From fa5e7ec98c5c55804634c76f3767bda74437d6f6 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: Mar 25 2014 08:07:11 +0000 Subject: import file-5.11-21.el7.src.rpm --- diff --git a/SOURCES/file-5.11-CVE-2013-7345.patch b/SOURCES/file-5.11-CVE-2013-7345.patch new file mode 100644 index 0000000..0bb1287 --- /dev/null +++ b/SOURCES/file-5.11-CVE-2013-7345.patch @@ -0,0 +1,27 @@ +From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 25 Mar 2013 14:06:55 +0000 +Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking + Carsten Wolff + +--- + magic/Magdir/commands | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 67c3eee..4a7d8dd 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -49,7 +49,8 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex =^\\s*BEGIN\\s*[{] awk script text ++0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text ++!:strength - 12 + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable +-- +1.8.5.5 + diff --git a/SOURCES/file-5.11-CVE-2014-1943.patch b/SOURCES/file-5.11-CVE-2014-1943.patch new file mode 100644 index 0000000..bcfa7e5 --- /dev/null +++ b/SOURCES/file-5.11-CVE-2014-1943.patch @@ -0,0 +1,137 @@ +diff --git a/src/ascmagic.c b/src/ascmagic.c +index 8d6ca95..cfa3951 100644 +--- a/src/ascmagic.c ++++ b/src/ascmagic.c +@@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf, + == NULL) + goto done; + if ((rv = file_softmagic(ms, utf8_buf, +- (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) ++ (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) + rv = -1; + } + +diff --git a/src/file.h b/src/file.h +index 175f659..e02009f 100644 +--- a/src/file.h ++++ b/src/file.h +@@ -414,7 +414,7 @@ protected int file_encoding(struct magic_set *, const unsigned char *, size_t, + unichar **, size_t *, const char **, const char **, const char **); + protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); + protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, +- int, int); ++ size_t, int, int); + protected struct mlist *file_apprentice(struct magic_set *, const char *, int); + protected uint64_t file_signextend(struct magic_set *, struct magic *, + uint64_t); +diff --git a/src/funcs.c b/src/funcs.c +index 0b2a3d0..0d645eb 100644 +--- a/src/funcs.c ++++ b/src/funcs.c +@@ -228,7 +228,7 @@ file_buffer(struct magic_set *ms, int fd, const char *inname __attribute__ ((unu + + /* try soft magic tests */ + if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) +- if ((m = file_softmagic(ms, ubuf, nb, BINTEST, ++ if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, + looks_text)) != 0) { + if ((ms->flags & MAGIC_DEBUG) != 0) + (void)fprintf(stderr, "softmagic %d\n", m); +diff --git a/src/softmagic.c b/src/softmagic.c +index 22e1190..56f09ee 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -41,11 +41,12 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.147 2011/11/05 15:44:22 rrt Exp $") + #include + #include + ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) + + private int match(struct magic_set *, struct magic *, uint32_t, +- const unsigned char *, size_t, int, int); ++ const unsigned char *, size_t, int, int, int); + private int mget(struct magic_set *, const unsigned char *, +- struct magic *, size_t, unsigned int, int); ++ struct magic *, size_t, unsigned int, int, int); + private int magiccheck(struct magic_set *, struct magic *); + private int32_t mprint(struct magic_set *, struct magic *); + private int32_t moffset(struct magic_set *, struct magic *); +@@ -67,13 +68,13 @@ private void cvt_64(union VALUETYPE *, const struct magic *); + /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ + protected int + file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, +- int mode, int text) ++ size_t level, int mode, int text) + { + struct mlist *ml; + int rv; + for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) + if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, +- text)) != 0) ++ text, level)) != 0) + return rv; + + return 0; +@@ -108,7 +109,8 @@ file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, + */ + private int + match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, +- const unsigned char *s, size_t nbytes, int mode, int text) ++ const unsigned char *s, size_t nbytes, int mode, int text, ++ int recursion_level) + { + uint32_t magindex = 0; + unsigned int cont_level = 0; +@@ -140,7 +142,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, + ms->line = m->lineno; + + /* if main entry matches, print it... */ +- switch (mget(ms, s, m, nbytes, cont_level, text)) { ++ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { + case -1: + return -1; + case 0: +@@ -223,7 +225,7 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, + continue; + } + #endif +- switch (mget(ms, s, m, nbytes, cont_level, text)) { ++ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level)) { + case -1: + return -1; + case 0: +@@ -1018,12 +1020,18 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, + + private int + mget(struct magic_set *ms, const unsigned char *s, +- struct magic *m, size_t nbytes, unsigned int cont_level, int text) ++ struct magic *m, size_t nbytes, unsigned int cont_level, int text, ++ int recursion_level) + { + uint32_t offset = ms->offset; + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + ++ if (recursion_level >= 20) { ++ file_error(ms, 0, "recursion nesting exceeded"); ++ return -1; ++ } ++ + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) + return -1; + +@@ -1580,10 +1588,12 @@ mget(struct magic_set *ms, const unsigned char *s, + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, "%s", m->desc) == -1) + return -1; +- if (nbytes < offset) ++ if (offset == 0) + return 0; ++ if (OFFSET_OOB(nbytes, offset, 0)) ++ return 0; + return file_softmagic(ms, s + offset, nbytes - offset, +- BINTEST, text); ++ recursion_level, BINTEST, text); + + case FILE_DEFAULT: /* nothing to check */ + default: diff --git a/SOURCES/file-5.11-CVE-2014-2270.patch b/SOURCES/file-5.11-CVE-2014-2270.patch new file mode 100644 index 0000000..7f4af99 --- /dev/null +++ b/SOURCES/file-5.11-CVE-2014-2270.patch @@ -0,0 +1,133 @@ +diff --git a/src/softmagic.c b/src/softmagic.c +index 56f09ee..8d08cad 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -61,6 +61,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); + private void cvt_32(union VALUETYPE *, const struct magic *); + private void cvt_64(union VALUETYPE *, const struct magic *); + ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1081,7 +1082,7 @@ mget(struct magic_set *ms, const unsigned char *s, + } + switch (m->in_type) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) ++ if (OFFSET_OOB(nbytes, offset, 1)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1116,7 +1117,8 @@ mget(struct magic_set *ms, const unsigned char *s, + offset = ~offset; + break; + case FILE_BESHORT: +- if (nbytes < (offset + 2)) ++ ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1168,7 +1170,7 @@ mget(struct magic_set *ms, const unsigned char *s, + offset = ~offset; + break; + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1220,7 +1222,7 @@ mget(struct magic_set *ms, const unsigned char *s, + offset = ~offset; + break; + case FILE_SHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1257,7 +1259,7 @@ mget(struct magic_set *ms, const unsigned char *s, + break; + case FILE_BELONG: + case FILE_BEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1328,7 +1330,7 @@ mget(struct magic_set *ms, const unsigned char *s, + break; + case FILE_LELONG: + case FILE_LEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1398,7 +1400,7 @@ mget(struct magic_set *ms, const unsigned char *s, + offset = ~offset; + break; + case FILE_MELONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1468,7 +1470,7 @@ mget(struct magic_set *ms, const unsigned char *s, + offset = ~offset; + break; + case FILE_LONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1535,14 +1537,14 @@ mget(struct magic_set *ms, const unsigned char *s, + /* Verify we have enough data to match magic type */ + switch (m->type) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) /* should alway be true */ ++ if (OFFSET_OOB(nbytes, offset, 1)) + return 0; + break; + + case FILE_SHORT: + case FILE_BESHORT: + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + break; + +@@ -1561,26 +1563,26 @@ mget(struct magic_set *ms, const unsigned char *s, + case FILE_FLOAT: + case FILE_BEFLOAT: + case FILE_LEFLOAT: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + break; + + case FILE_DOUBLE: + case FILE_BEDOUBLE: + case FILE_LEDOUBLE: +- if (nbytes < (offset + 8)) ++ if (OFFSET_OOB(nbytes, offset, 8)) + return 0; + break; + + case FILE_STRING: + case FILE_PSTRING: + case FILE_SEARCH: +- if (nbytes < (offset + m->vallen)) ++ if (OFFSET_OOB(nbytes, offset, m->vallen)) + return 0; + break; + + case FILE_REGEX: +- if (nbytes < offset) ++ if (OFFSET_OOB(nbytes, offset, 0)) + return 0; + break; + diff --git a/SOURCES/file-5.11-maxmime.patch b/SOURCES/file-5.11-maxmime.patch new file mode 100644 index 0000000..7cc5ee2 --- /dev/null +++ b/SOURCES/file-5.11-maxmime.patch @@ -0,0 +1,39 @@ +commit 774f9f6653a90d83a8b5802e7dd210a45603e039 +Author: Christos Zoulas +Date: Fri Jan 25 23:07:19 2013 +0000 + + bump mime desc + +diff --git a/src/file.h b/src/file.h +index 8e139fc..4c03766 100644 +@@ -128,12 +128,13 @@ + #endif + #define MAXMAGIS 8192 /* max entries in any one magic file + or directory */ +-#define MAXDESC 64 /* max leng of text description/MIME type */ +-#define MAXstring 64 /* max leng of "string" types */ ++#define MAXDESC 64 /* max len of text description/MIME type */ ++#define MAXMIME 80 /* max len of text MIME type */ ++#define MAXstring 64 /* max len of "string" types */ + + #define MAGICNO 0xF11E041C +-#define VERSIONNO 9 +-#define FILE_MAGICSIZE 232 ++#define VERSIONNO 10 ++#define FILE_MAGICSIZE 248 + + #define FILE_LOAD 0 + #define FILE_CHECK 1 +@@ -300,9 +301,9 @@ struct magic { + union VALUETYPE value; /* either number or string */ + /* Words 17-32 */ + char desc[MAXDESC]; /* description */ +- /* Words 33-48 */ +- char mimetype[MAXDESC]; /* MIME type */ +- /* Words 49-50 */ ++ /* Words 33-52 */ ++ char mimetype[MAXMIME]; /* MIME type */ ++ /* Words 53-54 */ + char apple[8]; + }; + diff --git a/SOURCES/file-5.11-perl-shebang.patch b/SOURCES/file-5.11-perl-shebang.patch new file mode 100644 index 0000000..aec548f --- /dev/null +++ b/SOURCES/file-5.11-perl-shebang.patch @@ -0,0 +1,37 @@ +diff --git a/magic/Magdir/perl b/magic/Magdir/perl +index ef0cc6d..453665c 100644 +--- a/magic/Magdir/perl ++++ b/magic/Magdir/perl +@@ -5,24 +5,22 @@ + # The `eval' lines recognizes an outrageously clever hack. + # Keith Waclena + # Send additions to +-0 search/1/w #!\ /bin/perl Perl script text executable +-!:mime text/x-perl + 0 search/1 eval\ "exec\ /bin/perl Perl script text + !:mime text/x-perl +-0 search/1/w #!\ /usr/bin/perl Perl script text executable +-!:mime text/x-perl + 0 search/1 eval\ "exec\ /usr/bin/perl Perl script text + !:mime text/x-perl +-0 search/1/w #!\ /usr/local/bin/perl Perl script text executable +-!:mime text/x-perl + 0 search/1 eval\ "exec\ /usr/local/bin/perl Perl script text + !:mime text/x-perl + 0 search/1 eval\ '(exit\ $?0)'\ &&\ eval\ 'exec Perl script text + !:mime text/x-perl +-0 search/1 #!/usr/bin/env\ perl Perl script text executable +-!:mime text/x-perl +-0 search/1 #!