diff --git a/ltrace-0.7.91-W-use-after-free.patch b/ltrace-0.7.91-W-use-after-free.patch new file mode 100644 index 0000000..19e802f --- /dev/null +++ b/ltrace-0.7.91-W-use-after-free.patch @@ -0,0 +1,13 @@ +diff -rup a/sysdeps/linux-gnu/ppc/plt.c b/sysdeps/linux-gnu/ppc/plt.c +--- a/sysdeps/linux-gnu/ppc/plt.c 2022-01-27 20:40:52.956980433 -0500 ++++ b/sysdeps/linux-gnu/ppc/plt.c 2022-01-27 20:41:37.031599771 -0500 +@@ -687,8 +687,8 @@ arch_elf_add_func_entry(struct process * + if (libsym == NULL + || library_symbol_init(libsym, addr, full_name, 1, + LS_TOPLT_NONE) < 0) { +- free(libsym); + delete_symbol_chain(libsym); ++ free(libsym); + libsym = NULL; + fprintf(stderr, "Couldn't add symbol %s" + "for tracing.\n", name); diff --git a/ltrace.spec b/ltrace.spec index d27d700..b14e9f5 100644 --- a/ltrace.spec +++ b/ltrace.spec @@ -1,7 +1,7 @@ Summary: Tracks runtime library calls from dynamically linked executables Name: ltrace Version: 0.7.91 -Release: 43%{?dist} +Release: 44%{?dist} # In coordination with Juan Céspedes, upstream is now officially on gitlab. # We are going to being sending all of our Fedora patches upstream to gitlab. URL: https://gitlab.com/cespedes/ltrace @@ -132,6 +132,8 @@ Patch35: ltrace-0.7.91-rh1799619.patch # Support for both SC and SCV sycall insns Patch36: ltrace-0.7.91-ppc64le-scv.patch +Patch37: ltrace-0.7.91-W-use-after-free.patch + %description Ltrace is a debugging program which runs a specified command until the command exits. While the command is executing, ltrace intercepts and @@ -180,6 +182,7 @@ execution of processes. %patch34 -p1 %patch35 -p1 %patch36 -p1 +%patch37 -p1 %build autoreconf -i @@ -207,6 +210,9 @@ echo ====================TESTING END===================== %{_datadir}/ltrace %changelog +* Thu Jan 27 2022 DJ Delorie - 0.7.91-44 +- Fix use-after-free cases. + * Thu Jan 20 2022 Fedora Release Engineering - 0.7.91-43 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild