[file/f20] fix redefinition of OFFSET_OOB in CVE-2014-2270 patch

Mon Mar 24 08:31:05 UTC 2014

commit 7eb85bd79d5ac662dfff381949b1c504c26ca24a
Author: Jan Kaluza <jkaluza at redhat.com>
Date:   Mon Mar 24 09:31:09 2014 +0100

    fix redefinition of OFFSET_OOB in CVE-2014-2270 patch

 file-5.14-CVE-2014-1943.patch |    2 +-
 file-5.14-CVE-2014-2270.patch |    8 --------
 file.spec                     |    5 ++++-
 3 files changed, 5 insertions(+), 10 deletions(-)
---

diff --git a/file-5.14-CVE-2014-1943.patch b/file-5.14-CVE-2014-1943.patch
index 5885118..7dcf22a 100644
--- a/file-5.14-CVE-2014-1943.patch
+++ b/file-5.14-CVE-2014-1943.patch
@@ -45,7 +45,7 @@ index 108d419..d543f87 100644
  #include <stdlib.h>
  #include <time.h>
  
-+#define OFFSET_OOB(n, o, i)  ((n) < (o) || (i) >= ((n) - (o)))
++#define OFFSET_OOB(n, o, i)  ((n) < (o) || (i) > ((n) - (o)))
  
  private int match(struct magic_set *, struct magic *, uint32_t,
      const unsigned char *, size_t, size_t, int, int, int, int, int *, int *,
diff --git a/file-5.14-CVE-2014-2270.patch b/file-5.14-CVE-2014-2270.patch
index 69505eb..858390d 100644
--- a/file-5.14-CVE-2014-2270.patch
+++ b/file-5.14-CVE-2014-2270.patch
@@ -2,14 +2,6 @@ diff --git a/src/softmagic.c b/src/softmagic.c
 index d543f87..e84205d 100644
 --- a/src/softmagic.c
 +++ b/src/softmagic.c
-@@ -63,6 +63,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
- private void cvt_32(union VALUETYPE *, const struct magic *);
- private void cvt_64(union VALUETYPE *, const struct magic *);
- 
-+#define OFFSET_OOB(n, o, i)	((n) < (o) || (i) > ((n) - (o)))
- /*
-  * softmagic - lookup one file in parsed, in-memory copy of database
-  * Passed the name and FILE * of one file to be typed.
 @@ -1196,7 +1197,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
  		}
  		switch (cvt_flip(m->in_type, flip)) {
diff --git a/file.spec b/file.spec
index 96fa380..87a1f72 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.14
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -200,6 +200,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Mon Mar 24 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-19
+- fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
+
 * Mon Mar 24 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-18
 - fix #1079847 - fix for CVE-2013-7345
 
