* [ptxdist] [PATCH] file: upgrade to 5.17 @ 2014-02-17 8:09 Alexander Dahl 2014-03-12 7:22 ` Alexander Dahl 0 siblings, 1 reply; 5+ messages in thread From: Alexander Dahl @ 2014-02-17 8:09 UTC (permalink / raw) To: ptxdist Version 5.17 fixes CVE-2014-1943. See: https://security-tracker.debian.org/tracker/CVE-2014-1943 Signed-off-by: Alexander Dahl <post@lespocky.de> --- rules/file.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/file.make b/rules/file.make index 172037d..000fd13 100644 --- a/rules/file.make +++ b/rules/file.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file # # Paths and names # -FILE_VERSION := 5.11 -FILE_MD5 := 16a407bd66d6c7a832f3a5c0d609c27b +FILE_VERSION := 5.17 +FILE_MD5 := e19c47e069ced7b01ccb4db402cc01d3 FILE := file-$(FILE_VERSION) FILE_SUFFIX := tar.gz FILE_URL := ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX) -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH] file: upgrade to 5.17 2014-02-17 8:09 [ptxdist] [PATCH] file: upgrade to 5.17 Alexander Dahl @ 2014-03-12 7:22 ` Alexander Dahl 2014-03-12 8:29 ` Alexander Dahl 0 siblings, 1 reply; 5+ messages in thread From: Alexander Dahl @ 2014-03-12 7:22 UTC (permalink / raw) To: ptxdist [-- Attachment #1.1: Type: text/plain, Size: 1156 bytes --] What about this one? Greets Alex On Mon, Feb 17, 2014 at 09:09:05AM +0100, Alexander Dahl wrote: > Version 5.17 fixes CVE-2014-1943. See: > https://security-tracker.debian.org/tracker/CVE-2014-1943 > > Signed-off-by: Alexander Dahl <post@lespocky.de> > --- > rules/file.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/file.make b/rules/file.make > index 172037d..000fd13 100644 > --- a/rules/file.make > +++ b/rules/file.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file > # > # Paths and names > # > -FILE_VERSION := 5.11 > -FILE_MD5 := 16a407bd66d6c7a832f3a5c0d609c27b > +FILE_VERSION := 5.17 > +FILE_MD5 := e19c47e069ced7b01ccb4db402cc01d3 > FILE := file-$(FILE_VERSION) > FILE_SUFFIX := tar.gz > FILE_URL := ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX) > -- > 1.7.10.4 -- »With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie) *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 D1D5 8FBA 7744 CC87 10D0 *** [-- Attachment #1.2: Type: application/pgp-signature, Size: 198 bytes --] [-- Attachment #2: Type: text/plain, Size: 48 bytes --] -- ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCH] file: upgrade to 5.17 2014-03-12 7:22 ` Alexander Dahl @ 2014-03-12 8:29 ` Alexander Dahl 2014-03-12 9:29 ` [ptxdist] [PATCH 1/2] " Alexander Dahl 0 siblings, 1 reply; 5+ messages in thread From: Alexander Dahl @ 2014-03-12 8:29 UTC (permalink / raw) To: ptxdist [-- Attachment #1.1: Type: text/plain, Size: 505 bytes --] Hei hei, On Wed, Mar 12, 2014 at 08:22:37AM +0100, Alexander Dahl wrote: > What about this one? Only minutes later a new debian package appeared fixing CVE-2014-2270. I'll have a look into this, stay tuned. Alex -- »With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie) *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 D1D5 8FBA 7744 CC87 10D0 *** [-- Attachment #1.2: Type: application/pgp-signature, Size: 198 bytes --] [-- Attachment #2: Type: text/plain, Size: 48 bytes --] -- ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* [ptxdist] [PATCH 1/2] file: upgrade to 5.17 2014-03-12 8:29 ` Alexander Dahl @ 2014-03-12 9:29 ` Alexander Dahl 2014-03-12 9:29 ` [ptxdist] [PATCH 2/2] file: add security patches cherry-picked from upstream Alexander Dahl 0 siblings, 1 reply; 5+ messages in thread From: Alexander Dahl @ 2014-03-12 9:29 UTC (permalink / raw) To: ptxdist Version 5.17 fixes CVE-2014-1943. See: https://security-tracker.debian.org/tracker/CVE-2014-1943 Signed-off-by: Alexander Dahl <post@lespocky.de> --- rules/file.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/file.make b/rules/file.make index 172037d..000fd13 100644 --- a/rules/file.make +++ b/rules/file.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file # # Paths and names # -FILE_VERSION := 5.11 -FILE_MD5 := 16a407bd66d6c7a832f3a5c0d609c27b +FILE_VERSION := 5.17 +FILE_MD5 := e19c47e069ced7b01ccb4db402cc01d3 FILE := file-$(FILE_VERSION) FILE_SUFFIX := tar.gz FILE_URL := ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX) -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
