From e7a25d2ae7d65f204d92f7987630eeb5c63fe659 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 1 Jun 2018 14:32:28 +0100 Subject: gnu: elixir: Enable more tests and remove patch. Previously, due to issues in the erlang package, many tests would fail, and the package would also nondeterministically fail to build. This is now fixed (by patching occurrences of /bin/sh in the erlang package), so all the tests can be run. * gnu/packages/elixir.scm (elixir)[source]: Remove patches. [arguments]: Remove the fix-or-disable-tests phase. Add a new set-home phase to set the HOME environment variable prior to running the tests. * gnu/packages/patches/elixir-disable-failing-tests.patch: Delete this file. * gnu/local.mk: Remove now deleted patch. --- gnu/local.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7fa7e7d818..1957fb66cb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -641,7 +641,6 @@ dist_patch_DATA = \ %D%/packages/patches/e2fsprogs-glibc-2.27.patch \ %D%/packages/patches/eigen-arm-neon-fixes.patch \ %D%/packages/patches/elfutils-tests-ptrace.patch \ - %D%/packages/patches/elixir-disable-failing-tests.patch \ %D%/packages/patches/elogind-glibc-2.27.patch \ %D%/packages/patches/einstein-build.patch \ %D%/packages/patches/emacs-browse-at-remote-cgit-gnu.patch \ -- cgit v1.2.3 From b5edc4791240d06aae07d6b8c4cb7a7b3f1937b1 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 12 Jun 2018 09:26:40 +0200 Subject: gnu: flann: Fix builds with CMake >= 3.11. * gnu/packages/patches/flann-cmake-3.11.patch: New file. * gnu/packages/maths.scm (flann)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/maths.scm | 3 +- gnu/packages/patches/flann-cmake-3.11.patch | 84 +++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/flann-cmake-3.11.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1957fb66cb..f3da9353a3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -670,6 +670,7 @@ dist_patch_DATA = \ %D%/packages/patches/file-CVE-2017-1000249.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-test-xargs.patch \ + %D%/packages/patches/flann-cmake-3.11.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index ee5be3ed5d..208a75cbcd 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -3372,7 +3372,8 @@ in finite element programs.") version "-src.zip")) (sha256 (base32 - "022w8hph7bli5zbpnk3z1qh1c2sl5hm8fw2ccim651ynn0hr7fyz")))) + "022w8hph7bli5zbpnk3z1qh1c2sl5hm8fw2ccim651ynn0hr7fyz")) + (patches (search-patches "flann-cmake-3.11.patch")))) (build-system cmake-build-system) (outputs '("out" "octave")) ;46 MiB .mex file that pulls Octave diff --git a/gnu/packages/patches/flann-cmake-3.11.patch b/gnu/packages/patches/flann-cmake-3.11.patch new file mode 100644 index 0000000000..1fb76eca0a --- /dev/null +++ b/gnu/packages/patches/flann-cmake-3.11.patch @@ -0,0 +1,84 @@ +Fixes this issue: + . +Patch from Buildroot: + . + +From fa5ec96a94646492a3f908e12905b3e48a8e800b Mon Sep 17 00:00:00 2001 +From: Romain Naour +Date: Wed, 18 Apr 2018 20:24:13 +0200 +Subject: [PATCH] src/cpp: fix cmake >= 3.11 build + +CMake < 3.11 doesn't support add_library() without any source file +(i.e add_library(foo SHARED)). But flann CMake use a trick that use +an empty string "" as source list (i.e add_library(foo SHARED "")). +This look like a bug in CMake < 3.11. + +With CMake >= 3.11, the new behaviour of add_library() break the +existing flann CMake code. + +From CMake Changelog [1]: +"add_library() and add_executable() commands can now be called without + any sources and will not complain as long as sources are added later + via the target_sources() command." + +Note: flann CMake code doesn't use target_sources() since no source file +are provided intentionally since the flann shared library is created by +linking with the flann_cpp_s static library with this line: + +target_link_libraries(flann_cpp -Wl,-whole-archive flann_cpp_s -Wl,-no-whole-archive) + +If you try to use "add_library(flann_cpp SHARED ${CPP_SOURCES})" (as it should +be normally done), the link fail due to already defined symbol. + +They are building the shared version using the static library "to speedup the +build time" [3] + +This issue is already reported upstream [2] with a proposed solution. + +Upstream status: Pending + +Fixes: +http://autobuild.buildroot.net/results/b2f/b2febfaf8c44ce477b3e4a5b9b976fd25e8d7454 + +[1] https://cmake.org/cmake/help/v3.11/release/3.11.html +[2] https://github.com/mariusmuja/flann/issues/369 +[3] https://github.com/mariusmuja/flann/commit/0fd62b43be2fbb0b8d791ee36290791224dc030c + +Signed-off-by: Romain Naour +--- + src/cpp/CMakeLists.txt | 4 ++-- + src/cpp/empty.cpp | 1 + + 2 files changed, 