pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/sysutils/file
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Mar 16 09:02:42 UTC 2019
Modified Files:
pkgsrc/sysutils/file: Makefile distinfo
pkgsrc/sysutils/file/patches: patch-src_readelf.c patch-src_softmagic.c
Added Files:
pkgsrc/sysutils/file/patches: patch-src_file.h patch-src_funcs.c
Log Message:
file: fix security issues, bump revision.
Fixes CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905,
CVE-2019-8907).
Patch by Matthias Ferdinand via email to pkgsrc-users.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/sysutils/file/Makefile
cvs rdiff -u -r1.31 -r1.32 pkgsrc/sysutils/file/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/sysutils/file/patches/patch-src_file.h
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/file/patches/patch-src_funcs.c
cvs rdiff -u -r1.1 -r1.2 pkgsrc/sysutils/file/patches/patch-src_readelf.c
cvs rdiff -u -r1.3 -r1.4 pkgsrc/sysutils/file/patches/patch-src_softmagic.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/sysutils/file/Makefile
diff -u pkgsrc/sysutils/file/Makefile:1.42 pkgsrc/sysutils/file/Makefile:1.43
--- pkgsrc/sysutils/file/Makefile:1.42 Sat Jun 30 09:27:02 2018
+++ pkgsrc/sysutils/file/Makefile Sat Mar 16 09:02:41 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.42 2018/06/30 09:27:02 bsiegert Exp $
+# $NetBSD: Makefile,v 1.43 2019/03/16 09:02:41 bsiegert Exp $
DISTNAME= file-5.32
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= sysutils
MASTER_SITES= ftp://ftp.astron.com/pub/file/
Index: pkgsrc/sysutils/file/distinfo
diff -u pkgsrc/sysutils/file/distinfo:1.31 pkgsrc/sysutils/file/distinfo:1.32
--- pkgsrc/sysutils/file/distinfo:1.31 Sat Jun 30 09:27:02 2018
+++ pkgsrc/sysutils/file/distinfo Sat Mar 16 09:02:41 2019
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.31 2018/06/30 09:27:02 bsiegert Exp $
+$NetBSD: distinfo,v 1.32 2019/03/16 09:02:41 bsiegert Exp $
SHA1 (file-5.32.tar.gz) = c2858a8043387d1229d8768ad42762a803d017db
RMD160 (file-5.32.tar.gz) = b7d41a4c6b2c28d9f202d740e353416e2036c1ef
SHA512 (file-5.32.tar.gz) = 315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f
Size (file-5.32.tar.gz) = 797025 bytes
SHA1 (patch-aa) = dc787ea0d77d7ba88bcb1e17d38b26b13153a1c5
+SHA1 (patch-src_file.h) = e4bd52e3b5674300a1b87f198ed4418a65997833
SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
-SHA1 (patch-src_readelf.c) = 2dca756d757509643f72937595c470378fb4f3d1
-SHA1 (patch-src_softmagic.c) = bd8871c9050ca521f02b62066d0023a5fbb2d168
+SHA1 (patch-src_funcs.c) = f86ed77c42d63290a602cb46625410cad8bb13b1
+SHA1 (patch-src_readelf.c) = 7f2f6c03050b6f49ef25d7991f368b8d3aab1e2b
+SHA1 (patch-src_softmagic.c) = 5a67d73bd4ecf7711f810ad4f4c0456248955c81
Index: pkgsrc/sysutils/file/patches/patch-src_readelf.c
diff -u pkgsrc/sysutils/file/patches/patch-src_readelf.c:1.1 pkgsrc/sysutils/file/patches/patch-src_readelf.c:1.2
--- pkgsrc/sysutils/file/patches/patch-src_readelf.c:1.1 Sat Jun 30 09:27:03 2018
+++ pkgsrc/sysutils/file/patches/patch-src_readelf.c Sat Mar 16 09:02:41 2019
@@ -1,4 +1,4 @@
-$NetBSD: patch-src_readelf.c,v 1.1 2018/06/30 09:27:03 bsiegert Exp $
+$NetBSD: patch-src_readelf.c,v 1.2 2019/03/16 09:02:41 bsiegert Exp $
apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
@@ -10,8 +10,32 @@ against https://nvd.nist.gov/vuln/detail
file.
...
