[insight/f18] * Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs - Path "objalloc" to fix

Patrick Monnerat monnerat at fedoraproject.org
Thu Nov 15 18:39:44 UTC 2012 

commit aa792a63b9b4960d44f0bbe477d49f0d8dcad91f
Author: Patrick Monnerat <pm at datasphere.ch>
Date:   Thu Nov 15 19:39:16 2012 +0100

    * Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs
    - Path "objalloc" to fix libiberty security bug CVE-2012-3509.
      https://bugzilla.redhat.com/show_bug.cgi?id=877014
    - Enable Python to support STL extensions.
      https://bugzilla.redhat.com/show_bug.cgi?id=865554

 insight-7.4.50-objalloc.patch |   47 +++++++++++++++++++++++++++++++++++++++++
 insight.spec                  |   38 +++++++++++++++++++++------------
 2 files changed, 71 insertions(+), 14 deletions(-)
---
diff --git a/insight-7.4.50-objalloc.patch b/insight-7.4.50-objalloc.patch
new file mode 100644
index 0000000..0f4d413
--- /dev/null
+++ b/insight-7.4.50-objalloc.patch
@@ -0,0 +1,47 @@
+diff -Naur insight-7.4.50.orig/libiberty/ChangeLog insight-7.4.50.new/libiberty/ChangeLog
+--- insight-7.4.50.orig/libiberty/ChangeLog	2012-04-02 20:50:26.000000000 +0200
++++ insight-7.4.50.new/libiberty/ChangeLog	2012-11-15 18:21:07.340564549 +0100
+@@ -1,3 +1,9 @@
++2012-09-18  Florian Weimer  <fweimer at redhat.com>
++
++	PR other/54411
++	* objalloc.c (_objalloc_alloc): Add overflow check covering
++	alignment and CHUNK_HEADER_SIZE addition.
++
+ 2012-04-02  Tristan Gingold  <gingold at adacore.com>
+ 
+ 	* stack-limit.c: Includes ansidecl.h.
+diff -Naur insight-7.4.50.orig/libiberty/objalloc.c insight-7.4.50.new/libiberty/objalloc.c
+--- insight-7.4.50.orig/libiberty/objalloc.c	2005-07-22 05:26:05.000000000 +0200
++++ insight-7.4.50.new/libiberty/objalloc.c	2012-11-15 18:19:12.102878869 +0100
+@@ -1,5 +1,5 @@
+ /* objalloc.c -- routines to allocate memory for objects
+-   Copyright 1997 Free Software Foundation, Inc.
++   Copyright 1997-2012 Free Software Foundation, Inc.
+    Written by Ian Lance Taylor, Cygnus Solutions.
+ 
+ This program is free software; you can redistribute it and/or modify it
+@@ -112,8 +112,10 @@
+ /* Allocate space from an objalloc structure.  */
+ 
+ PTR
+-_objalloc_alloc (struct objalloc *o, unsigned long len)
++_objalloc_alloc (struct objalloc *o, unsigned long original_len)
+ {
++  unsigned long len = original_len;
++
+   /* We avoid confusion from zero sized objects by always allocating
+      at least 1 byte.  */
+   if (len == 0)
+@@ -121,6 +123,11 @@
+ 
+   len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);
+ 
++  /* Check for overflow in the alignment operation above and the
++     malloc argument below. */
++  if (len + CHUNK_HEADER_SIZE < original_len)
++    return NULL;
++
+   if (len <= o->current_space)
+     {
+       o->current_ptr += len;
diff --git a/insight.spec b/insight.spec
index 524ed3b..99482c3 100644
--- a/insight.spec
+++ b/insight.spec
@@ -14,7 +14,7 @@
 
 Name:		insight
 Version:	%(echo %{ver} | tr - .)
-Release:	3.%{snap}cvs%{?dist}
+Release:	4.%{snap}cvs%{?dist}
 Summary:	Graphical debugger based on GDB
 License:	GPLv3+
 Group:		Development/Debuggers
@@ -29,28 +29,30 @@ Provides:	bundled(binutils) = %{snap}
 Provides:	bundled(gnulib) = %{snap}
 Provides:	bundled(libiberty) = %{snap}
 Provides:	bundled(md5-gcc) = %{snap}
-BuildRequires:	tcl-devel
-BuildRequires:	tk-devel
-BuildRequires:	itcl-devel >= 3.3
-BuildRequires:	itk-devel >= 3.3
+BuildRequires:	tcl-devel%{?_isa}
+BuildRequires:	tk-devel%{?_isa}
+BuildRequires:	itcl-devel%{?_isa} >= 3.3
+BuildRequires:	itk-devel%{?_isa} >= 3.3
 BuildRequires:	iwidgets
-BuildRequires:	ncurses-devel
-BuildRequires:	readline-devel >= 6.0
-BuildRequires:	expat-devel
-BuildRequires:	ImageMagick
-BuildRequires:	desktop-file-utils
-BuildRequires:	autogen
+BuildRequires:	ncurses-devel%{?_isa}
+BuildRequires:	readline-devel%{?_isa} >= 6.0
+BuildRequires:	expat-devel%{?_isa}
+BuildRequires:	python-devel%{?_isa}
+BuildRequires:	ImageMagick%{?_isa}
+BuildRequires:	desktop-file-utils%{?_isa}
+BuildRequires:	autogen%{?_isa}
 BuildRequires:	automake
 BuildRequires:	autoconf
-BuildRequires:	bison
-BuildRequires:	flex
-BuildRequires:	texinfo
+BuildRequires:	bison%{?_isa}
+BuildRequires:	flex%{?_isa}
+BuildRequires:	texinfo%{?_isa}
 Patch1:		insight-7.4.50-relocate.patch
 Patch2:		insight-7.4.50-readline-system.patch
 Patch3:		insight-7.4.50-unbundle.patch
 Patch4:		insight-7.4.50-acversion.patch
 Patch5:		insight-7.4.50-sig2dead.patch
 Patch6:		insight-7.4.50-sizesizet.patch
+Patch7:		insight-7.4.50-objalloc.patch
 
 #	Some patches from gdb.
 
@@ -120,6 +122,7 @@ GDB version 6.x.
 %patch4 -p1 -b .acversion
 %patch5 -p1 -b .sig2dead
 %patch6 -p1 -b .sizesizet
+%patch7 -p1 -b .objalloc
 
 %patch100 -p 1 -b .ppc64syscall
 %patch101 -p 1 -b .ppc64displaysymbol
@@ -210,6 +213,7 @@ done
 		--with-expat						\
 		--with-tclinclude="${TCL_SRC_DIR}"			\
 		--with-tkinclude="${TK_SRC_DIR}"			\
+		--with-python=yes					\
 %ifarch ia64
 		--with-libunwind					\
 %else
@@ -302,6 +306,12 @@ rm -rf "${RPM_BUILD_ROOT}"
 %changelog
 #-------------------------------------------------------------------------------
 
+* Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs
+- Path "objalloc" to fix libiberty security bug CVE-2012-3509.
+  https://bugzilla.redhat.com/show_bug.cgi?id=877014
+- Enable Python to support STL extensions.
+  https://bugzilla.redhat.com/show_bug.cgi?id=865554
+
 * Fri Jul 20 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-3.20120403cvs
 - Patch "structsiginfo" to replace occurrences of "struct siginfo" by
   "siginfo_t".

More information about the scm-commits mailing list