rpms
/
elfutils
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

0.164-1 Update to elfutils-0.164 and drop old compat stuff.

This commit is contained in:
Mark Wielaard 2015-10-16 17:04:24 +02:00
parent a7b60d7ccf
commit 6d2dbb5040
8 changed files with 14 additions and 2553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -4,3 +4,4 @@
/elfutils-0.161.tar.bz2
/elfutils-0.162.tar.bz2
/elfutils-0.163.tar.bz2
/elfutils-0.164.tar.bz2

44
Makefile
View File

@ -1,44 +0,0 @@
patches := $(patsubst %,elfutils-%.patch,portability)
.PHONY: patches
patches: $(patches)
branch-portability = portable
FORCE:;
elfutils.git ?= ${HOME}/src/elfutils/.git
git-heads := $(wildcard $(elfutils.git)/refs/heads/*)
ifneq (,$(git-heads))
git-dir = git --git-dir=$(elfutils.git)
git-archive = $(git-dir) archive
get-master = master=`$(git-dir) merge-base master $$branch` && \
master=`$(git-dir) describe --tags --always $$master`
else
git-heads = FORCE
git-archive = git archive --remote=git://git.fedorahosted.org/git/elfutils.git
get-master = master=master
endif
git-%/configure: Makefile $(git-heads)
@rm -rf $(@D)
$(git-archive) --prefix=$(@D)/ $(firstword $(branch-$*) $*) | tar xf -
cd $(@D) && autoreconf -i && rm -rf autom4te.cache
elfutils-%.patch: git-%/configure
branch=$(firstword $(branch-$*) $*); \
$(get-master) && \
(set -x; $(MAKE) git-$$master/configure) && \
(set -x; diff --exclude='.gitignore' -Nrpu git-$$master $(<D)) | \
filterdiff --remove-timestamps --strip=1 --addprefix=elfutils/ > $@.new
mv $@.new $@
elfutils-portable.spec: elfutils.spec
(echo '%define _with_compat 1'; sed 's/ check$$/& || :/' $<) > $@.new
mv -f $@.new $@
rpmbuild-dirs = $(foreach what,source spec srcrpm,--define '_$(what)dir .')
.PHONY: portable-srpm
portable-srpm: elfutils-portable.spec $(patches) sources
rpmbuild-md5 $(rpmbuild-dirs) -bs $<

