diff --git a/CVE-2024-2002.patch b/CVE-2024-2002.patch new file mode 100644 index 0000000000000000000000000000000000000000..b201175a9c31e4f30cda47d1d0effe014f66a3f8 --- /dev/null +++ b/CVE-2024-2002.patch @@ -0,0 +1,164 @@ +From 404e6b1b14f60c81388d50b4239f81d461b3c3ad Mon Sep 17 00:00:00 2001 +From: David Anderson +Date: Sat, 17 Feb 2024 13:33:39 -0800 +Subject: [PATCH] Fixing DW202402-002, corrupt object caused various libdwarf + crashes with some tailored/fuzzed object files. modified: + src/lib/libdwarf/dwarf_alloc.c modified: + src/lib/libdwarf/dwarf_error.c + +Origin: https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad + +--- + src/lib/libdwarf/dwarf_alloc.c | 56 ++++++++++++++++++++++++++++++++-- + src/lib/libdwarf/dwarf_error.c | 5 +-- + 2 files changed, 57 insertions(+), 4 deletions(-) + +diff --git a/src/lib/libdwarf/dwarf_alloc.c b/src/lib/libdwarf/dwarf_alloc.c +index 9ef9b16f4..a73b8abf9 100644 +--- a/src/lib/libdwarf/dwarf_alloc.c ++++ b/src/lib/libdwarf/dwarf_alloc.c +@@ -143,6 +143,7 @@ _dwarf_error_destructor(void *m) + #if DEBUG_ALLOC + printf("libdwarfdetector DEALLOC Now destruct error " + "string %s\n",dwarfstring_string(erm)); ++ fflush(stdout); + #endif /* DEBUG_ALLOC */ + dwarfstring_destructor(erm); + free(erm); +@@ -182,6 +183,8 @@ struct reserve_data_s { + + #define STATIC_ALLOWED 10 /* arbitrary, must be > 2, see below*/ + static unsigned static_used = 0; ++/* entries in this list point to allocations of ++ type DW_DLA_ERROR. */ + static Dwarf_Error staticerrlist[STATIC_ALLOWED]; + + /* Clean this out if found */ +@@ -215,7 +218,7 @@ dw_empty_errlist_item(Dwarf_Error e_in) + } + } + +-/* If the userr calls dwarf_dealloc on an error ++/* If the user calls dwarf_dealloc on an error + out of a dwarf_init*() call, this will find + it in the static err list. Here dbg is NULL + so not mentioned. */ +@@ -226,11 +229,21 @@ _dwarf_add_to_static_err_list(Dwarf_Error error) + if (!error) { + return; + } ++#ifdef DEBUG_ALLOC ++ printf("\nlibdwarfdetector add to static err list " ++ " 0x%lx\n",(unsigned long)(uintptr_t)error); ++ fflush(stdout); ++#endif /* DEBUG_ALLOC */ + for ( ; i er_static_alloc == DE_MALLOC) { + /* This is special, we had no arena + but have a full special area as normal. */ ++#if 0 ++ check_errmsg_list = TRUE; ++#endif + #ifdef DEBUG_ALLOC + printf("DEALLOC does free, DE_MALLOC line %d %s\n", + __LINE__,__FILE__); + fflush(stdout); + #endif /* DEBUG_ALLOC*/ ++ _dwarf_remove_from_staticerrlist(space); + } + /* Was normal alloc, use normal dealloc. */ + /* DW_DLA_ERROR has a specialdestructor */ +diff --git a/src/lib/libdwarf/dwarf_error.c b/src/lib/libdwarf/dwarf_error.c +index e49706693..73f60f2b3 100644 +--- a/src/lib/libdwarf/dwarf_error.c ++++ b/src/lib/libdwarf/dwarf_error.c +@@ -140,7 +140,8 @@ _dwarf_error_string(Dwarf_Debug dbg, Dwarf_Error * error, + errptr = &_dwarf_failsafe_error; + errptr->er_static_alloc = DE_STATIC; + #ifdef DEBUG +- printf("libdwarf no dbg, fullystatic, " ++ printf("libdwarf no dbg to dwarf_error_string," ++ " fullystatic, " + "using DE_STATIC alloc, addr" + " 0x%lx line %d %s\n", + (unsigned long)errptr, +@@ -150,7 +151,7 @@ _dwarf_error_string(Dwarf_Debug dbg, Dwarf_Error * error, + errptr->er_static_alloc = DE_MALLOC; + + #ifdef DEBUG +- printf("libdwarf no dbg,leaks, " ++ printf("libdwarf no dbg, add to static_err_list " + "static DE_MALLOC alloc, addr" + " 0x%lx line %d %s\n", + (unsigned long)errptr, diff --git a/libdwarf-0.9.1.tar.xz b/libdwarf-0.9.1.