[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#863537: unblock: upx-ucl/3.91-3



Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock version 3.91-3 of package upx-ucl

It contains a patch taken from upstream to fix #860953, i.e. crashes
of binaries compressed with upx on amd64, for example:

  robert@vox:~$ cp /usr/bin/mutt .; upx mutt         
                         Ultimate Packer for eXecutables
                            Copyright (C) 1996 - 2013
  UPX 3.91        Markus Oberhumer, Laszlo Molnar & John Reiser   Sep 30th 2013
  
          File size         Ratio      Format      Name
     --------------------   ------   -----------   -----------
     1178240 ->    623212   52.89%  linux/ElfAMD   mutt                          
  
  Packed 1 file.
  robert@vox:~$ ./mutt
  Segmentation fault (core dumped)

The crashes are related to some changes in binutils (most probably) 2.26.1,
and this is a regression against jessie: I've just checked that
compressing with upx 3.91-2 and then executing mutt from 1.6.2-3 amd64 package [1] 
works correctly, while doing the same with mutt from 1.7.0-1 [2] crashes.

[1] http://snapshot.debian.org/archive/debian/20160824T042609Z/pool/main/m/mutt/mutt_1.6.2-3_amd64.deb
[2] http://snapshot.debian.org/archive/debian/20160829T100430Z/pool/main/m/mutt/mutt_1.7.0-1_amd64.deb

Also I've just discovered that we may need yet another upload probably with a
pretty similar patch to fix similar issue on i386, as mutt:i386 compressed 
with upx-ucl:i386 (even 3.94-1 from experimental) crashes as well :(. (I
did the same check a week ago, but using `ls' binary, and it didn't
crashed, so I thought upx-ucl:i386 worked). I will try to work with 
upstream on a fix for i386.

The version 3.91-3 contains also two small unrelated fixes:
 - simple fix for FTBFS on sparc64
 - update upstream homepage URL and debian/watch
I hope they are OK for you, but I can revert them via another upload if not.


Comparing upx-ucl_3.91-2.dsc upx-ucl_3.91-3.dsc
diff -Nru upx-ucl-3.91/debian/changelog upx-ucl-3.91/debian/changelog
--- upx-ucl-3.91/debian/changelog	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/changelog	2017-05-20 09:16:37.000000000 +0200
@@ -1,3 +1,15 @@
+upx-ucl (3.91-3) unstable; urgency=medium
+
+  * Add Check-DT_RELA.patch based on upstream's commit d688a05ac7 to
+    fix segmentation faults on decompressing executables produced by
+    newer binutils on amd64 (closes: #860953).
+  * Apply the following packaging changes from 3.94-1 in Debian/experimental:
+    + upstream homepage was moved to github, update URLs in debian/watch,
+      debian/control and debian/copyright;
+    + debian/rules: Add sparc64 to big-endian archs to fix FTBFS.
+
+ -- Robert Luberda <robert@debian.org>  Sat, 20 May 2017 09:17:12 +0200
+
 upx-ucl (3.91-2) unstable; urgency=medium
 
   * Add 03-FTBFS-GCC6.patch to fix build failure with g++-6 (closes: #811595).
diff -Nru upx-ucl-3.91/debian/control upx-ucl-3.91/debian/control
--- upx-ucl-3.91/debian/control	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/control	2017-05-20 09:16:37.000000000 +0200
@@ -7,7 +7,7 @@
                libucl-dev (>= 1.03),
                lzma-dev (>= 9.22),
                zlib1g-dev (>= 1:1.1.4)
-Homepage: http://upx.sourceforge.net/
+Homepage: https://upx.github.io/
 Vcs-Git: https://anonscm.debian.org/git/users/robert/upx-ucl.git
 Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/upx-ucl.git
 
diff -Nru upx-ucl-3.91/debian/copyright upx-ucl-3.91/debian/copyright
--- upx-ucl-3.91/debian/copyright	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/copyright	2017-05-20 09:16:37.000000000 +0200
@@ -1,6 +1,6 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Contact: Markus F.X.J Oberhumer <markus@oberhumer.com>
-Source: http://upx.sourceforge.net/
+Source: https://upx.github.io/
 
