From 9585be7a95b741bffd89b69c5aae61269995b67b Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Sat, 12 Jul 2014 10:47:39 -0400 Subject: [PATCH 1/4] fix license handling --- file.spec | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/file.spec b/file.spec index b03f26f..6421814 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -149,13 +149,17 @@ cd %{py3dir} %postun libs -p /sbin/ldconfig %files -%doc COPYING ChangeLog README +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc ChangeLog README %{_bindir}/* %{_mandir}/man1/* %config(noreplace) %{_sysconfdir}/magic %files libs -%doc COPYING ChangeLog README +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc ChangeLog README %{_libdir}/*so.* %{_datadir}/magic* %{_mandir}/man5/* @@ -168,7 +172,9 @@ cd %{py3dir} %{_mandir}/man3/* %files -n python-magic -%doc python/README COPYING python/example.py +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc python/README python/example.py %{python_sitelib}/magic.py %{python_sitelib}/magic.pyc %{python_sitelib}/magic.pyo @@ -178,7 +184,9 @@ cd %{py3dir} %if %{with_python3} %files -n python3-magic -%doc python/README COPYING python/example.py +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc python/README python/example.py %{python3_sitelib}/magic.py %{python3_sitelib}/*egg-info %{python3_sitelib}/__pycache__/magic*.pyc @@ -186,6 +194,9 @@ cd %{py3dir} %endif %changelog +* Sat Jul 12 2014 Tom Callaway - 5.19-2 +- fix license handling + * Wed Jun 25 2014 Jan Kaluza - 5.19-1 - fix #1011789 - update to version 5.19 From 30a7e5d94294cafff4a1721591b4828e8765e0bb Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sat, 16 Aug 2014 12:22:42 +0000 Subject: [PATCH 2/4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- file.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/file.spec b/file.spec index 6421814..4add616 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -194,6 +194,9 @@ cd %{py3dir} %endif %changelog +* Sat Aug 16 2014 Fedora Release Engineering - 5.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jul 12 2014 Tom Callaway - 5.19-2 - fix license handling From 154836641d9c35f7976f79da7a8e8de032c53006 Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Fri, 22 Aug 2014 07:54:17 +0200 Subject: [PATCH 3/4] fix #1132787 - CVE-2014-3587 --- file.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/file.spec b/file.spec index b03f26f..8d72650 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.19 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -18,6 +18,7 @@ Patch5: file-5.04-man-return-code.patch Patch6: file-5.04-generic-msdos.patch Patch7: file-5.14-x86boot.patch Patch8: file-5.14-perl.patch +Patch9: file-5.19-CVE-2014-3587.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -86,6 +87,7 @@ file(1) command. %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems with compiling magic file! @@ -186,6 +188,9 @@ cd %{py3dir} %endif %changelog +* Fri Aug 22 2014 Jan Kaluza - 5.19-2 +- fix #1132787 - CVE-2014-3587 + * Wed Jun 25 2014 Jan Kaluza - 5.19-1 - fix #1011789 - update to version 5.19 From 48e789c9951d9c85f1200aaeb61a30fbf8b8b45f Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Fri, 22 Aug 2014 08:04:10 +0200 Subject: [PATCH 4/4] add missing patch --- file-5.19-CVE-2014-3587.patch | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 file-5.19-CVE-2014-3587.patch diff --git a/file-5.19-CVE-2014-3587.patch b/file-5.19-CVE-2014-3587.patch new file mode 100644 index 0000000..961c13d --- /dev/null +++ b/file-5.19-CVE-2014-3587.patch @@ -0,0 +1,36 @@ +From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Thu, 7 Aug 2014 09:38:35 +0000 +Subject: [PATCH] Prevent wrap around (Remi Collet at redhat) + +--- + src/cdf.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/cdf.c b/src/cdf.c +index 5dbf3b1..3e691f4 100644 +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.63 2014/06/09 13:04:37 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.64 2014/07/24 19:35:39 christos Exp $") + #endif + + #include +@@ -835,6 +835,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); ++ if (q < p) { ++ DPRINTF(("Wrapped around %p < %p\n", q, p)); ++ goto out; ++ } + if (q > e) { + DPRINTF(("Ran of the end %p > %p\n", q, e)); + goto out; +-- +2.0.4 +