Bug#863537: unblock: upx-ucl/3.91-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock version 3.91-3 of package upx-ucl
It contains a patch taken from upstream to fix #860953, i.e. crashes
of binaries compressed with upx on amd64, for example:
robert@vox:~$ cp /usr/bin/mutt .; upx mutt
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2013
UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013
File size Ratio Format Name
-------------------- ------ ----------- -----------
1178240 -> 623212 52.89% linux/ElfAMD mutt
Packed 1 file.
robert@vox:~$ ./mutt
Segmentation fault (core dumped)
The crashes are related to some changes in binutils (most probably) 2.26.1,
and this is a regression against jessie: I've just checked that
compressing with upx 3.91-2 and then executing mutt from 1.6.2-3 amd64 package [1]
works correctly, while doing the same with mutt from 1.7.0-1 [2] crashes.
[1] http://snapshot.debian.org/archive/debian/20160824T042609Z/pool/main/m/mutt/mutt_1.6.2-3_amd64.deb
[2] http://snapshot.debian.org/archive/debian/20160829T100430Z/pool/main/m/mutt/mutt_1.7.0-1_amd64.deb
Also I've just discovered that we may need yet another upload probably with a
pretty similar patch to fix similar issue on i386, as mutt:i386 compressed
with upx-ucl:i386 (even 3.94-1 from experimental) crashes as well :(. (I
did the same check a week ago, but using `ls' binary, and it didn't
crashed, so I thought upx-ucl:i386 worked). I will try to work with
upstream on a fix for i386.
The version 3.91-3 contains also two small unrelated fixes:
- simple fix for FTBFS on sparc64
- update upstream homepage URL and debian/watch
I hope they are OK for you, but I can revert them via another upload if not.
Comparing upx-ucl_3.91-2.dsc upx-ucl_3.91-3.dsc
diff -Nru upx-ucl-3.91/debian/changelog upx-ucl-3.91/debian/changelog
--- upx-ucl-3.91/debian/changelog 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/changelog 2017-05-20 09:16:37.000000000 +0200
@@ -1,3 +1,15 @@
+upx-ucl (3.91-3) unstable; urgency=medium
+
+ * Add Check-DT_RELA.patch based on upstream's commit d688a05ac7 to
+ fix segmentation faults on decompressing executables produced by
+ newer binutils on amd64 (closes: #860953).
+ * Apply the following packaging changes from 3.94-1 in Debian/experimental:
+ + upstream homepage was moved to github, update URLs in debian/watch,
+ debian/control and debian/copyright;
+ + debian/rules: Add sparc64 to big-endian archs to fix FTBFS.
+
+ -- Robert Luberda <robert@debian.org> Sat, 20 May 2017 09:17:12 +0200
+
upx-ucl (3.91-2) unstable; urgency=medium
* Add 03-FTBFS-GCC6.patch to fix build failure with g++-6 (closes: #811595).
diff -Nru upx-ucl-3.91/debian/control upx-ucl-3.91/debian/control
--- upx-ucl-3.91/debian/control 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/control 2017-05-20 09:16:37.000000000 +0200
@@ -7,7 +7,7 @@
libucl-dev (>= 1.03),
lzma-dev (>= 9.22),
zlib1g-dev (>= 1:1.1.4)
-Homepage: http://upx.sourceforge.net/
+Homepage: https://upx.github.io/
Vcs-Git: https://anonscm.debian.org/git/users/robert/upx-ucl.git
Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/upx-ucl.git
diff -Nru upx-ucl-3.91/debian/copyright upx-ucl-3.91/debian/copyright
--- upx-ucl-3.91/debian/copyright 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/copyright 2017-05-20 09:16:37.000000000 +0200
@@ -1,6 +1,6 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Contact: Markus F.X.J Oberhumer <markus@oberhumer.com>
-Source: http://upx.sourceforge.net/
+Source: https://upx.github.io/
Files: *
Copyright: 1996-2013, Markus Franz Xaver Johannes Oberhumer
diff -Nru upx-ucl-3.91/debian/patches/Check-DT_RELA.patch upx-ucl-3.91/debian/patches/Check-DT_RELA.patch
--- upx-ucl-3.91/debian/patches/Check-DT_RELA.patch 1970-01-01 01:00:00.000000000 +0100
+++ upx-ucl-3.91/debian/patches/Check-DT_RELA.patch 2017-05-20 09:16:37.000000000 +0200
@@ -0,0 +1,61 @@
+From: John Reiser <jreiser@BitWagon.com>
+Date: Sun, 9 Oct 2016 21:50:45 -0700
+Subject: DT_JMPREL vanished (binutils-2.26.1); check all DT_RELA.
