Summary: | <dev-libs/elfutils-0.173-r1: dwfl_segment_report_module doesn't check whether the dyn data read from core | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dimitris Nakos (sokan) <sokan> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bman, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=24103 | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: |
=dev-libs/elfutils-0.173-r1
|
Runtime testing required: | No |
Description
Dimitris Nakos (sokan)
2019-01-29 14:23:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d21856c6b7ba9348121de36979d22d94fb0bfc16 commit d21856c6b7ba9348121de36979d22d94fb0bfc16 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-01-29 21:55:33 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-01-29 21:56:18 +0000 dev-libs/elfutils: fix parsing of partial core, bug #676794 Reported-by: Demetris Nakos Bug: https://bugs.gentoo.org/676794 Bug: https://sourceware.org/PR24103 Package-Manager: Portage-2.3.59, Repoman-2.3.12 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-libs/elfutils/elfutils-0.173-r1.ebuild | 69 ++++++++++++++++++++++ ...utils-0.175.ebuild => elfutils-0.175-r1.ebuild} | 7 ++- .../files/elfutils-0.173-partial-core.patch | 34 +++++++++++ 3 files changed, 108 insertions(+), 2 deletions(-) @arches, please stabilize amd64 stable (In reply to Aaron Bauman from comment #2) > @arches, please stabilize Did you get an ACK from the maintainer to start stabilization? >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug #671760 (In reply to Sergei Trofimovich from comment #4) > (In reply to Aaron Bauman from comment #2) > > @arches, please stabilize > > Did you get an ACK from the maintainer to start stabilization? > >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug > #671760 Are you intentionally referencing a bug closed over a month ago? (In reply to Aaron Bauman from comment #5) > (In reply to Sergei Trofimovich from comment #4) > > (In reply to Aaron Bauman from comment #2) > > > @arches, please stabilize > > > > Did you get an ACK from the maintainer to start stabilization? > > >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug > > #671760 > > Are you intentionally referencing a bug closed over a month ago? Read the bug a little better. It was resolved by unmasking elfutils since the appropriate binutils version was now ~arch. That doesn't mean we can stabilize that version yet. If stable elfutils is broken with stable binutils, that's a problem. As far as I can tell, that's the current situation. (In reply to Aaron Bauman from comment #5) > (In reply to Sergei Trofimovich from comment #4) > > (In reply to Aaron Bauman from comment #2) > > > @arches, please stabilize > > > > Did you get an ACK from the maintainer to start stabilization? > > >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug > > #671760 > > Are you intentionally referencing a bug closed over a month ago? The bug is relevant. Can I get an answer to my question please? I'll state it again: Did you get an ACK from the maintainer to start stabilization? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef6ada6d119ed6afccc9d6fb2006bc3e2814b40 commit 7ef6ada6d119ed6afccc9d6fb2006bc3e2814b40 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2019-04-06 15:23:54 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2019-04-06 15:24:59 +0000 dev-libs/elfutils: Undo stabilization of 0.176 Stabilization was initiated without acknowledgment by toolchain The result of the stabilization is a configuration in stable that is unable to build the kernel, see bug 671760. Bug: https://bugs.gentoo.org/676794 Bug: https://bugs.gentoo.org/671760 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> dev-libs/elfutils/elfutils-0.176.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm stable, all arches done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b740d8df7d2c6bf9b80ed91eb930434428761176 commit b740d8df7d2c6bf9b80ed91eb930434428761176 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-04-09 06:58:03 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-04-09 06:59:30 +0000 dev-libs/elfutils: revert "arm stable, bug #676794" This reverts commit 24fbdabc1ca529b754949c782c791f40896f475e. Bug: https://bugs.gentoo.org/676794 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-libs/elfutils/elfutils-0.176.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Arches please stabilize: dev-libs/elfutils-0.173-r1 (NOTE: 173-r1, NOT 176-r1 !) Special test instructions: Build a kernel. (cf. bug 671760 for background) amd64 stable x86 stable sparc stable arm64 stable arm stable ppc64 stable ppc stable s390 stable ia64 stable hppa stable by jer alpha stable |