Hello community,
here is the log from the commit of package file for openSUSE:Factory
checked in at Tue Jun 9 17:40:20 CEST 2009.
--------
--- file/file.changes 2009-06-02 13:49:26.000000000 +0200
+++ /mounts/work_src_done/STABLE/file/file.changes 2009-06-09 12:56:29.000000000 +0200
@@ -1,0 +2,8 @@
+Tue Jun 9 12:51:31 CEST 2009 - werner@suse.de
+
+- Do _not_ touch change log of python-magic
+- Update to file version 5.03
+ * Avoid null dereference in cdf code (Drew Yao)
+ * More cdf bounds checks and overflow checks
+
+-------------------------------------------------------------------
@@ -14 +22 @@
-- Update to filx version 5.02
+- Update to file version 5.02
--- file/python-magic.changes 2009-06-05 23:01:07.000000000 +0200
+++ /mounts/work_src_done/STABLE/file/python-magic.changes 2008-04-20 20:36:09.000000000 +0200
@@ -2 +2 @@
-Tue Jun 2 13:49:08 CEST 2009 - coolo@novell.com
+Tue Apr 15 11:58:17 CEST 2008 - werner@suse.de
@@ -4 +4 @@
-- sync Version using pre_checkin.sh
+- Also change version number in python-magic.spec
@@ -7 +7 @@
-Thu May 7 17:45:10 CEST 2009 - werner@suse.de
+Mon Jan 28 18:10:23 CET 2008 - rguenther@suse.de
@@ -9,588 +9 @@
-- Add support for special zip archives (bnc#500511)
-
--------------------------------------------------------------------
-Wed May 6 14:37:51 CEST 2009 - werner@suse.de
-
-- Update to filx version 5.02
- * Read ~/.magic in addition to the default magic file not instead
- of, as documented in the man page.
- * filesystem and msdos patches (Joerg Jenderek)
- * Added CDF parsing
- * Add text/x-lua MIME type for Lua scripts.
- * >= <= is not supported, so fix the magic and warn about it.
- reported by: Thien-Thi Nguyen
- * use memchr instead of strchr because the string
- might not be NUL terminated (Scott MacVicar)
- * Fix --mime, --mime-type and --mime-encoding under new scheme.
- * add loop limits to avoid DoS attacks by constructing
- looping sector references.
- * Allow escaping of relation characters, so that we can say \^[A-Z]
- and the ^ is not eaten as a relation char.
-
--------------------------------------------------------------------
-Mon Jan 26 21:17:45 CET 2009 - crrodriguez@suse.de
-
-- remove "la" files and static libraries
-
--------------------------------------------------------------------
-Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
-
-- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
- (bnc#437293)
-
--------------------------------------------------------------------
-Thu Nov 27 13:17:54 CET 2008 - werner@suse.de
-
-- Add libsatsolver file magic
-- Re-enable detection of old LZW (.Z) format (bnc#448984)
-
--------------------------------------------------------------------
-Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
-
-- obsolete old -XXbit packages (bnc#437293)
-
--------------------------------------------------------------------
-Tue Aug 19 18:51:46 CEST 2008 - ro@suse.de
-
-- fix detection for java bytecode
-
--------------------------------------------------------------------
-Tue May 6 21:21:24 CEST 2008 - aj@suse.de
-
-- Do not return random data.
-
--------------------------------------------------------------------
-Thu Apr 24 19:27:57 CEST 2008 - werner@suse.de
-
-- Don't slip into Mp3 channel for ext file systems (bnc#383431)
-
--------------------------------------------------------------------
-Mon Apr 14 17:35:43 CEST 2008 - werner@suse.de
-
-- Add CROM File System to Localstuff (bnc#379027)
-- Update to file bugfix version 4.24
- * ELF core file command name/line bug fixes and enhancements
- * Change strength of ! from MULT to 0, as it matches almost anything (Reuben Thomas)
- * Clarify UTF-8 BOM message (Reuben Thomas)
- * Add HTML comment to token list in names.h
- * !:mime annotations in magic files (Reuben Thomas)
- * zero out utime/utimes structs (Gavin Atkinson)
- * reduce writable data from Diego "Flameeyes" Petten
- * strtof detection
- * remove bogus regex magic that could cause a DoS
- * better mismatch version message
- * bring back some fixes from OpenBSD
- * treat ELF dynamic objects as executables
- * fix gcc warnings
- * make sure we have zlib.h and libz to compile the builtin
- decompress code
- * float and double magic support (Behan Webster)
- * Convert fortran to a soft test (Reuben Thomas)
- * Add --with-filename, and --no-filename (Reuben Thomas)
- * Rest of the mime split (Reuben Thomas)
- * Make usage message generated from the flags so that
- they stay consistent (Reuben Thomas)
- * typo in comment, missing ifdef QUICK, remove unneeded code
- * Fix problem printing -\012 in some entries
- * Separate magic type and encoding flags (Reuben Thomas)
- * configure fix for int64 and strndup (Reuben Thomas)
- * Add magic_descriptor() function.
