Your message dated Mon, 19 Mar 2007 14:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#393775: fixed in file 4.20-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: file
Version: 4.17-4
Severity: normal
Tags: patch
There are a few one byte patterns in /usr/share/file/magic
which can to bad effects. Especially the ones that result
in "executable" having a change on 1 out of 256 to happen
on random binary files.
Use case:
Amavisd uses file to see if the scanned file is an executable.
Openoffice.org's encrypted files within in the .sxw zip file
can be treated as random files. Within the .sxw zip file there
are several files that are encrypted. One out of 100 or so
email attachments as .sxw will possibly be banned as MS executable.
See https://intevation.de/roundup/kolab/issue1458 for more
a server application that got hit by the bug.
To test for the problem:
printf \\xb8\\x1a\\x0a | file -
/dev/stdin: COM executable for DOS
For Sarge this problem does not exist as big,
because those patterns are commented out.
To find the potentially dangerous patterns:
awk '/^[^>#].*( |\t)byte/ {print $0;} ' /usr/share/file/magic
0 byte 0xe9 DOS executable (COM)
0 byte 0x8c DOS executable (COM)
0 byte 0xeb DOS executable (COM)
0 byte 0xb8 COM executable
Proposed solution:
Alternative a) Comment out the short executable patterns.
Alternative b) Use the magic format feature to print data when
the first byte is met and print more for further level
check.
Drawback: Is might leave "data" and "executable" on
one printout message, which might not be expected.
A patch for b) is attached.
Best,
Bernhard
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.11-eione1
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages file depends on:
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libmagic1 4.17-4 File type determination library us
file recommends no packages.
-- no debconf information
--- /kolab/share/file.org/magic 2005-12-18 22:23:34.000000000 +0100
+++ /kolab/share/file/magic 2006-10-17 20:15:13.554411551 +0200
@@ -7951,15 +7951,15 @@
# Uncommenting only the first two lines will cover about 2/3 of COM files,
# but it isn't feasible to match all COM files since there must be at least
# two dozen different one-byte "magics".
-0 byte 0xe9 MS-DOS executable (COM)
->6 string SFX\ of\ LHarc (%s)
-0 byte 0x8c MS-DOS executable (COM)
+0 byte 0xe9 data
+>6 string SFX\ of\ LHarc MS-DOS executable (COM) (%s)
+#0 byte 0x8c MS-DOS executable (COM)
# 0xeb conflicts with "sequent" magic
-0 byte 0xeb MS-DOS executable (COM)
->4 string \ $ARX \b, ARX self-extracting archive
->4 string \ $LHarc \b, LHarc self-extracting archive
->0x20e string SFX\ by\ LARC \b, LARC self-extracting archive
-0 byte 0xb8 COM executable for MS-DOS
+0 byte 0xeb data
+>4 string \ $ARX MS-DOS executable (COM), ARX
self-extracting archive
+>4 string \ $LHarc MS-DOS executable (COM), LHarc
self-extracting archive
+>0x20e string SFX\ by\ LARC MS-DOS executable (COM), LARC
self-extracting archive
+#0 byte 0xb8 COM executable for MS-DOS
# many compressed/converted COMs start with a copy loop instead of a jump
0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS
0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for MS-DOS
--- End Message ---
--- Begin Message ---
Source: file
Source-Version: 4.20-1
We believe that the bug you reported is fixed in the latest version of
file, which is due to be installed in the Debian FTP archive:
file_4.20-1.diff.gz
to pool/main/f/file/file_4.20-1.diff.gz
file_4.20-1.dsc
to pool/main/f/file/file_4.20-1.dsc
file_4.20-1_i386.deb
to pool/main/f/file/file_4.20-1_i386.deb
file_4.20.orig.tar.gz
to pool/main/f/file/file_4.20.orig.tar.gz
libmagic-dev_4.20-1_i386.deb
to pool/main/f/file/libmagic-dev_4.20-1_i386.deb
libmagic1_4.20-1_i386.deb
to pool/main/f/file/libmagic1_4.20-1_i386.deb
python-magic_4.20-1_i386.deb
to pool/main/f/file/python-magic_4.20-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Piefel <[EMAIL PROTECTED]> (supplier of updated file package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 19 Mar 2007 14:55:46 +0100
Source: file
Binary: libmagic1 file libmagic-dev python-magic
Architecture: source i386
Version: 4.20-1
Distribution: unstable
Urgency: high
Maintainer: Michael Piefel <[EMAIL PROTECTED]>
Changed-By: Michael Piefel <[EMAIL PROTECTED]>
Description:
file - Determines file type using "magic" numbers
libmagic-dev - File type determination library (development)
libmagic1 - File type determination library using "magic" numbers
python-magic - Python binding for the magic library
Closes: 308394 324889 339618 345834 366986 392009 393775 394514 394523 401839
402058 402062 409895 415362
Changes:
file (4.20-1) unstable; urgency=high
.
* New upstream version
- Fixes supposed vulnerability in the file_fprintf in funcs.c
(closes: #415362 and justifies urgency)
- MPEG ADTS signedness fixed (closes: #392009)
- Better TeX/LaTeX magic (closes: #402062)
- Better XML mimetype magic (closes: #345834)
- More linespacing in manpage (closes: #402058)
* Revert URL in copyright file (see #406820), as the old one is supposed to
be correct, even if it disappeared temporarily.
* Fixed typo in manpage (closes: #394514)
* Make Perl script entries consistent (closes: #394523)
* Disable second MS Installer entry (closes: #409895)
* Disable one-byte magic for COM (closes: #393775, #339618)
* audio/midi mimetype (closes: #401839)
* Enable gzip mimetype magic (closes: #324889)
* Disabled some QuickTime entries (ASCII words, closes: #366986, #308394)
Files:
17a102e193d7cd5bc6c29bd17ae86244 683 utils standard file_4.20-1.dsc
402bdb26356791bd5d277099adacc006 548393 utils standard file_4.20.orig.tar.gz
f771950fc68189af186ff75359dabd9b 24033 utils standard file_4.20-1.diff.gz
701521811d46f3235a402c1de57c0e51 34688 utils standard file_4.20-1_i386.deb
422ee52caabefc1f89e7e3643f281adf 319604 libs standard libmagic1_4.20-1_i386.deb
128c90a0c5b818f5d813e39a432c7b96 61288 libdevel optional
libmagic-dev_4.20-1_i386.deb
344671b12e05c1f2b9c4408029b32ef8 25012 python extra
python-magic_4.20-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF/pn15GwONXmN2VwRAviwAJ9j4bQ+7E+Ec3oSud2FikjOd3dacgCdHp9E
5WiQFQ/99qi2+YmMyvc9bDY=
=K3D2
-----END PGP SIGNATURE-----
--- End Message ---