\ /usr/bin/env\ perl Perl script text executable +-!:mime text/x-perl ++ ++0 search/1 #! ++>0 regex \^#!.*/bin/perl.*$ Perl script text executable ++!:mime text/x-perl ++>0 regex \^#!.*/bin/env\ perl.*$ Perl script text executable ++!:mime text/x-perl ++# to be tried before awk script ++!:strength + 40 + + # by Dmitry V. Levin and Alexey Tourbin + # check the first line diff --git a/SOURCES/file-5.11-qcow3.patch b/SOURCES/file-5.11-qcow3.patch new file mode 100644 index 0000000..b7a4806 --- /dev/null +++ b/SOURCES/file-5.11-qcow3.patch @@ -0,0 +1,26 @@ +diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos +index 8f3e532..21f055d 100644 +--- a/magic/Magdir/msdos ++++ b/magic/Magdir/msdos +@@ -820,6 +820,21 @@ + >>24 bequad x \b, %lld bytes + >>32 belong 1 \b, AES-encrypted + ++>4 belong 3 (v3) ++# Using the existence of the Backing File Offset to determine whether ++# to read Backing File Information ++>>8 bequad >0 \b, has backing file ++# Note that this isn't a null-terminated string; the length is actually ++# (16.L). Assuming a null-terminated string happens to work usually, but it ++# may spew junk until it reaches a \0 in some cases. Also, since there's no ++# .Q modifier, we just use the bottom four bytes as an offset. Note that if ++# the file is over 4G, and the backing file path is stored after the first 4G, ++# the wrong filename will be printed. (This should be (8.Q), when that syntax ++# is introduced.) ++>>>(12.L) string >\0 (path %s) ++>>24 bequad x \b, %lld bytes ++>>32 belong 1 \b, AES-encrypted ++ + >4 default x (unknown version) + + 0 string/b QEVM QEMU suspend to disk image diff --git a/SPECS/file.spec b/SPECS/file.spec index e0a5fca..f35d05f 100644 --- a/SPECS/file.spec +++ b/SPECS/file.spec @@ -5,7 +5,7 @@ Summary: A utility for determining file types Name: file Version: 5.11 -Release: 11%{?dist} +Release: 21%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -28,6 +28,12 @@ Patch13: file-5.04-generic-msdos.patch Patch14: file-5.14-netpbm.patch Patch15: file-5.11-rrdtool.patch Patch16: file-5.11-exit-code.patch +Patch17: file-5.11-perl-shebang.patch +Patch18: file-5.11-qcow3.patch +Patch19: file-5.11-maxmime.patch +Patch20: file-5.11-CVE-2014-1943.patch +Patch21: file-5.11-CVE-2014-2270.patch +Patch22: file-5.11-CVE-2013-7345.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -98,6 +104,12 @@ file(1) command. %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 iconv -f iso-8859-1 -t utf-8 < doc/libmagic.man > doc/libmagic.man_ touch -r doc/libmagic.man doc/libmagic.man_ @@ -173,6 +185,38 @@ cd python %endif %changelog +* Tue Mar 25 2014 Jan Kaluza - 5.11-21 +- fix #1079848 - fix potential regression in Perl detection caused + by previous fix + +* Mon Mar 24 2014 Jan Kaluza - 5.11-20 +- fix #1079848 - fix for CVE-2013-7345 + +* Fri Mar 07 2014 Jan Kaluza - 5.11-19 +- fix #1073554 - fix for CVE-2014-2270 + +* Wed Feb 19 2014 Jan Kaluza - 5.11-18 +- fix #1066563 - fix for CVE-2014-1943 + +* Wed Feb 12 2014 Jan Kaluza - 5.11-17 +- Increase MAXMIME size to 80 bytes (#1064167) + +* Fri Jan 24 2014 Daniel Mach - 5.11-16 +- Mass rebuild 2014-01-24 + +* Fri Jan 10 2014 Jan Kaluza - 5.11-15 +- fix #1048910 - detect perl scripts even with arguments in shebang + +* Tue Jan 07 2014 Jan Kaluza - 5.11-14 +- fix #1048910 - increase perl scripts magic strength +- fix #1048082 - add support for QCOW3 images detection + +* Thu Jan 02 2014 Jan Kaluza - 5.11-13 +- fix #1038025 - improve perl scripts detection according to perl shebang + +* Fri Dec 27 2013 Daniel Mach - 5.11-12 +- Mass rebuild 2013-12-27 + * Fri Nov 08 2013 Jan Kaluza - 5.11-11 - fix #1022967 - improve RRD Tool database detection - fix #1026852 - exit with 0 exit code when input file does not exist