Hello community, here is the log from the commit of package file for openSUSE:Factory checked in at Tue Jun 9 17:40:20 CEST 2009. -------- --- file/file.changes 2009-06-02 13:49:26.000000000 +0200 +++ /mounts/work_src_done/STABLE/file/file.changes 2009-06-09 12:56:29.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Jun 9 12:51:31 CEST 2009 - werner@suse.de + +- Do _not_ touch change log of python-magic +- Update to file version 5.03 + * Avoid null dereference in cdf code (Drew Yao) + * More cdf bounds checks and overflow checks + +------------------------------------------------------------------- @@ -14 +22 @@ -- Update to filx version 5.02 +- Update to file version 5.02 --- file/python-magic.changes 2009-06-05 23:01:07.000000000 +0200 +++ /mounts/work_src_done/STABLE/file/python-magic.changes 2008-04-20 20:36:09.000000000 +0200 @@ -2 +2 @@ -Tue Jun 2 13:49:08 CEST 2009 - coolo@novell.com +Tue Apr 15 11:58:17 CEST 2008 - werner@suse.de @@ -4 +4 @@ -- sync Version using pre_checkin.sh +- Also change version number in python-magic.spec @@ -7 +7 @@ -Thu May 7 17:45:10 CEST 2009 - werner@suse.de +Mon Jan 28 18:10:23 CET 2008 - rguenther@suse.de @@ -9,588 +9 @@ -- Add support for special zip archives (bnc#500511) - -------------------------------------------------------------------- -Wed May 6 14:37:51 CEST 2009 - werner@suse.de - -- Update to filx version 5.02 - * Read ~/.magic in addition to the default magic file not instead - of, as documented in the man page. - * filesystem and msdos patches (Joerg Jenderek) - * Added CDF parsing - * Add text/x-lua MIME type for Lua scripts. - * >= <= is not supported, so fix the magic and warn about it. - reported by: Thien-Thi Nguyen <ttn@gnuvola.org> - * use memchr instead of strchr because the string - might not be NUL terminated (Scott MacVicar) - * Fix --mime, --mime-type and --mime-encoding under new scheme. - * add loop limits to avoid DoS attacks by constructing - looping sector references. - * Allow escaping of relation characters, so that we can say ^[A-Z] - and the ^ is not eaten as a relation char. - -------------------------------------------------------------------- -Mon Jan 26 21:17:45 CET 2009 - crrodriguez@suse.de - -- remove "la" files and static libraries - -------------------------------------------------------------------- -Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - -- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - (bnc#437293) - -------------------------------------------------------------------- -Thu Nov 27 13:17:54 CET 2008 - werner@suse.de - -- Add libsatsolver file magic -- Re-enable detection of old LZW (.Z) format (bnc#448984) - -------------------------------------------------------------------- -Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - -- obsolete old -XXbit packages (bnc#437293) - -------------------------------------------------------------------- -Tue Aug 19 18:51:46 CEST 2008 - ro@suse.de - -- fix detection for java bytecode - -------------------------------------------------------------------- -Tue May 6 21:21:24 CEST 2008 - aj@suse.de - -- Do not return random data. - -------------------------------------------------------------------- -Thu Apr 24 19:27:57 CEST 2008 - werner@suse.de - -- Don't slip into Mp3 channel for ext file systems (bnc#383431) - -------------------------------------------------------------------- -Mon Apr 14 17:35:43 CEST 2008 - werner@suse.de - -- Add CROM File System to Localstuff (bnc#379027) -- Update to file bugfix version 4.24 - * ELF core file command name/line bug fixes and enhancements - * Change strength of ! from MULT to 0, as it matches almost anything (Reuben Thomas) - * Clarify UTF-8 BOM message (Reuben Thomas) - * Add HTML comment to token list in names.h - * !:mime annotations in magic files (Reuben Thomas) - * zero out utime/utimes structs (Gavin Atkinson) - * reduce writable data from Diego "Flameeyes" Petten - * strtof detection - * remove bogus regex magic that could cause a DoS - * better mismatch version message - * bring back some fixes from OpenBSD - * treat ELF dynamic objects as executables - * fix gcc warnings - * make sure we have zlib.h and libz to compile the builtin - decompress code - * float and double magic support (Behan Webster) - * Convert fortran to a soft test (Reuben Thomas) - * Add --with-filename, and --no-filename (Reuben Thomas) - * Rest of the mime split (Reuben Thomas) - * Make usage message generated from the flags so that - they stay consistent (Reuben Thomas) - * typo in comment, missing ifdef QUICK, remove unneeded code - * Fix problem printing -\012 in some entries - * Separate magic type and encoding flags (Reuben Thomas) - * configure fix for int64 and strndup (Reuben Thomas) - * Add magic_descriptor() function. - * Fix regression in elf reading code where the core name was - not being printed. - * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson) - * Make mime format consistent so that it can - Remove 7/8bit classifications, since they were arbitrary - and not based on the file data. - -------------------------------------------------------------------- -Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - -- added baselibs.conf file to build xxbit packages - for multilib support - -------------------------------------------------------------------- -Thu Mar 13 19:19:56 CET 2008 - werner@suse.de - -- Remember ReiserFS V3.6.19 (bnc#370535) - -------------------------------------------------------------------- -Mon Jan 28 18:09:01 CET 2008 - rguenther@suse.de - -- Split python-magic off to separate spec file to avoid pulling - python into the base build cycle - -------------------------------------------------------------------- -Tue Jan 15 10:46:05 CET 2008 - werner@suse.de - -- Move python-base to python - -------------------------------------------------------------------- -Wed Dec 5 12:11:32 CET 2007 - werner@suse.de - -- Add X11 cursor magic to Localstuff (bug #346132) -- New package python-magic, the python API for the libmagic - -------------------------------------------------------------------- -Fri Aug 31 17:32:04 CEST 2007 - werner@suse.de - -- Make regex for awk more robust to avoid conflict with PostScript, - thanks goes to Werner Lemberg for the report - -------------------------------------------------------------------- -Wed Aug 29 19:01:31 CEST 2007 - werner@suse.de - -- Add Scribus to local magic (bug #298009) - -------------------------------------------------------------------- -Wed Jun 6 17:08:25 CEST 2007 - werner@suse.de - -- Update to file version 4.21 including the last three bug fixes - -------------------------------------------------------------------- -Thu May 24 11:58:09 CEST 2007 - werner@suse.de - -- Fix of the fix for bug #256290 with CVE-2007-2799 - -------------------------------------------------------------------- -Mon May 21 11:49:45 CEST 2007 - werner@suse.de - -- Expand search area used before regex (also bug #263754) - -------------------------------------------------------------------- -Mon May 14 13:19:00 CEST 2007 - werner@suse.de - -- More on DoS attack with regex (bug #263754) -- Avoid crash on unknown option and enable option `-e' - -------------------------------------------------------------------- -Mon Apr 16 14:56:02 CEST 2007 - werner@suse.de - -- Avoid DoS attack with regex (bug #263754) - -------------------------------------------------------------------- -Thu Apr 5 17:09:05 CEST 2007 - werner@suse.de - -- Avoid trouble with variable/macro on ppc64 - -------------------------------------------------------------------- -Mon Mar 26 15:46:17 CEST 2007 - rguenther@suse.de - -- Add zlib-devel BuildRequires - -------------------------------------------------------------------- -Wed Mar 21 12:57:57 CET 2007 - werner@suse.de - -- Update to file 4.20 due security reason CVE-2007-1536 (#256290) - -------------------------------------------------------------------- -Tue Mar 6 23:20:41 CET 2007 - rguenther@suse.de - -- Fix order of changelog entries - -------------------------------------------------------------------- -Thu Nov 23 17:15:17 CET 2006 - werner@suse.de - -- Initialize variable in elf patch - -------------------------------------------------------------------- -Wed Nov 22 16:14:33 CET 2006 - werner@suse.de ++++ 401 more lines (skipped) ++++ between file/python-magic.changes ++++ and /mounts/work_src_done/STABLE/file/python-magic.changes calling whatdependson for head-i586 Old: ---- file-5.02.dif file-5.02.tar.bz2 New: ---- file-5.03.dif file-5.03.