From aefc8b3ddf3de7859d9700967fa89dda5c2929a6 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 2 Aug 2015 01:24:23 +0100 Subject: [PATCH] elfutils: upgrade to 0.163 due to security ... vaguely mentioned by upstream, see e.g. FEDORA-2015-11380. Close #9084. --- .../tools/misc/elfutils/CVE-2014-0172.patch | 32 ------------------- .../tools/misc/elfutils/default.nix | 9 +++--- 2 files changed, 4 insertions(+), 37 deletions(-) delete mode 100644 pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch diff --git a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch b/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch deleted file mode 100644 index 6553dea7b4c..00000000000 --- a/pkgs/development/tools/misc/elfutils/CVE-2014-0172.patch +++ /dev/null @@ -1,32 +0,0 @@ -https://bugzilla.redhat.com/show_bug.cgi?id=1085663 - -Reported-by: Florian Weimer -Signed-off-by: Mark Wielaard ---- - libdw/dwarf_begin_elf.c | 8 +++++++- - 2 files changed, 12 insertions(+), 1 deletions(-) - -diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c -index 79daeac..34ea373 100644 ---- a/libdw/dwarf_begin_elf.c -+++ b/libdw/dwarf_begin_elf.c -@@ -1,5 +1,5 @@ - /* Create descriptor from ELF descriptor for processing file. -- Copyright (C) 2002-2011 Red Hat, Inc. -+ Copyright (C) 2002-2011, 2014 Red Hat, Inc. - This file is part of elfutils. - Written by Ulrich Drepper , 2002. - -@@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) - memcpy (&size, data->d_buf + 4, sizeof size); - size = be64toh (size); - -+ /* Check for unsigned overflow so malloc always allocated -+ enough memory for both the Elf_Data header and the -+ uncompressed section data. */ -+ if (unlikely (sizeof (Elf_Data) + size < size)) -+ break; -+ - Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); - if (unlikely (zdata == NULL)) - break; diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix index 53e4bd6821f..95ccdd89de1 100644 --- a/pkgs/development/tools/misc/elfutils/default.nix +++ b/pkgs/development/tools/misc/elfutils/default.nix @@ -3,21 +3,20 @@ # TODO: Look at the hardcoded paths to kernel, modules etc. stdenv.mkDerivation rec { name = "elfutils-${version}"; - version = "0.158"; + version = "0.163"; src = fetchurl { urls = [ "http://fedorahosted.org/releases/e/l/elfutils/${version}/${name}.tar.bz2" "mirror://gentoo/distfiles/${name}.tar.bz2" ]; - sha256 = "0z9rprmizd7rwb3xwfmz5liii7hbiv3g2arl23h56brm45fay9xy"; + sha256 = "7c774f1eef329309f3b05e730bdac50013155d437518a2ec0e24871d312f2e23"; }; patches = [ - ./CVE-2014-0172.patch (fetchurl { - url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability.patch"; - sha256 = "0y2fyjis5xrd3g2pcbcm145q2kmh52n5c74w8dwv3hqdp5ky7igd"; + url = "http://fedorahosted.org/releases/e/l/elfutils/${version}/elfutils-portability-${version}.patch"; + sha256 = "e4e82315dad2efaa4e4476503e7537e01b7c1b1f98a96de4ca1c7fa85f4f1045"; }) ]; # We need bzip2 in NativeInputs because otherwise we can't unpack the src,