file: Update to 5.36
pkgsrc changes: - Remove patches no longer needed (security backport of upstream changes) Changes: 5.36 ---- * release 5.36 * Fix cast to use cast macros * Add UCS-32 builtin detection (PR/61) reported by tmc * Fix stack read (PR/62) and write (PR/64) stack overflows reported by spinpx
This commit is contained in:
parent
c786ffed4c
commit
3f907af2fb
8 changed files with 24 additions and 271 deletions
|
@ -1,7 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.43 2019/03/16 09:02:41 bsiegert Exp $
|
||||
# $NetBSD: Makefile,v 1.44 2019/03/16 10:50:31 leot Exp $
|
||||
|
||||
DISTNAME= file-5.32
|
||||
PKGREVISION= 3
|
||||
DISTNAME= file-5.36
|
||||
CATEGORIES= sysutils
|
||||
MASTER_SITES= ftp://ftp.astron.com/pub/file/
|
||||
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
$NetBSD: distinfo,v 1.32 2019/03/16 09:02:41 bsiegert Exp $
|
||||
$NetBSD: distinfo,v 1.33 2019/03/16 10:50:31 leot Exp $
|
||||
|
||||
SHA1 (file-5.32.tar.gz) = c2858a8043387d1229d8768ad42762a803d017db
|
||||
RMD160 (file-5.32.tar.gz) = b7d41a4c6b2c28d9f202d740e353416e2036c1ef
|
||||
SHA512 (file-5.32.tar.gz) = 315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f
|
||||
Size (file-5.32.tar.gz) = 797025 bytes
|
||||
SHA1 (patch-aa) = dc787ea0d77d7ba88bcb1e17d38b26b13153a1c5
|
||||
SHA1 (patch-src_file.h) = e4bd52e3b5674300a1b87f198ed4418a65997833
|
||||
SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
|
||||
SHA1 (patch-src_funcs.c) = f86ed77c42d63290a602cb46625410cad8bb13b1
|
||||
SHA1 (patch-src_readelf.c) = 7f2f6c03050b6f49ef25d7991f368b8d3aab1e2b
|
||||
SHA1 (patch-src_softmagic.c) = 5a67d73bd4ecf7711f810ad4f4c0456248955c81
|
||||
SHA1 (file-5.36.tar.gz) = 473e0a2fb4f091031d449ed4d7ea912741f0c7e9
|
||||
RMD160 (file-5.36.tar.gz) = bd7c9b60ddba58fc18a4ec07904ed7a12e142b27
|
||||
SHA512 (file-5.36.tar.gz) = 3ec5e51ffb7a82defa74845a90fbc983f6e169fc116606049bc01ff6e720d340c8abf6eb7a08b9ac1099162a5c02deac3633b07b039d486344c8abd9052ca751
|
||||
Size (file-5.36.tar.gz) = 875792 bytes
|
||||
SHA1 (patch-aa) = 3da534bbbf61dadc1881b9b2827c0c425e908fc9
|
||||
SHA1 (patch-src_fsmagic.c) = f862c5335bc3c6b0d39dfcdfd79e2d99407e40f5
|
||||
SHA1 (patch-src_softmagic.c) = 82fe71f32508ad6dec04ccba794ec5f055000846
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
$NetBSD: patch-aa,v 1.8 2016/06/16 15:27:49 fhajny Exp $
|
||||
$NetBSD: patch-aa,v 1.9 2019/03/16 10:50:31 leot Exp $
|
||||
|
||||
Make pkgsrc file look in @sysconfdir@/magic first.
