[
https://issues.apache.org/jira/browse/HADOOP-11906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14529696#comment-14529696
]
Colin Patrick McCabe commented on HADOOP-11906:
-----------------------------------------------
GNU file (aka libmagic) had some security vulnerabilities. A little googling
turns up CVE-2014-2270 and CVE-2012-1571. I'd be wary of running it on
untrusted input. Perhaps we could use something like the new BSD file
implementation? http://marc.info/?l=openbsd-cvs&m=142989267412968&w=2
> test-patch.sh should use 'file' command for patch determinism
> -------------------------------------------------------------
>
> Key: HADOOP-11906
> URL: https://issues.apache.org/jira/browse/HADOOP-11906
> Project: Hadoop Common
> Issue Type: Test
> Reporter: Allen Wittenauer
> Assignee: Sean Busbey
>
> test-patch.sh currently restricts patches to the extension .patch. It might
> be useful to also check if the file command says it is a diff. This would
> allow us to determine if files that end in .txt are actually patches.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
