svn commit: r46795 - in head/share: security/advisories security/patches/EN-15:06 security/patches/EN-15:07 xml
Xin LI
delphij at FreeBSD.org
Tue Jun 9 22:27:15 UTC 2015
Author: delphij
Date: Tue Jun 9 22:27:13 2015
New Revision: 46795
URL: https://svnweb.freebsd.org/changeset/doc/46795
Log:
Add two new erratas.
Added:
head/share/security/advisories/FreeBSD-EN-15:06.file.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-15:07.zfs.asc (contents, props changed)
head/share/security/patches/EN-15:06/
head/share/security/patches/EN-15:06/file-10.1.patch (contents, props changed)
head/share/security/patches/EN-15:06/file-10.1.patch.asc (contents, props changed)
head/share/security/patches/EN-15:06/file-8.4.patch (contents, props changed)
head/share/security/patches/EN-15:06/file-8.4.patch.asc (contents, props changed)
head/share/security/patches/EN-15:06/file-9.3.patch (contents, props changed)
head/share/security/patches/EN-15:06/file-9.3.patch.asc (contents, props changed)
head/share/security/patches/EN-15:07/
head/share/security/patches/EN-15:07/zfs.patch (contents, props changed)
head/share/security/patches/EN-15:07/zfs.patch.asc (contents, props changed)
Modified:
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-15:06.file.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-15:06.file.asc Tue Jun 9 22:27:13 2015 (r46795)
@@ -0,0 +1,175 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:06.file Errata Notice
+ The FreeBSD Project
+
+Topic: Version and security update of file(1) and libmagic(3)
+
+Category: contrib
+Module: file
+Announced: 2015-06-09
+Affects: All supported versions of FreeBSD.
+Corrected: 2015-01-23 18:48:59 UTC (stable/10, 10.1-STABLE)
+ 2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
+ 2015-01-23 18:50:36 UTC (stable/9, 9.3-STABLE)
+ 2015-06-09 22:13:53 UTC (releng/9.3, 9.3-RELEASE-p15)
+ 2015-05-09 23:53:25 UTC (stable/8, 8.4-STABLE)
+ 2015-06-09 22:13:53 UTC (releng/8.4, 8.4-RELEASE-p29)
+CVE Name: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
+ CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-9620,
+ CVE-2014-9621, CVE-2014-9653
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+The file(1) utility attempts to classify file system objects based on
+filesystem, magic number and language tests.
+
+The libmagic(3) library provides most of the functionality of file(1)
+and may be used by other applications.
+
+II. Problem Description
+
+There are a number of denial of service issues when handling complex
+files, for instance Portable Executable (PE) files and ELF files parsing
+code with libmagic(3) and in turn file(1).
+
+III. Impact
+
+An attacker who can cause file(1) or any other applications using the
+libmagic(3) library to be run on a maliciously constructed input can
+cause the application to crash or consume excessive CPU resources,
+resulting in a denial-of-service.
+
+IV. Workaround
+
+System administrators who run file(1) and libmagic(3) against untrusted
+files, for instance when running with a mail server's mail scanner, are
+advised to configure the scanner in a way so that they do not call file(1)
+or libmagic(3) to conduct deep inspection of input files. Most of these
+scanners does not really need the in-depth analysis and the file type
+determined by libmagic is already sufficient.
