rpms/file
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'f22'

Browse Source
This commit is contained in:
Peter Robinson 2015-02-22 16:25:09 +00:00
commit 200669a64f
4 changed files with 67 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
file-5.20-CVE-2014-3710.patch Normal file
View File

@ -0,0 +1,28 @@
From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Fri, 17 Oct 2014 15:49:00 +0000
Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat
---
ChangeLog | 4 ++++
src/readelf.c | 9 ++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/readelf.c b/src/readelf.c
index 08f81f5..9ebdebd 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ if (xnh_sizeof + offset > size) {
+ /*
+ * We're out of note headers.
+ */
+ return xnh_sizeof + offset;
+ }
+
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;

13
file-5.22-awk-perl.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/magic/Magdir/commands b/magic/Magdir/commands
index 3d97489..b72c5d7 100644
--- a/magic/Magdir/commands
+++ b/magic/Magdir/commands
@@ -56,7 +56,7 @@
!:mime text/x-awk
0 string/wt #!\ /usr/bin/awk awk script text executable
!:mime text/x-awk
-0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk or perl script text
+0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text
# AT&T Bell Labs' Plan 9 shell
0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable

16
file-5.22-zlib.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/magic/Magdir/compress b/magic/Magdir/compress
index beb8ebe..ae1c90f 100644
--- a/magic/Magdir/compress
+++ b/magic/Magdir/compress
@@ -257,7 +257,7 @@
!:mime application/x-qpress
# Zlib https://www.ietf.org/rfc/rfc6713.txt
-0 beshort%31 =0
->0 byte&0xf =8
->>0 byte&0x80 =0 zlib compressed data
-!:mime application/zlib
+#0 beshort%31 =0
+#>0 byte&0xf =8
+#>>0 byte&0x80 =0 zlib compressed data
+#!:mime application/zlib

16
file.spec
View File

@ -4,7 +4,7 @@
Summary: A utility for determining file types
Name: file
Version: 5.22
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD
Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@ -19,6 +19,8 @@ Patch6: file-5.04-generic-msdos.patch
Patch7: file-5.14-x86boot.patch
Patch8: file-5.14-perl.patch
Patch14: file-5.19-cafebabe.patch
Patch15: file-5.22-awk-perl.patch
Patch16: file-5.22-zlib.patch
URL: http://www.darwinsys.com/file/
Requires: file-libs = %{version}-%{release}
BuildRequires: zlib-devel
@ -88,6 +90,8 @@ file(1) command.
%patch7 -p1
%patch8 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
# Patches can generate *.orig files, which can't stay in the magic dir,
# otherwise there will be problems with compiling magic file!
@ -196,14 +200,14 @@ cd %{py3dir}
%endif
%changelog
* Mon Feb 16 2015 Jan Kaluza <jkaluza@redhat.com> - 5.22-2
- remove weak zlib pattern
* Wed Feb 04 2015 Jan Kaluza <jkaluza@redhat.com> - 5.22-1
- update to new version 5.22
* Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.20-2
- fix CVE-2014-3710 (#1155464)
* Thu Oct 16 2014 Jan Kaluza <jkaluza@redhat.com> - 5.20-1
- update to new version 5.20
* Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.19-7
- fix #1155464 - fix for CVE-2014-3710
* Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 5.19-6
- fix #1134580 - detect Mach-O universal binary