From 444b64f5338131cedf983fe107023aaee5ce2e47 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Mon, 22 May 2017 10:35:10 +0800 Subject: [PATCH] libunwind: update to 1.2 Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new tarball is released yet Signed-off-by: Yousong Zhou (cherry picked from commit 5d48dc1146171520445c43ee894d9dfce09ae4e2) --- package/libs/libunwind/Makefile | 10 ++-- .../libunwind/patches/001-disable-tests.patch | 21 ++------- .../patches/004-add-missing-unwind_i.h.patch | 46 +++++++++++++++++++ 3 files changed, 58 insertions(+), 19 deletions(-) create mode 100644 package/libs/libunwind/patches/004-add-missing-unwind_i.h.patch diff --git a/package/libs/libunwind/Makefile b/package/libs/libunwind/Makefile index 7d51f7487d..ba22664b28 100644 --- a/package/libs/libunwind/Makefile +++ b/package/libs/libunwind/Makefile @@ -1,5 +1,6 @@ # # Copyright (C) 2008-2013 OpenWrt.org +# Copyright (C) 2017 Yousong Zhou # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libunwind -PKG_VERSION:=1.1 +PKG_VERSION:=1.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SAVANNAH/$(PKG_NAME) -PKG_HASH:=9dfe0fcae2a866de9d3942c66995e4b460230446887dbdab302d41a8aee8d09a +PKG_HASH:=1de38ffbdc88bd694d10081865871cd2bfbb02ad8ef9e1606aee18d65532b992 PKG_FIXUP:=autoreconf PKG_INSTALL:=1 @@ -36,7 +37,10 @@ define Package/libunwind/description Libunwind defines a portable and efficient C programming interface (API) to determine the call-chain of a program. endef -CONFIGURE_ARGS += --enable-minidebuginfo=no +CONFIGURE_ARGS += \ + --disable-documentation \ + --enable-minidebuginfo=no \ + define Package/libunwind/install $(INSTALL_DIR) $(1)/usr/lib diff --git a/package/libs/libunwind/patches/001-disable-tests.patch b/package/libs/libunwind/patches/001-disable-tests.patch index 9700fea477..667b6a71e2 100644 --- a/package/libs/libunwind/patches/001-disable-tests.patch +++ b/package/libs/libunwind/patches/001-disable-tests.patch @@ -1,22 +1,11 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -36,7 +36,7 @@ +@@ -42,7 +42,7 @@ endif nodist_include_HEADERS = include/libunwind-common.h --SUBDIRS = src tests doc -+SUBDIRS = src doc +-SUBDIRS = src tests ++SUBDIRS = src - noinst_HEADERS = include/dwarf.h include/dwarf_i.h include/dwarf-eh.h \ - include/compiler.h include/libunwind_i.h include/mempool.h \ ---- a/Makefile.in -+++ b/Makefile.in -@@ -313,7 +313,7 @@ - $(am__append_7) $(am__append_8) $(am__append_9) \ - $(am__append_10) - nodist_include_HEADERS = include/libunwind-common.h --SUBDIRS = src tests doc -+SUBDIRS = src doc - noinst_HEADERS = include/dwarf.h include/dwarf_i.h include/dwarf-eh.h \ - include/compiler.h include/libunwind_i.h include/mempool.h \ - include/remote.h \ + if CONFIG_DOCS + SUBDIRS += doc diff --git a/package/libs/libunwind/patches/004-add-missing-unwind_i.h.patch b/package/libs/libunwind/patches/004-add-missing-unwind_i.h.patch new file mode 100644 index 0000000000..55a68494cc --- /dev/null +++ b/package/libs/libunwind/patches/004-add-missing-unwind_i.h.patch @@ -0,0 +1,46 @@ +--- /dev/null 2017-05-16 16:52:50.220000000 +0800 ++++ b/src/mips/unwind_i.h 2016-06-13 11:43:06.310153501 +0800 +@@ -0,0 +1,43 @@ ++/* libunwind - a platform-independent unwind library ++ Copyright (C) 2008 CodeSourcery ++ ++This file is part of libunwind. ++ ++Permission is hereby granted, free of charge, to any person obtaining ++a copy of this software and associated documentation files (the ++"Software"), to deal in the Software without restriction, including ++without limitation the rights to use, copy, modify, merge, publish, ++distribute, sublicense, and/or sell copies of the Software, and to ++permit persons to whom the Software is furnished to do so, subject to ++the following conditions: ++ ++The above copyright notice and this permission notice shall be ++included in all copies or substantial portions of the Software. ++ ++THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ ++ ++#ifndef unwind_i_h ++#define unwind_i_h ++ ++#include ++ ++#include ++ ++#include "libunwind_i.h" ++ ++#define mips_lock UNW_OBJ(lock) ++#define mips_local_resume UNW_OBJ(local_resume) ++#define mips_local_addr_space_init UNW_OBJ(local_addr_space_init) ++ ++extern int mips_local_resume (unw_addr_space_t as, unw_cursor_t *cursor, ++ void *arg); ++ ++extern void mips_local_addr_space_init (void); ++ ++#endif /* unwind_i_h */ -- 2.25.1