+
+V. Solution
+
+This errata replaces the base system file(1) and libmagic(3) with the
+version 5.22.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch.asc
+# gpg --verify file-10.1.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch.asc
+# gpg --verify file-9.3.patch.asc
+
+[FreeBSD 8.4]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch.asc
+# gpg --verify file-8.4.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r283135
+releng/8.4/ r284194
+stable/9/ r277593
+releng/9.3/ r284194
+stable/10/ r277592
+releng/10.1/ r284193
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:06.file.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAEBCgAGBQJVd2aEAAoJEO1n7NZdz2rnEVQP/2OPfepmvG2/vYrH3bKDHPRi
+12QFfE3Ylr8ctoDQRCBazdxhzLEMxdP3g9icJ0ZbnDWVmFtM9BwDfCrkcYmI6uCt
+0E1usrqHs6qthm4i1UAwRu4v71LM2yllHCaLt/XWxWDXsbI/vA5wkZgfgZK8kZWW
+PAiBUuI1bM4pegi+yymgMRoHquoyB0x2jNBKywnb9KT7m8Br9uYnJrCajI6G9HUy
+/eQKtefOVQat0trIoOwXS7cIZhLWJlVAKUinBjb2IGHxkWOrUhgXlPCpB4efS0pG
+IqEv2gvHpxllgmf+4leqNXYT8R1EUu+3OE6SbN7jV+RwgPc0TNUxC4Bkb6r1LoSH
+BRf5FMuVDYAlDKDz4j8NY0v84PpD9d37w7SSBZPiR+Fwn5xs0F4PjsU2c+tPEnVD
+Sn1vYkafvC+KXsuJtmd4sqb1zLRdpOGDxruA0VtOKATA1sDa1QZIBTB7w7iZ03f5
+umCpU8p5mo7a9AroavUEZkcpu4w5BptAsgYoBdOeKHhStBtPlXiGpML8zLhj1qnL
+hGF6RY2QrhD35C7OIer1ji0F2pEKkFfaeAqkvIXmYJaH+KQeIrEdt+ki2GStW1m9
+OdL79RMreVGE1DuX/2puBxKcMsQR+fas4L4uGi46MDXXMeV0LKJHiAT2twJlDOL/
+mc3UcOeMcAfOkINcpGuD
+=8/lF
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-15:07.zfs.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-15:07.zfs.asc Tue Jun 9 22:27:13 2015 (r46795)
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:07.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS Reliability Improvements
+
+Category: contrib
+Module: zfs
+Announced: 2015-06-09
+Affects: FreeBSD 10.1 and later
+Corrected: 2014-12-05 00:32:33 UTC (stable/10, 10.1-STABLE)
+ 2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD.
+
+ZFS on FreeBSD supports TRIM/UNMAP which helps flash based storage medium to
+maintain peek performance.
+
+ZFS uses different layers of disk cache to speed up read and write
+operations, and supports second level ARC (L2ARC) which can be used as a
+second layer cache, which provides storage for less frequently accessed
+data that would not fit into RAM but still accessed often, providing
+optimal cost for performance.
+
+ZFS supports compression in L2ARC data which optimizes its space efficiency.
+
+II. Problem Description
+
+When the ZFS filesystem on a file backed pool is used with TRIM support
+enabled, which is the default, ZIO_TYPE_FREE requests where incorrectly
+processed as a write request.
+
+When the ZFS filesystem is using L2ARC and when L2ARC compression is used,
+the compression buffer are not properly released sometimes.
+
+III. Impact
+
+The first problem will panic the system when it happens.
+
+The second problem will exhibit as a memory leak, which would lead to
+performance degradation and eventually a memory overflow, which would
+lead to a panic.
+
+IV. Workaround
+
+The first issue can be mitigated by disabling TRIM for ZFS using
+the loader option vfs.zfs.trim.enabled=0.
+
+The second issue can be mitigated by disabling L2ARC.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch.asc
+# gpg --verify 15:07.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r275492
+releng/10.1/ r284193
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:07.zfs.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAEBCgAGBQJVd2aYAAoJEO1n7NZdz2rn3ZAP/jqu2sz0LU20D1zdb3bpz8ui
+QsFeKs2gk5e00T0qqWio9RxXpSxzV1XNEw8jVz2JDsgCQf4V6UwHklgf9E+Pg9DA
+/9HNnrCuNsnlodOOqCPEETPkEWCKiPoiHXv29YzNVZDtlTXE9ysxnQgpD6IfI1AU
+HpyH//OKN+z03eNR/vSdCbvZhemn/+An4AxX8nFegeGXBjxUBE1Hf6Aek2AYKz2Q
+69nwvK56AN05FvVN+oegFdLaG9Lcv5kPnNFLoMDMGazGd/3VBfYE7ACQT2AETc/7
+DuVCrP3ewG3uftNKBEomJkPWTeKLBGZLP3pHZK1BlGlXUlHvpEbEzy0BjJevt4Zt
+6MxHT2xya8H5q8k6nfVnRB2+XhJ82nJMnZIN0cLiqdAgbRdFCS5QlOwLpXpak0tA
+EOTcjsFBTCXQiuO6JLAHn0oprBrA6mMoHxHZGErG6yFGf4PNotG70s8hOH9hxvoG
+bjdtvcbCewPqaUz54vwkp1walgK7i61waDTWNMeLdt9OPncdBO/1N5+jNAV87bLm
+iqxqp6bcHFIoVaHLhE5xxRrmiJg4J/8z2PUjuyfxnWyslMkm4s7siiQ3HIacFdE6
+7GeTDnU28Ui0JTbGx8c6QGRKhOEp0FdvmHmXXHtKBvo/yjdMy2yMg82RHMNxIQKd
+z4HmBIQGnSf4ysgAunpN
