Version bump and libelf directory traversal fix from upstream #534000 by Agostino Sarubbo.

Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0xD2E96200

4 files changed, 150 insertions, 15 deletions

diff --git a/dev-libs/elfutils/ChangeLog b/dev-libs/elfutils/ChangeLog
index 26b702110723..ac13d7973a6c 100644
--- a/dev-libs/elfutils/ChangeLog
+++ b/dev-libs/elfutils/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-libs/elfutils
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/elfutils/ChangeLog,v 1.190 2014/09/01 09:02:16 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/elfutils/ChangeLog,v 1.191 2014/12/31 08:25:55 vapier Exp $
+
+*elfutils-0.161 (31 Dec 2014)
+
+  31 Dec 2014; Mike Frysinger <vapier@gentoo.org> +elfutils-0.161.ebuild,
+  +files/elfutils-0.161-libelf-dir-traversal.patch:
+  Version bump and libelf directory traversal fix from upstream #534000 by
+  Agostino Sarubbo.
 
 *elfutils-0.160 (01 Sep 2014)
 
diff --git a/dev-libs/elfutils/Manifest b/dev-libs/elfutils/Manifest
index 2aa934bca4ae..ae9eba8043d7 100644
--- a/dev-libs/elfutils/Manifest
+++ b/dev-libs/elfutils/Manifest
@@ -6,6 +6,7 @@ AUX elfutils-0.143-configure.patch 772 SHA256 af91d9c73612d82b3b47099c0dd8e5cfaa
 AUX elfutils-0.148-bashifications.patch 760 SHA256 e741d81d4136a1f9a720fcbb67ffbb389cf00f98e344a5102b6c89e77b150c18 SHA512 778899e982021266db3d109ca8eb9c6144e13d98d017fd4d43fbbcc118b2aaebb827dceafc5dc196b437509bbbc4a95d4b152fa493f3a94c2daaa9da2dc91f74 WHIRLPOOL 1f78c567d5460097d8ed0f5756208bb0ef74c41e8a41db16c85fa28d9bc858a71c4ccd5d2978c596d0b12ae57c9a094e8f9062f7b580db93772e38b92c5707ba
 AUX elfutils-0.150-bashifications.patch 763 SHA256 8a7f67e8adeb3ae1aeeb0b3302ed1cda10f852d3f6702d21dfb011761a2b7576 SHA512 d111c043a47f9c6bbb9e51393ad496be79618c6fda50da7870bec6998a295835e68dc0b3dc38bc2a7bbe98b2f894fc4f3c46985a4faf3bc76d92d3b5dbd845b6 WHIRLPOOL 60fbabd765c6c93c64ae81413173347d611c8f34adb38d4fb274f9f830cfedaa5e70a0009be826f4f3ee06dd5196aa480b0c7b38d3a35541037a50d3ee730d1d
 AUX elfutils-0.158-tests-backtrace-native-core.patch 1347 SHA256 2f577e225649af7f59209f6e05ef1733b665ffb835a2a598b9eb289a40b93c0e SHA512 23f77f3446b1309d0db0000d718169c6927f924e3645de6d31034fdf5cdd39423c559d5b35f485ca066d6ee5227194719c050a47cd383f93265c073c1112478d WHIRLPOOL e6b5c15ac838138c72cf17ba1f5c66da1533977e2d28b6d4325b3880ecd2926911170236bb5cff0a5170ecce74016925f0a4342f4a4d22189e70a87f37fd622b
+AUX elfutils-0.161-libelf-dir-traversal.patch 1630 SHA256 aaad1abf56c3125a1cdc56218db5339a0b4719542185d60af307a0bfc74c3a67 SHA512 f6b05c4d1da60853825a2803de9201a7c17c9511d70861f1e0f7f5d501e39b11dfda920b39290e398b367f33403b6c99bf6e38dd8e17fe4cdf91750b8c3fe9c8 WHIRLPOOL ab9b6eb384153ffd5f051aff7ec538c37f133953dab9a32a246e727fdf5f4a7f7cd50d052ffad7abdae7067a0c4c6dbbd9f01349fdbc9a765a3bb12a7d234bea
