Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2023-10-05T17:31:57Zhttps://git.adelielinux.org/adelie/packages/-/issues/170system/binutils: 2.32: FAIL: No PLT (static 1d)2023-10-05T17:31:57ZEmilysystem/binutils: 2.32: FAIL: No PLT (static 1d)| | |
| --- | --- |
| Bugzilla ID | 170 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-02 23:09:38 -0500 |
| Modified | 2020-06-22 05:58:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...| | |
| --- | --- |
| Bugzilla ID | 170 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-08-02 23:09:38 -0500 |
| Modified | 2020-06-22 05:58:33 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / normal |
| Package(s) | system/binutils |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=196 |
## Description
on x86_64:
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -march=nocona -mtune=core2 -fno
> -omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=yes -c /git/system/binutils
> /src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -marc
> h=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=y
> es -c /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr/lib64 -L=/usr/x86_64-foxk
> it-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -static tmpdir/no-plt
> -check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr
> /lib64 -L=/usr/x86_64-foxkit-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x8
> 6-64 -static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> /git/system/binutils/src/binutils-2.32/ld/../binutils/readelf -Wr tmpdir/no-plt-1d > dump.out
> fail if no difference
> extra regexps in /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/no-plt-1d.rd starting with "^[0-9a-f ]+R_X86_64_GLOB_DAT +.*$"
> EOF from dump.out
> /git/system/binutils/src/binutils-2.32/ld/../binutils/objdump -dwrj.text tmpdir/no-plt-1d > dump.out
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 48 81 f8 ([0-9a-f]{2} ){4}[ ]+cmp \$0x[0-9a-f]+,%rax$"
> line " 6aa: 48 3b 05 3f 19 20 00 cmp 0x20193f(%rip),%rax # 201ff0 <_GLOBAL_OFFSET_TABLE_+0x30>"
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 4(0|8) c7 c0 ([0-9a-f]{2} ){4}[ ]+(rex |)mov +\$0x[0-9a-f]+,%(e|r)ax$"
> line " 700: 48 8d 05 e9 ff ff ff lea -0x17(%rip),%rax # 6f0 <func>"
> FAIL: No PLT (static 1d)
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -march=nocona -mtune=core2 -fno
> -omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=yes -c /git/system/binutils
> /src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -I/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -O2 -g0 -marc
> h=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -c -O2 -g0 -march=nocona -mtune=core2 -fno-omit-frame-pointer -mfpmath=sse -g -Wa,-mx86-used-note=y
> es -c /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/dummy.s -o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr/lib64 -L=/usr/x86_64-foxk
> it-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64 -static tmpdir/no-plt
> -check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o
> Executing on host: sh -c {gcc -B/git/system/binutils/src/binutils-2.32/ld/tmpdir/ld/ -L=/usr/x86_64-foxkit-linux-musl/lib64 -L=/usr/local/lib64 -L=/lib64 -L=/usr
> /lib64 -L=/usr/x86_64-foxkit-linux-musl/lib -L=/usr/local/lib -L=/lib -L=/usr/lib -o tmpdir/no-plt-1d -L/git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x8
> 6-64 -static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o tmpdir/dummy.o 2>&1} /dev/null ld.tmp (timeout = 300)
> spawn [open ...]
