Hello community, here is the log from the commit of package file for openSUSE:Factory checked in at 2014-03-18 13:37:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/file (Old) and /work/SRC/openSUSE:Factory/.file.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "file" Changes: -------- --- /work/SRC/openSUSE:Factory/file/file.changes 2014-02-28 16:22:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.file.new/file.changes 2014-03-18 13:37:09.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Mar 17 14:04:24 UTC 2014 - [email protected] + +- Add patch + 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch + to finally fix bnc#866750 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/file/python-magic.changes 2014-02-28 16:22:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.file.new/python-magic.changes 2014-03-18 13:37:09.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Feb 28 11:17:12 CET 2014 - [email protected] + +- adapt version in specfile to 5.17 + +------------------------------------------------------------------- New: ---- 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.g0JXGU/_old 2014-03-18 13:37:10.000000000 +0100 +++ /var/tmp/diff_new_pack.g0JXGU/_new 2014-03-18 13:37:10.000000000 +0100 @@ -61,6 +61,8 @@ Patch34: file-5.12-endian.patch Patch35: file-5.12-nitpick.dif Patch36: file-5.15-clear-invalid.patch +# PATCH-FIX-USTREAM last patch for bnc#866750 - CVE-2014-2270: file: crash when parsing some PE executables +Patch37: 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir /etc %global _miscdir %{_datadir}/misc @@ -126,6 +128,7 @@ %patch34 -p0 -b .endian %patch35 -p0 -b .nitpick %patch36 -p1 -b .clear +%patch37 -p0 -b .CVE-2014-2270 %patch -b .0 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in ++++++ 0001-off-by-one-in-out-of-bounds-calculations-Jan-Kaluza.patch ++++++ >From 70c65d2e1841491f59168db1f905e8b14083fb1c Mon Sep 17 00:00:00 2001 From: Christos Zoulas <[email protected]> Date: Tue, 4 Mar 2014 17:42:19 +0000 Subject: [PATCH] off by one in out of bounds calculations (Jan Kaluza) --- src/softmagic.c | 4 +- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git src/softmagic.c src/softmagic.c index 170de95..5ed3998 100644 --- src/softmagic.c +++ src/softmagic.c @@ -72,7 +72,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *); private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); -#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. -- 1.7.9.2 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
