OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 04-Mar-2003 17:06:49
Branch: OPENPKG_1_1_SOLID HEAD Handle: 2003030416064702
Added files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/file file.patch
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_1_SOLID)
openpkg-src/file file.spec
Log:
SA-2003.017-file
Summary:
Revision Changes Path
1.1.6.1 +213 -0 openpkg-src/file/file.patch
1.21.2.3 +6 -4 openpkg-src/file/file.spec
1.3535 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/file/file.patch
============================================================================
$ cvs diff -u -r0 -r1.1.6.1 file.patch
--- /dev/null 2003-03-04 17:06:49.000000000 +0100
+++ file.patch 2003-03-04 17:06:49.000000000 +0100
@@ -0,0 +1,213 @@
+/* OpenPKG "file" 3.41 security fixes backported to 3.39
+ *
+ * Revision 3.41 2003/02/27 20:53:45 christos
+ * - fix memory allocation problem (Jeff Johnson)
+ * - fix stack overflow corruption (David Endler)
+ *
+ * Revision 3.40 2003/02/08 18:33:53 christos
+ * - eliminate unsigned char warnings (Petter Reinholdtsen <[EMAIL PROTECTED]>)
+ * - better elf PT_NOTE handling (Nalin Dahyabhai <[EMAIL PROTECTED]>)
+ */
+--- file-3.39/apprentice.c Wed Jul 3 21:00:41 2002
++++ file-3.41/apprentice.c Thu Feb 27 21:47:46 2003
+@@ -231,7 +231,7 @@
+ }
+
+ maxmagic = MAXMAGIS;
+- *magicp = (struct magic *) calloc(sizeof(struct magic), maxmagic);
++ *magicp = (struct magic *) calloc(maxmagic, sizeof(struct magic));
+ if (*magicp == NULL) {
+ (void) fprintf(stderr, "%s: Out of memory (%s).\n", progname,
+ strerror(errno));
+--- file-3.39/ascmagic.c Wed Jul 3 20:26:37 2002
++++ file-3.41/ascmagic.c Sat Feb 8 19:33:53 2003
+@@ -67,7 +67,7 @@
+ ascmagic(unsigned char *buf, int nbytes)
+ {
+ int i;
+- char nbuf[HOWMANY+1]; /* one extra for terminating '\0' */
++ unsigned char nbuf[HOWMANY+1]; /* one extra for terminating '\0' */
+ unichar ubuf[HOWMANY+1]; /* one extra for terminating '\0' */
+ int ulen;
+ struct names *p;
+@@ -211,7 +211,8 @@
+ * compare the word thus isolated against the token list
+ */
+ for (p = names; p < names + NNAMES; p++) {
+- if (ascmatch(p->name, ubuf + i, end - i)) {
++ if (ascmatch((unsigned char *)p->name, ubuf + i,
++ end - i)) {
+ subtype = types[p->type].human;
+ subtype_mime = types[p->type].mime;
+ goto subtype_identified;
+@@ -565,7 +566,7 @@
+ return 0;
+ }
+
+- return 1;
++ return 1 + bigend;
+ }
+
+ #undef F
+--- file-3.39/readelf.c Wed Jul 3 20:26:38 2002
++++ file-3.41/readelf.c Tue Feb 25 16:30:00 2003
+@@ -92,18 +92,27 @@
+ #define sh_addr (class == ELFCLASS32 \
+ ? (void *) &sh32 \
+ : (void *) &sh64)
++#define sh_size (class == ELFCLASS32 \
++ ? sizeof sh32 \
++ : sizeof sh64)
+ #define shs_type (class == ELFCLASS32 \
+ ? getu32(swap, sh32.sh_type) \
+ : getu32(swap, sh64.sh_type))
+ #define ph_addr (class == ELFCLASS32 \
+ ? (void *) &ph32 \
+ : (void *) &ph64)
++#define ph_size (class == ELFCLASS32 \
++ ? sizeof ph32 \
++ : sizeof ph64)
+ #define ph_type (class == ELFCLASS32 \
+ ? getu32(swap, ph32.p_type) \
+ : getu32(swap, ph64.p_type))
+ #define ph_offset (class == ELFCLASS32 \
+ ? getu32(swap, ph32.p_offset) \
+ : getu64(swap, ph64.p_offset))
++#define ph_align (class == ELFCLASS32 \
++ ? (ph32.p_align ? getu32(swap, ph32.p_align) : 4) \
++ : (ph64.p_align ? getu64(swap, ph64.p_align) : 4))
+ #define nh_size (class == ELFCLASS32 \
+ ? sizeof *nh32 \
+ : sizeof *nh64)
+@@ -126,11 +135,14 @@
+ Elf32_Shdr sh32;
+ Elf64_Shdr sh64;
+
++ if (size != sh_size)
++ error("corrupted section header size.\n");
++
+ if (lseek(fd, off, SEEK_SET) == -1)
+ error("lseek failed (%s).\n", strerror(errno));
+
+ for ( ; num; num--) {
+- if (read(fd, sh_addr, size) == -1)
++ if (read(fd, sh_addr, sh_size) == -1)
+ error("read failed (%s).\n", strerror(errno));
+ if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
+ (void) printf (", not stripped");
+@@ -157,13 +169,18 @@
+ char nbuf[BUFSIZ];
+ int bufsize;
+ size_t offset, nameoffset;
++ off_t savedoffset;
+
++ if (size != ph_size)
++ error("corrupted program header size.\n");
+ if (lseek(fd, off, SEEK_SET) == -1)
+ error("lseek failed (%s).\n", strerror(errno));
+
+ for ( ; num; num--) {
+- if (read(fd, ph_addr, size) == -1)
++ if (read(fd, ph_addr, ph_size) == -1)
+ error("read failed (%s).\n", strerror(errno));
++ if ((savedoffset = lseek(fd, 0, SEEK_CUR)) == -1)
++ error("lseek failed (%s).\n", strerror(errno));
+
+ switch (ph_type) {
+ case PT_DYNAMIC:
+@@ -179,7 +196,7 @@
+ */
+ if (lseek(fd, (off_t) ph_offset, SEEK_SET) == -1)
+ error("lseek failed (%s).\n", strerror(errno));
+- bufsize = read(fd, nbuf, BUFSIZ);
++ bufsize = read(fd, nbuf, sizeof(nbuf));
+ if (bufsize == -1)
+ error(": " "read failed (%s).\n",
+ strerror(errno));
+@@ -202,7 +219,14 @@
+
+ nameoffset = offset;
+ offset += nh_namesz;
+- offset = ((offset + 3)/4)*4;
++ offset = ((offset+ph_align-1)/ph_align)*ph_align;
++
++ if ((nh_namesz == 0) && (nh_descsz == 0)) {
++ /*
++ * We're out of note headers.
++ */
++ break;
++ }
+
+ if (offset + nh_descsz >= bufsize)
+ break;
+@@ -277,6 +301,8 @@
+ /* Content of note is always 0 */
+ }
+ }
++ if ((lseek(fd, savedoffset + offset, SEEK_SET)) == -1)
++ error("lseek failed (%s).\n", strerror(errno));
+ break;
+ }
+ }
+@@ -345,13 +371,15 @@
+ int bufsize;
+ int os_style = -1;
+
++ if (size != ph_size)
++ error("corrupted program header size.\n");
+ /*
+ * Loop through all the program headers.
+ */
+ for ( ; num; num--) {
+ if (lseek(fd, off, SEEK_SET) == -1)
+ error("lseek failed (%s).\n", strerror(errno));
+- if (read(fd, ph_addr, size) == -1)
++ if (read(fd, ph_addr, ph_size) == -1)
+ error("read failed (%s).\n", strerror(errno));
+ off += size;
+ if (ph_type != PT_NOTE)
+--- file-3.39/softmagic.c Wed Jul 3 20:26:38 2002
++++ file-3.41/softmagic.c Tue Feb 25 14:04:32 2003
+@@ -105,7 +105,8 @@
+ int firstline = 1; /* a flag to print X\n X\n- X */
+
+ if (tmpoff == NULL)
+- if ((tmpoff = (int32_t *) malloc(tmplen = 20)) == NULL)
++ if ((tmpoff = (int32_t *) malloc(
++ (tmplen = 20) * sizeof(*tmpoff))) == NULL)
+ error("out of memory\n");
+
+ for (magindex = 0; magindex < nmagic; magindex++) {
+@@ -137,7 +138,7 @@
+ /* and any continuations that match */
+ if (++cont_level >= tmplen)
+ if ((tmpoff = (int32_t *) realloc(tmpoff,
+- tmplen += 20)) == NULL)
++ (tmplen += 20) * sizeof(*tmpoff))) == NULL)
+ error("out of memory\n");
+ while (magic[magindex+1].cont_level != 0 &&
+ ++magindex < nmagic) {
+@@ -184,7 +185,8 @@
+ if (++cont_level >= tmplen)
+ if ((tmpoff =
+ (int32_t *) realloc(tmpoff,
+- tmplen += 20)) == NULL)
++ (tmplen += 20)
++ * sizeof(*tmpoff))) == NULL)
+ error("out of memory\n");
+ }
+ if (magic[magindex].flag & OFFADD) {
+@@ -564,9 +566,10 @@
+ * offset is interpreted as last line to search,
+ * (starting at 1), not as bytes-from start-of-file
+ */
+- char *last = NULL;
+- p->buf = s;
+- for (; offset && (s = strchr(s, '\n')) != NULL; offset--, s++)
++ unsigned char *last = NULL;
++ p->buf = (char *)s;
++ for (; offset && (s = (unsigned char *)strchr(s, '\n')) != NULL;
++ offset--, s++)
+ last = s;
+ if (last != NULL)
+ *last = '\0';
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/file/file.spec
============================================================================
$ cvs diff -u -r1.21.2.2 -r1.21.2.3 file.spec
--- openpkg-src/file/file.spec 25 Nov 2002 13:03:05 -0000 1.21.2.2
+++ openpkg-src/file/file.spec 4 Mar 2003 16:06:49 -0000 1.21.2.3
@@ -1,8 +1,8 @@
##
## file.spec -- OpenPKG RPM Specification
-## Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH
-## Copyright (c) 2000-2002 The OpenPKG Project <http://www.openpkg.org/>
-## Copyright (c) 2000-2002 Ralf S. Engelschall <[EMAIL PROTECTED]>
+## Copyright (c) 2000-2003 Cable & Wireless Deutschland GmbH
+## Copyright (c) 2000-2003 The OpenPKG Project <http://www.openpkg.org/>
+## Copyright (c) 2000-2003 Ralf S. Engelschall <[EMAIL PROTECTED]>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
@@ -33,10 +33,11 @@
Group: Filesystem
License: BSD
Version: 3.39
-Release: 1.1.1
+Release: 1.1.2
# list of sources
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
+Patch0: file.patch
# build information
Prefix: %{l_prefix}
@@ -52,6 +53,7 @@
%prep
%setup -q
+ %patch -p1
%build
%{l_shtool} subst \
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.3534 -r1.3535 news.txt
--- openpkg-web/news.txt 4 Mar 2003 16:04:14 -0000 1.3534
+++ openpkg-web/news.txt 4 Mar 2003 16:06:47 -0000 1.3535
@@ -1,3 +1,4 @@
+04-Mar-2003: Upgraded package: P<file-3.39-1.1.2>
04-Mar-2003: Upgraded package: P<file-3.39-1.2.1>
04-Mar-2003: Upgraded package: P<openpkg-tool-20030304-20030304>
04-Mar-2003: Upgraded package: P<gcc33-3.3s20030303-20030304>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