> /git/system/binutils/src/binutils-2.32/ld/../binutils/readelf -Wr tmpdir/no-plt-1d > dump.out
> fail if no difference
> extra regexps in /git/system/binutils/src/binutils-2.32/ld/testsuite/ld-x86-64/no-plt-1d.rd starting with "^[0-9a-f ]+R_X86_64_GLOB_DAT +.*$"
> EOF from dump.out
> /git/system/binutils/src/binutils-2.32/ld/../binutils/objdump -dwrj.text tmpdir/no-plt-1d > dump.out
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 48 81 f8 ([0-9a-f]{2} ){4}[ ]+cmp \$0x[0-9a-f]+,%rax$"
> line " 6aa: 48 3b 05 3f 19 20 00 cmp 0x20193f(%rip),%rax # 201ff0 <_GLOBAL_OFFSET_TABLE_+0x30>"
> regexp_diff match failure
> regexp "^ +[a-f0-9]+: 4(0|8) c7 c0 ([0-9a-f]{2} ){4}[ ]+(rex |)mov +\$0x[0-9a-f]+,%(e|r)ax$"
> line " 700: 48 8d 05 e9 ff ff ff lea -0x17(%rip),%rax # 6f0 <func>"
> FAIL: No PLT (static 1d)
Likely fail on pmmx as well.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/196system/binutils: 2.32: multiple test suite failures2023-10-05T17:32:06ZEmilysystem/binutils: 2.32: multiple test suite failures| | |
| --- | --- |
| Bugzilla ID | 196 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-11 18:17:02 -0500 |
| Modified | 2020-06-22 05:58:32 -0500 |
| Status | CONFIRMED |
| Version | 1.0-B...| | |
| --- | --- |
| Bugzilla ID | 196 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-11 18:17:02 -0500 |
| Modified | 2020-06-22 05:58:32 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | system/binutils |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=170 |
## Description
**Created [attachment 17](/uploads/e56754e5b438747fd37d8e5ef78e64e9/ld.log)**
src/binutils-2.32/ld/ld.log
> Running /af/aports/system/binutils/src/binutils-2.32/ld/testsuite/ld-i386/i386.exp ...
> FAIL: Run pr19031
> FAIL: Run got1
> FAIL: Undefined weak symbol (-fPIE -no-pie)
> FAIL: Undefined weak symbol (-fPIE -pie)
> FAIL: Run pr22001-1
> FAIL: Run pr21997-1
> Running /af/aports/system/binutils/src/binutils-2.32/ld/testsuite/ld-i386/no-plt.exp ...
> FAIL: Build libno-plt-1b.so
> FAIL: No PLT (dynamic 1a)
> FAIL: No PLT (dynamic 1b)
> FAIL: No PLT (dynamic 1c)
> FAIL: No PLT (static 1d)
> FAIL: No PLT (PIE 1e)
> FAIL: No PLT (PIE 1f)
> FAIL: No PLT (PIE 1g)
> FAIL: No PLT (static 1j)
> FAIL: No PLT (static 1j)
Attached is the abbreviated ld test log. Notably there were two test cases that segfaulted.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/174system/binutils: CVE-2019-14444: readelf integer overflow2022-02-02T16:57:31ZEmilysystem/binutils: CVE-2019-14444: readelf integer overflow| | |
| --- | --- |
| Bugzilla ID | 174 |
| Alias(es) | CVE-2019-14444 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-05 13:42:40 -0500 |
| Modified | 2019-09-30 15:01:56 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 174 |
| Alias(es) | CVE-2019-14444 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-05 13:42:40 -0500 |
| Modified | 2019-09-30 15:01:56 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14444 |
## Description
> apply_relocations in readelf.c in GNU Binutils 2.32 contains an
> integer overflow that allows attackers to trigger a write access
> violation (in byte_put_little_endian function in elfcomm.c) via an ELF
> file, as demonstrated by readelf.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/108system/binutils: CVE-2019-9072: excessive memory allocation in setup_group2022-02-02T17:03:53ZEmilysystem/binutils: CVE-2019-9072: excessive memory allocation in setup_group| | |
| --- | --- |
| Bugzilla ID | 108 |
| Alias(es) | CVE-2019-9072 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:55:18 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 108 |
| Alias(es) | CVE-2019-9072 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:55:18 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9072 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=116<br>https://bts.adelielinux.org/show_bug.cgi?id=109 |
## Description
From upstream [1]:
> This doesn't reproduce for me, at least not on objdump built by gcc
> and without the address sanitizer (which increases memory use).
> Incidentally, hitting an out of memory failure in objalloc_alloc is
> not a libiberty failure and so should not be reported to the gcc
> project.