3 insertions(+), 2 deletions(-) + create mode 100644 src/cpp/empty.cpp + +diff --git a/src/cpp/CMakeLists.txt b/src/cpp/CMakeLists.txt +index b44a735..a816863 100644 +--- a/src/cpp/CMakeLists.txt ++++ b/src/cpp/CMakeLists.txt +@@ -29,7 +29,7 @@ if (BUILD_CUDA_LIB) + endif() + + if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_COMPILER_IS_GNUCC) +- add_library(flann_cpp SHARED "") ++ add_library(flann_cpp SHARED "empty.cpp") + set_target_properties(flann_cpp PROPERTIES LINKER_LANGUAGE CXX) + target_link_libraries(flann_cpp -Wl,-whole-archive flann_cpp_s -Wl,-no-whole-archive) + +@@ -85,7 +85,7 @@ if (BUILD_C_BINDINGS) + set_property(TARGET flann_s PROPERTY COMPILE_DEFINITIONS FLANN_STATIC) + + if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_COMPILER_IS_GNUCC) +- add_library(flann SHARED "") ++ add_library(flann SHARED "empty.cpp") + set_target_properties(flann PROPERTIES LINKER_LANGUAGE CXX) + target_link_libraries(flann -Wl,-whole-archive flann_s -Wl,-no-whole-archive) + else() +diff --git a/src/cpp/empty.cpp b/src/cpp/empty.cpp +new file mode 100644 +index 0000000..40a8c17 +--- /dev/null ++++ b/src/cpp/empty.cpp +@@ -0,0 +1 @@ ++/* empty */ +-- +2.14.3 -- cgit v1.2.3 From ab6f400531f735c867cb85021790b487fad235f9 Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Thu, 14 Jun 2018 17:12:14 +0200 Subject: gnu: password-store: Update to 1.7.2. * gnu/packages/password-utils.scm (password-store): Update to 1.7.2. [source]: Remove 'password-store-gnupg-compat.patch'. * gnu/packages/patches/password-store-gnupg-compat.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/password-utils.scm | 5 ++-- .../patches/password-store-gnupg-compat.patch | 28 ---------------------- 3 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/password-store-gnupg-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f3da9353a3..59e983ae58 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -983,7 +983,6 @@ dist_patch_DATA = \ %D%/packages/patches/p7zip-CVE-2016-9296.patch \ %D%/packages/patches/p7zip-CVE-2017-17969.patch \ %D%/packages/patches/p7zip-remove-unused-code.patch \ - %D%/packages/patches/password-store-gnupg-compat.patch \ %D%/packages/patches/patchelf-page-size.patch \ %D%/packages/patches/patchelf-rework-for-arm.patch \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 497963af63..9ac30420b7 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -358,7 +358,7 @@ any X11 window.") (define-public password-store (package (name "password-store") - (version "1.7.1") + (version "1.7.2") (source (origin (method url-fetch) (uri @@ -366,8 +366,7 @@ any X11 window.") name "-" version ".tar.xz")) (sha256 (base32 - "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn")) - (patches (search-patches "password-store-gnupg-compat.patch")))) + "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27")))) (build-system gnu-build-system) (arguments '(#:phases diff --git a/gnu/packages/patches/password-store-gnupg-compat.patch b/gnu/packages/patches/password-store-gnupg-compat.patch deleted file mode 100644 index 75c6362021..0000000000 --- a/gnu/packages/patches/password-store-gnupg-compat.patch +++ /dev/null @@ -1,28 +0,0 @@ -Copied from upstream mailing list: -https://lists.zx2c4.com/pipermail/password-store/2018-February/003216.html. - -From 9b0c86159d754cc88dd3642564eed527153dfb7f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= -Date: Sat, 24 Feb 2018 12:05:46 +0100 -Subject: [PATCH] tests: fix compatibility with GnuPG 2.2.5 - ---- - tests/t0300-reencryption.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh -index 6d5811d..6d15364 100755 ---- a/tests/t0300-reencryption.sh -+++ b/tests/t0300-reencryption.sh -@@ -10,7 +10,7 @@ canonicalize_gpg_keys() { - $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u - } - gpg_keys_from_encrypted_file() { -- $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u -+ $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u - } - gpg_keys_from_group() { - local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" --- -2.16.2 - -- cgit v1.2.3 From 1ba7a62362d332f1c059222ce177217860e5437d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 14 Jun 2018 16:42:05 +0200 Subject: gnu: python-nose-timer: Update to 0.7.2. * gnu/packages/check.scm (python-nose-timer): Update to 0.7.2. [source]: Remove patch... * gnu/packages/patches/python-nose-timer-drop-ordereddict.patch: ...delete file... * gnu/local.mk (dist_patch_DATA): ...and remove it. --- gnu/local.mk | 1 - gnu/packages/check.scm | 9 +---- .../python-nose-timer-drop-ordereddict.patch | 44 ---------------------- 3 files changed, 2 insertions(+), 52 deletions(-) delete mode 100644 gnu/packages/patches/python-nose-timer-drop-ordereddict.