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:39:59.000000000 +0200 +++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:39:59.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package file (Version 5.02) +# spec file for package file (Version 5.03) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -30,8 +30,8 @@ %endif # # Set Version also in python-magic.spec -Version: 5.02 -Release: 3 +Version: 5.03 +Release: 1 Summary: A Tool to Determine File Types Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2 Patch: file-%{version}.dif @@ -175,12 +175,17 @@ %attr(644,root,root) %{_mandir}/man3/libmagic.3.gz %changelog +* Tue Jun 09 2009 werner@suse.de +- Do _not_ touch change log of python-magic +- Update to file version 5.03 + * Avoid null dereference in cdf code (Drew Yao) + * More cdf bounds checks and overflow checks * Tue Jun 02 2009 coolo@novell.com - sync Version using pre_checkin.sh * Thu May 07 2009 werner@suse.de - Add support for special zip archives (bnc#500511) * Wed May 06 2009 werner@suse.de -- Update to filx version 5.02 +- Update to file version 5.02 * Read ~/.magic in addition to the default magic file not instead of, as documented in the man page. * filesystem and msdos patches (Joerg Jenderek) ++++++ python-magic.spec ++++++ --- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:39:59.000000000 +0200 +++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:39:59.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package python-magic (Version 5.02) +# spec file for package python-magic (Version 5.03) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,7 +26,7 @@ License: BSD 3 Clause, BSD 4 Clause Group: Development/Languages/Python AutoReqProv: on -Version: 5.02 +Version: 5.03 Release: 1 Summary: Python module to use libmagic %py_requires @@ -61,291 +61,7 @@ %doc python/README python/example.py %changelog -* Tue Jun 02 2009 coolo@novell.com -- sync Version using pre_checkin.sh -* Thu May 07 2009 werner@suse.de -- Add support for special zip archives (bnc#500511) -* Wed May 06 2009 werner@suse.de -- Update to filx version 5.02 - * Read ~/.magic in addition to the default magic file not instead - of, as documented in the man page. - * filesystem and msdos patches (Joerg Jenderek) - * Added CDF parsing - * Add text/x-lua MIME type for Lua scripts. - * >= <= is not supported, so fix the magic and warn about it. - reported by: Thien-Thi Nguyen <ttn@gnuvola.org> - * use memchr instead of strchr because the string - might not be NUL terminated (Scott MacVicar) - * Fix --mime, --mime-type and --mime-encoding under new scheme. - * add loop limits to avoid DoS attacks by constructing - looping sector references. - * Allow escaping of relation characters, so that we can say ^[A-Z] - and the ^ is not eaten as a relation char. -* Mon Jan 26 2009 crrodriguez@suse.de -- remove "la" files and static libraries -* Wed Dec 10 2008 olh@suse.de -- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - (bnc#437293) -* Thu Nov 27 2008 werner@suse.de -- Add libsatsolver file magic -- Re-enable detection of old LZW (.Z) format (bnc#448984) -* Thu Oct 30 2008 olh@suse.de -- obsolete old -XXbit packages (bnc#437293) -* Tue Aug 19 2008 ro@suse.de -- fix detection for java bytecode -* Tue May 06 2008 aj@suse.de -- Do not return random data. -* Thu Apr 24 2008 werner@suse.de -- Don't slip into Mp3 channel for ext file systems (bnc#383431) -* Mon Apr 14 2008 werner@suse.de -- Add CROM File System to Localstuff (bnc#379027) -- Update to file bugfix version 4.24 - * ELF core file command name/line bug fixes and enhancements - * Change strength of ! from MULT to 0, as it matches almost anything (Reuben Thomas) - * Clarify UTF-8 BOM message (Reuben Thomas) - * Add HTML comment to token list in names.h - * !:mime annotations in magic files (Reuben Thomas) - * zero out utime/utimes structs (Gavin Atkinson) - * reduce