>
> Also, out of memory failures triggered by user input are not that
> interesting. It is perfectly reasonable for objdump to return with
> "out of memory" on objects with silly sizes.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24232#c2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24237#c21.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/109system/binutils: CVE-2019-9076: excessive memory allocation in elf_read_notes2022-02-02T17:03:44ZEmilysystem/binutils: CVE-2019-9076: excessive memory allocation in elf_read_notes| | |
| --- | --- |
| Bugzilla ID | 109 |
| Alias(es) | CVE-2019-9076 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:58:46 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 109 |
| Alias(es) | CVE-2019-9076 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:58:46 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9076 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=116<br>https://bts.adelielinux.org/show_bug.cgi?id=108 |
## Description
From upstream [1]:
> This is a different testcase and different out of memory condition to
> pr24233. Unlike pr24233 we report an out of memory error. I think
> that is perfectly good behaviour for user input with silly sizes, in
> this case a NOTE section claiming to be 0xfffff7dd00 bytes in size.
> While we could test for silly section sizes by comparing against file
> size, that doesn't work in all situations, eg. when section contents
> are encoded and the decoded size is much larger than the raw size.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24238#c11.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/978system/binutils: FTTFS: FAIL: ar with versioned solib2023-04-12T03:25:16ZZach van Rijnsystem/binutils: FTTFS: FAIL: ar with versioned solibFound on aarch64, x86_64, ppc64:
```
...
FAIL: ar with versioned solib
...
=== ld Summary ===
# of expected passes 1319
# of unexpected failures 1
# of expected failures 11
# of untested testcases 1
# of unsupported tests 53
./ld...Found on aarch64, x86_64, ppc64:
```
...
FAIL: ar with versioned solib
...
=== ld Summary ===
# of expected passes 1319
# of unexpected failures 1
# of expected failures 11
# of untested testcases 1
# of unsupported tests 53
./ld-new 2.32
...
```
No idea why this pops up now.
[20230406-05_15_14.760407111_binutils.log](/uploads/b40ede3262223046a1cb083dcb0dcc78/20230406-05_15_14.760407111_binutils.log)https://git.adelielinux.org/adelie/packages/-/issues/652system/binutils: multiple vulnerabilities2023-10-04T04:10:22ZZach van Rijnsystem/binutils: multiple vulnerabilitiesSee #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When...See #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. |
| ~CVE-2019-9077~ | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. |
| CVE-2019-9076 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. |
| ~CVE-2019-9075~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. |
| ~CVE-2019-9074~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. |
| ~CVE-2019-9073~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. |
| CVE-2019-9072 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. |
| ~CVE-2019-9071~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. |
| ~CVE-2019-9070~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. |
| ~CVE-2019-17451~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. |
| ~CVE-2019-17450~ | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. |
| ~CVE-2019-14444~ | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. |
| ~CVE-2019-14250~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. |
| ~CVE-2019-12972~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. |https://git.adelielinux.org/adelie/packages/-/issues/212system/binutils: multiple vulnerabilities2022-02-02T16:53:52ZEmilysystem/binutils: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 212 |
| Alias(es) | CVE-2019-17450, CVE-2019-17451 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-16 16:38:57 -0500 |
| Modified | 2019-10-16 20:14:17 -0...| | |
| --- | --- |
| Bugzilla ID | 212 |
| Alias(es) | CVE-2019-17450, CVE-2019-17451 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-10-16 16:38:57 -0500 |
| Modified | 2019-10-16 20:14:17 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-17450: https://nvd.nist.gov/vuln/detail/CVE-2019-17450
> find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD)
> library (aka libbfd), as distributed in GNU Binutils 2.32, allows
> remote attackers to cause a denial of service (infinite recursion and
> application crash) via a crafted ELF file.