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 59e983ae58..bfe8a9ee7e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1050,7 +1050,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \ %D%/packages/patches/python-networkx2-reproducible-build.patch \ - %D%/packages/patches/python-nose-timer-drop-ordereddict.patch \ %D%/packages/patches/python-pillow-fix-failing-tests.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-scikit-learn-fix-test-non-determinism.patch \ diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 3e959bde92..44e38c55c8 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -1902,19 +1902,14 @@ create data based on random numbers and yet remain repeatable.") (define-public python-nose-timer (package (name "python-nose-timer") - (version "0.7.0") + (version "0.7.2") (source (origin (method url-fetch) (uri (pypi-uri "nose-timer" version)) - (patches - (search-patches - ;; This patch will not be needed in the next version. - ;; It is taken from the master branch. - "python-nose-timer-drop-ordereddict.patch")) (sha256 (base32 - "1s32ymsnby8lz2qk55ifj9zi50dqcg6swnj5cz2rmwxg2jsslsxp")))) + "0ywg223p528014z5s0vzck74r4xyw3kvcp2casfnc85dkvir1zj7")))) (build-system python-build-system) (propagated-inputs `(("python-nose" ,python-nose) diff --git a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch deleted file mode 100644 index e1e71a332a..0000000000 --- a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 700076019b5aff72aac7651cc830aaef21ee9a47 Mon Sep 17 00:00:00 2001 -From: jakirkham -Date: Fri, 7 Jul 2017 05:57:56 -0400 -Subject: [PATCH] Drop ordereddict requirement (#84) - -* Drop ordereddict requirement - -As Python 2.7 is the minimum Python supported, every version of Python -should have `ordereddict` preincluded in the standard library one way or -another. So we can drop this dependency and just handle the differences -between Python 2 and Python 3. ---- - nosetimer/plugin.py | 5 +---- - setup.py | 1 - - 2 files changed, 1 insertion(+), 5 deletions(-) - -diff --git a/nosetimer/plugin.py b/nosetimer/plugin.py -index ef28e11..d093a51 100644 ---- a/nosetimer/plugin.py -+++ b/nosetimer/plugin.py -@@ -12,10 +12,7 @@ - except ImportError: - import queue as Queue - --try: -- from collections import OrderedDict --except ImportError: -- from ordereddict import OrderedDict -+from collections import OrderedDict - - - # define constants -diff --git a/setup.py b/setup.py -index 6a55b82..d249325 100755 ---- a/setup.py -+++ b/setup.py -@@ -27,7 +27,6 @@ - install_requires=[ - 'nose', - 'termcolor', -- 'ordereddict', - ], - license='MIT', - entry_points={ -- cgit v1.2.3 From b6c675c693d21345f4b0589563f914c79f957846 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 14 Jun 2018 15:34:47 -0400 Subject: gnu: GnuPG 1.4: Update to 1.4.23. * gnu/packages/gnupg.scm (gnupg-1): Update to 1.4.23. [source]: Remove patch. * gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gnupg.scm | 5 +-- .../patches/gnupg-1.4-CVE-2018-12020.patch | 50 ---------------------- 3 files changed, 2 insertions(+), 54 deletions(-) delete mode 100644 gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index bfe8a9ee7e..01e0718723 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -744,7 +744,6 @@ dist_patch_DATA = \ %D%/packages/patches/gnome-todo-libical-compat.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ - %D%/packages/patches/gnupg-1.4-CVE-2018-12020.patch \ %D%/packages/patches/gnutls-skip-trust-store-test.patch \ %D%/packages/patches/gnutls-skip-pkgconfig-test.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 6a0defb46f..da0c33565a 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -363,15 +363,14 @@ libskba (working with X.509 certificates and CMS data).") (define-public gnupg-1 (package (inherit gnupg) - (version "1.4.22") + (version "1.4.23") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) - (patches (search-patches "gnupg-1.4-CVE-2018-12020.patch")) (sha256 (base32 - "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m")))) + "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9")))) (native-inputs '()) (inputs `(("zlib" ,zlib) diff --git a/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch b/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch deleted file mode 100644 index 306d4d348b..0000000000 --- a/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2018-12020: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 -https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html - -Patch copied from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac - -From 2326851c60793653069494379b16d84e4c10a0ac Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Fri, 8 Jun 2018 10:45:21 +0200 -Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. - -* g10/mainproc.c (proc_plaintext): Sanitize verbose output. --- - -This fixes a forgotten sanitation of user supplied data in a verbose -mode diagnostic. The mention CVE is about using this to inject -status-fd lines into the stderr output. Other harm good as well be -done. Note that GPGME based applications are not affected because -GPGME does not fold status output into stderr. - -CVE-id: CVE-2018-12020 -GnuPG-bug-id: 4012 -(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b) ---- - g10/mainproc.