From 5887f931119b626de12f84667819745eac4c22ee39abb77e0d585bee686ddf53 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 22 Mar 2007 11:06:16 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=3 --- file-4.13-cracklib.dif | 20 ---------- ...4.13-netware.diff => file-4.13-netware.dif | 0 file-4.18.tar.bz2 | 3 -- file-4.06-exec.dif => file-4.20-exec.dif | 9 +++-- file-4.20-reg_startend.dif | 38 +++++++++++++++++++ file-4.16-ssd.dif => file-4.20-ssd.dif | 11 ++---- file-4.16-xen.dif => file-4.20-xen.dif | 10 ++--- file-4.18.dif => file-4.20.dif | 22 +++++------ file-4.20.tar.bz2 | 3 ++ file-selinux.dif | 19 ---------- file.changes | 5 +++ file.spec | 38 +++++++++---------- 12 files changed, 90 insertions(+), 88 deletions(-) delete mode 100644 file-4.13-cracklib.dif rename file-4.13-netware.diff => file-4.13-netware.dif (100%) delete mode 100644 file-4.18.tar.bz2 rename file-4.06-exec.dif => file-4.20-exec.dif (97%) create mode 100644 file-4.20-reg_startend.dif rename file-4.16-ssd.dif => file-4.20-ssd.dif (62%) rename file-4.16-xen.dif => file-4.20-xen.dif (50%) rename file-4.18.dif => file-4.20.dif (95%) create mode 100644 file-4.20.tar.bz2 delete mode 100644 file-selinux.dif diff --git a/file-4.13-cracklib.dif b/file-4.13-cracklib.dif deleted file mode 100644 index 3d15b34..0000000 --- a/file-4.13-cracklib.dif +++ /dev/null @@ -1,20 +0,0 @@ ---- magic/Magdir/cracklib -+++ magic/Magdir/cracklib 2005-07-01 12:18:53.000000000 +0200 -@@ -0,0 +1,7 @@ -+#------------------------------------------------------------------------------ -+# cracklib: file (1) magic for cracklib v2.7 -+ -+0 lelong 0x70775631 Cracklib password index, little endian -+>4 lelong >0 (%i words) -+0 belong 0x70775631 Cracklib password index, big endian -+>4 belong >0 (%i words) ---- magic/Makefile.am -+++ magic/Makefile.am 2005-07-01 12:19:28.000000000 +0200 -@@ -59,6 +59,7 @@ - Magdir/console \ - Magdir/convex \ - Magdir/ctags \ -+Magdir/cracklib \ - Magdir/dact \ - Magdir/database \ - Magdir/diamond \ diff --git a/file-4.13-netware.diff b/file-4.13-netware.dif similarity index 100% rename from file-4.13-netware.diff rename to file-4.13-netware.dif diff --git a/file-4.18.tar.bz2 b/file-4.18.tar.bz2 deleted file mode 100644 index 1ddc8e2..0000000 --- a/file-4.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c846910e85c4ec312344d5b62d76ba382244cbff9329f9badf8ba6dbe7150d4c -size 404308 diff --git a/file-4.06-exec.dif b/file-4.20-exec.dif similarity index 97% rename from file-4.06-exec.dif rename to file-4.20-exec.dif index 9e3bfda..abe324c 100644 --- a/file-4.06-exec.dif +++ b/file-4.20-exec.dif @@ -1,6 +1,6 @@ --- magic/Magdir/commands +++ magic/Magdir/commands 2006-03-24 14:59:41.000000000 +0100 -@@ -3,55 +3,55 @@ +@@ -3,56 +3,56 @@ # commands: file(1) magic for various shells and interpreters # 0 string : shell archive or script for antique kernel text @@ -85,6 +85,7 @@ +0 string/b #!