Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Apr 2012 02:54:12 +0300
From: Mesut Can Gürle <mesutcang@...il.com>
To: owl-dev@...ts.openwall.com
Subject: Re: file update

Hello,

I want to talk in deeply about "file" package's patches.

Firstly some old patches

-file-5.04-rh-alt-compress.diff

This patch is used for "compress.c"  in switch statements (line number 387
and 428) and return value for fork method. This situation occurs twice.
*In new version of "file" this situation is already fixed in first switch
statement but for second switch statement contains fork method this
situation isn't fixed. It seem better if I prepare new patch for second
switch statement.

-file-5.04-deb-owl-fixes.diff

This patch's fsmagic.c part is fixed in new release.
This patch's file.c part is fixed in new release.
This patch's Makefile.am is not fixed in new relase.
This patch's Makefile.in is not fixed in new relase.

*I can prepare new patch for the Makefile's.

-file-5.04-alt-magic.diff

This patch's magic/Magdir/animation, magic/Magdir/audio,
magic/Magdir/macintosh and magic/Magdir/mcrypt parts are not fixed in new
release.

*This patch can be used.

-file-5.04-deb-magic.diff

This patch's magic/Magdir/Header, magic/Magdir/compress, magic/Magdir/hp
parts are not fixed in new release. magic/Magdir/revision part is fixed in
new release.

-file-5.04-deb-owl-man.diff

This patch's doc/file.man parts aren't fixed in new release.

- file-5.04-deb-doc-manpages-typo.diff

This patch is fixed in new release.

- file-5.04-rh-owl-ulaw-segfault.diff

This patch is fixed in new release.

- file-5.04-rh-core-prpsinfo.diff

This patch's is fixed in new release.

- file-5.04-deb-core-trim.diff

This patch is fixed in new release.

New patches for 5.11

- file-tnef.patch

This patch is about cannot be categorized file type. It seems old but
hasn't been fixed in 5.11. Fedora uses this patch.
http://bugs.gw.com/view.php?id=158

- file-5.10-strength.patch

This patch is about detection of Perl5 files.
http://webcache.googleusercontent.com/search?q=cache:GomYmkmbRykJ:bugs.gw.com/bug_view_advanced_page.php%3Fbug_id%3D166+&cd=1&hl=en&ct=cln
(url: http://bugs.gw.com/bug_view_advanced_page.php?bug_id=166 but it is
not accessible now)

- file-5.10-sticky-bit.patch

This patch is about forgotten break statement that causes not to run if
statement. (Line :213 file : ascmagic.c)

- file-python-func.patch

This patch is about recognizing Python function files.
http://webcache.googleusercontent.com/search?q=cache:l4SZp-3SHKkJ:bugs.gw.com/view.php%3Fid%3D172+&cd=1&hl=en&ct=clnk

-file-qed-vdi-image.patch

This patch is about recognizing QEMU QED images.
http://webcache.googleusercontent.com/search?q=cache:0AawKRXeCmcJ:bugs.gw.com/view.php%3Fid%3D171+&cd=1&hl=en&ct=clnk


I think I can use unfixed patches and for semi-fixed patches I can prepare
a new patch for the unfixed parts.


For new release I had a look at Debian package of file-5.11 but it contains
only magic-local, makefile and man file patches. Nothing so much special.

I want to ask a question about compiling. While I am compiling the file
package I get some warnings but it successfully builds package. The warning
is "softmagic.c:510: warning: format not a string literal, argument types
not checked". Is it a big problem?


To figure some bugs would it be helpfull for me to read some documents
about secure coding? (
https://www.securecoding.cert.org/confluence/display/seccode/PRE00-C.+Prefer+inline+or+static+functions+to+function-like+macros
)

-- 
Best regards,
Mesut Can Gürle

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