 DIST elfutils-0.146.tar.bz2 1791373 SHA256 dacd9419cc9ef36463f22cd7d7204ee7490904000045a8cdcbf3569907ecf2c8 SHA512 8c93d882b261502576051e3fc41f1469a7d2195813690792fdc104ce87dd39755f867802de0f1c2e224177a1a52671572178fcd4779287c0f5565b186fa598c5 WHIRLPOOL 5583c968dbe19e4efab6e870c8b3cf3576ae171ab241e52948a6cd850e12ba6c3b11560b931559e056fcac0217d6d62ebfcb56afadd19d916f7a2997116916be
 DIST elfutils-0.148.tar.bz2 1811640 SHA256 8aebfa4a745db21cf5429c9541fe482729b62efc7e53e9110151b4169fe887da SHA512 9282945c19a98e14dbfbd50f9fd35b3575d1361c64c865c7205a3207bd23d982ee8288b26de3d627430a7cd4b0594e67b4ce956ec482d91a4f4d03dcda01de14 WHIRLPOOL fe9ffdb4934c3d3d7bfad4df6813d913020a01c231ef788a5bfec4a45cdb89f5df1abc64a211383a3a3fee66f41efad03a7607d8892a02aba5c8bbba3bf767cc
 DIST elfutils-0.149.tar.bz2 1821994 SHA256 b81f73db935cdb5c0ddfdb4fd36aa0597b691b9204c62e5ee6bcb8c8ffabc808 SHA512 4ad5d9bc64575c7f7b397b129c197639c690957b0556cec628d97d9b12eb353a49fb27b6df3df23a4a90e7a783ab6457d44d0c27e5bb657ba87514b0600c4aeb WHIRLPOOL df5cb7e73a741177b18aca4c5573eae9b6f01cd17400f482c79b89868af4d76e8192d7a210fe17f4165d99387410dc5bca8faa06464a488934e2efa1534a8894
@@ -36,6 +37,8 @@ DIST elfutils-0.159-portability.patch 63319 SHA256 aaaa91cc9101962cdef221b290134
 DIST elfutils-0.159.tar.bz2 5469000 SHA256 fffaad1ba0c4ac5c8cee56dc195746e1f1e7197ba3eba7052ad5a3635ac1242e SHA512 c58d95c90685fb0b37f728c83e9d462be2fabe1dfb7b271b3adcde5f10c532a90b07bcc1c51dd81bf768f0cd3d22fa231fafb74fb5e79098d94a566e139408ff WHIRLPOOL 71cc156658af3ea8461c4cebcf27331a3844af470e337c18a7532fd795ea91eca035ecdc74fa71e92100bf2354b9e724490eae6305cd3ab418202938a4818684
 DIST elfutils-0.160-portability.patch 63302 SHA256 feb307acf472598ea7af4e4b439251613a8f5d81e804b4abf9aeca195a5d4254 SHA512 a408596fe114392034c7c6f42c4ef2e7a6bdeae346ad07c733eebe29c30d644984d775756b0395ab360c6107eab7d526cdcd0d4955eb8431cccf9ca8a278bca1 WHIRLPOOL cd415d959c8fdf16ea656de84c7e328bb98de1f9b98ba36bdafffca80a008c3673787843b876f6ddd37e1bc0d13283ed85548b5407c90120de164971cee6ae44
 DIST elfutils-0.160.tar.bz2 5391252 SHA256 741b556863c069ceab2d81eb54aeda8c34f46728859704eaf9baef8503e9a9d1 SHA512 2df392739ae05e1a9ad333a02cc13e088f39370e3d14482072384b0b5285d5ba73e35562cc6c99211272f36744e657081d6d18e16e8c8519e49a51ece9151330 WHIRLPOOL afafd0c2fd2672c7b0e9cb4cdd4fc710fa38c819b7f117673e99cace7931594f03a46085a87fb4e819243572abc52f695d37cc03522bb46cdc6498be9f209582
