ubuntu/+source/elfutils:ubuntu/xenial-updates

Last commit made on 2019-06-10
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-updates
Repository:
lp:ubuntu/+source/elfutils

Recent commits

13c8cb3... by Marc Deslauriers on 2019-06-07

Import patches-unapplied version 0.165-3ubuntu1.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b0c6c21b9936477de1b936a7a3e4fb2ad42e0b45

New changelog entries:
  * SECURITY UPDATE: DoS via a crafted file
    - debian/patches/CVE-2018-16062.patch: make sure there is enough data
      to read full aranges header in libdw/dwarf_getaranges.c,
      src/readelf.c.
    - CVE-2018-16062
  * SECURITY UPDATE: double free and application crash
    - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
      is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
      libelf/libelf.h.
    - CVE-2018-16402
  * SECURITY UPDATE: incorrect end of the attributes list check
    - debian/patches/CVE-2018-16403.patch: check end of attributes list
      consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
    - CVE-2018-16403
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18310.patch: sanity check partial core file
      data reads in libdwfl/dwfl_segment_report_module.c.
    - CVE-2018-18310
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
      src/size.c.
    - CVE-2018-18520
  * SECURITY UPDATE: divide by zero vulnerabilties
    - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
      in src/arlib.c.
    - CVE-2018-18521
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
      dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
      src/readelf.c.
    - CVE-2019-7149
  * SECURITY UPDATE: incorrect truncated dyn data read handling
    - debian/patches/CVE-2019-7150.patch: sanity check partial core file
      dyn data read in libdwfl/dwfl_segment_report_module.c.
    - CVE-2019-7150
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
      contain a zero terminated string in libdwfl/linux-core-attach.c,
      libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
    - CVE-2019-7665

b0c6c21... by Tyler Hicks on 2017-05-17

Import patches-unapplied version 0.165-3ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 9eab65c7011609077d44f0196bb7e056e6b399ae

New changelog entries:
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
      an ELF file for sanity checks. Based on upstream patch.
    - CVE-2016-10254
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
      trying to malloc and read data. Based on upstream patch.
    - CVE-2016-10255
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7607.patch: Fix off by one sanity check in
      handle_gnu_hash. Based on upstream patch.
    - CVE-2017-7607
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7608.patch: Use the empty string for note names
      with zero size. Based on upstream patch.
    - CVE-2017-7608
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7609.patch: Check compression ratio before
      trying to allocate output buffer. Based on upstream patch.
    - CVE-2017-7609
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7610.patch: Don't check section group without
      flags word. Based on upstream patch.
    - CVE-2017-7610
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7611.patch: Check symbol table data is big
      enough before checking. Based on upstream patch.
    - CVE-2017-7611
  * SECURITY UPDATE: Denial of service via invalid memory read when handling
    crafted ELF files
    - debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
      hash sections. Based on upstream patch.
    - CVE-2017-7612
  * SECURITY UPDATE: Denial of service via memory consumption when handling
    crafted ELF files
    - debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
      shdrs available. Based on upstream patch.
    - CVE-2017-7613

9eab65c... by Matthias Klose on 2016-02-19

Import patches-unapplied version 0.165-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f6adf155b608fa50e30a05f540f5ef0e1bda8338

New changelog entries:
  * Fix finding the debug info for Ubuntu kernels (Mark Wielaard). LP: #1537125.

f6adf15... by Kurt Roeckx on 2016-01-16

Import patches-unapplied version 0.165-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f53aff926361405d1c781ad1a74ba9de0437d9e

New changelog entries:
  * Add patches from Mark Wielaard to fix non-Linux issues.

9f53aff... by Kurt Roeckx on 2016-01-13

Import patches-unapplied version 0.165-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 39497fc7b07114c18168cd0f1ae2d7680d5cf976

New changelog entries:
  * Make the new libelf.h work with older elf.h from glibc (Closes: #810885)

39497fc... by Kurt Roeckx on 2016-01-11

Import patches-unapplied version 0.165-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b114556f1f7f563f3471b92aacde4cc41604e30c

New changelog entries:
  * New upstream release
  * Install libelf.pc and libdw.pc file.
  * Update libelf1.symbols and libdw1.symbols with 0.165 version

b114556... by Kurt Roeckx on 2015-12-26

Import patches-unapplied version 0.164-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 15d4f097dce41df87e6aac360a4e73b1b0bad395

New changelog entries:
  * New upstream release
    - Fixes sparc64 issues (Closes: #805630)
    - Drop patches applied upstream: 0001-Reduce-scope-of-some-includes.patch,
      0002-tests-Mark-an-unused-argument-as-such.patch,
      0003-tests-dwfl-bug-fd-leak-Guard-against-null-module-add.patch,
      0004-tests-skip-run-deleted.sh-when-dwfl_linux_proc_attac.patch,
      pr18792.diff
    - Remove redhat-portability.diff and scanf-format.patch
    - Update backend to use to stop using the old-style function
      definition: hppa_backend.diff, m68k_backend.diff, mips_backend.diff

15d4f09... by Matthias Klose on 2015-08-14

Import patches-unapplied version 0.163-5.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 80d2f55f2324b4be00c8c8dabea369a44d49a6c1

New changelog entries:
  * Non-maintainer upload.
  * Fix finding the detached debug info when no build-id's are used.
    Closes: #795386.

80d2f55... by Kurt Roeckx on 2015-08-08

Import patches-unapplied version 0.163-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bdcc7c880eac50a244f17f2095fa7c38a6a94481

New changelog entries:
  * Fix typo in 0003-Add-mips-n64-relocation-format-hack.patch that
    causing crash (Closes: #794488)

bdcc7c8... by Kurt Roeckx on 2015-07-21

Import patches-unapplied version 0.163-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b92ea9d7ee50fddd2af67ddfd07d81ab0687342c

New changelog entries:
  * More fixes for kfreebsd and hurd
  * Fix build failures on kfreebsd and hurd