diff --git a/SOURCES/file-5.33-bound-file_strncmp.patch b/SOURCES/file-5.33-bound-file_strncmp.patch new file mode 100644 index 0000000..d8ac1a0 --- /dev/null +++ b/SOURCES/file-5.33-bound-file_strncmp.patch @@ -0,0 +1,68 @@ +diff -urp file-5.33.orig/src/softmagic.c file-5.33/src/softmagic.c +--- file-5.33.orig/src/softmagic.c 2020-12-14 12:26:50.286849841 -0500 ++++ file-5.33/src/softmagic.c 2020-12-14 12:35:52.679166211 -0500 +@@ -1748,7 +1748,8 @@ mget(struct magic_set *ms, struct magic + } + + private uint64_t +-file_strncmp(const char *s1, const char *s2, size_t len, uint32_t flags) ++file_strncmp(const char *s1, const char *s2, size_t len, size_t maxlen, ++ uint32_t flags) + { + /* + * Convert the source args to unsigned here so that (1) the +@@ -1760,7 +1761,7 @@ file_strncmp(const char *s1, const char + const unsigned char *b = (const unsigned char *)s2; + uint32_t ws = flags & (STRING_COMPACT_WHITESPACE | + STRING_COMPACT_OPTIONAL_WHITESPACE); +- const unsigned char *eb = b + (ws ? strlen(s2) : len); ++ const unsigned char *eb = b + (ws ? maxlen : len); + uint64_t v; + + /* +@@ -1818,7 +1819,8 @@ file_strncmp(const char *s1, const char + } + + private uint64_t +-file_strncmp16(const char *a, const char *b, size_t len, uint32_t flags) ++file_strncmp16(const char *a, const char *b, size_t len, size_t maxlen, ++ uint32_t flags) + { + /* + * XXX - The 16-bit string compare probably needs to be done +@@ -1826,7 +1828,7 @@ file_strncmp16(const char *a, const char + * At the moment, I am unsure. + */ + flags = 0; +- return file_strncmp(a, b, len, flags); ++ return file_strncmp(a, b, len, maxlen, flags); + } + + private int +@@ -1954,13 +1956,15 @@ magiccheck(struct magic_set *ms, struct + case FILE_STRING: + case FILE_PSTRING: + l = 0; +- v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, m->str_flags); ++ v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, ++ sizeof(p->s), m->str_flags); + break; + + case FILE_BESTRING16: + case FILE_LESTRING16: + l = 0; +- v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, m->str_flags); ++ v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, ++ sizeof(p->s), m->str_flags); + break; + + case FILE_SEARCH: { /* search ms->search.s for the string m->value.s */ +@@ -1979,7 +1983,7 @@ magiccheck(struct magic_set *ms, struct + return 0; + + v = file_strncmp(m->value.s, ms->search.s + idx, slen, +- m->str_flags); ++ ms->search.s_len - idx, m->str_flags); + if (v == 0) { /* found match */ + ms->search.offset += idx; + ms->search.rm_len = ms->search.s_len - idx; diff --git a/SOURCES/file-5.33-more-python.patch b/SOURCES/file-5.33-more-python.patch new file mode 100644 index 0000000..1e8fc1e --- /dev/null +++ b/SOURCES/file-5.33-more-python.patch @@ -0,0 +1,22 @@ +diff -urp file-5.33.orig/magic/Magdir/python file-5.33/magic/Magdir/python +--- file-5.33.orig/magic/Magdir/python 2020-12-17 13:19:08.610803723 -0500 ++++ file-5.33/magic/Magdir/python 2020-12-17 13:26:07.346954161 -0500 +@@ -43,6 +43,18 @@ + !:strength + 15 + !:mime text/x-python + ++0 search/1/wt #!\ /usr/libexec/platform-python Python script text executable ++!:strength + 15 ++!:mime text/x-python ++ ++0 search/1/wt #!\ /usr/bin/python2 Python script text executable ++!:strength + 15 ++!:mime text/x-python ++ ++0 search/1/wt #!