CVE-2019-17451: https://nvd.nist.gov/vuln/detail/CVE-2019-17451
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer
> overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in
> dwarf2.c, as demonstrated by nm.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/116system/binutils: multiple vulnerabilities2019-08-03T21:10:41ZEmilysystem/binutils: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 116 |
| Alias(es) | CVE-2019-12972, CVE-2019-14250, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees...| | |
| --- | --- |
| Bugzilla ID | 116 |
| Alias(es) | CVE-2019-12972, CVE-2019-14250, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:14:25 -0500 |
| Modified | 2019-08-03 16:10:41 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=108<br>https://bts.adelielinux.org/show_bug.cgi?id=109 |
## Description
CVE-2019-9070: https://nvd.nist.gov/vuln/detail/CVE-2019-9070
> An issue was discovered in GNU libiberty, as distributed in GNU
> Binutils 2.32. It is a heap-based buffer over-read in d_expression_1
> in cp-demangle.c after many recursive calls.
CVE-2019-9071: https://nvd.nist.gov/vuln/detail/CVE-2019-9071
> An issue was discovered in GNU libiberty, as distributed in GNU
> Binutils 2.32. It is a stack consumption issue in
> d_count_templates_scopes in cp-demangle.c after many recursive calls.
CVE-2019-9073: https://nvd.nist.gov/vuln/detail/CVE-2019-9073
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted
> excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
CVE-2019-9074: https://nvd.nist.gov/vuln/detail/CVE-2019-9074
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is an
> out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when
> called from pex64_get_runtime_function in pei-x86_64.c.
CVE-2019-9075: https://nvd.nist.gov/vuln/detail/CVE-2019-9075
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based
> buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
CVE-2019-9077: https://nvd.nist.gov/vuln/detail/CVE-2019-9077
> An issue was discovered in GNU Binutils 2.32. It is a heap-based
> buffer overflow in process_mips_specific in readelf.c via a malformed
> MIPS option section.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/353system/bison: CVE-2020-24240: UAF in _obstack_free2022-02-02T01:56:04ZEmilysystem/bison: CVE-2020-24240: UAF in _obstack_free| | |
| --- | --- |
| Bugzilla ID | 353 |
| Alias(es) | CVE-2020-24240 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:42:29 -0500 |
| Modified | 2020-09-22 22:39:10 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 353 |
| Alias(es) | CVE-2020-24240 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:42:29 -0500 |
| Modified | 2020-09-22 22:39:10 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/bison |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-24240 |
## Description
> GNU Bison before 3.7.1 has a use-after-free in _obstack_free in
> lib/obstack.c (called from gram_lex) when a '\0' byte is encountered.
> NOTE: there is a risk only if Bison is used with untrusted input, and
> the observed bug happens to cause unsafe behavior with a specific
> compiler/architecture. The bug report was intended to show that a
> crash may occur in Bison itself, not that a crash may occur in code
> that is generated by Bison.
Fixed in >= 3.7.1 https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/1064system/build-tools: should only pull in man-pages when `docs` is installed2023-10-04T04:10:21ZA. Wilcoxsystem/build-tools: should only pull in man-pages when `docs` is installedThe `docs` metapackage installs `-doc` packages for all the installed packages that have documentation.
`man-pages` is a pretty hefty load and most builders don't actually need it. It is, however, helpful for end users.
To that end, `...The `docs` metapackage installs `-doc` packages for all the installed packages that have documentation.
`man-pages` is a pretty hefty load and most builders don't actually need it. It is, however, helpful for end users.
To that end, `build-tools` should really only depend on `build-tools` when `docs` is installed, the same way other `-doc` (and `-openrc`, etc) packages work. This saves time and space on builder systems, and any other non-interactive systems used by us *and* end users that need `build-tools`.A. WilcoxA. Wilcoxhttps://git.adelielinux.org/adelie/packages/-/issues/377system/c-ares: CVE-2020-8277: ares_parse_{a,aaaa}_reply could return larger *...2022-05-02T04:07:08ZEmilysystem/c-ares: CVE-2020-8277: ares_parse_{a,aaaa}_reply could return larger *naddrttls than passed in| | |
| --- | --- |
| Bugzilla ID | 377 |
| Alias(es) | CVE-2020-8277 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:50:08 -0600 |
| Modified | 2020-11-21 22:50:08 -0600 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 377 |
| Alias(es) | CVE-2020-8277 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:50:08 -0600 |
| Modified | 2020-11-21 22:50:08 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/c-ares |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-8277 |
## Description
Fixed in >= 1.17.0 https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3
This issue was also addressed in bundled c-ares in node.js. We do not use bundled c-ares there at this time, however we are on an unsupported branch of node now https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-82771.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/412system/c-ares: FAIL: arestest2022-11-13T00:39:15ZZach van Rijnsystem/c-ares: FAIL: arestestThis was found in the ppc64 chroot on the S822L server and on the x86_64 server.