+DIST elfutils-0.161-portability.patch 63317 SHA256 bf0363d03e1e4668778eb4e7ddd10e405a22f753b3ad813a537fc01164d1e3fe SHA512 78a8a46b5eaf0326916b79f2502d8e66dabd2783c5661248482572b1528173c5e47f84868693ba58bbf015dfeb3f9897bfe72a778d22aa1b396e7da81b2512b5 WHIRLPOOL bdaa682d3c4113f0d54409afe4d22a0e56f0b28d8f1e69e2c0c16cd31cf12341df56259d3ab38e70b840dd449b2686e7823d4961b282b76de5dde8c458f4e97a
+DIST elfutils-0.161.tar.bz2 5524766 SHA256 570c91a1783fa5386aaa2dfdd08dda1de777c2b63bf3b9c1437d635ffdd7a070 SHA512 c5061faa01cb6f211c326574f10bd5eb4fe8437afb2581f26cf34e88053d7bd91dc47bae1c8bdd143c35cad055bf48eab1e03acf4069a8e8843643ecf2a198df WHIRLPOOL adf14b937b38fff1de0e0cd18a6866d4080ed6ee80fab73a45c1b94ffe546fe4c1662b090f6802a522c5103fb7826fac46c5e4ccfc8441f09025285722d08ede
 EBUILD elfutils-0.146.ebuild 1865 SHA256 1a85b1753d566f54a590f558564864abb45cb347d20dfb43cd927b7fba3e8009 SHA512 039a5283b6d342460a2a205c7d546e8f42d3a9c615ef768e2406fb729d4ca001ffe7c7422acfeb828f0a148f68df97b4f2a2028ae4fa486e6a39e4b49f49b91f WHIRLPOOL 04872a2a2c15f9bc7955e2d655346a6137f2f40d122dc2faf226a6bc945c883d31a233af8adc517a4d9a8186d01c921aedc6d63ce0fc24069f76696543adaf3b
 EBUILD elfutils-0.148.ebuild 1881 SHA256 bd1ff4660130ad2f89925a84e2a145770d8fc3e375aa2834f8050e2e7e63cc65 SHA512 678a1e07b426b321e0b0ad0f68200c418903c7e08d9844f4ce9cb5adcea8ecb6e8f009436fbd1180847e4ccad6274f6c521cefb9019b719b4f2f1452d99a8572 WHIRLPOOL 5c9c72b4ba0847140e9b12e75f7b7099f6139dd334f83a900629773fa943df9975762f0f3b04256a8de699dafdfd052802950124990470652fd1bd9902e3e7c8
 EBUILD elfutils-0.149.ebuild 1728 SHA256 2b7fb3835eded3175ff91b5fb45f57526b7a8467c58538c85fd21d6de3ac1647 SHA512 e20141aeb66c6a1c6152dff877b5304447e1c6bba5402812374b9aa4d3b5abf894acbb177561952ddec679ba1c2d2c6bd74d209aad0c1e8238eadd97ff24c8c2 WHIRLPOOL a8ded281d1593ecb7846a9d5e6602e0650d82eb05b2d2753b6c773255a7cc0e33f5a47f3faf05eaddcb06250bb16473ccc4f59a4b485d79c8f46d224d45279fa
@@ -53,22 +56,23 @@ EBUILD elfutils-0.157.ebuild 2579 SHA256 0d129ff586fb37f60fdebab13e9f2886623a6e7
 EBUILD elfutils-0.158.ebuild 2642 SHA256 4377a641882a451677bfbb1ce3e71ccb1f8f604712cf56c8f3f4766f64ceae38 SHA512 40563766099fccd8ad76a5db5d6e6f2c928f18c9b1fe51c2f874fe8db9b9ff80647f2c9e04855c2ece4021efee7f3fd38f001d5e170678f2265edf94dc29077a WHIRLPOOL c5873c6f8d73016876f8a56da313452d0ed01a722c031cac0a347a65aa4276ce82b36bc0691de72e41bf832bcbd1d94392cb3ccfba061046ca4299ec9f50ad5d
 EBUILD elfutils-0.159.ebuild 2513 SHA256 6c037351d74c4a7066c61fc89106f34539847c2724a6f7af5b567216f7ac87b2 SHA512 1075354264cb90447676e239a7a3b20b1b0bb77bc5ffdb5d8fe5aa0134a8dc73ebb7a73dfe2f06a4ae8cf1b941de8f3ec3780430f814f3557dfd2a6022773576 WHIRLPOOL 8f72504bba17d5b6ffbdc0604e9a52bcb40c6d9a71c4b675baa9e63678b15e41a8f1a569ce0f01edc145d41e8d2aa18d3a9f058b3a6ca7f079e51ff5c738dec2