\ /usr/bin/python3 Python script text executable ++!:strength + 15 ++!:mime text/x-python ++ + + # from module.submodule import func1, func2 + 0 regex \^from[\040\t\f\r\n]+([A-Za-z0-9_]|\\.)+[\040\t\f\r\n]+import.*$ Python script text executable diff --git a/SOURCES/file-5.33-other-languages.patch b/SOURCES/file-5.33-other-languages.patch new file mode 100644 index 0000000..9b6c918 --- /dev/null +++ b/SOURCES/file-5.33-other-languages.patch @@ -0,0 +1,35 @@ +diff -urp file-5.33.orig/magic/Magdir/commands file-5.33/magic/Magdir/commands +--- file-5.33.orig/magic/Magdir/commands 2017-08-14 03:40:38.000000000 -0400 ++++ file-5.33/magic/Magdir/commands 2020-12-17 13:30:07.063162185 -0500 +@@ -8,6 +8,8 @@ + !:mime text/x-shellscript + 0 string/wb #!\ /bin/sh POSIX shell script executable (binary data) + !:mime text/x-shellscript ++0 string/w #!\ /usr/bin/sh Shell script text executable ++!:mime text/x-shellscript + + 0 string/wt #!\ /bin/csh C shell script text executable + !:mime text/x-shellscript +diff -urp file-5.33.orig/magic/Magdir/javascript file-5.33/magic/Magdir/javascript +--- file-5.33.orig/magic/Magdir/javascript 2012-06-16 09:30:36.000000000 -0400 ++++ file-5.33/magic/Magdir/javascript 2020-12-17 13:36:56.276843745 -0500 +@@ -15,3 +15,5 @@ + !:mime application/javascript + 0 search/1 #!/usr/bin/env\ nodejs Node.js script text executable + !:mime application/javascript ++0 string/wt #!\ /usr/bin/gjs Gnome Javascript text executable ++!:mime text/javascript +diff -urp file-5.33.orig/magic/Magdir/tcl file-5.33/magic/Magdir/tcl +--- file-5.33.orig/magic/Magdir/tcl 2014-01-08 17:29:21.000000000 -0500 ++++ file-5.33/magic/Magdir/tcl 2020-12-17 13:36:20.855391803 -0500 +@@ -12,6 +12,10 @@ + !:mime text/x-tcl + 0 search/1 #!\ /usr/bin/env\ tcl Tcl script text executable + !:mime text/x-tcl ++0 string/wt #!\ /usr/bin/jimsh Jim TCL text executable ++!:mime text/x-tcl ++0 search/1/wt #!\ /usr/bin/tclsh Tcl/Tk script text executable ++!:mime text/x-tcl + 0 search/1/w #!\ /usr/bin/wish Tcl/Tk script text executable + !:mime text/x-tcl + 0 search/1/w #!\ /usr/local/bin/wish Tcl/Tk script text executable diff --git a/SOURCES/file-5.33-python-space.patch b/SOURCES/file-5.33-python-space.patch new file mode 100644 index 0000000..053ed10 --- /dev/null +++ b/SOURCES/file-5.33-python-space.patch @@ -0,0 +1,23 @@ +diff -urp file-5.33.orig/magic/Magdir/python file-5.33/magic/Magdir/python +--- file-5.33.orig/magic/Magdir/python 2017-08-14 03:40:38.000000000 -0400 ++++ file-5.33/magic/Magdir/python 2020-12-14 12:24:42.084905613 -0500 +@@ -30,16 +30,16 @@ + 0 belong 0x3e0d0d0a python 3.7 byte-compiled + + +-0 search/1/w #!\ /usr/bin/python Python script text executable ++0 search/1/w #!\040/usr/bin/python Python script text executable + !:strength + 15 + !:mime text/x-python +-0 search/1/w #!\ /usr/local/bin/python Python script text executable ++0 search/1/w #!\040/usr/local/bin/python Python script text executable + !:strength + 15 + !:mime text/x-python + 0 search/1 #!/usr/bin/env\ python Python script text executable + !:strength + 15 + !:mime text/x-python +-0 search/10 #!\ /usr/bin/env\ python Python script text executable ++0 search/10 #!