- * Fix regression in elf reading code where the core name was
- not being printed.
- * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson)
- * Make mime format consistent so that it can
- Remove 7/8bit classifications, since they were arbitrary
- and not based on the file data.
-
--------------------------------------------------------------------
-Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
-
-- added baselibs.conf file to build xxbit packages
- for multilib support
-
--------------------------------------------------------------------
-Thu Mar 13 19:19:56 CET 2008 - werner@suse.de
-
-- Remember ReiserFS V3.6.19 (bnc#370535)
-
--------------------------------------------------------------------
-Mon Jan 28 18:09:01 CET 2008 - rguenther@suse.de
-
-- Split python-magic off to separate spec file to avoid pulling
- python into the base build cycle
-
--------------------------------------------------------------------
-Tue Jan 15 10:46:05 CET 2008 - werner@suse.de
-
-- Move python-base to python
-
--------------------------------------------------------------------
-Wed Dec 5 12:11:32 CET 2007 - werner@suse.de
-
-- Add X11 cursor magic to Localstuff (bug #346132)
-- New package python-magic, the python API for the libmagic
-
--------------------------------------------------------------------
-Fri Aug 31 17:32:04 CEST 2007 - werner@suse.de
-
-- Make regex for awk more robust to avoid conflict with PostScript,
- thanks goes to Werner Lemberg for the report
-
--------------------------------------------------------------------
-Wed Aug 29 19:01:31 CEST 2007 - werner@suse.de
-
-- Add Scribus to local magic (bug #298009)
-
--------------------------------------------------------------------
-Wed Jun 6 17:08:25 CEST 2007 - werner@suse.de
-
-- Update to file version 4.21 including the last three bug fixes
-
--------------------------------------------------------------------
-Thu May 24 11:58:09 CEST 2007 - werner@suse.de
-
-- Fix of the fix for bug #256290 with CVE-2007-2799
-
--------------------------------------------------------------------
-Mon May 21 11:49:45 CEST 2007 - werner@suse.de
-
-- Expand search area used before regex (also bug #263754)
-
--------------------------------------------------------------------
-Mon May 14 13:19:00 CEST 2007 - werner@suse.de
-
-- More on DoS attack with regex (bug #263754)
-- Avoid crash on unknown option and enable option `-e'
-
--------------------------------------------------------------------
-Mon Apr 16 14:56:02 CEST 2007 - werner@suse.de
-
-- Avoid DoS attack with regex (bug #263754)
-
--------------------------------------------------------------------
-Thu Apr 5 17:09:05 CEST 2007 - werner@suse.de
-
-- Avoid trouble with variable/macro on ppc64
-
--------------------------------------------------------------------
-Mon Mar 26 15:46:17 CEST 2007 - rguenther@suse.de
-
-- Add zlib-devel BuildRequires
-
--------------------------------------------------------------------
-Wed Mar 21 12:57:57 CET 2007 - werner@suse.de
-
-- Update to file 4.20 due security reason CVE-2007-1536 (#256290)
-
--------------------------------------------------------------------
-Tue Mar 6 23:20:41 CET 2007 - rguenther@suse.de
-
-- Fix order of changelog entries
-
--------------------------------------------------------------------
-Thu Nov 23 17:15:17 CET 2006 - werner@suse.de
-
-- Initialize variable in elf patch
-
--------------------------------------------------------------------
-Wed Nov 22 16:14:33 CET 2006 - werner@suse.de
++++ 401 more lines (skipped)
++++ between file/python-magic.changes
++++ and /mounts/work_src_done/STABLE/file/python-magic.changes
calling whatdependson for head-i586
Old:
----
file-5.02.dif
file-5.02.tar.bz2
New:
----
file-5.03.dif
file-5.03.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ file.spec ++++++
--- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:39:59.000000000 +0200
+++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:39:59.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package file (Version 5.02)
+# spec file for package file (Version 5.03)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -30,8 +30,8 @@
%endif
#
# Set Version also in python-magic.spec
-Version: 5.02
-Release: 3
+Version: 5.03
+Release: 1
Summary: A Tool to Determine File Types
Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2
Patch: file-%{version}.dif
@@ -175,12 +175,17 @@
%attr(644,root,root) %{_mandir}/man3/libmagic.3.gz
%changelog
+* Tue Jun 09 2009 werner@suse.de
+- Do _not_ touch change log of python-magic
+- Update to file version 5.03
+ * Avoid null dereference in cdf code (Drew Yao)
+ * More cdf bounds checks and overflow checks
* Tue Jun 02 2009 coolo@novell.com
- sync Version using pre_checkin.sh
* Thu May 07 2009 werner@suse.de
- Add support for special zip archives (bnc#500511)
* Wed May 06 2009 werner@suse.de
-- Update to filx version 5.02
+- Update to file version 5.02
* Read ~/.magic in addition to the default magic file not instead
of, as documented in the man page.
