1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
From 1df558c6a03f82c7ffa42bc0a49b4561d3cceb92 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Tue, 25 Mar 2014 10:58:50 +0100
Subject: [PATCH] Fixed bug #66946 extensive backtracking in awk rule regular
expression CVE-2013-7345
Applied upstream patch:
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c
Add the magicdata.patch to track patches applied to upstream data file.
---
ext/fileinfo/magicdata.patch | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
create mode 100644 ext/fileinfo/magicdata.patch
diff --git a/ext/fileinfo/magicdata.patch b/ext/fileinfo/magicdata.patch
new file mode 100644
index 0000000..26d3bbb
--- /dev/null
+++ b/ext/fileinfo/magicdata.patch
@@ -0,0 +1,39 @@
+Patches applied to file sources tree before generating magic.mgc
+and before running create_data_file.php to create data_file.c.
+
+
+
+From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 25 Mar 2013 14:06:55 +0000
+Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking
+ Carsten Wolff
+
+---
+ magic/Magdir/commands | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index 67c3eee..4a7d8dd 100644
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -1,6 +1,6 @@
+
+ #------------------------------------------------------------------------------
+-# $File: commands,v 1.44 2013/02/05 15:20:47 christos Exp $
++# $File: commands,v 1.45 2013/02/06 14:18:52 christos Exp $
+ # commands: file(1) magic for various shells and interpreters
+ #
+ #0 string/w : shell archive or script for antique kernel text
+@@ -49,7 +49,7 @@
+ !:mime text/x-awk
+ 0 string/wt #!\ /usr/bin/awk awk script text executable
+ !:mime text/x-awk
+-0 regex =^\\s*BEGIN\\s*[{] awk script text
++0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text
+
+ # AT&T Bell Labs' Plan 9 shell
+ 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable
+--
+1.8.5.5
+
--
1.8.4.3
|
