[arch-commits] Commit in file/trunk (01-cve-2014-3710.patch PKGBUILD)

Sébastien Luttringer seblu at archlinux.org
Wed Nov 12 18:22:32 UTC 2014


    Date: Wednesday, November 12, 2014 @ 19:22:32
  Author: seblu
Revision: 226129

upgpkg: file 5.20-2

- fix FS#42759

Added:
  file/trunk/01-cve-2014-3710.patch
Modified:
  file/trunk/PKGBUILD

------------------------+
 01-cve-2014-3710.patch |   18 ++++++++++++++++++
 PKGBUILD               |   15 ++++++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

Added: 01-cve-2014-3710.patch
===================================================================
--- 01-cve-2014-3710.patch	                        (rev 0)
+++ 01-cve-2014-3710.patch	2014-11-12 18:22:32 UTC (rev 226129)
@@ -0,0 +1,18 @@
+diff --git a/src/readelf.c b/src/readelf.c
+index 08f81f5..9ebdebd 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ 	uint32_t namesz, descsz;
+ 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ 
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+ 

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-11-12 18:16:10 UTC (rev 226128)
+++ PKGBUILD	2014-11-12 18:22:32 UTC (rev 226129)
@@ -5,7 +5,7 @@
 
 pkgname=file
 pkgver=5.20
-pkgrel=1
+pkgrel=2
 pkgdesc='File type identification utility'
 arch=('i686' 'x86_64')
 license=('custom')
@@ -12,9 +12,16 @@
 groups=('base' 'base-devel')
 url='http://www.darwinsys.com/file/'
 depends=('glibc' 'zlib')
-source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz")
-md5sums=('5d5e13eb3e0e13839da869a31790faf2')
+source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"
+		'01-cve-2014-3710.patch')
+md5sums=('5d5e13eb3e0e13839da869a31790faf2'
+         'dde0002f513f44c4ef6c2152f0ece4ed')
 
+prepare() {
+  # https://bugs.archlinux.org/task/42759
+  patch -p1 -d $pkgname-$pkgver < '01-cve-2014-3710.patch'
+}
+
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr --datadir=/usr/share/file
@@ -27,3 +34,5 @@
   install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/COPYING"
   rmdir "$pkgdir/usr/share/man/man5"
 }
+
+# vim:set ts=2 sw=2 et:


More information about the arch-commits mailing list