[Bug libelf/23787] eu-size: Bad handling of ar files inside are files
https://sourceware.org/bugzilla/show_bug.cgi?id=23787 --- Comment #4 from Mark Wielaard --- For reference this was assigned CVE-2018-18520. Note that the description of the CVE is misleading. The bug is in eu-size, not in libelf elf_end. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug general/23786] Divide-by-zero Problem in function arlib_add_symbols() in arlib.c in elfutils-0.174
https://sourceware.org/bugzilla/show_bug.cgi?id=23786 --- Comment #5 from Mark Wielaard --- For reference this was assigned CVE-2018-18521. Note that this bug was not in a generic library, just in the code shared by the eu-ar and eu-ranlib binaries. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug libdw/23752] Invalid Address Read problem in dwfl_segment_report_module.c when executing ./eu-stack --core=$POC
https://sourceware.org/bugzilla/show_bug.cgi?id=23752 --- Comment #6 from Mark Wielaard --- For reference this was assigned CVE-2018-18310. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug tools/23787] eu-size: Bad handling of ar files inside are files
https://sourceware.org/bugzilla/show_bug.cgi?id=23787 Mark Wielaard changed: What|Removed |Added Component|libelf |tools -- You are receiving this mail because: You are on the CC list for the bug.
[Bug tools/23786] Divide-by-zero Problem in function arlib_add_symbols() in arlib.c in elfutils-0.174
https://sourceware.org/bugzilla/show_bug.cgi?id=23786 Mark Wielaard changed: What|Removed |Added Component|general |tools -- You are receiving this mail because: You are on the CC list for the bug.
Prepare for 0.175
Set version to 0.175
Update NEWS and elfutils.spec.in.
Regenerate po/*.po files.
Signed-off-by: Mark Wielaard
---
NEWS| 18 +
config/elfutils.spec.in | 14 +
configure.ac|2 +-
po/de.po| 1162 --
po/es.po| 1169 --
po/ja.po| 1166 --
po/pl.po| 1172 --
po/uk.po| 1175 +--
8 files changed, 3113 insertions(+), 2765 deletions(-)
diff --git a/NEWS b/NEWS
index 0b7994e..95fbac0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
+Version 0.175
+
+readelf: Handle mutliple .debug_macro sections.
+ Recognize and parse GNU Property notes, NT_VERSION notes
+ and GNU Build Attribute ELF Notes.
+
+strip: Handle SHT_GROUP correctly.
+ Add strip --reloc-debug-sections-only option.
+ Handle relocations against GNU compressed sections.
+
+libdwelf: New function dwelf_elf_begin.
+
+libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE.
+
+backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND.
+
+Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
+
Version 0.174
libelf, libdw and all tools now handle extended shnum and shstrndx correctly.
diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in
index 0f9687d..e2fb0e4 100644
--- a/config/elfutils.spec.in
+++ b/config/elfutils.spec.in
@@ -227,6 +227,20 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sysctldir}/10-default-yama-scope.conf
%changelog
+* Wed Nov 14 2018 Mark Wielaard 0.175-1
+- readelf: Handle mutliple .debug_macro sections.
+ Recognize and parse GNU Property notes, NT_VERSION notes and
+ GNU Build Attribute ELF Notes.
+- strip: Handle SHT_GROUP correctly.
+ Add strip --reloc-debug-sections-only option.
+ Handle relocations against GNU compressed sections.
+- libdwelf: New function dwelf_elf_begin.
+- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
+ and BPF_JSLE.
+- backends: RISCV handles ADD/SUB relocations.
+ Handle SHT_X86_64_UNWIND.
+- Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
+
* Fri Sep 14 2018 Mark Wielaard 0.174-1
- libelf, libdw and all tools now handle extended shnum and shstrndx
correctly.
diff --git a/configure.ac b/configure.ac
index da9f8cb..b89b867 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,7 +17,7 @@ dnl GNU General Public License for more details.
dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program. If not, see
Re: Elfutils new release
On Wed, 2018-11-07 at 15:33 +0100, Mark Wielaard wrote: > On Wed, 2018-11-07 at 14:15 +, Karbownik, Anna wrote: > > I'd like to ask you whether you plan to release 0.175 elfutils > > version? > > There are enough (small) new features and bug fixes to do a new > release. Lets aim for next week. > > There are still a couple of patches cooking on the mailinglist and > there is one outstanding bug related to the new eu-strip --reloc-debug- > sections-only option with relocations against compressed debug sections > (but only on armhf and ppc64) which will need to be resolved. > > > If so, when are you going to announce it > > Once all patches are in and the bug is resolved. Hopefully end of this > week. I'll announce the intent to do a new 0.175 release on this > mailinglist. Then after a couple of days, I'll do the release unless > more issues are found. Hopefully somewhere next week. Fixing that one bug triggered another bug, updating the buildbot to Fedora 29 showed a bug and extra testing with gold showed yet another issue. But everything looks pretty good now. Despite (or maybe thanks to) the extra fixes going in I feel pretty good about the next release. I have prepared the source code for the next release and would like to release it on Friday unless some blocker bug is found before then. Cheers, Mark
Re: [PATCH] Handle GNU Build Attribute ELF Notes.
Hi Nick, I have a local hack that defines SHF_GNU_BUILD_NOTE and allows it in elflint. But without any documentation on what the semantics of this section flag are. I cannot find this flag being used in the binaries generated on Fedora 29. Is this flag ever used? Thanks, Mark
Re: Prepare for 0.175
On 11/14/18 1:16 PM, Mark Wielaard wrote:
> Set version to 0.175
> Update NEWS and elfutils.spec.in.
> Regenerate po/*.po files.
>
> Signed-off-by: Mark Wielaard
> ---
> NEWS| 18 +
> config/elfutils.spec.in | 14 +
> configure.ac|2 +-
> po/de.po| 1162 --
> po/es.po| 1169 --
> po/ja.po| 1166 --
> po/pl.po| 1172 --
> po/uk.po| 1175
> +--
> 8 files changed, 3113 insertions(+), 2765 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 0b7994e..95fbac0 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,21 @@
> +Version 0.175
> +
> +readelf: Handle mutliple .debug_macro sections.
> + Recognize and parse GNU Property notes, NT_VERSION notes
> + and GNU Build Attribute ELF Notes.
> +
> +strip: Handle SHT_GROUP correctly.
> + Add strip --reloc-debug-sections-only option.
> + Handle relocations against GNU compressed sections.
> +
> +libdwelf: New function dwelf_elf_begin.
> +
> +libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE.
> +
> +backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND.
> +
> +Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
> +
> Version 0.174
>
> libelf, libdw and all tools now handle extended shnum and shstrndx correctly.
> diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in
> index 0f9687d..e2fb0e4 100644
> --- a/config/elfutils.spec.in
> +++ b/config/elfutils.spec.in
> @@ -227,6 +227,20 @@ rm -rf ${RPM_BUILD_ROOT}
> %{_sysctldir}/10-default-yama-scope.conf
>
> %changelog
> +* Wed Nov 14 2018 Mark Wielaard 0.175-1
> +- readelf: Handle mutliple .debug_macro sections.
> + Recognize and parse GNU Property notes, NT_VERSION notes and
> + GNU Build Attribute ELF Notes.
> +- strip: Handle SHT_GROUP correctly.
> + Add strip --reloc-debug-sections-only option.
> + Handle relocations against GNU compressed sections.
> +- libdwelf: New function dwelf_elf_begin.
> +- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
> + and BPF_JSLE.
> +- backends: RISCV handles ADD/SUB relocations.
> + Handle SHT_X86_64_UNWIND.
> +- Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
> +
> * Fri Sep 14 2018 Mark Wielaard 0.174-1
> - libelf, libdw and all tools now handle extended shnum and shstrndx
>correctly.
> diff --git a/configure.ac b/configure.ac
> index da9f8cb..b89b867 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -17,7 +17,7 @@ dnl GNU General Public License for more details.
> dnl
> dnl You should have received a copy of the GNU General Public License
> dnl along with this program. If not, see