|
||||
|
||||
--- src/Makefile.in.orig 2016-06-13 23:44:06.000000000 +0000
|
||||
--- src/Makefile.in.orig 2019-02-20 15:19:08.000000000 +0000
|
||||
+++ src/Makefile.in
|
||||
@@ -337,10 +337,10 @@ target_alias = @target_alias@
|
||||
top_build_prefix = @top_build_prefix@
|
||||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
-MAGIC = $(pkgdatadir)/magic
|
||||
+MAGIC = @sysconfdir@/magic
|
||||
+MAGIC = @sysconfdir/magic
|
||||
lib_LTLIBRARIES = libmagic.la
|
||||
nodist_include_HEADERS = magic.h
|
||||
-AM_CPPFLAGS = -DMAGIC='"$(MAGIC)"'
|
||||
+AM_CPPFLAGS = -DMAGIC='"$(MAGIC):$(pkgdatadir)/magic"'
|
||||
AM_CFLAGS = $(CFLAG_VISIBILITY) @WARNINGS@
|
||||
libmagic_la_SOURCES = magic.c apprentice.c softmagic.c ascmagic.c \
|
||||
encoding.c compress.c is_tar.c readelf.c print.c fsmagic.c \
|
||||
libmagic_la_SOURCES = buffer.c magic.c apprentice.c softmagic.c ascmagic.c \
|
||||
encoding.c compress.c is_json.c is_tar.c readelf.c print.c fsmagic.c \
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
$NetBSD: patch-src_file.h,v 1.3 2019/03/16 09:02:41 bsiegert Exp $
|
||||
|
||||
fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
|
||||
|
||||
https://bugs.astron.com/view.php?id=62
|
||||
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
|
||||
|
||||
--- src/file.h.orig 2017-08-28 13:39:18.000000000 +0000
|
||||
+++ src/file.h
|
||||
@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsi
|
||||
size_t *);
|
||||
protected size_t file_pstring_length_size(const struct magic *);
|
||||
protected size_t file_pstring_get_length(const struct magic *, const char *);
|
||||
-protected char * file_printable(char *, size_t, const char *);
|
||||
+protected char * file_printable(char *, size_t, const char *, size_t);
|
||||
#ifdef __EMX__
|
||||
protected int file_os2_apptype(struct magic_set *, const char *, const void *,
|
||||
size_t);
|
|
@ -1,4 +1,5 @@
|
|||
$NetBSD: patch-src_fsmagic.c,v 1.1 2015/03/27 18:57:43 bsiegert Exp $
|
||||
$NetBSD: patch-src_fsmagic.c,v 1.2 2019/03/16 10:50:31 leot Exp $
|
||||
|
||||
Explicitly convert mode_t to unsigned int for formatted output
|
||||
|
||||
--- src/fsmagic.c.orig 2014-12-04 15:56:46.000000000 +0000
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
$NetBSD: patch-src_funcs.c,v 1.1 2019/03/16 09:02:41 bsiegert Exp $
|
||||
|
||||
fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
|
||||
|
||||
https://bugs.astron.com/view.php?id=62
|
||||
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
|
||||
|
||||
--- src/funcs.c.orig 2017-08-28 13:39:18.000000000 +0000
|
||||
+++ src/funcs.c
|
||||
@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, fi
|
||||
* convert string to ascii printable format.
|
||||
*/
|
||||
protected char *
|
||||
-file_printable(char *buf, size_t bufsiz, const char *str)
|
||||
+file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
|
||||
{
|
||||
- char *ptr, *eptr;
|
||||
+ char *ptr, *eptr = buf + bufsiz - 1;
|
||||
const unsigned char *s = (const unsigned char *)str;
|
||||
+ const unsigned char *es = s + slen;
|
||||
|
||||
- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
|
||||
+ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
|
||||
if (isprint(*s)) {
|
||||
*ptr++ = *s;
|
||||
continue;
|
|
@ -1,58 +0,0 @@
|
|||
$NetBSD: patch-src_readelf.c,v 1.2 2019/03/16 09:02:41 bsiegert Exp $
|
||||
|
||||
apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
|
||||
against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
|
||||
|
||||
...
|
||||
The do_core_note function in readelf.c in libmagic.a in file
|
||||
5.33 allows remote attackers to cause a denial of service
|
||||
(out-of-bounds read and application crash) via a crafted ELF
|
||||
file.
|
||||
...