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/g10/mainproc.c b/g10/mainproc.c -index 33a654b34..ffa7ef6d8 100644 ---- a/g10/mainproc.c -+++ b/g10/mainproc.c -@@ -638,7 +638,11 @@ proc_plaintext( CTX c, PACKET *pkt ) - if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) - log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); - else if( opt.verbose ) -- log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name); -+ { -+ char *tmp = make_printable_string (pt->name, pt->namelen, 0); -+ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp); -+ xfree (tmp); -+ } - free_md_filter_context( &c->mfx ); - c->mfx.md = md_open( 0, 0); - /* fixme: we may need to push the textfilter if we have sigclass 1 --- -2.17.1 - -- cgit v1.2.3 From 12e530ba63ad848d3d3194f09e8b54b693d74896 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 14 Jun 2018 16:49:21 -0400 Subject: gnu: BIND: Fix CVE-2018-5738. * gnu/packages/patches/bind-CVE-2018-5738.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/dns.scm (isc-bind)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/dns.scm | 2 + gnu/packages/patches/bind-CVE-2018-5738.patch | 100 ++++++++++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100644 gnu/packages/patches/bind-CVE-2018-5738.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 01e0718723..4d2cefdbde 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -581,6 +581,7 @@ dist_patch_DATA = \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ + %D%/packages/patches/bind-CVE-2018-5738.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 0b8d8be574..4fce4b34ba 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -50,6 +50,7 @@ #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xml) + #:use-module (gnu packages) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) @@ -104,6 +105,7 @@ and BOOTP/TFTP for network booting of diskless machines.") (uri (string-append "ftp://ftp.isc.org/isc/bind9/" version "/" name "-" version ".tar.gz")) + (patches (search-patches "bind-CVE-2018-5738.patch")) (sha256 (base32 "0a9dvyg1dk7vpqn9gz7p5jas3bz7z22bjd66b98g1qk16i2w7rqd")))) diff --git a/gnu/packages/patches/bind-CVE-2018-5738.patch b/gnu/packages/patches/bind-CVE-2018-5738.patch new file mode 100644 index 0000000000..ddef014651 --- /dev/null +++ b/gnu/packages/patches/bind-CVE-2018-5738.patch @@ -0,0 +1,100 @@ +Fix CVE-2018-5738: + +https://kb.isc.org/article/AA-01616/0/CVE-2018-5738 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738 + +diff --git a/bin/named/server.c b/bin/named/server.c +index f63554e..847c4ff 100644 +--- a/bin/named/server.c ++++ b/bin/named/server.c +@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + CHECKM(named_config_getport(config, &port), "port"); + dns_view_setdstport(view, port); + +- CHECK(configure_view_acl(vconfig, config, named_g_config, +- "allow-query", NULL, actx, +- named_g_mctx, &view->queryacl)); +- + /* + * Make the list of response policy zone names for a view that + * is used for real lookups and so cares about hints. +@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + "allow-query-cache-on", NULL, actx, + named_g_mctx, &view->cacheonacl)); + /* +- * Set "allow-query-cache", "allow-recursion", and +- * "allow-recursion-on" acls if configured in named.conf. +- * (Ignore the global defaults for now, because these ACLs +- * can inherit from each other when only some of them set at +- * the options/view level.) ++ * Set the "allow-query", "allow-query-cache", "allow-recursion", ++ * and "allow-recursion-on" ACLs if configured in named.conf, but ++ * NOT from the global defaults. This is done by leaving the third ++ * argument to configure_view_acl() NULL. ++ * ++ * We ignore the global defaults here because these ACLs ++ * can inherit from each other. If any are still unset after ++ * applying the inheritance rules, we'll look up the defaults at ++ * that time. + */ +- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", +- NULL, actx, named_g_mctx, &view->cacheacl)); ++ ++ /* named.conf only */ ++ CHECK(configure_view_acl(vconfig, config, NULL, ++ "allow-query", NULL, actx, ++ named_g_mctx, &view->queryacl)); ++ ++ /* named.conf only */ ++ CHECK(configure_view_acl(vconfig, config, NULL, ++ "allow-query-cache", NULL, actx, ++ named_g_mctx, &view->cacheacl)); + + if (strcmp(view->name, "_bind") != 0 && + view->rdclass != dns_rdataclass_chaos) + { ++ /* named.conf only */ + CHECK(configure_view_acl(vconfig, config, NULL, + "allow-recursion", NULL, actx, + named_g_mctx, &view->recursionacl)); ++ /* named.conf only */ + CHECK(configure_view_acl(vconfig, config, NULL, + "allow-recursion-on", NULL, actx, + named_g_mctx, &view->recursiononacl)); +@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + * the global config. + */ + if (view->recursionacl == NULL) { ++ /* global default only */ + CHECK(configure_view_acl(NULL, NULL, named_g_config, + "allow-recursion", NULL, + actx, named_g_mctx, + &view->recursionacl)); + } + if (view->recursiononacl == NULL) { ++ /* global default only */ + CHECK(configure_view_acl(NULL, NULL, named_g_config, + "allow-recursion-on", NULL, + actx, named_g_mctx, + &view->recursiononacl)); + } + if (view->cacheacl == NULL) { ++ /* global default only */ + CHECK(configure_view_acl(NULL, NULL, named_g_config, + "allow-query-cache", NULL, + actx, named_g_mctx, +@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, + CHECK(dns_acl_none(mctx, &view->cacheacl)); + } + ++ if (view->queryacl == NULL) { ++ /* global default only */ ++ CHECK(configure_view_acl(NULL, NULL, named_g_config, ++ "allow-query", NULL, ++ actx, named_g_mctx, ++ &view->queryacl)); ++ } ++ + /* + * Ignore case when compressing responses to the specified + * clients. This causes case not always to be preserved, -- cgit v1.2.3 From cdbcfc113bfc02e58bdf6ec42c545c479681602f Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 6 Jun 2018 17:19:18 +0200 Subject: gnu: linux-libre: Fix build on AArch64. * gnu/packages/patches/binutils-aarch64-symbol-relocation.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/base.scm (binutils/fixed): New public variable. * gnu/packages/linux.scm (make-linux-libre)[native-inputs]: On aarch64, define new ld-wrapper with the above binutils and use it. --- gnu/local.mk | 1 + gnu/packages/base.scm | 11 +++++++ gnu/packages/linux.scm | 6 ++++ .../binutils-aarch64-symbol-relocation.patch | 36 ++++++++++++++++++++++ 4 files changed, 54 insertions(+) create mode 100644 gnu/packages/patches/binutils-aarch64-symbol-relocation.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4d2cefdbde..d02f07031f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -582,6 +582,7 @@ dist_patch_DATA = \ %D%/packages/patches/bash-completion-directories.patch \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bind-CVE-2018-5738.patch \ + %D%/packages/patches/binutils-aarch64-symbol-relocation.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 6d9f019857..fef6002b3c 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -480,6 +480,17 @@ included.") (license gpl3+) (home-page "https://www.gnu.org/software/binutils/"))) +(define-public binutils/fixed + ;; TODO: Incorporate this in binutils during the next rebuild cycle. + (hidden-package + (package + (inherit binutils) + (source (origin + (inherit (package-source binutils)) + (patches (append (origin-patches (package-source binutils)) + (search-patches + "binutils-aarch64-symbol-relocation.patch")))))))) + (define* (make-ld-wrapper name #:key (target (const #f)) binutils diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 9938af99b8..4ed418d6a9 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -295,6 +295,12 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (or (%current-target-system) (%current-system))) ((or "x86_64" "i386") `(("gcc" ,gcc-7))) + ("arm64" + ;; Work around a binutils 2.30 bug where some kernel symbols would + ;; be incorrectly marked as relocatable: + ;; . + `(("ld-wrapper" ,(make-ld-wrapper "ld-wrapper" + #:binutils binutils/fixed)))) (_ '())) ,@(match (and configuration-file diff --git a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch new file mode 100644 index 0000000000..fbd596862b --- /dev/null +++ b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch @@ -0,0 +1,36 @@ +Fix a regression in Binutils 2.30 where some symbols are incorrectly assumed +to be addresses: + +https://sourceware.org/bugzilla/show_bug.cgi?id=22764 + +Patch taken from upstream (with ChangeLog entries and tests omitted): + +https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=279b2f94168ee91e02ccd070d27c983fc001fe12 + +diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c +index af448f9..2737773 100644 +--- a/bfd/elfnn-aarch64.c ++++ b/bfd/elfnn-aarch64.c +@@ -7189,10 +7189,19 @@ elfNN_aarch64_check_relocs (bfd *abfd, struct bfd_link_info *info, + #if ARCH_SIZE == 64 + case BFD_RELOC_AARCH64_32: + #endif +- if (bfd_link_pic (info) +- && (sec->flags & SEC_ALLOC) != 0 +- && (sec->flags & SEC_READONLY) != 0) ++ if (bfd_link_pic (info) && (sec->flags & SEC_ALLOC) != 0) + { ++ if (h != NULL ++ /* This is an absolute symbol. It represents a value instead ++ of an address. */ ++ && ((h->root.type == bfd_link_hash_defined ++ && bfd_is_abs_section (h->root.u.def.section)) ++ /* This is an undefined symbol. */ ++ || h->root.type == bfd_link_hash_undefined)) ++ break; ++ ++ /* For local symbols, defined global symbols in a non-ABS section, ++ it is assumed that the value is an address. */ + int howto_index = bfd_r_type - BFD_RELOC_AARCH64_RELOC_START; + _bfd_error_handler + /* xgettext:c-format */ -- cgit v1.2.3 From 406c83f78d4c7851743bb0f82a9de02c8afa63f3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 12 Jun 2018 11:24:29 +0200 Subject: gnu: perl: Fix CVE-2018-12015. * gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/perl.scm (perl-5.26.2)[source](patches): Use it. --- gnu/local.mk | 1 + .../patches/perl-archive-tar-CVE-2018-12015.patch | 36 ++++++++++++++++++++++ gnu/packages/perl.scm | 2 ++ 3 files changed, 39 insertions(+) create mode 100644 gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d02f07031f..a1bebe0dfa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -989,6 +989,7 @@ dist_patch_DATA = \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ %D%/packages/patches/perf-gcc-ice.patch \ + %D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ diff --git a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch new file mode 100644 index 0000000000..6460cf5855 --- /dev/null +++ b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch @@ -0,0 +1,36 @@ +Fix CVE-2018-12015: + +https://security-tracker.debian.org/tracker/CVE-2018-12015 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015 +https://rt.cpan.org/Ticket/Display.html?id=125523 + +Patch taken from this upstream commit and adapted to apply to +the bundled copy in the Perl distribution: + +https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5 + +diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm +index 6244369..a83975f 100644 +--- a/cpan/Archive-Tar/lib/Archive/Tar.pm ++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm +@@ -845,6 +845,20 @@ sub _extract_file { + return; + } + ++ ### If a file system already contains a block device with the same name as ++ ### the being extracted regular file, we would write the file's content ++ ### to the block device. So remove the existing file (block device) now. ++ ### If an archive contains multiple same-named entries, the last one ++ ### should replace the previous ones. So remove the old file now. ++ ### If the old entry is a symlink to a file outside of the CWD, the new ++ ### entry would create a file there. This is CVE-2018-12015 ++ ### . ++ if (-l $full || -e _) { ++ if (!unlink $full) { ++ $self->_error( qq[Could not remove old file '$full': $!] ); ++ return; ++ } ++ } + if( length $entry->type && $entry->is_file ) { + my $fh = IO::File->new; + $fh->open( $full, '>' ) or ( diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 2d2bb62a78..93b1a3f672 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -170,6 +170,8 @@ (inherit (package-source perl)) (uri (string-append "mirror://cpan/src/5.0/perl-" version ".tar.gz")) + (patches (append (origin-patches (package-source perl)) + (search-patches "perl-archive-tar-CVE-2018-12015.patch"))) (sha256 (base32 "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))))) -- cgit v1.2.3 From ed2ae0dc7f44d884ed1329cba457f5479cafd2ba Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 16 Jun 2018 18:54:14 +0200 Subject: gnu: strace: Update to 4.23. * gnu/packages/linux.scm (strace): Update to 4.23. [source]: Remove obsolete patch. * gnu/packages/patches/strace-kernel-4.16.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/linux.scm | 5 +- gnu/packages/patches/strace-kernel-4.16.patch | 92 --------------------------- 3 files changed, 2 insertions(+), 96 deletions(-) delete mode 100644 gnu/packages/patches/strace-kernel-4.16.