid);
+   if (result < 0)
+-- 
+1.8.3.1
+

Deleted: CVE-2014-9447.patch
===
--- CVE-2014-9447.patch 2015-03-02 21:03:41 UTC (rev 128586)
+++ CVE-2014-9447.patch 2015-03-02 21:05:28 UTC (rev 128587)
@@ -1,53 +0,0 @@
-From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001
-From: Alexander Cherepanov 
-Date: Sun, 28 Dec 2014 19:57:19 +0300
-Subject: libelf: Fix dir traversal vuln in ar extraction.
-
-read_long_names terminates names at the first '/' found but then skips
-one character without checking (it's supposed to be '\n'). Hence the
-next name could start with any character including '/'. This leads to
-a directory traversal vulnerability at the time the contents of the
-archive is extracted.
-
-The danger is mitigated by the fact that only one '/' is possible in a
-resulting filename and only in the leading position. Hence only files
-in the root directory can be written via this vuln and only when ar is
-executed as root.
-
-The fix for the vuln is to not skip any characters while looking
-for '/'.
-
-Signed-off-by: Alexander Cherepanov 
-
-diff --git a/libelf/ChangeLog b/libelf/ChangeLog
-index 3b88d03..447c354 100644
 a/libelf/ChangeLog
-+++ b/libelf/ChangeLog
-@@ -1,3 +1,8 @@
-+2014-12-28  Alexander Cherepanov  
-+
-+  * elf_begin.c (read_long_names): Don't miss '/' right after
-+  another '/'. Fixes a dir traversal vuln in ar extraction.
-+
- 2014-12-18

[arch-commits] Commit in lib32-elfutils/repos/multilib-x86_64 (4 files)

2014-11-05 Thread Laurent Carlier 
Date: Wednesday, November 5, 2014 @ 18:25:11
  Author: lcarlier
Revision: 121973

archrelease: copy trunk to multilib-x86_64

Added:
  lib32-elfutils/repos/multilib-x86_64/PKGBUILD
(from rev 121972, lib32-elfutils/trunk/PKGBUILD)
Deleted:
  lib32-elfutils/repos/multilib-x86_64/CVE-2014-0172.patch
  lib32-elfutils/repos/multilib-x86_64/PKGBUILD
  lib32-elfutils/repos/multilib-x86_64/fix-run-backtrace-native-core-test.patch

--+
 CVE-2014-0172.patch  |   37 
 PKGBUILD |   84 ++---
 fix-run-backtrace-native-core-test.patch |   43 --
 3 files changed, 42 insertions(+), 122 deletions(-)

Deleted: CVE-2014-0172.patch
===
--- CVE-2014-0172.patch 2014-11-05 17:25:03 UTC (rev 121972)
+++ CVE-2014-0172.patch 2014-11-05 17:25:11 UTC (rev 121973)
@@ -1,37 +0,0 @@
-From 7f1eec317db79627b473c5b149a22a1b20d1f68f Mon Sep 17 00:00:00 2001
-From: Mark Wielaard 
-Date: Wed, 9 Apr 2014 11:33:23 +0200
-Subject: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
- uncompress data.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1085663
-
-Reported-by: Florian Weimer 
-Signed-off-by: Mark Wielaard 
-diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
-index 79daeac..34ea373 100644
 a/libdw/dwarf_begin_elf.c
-+++ b/libdw/dwarf_begin_elf.c
-@@ -1,5 +1,5 @@
- /* Create descriptor from ELF descriptor for processing file.
--   Copyright (C) 2002-2011 Red Hat, Inc.
-+   Copyright (C) 2002-2011, 2014 Red Hat, Inc.
-This file is part of elfutils.
-Written by Ulrich Drepper , 2002.
- 
-@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn 
*scn, bool inscngrp)
-   memcpy (&size, data->d_buf + 4, sizeof size);
-   size = be64toh (size);
- 
-+  /* Check for unsigned overflow so malloc always allocated
-+ enough memory for both the Elf_Data header and the
-+ uncompressed section data.  */
-+  if (unlikely (sizeof (Elf_Data) + size < size))
-+break;
-+
-   Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
-   if (unlikely (zdata == NULL))
- break;
--- 
-1.9.2
-

Deleted: PKGBUILD
===
--- PKGBUILD2014-11-05 17:25:03 UTC (rev 121972)
+++ PKGBUILD2014-11-05 17:25:11 UTC (rev 121973)
@@ -1,42 +0,0 @@
-# $Id$
-# Maintainer: Stéphane Gaudreault 
-# Contributor: Andrej Gelenberg 
-
-_pkgbasename=elfutils
-pkgname=lib32-elfutils
-pkgver=0.159
-pkgrel=1
-pkgdesc="Collection of libraries for working with ELF object files and DWARF 
debugging information (32-bit)"
-arch=('x86_64')
-url="https://fedorahosted.org/elfutils/";
-license=('LGPL3' 'GPL' 'GPL3')
-depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
-makedepends=('gcc-multilib')
-source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig})
-sha1sums=('4ff214cdb95a10b03cf413f3d018393a838f98fc'
- 'SKIP')
-
-build() {
-  cd ${srcdir}/${_pkgbasename}-${pkgver}
-   
-  export CC="gcc -m32"
-  export CXX="g++ -m32"
-  export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
-  CFLAGS+=" -g"  # required for test-suite success
-  
-  ./configure --prefix=/usr --libdir=/usr/lib32
-  make
-}
-
-#check() {
-#  cd ${srcdir}/${_pkgbasename}-${pkgver}
-#
-#  make check
-#}
-
-package() {
-  cd ${srcdir}/${_pkgbasename}-${pkgver}
-
-  make DESTDIR=${pkgdir} install
-  rm -rf ${pkgdir}/usr/{bin,include,share}
-}

Copied: lib32-elfutils/repos/multilib-x86_64/PKGBUILD (from rev 121972, 
lib32-elfutils/trunk/PKGBUILD)
===
--- PKGBUILD(rev 0)
+++ PKGBUILD2014-11-05 17:25:11 UTC (rev 121973)
@@ -0,0 +1,42 @@
+# $Id$
+# Maintainer: Stéphane Gaudreault 
+# Contributor: Andrej Gelenberg 
+
+_pkgbasename=elfutils
+pkgname=lib32-elfutils
+pkgver=0.160
+pkgrel=1
+pkgdesc="Collection of libraries for working with ELF object files and DWARF 
debugging information (32-bit)"
+arch=('x86_64')
+url="https://fedorahosted.org/elfutils/";
+license=('LGPL3' 'GPL' 'GPL3')
+depends=('lib32-bzip2' 'lib32-zlib' 'elfutils')
+makedepends=('gcc-multilib')
+source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig})
+sha1sums=('a300a1cd1543b65532e333a6e9f931db76841558'
+ 'SKIP')
+
+build() {
+  cd ${srcdir}/${_pkgbasename}-${pkgver}
+   
+  export CC="gcc -m32"
+  export CXX="g++ -m32"
+  export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+  CFLAGS+=" -g"  # required for test-suite success
+  
+  ./configure --prefix=/usr --libdir=/usr/lib32
+  make
+}
+
+#check() {
+#  cd ${srcdir}/${_pkgbasename}-${pkgver}
+#
+#  make check
+#}
+
+package() {
+  cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+  make DESTDIR=${pkgdir} install
+  rm -rf