166
elfutils-0.163-default-yama-conf.patch
View File

@ -1,166 +0,0 @@
commit 65a818baa4bcae96c1e9516420fcd87a2db3c863
Author: Mark Wielaard <mjw@redhat.com>
Date: Tue Aug 4 12:20:20 2015 +0200
spec: Provide default-yama-scope.
When yama is enabled in the kernel it might be used to filter any user
space access which requires PTRACE_MODE_ATTACH like ptrace attach, access
to /proc/PID/{mem,personality,stack,syscall}, and the syscalls
process_vm_readv and process_vm_writev which are used for interprocess
services, communication and introspection (like synchronisation, signaling,
debugging, tracing and profiling) of processes.
These are precisely the things that libdw dwfl and ebl backends rely on.
So make sure they don't mysteriously fail in such cases by providing the
default yama scope sysctl value.
This is implemented as a separate subpackage that just provides this
functionality so other packages that don't directly rely on elfutils-libs
can also just Require: default-yama-scope to function properly.
https://bugzilla.redhat.com/show_bug.cgi?id=1209492#c69
Signed-off-by: Mark Wielaard <mjw@redhat.com>
diff --git a/config/10-default-yama-scope.conf b/config/10-default-yama-scope.conf
new file mode 100644
index 0000000..ba78ebd
--- /dev/null
+++ b/config/10-default-yama-scope.conf
@@ -0,0 +1,35 @@
+# When yama is enabled in the kernel it might be used to filter any user
+# space access which requires PTRACE_MODE_ATTACH like ptrace attach, access
+# to /proc/PID/{mem,personality,stack,syscall}, and the syscalls
+# process_vm_readv and process_vm_writev which are used for interprocess
+# services, communication and introspection (like synchronisation, signaling,
+# debugging, tracing and profiling) of processes.
+#
+# Usage of ptrace attach is restricted by normal user permissions. Normal
+# unprivileged processes cannot interact through ptrace with processes
+# that they cannot send signals to or processes that are running set-uid
+# or set-gid.
+#
+# yama ptrace scope can be used to reduce these permissions even more.
+# This should normally not be done because it will break various programs
+# relying on the default ptrace security restrictions. But can be used
+# if you don't have any other way to separate processes in their own
+# domains. A different way to restrict ptrace is to set the selinux
+# deny_ptrace boolean. Both mechanisms will break some programs relying
+# on the ptrace system call and might force users to elevate their
+# priviliges to root to do their work.
+#
+# For more information see Documentation/security/Yama.txt in the kernel
+# sources. Which also describes the defaults when CONFIG_SECURITY_YAMA
+# is enabled in a kernel build (currently 1 for ptrace_scope).
+#
+# This runtime kernel parameter can be set to the following options:
+# (Note that setting this to anything except zero will break programs!)
+#
+# 0 - Default attach security permissions.
+# 1 - Restricted attach. Only child processes plus normal permissions.
+# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
+# 3 - No attach. No process may call ptrace at all. Irrevocable.
+#
+kernel.yama.ptrace_scope = 0
+
diff --git a/config/ChangeLog b/config/ChangeLog
index 00f3ddc..31eeca7 100644
--- a/config/ChangeLog
+++ b/config/ChangeLog
@@ -1,3 +1,10 @@
+2015-08-04 Mark Wielaard <mjw@redhat.com>
+
+ * 10-default-yama-scope.conf: New file.
+ * Makefile.am (EXTRA_DIST): Add 10-default-yama-scope.conf.
+ * elfutils.spec.in (Requires): default-yama-scope.
+ (default-yama-scope): New package.
+
2015-06-19 Mark Wielaard <mjw@redhat.com>
* elfutils.spec.in: Update for 0.163.
diff --git a/config/Makefile.am b/config/Makefile.am
index 6e61b77..23f7b65 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in -*-Makefile-*-
## Configure input file for elfutils.
##
-## Copyright (C) 2004, 2005, 2008, 2009, 2011 Red Hat, Inc.
+## Copyright (C) 2004, 2005, 2008, 2009, 2011, 2015 Red Hat, Inc.
## This file is part of elfutils.
##
## This file is free software; you can redistribute it and/or modify
@@ -28,7 +28,7 @@
## the GNU Lesser General Public License along with this program. If
## not, see <http://www.gnu.org/licenses/>.
##
-EXTRA_DIST = elfutils.spec.in known-dwarf.awk
+EXTRA_DIST = elfutils.spec.in known-dwarf.awk 10-default-yama-scope.conf
if MAINTAINER_MODE
$(srcdir)/elfutils.spec.in: $(top_srcdir)/NEWS
diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in
index 5407f1a..e5f6e29 100644
--- a/config/elfutils.spec.in
+++ b/config/elfutils.spec.in
@@ -10,6 +10,7 @@ Obsoletes: libelf libelf-devel
Requires: elfutils-libelf = %{version}-%{release}
Requires: glibc >= 2.7
Requires: libstdc++
+Requires: default-yama-scope
# ExcludeArch: xxx
@@ -97,6 +98,22 @@ Conflicts: libelf-devel
The elfutils-libelf-static package contains the static archive
for libelf.
+%package default-yama-scope
+Summary: Default yama attach scope sysctl setting
+Group: Development/Tools
+License: GPLv2+ or LGPLv3+
+Provides: default-yama-scope
+BuildArch: noarch
+
+%description default-yama-scope
+Yama sysctl setting to enable default attach scope settings
+enabling programs to use ptrace attach, access to
+/proc/PID/{mem,personality,stack,syscall}, and the syscalls
+process_vm_readv and process_vm_writev which are used for
+interprocess services, communication and introspection
+(like synchronisation, signaling, debugging, tracing and
+profiling) of processes.
+
%prep
%setup -q
@@ -121,6 +138,8 @@ chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/elfutils/lib*.so*
rm -f .%{_libdir}/libasm.a
}
+install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}/10-default-yama-scope.conf
+
%check
make check
@@ -135,6 +154,9 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libelf -p /sbin/ldconfig
+%post default-yama-scope
+%sysctl_apply 10-default-yama-scope.conf
+
%files
%defattr(-,root,root)
%doc COPYING COPYING-GPLV2 COPYING-LGPLV3 README TODO CONTRIBUTING
@@ -197,6 +219,9 @@ rm -rf ${RPM_BUILD_ROOT}
%files libelf-devel-static
%{_libdir}/libelf.a
+%files default-yama-scope
+%config(noreplace) %{_sysctldir}/10-default-yama-scope.conf
+
%changelog
* Fri Jun 19 2015 Mark Wielaard <mark@gmail.com> 0.163-1
- Bug fixes only, no new features.