+=fmGr
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-15:06/file-10.1.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-15:06/file-10.1.patch Tue Jun 9 22:27:13 2015 (r46795)
@@ -0,0 +1,6603 @@
+Index: contrib/file/ChangeLog
+===================================================================
+--- contrib/file/ChangeLog (revision 284174)
++++ contrib/file/ChangeLog (working copy)
+@@ -1,3 +1,97 @@
++2015-01-02 15:15 Christos Zoulas <christos at zoulas.com>
++
++ * release 5.22
++
++2015-01-01 12:01 Christos Zoulas <christos at zoulas.com>
++
++ * add indirect relative for TIFF/Exif
++
++2014-12-16 18:10 Christos Zoulas <christos at zoulas.com>
++
++ * restructure elf note printing to avoid repeated messages
++ * add note limit, suggested by Alexander Cherepanov
++
++2014-12-16 16:53 Christos Zoulas <christos at zoulas.com>
++
++ * Bail out on partial pread()'s (Alexander Cherepanov)
++ * Fix incorrect bounds check in file_printable (Alexander Cherepanov)
++
++2014-12-11 20:01 Christos Zoulas <christos at zoulas.com>
++
++ * PR/405: ignore SIGPIPE from uncompress programs
++ * change printable -> file_printable and use it in
++ more places for safety
++ * in ELF, instead of "(uses dynamic libraries)" when PT_INTERP
++ is present print the interpreter name.
++
++2014-12-10 20:01 Christos Zoulas <christos at zoulas.com>
++
++ * release 5.21
++
++2014-11-27 18:40 Christos Zoulas <christos at zoulas.com>
++
++ * Allow setting more parameters from the command line.
++ * Split name/use and indirect magic recursion limits.
++
++2014-11-27 11:12 Christos Zoulas <christos at zoulas.com>
++
++ * Adjust ELF parameters and the default recursion
++ level.
++ * Allow setting the recursion level dynamically.
++
++2014-11-24 8:55 Christos Zoulas <christos at zoulas.com>
++
++ * The following fixes resulted from Thomas Jarosch's fuzzing
++ tests that revealed severe performance issues on pathological
++ input:
++ - limit number of elf program and sections processing
++ - abort elf note processing quickly
++ - reduce the number of recursion levels from 20 to 10
++ - preserve error messages in indirect magic handling
++
++ This is tracked as CVE-2014-8116 and CVE-2014-8117
++
++2014-11-12 10:30 Christos Zoulas <christos at zoulas.com>
++
++ * fix bogus free in the user buffer case.
++
++2014-11-11 12:35 Christos Zoulas <christos at zoulas.com>
++
++ * fix out of bounds read for pascal strings
++ * fix memory leak (not freeing the head of each mlist)
++
++2014-11-07 10:25 Christos Zoulas <christos at zoulas.com>
++
++ * When printing strings from a file, convert them to printable
++ on a byte by byte basis, so that we don't get issues with
++ locale's trying to interpret random byte streams as UTF-8 and
++ having printf error out with EILSEQ.
++
++2014-10-17 11:48 Christos Zoulas <christos at zoulas.com>
++
++ * fix bounds in note reading (Francisco Alonso / Red Hat)
++
++2014-10-11 15:02 Christos Zoulas <christos at zoulas.com>
++
++ * fix autoconf glue for setlocale and locale_t; some OS's
++ have locale_t in xlocale.h
++
++2014-10-10 15:01 Christos Zoulas <christos at zoulas.com>
++
++ * release 5.20
++
++2014-08-17 10:01 Christos Zoulas <christos at zoulas.com>
++
++ * recognize encrypted CDF documents
++
++2014-08-04 9:18 Christos Zoulas <christos at zoulas.com>
++
++ * add magic_load_buffers from Brooks Davis
++
++2014-07-24 16:40 Christos Zoulas <christos at zoulas.com>
++
++ * add thumbs.db support
++
+ 2014-06-12 12:28 Christos Zoulas <christos at zoulas.com>
+
+ * release 5.19
+Index: contrib/file/README
+===================================================================
+--- contrib/file/README (revision 284174)
++++ contrib/file/README (working copy)
+@@ -1,6 +1,6 @@
+ ## README for file(1) Command ##
+
+- @(#) $File: README,v 1.48 2014/03/07 13:55:30 christos Exp $
++ @(#) $File: README,v 1.49 2015/01/02 20:23:04 christos Exp $
+
+ Mailing List: file at mx.gw.com
+ Mailing List archives: http://mx.gw.com/pipermail/file/
+@@ -25,8 +25,8 @@ A public read-only git repository of the same sour
+
+ https://github.com/file/file
+
+-The major changes for 5.x are CDF file parsing, indirect magic, and
+-overhaul in mime and ascii encoding handling.
