Hello community, here is the log from the commit of package file checked in at Thu May 17 11:31:51 CEST 2007. -------- --- file/file.changes 2007-04-16 16:26:20.000000000 +0200 +++ /mounts/work_src_done/STABLE/file/file.changes 2007-05-14 13:19:49.737038000 +0200 @@ -1,0 +2,6 @@ +Mon May 14 13:19:00 CEST 2007 - werner@suse.de + +- More on DoS attack with regex (bug #263754) +- Avoid crash on unknown option and enable option `-e' + +------------------------------------------------------------------- New: ---- file-4.20-option.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.K12077/_old 2007-05-17 11:31:18.000000000 +0200 +++ /var/tmp/diff_new_pack.K12077/_new 2007-05-17 11:31:18.000000000 +0200 @@ -17,7 +17,7 @@ Group: Productivity/File utilities Autoreqprov: on Version: 4.20 -Release: 7 +Release: 13 Summary: A Tool to Determine File Types Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2 Patch: file-%{version}.dif @@ -34,6 +34,7 @@ Patch11: file-4.20-reg_startend.dif Patch12: file-4.20-unused.dif Patch13: file-4.20-reg_dos.dif +Patch14: file-4.20-option.dif Patch20: file-4.16-mips.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -83,6 +84,7 @@ %patch11 -p0 -b .rse %patch12 -p0 -b .unused %patch13 -p0 -b .reg +%patch14 -p0 -b .opt %ifarch mips %patch20 -p0 -b .mips %endif @@ -145,6 +147,9 @@ %attr(644,root,root) %{_mandir}/man3/libmagic.3.gz %changelog +* Mon May 14 2007 - werner@suse.de +- More on DoS attack with regex (bug #263754) +- Avoid crash on unknown option and enable option `-e' * Mon Apr 16 2007 - werner@suse.de - Avoid DoS attack with regex (bug #263754) * Thu Apr 05 2007 - werner@suse.de ++++++ file-4.20.dif ++++++ --- /var/tmp/diff_new_pack.K12077/_old 2007-05-17 11:31:18.000000000 +0200 +++ /var/tmp/diff_new_pack.K12077/_new 2007-05-17 11:31:18.000000000 +0200 @@ -1,6 +1,6 @@ --- .pkgextract +++ .pkgextract 2006-03-27 13:29:19.000000000 +0200 -@@ -0,0 +1,12 @@ +@@ -0,0 +1,14 @@ +patch -p0 -s --suffix=.misc < ../file-4.18-misc.dif +patch -p0 -s --suffix=.pcp < ../file-4.12-pcp.dif +patch -p0 -s --suffix=.exec < ../file-4.20-exec.dif @@ -13,6 +13,8 @@ +patch -p0 -s --suffix=.prtf < ../file-4.18-printf.dif +patch -p0 -s --suffix=.rse < ../file-4.20-reg_startend.dif +patch -p0 -s --suffix=.unsd < ../file-4.20-unused.dif ++patch -p0 -s --suffix=.reg < ../file-4.20-reg_dos.dif ++patch -p0 -s --suffix=.opt < ../file-4.20-option.dif --- magic/Header +++ magic/Header 2006-03-27 13:29:19.000000000 +0200 @@ -1,5 +1,7 @@ ++++++ file-4.20-option.dif ++++++ --- src/file.c +++ src/file.c 2007-05-14 11:14:56.000000000 +0000 @@ -128,7 +128,7 @@ main(int argc, char *argv[]) char *home, *usermagic; struct stat sb; static const char hmagic[] = "/.magic"; -#define OPTSTRING "bcCdf:F:hikLm:nNprsvz0" +#define OPTSTRING "bcCde:f:F:hikLm:nNprsvz0" #ifdef HAVE_GETOPT_LONG int longindex; static const struct option long_options[] = @@ -138,7 +138,7 @@ main(int argc, char *argv[]) {"brief", 0, 0, 'b'}, {"checking-printout", 0, 0, 'c'}, {"debug", 0, 0, 'd'}, - {"exclude", 0, 0, 'e' }, + {"exclude", 1, 0, 'e' }, {"files-from", 1, 0, 'f'}, {"separator", 1, 0, 'F'}, {"mime", 0, 0, 'i'}, @@ -240,6 +240,8 @@ main(int argc, char *argv[]) flags |= MAGIC_DEBUG|MAGIC_CHECK; break; case 'e': + if (!optarg) + usage(); for (i = 0; i < sizeof(nv) / sizeof(nv[0]); i++) if (strcmp(nv[i].name, optarg) == 0) break; @@ -251,13 +253,15 @@ main(int argc, char *argv[]) break; case 'f': - if(action) + if(action || !optarg) usage(); load(magicfile, flags); unwrap(optarg); ++didsomefiles; break; case 'F': + if (!optarg) + usage(); separator = optarg; break; case 'i': @@ -267,6 +271,8 @@ main(int argc, char *argv[]) flags |= MAGIC_CONTINUE; break; case 'm': + if (!optarg) + usage(); magicfile = optarg; break; case 'n': ++++++ file-4.20-reg_dos.dif ++++++ --- /var/tmp/diff_new_pack.K12077/_old 2007-05-17 11:31:18.000000000 +0200 +++ /var/tmp/diff_new_pack.K12077/_new 2007-05-17 11:31:18.000000000 +0200 @@ -1,6 +1,6 @@ --- magic/Magdir/msdos +++ magic/Magdir/msdos 2007-04-16 14:54:43.942155748 +0200 -@@ -14,8 +14,10 @@ +@@ -14,8 +14,12 @@ # OS/2 batch files are REXX. the second regex is a bit generic, oh well # the matched commands seem to be common in REXX and uncommon elsewhere @@ -8,8 +8,10 @@ -100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text +#100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text +#100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text -+100 regex/c =^\\s{0,255}call\\s{1,99}rxfuncadd OS/2 REXX batch file text -+100 regex/c =^\\s{0,255}say\ ['"] OS/2 REXX batch file text ++100 search/0x200 rxfuncadd ++>100 regex/c =^\\s{0,255}call\\s{1,99}rxfuncadd OS/2 REXX batch file text ++100 search/0x200 say ++>100 regex/c =^\\s{0,255}say\ ['"] OS/2 REXX batch file text 0 leshort 0x14c MS Windows COFF Intel 80386 object file #>4 ledate x stamp %s ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de