update to 0.4.9 [release 0.4.9-1mamba;Fri May 07 2021]

This commit is contained in:
Silvan Calarco 2024-01-06 05:04:12 +01:00
parent 1af0c4f77c
commit 021fbc13db
6 changed files with 275 additions and 82 deletions

View File

@ -1,43 +0,0 @@
From a0ea1cc47330a3ab316713d720892b6272401890 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Sun, 10 Jul 2011 21:46:09 +0300
Subject: [PATCH] GvCV() isn't an lvalue since Perl 5.13.10
GvCV() can't be assigned to anymore with recent perls, so use the new
GvCV_set() macro when available or implement it the old way if it isn't.
---
perl_ext/Exports.c | 2 +-
perl_ext/perl_swf.h | 4 ++++
2 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/perl_ext/Exports.c b/perl_ext/Exports.c
index 65f8912..5529728 100644
--- a/perl_ext/Exports.c
+++ b/perl_ext/Exports.c
@@ -190,7 +190,7 @@ void export_cv(SV *class, SV *caller, char *sub)
SvPVX(caller), sub, SvPVX(class), sub);
#endif
gv = gv_fetchpv(form("%s::%s",SvPVX( caller), sub), TRUE, SVt_PVCV);
- GvCV(gv) = perl_get_cv(form("%s::%s", SvPVX(class), sub), TRUE);
+ GvCV_set(gv, perl_get_cv(form("%s::%s", SvPVX(class), sub), TRUE));
GvIMPORTED_CV_on(gv);
GvMULTI_on(gv);
}
diff --git a/perl_ext/perl_swf.h b/perl_ext/perl_swf.h
index b960229..1a3656e 100644
--- a/perl_ext/perl_swf.h
+++ b/perl_ext/perl_swf.h
@@ -58,6 +58,10 @@ typedef SWFFontCollection SWF__FontCollection;
#define aTHXo_
#endif
+#ifndef GvCV_set
+# define GvCV_set(G, C) (GvCV(G) = (C))
+#endif
+
#ifndef S_DEBUG
#define swf_debug 0 /* Should we get this from, say, $SWF::debug? */
#define S_DEBUG(level,code) if (swf_debug >= level) { code; }
--
1.7.5.4

View File

@ -0,0 +1,12 @@
diff -up ming-0.4.5/util/ming-config.in.multilib ming-0.4.5/util/ming-config.in
--- ming-0.4.5/util/ming-config.in.multilib 2010-10-10 09:19:23.000000000 +0200
+++ ming-0.4.5/util/ming-config.in 2014-05-27 19:01:32.183275535 +0200
@@ -33,7 +33,7 @@ while test $# -gt 0; do
echo -I@includedir@
;;
--libs)
- echo -L@libdir@ @ZLIB@ @MATHLIB@ @GIFLIB@ @PNGLIB@ -lming
+ echo @ZLIB@ @MATHLIB@ @GIFLIB@ @PNGLIB@ $(pkg-config --libs libming)
;;
--bindir)
echo @bindir@

View File

@ -0,0 +1,24 @@
diff -up ming-0.4.5/perl_ext/Makefile.am.p ming-0.4.5/perl_ext/Makefile.am
--- ming-0.4.5/perl_ext/Makefile.am.p 2010-10-10 09:19:23.000000000 +0200
+++ ming-0.4.5/perl_ext/Makefile.am 2014-05-28 22:45:29.283815352 +0200
@@ -38,7 +38,7 @@ install: Makefile.perl
$(MAKE) -f Makefile.perl install PREFIX=$(prefix)
Makefile.perl: Makefile.PL
- srcdir=$(srcdir) builddir=$(abs_builddir) $(PERL) $< PREFIX=$(prefix) FIRST_MAKEFILE=Makefile.perl
+ srcdir=$(srcdir) builddir=$(abs_builddir) $(PERL) $< PREFIX=$(prefix) FIRST_MAKEFILE=Makefile.perl INSTALLDIRS=vendor
clean-local: Makefile.perl
$(MAKE) -f Makefile.perl realclean
diff -up ming-0.4.5/perl_ext/Makefile.PL.p ming-0.4.5/perl_ext/Makefile.PL
--- ming-0.4.5/perl_ext/Makefile.PL.p 2013-06-08 16:56:17.000000000 +0200
+++ ming-0.4.5/perl_ext/Makefile.PL 2014-05-28 22:44:46.830226503 +0200
@@ -163,7 +163,7 @@ sub MY::install {
sub ming_is_compiled
{
- my $libming = $MING_TOP_BUILDDIR."/src/.libs/libming.a";
+ my $libming = $MING_TOP_BUILDDIR."/src/.libs/libming.so";
if ( -e $libming )
{

