Bug#742265: addendum

Fri, 21 Mar 2014 15:15:34 -0700 

severity 742262 important
merge 742262 742265
tags 742262 confirmed
thanks

René Bleisch wrote...

> I guess its somewhat related to the fix of Bug 703993
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993),

Correct.

> which had something to do with awks "BEGIN{ }".
> Is there now a mechanism like "if file contains BEGIN{...}$ then its
> an awk-file" ?
> This would then be wrong, because perl also uses a BEGIN{...} block

It's a bit more complicated: The fix for the above issue also
influenced the order patterns are checked. As a result, the awk
pattern is now checked *before* the Perl pattern. I'll try to have
that fixed by another upgrade.

For the time being, apply the patch below and rebuild the file
package. Only /usr/share/file/magic.mgc needs to be replaced. I'd be
glad if you could confirm this fixes the regression.

Re-using the old magic from 5.11-2+deb7u1 as suggested in the list is
a bad idea when checking files from unknown sources, so do this as a
last resort only.

Oh, and from your other mail:

> In the meantime, I found out, that another person also submitted a bug
> report about the same issue nearly at the same time
> (Bug 742262, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742262).
>
> We are both users of FAI, which is affected by this.

This is not entirely accurate ... Robert Schüttler told me in IRC
about the FAI mailing list thread, I filed this bug against my own
package so this is documented and people have a chance to learn about
it. You were faster :)

Sorry for the hassle, will check more thoroughly next time.

    Christoph

diff --git a/debian/patches/DSA-2873-1-regression.patch b/debian/patches/DSA-2873-1-regression.patch
new file mode 100644
index 0000000..01ae3f1
--- /dev/null
+++ b/debian/patches/DSA-2873-1-regression.patch
@@ -0,0 +1,10 @@
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -50,6 +50,7 @@
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+ 0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
++!:strength - 12
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable
diff --git a/debian/patches/series b/debian/patches/series
index f652245..167d7d7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 CVE-2014-1943.patch
 limit-repetitions-in-awk-detection.patch
 CVE-2014-2270.patch
+DSA-2873-1-regression.patch

Attachment: signature.asc
Description: Digital signature

Reply via email to