From 56c079edb0fbf379969cddeeaeb3289f056cf0d02bc6eae359f907a6f34d44b3 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Mon, 16 Apr 2007 22:31:29 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/file?expand=0&rev=6

---
 file-4.20-reg_dos.dif | 15 +++++++++++++++
 file.changes          |  5 +++++
 file.spec             |  6 +++++-
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 file-4.20-reg_dos.dif

diff --git a/file-4.20-reg_dos.dif b/file-4.20-reg_dos.dif
new file mode 100644
index 0000000..97078d6
--- /dev/null
+++ b/file-4.20-reg_dos.dif
@@ -0,0 +1,15 @@
+--- magic/Magdir/msdos
++++ magic/Magdir/msdos	2007-04-16 14:54:43.942155748 +0200
+@@ -14,8 +14,10 @@
+ 
+ # OS/2 batch files are REXX. the second regex is a bit generic, oh well
+ # the matched commands seem to be common in REXX and uncommon elsewhere
+-100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text
+-100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text
++#100	regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu	OS/2 REXX batch file text
++#100	regex/c =^\\s*say\ ['"]				OS/2 REXX batch file text
++100	regex/c =^\\s{0,255}call\\s{1,99}rxfuncadd	OS/2 REXX batch file text
++100	regex/c =^\\s{0,255}say\ ['"]			OS/2 REXX batch file text
+ 
+ 0	leshort		0x14c	MS Windows COFF Intel 80386 object file
+ #>4	ledate		x	stamp %s
diff --git a/file.changes b/file.changes
index 09eb917..99b1306 100644
--- a/file.changes
+++ b/file.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Apr 16 14:56:02 CEST 2007 - werner@suse.de
+
+- Avoid DoS attack with regex (bug #263754)
+
 -------------------------------------------------------------------
 Thu Apr  5 17:09:05 CEST 2007 - werner@suse.de
 
diff --git a/file.spec b/file.spec
index 2d8160d..5a9f088 100644
--- a/file.spec
+++ b/file.spec
@@ -17,7 +17,7 @@ License:        Other uncritical OpenSource License
 Group:          Productivity/File utilities
 Autoreqprov:    on
 Version:        4.20
-Release:        6
+Release:        7
 Summary:        A Tool to Determine File Types
 Source:         ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2
 Patch:          file-%{version}.dif
@@ -33,6 +33,7 @@ Patch9:         file-4.18-elf.dif
 Patch10:        file-4.18-printf.dif
 Patch11:        file-4.20-reg_startend.dif
 Patch12:        file-4.20-unused.dif
+Patch13:        file-4.20-reg_dos.dif
 Patch20:        file-4.16-mips.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -81,6 +82,7 @@ Authors:
 %patch10 -p0 -b .prtf
 %patch11 -p0 -b .rse
 %patch12 -p0 -b .unused
+%patch13 -p0 -b .reg
 %ifarch mips
 %patch20 -p0 -b .mips
 %endif
@@ -143,6 +145,8 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_mandir}/man3/libmagic.3.gz
 
 %changelog
+* Mon Apr 16 2007 - werner@suse.de
+- Avoid DoS attack with regex (bug #263754)
 * Thu Apr 05 2007 - werner@suse.de
 - Avoid trouble with variable/macro on ppc64
 * Mon Mar 26 2007 - rguenther@suse.de