+Avoid OOB read (found by ASAN reported by F. Alonso) (CVE-2019-8906)
+
+https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
+
+fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
+
+https://bugs.astron.com/view.php?id=62
+https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
+
--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
+++ src/readelf.c
+@@ -720,12 +720,12 @@ do_core_note(struct magic_set *ms, unsig
+ char sbuf[512];
+ struct NetBSD_elfcore_procinfo pi;
+ memset(&pi, 0, sizeof(pi));
+- memcpy(&pi, nbuf + doff, descsz);
++ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+
+ if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ file_printable(sbuf, sizeof(sbuf),
+- CAST(char *, pi.cpi_name)),
++ RCAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ elf_getu32(swap, pi.cpi_pid),
+ elf_getu32(swap, pi.cpi_euid),
+ elf_getu32(swap, pi.cpi_egid),
@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
cname = (unsigned char *)
@@ -22,3 +46,13 @@ against https://nvd.nist.gov/vuln/detail
continue;
/*
* Linux apparently appends a space at the end
+@@ -1564,7 +1565,8 @@ dophn_exec(struct magic_set *ms, int cla
+ return -1;
+ if (interp[0])
+ if (file_printf(ms, ", interpreter %s",
+- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
++ == -1)
+ return -1;
+ return 0;
+ }
Index: pkgsrc/sysutils/file/patches/patch-src_softmagic.c
diff -u pkgsrc/sysutils/file/patches/patch-src_softmagic.c:1.3 pkgsrc/sysutils/file/patches/patch-src_softmagic.c:1.4
--- pkgsrc/sysutils/file/patches/patch-src_softmagic.c:1.3 Tue Dec 12 03:11:51 2017
+++ pkgsrc/sysutils/file/patches/patch-src_softmagic.c Sat Mar 16 09:02:41 2019
@@ -1,8 +1,13 @@
-$NetBSD: patch-src_softmagic.c,v 1.3 2017/12/12 03:11:51 ryoon Exp $
+$NetBSD: patch-src_softmagic.c,v 1.4 2019/03/16 09:02:41 bsiegert Exp $
Fix functionality under NetBSD-current after format check change
https://mail-index.netbsd.org/source-changes/2017/12/11/msg090400.html
+fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
+
+https://bugs.astron.com/view.php?id=62
+https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
+
--- src/softmagic.c.orig 2017-07-21 10:29:00.000000000 +0000
+++ src/softmagic.c
@@ -121,6 +121,8 @@ private const char * __attribute__((__fo
@@ -14,3 +19,140 @@ https://mail-index.netbsd.org/source-cha
const char *ptr = fmtcheck(m->desc, def);
if (ptr == def)
file_magerror(ms,
+@@ -546,8 +548,8 @@ mprint(struct magic_set *ms, struct magi
+ case FILE_LESTRING16:
+ if (m->reln == '=' || m->reln == '!') {
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), m->value.s))
+- == -1)
++ file_printable(sbuf, sizeof(sbuf), m->value.s,
++ sizeof(m->value.s))) == -1)
+ return -1;
+ t = ms->offset + m->vallen;
+ }
+@@ -574,7 +576,8 @@ mprint(struct magic_set *ms, struct magi
+ }
+
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), str)) == -1)
++ file_printable(sbuf, sizeof(sbuf), str,
++ sizeof(p->s) - (str - p->s))) == -1)
+ return -1;
+
+ if (m->type == FILE_PSTRING)
+@@ -680,7 +683,7 @@ mprint(struct magic_set *ms, struct magi
+ return -1;
+ }
+ rval = file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), cp));
++ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ free(cp);
+
+ if (rval == -1)
+@@ -707,7 +710,8 @@ mprint(struct magic_set *ms, struct magi
+ break;
+ case FILE_DER:
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++ sizeof(ms->ms_value.s))) == -1)
+ return -1;
+ t = ms->offset;
+ break;
+@@ -1383,38 +1387,64 @@ mget(struct magic_set *ms, const unsigne
+ if (m->flag & INDIR) {
+ intmax_t off = m->in_offset;
+ const int sgn = m->in_op & FILE_OPSIGNED;
+- if (m->in_op & FILE_OPINDIRECT) {
+- const union VALUETYPE *q = CAST(const union VALUETYPE *,
+- ((const void *)(s + offset + off)));
+- if (OFFSET_OOB(nbytes, offset + off, sizeof(*q)))