writable data from Diego "Flameeyes" Petten - * strtof detection - * remove bogus regex magic that could cause a DoS - * better mismatch version message - * bring back some fixes from OpenBSD - * treat ELF dynamic objects as executables - * fix gcc warnings - * make sure we have zlib.h and libz to compile the builtin - decompress code - * float and double magic support (Behan Webster) - * Convert fortran to a soft test (Reuben Thomas) - * Add --with-filename, and --no-filename (Reuben Thomas) - * Rest of the mime split (Reuben Thomas) - * Make usage message generated from the flags so that - they stay consistent (Reuben Thomas) - * typo in comment, missing ifdef QUICK, remove unneeded code - * Fix problem printing -\012 in some entries - * Separate magic type and encoding flags (Reuben Thomas) - * configure fix for int64 and strndup (Reuben Thomas) - * Add magic_descriptor() function. - * Fix regression in elf reading code where the core name was - not being printed. - * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson) - * Make mime format consistent so that it can - Remove 7/8bit classifications, since they were arbitrary - and not based on the file data. -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Thu Mar 13 2008 werner@suse.de -- Remember ReiserFS V3.6.19 (bnc#370535) +* Tue Apr 15 2008 werner@suse.de +- Also change version number in python-magic.spec * Mon Jan 28 2008 rguenther@suse.de -- Split python-magic off to separate spec file to avoid pulling - python into the base build cycle -* Tue Jan 15 2008 werner@suse.de -- Move python-base to python -* Wed Dec 05 2007 werner@suse.de -- Add X11 cursor magic to Localstuff (bug #346132) -- New package python-magic, the python API for the libmagic -* Fri Aug 31 2007 werner@suse.de -- Make regex for awk more robust to avoid conflict with PostScript, - thanks goes to Werner Lemberg for the report -* Wed Aug 29 2007 werner@suse.de -- Add Scribus to local magic (bug #298009) -* Wed Jun 06 2007 werner@suse.de -- Update to file version 4.21 including the last three bug fixes -* Thu May 24 2007 werner@suse.de -- Fix of the fix for bug #256290 with CVE-2007-2799 -* Mon May 21 2007 werner@suse.de -- Expand search area used before regex (also bug #263754) -* Mon May 14 2007 werner@suse.de -- More on DoS attack with regex (bug #263754) -- Avoid crash on unknown option and enable option `-e' -* Mon Apr 16 2007 werner@suse.de -- Avoid DoS attack with regex (bug #263754) -* Thu Apr 05 2007 werner@suse.de -- Avoid trouble with variable/macro on ppc64 -* Mon Mar 26 2007 rguenther@suse.de -- Add zlib-devel BuildRequires -* Wed Mar 21 2007 werner@suse.de -- Update to file 4.20 due security reason CVE-2007-1536 (#256290) -* Wed Mar 07 2007 rguenther@suse.de -- Fix order of changelog entries -* Thu Nov 23 2006 werner@suse.de -- Initialize variable in elf patch -* Wed Nov 22 2006 werner@suse.de -- Update to new file 4.18 - * Includes most of our extensions (elf, fifo, softmagic) -* Mon Jun 12 2006 werner@suse.de -- Reenable file to display process name from a core dump (#183685) -* Mon Mar 27 2006 werner@suse.de -- Add Mono/.Net identfiers to msdos magics (bug #159708) -* Fri Mar 24 2006 werner@suse.de -- Update to file version 4.17 - * This version supports new key like `search' and `regex' - * Port our patches to this version -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Mon Jan 16 2006 werner@suse.de -- Add Xen magics -* Tue Dec 06 2005 werner@suse.de -- Add Structured Storage Entry for PageMaker to local (bug #134895) -* Thu Oct 20 2005 werner@suse.de -- Update to file version 4.16 -* Tue Aug 23 2005 werner@suse.de -- Fix broken cracklib magic (bug #106007) -* Mon Jul 25 2005 werner@suse.de -- Update to new file 4.14 -- Split of the development version as own package -* Fri Jul 01 2005 werner@suse.de -- Even for netware the columns in the magic entry are seperated - by tabs -- Add cracklib magics (bug #93673) -* Mon Jun 13 2005 mmj@suse.de -- Add primitive magic for detecting netware loadable modules (NLMs) -- Don't remove buildroot before install -- Don't strip binaries explicitly -- %%doc is implied by %%man -* Thu