\ /usr/bin/php PHP script text 0 string Zend\x00 PHP script Zend Optimizer data + --- magic/Magdir/perl +++ magic/Magdir/perl 2006-03-24 14:51:26.000000000 +0100 @@ -5,12 +5,12 @@ @@ -102,7 +103,7 @@ +0 string eval\ "exec\ /usr/local/bin/perl perl script text 0 string eval\ '(exit\ $?0)'\ &&\ eval\ 'exec perl script text - # a couple more, by me + --- magic/Magdir/python +++ magic/Magdir/python 2006-03-24 14:51:26.000000000 +0100 @@ -4,7 +4,7 @@ @@ -115,14 +116,14 @@ # 20121 ( YEAR - 1995 ) + MONTH + DAY (little endian followed by "\r\n" 0 belong 0x994e0d0a python 1.5/1.6 byte-compiled --- magic/Magdir/varied.script -+++ magic/Magdir/varied.script 2006-03-24 14:51:26.000000000 +0100 ++++ magic/Magdir/varied.script 2007-03-21 11:22:09.000000000 +0100 @@ -2,11 +2,11 @@ # varied.script: file(1) magic for various interpreter scripts 0 string #!\ / a ->3 string >\0 %s script text executable +>3 string >\0 %s script text - 0 string #!\ / a + 0 string #!\t/ a ->3 string >\0 %s script text executable +>3 string >\0 %s script text 0 string #!/ a diff --git a/file-4.20-reg_startend.dif b/file-4.20-reg_startend.dif new file mode 100644 index 0000000..276a563 --- /dev/null +++ b/file-4.20-reg_startend.dif @@ -0,0 +1,38 @@ +Index: softmagic.c +=================================================================== +RCS file: /p/file/cvsroot/file/src/softmagic.c,v +retrieving revision 1.91 +retrieving revision 1.95 +diff -u -r1.91 -r1.95 +--- src/softmagic.c 18 Jan 2007 05:29:33 -0000 1.91 ++++ src/softmagic.c 3 Mar 2007 19:09:25 -0000 1.95 +@@ -38,7 +38,7 @@ + + + #ifndef lint +-FILE_RCSID("@(#)$File: softmagic.c,v 1.91 2007/01/18 05:29:33 ljt Exp $") ++FILE_RCSID("@(#)$File: softmagic.c,v 1.95 2007/03/03 19:09:25 christos Exp $") + #endif /* lint */ + + private int match(struct magic_set *, struct magic *, uint32_t, +@@ -1523,10 +1523,20 @@ + } + else { + regmatch_t pmatch[1]; ++#ifndef REG_STARTEND ++#define REG_STARTEND 0 ++ size_t l = ms->search.s_len - 1; ++ char c = ms->search.s[l]; ++ ((char *)(intptr_t)ms->search.s)[l] = '\0'; ++#else + pmatch[0].rm_so = 0; + pmatch[0].rm_eo = ms->search.s_len; ++#endif + rc = regexec(&rx, (const char *)ms->search.s, + 1, pmatch, REG_STARTEND); ++#if REG_STARTEND == 0 ++ ((char *)(intptr_t)ms->search.s)[l] = c; ++#endif + switch (rc) { + case 0: + ms->search.s += (int)pmatch[0].rm_so; diff --git a/file-4.16-ssd.dif b/file-4.20-ssd.dif similarity index 62% rename from file-4.16-ssd.dif rename to file-4.20-ssd.dif index 14269f8..098a940 100644 --- a/file-4.16-ssd.dif +++ b/file-4.20-ssd.dif @@ -1,6 +1,6 @@ --- magic/Localstuff -+++ magic/Localstuff 2005-12-06 13:49:53.000000000 +0100 -@@ -14,3 +14,15 @@ ++++ magic/Localstuff 2007-03-21 12:38:03.000000000 +0100 +@@ -14,3 +14,12 @@ >33 string >\0 (%s) 2 string \000\022 TeX font metric data >33 string >\0 (%s) @@ -11,8 +11,5 @@ +# more details about the scheme of such SSDs and can help to extend this to all +# type of SSD, please let us know. E.g. how is the offset to the `Root Entry' +# determined? -+1024 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y Structured Storage -+>1152 string P\0a\0g\0e\0M\0a\0k\0e\0r PageMaker -+ -+512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y Structured Storage -+>640 string P\0a\0g\0e\0M\0a\0k\0e\0r PageMaker ++512 search/531 R\0o\0o\0t\0\ \0E\0n\0t\0r\0y Structured Storage ++>&109 search/17 P\0a\0g\0e\0M\0a\0k\0e\0r PageMaker