diff options
| author | Robert Yang <liezhi.yang@windriver.com> | 2015-06-24 01:55:20 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-07-01 15:38:19 +0100 |
| commit | dcb26f21cfd9d91e9b4d78875b934ab942d877a5 (patch) | |
| tree | f186b56dfbd5018e190652a3c36c76fda30819a1 /meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch | |
| parent | 592a1d94a7b0e80059016adb59c4c61e256206f0 (diff) | |
| download | openembedded-core-dcb26f21cfd9d91e9b4d78875b934ab942d877a5.tar.gz openembedded-core-dcb26f21cfd9d91e9b4d78875b934ab942d877a5.tar.bz2 openembedded-core-dcb26f21cfd9d91e9b4d78875b934ab942d877a5.zip | |
elfutils: 0.161 -> 0.162
* Remove backport patch 0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch.
* Update:
- arm_func_value.patch
- fixheadercheck.patch
- redhat-portability.diff
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch')
| -rw-r--r-- | meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch b/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch deleted file mode 100644 index 7e4e492c1e..0000000000 --- a/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 -From: Alexander Cherepanov <cherepan@mccme.ru> -Date: Sun, 28 Dec 2014 19:57:19 +0300 -Subject: [PATCH] libelf: Fix dir traversal vuln in ar extraction. - -Upstream-Status: Backport - -read_long_names terminates names at the first '/' found but then skips -one character without checking (it's supposed to be '\n'). Hence the -next name could start with any character including '/'. This leads to -a directory traversal vulnerability at the time the contents of the -archive is extracted. - -The danger is mitigated by the fact that only one '/' is possible in a -resulting filename and only in the leading position. Hence only files -in the root directory can be written via this vuln and only when ar is -executed as root. - -The fix for the vuln is to not skip any characters while looking -for '/'. - -Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru> ---- - libelf/ChangeLog | 5 +++++ - libelf/elf_begin.c | 5 +---- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libelf/ChangeLog b/libelf/ChangeLog -index 3b88d03..447c354 100644 ---- a/libelf/ChangeLog -+++ b/libelf/ChangeLog -@@ -1,3 +1,8 @@ -+2014-12-28 Alexander Cherepanov <cherepan@mccme.ru> -+ -+ * elf_begin.c (read_long_names): Don't miss '/' right after -+ another '/'. Fixes a dir traversal vuln in ar extraction. -+ - 2014-12-18 Ulrich Drepper <drepper@gmail.com> - - * Makefile.am: Suppress output of textrel_check command. -diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c -index 30abe0b..cd3756c 100644 ---- a/libelf/elf_begin.c -+++ b/libelf/elf_begin.c -@@ -749,10 +749,7 @@ read_long_names (Elf *elf) - } - - /* NUL-terminate the string. */ -- *runp = '\0'; -- -- /* Skip the NUL byte and the \012. */ -- runp += 2; -+ *runp++ = '\0'; - - /* A sanity check. Somebody might have generated invalid - archive. */ --- -1.9.1 - |