file package update
Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>master
basebuilder_pel7x64builder0
parent
f3e71ab92b
commit
f276e33689
|
|
@ -0,0 +1,28 @@
|
|||
From 8616080aecf07436e80a27f68c336382c1d1c22d Mon Sep 17 00:00:00 2001
|
||||
From: Christos Zoulas <christos@zoulas.com>
|
||||
Date: Sat, 9 Jun 2018 16:00:06 +0000
|
||||
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
|
||||
|
||||
Upstream-commit: a642587a9c9e2dd7feacdf513c3643ce26ad3c22
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/readelf.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/readelf.c b/src/readelf.c
|
||||
index 3df0836..d96a538 100644
|
||||
--- a/src/readelf.c
|
||||
+++ b/src/readelf.c
|
||||
@@ -966,7 +966,8 @@ core:
|
||||
|
||||
cname = (unsigned char *)
|
||||
&nbuf[doff + prpsoffsets(i)];
|
||||
- for (cp = cname; *cp && isprint(*cp); cp++)
|
||||
+ for (cp = cname; cp < nbuf + size && *cp
|
||||
+ && isprint(*cp); cp++)
|
||||
continue;
|
||||
/*
|
||||
* Linux apparently appends a space at the end
|
||||
--
|
||||
2.14.4
|
||||
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
Summary: A utility for determining file types
|
||||
Name: file
|
||||
Version: 5.11
|
||||
Release: 35%{?dist}
|
||||
Release: 36%{?dist}
|
||||
License: BSD
|
||||
Group: Applications/File
|
||||
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
|
||||
|
|
@ -72,6 +72,9 @@ Patch60: file-5.11-gzip-strength.patch
|
|||
# fix #1562135 - do not classify groovy script as python code
|
||||
Patch61: file-5.11-python-comment.patch
|
||||
|
||||
# fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
|
||||
Patch62: file-5.11-CVE-2018-10360.patch
|
||||
|
||||
URL: http://www.darwinsys.com/file/
|
||||
Requires: file-libs = %{version}-%{release}
|
||||
BuildRequires: zlib-devel
|
||||
|
|
@ -179,6 +182,7 @@ file(1) command.
|
|||
%patch59 -p1
|
||||
%patch60 -p1
|
||||
%patch61 -p1
|
||||
%patch62 -p1
|
||||
|
||||
# Patches can generate *.orig files, which can't stay in the magic dir,
|
||||
# otherwise there will be problems when compiling magic file!
|
||||
|
|
@ -258,6 +262,9 @@ cd python
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Aug 06 2019 Kamil Dudka <kdudka@redhat.com> - 5.11-36
|
||||
- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
|
||||
|
||||
* Wed Jun 06 2018 Kamil Dudka <kdudka@redhat.com> 5.11-35
|
||||
- fix #1562135 - do not classify groovy script as python code
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue