--- /dev/null
+commit 0641e56be1af003aa02c7c6b0184466540637233
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Thu Aug 7 09:38:35 2014 +0000
+
+ Prevent wrap around (Remi Collet at redhat)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 5dbf3b1..3e691f4 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -35,7 +35,7 @@
+ #include "file.h"
+
+ #ifndef lint
+-FILE_RCSID("@(#)$File: cdf.c,v 1.63 2014/06/09 13:04:37 christos Exp $")
++FILE_RCSID("@(#)$File: cdf.c,v 1.64 2014/07/24 19:35:39 christos Exp $")
+ #endif
+
+ #include <assert.h>
+@@ -835,6 +835,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ q = (const uint8_t *)(const void *)
+ ((const char *)(const void *)p + ofs
+ - 2 * sizeof(uint32_t));
++ if (q < p) {
++ DPRINTF(("Wrapped around %p < %p\n", q, p));
++ goto out;
++ }
+ if (q > e) {
+ DPRINTF(("Ran of the end %p > %p\n", q, e));
+ goto out;
Summary(zh_TW.UTF-8): 用於決定檔案類型的一個工具程式。
Name: file
Version: 5.19
-Release: 1
+Release: 2
License: distributable
Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/%{name}-%{version}.tar.gz
Patch0: %{name}-selinux.patch
Patch1: searchpath.patch
Patch2: automake.patch
+Patch3: %{name}-CVE-2014-3587.patch
URL: http://www.darwinsys.com/file/
BuildRequires: autoconf >= 2.50
BuildRequires: automake
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%if "%{cc_version}" < "3.4"
%{__sed} -i -e 's,-Wextra,,' configure.ac
projects / packages / file.git / commitdiff