diff --git a/file-4.16-xen.dif b/file-4.20-xen.dif similarity index 50% rename from file-4.16-xen.dif rename to file-4.20-xen.dif index 8b1474b..4e430eb 100644 --- a/file-4.16-xen.dif +++ b/file-4.20-xen.dif @@ -1,9 +1,9 @@ --- magic/Localstuff -+++ magic/Localstuff 2006-01-16 17:19:47.000000000 +0100 -@@ -26,3 +26,9 @@ - - 512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y Structured Storage - >640 string P\0a\0g\0e\0M\0a\0k\0e\0r PageMaker ++++ magic/Localstuff 2007-03-21 12:41:52.000000000 +0100 +@@ -23,3 +23,9 @@ + # determined? + 512 search/531 R\0o\0o\0t\0\ \0E\0n\0t\0r\0y Structured Storage + >&109 search/17 P\0a\0g\0e\0M\0a\0k\0e\0r PageMaker + +# File magic for Xen, the virtual machine monitor for x86 +0 string LinuxGuestRecord Xen saved domain diff --git a/file-4.18.dif b/file-4.20.dif similarity index 95% rename from file-4.18.dif rename to file-4.20.dif index d3c664c..320f379 100644 --- a/file-4.18.dif +++ b/file-4.20.dif @@ -3,15 +3,15 @@ @@ -0,0 +1,11 @@ +patch -p0 -s --suffix=.misc < ../file-4.18-misc.dif +patch -p0 -s --suffix=.pcp < ../file-4.12-pcp.dif -+patch -p0 -s --suffix=.exec < ../file-4.06-exec.dif ++patch -p0 -s --suffix=.exec < ../file-4.20-exec.dif +patch -p0 -s --suffix=.conf < ../file-4.06-autoconf.dif +patch -p0 -s --suffix=.tex < ../file-4.03-tex.dif -+patch -p0 -s --suffix=.policy < ../file-selinux.dif -+patch -p0 -s --suffix=.ntwr < ../file-4.13-netware.diff -+patch -p0 -s --suffix=.crlib< ../file-4.13-cracklib.dif -+patch -p0 -s --suffix=.pm < ../file-4.16-ssd.dif -+patch -p0 -s --suffix=.xen < ../file-4.16-xen.dif ++patch -p0 -s --suffix=.ntwr < ../file-4.13-netware.dif ++patch -p0 -s --suffix=.pm < ../file-4.20-ssd.dif ++patch -p0 -s --suffix=.xen < ../file-4.20-xen.dif +patch -p0 -s --suffix=.elf < ../file-4.18-elf.dif ++patch -p0 -s --suffix=.prtf < ../file-4.18-printf.dif ++patch -p0 -s --suffix=.rse < ../file-4.20-reg_startend.dif --- magic/Header +++ magic/Header 2006-03-27 13:29:19.000000000 +0200 @@ -1,5 +1,7 @@ @@ -35,7 +35,7 @@ Magdir/applix \ Magdir/archive \ Magdir/asterix \ -@@ -83,7 +82,6 @@ Magdir/encore \ +@@ -82,7 +81,6 @@ Magdir/encore \ Magdir/epoc \ Magdir/esri \ Magdir/fcs \ @@ -43,7 +43,7 @@ Magdir/flash \ Magdir/fonts \ Magdir/frame \ -@@ -109,14 +107,14 @@ Magdir/island \ +@@ -108,14 +106,14 @@ Magdir/island \ Magdir/ispell \ Magdir/java \ Magdir/jpeg \ @@ -60,7 +60,7 @@ Magdir/magic \ Magdir/mail.news \ Magdir/maple \ -@@ -130,11 +128,11 @@ Magdir/misctools \ +@@ -129,11 +127,11 @@ Magdir/misctools \ Magdir/mkid \ Magdir/mlssa \ Magdir/mmdf \ @@ -74,7 +74,7 @@ Magdir/natinst \ Magdir/ncr \ Magdir/netbsd \ -@@ -169,6 +167,8 @@ Magdir/pyramid \ +@@ -167,6 +165,8 @@ Magdir/pyramid \ Magdir/python \ Magdir/revision \ Magdir/riff \ @@ -94,7 +94,7 @@ >>18 leshort 51 Stanford MIPS-X, >>18 leshort 52 Motorola Coldfire, >>18 leshort 53 Motorola M68HC12, -@@ -184,7 +184,7 @@ +@@ -186,7 +186,7 @@ >>18 beshort 47 Renesas H8/300H, >>18 beshort 48 Renesas H8S, >>18 beshort 49 Renesas H8/500, diff --git a/file-4.20.tar.bz2 b/file-4.20.tar.bz2 new file mode 100644 index 0000000..9f6889d --- /dev/null +++ b/file-4.