* filesystem and msdos patches (Joerg Jenderek)
++++++ python-magic.spec ++++++
--- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:39:59.000000000 +0200
+++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:39:59.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package python-magic (Version 5.02)
+# spec file for package python-magic (Version 5.03)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -26,7 +26,7 @@
License: BSD 3 Clause, BSD 4 Clause
Group: Development/Languages/Python
AutoReqProv: on
-Version: 5.02
+Version: 5.03
Release: 1
Summary: Python module to use libmagic
%py_requires
@@ -61,291 +61,7 @@
%doc python/README python/example.py
%changelog
-* Tue Jun 02 2009 coolo@novell.com
-- sync Version using pre_checkin.sh
-* Thu May 07 2009 werner@suse.de
-- Add support for special zip archives (bnc#500511)
-* Wed May 06 2009 werner@suse.de
-- Update to filx version 5.02
- * Read ~/.magic in addition to the default magic file not instead
- of, as documented in the man page.
- * filesystem and msdos patches (Joerg Jenderek)
- * Added CDF parsing
- * Add text/x-lua MIME type for Lua scripts.
- * >= <= is not supported, so fix the magic and warn about it.
- reported by: Thien-Thi Nguyen
- * use memchr instead of strchr because the string
- might not be NUL terminated (Scott MacVicar)
- * Fix --mime, --mime-type and --mime-encoding under new scheme.
- * add loop limits to avoid DoS attacks by constructing
- looping sector references.
- * Allow escaping of relation characters, so that we can say \^[A-Z]
- and the ^ is not eaten as a relation char.
-* Mon Jan 26 2009 crrodriguez@suse.de
-- remove "la" files and static libraries
-* Wed Dec 10 2008 olh@suse.de
-- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
- (bnc#437293)
-* Thu Nov 27 2008 werner@suse.de
-- Add libsatsolver file magic
-- Re-enable detection of old LZW (.Z) format (bnc#448984)
-* Thu Oct 30 2008 olh@suse.de
-- obsolete old -XXbit packages (bnc#437293)
-* Tue Aug 19 2008 ro@suse.de
-- fix detection for java bytecode
-* Tue May 06 2008 aj@suse.de
-- Do not return random data.
-* Thu Apr 24 2008 werner@suse.de
-- Don't slip into Mp3 channel for ext file systems (bnc#383431)
-* Mon Apr 14 2008 werner@suse.de
-- Add CROM File System to Localstuff (bnc#379027)
-- Update to file bugfix version 4.24
- * ELF core file command name/line bug fixes and enhancements
- * Change strength of ! from MULT to 0, as it matches almost anything (Reuben Thomas)
- * Clarify UTF-8 BOM message (Reuben Thomas)
- * Add HTML comment to token list in names.h
- * !:mime annotations in magic files (Reuben Thomas)
- * zero out utime/utimes structs (Gavin Atkinson)
- * reduce writable data from Diego "Flameeyes" Petten
- * strtof detection
- * remove bogus regex magic that could cause a DoS
- * better mismatch version message
- * bring back some fixes from OpenBSD
- * treat ELF dynamic objects as executables
- * fix gcc warnings
- * make sure we have zlib.h and libz to compile the builtin
- decompress code
- * float and double magic support (Behan Webster)
- * Convert fortran to a soft test (Reuben Thomas)
- * Add --with-filename, and --no-filename (Reuben Thomas)
- * Rest of the mime split (Reuben Thomas)
- * Make usage message generated from the flags so that
- they stay consistent (Reuben Thomas)
- * typo in comment, missing ifdef QUICK, remove unneeded code
- * Fix problem printing -\012 in some entries
- * Separate magic type and encoding flags (Reuben Thomas)
- * configure fix for int64 and strndup (Reuben Thomas)
- * Add magic_descriptor() function.
- * Fix regression in elf reading code where the core name was
- not being printed.
- * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson)
- * Make mime format consistent so that it can
- Remove 7/8bit classifications, since they were arbitrary
- and not based on the file data.