+- return 0;
+- switch (cvt_flip(m->in_type, flip)) {
+- case FILE_BYTE:
+- off = SEXT(sgn,8,q->b);
+- break;
+- case FILE_SHORT:
+- off = SEXT(sgn,16,q->h);
+- break;
+- case FILE_BESHORT:
+- off = SEXT(sgn,16,BE16(q));
+- break;
+- case FILE_LESHORT:
+- off = SEXT(sgn,16,LE16(q));
+- break;
+- case FILE_LONG:
+- off = SEXT(sgn,32,q->l);
+- break;
+- case FILE_BELONG:
+- case FILE_BEID3:
+- off = SEXT(sgn,32,BE32(q));
+- break;
+- case FILE_LEID3:
+- case FILE_LELONG:
+- off = SEXT(sgn,32,LE32(q));
+- break;
+- case FILE_MELONG:
+- off = SEXT(sgn,32,ME32(q));
+- break;
++ if (m->in_op & FILE_OPINDIRECT) {
++ const union VALUETYPE *q = CAST(const union VALUETYPE *,
++ ((const void *)(s + offset + off)));
++ switch (cvt_flip(m->in_type, flip)) {
++ case FILE_BYTE:
++ if (OFFSET_OOB(nbytes, offset + off, 1))
++ return 0;
++ off = SEXT(sgn,8,q->b);
++ break;
++ case FILE_SHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
++ off = SEXT(sgn,16,q->h);
++ break;
++ case FILE_BESHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
++ off = SEXT(sgn,16,BE16(q));
++ break;
++ case FILE_LESHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
++ off = SEXT(sgn,16,LE16(q));
++ break;
++ case FILE_LONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
++ off = SEXT(sgn,32,q->l);
++ break;
++ case FILE_BELONG:
++ case FILE_BEID3:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
++ off = SEXT(sgn,32,BE32(q));
++ break;
++ case FILE_LEID3:
++ case FILE_LELONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
++ off = SEXT(sgn,32,LE32(q));
++ break;
++ case FILE_MELONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
++ off = SEXT(sgn,32,ME32(q));
++ break;
++ case FILE_BEQUAD:
++ if (OFFSET_OOB(nbytes, offset + off, 8))
++ return 0;
++ off = SEXT(sgn,64,BE64(q));
++ break;
++ case FILE_LEQUAD:
++ if (OFFSET_OOB(nbytes, offset + off, 8))
++ return 0;
++ off = SEXT(sgn,64,LE64(q));
++ break;
++ default:
++ abort();
+ }
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ fprintf(stderr, "indirect offs=%jd\n", off);
Added files:
Index: pkgsrc/sysutils/file/patches/patch-src_file.h
diff -u /dev/null pkgsrc/sysutils/file/patches/patch-src_file.h:1.3
--- /dev/null Sat Mar 16 09:02:42 2019
+++ pkgsrc/sysutils/file/patches/patch-src_file.h Sat Mar 16 09:02:41 2019
@@ -0,0 +1,18 @@
+$NetBSD: patch-src_file.h,v 1.3 2019/03/16 09:02:41 bsiegert Exp $
+
+fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
+
+https://bugs.astron.com/view.php?id=62
+https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
+
+--- src/file.h.orig 2017-08-28 13:39:18.000000000 +0000
++++ src/file.h
+@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsi
+ size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ size_t);
Index: pkgsrc/sysutils/file/patches/patch-src_funcs.c
diff -u /dev/null pkgsrc/sysutils/file/patches/patch-src_funcs.c:1.1
--- /dev/null Sat Mar 16 09:02:42 2019
+++ pkgsrc/sysutils/file/patches/patch-src_funcs.c Sat Mar 16 09:02:41 2019
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_funcs.c,v 1.1 2019/03/16 09:02:41 bsiegert Exp $
+
+fix PR/62: spinpx: limit size of file_printable. (CVE-2019-8904)
+
+https://bugs.astron.com/view.php?id=62
+https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b
+
+--- src/funcs.c.orig 2017-08-28 13:39:18.000000000 +0000
++++ src/funcs.c
+@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, fi
+ * convert string to ascii printable format.
+ */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+- char *ptr, *eptr;
++ char *ptr, *eptr = buf + bufsiz - 1;
+ const unsigned char *s = (const unsigned char *)str;
++ const unsigned char *es = s + slen;
+
+- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
+ if (isprint(*s)) {
+ *ptr++ = *s;
+ continue;
Home |
Main Index |
Thread Index |
Old Index