Your message dated Sat, 14 Jan 2017 12:37:03 +0000 with message-id <1484397423.1091.25.ca...@adam-barratt.org.uk> and subject line Closing requests included in today's point release has caused the Debian Bug report #846948, regarding jessie-pu: package file/1:5.22+15-2+deb8u3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 846948: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846948 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu Hello release team, A memory leak was found in in libmagic's (src:file) loader of magic files, appearently independently by Shi Yin in PR/569[1] and Arnaud Quette in #840754[2]. This was fixed upstream in version 5.29 which is in testing and unstable (as 1:5.29-1), oldstable/wheezy doesn't seem to have this problem. For stable/jessie I'd like to handle this in the next point release. The actual fix is commit FILE5_28-42-g10ee4ec[3] where commit FILE5_24-31-g3aa35aa[4] is needed as a prerequisite. I've dropped a hunk from that fix which AFAICS is not relevant for Debian and would otherwise require the inclusion FILE5_25-3-gb0ccffd[5] as another prerequisite: According to its description, that third commit is needed on systems without mmap only. Find attached: * A debdiff for 1:5.22+15-2+deb8u3 * A commulative patch about the code changes to ease review. After applying the patch, the valgrind check as described in the BTS no longer reports leaks. Regards, Christoph [1] https://bugs.gw.com/view.php?id=569 [2] https://bugs.debian.org/840754 [3] https://github.com/file/file/commit/FILE5_28-42-g10ee4ec [4] https://github.com/file/file/commit/FILE5_24-31-g3aa35aa [5] https://github.com/file/file/commit/FILE5_25-3-gb0ccffddiff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog --- file-5.22+15/debian/changelog 2016-05-09 08:23:30.000000000 +0200 +++ file-5.22+15/debian/changelog 2016-12-04 10:00:07.000000000 +0100 @@ -1,3 +1,9 @@ +file (1:5.22+15-2+deb8u3) stable; urgency=medium + + * Fix memory leak in magic loader. Closes: #840754 + + -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Sun, 04 Dec 2016 10:00:07 +0100 + file (1:5.22+15-2+deb8u2) stable; urgency=high * Fix CVE-2015-8865: diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch --- file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch 2016-12-02 00:00:46.000000000 +0100 @@ -0,0 +1,32 @@ +Subject: Don't leak memory when loading non-compiled files +Origin: FILE5_24-31-g3aa35aa +Upstream-Author: Christos Zoulas <chris...@zoulas.com> +Date: Thu Sep 10 13:59:47 2015 +0000 + +--- a/src/apprentice.c ++++ b/src/apprentice.c +@@ -538,6 +538,7 @@ + private void + apprentice_unmap(struct magic_map *map) + { ++ size_t i; + if (map == NULL) + return; + +@@ -550,6 +551,8 @@ + #endif + case MAP_TYPE_MALLOC: + free(map->p); ++ for (i = 0; i < MAGIC_SETS; i++) ++ free(map->magic[i]); + break; + case MAP_TYPE_USER: + break; +@@ -1285,6 +1288,7 @@ + file_oomem(ms, sizeof(*map)); + return NULL; + } ++ map->type = MAP_TYPE_MALLOC; + + /* print silly verbose header for USG compat. */ + if (action == FILE_CHECK) diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch --- file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch 2016-12-04 09:36:35.000000000 +0100 @@ -0,0 +1,22 @@ +Subject: PR/569: Shi Yin: Fix memory leak +Origin: FILE5_28-42-g10ee4ec +Upstream-Author: Christos Zoulas <chris...@zoulas.com> +Date: Sun Sep 11 13:53:02 2016 +0000 +Comment: Only relevant parts of that commit were used + +--- a/src/apprentice.c ++++ b/src/apprentice.c +@@ -404,11 +404,11 @@ + { + struct mlist *ml; + +- mlp->map = idx == 0 ? map : NULL; ++ mlp->map = NULL; + if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) + return -1; + +- ml->map = NULL; ++ ml->map = idx == 0 ? map : NULL; + ml->magic = map->magic[idx]; + ml->nmagic = map->nmagic[idx]; + diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series --- file-5.22+15/debian/patches/series 2016-05-09 08:10:53.000000000 +0200 +++ file-5.22+15/debian/patches/series 2016-12-04 09:50:30.000000000 +0100 @@ -13,3 +13,5 @@ cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch CVE-2015-8865.6713ca4.patch +cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch +cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patchdiff --git a/src/apprentice.c b/src/apprentice.c index 1b574c5..ec7ac36 100644 --- a/src/apprentice.c +++ b/src/apprentice.c @@ -404,11 +404,11 @@ add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx) { struct mlist *ml; - mlp->map = idx == 0 ? map : NULL; + mlp->map = NULL; if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) return -1; - ml->map = NULL; + ml->map = idx == 0 ? map : NULL; ml->magic = map->magic[idx]; ml->nmagic = map->nmagic[idx]; @@ -538,6 +538,7 @@ free: private void apprentice_unmap(struct magic_map *map) { + size_t i; if (map == NULL) return; @@ -550,6 +551,8 @@ apprentice_unmap(struct magic_map *map) #endif case MAP_TYPE_MALLOC: free(map->p); + for (i = 0; i < MAGIC_SETS; i++) + free(map->magic[i]); break; case MAP_TYPE_USER: break; @@ -1285,6 +1288,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action) file_oomem(ms, sizeof(*map)); return NULL; } + map->type = MAP_TYPE_MALLOC; /* print silly verbose header for USG compat. */ if (action == FILE_CHECK)signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Version: 8.7 Hi, Each of these bugs refers to an update that was included in today's 8.7 point release. Regards, Adam
--- End Message ---