\040/usr/bin/env\ python Python script text executable + !:strength + 15 + !:mime text/x-python + diff --git a/SOURCES/file-5.33-whitespace-compare.patch b/SOURCES/file-5.33-whitespace-compare.patch new file mode 100644 index 0000000..8e035a0 --- /dev/null +++ b/SOURCES/file-5.33-whitespace-compare.patch @@ -0,0 +1,14 @@ +diff -urp file-5.33.orig/src/softmagic.c file-5.33/src/softmagic.c +--- file-5.33.orig/src/softmagic.c 2018-04-15 14:49:15.000000000 -0400 ++++ file-5.33/src/softmagic.c 2020-12-14 12:21:13.298285158 -0500 +@@ -1758,7 +1758,9 @@ file_strncmp(const char *s1, const char + */ + const unsigned char *a = (const unsigned char *)s1; + const unsigned char *b = (const unsigned char *)s2; +- const unsigned char *eb = b + len; ++ uint32_t ws = flags & (STRING_COMPACT_WHITESPACE | ++ STRING_COMPACT_OPTIONAL_WHITESPACE); ++ const unsigned char *eb = b + (ws ? strlen(s2) : len); + uint64_t v; + + /* diff --git a/SOURCES/file-5.37-CVE-2019-18218.patch b/SOURCES/file-5.37-CVE-2019-18218.patch new file mode 100644 index 0000000..89b9bde --- /dev/null +++ b/SOURCES/file-5.37-CVE-2019-18218.patch @@ -0,0 +1,52 @@ +From f73ad90e797824569008a054bea6c8215883a3a0 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 26 Aug 2019 14:31:39 +0000 +Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) + +Upstream-commit: 46a8443f76cec4b41ec736eca396984c74664f84 +Signed-off-by: Kamil Dudka +--- + src/cdf.c | 7 +++---- + src/cdf.h | 1 + + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/cdf.c b/src/cdf.c +index 556a3ff..8bb0a6d 100644 +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +diff --git a/src/cdf.h b/src/cdf.h +index 2f7e554..0505666 100644 +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 +-- +2.20.1 + diff --git a/SPECS/file.spec b/SPECS/file.spec index f536e9e..c732f22 100644 --- a/SPECS/file.spec +++ b/SPECS/file.spec @@ -15,7 +15,7 @@ Summary: A utility for determining file types Name: file Version: 5.33 -Release: 16%{?dist} +Release: 20%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -67,6 +67,24 @@ Patch15: file-magic-filesystems.patch # search deeper in the zip file (#1845169) Patch16: file-5.33-msooxml-magic.patch +# when ignoring whitespace compare up to the length of the string +Patch17: file-5.33-whitespace-compare.patch + +# Use \040 to make space clearer +Patch18: file-5.33-python-space.patch + +# Pass an upper bound to file_strncmp (string is not always NULL) +Patch19: file-5.33-bound-file_strncmp.patch + +# improve magic for python scripts +Patch20: file-5.33-more-python.patch + +# improve magic for Shell, Gnome Javascript and TCL scripts +Patch21: file-5.33-other-languages.patch + +# fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) +Patch22: file-5.37-CVE-2019-18218.patch + URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -237,6 +255,15 @@ cd %{py3dir} %endif %changelog +* Tue May 04 2021 Vincent Mihalkovic - 5.33-20 +- rebuild (#1954434) + +* Wed Apr 14 2021 Vincent Mihalkovic - 5.33-18 +- fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) + +* Thu Jan 21 2021 Vincent Mihalkovic - 5.33-17 +- improve magic for script recognition and other changes (#1903531) + * Mon Jun 22 2020 Vincent Mihalkovic - 5.33-16 - magic/Magdir/msooxml: Search deeper in the zip file (#1845169)