-* Thu Apr 10 2008 ro@suse.de
-- added baselibs.conf file to build xxbit packages
- for multilib support
-* Thu Mar 13 2008 werner@suse.de
-- Remember ReiserFS V3.6.19 (bnc#370535)
+* Tue Apr 15 2008 werner@suse.de
+- Also change version number in python-magic.spec
* Mon Jan 28 2008 rguenther@suse.de
-- Split python-magic off to separate spec file to avoid pulling
- python into the base build cycle
-* Tue Jan 15 2008 werner@suse.de
-- Move python-base to python
-* Wed Dec 05 2007 werner@suse.de
-- Add X11 cursor magic to Localstuff (bug #346132)
-- New package python-magic, the python API for the libmagic
-* Fri Aug 31 2007 werner@suse.de
-- Make regex for awk more robust to avoid conflict with PostScript,
- thanks goes to Werner Lemberg for the report
-* Wed Aug 29 2007 werner@suse.de
-- Add Scribus to local magic (bug #298009)
-* Wed Jun 06 2007 werner@suse.de
-- Update to file version 4.21 including the last three bug fixes
-* Thu May 24 2007 werner@suse.de
-- Fix of the fix for bug #256290 with CVE-2007-2799
-* Mon May 21 2007 werner@suse.de
-- Expand search area used before regex (also bug #263754)
-* Mon May 14 2007 werner@suse.de
-- More on DoS attack with regex (bug #263754)
-- Avoid crash on unknown option and enable option `-e'
-* Mon Apr 16 2007 werner@suse.de
-- Avoid DoS attack with regex (bug #263754)
-* Thu Apr 05 2007 werner@suse.de
-- Avoid trouble with variable/macro on ppc64
-* Mon Mar 26 2007 rguenther@suse.de
-- Add zlib-devel BuildRequires
-* Wed Mar 21 2007 werner@suse.de
-- Update to file 4.20 due security reason CVE-2007-1536 (#256290)
-* Wed Mar 07 2007 rguenther@suse.de
-- Fix order of changelog entries
-* Thu Nov 23 2006 werner@suse.de
-- Initialize variable in elf patch
-* Wed Nov 22 2006 werner@suse.de
-- Update to new file 4.18
- * Includes most of our extensions (elf, fifo, softmagic)
-* Mon Jun 12 2006 werner@suse.de
-- Reenable file to display process name from a core dump (#183685)
-* Mon Mar 27 2006 werner@suse.de
-- Add Mono/.Net identfiers to msdos magics (bug #159708)
-* Fri Mar 24 2006 werner@suse.de
-- Update to file version 4.17
- * This version supports new key like `search' and `regex'
- * Port our patches to this version
-* Wed Jan 25 2006 mls@suse.de
-- converted neededforbuild to BuildRequires
-* Mon Jan 16 2006 werner@suse.de
-- Add Xen magics
-* Tue Dec 06 2005 werner@suse.de
-- Add Structured Storage Entry for PageMaker to local (bug #134895)
-* Thu Oct 20 2005 werner@suse.de
-- Update to file version 4.16
-* Tue Aug 23 2005 werner@suse.de
-- Fix broken cracklib magic (bug #106007)
-* Mon Jul 25 2005 werner@suse.de
-- Update to new file 4.14
-- Split of the development version as own package
-* Fri Jul 01 2005 werner@suse.de
-- Even for netware the columns in the magic entry are seperated
- by tabs
-- Add cracklib magics (bug #93673)
-* Mon Jun 13 2005 mmj@suse.de
-- Add primitive magic for detecting netware loadable modules (NLMs)
-- Don't remove buildroot before install
-- Don't strip binaries explicitly
-- %%doc is implied by %%man
-* Thu Mar 17 2005 werner@suse.de
-- Be sure that the pipe/fifo patch works (bug #73644)
-* Thu Mar 10 2005 werner@suse.de
-- Be able to use the -s option even on pipes (bug #71074)
-- Do not hang on sockets or pipes not opened on the write side
-* Fri Feb 18 2005 werner@suse.de
-- Update to file 4.13 for fixes in handling of bzip2 and DOS files
-- Do not be fooled by minix filesystems magics on jpeg files
-* Fri Nov 26 2004 werner@suse.de
-- Update to file 4.12, this may fix a security issue (bug #48576)
-* Tue Sep 28 2004 werner@suse.de
-- Correct PCP entries (bug #46111)
-* Thu Sep 16 2004 werner@suse.de
-- Read HOWMANY bytes even from a pipe (reported by max)
-* Thu Aug 26 2004 werner@suse.de
-- Update to bugfix release 4.09
-* Tue Aug 24 2004 lmuelle@suse.de
-- Add -fPIC to the CFLAGS.
-* Wed May 26 2004 werner@suse.de
-- Don't trap into string formats if integers are provided (#41209)
-* Mon May 24 2004 werner@suse.de
-- Check for random data within ELF header (bug #40909)
-* Thu Feb 12 2004 werner@suse.de
-- Add name offsets for CORE dumps even for 64bit ELF (bug #34461)
-* Tue Jan 20 2004 werner@suse.de
-- Update to 4.07
-* Mon Dec 15 2003 werner@suse.de
-- Add workaround for new automake `feature' of ignoring man pages
-- Ensure that the correct break condition is returned if readelf
- past the end of the buffer (bug #33644).
