|
|
|
|
Changelog for elfutils-0.168-lp152.5.103.x86_64.rpm :
* Wed May 22 2019 Joao Moreira - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bnc#1107066) Add patch: libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bnc#1112723) Add patch: arlib-check-that-sh_entsize-isnt-zero.patch- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bnc#1033088) Add patch: elflint-check-symbol-table-data-is-big-enough-before-check.patch- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bnc#1033087) Add patch: elflint-dont-check-section-group-without-flags-word.patch- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067) Add patch: libdw-check-end-of-attributes-list-consistently.patch- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390) Add patch: libdw-readelf-make-sure-there-is-enough-data-to-read.patch- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bnc#1111973) Add patch: libdwfl-sanity-check-partial-core-file-data-reads.patch- CVE-2019-7150: dwfl_segment_report_module doesn\'t check whether the dyn data read from core file is truncated (bnc#1123685) Add patch: libdwfl-sanity-check-partial-core-file-dyn-data-read.patch- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bnc#1125007) Add patch: libebl-check-NT_PLATFORM-core-notes.patch- CVE-2017-7609: memory allocation failure in __libelf_decompress (bnc#1033086) Add patch: libelf-check-compression-before-allocate-output-buffer.patch- CVE-2018-16402: Double-free crash in nm and readelf (bnc#1107066) Add patch: libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bnc#1033084) Add patch: readelf-fix-off-by-one-sanity-check.patch- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bnc#1112726) Add patch: size-handle-recursive-elf-ar-files.patch- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085) Add patch: use-the-empty-string-for-note-names-with-zero-size.patch * Tue Sep 25 2018 jmoreiraAATTsuse.com- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bnc#1033090) Add patch: elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bnc#1033089) Add patch: elfutils-dont-trust-sh_entsize.patch * Sat Aug 26 2017 jengelhAATTinai.de- Restore obsolete on libebl. * Tue Aug 01 2017 jengelhAATTinai.de- Update package descriptions.- Rename libebl1 to libebl-plugins as these are not linked, but dlopened using their unversioned libebl_$ARCH.so name.- Have libelf1 require libebl-plugins (libebl.a, which does the dlopen call, is staticly built into libelf1). This is necessary for pahole to display its results. [boo#1049871] * Sun Jun 18 2017 schwabAATTlinux-m68k.org- ppc-machine-flags.patch: support EM_PPC machine flags- disable-tests-with-ptrace.patch: disable more tests * Sun May 28 2017 jengelhAATTinai.de- Update Git-Clone URL * Thu Apr 27 2017 mliskaAATTsuse.cz- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch unconditionally in the spec file. As we can\'t support binary diff, a newly added test-case is removed from the patch. * Tue Apr 25 2017 mliskaAATTsuse.cz- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch: fix .gnu.attributes checking on ppc64{,le}. * Fri Apr 07 2017 jengelhAATTinai.de- Add missing ldconfig calls for libasm1 * Fri Mar 31 2017 bwiedemannAATTsuse.com- make tests pass when user does not want debuginfo (boo#1031556) * Thu Mar 30 2017 rguentherAATTsuse.com- Update to version 0.168: libelf: gelf_newehdr and gelf_newehdr now return void *. libdw: dwarf.h corrected the DW_LANG_PLI constant name (was DW_LANG_PL1). readelf: Add optional --symbols[=SECTION] argument to select section name.- Includes changes from 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch and 0001-ar-Fix-GCC7-Wformat-length-issues.patch.- Remove elfutils-0.137-dwarf-header-check-fix.diff which is no longer required after a debugedit fix. * Fri Dec 09 2016 mliskaAATTsuse.cz- Add 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch: fix new warning introduced in GCC 7.- Add 0001-ar-Fix-GCC7-Wformat-length-issues.patch: fix -Wformat-length warning introduced in GCC 7. * Tue Aug 30 2016 matzAATTsuse.com- Update to version 0.167: libasm: Add eBPF disassembler for EM_BPF files. backends: Add m68k and BPF backends. ld: Removed. dwelf: Add ELF/DWARF string table creation functions. dwelf_strtab_init, dwelf_strtab_add, dwelf_strtab_add_len, dwelf_strtab_finalize, dwelf_strent_off, dwelf_strent_str and dwelf_strtab_free. Support compressed sections from binutils 2.27.