From 0467cc7d90cabeab08b2f28e67b814e18d1fb620 Mon Sep 17 00:00:00 2001 From: Martin Bacovsky Date: Tue, 29 May 2007 10:46:38 +0000 Subject: [PATCH] - upgrade to new upstream 4.21 - resolves: #241034: CVE-2007-2799 file integer overflow --- .cvsignore | 2 +- file-4.20-REG_STARTEND.patch | 32 --------- ...-4.19-magic.patch => file-4.21-magic.patch | 71 +++++++++++-------- ....19-oracle.patch => file-4.21-oracle.patch | 16 ++--- file.spec | 15 ++-- sources | 2 +- 6 files changed, 58 insertions(+), 80 deletions(-) delete mode 100644 file-4.20-REG_STARTEND.patch rename file-4.19-magic.patch => file-4.21-magic.patch (71%) rename file-4.19-oracle.patch => file-4.21-oracle.patch (58%) diff --git a/.cvsignore b/.cvsignore index 79d4157..ab30e3b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -file-4.20.tar.gz +file-4.21.tar.gz diff --git a/file-4.20-REG_STARTEND.patch b/file-4.20-REG_STARTEND.patch deleted file mode 100644 index e0b0052..0000000 --- a/file-4.20-REG_STARTEND.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- file-4.20/src/softmagic.c 18 Jan 2007 05:29:33 -0000 1.91 -+++ file-4.20/src/softmagic.c 3 Mar 2007 19:09:25 -0000 1.95 -@@ -38,7 +38,7 @@ - - - #ifndef lint --FILE_RCSID("@(#)$File: softmagic.c,v 1.91 2007/01/18 05:29:33 ljt Exp $") -+FILE_RCSID("@(#)$File: softmagic.c,v 1.95 2007/03/03 19:09:25 christos Exp $") - #endif /* lint */ - - private int match(struct magic_set *, struct magic *, uint32_t, -@@ -1523,10 +1523,20 @@ - } - else { - regmatch_t pmatch[1]; -+#ifndef REG_STARTEND -+#define REG_STARTEND 0 -+ size_t l = ms->search.s_len - 1; -+ char c = ms->search.s[l]; -+ ((char *)(intptr_t)ms->search.s)[l] = '\0'; -+#else - pmatch[0].rm_so = 0; - pmatch[0].rm_eo = ms->search.s_len; -+#endif - rc = regexec(&rx, (const char *)ms->search.s, - 1, pmatch, REG_STARTEND); -+#if REG_STARTEND == 0 -+ ((char *)(intptr_t)ms->search.s)[l] = c; -+#endif - switch (rc) { - case 0: - ms->search.s += (int)pmatch[0].rm_so; diff --git a/file-4.19-magic.patch b/file-4.21-magic.patch similarity index 71% rename from file-4.19-magic.patch rename to file-4.21-magic.patch index 66aa13f..8067f99 100644 --- a/file-4.19-magic.patch +++ b/file-4.21-magic.patch @@ -1,32 +1,19 @@ ---- file-4.19/magic/Magdir/revision.magic 2007-01-09 17:49:30.000000000 +0100 -+++ file-4.19/magic/Magdir/revision 2007-01-09 17:59:01.000000000 +0100 -@@ -3,3 +3,9 @@ - # file(1) magic for revision control files +--- file-4.21/magic/Magdir/revision.magic 2007-04-09 18:33:07.000000000 +0200 ++++ file-4.21/magic/Magdir/revision 2007-05-28 21:41:15.000000000 +0200 +@@ -4,6 +4,11 @@ # From Hendrik Scholz - 0 string /1\ :pserver: cvs password text file -+ -+ + 0 string /1\ :pserver: cvs password text file + +# Subversion (SVN) dumps +# Uwe Zeisberger +0 string SVN-fs-dump-format-version: Subversion dumpfile +>28 string >\0 (version: %s) ---- file-4.19/magic/Magdir/images.magic 2007-01-09 17:49:12.000000000 +0100 -+++ file-4.19/magic/Magdir/images 2007-01-09 17:57:07.000000000 +0100 -@@ -524,6 +524,12 @@ - 0 belong 0x0e031301 Hierarchical Data Format (version 4) data - 0 string \211HDF\r\n\032 Hierarchical Data Format (version 5) data - -+# The