```
make check-TESTS
make[1]: Enter...This was found in the ppc64 chroot on the S822L server and on the x86_64 server.
```
make check-TESTS
make[1]: Entering directory '/root/packages/system/c-ares/src/c-ares-1.16.1/test'
make[2]: Entering directory '/root/packages/system/c-ares/src/c-ares-1.16.1/test'
PASS: fuzzcheck.sh
FAIL: arestest
============================================================================
Testsuite summary for c-ares-test -
============================================================================
# TOTAL: 2
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to -
============================================================================
make[2]: *** [Makefile:951: test-suite.log] Error 1
make[2]: Leaving directory '/root/packages/system/c-ares/src/c-ares-1.16.1/test'
make[1]: *** [Makefile:1059: check-TESTS] Error 2
make[1]: Leaving directory '/root/packages/system/c-ares/src/c-ares-1.16.1/test'
make: *** [Makefile:1278: check-am] Error 2
make: Leaving directory '/root/packages/system/c-ares/src/c-ares-1.16.1/test'
>>> ERROR: c-ares: check failed
>>> c-ares: Uninstalling dependencies...
(1/1) Purging .makedepends-c-ares (20211230.210052)
```
Here is a partial snippet of the [full output log](/uploads/c65007954c2508f60b80dda562effcd8/arestest.txt):
```
[----------] Global test environment tear-down
[==========] 435 tests from 21 test cases ran. (80455 ms total)
[ PASSED ] 431 tests.
[ FAILED ] 4 tests, listed below:
[ FAILED ] DefaultChannelTest.LiveSearchTXT
[ FAILED ] DefaultChannelTest.LiveSearchTXT_virtualized
[ FAILED ] DefaultChannelTest.LiveSearchANY
[ FAILED ] DefaultChannelTest.LiveSearchANY_virtualized
4 FAILED TESTS
YOU HAVE 2 DISABLED TESTS
```
Maybe we should disable these.A. WilcoxA. Wilcoxhttps://git.adelielinux.org/adelie/packages/-/issues/355system/c-ares: fails two tests on ARMv72022-11-13T00:39:40ZEmilysystem/c-ares: fails two tests on ARMv7| | |
| --- | --- |
| Bugzilla ID | 355 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-10-02 03:56:03 -0500 |
| Modified | 2020-10-02 03:56:03 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 355 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-10-02 03:56:03 -0500 |
| Modified | 2020-10-02 03:56:03 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / [Community] ARM (32-bit) |
| Importance | --- / normal |
| Package(s) | user/c-ares |
## Description
LiveSearchANY fails on ARMv7.1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/1112system/ca-certificates: in some cases 'update-ca-certificates' needs to be ru...2023-11-25T04:41:06ZZach van Rijnsystem/ca-certificates: in some cases 'update-ca-certificates' needs to be run manuallyThis is reproducible on a fresh KDE `20231027` installed environment, possibly others, and has been seen on aarch64 and x86_64 so far.
Media creation log indicates no issues running the trigger, which happens natively on x86_64 without ...This is reproducible on a fresh KDE `20231027` installed environment, possibly others, and has been seen on aarch64 and x86_64 so far.
Media creation log indicates no issues running the trigger, which happens natively on x86_64 without any emulation.