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a1bebe0dfa..3aad334a11 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1112,7 +1112,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-login.patch \ %D%/packages/patches/sooperlooper-build-with-wx-30.patch \ %D%/packages/patches/steghide-fixes.patch \ - %D%/packages/patches/strace-kernel-4.16.patch \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4ed418d6a9..60cd80ec04 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -920,16 +920,15 @@ Zerofree requires the file system to be unmounted or mounted read-only.") (define-public strace (package (name "strace") - (version "4.22") + (version "4.23") (home-page "https://strace.io") (source (origin (method url-fetch) (uri (string-append home-page "/files/" version "/strace-" version ".tar.xz")) - (patches (search-patches "strace-kernel-4.16.patch")) (sha256 (base32 - "17dkpnsjxmys1ydidm9wcvc3wscsz44fmlxw3dclspn9cj9d1306")))) + "1bcsq2gbpcb81ayryvn56a6kjx42fc21la6qgds35n0xbybacq3q")))) (build-system gnu-build-system) (arguments '(#:phases diff --git a/gnu/packages/patches/strace-kernel-4.16.patch b/gnu/packages/patches/strace-kernel-4.16.patch deleted file mode 100644 index e86d3be439..0000000000 --- a/gnu/packages/patches/strace-kernel-4.16.patch +++ /dev/null @@ -1,92 +0,0 @@ -Fix test failure when using Linux-Libre >= 4.16. - -Taken from upstream: -https://github.com/strace/strace/commit/bcff87c31c0f27c678a43d6b7f67dab363a974fa - -From bcff87c31c0f27c678a43d6b7f67dab363a974fa Mon Sep 17 00:00:00 2001 -From: Masatake YAMATO -Date: Wed, 2 May 2018 17:11:07 +0900 -Subject: [PATCH] tests/ioctl_kvm_run.c: handle cpuid at the end of vcpu dentry - -Since Linux 4.16, kernel appends the cpuid as suffix to the entry -for a kvm vcpu in /proc/$pid/fd like: - - anon_inode:kvm-vcpu:0 - -That was - - anon_inode:kvm-vcpu - -This kernel change causes the test case failure on newer kernels. -Update the test to deal with the new name as well as the old one. - -* tests/ioctl_kvm_run.c: Include unistd.h for using readlink(2). -(vcpu_dev_should_have_cpuid): New function for detecting whether -a proc entry for given fd has the cpuid suffix or not. -(main): Trim vcpu_dev to remove the cpuid suffix if needed. -(vcpu_dev): Remove const modifier. ---- - tests/ioctl_kvm_run.c | 29 ++++++++++++++++++++++++++++- - 1 file changed, 28 insertions(+), 1 deletion(-) - -diff --git a/tests/ioctl_kvm_run.c b/tests/ioctl_kvm_run.c -index 179461430..e1bef5796 100644 ---- a/tests/ioctl_kvm_run.c -+++ b/tests/ioctl_kvm_run.c -@@ -40,6 +40,7 @@ - # include - # include - # include -+# include - # include - - static int -@@ -56,7 +57,7 @@ kvm_ioctl(int fd, unsigned long cmd, const char *cmd_str, void *arg) - - static const char dev[] = "/dev/kvm"; - static const char vm_dev[] = "anon_inode:kvm-vm"; --static const char vcpu_dev[] = "anon_inode:kvm-vcpu"; -+static char vcpu_dev[] = "anon_inode:kvm-vcpu:0"; - static size_t page_size; - - extern const char code[]; -@@ -165,6 +166,23 @@ run_kvm(const int vcpu_fd, struct kvm_run *const run, const size_t mmap_size, - } - } - -+static int -+vcpu_dev_should_have_cpuid(int fd) -+{ -+ int r = 0; -+ char *filename = NULL; -+ char buf[sizeof(vcpu_dev)]; -+ -+ if (asprintf(&filename, "/proc/%d/fd/%d", getpid(), fd) < 0) -+ error_msg_and_fail("asprintf"); -+ -+ if (readlink(filename, buf, sizeof(buf)) == sizeof(buf) - 1 -+ && (memcmp(buf, vcpu_dev, sizeof(buf) - 1) == 0)) -+ r = 1; -+ free(filename); -+ return r; -+} -+ - int - main(void) - { -@@ -208,6 +226,15 @@ main(void) - (unsigned long) page_size, (unsigned long) page_size, mem); - - int vcpu_fd = KVM_IOCTL(vm_fd, KVM_CREATE_VCPU, NULL); -+ if (!vcpu_dev_should_have_cpuid(vcpu_fd)) -+ /* -+ * This is an older kernel that doesn't place a cpuid -+ * at the end of the dentry associated with vcpu_fd. -+ * Trim the cpuid part of vcpu_dev like: -+ * "anon_inode:kvm-vcpu:0" -> "anon_inode:kvm-vcpu" -+ */ -+ vcpu_dev[strlen (vcpu_dev) - 2] = '\0'; -+ - printf("ioctl(%d<%s>, KVM_CREATE_VCPU, 0) = %d<%s>\n", - vm_fd, vm_dev, vcpu_fd, vcpu_dev); - -- cgit v1.2.3 From a14de83213a8d4fe6befced5a3dcf05e40fe4513 Mon Sep 17 00:00:00 2001 From: Pierre Neidhardt Date: Sat, 16 Jun 2018 16:54:53 +0200 Subject: gnu: upx: Fix CVE-2017-15056. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/upx-protect-against-bad-crafted-input.patch: New file. * gnu/packages/compression.scm (upx)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/compression.scm | 8 +- gnu/packages/patches/upx-fix-CVE-2017-15056.patch | 96 +++++++++++++++++++++++ 3 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/upx-fix-CVE-2017-15056.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3aad334a11..2856186595 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1157,6 +1157,7 @@ dist_patch_DATA = \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ + %D%/packages/patches/upx-fix-CVE-2017-15056.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ %D%/packages/patches/valgrind-glibc-compat.patch \ %D%/packages/patches/vinagre-revert-1.