[pkgsrc/trunk]: pkgsrc/devel/gdb6 Backported fixes for CAN-2005-1704 and CAN-...

[lkundrak <lkundrak%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6f52ef5b1fa6
branches:  trunk
changeset: 530635:6f52ef5b1fa6
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Tue Jul 03 12:32:28 2007 +0000

description:
Backported fixes for CAN-2005-1704 and CAN-2005-1705.

diffstat:

 devel/gdb6/Makefile         |   4 +-
 devel/gdb6/distinfo         |   4 +-
 devel/gdb6/patches/patch-bo |  75 +++++++++++++++++++++++++++++++++++++++++++++
 devel/gdb6/patches/patch-bp |  15 +++++++++
 4 files changed, 95 insertions(+), 3 deletions(-)

diffs (127 lines):

diff -r 1befed05aacd -r 6f52ef5b1fa6 devel/gdb6/Makefile
--- a/devel/gdb6/Makefile       Tue Jul 03 11:23:16 2007 +0000
+++ b/devel/gdb6/Makefile       Tue Jul 03 12:32:28 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.20 2006/10/18 13:39:07 reed Exp $
+# $NetBSD: Makefile,v 1.21 2007/07/03 12:32:28 lkundrak Exp $
 #
 
 DISTNAME=              gdb-6.2.1
-PKGREVISION=           3
+PKGREVISION=           4
 CATEGORIES=            devel
 MASTER_SITES=          ftp://sources.redhat.com/pub/gdb/releases/
 EXTRACT_SUFX=          .tar.bz2
diff -r 1befed05aacd -r 6f52ef5b1fa6 devel/gdb6/distinfo
--- a/devel/gdb6/distinfo       Tue Jul 03 11:23:16 2007 +0000
+++ b/devel/gdb6/distinfo       Tue Jul 03 12:32:28 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2006/10/22 08:06:42 rillig Exp $
+$NetBSD: distinfo,v 1.11 2007/07/03 12:32:28 lkundrak Exp $
 
 SHA1 (gdb-6.2.1.tar.bz2) = 50cee3887744c4140aafcc0e4eb579d94464dfd7
 RMD160 (gdb-6.2.1.tar.bz2) = 6fe9f3bbef076c55cbcdf05143e7d5f98f61f889
@@ -43,3 +43,5 @@
 SHA1 (patch-bl) = 12a9846fc08e8c3110897644d7803f67999b68f8
 SHA1 (patch-bm) = baf198e86cb5e9d8b9f6b0bd6d7ccd1ca61227b4
 SHA1 (patch-bn) = cfeee69148028782b9ab6580f0f619d5f3327325
+SHA1 (patch-bo) = 92221afaa93d9362057783c20100ce7ff1b5df9b
+SHA1 (patch-bp) = bff41b3fb0f5952cbcd37797ec4bb63f6f79da8d
diff -r 1befed05aacd -r 6f52ef5b1fa6 devel/gdb6/patches/patch-bo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gdb6/patches/patch-bo       Tue Jul 03 12:32:28 2007 +0000
@@ -0,0 +1,75 @@
+$NetBSD: patch-bo,v 1.1 2007/07/03 12:32:28 lkundrak Exp $
+
+Patch for CVE-2005-1704 sucked from upstream.
+* elfcode.h (elf_object_p): Add more sanity checks on elf header.
+
+--- bfd/elfcode.h.orig 2004-06-24 06:46:22.000000000 +0200
++++ bfd/elfcode.h
+@@ -613,8 +613,13 @@ elf_object_p (bfd *abfd)
+ 
+   if (i_ehdrp->e_shoff != 0)
+     {
++      bfd_signed_vma where = i_ehdrp->e_shoff;
++
++      if (where != (file_ptr) where)
++      goto got_wrong_format_error;
++
+       /* Seek to the section header table in the file.  */
+-      if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0)
++      if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
+       goto got_no_match;
+ 
+       /* Read the first section header at index 0, and convert to internal
+@@ -626,13 +631,50 @@ elf_object_p (bfd *abfd)
+       /* If the section count is zero, the actual count is in the first
+        section header.  */
+       if (i_ehdrp->e_shnum == SHN_UNDEF)
+-      i_ehdrp->e_shnum = i_shdr.sh_size;
++      {
++        i_ehdrp->e_shnum = i_shdr.sh_size;
++        if (i_ehdrp->e_shnum != i_shdr.sh_size)
++          goto got_wrong_format_error;
++      }
+ 
+       /* And similarly for the string table index.  */
+       if (i_ehdrp->e_shstrndx == SHN_XINDEX)
+-      i_ehdrp->e_shstrndx = i_shdr.sh_link;
++      {
++        i_ehdrp->e_shstrndx = i_shdr.sh_link;
++        if (i_ehdrp->e_shstrndx != i_shdr.sh_link)
++          goto got_wrong_format_error;
++      }
++
++      /* Sanity check that we can read all of the section headers.
++       It ought to be good enough to just read the last one.  */
++      if (i_ehdrp->e_shnum != 1)
++      {
++        /* Check that we don't have a totally silly number of sections.  */
++        if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr))
++          goto got_wrong_format_error;
++
++        where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr);
++        if (where != (file_ptr) where)
++          goto got_wrong_format_error;
++        if ((bfd_size_type) where <= i_ehdrp->e_shoff)
++          goto got_wrong_format_error;
++
++        if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
++          goto got_no_match;
++        if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
++          goto got_no_match;
++
++        /* Back to where we were.  */
++        where = i_ehdrp->e_shoff + sizeof (x_shdr);
++        if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)
++          goto got_no_match;
++      }
+     }
+ 
++  /* A further sanity check.  */
++  if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum)
++    goto got_wrong_format_error;
++
+   /* Allocate space for a copy of the section header table in
+      internal form.  */
+   if (i_ehdrp->e_shnum != 0)
diff -r 1befed05aacd -r 6f52ef5b1fa6 devel/gdb6/patches/patch-bp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gdb6/patches/patch-bp       Tue Jul 03 12:32:28 2007 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-bp,v 1.1 2007/07/03 12:32:28 lkundrak Exp $
+
+Patch for CVE-2005-1705 from Gentoo #88398.
+
+--- gdb/main.c.orig    2004-07-26 21:01:36.000000000 +0200
++++ gdb/main.c
+@@ -696,7 +696,7 @@ extern int gdbtk_test (char *);
+ 
+   if (!homedir
+       || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
+-    if (!inhibit_gdbinit)
++    if (!inhibit_gdbinit && (cwdbuf.st_uid == getuid()) && (!cwdbuf.st_mode & (S_IWOTH)))
+       {
+       catch_command_errors (source_command, gdbinit, 0, RETURN_MASK_ALL);
+       }