Hello community, here is the log from the commit of package file for openSUSE:Factory checked in at 2019-10-25 18:39:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/file (Old) and /work/SRC/openSUSE:Factory/.file.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "file" Fri Oct 25 18:39:12 2019 rev:114 rq:741869 version:5.37 Changes: -------- --- /work/SRC/openSUSE:Factory/file/file.changes 2019-07-13 13:33:30.787349922 +0200 +++ /work/SRC/openSUSE:Factory/.file.new.2990/file.changes 2019-10-25 18:39:16.355735118 +0200 @@ -1,0 +2,11 @@ +Tue Oct 22 13:24:26 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream + to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c + +------------------------------------------------------------------- +Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Let python-magic build with latest rpm + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/file/python-magic.changes 2019-06-12 13:02:15.637285411 +0200 +++ /work/SRC/openSUSE:Factory/.file.new.2990/python-magic.changes 2019-10-25 18:39:17.167735882 +0200 @@ -1,0 +2,5 @@ +Mon Oct 14 13:40:13 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Let python-magic build with latest rpm + +------------------------------------------------------------------- @@ -4 +9 @@ -- - Correct version of file which is now 5.37 +- Correct version of file which is now 5.37 New: ---- CVE-2019-18218-46a8443f.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.px2gQ5/_old 2019-10-25 18:39:18.243736895 +0200 +++ /var/tmp/diff_new_pack.px2gQ5/_new 2019-10-25 18:39:18.247736899 +0200 @@ -35,7 +35,7 @@ Summary: A Tool to Determine File Types License: BSD-2-Clause Group: Productivity/File utilities -Source: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz +Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz Source2: baselibs.conf Source3: file-rpmlintrc Source4: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz.asc @@ -65,6 +65,7 @@ Patch37: file-secure_getenv.patch Patch39: file-5.28-btrfs-image.dif Patch42: file-upstream.patch +Patch43: CVE-2019-18218-46a8443f.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir /etc %global _miscdir %{_datadir}/misc @@ -134,6 +135,7 @@ %patch37 -p1 -b .getenv %patch39 -p1 -b .btrfs %patch42 -p0 -b .tmp +%patch43 -p0 -b .CVE-2019-18218 %patch -b .0 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in rm -fv src/magic.h ++++++ python-magic.spec ++++++ --- /var/tmp/diff_new_pack.px2gQ5/_old 2019-10-25 18:39:18.263736915 +0200 +++ /var/tmp/diff_new_pack.px2gQ5/_new 2019-10-25 18:39:18.267736918 +0200 @@ -18,7 +18,6 @@ # PyPI package name is file-magic. Version is taken from setup.py %define file_magic_version 0.3.0 - %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-magic @@ -33,8 +32,8 @@ Summary: Python module to use libmagic License: BSD-3-Clause AND BSD-4-Clause Group: Development/Languages/Python +%{expand:%(sed -n -e '/^Source0\?:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)} Source99: file.spec -%{expand:%(sed -n -e '/^Source:/,/^BuildRoot:/p' <%{_sourcedir}/file.spec)} Requires: libmagic1 Provides: python-file-magic = %{file_magic_version} %global _miscdir %{_datadir}/misc @@ -49,7 +48,6 @@ %{expand:%(sed -n -e '/^%%prep/,/^%%build/p' <%{_sourcedir}/file.spec | sed -e '1d' -e '$d')} ln -sf README.md python/README -%build pushd python %python_build popd ++++++ CVE-2019-18218-46a8443f.patch ++++++ >From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001 From: Christos Zoulas <[email protected]> Date: Mon, 26 Aug 2019 14:31:39 +0000 Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) --- src/cdf.c | 7 +++---- src/cdf.h | 1 + 2 files changed, 4 insertions(+), 4 deletions(-) --- src/cdf.c +++ src/cdf.c 2019-10-22 13:05:01.410441092 +0000 @@ -968,8 +968,9 @@ cdf_read_property_info(const cdf_stream_ goto out; } nelements = CDF_GETUINT32(q, 1); - if (nelements == 0) { - DPRINTF(("CDF_VECTOR with nelements == 0\n")); + if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { + DPRINTF(("CDF_VECTOR with nelements == %" + SIZE_T_FORMAT "u\n", nelements)); goto out; } slen = 2; @@ -1011,8 +1012,6 @@ cdf_read_property_info(const cdf_stream_ goto out; inp += nelem; } - DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", - nelements)); for (j = 0; j < nelements && i < sh.sh_properties; j++, i++) { --- src/cdf.h +++ src/cdf.h 2019-10-22 13:05:01.422440872 +0000 @@ -48,6 +48,7 @@ typedef int32_t cdf_secid_t; #define CDF_LOOP_LIMIT 10000 +#define CDF_ELEMENT_LIMIT 100000 #define CDF_SECID_NULL 0 #define CDF_SECID_FREE -1
