|
|
|
|
Changelog for libdwarf0-0.11.0-67.1.x86_64.rpm :
* Sun Aug 18 2024 Dirk Müller - update to 0.11.0: * Identifies git fix id now for ossfuzz 70721 DW202407-010 * Correcting use-after-free with a specific corrupted DWARF section. * This simplfies getting correct cooked addresses for entries from .debug_ranges * The new code about .debug_ranges had small leaks when the library was told not to record or clean-up most memory allocations. Shown by -fsanitize. * Fixed a mistake in examplev, .debug_ranges * Added new argument to print_ranges_list_to_extra() so it can print both raw and cooked values. * Now calulates the cooked value of .debug_ranges and prints both raw and cooked values. * New date, some Dwarf_Ranges doc has been updated in libdwarf. * Added clarifying comment paragraphs about Dwarf_Ranges * Final on the rnglists ossfuzz issues so far. * ossfuzz 70246 DW202407-002 fixed. * Removing esb_append_printf() which is the last use of *sprintf() * ossfuzz 70244 fixed DW202407-001 * Removing esb_append_printf() as it is no longer necessary. * Added blank line after d= semantic version * Fixed trailing whitespace and indents. * Refine the information on rnglists base with * cc_rnglists_base_via_at (similar to loclists) * Added cc_loclists_base_via_at and * Due to the addition of dwarf_get_locdesc_entry_e() we revise the version for the next release to be * Issue #247, github libdwarf-code. * Fix indents and eliminate trailing whitespace. * Corrected the gitfixid as there was a use-after-free in new-today code, now fixed. * Fixing a nasty double free that was caused a few minutes ago. * New oss fuzz 69639 and 69641 are fixed. Here identfied as DW202406-001 and DW202406-002 * Remove debug printf (was #if 0 ... #endif) Fixed DW202406-001 ossfuzz 69639 and DW202406-002 ossfuzz 69641 * Implemented spelling change ld_kind to ld_lkind * In dwarf_formref() we correct the reading of DW_FORM_loclistx and DW_FORM_rnglistx to read a uleb. Been wrong since 2022 at least.. Another spot reading these had it right all along. * Renamed ll_kind to ll_lkind as it names a DW_LKIND value * Renamed ld_kind to ld_lkind as it names a DW_LKIND value * Revises the dwarfdump reporting of debug_loclists to clarify the dwarf 5 debug_loclists structure content. * The --print-raw-loclists option is more useful now. * Revises the dwarfdump reporting of debug_rnglists to clarify the dwarf 5 debug_rnglists structure content. * The --print-raw-rnglists option is more useful now. * In certain error cases the revised rnglists code was failing to dwarf_dealloc_error() where * Updated the output format of --print-raw-loclists to be more useful and to essentially match the rnglists version. * Separated out part of loclists data structs to be a better match with dwarf_rnglists.h * Corrected calculations related to rnglists array of offsets (were calling entries address size when they are offset size). * Removed some lines related to merging skeleton and split, they were wrong. debug_rnglists and debug_rnglists.dwo * Initialize the three new fields in Dwarf_Debug_s used for DWARF5 GNU extension .debug_addr printing. * Renaming DW_DLE_PE_SECTION_SIZE_ERROR to DW_DLE_PE_SECTION_SIZE_HEURISTIC_FAIL so any failure of the three such tests are clearly reported. Should never happen. * A heuristic sanity check on section VirtualSize was too concervative at s00MB, a PE object file had a section over 200MB in size. * Adding release xz name * Wed May 29 2024 Dominique Leuenberger - Update to version 0.9.2: + Fixed four vulnerabilities that could crash the library (segmentation violation etc) reading specific corruptions to DWARF. DW202402-001, DW202402-002,DW202402-003, and DW202403-001. Now the library returns an error code for those. Corrected a dwarf.h misspelling of DW_CFA_hi_user. * Tue Jan 30 2024 Dirk Müller - update to 0.9.1: * \"--disable-decompression\" tells the build to compile libdwarf and dwarfdump with no reference to the zlib or zstd libraries. * Latest DW_LANG names now present.