elfutils/tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/main.fmf
Martin Cermak 178121d8af Introduce CI gating setup for elfutils
Set up CI gating.  This will introduce new testcase called
fedora-ci.koji-build.tier0.functional and will configure it
as a mandatory CI gating testcase for elfutils fedora builds.

The provided test coverage comes from RHEL. This commit
"upstreams" it and makes it public.

The test cases are executed by running ./runtest.sh.
The main.fmf file keeps the testcase metadata.  Makefiles
and PURPOSE files are legacy and could be dropped.  We keep
them for backward compatibility though.  The plans and .fmf
folders contain configuration files needed for execution of
provided testcases within the Fedora CI infrastructure.
Rest of the provided files are reproducer or helper files.

Provided tests use Flexible Metadata Format, as documented in
https://fmf.readthedocs.io/ .

plans/ci.fmf: Change how from beakerlib to tmt

Removed tests that didn't run unprivileged with
tmt run --all provision --how=local

- tests/Regression/GNU-Property-notes-not-recognized
  Tries to install extra pacakger with yum.

- tests/Regression/bz447416-segfaults
  Tries to do eu-stack -p 1

- tests/Regression/elfutils-default-yama-scope-scriptlet-failed
  Does not have permission to do:
  grep /var/log/anaconda/packaging.log

- tests/Sanity/yama-scope
  su: user ptrace_scope_testuser does not exist or the user entry does not
      contain all the required fields

- tests/testsuite
  yum-builddep -y /tmp/tmp.7gnbiIzrYg/SPECS/elfutils.spec

- tests/Regression/rpmtests
  Tries to download and builddep src.rpm package from koji.

Removed not enabled tests:
- tests/Regression/bz652858-elfutils-prelink-stap-interaction
- tests/Sanity/elfutils-debuginfod

CVE reproducers are now public, so no longer confidential.

Remove unused tests/Sanity/elfutils-debuginfod/typescript
2021-04-19 10:42:42 +02:00

17 lines
668 B
Plaintext

summary: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
description: |
Bug summary: 3 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625057
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- nothing
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
extra-task: /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c