++The major changes for 5.x are CDF file parsing, indirect magic, name/use
++(recursion) and overhaul in mime and ascii encoding handling.
+
+ The major feature of 4.x is the refactoring of the code into a library,
+ and the re-write of the file command in terms of that library. The library
+@@ -67,33 +67,41 @@ in magic(5) format please, to the maintainer, Chri
+ COPYING - read this first.
+ README - read this second (you are currently reading this file).
+ INSTALL - read on how to install
+-
+ src/apprentice.c - parses /etc/magic to learn magic
++src/asctime_r.c - replacement for OS's that don't have it.
+ src/apptype.c - used for OS/2 specific application type magic
+ src/asprintf.c - replacement for OS's that don't have it.
+ src/ascmagic.c - third & last set of tests, based on hardwired assumptions.
+-src/asctime_r.c - for systems that don't have it.
+-src/asprintf.c - for systems that don't have it.
+-src/cdf.c - parser for Microsoft Compound Document Files
++src/asctime_r.c - replacement for OS's that don't have it.
++src/asprintf.c - replacement for OS's that don't have it.
++src/cdf.[ch] - parser for Microsoft Compound Document Files
+ src/cdf_time.c - time converter for CDF.
+ src/compress.c - handles decompressing files to look inside.
+-src/ctime_r.c - for systems that don't have it.
++src/ctime_r.c - replacement for OS's that don't have it.
++src/elfclass.h - common code for elf 32/64.
+ src/encoding.c - handles unicode encodings
+ src/file.c - the main program
+ src/file.h - header file
++src/file_opts.h - list of options
++src/fmtcheck.c - replacement for OS's that don't have it.
+ src/fsmagic.c - first set of tests the program runs, based on filesystem info
+ src/funcs.c - utilility functions
+-src/getopt_long.c - for systems that don't have it.
+-src/getline.c - for systems that don't have it.
++src/getline.c - replacement for OS's that don't have it.
++src/getopt_long.c - replacement for OS's that don't have it.
+ src/is_tar.c, tar.h - knows about tarchives (courtesy John Gilmore).
+ src/names.h - header file for ascmagic.c
++src/magic.h.in - source file for magic.h
+ src/magic.c - the libmagic api
++src/pread.c - replacement for OS's that don't have it.
+ src/print.c - print results, errors, warnings.
+ src/readcdf.c - CDF wrapper.
+ src/readelf.[ch] - Stand-alone elf parsing code.
+ src/softmagic.c - 2nd set of tests, based on /etc/magic
+-src/strlcat.c - for systems that don't have it.
+-src/strlcpy.c - for systems that don't have it.
++src/mygetopt.h - replacement for OS's that don't have it.
++src/strcasestr.c - replacement for OS's that don't have it.
++src/strlcat.c - replacement for OS's that don't have it.
++src/strlcpy.c - replacement for OS's that don't have it.
++src/tar.h - tar file definitions
+ src/vasprintf.c - for systems that don't have it.
+ doc/file.man - man page for the command
+ doc/magic.man - man page for the magic file, courtesy Guy Harris.
+Index: contrib/file/TODO
+===================================================================
+--- contrib/file/TODO (revision 284174)
++++ contrib/file/TODO (working copy)
+@@ -15,3 +15,5 @@ small amount of C is needed (because fast executio
+ required for soft magic, not the more detailed information given by
+ hard-wired routines). In this regard, note that hplip, which is
+ BSD-licensed, has a magic reimplementation in Python.
++
++Read the kerberos magic entry for more ideas.
+Index: contrib/file/config.h.in
+===================================================================
+--- contrib/file/config.h.in (revision 284174)
++++ contrib/file/config.h.in (working copy)
+@@ -44,6 +44,9 @@
+ /* Define to 1 if you have the `fork' function. */
+ #undef HAVE_FORK
+
++/* Define to 1 if you have the `freelocale' function. */
++#undef HAVE_FREELOCALE
++
+ /* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+ #undef HAVE_FSEEKO
+
+@@ -95,9 +98,15 @@
+ /* Define to 1 if you have a working `mmap' system call. */
+ #undef HAVE_MMAP
+
++/* Define to 1 if you have the `newlocale' function. */
++#undef HAVE_NEWLOCALE
++
+ /* Define to 1 if you have the `pread' function. */
+ #undef HAVE_PREAD
+
++/* Define to 1 if you have the `setlocale' function. */
++#undef HAVE_SETLOCALE
++
+ /* Define to 1 if you have the <stddef.h> header file. */
+ #undef HAVE_STDDEF_H
+
+@@ -182,6 +191,9 @@
+ /* Define to 1 if you have the <unistd.h> header file. */
+ #undef HAVE_UNISTD_H
+
++/* Define to 1 if you have the `uselocale' function. */
++#undef HAVE_USELOCALE
++
+ /* Define to 1 if you have the `utime' function. */
+ #undef HAVE_UTIME
+
+@@ -219,6 +231,9 @@
+ /* Define to 1 if `vfork' works. */
+ #undef HAVE_WORKING_VFORK
+
++/* Define to 1 if you have the <xlocale.h> header file. */
++#undef HAVE_XLOCALE_H
++
+ /* Define to 1 if you have the <zlib.h> header file. */
+ #undef HAVE_ZLIB_H
+
+Index: contrib/file/configure
+===================================================================
+--- contrib/file/configure (revision 284174)
++++ contrib/file/configure (working copy)
+@@ -1,6 +1,6 @@
+ #! /bin/sh
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for file 5.19.
++# Generated by GNU Autoconf 2.69 for file 5.22.
+ #
+ # Report bugs to <christos at astron.com>.
+ #
+@@ -590,8 +590,8 @@ MAKEFLAGS=
+ # Identity of this package.
+ PACKAGE_NAME='file'
+ PACKAGE_TARNAME='file'
+-PACKAGE_VERSION='5.19'
+-PACKAGE_STRING='file 5.19'
++PACKAGE_VERSION='5.22'
++PACKAGE_STRING='file 5.22'
+ PACKAGE_BUGREPORT='christos at astron.com'
+ PACKAGE_URL=''
+
+@@ -1327,7 +1327,7 @@ if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+-\`configure' configures file 5.19 to adapt to many kinds of systems.
++\`configure' configures file 5.22 to adapt to many kinds of systems.
+
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+
+@@ -1397,7 +1397,7 @@ fi
+
+ if test -n "$ac_init_help"; then
+ case $ac_init_help in
+- short | recursive ) echo "Configuration of file 5.19:";;
++ short | recursive ) echo "Configuration of file 5.22:";;
+ esac
+ cat <<\_ACEOF
+
+@@ -1507,7 +1507,7 @@ fi
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+ cat <<\_ACEOF
+-file configure 5.19
++file configure 5.22
+ generated by GNU Autoconf 2.69
+
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2163,7 +2163,7 @@ cat >config.log <<_ACEOF
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+
+-It was created by file $as_me 5.19, which was
++It was created by file $as_me 5.22, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ $ $0 $@
+@@ -3029,7 +3029,7 @@ fi
+
+ # Define the identity of the package.
+ PACKAGE='file'
+- VERSION='5.19'
++ VERSION='5.22'
+
+
+ cat >>confdefs.h <<_ACEOF
+@@ -12785,7 +12785,7 @@ fi
+
+ done
+
+-for ac_header in getopt.h err.h
++for ac_header in getopt.h err.h xlocale.h
+ do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -14191,7 +14191,7 @@ fi
+ fi
+
+
+-for ac_func in strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof
++for ac_func in strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale
+ do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+@@ -14998,7 +14998,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by file $as_me 5.19, which was
++This file was extended by file $as_me 5.22, which was
+ generated by GNU Autoconf 2.69. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+@@ -15064,7 +15064,7 @@ _ACEOF
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-file config.status 5.19
++file config.status 5.22
+ configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
+
+Index: contrib/file/configure.ac
+===================================================================
+--- contrib/file/configure.ac (revision 284174)
++++ contrib/file/configure.ac (working copy)
+@@ -1,5 +1,5 @@
+ dnl Process this file with autoconf to produce a configure script.
