[ptxdist] [PATCH] file: upgrade to 5.17

[ptxdist] [PATCH] file: upgrade to 5.17

[Alexander Dahl]

Version 5.17 fixes CVE-2014-1943. See:
https://security-tracker.debian.org/tracker/CVE-2014-1943

Signed-off-by: Alexander Dahl <post@lespocky.de>
---
 rules/file.make |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/file.make b/rules/file.make
index 172037d..000fd13 100644
--- a/rules/file.make
+++ b/rules/file.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file
 #
 # Paths and names
 #
-FILE_VERSION	:= 5.11
-FILE_MD5	:= 16a407bd66d6c7a832f3a5c0d609c27b
+FILE_VERSION	:= 5.17
+FILE_MD5	:= e19c47e069ced7b01ccb4db402cc01d3
 FILE		:= file-$(FILE_VERSION)
 FILE_SUFFIX	:= tar.gz
 FILE_URL	:= ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX)
-- 
1.7.10.4


-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] file: upgrade to 5.17

[Alexander Dahl]

[-- Attachment #1.1: Type: text/plain, Size: 1156 bytes --]

What about this one?

Greets
Alex

On Mon, Feb 17, 2014 at 09:09:05AM +0100, Alexander Dahl wrote:
> Version 5.17 fixes CVE-2014-1943. See:
> https://security-tracker.debian.org/tracker/CVE-2014-1943
> 
> Signed-off-by: Alexander Dahl <post@lespocky.de>
> ---
>  rules/file.make |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/file.make b/rules/file.make
> index 172037d..000fd13 100644
> --- a/rules/file.make
> +++ b/rules/file.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file
>  #
>  # Paths and names
>  #
> -FILE_VERSION	:= 5.11
> -FILE_MD5	:= 16a407bd66d6c7a832f3a5c0d609c27b
> +FILE_VERSION	:= 5.17
> +FILE_MD5	:= e19c47e069ced7b01ccb4db402cc01d3
>  FILE		:= file-$(FILE_VERSION)
>  FILE_SUFFIX	:= tar.gz
>  FILE_URL	:= ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX)
> -- 
> 1.7.10.4

-- 
»With the first link, the chain is forged. The first speech censured, 
the first thought forbidden, the first freedom denied, chains us all 
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

[-- Attachment #1.2: Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 48 bytes --]

-- 
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] file: upgrade to 5.17

[Alexander Dahl]

[-- Attachment #1.1: Type: text/plain, Size: 505 bytes --]

Hei hei, 

On Wed, Mar 12, 2014 at 08:22:37AM +0100, Alexander Dahl wrote:
> What about this one?

Only minutes later a new debian package appeared fixing CVE-2014-2270.
I'll have a look into this, stay tuned.

Alex

-- 
»With the first link, the chain is forged. The first speech censured, 
the first thought forbidden, the first freedom denied, chains us all 
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

[-- Attachment #1.2: Type: application/pgp-signature, Size: 198 bytes --]

[-- Attachment #2: Type: text/plain, Size: 48 bytes --]

-- 
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 1/2] file: upgrade to 5.17

[Alexander Dahl]

Version 5.17 fixes CVE-2014-1943. See:
https://security-tracker.debian.org/tracker/CVE-2014-1943

Signed-off-by: Alexander Dahl <post@lespocky.de>
---
 rules/file.make |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/file.make b/rules/file.make
index 172037d..000fd13 100644
--- a/rules/file.make
+++ b/rules/file.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_FILE) += file
 #
 # Paths and names
 #
-FILE_VERSION	:= 5.11
-FILE_MD5	:= 16a407bd66d6c7a832f3a5c0d609c27b
+FILE_VERSION	:= 5.17
+FILE_MD5	:= e19c47e069ced7b01ccb4db402cc01d3
 FILE		:= file-$(FILE_VERSION)
 FILE_SUFFIX	:= tar.gz
 FILE_URL	:= ftp://ftp.astron.com/pub/file/$(FILE).$(FILE_SUFFIX)
-- 
1.7.10.4


-- 
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 2/2] file: add security patches cherry-picked from upstream

[Alexander Dahl]

Signed-off-by: Alexander Dahl <post@lespocky.de>
---
 .../0001-Fix-memory-leak-Anatol-Belski.patch       |   34 ++++++++++++++++++++
 ...-in-out-of-bounds-calculations-Jan-Kaluza.patch |   23 +++++++++++++
 patches/file-5.17/series                           |    5 +++
 3 files changed, 62 insertions(+)
 create mode 100644 patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch
 create mode 100644 patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
 create mode 100644 patches/file-5.17/series

diff --git a/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch b/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch
new file mode 100644
index 0000000..206e7eb
--- /dev/null
+++ b/patches/file-5.17/0001-Fix-memory-leak-Anatol-Belski.patch
@@ -0,0 +1,34 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 21 Feb 2014 14:32:48 +0000
+Subject: [PATCH] Fix memory leak (Anatol Belski)
+
+Conflicts:
+	src/softmagic.c
+---
+ src/softmagic.c |   10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/softmagic.c b/src/softmagic.c
+index 5ed347e..7ee3f6f 100644
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -1755,12 +1755,16 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+ 		ms->offset = soffset;
+ 		if (rv == 1) {
+ 			if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+-			    file_printf(ms, F(m->desc, "%u"), offset) == -1)
++			    file_printf(ms, F(m->desc, "%u"), offset) == -1) {
++				free(rbuf);
+ 				return -1;
+-			if (file_printf(ms, "%s", rbuf) == -1)
++			}
++			if (file_printf(ms, "%s", rbuf) == -1) {
++				free(rbuf);
+ 				return -1;
+-			free(rbuf);
++			}
+ 		}
++		free(rbuf);
+ 		return rv;
+ 
+ 	case FILE_USE:
diff --git a/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch b/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
new file mode 100644
index 0000000..e4c61ca
--- /dev/null
+++ b/patches/file-5.17/0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
@@ -0,0 +1,23 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Tue, 4 Mar 2014 17:42:19 +0000
+Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza)
+
+Conflicts:
+	src/softmagic.c
+---
+ src/softmagic.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/softmagic.c b/src/softmagic.c
+index 7ee3f6f..3919fa7 100644
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -71,7 +71,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
+ private void cvt_32(union VALUETYPE *, const struct magic *);
+ private void cvt_64(union VALUETYPE *, const struct magic *);
+ 
+-#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >= ((n) - (o)))
++#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
+ /*
+  * softmagic - lookup one file in parsed, in-memory copy of database
+  * Passed the name and FILE * of one file to be typed.
diff --git a/patches/file-5.17/series b/patches/file-5.17/series
new file mode 100644
index 0000000..6b27f34
--- /dev/null
+++ b/patches/file-5.17/series
@@ -0,0 +1,5 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-Fix-memory-leak-Anatol-Belski.patch
+0002-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch
+# 4440242115f6c92b22376f9aa65eca96  - git-ptx-patches magic
-- 
1.7.10.4


-- 
ptxdist mailing list
ptxdist@pengutronix.de