0.176-1 - New upstream release.

- backends: riscv improved core file and return value location support.
- Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150,
        CVE-2019-7664, CVE-2019-7665.

.gitignore

@@ -16,3 +16,4 @@
 /elfutils-0.173.tar.bz2
 /elfutils-0.174.tar.bz2
 /elfutils-0.175.tar.bz2
+/elfutils-0.176.tar.bz2

elfutils-0.175-gnu-props-32.patch

@@ -1,58 +0,0 @@
-commit e8b9832af19e5975fb2a9dbe729eaba0373c781f
-Author: Mark Wielaard <mark@klomp.org>
-Date:   Mon Dec 3 00:03:39 2018 +0100
-
-    libebl: Fix reading GNU_PROPERTY_STACK_SIZE reading from 32bit notes.
-    
-    When reading a GNU_PROPERTY_STACK_SIZE we need to use the proper data
-    type. GElf_Addr is 64bit always and when reading a 32bit size part of
-    it would not be initialized. Use either Elf32_Addr or Elf64_Addr to
-    read and print the data.
-    
-    Add 32bit and 64bit, little and big endian testcases.
-    
-    Signed-off-by: Mark Wielaard <mark@klomp.org>
-
-diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
-index 58ac86d..c19ea37 100644
---- a/libebl/eblobjnote.c
-+++ b/libebl/eblobjnote.c
-@@ -360,15 +360,22 @@ ebl_object_note (Ebl *ebl, uint32_t namesz, const char *name, uint32_t type,
- 		  if (prop.pr_type == GNU_PROPERTY_STACK_SIZE)
- 		    {
- 		      printf ("STACK_SIZE ");
--		      if (prop.pr_datasz == 4 || prop.pr_datasz == 8)
-+		      union
-+			{
-+			  Elf64_Addr a64;
-+			  Elf32_Addr a32;
-+			} addr;
-+		      if ((elfclass == ELFCLASS32 && prop.pr_datasz == 4)
-+			  || (elfclass == ELFCLASS64 && prop.pr_datasz == 8))
- 			{
--			  GElf_Addr addr;
- 			  in.d_type = ELF_T_ADDR;
- 			  out.d_type = ELF_T_ADDR;
- 			  in.d_size = prop.pr_datasz;
--			  out.d_size = sizeof (addr);
-+			  out.d_size = prop.pr_datasz;
- 			  in.d_buf = (void *) desc;
--			  out.d_buf = (void *) &addr;
-+			  out.d_buf = (elfclass == ELFCLASS32
-+				       ? (void *) &addr.a32
-+				       : (void *) &addr.a64);
- 
- 			  if (gelf_xlatetom (ebl->elf, &out, &in,
- 					     elfident[EI_DATA]) == NULL)
-@@ -376,7 +383,10 @@ ebl_object_note (Ebl *ebl, uint32_t namesz, const char *name, uint32_t type,
- 			      printf ("%s\n", elf_errmsg (-1));
- 			      return;
- 			    }
--			  printf ("%#" PRIx64 "\n", addr);
-+			  if (elfclass == ELFCLASS32)
-+			    printf ("%#" PRIx32 "\n", addr.a32);
-+			  else
-+			    printf ("%#" PRIx64 "\n", addr.a64);
- 			}
- 		      else
- 			printf (" (garbage datasz: %" PRIx32 ")\n",

elfutils-0.176-gcc-pr88835.patch

@@ -0,0 +1,28 @@
+Workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88835
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 33706bd..b55844c 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -10143,7 +10143,7 @@ print_debug_str_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
+       ++digits;
+       tmp >>= 4;
+     }
+-  digits = MAX (4, digits);
++  digits = MIN (16, MAX (4, digits));
+ 
+   printf (gettext ("\nDWARF section [%2zu] '%s' at offset %#" PRIx64 ":\n"
+ 		   " %*s  String\n"),
+diff --git a/tests/backtrace.c b/tests/backtrace.c
+index 05e8ef8..d621fbf 100644
+--- a/tests/backtrace.c
++++ b/tests/backtrace.c
+@@ -185,7 +185,7 @@ frame_callback (Dwfl_Frame *state, void *frame_arg)
+     symname = dwfl_module_addrname (mod, pc_adjusted);
+ 
+   printf ("#%2d %#" PRIx64 "%4s\t%s\n", *framenop, (uint64_t) pc,
+-	  ! isactivation ? "- 1" : "", symname);
++	  ! isactivation ? "- 1" : "", symname ?: "<null>");
+   pid_t tid = dwfl_thread_tid (thread);
+   callback_verify (tid, *framenop, pc, symname, dwfl);
+   (*framenop)++;

elfutils.spec

@@ -1,7 +1,7 @@
 Name: elfutils
 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
-Version: 0.175
-%global baserelease 3
+Version: 0.176
+%global baserelease 1
 URL: http://elfutils.org/
 %global source_url ftp://sourceware.org/pub/elfutils/%{version}/
 License: GPLv3+ and (GPLv2+ or LGPLv3+)
@@ -19,7 +19,7 @@ Release: %{baserelease}%{?dist}
 Source: %{?source_url}%{name}-%{version}.tar.bz2
 
 # Patches
-Patch1: elfutils-0.175-gnu-props-32.patch
+Patch1: elfutils-0.176-gcc-pr88835.patch
 
 Requires: elfutils-libelf%{depsuffix} = %{version}-%{release}
 Requires: elfutils-libs%{depsuffix} = %{version}-%{release}
@@ -181,7 +181,7 @@ profiling) of processes.
 %setup -q
 
 # Apply patches
-%patch1 -p1 -b .gnu_prop_32
+%patch1 -p1 -b .gcc-pr88835
 
 # In case the above patches added any new test scripts, make sure they
 # are executable.
@@ -314,6 +314,12 @@ fi
 %endif
 
 %changelog
+* Fri Feb 15 2019 Mark Wielaard <mjw@fedoraproject.org> - 0.176-1
+- New upstream release.
+  - backends: riscv improved core file and return value location support.
+  - Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150,
+          CVE-2019-7664, CVE-2019-7665.
+
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.175-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (elfutils-0.175.tar.bz2) = 2c3168a34bbc8f22425faa263fc24ec50df39258a4f9ace4e6cd88e9764c435fee70c1a82db8273dbab70a75e5216a200bebf05af1d3ea77e444e35d71a4ed84
+SHA512 (elfutils-0.176.tar.bz2) = 7f032913be363a43229ded85d495dcf7542b3c85974aaaba0d984228dc9ac1721da3dc388d3fa02325a80940161db7e9ad2c9e4521a424ad8a7d050c0902915b