From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 494AA139694 for ; Sat, 25 Mar 2017 16:09:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8D73521C06D; Sat, 25 Mar 2017 16:09:38 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5D04B21C06D for ; Sat, 25 Mar 2017 16:09:38 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D5F46341662 for ; Sat, 25 Mar 2017 16:09:36 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4A17773C4 for ; Sat, 25 Mar 2017 16:09:35 +0000 (UTC) From: "Sergei Trofimovich" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" Message-ID: <1490458060.83209f33a128ec7f48adbfad813cfbc13a2fd444.slyfox@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/capstone/files/, dev-libs/capstone/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/capstone/Manifest dev-libs/capstone/capstone-3.0.5_rc2.ebuild dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch X-VCS-Directories: dev-libs/capstone/ dev-libs/capstone/files/ X-VCS-Committer: slyfox X-VCS-Committer-Name: Sergei Trofimovich X-VCS-Revision: 83209f33a128ec7f48adbfad813cfbc13a2fd444 X-VCS-Branch: master Date: Sat, 25 Mar 2017 16:09:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 93219eb7-208f-44ba-bebd-30ad199c67a5 X-Archives-Hash: b7f6bb2fe36fc590361d06d8eda32910 commit: 83209f33a128ec7f48adbfad813cfbc13a2fd444 Author: Sergei Trofimovich gentoo org> AuthorDate: Sat Mar 25 16:07:40 2017 +0000 Commit: Sergei Trofimovich gentoo org> CommitDate: Sat Mar 25 16:07:40 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83209f33 dev-libs/capstone: bump up to 3.0.5-rc2, fix CVE-2017-6952, bug #612912 I don't believe 3.0.4 is affected: - it's a vulnerability in windows kernel driver. Not something you can easily build in gentoo today as it requires MSVS to build a driver - the windows code was added in capstone-3.0.5-rc1. It's not present in 3.0.4 in gentoo at all But not to forget about the vulnerability on next bump I'm bumping up to vilnerable release candidate and applying the upstream patch to fix CVE-2017-6952. Reported-by: Agostino Sarubbo Bug: https://bugs.gentoo.org/612912 Package-Manager: Portage-2.3.5, Repoman-2.3.2 dev-libs/capstone/Manifest | 1 + dev-libs/capstone/capstone-3.0.5_rc2.ebuild | 44 ++++++++++++++++++++++ .../files/capstone-3.0.5_rc2-CVE-2017-6952.patch | 41 ++++++++++++++++++++ .../capstone/files/capstone-3.0.5_rc2-FLAGS.patch | 16 ++++++++ 4 files changed, 102 insertions(+) diff --git a/dev-libs/capstone/Manifest b/dev-libs/capstone/Manifest index 239b44faf89..3f35304c88d 100644 --- a/dev-libs/capstone/Manifest +++ b/dev-libs/capstone/Manifest @@ -1 +1,2 @@ DIST capstone-3.0.4.tar.gz 2800818 SHA256 5d6dadf5864c56f8de66c66088fa68e849d0bff6577865a4f81b6f23112b14f2 SHA512 a5c29e7c559b5391d6a4ec9a7f766699ea6d321aa2f1fc57fdcec893107fa3ef2f5f6323629971c1129f1ca087df4f3ad03d0a8234d2eae368c8ccfec04dbf4d WHIRLPOOL 24aa002e215ee2a74c06a9be40218c78258a853028c74e1cdf95a5e2ea484471cf084cc8f5cc9db1aaefc16cf80a0b37480d4af60ca9119730334cbe2a02b906 +DIST capstone-3.0.5_rc2.tar.gz 2829338 SHA256 587c092454ad59137686529f3c008c265cc6d427a85d5d2e8f6a902b72d215b3 SHA512 31bafdb0b3183d0c054a4244cc135db9a3c3dc5cb2e2af706bfede0d53cca8cba81d74b74ef9a4adbfd6c79cc408864dd80b8203791e17bd6c98bb69ea4f6894 WHIRLPOOL 11a84f178cae68507d2686a81ca6cbc84b6402cb02e7278c03ec598887a0aa02d28a9ecbf388e09c8c3ae8d8ecf323dd4eaa211f79969089c4c7d6fbbe022349 