175
libming-0.4.9-pr145.patch Normal file
View File

@ -0,0 +1,175 @@
diff --git a/NEWS b/NEWS
index 129d55fe..7eb256ca 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,11 @@
with empty acts (NULL act->p.String). Perform deep copy in pushdup,
instead of shallow copy (issue #121).
* Fix heap-buffer-overflow in getString (CVE-2018-7867, issue #116).
+ * Fix null pointer dereference in getInt (CVE-2018-9132, issue #133).
+ * Fix heap-use-after-free in decompileJUMP (CVE-2018-9009, issue #131).
+ * Fix memory exhaustion in parseSWF_ACTIONRECORD (CVE-2018-7876, #109).
+ * Fix heap-buffer-overflow in function getString (CVE-2018-7873, #111).
+ * Fix null pointer dereference in newVar3 (CVE-2018-7866, #118).
0.4.8 - 2017-04-07
diff --git a/util/decompile.c b/util/decompile.c
index e9341356..cf1a372d 100644
--- a/util/decompile.c
+++ b/util/decompile.c
@@ -358,9 +358,19 @@ getString(struct SWF_ACTIONPUSHPARAM *act)
return t;
}
case PUSH_INT: /* INTEGER */
- t=malloc(10); /* 32-bit decimal */
- sprintf(t,"%ld", act->p.Integer );
+ {
+ char length_finder[1];
+ int needed_length = snprintf(length_finder, 1, "%ld", act->p.Integer) + 1;
+ if (needed_length <= 0)
+ {
+ SWF_warn("WARNING: could not evaluate size of buffer (memory issue ?).\n");
+ break;
+ }
+
+ t = malloc(needed_length);
+ sprintf(t, "%ld", act->p.Integer );
return t;
+ }
case PUSH_CONSTANT: /* CONSTANT8 */
if (act->p.Constant8 > poolcounter)
{
@@ -387,7 +397,14 @@ getString(struct SWF_ACTIONPUSHPARAM *act)
case 12:
case 11: /* INCREMENTED or DECREMENTED VARIABLE */
case PUSH_VARIABLE: /* VARIABLE */
- return act->p.String;
+ if (!act->p.String)
+ {
+ SWF_warn("WARNING: Call to getString with PUSH_VARIABLE defining NULL string.\n");
+ break;
+ }
+ t=malloc(strlen(act->p.String)+1); /* NULL character */
+ strcpy(t,act->p.String);
+ return t;
default:
fprintf (stderr," Can't get string for type: %d\n", act->Type);
break;
@@ -481,7 +498,15 @@ getInt(struct SWF_ACTIONPUSHPARAM *act)
case PUSH_NULL: /* NULL */
return 0;
case PUSH_REGISTER: /* REGISTER */
- return getInt(regs[act->p.RegisterNumber]);
+ if (regs[act->p.RegisterNumber])
+ {
+ return getInt(regs[act->p.RegisterNumber]);
+ }
+ else
+ {
+ SWF_warn("WARNING: retrieving undefined register values.\n");
+ break;
+ }
case PUSH_DOUBLE: /* DOUBLE */
return (int)act->p.Double;
case PUSH_INT: /* INTEGER */
@@ -939,6 +964,24 @@ decompileGETURL2 (SWF_ACTION *act)
return 0;
}
+static inline int Offset(SWF_ACTION *actions, int n, int maxn)
+{
+ if(!n || n >= maxn)
+ {
+#if DEBUG
+ SWF_warn("Offset: want %i, max %i\n", n, maxn);
+#endif
+ return -999;
+ } else if (n < 1) {
+
+#if DEBUG
+ SWF_warn("Offset: want %i < 1\n", n);
+#endif
+ return -998;
+ }
+ return actions[n].SWF_ACTIONRECORD.Offset;
+}
+
static inline int OpCode(SWF_ACTION *actions, int n, int maxn)
{
if(!n || n >= maxn)
@@ -1929,7 +1972,7 @@ decompileJUMP(int n, SWF_ACTION *actions, int maxn)
{
sactif = (struct SWF_ACTIONIF *)&(actions[n+i+j]);
/* chk whether last jump does lead us back to start of loop */
