diff --git a/file-5.20-CVE-2014-3710.patch b/file-5.20-CVE-2014-3710.patch new file mode 100644 index 0000000..0fcf703 --- /dev/null +++ b/file-5.20-CVE-2014-3710.patch @@ -0,0 +1,28 @@ +From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Fri, 17 Oct 2014 15:49:00 +0000 +Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat + +--- + ChangeLog | 4 ++++ + src/readelf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 08f81f5..9ebdebd 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, + uint32_t namesz, descsz; + unsigned char *nbuf = CAST(unsigned char *, vbuf); + ++ if (xnh_sizeof + offset > size) { ++ /* ++ * We're out of note headers. ++ */ ++ return xnh_sizeof + offset; ++ } ++ + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); + offset += xnh_sizeof; + diff --git a/file-5.22-awk-perl.patch b/file-5.22-awk-perl.patch new file mode 100644 index 0000000..e3c6a85 --- /dev/null +++ b/file-5.22-awk-perl.patch @@ -0,0 +1,13 @@ +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 3d97489..b72c5d7 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -56,7 +56,7 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk or perl script text ++0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable diff --git a/file-5.22-zlib.patch b/file-5.22-zlib.patch new file mode 100644 index 0000000..3a77879 --- /dev/null +++ b/file-5.22-zlib.patch @@ -0,0 +1,16 @@ +diff --git a/magic/Magdir/compress b/magic/Magdir/compress +index beb8ebe..ae1c90f 100644 +--- a/magic/Magdir/compress ++++ b/magic/Magdir/compress +@@ -257,7 +257,7 @@ + !:mime application/x-qpress + + # Zlib https://www.ietf.org/rfc/rfc6713.txt +-0 beshort%31 =0 +->0 byte&0xf =8 +->>0 byte&0x80 =0 zlib compressed data +-!:mime application/zlib ++#0 beshort%31 =0 ++#>0 byte&0xf =8 ++#>>0 byte&0x80 =0 zlib compressed data ++#!:mime application/zlib diff --git a/file.spec b/file.spec index b28399a..5ac8daf 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.22 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -19,6 +19,8 @@ Patch6: file-5.04-generic-msdos.patch Patch7: file-5.14-x86boot.patch Patch8: file-5.14-perl.patch Patch14: file-5.19-cafebabe.patch +Patch15: file-5.22-awk-perl.patch +Patch16: file-5.22-zlib.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -88,6 +90,8 @@ file(1) command. %patch7 -p1 %patch8 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems with compiling magic file! @@ -196,14 +200,14 @@ cd %{py3dir} %endif %changelog +* Mon Feb 16 2015 Jan Kaluza - 5.22-2 +- remove weak zlib pattern + * Wed Feb 04 2015 Jan Kaluza - 5.22-1 - update to new version 5.22 -* Thu Oct 23 2014 Jan Kaluza - 5.20-2 -- fix CVE-2014-3710 (#1155464) - -* Thu Oct 16 2014 Jan Kaluza - 5.20-1 -- update to new version 5.20 +* Thu Oct 23 2014 Jan Kaluza - 5.19-7 +- fix #1155464 - fix for CVE-2014-3710 * Wed Sep 03 2014 Jan Kaluza - 5.19-6 - fix #1134580 - detect Mach-O universal binary