diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..7e1ef7361c0c425300666c33c07b395359100e58 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.bz2 filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..709b767c1f99aa0107cb13397f996545436c54c1 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/elfutils diff --git a/backport-CVE-2025-1352.patch b/backport-CVE-2025-1352.patch deleted file mode 100644 index cbe691f1f211f8c85037a23680661c85082b2eff..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1352.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Sat, 8 Feb 2025 20:00:12 +0100 -Subject: [PATCH] libdw: Simplify __libdw_getabbrev and fix dwarf_offabbrev - issue - -__libdw_getabbrev could crash on reading a bad abbrev by trying to -deallocate memory it didn't allocate itself. This could happen because -dwarf_offabbrev would supply its own memory when calling -__libdw_getabbrev. No other caller did this. - -Simplify the __libdw_getabbrev common code by not taking external -memory to put the abbrev result in (this would also not work correctly -if the abbrev was already cached). And make dwarf_offabbrev explicitly -copy the result (if there was no error or end of abbrev). - - * libdw/dwarf_getabbrev.c (__libdw_getabbrev): Don't take - Dwarf_Abbrev result argument. Always just allocate abb when - abbrev not found in cache. - (dwarf_getabbrev): Don't pass NULL as last argument to - __libdw_getabbrev. - * libdw/dwarf_tag.c (__libdw_findabbrev): Likewise. - * libdw/dwarf_offabbrev.c (dwarf_offabbrev): Likewise. And copy - abbrev into abbrevp on success. - * libdw/libdw.h (dwarf_offabbrev): Document return values. - * libdw/libdwP.h (__libdw_getabbrev): Don't take Dwarf_Abbrev - result argument. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32650 - -Signed-off-by: Mark Wielaard ---- - libdw/dwarf_getabbrev.c | 12 ++++-------- - libdw/dwarf_offabbrev.c | 10 +++++++--- - libdw/dwarf_tag.c | 3 +-- - libdw/libdw.h | 4 +++- - libdw/libdwP.h | 3 +-- - 5 files changed, 16 insertions(+), 16 deletions(-) - -diff --git a/libdw/dwarf_getabbrev.c b/libdw/dwarf_getabbrev.c -index 5b02333f..d9a6c022 100644 ---- a/libdw/dwarf_getabbrev.c -+++ b/libdw/dwarf_getabbrev.c -@@ -1,5 +1,6 @@ - /* Get abbreviation at given offset. - Copyright (C) 2003, 2004, 2005, 2006, 2014, 2017 Red Hat, Inc. -+ Copyright (C) 2025 Mark J. Wielaard - This file is part of elfutils. - Written by Ulrich Drepper , 2003. - -@@ -38,7 +39,7 @@ - Dwarf_Abbrev * - internal_function - __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset, -- size_t *lengthp, Dwarf_Abbrev *result) -+ size_t *lengthp) - { - /* Don't fail if there is not .debug_abbrev section. */ - if (dbg->sectiondata[IDX_debug_abbrev] == NULL) -@@ -85,12 +86,7 @@ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset, - Dwarf_Abbrev *abb = NULL; - if (cu == NULL - || (abb = Dwarf_Abbrev_Hash_find (&cu->abbrev_hash, code)) == NULL) -- { -- if (result == NULL) -- abb = libdw_typed_alloc (dbg, Dwarf_Abbrev); -- else -- abb = result; -- } -+ abb = libdw_typed_alloc (dbg, Dwarf_Abbrev); - else - { - foundit = true; -@@ -183,5 +179,5 @@ dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset, size_t *lengthp) - return NULL; - } - -- return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp, NULL); -+ return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp); - } -diff --git a/libdw/dwarf_offabbrev.c b/libdw/dwarf_offabbrev.c -index 27cdad64..41df69bf 100644 ---- a/libdw/dwarf_offabbrev.c -+++ b/libdw/dwarf_offabbrev.c -@@ -41,11 +41,15 @@ dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp, - if (dbg == NULL) - return -1; - -- Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp, -- abbrevp); -+ Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp); - - if (abbrev == NULL) - return -1; - -- return abbrev == DWARF_END_ABBREV ? 