- if (sactif->Actions[sactif->numActions-1].SWF_ACTIONRECORD.ActionCode==SWFACTION_JUMP
+ if (OpCode(sactif->Actions, sactif->numActions-1, maxn) == SWFACTION_JUMP
&& sactif->Actions[sactif->numActions-1].SWF_ACTIONJUMP.BranchOffset+
sactif->Actions[sactif->numActions-1].SWF_ACTIONJUMP.Offset==
actions[n].SWF_ACTIONRECORD.Offset )
@@ -2101,7 +2144,7 @@ decompile_SWITCH(int n, SWF_ACTION *actions, int maxn, int off1end)
int offSave;
for (i=0; i<n_firstactions; i++) // seek last op in 1st if
{
- if (actions[i+1].SWF_ACTIONRECORD.Offset==off1end)
+ if (Offset(actions, i+1, maxn) == off1end)
{
// println("found #off end first= %d",i+1);
if (OpCode(actions, i, maxn) == SWFACTION_JUMP)
@@ -2334,7 +2377,7 @@ decompileIF(int n, SWF_ACTION *actions, int maxn)
* that points to a JUMP above the IF statement.
*/
if(n && isLogicalOp(n-1, actions, maxn) &&
- (sact->Actions[sact->numActions-1].SWF_ACTIONRECORD.ActionCode == SWFACTION_JUMP) &&
+ (OpCode(sact->Actions, sact->numActions-1, maxn) == SWFACTION_JUMP) &&
( (sact->Actions[sact->numActions-1].SWF_ACTIONJUMP.Offset +
sact->Actions[sact->numActions-1].SWF_ACTIONJUMP.BranchOffset) < actions[n].SWF_ACTIONRECORD.Offset) &&
isLogicalOp(sact->numActions-2, sact->Actions, maxn) )
@@ -2424,7 +2467,7 @@ decompileIF(int n, SWF_ACTION *actions, int maxn)
*/
if( isLogicalOp(n-1, actions, maxn) &&
- ( (sact->Actions[sact->numActions-1].SWF_ACTIONRECORD.ActionCode == SWFACTION_JUMP) &&
+ ((OpCode(sact->Actions, sact->numActions-1, maxn) == SWFACTION_JUMP) &&
sact->Actions[sact->numActions-1].SWF_ACTIONJUMP.BranchOffset < 0) )
{
if(0) dumpRegs();
@@ -2460,7 +2503,7 @@ decompileIF(int n, SWF_ACTION *actions, int maxn)
}
{ // WTF ???
#define SOME_IF_DEBUG 0 /* coders only */
- int has_else_or_break= ((sact->Actions[sact->numActions-1].SWF_ACTIONRECORD.ActionCode == SWFACTION_JUMP) &&
+ int has_else_or_break= ((OpCode(sact->Actions, sact->numActions-1, maxn) == SWFACTION_JUMP) &&
(sact->Actions[sact->numActions-1].SWF_ACTIONJUMP.BranchOffset > 0 )) ? 1:0;
int has_lognot=(OpCode(actions, n-1, maxn) == SWFACTION_LOGICALNOT) ? 1:0;
int else_action_cnt=0,is_logor=0,is_logand=0,sbi,sbe;
@@ -3154,7 +3197,7 @@ decompileSETTARGET(int n, SWF_ACTION *actions, int maxn, int is_type2)
{
INDENT
println("tellTarget('%s') {" ,name);
- while(action_cnt+n<maxn)
+ for (; action_cnt+n < maxn-1; action_cnt++)
{
if (OpCode(actions, n+1+action_cnt, maxn)==SWFACTION_SETTARGET
|| OpCode(actions, n+1+action_cnt, maxn)==SWFACTION_SETTARGET2
@@ -3164,7 +3207,6 @@ decompileSETTARGET(int n, SWF_ACTION *actions, int maxn, int is_type2)
{
break;
}
- action_cnt++;
}
decompileActions(action_cnt,&actions[n+1],gIndent+1);
INDENT
diff --git a/util/swftypes.h b/util/swftypes.h
index fe80eb2c..9648c628 100644
--- a/util/swftypes.h
+++ b/util/swftypes.h
@@ -363,7 +363,7 @@ struct SWF_ACTIONDEFINEFUNCTION {
UI16 Length;
UI32 Offset;
STRING FunctionName;
- WORD NumParams;
+ UI16 NumParams;
STRING *Params;
WORD CodeSize;
int numActions;

