ubuntu/+source/elfutils:ubuntu/cosmic-security

Last commit made on 2019-06-10
Get this branch:
git clone -b ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic-security
Repository:
lp:ubuntu/+source/elfutils

Recent commits

d4b2f06... by Marc Deslauriers on 2019-06-07

Import patches-unapplied version 0.170-0.5.0ubuntu1.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 7519ac6d72945f5ed5c6323cab53feb21eb3315e

New changelog entries:
  * SECURITY UPDATE: DoS via a crafted file
    - debian/patches/CVE-2018-16062.patch: make sure there is enough data
      to read full aranges header in libdw/dwarf_getaranges.c,
      src/readelf.c.
    - CVE-2018-16062
  * SECURITY UPDATE: double free and application crash
    - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
      is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
      libelf/libelf.h.
    - CVE-2018-16402
  * SECURITY UPDATE: incorrect end of the attributes list check
    - debian/patches/CVE-2018-16403.patch: check end of attributes list
      consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
    - CVE-2018-16403
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18310.patch: sanity check partial core file
      data reads in libdwfl/dwfl_segment_report_module.c.
    - CVE-2018-18310
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
      src/size.c.
    - CVE-2018-18520
  * SECURITY UPDATE: divide by zero vulnerabilties
    - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
      in src/arlib.c.
    - CVE-2018-18521
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
      dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
      src/readelf.c.
    - CVE-2019-7149
  * SECURITY UPDATE: incorrect truncated dyn data read handling
    - debian/patches/CVE-2019-7150.patch: sanity check partial core file
      dyn data read in libdwfl/dwfl_segment_report_module.c.
    - CVE-2019-7150
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
      contain a zero terminated string in libdwfl/linux-core-attach.c,
      libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
    - CVE-2019-7665

7519ac6... by Michael Hudson-Doyle on 2018-10-18

Import patches-unapplied version 0.170-0.5.0ubuntu1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 93b3646c1f01fb8156ac3eaed16b9c413e9de6b5

New changelog entries:
  * Add d/patches/0001-aarch64-Add-default-cfi-rule-to-restore-SP-from-CFA-.patch
    to fix walking the stack of arm64 binaries compiled with GCC 8. (LP: #1798700)

93b3646... by Helmut Grohne on 2018-06-24

Import patches-unapplied version 0.170-0.5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 588d2ade1216dfe5b1da9bbb9e1a1b2eb4e10d5a

New changelog entries:
  * Non-maintainer upload acked by Kurt Roeckx.
  * Fix FTCBFS: Add zlib1g-dev:native to Build-Depends. (Closes: #901748)

588d2ad... by Matthias Klose on 2018-04-09

Import patches-unapplied version 0.170-0.4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e3b2ccb732a814a60c2b866b155ebf60193b0c2

New changelog entries:
  * Non-maintainer upload.
  * Backport patches for DWARF locview support (Mark Wielaard).

5e3b2cc... by Helmut Grohne on 2018-01-28

Import patches-unapplied version 0.170-0.3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 449d2cf64a16af2c877998d42b1ffdae93fb19ee

New changelog entries:
  * Non-maintainer upload.
  * Add disable_werror.patch. (Closes: #886004)

449d2cf... by Andreas Henriksson on 2017-12-30

Import patches-unapplied version 0.170-0.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2e9a0170c1e603d08d00f827528862be25bb8866

New changelog entries:
  * Non-maintainer upload, acked by maintainer.
  * libelf-dev,libdw-dev: Add missing dependencies for packages that
    our pkg-config files requires (zlib1g-dev, liblzma-dev).
    (Closes: #885071)

2e9a017... by Matthias Klose on 2017-09-11

Import patches-unapplied version 0.170-0.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9c48a36eeadffb99104f80d4f830369127804e87

New changelog entries:
  * Non-maintainer upload.
  * New upstream release
  * Fix fallthrough warnings exposed by GCC 7. Closes: #853387.
  * Bump standards version.
  * Configure with --disable-silent-rules.
  * Update libdw1 symbols file.

9c48a36... by Kurt Roeckx on 2017-05-27

Import patches-unapplied version 0.168-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d0c909d1dbe4f9b51427b971166b39647a95358f

New changelog entries:
  * Fix CVE-2017-7607 (Closes: #859996)
  * Fix CVE-2017-7608 (Closes: #859995)
  * Fix CVE-2017-7609 (Closes: #859994)
  * Fix CVE-2017-7610 (Closes: #859993)
  * Fix CVE-2017-7611 (Closes: #859992)
  * Fix CVE-2017-7612 (Closes: #859991)
  * Fix CVE-2017-7613 (Closes: #859990)

d0c909d... by Matthias Klose on 2016-12-29

Import patches-unapplied version 0.168-0.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fa9b8991571129d77a05d97f19eef0ac9656d549

New changelog entries:
  * debian/copyright: Update to the current licensing, as introduced
    with elfutils 0.154.
  * Drop the m68k_backend.diff patch.

fa9b899... by Matthias Klose on 2016-12-29

Import patches-unapplied version 0.168-0.1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: c8fa32b1b201c959bdedd7cfd8b7a1a9e33561e3

New changelog entries:
  * Non-maintainer upload.
  * New upstream release
    - m68k_backend.diff: Don't apply.
    - testsuite-amd64-fix-backtrace-native.patch: Remove, applied upstream.
    - Refresh patches.
    - Build failure on non Linux targets fixed. Closes: #816394.
  * Update libdw1 symbols file.
  * Improve DEB_BUILD_OPTIONS=nocheck handling (Helmut Grohne). See #832456.
    - Don't treat DEB_BUILD_OPTIONS=casinocheck as nocheck.
    - Don't default to nocheck for cross building.
    - Annotate Build-Depends: gcc-multilib with <!nocheck> profile.
  * Update reference to new sourceware.org home.