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 8f062049a6..9cb0917dae 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -2209,7 +2209,8 @@ decompression is a little bit slower.") version "/" name "-" version "-src.tar.xz")) (sha256 (base32 - "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1")))) + "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1")) + (patches (search-patches "upx-fix-CVE-2017-15056.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) ("ucl" ,ucl))) @@ -2241,6 +2242,11 @@ decompression is a little bit slower.") #t)) ))) (home-page "https://upx.github.io/") + ;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix. + ;; See https://github.com/upx/upx/issues/146 and + ;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869. + ;; The issue will be fixed after version 3.94. + (properties `((lint-hidden-cve . ("CVE-2017-16869")))) (synopsis "Compression tool for executables") (description "The Ultimate Packer for eXecutables (UPX) is an executable file diff --git a/gnu/packages/patches/upx-fix-CVE-2017-15056.patch b/gnu/packages/patches/upx-fix-CVE-2017-15056.patch new file mode 100644 index 0000000000..525980e73e --- /dev/null +++ b/gnu/packages/patches/upx-fix-CVE-2017-15056.patch @@ -0,0 +1,96 @@ +From 3e0c2966dffb5dadb512a476ef4be3d0cc51c2be Mon Sep 17 00:00:00 2001 +From: Pierre Neidhardt +Date: Sat, 16 Jun 2018 16:35:00 +0200 +Subject: [PATCH] Protect against bad crafted input + +Also check for wrap-around when checking oversize involving e_shoff and e_shnum. + +raised by https://github.com/upx/upx/pull/190 + modified: p_lx_elf.cpp +--- + src/p_lx_elf.cpp | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp +index 822a7652..41e805ee 100644 +--- a/src/p_lx_elf.cpp ++++ b/src/p_lx_elf.cpp +@@ -235,8 +235,17 @@ PackLinuxElf32::PackLinuxElf32help1(InputFile *f) + sz_phdrs = 0; + return; + } ++ if (0==e_phnum) throwCantUnpack("0==e_phnum"); + e_phoff = get_te32(&ehdri.e_phoff); ++ unsigned const last_Phdr = e_phoff + e_phnum * sizeof(Elf32_Phdr); ++ if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) { ++ throwCantUnpack("bad e_phoff"); ++ } + e_shoff = get_te32(&ehdri.e_shoff); ++ unsigned const last_Shdr = e_shoff + e_shnum * sizeof(Elf32_Shdr); ++ if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) { ++ throwCantUnpack("bad e_shoff"); ++ } + sz_phdrs = e_phnum * e_phentsize; + + if (f && Elf32_Ehdr::ET_DYN!=e_type) { +@@ -599,8 +608,17 @@ PackLinuxElf64::PackLinuxElf64help1(InputFile *f) + sz_phdrs = 0; + return; + } ++ if (0==e_phnum) throwCantUnpack("0==e_phnum"); + e_phoff = get_te64(&ehdri.e_phoff); ++ upx_uint64_t const last_Phdr = e_phoff + e_phnum * sizeof(Elf64_Phdr); ++ if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) { ++ throwCantUnpack("bad e_phoff"); ++ } + e_shoff = get_te64(&ehdri.e_shoff); ++ upx_uint64_t const last_Shdr = e_shoff + e_shnum * sizeof(Elf64_Shdr); ++ if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) { ++ throwCantUnpack("bad e_shoff"); ++ } + sz_phdrs = e_phnum * e_phentsize; + + if (f && Elf64_Ehdr::ET_DYN!=e_type) { +@@ -3763,6 +3781,9 @@ void PackLinuxElf64::pack4(OutputFile *fo, Filter &ft) + + void PackLinuxElf64::unpack(OutputFile *fo) + { ++ if (e_phoff != sizeof(Elf64_Ehdr)) {// Phdrs not contiguous with Ehdr ++ throwCantUnpack("bad e_phoff"); ++ } + unsigned const c_phnum = get_te16(&ehdri.e_phnum); + upx_uint64_t old_data_off = 0; + upx_uint64_t old_data_len = 0; +@@ -3828,6 +3849,9 @@ void PackLinuxElf64::unpack(OutputFile *fo) + unsigned total_out = 0; + unsigned c_adler = upx_adler32(NULL, 0); + unsigned u_adler = upx_adler32(NULL, 0); ++ if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) { ++ throwCantUnpack("bad compressed e_phnum"); ++ } + + // Packed ET_EXE has no PT_DYNAMIC. + // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld. +@@ -4383,6 +4407,9 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const + + void PackLinuxElf32::unpack(OutputFile *fo) + { ++ if (e_phoff != sizeof(Elf32_Ehdr)) {// Phdrs not contiguous with Ehdr ++ throwCantUnpack("bad e_phoff"); ++ } + unsigned const c_phnum = get_te16(&ehdri.e_phnum); + unsigned old_data_off = 0; + unsigned old_data_len = 0; +@@ -4449,6 +4476,9 @@ void PackLinuxElf32::unpack(OutputFile *fo) + unsigned total_out = 0; + unsigned c_adler = upx_adler32(NULL, 0); + unsigned u_adler = upx_adler32(NULL, 0); ++ if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) { ++ throwCantUnpack("bad compressed e_phnum"); ++ } + + // Packed ET_EXE has no PT_DYNAMIC. + // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld. +-- +2.17.0 + -- cgit v1.2.3