View File

@ -0,0 +1,12 @@
diff -up libming-50098023446a5412efcfbd40552821a8cba983a6/configure.ac.ver libming-50098023446a5412efcfbd40552821a8cba983a6/configure.ac
--- libming-50098023446a5412efcfbd40552821a8cba983a6/configure.ac.ver 2019-02-25 09:54:55.616748926 +0100
+++ libming-50098023446a5412efcfbd40552821a8cba983a6/configure.ac 2019-02-25 09:59:25.012116890 +0100
@@ -4,7 +4,7 @@ dnl --
AC_INIT(ming, 0.4.9)
MAJOR_VERSION=0
MINOR_VERSION=4
-MICRO_VERSION=9-dev
+MICRO_VERSION=9
MING_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.${MICRO_VERSION}

View File

@ -1,29 +1,35 @@
%define perl_major_ver %(eval `perl -V:version`; echo ${version%*.[0-9]*}.0)
%define with_python_binding 1
%define with_python_binding 0
%define commit 50098023446a5412efcfbd40552821a8cba983a6
Name: libming
Version: 0.4.4
Version: 0.4.9
Release: 1mamba
Summary: Ming is a library for generating Macromedia Flash files (.swf)
Group: System/Libraries
Vendor: openmamba
Distribution: openmamba
Packager: Stefano Cotta Ramusino <stefano.cotta@qilinux.it>
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://ming.sourceforge.net/
Source: http://downloads.sourceforge.net/sourceforge/ming/ming-%{version}.tar.bz2
Source: https://github.com/libming/libming.git/master@%{commit}/libming-%{version}.tar.bz2
Patch0: %{name}-0.4.2-php_install.patch
Patch1: libming-0.4.4-perl-5.16.patch
Patch1: libming-0.4.9-perl-5.16.patch
Patch2: libming-0.4.4-libtcl-0.8.5.patch
#Source1: http://downloads.sourceforge.net/sourceforge/ming/ming-perl-%{version}-beta5.tar.gz
#Source2: http://downloads.sourceforge.net/sourceforge/ming/ming-py-%{version}-beta5.tar.gz
Patch3: libming-0.4.9-multilib.patch
Patch5: libming-0.4.9-pr145.patch
Patch6: libming-0.4.9-version.patch
License: LGPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libbrotli-devel
BuildRequires: libbzip2-devel
BuildRequires: libfreetype-devel
BuildRequires: libgif-devel
BuildRequires: libglib-devel
BuildRequires: libgraphite2-devel
BuildRequires: libharfbuzz-devel
BuildRequires: libpcre-devel
BuildRequires: libperl
BuildRequires: libpng-devel
BuildRequires: libpython-devel
BuildRequires: libungif-devel
BuildRequires: libz-devel
BuildRequires: perl-devel
## AUTOBUILDREQ-END
@ -31,8 +37,6 @@ BuildRequires: perl-devel >= %{perl_major_ver}
%if "%{stage1}" != "1"
BuildRequires: php-devel
%endif
BuildRequires: python >= 2.4
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
