file: update to 5.21.

This commit is contained in:
Eivind Uggedal 2014-12-11 10:05:19 +00:00
parent 6e13dcbaff
commit 0d2007627a
2 changed files with 3 additions and 23 deletions

View file

@ -1,20 +0,0 @@
Fix note bounds reading, Francisco Alonso / Red Hat
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
--- src/readelf.c
+++ src/readelf.c
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ if (xnh_sizeof + offset > size) {
+ /*
+ * We're out of note headers.
+ */
+ return xnh_sizeof + offset;
+ }
+
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;

View file

@ -1,7 +1,7 @@
# Template file for 'file' # Template file for 'file'
pkgname=file pkgname=file
version=5.20 version=5.21
revision=2 revision=1
bootstrap=yes bootstrap=yes
build_style=gnu-configure build_style=gnu-configure
configure_args="--enable-static" configure_args="--enable-static"
@ -12,7 +12,7 @@ maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.darwinsys.com/file/" homepage="http://www.darwinsys.com/file/"
license="BSD" license="BSD"
distfiles="ftp://ftp.astron.com/pub/file/file-${version}.tar.gz" distfiles="ftp://ftp.astron.com/pub/file/file-${version}.tar.gz"
checksum=5bc36bfbb83a009da25a7174848f1bc5824be03192a8fdce7f83dc897ed2d247 checksum=1a48741d3923c4cc73267109b8a396c0ce3aebe004181f3efb1b0a228d230bb6
libmagic_package() { libmagic_package() {
short_desc="File type identification library" short_desc="File type identification library"