Hello community, here is the log from the commit of package file for openSUSE:Leap:15.2 checked in at 2020-05-19 14:08:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/file (Old) and /work/SRC/openSUSE:Leap:15.2/.file.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "file" Tue May 19 14:08:07 2020 rev:31 rq:806813 version:5.32 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/file/file.changes 2020-01-15 14:54:56.117572417 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.file.new.2738/file.changes 2020-05-19 14:08:38.651017681 +0200 @@ -1,0 +2,12 @@ +Tue Apr 14 21:03:45 UTC 2020 - Andreas Schwab <[email protected]> + +- file-5.24-nitpick.dif: remove obsolete patch (bsc#1169512) +- file-secure_getenv.patch: refresh + +------------------------------------------------------------------- +Tue Oct 22 13:24:26 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream + to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c + +------------------------------------------------------------------- Old: ---- file-5.24-nitpick.dif New: ---- CVE-2019-18218-46a8443f.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.MaFipi/_old 2020-05-19 14:08:39.127018606 +0200 +++ /var/tmp/diff_new_pack.MaFipi/_new 2020-05-19 14:08:39.131018614 +0200 @@ -58,11 +58,11 @@ Patch32: file-5.19-clicfs.dif Patch33: file-5.16-ocloexec.patch Patch34: file-5.23-endian.patch -Patch35: file-5.24-nitpick.dif Patch36: file-5.15-clear-invalid.patch Patch37: file-secure_getenv.patch Patch39: file-5.28-btrfs-image.dif Patch40: file-5.32-ncurses-6.1.patch +Patch43: CVE-2019-18218-46a8443f.patch # PATCH-FIX-USTREAM for bsc#1096974, bsc#1096984, and CVE-2018-10360 -- Avoid reading past the end of buffer Patch54: file-a642587a9c.patch # PATCH-FIX-USTREAM for bsc#1126117, bsc#1126118, bsc#1126119, CVE-2019-8905, CVE-2019-8906, and CVE-2019-8907 @@ -131,11 +131,11 @@ %patch32 -p0 -b .clicfs %patch33 -p0 -b .clexe %patch34 -p0 -b .endian -%patch35 -p0 -b .nitpick %patch36 -p1 -b .clear %patch37 -p1 -b .getenv %patch39 -p1 -b .btrfs %patch40 -p0 -b .nc61 +%patch43 -p0 -b .CVE-2019-18218 %patch54 -p0 %patch55 -p0 %patch -b .0 ++++++ CVE-2019-18218-46a8443f.patch ++++++ >From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001 From: Christos Zoulas <[email protected]> Date: Mon, 26 Aug 2019 14:31:39 +0000 Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) --- src/cdf.c | 7 +++---- src/cdf.h | 1 + 2 files changed, 4 insertions(+), 4 deletions(-) --- src/cdf.c +++ src/cdf.c 2019-10-22 13:05:01.410441092 +0000 @@ -955,8 +955,9 @@ cdf_read_property_info(const cdf_stream_ goto out; } nelements = CDF_GETUINT32(q, 1); - if (nelements == 0) { - DPRINTF(("CDF_VECTOR with nelements == 0\n")); + if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { + DPRINTF(("CDF_VECTOR with nelements == %" + SIZE_T_FORMAT "u\n", nelements)); goto out; } slen = 2; @@ -998,8 +999,6 @@ cdf_read_property_info(const cdf_stream_ goto out; inp += nelem; } - DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", - nelements)); for (j = 0; j < nelements && i < sh.sh_properties; j++, i++) { --- src/cdf.h +++ src/cdf.h 2019-10-22 13:05:01.422440872 +0000 @@ -48,6 +48,7 @@ typedef int32_t cdf_secid_t; #define CDF_LOOP_LIMIT 10000 +#define CDF_ELEMENT_LIMIT 100000 #define CDF_SECID_NULL 0 #define CDF_SECID_FREE -1 ++++++ file-secure_getenv.patch ++++++ --- /var/tmp/diff_new_pack.MaFipi/_old 2020-05-19 14:08:39.239018823 +0200 +++ /var/tmp/diff_new_pack.MaFipi/_new 2020-05-19 14:08:39.239018823 +0200 @@ -5,8 +5,10 @@ file-5.29/src/magic.c | 10 +++++----- 4 files changed, 16 insertions(+), 6 deletions(-) ---- file-5.29/configure.ac -+++ file-5.29/configure.ac 2016-11-24 09:13:33.451612426 +0000 +Index: file-5.32/configure.ac +=================================================================== +--- file-5.32.orig/configure.ac ++++ file-5.32/configure.ac @@ -97,6 +97,8 @@ AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_S #include <signal.h> #endif]) @@ -16,19 +18,10 @@ dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_OFF_T ---- file-5.29/src/file.c -+++ file-5.29/src/file.c 2016-11-24 09:13:33.451612426 +0000 -@@ -623,7 +623,7 @@ docprint(const char *opts, int def) - private void - help(void) - { -- const unsigned long posix = (unsigned long)getenv("POSIXLY_CORRECT"); -+ const unsigned long posix = (unsigned long)secure_getenv("POSIXLY_CORRECT"); - (void)fputs( - "Usage: file [OPTION...] [FILE...]\n" - "Determine type of FILEs.\n" ---- file-5.29/src/file.h -+++ file-5.29/src/file.h 2016-11-24 09:13:33.451612426 +0000 +Index: file-5.32/src/file.h +=================================================================== +--- file-5.32.orig/src/file.h ++++ file-5.32/src/file.h @@ -615,4 +615,12 @@ static const char *rcsid(const char *p) #define __RCSID(a) #endif @@ -42,8 +35,10 @@ +#endif + #endif /* __file_h__ */ ---- file-5.29/src/magic.c -+++ file-5.29/src/magic.c 2016-11-24 09:13:33.451612426 +0000 +Index: file-5.32/src/magic.c +=================================================================== +--- file-5.32.orig/src/magic.c ++++ file-5.32/src/magic.c @@ -185,7 +185,7 @@ get_default_magic(void) free(default_magic); default_magic = NULL;