- build with zstd support * Thu Dec 28 2023 Dirk Müller - update to 0.9.0: * Added support for reading Apple MacOS universal binaries. * Added callers access to certain fields from object files (for all three supported object formats), and * added the --print-machine-arch option to dwarfdump to show the fields. * Three functions were added to the API, see the Changes section of the latest documentation or in libdwarf.pdf in the release. No functions were deleted or had their meaning changed. * Vulnerabilities found by fuzzing were fixed. * See https://www.prevanders.net/dwarfbug.html for vulnerability details. * Sat Nov 18 2023 Dirk Müller - update to 0.8.0: * The release fixes many vulnerabilities from corrupt DWARF and/or corrupt Elf. Two new functions are added for DWARF Frame access to get the correct sign of an argument (the pre-existing functions remain in place and working avoiding any need for recompilation or relinking of user code). * Mon May 29 2023 Dirk Müller - update to 0.7.0: * The release fixes more than 50 vulnerabilities from corrupt DWARF and/or corrupt Elf. * Elf section counts can exceed 16 bits (on linux see man 5 elf) so some function prototype members of struct Dwarf_Obj_Access_Methods_a_s changed. Specifically, om_get_section_info() om_load_section(), and om_relocate_a_section() now pass section indexes as Dwarf_Unsigned instead of Dwarf_Half. * Two functions have been removed from libdwarf.h and the library: dwarf_dnames_abbrev_by_code() and dwarf_dnames_abbrev_form_by_index(). * dwarf_dnames_abbrev_by_code() is slow and pointless. Use either dwarf_dnames_name() or dwarf_dnames_abbrevtable() instead, depending on what you want to accomplish. * dwarf_dnames_abbrev_form_by_index() is not needed, was difficult to call due to argument list requirements, and never worked. * Mon Feb 27 2023 Dirk Müller - update to 0.6.0: Fixes for Denial Of Service (possible libdwarf crash): * The dealloc required for dwarf_offset_list() was incorrect, possibly leading to a crash. * The function prototype for dwarf_dietype_offset() changed so it can work correctly on DWARF4 objects. * A memory leak from dwarf_load_loclists() has been fixed. * The function dwarf_get_pubtypes() changed, Dwarf_Type no longer exists, correcting a library design mistake made in 1993. The function applied to DWARF3 and DWARF4 objects. * The set of functions using Dwarf_Type are gone, use Dwarf_Global instead. An object with DW_FORM_strx3 (DWARF5) could result in the library either crashing or returning an inappropriate error. DW_FORM_strx3 is now handled * https://newreleases.io/github/davea42/libdwarf-code?version=v0.6.0 * Fri Dec 02 2022 Dirk Müller - update to 0.5.0: * libdwarf-0.5.0 improves library performance reading DWARF DIEs by several percent (with no change in API). * It adds functions allowing acess to the .debug_addr section independent of other sections. dwarfdump has a new option to show that section. * Corrects the handling of some aspects of reading the .debug_names section. * Enhances dwarf_get_globals() to return all globals that .debug_pubnames and .debug_names refer to (no change in the API except adding a function to return the DW_TAG of any globals derived from .debug_names) * Mon Oct 03 2022 Dirk Müller - update to 0.4.2: * memory leak fixes * How to deal with a dwarf_init *() call that fails (DW_DLV_ERROR) in a simple way is finally documented in libdwarf.pdf and in the on-line html. * Fri Jul 15 2022 Dirk Müller - update to 0.4.1 (bsc#1200899, CVE-2022-34299): * Two places where a carefully corrupted object file could result in libdwarf crashing a caller due to referencing memory outside the intended read area have been fixed (DW202205-001 and DW202206-001). One related to DW_FORM_ref_sig8, the other to the .debug_pubnames section. * The library now accepts DW_AT_entry_pc in a CU DIE as a base address when DW_AT_low_pc is missing (an extension used by a current compiler). * Added function dwarf_suppress_debuglink_crc() to allow callers to turn off doing a CRC calculation reading GNU debuglink data (saves time for library users accessing near-identical builds).