From 76486f7643d4a42ba9a566de9ef75c13c3a0ff83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 9 Oct 2022 14:30:02 +0200 Subject: [PATCH 1/5] fix c++17 check https://github.com/NixOS/patchelf/issues/393 Appearantly there are compilers that support -std=c++17 but do not really support c++17. (cherry picked from commit 99211365292686b888d9f90a751062c603b48382) --- configure.ac | 7 ----- m4/ax_check_compile_flag.m4 | 53 ------------------------------------- 2 files changed, 60 deletions(-) delete mode 100644 m4/ax_check_compile_flag.m4 diff --git a/configure.ac b/configure.ac index 93caa03..fee6302 100644 --- a/configure.ac +++ b/configure.ac @@ -41,12 +41,5 @@ AC_ARG_WITH([ubsan], ) AM_CONDITIONAL([WITH_UBSAN], [test x"$with_ubsan" = xyes]) -CPLUSPLUS= -AX_CHECK_COMPILE_FLAG([-std=c++17], [CPLUSPLUS=17], [], [$WERROR]) - -if test -z "$CPLUSPLUS"; then - AC_MSG_ERROR([Your compiler does not have the necessary C++17 support! Cannot proceed.]) -fi - AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile patchelf.spec]) AC_OUTPUT diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 deleted file mode 100644 index bd753b3..0000000 --- a/m4/ax_check_compile_flag.m4 +++ /dev/null @@ -1,53 +0,0 @@ -# =========================================================================== -# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) -# -# DESCRIPTION -# -# Check whether the given FLAG works with the current language's compiler -# or gives an error. (Warnings, however, are ignored) -# -# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on -# success/failure. -# -# If EXTRA-FLAGS is defined, it is added to the current language's default -# flags (e.g. CFLAGS) when the check is done. The check is thus made with -# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to -# force the compiler to issue an error when a bad flag is given. -# -# INPUT gives an alternative input source to AC_COMPILE_IFELSE. -# -# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this -# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. -# -# LICENSE -# -# Copyright (c) 2008 Guido U. Draheim -# Copyright (c) 2011 Maarten Bosmans -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 6 - -AC_DEFUN([AX_CHECK_COMPILE_FLAG], -[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF -AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl -AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ - ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS - _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" - AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], - [AS_VAR_SET(CACHEVAR,[yes])], - [AS_VAR_SET(CACHEVAR,[no])]) - _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) -AS_VAR_IF(CACHEVAR,yes, - [m4_default([$2], :)], - [m4_default([$3], :)]) -AS_VAR_POPDEF([CACHEVAR])dnl -])dnl AX_CHECK_COMPILE_FLAGS From 5b27dc4d5a80469e70c311e8995285e4a2db775b Mon Sep 17 00:00:00 2001 From: zhailiangliang Date: Wed, 26 Oct 2022 10:48:04 +0800 Subject: [PATCH 2/5] Out-of-bounds read exists in the function modifyRPath (cherry picked from commit 96c8422e374064c3407e73e8b1e4995f95e0a9e0) --- src/patchelf.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/src/patchelf.cc b/src/patchelf.cc index 22ce7c7..369a305 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -1299,6 +1299,7 @@ void ElfFile::modifyRPath(RPathOp op, string. */ std::vector neededLibs; auto dyn = (Elf_Dyn *)(fileContents->data() + rdi(shdrDynamic.sh_offset)); + checkPointer(fileContents, dyn, sizeof(*dyn)); Elf_Dyn *dynRPath = nullptr, *dynRunPath = nullptr; char * rpath = nullptr; for ( ; rdi(dyn->d_tag) != DT_NULL; dyn++) { From eb1f61ac0b6fba39416fd412fb7957e38539f15e Mon Sep 17 00:00:00 2001 From: Bo Anderson Date: Mon, 10 Oct 2022 15:13:11 +0100 Subject: [PATCH 3/5] Fix out of bounds access when increasing program header table (cherry picked from commit fc21d139a463c373fb61e5061f73ee737f5e53d0) --- src/patchelf.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/patchelf.cc b/src/patchelf.cc index 369a305..77267d3 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -679,7 +679,7 @@ void ElfFile::rewriteSectionsLibrary() /* Some sections may already be replaced so account for that */ unsigned int i = 1; Elf_Addr pht_size = sizeof(Elf_Ehdr) + (phdrs.size() + num_notes + 1)*sizeof(Elf_Phdr); - while( rdi(shdrs.at(i).sh_offset) <= pht_size && i < rdi(hdr()->e_shnum) ) { + while( i < rdi(hdr()->e_shnum) && rdi(shdrs.at(i).sh_offset) <= pht_size ) { if (not haveReplacedSection(getSectionName(shdrs.at(i)))) replaceSection(getSectionName(shdrs.at(i)), rdi(shdrs.at(i).sh_size)); i++; From fa67b61ec1de07e92e37cf86ffaa18a9d15dd1e0 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Tue, 12 Aug 2025 18:59:58 -0400 Subject: [PATCH 4/5] Start preparing 0.15.3 release --- ChangeLog.md | 8 ++++++++ version | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 1f408ab..9bf26dd 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,5 +1,13 @@ ## Release History +## 0.15.3 (yet to be released) + +This is a backport release made from the simplest fixes from 0.16.0. + +* Handle `glibc-hwcaps` on `ppc64le` on CentOS/RHEL/Rocky 8 for `tests/replace-add-needed.sh` (fixes #406) by @robert-scheck in https://github.com/NixOS/patchelf/pull/407 +* Fix Out-of-bounds read in the function `modifyRPath` by @xiaoxiaoafeifei in https://github.com/NixOS/patchelf/pull/419 +* Fix out of bounds access when increasing program header table by @Bo98 in https://github.com/NixOS/patchelf/pull/411 + ## 0.15.2 (August 12, 2025) * In the autotools build system for the tests, pass a few more tool env vars in `TESTS_ENVIRONMENT`. diff --git a/version b/version index 4312e0d..1985d91 100644 --- a/version +++ b/version @@ -1 +1 @@ -0.15.2 +0.15.3 From 5b0bab10fee945bc7f3baf6a0181bbca5cf47d44 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Tue, 12 Aug 2025 19:06:53 -0400 Subject: [PATCH 5/5] Add historical 0.16.x change log entries --- ChangeLog.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ChangeLog.md b/ChangeLog.md index 9bf26dd..51d3fd7 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,5 +1,18 @@ ## Release History +## 0.16.1 (October 28, 2022) + +This release only fixes the incorrect reported version by the 0.16.0 release. + +## 0.16.0 (October 27, 2022) + +These notes are the remainder of 0.16.0 that was not backported to 0.15.3. +Originally, 0.16.0 would have freshly contained all items from both releases. + +* Add `--print-os-abi` and `--set-os-abi` options by @dmsck in https://github.com/NixOS/patchelf/pull/381 +* Sync `.note.gnu.property` to `PT_GNU_PROPERTY` by @Bo98 in https://github.com/NixOS/patchelf/pull/414 +* Rework file shifting to avoid sections crossing multiple segments by @Bo98 in https://github.com/NixOS/patchelf/pull/415 + ## 0.15.3 (yet to be released) This is a backport release made from the simplest fixes from 0.16.0.