 EBUILD elfutils-0.160.ebuild 2513 SHA256 def8515851f86cc2ec178b26d40474a7bbcd933c9aad8a9b64ba9674dbb43876 SHA512 1d0db5c5c0098d26fa1e398b805f7ada10dd802146b2628ff288ef1b7f8336b95ffed36dc1ddc3e05743ac1bbf3d0dd16fe52f86742c6584d038a583d224e782 WHIRLPOOL 8d83e8e16a311d610b71c3367904c88beb65ab1cf45e079273d2cdf3aabcebe4b37aba0d7e0dd03901430d6e5ac6910fd862f6c82400dbc270933e3166899a13
-MISC ChangeLog 25603 SHA256 82ddf65219b4952e245ec95ec9ef37e1ad390868b760d4c0c30337686e2a3db6 SHA512 cab1ae640a65d33668b774b2f7297e94f140a003c68a20eb4dfd08a5cd3f319f4ae60d87f7961ca7e86a66d545641526a1b4e4e09a7c74c3a3137e29cd872a5b WHIRLPOOL ed5499671570cc7e5972433dec46c1d8e7f072b3c725738fc0b703183d59a8166272862054c2b643c5c5fc0209426668cdf062b1c3f88dac052b16be0a71d474
+EBUILD elfutils-0.161.ebuild 2581 SHA256 94d8596de174657178f41bd6c228d065c1c0edf6fc956892573fac6952adaea5 SHA512 7d09412b68daefb5848bf304585d57f14d41d0cfd569b52510572e2f89f4c0f291c9d8b05a965328a34e1b0b9072ae5161cb93ef235966e8bf4aee60d9efdc33 WHIRLPOOL 4e7176e1ebf0241e4766b3a1f093c4c231517a1177533f5799e4c390edba2888fba4fa1070911faf33f12e1271457d7c3d236c654c1f5ff9e6f71c55a2d81dab
+MISC ChangeLog 25856 SHA256 6412d727917f39e2e2db4a679bc8cc6546a0379f30d584a4006996481f8e0a6c SHA512 6d68ae2ae81036f53b3b05312521a90b20a1cc1b8bb48b86f20ff351baa5e65c010164b6404e7bc503f87102a2415fe46f4e8fc916b1ef7f550f36a499a87a08 WHIRLPOOL b13961d941e7f32e324a8e5134c3116899cf2f5ec27470dd5d4789f5b070bfaa5e43096ca2cda6b1f99bdce37a5a3d7e707d986d7642d84e797c170e99d55826
 MISC metadata.xml 438 SHA256 33cbcbd727257fa6d03488d531c099d33f4c3e4db3cf3739d11d8d4cd8266b37 SHA512 e013123116aa3a3f00fa77cc3e9d18a5c1f481dd304ee6af6e77e3e5e44fb9e3f94ac542fc10fb0c59dea6699c15cce11b1513c061494919f1e821120fb162d9 WHIRLPOOL f07f16d5235c538cef44daca3210ad7374af35705b6562b9bb17b2a5532ba0ed6ea32d1d7f23e93c899e8868503f7a9f8994d2454ca144c45ae7e9317fb0cabd
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJUBDYnAAoJEPGu1DbS6WIA1zgP/3ye5XuVM1k1vUNK7gxI359g
-GW4lTKWtuf4LpnAuhOxlWzC3WOENX+UqnTSQt27o3HO7hpAh3wBLJxqQzi2PGMFo
-zB/0bipB1RO9VBMgF+aWCnLxaNdJJHEfdFZlHwc5EU1LaFofpcIVAysblnMhR/Jf
-6Gn2t/xij9QQ2+VPZcixEMdLkFqKCkCtp/N8t4ZwFTyA4vOjSScKpW0sbZysO4GV
-VvwYWif8B1xKfzjSA39ljK+/QXTInWbgGGgZcGamDm1IU6NyxPLc8xr7Ron0GObG
-8neSa5AEYrIvn+EwPpn3TAgIUFIIPc6/aHVwkYRZDMfG+MNmjxj3rZpfhAT+AlOW
-cVi9qdpbLFM1hU8VmnXzy9FtSUkWfdp0OuuVdhYxN/bo164pXqnKeS8VrfaY3UN6
-S+1UMrLG/9Autp5rEJFeE2LTqOBPR/M2EmRUhT5YvpaL1jQ1uK40iXXs9HE18xg4
-kY4TaKAoHNh5utGG29/qdsKL0vjWDY+cwZqF43JVplgcf0+qyf5uATTnmo6SchOb
-wJl+hxem/iXD7qTN3GRSuWSDhO98aPBNNZ8riRUCdYjyd7IDqz1h7NvEUEG2neGK
-6HYKgknxmpQZZ9QlrFA96UGp9i23Rx2hb+YLVDqWLmhSWXx66yGx0vk6rM/dweAT
