From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-967953-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id B3A971396D0
	for <garchives@archives.gentoo.org>; Sat, 19 Aug 2017 10:12:02 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id F2162E0E45;
	Sat, 19 Aug 2017 10:12:01 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BAACFE0E33
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Aug 2017 10:12:01 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id B917F341A32
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Aug 2017 10:12:00 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 62E777B07
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Aug 2017 10:11:59 +0000 (UTC)
From: "Sergei Trofimovich" <slyfox@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" <slyfox@gentoo.org>
Message-ID: <1503137515.7e17e5572bda4281b90959cf8999dc95dfe21c6b.slyfox@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-misc/pax-utils/, app-misc/pax-utils/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch app-misc/pax-utils/pax-utils-1.2.2-r1.ebuild
X-VCS-Directories: app-misc/pax-utils/ app-misc/pax-utils/files/
X-VCS-Committer: slyfox
X-VCS-Committer-Name: Sergei Trofimovich
X-VCS-Revision: 7e17e5572bda4281b90959cf8999dc95dfe21c6b
X-VCS-Branch: master
Date: Sat, 19 Aug 2017 10:11:59 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: bbdec392-c982-4615-8ad3-4c092770713f
X-Archives-Hash: b36648445f76bdabda01445e09fcce99

commit:     7e17e5572bda4281b90959cf8999dc95dfe21c6b
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 19 10:02:47 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Aug 19 10:11:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e17e557

app-misc/pax-utils: fix crash on ia64 TEXTRELs, bug #624356

Bug: https://bugs.gentoo.org/624356
Package-Manager: Portage-2.3.8, Repoman-2.3.3

 ...-scanelf-fix-out-of-bounds-access-in-ia64.patch | 72 ++++++++++++++++++++++
 app-misc/pax-utils/pax-utils-1.2.2-r1.ebuild       | 58 +++++++++++++++++
 2 files changed, 130 insertions(+)

diff --git a/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch b/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch
new file mode 100644
index 00000000000..1fa5c3187e5
--- /dev/null
+++ b/app-misc/pax-utils/files/pax-utils-1.2.2-scanelf-fix-out-of-bounds-access-in-ia64.patch
@@ -0,0 +1,72 @@
+From e95103c40d0541fbcdb4b84b000832d9b1b83b8d Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Sat, 19 Aug 2017 10:34:41 +0100
+Subject: [PATCH] scanelf: fix out-of-bounds access in ia64
+
+commit 2eb852129394f97dae89c0ff1f9f48637edcb0e9
+slightly changed decoder and added unchecked
+read from elf header:
+
+```
+       switch (EGET(dpltrel->d_un.d_val)) { \
+       case DT_REL: \
+               rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
+```
+
+On ia64 'EGET(drel->d_un.d_val)' returns absolute address:
+
+```
+    $ dumpelf bug/luatex
+    ...
+    /* Dynamic tag #31 'DT_RELA' 0x97E310 */
+    {
+        .d_tag     = 0x7        ,
+        .d_un      = {
+                .d_val = 0x4000000000031C30 ,
+                .d_ptr = 0x4000000000031C30 ,
+        },
+    },
+```
+
+That causes 'scanelf' crash on binaries like 'luatex'.
+
+This change restores check and loudly skips such sections:
+    scanelf: bug/luatex: DT_RELA is out of file range
+
+Bug: https://bugs.gentoo.org/624356
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+---
+ scanelf.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/scanelf.c b/scanelf.c
+index 1ead891..a054408 100644
+--- a/scanelf.c
++++ b/scanelf.c
+@@ -607,11 +607,23 @@ static char *scanelf_file_textrels(elfobj *elf, char *found_textrels, char *foun
+ 	} \
+ 	switch (EGET(dpltrel->d_un.d_val)) { \
+ 	case DT_REL: \
++		if (EGET(drel->d_un.d_val) >= (uint64_t)elf->len - sizeof (drel->d_un.d_val)) { \
++			rel = NULL; \
++			rela = NULL; \
++			warn("%s: DT_REL is out of file range", elf->filename); \
++			break; \
++		} \
+ 		rel = REL##B(elf->vdata + EGET(drel->d_un.d_val)); \
+ 		rela = NULL; \
+ 		pltrel = DT_REL; \
+ 		break; \
+ 	case DT_RELA: \
++		if (EGET(drel->d_un.d_val) >= (uint64_t)elf->len - sizeof (drel->d_un.d_val)) { \
++			rel = NULL; \
++			rela = NULL; \
++			warn("%s: DT_RELA is out of file range", elf->filename); \
++			break; \
++		} \
+ 		rel = NULL; \
+ 		rela = RELA##B(elf->vdata + EGET(drel->d_un.d_val)); \
+ 		pltrel = DT_RELA; \
+-- 
+2.14.1
+

diff --git a/app-misc/pax-utils/pax-utils-1.2.2-r1.ebuild b/app-misc/pax-utils/pax-utils-1.2.2-r1.ebuild
new file mode 100644
index 00000000000..ba368f7be67
--- /dev/null
+++ b/app-misc/pax-utils/pax-utils-1.2.2-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils toolchain-funcs unpacker
+
+DESCRIPTION="ELF utils that can check files for security relevant properties"
+HOMEPAGE="https://wiki.gentoo.org/index.php?title=Project:Hardened/PaX_Utilities"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="caps debug python seccomp"
+
+RDEPEND="caps? ( >=sys-libs/libcap-2.24 )
+	python? ( dev-python/pyelftools )
+	seccomp? ( sys-libs/libseccomp )"
+DEPEND="${RDEPEND}
+	caps? ( virtual/pkgconfig )
+	seccomp? ( virtual/pkgconfig )
+	app-arch/xz-utils"
+
+PATCHES=("${FILESDIR}"/${P}-scanelf-fix-out-of-bounds-access-in-ia64.patch)
+
+_emake() {
+	emake \
+		USE_CAP=$(usex caps) \
+		USE_DEBUG=$(usex debug) \
+		USE_PYTHON=$(usex python) \
+		USE_SECCOMP=$(usex seccomp) \
+		"$@"
+}
+
+src_configure() {
+	# Avoid slow configure+gnulib+make if on an up-to-date Linux system
+	if use prefix || ! use kernel_linux || \
+	   has_version '<sys-libs/glibc-2.10'
+	then
+		econf $(use_with caps) $(use_with debug) $(use_with python) $(use_with seccomp)
+	else
+		tc-export CC PKG_CONFIG
+	fi
+}
+
+src_compile() {
+	_emake
+}
+
+src_test() {
+	_emake check
+}
+
+src_install() {
+	_emake DESTDIR="${D}" PKGDOCDIR='$(DOCDIR)'/${PF} install
+}