1 : 0; -+ if (abbrev == DWARF_END_ABBREV) -+ return 1; -+ -+ *abbrevp = *abbrev; -+ -+ return 0; - } -diff --git a/libdw/dwarf_tag.c b/libdw/dwarf_tag.c -index d784970c..218382a1 100644 ---- a/libdw/dwarf_tag.c -+++ b/libdw/dwarf_tag.c -@@ -53,8 +53,7 @@ __libdw_findabbrev (struct Dwarf_CU *cu, unsigned int code) - - /* Find the next entry. It gets automatically added to the - hash table. */ -- abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length, -- NULL); -+ abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length); - if (abb == NULL || abb == DWARF_END_ABBREV) - { - /* Make sure we do not try to search for it again. */ -diff --git a/libdw/libdw.h b/libdw/libdw.h -index d53dc787..ec4713a6 100644 ---- a/libdw/libdw.h -+++ b/libdw/libdw.h -@@ -587,7 +587,9 @@ extern int dwarf_srclang (Dwarf_Die *die); - extern Dwarf_Abbrev *dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset, - size_t *lengthp); - --/* Get abbreviation at given offset in .debug_abbrev section. */ -+/* Get abbreviation at given offset in .debug_abbrev section. On -+ success return zero and fills in ABBREVP. When there is no (more) -+ abbrev at offset returns one. On error returns a negative value. */ - extern int dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp, - Dwarf_Abbrev *abbrevp) - __nonnull_attribute__ (4); -diff --git a/libdw/libdwP.h b/libdw/libdwP.h -index d6bab606..0cff5c26 100644 ---- a/libdw/libdwP.h -+++ b/libdw/libdwP.h -@@ -795,8 +795,7 @@ extern Dwarf_Abbrev *__libdw_findabbrev (struct Dwarf_CU *cu, - - /* Get abbreviation at given offset. */ - extern Dwarf_Abbrev *__libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, -- Dwarf_Off offset, size_t *lengthp, -- Dwarf_Abbrev *result) -+ Dwarf_Off offset, size_t *lengthp) - __nonnull_attribute__ (1) internal_function; - - /* Get abbreviation of given DIE, and optionally set *READP to the DIE memory --- -2.27.0 - diff --git a/backport-CVE-2025-1365.patch b/backport-CVE-2025-1365.patch deleted file mode 100644 index eb5f6bfeb614e1524b4a6e10986da74b1ce565ec..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1365.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 5e5c0394d82c53e97750fe7b18023e6f84157b81 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Sat, 8 Feb 2025 21:44:56 +0100 -Subject: [PATCH] libelf, readelf: Use validate_str also to check dynamic - symstr data - -When dynsym/str was read through eu-readelf --dynamic by readelf -process_symtab the string data was not validated, possibly printing -unallocated memory past the end of the symstr data. Fix this by -turning the elf_strptr validate_str function into a generic -lib/system.h helper function and use it in readelf to validate the -strings before use. - - * libelf/elf_strptr.c (validate_str): Remove to... - * lib/system.h (validate_str): ... here. Make inline, simplify - check and document. - * src/readelf.c (process_symtab): Use validate_str on symstr_data. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32654 - -Signed-off-by: Mark Wielaard ---- - lib/system.h | 27 +++++++++++++++++++++++++++ - libelf/elf_strptr.c | 18 ------------------ - src/readelf.c | 18 +++++++++++++++--- - 3 files changed, 42 insertions(+), 21 deletions(-) - -diff --git a/lib/system.h b/lib/system.h -index 0db12d99..0698e5ff 100644 ---- a/lib/system.h -+++ b/lib/system.h -@@ -34,6 +34,7 @@ - #include - - #include -+#include - #include - #include - #include -@@ -117,6 +118,32 @@ startswith (const char *str, const char *prefix) - return strncmp (str, prefix, strlen (prefix)) == 0; - } - -+/* Return TRUE if STR[FROM] is a valid string with a zero terminator -+ at or before STR[TO - 1]. Note FROM is an index into the STR -+ array, while TO is the maximum size of the STR array. This -+ function returns FALSE when TO is zero or FROM >= TO. */ -+static inline bool -+validate_str (const char *str, size_t from, size_t to) -+{ -+#if HAVE_DECL_MEMRCHR -+ // Check end first, which is likely a zero terminator, -+ // to prevent function call -+ return (to > 0 -+ && (str[to - 1] == '\0' -+ || (to > from -+ && memrchr (&str[from], '\0', to - from - 1) != NULL))); -+#else -+ do { -+ if (to <= from) -+ return false; -+ -+ to--; -+ } while (str[to]); -+ -+ return true; -+#endif -+} -+ - /* A special gettext function we use if the strings are too short. */ - #define sgettext(Str) \ - ({ const char *__res = strrchr (_(Str), '|'); \ -diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c -index 79a24d25..c5a94f82 100644 ---- a/libelf/elf_strptr.c -+++ b/libelf/elf_strptr.c -@@ -53,24 +53,6 @@ get_zdata (Elf_Scn *strscn) - return zdata; - } - --static bool validate_str (const char *str, size_t from, size_t to) --{ --#if HAVE_DECL_MEMRCHR -- // Check end first, which is likely a zero terminator, to prevent function call -- return ((to > 0 && str[to - 1] == '\0') -- || (to - from > 0 && memrchr (&str[from], '\0', to - from - 1) != NULL)); --#else -- do { -- if (to <= from) -- return false; -- -- to--; -- } while (str[to]); -- -- return true; --#endif --} -- - char * - elf_strptr (Elf *elf, size_t idx, size_t offset) - { -diff --git a/src/readelf.c b/src/readelf.c -index 6526db07..c43fda35 100644 ---- a/src/readelf.c -+++ b/src/readelf.c -@@ -2639,6 +2639,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx, - char typebuf[64]; - char bindbuf[64]; - char scnbuf[64]; -+ const char *sym_name; - Elf32_Word xndx; - GElf_Sym sym_mem; - GElf_Sym *sym -@@ -2650,6 +2651,19 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx, - /* Determine the real section index. */ - if (likely (sym->st_shndx != SHN_XINDEX)) - xndx = sym->st_shndx; -+ if (use_dynamic_segment == true) -+ { -+ if (validate_str (symstr_data->d_buf, sym->st_name, -+ symstr_data->d_size)) -+ sym_name = (char *)symstr_data->d_buf + sym->st_name; -+ else -+ sym_name = NULL; -+ } -+ else -+ sym_name = elf_strptr (ebl->elf, idx, sym->st_name); -+ -+ if (sym_name == NULL) -+ sym_name = "???"; - - printf (_ ("\ - %5u: %0*" PRIx64 " %6" PRId64 " %-7s %-6s %-9s %6s %s"), -@@ -2662,9 +2676,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx, - get_visibility_type (GELF_ST_VISIBILITY (sym->st_other)), - ebl_section_name (ebl, sym->st_shndx, xndx, scnbuf, - sizeof (scnbuf), NULL, shnum), -- use_dynamic_segment == true -- ? (char *)symstr_data->d_buf + sym->st_name -- : elf_strptr (ebl->elf, idx, sym->st_name)); -+ sym_name); - - if (versym_data != NULL) - { --- -2.27.0 - diff --git a/backport-CVE-2025-1371.patch b/backport-CVE-2025-1371.patch deleted file mode 100644 index 4e6557a737e2e4cdd4e73b0e70461e2259c49491..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1371.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Sun, 9 Feb 2025 00:07:13 +0100 -Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab - -A corrupt ELF file can have broken program headers, in which case -gelf_getphdr returns NULL. This could crash handle_dynamic_symtab -while searching for the PT_DYNAMIC phdr. Fix this by checking whether -gelf_phdr returns NULL. - - * src/readelf.c (handle_dynamic_symtab): Check whether - gelf_getphdr returns NULL. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32655 - -Signed-off-by: Mark Wielaard ---- - src/readelf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/readelf.c b/src/readelf.c -index c43fda35..21b92a08 100644 ---- a/src/readelf.c -+++ b/src/readelf.c -@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl) - for (size_t i = 0; i < phnum; ++i) - { - phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); -- if (phdr->p_type == PT_DYNAMIC) -+ if (phdr == NULL || phdr->p_type == PT_DYNAMIC) - break; - } - if (phdr == NULL) --- -2.33.0 - - diff --git a/backport-CVE-2025-1372.patch b/backport-CVE-2025-1372.patch deleted file mode 100644 index a203402eddf7e592cf09d509fa7a9e1c36269bb9..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1372.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Sun, 9 Feb 2025 00:07:39 +0100 -Subject: [PATCH] readelf: Skip trying to uncompress sections without a name - -When combining eu-readelf -z with -x or -p to dump the data or strings -in an (corrupted ELF) unnamed numbered section eu-readelf could crash -trying to check whether the section name starts with .zdebug. Fix this -by skipping sections without a name. - - * src/readelf.c (dump_data_section): Don't try to gnu decompress a - section without a name. - (print_string_section): Likewise. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32656 - -Signed-off-by: Mark Wielaard ---- - src/readelf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/readelf.c b/src/readelf.c -index 21b92a08..da379216 100644 ---- a/src/readelf.c -+++ b/src/readelf.c -@@ -13327,7 +13327,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name) - _("Couldn't uncompress section"), - elf_ndxscn (scn)); - } -- else if (startswith (name, ".zdebug")) -+ else if (name && startswith (name, ".zdebug")) - { - if (elf_compress_gnu (scn, 0, 0) < 0) - printf ("WARNING: %s [%zd]\n", -@@ -13378,7 +13378,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name) - _("Couldn't uncompress section"), - elf_ndxscn (scn)); - } -- else if (startswith (name, ".zdebug")) -+ else if (name && startswith (name, ".zdebug")) - { - if (elf_compress_gnu (scn, 0, 0) < 0) - printf ("WARNING: %s [%zd]\n", --- -2.33.0 - - diff --git a/backport-CVE-2025-1376.patch b/backport-CVE-2025-1376.patch deleted file mode 100644 index 3b191c58eca36b9c968030d20daa2881772b6741..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1376.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b16f441cca0a4841050e3215a9f120a6d8aea918 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Thu, 13 Feb 2025 00:02:32 +0100 -Subject: [PATCH] libelf: Handle elf_strptr on section without any data - -In the unlikely situation that elf_strptr was called on a section with -sh_size already set, but that doesn't have any data yet we could crash -trying to verify the string to return. - -This could happen for example when a new section was created with -elf_newscn, but no data having been added yet. - - * libelf/elf_strptr.c (elf_strptr): Check strscn->rawdata_base - is not NULL. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32672 - -Signed-off-by: Mark Wielaard ---- - libelf/elf_strptr.