-4F5shYy0Mky/tpH36d9K
-=cNlH
+iQIcBAEBCAAGBQJUo7MVAAoJEPGu1DbS6WIA2zIP/R5GoiFjddVk1RLytZptJXDw
+hEjwDN5YYE4rZJyea2RSL7B6N/bFeuCMfq0/JQw6I/glNGPOa/kypKKjxK/zuCCH
+pepFTLciE7e282XeUEha3Qdx/Ioqq54KZVIUABHzwrznHO5L79Pb8gqrZEIZTolR
+2uTlz0WKhTe7ubQn4M2ftN9eMAzz4cn2N7kI+rGRFX3BzlCYM1I2uWcNMe7U4eMa
+xUQCSm7QC9q1Siw/4bh4XvEWIIPoBWQtFiqSCdsFz7qi99e4r6g8LuqbLdnW18Lb
+7t39P0O20p+zJFnuikrW/kiLCyk85cu0J7SqgE4vGMOsxv9BKkqzMgUrh8M7GlgN
+dQEY3eMSVgug1HQIkAKfsZ2+iqKPSdwhdLEMqd1y3K9NXgyYKsG5o5wJfcwhSI6D
+x3UfEoAyJ5NOZkGD0oqcaHH2CZphd15MCUuVMHVy7b0pQTuWszif2yWS5iLtsk1b
+HTF3hyDmVrThpdeIaaWrwfhzAYs0qL4/X1BuQazuC1FHNEF87qXu6SHh2w1MD8pI
+v6H/01YlcPeJMr6gDVijOhBj1sNVuDI8oFify5FNq8ExYDd7jx7V5UdDCW9RKry+
+A4hPRtm0S0RrDQUiEgITssdwK8c0n5LsGArKNoXayLM1SfzaMrxy0iRGMoNyZofL
+ANwa6Z3c6YW1C0PCXFx8
+=3goW
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/elfutils/elfutils-0.161.ebuild b/dev-libs/elfutils/elfutils-0.161.ebuild
new file mode 100644
index 000000000000..39244bd4d158
--- /dev/null
+++ b/dev-libs/elfutils/elfutils-0.161.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/elfutils/elfutils-0.161.ebuild,v 1.1 2014/12/31 08:25:55 vapier Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic multilib-minimal
+
+DESCRIPTION="Libraries/utilities to handle ELF objects (drop in replacement for libelf)"
+HOMEPAGE="https://fedorahosted.org/elfutils/"
+SRC_URI="https://fedorahosted.org/releases/e/l/${PN}/${PV}/${P}.tar.bz2
+	https://fedorahosted.org/releases/e/l/${PN}/${PV}/${PN}-portability-${PV}.patch -> ${P}-portability.patch"
+
+LICENSE="GPL-2-with-exceptions"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="bzip2 lzma nls static-libs test +threads +utils zlib"
+
+# This pkg does not actually seem to compile currently in a uClibc
+# environment (xrealloc errs), but we need to ensure that glibc never
+# gets pulled in as a dep since this package does not respect virtual/libc
+RDEPEND="zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	bzip2? ( >=app-arch/bzip2-1.0.6-r4[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
+	!dev-libs/libelf
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20130224-r11
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )
+	>=sys-devel/flex-2.5.4a
+	sys-devel/m4"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-0.118-PaX-support.patch
+	epatch "${DISTDIR}"/${P}-portability.patch
+	epatch "${FILESDIR}"/${P}-libelf-dir-traversal.patch #534000
+	use static-libs || sed -i -e '/^lib_LIBRARIES/s:=.*:=:' -e '/^%.os/s:%.o$::' lib{asm,dw,elf}/Makefile.in
+	sed -i 's:-Werror::' */Makefile.in
+	# some patches touch both configure and configure.ac
+	find -type f -exec touch -r configure {} +
+}
+
+src_configure() {