Mar 17 2005 werner@suse.de -- Be sure that the pipe/fifo patch works (bug #73644) -* Thu Mar 10 2005 werner@suse.de -- Be able to use the -s option even on pipes (bug #71074) -- Do not hang on sockets or pipes not opened on the write side -* Fri Feb 18 2005 werner@suse.de -- Update to file 4.13 for fixes in handling of bzip2 and DOS files -- Do not be fooled by minix filesystems magics on jpeg files -* Fri Nov 26 2004 werner@suse.de -- Update to file 4.12, this may fix a security issue (bug #48576) -* Tue Sep 28 2004 werner@suse.de -- Correct PCP entries (bug #46111) -* Thu Sep 16 2004 werner@suse.de -- Read HOWMANY bytes even from a pipe (reported by max) -* Thu Aug 26 2004 werner@suse.de -- Update to bugfix release 4.09 -* Tue Aug 24 2004 lmuelle@suse.de -- Add -fPIC to the CFLAGS. -* Wed May 26 2004 werner@suse.de -- Don't trap into string formats if integers are provided (#41209) -* Mon May 24 2004 werner@suse.de -- Check for random data within ELF header (bug #40909) -* Thu Feb 12 2004 werner@suse.de -- Add name offsets for CORE dumps even for 64bit ELF (bug #34461) -* Tue Jan 20 2004 werner@suse.de -- Update to 4.07 -* Mon Dec 15 2003 werner@suse.de -- Add workaround for new automake `feature' of ignoring man pages -- Ensure that the correct break condition is returned if readelf - past the end of the buffer (bug #33644). -* Mon Dec 08 2003 werner@suse.de -- Update to 4.06 -- Use /etc/magic:/usr/share/misc/magic as magic and move /etc/magic - to a real configuration file for _local_ settings (bug #32725). -* Sat Oct 18 2003 kukuk@suse.de -- Add patch to detect policy file for SE Linux -- Build as normal user -- Clean up build root -* Mon Sep 29 2003 werner@suse.de -- Avoid endless loop due wrong alignment in old ELF binaries -* Tue Sep 16 2003 werner@suse.de -- Extend buffer from 64kb upto 68kB to find ReiserFS (bug #30736) -* Wed Jul 02 2003 werner@suse.de -- Use _libdir -* Tue Jul 01 2003 werner@suse.de -- Update to file 4.03 -* Thu Apr 17 2003 coolo@suse.de -- use BuildRoot -* Tue Mar 04 2003 werner@suse.de -- Fix buffer overflow in elf detection -* Tue Dec 17 2002 olh@suse.de -- use RPM_BUILD_ROOT, not BUILD_ROOT in testsuite -* Mon Nov 11 2002 ro@suse.de -- fix deprecated multiline string literal (from longopt patch) -* Tue Sep 17 2002 ro@suse.de -- removed bogus self-provides -* Tue Jul 23 2002 werner@suse.de -- Add mySQL bytes to magic (bug #16138) -* Fri Jun 07 2002 olh@suse.de -- don't change the union u in readelf.c:tryelf() on ppc64 -* Mon Feb 04 2002 werner@suse.de -- Fix looking of manual page -* Mon Feb 04 2002 werner@suse.de -- Add some magics for METAFONT format files -- Add inofficial long options for LSB -* Thu Dec 27 2001 adrian@suse.de -- fix file output for mips binaries. The old output broke several - ltconfig scripts in other packages and was wrong anyway. -- recompress tar ball with bz2 -* Wed Dec 19 2001 werner@suse.de -- update to version 3.37 -* Sat Jun 30 2001 bk@suse.de -- update to version 3.33 -- don't change the union u in readelf.c:tryelf() on s390x. -- option i: fix one-byte memory underallocation - strcat adds '\0' -* Thu Jun 07 2001 werner@suse.de -- Autoconf and Elf header: make it work again -* Fri May 04 2001 werner@suse.de -- Make symlink /etc/magic a relative one -* Tue Jan 16 2001 werner@suse.de -- Change order to find WAVE and TTF data before G3, apple and - macintosh data. -- Change string detection of PFM data to bit comparision masking - out the third bit to make raw G3 work. -* Sun Dec 03 2000 schwab@suse.de -- Don't match against artificial null byte. -- Fix resource leaks. -* Tue Nov 28 2000 aj@suse.de -- Add LFS support. -* Tue Nov 14 2000 werner@suse.de -- Correct version handling of Linux/i386 Kernel setup header -* Mon Nov 13 2000 werner@suse.de -- Fix handling of Microsoft Access Database in comparision - with Digifax-G3-File. -* Tue Oct 03 2000 kukuk@suse.de -- fix inclusion of config.h -- Add group tag -* Thu Sep 28 2000 werner@suse.de -- Move Magdir changes into misc dif -- Remove exectuable from text scripts -* Fri Sep 15 2000 werner@suse.de -- Update to version 3.32 -* Tue Jun 20 2000 werner@suse.de -- /usr/lib/magic -> /usr/share/misc/magic -* Thu Feb 03 2000 schwab@suse.de -- Ignore SHT_DYNSYM sections when deciding whether object is stripped. -* Fri Jan 28 2000 schwab@suse.de -- Fix int32 vs long problem. -* Thu Jan 27 2000 schwab@suse.de -- Fix non-ascii literal characters in string -- Specfile cleanup, get rid of Makefile.Linux -- /usr/man -> /usr/share/man -* Thu Nov 25 1999 schwab@suse.de -- Fix location of magic file. -* Tue Nov 23 1999 kukuk@suse.de -- Update to version 3.27 -- Add patches for SPARC -* Mon Sep 13 1999 bs@suse.de -- ran old prepare_spec on spec file to switch to new prepare_spec. -* Tue Aug 24 1999 uli@suse.de -- added -fsigned-char to CFLAGS (PPC) -* Thu Nov 05 1998 ro@suse.de -- disabled dcore (won't build with glibc-2.0) -* Thu Oct 01 1998 ro@suse.de -- update to 3.26 -- hacked dcore.c to build with glibc-2.1 -* Fri Oct 10 1997 florian@suse.de -- add some more entries to magic -* Wed Jun 25 1997 florian@suse.de -- add additional entries to recognize LaTeX files -* Tue May 27 1997 florian@suse.de -- add some additional entries from mgetty/vgetty -- add additional entries for CLISP and GNU gettext from Bruno Haible -* Wed Jan 22 1997 florian@suse.de -- update to version 3.22 -* Thu Jan 02 1997 florian@suse.de -- recognise german umlauts as text: dirty hack, but also call "setlocale" - for correctly installed systems... -- add "dcore"-program to show some information about core-files -* Thu Jan 02 1997 florian@suse.de -- update to version 3.21 -- mv /etc/magic /usr/lib/magic (/etc/magic is still a symlink to new - location) -* Thu Jan 02 1997 florian@suse.de -- added missing entries for G3-fax (from mgetty source) +- Split off from file. ++++++ file-5.02.dif -> file-5.03.dif ++++++ ++++++ file-5.02.tar.bz2 -> file-5.03.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/ChangeLog new/file-5.03/ChangeLog --- old/file-5.02/ChangeLog 2009-05-02 00:37:33.000000000 +0200 +++ new/file-5.03/ChangeLog 2009-05-06 16:24:48.000000000 +0200 @@ -1,3 +1,9 @@ +2009-05-06 10:25 Christos Zoulas <christos@zoulas.com> + + * Avoid null dereference in cdf code (Drew Yao) + + * More cdf bounds checks and overflow checks + 2009-05-01 18:37 Christos Zoulas <christos@zoulas.com> * Buffer overflow fixes from Drew Yao diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/configure new/file-5.03/configure --- old/file-5.02/configure 2009-05-04 17:15:42.000000000 +0200 +++ new/file-5.03/configure 2009-05-06 22:50:05.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for file 5.02. +# Generated by GNU Autoconf 2.61 for file 5.03. # # Report bugs to <christos@astron.com>. # @@ -728,8 +728,8 @@ # Identity of this package. PACKAGE_NAME='file' PACKAGE_TARNAME='file' -PACKAGE_VERSION='5.02' -PACKAGE_STRING='file 5.02' +PACKAGE_VERSION='5.03' +PACKAGE_STRING='file 5.03' PACKAGE_BUGREPORT='christos@astron.com' # Factoring default headers for most tests. @@ -1399,7 +1399,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -`configure' configures file 5.02 to adapt to many kinds of systems. +`configure' configures file 5.03 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1469,7 +1469,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of file 5.02:";; + short | recursive ) echo "Configuration of file 5.03:";; esac cat <<_ACEOF @@ -1576,7 +1576,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<_ACEOF -file configure 5.02 +file configure 5.03 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1590,7 +1590,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by file $as_me 5.02, which was +It was created by file $as_me 5.03, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2280,7 +2280,7 @@ # Define the identity of the package. PACKAGE='file' - VERSION='5.02' + VERSION='5.03' cat >>confdefs.h <<_ACEOF @@ -24303,7 +24303,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by file $as_me 5.02, which was +This file was extended by file $as_me 5.03, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24356,7 +24356,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\ -file config.status 5.02 +file config.status 5.03 configured by $0, generated by GNU Autoconf 2.61, with