[Frugalware-git] frugalware-current: file-5.14-5-x86_64

Sun, 05 Oct 2014 00:59:11 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=c9a5e3dc029d88c3f7695d0d5467b3c2b6afbd0a

commit c9a5e3dc029d88c3f7695d0d5467b3c2b6afbd0a
Author: kikadf <[email protected]>
Date:   Sun Oct 5 09:57:57 2014 +0200

file-5.14-5-x86_64

* Fix CVE-2014-3587

diff --git a/source/base/file/CVE-2014-3587.patch 
b/source/base/file/CVE-2014-3587.patch
new file mode 100644
index 0000000..52904f8
--- /dev/null
+++ b/source/base/file/CVE-2014-3587.patch
@@ -0,0 +1,21 @@
+Origin: 
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
+Subject: segfault in cd.c. Incomplete fix for CVE-2012-1571
+Author: Remi Collet
+
+---
+ src/cdf.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: b/src/cdf.c
+===================================================================
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -807,7 +807,7 @@
+               q = (const uint8_t *)(const void *)
+                   ((const char *)(const void *)p + ofs
+                   - 2 * sizeof(uint32_t));
+-              if (q > e) {
++              if (q < p || q > e) {
+                       DPRINTF(("Ran of the end %p > %p\n", q, e));
+                       goto out;
+               }
diff --git a/source/base/file/FrugalBuild b/source/base/file/FrugalBuild
index c7b95b3..d20ddc4 100644
--- a/source/base/file/FrugalBuild
+++ b/source/base/file/FrugalBuild
@@ -6,7 +6,7 @@ options+=('asneeded')

pkgname=file
pkgver=5.14
-pkgrel=4
+pkgrel=5
pkgdesc="File type identification utility"
url="http://www.darwinsys.com/file/";
depends=('glibc>=2.8-3' 'zlib>=1.2.3-6')
@@ -19,7 +19,8 @@ sha1sums=('064c8f17a5f7ae1e336a9285131e046d3b2d04d7')
# FSA fix ***
source=(${source[@]} CVE-2014-1943.patch CVE-2014-2270.patch CVE-2013-7345.patch
CVE-2014-0207.patch CVE-2014-3478.patch CVE-2014-3479.patch
-                     CVE-2014-3480.patch CVE-2014-3487.patch 
CVE-2014-3538.patch)
+                     CVE-2014-3480.patch CVE-2014-3487.patch 
CVE-2014-3538.patch
+                     CVE-2014-3587.patch)
sha1sums=(${sha1sums[@]} 'f8a3696fde7435dd431e4ac75cfc8629cb34725a' \
'6737050b7aff65c1dc1ff526be30e0d75a3cfaa6' \
'140369d478fba2ac770858dcc49fb6e06211026e' \
@@ -28,7 +29,8 @@ sha1sums=(${sha1sums[@]} 
'f8a3696fde7435dd431e4ac75cfc8629cb34725a' \
'fe1f00a3937fc1564bbf471df2048bf036cc24ff' \
'6bed490442e7c12d2e1f0dc79d744395aed5f0e5' \
'c03c4373c91fba10083837acec4573a489966ebc' \
-                         'a71644bb937cd3e944e02f31e4c8b42f66b4a0b8')
+                         'a71644bb937cd3e944e02f31e4c8b42f66b4a0b8' \
+                         '544580fd7be83615bca02d3b6c4a7c541f676885')
# ***********

_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to