SHA256
1
0
forked from pool/file

Accepting request 741869 from Base:System

- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
  to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c

- Let python-magic build with latest rpm 

- Let python-magic build with latest rpm

- Correct version of file which is now 5.37

OBS-URL: https://build.opensuse.org/request/show/741869
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=114
This commit is contained in:
Dominique Leuenberger 2019-10-25 16:39:12 +00:00 committed by Git OBS Bridge
commit 9bee18d36e
5 changed files with 64 additions and 5 deletions

View File

@ -0,0 +1,43 @@
From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 26 Aug 2019 14:31:39 +0000
Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
---
src/cdf.c | 7 +++----
src/cdf.h | 1 +
2 files changed, 4 insertions(+), 4 deletions(-)
--- src/cdf.c
+++ src/cdf.c 2019-10-22 13:05:01.410441092 +0000
@@ -968,8 +968,9 @@ cdf_read_property_info(const cdf_stream_
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1011,8 +1012,6 @@ cdf_read_property_info(const cdf_stream_
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
--- src/cdf.h
+++ src/cdf.h 2019-10-22 13:05:01.422440872 +0000
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Tue Oct 22 13:24:26 UTC 2019 - Dr. Werner Fink <werner@suse.de>
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
-------------------------------------------------------------------
Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>
- Let python-magic build with latest rpm
-------------------------------------------------------------------
Tue Jun 11 10:42:01 UTC 2019 - Dr. Werner Fink <werner@suse.de>

View File

@ -35,7 +35,7 @@ Release: 0
Summary: A Tool to Determine File Types
License: BSD-2-Clause
Group: Productivity/File utilities
Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
Source2: baselibs.conf
Source3: file-rpmlintrc
Source4: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz.asc
@ -65,6 +65,7 @@ Patch36: file-5.15-clear-invalid.patch
Patch37: file-secure_getenv.patch
Patch39: file-5.28-btrfs-image.dif
Patch42: file-upstream.patch
Patch43: CVE-2019-18218-46a8443f.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%global _sysconfdir /etc
%global _miscdir %{_datadir}/misc
@ -134,6 +135,7 @@ to develop applications that require the magic "file" interface.
%patch37 -p1 -b .getenv
%patch39 -p1 -b .btrfs
%patch42 -p0 -b .tmp
%patch43 -p0 -b .CVE-2019-18218
%patch -b .0
test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
rm -fv src/magic.h

View File

@ -1,7 +1,12 @@
-------------------------------------------------------------------
Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <werner@suse.de>
- Let python-magic build with latest rpm
-------------------------------------------------------------------
Wed May 29 06:08:37 UTC 2019 - Dr. Werner Fink <werner@suse.de>
- - Correct version of file which is now 5.37
- Correct version of file which is now 5.37
-------------------------------------------------------------------
Thu Feb 21 07:18:57 UTC 2019 - Dr. Werner Fink <werner@suse.de>

View File

@ -18,7 +18,6 @@
# PyPI package name is file-magic. Version is taken from setup.py
%define file_magic_version 0.3.0
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-magic
@ -33,8 +32,8 @@ Release: 0
Summary: Python module to use libmagic
License: BSD-3-Clause AND BSD-4-Clause
Group: Development/Languages/Python
%{expand:%(sed -n -e '/^Source0\?:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)}
Source99: file.spec
%{expand:%(sed -n -e '/^Source:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)}
Requires: libmagic1
Provides: python-file-magic = %{file_magic_version}
%global _miscdir %{_datadir}/misc
@ -49,7 +48,6 @@ interface.
%{expand:%(sed -n -e '/^%%prep/,/^%%build/p' <%{_sourcedir}/file.spec | sed -e '1d' -e '$d')}
ln -sf README.md python/README
%build
pushd python
%python_build
popd