+
+ modified: p_elf_enum.h
+ modified: p_lx_elf.cpp
+
+[ Patch taken from https://github.com/upx/upx/commit/d688a05ac78517bcba09bae0f60bc76f3aa51ddb ]
+
+Bugs-Debian: https://bugs.debian.org/#860953
+---
+ src/p_elf_enum.h | 1 +
+ src/p_lx_elf.cpp | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/src/p_elf_enum.h b/src/p_elf_enum.h
+index 52093ee..5a4f602 100644
+--- a/src/p_elf_enum.h
++++ b/src/p_elf_enum.h
+@@ -146,6 +146,7 @@
+ DT_STRTAB = 5, /* String table */
+ DT_SYMTAB = 6, /* Symbol table */
+ DT_RELA = 7, /* Relocations which do contain an addend */
++ DT_RELASZ = 8, /* Total size of Rela relocs */
+ DT_RELAENT = 9, /* Size of one RELA relocation */
+ DT_INIT = 12, /* Address of init function */
+ DT_REL = 17, /* Relocations which contain no addend */
+diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
+index 093e3ae..6f95c0b 100644
+--- a/src/p_lx_elf.cpp
++++ b/src/p_lx_elf.cpp
+@@ -1548,6 +1548,8 @@ PackLinuxElf64amd::canPack()
+ // defined symbols, and there might be no DT_HASH.
+
+ Elf64_Rela const *
++ rela= (Elf64_Rela const *)elf_find_dynamic(Elf64_Dyn::DT_RELA);
++ Elf64_Rela const *
+ jmprela= (Elf64_Rela const *)elf_find_dynamic(Elf64_Dyn::DT_JMPREL);
+ for ( int sz = elf_unsigned_dynamic(Elf64_Dyn::DT_PLTRELSZ);
+ 0 < sz;
+@@ -1561,6 +1563,20 @@ PackLinuxElf64amd::canPack()
+ goto proceed;
+ }
+
++ // 2016-10-09 DT_JMPREL is no more (binutils-2.26.1)?
++ // Check the general case, too.
++ for ( int sz = elf_unsigned_dynamic(Elf64_Dyn::DT_RELASZ);
++ 0 < sz;
++ (sz -= sizeof(Elf64_Rela)), ++rela
++ ) {
++ unsigned const symnum = get_te64(&rela->r_info) >> 32;
++ char const *const symnam = get_te32(&dynsym[symnum].st_name) + dynstr;
++ if (0==strcmp(symnam, "__libc_start_main")
++ || 0==strcmp(symnam, "__uClibc_main")
++ || 0==strcmp(symnam, "__uClibc_start_main"))
++ goto proceed;
++ }
++
+ // Heuristic HACK for shared libraries (compare Darwin (MacOS) Dylib.)
+ // If there is an existing DT_INIT, and if everything that the dynamic
+ // linker ld-linux needs to perform relocations before calling DT_INIT
diff -Nru upx-ucl-3.91/debian/patches/series upx-ucl-3.91/debian/patches/series
--- upx-ucl-3.91/debian/patches/series 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/patches/series 2017-05-20 09:16:37.000000000 +0200
@@ -2,3 +2,4 @@
01-Documentation.patch
02-Lzma-support.patch
03-FTBFS-GCC6.patch
+Check-DT_RELA.patch
diff -Nru upx-ucl-3.91/debian/rules upx-ucl-3.91/debian/rules
--- upx-ucl-3.91/debian/rules 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/rules 2017-05-20 09:16:37.000000000 +0200
@@ -5,7 +5,7 @@
package := $(shell dh_listpackages)
-BIG_ENDIAN_ARCHS := hppa ia64 sparc
+BIG_ENDIAN_ARCHS := hppa ia64 sparc sparc64
DEB_BUILD_ARCH := $(shell dpkg-architecture -qDEB_BUILD_ARCH)
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
diff -Nru upx-ucl-3.91/debian/watch upx-ucl-3.91/debian/watch
--- upx-ucl-3.91/debian/watch 2016-07-03 13:02:59.000000000 +0200
+++ upx-ucl-3.91/debian/watch 2017-05-20 09:16:37.000000000 +0200
@@ -1,4 +1,4 @@
# control file for the uscan(1) tool
-version=2
-http://upx.sourceforge.net/ \
- (?:.*/)upx-([\d\.]+)-src\.tar\.(gz|bz2)
+version=4
+https://github.com/upx/upx/releases \
+ (?:.*/)upx-([\d\.]+)-src\.tar\.(?:xz|gz|bz2)
unblock upx-ucl/3.91-3
Regards,
robert
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (990, 'testing'), (200, 'unstable')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: