From 46a931ab390052f822488c2ebfcfca416934e6d8d70967166399c5b6c83115ed Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Mon, 17 Mar 2014 13:31:09 +0000 Subject: [PATCH] . OBS-URL: https://build.opensuse.org/package/show/Base:System/file?expand=0&rev=91 --- ...ut-of-bounds-calculations-Jan-Kaluza.patch | 25 +++++++++++++++++++ file.spec | 3 +++ 2 files changed, 28 insertions(+) create mode 100644 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch diff --git a/0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch b/0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch new file mode 100644 index 0000000..a1c3724 --- /dev/null +++ b/0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch @@ -0,0 +1,25 @@ +From 70c65d2e1841491f59168db1f905e8b14083fb1c Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Tue, 4 Mar 2014 17:42:19 +0000 +Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza) + +--- + src/softmagic.c | 4 +- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/softmagic.c src/softmagic.c +index 170de95..5ed3998 100644 +--- src/softmagic.c ++++ src/softmagic.c +@@ -72,7 +72,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); + private void cvt_32(union VALUETYPE *, const struct magic *); + private void cvt_64(union VALUETYPE *, const struct magic *); + +-#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +-- +1.7.9.2 + diff --git a/file.spec b/file.spec index 34ab06f..be59d6e 100644 --- a/file.spec +++ b/file.spec @@ -61,6 +61,8 @@ Patch33: file-5.16-ocloexec.patch Patch34: file-5.12-endian.patch Patch35: file-5.12-nitpick.dif Patch36: file-5.15-clear-invalid.patch +# PATCH-FIX-USTREAM last patch for bnc#866750 - CVE-2014-2270: file: crash when parsing some PE executables +Patch37: 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir /etc %global _miscdir %{_datadir}/misc @@ -126,6 +128,7 @@ to develop applications that require the magic "file" interface. %patch34 -p0 -b .endian %patch35 -p0 -b .nitpick %patch36 -p1 -b .clear +%patch37 -p0 -b .CVE-2014-2270 %patch -b .0 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in