From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-980945-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EB7731396D9
	for <garchives@archives.gentoo.org>; Sat, 28 Oct 2017 21:06:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5563E2BC16D;
	Sat, 28 Oct 2017 21:06:48 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 27E272BC16D
	for <gentoo-commits@lists.gentoo.org>; Sat, 28 Oct 2017 21:06:48 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 0E9D7341646
	for <gentoo-commits@lists.gentoo.org>; Sat, 28 Oct 2017 21:06:46 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id C6C6941F
	for <gentoo-commits@lists.gentoo.org>; Sat, 28 Oct 2017 21:06:44 +0000 (UTC)
From: "Sergei Trofimovich" <slyfox@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" <slyfox@gentoo.org>
Message-ID: <1509224796.b3c5759b316133acdf7fc698df524bb5472b4a7a.slyfox@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-util/radare2/files/, dev-util/radare2/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-util/radare2/files/radare2-2.0.1-635618-p1.patch dev-util/radare2/files/radare2-2.0.1-635618-p2.patch dev-util/radare2/radare2-2.0.1-r1.ebuild
X-VCS-Directories: dev-util/radare2/files/ dev-util/radare2/
X-VCS-Committer: slyfox
X-VCS-Committer-Name: Sergei Trofimovich
X-VCS-Revision: b3c5759b316133acdf7fc698df524bb5472b4a7a
X-VCS-Branch: master
Date: Sat, 28 Oct 2017 21:06:44 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 923561ca-1c22-4d89-a7ce-63edaac4f515
X-Archives-Hash: 91d7923ab4c9d741f9d5adebd5ba90f5

commit:     b3c5759b316133acdf7fc698df524bb5472b4a7a
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 28 21:06:25 2017 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Sat Oct 28 21:06:36 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3c5759b

dev-util/radare2: fix 32-bit overflow in ELF parsing, bug #635618

Bug: https://bugs.gentoo.org/635618
Package-Manager: Portage-2.3.13, Repoman-2.3.4

 .../radare2/files/radare2-2.0.1-635618-p1.patch    | 29 +++++++++++
 .../radare2/files/radare2-2.0.1-635618-p2.patch    | 30 +++++++++++
 dev-util/radare2/radare2-2.0.1-r1.ebuild           | 58 ++++++++++++++++++++++
 3 files changed, 117 insertions(+)

diff --git a/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch b/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch
new file mode 100644
index 00000000000..5644e50cc11
--- /dev/null
+++ b/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch
@@ -0,0 +1,29 @@
+From c6d0076c924891ad9948a62d89d0bcdaf965f0cd Mon Sep 17 00:00:00 2001
+From: pancake <pancake@nopcode.org>
+Date: Wed, 25 Oct 2017 18:00:11 +0200
+Subject: [PATCH] Fix #8731 - Crash in ELF parser with negative 32bit number
+
+---
+ libr/bin/format/elf/elf.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
+index 90f6acd30..e3c852fd3 100644
+--- a/libr/bin/format/elf/elf.c
++++ b/libr/bin/format/elf/elf.c
+@@ -900,7 +900,11 @@ static Sdb *store_versioninfo_gnu_verneed(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz)
+ 			free (s);
+ 		}
+ 		sdb_num_set (sdb_version, "cnt", entry->vn_cnt, 0);
+-		vstart += entry->vn_aux;
++		st32 vnaux = entry->vn_aux;
++		if (vnaux < 1) {
++			goto beach;
++		}
++		vstart += vnaux;
+ 		for (j = 0, isum = i + entry->vn_aux; j < entry->vn_cnt && vstart + sizeof (Elf_(Vernaux)) <= end; ++j) {
+ 			int k;
+ 			Elf_(Vernaux) * aux = NULL;
+-- 
+2.14.3
+

diff --git a/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch b/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch
new file mode 100644
index 00000000000..242f4cc6220
--- /dev/null
+++ b/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch
@@ -0,0 +1,30 @@
+From 44ded3ff35b8264f54b5a900cab32ec489d9e5b9 Mon Sep 17 00:00:00 2001
+From: pancake <pancake@nopcode.org>
+Date: Wed, 25 Oct 2017 18:09:24 +0200
+Subject: [PATCH] Fix #8743 - Crash in ELF version parser on 32bit systems
+
+---
+ libr/bin/format/elf/elf.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
+index e3c852fd3..2248731b3 100644
+--- a/libr/bin/format/elf/elf.c
++++ b/libr/bin/format/elf/elf.c
+@@ -748,7 +748,12 @@ static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz)
+ 		verdef->vd_hash = READ32 (dfs, j)
+ 		verdef->vd_aux = READ32 (dfs, j)
+ 		verdef->vd_next = READ32 (dfs, j)
+-		vstart += verdef->vd_aux;
++		int vdaux = verdef->vd_aux;
++		if (vdaux < 1) {
++			sdb_free (sdb_verdef);
++			goto out_error;
++		}
++		vstart += vdaux;
+ 		if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) {
+ 			sdb_free (sdb_verdef);
+ 			goto out_error;
+-- 
+2.14.3
+

diff --git a/dev-util/radare2/radare2-2.0.1-r1.ebuild b/dev-util/radare2/radare2-2.0.1-r1.ebuild
new file mode 100644
index 00000000000..78ee0f1268e
--- /dev/null
+++ b/dev-util/radare2/radare2-2.0.1-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils
+
+DESCRIPTION="unix-like reverse engineering framework and commandline tools"
+HOMEPAGE="http://www.radare.org"
+
+if [[ ${PV} == *9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/radare/radare2"
+else
+	SRC_URI="https://github.com/radare/radare2/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~x86 ~arm ~arm64"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.9.9-nogit.patch
+	"${FILESDIR}"/${P}-635618-p1.patch
+	"${FILESDIR}"/${P}-635618-p2.patch
+)
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="ssl +system-capstone zsh-completion"
+
+RDEPEND="
+	ssl? ( dev-libs/openssl:0= )
+	system-capstone? ( dev-libs/capstone:0= )
+"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+"
+
+src_configure() {
+	econf \
+		$(use_with ssl openssl) \
+		$(use_with system-capstone syscapstone)
+}
+
+src_install() {
+	default
+
+	if use zsh-completion; then
+		insinto /usr/share/zsh/site-functions
+		doins doc/zsh/_*
+	fi
+
+	# a workaround for unstable $(INSTALL) call, bug #574866
+	local d
+	for d in doc/*; do
+		if [[ -d $d ]]; then
+			rm -rfv "$d" || die "failed to delete '$d'"
+		fi
+	done
+}