![Screenshot_2023-11-11_at_6.48.19_PM](/uploads/6417bcd9ac65b09b8ebaf43021cc22ee/Screenshot_2023-11-11_at_6.48.19_PM.png)https://git.adelielinux.org/adelie/packages/-/issues/364system/ca-certificates: needs to be bumped to NSS >= 3.572022-05-02T04:05:40ZEmilysystem/ca-certificates: needs to be bumped to NSS >= 3.57| | |
| --- | --- |
| Bugzilla ID | 364 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-10-26 13:26:46 -0500 |
| Modified | 2021-04-07 12:49:12 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 364 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-10-26 13:26:46 -0500 |
| Modified | 2021-04-07 12:49:12 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/ca-certificates |
## Description
We are currently shipping NSS 3.53's certificates. The following versions <= 3.58 introduce changes to the certificate store:
== 3.54 ==
> The following CA certificates were Added:
> Bug 1645186 - certSIGN Root CA G2
> SHA-256 Fingerprint: 657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305
> Bug 1645174 - e-Szigno Root CA 2017
> SHA-256 Fingerprint: BEB00B30839B9BC32C32E4447905950641F26421B15ED089198B518AE2EA1B99
> Bug 1641716 - Microsoft ECC Root Certificate Authority 2017
> SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02
> Bug 1641716 - Microsoft RSA Root Certificate Authority 2017
> SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
> The following CA certificates were Removed:
> Bug 1645199 - AddTrust Class 1 CA Root
> SHA-256 Fingerprint:
> 8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7
> Bug 1645199 - AddTrust External CA Root
> SHA-256 Fingerprint:
> 687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2
> Bug 1641718 - LuxTrust Global Root 2
> SHA-256 Fingerprint: 54455F7129C20B1447C418F997168F24C58FC5023BF5DA5BE2EB6E1DD8902ED5
> Bug 1639987 - Staat der Nederlanden Root CA - G2
> SHA-256 Fingerprint: 668C83947DA63B724BECE1743C31A0E6AED0DB8EC5B31BE377BB784F91B6716F
> Bug 1618402 - Symantec Class 2 Public Primary Certification Authority - G4
> SHA-256 Fingerprint: FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592
> Bug 1618402 - Symantec Class 1 Public Primary Certification Authority - G4
> SHA-256 Fingerprint: 363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF
> Bug 1618402 - VeriSign Class 3 Public Primary Certification Authority - G3
> SHA-256 Fingerprint: EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244
> A number of certificates had their Email trust bit disabled. See Bug 1618402 for a complete list.
== 3.57 ==
> The following CA certificates were Added:
> Bug 1663049 - CN=Trustwave Global Certification Authority
> SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
> Bug 1663049 - CN=Trustwave Global ECC P256 Certification Authority
> SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
> Bug 1663049 - CN=Trustwave Global ECC P384 Certification Authority
> SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
> The following CA certificates were Removed:
> Bug 1651211 - CN=EE Certification Centre Root CA
> SHA-256 Fingerprint:
> 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
> Bug 1656077 - O=Government Root Certification Authority; C=TW
> SHA-256 Fingerprint:
> 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
> Trust settings for the following CA certificates were Modified:
> Bug 1653092 - CN=OISTE WISeKey Global Root GA CA
> Websites (server authentication) trust bit removed.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/1098system/ca-certificates: out of date2023-11-12T00:48:35ZZach van Rijnsystem/ca-certificates: out of dateFound on `20231025` media. Cannot update or install anything.
![VirtualBox_test2_25_10_2023_15_11_37](/uploads/dafa2b1eb5547480d26cbc2a18c07bb2/VirtualBox_test2_25_10_2023_15_11_37.png)
Confirmed by replacing `/usr/share/ca-certificate...Found on `20231025` media. Cannot update or install anything.
![VirtualBox_test2_25_10_2023_15_11_37](/uploads/dafa2b1eb5547480d26cbc2a18c07bb2/VirtualBox_test2_25_10_2023_15_11_37.png)
Confirmed by replacing `/usr/share/ca-certificates/mozilla/` from Alpine and running `update-ca-certificates --fresh`.
