diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-26 15:38:17 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-03-05 14:08:06 +0900 |
| commit | 9bb20b0036fdbd2f2e4c7246655daaa642e635d6 (patch) | |
| tree | 3d9baa964a74c6ecb08d67c2722c41ce8087738d | |
| parent | af245dbaca13ef33da686d5fc261fda8341597fc (diff) | |
| download | loftix-9bb20b0036fdbd2f2e4c7246655daaa642e635d6.tar.gz | |
Add ASan'ed libming 0.4.8 for CVE-2018-{8806,8964}
| -rw-r--r-- | LICENSES/MIT.txt | 22 | ||||
| -rw-r--r-- | REUSE.toml | 16 | ||||
| -rw-r--r-- | bugs/README.md | 14 | ||||
| -rw-r--r-- | bugs/cve/2018/8806/heap-use-after-free.swf | bin | 0 -> 166 bytes | |||
| -rw-r--r-- | bugs/cve/2018/8964/heap-use-after-free.swf | bin | 0 -> 140 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 34 | ||||
| -rw-r--r-- | patches/libming-parallel-make.patch | 17 |
7 files changed, 103 insertions, 0 deletions
diff --git a/LICENSES/MIT.txt b/LICENSES/MIT.txt new file mode 100644 index 0000000..f6454ce --- /dev/null +++ b/LICENSES/MIT.txt @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) <year> <copyright holders> + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation files +(the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of the Software, +and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE +OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/REUSE.toml b/REUSE.toml index db4a528..8733793 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -173,6 +173,16 @@ path = 'bugs/cve/2017/15232/*.jpg' SPDX-FileCopyrightText = '2017 Zhao Liang' [[annotations]] +path = 'bugs/cve/2018/8806/heap-use-after-free.swf' +SPDX-FileCopyrightText = '2018 ProbeFuzzer' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] +path = 'bugs/cve/2018/8964/heap-use-after-free.swf' +SPDX-FileCopyrightText = '2018 traceprobe' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = 'bugs/cve/2018/14498/*.bmp' SPDX-FileCopyrightText = '2018 Hongxu Chen' @@ -197,6 +207,12 @@ SPDX-FileCopyrightText = '2024 Nguyễn Gia Phong' SPDX-License-Identifier = 'GPL-3.0-or-later' [[annotations]] +# https://src.fedoraproject.org/rpms/ming/c/c6f24aedb4f66c5b3167b75bebc55b14fd6b5248 +path = 'patches/libming-parallel-make.patch' +SPDX-FileCopyrightText = '2016 Dominik Mierzejewski' +SPDX-License-Identifier = 'MIT' + +[[annotations]] path = '**/README.md' SPDX-FileCopyrightText = 'None' SPDX-License-Identifier = 'CC0-1.0' diff --git a/bugs/README.md b/bugs/README.md index de9149a..c8ab237 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -77,6 +77,18 @@ guix shell -e '(@@ (loftix bugs) libjpeg-turbo-2.0.1-asan)' djpeg -colors 256 -bmp cve/2018/19664/heap-buffer-overflow-2.jpg +## libming + +- CVE-2018-8806: [use after free][libming-128] + + guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)' + swftophp cve/2018/8806/heap-use-after-free.swf + +- CVE-2018-8964: [use after free][libming-130] + + guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)' + swftophp cve/2018/8964/heap-use-after-free.swf + ## libtiff - CVE-2016-3186: [buffer overflow][redhat-1319503] @@ -209,6 +221,8 @@ [libarchive-717]: https://github.com/libarchive/libarchive/issues/717 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 [libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 +[libming-128]: https://github.com/libming/libming/issues/128 +[libming-130]: https://github.com/libming/libming/issues/130 [maptools-2554]: https://bugzilla.maptools.org/show_bug.cgi?id=2554 [maptools-2558]: https://bugzilla.maptools.org/show_bug.cgi?id=2558 [maptools-2587]: https://bugzilla.maptools.org/show_bug.cgi?id=2587 diff --git a/bugs/cve/2018/8806/heap-use-after-free.swf b/bugs/cve/2018/8806/heap-use-after-free.swf new file mode 100644 index 0000000..23c07c2 --- /dev/null +++ b/bugs/cve/2018/8806/heap-use-after-free.swf Binary files differdiff --git a/bugs/cve/2018/8964/heap-use-after-free.swf b/bugs/cve/2018/8964/heap-use-after-free.swf new file mode 100644 index 0000000..53376b6 --- /dev/null +++ b/bugs/cve/2018/8964/heap-use-after-free.swf Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 9fef510..5e6c9cf 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -11,13 +11,21 @@ ;;; SPDX-License-Identifier: GPL-3.0-or-later (define-module (loftix bugs) + #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages backup) #:use-module (gnu packages base) + #:use-module (gnu packages bison) + #:use-module (gnu packages flex) #:use-module (gnu packages fontutils) #:use-module (gnu packages image) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages swig) #:use-module (gnu packages xml) #:use-module (guix build-system gnu) #:use-module (guix download) + #:use-module (guix git-download) + #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages)) (define-public binutils-2.32-asan @@ -187,6 +195,32 @@ (setenv "LDFLAGS" "-fsanitize=address")))) #:configure-flags '("-DCMAKE_INSTALL_LIBDIR:PATH=lib"))))) +(define-public libming-0.4.8-asan + (package + (name "libming") + (version "0.4.8") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/libming/libming") + (commit "ming-0_4_8"))) + (sha256 + (base32 "0bky2spbzrlrwrj6pg8k0mn3zm1jjnyyj2b0whv29j469hpjfn5m")) + (file-name (git-file-name name version)) + (patches (search-patches + "patches/libming-parallel-make.patch")))) + (build-system gnu-build-system) + (arguments '(#:make-flags '("CFLAGS=-O2 -g -fcommon -fsanitize=address" + "LDFLAGS=-static -fsanitize=address") + #:tests? #f)) + (native-inputs (list autoconf automake bison flex libtool pkgconf swig)) + (inputs (list freetype giflib libpng)) + (synopsis "SWF output library") + (description "Ming is a Flash (SWF) output library. +It can be used from PHP, Perl, Ruby, Python, C, C++ and Java.") + (home-page "https://github.com/libming/libming") + (license (list license:lgpl2.1+ license:gpl2+)))) + (define-public libtiff-4.0.6 (package (inherit libtiff) diff --git a/patches/libming-parallel-make.patch b/patches/libming-parallel-make.patch new file mode 100644 index 0000000..0658a3e --- /dev/null +++ b/patches/libming-parallel-make.patch @@ -0,0 +1,17 @@ +diff -up libming-ming-0_4_7/src/actioncompiler/Makefile.am.pmake libming-ming-0_4_7/src/actioncompiler/Makefile.am +--- libming-ming-0_4_7/src/actioncompiler/Makefile.am.pmake 2015-05-15 11:43:14.000000000 +0200 ++++ libming-ming-0_4_7/src/actioncompiler/Makefile.am 2016-07-18 22:57:44.537713157 +0200 +@@ -56,11 +56,11 @@ lex.swf5.c: $(srcdir)/swf5compiler.flex + swf4compiler.tab.c: $(srcdir)/swf4compiler.y + $(YACC) -p swf4 -b swf4compiler $(srcdir)/swf4compiler.y + +-swf4compiler.tab.h: $(srcdir)/swf4compiler.y ++swf4compiler.tab.h: $(srcdir)/swf4compiler.y | swf4compiler.tab.c + $(YACC) --defines $(DEBUG) -p swf4 -b swf4compiler $(srcdir)/swf4compiler.y + + swf5compiler.tab.c: $(srcdir)/swf5compiler.y + $(YACC) -p swf5 -b swf5compiler $(srcdir)/swf5compiler.y + +-swf5compiler.tab.h: $(srcdir)/swf5compiler.y ++swf5compiler.tab.h: $(srcdir)/swf5compiler.y | swf5compiler.tab.c + $(YACC) --defines $(DEBUG) -p swf5 -b swf5compiler $(srcdir)/swf5compiler.y |