49
elfutils-0.163-readelf-n-undefined-shift.patch
View File

@ -1,49 +0,0 @@
commit b00a4fa78779ff0f304fa6cb34d49622679c86d4
Author: Mark Wielaard <mjw@redhat.com>
Date: Thu Sep 3 10:50:58 2015 +0200
readelf: handle_core_item large right shift triggers undefined behaviour.
The problem is this:
int n = ffs (w);
w >>= n;
The intent is to shift away up to (and including) the first least
significant bit in w. But w is an unsigned int, so 32 bits. And the
least significant bit could be bit 32 (ffs counts from 1). Unfortunately
a right shift equal to (or larger than) the length in bits of the left
hand operand is undefined behaviour. We expect w to be zero afterwards.
Which would terminate the while loop in the function. But since it is
undefined behaviour anything can happen. In this case, what will actually
happen is that w is unchanged, causing an infinite loop...
gcc -fsanitize=undefined will catch and warn about this when w = 0x80000000
https://bugzilla.redhat.com/show_bug.cgi?id=1259259
Signed-off-by: Mark Wielaard <mjw@redhat.com>
diff --git a/src/readelf.c b/src/readelf.c
index d3c2b6b..aab8b5c 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8474,8 +8474,16 @@ handle_core_item (Elf *core, const Ebl_Core_Item *item, const void *desc,
unsigned int w = negate ? ~*i : *i;
while (w != 0)
{
- int n = ffs (w);
- w >>= n;
+ /* Note that a right shift equal to (or greater than)
+ the number of bits of w is undefined behaviour. In
+ particular when the least significant bit is bit 32
+ (w = 0x8000000) then w >>= n is undefined. So
+ explicitly handle that case separately. */
+ unsigned int n = ffs (w);
+ if (n < sizeof (w) * 8)
+ w >>= n;
+ else
+ w = 0;
bit += n;
if (lastbit != 0 && lastbit + 1 == bit)

91
elfutils-0.163-unstrip-shf_info_link.patch
View File

@ -1,91 +0,0 @@
commit f9fc50c3eced243c0648fb0fbfe2c9877c25e1e4
Author: Mark Wielaard <mjw@redhat.com>
Date: Wed Jul 29 17:51:27 2015 +0200
unstrip: Handle debuginfo files with missing SHF_INFO_LINK section flags.
With GCC 5 there might be a .rela.plt section with SHF_INFO_LINK set.
Buggy binutils objdump might strip it from the section in the debug file.
Ignore such differences for relocation sections and put the flag back
if necessary.
Also improve the error message a little by only discarding the already
matched sections if there is an prelink undo section. Otherwise we will
report all sections as not matching if the file wasn't prelinked instead
of just the non-matching sections.
New testfiles generated by gcc5 and binutils objdump added.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
diff --git a/src/unstrip.c b/src/unstrip.c
index 4a8e5fa..8833094 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -867,12 +867,28 @@ compare_symbols_output (const void *a, const void *b)
#undef CMP
+/* Return true if the flags of the sections match, ignoring the SHF_INFO_LINK
+ flag if the section contains relocation information. */
+static bool
+sections_flags_match (Elf64_Xword sh_flags1, Elf64_Xword sh_flags2,
+ Elf64_Word sh_type)
+{
+ if (sh_type == SHT_REL || sh_type == SHT_RELA)
+ {
+ sh_flags1 &= ~SHF_INFO_LINK;
+ sh_flags2 &= ~SHF_INFO_LINK;
+ }
+
+ return sh_flags1 == sh_flags2;
+}
+
/* Return true iff the flags, size, and name match. */
static bool
sections_match (const struct section *sections, size_t i,
const GElf_Shdr *shdr, const char *name)
{
- return (sections[i].shdr.sh_flags == shdr->sh_flags
+ return (sections_flags_match (sections[i].shdr.sh_flags, shdr->sh_flags,
+ sections[i].shdr.sh_type)
&& (sections[i].shdr.sh_size == shdr->sh_size
|| (sections[i].shdr.sh_size < shdr->sh_size
&& section_can_shrink (&sections[i].shdr)))
@@ -930,10 +946,6 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab,
struct section *sections,
size_t nalloc, size_t nsections)
{
- /* Clear assignments that might have been bogus. */
- for (size_t i = 0; i < nalloc; ++i)
- sections[i].outscn = NULL;
-
Elf_Scn *undo = NULL;
for (size_t i = nalloc; i < nsections; ++i)
{
@@ -952,6 +964,10 @@ find_alloc_sections_prelink (Elf *debug, Elf_Data *debug_shstrtab,
size_t undo_nalloc = 0;
if (undo != NULL)
{
+ /* Clear assignments that might have been bogus. */
+ for (size_t i = 0; i < nalloc; ++i)
+ sections[i].outscn = NULL;
+
Elf_Data *undodata = elf_rawdata (undo, NULL);
ELF_CHECK (undodata != NULL,
_("cannot read '.gnu.prelink_undo' section: %s"));
@@ -1500,6 +1516,14 @@ more sections in stripped file than debug file -- arguments reversed?"));
shdr_mem.sh_size = sec->shdr.sh_size;
shdr_mem.sh_info = sec->shdr.sh_info;
shdr_mem.sh_link = sec->shdr.sh_link;
+
+ /* Buggy binutils objdump might have stripped the SHF_INFO_LINK
+ put it back if necessary. */
+ if ((sec->shdr.sh_type == SHT_REL || sec->shdr.sh_type == SHT_RELA)
+ && sec->shdr.sh_flags != shdr_mem.sh_flags
+ && (sec->shdr.sh_flags & SHF_INFO_LINK) != 0)
+ shdr_mem.sh_flags |= SHF_INFO_LINK;
+
if (sec->shdr.sh_link != SHN_UNDEF)
shdr_mem.sh_link = ndx_section[sec->shdr.sh_link - 1];
if (shdr_mem.sh_flags & SHF_INFO_LINK)

2108
elfutils-portability-0.163.patch
View File

File diff suppressed because it is too large Load Diff

106
elfutils.spec
View File

@ -1,88 +1,38 @@
Name: elfutils
Summary: A collection of utilities and DSOs to handle compiled objects
Version: 0.163
%global baserelease 4
Version: 0.164
%global baserelease 1
URL: https://fedorahosted.org/elfutils/
%global source_url http://fedorahosted.org/releases/e/l/elfutils/%{version}/
License: GPLv3+ and (GPLv2+ or LGPLv3+)
Group: Development/Tools
%if %{?_with_compat:1}%{!?_with_compat:0}
%global compat 1
%else
%global compat 0
%endif
Release: %{baserelease}%{?dist}
%global portability %{compat}
%global scanf_has_m !%{compat}
%global separate_devel_static 1
%global use_zlib 0
%global use_xz 0
%global provide_yama_scope 0
%if 0%{?rhel}
%global portability (%rhel < 6)
%global scanf_has_m (%rhel >= 6)
%global separate_devel_static (%rhel >= 6)
%global use_zlib (%rhel >= 5)
%global use_xz (%rhel >= 5)
%endif
%if 0%{?fedora}
%global portability (%fedora < 9)
%global scanf_has_m (%fedora >= 8)
%global separate_devel_static (%fedora >= 7)
%global use_zlib (%fedora >= 5)
%global use_xz (%fedora >= 10)
%global provide_yama_scope (%fedora >= 22)
%endif
%if %{compat} || %{!?rhel:6}%{?rhel} < 6
%global nocheck true
%else
%global nocheck false
%endif
%global depsuffix %{?_isa}%{!?_isa:-%{_arch}}
Source: %{?source_url}%{name}-%{version}.tar.bz2
Patch1: %{?source_url}elfutils-portability-%{version}.patch
Patch2: elfutils-0.163-unstrip-shf_info_link.patch
Patch3: elfutils-0.163-default-yama-conf.patch
Patch4: elfutils-0.163-readelf-n-undefined-shift.patch
%if !%{compat}
Release: %{baserelease}%{?dist}
%else
Release: 0.%{baserelease}
%endif
# Patches
Requires: elfutils-libelf%{depsuffix} = %{version}-%{release}
Requires: elfutils-libs%{depsuffix} = %{version}-%{release}
%if %{!?rhel:6}%{?rhel} < 6 || %{!?fedora:9}%{?fedora} < 10
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%endif
BuildRequires: gettext
BuildRequires: bison >= 1.875
BuildRequires: flex >= 2.5.4a
BuildRequires: bzip2
%if !%{compat}
BuildRequires: gcc >= 3.4
%else
BuildRequires: gcc >= 3.2
%endif
BuildRequires: gcc >= 4.4
%if %{use_zlib}
BuildRequires: zlib-devel >= 1.2.2.3
BuildRequires: bzip2-devel
%endif
%if %{use_xz}
BuildRequires: xz-devel
%endif
%global _gnu %{nil}
%global _program_prefix eu-
@ -122,9 +72,6 @@ Provides: elfutils-devel%{depsuffix} = %{version}-%{release}
%endif
Requires: elfutils-libs%{depsuffix} = %{version}-%{release}
Requires: elfutils-libelf-devel%{depsuffix} = %{version}-%{release}
%if !%{separate_devel_static}