boot loaders syslinux and isolinux use a RLE based image format -+# called SLL16 to store splash screens. -+0 lelong 0x1413f33d Syslinux SLL16 image data, -+>4 leshort >0 %hd x -+>6 leshort >0 %hd + - # From: Tobias Burnus - # Xara (for a while: Corel Xara) is a graphic package, see - # http://www.xara.com/ for Windows and as GPL application for ---- file-4.19/magic/Magdir/apple.magic 2007-01-09 17:48:49.000000000 +0100 -+++ file-4.19/magic/Magdir/apple 2007-01-09 17:54:25.000000000 +0100 + # Conary changesets + # From: Jonathan Smith + 0 belong 0xea3f81bb Conary changeset data +--- file-4.21/magic/Magdir/apple.magic 2006-03-02 23:10:26.000000000 +0100 ++++ file-4.21/magic/Magdir/apple 2007-05-28 21:33:01.000000000 +0200 @@ -10,6 +10,23 @@ 0 belong 0x00051600 AppleSingle encoded Macintosh file 0 belong 0x00051607 AppleDouble encoded Macintosh file @@ -51,9 +38,33 @@ # magic for Newton PDA package formats # from Ruda Moura 0 string package0 Newton package, NOS 1.x, ---- file-4.19/magic/magic.mime.magic 2007-01-09 17:49:55.000000000 +0100 -+++ file-4.19/magic/magic.mime 2007-01-09 18:08:43.000000000 +0100 -@@ -397,16 +397,14 @@ +--- file-4.21/magic/Magdir/images.magic 2007-05-03 17:11:33.000000000 +0200 ++++ file-4.21/magic/Magdir/images 2007-05-28 21:33:01.000000000 +0200 +@@ -525,6 +525,12 @@ + 0 belong 0x0e031301 Hierarchical Data Format (version 4) data + 0 string \211HDF\r\n\032 Hierarchical Data Format (version 5) data + ++# The boot loaders syslinux and isolinux use a RLE based image format ++# called SLL16 to store splash screens. ++0 lelong 0x1413f33d Syslinux SLL16 image data, ++>4 leshort >0 %hd x ++>6 leshort >0 %hd ++ + # From: Tobias Burnus + # Xara (for a while: Corel Xara) is a graphic package, see + # http://www.xara.com/ for Windows and as GPL application for +--- file-4.21/magic/magic.mime.magic 2007-04-03 23:11:32.000000000 +0200 ++++ file-4.21/magic/magic.mime 2007-05-28 21:47:26.000000000 +0200 +@@ -196,7 +196,7 @@ + # modified by Joerg Jenderek + # GRR the original test are too common for many DOS files + # so test 1 <= kbits nibble <= E +-0 beshort &0xffe0 ++0 beshort&0xfffe =0xfffa audio/mpeg + >2 ubyte&0xF0 >0x0F + >>2 ubyte&0xF0 <0xE1 audio/mpeg + #MP3 with ID3 tag +@@ -402,16 +402,14 @@ # # from Daniel Quinlan # @@ -77,7 +88,7 @@ #------------------------------------------------------------------------------ # images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -@@ -469,7 +467,7 @@ +@@ -474,7 +472,7 @@ 0 beshort 0xffd8 image/jpeg # PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) @@ -86,7 +97,7 @@ #>14 byte 12 (OS/2 1.x format) #>14 byte 64 (OS/2 2.x format) #>14 byte 40 (Windows 3.x format) -@@ -924,6 +922,12 @@ +@@ -939,6 +937,12 @@ 0 string fLaC audio/x-flac 0 string CWS application/x-shockwave-flash @@ -99,8 +110,8 @@ # Hangul Document Files: # Reversed-engineered HWP magic numbers # From: Won-Kyu Park ---- file-4.19/src/fsmagic.c.magic 2007-01-09 17:47:35.000000000 +0100 -+++ file-4.19/src/fsmagic.c 2007-01-09 17:51:23.000000000 +0100 +--- file-4.21/src/fsmagic.c.magic 2007-01-12 18:40:53.000000000 +0100 ++++ file-4.21/src/fsmagic.c 2007-05-28 21:33:01.000000000 +0200 @@ -92,7 +92,8 @@ if (file_printf(ms, "cannot open `%s' (%s)", fn, strerror(errno)) == -1) diff --git a/file-4.19-oracle.patch b/file-4.21-oracle.patch similarity index 58% rename from file-4.19-oracle.patch rename to file-4.21-oracle.patch index 661a5bb..7646a07 100644 --- a/file-4.19-oracle.patch +++ b/file-4.21-oracle.patch @@ -1,8 +1,8 @@ ---- file-4.19/magic/Magdir/filesystems.oracle 2007-01-09 18:14:04.000000000 +0100 -+++ file-4.19/magic/Magdir/filesystems 2007-01-09 18:15:15.000000000 +0100 -@@ -979,6 +979,19 @@ - >>>>>>>>&0 bedate =0 full dump - >>>>>>>>&0 bedate !0 incremental since: %s +--- file-4.21/magic/Magdir/filesystems.oracle 2007-05-16 02:02:54.000000000 +0200 ++++ file-4.21/magic/Magdir/filesystems 2007-05-28 21:55:58.000000000 +0200 +@@ -1197,6 +1197,19 @@ + >>>2 short 2048 AXP generated) + >>>2 short 4096 I64 generated) +# Oracle Clustered Filesystem - Aaron Botsis +8 string OracleCFS Oracle Clustered Filesystem, @@ -17,6 +17,6 @@ +32 string ORCLCLRD Oracle ASM Volume (cleared), +>40 string x Disk Name: %0.12s + - # VMS backup savesets - gerardo.cacciari@gmail.com - # had to comment out GEM Image and G3 raw data entries due to conflict - #0 byte x + # Compaq/HP RILOE floppy image + # From: Dirk Jagdmann + 0 string CPQRFBLO Compaq/HP RILOE floppy image diff --git a/file.spec b/file.spec index c938324..3b32d97 100644 --- a/file.spec +++ b/file.spec @@ -2,7 +2,7 @@ Summary: A utility for determining file types Name: file -Version: 4.20 +Version: 4.21 Release: 1%{?dist} License: Distributable Group: Applications/File @@ -10,19 +10,17 @@ Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz URL: http://www.darwinsys.com/file/ Patch1: file-4.19-debian.patch Patch2: file-selinux.patch -Patch3: file-4.19-magic.patch +Patch3: file-4.21-magic.patch Patch5: file-4.13-fsdump.patch Patch6: file-4.13-quick.patch Patch8: file-4.15-berkeley.patch Patch12: file-4.16-xen.patch -Patch16: file-4.19-oracle.patch +Patch16: file-4.21-oracle.patch Patch17: file-4.17-clamav.patch Patch18: file-4.17-powerpoint.patch Patch20: file-4.17-bash.patch Patch21: file-4.19-ELF.patch Patch22: file-4.19-ooffice.patch -Patch23: file-4.20-REG_STARTEND.patch -Patch24: file-4.20-unused.patch Requires: file-libs = %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -66,12 +64,9 @@ necessary for developing programs using libmagic. %patch16 -p1 -b .oracle %patch17 -p1 -b .clamav %patch18 -p1 -b .powerpoint -#%patch19 -p1 -b .empty %patch20 -p1 -b .bash %patch21 -p1 -b .ELF %patch22 -p1 -b .ooffice -%patch23 -p1 -b .REG_STARTEND -%patch24 -p1 -b .unused iconv -f iso-8859-1 -t utf-8 < doc/libmagic.man > doc/libmagic.man_ mv doc/libmagic.man_ doc/libmagic.man @@ -129,6 +124,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue May 29 2007 Martin Bacovsky - 4.21-1 +- upgrade to new upstream 4.21 +- resolves: #241034: CVE-2007-2799 file integer overflow + * Wed Mar 7 2007 Martin Bacovsky - 4.20-1 - upgrade to new upstream 4.20 diff --git a/sources b/sources index 6e25834..21d3821 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -402bdb26356791bd5d277099adacc006 file-4.20.tar.gz +9e3503116f4269a1be70220ee2234b0e file-4.21.tar.gz