-* Mon Dec 08 2003 werner@suse.de
-- Update to 4.06
-- Use /etc/magic:/usr/share/misc/magic as magic and move /etc/magic
- to a real configuration file for _local_ settings (bug #32725).
-* Sat Oct 18 2003 kukuk@suse.de
-- Add patch to detect policy file for SE Linux
-- Build as normal user
-- Clean up build root
-* Mon Sep 29 2003 werner@suse.de
-- Avoid endless loop due wrong alignment in old ELF binaries
-* Tue Sep 16 2003 werner@suse.de
-- Extend buffer from 64kb upto 68kB to find ReiserFS (bug #30736)
-* Wed Jul 02 2003 werner@suse.de
-- Use _libdir
-* Tue Jul 01 2003 werner@suse.de
-- Update to file 4.03
-* Thu Apr 17 2003 coolo@suse.de
-- use BuildRoot
-* Tue Mar 04 2003 werner@suse.de
-- Fix buffer overflow in elf detection
-* Tue Dec 17 2002 olh@suse.de
-- use RPM_BUILD_ROOT, not BUILD_ROOT in testsuite
-* Mon Nov 11 2002 ro@suse.de
-- fix deprecated multiline string literal (from longopt patch)
-* Tue Sep 17 2002 ro@suse.de
-- removed bogus self-provides
-* Tue Jul 23 2002 werner@suse.de
-- Add mySQL bytes to magic (bug #16138)
-* Fri Jun 07 2002 olh@suse.de
-- don't change the union u in readelf.c:tryelf() on ppc64
-* Mon Feb 04 2002 werner@suse.de
-- Fix looking of manual page
-* Mon Feb 04 2002 werner@suse.de
-- Add some magics for METAFONT format files
-- Add inofficial long options for LSB
-* Thu Dec 27 2001 adrian@suse.de
-- fix file output for mips binaries. The old output broke several
- ltconfig scripts in other packages and was wrong anyway.
-- recompress tar ball with bz2
-* Wed Dec 19 2001 werner@suse.de
-- update to version 3.37
-* Sat Jun 30 2001 bk@suse.de
-- update to version 3.33
-- don't change the union u in readelf.c:tryelf() on s390x.
-- option i: fix one-byte memory underallocation - strcat adds '\0'
-* Thu Jun 07 2001 werner@suse.de
-- Autoconf and Elf header: make it work again
-* Fri May 04 2001 werner@suse.de
-- Make symlink /etc/magic a relative one
-* Tue Jan 16 2001 werner@suse.de
-- Change order to find WAVE and TTF data before G3, apple and
- macintosh data.
-- Change string detection of PFM data to bit comparision masking
- out the third bit to make raw G3 work.
-* Sun Dec 03 2000 schwab@suse.de
-- Don't match against artificial null byte.
-- Fix resource leaks.
-* Tue Nov 28 2000 aj@suse.de
-- Add LFS support.
-* Tue Nov 14 2000 werner@suse.de
-- Correct version handling of Linux/i386 Kernel setup header
-* Mon Nov 13 2000 werner@suse.de
-- Fix handling of Microsoft Access Database in comparision
- with Digifax-G3-File.
-* Tue Oct 03 2000 kukuk@suse.de
-- fix inclusion of config.h
-- Add group tag
-* Thu Sep 28 2000 werner@suse.de
-- Move Magdir changes into misc dif
-- Remove exectuable from text scripts
-* Fri Sep 15 2000 werner@suse.de
-- Update to version 3.32
-* Tue Jun 20 2000 werner@suse.de
-- /usr/lib/magic -> /usr/share/misc/magic
-* Thu Feb 03 2000 schwab@suse.de
-- Ignore SHT_DYNSYM sections when deciding whether object is stripped.
-* Fri Jan 28 2000 schwab@suse.de
-- Fix int32 vs long problem.
-* Thu Jan 27 2000 schwab@suse.de
-- Fix non-ascii literal characters in string
-- Specfile cleanup, get rid of Makefile.Linux
-- /usr/man -> /usr/share/man
-* Thu Nov 25 1999 schwab@suse.de
-- Fix location of magic file.
-* Tue Nov 23 1999 kukuk@suse.de
-- Update to version 3.27
-- Add patches for SPARC
-* Mon Sep 13 1999 bs@suse.de
-- ran old prepare_spec on spec file to switch to new prepare_spec.
