Request 1068066: Submit libdwarf - openSUSE Build Service

Overview

Request 1068066 accepted

- update to 0.6.0:
Fixes for Denial Of Service (possible libdwarf crash):
* The dealloc required for dwarf_offset_list() was incorrect,
possibly leading to a crash.
* The function prototype for dwarf_dietype_offset() changed so
it can work correctly on DWARF4 objects.
* A memory leak from dwarf_load_loclists() has been fixed.
* The function dwarf_get_pubtypes() changed, Dwarf_Type no longer
exists, correcting a library design mistake made in 1993.
The function applied to DWARF3 and DWARF4 objects.
* The set of functions using Dwarf_Type are gone, use Dwarf_Global
instead. An object with DW_FORM_strx3 (DWARF5) could result in
the library either crashing or returning an inappropriate error.
DW_FORM_strx3 is now handled
* https://newreleases.io/github/davea42/libdwarf-code?version=v0.6.0

Created by dirkmueller about 1 year ago
In state accepted

Submit libdwarf

Comments for request 1068066 0

Login required, please login in order to comment

Request History

dirkmueller created request about 1 year ago

- update to 0.6.0:
Fixes for Denial Of Service (possible libdwarf crash):
* The dealloc required for dwarf_offset_list() was incorrect,
possibly leading to a crash.
* The function prototype for dwarf_dietype_offset() changed so
it can work correctly on DWARF4 objects.
* A memory leak from dwarf_load_loclists() has been fixed.
* The function dwarf_get_pubtypes() changed, Dwarf_Type no longer
exists, correcting a library design mistake made in 1993.
The function applied to DWARF3 and DWARF4 objects.
* The set of functions using Dwarf_Type are gone, use Dwarf_Global
instead. An object with DW_FORM_strx3 (DWARF5) could result in
the library either crashing or returning an inappropriate error.
DW_FORM_strx3 is now handled
* https://newreleases.io/github/davea42/libdwarf-code?version=v0.6.0

factory-auto added opensuse-review-team as a reviewer about 1 year ago

Please review sources

factory-auto accepted review about 1 year ago

Check script succeeded

staging-bot added openSUSE:Factory:Staging:adi:23 as a reviewer about 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:23"

staging-bot accepted review about 1 year ago

Picked "openSUSE:Factory:Staging:adi:23"

licensedigger accepted review about 1 year ago

The legal review is accepted preliminary. The package may require actions later on.

dimstar accepted review about 1 year ago

dimstar_suse accepted review about 1 year ago

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.

dimstar_suse approved review about 1 year ago

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.

dimstar_suse accepted request about 1 year ago

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.

openSUSE Build Service is sponsored by