diff --git a/file-5.14-CVE-2013-7345.patch b/file-5.14-CVE-2013-7345.patch new file mode 100644 index 0000000..0bb1287 --- /dev/null +++ b/file-5.14-CVE-2013-7345.patch @@ -0,0 +1,27 @@ +From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 25 Mar 2013 14:06:55 +0000 +Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking + Carsten Wolff + +--- + magic/Magdir/commands | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 67c3eee..4a7d8dd 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -49,7 +49,8 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex =^\\s*BEGIN\\s*[{] awk script text ++0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text ++!:strength - 12 + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable +-- +1.8.5.5 + diff --git a/file-5.14-CVE-2014-1943.patch b/file-5.14-CVE-2014-1943.patch index 5885118..7dcf22a 100644 --- a/file-5.14-CVE-2014-1943.patch +++ b/file-5.14-CVE-2014-1943.patch @@ -45,7 +45,7 @@ index 108d419..d543f87 100644 #include #include -+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) private int match(struct magic_set *, struct magic *, uint32_t, const unsigned char *, size_t, size_t, int, int, int, int, int *, int *, diff --git a/file-5.14-CVE-2014-2270.patch b/file-5.14-CVE-2014-2270.patch index 69505eb..858390d 100644 --- a/file-5.14-CVE-2014-2270.patch +++ b/file-5.14-CVE-2014-2270.patch @@ -2,14 +2,6 @@ diff --git a/src/softmagic.c b/src/softmagic.c index d543f87..e84205d 100644 --- a/src/softmagic.c +++ b/src/softmagic.c -@@ -63,6 +63,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); - private void cvt_32(union VALUETYPE *, const struct magic *); - private void cvt_64(union VALUETYPE *, const struct magic *); - -+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) - /* - * softmagic - lookup one file in parsed, in-memory copy of database - * Passed the name and FILE * of one file to be typed. @@ -1196,7 +1197,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, } switch (cvt_flip(m->in_type, flip)) { diff --git a/file.spec b/file.spec index ccfbfe8..c3ca1f0 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.14 -Release: 18%{?dist} +Release: 20%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -26,6 +26,7 @@ Patch12: file-5.14-journald.patch Patch13: file-5.14-magic_load.patch Patch14: file-5.14-CVE-2014-1943.patch Patch15: file-5.14-CVE-2014-2270.patch +Patch16: file-5.14-CVE-2013-7345.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -102,6 +103,7 @@ file(1) command. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems with compiling magic file! @@ -202,7 +204,15 @@ cd %{py3dir} %endif %changelog -* Tue Mar 25 2014 Jan Kaluza - 5.14-18 +* Tue Mar 25 2014 Jan Kaluza - 5.14-20 +- fix #1079847 - fix potential regression in Perl detection caused + by original patch for CVE-2013-7345 + +* Mon Mar 24 2014 Jan Kaluza - 5.14-19 +- fix redefinition of OFFSET_OOB in CVE-2014-2270 patch + +* Mon Mar 24 2014 Jan Kaluza - 5.14-18 +- fix #1079847 - fix for CVE-2013-7345 - fix #1080450 - remove *.orig files before compiling magic/Magdir * Fri Mar 07 2014 Jan Kaluza - 5.14-17