+-AC_INIT([file],[5.19],[christos at astron.com])
++AC_INIT([file],[5.22],[christos at astron.com])
+ AM_INIT_AUTOMAKE([subdir-objects foreign])
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+
+@@ -82,7 +82,7 @@ AC_HEADER_MAJOR
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(stdint.h fcntl.h locale.h stdint.h inttypes.h unistd.h)
+ AC_CHECK_HEADERS(stddef.h utime.h wchar.h wctype.h limits.h)
+-AC_CHECK_HEADERS(getopt.h err.h)
++AC_CHECK_HEADERS(getopt.h err.h xlocale.h)
+ AC_CHECK_HEADERS(sys/mman.h sys/stat.h sys/types.h sys/utime.h sys/time.h)
+ AC_CHECK_HEADERS(zlib.h)
+
+@@ -138,7 +138,7 @@ else
+ fi])
+
+ dnl Checks for functions
+-AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof)
++AC_CHECK_FUNCS(strerror strndup strtoul mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale setlocale)
+
+ dnl Provide implementation of some required functions if necessary
+ AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r pread strcasestr fmtcheck)
+Index: contrib/file/doc/file.man
+===================================================================
+--- contrib/file/doc/file.man (revision 284174)
++++ contrib/file/doc/file.man (working copy)
+@@ -1,5 +1,5 @@
+-.\" $File: file.man,v 1.106 2014/03/07 23:11:51 christos Exp $
+-.Dd January 30, 2014
++.\" $File: file.man,v 1.111 2014/12/16 23:18:40 christos Exp $
++.Dd December 16, 2014
+ .Dt FILE __CSECTION__
+ .Os
+ .Sh NAME
+@@ -16,6 +16,7 @@
+ .Op Fl F Ar separator
+ .Op Fl f Ar namefile
+ .Op Fl m Ar magicfiles
++.Op Fl P Ar name=value
+ .Ar
+ .Ek
+ .Nm
+@@ -303,6 +304,16 @@ or
+ attempt to preserve the access time of files analyzed, to pretend that
+ .Nm
+ never read them.
++.It Fl P , Fl Fl parameter Ar name=value
++Set various parameter limits.
++.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent
++.It Sy "Name" Ta Sy "Default" Ta Sy "Explanation"
++.It Li indir Ta 15 Ta recursion limit for indirect magic
++.It Li name Ta 30 Ta use count limit for name/use magic
++.It Li elf_notes Ta 256 Ta max ELF notes processed
++.It Li elf_phnum Ta 128 Ta max ELF program sections processed
++.It Li elf_shnum Ta 32768 Ta max ELF sections processed
++.El
+ .It Fl r , Fl Fl raw
+ Don't translate unprintable characters to \eooo.
+ Normally
+@@ -385,6 +396,7 @@ options.
+ .Xr hexdump 1 ,
+ .Xr od 1 ,
+ .Xr strings 1 ,
++.Xr fstyp 8
+ .Sh STANDARDS CONFORMANCE
+ This program is believed to exceed the System V Interface Definition
+ of FILE(CMD), as near as one can determine from the vague language
+Index: contrib/file/doc/libmagic.man
+===================================================================
+--- contrib/file/doc/libmagic.man (revision 284174)
++++ contrib/file/doc/libmagic.man (working copy)
+@@ -1,4 +1,4 @@
+-.\" $File: libmagic.man,v 1.28 2014/03/02 14:47:16 christos Exp $
++.\" $File: libmagic.man,v 1.34 2014/12/16 23:18:40 christos Exp $
+ .\"
+ .\" Copyright (c) Christos Zoulas 2003.
+ .\" All Rights Reserved.
+@@ -25,7 +25,7 @@
+ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ .\" SUCH DAMAGE.
+ .\"
+-.Dd January 6, 2012
++.Dd December 16, 2014
+ .Dt LIBMAGIC 3
+ .Os
+ .Sh NAME
+@@ -40,6 +40,9 @@
+ .Nm magic_compile ,
+ .Nm magic_list ,
+ .Nm magic_load ,
++.Nm magic_load_buffers ,
++.Nm magic_setparam ,
++.Nm magic_getparam ,
+ .Nm magic_version
+ .Nd Magic number recognition library
+ .Sh LIBRARY
+@@ -71,6 +74,12 @@
+ .Ft int
+ .Fn magic_load "magic_t cookie" "const char *filename"
+ .Ft int
++.Fn magic_load_buffers "magic_t cookie" "void **buffers" "size_t *sizes" "size_t nbuffers"
++.Ft int
++.Fn magic_getparam "magic_t cookie" "int param" "void *value"
++.Ft int
++.Fn magic_setparam "magic_t cookie" "int param" "const void *value"
++.Ft int
+ .Fn magic_version "void"
+ .Sh DESCRIPTION
+ These functions
+@@ -253,6 +262,60 @@ adds
+ to the database filename as appropriate.
+ .Pp
+ The
++.Fn magic_load_buffers
++function takes an array of size
++.Fa nbuffers
++of
++.Fa buffers
++with a respective size for each in the array of
++.Fa sizes
++loaded with the contents of the magic databases from the filesystem.
++This function can be used in environment where the magic library does
++not have direct access to the filesystem, but can access the magic
++database via shared memory or other IPC means.
++.Pp
++The
++.Fn magic_getparam
++and
++.Fn magic_setparam
++allow getting and setting various limits related to the the magic
++library.
++.Bl -column "MAGIC_PARAM_ELF_PHNUM_MAX" "size_t" "Default" -offset indent
++.It Sy "Parameter" Ta Sy "Type" Ta Sy "Default"
++.It Li MAGIC_PARAM_INDIR_MAX Ta size_t Ta 15
++.It Li MAGIC_PARAM_NAME_MAX Ta size_t Ta 30
++.It Li MAGIC_PARAM_ELF_NOTES_MAX Ta size_t Ta 256
++.It Li MAGIC_PARAM_ELF_PHNUM_MAX Ta size_t Ta 128
++.It Li MAGIC_PARAM_ELF_SHNUM_MAX Ta size_t Ta 32768
++.El
++.Pp
++The
++.Dv MAGIC_PARAM_INDIR_RECURSION
++parameter controls how many levels of recursion will be followed for
++indirect magic entries.
++.Pp
++The
++.Dv MAGIC_PARAM_NAME_RECURSION
++parameter controls how many levels of recursion will be followed for
++for name/use calls.
++.Pp
++The
++.Dv MAGIC_PARAM_NAME_MAX
++parameter controls the maximum number of calls for name/use.
++.Pp
++The
++.Dv MAGIC_PARAM_NOTES_MAX
++parameter controls how many ELF notes will be processed.
++.Pp
++The
++.Dv MAGIC_PARAM_PHNUM_MAX
++parameter controls how many ELF program sections will be processed.
++.Pp
++The
++.Dv MAGIC_PARAM_SHNUM_MAX
++parameter controls how many ELF sections will be processed.
++.Pp
++The
+ .Fn magic_version
+ command returns the version number of this library which is compiled into
+ the shared library using the constant
+Index: contrib/file/doc/magic.man
+===================================================================
+--- contrib/file/doc/magic.man (revision 284174)
++++ contrib/file/doc/magic.man (working copy)
+@@ -1,5 +1,5 @@
+-.\" $File: magic.man,v 1.84 2014/06/03 19:01:34 christos Exp $
+-.Dd June 3, 2014
++.\" $File: magic.man,v 1.85 2015/01/01 17:07:34 christos Exp $
++.Dd January 1, 2015
+ .Dt MAGIC __FSECTION__
+ .Os
+ .\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems.
+@@ -200,6 +200,11 @@ interpreted as a UNIX-style date, but interpreted
+ than UTC.
+ .It Dv indirect
+ Starting at the given offset, consult the magic database again.
++The offset of th
++.Dv indirect
++magic is by default absolute in the file, but one can specify
++.Dv /r
++to indicate that the offset is relative from the beginning of the entry.
+ .It Dv name
+ Define a
+ .Dq named
+Index: contrib/file/magic/Magdir/android
+===================================================================
+--- contrib/file/magic/Magdir/android (revision 284174)
++++ contrib/file/magic/Magdir/android (working copy)
+@@ -1,6 +1,6 @@
+
+ #------------------------------------------------------------
+-# $File: android,v 1.4 2014/06/03 19:01:34 christos Exp $
++# $File: android,v 1.7 2014/11/10 05:08:23 christos Exp $
+ # Various android related magic entries
+ #------------------------------------------------------------
+
+@@ -15,20 +15,11 @@
+ >0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
+ >4 string >000 version %s
+
+-# http://android.stackexchange.com/questions/23357/\
+-# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
+-# 23608#23608
+-0 string ANDROID\040BACKUP\n Android Backup
+->15 string 1\n \b, version 1
+->17 string 0\n \b, uncompressed
+->17 string 1\n \b, compressed
