From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1118768-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 65B96138334
	for <garchives@archives.gentoo.org>; Sun, 27 Oct 2019 00:41:29 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8AED7E08D3;
	Sun, 27 Oct 2019 00:41:28 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6CF92E08D3
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 Oct 2019 00:41:28 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C8CD934C3BA
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 Oct 2019 00:41:26 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id E04CC897
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 Oct 2019 00:41:23 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1572136863.e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/file/files/, sys-apps/file/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/file/file-5.37-r1.ebuild sys-apps/file/file-5.37.ebuild sys-apps/file/files/file-5.37-CVE-2019-18218.patch
X-VCS-Directories: sys-apps/file/ sys-apps/file/files/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64
X-VCS-Branch: master
Date: Sun, 27 Oct 2019 00:41:23 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: c8b295ad-f2e2-4247-b5b7-124849bfa02c
X-Archives-Hash: 21f12a0cef12e1624bcc3d5581266a10

commit:     e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 27 00:41:03 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Oct 27 00:41:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4782ac4

sys-apps/file: fix CVE-2019-18218

Bug: https://bugs.gentoo.org/698610
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../file/{file-5.37.ebuild => file-5.37-r1.ebuild} |  2 ++
 sys-apps/file/files/file-5.37-CVE-2019-18218.patch | 36 ++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/sys-apps/file/file-5.37.ebuild b/sys-apps/file/file-5.37-r1.ebuild
similarity index 98%
rename from sys-apps/file/file-5.37.ebuild
rename to sys-apps/file/file-5.37-r1.ebuild
index 7aa0f8d8888..5b6cf1db5d0 100644
--- a/sys-apps/file/file-5.37.ebuild
+++ b/sys-apps/file/file-5.37-r1.ebuild
@@ -33,6 +33,8 @@ DEPEND="
 RDEPEND="${DEPEND}
 	python? ( !dev-python/python-magic )"
 
+PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch )
+
 src_prepare() {
 	default
 

diff --git a/sys-apps/file/files/file-5.37-CVE-2019-18218.patch b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch
new file mode 100644
index 00000000000..1cd02b778ab
--- /dev/null
+++ b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch
@@ -0,0 +1,36 @@
+CVE-2019-18218
+https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1