Accepting request 226461 from Base:System
- Add patch 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch to finally fix bnc#866750 - adapt version in specfile to 5.17 OBS-URL: https://build.opensuse.org/request/show/226461 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=79
This commit is contained in:
Stephan Kulow
Git OBS Bridge
commit
1bd77160d0
@ -0,0 +1,25 @@
|
||||
From 70c65d2e1841491f59168db1f905e8b14083fb1c Mon Sep 17 00:00:00 2001
|
||||
From: Christos Zoulas <christos@zoulas.com>
|
||||
Date: Tue, 4 Mar 2014 17:42:19 +0000
|
||||
Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza)
|
||||
|
||||
---
|
||||
src/softmagic.c | 4 +-
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git src/softmagic.c src/softmagic.c
|
||||
index 170de95..5ed3998 100644
|
||||
--- src/softmagic.c
|
||||
+++ src/softmagic.c
|
||||
@@ -72,7 +72,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
|
||||
private void cvt_32(union VALUETYPE *, const struct magic *);
|
||||
private void cvt_64(union VALUETYPE *, const struct magic *);
|
||||
|
||||
-#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o)))
|
||||
+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o)))
|
||||
/*
|
||||
* softmagic - lookup one file in parsed, in-memory copy of database
|
||||
* Passed the name and FILE * of one file to be typed.
|
||||
--
|
||||
1.7.9.2
|
||||
|
||||
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 17 14:04:24 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add patch
|
||||
0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
|
||||
to finally fix bnc#866750
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 18 10:21:11 UTC 2014 - werner@suse.de
|
||||
|
||||
|
||||
@ -61,6 +61,8 @@ Patch33: file-5.16-ocloexec.patch
|
||||
Patch34: file-5.12-endian.patch
|
||||
Patch35: file-5.12-nitpick.dif
|
||||
Patch36: file-5.15-clear-invalid.patch
|
||||
# PATCH-FIX-USTREAM last patch for bnc#866750 - CVE-2014-2270: file: crash when parsing some PE executables
|
||||
Patch37: 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%global _sysconfdir /etc
|
||||
%global _miscdir %{_datadir}/misc
|
||||
@ -126,6 +128,7 @@ to develop applications that require the magic "file" interface.
|
||||
%patch34 -p0 -b .endian
|
||||
%patch35 -p0 -b .nitpick
|
||||
%patch36 -p1 -b .clear
|
||||
%patch37 -p0 -b .CVE-2014-2270
|
||||
%patch -b .0
|
||||
test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
|
||||
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 28 11:17:12 CET 2014 - ro@suse.de
|
||||
|
||||
- adapt version in specfile to 5.17
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Feb 23 20:34:25 UTC 2014 - andreas.stieger@gmx.de
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user