* [ptxdist] [PATCH 2/2] file: add security patches cherry-picked from upstream 2014-03-12 9:29 ` [ptxdist] [PATCH 1/2] " Alexander Dahl @ 2014-03-12 9:29 ` Alexander Dahl 0 siblings, 0 replies; 5+ messages in thread From: Alexander Dahl @ 2014-03-12 9:29 UTC (permalink / raw) To: ptxdist Signed-off-by: Alexander Dahl <post@lespocky.de> --- .../0001-Fix-memory-leak-Anatol-Belski.patch | 34 ++++++++++++++++++++ ...-in-out-of-bounds-calculations-Jan-Kaluza.patch | 23 +++++++++++++ patches/file-5.17/series | 5 +++ 3 files changed, 62 insertions(+) create mode 100644 patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch create mode 100644 patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch create mode 100644 patches/file-5.17/series diff --git a/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch b/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch new file mode 100644 index 0000000..206e7eb --- /dev/null +++ b/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch @@ -0,0 +1,34 @@ +From: Christos Zoulas <christos@zoulas.com> +Date: Fri, 21 Feb 2014 14:32:48 +0000 +Subject: [PATCH] Fix memory leak (Anatol Belski) + +Conflicts: + src/softmagic.c +--- + src/softmagic.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/softmagic.c b/src/softmagic.c +index 5ed347e..7ee3f6f 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -1755,12 +1755,16 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + ms->offset = soffset; + if (rv == 1) { + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && +- file_printf(ms, F(m->desc, "%u"), offset) == -1) ++ file_printf(ms, F(m->desc, "%u"), offset) == -1) { ++ free(rbuf); + return -1; +- if (file_printf(ms, "%s", rbuf) == -1) ++ } ++ if (file_printf(ms, "%s", rbuf) == -1) { ++ free(rbuf); + return -1; +- free(rbuf); ++ } + } ++ free(rbuf); + return rv; + + case FILE_USE: diff --git a/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch b/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch new file mode 100644 index 0000000..e4c61ca --- /dev/null +++ b/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch @@ -0,0 +1,23 @@ +From: Christos Zoulas <christos@zoulas.com> +Date: Tue, 4 Mar 2014 17:42:19 +0000 +Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza) + +Conflicts: + src/softmagic.c +--- + src/softmagic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/softmagic.c b/src/softmagic.c +index 7ee3f6f..3919fa7 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -71,7 +71,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); + private void cvt_32(union VALUETYPE *, const struct magic *); + private void cvt_64(union VALUETYPE *, const struct magic *); + +-#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. diff --git a/patches/file-5.17/series b/patches/file-5.17/series new file mode 100644 index 0000000..6b27f34 --- /dev/null +++ b/patches/file-5.17/series @@ -0,0 +1,5 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-Fix-memory-leak-Anatol-Belski.patch +0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch +# 4440242115f6c92b22376f9aa65eca96 - git-ptx-patches magic -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-03-12 9:30 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-02-17 8:09 [ptxdist] [PATCH] file: upgrade to 5.17 Alexander Dahl 2014-03-12 7:22 ` Alexander Dahl 2014-03-12 8:29 ` Alexander Dahl 2014-03-12 9:29 ` [ptxdist] [PATCH 1/2] " Alexander Dahl 2014-03-12 9:29 ` [ptxdist] [PATCH 2/2] file: add security patches cherry-picked from upstream Alexander Dahl
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox