debian/0000775000000000000000000000000013005732251007166 5ustar debian/control0000664000000000000000000000166013001521071010564 0ustar Source: dwarfutils Section: libs Priority: optional Maintainer: Fabian Wolff Uploaders: Build-Depends: debhelper (>> 9), quilt (>= 0.47), libelf-dev, binutils-dev Standards-Version: 3.9.3.1 Package: dwarfdump Section: utils Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: utility to dump DWARF debug information from ELF objects This package contains the newer implementation of dwarfdump written in C++, sometimes called dwarfdump2. . This utility is part of dwarfutils. Package: libdwarf-dev Section: libdevel Architecture: any Conflicts: libdw-dev Depends: ${shlibs:Depends}, ${misc:Depends} Description: library to consume and produce DWARF debug information The libdwarf package provides a shared library which allows reading/consumer and writing/producer of DWARF debugging information from object files, shared libraries, and executables. . This library is part of dwarfutils. debian/patches/0000775000000000000000000000000013001521071010605 5ustar debian/patches/dwarfutils_hurd.patch0000664000000000000000000000232412771456121015055 0ustar Index: dwarfutils-20120410/dwarfdump2/print_die.cc =================================================================== --- dwarfutils-20120410.orig/dwarfdump2/print_die.cc 2012-06-19 16:52:34.000000000 +0000 +++ dwarfutils-20120410/dwarfdump2/print_die.cc 2012-06-19 16:53:19.000000000 +0000 @@ -1222,8 +1222,8 @@ /* Get the global offset for reference */ res = dwarf_global_formref(attrib, &ref_off, &err); if (res != DW_DLV_OK) { - int errno = dwarf_errno(err); - if (errno == DW_DLE_REF_SIG8_NOT_HANDLED ) { + int ferrno = dwarf_errno(err); + if (ferrno == DW_DLE_REF_SIG8_NOT_HANDLED ) { // No need to stop, ref_sig8 refers out of // the current section. break; @@ -1234,8 +1234,8 @@ } res = dwarf_dieoffset(die, &die_off, &err); if (res != DW_DLV_OK) { - int errno = dwarf_errno(err); - if (errno == DW_DLE_REF_SIG8_NOT_HANDLED ) { + int ferrno = dwarf_errno(err); + if (ferrno == DW_DLE_REF_SIG8_NOT_HANDLED ) { // No need to stop, ref_sig8 refers out of // the current section. break; debian/patches/CVE-2015-8750.patch0000664000000000000000000000103013001521071013223 0ustar Description: Fix for CVE-2015-8750 (NULL dereference) Origin: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697 Bug-Debian: https://bugs.debian.org/813182 --- a/libdwarf/dwarf_elf_access.c +++ b/libdwarf/dwarf_elf_access.c @@ -932,6 +932,10 @@ *error = DW_DLE_MDE; return DW_DLV_ERROR; } + if (!data->d_buf) { + *error = DW_DLE_MDE; + return DW_DLV_ERROR; + } *section_data = data->d_buf; } return DW_DLV_OK; debian/patches/CVE-2016-5042.patch0000664000000000000000000001463013001521071013225 0ustar Description: Fix for CVE-2016-5042 In dwarf_get_aranges_list() an invalid count will iterate, reading from memory addresses that increase till it all fails. Origin: backport, https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f --- a/libdwarf/dwarf_arange.c +++ b/libdwarf/dwarf_arange.c @@ -102,13 +102,12 @@ /* Length of current set of aranges. */ Dwarf_Unsigned length = 0; Dwarf_Small remainder = 0; - Dwarf_Small *arange_ptr_past_end = 0; Dwarf_Unsigned range_entry_size = 0; - int local_length_size; /*REFERENCED*/ /* Not used in this instance of the macro */ int local_extension_size = 0; + Dwarf_Small *end_this_arange = 0; header_ptr = arange_ptr; @@ -116,11 +115,19 @@ READ_AREA_LENGTH(dbg, length, Dwarf_Unsigned, arange_ptr, local_length_size, local_extension_size); - arange_ptr_past_end = arange_ptr + length; + + if ((length + local_length_size + local_extension_size) > + dbg->de_debug_aranges.dss_size) { + _dwarf_error(dbg, error, DW_DLE_ARANGES_HEADER_ERROR); + return DW_DLV_ERROR; + } + + end_this_arange = arange_ptr + length; - READ_UNALIGNED(dbg, version, Dwarf_Half, - arange_ptr, sizeof(Dwarf_Half)); + READ_UNALIGNED_CK(dbg, version, Dwarf_Half, + arange_ptr, sizeof(Dwarf_Half), + error,end_this_arange); arange_ptr += sizeof(Dwarf_Half); length = length - sizeof(Dwarf_Half); if (version != CURRENT_VERSION_STAMP) { @@ -128,8 +135,9 @@ return (DW_DLV_ERROR); } - READ_UNALIGNED(dbg, info_offset, Dwarf_Off, - arange_ptr, local_length_size); + READ_UNALIGNED_CK(dbg, info_offset, Dwarf_Off, + arange_ptr, local_length_size, + error, end_this_arange); arange_ptr += local_length_size; length = length - local_length_size; /* This applies to debug_info only, not to debug_types. */ @@ -243,14 +251,14 @@ DWARF2,3,4 section 7.20 We stop short to avoid overrun of the end of the CU. */ - } while (arange_ptr_past_end >= (arange_ptr + range_entry_size)); + } while (end_this_arange >= (arange_ptr + range_entry_size)); /* A compiler could emit some padding bytes here. dwarf2/3 (dwarf4 sec 7.20) does not clearly make extra padding bytes illegal. */ - if (arange_ptr_past_end < arange_ptr) { + if (end_this_arange < arange_ptr) { char buf[200]; - Dwarf_Unsigned pad_count = arange_ptr - arange_ptr_past_end; + Dwarf_Unsigned pad_count = arange_ptr - end_this_arange; Dwarf_Unsigned offset = arange_ptr - arange_ptr_start; snprintf(buf,sizeof(buf),"DW_DLE_ARANGE_LENGTH_BAD." " 0x%" DW_PR_XZEROS DW_PR_DUx @@ -259,9 +267,9 @@ pad_count, offset); dwarf_insert_harmless_error(dbg,buf); } - /* For most compilers, arange_ptr == arange_ptr_past_end at + /* For most compilers, arange_ptr == end_this_arange at this point. But not if there were padding bytes */ - arange_ptr = arange_ptr_past_end; + arange_ptr = end_this_arange; } while (arange_ptr < dbg->de_debug_aranges.dss_data + dbg->de_debug_aranges.dss_size); --- a/libdwarf/dwarf_error.c +++ b/libdwarf/dwarf_error.c @@ -329,6 +329,9 @@ "DW_DLE_GNU_OPCODE_ERROR (240)", "DW_DLE_RELOC_INVALID (241)", "DW_DLE_UNKNOWN_FORM (242) Possibly corrupt DWARF data", + "DW_DLE_READ_LITTLEENDIAN_ERROR (243)", + "DW_DLE_READ_BIGENDIAN_ERROR (244)", + "DW_DLE_ARANGES_HEADER_ERROR (245)", }; --- a/libdwarf/dwarf_util.h +++ b/libdwarf/dwarf_util.h @@ -130,6 +130,18 @@ dest = (desttype)_ltmp; \ } while (0) +#define READ_UNALIGNED_CK(dbg,dest,desttype, source, length,error,endptr) \ + do { \ + BIGGEST_UINT _ltmp = 0; \ + Dwarf_Byte_Ptr readend = source+length; \ + if (readend > endptr) { \ + _dwarf_error(dbg, error, DW_DLE_READ_LITTLEENDIAN_ERROR); \ + return DW_DLV_ERROR; \ + } \ + dbg->de_copy_word( (((char *)(&_ltmp)) + sizeof(_ltmp) - length), \ + source, length); \ + dest = (desttype)_ltmp; \ + } while (0) /* This macro sign-extends a variable depending on the length. @@ -155,6 +167,17 @@ dest = (desttype)_ltmp; \ } while (0) +#define READ_UNALIGNED_CK(dbg,dest,desttype, source, length,error,endptr) \ + do { \ + BIGGEST_UINT _ltmp = 0; \ + Dwarf_Byte_Ptr readend = source+length; \ + if (readend > endptr) { \ + _dwarf_error(dbg, error, DW_DLE_READ_BIGENDIAN_ERROR); \ + return DW_DLV_ERROR; \ + } \ + dbg->de_copy_word( (char *)(&_ltmp), source, length); \ + dest = (desttype)_ltmp; \ + } while (0) /* This macro sign-extends a variable depending on the length. --- a/libdwarf/libdwarf.h +++ b/libdwarf/libdwarf.h @@ -1063,10 +1063,13 @@ #define DW_DLE_GNU_OPCODE_ERROR 240 #define DW_DLE_RELOC_INVALID 241 #define DW_DLE_UNKNOWN_FORM 242 +#define DW_DLE_READ_LITTLEENDIAN_ERROR 243 +#define DW_DLE_READ_BIGENDIAN_ERROR 244 +#define DW_DLE_ARANGES_HEADER_ERROR 245 /* DW_DLE_LAST MUST EQUAL LAST ERROR NUMBER */ -#define DW_DLE_LAST 242 +#define DW_DLE_LAST 245 #define DW_DLE_LO_USER 0x10000 /* Taken as meaning 'undefined value', this is not debian/patches/CVE-2015-8538.patch0000664000000000000000000002604013001521071013237 0ustar Description: Fix for CVE-2015-8538 (OOB read) Origin: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/ Bug-Debian: https://bugs.debian.org/807817 --- a/libdwarf/dwarf_abbrev.c +++ b/libdwarf/dwarf_abbrev.c @@ -126,6 +126,10 @@ attr = (Dwarf_Half) utmp2; DECODE_LEB128_UWORD(abbrev_ptr, utmp2); attr_form = (Dwarf_Half) utmp2; + if (!_dwarf_valid_form_we_know(dbg,attr_form,attr)) { + _dwarf_error(NULL, error, DW_DLE_UNKNOWN_FORM); + return DW_DLV_ERROR; + } if (attr != 0) (labbr_count)++; --- a/libdwarf/dwarf_die_deliv.c +++ b/libdwarf/dwarf_die_deliv.c @@ -657,13 +657,15 @@ Dwarf_Byte_Ptr info_ptr = 0; Dwarf_Byte_Ptr abbrev_ptr = 0; Dwarf_Word abbrev_code = 0; - Dwarf_Abbrev_List abbrev_list; + Dwarf_Abbrev_List abbrev_list = 0; Dwarf_Half attr = 0; Dwarf_Half attr_form = 0; Dwarf_Unsigned offset = 0; Dwarf_Word leb128_length = 0; Dwarf_Unsigned utmp = 0; Dwarf_Debug dbg = 0; + Dwarf_Error error = 0; + int lres = 0; info_ptr = die_info_ptr; DECODE_LEB128_UWORD(info_ptr, utmp); @@ -673,8 +675,8 @@ } - abbrev_list = _dwarf_get_abbrev_for_code(cu_context, abbrev_code); - if (abbrev_list == NULL) { + lres = _dwarf_get_abbrev_for_code(cu_context, abbrev_code, &abbrev_list, &error); + if (lres == DW_DLV_ERROR || lres == DW_DLV_NO_ENTRY) { return (NULL); } dbg = cu_context->cc_dbg; @@ -833,6 +835,7 @@ Dwarf_Byte_Ptr die_info_end = 0; Dwarf_Word abbrev_code = 0; Dwarf_Unsigned utmp = 0; + int lres = 0; /* Since die may be NULL, we rely on the input argument. */ Dwarf_Debug_InfoTypes dis = is_info? &dbg->de_info_reading: &dbg->de_types_reading; @@ -962,9 +965,13 @@ return (DW_DLV_NO_ENTRY); } ret_die->di_abbrev_code = abbrev_code; - ret_die->di_abbrev_list = - _dwarf_get_abbrev_for_code(ret_die->di_cu_context, abbrev_code); - if (ret_die->di_abbrev_list == NULL ) { + lres = _dwarf_get_abbrev_for_code(ret_die->di_cu_context, abbrev_code, + &ret_die->di_abbrev_list, error); + if (lres == DW_DLV_ERROR) { + dwarf_dealloc(dbg, ret_die, DW_DLA_DIE); + return lres; + } + if (lres == DW_DLV_NO_ENTRY) { dwarf_dealloc(dbg, ret_die, DW_DLA_DIE); _dwarf_error(dbg, error, DW_DLE_DIE_ABBREV_LIST_NULL); return (DW_DLV_ERROR); @@ -1073,12 +1080,19 @@ return DW_DLV_NO_ENTRY; } ret_die->di_abbrev_code = abbrev_code; - ret_die->di_abbrev_list = - _dwarf_get_abbrev_for_code(die->di_cu_context, abbrev_code); - if (ret_die->di_abbrev_list == NULL) { - dwarf_dealloc(dbg, ret_die, DW_DLA_DIE); - _dwarf_error(dbg, error, DW_DLE_DIE_BAD); - return (DW_DLV_ERROR); + + { + int lres = _dwarf_get_abbrev_for_code(die->di_cu_context, abbrev_code, + &ret_die->di_abbrev_list, error); + if (lres == DW_DLV_ERROR) { + dwarf_dealloc(dbg, ret_die, DW_DLA_DIE); + return lres; + } + if (lres == DW_DLV_NO_ENTRY) { + dwarf_dealloc(dbg, ret_die, DW_DLA_DIE); + _dwarf_error(dbg, error, DW_DLE_DIE_BAD); + return (DW_DLV_ERROR); + } } *caller_ret_die = ret_die; @@ -1111,6 +1125,7 @@ Dwarf_Byte_Ptr info_ptr = 0; Dwarf_Unsigned abbrev_code = 0; Dwarf_Unsigned utmp = 0; + int lres = 0; Dwarf_Debug_InfoTypes dis = 0; @@ -1201,9 +1216,13 @@ return DW_DLV_NO_ENTRY; } die->di_abbrev_code = abbrev_code; - die->di_abbrev_list = - _dwarf_get_abbrev_for_code(cu_context, abbrev_code); - if (die->di_abbrev_list == NULL) { + lres = _dwarf_get_abbrev_for_code(cu_context, abbrev_code, + &die->di_abbrev_list, error); + if (lres == DW_DLV_ERROR) { + dwarf_dealloc(dbg, die, DW_DLA_DIE); + return lres; + } + if (lres == DW_DLV_NO_ENTRY) { dwarf_dealloc(dbg, die, DW_DLA_DIE); _dwarf_error(dbg, error, DW_DLE_DIE_ABBREV_LIST_NULL); return (DW_DLV_ERROR); --- a/libdwarf/dwarf_error.c +++ b/libdwarf/dwarf_error.c @@ -328,6 +328,7 @@ "DW_DLE_DEBUG_TYPEOFFSET_BAD (239)", "DW_DLE_GNU_OPCODE_ERROR (240)", "DW_DLE_RELOC_INVALID (241)", + "DW_DLE_UNKNOWN_FORM (242) Possibly corrupt DWARF data", }; --- a/libdwarf/dwarf_query.c +++ b/libdwarf/dwarf_query.c @@ -189,14 +189,19 @@ Dwarf_Attribute *attr_ptr = 0; Dwarf_Debug dbg = 0; Dwarf_Byte_Ptr info_ptr = 0; + int lres = 0; CHECK_DIE(die, DW_DLV_ERROR); dbg = die->di_cu_context->cc_dbg; - abbrev_list = _dwarf_get_abbrev_for_code(die->di_cu_context, - die->di_abbrev_list->ab_code); - if (abbrev_list == NULL) { - _dwarf_error(dbg, error, DW_DLE_DIE_ABBREV_BAD); + lres = _dwarf_get_abbrev_for_code(die->di_cu_context, + die->di_abbrev_list->ab_code, + &abbrev_list,error); + if (lres == DW_DLV_ERROR) { + return lres; + } + if (lres == DW_DLV_NO_ENTRY) { + _dwarf_error(dbg, error, DW_DLE_DIE_BAD); return (DW_DLV_ERROR); } abbrev_ptr = abbrev_list->ab_abbrev_ptr; @@ -211,6 +216,10 @@ attr = (Dwarf_Half) utmp2; DECODE_LEB128_UWORD(abbrev_ptr, utmp2); attr_form = (Dwarf_Half) utmp2; + if (!_dwarf_valid_form_we_know(dbg,attr_form,attr)) { + _dwarf_error(dbg, error, DW_DLE_UNKNOWN_FORM); + return DW_DLV_ERROR; + } if (attr != 0) { new_attr = @@ -298,10 +307,14 @@ Dwarf_Half curr_attr = 0; Dwarf_Half curr_attr_form = 0; Dwarf_Byte_Ptr info_ptr = 0; + Dwarf_Error error = 0; + int lres = 0; - abbrev_list = _dwarf_get_abbrev_for_code(die->di_cu_context, - die->di_abbrev_list->ab_code); - if (abbrev_list == NULL) { + lres = _dwarf_get_abbrev_for_code(die->di_cu_context, + die->di_abbrev_list->ab_code, + &abbrev_list, + &error); + if (lres == DW_DLV_NO_ENTRY || lres == DW_DLV_ERROR) { *attr_form = 0; return (NULL); } --- a/libdwarf/dwarf_util.c +++ b/libdwarf/dwarf_util.c @@ -222,6 +222,23 @@ } } +#define TRUE 1 +#define FALSE 0 + +int _dwarf_valid_form_we_know (Dwarf_Debug dbg, Dwarf_Unsigned at_form, Dwarf_Unsigned at_name) +{ + if (at_form == 0 && at_name == 0) { + return TRUE; + } + if (at_name == 0) { + return FALSE; + } + if (at_form <= DW_FORM_ref_sig8) { + return TRUE; + } + return FALSE; +} + /* This function returns a pointer to a Dwarf_Abbrev_List_s struct for the abbrev with the given code. It puts the struct on the appropriate hash table. It also adds all @@ -247,8 +264,8 @@ never moves once allocated, so the pointer is safe to return. Returns NULL on error. */ -Dwarf_Abbrev_List -_dwarf_get_abbrev_for_code(Dwarf_CU_Context cu_context, Dwarf_Unsigned code) +int _dwarf_get_abbrev_for_code(Dwarf_CU_Context cu_context, Dwarf_Unsigned code, + Dwarf_Abbrev_List *list_out, Dwarf_Error *error) { Dwarf_Debug dbg = cu_context->cc_dbg; Dwarf_Hash_Table hash_table_base = cu_context->cc_abbrev_hash_table; @@ -276,7 +293,7 @@ DW_DLA_HASH_TABLE_ENTRY, hash_table_base->tb_table_entry_count); if(! hash_table_base->tb_entries) { - return NULL; + return DW_DLV_NO_ENTRY; } } else if (hash_table_base->tb_total_abbrev_count > @@ -290,7 +307,7 @@ newht.tb_table_entry_count); if(! newht.tb_entries) { - return NULL; + return DW_DLV_NO_ENTRY; } /* Copy the existing entries to the new table, rehashing each. */ @@ -318,7 +335,8 @@ if (hash_abbrev_entry != NULL) { /* This returns a pointer to an abbrev list entry, not the list itself. */ - return (hash_abbrev_entry); + *list_out = hash_abbrev_entry; + return DW_DLV_OK; } abbrev_ptr = cu_context->cc_last_abbrev_ptr != NULL ? @@ -330,22 +348,23 @@ /* End of abbrev's as we are past the end entirely. THis can happen */ if (abbrev_ptr > end_abbrev_ptr) { - return (NULL); + return DW_DLV_NO_ENTRY; } /* End of abbrev's for this cu, since abbrev code is 0. */ if (*abbrev_ptr == 0) { - return (NULL); + return DW_DLV_NO_ENTRY; } do { unsigned new_hashable_val = 0; DECODE_LEB128_UWORD(abbrev_ptr, abbrev_code); DECODE_LEB128_UWORD(abbrev_ptr, abbrev_tag); + unsigned long abcount = 0; inner_list_entry = (Dwarf_Abbrev_List) _dwarf_get_alloc(cu_context->cc_dbg, DW_DLA_ABBREV_LIST, 1); if (inner_list_entry == NULL) { - return (NULL); + return DW_DLV_NO_ENTRY; } new_hashable_val = abbrev_code; @@ -363,11 +382,17 @@ inner_list_entry->ab_has_child = *(abbrev_ptr++); inner_list_entry->ab_abbrev_ptr = abbrev_ptr; + hash_table_base->tb_total_abbrev_count++; + /* Cycle thru the abbrev content, ignoring the content except to find the end of the content. */ do { DECODE_LEB128_UWORD(abbrev_ptr, attr_name); DECODE_LEB128_UWORD(abbrev_ptr, attr_form); + if (!_dwarf_valid_form_we_know(dbg,attr_form,attr_name)) { + _dwarf_error(dbg,error,DW_DLE_UNKNOWN_FORM); + return DW_DLV_ERROR; + } } while (attr_name != 0 && attr_form != 0); /* We may have fallen off the end of content, that is not @@ -377,7 +402,11 @@ *abbrev_ptr != 0 && abbrev_code != code); cu_context->cc_last_abbrev_ptr = abbrev_ptr; - return (abbrev_code == code ? inner_list_entry : NULL); + if(abbrev_code == code) { + *list_out = inner_list_entry; + return DW_DLV_OK; + } + return DW_DLV_NO_ENTRY; } --- a/libdwarf/dwarf_util.h +++ b/libdwarf/dwarf_util.h @@ -300,9 +300,8 @@ -Dwarf_Abbrev_List -_dwarf_get_abbrev_for_code(Dwarf_CU_Context cu_context, - Dwarf_Unsigned code); +int _dwarf_get_abbrev_for_code(Dwarf_CU_Context cu_context, Dwarf_Unsigned code, + Dwarf_Abbrev_List *list_out, Dwarf_Error *error); /* return 1 if string ends before 'endptr' else --- a/libdwarf/libdwarf.h +++ b/libdwarf/libdwarf.h @@ -1062,10 +1062,11 @@ #define DW_DLE_DEBUG_TYPEOFFSET_BAD 239 #define DW_DLE_GNU_OPCODE_ERROR 240 #define DW_DLE_RELOC_INVALID 241 +#define DW_DLE_UNKNOWN_FORM 242 /* DW_DLE_LAST MUST EQUAL LAST ERROR NUMBER */ -#define DW_DLE_LAST 241 +#define DW_DLE_LAST 242 #define DW_DLE_LO_USER 0x10000 /* Taken as meaning 'undefined value', this is not debian/patches/CVE-2016-2050.patch0000664000000000000000000000120413001521071013212 0ustar Description: Fix for CVE-2016-2050 (OOB write in get_abbrev_array_info) Origin: https://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684 --- a/dwarfdump/print_abbrevs.c +++ b/dwarfdump/print_abbrevs.c @@ -252,7 +252,7 @@ } else { /* Valid abbreviation code */ if (abbrev_code > 0) { - if (abbrev_code > abbrev_array_size) { + while (abbrev_code > abbrev_array_size) { /* Resize abbreviation array */ abbrev_array_size *= 2; abbrev_array = (Dwarf_Signed *) debian/patches/CVE-2016-7510_CVE-2016-7511.patch0000664000000000000000000000443612771462712014733 0ustar Description: CVE-2016-7510, CVE-2016-7511 Author: David Anderson (dandelot) Source: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252 Last-Update: 2016-09-24 --- a/libdwarf/dwarf_ranges.c +++ b/libdwarf/dwarf_ranges.c @@ -49,6 +49,16 @@ Dwarf_Ranges cur; }; +static void +free_allocated_ranges( struct ranges_entry *base) +{ + struct ranges_entry *cur = 0; + struct ranges_entry *next = 0; + for ( cur = base ; cur ; cur = next ) { + next = cur->next; + free(cur); + } +} #define MAX_ADDR ((address_size == 8)?0xffffffffffffffffULL:0xffffffff) int dwarf_get_ranges_a(Dwarf_Debug dbg, @@ -88,15 +98,25 @@ beginrangeptr = rangeptr; for(;;) { - struct ranges_entry * re = calloc(sizeof(struct ranges_entry),1); + struct ranges_entry * re = 0; + + if (rangeptr == section_end) { + break; + } + if (rangeptr > section_end) { + free_allocated_ranges(base); + _dwarf_error(dbg, error, DW_DLE_DEBUG_RANGES_OFFSET_BAD); + return (DW_DLV_ERROR); + break; + } + re = calloc(sizeof(struct ranges_entry),1); if(!re) { + free_allocated_ranges(base); _dwarf_error(dbg, error, DW_DLE_DEBUG_RANGES_OUT_OF_MEM); return (DW_DLV_ERROR); } - if(rangeptr >= section_end) { - return (DW_DLV_NO_ENTRY); - } if((rangeptr + (2*address_size)) > section_end) { + free_allocated_ranges(base); _dwarf_error(dbg, error, DW_DLE_DEBUG_RANGES_OFFSET_BAD); return (DW_DLV_ERROR); } @@ -129,6 +149,7 @@ ranges_data_out = (Dwarf_Ranges *) _dwarf_get_alloc(dbg,DW_DLA_RANGES,entry_count); if(!ranges_data_out) { + free_allocated_ranges(base); _dwarf_error(dbg, error, DW_DLE_DEBUG_RANGES_OUT_OF_MEM); return (DW_DLV_ERROR); } @@ -141,8 +162,10 @@ struct ranges_entry *r = curre; *ranges_data_out = curre->cur; curre = curre->next; - free(r); } + /* ASSERT: curre == NULL */ + free_allocated_ranges(base); + base = 0; /* Callers will often not care about the bytes used. */ if(bytecount) { *bytecount = rangeptr - beginrangeptr; debian/patches/series0000664000000000000000000000037613001521071012030 0ustar fix_mapages.patch dwarfutils_hurd.patch CVE-2016-7510_CVE-2016-7511.patch CVE-2016-5034.patch CVE-2016-2050.patch CVE-2015-8538.patch CVE-2015-8750.patch CVE-2016-2091.patch CVE-2016-5042.patch CVE-2016-5039.patch CVE-2016-5038.patch CVE-2016-5036.patch debian/patches/CVE-2016-5038.patch0000664000000000000000000001534613001521071013237 0ustar Description: Fix for CVE-2016-5038 (OOB read in dwarf_get_macro_startend_file()) Author: Fabian Wolff Origin: backport, https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ --- a/libdwarf/dwarf_die_deliv.c +++ b/libdwarf/dwarf_die_deliv.c @@ -655,7 +655,7 @@ Dwarf_Bool * has_die_child) { Dwarf_Byte_Ptr info_ptr = 0; - Dwarf_Byte_Ptr abbrev_ptr = 0; + Dwarf_Byte_Ptr abbrev_ptr = 0, abbrev_end = 0; Dwarf_Word abbrev_code = 0; Dwarf_Abbrev_List abbrev_list = 0; Dwarf_Half attr = 0; @@ -684,12 +684,14 @@ *has_die_child = abbrev_list->ab_has_child; abbrev_ptr = abbrev_list->ab_abbrev_ptr; + abbrev_end = (&dbg->de_debug_abbrev)->dss_data + + (&dbg->de_debug_abbrev)->dss_size; do { Dwarf_Unsigned utmp2; - DECODE_LEB128_UWORD(abbrev_ptr, utmp2); + DECODE_LEB128_UWORD_CK(abbrev_ptr, utmp2,dbg,&error,abbrev_end); attr = (Dwarf_Half) utmp2; - DECODE_LEB128_UWORD(abbrev_ptr, utmp2); + DECODE_LEB128_UWORD_CK(abbrev_ptr, utmp2,dbg,&error,abbrev_end); attr_form = (Dwarf_Half) utmp2; if (attr_form == DW_FORM_indirect) { Dwarf_Unsigned utmp6; @@ -1032,7 +1034,7 @@ _dwarf_next_die_info_ptr(die_info_ptr, die->di_cu_context, die_info_end, NULL, false, &has_die_child); - if (die_info_ptr == NULL) { + if ((die_info_ptr == NULL) || (die_info_ptr == (void *) 1)) { _dwarf_error(dbg, error, DW_DLE_NEXT_DIE_PTR_NULL); return (DW_DLV_ERROR); } --- a/libdwarf/dwarf_error.c +++ b/libdwarf/dwarf_error.c @@ -332,6 +332,7 @@ "DW_DLE_READ_LITTLEENDIAN_ERROR (243)", "DW_DLE_READ_BIGENDIAN_ERROR (244)", "DW_DLE_ARANGES_HEADER_ERROR (245)", + "DW_DLE_LEB_IMPROPER (246)", }; --- a/libdwarf/dwarf_leb.c +++ b/libdwarf/dwarf_leb.c @@ -108,6 +108,85 @@ } } +#define BYTESLEBMAX 10 + +/* Decode ULEB with checking */ +int +_dwarf_decode_u_leb128_chk(Dwarf_Small * leb128, Dwarf_Word * leb128_length, + Dwarf_Unsigned *outval,Dwarf_Byte_Ptr endptr) +{ + unsigned char byte = 0; + Dwarf_Word word_number = 0; + Dwarf_Unsigned number = 0; + Dwarf_Sword shift = 0; + /* The byte_length value will be a small non-negative integer. */ + unsigned byte_length = 0; + + if (leb128 >=endptr) { + return DW_DLV_ERROR; + } + /* The following unrolls-the-loop for the first two bytes and + unpacks into 32 bits to make this as fast as possible. + word_number is assumed big enough that the shift has a defined + result. */ + if ((*leb128 & 0x80) == 0) { + if (leb128_length) { + *leb128_length = 1; + } + *outval = *leb128; + return DW_DLV_OK; + } else { + if ((leb128+1) >=endptr) { + return DW_DLV_ERROR; + } + if ((*(leb128 + 1) & 0x80) == 0) { + if (leb128_length) { + *leb128_length = 2; + } + word_number = *leb128 & 0x7f; + word_number |= (*(leb128 + 1) & 0x7f) << 7; + *outval = word_number; + return DW_DLV_OK; + } + /* Gets messy to hand-inline more byte checking. */ + } + + /* The rest handles long numbers Because the 'number' may be larger + than the default int/unsigned, we must cast the 'byte' before + the shift for the shift to have a defined result. */ + number = 0; + shift = 0; + byte_length = 1; + byte = *leb128; + for (;;) { + number |= ((Dwarf_Unsigned) (byte & 0x7f)) << shift; + + if ((byte & 0x80) == 0) { + if (leb128_length) { + *leb128_length = byte_length; + } + *outval = number; + return DW_DLV_OK; + } + shift += 7; + + byte_length++; + if (byte_length > BYTESLEBMAX) { + /* Erroneous input. */ + if( leb128_length) { + *leb128_length = BYTESLEBMAX; + } + break; + } + ++leb128; + if ((leb128) >=endptr) { + return DW_DLV_ERROR; + } + byte = *leb128; + } + return DW_DLV_ERROR; +} + #define BITSINBYTE 8 /* decode SLEB */ --- a/libdwarf/dwarf_util.h +++ b/libdwarf/dwarf_util.h @@ -43,7 +43,19 @@ */ - +#define DECODE_LEB128_UWORD_CK(ptr, value,dbg,errptr,endptr) \ + do { \ + Dwarf_Word lu_leblen = 0; \ + Dwarf_Unsigned lu_local = 0; \ + int lu_res = 0; \ + lu_res = _dwarf_decode_u_leb128_chk(ptr,&lu_leblen,&lu_local,endptr); \ + if (lu_res == DW_DLV_ERROR) { \ + _dwarf_error(dbg, errptr, DW_DLE_LEB_IMPROPER); \ + return DW_DLV_ERROR; \ + } \ + value = lu_local; \ + ptr += lu_leblen; \ + } while (0) /* Decodes unsigned leb128 encoded numbers. --- a/libdwarf/libdwarf.h +++ b/libdwarf/libdwarf.h @@ -1066,10 +1066,11 @@ #define DW_DLE_READ_LITTLEENDIAN_ERROR 243 #define DW_DLE_READ_BIGENDIAN_ERROR 244 #define DW_DLE_ARANGES_HEADER_ERROR 245 +#define DW_DLE_LEB_IMPROPER 246 /* DW_DLE_LAST MUST EQUAL LAST ERROR NUMBER */ -#define DW_DLE_LAST 245 +#define DW_DLE_LAST 246 #define DW_DLE_LO_USER 0x10000 /* Taken as meaning 'undefined value', this is not --- a/libdwarf/dwarf_query.c +++ b/libdwarf/dwarf_query.c @@ -181,7 +181,7 @@ Dwarf_Word i = 0; Dwarf_Half attr = 0; Dwarf_Half attr_form = 0; - Dwarf_Byte_Ptr abbrev_ptr = 0; + Dwarf_Byte_Ptr abbrev_ptr = 0, abbrev_end = 0; Dwarf_Abbrev_List abbrev_list = 0; Dwarf_Attribute new_attr = 0; Dwarf_Attribute head_attr = NULL; @@ -205,6 +205,7 @@ return (DW_DLV_ERROR); } abbrev_ptr = abbrev_list->ab_abbrev_ptr; + abbrev_end = (&dbg->de_debug_abbrev)->dss_data + (&dbg->de_debug_abbrev)->dss_size; info_ptr = die->di_debug_ptr; SKIP_LEB128_WORD(info_ptr); @@ -212,9 +213,9 @@ do { Dwarf_Unsigned utmp2; - DECODE_LEB128_UWORD(abbrev_ptr, utmp2); + DECODE_LEB128_UWORD_CK(abbrev_ptr, utmp2,dbg,error,abbrev_end); attr = (Dwarf_Half) utmp2; - DECODE_LEB128_UWORD(abbrev_ptr, utmp2); + DECODE_LEB128_UWORD_CK(abbrev_ptr, utmp2,dbg,error,abbrev_end); attr_form = (Dwarf_Half) utmp2; if (!_dwarf_valid_form_we_know(dbg,attr_form,attr)) { _dwarf_error(dbg, error, DW_DLE_UNKNOWN_FORM); debian/patches/CVE-2016-5034.patch0000664000000000000000000000536713001521071013235 0ustar Description: Fix for CVE-2016-5034 (OOB write from relocation records) Origin: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92 --- a/libdwarf/dwarf_elf_access.c +++ b/libdwarf/dwarf_elf_access.c @@ -617,7 +617,8 @@ update_entry(Dwarf_Debug dbg, Dwarf_Bool is_64bit, Dwarf_Endianness endianess, Dwarf_Half machine, struct Dwarf_Elf_Rela *rela, - Dwarf_Small *target_section, + Dwarf_Small *target_section, + Dwarf_Unsigned target_section_size, Dwarf_Small *symtab_section_data, Dwarf_Unsigned symtab_section_size, Dwarf_Unsigned symtab_section_entrysize, @@ -654,7 +655,10 @@ return DW_DLV_ERROR; } - + if (offset >= target_section_size) { + *error = DW_DLE_RELOC_INVALID; + return DW_DLV_ERROR; + } if (is_64bit) { #ifdef HAVE_ELF64_SYM @@ -685,6 +689,14 @@ return DW_DLV_ERROR; } + if ( (offset + reloc_size) < offset) { + *error = DW_DLE_RELOC_INVALID; + return DW_DLV_ERROR; + } + if ( (offset + reloc_size) > target_section_size) { + *error = DW_DLE_RELOC_INVALID; + return DW_DLV_ERROR; + } { /* Assuming we do not need to do a READ_UNALIGNED here @@ -709,6 +721,7 @@ Dwarf_Endianness endianess, Dwarf_Half machine, Dwarf_Small *target_section, + Dwarf_Unsigned target_section_size, Dwarf_Small *symtab_section, Dwarf_Unsigned symtab_section_size, Dwarf_Unsigned symtab_section_entrysize, @@ -732,6 +745,7 @@ machine, &(relas)[i], target_section, + target_section_size, symtab_section, symtab_section_size, symtab_section_entrysize, @@ -796,7 +810,8 @@ dbg, obj->is_64bit, obj->endianness, obj->machine, - target_section, + target_section, + relocatablesec->dss_size, symtab_section, symtab_section_size, symtab_section_entrysize, --- a/libdwarf/libdwarf.h +++ b/libdwarf/libdwarf.h @@ -1061,10 +1061,11 @@ #define DW_DLE_DEBUG_TYPES_ONLY_DWARF4 238 #define DW_DLE_DEBUG_TYPEOFFSET_BAD 239 #define DW_DLE_GNU_OPCODE_ERROR 240 +#define DW_DLE_RELOC_INVALID 241 /* DW_DLE_LAST MUST EQUAL LAST ERROR NUMBER */ -#define DW_DLE_LAST 239 +#define DW_DLE_LAST 241 #define DW_DLE_LO_USER 0x10000 /* Taken as meaning 'undefined value', this is not --- a/libdwarf/dwarf_error.c +++ b/libdwarf/dwarf_error.c @@ -327,6 +327,7 @@ "DW_DLE_DEBUG_TYPES_ONLY_DWARF4 (238)", "DW_DLE_DEBUG_TYPEOFFSET_BAD (239)", "DW_DLE_GNU_OPCODE_ERROR (240)", + "DW_DLE_RELOC_INVALID (241)", }; debian/patches/CVE-2016-5036.patch0000664000000000000000000000110313001521071013217 0ustar Description: fix of CVE-2016-5036 (OOB read bug in dump_block) Author: Fabian Wolff Origin: backport, https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ --- a/dwarfdump2/dieholder.h +++ b/dwarfdump2/dieholder.h @@ -45,7 +45,7 @@ (*refcount_)--; if( (*refcount_) == 0) { delete refcount_; - if(die_) dwarf_dealloc(dbg_,die_,DW_DLA_DIE); + //if(die_) dwarf_dealloc(dbg_,die_,DW_DLA_DIE); } }; DieHolder(const DieHolder & d):dbg_(d.dbg_),die_(d.die_), debian/patches/CVE-2016-5039.patch0000664000000000000000000000272513001521071013235 0ustar Description: Fix for CVE-2016-5039 (OOB read bug in get_attr_value()) Author: Fabian Wolff Origin: backport, https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/ --- a/libdwarf/dwarf_form.c +++ b/libdwarf/dwarf_form.c @@ -766,10 +766,17 @@ Dwarf_Word leb128_length = 0; Dwarf_Block *ret_block = 0; + Dwarf_Unsigned section_length = 0; + int res = get_attr_dbg(&dbg,&cu_context,attr,error); if(res != DW_DLV_OK) { return res; - } + } + + section_length = (cu_context->cc_is_info + ? (&dbg->de_debug_info) + : (&dbg->de_debug_types))->dss_size; + switch (attr->ar_attribute_form) { case DW_FORM_block1: @@ -801,11 +808,12 @@ } /* Check that block lies within current cu in .debug_info. */ - if (attr->ar_debug_ptr + length >= - dbg->de_debug_info.dss_data + cu_context->cc_debug_offset + - cu_context->cc_length + cu_context->cc_length_size + - cu_context->cc_extension_size) { - _dwarf_error(dbg, error, DW_DLE_ATTR_FORM_SIZE_BAD); + if ((attr->ar_debug_ptr + length >= + dbg->de_debug_info.dss_data + cu_context->cc_debug_offset + + cu_context->cc_length + cu_context->cc_length_size + + cu_context->cc_extension_size) + || (length >= section_length)) { + _dwarf_error(dbg, error, DW_DLE_ATTR_FORM_SIZE_BAD); return (DW_DLV_ERROR); } debian/patches/fix_mapages.patch0000664000000000000000000000041612771456121014132 0ustar diff --git a/dwarfdump2/dwarfdump.1 b/dwarfdump2/dwarfdump.1 index 4e7a40b..22c15cb 100644 --- a/dwarfdump2/dwarfdump.1 +++ b/dwarfdump2/dwarfdump.1 @@ -500,8 +500,6 @@ dwarfdump dwarfdump.conf -./dwarfdump.conf - $(HOME)/.dwarfdump.conf $(HOME)/dwarfdump.conf debian/patches/CVE-2016-2091.patch0000664000000000000000000000237413001521071013230 0ustar Description: Fix for CVE-2016-2091 The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. Origin: https://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91 Bug-Debian: https://bugs.debian.org/813148 --- a/libdwarf/dwarf_frame2.c +++ b/libdwarf/dwarf_frame2.c @@ -939,7 +939,12 @@ Dwarf_Small *frame_ptr = frame_ptr_in; Dwarf_Small *cie_ptr_addr = 0; Dwarf_Unsigned cie_id = 0; + Dwarf_Small *section_end = section_ptr_in + section_length_in; + if (section_end < (frame_ptr + 4)) { + _dwarf_error (dbg, error, DW_DLE_DEBUG_FRAME_LENGTH_BAD); + return DW_DLV_ERROR; + } /* READ_AREA_LENGTH updates frame_ptr for consumed bytes */ READ_AREA_LENGTH(dbg, length, Dwarf_Unsigned, frame_ptr, local_length_size, @@ -951,6 +956,10 @@ data. We should be very close to end of section. */ return DW_DLV_NO_ENTRY; } + if ((frame_ptr + local_length_size) >= section_end) { + _dwarf_error (dbg, error, DW_DLE_DEBUG_FRAME_LENGTH_BAD); + return DW_DLV_ERROR; + } cie_ptr_addr = frame_ptr; READ_UNALIGNED(dbg, cie_id, Dwarf_Unsigned, debian/libdwarf-dev.dirs0000664000000000000000000000012312771456121012423 0ustar usr/lib usr/include usr/share/doc/libdwarf-dev usr/share/doc/libdwarf-dev/examples debian/libdwarf-dev.install0000664000000000000000000000007512771456121013136 0ustar usr/include/* usr/lib/lib*.a usr/lib/lib*.so usr/share/doc/* debian/dwarfdump.dirs0000664000000000000000000000007512771456121012054 0ustar usr/bin usr/share/man/man1/ usr/share/doc/dwarfdump/examples debian/compat0000664000000000000000000000000212771456121010374 0ustar 9 debian/changelog0000664000000000000000000001415013005732221011036 0ustar dwarfutils (20120410-2+deb7u2build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Tyler Hicks Mon, 31 Oct 2016 21:16:01 +0000 dwarfutils (20120410-2+deb7u2) wheezy-security; urgency=high * New maintainer. * Add patch CVE-2015-8538.patch to fix CVE-2015-8538 (Closes: #807817). * Add patch CVE-2015-8750.patch to fix CVE-2015-8750 (Closes: #813182). * Add patch CVE-2016-2050.patch to fix CVE-2016-2050. * Add patch CVE-2016-2091.patch to fix CVE-2016-2091 (Closes: #813148). * Add patch CVE-2016-5034.patch to fix CVE-2016-5034. * Add patch CVE-2016-5036.patch to fix CVE-2016-5036. * Add patch CVE-2016-5038.patch to fix CVE-2016-5038. * Add patch CVE-2016-5039.patch to fix CVE-2016-5039. * Add patch CVE-2016-5042.patch to fix CVE-2016-5042. -- Daniel Stender Wed, 19 Oct 2016 00:29:41 +0200 dwarfutils (20120410-2+deb7u1) wheezy-security; urgency=high * Specify "3.0 (quilt)" in debian/source/format to enforce clarity of patches. * CVE-2016-7510, CVE-2016-7511: Fix out-of-bounds read in range handling. -- Chris Lamb Sat, 24 Sep 2016 13:18:41 +0200 dwarfutils (20120410-2) unstable; urgency=low * Fix FTBFS on Debian GNU/Hurd by Barry deFreese (closes: #678173) -- Troy Heber Mon, 25 Jun 2012 09:42:10 -0600 dwarfutils (20120410-1) unstable; urgency=low * New upstream release 20120410. * libdwarf.h: A pointer "*" was right next to a "/*" so a space introduced between them for clarity. Fixed comments on DW_DLC_SIZE_64 and DW_DLC_SIZE_32. * dwarf_die_deliv.c: Two local variables were declared in the middle of code, accidentally creating C99 dependencies. Both trivially fixed with no change in logic. -- Troy Heber Mon, 21 May 2012 09:25:24 -0600 dwarfutils (20111214-1) unstable; urgency=low * New upstream release: 20111214. * dwarfdump[2]: Added support for DW_OP_GNU operators. Enhanced the extended-extensions table so known GNU tag-attr dependencies get no warning. Added support for DWARF3/4 line table values. libdwarf: Added support for DW_OP_GNU operators. Added dwarf_lineoff_b() function making dwarf_lineoff() obsolete (but still present). Added dwarf_add_lineentry_b() as part of preparation for creating DWARF3/4 line output (including isa and discriminator fields). Added dwarf_prologue_end_etc() function to access line entry new fields. The consumer documentation is now at version 2.02 and producer doc at version 1.32 . dwarfgen: Added example code generating line tables. * Now libdwarf and dwarfdump/dwarfdump2 support reading and printing the DWARF4 .debug_types section. * dwarfdump2: Major change! Now works just like dwarfdump -- with the same options and capabilities as dwarfdump but by taking advantage of C++ features it is simpler to read and a bit faster than C dwarfdump. dwarfdump: Fixed some (minor) problems in detecting compilation units and showing errors. libdwarf: Now a bit more robust in detecting errors in object files * Some minor changes. libdwarf: added -fPIC to enable-shared builds, and implemented the ability to declare (in dwarfdump.conf) that address-size is 4 or 8. dwarfdump: Fixed tsearch related call with a memory leak, added a dwarfdump.conf example showing new includeabi: and address_size: command lines, configure now sets HAVE_STDAFX_H if that header (non-Linux) exists, verify checking is on before doing a duplicate-fde check. dwarfdump2: verify checking is on before doing a duplicate-fde check. -- Troy Heber Fri, 16 Dec 2011 10:50:08 -0700 dwarfutils (20110612-2) unstable; urgency=low * Fix the description for dwarfdump to reflect it is built with the newer C++ "dwarfdump2" version. (Closes: #633513) -- Troy Heber Tue, 12 Jul 2011 08:49:43 -0600 dwarfutils (20110612-1) unstable; urgency=low * New upstream version. - A function is in the producer: dwarf_producer_init_c(). This provides a user-defined void* pointer passed through from dwarf_producer_init_c() to the callback so the user code can provide whatever data it wishes to itself (in the callback). The library does not inspect the value in any way - Now DW_FORM_sdata/udata allowed for DW_AT_data_member_location - A very old bug (looking past the end of .debug_abbrev) fixed - Added a new function making it easier to get the 'class' of an attribute. Issues addressed, dwarfdump - Corrected some line-table error checking and made the options work more like they are described in a few cases - Added a new function making it easier to get the 'class' of an attribute. - dwarfdump had unused local variables and critical missing () in two tests made if statements incorrec - One place = was used in a test erroneously - The dwarfdump.1 man page is more informative about the -k options now -- Troy Heber Mon, 11 Jul 2011 14:51:21 -0600 dwarfutils (20100214-1) unstable; urgency=low * New upstream version. - Dwarfdump now prints generic register names in frame printing instead of using MIPS register names as the default - Fixed libdwarf and dwarfdump to handle all DW_OP operators correctly - Fixed libdwarf and dwarfdump to handle mismatch between elf63 object type and compilation unity type (32bit). - Fixed dwarfdump -M option to print all FORMs. -- Troy Heber Tue, 09 Mar 2010 08:25:12 -0700 dwarfutils (20091012-1) unstable; urgency=low * New upstream version. - Lots of small bug fixes see the ChangeLog in the source for details - Adds dwarfdump2 package - Adds examples -- Troy Heber Thu, 05 Nov 2009 09:10:19 -0700 dwarfutils (20080409-2) unstable; urgency=low * conflicts with libdw-dev, as both packages provide /usr/include/dwarf.h, (Closes: #479503) -- Troy Heber Mon, 05 May 2008 07:31:47 -0600 dwarfutils (20080409-1) unstable; urgency=low * Initial Release (Closes: #447775) -- Troy Heber Wed, 16 Apr 2008 09:49:33 -0600 debian/copyright0000664000000000000000000000765112771456121011142 0ustar Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat Upstream-Name: libdwarf Upstream-Author: David Anderson, SGI Original-Source-Location: http://reality.sgiweb.org/davea/dwarf.html Packaged-By: Troy Heber Packaged-Date: Tue, 22 Apr 2008 14:48:30 -0700 The code in the dwarfdump directory is (if you look in each file) covered by the GPL (not the LGPL). The DWARFDUMPCOPYRIGHT file, though, said (before December 24, 2006) the copyright is LGPL. There is no doubt in my (David Anderson) mind that the intent was always that dwarfdump be GPL and the copyright markings in each file are correct. Files: dwarfdump/*, dwarfdump2/* Copyright: 2007-2010 David Anderson. 