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c -index c5a94f82..7be7f5e8 100644 ---- a/libelf/elf_strptr.c -+++ b/libelf/elf_strptr.c -@@ -1,5 +1,6 @@ - /* Return string pointer from string section. - Copyright (C) 1998-2002, 2004, 2008, 2009, 2015 Red Hat, Inc. -+ Copyright (C) 2025 Mark J. Wielaard - This file is part of elfutils. - Contributed by Ulrich Drepper , 1998. - -@@ -183,9 +184,12 @@ elf_strptr (Elf *elf, size_t idx, size_t offset) - // initialized yet (when data_read is zero). So we cannot just - // look at the rawdata.d.d_size. - -- /* Make sure the string is NUL terminated. Start from the end, -- which very likely is a NUL char. */ -- if (likely (validate_str (strscn->rawdata_base, offset, sh_size))) -+ /* First check there actually is any data. This could be a new -+ section which hasn't had any data set yet. Then make sure -+ the string is at a valid offset and NUL terminated. */ -+ if (unlikely (strscn->rawdata_base == NULL)) -+ __libelf_seterrno (ELF_E_INVALID_SECTION); -+ else if (likely (validate_str (strscn->rawdata_base, offset, sh_size))) - result = &strscn->rawdata_base[offset]; - else - __libelf_seterrno (ELF_E_INVALID_INDEX); --- -2.33.0 - - diff --git a/backport-CVE-2025-1377.patch b/backport-CVE-2025-1377.patch deleted file mode 100644 index 55137225caf66fd2843deb3b7e7f5aeb6a3d8572..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-1377.patch +++ /dev/null @@ -1,63 +0,0 @@ -From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Thu, 13 Feb 2025 14:59:34 +0100 -Subject: [PATCH] strip: Verify symbol table is a real symbol table - -We didn't check the symbol table referenced from the relocation table -was a real symbol table. This could cause a crash if that section -happened to be an SHT_NOBITS section without any data. Fix this by -adding an explicit check. - - * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a - message string to display. - (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1). - (remove_debug_relocations): Check the sh_link referenced - section is real and isn't a SHT_NOBITS section. - -https://sourceware.org/bugzilla/show_bug.cgi?id=32673 - -Signed-off-by: Mark Wielaard ---- - src/strip.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/strip.c b/src/strip.c -index 3812fb17..8d2bb7a9 100644 ---- a/src/strip.c -+++ b/src/strip.c -@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL; - /* Close debug file descriptor, if opened. And remove temporary debug file. */ - static void cleanup_debug (void); - --#define INTERNAL_ERROR(fname) \ -+#define INTERNAL_ERROR_MSG(fname, msg) \ - do { \ - cleanup_debug (); \ - error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"), \ -- fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \ -+ fname, __LINE__, PACKAGE_VERSION, msg); \ - } while (0) - -+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1)) - - /* Name of the output file. */ - static const char *output_fname; -@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr, - resolve relocation symbol indexes. */ - Elf64_Word symt = shdr->sh_link; - Elf_Data *symdata, *xndxdata; -- Elf_Scn * symscn = elf_getscn (elf, symt); -+ Elf_Scn *symscn = elf_getscn (elf, symt); -+ GElf_Shdr symshdr_mem; -+ GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); -+ if (symshdr == NULL) -+ INTERNAL_ERROR (fname); -+ if (symshdr->sh_type == SHT_NOBITS) -+ INTERNAL_ERROR_MSG (fname, "NOBITS section"); -+ - symdata = elf_getdata (symscn, NULL); - xndxdata = get_xndxdata (elf, symscn); - if (symdata == NULL) --- -2.27.0 - diff --git a/elfutils-0.192.tar.bz2 b/elfutils-0.192.tar.bz2 deleted file mode 100644 index 711c66d009ddaf8816d73ecfb374be1c3302fa0f..0000000000000000000000000000000000000000 Binary files a/elfutils-0.192.tar.bz2 and /dev/null differ diff --git a/elfutils-0.193.tar.bz2 b/elfutils-0.193.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..9d50f46a17b8556c9a92de454dc8a76e89bf0df1 --- /dev/null +++ b/elfutils-0.193.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7857f44b624f4d8d421df851aaae7b1402cfe6bcdd2d8049f15fc07d3dde7635 +size 11974916 diff --git a/elfutils-debuginfod.sysusers b/elfutils-debuginfod.sysusers new file mode 100644 index 0000000000000000000000000000000000000000..18c2561bb331546c413d9ae2f2a6b047f99b9ad6 --- /dev/null +++ b/elfutils-debuginfod.sysusers @@ -0,0 +1 @@ +u debuginfod - "elfutils debuginfo server" /var/cache/debuginfod - diff --git a/elfutils.spec b/elfutils.spec index f717c3bca378f33347048d6562eae2ac893cebac..7baee71ba716977f166714180e3ca9a49085d695 100644 --- a/elfutils.spec +++ b/elfutils.spec @@ -1,19 +1,14 @@ Name: elfutils -Version: 0.192 -Release: 4 +Version: 0.193 +Release: 1 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data URL: https://elfutils.org/ License: GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later) Source: https://sourceware.org/elfutils/ftp/%{version}/elfutils-%{version}.tar.bz2 +Source1: elfutils-debuginfod.sysusers Patch0: Fix-segfault-in-eu-ar-m.patch Patch1: Fix-issue-of-moving-files-by-ar-or-br.patch -Patch6000: backport-CVE-2025-1352.patch -Patch6001: backport-CVE-2025-1365.patch -Patch6002: backport-CVE-2025-1371.patch -Patch6003: backport-CVE-2025-1372.patch -Patch6004: backport-CVE-2025-1376.patch -Patch6005: backport-CVE-2025-1377.patch Requires: elfutils-libelf = %{version}-%{release} Requires: elfutils-libs = %{version}-%{release} @@ -148,9 +143,9 @@ License: GPL-2.0-or-later OR LGPL-3.0-or-later %package debuginfod Summary: HTTP ELF/DWARF file server addressed by build-id License: GPL-3.0-or-later -BuildRequires: systemd +BuildRequires: systemd-rpm-macros %{?systemd_requires} -Requires(pre): shadow-utils +%{?sysusers_requires_compat} # To extract .deb files with a bsdtar (=libarchive) subshell Requires: bsdtar @@ -198,6 +193,8 @@ touch ${RPM_BUILD_ROOT}%{_localstatedir}/cache/debuginfod/debuginfod.sqlite %find_lang %{name} +install -Dm0644 %{S:1} %{buildroot}%{_sysusersdir}/elfutils-debuginfod.conf + %check # run-debuginfod-find.sh is a bad test %make_build check || (cat tests/test-suite.log; true) @@ -246,6 +243,7 @@ fi %{_includedir}/elfutils/libasm.h %{_includedir}/elfutils/libdw.h %{_includedir}/elfutils/libdwelf.h +%{_includedir}/elfutils/libdwfl_stacktrace.h %{_includedir}/elfutils/libdwfl.h %{_includedir}/elfutils/version.h %{_libdir}/libasm.a @@ -289,16 +287,13 @@ fi %{_bindir}/debuginfod %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/debuginfod %{_unitdir}/debuginfod.service +%{_sysusersdir}/elfutils-debuginfod.conf %dir %attr(0700,debuginfod,debuginfod) %{_localstatedir}/cache/debuginfod %verify(not md5 size mtime) %attr(0600,debuginfod,debuginfod) %{_localstatedir}/cache/debuginfod/debuginfod.sqlite %pre debuginfod -getent group debuginfod >/dev/null || groupadd -r debuginfod -getent passwd debuginfod >/dev/null || \ - useradd -r -g debuginfod -d /var/cache/debuginfod -s /sbin/nologin \ - -c "elfutils debuginfo server" debuginfod -exit 0 +%sysusers_create_compat %{S:1} %post debuginfod %systemd_post debuginfod.service @@ -307,6 +302,10 @@ exit 0 %systemd_postun_with_restart debuginfod.service %changelog +* Mon Apr 28 2025 Funda Wang - 0.193-1 +- update to 0.193 +- change user and group creation to systemd style + * Sun Feb 16 2025 shixuantong - 0.192-4 - fix CVE-2025-1352 CVE-2025-1365 CVE-2025-1371 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377