From f5e3aac20ae01c237ef9a8b1ccace338c3c6caf8 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Sat, 12 Jul 2014 10:47:57 -0400 Subject: [PATCH 1/5] fix license handling --- file.spec | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/file.spec b/file.spec index b03f26f..6421814 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -149,13 +149,17 @@ cd %{py3dir} %postun libs -p /sbin/ldconfig %files -%doc COPYING ChangeLog README +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc ChangeLog README %{_bindir}/* %{_mandir}/man1/* %config(noreplace) %{_sysconfdir}/magic %files libs -%doc COPYING ChangeLog README +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc ChangeLog README %{_libdir}/*so.* %{_datadir}/magic* %{_mandir}/man5/* @@ -168,7 +172,9 @@ cd %{py3dir} %{_mandir}/man3/* %files -n python-magic -%doc python/README COPYING python/example.py +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc python/README python/example.py %{python_sitelib}/magic.py %{python_sitelib}/magic.pyc %{python_sitelib}/magic.pyo @@ -178,7 +184,9 @@ cd %{py3dir} %if %{with_python3} %files -n python3-magic -%doc python/README COPYING python/example.py +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc python/README python/example.py %{python3_sitelib}/magic.py %{python3_sitelib}/*egg-info %{python3_sitelib}/__pycache__/magic*.pyc @@ -186,6 +194,9 @@ cd %{py3dir} %endif %changelog +* Sat Jul 12 2014 Tom Callaway - 5.19-2 +- fix license handling + * Wed Jun 25 2014 Jan Kaluza - 5.19-1 - fix #1011789 - update to version 5.19 From 6e7b7e9f814aa8baf193b6c11741464c43cf921e Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sat, 16 Aug 2014 12:22:55 +0000 Subject: [PATCH 2/5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- file.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/file.spec b/file.spec index 6421814..4add616 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -194,6 +194,9 @@ cd %{py3dir} %endif %changelog +* Sat Aug 16 2014 Fedora Release Engineering - 5.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jul 12 2014 Tom Callaway - 5.19-2 - fix license handling From d88099c933f9ee9ebeade2a26aca207ad55359eb Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Thu, 23 Oct 2014 09:20:08 +0200 Subject: [PATCH 3/5] fix #1155464 - fix for CVE-2014-3710 --- file-5.20-CVE-2014-3710.patch | 28 ++++++++++++++++++++++++++++ file.spec | 7 ++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 file-5.20-CVE-2014-3710.patch diff --git a/file-5.20-CVE-2014-3710.patch b/file-5.20-CVE-2014-3710.patch new file mode 100644 index 0000000..0fcf703 --- /dev/null +++ b/file-5.20-CVE-2014-3710.patch @@ -0,0 +1,28 @@ +From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Fri, 17 Oct 2014 15:49:00 +0000 +Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat + +--- + ChangeLog | 4 ++++ + src/readelf.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 08f81f5..9ebdebd 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, + uint32_t namesz, descsz; + unsigned char *nbuf = CAST(unsigned char *, vbuf); + ++ if (xnh_sizeof + offset > size) { ++ /* ++ * We're out of note headers. ++ */ ++ return xnh_sizeof + offset; ++ } ++ + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); + offset += xnh_sizeof; + diff --git a/file.spec b/file.spec index f9765da..dadcdbf 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 6%{?dist} +Release: 7%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -24,6 +24,7 @@ Patch11: file-5.19-locale-archive.patch Patch12: file-5.19-msooxml.patch Patch13: file-5.19-python-3.4.patch Patch14: file-5.19-cafebabe.patch +Patch15: file-5.20-CVE-2014-3710.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -98,6 +99,7 @@ file(1) command. %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems with compiling magic file! @@ -206,6 +208,9 @@ cd %{py3dir} %endif %changelog +* Thu Oct 23 2014 Jan Kaluza - 5.19-7 +- fix #1155464 - fix for CVE-2014-3710 + * Wed Sep 03 2014 Jan Kaluza - 5.19-6 - fix #1134580 - detect Mach-O universal binary From 9ed0a80433d0c0c9f59d74110cb2d2adf0cca952 Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Tue, 10 Feb 2015 07:45:17 +0100 Subject: [PATCH 4/5] add missing patch --- file-5.22-awk-perl.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 file-5.22-awk-perl.patch diff --git a/file-5.22-awk-perl.patch b/file-5.22-awk-perl.patch new file mode 100644 index 0000000..e3c6a85 --- /dev/null +++ b/file-5.22-awk-perl.patch @@ -0,0 +1,13 @@ +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 3d97489..b72c5d7 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -56,7 +56,7 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk or perl script text ++0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable From 45919261a1e9bf8350c51636a3a1af38cf473fb1 Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Mon, 16 Feb 2015 09:12:54 +0100 Subject: [PATCH 5/5] remove weak zlib pattern --- file-5.22-zlib.patch | 16 ++++++++++++++++ file.spec | 7 ++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 file-5.22-zlib.patch diff --git a/file-5.22-zlib.patch b/file-5.22-zlib.patch new file mode 100644 index 0000000..3a77879 --- /dev/null +++ b/file-5.22-zlib.patch @@ -0,0 +1,16 @@ +diff --git a/magic/Magdir/compress b/magic/Magdir/compress +index beb8ebe..ae1c90f 100644 +--- a/magic/Magdir/compress ++++ b/magic/Magdir/compress +@@ -257,7 +257,7 @@ + !:mime application/x-qpress + + # Zlib https://www.ietf.org/rfc/rfc6713.txt +-0 beshort%31 =0 +->0 byte&0xf =8 +->>0 byte&0x80 =0 zlib compressed data +-!:mime application/zlib ++#0 beshort%31 =0 ++#>0 byte&0xf =8 ++#>>0 byte&0x80 =0 zlib compressed data ++#!:mime application/zlib diff --git a/file.spec b/file.spec index 27441b5..5ac8daf 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.22 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -20,6 +20,7 @@ Patch7: file-5.14-x86boot.patch Patch8: file-5.14-perl.patch Patch14: file-5.19-cafebabe.patch Patch15: file-5.22-awk-perl.patch +Patch16: file-5.22-zlib.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -90,6 +91,7 @@ file(1) command. %patch8 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems with compiling magic file! @@ -198,6 +200,9 @@ cd %{py3dir} %endif %changelog +* Mon Feb 16 2015 Jan Kaluza - 5.22-2 +- remove weak zlib pattern + * Wed Feb 04 2015 Jan Kaluza - 5.22-1 - update to new version 5.22