options \"`echo "$ac_configure_args" | sed 's/^ //; s/[\""`$]/\\&/g'`\" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/configure.ac new/file-5.03/configure.ac --- old/file-5.02/configure.ac 2009-05-04 17:14:50.000000000 +0200 +++ new/file-5.03/configure.ac 2009-05-06 22:32:25.000000000 +0200 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(file, 5.02, christos@astron.com) +AC_INIT(file, 5.03, christos@astron.com) AM_INIT_AUTOMAKE AM_CONFIG_HEADER(config.h) #AC_CONFIG_MACRO_DIR([m4]) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/cdf.c new/file-5.03/src/cdf.c --- old/file-5.02/src/cdf.c 2009-05-02 22:07:45.000000000 +0200 +++ new/file-5.03/src/cdf.c 2009-05-06 16:29:47.000000000 +0200 @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf.c,v 1.26 2009/05/02 20:06:55 christos Exp $") +FILE_RCSID("@(#)$File: cdf.c,v 1.30 2009/05/06 14:29:47 christos Exp $") #endif #include <assert.h> @@ -227,6 +227,19 @@ CDF_UNPACK(d->d_unused0); } +static int +cdf_check_stream_offset(const cdf_stream_t *sst, const void *p, size_t tail) +{ + const char *b = (const char *)sst->sst_tab; + const char *e = ((const char *)p) + tail; + if (e >= b && (size_t)(e - b) < sst->sst_dirlen * sst->sst_len) + return 0; + DPRINTF((stderr, "offset begin %p end %p %zu >= %zu\n", b, e, + (size_t)(e - b), sst->sst_dirlen * sst->sst_len)); + errno = EFTYPE; + return -1; +} + static ssize_t cdf_read(const cdf_info_t *info, off_t off, void *buf, size_t len) { @@ -321,15 +334,15 @@ break; #define CDF_SEC_LIMIT (UINT32_MAX / (4 * ss)) - if (h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT || - i > CDF_SEC_LIMIT / nsatpersec) { + if (h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec || + i > CDF_SEC_LIMIT) { DPRINTF(("Number of sectors in master SAT too big %u %zu\n", h->h_num_sectors_in_master_sat, i)); errno = EFTYPE; return -1; } - sat->sat_len = h->h_num_sectors_in_master_sat + i * nsatpersec; + sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i; DPRINTF(("sat_len = %zu ss = %zu\n", sat->sat_len, ss)); if ((sat->sat_tab = calloc(sat->sat_len, ss)) == NULL) return -1; @@ -349,6 +362,8 @@ mid = h->h_secid_first_sector_in_master_sat; for (j = 0; j < h->h_num_sectors_in_master_sat; j++) { + if (mid < 0) + goto out; if (j >= CDF_LOOP_LIMIT) { DPRINTF(("Reading master sector loop limit")); errno = EFTYPE; @@ -360,10 +375,8 @@ } for (k = 0; k < nsatpersec; k++, i++) { sec = CDF_TOLE4(msa[k]); - if (sec < 0) { - sat->sat_len = i; - break; - } + if (sec < 0) + goto out; if (i >= sat->sat_len) { DPRINTF(("Out of bounds reading MSA %u >= %u", i, sat->sat_len)); @@ -379,6 +392,8 @@ } mid = CDF_TOLE4(msa[nsatpersec]); } +out: + sat->sat_len = i; free(msa); return 0; out2: @@ -467,7 +482,7 @@ scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h)); scn->sst_dirlen = len; - if (scn->sst_len == (size_t)-1) + if (sst->sst_tab == NULL || scn->sst_len == (size_t)-1) return -1; scn->sst_tab = calloc(scn->sst_len, ss); @@ -618,22 +633,21 @@ break; /* If the it is not there, just fake it; some docs don't have it */ - if (i == dir->dir_len) { - scn->sst_tab = NULL; - scn->sst_len = 0; - return 0; - } + if (i == dir->dir_len) + goto out; d = &dir->dir_tab[i]; /* If the it is not there, just fake it; some docs don't have it */ - if (d->d_stream_first_sector < 0) { - scn->sst_tab = NULL; - scn->sst_len = 0; - return 0; - } + if (d->d_stream_first_sector < 0) + goto out; return cdf_read_long_sector_chain(info, h, sat, d->d_stream_first_sector, d->d_size, scn); +out: + scn->sst_tab = NULL; + scn->sst_len = 0; + scn->sst_dirlen = 0; + return 0; } static int @@ -686,16 +700,27 @@ size_t i, o, nelements, j; cdf_property_info_t *inp; + if (offs > UINT32_MAX / 4) { + errno = EFTYPE; + goto out; + } shp = (const void *)((const char *)sst->sst_tab + offs); + if (cdf_check_stream_offset(sst, shp, sizeof(*shp)) == -1) + goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); +#define CDF_SHLEN_LIMIT (UINT32_MAX / 8) + if (sh.sh_len > CDF_SHLEN_LIMIT) { + errno = EFTYPE; + goto out; + } sh.sh_properties = CDF_TOLE4(shp->sh_properties); -#define CDF_PROP_LIM (UINT32_MAX / (4 * sizeof(*inp))) - if (sh.sh_properties > CDF_PROP_LIM) +#define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp))) + if (sh.sh_properties > CDF_PROP_LIMIT) goto out; DPRINTF(("section len: %u properties %u\n", sh.sh_len, sh.sh_properties)); if (*maxcount) { - if (*maxcount > CDF_PROP_LIM) + if (*maxcount > CDF_PROP_LIMIT) goto out; *maxcount += sh.sh_properties; inp = realloc(*info, *maxcount * sizeof(*inp)); @@ -710,6 +735,8 @@ *count += sh.sh_properties; p = (const void *)((const char *)sst->sst_tab + offs + sizeof(sh)); e = (const void *)(((const char *)shp) + sh.sh_len); + if (cdf_check_stream_offset(sst, e, 0) == -1) + goto out; for (i = 0; i < sh.sh_properties; i++) { q = (const uint32_t *)((const char *)p + CDF_TOLE4(p[(i << 1) + 1])) - 2; @@ -767,8 +794,8 @@ case CDF_LENGTH32_STRING: if (nelements > 1) { size_t nelem = inp - *info; - if (*maxcount > CDF_PROP_LIM - || nelements > CDF_PROP_LIM) + if (*maxcount > CDF_PROP_LIMIT + || nelements > CDF_PROP_LIMIT) goto out; *maxcount += nelements; inp = realloc(*info, *maxcount * sizeof(*inp)); @@ -822,6 +849,9 @@ const cdf_section_declaration_t *sd = (const void *) ((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET); + if (cdf_check_stream_offset(sst, si, sizeof(*si)) == -1 || + cdf_check_stream_offset(sst, sd, sizeof(*sd)) == -1) + return -1; ssi->si_byte_order = CDF_TOLE2(si->si_byte_order); ssi->si_os_version = CDF_TOLE2(si->si_os_version); ssi->si_os = CDF_TOLE2(si->si_os); @@ -936,11 +966,13 @@ size_t i; #define DUMP(a, b) (void)fprintf(stderr, "%40.40s = " a "\n", # b, h->h_ ## b) +#define DUMP2(a, b) (void)fprintf(stderr, "%40.40s = " a " (" a ")\n", # b, \ + h->h_ ## b, 1 << h->h_ ## b) DUMP("%d", revision); DUMP("%d", version); DUMP("0x%x", byte_order); - DUMP("%d", sec_size_p2); - DUMP("%d", short_sec_size_p2); + DUMP2("%d", sec_size_p2); + DUMP2("%d", short_sec_size_p2); DUMP("%d", num_sectors_in_sat); DUMP("%d", secid_first_directory); DUMP("%d", min_size_standard_stream); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/patchlevel.h new/file-5.03/src/patchlevel.h --- old/file-5.02/src/patchlevel.h 2009-05-04 17:15:13.000000000 +0200 +++ new/file-5.03/src/patchlevel.h 2009-05-06 22:32:48.000000000 +0200 @@ -1,11 +1,14 @@ #define FILE_VERSION_MAJOR 5 -#define patchlevel 2 +#define patchlevel 3 /* * Patchlevel file for Ian Darwin's MAGIC command. - * $File: patchlevel.h,v 1.73 2009/05/04 15:15:13 christos Exp $ + * $File: patchlevel.h,v 1.74 2009/05/06 20:32:48 christos Exp $ * * $Log: patchlevel.h,v $ + * Revision 1.74 2009/05/06 20:32:48 christos + * welcome to 5.03 + * * Revision 1.73 2009/05/04 15:15:13 christos * 5.02... * diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/readcdf.c new/file-5.03/src/readcdf.c --- old/file-5.02/src/readcdf.c 2009-05-02 00:36:58.000000000 +0200 +++ new/file-5.03/src/readcdf.c 2009-05-06 22:48:22.000000000 +0200 @@ -26,7 +26,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readcdf.c,v 1.16 2009/05/01 22:36:58 christos Exp $") +FILE_RCSID("@(#)$File: readcdf.c,v 1.18 2009/05/06 20:48:22 christos Exp $") #endif #include <stdlib.h> @@ -147,15 +147,8 @@ size_t count; int m; - if (cdf_unpack_summary_info(sst, &si, &info, &count) == -1) { - if (si.si_byte_order != 0xfffe) - return 0; - else - return -1; - } - - if (si.si_byte_order != 0xfffe) - return 0; + if (cdf_unpack_summary_info(sst, &si, &info, &count) == -1) + return -1; if (NOTMIME(ms)) { if (file_printf(ms, "CDF V2 Document") == -1) @@ -246,7 +239,7 @@ if ((i = cdf_read_summary_info(&info, &h, &sat, &ssat, &sst, &dir, &scn)) == -1) { - expn = ""; + expn = "Cannot read summary info"; goto out4; } #ifdef CDF_DEBUG ++++++ pre_checkin.sh ++++++ --- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:40:00.000000000 +0200 +++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:40:00.000000000 +0200 @@ -1,7 +1,4 @@ #!/bin/bash # This script is called automatically during autobuild checkin. - version=$(grep '^Version:.*' file.spec) - -cp -f file.changes python-magic.changes -sed -i -e "s,Version:.*,$version," python-magic.spec +sed -ri "s,^Version:.*,$version," python-magic.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org