head 1.2; access; symbols pkgsrc-2014Q4:1.1.0.66 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.64 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.62 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.60 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.58 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.56 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.54 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.52 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.50 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.48 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.46 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.44 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.42 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.40 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.38 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.36 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.34 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.32 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.30 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.28 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.26 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.24 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.22 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.20 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.18 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.16 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.14 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.12 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.10 pkgsrc-2008Q1:1.1.0.8 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.6 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.4 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2015.03.15.14.56.46; author bsiegert; state dead; branches; next 1.1; commitid VL4agd9m2RVuiIdy; 1.1 date 2007.07.03.12.41.18; author lkundrak; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2007.07.03.12.41.18; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2007.07.28.22.57.13; author ghen; state Exp; branches; next ; desc @@ 1.2 log @Move wip/gdb (version 7.9) over the 5.x version that has been here for a long time and that does not even support amd64. The old gdb version, for those with a penchant for historic software, can be found as devel/gdb5. @ text @$NetBSD: patch-ap,v 1.1 2007/07/03 12:41:18 lkundrak Exp $ Patch for CVE-2005-1704 sucked from upstream. * elfcode.h (elf_object_p): Add more sanity checks on elf header. --- bfd/elfcode.h.orig 2002-07-07 11:10:39.000000000 +0200 +++ bfd/elfcode.h @@@@ -683,8 +683,13 @@@@ elf_object_p (abfd) if (i_ehdrp->e_shoff != 0) { + bfd_signed_vma where = i_ehdrp->e_shoff; + + if (where != (file_ptr) where) + goto got_wrong_format_error; + /* Seek to the section header table in the file. */ - if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0) + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) goto got_no_match; /* Read the first section header at index 0, and convert to internal @@@@ -697,13 +702,50 @@@@ elf_object_p (abfd) /* If the section count is zero, the actual count is in the first section header. */ if (i_ehdrp->e_shnum == SHN_UNDEF) - i_ehdrp->e_shnum = i_shdr.sh_size; + { + i_ehdrp->e_shnum = i_shdr.sh_size; + if (i_ehdrp->e_shnum != i_shdr.sh_size) + goto got_wrong_format_error; + } /* And similarly for the string table index. */ if (i_ehdrp->e_shstrndx == SHN_XINDEX) - i_ehdrp->e_shstrndx = i_shdr.sh_link; + { + i_ehdrp->e_shstrndx = i_shdr.sh_link; + if (i_ehdrp->e_shstrndx != i_shdr.sh_link) + goto got_wrong_format_error; + } + + /* Sanity check that we can read all of the section headers. + It ought to be good enough to just read the last one. */ + if (i_ehdrp->e_shnum != 1) + { + /* Check that we don't have a totally silly number of sections. */ + if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr)) + goto got_wrong_format_error; + + where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr); + if (where != (file_ptr) where) + goto got_wrong_format_error; + if ((bfd_size_type) where <= i_ehdrp->e_shoff) + goto got_wrong_format_error; + + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) + goto got_no_match; + + /* Back to where we were. */ + where = i_ehdrp->e_shoff + sizeof (x_shdr); + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + } } + /* A further sanity check. */ + if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum) + goto got_wrong_format_error; + /* Allocate space for a copy of the section header table in internal form. */ if (i_ehdrp->e_shnum != 0) @ 1.1 log @Fixes for CVE-2005-1704 and CVE-2005-1705. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ap was added on branch pkgsrc-2007Q2 on 2007-07-28 22:57:13 +0000 @ text @d1 75 @ 1.1.2.2 log @Pullup ticket 2134 - requested by lkundrak security fix for gdb - pkgsrc/devel/gdb/Makefile 1.34 - pkgsrc/devel/gdb/distinfo 1.9-1.10 - pkgsrc/devel/gdb/patches/patch-am 1.2 - pkgsrc/devel/gdb/patches/patch-ap 1.1 - pkgsrc/devel/gdb/patches/patch-aq 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Tue Jul 3 12:41:19 UTC 2007 Modified Files: pkgsrc/devel/gdb: Makefile distinfo Added Files: pkgsrc/devel/gdb/patches: patch-ap patch-aq Log Message: Fixes for CVE-2005-1704 and CVE-2005-1705. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: lkundrak Date: Wed Jul 11 13:12:02 UTC 2007 Modified Files: pkgsrc/devel/gdb: distinfo pkgsrc/devel/gdb/patches: patch-am Log Message: Attempt to fix build on >1.6 @ text @a0 75 $NetBSD$ Patch for CVE-2005-1704 sucked from upstream. * elfcode.h (elf_object_p): Add more sanity checks on elf header. --- bfd/elfcode.h.orig 2002-07-07 11:10:39.000000000 +0200 +++ bfd/elfcode.h @@@@ -683,8 +683,13 @@@@ elf_object_p (abfd) if (i_ehdrp->e_shoff != 0) { + bfd_signed_vma where = i_ehdrp->e_shoff; + + if (where != (file_ptr) where) + goto got_wrong_format_error; + /* Seek to the section header table in the file. */ - if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0) + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) goto got_no_match; /* Read the first section header at index 0, and convert to internal @@@@ -697,13 +702,50 @@@@ elf_object_p (abfd) /* If the section count is zero, the actual count is in the first section header. */ if (i_ehdrp->e_shnum == SHN_UNDEF) - i_ehdrp->e_shnum = i_shdr.sh_size; + { + i_ehdrp->e_shnum = i_shdr.sh_size; + if (i_ehdrp->e_shnum != i_shdr.sh_size) + goto got_wrong_format_error; + } /* And similarly for the string table index. */ if (i_ehdrp->e_shstrndx == SHN_XINDEX) - i_ehdrp->e_shstrndx = i_shdr.sh_link; + { + i_ehdrp->e_shstrndx = i_shdr.sh_link; + if (i_ehdrp->e_shstrndx != i_shdr.sh_link) + goto got_wrong_format_error; + } + + /* Sanity check that we can read all of the section headers. + It ought to be good enough to just read the last one. */ + if (i_ehdrp->e_shnum != 1) + { + /* Check that we don't have a totally silly number of sections. */ + if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr)) + goto got_wrong_format_error; + + where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr); + if (where != (file_ptr) where) + goto got_wrong_format_error; + if ((bfd_size_type) where <= i_ehdrp->e_shoff) + goto got_wrong_format_error; + + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) + goto got_no_match; + + /* Back to where we were. */ + where = i_ehdrp->e_shoff + sizeof (x_shdr); + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + } } + /* A further sanity check. */ + if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum) + goto got_wrong_format_error; + /* Allocate space for a copy of the section header table in internal form. */ if (i_ehdrp->e_shnum != 0) @