aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2019-01-07 09:16:55 +0100
committerSören Tempel <soeren+git@soeren-tempel.net>2019-01-07 09:17:41 +0100
commite6866032366ba749f1255724e6ef1114058e9390 (patch)
tree5c0d80dd2bf23949dddf0a672c8793f03ba25497
parent40635ea8bac5ac0c8b8f25bbd78c06f6c81eb9ae (diff)
downloadaports-e6866032366ba749f1255724e6ef1114058e9390.tar.gz
aports-e6866032366ba749f1255724e6ef1114058e9390.tar.bz2
aports-e6866032366ba749f1255724e6ef1114058e9390.tar.xz
main/elfutils: security fix for CVE-2018-18310
-rw-r--r--main/elfutils/APKBUILD6
-rw-r--r--main/elfutils/CVE-2018-18310.patch53
2 files changed, 57 insertions, 2 deletions
diff --git a/main/elfutils/APKBUILD b/main/elfutils/APKBUILD
index 2f962d5426..be8a28fd47 100644
--- a/main/elfutils/APKBUILD
+++ b/main/elfutils/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=elfutils
pkgver=0.168
-pkgrel=1
+pkgrel=2
pkgdesc="A collection of utilities and DSOs to handle ELF files and DWARF data"
url="http://elfutils.org/"
arch="all"
@@ -24,6 +24,7 @@ source="https://sourceware.org/elfutils/ftp/$pkgver/elfutils-$pkgver.tar.bz2
no-werror.patch
CVE-2017-7607.patch
CVE-2017-7608.patch
+ CVE-2018-18310.patch
"
builddir="$srcdir/elfutils-$pkgver"
@@ -115,4 +116,5 @@ f025d6479c8782275090783ff4dd09eb70a7c3eec1126d3176c02d01124f22864d81e08cb96ac4d2
a0d986100c8ff2ef0595645ec1b2eeb1d517b7442aef5f349ebf27fcb66c76e51fadeda25bed5f04b4bb16a61aa23ac6e86a1f34a0087d2136acf0f64c3fa4d1 musl-strerror_r.patch
26aff757de8c0c67ae7922888c4a842939fb9b4022f3d2fa916591b44921c109f74154175afd431a0e31cf7c876f6d4fbaae26ef283985ae98d96854ea02dce0 no-werror.patch
81c6f19ed3e39aa6f2437e2da09be2952627efccda4769cccdd2616c728205ecdac1ece8a97ead7614a528d161c3885a050980a07436de7bdbc6f2988b348784 CVE-2017-7607.patch
-20088019a3cb17d1d9155c421b20e47907d2bdbea31fdd0e469f02c03f8dfe1e7da5c29f0bb0a35be79470a40d7c2df92d2402e32b20d090526bb1f8a71e0707 CVE-2017-7608.patch"
+20088019a3cb17d1d9155c421b20e47907d2bdbea31fdd0e469f02c03f8dfe1e7da5c29f0bb0a35be79470a40d7c2df92d2402e32b20d090526bb1f8a71e0707 CVE-2017-7608.patch
+f8654b29eea3777f0a1c752ec927a09163dc711ad52520e01b64e5976f2943b7141868cbe4ce4b8af8cc2fbfba4a98e8d4840d605067186532f4142298c1fc73 CVE-2018-18310.patch"
diff --git a/main/elfutils/CVE-2018-18310.patch b/main/elfutils/CVE-2018-18310.patch
new file mode 100644
index 0000000000..e6078116f8
--- /dev/null
+++ b/main/elfutils/CVE-2018-18310.patch
@@ -0,0 +1,53 @@
+From b6e1a48cca51aa246cba78e99f7e2dfa200b9d26 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 14 Oct 2018 16:45:48 +0200
+Subject: [PATCH] libdwfl: Sanity check partial core file data reads.
+
+There were two issues when reading note data from a core file.
+We didn't check if the data we already had in a buffer was big
+enough. And if we did get the data, we should check if we got
+everything, or just a part of the data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=23752
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ libdwfl/dwfl_segment_report_module.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
+index 36e5c823..87498846 100644
+--- a/libdwfl/dwfl_segment_report_module.c
++++ b/libdwfl/dwfl_segment_report_module.c
+@@ -1,5 +1,5 @@
+ /* Sniff out modules from ELF headers visible in memory segments.
+- Copyright (C) 2008-2012, 2014, 2015 Red Hat, Inc.
++ Copyright (C) 2008-2012, 2014, 2015, 2018 Red Hat, Inc.
+ This file is part of elfutils.
+
+ This file is free software; you can redistribute it and/or modify
+@@ -301,7 +301,10 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
+ inline bool read_portion (void **data, size_t *data_size,
+ GElf_Addr vaddr, size_t filesz)
+ {
+- if (vaddr - start + filesz > buffer_available
++ /* Check whether we will have to read the segment data, or if it
++ can be returned from the existing buffer. */
++ if (filesz > buffer_available
++ || vaddr - start > buffer_available - filesz
+ /* If we're in string mode, then don't consider the buffer we have
+ sufficient unless it contains the terminator of the string. */
+ || (filesz == 0 && memchr (vaddr - start + buffer, '\0',
+@@ -459,6 +462,12 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
+ if (read_portion (&data, &data_size, vaddr, filesz))
+ return;
+
++ /* data_size will be zero if we got everything from the initial
++ buffer, otherwise it will be the size of the new buffer that
++ could be read. */
++ if (data_size != 0)
++ filesz = data_size;
++
+ assert (sizeof (Elf32_Nhdr) == sizeof (Elf64_Nhdr));
+
+ void *notes;