+	use test && append-flags -g #407135
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		--disable-werror \
+		$(use_enable nls) \
+		$(use_enable threads thread-safety) \
+		--program-prefix="eu-" \
+		$(use_with zlib) \
+		$(use_with bzip2 bzlib) \
+		$(use_with lzma)
+}
+
+multilib_src_test() {
+	env	LD_LIBRARY_PATH="${BUILD_DIR}/libelf:${BUILD_DIR}/libebl:${BUILD_DIR}/libdw:${BUILD_DIR}/libasm" \
+		LC_ALL="C" \
+		emake check || die
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	dodoc NOTES
+	# These build quick, and are needed for most tests, so don't
+	# disable their building when the USE flag is disabled.
+	use utils || rm -rf "${ED}"/usr/bin
+}
diff --git a/dev-libs/elfutils/files/elfutils-0.161-libelf-dir-traversal.patch b/dev-libs/elfutils/files/elfutils-0.161-libelf-dir-traversal.patch
new file mode 100644
index 000000000000..84a28c71d234
--- /dev/null
+++ b/dev-libs/elfutils/files/elfutils-0.161-libelf-dir-traversal.patch
@@ -0,0 +1,51 @@
+https://bugs.gentoo.org/534000
+
+From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001
+From: Alexander Cherepanov <cherepan@mccme.ru>
+Date: Sun, 28 Dec 2014 19:57:19 +0300
+Subject: [PATCH] libelf: Fix dir traversal vuln in ar extraction.
+
+read_long_names terminates names at the first '/' found but then skips
+one character without checking (it's supposed to be '\n'). Hence the
+next name could start with any character including '/'. This leads to
+a directory traversal vulnerability at the time the contents of the
+archive is extracted.
+
+The danger is mitigated by the fact that only one '/' is possible in a
+resulting filename and only in the leading position. Hence only files
+in the root directory can be written via this vuln and only when ar is
+executed as root.
+
+The fix for the vuln is to not skip any characters while looking
+for '/'.
+
+Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
+---
+ libelf/ChangeLog   | 5 +++++
+ libelf/elf_begin.c | 5 +----
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+2014-12-28  Alexander Cherepanov  <cherepan@mccme.ru>
+
+	* elf_begin.c (read_long_names): Don't miss '/' right after
+	another '/'. Fixes a dir traversal vuln in ar extraction.
+
+diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
+index 30abe0b..cd3756c 100644
+--- a/libelf/elf_begin.c
++++ b/libelf/elf_begin.c
+@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
+ 	    }
+ 
+ 	  /* NUL-terminate the string.  */
+-	  *runp = '\0';
+-
+-	  /* Skip the NUL byte and the \012.  */
+-	  runp += 2;
++	  *runp++ = '\0';
+ 
+ 	  /* A sanity check.  Somebody might have generated invalid
+ 	     archive.  */
+-- 
+2.2.1
+