From 249671f318086692cc67bd1540e783e4c29f0872 Mon Sep 17 00:00:00 2001 From: eulerstorage Date: Thu, 26 Dec 2019 10:14:33 +0800 Subject: [PATCH] reupload patches --- 6003-CVE-2019-18218.patch | 49 ++++++------- ...eed-up-searches-if-available-Michael.patch | 68 +++++++++--------- ...ays-return-if-not-found-found-by-OSS.patch | 70 +++++++++---------- file.spec | 11 +-- 4 files changed, 101 insertions(+), 97 deletions(-) diff --git a/6003-CVE-2019-18218.patch b/6003-CVE-2019-18218.patch index bf23312..21a31c3 100644 --- a/6003-CVE-2019-18218.patch +++ b/6003-CVE-2019-18218.patch @@ -9,35 +9,36 @@ index 9d639674..bb81d637 100644 --- a/src/cdf.c +++ b/src/cdf.c @@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - } - nelements = CDF_GETUINT32(q, 1); -- if (nelements == 0) { -- DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == %" -+ SIZE_T_FORMAT "u\n", nelements)); - goto out; - } - slen = 2; + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; @@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - inp += nelem; - } -- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", -- nelements)); - for (j = 0; j < nelements && i < sh.sh_properties; - j++, i++) - { + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { diff --git a/src/cdf.h b/src/cdf.h index 2f7e554b..05056668 100644 --- a/src/cdf.h +++ b/src/cdf.h @@ -48,6 +48,7 @@ typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 - #define CDF_LOOP_LIMIT 10000 -+#define CDF_ELEMENT_LIMIT 100000 - - #define CDF_SECID_NULL 0 - #define CDF_SECID_FREE -1 diff --git a/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch b/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch index 066e051..c520777 100644 --- a/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch +++ b/6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch @@ -15,11 +15,11 @@ index ec296aa4..402f75dd 100644 +++ b/configure.ac @@ -151,7 +151,7 @@ else fi]) - + dnl Checks for functions -AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale) +AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale memmem) - + dnl Provide implementation of some required functions if necessary AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf) diff --git a/src/softmagic.c b/src/softmagic.c @@ -28,43 +28,43 @@ index cfc17812..9999ef6f 100644 +++ b/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" - - #ifndef lint + + #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.262 2018/06/22 20:39:50 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $") - #endif /* lint */ - + #endif /* lint */ + #include "magic.h" @@ -2063,6 +2063,29 @@ magiccheck(struct magic_set *ms, struct magic *m) - slen = MIN(m->vallen, sizeof(m->value.s)); - l = 0; - v = 0; + slen = MIN(m->vallen, sizeof(m->value.s)); + l = 0; + v = 0; +#ifdef HAVE_MEMMEM -+ if (slen > 0 && m->str_flags == 0) { -+ const char *found; -+ if (m->str_range != 0 -+ && ms->search.s_len >= m->str_range + slen) { -+ found = memmem(ms->search.s, -+ m->str_range + slen, m->value.s, slen); -+ } else { -+ found = memmem(ms->search.s, -+ ms->search.s_len, m->value.s, slen); -+ if (!found) -+ return 0; -+ } -+ if (!found) { -+ v = 1; -+ } else { -+ idx = found - ms->search.s; -+ ms->search.offset += idx; -+ ms->search.rm_len = ms->search.s_len - idx; -+ } -+ break; -+ } ++ if (slen > 0 && m->str_flags == 0) { ++ const char *found; ++ if (m->str_range != 0 ++ && ms->search.s_len >= m->str_range + slen) { ++ found = memmem(ms->search.s, ++ m->str_range + slen, m->value.s, slen); ++ } else { ++ found = memmem(ms->search.s, ++ ms->search.s_len, m->value.s, slen); ++ if (!found) ++ return 0; ++ } ++ if (!found) { ++ v = 1; ++ } else { ++ idx = found - ms->search.s; ++ ms->search.offset += idx; ++ ms->search.rm_len = ms->search.s_len - idx; ++ } ++ break; ++ } +#endif - - for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { - if (slen + idx > ms->search.s_len) --- + + for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { + if (slen + idx > ms->search.s_len) +-- 2.19.1 diff --git a/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch b/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch index 2dc7fc8..2483479 100644 --- a/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch +++ b/6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch @@ -13,46 +13,46 @@ index 9999ef6f..2befe35f 100644 +++ b/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" - - #ifndef lint + + #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.279 2019/02/27 16:52:23 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.280 2019/02/28 12:52:56 christos Exp $") - #endif /* lint */ - + #endif /* lint */ + #include "magic.h" @@ -2066,23 +2066,15 @@ magiccheck(struct magic_set *ms, struct magic *m) #ifdef HAVE_MEMMEM - if (slen > 0 && m->str_flags == 0) { - const char *found; -- if (m->str_range != 0 -- && ms->search.s_len >= m->str_range + slen) { -- found = memmem(ms->search.s, -- m->str_range + slen, m->value.s, slen); -- } else { -- found = memmem(ms->search.s, -- ms->search.s_len, m->value.s, slen); -- if (!found) -- return 0; -- } -- if (!found) { -- v = 1; -- } else { -- idx = found - ms->search.s; -- ms->search.offset += idx; -- ms->search.rm_len = ms->search.s_len - idx; -- } -+ idx = m->str_range + slen; -+ if (m->str_range == 0 || ms->search.s_len < idx) -+ idx = ms->search.s_len; -+ found = memmem(ms->search.s, idx, m->value.s, slen); -+ if (!found) -+ return 0; -+ idx = found - ms->search.s; -+ ms->search.offset += idx; -+ ms->search.rm_len = ms->search.s_len - idx; - break; - } + if (slen > 0 && m->str_flags == 0) { + const char *found; +- if (m->str_range != 0 +- && ms->search.s_len >= m->str_range + slen) { +- found = memmem(ms->search.s, +- m->str_range + slen, m->value.s, slen); +- } else { +- found = memmem(ms->search.s, +- ms->search.s_len, m->value.s, slen); +- if (!found) +- return 0; +- } +- if (!found) { +- v = 1; +- } else { +- idx = found - ms->search.s; +- ms->search.offset += idx; +- ms->search.rm_len = ms->search.s_len - idx; +- } ++ idx = m->str_range + slen; ++ if (m->str_range == 0 || ms->search.s_len < idx) ++ idx = ms->search.s_len; ++ found = memmem(ms->search.s, idx, m->value.s, slen); ++ if (!found) ++ return 0; ++ idx = found - ms->search.s; ++ ms->search.offset += idx; ++ ms->search.rm_len = ms->search.s_len - idx; + break; + } #endif --- +-- 2.19.1 diff --git a/file.spec b/file.spec index 0bc4231..2257bf5 100644 --- a/file.spec +++ b/file.spec @@ -1,6 +1,6 @@ Name: file Version: 5.34 -Release: 8 +Release: 9 Summary: A tool to identify the type of a particular file type License: BSD URL: http://www.darwinsys.com/file/ @@ -17,9 +17,9 @@ Patch6002: 6002-Fix-indirect-offset-overflow-calculation-B.-Watson.patch Patch3: 0003-file-5.34-readelf.patch -#Patch6003: 6003-CVE-2019-18218.patch -#Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch -#Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch +Patch6003: 6003-CVE-2019-18218.patch +Patch6004: 6004-Use-memmem-to-speed-up-searches-if-available-Michael.patch +Patch6005: 6005-Simplify-and-always-return-if-not-found-found-by-OSS.patch Requires: %{name}-libs = %{version}-%{release} BuildRequires: autoconf automake libtool git zlib-devel @@ -161,6 +161,9 @@ cd %{py3dir} %{python3_sitelib}/__pycache__/* %changelog +* Thu Dec 26 2019 openEuler Buildteam - 5.34-9 +- reupload patches + * Wed Dec 25 2019 openEuler Buildteam - 5.34-8 - revert patches -- Gitee