diff --git a/Fix-error-of-parsing-object-file-perms.patch b/Fix-error-of-parsing-object-file-perms.patch deleted file mode 100644 index cf487ab..0000000 --- a/Fix-error-of-parsing-object-file-perms.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9e18fcfeb2c8ff471c11da58b05215e219be20fd Mon Sep 17 00:00:00 2001 -From: yixiangzhike -Date: Tue, 16 Aug 2022 09:49:35 +0800 -Subject: [PATCH] fix error of parsing object file perms - ---- - libelf/elf_begin.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 17d9b1f..581d8ef 100644 ---- a/libelf/elf_begin.c -+++ b/libelf/elf_begin.c -@@ -997,10 +997,28 @@ __libelf_next_arhdr_wrlock (Elf *elf) - } \ - while (0) - -+#define INT_FIELD_HN(FIELD, HN) \ -+ do \ -+ { \ -+ char buf[sizeof (ar_hdr->FIELD) + 1]; \ -+ const char *string = ar_hdr->FIELD; \ -+ if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ') \ -+ { \ -+ *((char *) mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD))) \ -+ = '\0'; \ -+ string = buf; \ -+ } \ -+ if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int)) \ -+ elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) strtol (string, NULL, HN); \ -+ else \ -+ elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) strtoll (string, NULL, HN); \ -+ } \ -+ while (0) -+ - INT_FIELD (ar_date); - INT_FIELD (ar_uid); - INT_FIELD (ar_gid); -- INT_FIELD (ar_mode); -+ INT_FIELD_HN (ar_mode, 8); - INT_FIELD (ar_size); - - if (elf_ar_hdr->ar_size < 0) --- -2.27.0 - diff --git a/Fix-segfault-in-eu-ar-m.patch b/Fix-segfault-in-eu-ar-m.patch new file mode 100644 index 0000000..9667644 --- /dev/null +++ b/Fix-segfault-in-eu-ar-m.patch @@ -0,0 +1,34 @@ +From 7170b990d3dc3974b8e670b3c0e4ca6dcc20c853 Mon Sep 17 00:00:00 2001 +From: xiezhipeng +Date: Wed, 8 Dec 2021 09:47:36 +0800 +Subject: [PATCH] fix segfault in eu-ar -m + +Fix segfaultineu-ar-m. + +--- + src/ar.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/ar.c b/src/ar.c +index ab6098f..ed5fe2f 100644 +--- a/src/ar.c ++++ b/src/ar.c +@@ -1159,6 +1159,7 @@ do_oper_insert (int oper, const char *arfname, char **argv, int argc, + goto next; + + struct armem *newp = alloca (sizeof (struct armem)); ++ memset (newp, '\0', sizeof(struct armem)); + newp->old_off = elf_getaroff (subelf); + newp->size = arhdr->ar_size; + newp->sec = arhdr->ar_date; +@@ -1251,6 +1252,7 @@ do_oper_insert (int oper, const char *arfname, char **argv, int argc, + if (found[cnt] == NULL) + { + found[cnt] = alloca (sizeof (struct armem)); ++ memset (found[cnt], '\0', sizeof(struct armem)); + found[cnt]->old_off = -1; + + remember_long_name (found[cnt], bname, bnamelen); +-- +2.27.0 + diff --git a/backport-libelf-Correctly-decode-ar_mode-as-octal-string.patch b/backport-libelf-Correctly-decode-ar_mode-as-octal-string.patch new file mode 100644 index 0000000..6f2513d --- /dev/null +++ b/backport-libelf-Correctly-decode-ar_mode-as-octal-string.patch @@ -0,0 +1,64 @@ +From ee188125b10d1588a0536af033d7b7b1bbbaafaf Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Sun, 28 Aug 2022 19:51:13 +0200 +Subject: [PATCH] libelf: Correctly decode ar_mode as octal string + +ar_mode is encoded as an octal ascii string, not decimal. Add a new +OCT_FIELD macro to decode it. + +https://sourceware.org/bugzilla/show_bug.cgi?id=28729 + +Signed-off-by: Mark Wielaard +--- + libelf/elf_begin.c | 25 +++++++++++++++++++++++-- + 1 files changed, 23 insertions(+), 2 deletions(-) + +diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c +index 17d9b1f3..71eb3594 100644 +--- a/libelf/elf_begin.c ++++ b/libelf/elf_begin.c +@@ -977,7 +977,8 @@ __libelf_next_arhdr_wrlock (Elf *elf) + atoll depending on the size of the types. We are also prepared + for the case where the whole field in the `struct ar_hdr' is + filled in which case we cannot simply use atol/l but instead have +- to create a temporary copy. */ ++ to create a temporary copy. Note that all fields use decimal ++ encoding, except ar_mode which uses octal. */ + + #define INT_FIELD(FIELD) \ + do \ +@@ -997,10 +998,30 @@ __libelf_next_arhdr_wrlock (Elf *elf) + } \ + while (0) + ++#define OCT_FIELD(FIELD) \ ++ do \ ++ { \ ++ char buf[sizeof (ar_hdr->FIELD) + 1]; \ ++ const char *string = ar_hdr->FIELD; \ ++ if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ') \ ++ { \ ++ *((char *) mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD))) \ ++ = '\0'; \ ++ string = buf; \ ++ } \ ++ if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int)) \ ++ elf_ar_hdr->FIELD \ ++ = (__typeof (elf_ar_hdr->FIELD)) strtol (string, NULL, 8); \ ++ else \ ++ elf_ar_hdr->FIELD \ ++ = (__typeof (elf_ar_hdr->FIELD)) strtoll (string, NULL, 8); \ ++ } \ ++ while (0) ++ + INT_FIELD (ar_date); + INT_FIELD (ar_uid); + INT_FIELD (ar_gid); +- INT_FIELD (ar_mode); ++ OCT_FIELD (ar_mode); + INT_FIELD (ar_size); + + if (elf_ar_hdr->ar_size < 0) +-- +2.27.0 + diff --git a/elfutils.spec b/elfutils.spec index 9c3cabc..e17f5e8 100644 --- a/elfutils.spec +++ b/elfutils.spec @@ -1,17 +1,18 @@ # -*- rpm-spec from http://elfutils.org/ -*- Name: elfutils Version: 0.180 -Release: 14 +Release: 15 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data URL: http://elfutils.org/ License: GPLv3+ and (GPLv2+ or LGPLv3+) Source: ftp://sourceware.org/pub/elfutils/%{version}/elfutils-%{version}.tar.bz2 Patch0: backport-elfclassify-Fix-no-stdin-flag.patch -Patch1: Fix-error-of-parsing-object-file-perms.patch +Patch1: backport-libelf-Correctly-decode-ar_mode-as-octal-string.patch Patch2: Fix-issue-of-moving-files-by-ar-or-br.patch Patch3: Get-instance-correctly-for-eu-ar-N-option.patch Patch4: backport-CVE-2021-33294-readelf-Sanity-check-verneed-and-verdef-offsets-in-h.patch +Patch5: Fix-segfault-in-eu-ar-m.patch Requires: elfutils-libelf = %{version}-%{release} Requires: elfutils-libs = %{version}-%{release} @@ -302,6 +303,10 @@ exit 0 %systemd_postun_with_restart debuginfod.service %changelog +* Fri Sep 01 2023 fuanan - 0.180-15 +- Fix segfault in eu-ar -m +- Use upstream patch for Fix error of parsing object file perms + * Wed Jul 19 2023 fuanan - 0.180-14 - Fix CVE-2021-33294