futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gnu: upx: Update to 3.96.

Browse Source 
* gnu/packages/compression.scm (upx): Update to 3.96.
[source]: Remove patch.
[arguments]: Remove CHECK_WHITESPACE work-around.
[properties]: Remove obsolete hidden CVE.
* gnu/packages/patches/upx-fix-CVE-2017-15056.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Tobias Geerinckx-Rice 2020-02-17 04:55:47 +01:00
parent de5bc83cd3
commit f5255ed3d3
No known key found for this signature in database
GPG Key ID: 0DB0FF884F556D79
3 changed files with 3 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -1465,7 +1465,6 @@ dist_patch_DATA = \
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
%D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/util-linux-tests.patch \
%D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/upx-fix-CVE-2017-15056.patch \
%D%/packages/patches/valgrind-enable-arm.patch \ %D%/packages/patches/valgrind-enable-arm.patch \
%D%/packages/patches/vboot-utils-fix-format-load-address.patch \ %D%/packages/patches/vboot-utils-fix-format-load-address.patch \
%D%/packages/patches/vboot-utils-fix-tests-show-contents.patch \ %D%/packages/patches/vboot-utils-fix-tests-show-contents.patch \

15
gnu/packages/compression.scm
View File

@ -1903,15 +1903,14 @@ decompression is a little bit slower.")
(define-public upx (define-public upx
(package (package
(name "upx") (name "upx")
(version "3.94") (version "3.96")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://github.com/upx/upx/releases/download/v" (uri (string-append "https://github.com/upx/upx/releases/download/v"
version "/upx-" version "-src.tar.xz")) version "/upx-" version "-src.tar.xz"))
(sha256 (sha256
(base32 (base32
"08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1")) "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7"))))
(patches (search-patches "upx-fix-CVE-2017-15056.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(native-inputs (native-inputs
`(("perl" ,perl))) `(("perl" ,perl)))
@ -1920,10 +1919,7 @@ decompression is a little bit slower.")
("zlib" ,zlib))) ("zlib" ,zlib)))
(arguments (arguments
`(#:make-flags `(#:make-flags
(list "all" (list "all")
;; CHECK_WHITESPACE does not seem to work.
;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/upx.
"CHECK_WHITESPACE=true")
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
(delete 'configure) (delete 'configure)
@ -1945,11 +1941,6 @@ decompression is a little bit slower.")
#t)) #t))
))) )))
(home-page "https://upx.github.io/") (home-page "https://upx.github.io/")
;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix.
;; See https://github.com/upx/upx/issues/146 and
;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869.
;; The issue will be fixed after version 3.94.
(properties `((lint-hidden-cve . ("CVE-2017-16869"))))
(synopsis "Compression tool for executables") (synopsis "Compression tool for executables")
(description (description
"The Ultimate Packer for eXecutables (UPX) is an executable file "The Ultimate Packer for eXecutables (UPX) is an executable file

96
gnu/packages/patches/upx-fix-CVE-2017-15056.patch
View File

@ -1,96 +0,0 @@
From 3e0c2966dffb5dadb512a476ef4be3d0cc51c2be Mon Sep 17 00:00:00 2001
From: Pierre Neidhardt <ambrevar@gmail.com>
Date: Sat, 16 Jun 2018 16:35:00 +0200
Subject: [PATCH] Protect against bad crafted input
Also check for wrap-around when checking oversize involving e_shoff and e_shnum.
raised by https://github.com/upx/upx/pull/190
modified: p_lx_elf.cpp
---
src/p_lx_elf.cpp | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 822a7652..41e805ee 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -235,8 +235,17 @@ PackLinuxElf32::PackLinuxElf32help1(InputFile *f)
sz_phdrs = 0;
return;
}
+ if (0==e_phnum) throwCantUnpack("0==e_phnum");
e_phoff = get_te32(&ehdri.e_phoff);
+ unsigned const last_Phdr = e_phoff + e_phnum * sizeof(Elf32_Phdr);
+ if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) {
+ throwCantUnpack("bad e_phoff");
+ }
e_shoff = get_te32(&ehdri.e_shoff);
+ unsigned const last_Shdr = e_shoff + e_shnum * sizeof(Elf32_Shdr);
+ if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) {
+ throwCantUnpack("bad e_shoff");
+ }
sz_phdrs = e_phnum * e_phentsize;
if (f && Elf32_Ehdr::ET_DYN!=e_type) {
@@ -599,8 +608,17 @@ PackLinuxElf64::PackLinuxElf64help1(InputFile *f)
sz_phdrs = 0;
return;
}
+ if (0==e_phnum) throwCantUnpack("0==e_phnum");
e_phoff = get_te64(&ehdri.e_phoff);
+ upx_uint64_t const last_Phdr = e_phoff + e_phnum * sizeof(Elf64_Phdr);
+ if (last_Phdr < e_phoff || (unsigned long)file_size < last_Phdr) {
+ throwCantUnpack("bad e_phoff");
+ }
e_shoff = get_te64(&ehdri.e_shoff);
+ upx_uint64_t const last_Shdr = e_shoff + e_shnum * sizeof(Elf64_Shdr);
+ if (last_Shdr < e_shoff || (unsigned long)file_size < last_Shdr) {
+ throwCantUnpack("bad e_shoff");
+ }
sz_phdrs = e_phnum * e_phentsize;
if (f && Elf64_Ehdr::ET_DYN!=e_type) {
@@ -3763,6 +3781,9 @@ void PackLinuxElf64::pack4(OutputFile *fo, Filter &ft)
void PackLinuxElf64::unpack(OutputFile *fo)
{
+ if (e_phoff != sizeof(Elf64_Ehdr)) {// Phdrs not contiguous with Ehdr
+ throwCantUnpack("bad e_phoff");
+ }
unsigned const c_phnum = get_te16(&ehdri.e_phnum);
upx_uint64_t old_data_off = 0;
upx_uint64_t old_data_len = 0;
@@ -3828,6 +3849,9 @@ void PackLinuxElf64::unpack(OutputFile *fo)
unsigned total_out = 0;
unsigned c_adler = upx_adler32(NULL, 0);
unsigned u_adler = upx_adler32(NULL, 0);
+ if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
+ throwCantUnpack("bad compressed e_phnum");
+ }
// Packed ET_EXE has no PT_DYNAMIC.
// Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
@@ -4383,6 +4407,9 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const
void PackLinuxElf32::unpack(OutputFile *fo)
{
+ if (e_phoff != sizeof(Elf32_Ehdr)) {// Phdrs not contiguous with Ehdr
+ throwCantUnpack("bad e_phoff");
+ }
unsigned const c_phnum = get_te16(&ehdri.e_phnum);
unsigned old_data_off = 0;
unsigned old_data_len = 0;
@@ -4449,6 +4476,9 @@ void PackLinuxElf32::unpack(OutputFile *fo)
unsigned total_out = 0;
unsigned c_adler = upx_adler32(NULL, 0);
unsigned u_adler = upx_adler32(NULL, 0);
+ if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
+ throwCantUnpack("bad compressed e_phnum");
+ }
// Packed ET_EXE has no PT_DYNAMIC.
// Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
--
2.17.0