Requires: elfutils-devel-static%{depsuffix} = %{version}-%{release}
%endif
%description devel
The elfutils-devel package contains the libraries to create
@ -170,9 +117,6 @@ License: GPLv2+ or LGPLv3+
Provides: elfutils-libelf-devel%{depsuffix} = %{version}-%{release}
%endif
Requires: elfutils-libelf%{depsuffix} = %{version}-%{release}
%if !%{separate_devel_static}
Requires: elfutils-libelf-devel-static%{depsuffix} = %{version}-%{release}
%endif
Obsoletes: libelf-devel <= 0.8.2-2
%description libelf-devel
@ -217,26 +161,7 @@ profiling) of processes.
%prep
%setup -q
: 'compat=%compat'
: 'portability=%portability'
: 'separate_devel_static=%separate_devel_static'
: 'scanf_has_m=%scanf_has_m'
%if %{portability}
%patch1 -p1 -b .portability
sleep 1
find . \( -name Makefile.in -o -name aclocal.m4 \) -print | xargs touch
sleep 1
find . \( -name configure -o -name config.h.in \) -print | xargs touch
%else
%if !%{scanf_has_m}
sed -i.scanf-m -e 's/%m/%a/g' src/addr2line.c tests/line2addr.c
%endif
%endif
%patch2 -p1 -b .shf_info_link
%patch3 -p1 -b .yama_scope
%patch4 -p1 -b .right_shift
# Apply patches
find . -name \*.sh ! -perm -0100 -print | xargs chmod +x
@ -247,21 +172,10 @@ find . -name \*.sh ! -perm -0100 -print | xargs chmod +x
# But add -Wformat explicitly for use with -Werror=format-security which
# doesn't work without -Wformat (enabled by -Wall).
RPM_OPT_FLAGS="${RPM_OPT_FLAGS/-Wall/}"
%if !%{compat}
RPM_OPT_FLAGS="${RPM_OPT_FLAGS} -Wformat"
%endif
%if %{compat}
# Some older glibc headers can run afoul of -Werror all by themselves.
# Disabling the fancy inlines avoids those problems.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -D__NO_INLINE__"
COMPAT_CONFIG_FLAGS="--disable-werror"
%else
COMPAT_CONFIG_FLAGS=""
%endif
trap 'cat config.log' EXIT
%configure $COMPAT_CONFIG_FLAGS CFLAGS="$RPM_OPT_FLAGS -fexceptions"
%configure CFLAGS="$RPM_OPT_FLAGS -fexceptions"
trap '' EXIT
make -s %{?_smp_mflags}
@ -284,7 +198,7 @@ install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}
%endif
%check
make -s %{?_smp_mflags} check || (cat tests/test-suite.log; %{nocheck})
make -s %{?_smp_mflags} check || (cat tests/test-suite.log; false)
%clean
rm -rf ${RPM_BUILD_ROOT}
@ -381,6 +295,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Fri Oct 16 2015 Mark Wielaard <mjw@redhat.com> - 0.164-1
- Update to elfutils-0.164
- Drop old compat stuff
* Mon Sep 07 2015 Mark Wielaard <mjw@redhat.com> - 0.163-4
- Add elfutils-0.163-readelf-n-undefined-shift.patch (#1259259)

2
sources
View File

@ -1 +1 @@
77ce87f259987d2e54e4d87b86cbee41 elfutils-0.163.tar.bz2
2e4536c1c48034f188a80789a59114d8 elfutils-0.164.tar.bz2