pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2015Q1]: pkgsrc/sysutils/file Pullup ticket #4734 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/426576e53836
branches:  pkgsrc-2015Q1
changeset: 649264:426576e53836
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun May 31 13:27:32 2015 +0000

description:
Pullup ticket #4734 - requested by bsiegert
sysutils/file: security patch

Revisions pulled up:
- sysutils/file/Makefile                                        1.35
- sysutils/file/distinfo                                        1.23
- sysutils/file/patches/patch-src_softmagic.c                   1.1

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sat May 23 13:11:07 UTC 2015

   Modified Files:
           pkgsrc/sysutils/file: Makefile distinfo
   Added Files:
           pkgsrc/sysutils/file/patches: patch-src_softmagic.c

   Log Message:
   SECURITY: add patch for denial-of-service vulnerability. From Matthias
   Ferdinand via pkgsrc-users. Bump PKGREVISION.

diffstat:

 sysutils/file/Makefile                      |   3 ++-
 sysutils/file/distinfo                      |   3 ++-
 sysutils/file/patches/patch-src_softmagic.c |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (50 lines):

diff -r a96cc3a30024 -r 426576e53836 sysutils/file/Makefile
--- a/sysutils/file/Makefile    Mon May 25 01:07:54 2015 +0000
+++ b/sysutils/file/Makefile    Sun May 31 13:27:32 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2015/03/22 09:48:51 bsiegert Exp $
+# $NetBSD: Makefile,v 1.34.2.1 2015/05/31 13:27:32 tron Exp $
 
 DISTNAME=              file-5.22
+PKGREVISION=           1
 CATEGORIES=            sysutils
 MASTER_SITES=          ftp://ftp.astron.com/pub/file/
 
diff -r a96cc3a30024 -r 426576e53836 sysutils/file/distinfo
--- a/sysutils/file/distinfo    Mon May 25 01:07:54 2015 +0000
+++ b/sysutils/file/distinfo    Sun May 31 13:27:32 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2015/03/27 18:57:43 bsiegert Exp $
+$NetBSD: distinfo,v 1.22.2.1 2015/05/31 13:27:32 tron Exp $
 
 SHA1 (file-5.22.tar.gz) = 20fa06592291555f2b478ea2fb70b53e9e8d1f7c
 RMD160 (file-5.22.tar.gz) = 73b5e5c128a6ecb2b870590728cc9013fe0c9dbb
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = d3aa3667e3d28ac1268b83de2de372ba083705fc
 SHA1 (patch-src_compress.c) = 63407a3103bb1e77a5c8f1a5e859eb884ad55b3a
 SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
+SHA1 (patch-src_softmagic.c) = 5952a49b75b1a6968179cd61f28e7731caeb3e17
diff -r a96cc3a30024 -r 426576e53836 sysutils/file/patches/patch-src_softmagic.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/file/patches/patch-src_softmagic.c       Sun May 31 13:27:32 2015 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-src_softmagic.c,v 1.1.2.2 2015/05/31 13:27:33 tron Exp $
+
+contains fix from 
+https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7
+
+--- src/softmagic.c.orig       2015-01-01 17:07:34.000000000 +0000
++++ src/softmagic.c
+@@ -1116,10 +1116,8 @@ mcopy(struct magic_set *ms, union VALUET
+                               bytecnt = m->str_range;
+                       }
+ 
+-                      if (bytecnt == 0)
+-                              bytecnt = 8192;
+-                      if (bytecnt > nbytes)
+-                              bytecnt = nbytes;
++                      if (bytecnt == 0 || bytecnt > nbytes - offset)
++                              bytecnt = nbytes - offset;
+ 
+                       buf = RCAST(const char *, s) + offset;
+                       end = last = RCAST(const char *, s) + bytecnt;



Home | Main Index | Thread Index | Old Index