diff options
| author | tron <tron@pkgsrc.org> | 2015-05-31 13:27:32 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2015-05-31 13:27:32 +0000 |
| commit | 1a438850c163b888aa97bf79518f1c26f329cbe2 (patch) | |
| tree | 279234f6985ab5c4504f348f0e3621f12437e939 | |
| parent | c71ef74ac871ce48dbaecedbea415643bffbc222 (diff) | |
| download | pkgsrc-1a438850c163b888aa97bf79518f1c26f329cbe2.tar.gz | |
Pullup ticket #4734 - requested by bsiegert
sysutils/file: security patch
Revisions pulled up:
- sysutils/file/Makefile 1.35
- sysutils/file/distinfo 1.23
- sysutils/file/patches/patch-src_softmagic.c 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat May 23 13:11:07 UTC 2015
Modified Files:
pkgsrc/sysutils/file: Makefile distinfo
Added Files:
pkgsrc/sysutils/file/patches: patch-src_softmagic.c
Log Message:
SECURITY: add patch for denial-of-service vulnerability. From Matthias
Ferdinand via pkgsrc-users. Bump PKGREVISION.
| -rw-r--r-- | sysutils/file/Makefile | 3 | ||||
| -rw-r--r-- | sysutils/file/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/file/patches/patch-src_softmagic.c | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/sysutils/file/Makefile b/sysutils/file/Makefile index f07ee545add..3178c28d074 100644 --- a/sysutils/file/Makefile +++ b/sysutils/file/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.34 2015/03/22 09:48:51 bsiegert Exp $ +# $NetBSD: Makefile,v 1.34.2.1 2015/05/31 13:27:32 tron Exp $ DISTNAME= file-5.22 +PKGREVISION= 1 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.astron.com/pub/file/ diff --git a/sysutils/file/distinfo b/sysutils/file/distinfo index e42ad1c5702..3121e073649 100644 --- a/sysutils/file/distinfo +++ b/sysutils/file/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.22 2015/03/27 18:57:43 bsiegert Exp $ +$NetBSD: distinfo,v 1.22.2.1 2015/05/31 13:27:32 tron Exp $ SHA1 (file-5.22.tar.gz) = 20fa06592291555f2b478ea2fb70b53e9e8d1f7c RMD160 (file-5.22.tar.gz) = 73b5e5c128a6ecb2b870590728cc9013fe0c9dbb @@ -6,3 +6,4 @@ Size (file-5.22.tar.gz) = 732556 bytes SHA1 (patch-aa) = d3aa3667e3d28ac1268b83de2de372ba083705fc SHA1 (patch-src_compress.c) = 63407a3103bb1e77a5c8f1a5e859eb884ad55b3a SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e +SHA1 (patch-src_softmagic.c) = 5952a49b75b1a6968179cd61f28e7731caeb3e17 diff --git a/sysutils/file/patches/patch-src_softmagic.c b/sysutils/file/patches/patch-src_softmagic.c new file mode 100644 index 00000000000..e64234693bd --- /dev/null +++ b/sysutils/file/patches/patch-src_softmagic.c @@ -0,0 +1,20 @@ +$NetBSD: patch-src_softmagic.c,v 1.1.2.2 2015/05/31 13:27:33 tron Exp $ + +contains fix from +https://github.com/file/file/commit/3046c231e1a2fcdd5033bea0603c23f435a00bd7 + +--- src/softmagic.c.orig 2015-01-01 17:07:34.000000000 +0000 ++++ src/softmagic.c +@@ -1116,10 +1116,8 @@ mcopy(struct magic_set *ms, union VALUET + bytecnt = m->str_range; + } + +- if (bytecnt == 0) +- bytecnt = 8192; +- if (bytecnt > nbytes) +- bytecnt = nbytes; ++ if (bytecnt == 0 || bytecnt > nbytes - offset) ++ bytecnt = nbytes - offset; + + buf = RCAST(const char *, s) + offset; + end = last = RCAST(const char *, s) + bytecnt; |