- drop fix-CVE-2022-32200.patch (upstream) * Tue Jun 07 2022 Dirk Müller - add fix-CVE-2022-32200.patch (bsc#1200291, CVE-2022-32200) * Wed Apr 27 2022 Jan Engelhardt - Resolve rpmlint report \"libdwarf1.x86_64: E: shlib-policy-name-error SONAME: libdwarf.so.0, expected package suffix: 0\" * Sun Apr 24 2022 Dirk Müller - update to 0.4.0: * Removed the unused Dwarf_Error argument from dwarf_return_empty_pubnames() as the function can only return DW_DLV_OK. dwarf_xu_header_free() renamed to dwarf_dealloc_xu_header(). dwarf_gdbindex_free() renamed to dwarf_dealloc_gdbindex(). dwarf_loc_head_c_dealloc renamed to dwarf_dealloc_loc_head_c(). * dwarf_get_location_op_value_d() renamed to dwarf_get_location_op_value_c(), and 3 pointless arguments removed. The dwarf_get_location_op_value_d version and the three arguments were added for DWARF5 in libdwarf20210528 but the change was a mistake. Now reverted to the previous version. * The .debug_names section interfaces have changed. Added dwarf_dnames_offsets() to provide details of facts useful in problems reading the section. dwarf_dnames_name() now does work and the interface was changed to make it easier to use. * Mon Feb 21 2022 Dirk Müller - replace symlink by directory with hardlinks (bsc#1196198) * Sun Feb 13 2022 Dirk Müller - update to 0.3.3: * Release fixes a n assign offset = offset; * Fixes a bug in LEB value reading of some values in the very rare case the compiler has emitted padding in the LEB * Has improvements in detecting corrupt object files (Elf, MachO, and PE) and one new function that is only significant for those using an LLVM feature for Heterogenous Debugging. Passes Coverity Scan with zero issues.- drop libdwarf-gcc11.patch, libdwarf-gcc11-fixup.patch: upstream * Wed Jun 16 2021 Fridrich Strba - Added patch: * libdwarf-gcc11-fixup.patch + fix missing return and double define mistake in the upstream patch * Tue Jun 15 2021 Dirk Müller - libdwarf-gcc11.patch: refresh with upstream patch * Tue Jun 15 2021 Fridrich Strba - Added patch: * libdwarf-gcc11.patch + skip correctly DW_FORM_implicit_const in _dwarf_formudata_internal (bsc#1187336) * Fri Jun 11 2021 Fridrich Strba - update to 20210528: corrects libdwarf\'s handling of DWARF5 line table header DW_LNCT entries. Dwarfdump now prints DW_OP_bra and DW_OP_skip correctly and correctly validates the target of these operators. adds summary information on attribute/form-class uses and attribute/forms use to the existing option -ku summary on tags and attributes. Dwarfdump verifies many attribute references are usable and prints a little from the target DIE, including with DW_FORM_ref_sig8 references. Now dwarf.h shows many more extensions (added by compiler developers) to the TAGs and ATtributes defines. Alongide releases is a pdf, libdwarf2.1xl.pdf (xl.pdf as it is extra-large), that is the same as the latest libdwarf2.1.pdf but with the table-of-contents at the front, not the back, of the pdf. Created an experiment, it is around 15MB so seemed too large to place it in the release or to do multiple versions. Later updates will just replace it on prevanders.net. * Wed Apr 21 2021 Wolfgang Frisch - Hardening: link as PIE (bsc#1185057). * Fri Jan 29 2021 Dirk Müller - update to 20201201: dwarfdump now prints DWARF expression operators each on its own line. This makes viewing DWARF expressions much nicer given the increased use of much longer expressions. Those expression operators that reference DIES are now followed, verified, and the target DW_TAG and DW_AT_name are printed. A new dwarfdump.conf command \'option:\' lets one specify option: --format-expr-ops-joined in case you want the old style DWARF expression operators-on-one-line. Where the DWARF DIE children nest > nine-deep dwarfdump switches from indentation by spaces to a nest-level number.
|
|
|