NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28e91cf3a0
kumquat-buildroot/package/elfutils/elfutils.mk
Peter Korsgaard 6a74acb6fb elfutils: security bump to version 0.174 
Fixes the following security issues:

CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils
before 2018-08-18 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted file.

CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers
to cause a denial of service (double free and application crash) or possibly
have unspecified other impact because it tries to decompress twice.

CVE-2018-16403: libdw in elfutils 0.173 checks the end of the attributes
list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr
in dwarf_hasattr.c, leading to a heap-based buffer over-read and an
application crash.

For more details, see the announcement:
https://sourceware.org/ml/elfutils-devel/2018-q3/msg00116.html

0.172 and 0.173 also included fixes for crashes and hangs found by afl-fuzz
(no CVEs assigned):
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00272.html
https://sourceware.org/ml/elfutils-devel/2018-q2/msg00209.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-13 09:16:58 +01:00

78 lines
2.1 KiB
Makefile
Raw Blame History

################################################################################
#
# elfutils
#
################################################################################
ELFUTILS_VERSION = 0.174
ELFUTILS_SOURCE = elfutils-$(ELFUTILS_VERSION).tar.bz2
ELFUTILS_SITE = https://sourceware.org/elfutils/ftp/$(ELFUTILS_VERSION)
ELFUTILS_INSTALL_STAGING = YES
ELFUTILS_LICENSE = GPL-2.0+ or LGPL-3.0+ (library)
ELFUTILS_LICENSE_FILES = COPYING COPYING-GPLV2 COPYING-LGPLV3
ELFUTILS_DEPENDENCIES = zlib $(TARGET_NLS_DEPENDENCIES)
HOST_ELFUTILS_DEPENDENCIES = host-zlib host-bzip2 host-xz
# We patch configure.ac
ELFUTILS_AUTORECONF = YES
HOST_ELFUTILS_AUTORECONF = YES
# Pass a custom program prefix to avoid a naming conflict between
# elfutils binaries and binutils binaries.
ELFUTILS_CONF_OPTS += \
--program-prefix="eu-"
HOST_ELFUTILS_CONF_OPTS = \
--with-bzlib \
--with-lzma \
--disable-progs
# elfutils gets confused when lfs mode is forced, so don't
ELFUTILS_CFLAGS = $(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CFLAGS))
ELFUTILS_CPPFLAGS = $(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CPPFLAGS))
# sparc64 needs -fPIC instead of -fpic
ifeq ($(BR2_sparc64),y)
ELFUTILS_CFLAGS += -fPIC
endif
ELFUTILS_CONF_ENV += \
CFLAGS="$(ELFUTILS_CFLAGS)" \
CPPFLAGS="$(ELFUTILS_CPPFLAGS)"
ELFUTILS_LDFLAGS = $(TARGET_LDFLAGS) \
$(TARGET_NLS_LIBS)
ELFUTILS_CONF_ENV += \
LDFLAGS="$(ELFUTILS_LDFLAGS)"
ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
ELFUTILS_DEPENDENCIES += argp-standalone
ELFUTILS_CONF_OPTS += --disable-symbol-versioning
endif
ifeq ($(BR2_PACKAGE_BZIP2),y)
ELFUTILS_DEPENDENCIES += bzip2
ELFUTILS_CONF_OPTS += --with-bzlib
else
ELFUTILS_CONF_OPTS += --without-bzlib
endif
ifeq ($(BR2_PACKAGE_XZ),y)
ELFUTILS_DEPENDENCIES += xz
ELFUTILS_CONF_OPTS += --with-lzma
else
ELFUTILS_CONF_OPTS += --without-lzma
endif
ifeq ($(BR2_PACKAGE_ELFUTILS_PROGS),y)
ELFUTILS_CONF_OPTS += --enable-progs
ELFUTILS_LICENSE := $(ELFUTILS_LICENSE), GPL-3.0+ (programs)
ELFUTILS_LICENSE_FILES += COPYING
else
ELFUTILS_CONF_OPTS += --disable-progs
endif
$(eval $(autotools-package))
$(eval $(host-autotools-package))
Reference in New Issue View Git Blame Copy Permalink