[packages/file] - fix for CVE-2014-3587

draenog draenog at pld-linux.org
Tue Sep 9 18:38:31 CEST 2014


commit 38c1c6be7cc04c3a7dc4422f9add2b3567de0859
Author: Kacper Kornet <draenog at pld-linux.org>
Date:   Tue Sep 9 17:37:23 2014 +0100

    - fix for CVE-2014-3587

 file-CVE-2014-3587.patch | 30 ++++++++++++++++++++++++++++++
 file.spec                |  4 +++-
 2 files changed, 33 insertions(+), 1 deletion(-)
---
diff --git a/file.spec b/file.spec
index 069c54e..040cf2c 100644
--- a/file.spec
+++ b/file.spec
@@ -30,7 +30,7 @@ Summary(zh_CN.UTF-8):	判定文件类型的工具。
 Summary(zh_TW.UTF-8):	用於決定檔案類型的一個工具程式。
 Name:		file
 Version:	5.19
-Release:	1
+Release:	2
 License:	distributable
 Group:		Applications/File
 Source0:	ftp://ftp.astron.com/pub/file/%{name}-%{version}.tar.gz
@@ -43,6 +43,7 @@ Source4:	%{name}-magic.mime-gen.awk
 Patch0:		%{name}-selinux.patch
 Patch1:		searchpath.patch
 Patch2:		automake.patch
+Patch3:		%{name}-CVE-2014-3587.patch
 URL:		http://www.darwinsys.com/file/
 BuildRequires:	autoconf >= 2.50
 BuildRequires:	automake
@@ -268,6 +269,7 @@ Wiązania Pythona 3 do biblioteki libmagic.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %if "%{cc_version}" < "3.4"
 %{__sed} -i -e 's,-Wextra,,' configure.ac
diff --git a/file-CVE-2014-3587.patch b/file-CVE-2014-3587.patch
new file mode 100644
index 0000000..58a1688
--- /dev/null
+++ b/file-CVE-2014-3587.patch
@@ -0,0 +1,30 @@
+commit 0641e56be1af003aa02c7c6b0184466540637233
+Author: Christos Zoulas <christos at zoulas.com>
+Date:   Thu Aug 7 09:38:35 2014 +0000
+
+    Prevent wrap around (Remi Collet at redhat)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 5dbf3b1..3e691f4 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -35,7 +35,7 @@
+ #include "file.h"
+ 
+ #ifndef lint
+-FILE_RCSID("@(#)$File: cdf.c,v 1.63 2014/06/09 13:04:37 christos Exp $")
++FILE_RCSID("@(#)$File: cdf.c,v 1.64 2014/07/24 19:35:39 christos Exp $")
+ #endif
+ 
+ #include <assert.h>
+@@ -835,6 +835,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 		q = (const uint8_t *)(const void *)
+ 		    ((const char *)(const void *)p + ofs
+ 		    - 2 * sizeof(uint32_t));
++		if (q < p) {
++			DPRINTF(("Wrapped around %p < %p\n", q, p));
++			goto out;
++		}
+ 		if (q > e) {
+ 			DPRINTF(("Ran of the end %p > %p\n", q, e));
+ 			goto out;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/file.git/commitdiff/38c1c6be7cc04c3a7dc4422f9add2b3567de0859



More information about the pld-cvs-commit mailing list