pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2015Q1]: pkgsrc/sysutils/file Pullup ticket #4734 - requested ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/426576e53836
branches: pkgsrc-2015Q1
changeset: 649264:426576e53836
user: tron <tron%pkgsrc.org@localhost>
date: Sun May 31 13:27:32 2015 +0000
description:
Pullup ticket #4734 - requested by bsiegert
sysutils/file: security patch
Revisions pulled up:
- sysutils/file/Makefile 1.35
- sysutils/file/distinfo 1.23
- sysutils/file/patches/patch-src_softmagic.c 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat May 23 13:11:07 UTC 2015
Modified Files:
pkgsrc/sysutils/file: Makefile distinfo
Added Files:
pkgsrc/sysutils/file/patches: patch-src_softmagic.c
Log Message:
SECURITY: add patch for denial-of-service vulnerability. From Matthias
Ferdinand via pkgsrc-users. Bump PKGREVISION.
diffstat:
sysutils/file/Makefile | 3 ++-
sysutils/file/distinfo | 3 ++-
sysutils/file/patches/patch-src_softmagic.c | 20 ++++++++++++++++++++
3 files changed, 24 insertions(+), 2 deletions(-)
diffs (50 lines):
diff -r a96cc3a30024 -r 426576e53836 sysutils/file/Makefile
--- a/sysutils/file/Makefile Mon May 25 01:07:54 2015 +0000
+++ b/sysutils/file/Makefile Sun May 31 13:27:32 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2015/03/22 09:48:51 bsiegert Exp $
+# $NetBSD: Makefile,v 1.34.2.1 2015/05/31 13:27:32 tron Exp $
DISTNAME= file-5.22
+PKGREVISION= 1
CATEGORIES= sysutils
MASTER_SITES= ftp://ftp.astron.com/pub/file/
diff -r a96cc3a30024 -r 426576e53836 sysutils/file/distinfo
--- a/sysutils/file/distinfo Mon May 25 01:07:54 2015 +0000
+++ b/sysutils/file/distinfo Sun May 31 13:27:32 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2015/03/27 18:57:43 bsiegert Exp $
+$NetBSD: distinfo,v 1.22.2.1 2015/05/31 13:27:32 tron Exp $
SHA1 (file-5.22.tar.gz) = 20fa06592291555f2b478ea2fb70b53e9e8d1f7c
RMD160 (file-5.22.tar.gz) = 73b5e5c128a6ecb2b870590728cc9013fe0c9dbb
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = d3aa3667e3d28ac1268b83de2de372ba083705fc
SHA1 (patch-src_compress.c) = 63407a3103bb1e77a5c8f1a5e859eb884ad55b3a
SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
+SHA1 (patch-src_softmagic.c) = 5952a49b75b1a6968179cd61f28e7731caeb3e17
diff -r a96cc3a30024 -r 426576e53836 sysutils/file/patches/patch-src_softmagic.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/file/patches/patch-src_softmagic.c Sun May 31 13:27:32 2015 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-src_softmagic.c,v 1.1.2.2 2015/05/31 13:27:33 tron Exp $
+
+contains fix from
+https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7
+
+--- src/softmagic.c.orig 2015-01-01 17:07:34.000000000 +0000
++++ src/softmagic.c
+@@ -1116,10 +1116,8 @@ mcopy(struct magic_set *ms, union VALUET
+ bytecnt = m->str_range;
+ }
+
+- if (bytecnt == 0)
+- bytecnt = 8192;
+- if (bytecnt > nbytes)
+- bytecnt = nbytes;
++ if (bytecnt == 0 || bytecnt > nbytes - offset)
++ bytecnt = nbytes - offset;
+
+ buf = RCAST(const char *, s) + offset;
+ end = last = RCAST(const char *, s) + bytecnt;
Home |
Main Index |
Thread Index |
Old Index