diff --git a/dev-libs/capstone/capstone-3.0.5_rc2.ebuild b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild new file mode 100644 index 00000000000..80fb03207d6 --- /dev/null +++ b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild @@ -0,0 +1,44 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit toolchain-funcs + +DESCRIPTION="disassembly/disassembler framework + bindings" +HOMEPAGE="http://www.capstone-engine.org/" +SRC_URI="https://github.com/aquynh/${PN}/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/3" # libcapstone.so.3 +KEYWORDS="~amd64 ~arm ~x86" + +RDEPEND="" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2017-6952.patch + "${FILESDIR}"/${P}-FLAGS.patch +) + +S=${WORKDIR}/${P/_rc/-rc} + +src_configure() { + { + cat <<-EOF + # Gentoo overrides: + # verbose build + V = 1 + # toolchain + AR = $(tc-getAR) + CC = $(tc-getCC) + RANLIB = $(tc-getRANLIB) + # toolchain flags + CFLAGS = ${CFLAGS} + LDFLAGS = ${LDFLAGS} + # libs + LIBDIRARCH = $(get_libdir) + EOF + } >> config.mk || die + +} diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch new file mode 100644 index 00000000000..ba16126f741 --- /dev/null +++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch @@ -0,0 +1,41 @@ +commit 6fe86eef621b9849f51a5e1e5d73258a93440403 +Author: Quang Nguyễn +Date: Mon Mar 13 22:34:48 2017 +0700 + + provide a validity check to prevent against Integer overflow conditions (#870) + + * provide a validity check to prevent against Integer overflow conditions + + * fix some style issues. + +diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c +index c127da3a..ecdc1ca2 100644 +--- a/windows/winkernel_mm.c ++++ b/windows/winkernel_mm.c +@@ -3,6 +3,7 @@ + + #include "winkernel_mm.h" + #include ++#include + + // A pool tag for memory allocation + static const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC'; +@@ -33,8 +34,16 @@ void * CAPSTONE_API cs_winkernel_malloc(size_t size) + + // FP; a use of NonPagedPool is required for Windows 7 support + #pragma prefast(suppress : 30030) // Allocating executable POOL_TYPE memory +- CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( +- NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG); ++ size_t number_of_bytes = 0; ++ CS_WINKERNEL_MEMBLOCK *block = NULL; ++ // A specially crafted size value can trigger the overflow. ++ // If the sum in a value that overflows or underflows the capacity of the type, ++ // the function returns NULL. ++ if (!NT_SUCCESS(RtlSizeTAdd(size, sizeof(CS_WINKERNEL_MEMBLOCK), &number_of_bytes))) { ++ return NULL; ++ } ++ block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( ++ NonPagedPool, number_of_bytes, CS_WINKERNEL_POOL_TAG); + if (!block) { + return NULL; + } diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch new file mode 100644 index 00000000000..4be2ed4ba0e --- /dev/null +++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch @@ -0,0 +1,16 @@ +Add support for user overridden CFLAGS and LDFLAGS +diff --git a/cstool/Makefile b/cstool/Makefile +index 450ac1b..3cf2a81 100644 +--- a/cstool/Makefile ++++ b/cstool/Makefile +@@ -3,2 +3,3 @@ + include ../functions.mk ++include ../config.mk + +@@ -8,4 +9,4 @@ LIBNAME = capstone + +-CFLAGS = -I../include +-LDFLAGS = -O3 -Wall -L.. -l$(LIBNAME) ++CFLAGS += -I../include ++LDFLAGS += -Wall -L.. -l$(LIBNAME) +