.

OBS-URL: https://build.opensuse.org/package/show/Base:System/file?expand=0&rev=91

0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch

@@ -0,0 +1,25 @@
+From 70c65d2e1841491f59168db1f905e8b14083fb1c Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Tue, 4 Mar 2014 17:42:19 +0000
+Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza)
+
+---
+ src/softmagic.c |    4 +-
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git src/softmagic.c src/softmagic.c
+index 170de95..5ed3998 100644
+--- src/softmagic.c
++++ src/softmagic.c
+@@ -72,7 +72,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
+ private void cvt_32(union VALUETYPE *, const struct magic *);
+ private void cvt_64(union VALUETYPE *, const struct magic *);
+ 
+-#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >= ((n) - (o)))
++#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
+ /*
+  * softmagic - lookup one file in parsed, in-memory copy of database
+  * Passed the name and FILE * of one file to be typed.
+-- 
+1.7.9.2
+

file.spec

@@ -61,6 +61,8 @@ Patch33:        file-5.16-ocloexec.patch
 Patch34:        file-5.12-endian.patch
 Patch35:        file-5.12-nitpick.dif
 Patch36:        file-5.15-clear-invalid.patch
+# PATCH-FIX-USTREAM last patch for bnc#866750 - CVE-2014-2270: file: crash when parsing some PE executables
+Patch37:        0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _miscdir    %{_datadir}/misc
@@ -126,6 +128,7 @@ to develop applications that require the magic "file" interface.
 %patch34 -p0 -b .endian
 %patch35 -p0 -b .nitpick
 %patch36 -p1 -b .clear
+%patch37 -p0 -b .CVE-2014-2270
 %patch -b .0
 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in