Browse Source

file package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 4 years ago
parent
commit
f276e33689
  1. 28
      SOURCES/file-5.11-CVE-2018-10360.patch
  2. 9
      SPECS/file.spec

28
SOURCES/file-5.11-CVE-2018-10360.patch

@ -0,0 +1,28 @@
From 8616080aecf07436e80a27f68c336382c1d1c22d Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 9 Jun 2018 16:00:06 +0000
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)

Upstream-commit: a642587a9c9e2dd7feacdf513c3643ce26ad3c22
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/readelf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/readelf.c b/src/readelf.c
index 3df0836..d96a538 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -966,7 +966,8 @@ core:
cname = (unsigned char *)
&nbuf[doff + prpsoffsets(i)];
- for (cp = cname; *cp && isprint(*cp); cp++)
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
continue;
/*
* Linux apparently appends a space at the end
--
2.14.4

9
SPECS/file.spec

@ -5,7 +5,7 @@
Summary: A utility for determining file types Summary: A utility for determining file types
Name: file Name: file
Version: 5.11 Version: 5.11
Release: 35%{?dist} Release: 36%{?dist}
License: BSD License: BSD
Group: Applications/File Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@ -72,6 +72,9 @@ Patch60: file-5.11-gzip-strength.patch
# fix #1562135 - do not classify groovy script as python code # fix #1562135 - do not classify groovy script as python code
Patch61: file-5.11-python-comment.patch Patch61: file-5.11-python-comment.patch


# fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
Patch62: file-5.11-CVE-2018-10360.patch

URL: http://www.darwinsys.com/file/ URL: http://www.darwinsys.com/file/
Requires: file-libs = %{version}-%{release} Requires: file-libs = %{version}-%{release}
BuildRequires: zlib-devel BuildRequires: zlib-devel
@ -179,6 +182,7 @@ file(1) command.
%patch59 -p1 %patch59 -p1
%patch60 -p1 %patch60 -p1
%patch61 -p1 %patch61 -p1
%patch62 -p1


# Patches can generate *.orig files, which can't stay in the magic dir, # Patches can generate *.orig files, which can't stay in the magic dir,
# otherwise there will be problems when compiling magic file! # otherwise there will be problems when compiling magic file!
@ -258,6 +262,9 @@ cd python
%endif %endif


%changelog %changelog
* Tue Aug 06 2019 Kamil Dudka <kdudka@redhat.com> - 5.11-36
- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)

* Wed Jun 06 2018 Kamil Dudka <kdudka@redhat.com> 5.11-35 * Wed Jun 06 2018 Kamil Dudka <kdudka@redhat.com> 5.11-35
- fix #1562135 - do not classify groovy script as python code - fix #1562135 - do not classify groovy script as python code



Loading…
Cancel
Save