From: "Sergei Trofimovich" <slyfox@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/capstone/files/, dev-libs/capstone/
Date: Sat, 25 Mar 2017 16:09:35 +0000 (UTC) [thread overview]
Message-ID: <1490458060.83209f33a128ec7f48adbfad813cfbc13a2fd444.slyfox@gentoo> (raw)
commit: 83209f33a128ec7f48adbfad813cfbc13a2fd444
Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 25 16:07:40 2017 +0000
Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Mar 25 16:07:40 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83209f33
dev-libs/capstone: bump up to 3.0.5-rc2, fix CVE-2017-6952, bug #612912
I don't believe 3.0.4 is affected:
- it's a vulnerability in windows kernel driver. Not something you can easily build in gentoo today as it requires MSVS to build a driver
- the windows code was added in capstone-3.0.5-rc1. It's not present in 3.0.4 in gentoo at all
But not to forget about the vulnerability on next bump
I'm bumping up to vilnerable release candidate and applying
the upstream patch to fix CVE-2017-6952.
Reported-by: Agostino Sarubbo
Bug: https://bugs.gentoo.org/612912
Package-Manager: Portage-2.3.5, Repoman-2.3.2
dev-libs/capstone/Manifest | 1 +
dev-libs/capstone/capstone-3.0.5_rc2.ebuild | 44 ++++++++++++++++++++++
.../files/capstone-3.0.5_rc2-CVE-2017-6952.patch | 41 ++++++++++++++++++++
.../capstone/files/capstone-3.0.5_rc2-FLAGS.patch | 16 ++++++++
4 files changed, 102 insertions(+)
diff --git a/dev-libs/capstone/Manifest b/dev-libs/capstone/Manifest
index 239b44faf89..3f35304c88d 100644
--- a/dev-libs/capstone/Manifest
+++ b/dev-libs/capstone/Manifest
@@ -1 +1,2 @@
DIST capstone-3.0.4.tar.gz 2800818 SHA256 5d6dadf5864c56f8de66c66088fa68e849d0bff6577865a4f81b6f23112b14f2 SHA512 a5c29e7c559b5391d6a4ec9a7f766699ea6d321aa2f1fc57fdcec893107fa3ef2f5f6323629971c1129f1ca087df4f3ad03d0a8234d2eae368c8ccfec04dbf4d WHIRLPOOL 24aa002e215ee2a74c06a9be40218c78258a853028c74e1cdf95a5e2ea484471cf084cc8f5cc9db1aaefc16cf80a0b37480d4af60ca9119730334cbe2a02b906
+DIST capstone-3.0.5_rc2.tar.gz 2829338 SHA256 587c092454ad59137686529f3c008c265cc6d427a85d5d2e8f6a902b72d215b3 SHA512 31bafdb0b3183d0c054a4244cc135db9a3c3dc5cb2e2af706bfede0d53cca8cba81d74b74ef9a4adbfd6c79cc408864dd80b8203791e17bd6c98bb69ea4f6894 WHIRLPOOL 11a84f178cae68507d2686a81ca6cbc84b6402cb02e7278c03ec598887a0aa02d28a9ecbf388e09c8c3ae8d8ecf323dd4eaa211f79969089c4c7d6fbbe022349
diff --git a/dev-libs/capstone/capstone-3.0.5_rc2.ebuild b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild
new file mode 100644
index 00000000000..80fb03207d6
--- /dev/null
+++ b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit toolchain-funcs
+
+DESCRIPTION="disassembly/disassembler framework + bindings"
+HOMEPAGE="http://www.capstone-engine.org/"
+SRC_URI="https://github.com/aquynh/${PN}/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0/3" # libcapstone.so.3
+KEYWORDS="~amd64 ~arm ~x86"
+
+RDEPEND=""
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-CVE-2017-6952.patch
+ "${FILESDIR}"/${P}-FLAGS.patch
+)
+
+S=${WORKDIR}/${P/_rc/-rc}
+
+src_configure() {
+ {
+ cat <<-EOF
+ # Gentoo overrides:
+ # verbose build
+ V = 1
+ # toolchain
+ AR = $(tc-getAR)
+ CC = $(tc-getCC)
+ RANLIB = $(tc-getRANLIB)
+ # toolchain flags
+ CFLAGS = ${CFLAGS}
+ LDFLAGS = ${LDFLAGS}
+ # libs
+ LIBDIRARCH = $(get_libdir)
+ EOF
+ } >> config.mk || die
+
+}
diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch
new file mode 100644
index 00000000000..ba16126f741
--- /dev/null
+++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch
@@ -0,0 +1,41 @@
+commit 6fe86eef621b9849f51a5e1e5d73258a93440403
+Author: Quang Nguyễn <quangnh89@users.noreply.github.com>
+Date: Mon Mar 13 22:34:48 2017 +0700
+
+ provide a validity check to prevent against Integer overflow conditions (#870)
+
+ * provide a validity check to prevent against Integer overflow conditions
+
+ * fix some style issues.
+
+diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c
+index c127da3a..ecdc1ca2 100644
+--- a/windows/winkernel_mm.c
++++ b/windows/winkernel_mm.c
+@@ -3,6 +3,7 @@
+
+ #include "winkernel_mm.h"
+ #include <ntddk.h>
++#include <Ntintsafe.h>
+
+ // A pool tag for memory allocation
+ static const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC';
+@@ -33,8 +34,16 @@ void * CAPSTONE_API cs_winkernel_malloc(size_t size)
+
+ // FP; a use of NonPagedPool is required for Windows 7 support
+ #pragma prefast(suppress : 30030) // Allocating executable POOL_TYPE memory
+- CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag(
+- NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG);
++ size_t number_of_bytes = 0;
++ CS_WINKERNEL_MEMBLOCK *block = NULL;
++ // A specially crafted size value can trigger the overflow.
++ // If the sum in a value that overflows or underflows the capacity of the type,
++ // the function returns NULL.
++ if (!NT_SUCCESS(RtlSizeTAdd(size, sizeof(CS_WINKERNEL_MEMBLOCK), &number_of_bytes))) {
++ return NULL;
++ }
++ block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag(
++ NonPagedPool, number_of_bytes, CS_WINKERNEL_POOL_TAG);
+ if (!block) {
+ return NULL;
+ }
diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch
new file mode 100644
index 00000000000..4be2ed4ba0e
--- /dev/null
+++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch
@@ -0,0 +1,16 @@
+Add support for user overridden CFLAGS and LDFLAGS
+diff --git a/cstool/Makefile b/cstool/Makefile
+index 450ac1b..3cf2a81 100644
+--- a/cstool/Makefile
++++ b/cstool/Makefile
+@@ -3,2 +3,3 @@
+ include ../functions.mk
++include ../config.mk
+
+@@ -8,4 +9,4 @@ LIBNAME = capstone
+
+-CFLAGS = -I../include
+-LDFLAGS = -O3 -Wall -L.. -l$(LIBNAME)
++CFLAGS += -I../include
++LDFLAGS += -Wall -L.. -l$(LIBNAME)
+
next reply other threads:[~2017-03-25 16:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-25 16:09 Sergei Trofimovich [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-07-04 17:52 [gentoo-commits] repo/gentoo:master commit in: dev-libs/capstone/files/, dev-libs/capstone/ Sergei Trofimovich
2022-05-11 2:11 Sam James
2024-06-02 0:41 Sam James
2024-08-28 6:39 Joonas Niilola
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1490458060.83209f33a128ec7f48adbfad813cfbc13a2fd444.slyfox@gentoo \
--to=slyfox@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox