rpms
/
file
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9-beta' and 'c9' have entirely different histories.
c9-beta ... c9

3 changed files with 1 additions and 118 deletions
Show Stats

87
SOURCES/file-5.41-python-magic-threads.patch
Unescape View File

@ -1,87 +0,0 @@
From c8deb32eab1089d1841482fb2e91833f114b6712 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 9 Sep 2021 17:48:54 +0000
Subject: [PATCH] PR/285: Benjamin: python detect functions don't work in a
multi-threaded context.
---
python/magic.py | 42 ++++++++++++++++++++++++++++++-------------
1 files changed, 29 insertions(+), 13 deletions(-)
diff --git a/python/magic.py b/python/magic.py
index 0c17caf2e..4b074f31c 100644
--- a/python/magic.py
+++ b/python/magic.py
@@ -5,6 +5,7 @@
'''
import ctypes
+import threading
from collections import namedtuple
@@ -275,11 +276,25 @@ def open(flags):
# Objects used by `detect_from_` functions
-mime_magic = Magic(_open(MAGIC_MIME))
-mime_magic.load()
-none_magic = Magic(_open(MAGIC_NONE))
-none_magic.load()
-
+class MagicDetect(object):
+ def __init__(self):
+ self.mime_magic = Magic(_open(MAGIC_MIME))
+ self.mime_magic.load()
+ self.none_magic = Magic(_open(MAGIC_NONE))
+ self.none_magic.load()
+
+ def __del__(self):
+ self.mime_magic.close()
+ self.none_magic.close()
+
+threadlocal = threading.local()
+
+def _detect_make():
+ v = getattr(threadlocal, "magic_instance", None)
+ if v is None:
+ v = MagicDetect()
+ setattr(threadlocal, "magic_instance", v)
+ return v
def _create_filemagic(mime_detected, type_detected):
try:
@@ -296,9 +311,9 @@ def detect_from_filename(filename):
Returns a `FileMagic` namedtuple.
'''
-
- return _create_filemagic(mime_magic.file(filename),
- none_magic.file(filename))
+ x = _detect_make()
+ return _create_filemagic(x.mime_magic.file(filename),
+ x.none_magic.file(filename))
def detect_from_fobj(fobj):
@@ -308,8 +323,9 @@ def detect_from_fobj(fobj):
'''
file_descriptor = fobj.fileno()
- return _create_filemagic(mime_magic.descriptor(file_descriptor),
- none_magic.descriptor(file_descriptor))
+ x = _detect_make()
+ return _create_filemagic(x.mime_magic.descriptor(file_descriptor),
+ x.none_magic.descriptor(file_descriptor))
def detect_from_content(byte_content):
@@ -318,5 +334,6 @@ def detect_from_content(byte_content):
Returns a `FileMagic` namedtuple.
'''
- return _create_filemagic(mime_magic.buffer(byte_content),
- none_magic.buffer(byte_content))
+ x = _detect_make()
+ return _create_filemagic(x.mime_magic.buffer(byte_content),
+ x.none_magic.buffer(byte_content))

20
SOURCES/file-5.42-cve-strlcpy.patch
Unescape View File

@ -1,20 +0,0 @@
diff --git a/src/funcs.c b/src/funcs.c
index 9bd054f..a5363e7 100644
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.118 2020/12/08 21:26:00 christos Exp $")
protected char *
file_copystr(char *buf, size_t blen, size_t width, const char *str)
{
- if (++width > blen)
- width = blen;
- strlcpy(buf, str, width);
+ if (blen == 0)
+ return buf;
+ if (width >= blen)
+ width = blen - 1;
+ memcpy(buf, str, width);
+ buf[width] = '\0';
return buf;
}

12
SPECS/file.spec
Unescape View File

@ -15,7 +15,7 @@
Summary: Utility for determining file types Summary: Utility for determining file types
Name: file Name: file
Version: 5.39 Version: 5.39
Release: 16%{?dist} Release: 14%{?dist}
License: BSD License: BSD
Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz
@ -58,10 +58,6 @@ Patch14: file-5.39-floating-point-exception.patch
Patch15: file-5.39-static-PIE-binaries.patch Patch15: file-5.39-static-PIE-binaries.patch
# Upstream commit 85b7ab83257b3191a1a7ca044589a092bcef2bb3 (#2219392) # Upstream commit 85b7ab83257b3191a1a7ca044589a092bcef2bb3 (#2219392)
Patch16: file-5.39-wasm-magic.patch Patch16: file-5.39-wasm-magic.patch
# Upstream commit c8deb32eab1089d1841482fb2e91833f114b6712 (#5734)
Patch17: file-5.41-python-magic-threads.patch
# Upstream commit 497aabb29cd08d2a5aeb63e45798d65fcbe03502 (#5733)
Patch18: file-5.42-cve-strlcpy.patch
URL: https://www.darwinsys.com/file/ URL: https://www.darwinsys.com/file/
Requires: file-libs%{?_isa} = %{version}-%{release} Requires: file-libs%{?_isa} = %{version}-%{release}
@ -241,12 +237,6 @@ cd %{py3dir}
%endif %endif
%changelog %changelog
* Thu Nov 23 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-16
- Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554)
* Thu Oct 12 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-15
- Fix segfault in python3-file-magic concurrent method calls
* Tue Jul 11 2023 Ville-Pekka Vainio <vpvainio@iki.fi> - 5.39-14 * Tue Jul 11 2023 Ville-Pekka Vainio <vpvainio@iki.fi> - 5.39-14
- fix detection of deflate encoded PDFs - fix detection of deflate encoded PDFs
Resolves: #2213761 Resolves: #2213761

Write Preview
Loading…
Cancel
Save