+->19 string none\n \b, unencrypted
+->19 string AES-256\n \b, encrypted AES-256
+-
+ # Android bootimg format
+ # From https://android.googlesource.com/\
+ # platform/system/core/+/master/mkbootimg/bootimg.h
+ 0 string ANDROID! Android bootimg
++>1024 string LOKI\01 \b, LOKI'd
+ >8 lelong >0 \b, kernel
+ >>12 lelong >0 \b (0x%x)
+ >16 lelong >0 \b, ramdisk
+@@ -38,41 +29,7 @@
+ >36 lelong >0 \b, page size: %d
+ >38 string >0 \b, name: %s
+ >64 string >0 \b, cmdline (%s)
+-# Dalvik .dex format. http://retrodev.com/android/dexformat.html
+-# From <mkf at google.com> "Mike Fleming"
+-# Fixed to avoid regexec 17 errors on some dex files
+-# From <diff at lookout.com> "Tim Strazzere"
+-0 string dex\n
+->0 regex dex\n[0-9]{2}\0 Dalvik dex file
+->4 string >000 version %s
+-0 string dey\n
+->0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
+->4 string >000 version %s
+
+-# http://android.stackexchange.com/questions/23357/\
+-# is-there-a-way-to-look-inside-and-modify-an-adb-backup-created-file/\
+-# 23608#23608
+-0 string ANDROID\040BACKUP\n Android Backup
+->15 string 1\n \b, version 1
+->17 string 0\n \b, uncompressed
+->17 string 1\n \b, compressed
+->19 string none\n \b, unencrypted
+->19 string AES-256\n \b, encrypted AES-256
+-
+-# Android bootimg format
+-# From https://android.googlesource.com/\
+-# platform/system/core/+/master/mkbootimg/bootimg.h
+-0 string ANDROID! Android bootimg
+->8 lelong >0 \b, kernel
+->>12 lelong >0 \b (0x%x)
+->16 lelong >0 \b, ramdisk
+->>20 lelong >0 \b (0x%x)
+->24 lelong >0 \b, second stage
+->>28 lelong >0 \b (0x%x)
+->36 lelong >0 \b, page size: %d
+->38 string >0 \b, name: %s
+->64 string >0 \b, cmdline (%s)
+-
+ # Android Backup archive
+ # From: Ariel Shkedi
+ # File extension: .ab
+@@ -98,3 +55,85 @@
+ #>>>>>&1 regex/1l .* \b, PBKDF2 rounds: %s
+ #>>>>>>&1 regex/1l .* \b, IV: %s
+ #>>>>>>>&1 regex/1l .* \b, Key: %s
++
++# *.pit files by Joerg Jenderek
++# http://forum.xda-developers.com/showthread.php?p=9122369
++# http://forum.xda-developers.com/showthread.php?t=816449
++# Partition Information Table for Samsung's smartphone with Android
++# used by flash software Odin
++0 ulelong 0x12349876
++# 1st pit entry marker
++>0x01C ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000
++# minimal 13 and maximal 18 PIT entries found
++>>4 ulelong <128 Partition Information Table for Samsung smartphone
++>>>4 ulelong x \b, %d entries
++# 1. pit entry
++>>>4 ulelong >0 \b; #1
++>>>0x01C use PIT-entry
++>>>4 ulelong >1 \b; #2
++>>>0x0A0 use PIT-entry
++>>>4 ulelong >2 \b; #3
++>>>0x124 use PIT-entry
++>>>4 ulelong >3 \b; #4
++>>>0x1A8 use PIT-entry
++>>>4 ulelong >4 \b; #5
++>>>0x22C use PIT-entry
++>>>4 ulelong >5 \b; #6
++>>>0x2B0 use PIT-entry
++>>>4 ulelong >6 \b; #7
++>>>0x334 use PIT-entry
++>>>4 ulelong >7 \b; #8
++>>>0x3B8 use PIT-entry
++>>>4 ulelong >8 \b; #9
++>>>0x43C use PIT-entry
++>>>4 ulelong >9 \b; #10
++>>>0x4C0 use PIT-entry
++>>>4 ulelong >10 \b; #11
++>>>0x544 use PIT-entry
++>>>4 ulelong >11 \b; #12
++>>>0x5C8 use PIT-entry
++>>>4 ulelong >12 \b; #13
++>>>>0x64C use PIT-entry
++# 14. pit entry
++>>>4 ulelong >13 \b; #14
++>>>>0x6D0 use PIT-entry
++>>>4 ulelong >14 \b; #15
++>>>0x754 use PIT-entry
++>>>4 ulelong >15 \b; #16
++>>>0x7D8 use PIT-entry
++>>>4 ulelong >16 \b; #17
++>>>0x85C use PIT-entry
++# 18. pit entry
++>>>4 ulelong >17 \b; #18
++>>>0x8E0 use PIT-entry
++
++0 name PIT-entry
++# garbage value implies end of pit entries
++>0x00 ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000
++# skip empty partition name
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list