diff --git a/libunwind-1.1-fix-CVE-2015-3239.patch b/libunwind-1.1-fix-CVE-2015-3239.patch new file mode 100644 index 0000000..95d18f1 --- /dev/null +++ b/libunwind-1.1-fix-CVE-2015-3239.patch @@ -0,0 +1,12 @@ +diff -up libunwind-1.1/include/dwarf_i.h.CVE20153239 libunwind-1.1/include/dwarf_i.h +--- libunwind-1.1/include/dwarf_i.h.CVE20153239 2015-07-10 13:38:36.404996748 -0400 ++++ libunwind-1.1/include/dwarf_i.h 2015-07-10 13:39:25.050707613 -0400 +@@ -20,7 +20,7 @@ + extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH]; + /* REG is evaluated multiple times; it better be side-effects free! */ + # define dwarf_to_unw_regnum(reg) \ +- (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) ++ (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) + #endif + + #ifdef UNW_LOCAL_ONLY diff --git a/libunwind.spec b/libunwind.spec index 2d6def2..f3bf3a0 100644 --- a/libunwind.spec +++ b/libunwind.spec @@ -4,7 +4,7 @@ Summary: An unwinding library Name: libunwind Version: 1.1 -Release: 9%{?dist} +Release: 10%{?dist} License: BSD Group: Development/Debuggers Source: http://download.savannah.gnu.org/releases/libunwind/libunwind-%{version}.tar.gz @@ -13,6 +13,7 @@ Patch1: libunwind-disable-setjmp.patch Patch2: libunwind-aarch64.patch Patch3: libunwind-fix-ppc64_test_altivec.patch Patch4: libunwind-arm-default-to-exidx.patch +Patch5: libunwind-1.1-fix-CVE-2015-3239.patch URL: http://savannah.nongnu.org/projects/libunwind ExclusiveArch: %{arm} aarch64 hppa ia64 mips ppc %{power64} %{ix86} x86_64 @@ -39,6 +40,7 @@ libunwind. %patch2 -p1 %patch3 -p1 %patch4 -p1 -b .default-to-exidx +%patch5 -p1 -b .CVE-2015-3239 %build aclocal @@ -90,6 +92,9 @@ echo ====================TESTSUITE DISABLED========================= %{_includedir}/libunwind*.h %changelog +* Fri Jul 10 2015 Tom Callaway - 1.1-10 +- fix CVE-2015-3239 + * Wed Jun 17 2015 Fedora Release Engineering - 1.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild