Import Debian version 5.11-2+deb7u2

debian/patches/CVE-2014-2270.patch

@@ -0,0 +1,153 @@
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Wed Jan 8 22:22:54 2014 +0000
+Last-Update: 2014-03-05
+Upstream-Commit:
+    447558595a3650db2886cd2f416ad0beba965801
+    70c65d2e1841491f59168db1f905e8b14083fb1c
+Description:
+ PR/313: Aaron Reffett: Check properly for exceeding the offset.
+ .
+ off by one in out of bounds calculations (Jan Kaluza)
+ .
+ CVE-2014-2270
+ Backport for 5.11: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -60,6 +60,7 @@
+ private void cvt_32(union VALUETYPE *, const struct magic *);
+ private void cvt_64(union VALUETYPE *, const struct magic *);
+ 
++#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
+ /*
+  * softmagic - lookup one file in parsed, in-memory copy of database
+  * Passed the name and FILE * of one file to be typed.
+@@ -1080,7 +1081,7 @@
+ 		}
+ 		switch (m->in_type) {
+ 		case FILE_BYTE:
+-			if (nbytes < (offset + 1))
++			if (OFFSET_OOB(nbytes, offset, 1))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1115,7 +1116,7 @@
+ 				offset = ~offset;
+ 			break;
+ 		case FILE_BESHORT:
+-			if (nbytes < (offset + 2))
++			if (OFFSET_OOB(nbytes, offset, 2))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1167,7 +1168,7 @@
+ 				offset = ~offset;
+ 			break;
+ 		case FILE_LESHORT:
+-			if (nbytes < (offset + 2))
++			if (OFFSET_OOB(nbytes, offset, 2))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1219,7 +1220,7 @@
+ 				offset = ~offset;
+ 			break;
+ 		case FILE_SHORT:
+-			if (nbytes < (offset + 2))
++			if (OFFSET_OOB(nbytes, offset, 2))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1256,7 +1257,7 @@
+ 			break;
+ 		case FILE_BELONG:
+ 		case FILE_BEID3:
+-			if (nbytes < (offset + 4))
++			if (OFFSET_OOB(nbytes, offset, 4))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1327,7 +1328,7 @@
+ 			break;
+ 		case FILE_LELONG:
+ 		case FILE_LEID3:
+-			if (nbytes < (offset + 4))
++			if (OFFSET_OOB(nbytes, offset, 4))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1397,7 +1398,7 @@
+ 				offset = ~offset;
+ 			break;
+ 		case FILE_MELONG:
+-			if (nbytes < (offset + 4))
++			if (OFFSET_OOB(nbytes, offset, 4))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1467,7 +1468,7 @@
+ 				offset = ~offset;
+ 			break;
+ 		case FILE_LONG:
+-			if (nbytes < (offset + 4))
++			if (OFFSET_OOB(nbytes, offset, 4))
+ 				return 0;
+ 			if (off) {
+ 				switch (m->in_op & FILE_OPS_MASK) {
+@@ -1534,14 +1535,14 @@
+ 	/* Verify we have enough data to match magic type */
+ 	switch (m->type) {
+ 	case FILE_BYTE:
+-		if (nbytes < (offset + 1)) /* should alway be true */
++		if (OFFSET_OOB(nbytes, offset, 1))
+ 			return 0;
+ 		break;
+ 
+ 	case FILE_SHORT:
+ 	case FILE_BESHORT:
+ 	case FILE_LESHORT:
+-		if (nbytes < (offset + 2))
++		if (OFFSET_OOB(nbytes, offset, 2))
+ 			return 0;
+ 		break;
+ 
+@@ -1560,26 +1561,26 @@
+ 	case FILE_FLOAT:
+ 	case FILE_BEFLOAT:
+ 	case FILE_LEFLOAT:
+-		if (nbytes < (offset + 4))
++		if (OFFSET_OOB(nbytes, offset, 4))
+ 			return 0;
+ 		break;
+ 
+ 	case FILE_DOUBLE:
+ 	case FILE_BEDOUBLE:
+ 	case FILE_LEDOUBLE:
+-		if (nbytes < (offset + 8))
++		if (OFFSET_OOB(nbytes, offset, 8))
+ 			return 0;
+ 		break;
+ 
+ 	case FILE_STRING:
+ 	case FILE_PSTRING:
+ 	case FILE_SEARCH:
+-		if (nbytes < (offset + m->vallen))
++		if (OFFSET_OOB(nbytes, offset, m->vallen))
+ 			return 0;
+ 		break;
+ 
+ 	case FILE_REGEX:
+-		if (nbytes < offset)
++		if (OFFSET_OOB(nbytes, offset, 0))
+ 			return 0;
+ 		break;
+ 
+@@ -1589,7 +1590,7 @@
+ 	  	if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+ 		    file_printf(ms, "%s", m->desc) == -1)
+ 			return -1;
+-		if (nbytes < offset)
++		if (OFFSET_OOB(nbytes, offset, 0))
+ 			return 0;
+ 		return file_softmagic(ms, s + offset, nbytes - offset,
+ 		    recursion_level, BINTEST, text);

debian/patches/limit-repetitions-in-awk-detection.patch

@@ -0,0 +1,17 @@
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Mon Mar 25 14:06:55 2013 +0000
+Upstream-Commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
+Description:
+ limit to 100 repetitions to avoid excessive backtracking Carsten Wolff
+
+--- a/magic/Magdir/commands
++++ b/magic/Magdir/commands
+@@ -49,7 +49,7 @@
+ !:mime	text/x-awk
+ 0	string/wt	#!\ /usr/bin/awk	awk script text executable
+ !:mime	text/x-awk
+-0	regex		=^\\s*BEGIN\\s*[{]	awk script text
++0	regex		=^\\s{0,100}BEGIN\\s{0,100}[{]	awk script text
+ 
+ # AT&T Bell Labs' Plan 9 shell
+ 0	string/wt	#!\ /bin/rc	Plan 9 rc shell script text executable

debian/patches/series

@@ -2,3 +2,5 @@
 02-file-make.patch
 03-doc-manpages.patch
 CVE-2014-1943.patch
+limit-repetitions-in-awk-detection.patch
+CVE-2014-2270.patch