-* Tue Aug 24 1999 uli@suse.de
-- added -fsigned-char to CFLAGS (PPC)
-* Thu Nov 05 1998 ro@suse.de
-- disabled dcore (won't build with glibc-2.0)
-* Thu Oct 01 1998 ro@suse.de
-- update to 3.26
-- hacked dcore.c to build with glibc-2.1
-* Fri Oct 10 1997 florian@suse.de
-- add some more entries to magic
-* Wed Jun 25 1997 florian@suse.de
-- add additional entries to recognize LaTeX files
-* Tue May 27 1997 florian@suse.de
-- add some additional entries from mgetty/vgetty
-- add additional entries for CLISP and GNU gettext from Bruno Haible
-* Wed Jan 22 1997 florian@suse.de
-- update to version 3.22
-* Thu Jan 02 1997 florian@suse.de
-- recognise german umlauts as text: dirty hack, but also call "setlocale"
- for correctly installed systems...
-- add "dcore"-program to show some information about core-files
-* Thu Jan 02 1997 florian@suse.de
-- update to version 3.21
-- mv /etc/magic /usr/lib/magic (/etc/magic is still a symlink to new
- location)
-* Thu Jan 02 1997 florian@suse.de
-- added missing entries for G3-fax (from mgetty source)
+- Split off from file.
++++++ file-5.02.dif -> file-5.03.dif ++++++
++++++ file-5.02.tar.bz2 -> file-5.03.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/ChangeLog new/file-5.03/ChangeLog
--- old/file-5.02/ChangeLog 2009-05-02 00:37:33.000000000 +0200
+++ new/file-5.03/ChangeLog 2009-05-06 16:24:48.000000000 +0200
@@ -1,3 +1,9 @@
+2009-05-06 10:25 Christos Zoulas
+
+ * Avoid null dereference in cdf code (Drew Yao)
+
+ * More cdf bounds checks and overflow checks
+
2009-05-01 18:37 Christos Zoulas
* Buffer overflow fixes from Drew Yao
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/configure new/file-5.03/configure
--- old/file-5.02/configure 2009-05-04 17:15:42.000000000 +0200
+++ new/file-5.03/configure 2009-05-06 22:50:05.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for file 5.02.
+# Generated by GNU Autoconf 2.61 for file 5.03.
#
# Report bugs to .
#
@@ -728,8 +728,8 @@
# Identity of this package.
PACKAGE_NAME='file'
PACKAGE_TARNAME='file'
-PACKAGE_VERSION='5.02'
-PACKAGE_STRING='file 5.02'
+PACKAGE_VERSION='5.03'
+PACKAGE_STRING='file 5.03'
PACKAGE_BUGREPORT='christos@astron.com'
# Factoring default headers for most tests.
@@ -1399,7 +1399,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures file 5.02 to adapt to many kinds of systems.
+\`configure' configures file 5.03 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1469,7 +1469,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of file 5.02:";;
+ short | recursive ) echo "Configuration of file 5.03:";;
esac
cat <<\_ACEOF
@@ -1576,7 +1576,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-file configure 5.02
+file configure 5.03
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1590,7 +1590,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by file $as_me 5.02, which was
+It was created by file $as_me 5.03, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2280,7 +2280,7 @@
# Define the identity of the package.
PACKAGE='file'
- VERSION='5.02'
+ VERSION='5.03'
cat >>confdefs.h <<_ACEOF
@@ -24303,7 +24303,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by file $as_me 5.02, which was
+This file was extended by file $as_me 5.03, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -24356,7 +24356,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-file config.status 5.02
+file config.status 5.03
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/configure.ac new/file-5.03/configure.ac
--- old/file-5.02/configure.ac 2009-05-04 17:14:50.000000000 +0200
+++ new/file-5.03/configure.ac 2009-05-06 22:32:25.000000000 +0200
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(file, 5.02, christos@astron.com)
+AC_INIT(file, 5.03, christos@astron.com)
AM_INIT_AUTOMAKE
AM_CONFIG_HEADER(config.h)
#AC_CONFIG_MACRO_DIR([m4])
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/cdf.c new/file-5.03/src/cdf.c