 Files: *
 Copyright: 1996-2013, Markus Franz Xaver Johannes Oberhumer
diff -Nru upx-ucl-3.91/debian/patches/Check-DT_RELA.patch upx-ucl-3.91/debian/patches/Check-DT_RELA.patch
--- upx-ucl-3.91/debian/patches/Check-DT_RELA.patch	1970-01-01 01:00:00.000000000 +0100
+++ upx-ucl-3.91/debian/patches/Check-DT_RELA.patch	2017-05-20 09:16:37.000000000 +0200
@@ -0,0 +1,61 @@
+From: John Reiser <jreiser@BitWagon.com>
+Date: Sun, 9 Oct 2016 21:50:45 -0700
+Subject: DT_JMPREL vanished (binutils-2.26.1); check all DT_RELA.
+
+	modified:   p_elf_enum.h
+	modified:   p_lx_elf.cpp
+
+[ Patch taken from https://github.com/upx/upx/commit/d688a05ac78517bcba09bae0f60bc76f3aa51ddb ]
+
+Bugs-Debian: https://bugs.debian.org/#860953
+---
+ src/p_elf_enum.h |  1 +
+ src/p_lx_elf.cpp | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/src/p_elf_enum.h b/src/p_elf_enum.h
+index 52093ee..5a4f602 100644
+--- a/src/p_elf_enum.h
++++ b/src/p_elf_enum.h
+@@ -146,6 +146,7 @@
+         DT_STRTAB   =  5,       /* String table */
+         DT_SYMTAB   =  6,       /* Symbol table */
+         DT_RELA     =  7,       /* Relocations which do contain an addend */
++        DT_RELASZ   =  8,       /* Total size of Rela relocs */
+         DT_RELAENT  =  9,       /* Size of one RELA relocation */
+         DT_INIT     = 12,       /* Address of init function */
+         DT_REL      = 17,       /* Relocations which contain no addend */
+diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
+index 093e3ae..6f95c0b 100644
+--- a/src/p_lx_elf.cpp
++++ b/src/p_lx_elf.cpp
+@@ -1548,6 +1548,8 @@ PackLinuxElf64amd::canPack()
+         // defined symbols, and there might be no DT_HASH.
+ 
+         Elf64_Rela const *
++        rela= (Elf64_Rela const *)elf_find_dynamic(Elf64_Dyn::DT_RELA);
++        Elf64_Rela const *
+         jmprela= (Elf64_Rela const *)elf_find_dynamic(Elf64_Dyn::DT_JMPREL);
+         for (   int sz = elf_unsigned_dynamic(Elf64_Dyn::DT_PLTRELSZ);
+                 0 < sz;
+@@ -1561,6 +1563,20 @@ PackLinuxElf64amd::canPack()
+                 goto proceed;
+         }
+ 
++        // 2016-10-09 DT_JMPREL is no more (binutils-2.26.1)?
++        // Check the general case, too.
++        for (   int sz = elf_unsigned_dynamic(Elf64_Dyn::DT_RELASZ);
++                0 < sz;
++                (sz -= sizeof(Elf64_Rela)), ++rela
++        ) {
++            unsigned const symnum = get_te64(&rela->r_info) >> 32;
++            char const *const symnam = get_te32(&dynsym[symnum].st_name) + dynstr;
++            if (0==strcmp(symnam, "__libc_start_main")
++            ||  0==strcmp(symnam, "__uClibc_main")
++            ||  0==strcmp(symnam, "__uClibc_start_main"))
++                goto proceed;
++        }
++
+         // Heuristic HACK for shared libraries (compare Darwin (MacOS) Dylib.)
+         // If there is an existing DT_INIT, and if everything that the dynamic
+         // linker ld-linux needs to perform relocations before calling DT_INIT
diff -Nru upx-ucl-3.91/debian/patches/series upx-ucl-3.91/debian/patches/series
--- upx-ucl-3.91/debian/patches/series	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/patches/series	2017-05-20 09:16:37.000000000 +0200
@@ -2,3 +2,4 @@
 01-Documentation.patch
 02-Lzma-support.patch
 03-FTBFS-GCC6.patch
+Check-DT_RELA.patch
diff -Nru upx-ucl-3.91/debian/rules upx-ucl-3.91/debian/rules
--- upx-ucl-3.91/debian/rules	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/rules	2017-05-20 09:16:37.000000000 +0200
@@ -5,7 +5,7 @@
 package                 := $(shell dh_listpackages)
 
 
-BIG_ENDIAN_ARCHS        := hppa ia64 sparc
+BIG_ENDIAN_ARCHS        := hppa ia64 sparc sparc64
 DEB_BUILD_ARCH          := $(shell dpkg-architecture -qDEB_BUILD_ARCH)
 
 export DEB_BUILD_MAINT_OPTIONS=hardening=+all
diff -Nru upx-ucl-3.91/debian/watch upx-ucl-3.91/debian/watch
--- upx-ucl-3.91/debian/watch	2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/watch	2017-05-20 09:16:37.000000000 +0200
@@ -1,4 +1,4 @@
 # control file for the uscan(1) tool
-version=2
-http://upx.sourceforge.net/ \
-	(?:.*/)upx-([\d\.]+)-src\.tar\.(gz|bz2)
+version=4
+https://github.com/upx/upx/releases \
+	(?:.*/)upx-([\d\.]+)-src\.tar\.(?:xz|gz|bz2)



unblock upx-ucl/3.91-3

Regards,
robert

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (200, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


Reply to: