elfutils: upgrade to 0.163 due to security

... vaguely mentioned by upstream, see e.g. FEDORA-2015-11380. Close #9084.
2015-08-02 01:24:23 +01:00 · 2015-08-02 01:24:23 +01:00 · aefc8b3ddf
parent da76816b0c
commit aefc8b3ddf
2 changed files with 4 additions and 37 deletions
--- a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch
+++ b/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch
@ -1,32 +0,0 @@
-https://bugzilla.redhat.com/show_bug.cgi?id=1085663
-
-Reported-by: Florian Weimer <fweimer at redhat.com>
-Signed-off-by: Mark Wielaard <mjw at redhat.com>
---
- libdw/dwarf_begin_elf.c |    8 +++++++-
- 2 files changed, 12 insertions(+), 1 deletions(-)
-
-diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c
-index 79daeac..34ea373 100644
--- a/libdw/dwarf_begin_elf.c
-+++ b/libdw/dwarf_begin_elf.c
-@@ -1,5 +1,5 @@
- /* Create descriptor from ELF descriptor for processing file.
-   Copyright (C) 2002-2011 Red Hat, Inc.
-+   Copyright (C) 2002-2011, 2014 Red Hat, Inc.
-    This file is part of elfutils.
-    Written by Ulrich Drepper <drepper at redhat.com>, 2002.
- 
-@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp)
- 	    memcpy (&size, data->d_buf + 4, sizeof size);
- 	    size = be64toh (size);
- 
-+	    /* Check for unsigned overflow so malloc always allocated
-+	       enough memory for both the Elf_Data header and the
-+	       uncompressed section data.  */
-+	    if (unlikely (sizeof (Elf_Data) + size < size))
-+	      break;
-+
- 	    Elf_Data *zdata = malloc (sizeof (Elf_Data) + size);
- 	    if (unlikely (zdata == NULL))
- 	      break;
--- a/pkgs/development/tools/misc/elfutils/default.nix
+++ b/pkgs/development/tools/misc/elfutils/default.nix
@ -3,21 +3,20 @@
 # TODO: Look at the hardcoded paths to kernel, modules etc.
 stdenv.mkDerivation rec {
  name = "elfutils-${version}";
-  version = "0.158";
+  version = "0.163";

  src = fetchurl {
    urls = [
      "http://fedorahosted.org/releases/e/l/elfutils/${version}/${name}.tar.bz2"
      "mirror://gentoo/distfiles/${name}.tar.bz2"
      ];
-    sha256 = "0z9rprmizd7rwb3xwfmz5liii7hbiv3g2arl23h56brm45fay9xy";
+    sha256 = "7c774f1eef329309f3b05e730bdac50013155d437518a2ec0e24871d312f2e23";
  };

  patches = [
-    ./CVE-2014-0172.patch
    (fetchurl {
-      url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability.patch";
-      sha256 = "0y2fyjis5xrd3g2pcbcm145q2kmh52n5c74w8dwv3hqdp5ky7igd";
+      url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability-${version}.patch";
+      sha256 = "e4e82315dad2efaa4e4476503e7537e01b7c1b1f98a96de4ca1c7fa85f4f1045";
    }) ];

  # We need bzip2 in NativeInputs because otherwise we can't unpack the src,