Package: file Version: 1:5.22+15-2+deb8u2 Tags: upstream Flash files compiled with -swf-version=32 or above are being recognized as 'application/octet-stream' (data) rather than 'application/x-shockwave-flash' due to a restriction in the magic definition file.
Command: file -b --mime-type test.swf Expected output: application/x-shockwave-flash Actual output (with jessie and testing): application/octet-stream Hex dump of first 16 bytes: hd -n 16 test.swf 00000000 43 57 53 20 f9 27 53 00 78 9c 94 9a 55 50 1d d1 |CWS .'S.x...UP..| (the full file has not yet been publicly released by the creator) This bug was introduced in 2014 in version 1.10 of the flash magic definition used by file (via libmagic1 / libmagic-mgc) in an attempt to fix Debian bug #745546 https://github.com/file/file/commit/281578a58328ed76ea2b00c03c3e45f36203c354#diff-ea5efd5565ac4dfd72536c835cab977c This appears to be the current upstream version. The version in wheezy is not affected. It was assumed that the version number would remain below 32 "for the time being". This time has passed. Version 32 was published in May 2016, and it is already up to 34: http://www.adobe.com/devnet/articles/flashplayer-air-feature-list.html We detected this issue when our web application refused an SWF file created by an animator. It may be prudent to assume that the full version byte may be used. However, this would trigger the issue mentioned in #745546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745546 i.e. misdetection of this file as a 516MB SWF: http://git.openttd.org/?p=trunk.git;a=blob;f=os/dos/cwsdpmi/cwsdpmi.txt Alternatives which would preserve the fix for #745546 might be to permit versions below 48 ('0') or 65 ('A'), and/or to test for a sane length, e.g. 0 string CWS Macromedia Flash data (compressed), >3 byte x version %d, >>4 lelong <0x20000000 length %d bytes !:mime application/x-shockwave-flash This refuses a 512MB compressed Flash file. I am not aware of anyone who's created such a file, but it is technically possible (e.g. Flash games with very large embedded flash videos). We've worked around this bug by adding a previous version of the magic definition to /etc/magic for now. -- Laurence "GreenReaper" Parry http://www.greenreaper.co.uk/ - https://inkbunny.net <http://www.greenreaper.co.uk/>