|
||||
|
||||
Avoid OOB read (found by ASAN reported by F. Alonso) (CVE-2019-8906)
|
||||
|
||||
https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
|
||||
|
||||
fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
|
||||
|
||||
https://bugs.astron.com/view.php?id=62
|
||||
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
|
||||
|
||||
--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
|
||||
+++ src/readelf.c
|
||||
@@ -720,12 +720,12 @@ do_core_note(struct magic_set *ms, unsig
|
||||
char sbuf[512];
|
||||
struct NetBSD_elfcore_procinfo pi;
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
- memcpy(&pi, nbuf + doff, descsz);
|
||||
+ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
|
||||
|
||||
if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
|
||||
"gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
|
||||
file_printable(sbuf, sizeof(sbuf),
|
||||
- CAST(char *, pi.cpi_name)),
|
||||
+ RCAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
|
||||
elf_getu32(swap, pi.cpi_pid),
|
||||
elf_getu32(swap, pi.cpi_euid),
|
||||
elf_getu32(swap, pi.cpi_egid),
|
||||
@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
|
||||
|
||||
cname = (unsigned char *)
|
||||
&nbuf[doff + prpsoffsets(i)];
|
||||
- for (cp = cname; *cp && isprint(*cp); cp++)
|
||||
+ for (cp = cname; cp < nbuf + size && *cp
|
||||
+ && isprint(*cp); cp++)
|
||||
continue;
|
||||
/*
|
||||
* Linux apparently appends a space at the end
|
||||
@@ -1564,7 +1565,8 @@ dophn_exec(struct magic_set *ms, int cla
|
||||
return -1;
|
||||
if (interp[0])
|
||||
if (file_printf(ms, ", interpreter %s",
|
||||
- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
|
||||
+ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
|
||||
+ == -1)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
|
@ -1,158 +1,16 @@
|
|||
$NetBSD: patch-src_softmagic.c,v 1.4 2019/03/16 09:02:41 bsiegert Exp $
|
||||
$NetBSD: patch-src_softmagic.c,v 1.5 2019/03/16 10:50:31 leot Exp $
|
||||
|
||||
Fix functionality under NetBSD-current after format check change
|
||||
https://mail-index.netbsd.org/source-changes/2017/12/11/msg090400.html
|
||||
|
||||
fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
|
||||
|
||||
https://bugs.astron.com/view.php?id=62
|
||||
https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
|
||||
|
||||
--- src/softmagic.c.orig 2017-07-21 10:29:00.000000000 +0000
|
||||
--- src/softmagic.c.orig 2019-02-20 02:35:27.000000000 +0000
|
||||
+++ src/softmagic.c
|
||||
@@ -121,6 +121,8 @@ private const char * __attribute__((__fo
|
||||
file_fmtcheck(struct magic_set *ms, const struct magic *m, const char *def,
|
||||
@@ -147,6 +147,8 @@ private const char * __attribute__((__fo
|
||||
file_fmtcheck(struct magic_set *ms, const char *desc, const char *def,
|
||||
const char *file, size_t line)
|
||||
{
|
||||
+ if (strchr(m->desc, '%') == NULL)
|
||||
+ return m->desc;
|
||||
const char *ptr = fmtcheck(m->desc, def);
|
||||
+ if (strchr(desc, '%') == NULL)
|
||||
+ return desc;
|
||||
const char *ptr = fmtcheck(desc, def);
|
||||
if (ptr == def)
|
||||
file_magerror(ms,
|
||||
@@ -546,8 +548,8 @@ mprint(struct magic_set *ms, struct magi
|
||||
case FILE_LESTRING16:
|
||||
if (m->reln == '=' || m->reln == '!') {
|
||||
if (file_printf(ms, F(ms, m, "%s"),
|
||||
- file_printable(sbuf, sizeof(sbuf), m->value.s))
|
||||
- == -1)
|
||||
+ file_printable(sbuf, sizeof(sbuf), m->value.s,
|
||||
+ sizeof(m->value.s))) == -1)
|
||||
return -1;
|
||||
t = ms->offset + m->vallen;
|
||||
}
|
||||
@@ -574,7 +576,8 @@ mprint(struct magic_set *ms, struct magi
|
||||
}
|
||||
|
||||
if (file_printf(ms, F(ms, m, "%s"),
|
||||
- file_printable(sbuf, sizeof(sbuf), str)) == -1)
|
||||
+ file_printable(sbuf, sizeof(sbuf), str,
|
||||
+ sizeof(p->s) - (str - p->s))) == -1)
|
||||
return -1;
|
||||
|
||||
if (m->type == FILE_PSTRING)
|
