From 33c93c324195da974d1a70819674cfcf990aaaab Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Nov 06 2018 15:46:09 +0000 Subject: Add elfutils-0.174-size-rec-ar.patch CVE-2018-18520 (#1646478) --- diff --git a/elfutils-0.174-size-rec-ar.patch b/elfutils-0.174-size-rec-ar.patch new file mode 100644 index 0000000..091fa49 --- /dev/null +++ b/elfutils-0.174-size-rec-ar.patch @@ -0,0 +1,31 @@ +commit 22d2d082d57a7470fadc0eae67179553f4919209 +Author: Mark Wielaard +Date: Thu Oct 18 23:15:48 2018 +0200 + + size: Handle recursive ELF ar files. + + eu-size didn't handle an ELF ar file that contained an ar file itself + correctly. handle_ar would recursively call itself but close the ELF + file before returning. Only close the ELF file at the top-level. + + https://sourceware.org/bugzilla/show_bug.cgi?id=23787 + + Signed-off-by: Mark Wielaard + +diff --git a/src/size.c b/src/size.c +index 5ff3f2a..f01fd88 100644 +--- a/src/size.c ++++ b/src/size.c +@@ -374,8 +374,10 @@ handle_ar (int fd, Elf *elf, const char *prefix, const char *fname) + INTERNAL_ERROR (fname); + } + +- if (unlikely (elf_end (elf) != 0)) +- INTERNAL_ERROR (fname); ++ /* Only close ELF handle if this was a "top level" ar file. */ ++ if (prefix == NULL) ++ if (unlikely (elf_end (elf) != 0)) ++ INTERNAL_ERROR (fname); + + return result; + } diff --git a/elfutils.spec b/elfutils.spec index c0dbcbe..d68ab78 100644 --- a/elfutils.spec +++ b/elfutils.spec @@ -23,6 +23,7 @@ Source: %{?source_url}%{name}-%{version}.tar.bz2 Patch1: elfutils-0.173-new-notes-hack.patch Patch2: elfutils-0.174-strip-unstrip-group.patch Patch3: elfutils-0.174-libdwfl-sanity-check-core-reads.patch +Patch4: elfutils-0.174-size-rec-ar.patch Requires: elfutils-libelf%{depsuffix} = %{version}-%{release} Requires: elfutils-libs%{depsuffix} = %{version}-%{release} @@ -194,6 +195,7 @@ profiling) of processes. %patch1 -p1 -b .notes_hack %patch2 -p1 -b .strip_unstrip_group %patch3 -p1 -b .sanity_check_core_reads +%patch4 -p1 -b .size_rec_ar # In case the above patches added any new test scripts, make sure they # are executable. @@ -326,6 +328,10 @@ fi %endif %changelog +* Tue Nov 6 2018 Mark Wielaard +- Add elfutils-0.174-size-rec-ar.patch + CVE-2018-18520 (#1646478) + * Fri Nov 2 2018 Mark Wielaard - 0.174-3 - Add elfutils-0.174-libdwfl-sanity-check-core-reads.patch CVE-2018-18310 (#1642605)