Ming is a C library for generating SWF ("Flash") format movies, plus a set of wrappers for using the library from C++ and popular scripting languages like PHP, Perl, Python, and Ruby.
@ -68,7 +72,7 @@ Summary: Perl bindings for Ming
Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release}
Requires: perl >= %{perl_major_ver}
Provides: ming-perl
Obsoletes: ming-perl
Obsoletes: ming-perl < 0.4.9
%description -n perl-ming
Ming is a C library for generating SWF ("Flash") format movies, plus a set of wrappers for using the library from C++ and popular scripting languages like PHP, Perl, Python, and Ruby.
@ -107,25 +111,33 @@ Obsoletes: ming-python
%description -n python-ming
Ming is a C library for generating SWF ("Flash") format movies, plus a set of wrappers for using the library from C++ and popular scripting languages like PHP, Perl, Python, and Ruby.
This package contains Python bindings for Ming.
%endif
%debug_package
%prep
%setup -q -n ming-%{version}
#%patch0 -p1
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch5 -p1
%patch6 -p1
sed -i "s|lungif|lgif|" perl_ext/Makefile.*
./autogen.sh
%build
%configure \
--enable-python \
--disable-silent-rules \
--disable-static \
--enable-cpp \
--enable-perl \
%if "%{stage1}" != "1"
--enable-php \
%endif
--enable-tcl \
PYTHON=%{__python}
--disable-php \
--disable-python \
--disable-tcl \
PYTHON=%{__python3} \
CFLAGS="%{optflags} -fcommon"
%make -j1
@ -180,17 +192,15 @@ rm -f .packlist
%files
%defattr(-,root,root)
%{_libdir}/*.so.*
#%{_mandir}/man1/*
%{_libdir}/libming.so.*
%doc LICENSE
%files devel
%defattr(-,root,root)
%{_bindir}/ming-config
%{_includedir}/*.h
%{_libdir}/*.a
%{_libdir}/*.la
%{_libdir}/*.so
%{_libdir}/libming.la
%{_libdir}/libming.so
%{_libdir}/pkgconfig/libming.pc
#%{_mandir}/man3/*.3.gz
%doc NEWS README TODO
@ -236,19 +246,22 @@ rm -f .packlist
%doc py_ext/{README,TODO}
%endif
%if "%{stage1}" != "1"
%files -n php-ming
%defattr(-,root,root)
%{_libdir}/php/extensions/ming.so
%endif
#%if "%{stage1}" != "1"
#%files -n php-ming
#%defattr(-,root,root)
#%{_libdir}/php/extensions/ming.so
#%endif
%files -n ming-tcl
%defattr(-,root,root)
%{_libdir}/ming/tcl/mingc.a
%{_libdir}/ming/tcl/mingc.la
%{_libdir}/ming/tcl/mingc.so
#%files -n ming-tcl
#%defattr(-,root,root)
#%{_libdir}/ming/tcl/mingc.a
#%{_libdir}/ming/tcl/mingc.la
#%{_libdir}/ming/tcl/mingc.so
%changelog
* Fri May 07 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 0.4.9-1mamba
- update to 0.4.9
* Wed Dec 12 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 0.4.4-1mamba
- update to 0.4.4