1992-2009 Free Software Foundation, Inc. 1993-2010 Silicon Graphics, Inc. 2007-2010 Sun Microsystems, Inc. 2008-2010 Arxan Technologies, Inc. 2008-2010 SN Systems Ltd. License: GPL-2 On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. Files: dwarfexample/* Copyright: Copyright (c) 2009-2010 David Anderson, All rights reserved. License: other Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the example nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY David Anderson ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL David Anderson BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: libdwarf/* Copyright: 2007-2010 David Anderson, Inc. 1992,1993, UNIX International 1991-2009 Free Software Foundation, Inc. 1993 UNIX System Laboratories, Inc. 1993-2010 Silicon Graphics, Inc. 2002-2010 Sun Microsystems, Inc. 2008-2010 Arxan Technologies, Inc. 2009-2010 Novell Inc. 2009-2010 SN Systems Ltd. License: LGPL-2.1 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. Files: debian/* Copyright: 2010 Troy Heber License: GPL-2 On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/libdwarf-dev.copyright0000664000000000000000000000352212771456121013500 0ustar libdwarf-dev was originally packaged by Troy Heber , the package is currently maintained by Troy Heber . It was downloaded from http://reality.sgiweb.org/davea/dwarf.html Upstream Author: David Anderson, SGI Copyright (C) 2000,2004 Silicon Graphics, Inc. All Rights Reserved. This program is free software; you can redistribute it and/or modify it under the terms of version 2.1 of the GNU Lesser General Public License as published by the Free Software Foundation. This program is distributed in the hope that it would be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, this software is distributed without any warranty that it is free of the rightful claim of any third person regarding infringement or the like. Any license provided herein, whether implied or otherwise, applies only to this software file. Patent licenses, if any, provided herein do not apply to combinations of this program with other software, or any other product whatsoever. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write the Free Software Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston MA 02110-1301, USA. Contact information: Silicon Graphics, Inc., 1500 Crittenden Lane, Mountain View, CA 94043, or: http://www.sgi.com For further information regarding this notice, see: http://oss.sgi.com/projects/GenInfo/NoticeExplan On Debian systems, the complete text of the GNU Library General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. General Public License can be found in `/usr/share/common-licenses/GPL-2'. The Debian packaging is (C) 2007, Troy Heber and is licensed under the GPL, see above. debian/source/0000775000000000000000000000000012771462565010507 5ustar debian/source/format0000664000000000000000000000001412771460465011712 0ustar 3.0 (quilt) debian/rules0000775000000000000000000000454312771456121010264 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. export DH_VERBOSE=1 #!/usr/bin/make -f %: dh $@ --with quilt override_dh_auto_build: # configure and build library cd libdwarf; ./configure --prefix=$(CURDIR)/debian/libdwarf-dev cd libdwarf; make # configure and build dwarfdump cd dwarfdump; ./configure --prefix=$(CURDIR)/debian/dwarfdump cd dwarfdump; make # configure and build dwarfdump2 cd dwarfdump2; ./configure --prefix=$(CURDIR)/debian/dwarfdump2 cd dwarfdump2; make dh_auto_build override_dh_auto_clean: # configure and build library cd libdwarf; ./configure --prefix=$(CURDIR)/debian/libdwarf-dev cd libdwarf; make distclean # configure and build dwarfdump cd dwarfdump; ./configure --prefix=$(CURDIR)/debian/dwarfdump cd dwarfdump; make distclean # configure and build dwarfdump2 cd dwarfdump2; ./configure --prefix=$(CURDIR)/debian/dwarfdump2 cd dwarfdump2; make distclean dh_auto_clean override_dh_auto_install: cp libdwarf/libdwarf.a $(CURDIR)/debian/libdwarf-dev/usr/lib/ cp libdwarf/dwarf.h libdwarf/libdwarf.h $(CURDIR)/debian/libdwarf-dev/usr/include/ cp libdwarf/*.pdf $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev cp libdwarf/[NR]* $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev /bin/gzip -9 < libdwarf/ChangeLog > $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev/changelog.gz /bin/gzip -9 < libdwarf/ChangeLog2008 > $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev/changelog2008.gz /bin/gzip -9 < libdwarf/ChangeLog2007 > $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev/changelog2007.gz /bin/gzip -9 < libdwarf/ChangeLog2006 > $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev/changelog2006.gz cp dwarfexample/* $(CURDIR)/debian/libdwarf-dev/usr/share/doc/libdwarf-dev/examples/ cp dwarfdump2/dwarfdump $(CURDIR)/debian/dwarfdump/usr/bin/ /bin/gzip -9 < dwarfdump2/dwarfdump.1 > $(CURDIR)/debian/dwarfdump/usr/share/man/man1/dwarfdump.1.gz /bin/gzip -9 < dwarfdump/README > $(CURDIR)/debian/dwarfdump/usr/share/doc/dwarfdump/README.gz /bin/gzip -9 < dwarfdump/ChangeLog > $(CURDIR)/debian/dwarfdump/usr/share/doc/dwarfdump/changelog.gz cp dwarfdump2/dwarfdump.conf $(CURDIR)/debian/dwarfdump/usr/share/doc/dwarfdump/examples/dwarfdump.conf dh_auto_install override_dh_install: # everything is installed override_dh_auto_test: # dwarfutils does not provide a testsuite debian/README.source0000664000000000000000000000042612771456121011357 0ustar This package uses quilt to manage patches to the upstream source code. Patches are stored in the source package as diffs in debian/patches and applied during the build. For detailed information please refer to the Debian quilt documentation: /usr/share/doc/quilt/README.source