diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-04-07 11:04:23 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-04-07 11:04:23 +0900 |
| commit | a4f752e3ba10d089a5aaf58cd1fde1d8e4bd686e (patch) | |
| tree | 561e366628a5dcdf89edcf86d270a43113c3c58d | |
| parent | 5d1c99539782593cb3f0a1deaa6f8aa639561dab (diff) | |
| download | loftix-a4f752e3ba10d089a5aaf58cd1fde1d8e4bd686e.tar.gz | |
Add coreutils bugs 19784, 25023, 26545
| -rw-r--r-- | REUSE.toml | 23 | ||||
| -rw-r--r-- | bugs/README.md | 22 | ||||
| -rw-r--r-- | loftix/bugs.scm | 66 |
3 files changed, 108 insertions, 3 deletions
diff --git a/REUSE.toml b/REUSE.toml index 5a87aad..413ff62 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -93,7 +93,8 @@ SPDX-License-Identifier = 'CC0-1.0' [[annotations]] path = [ 'bugs/cve/2017/6965/bug_3', - 'bugs/cve/2018/10372/bug3' ] + 'bugs/cve/2018/10372/bug3', + 'bugs/gnu/25023/separator', ] SPDX-FileCopyrightText = 'Phạm Văn Thuận' SPDX-License-Identifier = 'CC0-1.0' @@ -131,12 +132,32 @@ SPDX-FileCopyrightText = '陈鹏' SPDX-License-Identifier = 'CC0-1.0' [[annotations]] +path = 'bugs/gnu/19784/limit' +SPDX-FileCopyrightText = 'Yury Usishchev' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] +path = 'bugs/gnu/26545/size' +SPDX-FileCopyrightText = 'Pádraig Brady' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = [ 'patches/afl++-*.patch', 'patches/e9patch-*.patch' ] SPDX-FileCopyrightText = 'Nguyễn Gia Phong' SPDX-License-Identifier = 'GPL-3.0-or-later' [[annotations]] +path = 'patches/coreutils-gnulib-glibc-2.25.patch' +SPDX-FileCopyrightText = 'Eric Blake' +SPDX-License-Identifier = 'GPL-3.0-or-later' + +[[annotations]] +path = 'patches/coreutils-gnulib-glibc-2.28.patch' +SPDX-FileCopyrightText = 'Paul Eggert' +SPDX-License-Identifier = 'GPL-3.0-or-later' + +[[annotations]] # https://src.fedoraproject.org/rpms/ming/c/c6f24aedb4f66c5b3167b75bebc55b14fd6b5248 path = 'patches/libming-parallel-make.patch' SPDX-FileCopyrightText = 'Dominik Mierzejewski' diff --git a/bugs/README.md b/bugs/README.md index 02dce59..503f433 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -1,6 +1,6 @@ # Bug reproducers -## binutils +## GNU Binary Utilities - CVE-2017-6965: [heap buffer overflow][sourceware-21137] @@ -34,6 +34,23 @@ guix shell -e '(@@ (loftix bugs) binutils-2.32-asan)' readelf -a cve/2019/9077/hbo2 +## GNU Core Utilities + +- #19784: [heap buffer overflow](gnu-19784) + + guix shell -e '(@@ (loftix bugs) coreutils-8.23-asan)' + make-prime-list "$(cat gnu/19784/limit)" + +- #25023: [global buffer overflow](gnu-25023) + + guix shell -e '(@@ (loftix bugs) coreutils-8.25-asan)' + echo | pr -m -S"$(cat gnu/25023/separator)" -t /dev/fd/0 /dev/null + +- #26545: [memcpy param overlap](gnu-26545) + + guix shell -e '(@@ (loftix bugs) coreutils-8.27-asan)' + shred -n4 -s"$(cat gnu/26545/size)" /dev/null + ## JasPer - CVE-2016-8691: [divide-by-zero][jasper-22] @@ -241,6 +258,9 @@ [chromium-40076524]: https://issues.chromium.org/issues/40076524 [chromium-42452152]: https://project-zero.issues.chromium.org/issues/42452152 [chromium-42452154]: https://project-zero.issues.chromium.org/issues/42452154 +[gnu-19784]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19784 +[gnu-25023]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=25023 +[gnu-26545]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26545 [jasper-22]: https://github.com/jasper-software/jasper/issues/22 [jasper-49]: https://github.com/jasper-software/jasper/issues/49 [jasper-67]: https://github.com/jasper-software/jasper/issues/67 diff --git a/loftix/bugs.scm b/loftix/bugs.scm index 3621ac6..0b6b306 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -24,9 +24,11 @@ #:use-module (gnu packages xml) #:use-module (guix build-system gnu) #:use-module (guix download) + #:use-module (guix gexp) #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) - #:use-module (guix packages)) + #:use-module (guix packages) + #:use-module (guix utils)) (define-public binutils-2.32-asan (package @@ -94,6 +96,68 @@ (base32 "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) (patches '()))))) +(define-public coreutils-8.27-asan + (package + (inherit coreutils) + (version "8.27") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) + (patches + (search-patches "patches/coreutils-gnulib-glibc-2.28.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments coreutils) + ((#:make-flags flags #~'()) + #~(cons* "CFLAGS=-O2 -g -fsanitize=address" + "LDFLAGS=-fsanitize=address" + #$flags)) + ((#:phases phases #~%standard-phases) + #~(modify-phases #$phases + (add-before 'build 'set-env + (lambda _ (setenv "ASAN_OPTIONS" "detect_leaks=0"))))) + ((#:tests? _ #f) + #f))))) + +(define-public coreutils-8.25-asan + (package + (inherit coreutils-8.27-asan) + (version "8.25") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")) + (patches (search-patches + "patches/coreutils-gnulib-glibc-2.25.patch" + "patches/coreutils-gnulib-glibc-2.28.patch")))))) + +(define-public coreutils-8.23-asan + (package + (inherit coreutils-8.25-asan) + (version "8.23") + (source (origin + (inherit (package-source coreutils-8.25-asan)) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "0bdq6yggyl7nkc2pbl6pxhhyx15nyqhz3ds6rfn448n6rxdwlhzc")))) + (arguments + (substitute-keyword-arguments (package-arguments coreutils-8.25-asan) + ((#:phases phases #~%standard-phases) + #~(modify-phases #$phases + (add-after 'install 'install-make-prime-list + (lambda* (#:key outputs #:allow-other-keys) + (install-file + "src/make-prime-list" + (string-append (assoc-ref outputs "out") "/bin")))))))))) + (define-public jasper-1.900.19 ;; FIXME: UBSan somehow breaks build phase. (package |