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..bc099e40033b9efb79f93ca3bce701e2c4ff9ce4 Binary files /dev/null and b/libdwarf-0.9.1.tar.xz differ diff --git a/libdwarf-20210528.tar.gz b/libdwarf-20210528.tar.gz deleted file mode 100644 index 163b5d91d85e3d75039a8802f6dd815c3d44fcd0..0000000000000000000000000000000000000000 Binary files a/libdwarf-20210528.tar.gz and /dev/null differ diff --git a/libdwarf.spec b/libdwarf.spec index 153c465070961bb8b19b3822736cc46f1b2d9965..3c6ba55060fc8615fa7b69171cd85ff180d3129d 100644 --- a/libdwarf.spec +++ b/libdwarf.spec @@ -1,11 +1,13 @@ Name: libdwarf -Version: 20210528 +Epoch: 1 +Version: 0.9.1 Release: 1 Summary: Library to access DWARF debugging information License: LGPLv2 URL: http://www.prevanders.net/dwarf.html -Source0: http://www.prevanders.net/%{name}-%{version}.tar.gz -BuildRequires: gcc binutils-devel elfutils-libelf-devel dos2unix +Source0: https://www.prevanders.net/%{name}-%{version}.tar.xz +Patch0: CVE-2024-2002.patch +BuildRequires: gcc make python3 %description Libdwarf is a library of functions to provide read/write DWARF @@ -13,7 +15,7 @@ debugging records. %package devel Summary: Library and header files of libdwarf -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{epoch}:%{version}-%{release} Provides: libdwarf-static = %{version}-%{release} Obsoletes: libdwarf-static < %{version}-%{release} @@ -22,7 +24,7 @@ Libdwarf-devel provides libraries and header files for libdwarf. %package tools Summary: Tools to access the DWARF debugging file format -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{epoch}:%{version}-%{release} %description tools Libdwarf-tools contains dwarfdump, a tool to access DWARF debug information. @@ -32,6 +34,7 @@ Libdwarf-tools contains dwarfdump, a tool to access DWARF debug information. %prep %autosetup -n %{name}-%{version} -p1 + %build %configure --enable-shared sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool @@ -40,42 +43,52 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %install %make_install -install -d %{buildroot}%{_includedir}/libdwarf -mv %{buildroot}%{_includedir}/*.h %{buildroot}%{_includedir}/libdwarf - -%delete_la %check -LD_LIBRARY_PATH=$PWD/libdwarf/.libs %__make check + +LD_LIBRARY_PATH=$PWD/src/lib/libdwarf/.libs TZ=:America/Los_Angeles %__make check %files %defattr(-,root,root) -%license libdwarf/{COPYING,LIBDWARFCOPYRIGHT,LGPL.txt} -%{_libdir}/libdwarf.so.* -%exclude %{_datadir}/libdwarf +%license src/lib/libdwarf/{COPYING,LIBDWARFCOPYRIGHT,LGPL.txt} +%{_libdir}/libdwarf.so.0 +%{_libdir}/libdwarf.so.0.* %files devel %defattr(-,root,root) -%{_includedir}/libdwarf +%{_includedir}/libdwarf-0 +%{_libdir}/pkgconfig/libdwarf.pc %{_libdir}/libdwarf.so -%{_libdir}/{libdwarf.so,libdwarf.a} +%{_libdir}/libdwarf.a +%exclude %{_libdir}/*.la %files tools %defattr(-,root,root) -%doc dwarfdump/{README,ChangeLog} -%license dwarfdump/{COPYING,DWARFDUMPCOPYRIGHT,GPL.txt} +%license src/bin/dwarfdump/{COPYING,DWARFDUMPCOPYRIGHT,GPL.txt} %{_bindir}/dwarfdump %{_datadir}/dwarfdump/dwarfdump.conf %files help %defattr(-,root,root) -%doc libdwarf/{ChangeLog,README,*.pdf} +%doc src/lib/libdwarf/{ChangeLog,README} doc/*.pdf %{_mandir}/man1/dwarfdump.1.gz %changelog +* Mon Mar 25 2024 wangkai <13474090681@163.com> - 1:0.9.1-1 +- Update to 0.9.1 and fix CVE-2024-2002 + +* Thu Jun 15 2023 liyanan - 0.7.0-1 +- Update to 0.7.0 + * Tue Jul 26 2022 panys - 20210528-1 - upgrade to version 20210528 +* Tue Nov 24 2020 SimpleUpdate Robot - 20201020-1 +- Upgrade to version 20201020 + +* Sun Jun 21 2020 hanhui - 20200114 +- Mainline branch update to 20200114 + * Tue Apr 21 2020 songnannan - 20200114 - update to 20200114 diff --git a/libdwarf.yaml b/libdwarf.yaml index 5039f2ec033684dcae45bdddee6ce20d5ee7551c..618056959e7db5b8837ae047007685bbd68946fd 100644 --- a/libdwarf.yaml +++ b/libdwarf.yaml @@ -1,4 +1,4 @@ version_control: github -src_repo: Distrotech/libdwarf -tag_pattern: ^v -seperator: . +src_repo: davea42/libdwarf-code +tag_prefix: "^v" +separator: "."