Accepting request 741869 from Base:System

- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c - Let python-magic build with latest rpm - Let python-magic build with latest rpm - Correct version of file which is now 5.37 OBS-URL: https://build.opensuse.org/request/show/741869 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=114
2019-10-25 16:39:12 +00:00 · 2019-10-25 16:39:12 +00:00 · 9117906ad2
commit 9117906ad2
parent 7dd657ad52 c321155d1f
5 changed files with 64 additions and 5 deletions
--- a/CVE-2019-18218-46a8443f.patch
+++ b/CVE-2019-18218-46a8443f.patch
@ -0,0 +1,43 @@
+From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c |    7 +++----
+ src/cdf.h |    1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- src/cdf.c
+++ src/cdf.c	2019-10-22 13:05:01.410441092 +0000
+@@ -968,8 +968,9 @@ cdf_read_property_info(const cdf_stream_
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+				DPRINTF(("CDF_VECTOR with nelements == %"
+				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1011,8 +1012,6 @@ cdf_read_property_info(const cdf_stream_
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+--- src/cdf.h
+++ src/cdf.h	2019-10-22 13:05:01.422440872 +0000
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
+#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1
--- a/file.changes
+++ b/file.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Oct 22 13:24:26 UTC 2019 - Dr. Werner Fink <werner@suse.de>
+
+- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
+  to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
+
+-------------------------------------------------------------------
+Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>
+
+- Let python-magic build with latest rpm 
+
 -------------------------------------------------------------------
 Tue Jun 11 10:42:01 UTC 2019 - Dr. Werner Fink <werner@suse.de>

--- a/file.spec
+++ b/file.spec
@ -35,7 +35,7 @@ Release:        0
 Summary:        A Tool to Determine File Types
 License:        BSD-2-Clause
 Group:          Productivity/File utilities
-Source:         ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
+Source0:        ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 Source2:        baselibs.conf
 Source3:        file-rpmlintrc
 Source4:        ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz.asc
@ -65,6 +65,7 @@ Patch36:        file-5.15-clear-invalid.patch
 Patch37:        file-secure_getenv.patch
 Patch39:        file-5.28-btrfs-image.dif
 Patch42:        file-upstream.patch
+Patch43:        CVE-2019-18218-46a8443f.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _miscdir    %{_datadir}/misc
@ -134,6 +135,7 @@ to develop applications that require the magic "file" interface.
 %patch37 -p1 -b .getenv
 %patch39 -p1 -b .btrfs
 %patch42 -p0 -b .tmp
+%patch43 -p0 -b .CVE-2019-18218
 %patch -b .0
 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
 rm -fv src/magic.h
--- a/python-magic.changes
+++ b/python-magic.changes
@ -1,7 +1,12 @@
+-------------------------------------------------------------------
+Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>
+
+- Let python-magic build with latest rpm
+
 -------------------------------------------------------------------
 Wed May 29 06:08:37 UTC 2019 - Dr. Werner Fink <werner@suse.de>

- - Correct version of file which is now 5.37 
+- Correct version of file which is now 5.37 

 -------------------------------------------------------------------
 Thu Feb 21 07:18:57 UTC 2019 - Dr. Werner Fink <werner@suse.de>
--- a/python-magic.spec
+++ b/python-magic.spec
@ -18,7 +18,6 @@

 # PyPI package name is file-magic. Version is taken from setup.py
 %define file_magic_version 0.3.0
-
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}

 Name:           python-magic
@ -33,8 +32,8 @@ Release:        0
 Summary:        Python module to use libmagic
 License:        BSD-3-Clause AND BSD-4-Clause
 Group:          Development/Languages/Python
+%{expand:%(sed -n -e '/^Source0\?:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)}
 Source99:       file.spec
-%{expand:%(sed -n -e '/^Source:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)}
 Requires:       libmagic1
 Provides:       python-file-magic = %{file_magic_version}
 %global         _miscdir    %{_datadir}/misc
@ -49,7 +48,6 @@ interface.
 %{expand:%(sed -n -e '/^%%prep/,/^%%build/p' <%{_sourcedir}/file.spec | sed -e '1d' -e '$d')}
 ln -sf README.md python/README

-%build
 pushd python
 %python_build
 popd