Package: tau / 2.17.3.1.dfsg-4
Metadata
Package | Version | Patches format |
---|---|---|
tau | 2.17.3.1.dfsg-4 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 Error checking in build procedure.patch | (download) |
Makefile |
2 1 + 1 - 0 ! |
[patch] error-checking in build procedure |
0002 Makefile fixes to support use of VPATH.patch | (download) |
src/Profile/Makefile |
102 51 + 51 - 0 ! |
[patch] makefile fixes to support use of vpath. |
0003 Force use of fPIC.patch | (download) |
src/Profile/Makefile |
3 3 + 0 - 0 ! |
[patch] force use of -fpic. |
0004 Avoid LD_LIBRARY_PATH vulnerability CVE 2010 3382.patch | (download) |
tools/src/tauex |
4 2 + 2 - 0 ! |
[patch] avoid ld_library_path vulnerability cve-2010-3382. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3382 http://security-tracker.debian.org/tracker/CVE-2010-3382 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303 Raphael Geissert have found that this package contains a script that can be abused by an attacker to execute arbitrary code. The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/bin/tauex line 197: export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. Patch by Julien Cristau <jcristau@debian.org>, adjusted for current version and extended to tau2slog2 script. |
0005 Fix symlink vulnerability CVE 2008 5157.patch | (download) |
tools/src/tau_cc.sh |
13 7 + 6 - 0 ! |
[patch] fix symlink vulnerability cve-2008-5157 Patch from Anibal Monsalve Salazar <anibal@debian.org>, adjusted for current version. |
0006 Do not use liberty in include Makefile.patch | (download) |
include/Makefile |
4 2 + 2 - 0 ! |
[patch] do not use -liberty in include/makefile |
0007 Build fixes.patch | (download) |
src/Profile/Comp_xl.cpp |
1 1 + 0 - 0 ! |
[patch] build fixes |
0008 Replace echo e bashism with printf.patch | (download) |
tools/src/perfexplorer/bin/Makefile.skel |
2 1 + 1 - 0 ! |
[patch] replace 'echo -e' bashism with 'printf' |
0009 Use bash for script using pushd popd.patch | (download) |
examples/bsp_bench/submitbgl.sh |
2 1 + 1 - 0 ! |
[patch] use bash for script using pushd/popd |
0010 Avoid bashism.patch | (download) |
utils/archfind |
4 2 + 2 - 0 ! |
[patch] avoid "&>" bashism |