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd1dbfeef939b79382e5b4e50bc49496d2457b94a995532bdea2a4c08c159369 +size 414064 diff --git a/file-selinux.dif b/file-selinux.dif deleted file mode 100644 index af106bd..0000000 --- a/file-selinux.dif +++ /dev/null @@ -1,19 +0,0 @@ ---- magic/Magdir/policy 2003-08-28 14:36:54.000000000 -0400 -+++ magic/Magdir/policy 2003-08-28 14:39:35.000000000 -0400 -@@ -0,0 +1,6 @@ -+# SE Linux policy database -+0 lelong 0xf97cff8c SE Linux policy -+>16 lelong x v%d -+>20 lelong 1 MLS -+>24 lelong x %d symbols -+>28 lelong x %d ocons ---- magic/Makefile.am 2003-08-28 14:41:58.000000000 -0400 -+++ magic/Makefile.am 2003-08-28 14:45:15.000000000 -0400 -@@ -135,6 +135,7 @@ - Magdir/pgp \ - Magdir/pkgadd \ - Magdir/plus5 \ -+Magdir/policy \ - Magdir/printer \ - Magdir/project \ - Magdir/psdbms \ diff --git a/file.changes b/file.changes index c6319ce..db64b12 100644 --- a/file.changes +++ b/file.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 21 12:57:57 CET 2007 - werner@suse.de + +- Update to file 4.20 due security reason CVE-2007-1536 (#256290) + ------------------------------------------------------------------- Tue Mar 6 23:20:41 CET 2007 - rguenther@suse.de diff --git a/file.spec b/file.spec index 73810c6..fba19f9 100644 --- a/file.spec +++ b/file.spec @@ -1,5 +1,5 @@ # -# spec file for package file (Version 4.18) +# spec file for package file (Version 4.20) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -15,23 +15,22 @@ URL: http://www.darwinsys.com/file/ License: Other uncritical OpenSource License Group: Productivity/File utilities Autoreqprov: on -Version: 4.18 -Release: 11 +Version: 4.20 +Release: 1 Summary: A Tool to Determine File Types Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2 Patch: file-%{version}.dif Patch1: file-4.18-misc.dif Patch2: file-4.12-pcp.dif -Patch3: file-4.06-exec.dif +Patch3: file-4.20-exec.dif Patch4: file-4.06-autoconf.dif Patch5: file-4.03-tex.dif -Patch6: file-selinux.dif -Patch7: file-4.13-netware.diff -Patch8: file-4.13-cracklib.dif -Patch9: file-4.16-ssd.dif -Patch10: file-4.16-xen.dif -Patch11: file-4.18-elf.dif -Patch12: file-4.18-printf.dif +Patch6: file-4.13-netware.dif +Patch7: file-4.20-ssd.dif +Patch8: file-4.20-xen.dif +Patch9: file-4.18-elf.dif +Patch10: file-4.18-printf.dif +Patch11: file-4.20-reg_startend.dif Patch20: file-4.16-mips.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -73,15 +72,14 @@ Authors: %patch3 -p0 -b .exec %patch4 -p0 -b .conf %patch5 -p0 -b .tex -%patch6 -p0 -b .policy -%patch7 -p0 -b .ntwr -%patch8 -p0 -b .crlib -%patch9 -p0 -b .pm -%patch10 -p0 -b .xen -%patch11 -p0 -b .elf.dif -%patch12 -p0 -b .printf +%patch6 -p0 -b .ntwr +%patch7 -p0 -b .ssd +%patch8 -p0 -b .xen +%patch9 -p0 -b .elf +%patch10 -p0 -b .prtf +%patch11 -p0 -b .rse %ifarch mips -%patch20 -p0 -s .mips +%patch20 -p0 -b .mips %endif %patch @@ -142,6 +140,8 @@ rm -rf $RPM_BUILD_ROOT %attr(644,root,root) %{_mandir}/man3/libmagic.3.gz %changelog +* Wed Mar 21 2007 - werner@suse.de +- Update to file 4.20 due security reason CVE-2007-1536 (#256290) * Tue Mar 06 2007 - rguenther@suse.de - Fix order of changelog entries * Thu Nov 23 2006 - werner@suse.de