||||
@@ -680,7 +683,7 @@ mprint(struct magic_set *ms, struct magi
|
||||
return -1;
|
||||
}
|
||||
rval = file_printf(ms, F(ms, m, "%s"),
|
||||
- file_printable(sbuf, sizeof(sbuf), cp));
|
||||
+ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
|
||||
free(cp);
|
||||
|
||||
if (rval == -1)
|
||||
@@ -707,7 +710,8 @@ mprint(struct magic_set *ms, struct magi
|
||||
break;
|
||||
case FILE_DER:
|
||||
if (file_printf(ms, F(ms, m, "%s"),
|
||||
- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
|
||||
+ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
|
||||
+ sizeof(ms->ms_value.s))) == -1)
|
||||
return -1;
|
||||
t = ms->offset;
|
||||
break;
|
||||
@@ -1383,38 +1387,64 @@ mget(struct magic_set *ms, const unsigne
|
||||
if (m->flag & INDIR) {
|
||||
intmax_t off = m->in_offset;
|
||||
const int sgn = m->in_op & FILE_OPSIGNED;
|
||||
- if (m->in_op & FILE_OPINDIRECT) {
|
||||
- const union VALUETYPE *q = CAST(const union VALUETYPE *,
|
||||
- ((const void *)(s + offset + off)));
|
||||
- if (OFFSET_OOB(nbytes, offset + off, sizeof(*q)))
|
||||
- return 0;
|
||||
- switch (cvt_flip(m->in_type, flip)) {
|
||||
- case FILE_BYTE:
|
||||
- off = SEXT(sgn,8,q->b);
|
||||
- break;
|
||||
- case FILE_SHORT:
|
||||
- off = SEXT(sgn,16,q->h);
|
||||
- break;
|
||||
- case FILE_BESHORT:
|
||||
- off = SEXT(sgn,16,BE16(q));
|
||||
- break;
|
||||
- case FILE_LESHORT:
|
||||
- off = SEXT(sgn,16,LE16(q));
|
||||
- break;
|
||||
- case FILE_LONG:
|
||||
- off = SEXT(sgn,32,q->l);
|
||||
- break;
|
||||
- case FILE_BELONG:
|
||||
- case FILE_BEID3:
|
||||
- off = SEXT(sgn,32,BE32(q));
|
||||
- break;
|
||||
- case FILE_LEID3:
|
||||
- case FILE_LELONG:
|
||||
- off = SEXT(sgn,32,LE32(q));
|
||||
- break;
|
||||
- case FILE_MELONG:
|
||||
- off = SEXT(sgn,32,ME32(q));
|
||||
- break;
|
||||
+ if (m->in_op & FILE_OPINDIRECT) {
|
||||
+ const union VALUETYPE *q = CAST(const union VALUETYPE *,
|
||||
+ ((const void *)(s + offset + off)));
|
||||
+ switch (cvt_flip(m->in_type, flip)) {
|
||||
+ case FILE_BYTE:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 1))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,8,q->b);
|
||||
+ break;
|
||||
+ case FILE_SHORT:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 2))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,16,q->h);
|
||||
+ break;
|
||||
+ case FILE_BESHORT:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 2))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,16,BE16(q));
|
||||
+ break;
|
||||
+ case FILE_LESHORT:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 2))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,16,LE16(q));
|
||||
+ break;
|
||||
+ case FILE_LONG:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 4))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,32,q->l);
|
||||
+ break;
|
||||
+ case FILE_BELONG:
|
||||
+ case FILE_BEID3:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 4))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,32,BE32(q));
|
||||
+ break;
|
||||
+ case FILE_LEID3:
|
||||
+ case FILE_LELONG:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 4))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,32,LE32(q));
|
||||
+ break;
|
||||
+ case FILE_MELONG:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 4))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,32,ME32(q));
|
||||
+ break;
|
||||
+ case FILE_BEQUAD:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 8))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,64,BE64(q));
|
||||
+ break;
|
||||
+ case FILE_LEQUAD:
|
||||
+ if (OFFSET_OOB(nbytes, offset + off, 8))
|
||||
+ return 0;
|
||||
+ off = SEXT(sgn,64,LE64(q));
|
||||
+ break;
|
||||
+ default:
|
||||
+ abort();
|
||||
}
|
||||
if ((ms->flags & MAGIC_DEBUG) != 0)
|
||||
fprintf(stderr, "indirect offs=%jd\n", off);
|
||||
|
|
Loading…
Reference in a new issue