- Remove patch elfutils-0.166-elfcmp-comp-gcc6.patch: included upstream. * Mon Jul 11 2016 schwabAATTsuse.de- disable-tests-with-ptrace.patch: disable tests that use ptrace when running under qemu-linux-user * Mon Jun 27 2016 fcrozatAATTsuse.com- Update to version 0.166: + config: The default program prefix for the installed tools is now eu-. Use configure --program-prefix=\"\" to not use a program prefix. + Various bugfixes.- Drop elfutils-0.164-dt-ppc-opt.patch and elfutils-0.164-gcc6.patch (merged upstream)- Add patch elfutils-0.166-elfcmp-comp-gcc6.patch: fix self-comparison error with GCC 6.- Changes from 0.165: + Add eu-elfcompress + Add pkg-config files for libelf and libdw. * Sat Apr 16 2016 normandAATTlinux.vnet.ibm.com- add elfutils-0.164-gcc6.patch * Sat Feb 27 2016 normandAATTlinux.vnet.ibm.com- rename dt-ppc-opt.patch as elfutils-0.164-dt-ppc-opt.patch and add reference to upstream commit id * Tue Dec 15 2015 schwabAATTsuse.de- dt-ppc-opt.patch: add support for DT_PPC_OPT * Fri Nov 20 2015 idonmezAATTsuse.com- Update to version 0.164 Drop the following patches, fixed upstream: * elfutils-portability-0.163.patch * elfutils-revert-portability-scanf.patch * elfutils-uninitialized.diff * libebl-prototype-fix.diff Changelog: - strip, unstrip: * Handle ELF files with merged strtab/shstrtab tables. * Handle missing SHF_INFO_LINK section flags. - libelf: * Use int64_t for offsets in libelf.h instead of loff_t. - libdw: * dwarf.h Add preliminary DWARF5 DW_LANG_Haskell. - libdwfl: * dwfl_standard_find_debuginfo now searches any subdir of the binary path under the debuginfo root when the separate debug file couldn\'t be found by build-id. * dwfl_linux_proc_attach can now be called before any Dwfl_Modules have been reported.- Implement %check * Fri Sep 11 2015 tonyjAATTsuse.com- Update to version 0.163 Drop patch elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch Drop patch elfutils-0.148-dont-crash.diff (fixed by 9ceebe69) Drop patch elfutils-portability-0.161.patch Add patch elfutils-portability-0.163.patch Changelog: 0.163: - Bug fixes only, no new features. 0.162: - libdw: Install new header elfutils/known-dwarf.h. dwarf.h Add preliminary DWARF5 constants DW_TAG_atomic_type, DW_LANG_Fortran03, DW_LANG_Fortran08. dwarf_peel_type now also handles DW_TAG_atomic_type. - addr2line: Input addresses are now always interpreted as hexadecimal numbers, never as octal or decimal numbers. New option -a, --addresses to print address before each entry. New option -C, --demangle to show demangled symbols. New option --pretty-print to print all information on one line. - ar: CVE-2014-9447 Directory traversal vulnerability in ar extraction. - backends: x32 support. * Wed Feb 11 2015 tonyjAATTsuse.com- Make ebl modversion predictable to allow build-compare (bnc#916043) * Wed Jan 07 2015 tonyjAATTsuse.com- CVE-2014-9447: elfutils: Directory traversal vulnerability (bnc#911662) Add patch: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch * Wed Jan 07 2015 p.drouandAATTgmail.com- Update to version 0.161 + libdw: New function dwarf_peel_type. dwarf_aggregate_size now uses dwarf_peel_type to also provide the sizes of qualified types. dwarf_getmacros will now serve either of .debug_macro and .debug_macinfo transparently. New interfaces dwarf_getmacros_off, dwarf_macro_getsrcfiles, dwarf_macro_getparamcnt, and dwarf_macro_param are available for more generalized inspection of macros and their parameters. dwarf.h: Add DW_AT_GNU_deleted, DW_AT_noreturn, DW_LANG_C11, DW_LANG_C_plus_plus_11 and DW_LANG_C_plus_plus_14.- Remove merged patches + elfutils-robustify.patch + elfutils-no-po-test-build.diff + elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch- Refreshed patch (from Fedora sources) + elfutils-portability.patch > elfutils-portability-0.161.patch- Add a lang subpackage * Wed Oct 15 2014 jengelhAATTinai.de- Update homepage URL and improve RPM group classification
|
|
|