diff --git a/file-5.14-CVE-2013-7345.patch b/file-5.14-CVE-2013-7345.patch new file mode 100644 index 0000000..5a0374d --- /dev/null +++ b/file-5.14-CVE-2013-7345.patch @@ -0,0 +1,26 @@ +From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 25 Mar 2013 14:06:55 +0000 +Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking + Carsten Wolff + +--- + magic/Magdir/commands | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 67c3eee..4a7d8dd 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -49,7 +49,7 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex =^\\s*BEGIN\\s*[{] awk script text ++0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable +-- +1.8.5.5 + diff --git a/file.spec b/file.spec index 498b178..96fa380 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.14 -Release: 17%{?dist} +Release: 18%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -26,6 +26,7 @@ Patch12: file-5.14-journald.patch Patch13: file-5.14-magic_load.patch Patch14: file-5.14-CVE-2014-1943.patch Patch15: file-5.14-CVE-2014-2270.patch +Patch16: file-5.14-CVE-2013-7345.patch URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -102,6 +103,7 @@ file(1) command. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 iconv -f iso-8859-1 -t utf-8 < doc/libmagic.man > doc/libmagic.man_ touch -r doc/libmagic.man doc/libmagic.man_ @@ -198,6 +200,9 @@ cd %{py3dir} %endif %changelog +* Mon Mar 24 2014 Jan Kaluza - 5.14-18 +- fix #1079847 - fix for CVE-2013-7345 + * Fri Mar 07 2014 Jan Kaluza - 5.14-17 - fix #1073555 - fix for CVE-2014-2270