From 2d95d137c676013cadc642bf26b9f3484dad7bee Mon Sep 17 00:00:00 2001 From: Robert Buchholz Date: Sat, 4 Oct 2008 18:57:31 +0000 Subject: Fix stack access error (security bug #232005). (Portage version: 2.2_rc11/cvs/Linux 2.6.25-gentoo-r6 x86_64) --- dev-util/byacc/ChangeLog | 8 ++++- dev-util/byacc/byacc-1.9-r2.ebuild | 40 ++++++++++++++++++++++ dev-util/byacc/files/byacc-1.9-CVE-2008-3196.patch | 33 ++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 dev-util/byacc/byacc-1.9-r2.ebuild create mode 100644 dev-util/byacc/files/byacc-1.9-CVE-2008-3196.patch (limited to 'dev-util/byacc') diff --git a/dev-util/byacc/ChangeLog b/dev-util/byacc/ChangeLog index 2bbe1b412d01..b3a4e7dc7323 100644 --- a/dev-util/byacc/ChangeLog +++ b/dev-util/byacc/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-util/byacc # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-util/byacc/ChangeLog,v 1.15 2008/04/21 17:18:21 phreak Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-util/byacc/ChangeLog,v 1.16 2008/10/04 18:57:31 rbu Exp $ + +*byacc-1.9-r2 (04 Oct 2008) + + 04 Oct 2008; Robert Buchholz + +files/byacc-1.9-CVE-2008-3196.patch, +byacc-1.9-r2.ebuild: + Fix stack access error (security bug #232005). 21 Apr 2008; Christian Heim metadata.xml: Fix up metadata.xml. If there's no maintainer for the package, the metadata diff --git a/dev-util/byacc/byacc-1.9-r2.ebuild b/dev-util/byacc/byacc-1.9-r2.ebuild new file mode 100644 index 000000000000..3a6ee69c2d5b --- /dev/null +++ b/dev-util/byacc/byacc-1.9-r2.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-util/byacc/byacc-1.9-r2.ebuild,v 1.1 2008/10/04 18:57:31 rbu Exp $ + +inherit eutils + +DESCRIPTION="the best variant of the Yacc parser generator" +HOMEPAGE="http://dickey.his.com/byacc/byacc.html" +SRC_URI="http://sources.isc.org/devel/tools/${P}.tar.gz" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="" + + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch ${FILESDIR}/mkstemp.patch + + # The following patch fixes yacc to run correctly on ia64 (and + # other 64-bit arches). See bug 46233 + epatch ${FILESDIR}/byacc-1.9-ia64.patch + + # avoid stack access error, bug 232005 + epatch "${FILESDIR}"/${P}-CVE-2008-3196.patch +} + +src_compile() { + make PROGRAM=byacc CFLAGS="${CFLAGS}" || die +} + +src_install() { + dobin byacc + mv yacc.1 byacc.1 + doman byacc.1 + dodoc ACKNOWLEDGEMENTS MANIFEST NEW_FEATURES NOTES README +} diff --git a/dev-util/byacc/files/byacc-1.9-CVE-2008-3196.patch b/dev-util/byacc/files/byacc-1.9-CVE-2008-3196.patch new file mode 100644 index 000000000000..053b3c06b161 --- /dev/null +++ b/dev-util/byacc/files/byacc-1.9-CVE-2008-3196.patch @@ -0,0 +1,33 @@ +Tue Jul 8 15:06:50 2008 UTC by otto + +Fix an venerable bug: if we're reducing a rule that has an empty +right hand side and the yacc stackpointer is pointing at the very +end of the allocated stack, we end up accessing the stack out of +bounds by the implicit $$ = $1 action. Detected by my new malloc, +experienced by sturm@ on sparc64; ok deraadt@ + + +Index: yacc-1.9.1/skeleton.c +=================================================================== +--- yacc-1.9.1.orig/skeleton.c ++++ yacc-1.9.1/skeleton.c +@@ -18,6 +18,7 @@ char *banner[] = + "/*static char yysccsid[] = \"from: @(#)yaccpar 1.9 (Berkeley) 02/21/93\";*/", + "static char yyrcsid[] = \"$Id: byacc-1.9-CVE-2008-3196.patch,v 1.1 2008/10/04 18:57:31 rbu Exp $\";", + "#endif", ++ "#include ", + "#define YYBYACC 1", + "#define YYMAJOR 1", + "#define YYMINOR 9", +@@ -226,7 +227,10 @@ char *body[] = + " YYPREFIX, yystate, yyn, yyrule[yyn]);", + "#endif", + " yym = yylen[yyn];", +- " yyval = yyvsp[1-yym];", ++ " if (yym)", ++ " yyval = yyvsp[1-yym];", ++ " else", ++ " memset(&yyval, 0, sizeof yyval);", + " switch (yyn)", + " {", + 0 -- cgit v1.2.3-65-gdbad