--- old/file-5.02/src/cdf.c 2009-05-02 22:07:45.000000000 +0200
+++ new/file-5.03/src/cdf.c 2009-05-06 16:29:47.000000000 +0200
@@ -32,7 +32,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.26 2009/05/02 20:06:55 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.30 2009/05/06 14:29:47 christos Exp $")
#endif
#include
@@ -227,6 +227,19 @@
CDF_UNPACK(d->d_unused0);
}
+static int
+cdf_check_stream_offset(const cdf_stream_t *sst, const void *p, size_t tail)
+{
+ const char *b = (const char *)sst->sst_tab;
+ const char *e = ((const char *)p) + tail;
+ if (e >= b && (size_t)(e - b) < sst->sst_dirlen * sst->sst_len)
+ return 0;
+ DPRINTF((stderr, "offset begin %p end %p %zu >= %zu\n", b, e,
+ (size_t)(e - b), sst->sst_dirlen * sst->sst_len));
+ errno = EFTYPE;
+ return -1;
+}
+
static ssize_t
cdf_read(const cdf_info_t *info, off_t off, void *buf, size_t len)
{
@@ -321,15 +334,15 @@
break;
#define CDF_SEC_LIMIT (UINT32_MAX / (4 * ss))
- if (h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT ||
- i > CDF_SEC_LIMIT / nsatpersec) {
+ if (h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec ||
+ i > CDF_SEC_LIMIT) {
DPRINTF(("Number of sectors in master SAT too big %u %zu\n",
h->h_num_sectors_in_master_sat, i));
errno = EFTYPE;
return -1;
}
- sat->sat_len = h->h_num_sectors_in_master_sat + i * nsatpersec;
+ sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i;
DPRINTF(("sat_len = %zu ss = %zu\n", sat->sat_len, ss));
if ((sat->sat_tab = calloc(sat->sat_len, ss)) == NULL)
return -1;
@@ -349,6 +362,8 @@
mid = h->h_secid_first_sector_in_master_sat;
for (j = 0; j < h->h_num_sectors_in_master_sat; j++) {
+ if (mid < 0)
+ goto out;
if (j >= CDF_LOOP_LIMIT) {
DPRINTF(("Reading master sector loop limit"));
errno = EFTYPE;
@@ -360,10 +375,8 @@
}
for (k = 0; k < nsatpersec; k++, i++) {
sec = CDF_TOLE4(msa[k]);
- if (sec < 0) {
- sat->sat_len = i;
- break;
- }
+ if (sec < 0)
+ goto out;
if (i >= sat->sat_len) {
DPRINTF(("Out of bounds reading MSA %u >= %u",
i, sat->sat_len));
@@ -379,6 +392,8 @@
}
mid = CDF_TOLE4(msa[nsatpersec]);
}
+out:
+ sat->sat_len = i;
free(msa);
return 0;
out2:
@@ -467,7 +482,7 @@
scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h));
scn->sst_dirlen = len;
- if (scn->sst_len == (size_t)-1)
+ if (sst->sst_tab == NULL || scn->sst_len == (size_t)-1)
return -1;
scn->sst_tab = calloc(scn->sst_len, ss);
@@ -618,22 +633,21 @@
break;
/* If the it is not there, just fake it; some docs don't have it */
- if (i == dir->dir_len) {
- scn->sst_tab = NULL;
- scn->sst_len = 0;
- return 0;
- }
+ if (i == dir->dir_len)
+ goto out;
d = &dir->dir_tab[i];
/* If the it is not there, just fake it; some docs don't have it */
- if (d->d_stream_first_sector < 0) {
- scn->sst_tab = NULL;
- scn->sst_len = 0;
- return 0;
- }
+ if (d->d_stream_first_sector < 0)
+ goto out;
return cdf_read_long_sector_chain(info, h, sat,
d->d_stream_first_sector, d->d_size, scn);
+out:
+ scn->sst_tab = NULL;
+ scn->sst_len = 0;
+ scn->sst_dirlen = 0;
+ return 0;
}
static int
@@ -686,16 +700,27 @@
size_t i, o, nelements, j;
cdf_property_info_t *inp;
+ if (offs > UINT32_MAX / 4) {
+ errno = EFTYPE;
+ goto out;
+ }
shp = (const void *)((const char *)sst->sst_tab + offs);
+ if (cdf_check_stream_offset(sst, shp, sizeof(*shp)) == -1)
+ goto out;
sh.sh_len = CDF_TOLE4(shp->sh_len);
+#define CDF_SHLEN_LIMIT (UINT32_MAX / 8)
+ if (sh.sh_len > CDF_SHLEN_LIMIT) {
+ errno = EFTYPE;
+ goto out;
+ }
sh.sh_properties = CDF_TOLE4(shp->sh_properties);
-#define CDF_PROP_LIM (UINT32_MAX / (4 * sizeof(*inp)))
- if (sh.sh_properties > CDF_PROP_LIM)
+#define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp)))
+ if (sh.sh_properties > CDF_PROP_LIMIT)
goto out;
DPRINTF(("section len: %u properties %u\n", sh.sh_len,
sh.sh_properties));
if (*maxcount) {
- if (*maxcount > CDF_PROP_LIM)