I would like to document:
1. How are we creating the .tar.gz "source" as in c2239f60fc70896b4200a3e198b67248081a0697?
2. Can we write a tool to check for any of these being out of date?https://git.adelielinux.org/adelie/packages/-/issues/199system/cflow: multiple vulnerabilities2022-05-02T04:33:12ZEmilysystem/cflow: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 199 |
| Alias(es) | CVE-2019-16165, CVE-2019-16166 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-09-12 15:57:49 -0500 |
| Modified | 2020-06-22 06:23:34 -0...| | |
| --- | --- |
| Bugzilla ID | 199 |
| Alias(es) | CVE-2019-16165, CVE-2019-16166 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-09-12 15:57:49 -0500 |
| Modified | 2020-06-22 06:23:34 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/cflow |
## Description
CVE-2019-16165: https://nvd.nist.gov/vuln/detail/CVE-2019-16165
> GNU cflow through 1.6 has a use-after-free in the reference function
> in parser.c.
CVE-2019-16166: https://nvd.nist.gov/vuln/detail/CVE-2019-16166
> GNU cflow through 1.6 has a heap-based buffer over-read in the
> nexttoken function in parser.c.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/669system/cmake: (armv7) FTBFS: error: ‘CPU_SETSIZE’ undeclared (first use in th...2022-05-06T14:49:55ZZach van Rijnsystem/cmake: (armv7) FTBFS: error: ‘CPU_SETSIZE’ undeclared (first use in this function)```
...
/root/packages/system/cmake/src/cmake-3.23.1/Utilities/cmlibuv/src/unix/core.c: In function ‘uv_cpumask_size’:
/root/packages/system/cmake/src/cmake-3.23.1/Utilities/cmlibuv/src/unix/core.c:1407:10: error: ‘CPU_SETSIZE’ undeclare...```
...
/root/packages/system/cmake/src/cmake-3.23.1/Utilities/cmlibuv/src/unix/core.c: In function ‘uv_cpumask_size’:
/root/packages/system/cmake/src/cmake-3.23.1/Utilities/cmlibuv/src/unix/core.c:1407:10: error: ‘CPU_SETSIZE’ undeclared (first use in this function); did you mean ‘FD_SETSIZE’?
return CPU_SETSIZE;
^~~~~~~~~~~
FD_SETSIZE
/root/packages/system/cmake/src/cmake-3.23.1/Utilities/cmlibuv/src/unix/core.c:1407:10: note: each undeclared identifier is reported only once for each function it appears in
make: *** [Makefile:494: uv-src-unix-core.c.o] Error 1
make: *** Waiting for unfinished jobs....
---------------------------------------------
Error when bootstrapping CMake:
Problem while running make
---------------------------------------------
Log of errors: /root/packages/system/cmake/src/cmake-3.23.1/Bootstrap.cmk/cmake_bootstrap.log
---------------------------------------------
>>> ERROR: cmake: build failed
```
[20220506-00_10_43.683162180_cmake.log](/uploads/7a1178c8e19541905ad41b0b0b23f95b/20220506-00_10_43.683162180_cmake.log)
[cmake_bootstrap.log](/uploads/dcfaaa4197b8e553b8d3dcbf935aba6a/cmake_bootstrap.log)https://git.adelielinux.org/adelie/packages/-/issues/518system/cmake: 3.22.2 update FTTFS: Segfault in CMakeLib.testCMFilesystemPath2023-05-10T21:48:28ZA. Wilcoxsystem/cmake: 3.22.2 update FTTFS: Segfault in CMakeLib.testCMFilesystemPath```
291/630 Test #291: CMakeLib.testCMFilesystemPath .....................***Exception: SegFault 0.01 sec
testConstructors()
testConcatenation()
testModifiers()
testObservers()
testCompare()
``````
291/630 Test #291: CMakeLib.testCMFilesystemPath .....................***Exception: SegFault 0.01 sec
testConstructors()
testConcatenation()
testModifiers()
testObservers()
testCompare()
```