From a32c7c7a7478875e7c898675b47b7e1e860b34f3 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Dec 14 2022 14:53:05 +0000 Subject: Fix CVE-2022-4285. Fix a segfault when printing ghost variable. --- diff --git a/insight-13.0-bfd-CVE-2022-4285,patch b/insight-13.0-bfd-CVE-2022-4285,patch new file mode 100644 index 0000000..40f1f84 --- /dev/null +++ b/insight-13.0-bfd-CVE-2022-4285,patch @@ -0,0 +1,17 @@ +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=bfd%2Felf.c;h=7cd7febcf954110e56bccdc8ab6e191a3fdd56c4;hp=fe00e0f91899acfa3c43e6780935604183698b2d;hb=5c831a3c7f3ca98d6aba1200353311e1a1f84c70;hpb=feab6abfe23b5b1724cb3c00059254e8f1bc5225 + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + diff --git a/insight-13.0-print-check-value.patch b/insight-13.0-print-check-value.patch new file mode 100644 index 0000000..346d396 --- /dev/null +++ b/insight-13.0-print-check-value.patch @@ -0,0 +1,20 @@ +diff -Naurp insight-13.0.50.20220502.orig/gdb/gdbtk/generic/gdbtk-varobj.c insight-13.0.50.20220502.new/gdb/gdbtk/generic/gdbtk-varobj.c +--- insight-13.0.50.20220502.orig/gdb/gdbtk/generic/gdbtk-varobj.c 2019-04-11 16:51:22.000000000 +0200 ++++ insight-13.0.50.20220502.new/gdb/gdbtk/generic/gdbtk-varobj.c 2022-12-14 15:33:47.386877390 +0100 +@@ -1,5 +1,5 @@ + /* Variable user interface layer for GDB, the GNU debugger. +- Copyright (C) 1999-2019 Free Software Foundation, Inc. ++ Copyright (C) 1999-2022 Free Software Foundation, Inc. + + This file is part of GDB. + +@@ -639,7 +639,8 @@ variable_print (Tcl_Interp *interp, int + varobj_formatted_print_options (&opts, varobj_get_display_format (var)); + opts.deref_ref = 1; + opts.raw = 0; +- common_val_print (var->value.get (), &stream, 0, &opts, current_language); ++ common_val_print_checked (var->value.get (), &stream, ++ 0, &opts, current_language); + Tcl_SetObjResult (interp, Tcl_NewStringObj (stream.data (), -1)); + ret = TCL_OK; + } diff --git a/insight.spec b/insight.spec index 977d14a..c7d157f 100644 --- a/insight.spec +++ b/insight.spec @@ -18,7 +18,7 @@ Name: insight Version: %(echo %{ver} | tr - .)%{?snap:.%{snap}} -Release: 3%{?dist} +Release: 4%{?dist} Summary: Graphical debugger based on GDB License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain and GFDL Url: https://www.sourceware.org/insight/ @@ -86,6 +86,8 @@ Patch112: gdb-libexec-add-index.patch # Additional patches. Patch201: insight-13.0-symtab_no_format_overflow.patch +Patch202: insight-13.0-bfd-CVE-2022-4285,patch +Patch203: insight-13.0-print-check-value.patch %description @@ -117,6 +119,8 @@ the latest GDB version. %patch112 -p1 %patch201 -p1 +%patch202 -p1 +%patch203 -p1 #------------------------------------------------------------------------------- @@ -312,14 +316,19 @@ ${INSTALL} -m 644 gdb/gdbtk/insight_icon.svg \ #------------------------------------------------------------------------------- %changelog +#------------------------------------------------------------------------------- + +* Wed Dec 14 2022 Patrick Monnerat 13.0.50.20220502-4 +- Patch "print-check-value" avoids segfault when printing ghost variable. +- Patch "bfd-CVE-2022-4285" fixes CVE-2022-4285. + https://bugzilla.redhat.com/show_bug.cgi?id=2152948 + * Thu Jul 21 2022 Fedora Release Engineering - 13.0.50.20220502-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint - 13.0.50.20220502-2 - Rebuilt for Python 3.11 -#------------------------------------------------------------------------------- - * Mon May 2 2022 Patrick Monnerat 13.0.50.20220502-1 - New upstream snapshot. - Disable deprecated declaration warnings/errors.