Merge branch 'f20'

Conflicts: file.spec
2014-05-03 18:32:09 -05:00 · 2014-05-03 18:32:09 -05:00 · d791e303cc
commit d791e303cc
parent e4bdcd70c9 0ab13b223a
4 changed files with 40 additions and 11 deletions
--- a/file-5.14-CVE-2013-7345.patch
+++ b/file-5.14-CVE-2013-7345.patch
@ -0,0 +1,27 @@
+From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 25 Mar 2013 14:06:55 +0000
+Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking
+ Carsten Wolff
+
+---
+ magic/Magdir/commands | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index 67c3eee..4a7d8dd 100644
+--- a/magic/Magdir/commands
+++ b/magic/Magdir/commands
+@@ -49,7 +49,8 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0	regex		=^\\s*BEGIN\\s*[{]	awk script text
+0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+!:strength - 12
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
+-- 
+1.8.5.5
+
--- a/file-5.14-CVE-2014-1943.patch
+++ b/file-5.14-CVE-2014-1943.patch
@ -45,7 +45,7 @@ index 108d419..d543f87 100644
 #include <stdlib.h>
 #include <time.h>
 
-+#define OFFSET_OOB(n, o, i)  ((n) < (o) || (i) >= ((n) - (o)))
+#define OFFSET_OOB(n, o, i)  ((n) < (o) || (i) > ((n) - (o)))
 
 private int match(struct magic_set *, struct magic *, uint32_t,
     const unsigned char *, size_t, size_t, int, int, int, int, int *, int *,
--- a/file-5.14-CVE-2014-2270.patch
+++ b/file-5.14-CVE-2014-2270.patch
@ -2,14 +2,6 @@ diff --git a/src/softmagic.c b/src/softmagic.c
 index d543f87..e84205d 100644
 --- a/src/softmagic.c
 +++ b/src/softmagic.c
-@@ -63,6 +63,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
- private void cvt_32(union VALUETYPE *, const struct magic *);
- private void cvt_64(union VALUETYPE *, const struct magic *);
- 
-+#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
- /*
-  * softmagic - lookup one file in parsed, in-memory copy of database
-  * Passed the name and FILE * of one file to be typed.
@@ -1196,7 +1197,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
 		}
 		switch (cvt_flip(m->in_type, flip)) {
--- a/file.spec
+++ b/file.spec
@ -4,7 +4,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.14
-Release: 18%{?dist}
+Release: 20%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@ -26,6 +26,7 @@ Patch12: file-5.14-journald.patch
 Patch13: file-5.14-magic_load.patch
 Patch14: file-5.14-CVE-2014-1943.patch
 Patch15: file-5.14-CVE-2014-2270.patch
+Patch16: file-5.14-CVE-2013-7345.patch
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@ -102,6 +103,7 @@ file(1) command.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1

 # Patches can generate *.orig files, which can't stay in the magic dir,
 # otherwise there will be problems with compiling magic file!
@ -202,7 +204,15 @@ cd %{py3dir}
 %endif

 %changelog
-* Tue Mar 25 2014 Jan Kaluza <jkaluza@redhat.com> - 5.14-18
+* Tue Mar 25 2014 Jan Kaluza <jkaluza@redhat.com> - 5.14-20
+- fix #1079847 - fix potential regression in Perl detection caused
+  by original patch for CVE-2013-7345
+
+* Mon Mar 24 2014 Jan Kaluza <jkaluza@redhat.com> - 5.14-19
+- fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
+
+* Mon Mar 24 2014 Jan Kaluza <jkaluza@redhat.com> - 5.14-18
+- fix #1079847 - fix for CVE-2013-7345
 - fix #1080450 - remove *.orig files before compiling magic/Magdir

 * Fri Mar 07 2014 Jan Kaluza <jkaluza@redhat.com> - 5.14-17