+ if (*maxcount > CDF_PROP_LIMIT)
goto out;
*maxcount += sh.sh_properties;
inp = realloc(*info, *maxcount * sizeof(*inp));
@@ -710,6 +735,8 @@
*count += sh.sh_properties;
p = (const void *)((const char *)sst->sst_tab + offs + sizeof(sh));
e = (const void *)(((const char *)shp) + sh.sh_len);
+ if (cdf_check_stream_offset(sst, e, 0) == -1)
+ goto out;
for (i = 0; i < sh.sh_properties; i++) {
q = (const uint32_t *)((const char *)p +
CDF_TOLE4(p[(i << 1) + 1])) - 2;
@@ -767,8 +794,8 @@
case CDF_LENGTH32_STRING:
if (nelements > 1) {
size_t nelem = inp - *info;
- if (*maxcount > CDF_PROP_LIM
- || nelements > CDF_PROP_LIM)
+ if (*maxcount > CDF_PROP_LIMIT
+ || nelements > CDF_PROP_LIMIT)
goto out;
*maxcount += nelements;
inp = realloc(*info, *maxcount * sizeof(*inp));
@@ -822,6 +849,9 @@
const cdf_section_declaration_t *sd = (const void *)
((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET);
+ if (cdf_check_stream_offset(sst, si, sizeof(*si)) == -1 ||
+ cdf_check_stream_offset(sst, sd, sizeof(*sd)) == -1)
+ return -1;
ssi->si_byte_order = CDF_TOLE2(si->si_byte_order);
ssi->si_os_version = CDF_TOLE2(si->si_os_version);
ssi->si_os = CDF_TOLE2(si->si_os);
@@ -936,11 +966,13 @@
size_t i;
#define DUMP(a, b) (void)fprintf(stderr, "%40.40s = " a "\n", # b, h->h_ ## b)
+#define DUMP2(a, b) (void)fprintf(stderr, "%40.40s = " a " (" a ")\n", # b, \
+ h->h_ ## b, 1 << h->h_ ## b)
DUMP("%d", revision);
DUMP("%d", version);
DUMP("0x%x", byte_order);
- DUMP("%d", sec_size_p2);
- DUMP("%d", short_sec_size_p2);
+ DUMP2("%d", sec_size_p2);
+ DUMP2("%d", short_sec_size_p2);
DUMP("%d", num_sectors_in_sat);
DUMP("%d", secid_first_directory);
DUMP("%d", min_size_standard_stream);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/patchlevel.h new/file-5.03/src/patchlevel.h
--- old/file-5.02/src/patchlevel.h 2009-05-04 17:15:13.000000000 +0200
+++ new/file-5.03/src/patchlevel.h 2009-05-06 22:32:48.000000000 +0200
@@ -1,11 +1,14 @@
#define FILE_VERSION_MAJOR 5
-#define patchlevel 2
+#define patchlevel 3
/*
* Patchlevel file for Ian Darwin's MAGIC command.
- * $File: patchlevel.h,v 1.73 2009/05/04 15:15:13 christos Exp $
+ * $File: patchlevel.h,v 1.74 2009/05/06 20:32:48 christos Exp $
*
* $Log: patchlevel.h,v $
+ * Revision 1.74 2009/05/06 20:32:48 christos
+ * welcome to 5.03
+ *
* Revision 1.73 2009/05/04 15:15:13 christos
* 5.02...
*
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/file-5.02/src/readcdf.c new/file-5.03/src/readcdf.c
--- old/file-5.02/src/readcdf.c 2009-05-02 00:36:58.000000000 +0200
+++ new/file-5.03/src/readcdf.c 2009-05-06 22:48:22.000000000 +0200
@@ -26,7 +26,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: readcdf.c,v 1.16 2009/05/01 22:36:58 christos Exp $")
+FILE_RCSID("@(#)$File: readcdf.c,v 1.18 2009/05/06 20:48:22 christos Exp $")
#endif
#include
@@ -147,15 +147,8 @@
size_t count;
int m;
- if (cdf_unpack_summary_info(sst, &si, &info, &count) == -1) {
- if (si.si_byte_order != 0xfffe)
- return 0;
- else
- return -1;
- }
-
- if (si.si_byte_order != 0xfffe)
- return 0;
+ if (cdf_unpack_summary_info(sst, &si, &info, &count) == -1)
+ return -1;
if (NOTMIME(ms)) {
if (file_printf(ms, "CDF V2 Document") == -1)
@@ -246,7 +239,7 @@
if ((i = cdf_read_summary_info(&info, &h, &sat, &ssat, &sst, &dir,
&scn)) == -1) {
- expn = "";
+ expn = "Cannot read summary info";
goto out4;
}
#ifdef CDF_DEBUG
++++++ pre_checkin.sh ++++++
--- /var/tmp/diff_new_pack.S20688/_old 2009-06-09 17:40:00.000000000 +0200
+++ /var/tmp/diff_new_pack.S20688/_new 2009-06-09 17:40:00.000000000 +0200
@@ -1,7 +1,4 @@
#!/bin/bash
# This script is called automatically during autobuild checkin.
-
version=$(grep '^Version:.*' file.spec)
-
-cp -f file.changes python-magic.changes
-sed -i -e "s,Version:.*,$version," python-magic.spec
+sed -ri "s,^Version:.*,$version," python-magic.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org