ubuntu/+source/elfutils:ubuntu/trusty-updates

Last commit made on 2018-06-05
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/elfutils

Recent commits

e5863a4... by Tyler Hicks on 2017-05-17

Import patches-unapplied version 0.158-0ubuntu5.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: f508ce6029a8ef2305871070a153fecf8b7633f6

New changelog entries:
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
      an ELF file for sanity checks. Based on upstream patch.
    - CVE-2016-10254
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
      trying to malloc and read data. Based on upstream patch.
    - CVE-2016-10255
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
      before processing. Based on upstream patch.
    - debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
      handle_gnu_hash. Based on upstream patch.
    - CVE-2017-7607
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7608.patch: Use the empty string for note names
      with zero size. Based on upstream patch.
    - CVE-2017-7608
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7610.patch: Don't check section group without
      flags word. Based on upstream patch.
    - CVE-2017-7610
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7611.patch: Check symbol table data is big
      enough before checking. Based on upstream patch.
    - CVE-2017-7611
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
      hash sections. Based on upstream patch.
    - CVE-2017-7612
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
      shdrs available. Based on upstream patch.
    - CVE-2017-7613

f508ce6... by Tyler Hicks on 2015-01-20

Import patches-unapplied version 0.158-0ubuntu5.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 979684e747968364cd3191cd55dc042d55f57ca1

New changelog entries:
  * SECURITY UPDATE: Directory traversal via crafted ar archive
    - debian/patches/CVE-2014-9447.patch: Prevent root directory traversal
      while extracting ar archives
    - CVE-2014-9447

979684e... by Marc Deslauriers on 2014-04-15

Import patches-unapplied version 0.158-0ubuntu5.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 8b17df5919fc7dedb25794a00ae135bfd0275f17

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution in libdw
    via malicious ELF file
    - debian/patches/CVE-2014-0172.patch: check for overflow in
      libdw/dwarf_begin_elf.c.
    - CVE-2014-0172

8b17df5... by Adam Conrad on 2014-02-17

Import patches-unapplied version 0.158-0ubuntu5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4af9b03af70216c2454a680121d2e09001481850

New changelog entries:
  * debian/rules: force -O2 to work around build failure with -O3.

4af9b03... by Matthias Klose on 2014-01-14

Import patches-unapplied version 0.158-0ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: d30bf20c3e4c7ab116f967791dcd0b22a36b9954

New changelog entries:
  * Show test-suite log and logs of failing tests in case of failures.

d30bf20... by Matthias Klose on 2014-01-14

Import patches-unapplied version 0.158-0ubuntu3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7c576717d29d59d97bf1a6db8f95464fd9d2c339

New changelog entries:
  * Ignore run-backtrace-native.sh and run-backtrace-dwarf.sh test failures
    on powerpc and ppc64el. See LP #1268847.

7c57671... by Matthias Klose on 2014-01-06

Import patches-unapplied version 0.158-0ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 3de13fd57f6cf14bdb86ddfdc3d13f7c96e0267d

New changelog entries:
  * Fix test cases, when /proc/sys/kernel/core_uses_pid is set to 0.

3de13fd... by Matthias Klose on 2014-01-06

Import patches-unapplied version 0.158-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4fd5787b404276bef3927340c54089a67d70bc51

New changelog entries:
  * New upstream version, adding AArch64 support.

4fd5787... by Kurt Roeckx on 2013-11-17

Import patches-unapplied version 0.157-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 58250f14dd4eee4f7a8ad3125f67d451665e43c9

New changelog entries:
  * Build-Depend on gcc-multilib on [any-amd64] instead of [amd64]

58250f1... by Kurt Roeckx on 2013-11-03

Import patches-unapplied version 0.157-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 148ee0930ae1f010fdeec2709c35576a18cbaabc

New changelog entries:
  * Application in the readelf binary package, libdw1 itself use internal
    APIs from libelf and so need a strict dependency on the same libelf1
    binary package. libasm1 also needs a strict dependency on libdw1 since
    it uses libebl.a and so uses the MODVERSION to openthe backends. The
    dependency from libasm1 to libdw1 was missing.
    Disabling the thread safety resulted in struct Elf's size changing
    causing things like eu-readelf to break when an older libelf1 was
    installed.
  * Apply patch from upstream to fix the IA64 regression failure
    with a powerpc binary