From vapier at gentoo.org Wed Feb 7 06:49:58 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Tue, 6 Feb 2007 23:49:58 -0500 Subject: [patch] init ms->file to NULL Message-ID: <200702062349.58775.vapier@gentoo.org> a user submitted this patch and it looks OK to me, but i'm not the file expert :) -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070206/6c29e228/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: file-4.19-init-file.patch Type: text/x-diff Size: 695 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070206/6c29e228/attachment-0001.bin From christos at zoulas.com Fri Mar 2 01:26:35 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 1 Mar 2007 18:26:35 -0500 Subject: file-4.20 is now available Message-ID: <20070301232635.7EF2256407@rebar.astron.com> New in this release is a BNF file that shows the syntax of magic files. Many more checks have been added to the magic parser and badly formatted magic entries have been fixed. There is now a "default" statement in the magic entires. Finally a exploitable flaw in the print buffer management has been fixed. The ChangeLog is appended and you can download it from: ftp://ftp.astron.com/pub/file/file-4.20.tar.gz Enjoy, christos ------ 2007-02-08 17:30 Christos Zoulas * fix integer underflow in file_printf which can lead to to exploitable heap overflow (Jean-Sebastien Guay-Lero) 2007-02-05 11:35 Christos Zoulas * make socket/pipe reading more robust 2007-01-25 16:01 Christos Zoulas * Centralize all the tests in file_buffer. * Add exclude flag. 2007-01-18 05:29 Anon Ymous * Move the "type" detection code from parse() into its own table driven routine. This avoids maintaining multiple lists in file.h. * Add an optional conditional field (ust before the type field). This code is wrapped in "#ifdef ENABLE_CONDITIONALS" as it is likely to go away. 2007-01-16 23:24 Anon Ymous * Fix an initialization bug in check_mem(). 2007-01-16 14:58 Anon Ymous * Add a "default" type to print a message if nothing previously matched at that level or since the last default at that level. This is useful for setting up switch-like statements. It can also be used to do if/else constructions without a redundant second test. * Fix the "x" special case test so that one can test for that string with "=x". * Allow "search" to search the entire buffer if the "/N" search count is missing. * Make "regex" work! It now starts its search at the specified offset and takes an (optional) "/N" line count to specify the search range; otherwise it searches to the end of the file. The match is now grabbed correctly for format strings and the offset set to the end of the match. * Add a "/s" flag to "regex" and "search" to set the offset to the start of the match. By default the offset is set to the end of the match, as it is with other tests. This is mostly useful for "regex". * Make "search", "string" and "pstring" use the same file_strncmp() routine so that they support the same flags; "bestring16" and "lestring16" call the same routine, but with flags = 0. Also add a "/C" flag (in analogy to "/c") to ignore the case on uppercase (lowercase) characters in the test string. * Strict adherence to C style string escapes. A warnings are printed when compiling. Note: previously "\a" was incorrectly translated to 'a' instead of an (i.e., BELL, typically 0x07). * Make this compile with "-Wall -Wextra" and all the warning flags used with WARNS=4 in the NetBSD source. Also make it pass lint. * Many "cleanups" and hopefully not too many new bugs! 2007-01-16 14:56 Anon Ymous * make several more files compile with gcc warnings on and also make them pass lint. 2007-01-16 14:54 Anon Ymous * fix a puts()/putc() usage goof in file.c * make file.c compile with gcc warnings and pass lint From vapier at gentoo.org Fri Mar 2 18:36:57 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Fri, 2 Mar 2007 11:36:57 -0500 Subject: file-4.20 is now available In-Reply-To: <20070301232635.7EF2256407@rebar.astron.com> References: <20070301232635.7EF2256407@rebar.astron.com> Message-ID: <200703021136.57843.vapier@gentoo.org> On Thursday 01 March 2007, Christos Zoulas wrote: > New in this release is a BNF file that shows the syntax of magic > files. Many more checks have been added to the magic parser and > badly formatted magic entries have been fixed. There is now a > "default" statement in the magic entires. Finally a exploitable > flaw in the print buffer management has been fixed. The ChangeLog > is appended and you can download it from: > > ftp://ftp.astron.com/pub/file/file-4.20.tar.gz i hate to keep harping on this, but any idea when the ELF magic updates i sent will be included ? -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070302/49d3b452/attachment.bin From christos at zoulas.com Fri Mar 2 18:48:14 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 2 Mar 2007 11:48:14 -0500 Subject: file-4.20 is now available In-Reply-To: <200703021136.57843.vapier@gentoo.org> from Mike Frysinger (Mar 2, 11:36am) Message-ID: <20070302164814.E801256534@rebar.astron.com> On Mar 2, 11:36am, vapier at gentoo.org (Mike Frysinger) wrote: -- Subject: Re: file-4.20 is now available | On Thursday 01 March 2007, Christos Zoulas wrote: | > New in this release is a BNF file that shows the syntax of magic | > files. Many more checks have been added to the magic parser and | > badly formatted magic entries have been fixed. There is now a | > "default" statement in the magic entires. Finally a exploitable | > flaw in the print buffer management has been fixed. The ChangeLog | > is appended and you can download it from: | > | > ftp://ftp.astron.com/pub/file/file-4.20.tar.gz | | i hate to keep harping on this, but any idea when the ELF magic updates i s= | ent=20 | will be included ? | =2Dmike Can you send them again please? I thought I applied all the patches... christos From kimmo at global-wire.fi Fri Mar 2 19:12:17 2007 From: kimmo at global-wire.fi (Kimmo Suominen) Date: Fri, 2 Mar 2007 19:12:17 +0200 Subject: file-4.20 is now available In-Reply-To: <20070302164814.E801256534@rebar.astron.com> References: <200703021136.57843.vapier@gentoo.org> <20070302164814.E801256534@rebar.astron.com> Message-ID: <20070302171217.GA3011@kimmo.suominen.com> On Fri, Mar 02, 2007 at 11:48:14AM -0500, Christos Zoulas wrote: > On Mar 2, 11:36am, vapier at gentoo.org (Mike Frysinger) wrote: > | i hate to keep harping on this, but any idea when the ELF magic updates > | i sent will be included ? > > Can you send them again please? I thought I applied all the patches... There's also the list archive, e.g. http://mx.gw.com/pipermail/file/2006/author.html Makes it easy to look through messages from any author. Cheers, + Kim From christos at zoulas.com Fri Mar 2 19:41:16 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 2 Mar 2007 12:41:16 -0500 Subject: file-4.20 is now available In-Reply-To: <20070302171217.GA3011@kimmo.suominen.com> from Kimmo Suominen (Mar 2, 7:12pm) Message-ID: <20070302174116.0DE4256534@rebar.astron.com> On Mar 2, 7:12pm, kimmo at global-wire.fi (Kimmo Suominen) wrote: -- Subject: Re: file-4.20 is now available | On Fri, Mar 02, 2007 at 11:48:14AM -0500, Christos Zoulas wrote: | > On Mar 2, 11:36am, vapier at gentoo.org (Mike Frysinger) wrote: | > | i hate to keep harping on this, but any idea when the ELF magic updates | > | i sent will be included ? | > | > Can you send them again please? I thought I applied all the patches... | | There's also the list archive, e.g. | | http://mx.gw.com/pipermail/file/2006/author.html | | Makes it easy to look through messages from any author. Great, I did not know about that. I applied: http://mx.gw.com/pipermail/file/attachments/20060525/296aef4f/attachment-0001.bin From vapier at gentoo.org Mon Mar 19 05:20:42 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Sun, 18 Mar 2007 23:20:42 -0400 Subject: __unused in file.h/file.c causes build failure with some systems Message-ID: <200703182320.42961.vapier@gentoo.org> the glibc headers have some structures which have a member named "__unused" ... since file.h defines this to a gcc attribute, the build fails complaining about syntax error (because "int __unused[4];" was turned into "int __attribute__((__unused__))[4];" considering __unused is only used inside of the file source code and isnt exported anywhere, and because C defines names that start with __ as "reserved", perhaps it's sane to rename it to "gcc_attribute_unused" ... -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070318/f59de7b9/attachment.bin From christos at zoulas.com Mon Mar 19 06:21:55 2007 From: christos at zoulas.com (Christos Zoulas) Date: Mon, 19 Mar 2007 00:21:55 -0400 Subject: __unused in file.h/file.c causes build failure with some systems In-Reply-To: <200703182320.42961.vapier@gentoo.org> from Mike Frysinger (Mar 18, 11:20pm) Message-ID: <20070319042155.7AD3856407@rebar.astron.com> On Mar 18, 11:20pm, vapier at gentoo.org (Mike Frysinger) wrote: -- Subject: __unused in file.h/file.c causes build failure with some systems | the glibc headers have some structures which have a member=20 | named "__unused" ... since file.h defines this to a gcc attribute, the buil= | d=20 | fails complaining about syntax error (because "int __unused[4];" was turned= | =20 | into "int __attribute__((__unused__))[4];" | | considering __unused is only used inside of the file source code and isnt=20 | exported anywhere, and because C defines names that start with __=20 | as "reserved", perhaps it's sane to rename it to "gcc_attribute_unused" ... | =2Dmike I have killed it already; thanks for the heads up. christos From vapier at gentoo.org Sun Mar 25 20:10:39 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Sun, 25 Mar 2007 13:10:39 -0400 Subject: usage of non-standard REG_STARTEND makes some ports angry Message-ID: <200703251310.40173.vapier@gentoo.org> the new version of file uses a non-standard GNU extension to regex, namely REG_STARTEND ... looking at the code, it seems like it isnt really required, but i gave it like a 5 second glance :) any way i could convince you to not use this extension ? :) if not, there's some patches floating around to emulate the expected behavior when REG_STARTEND does not exist ... http://bugs.gentoo.org/attachment.cgi?id=114330 -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070325/16b0bd7b/attachment.bin From christos at zoulas.com Sun Mar 25 20:31:02 2007 From: christos at zoulas.com (Christos Zoulas) Date: Sun, 25 Mar 2007 13:31:02 -0400 Subject: usage of non-standard REG_STARTEND makes some ports angry In-Reply-To: <200703251310.40173.vapier@gentoo.org> from Mike Frysinger (Mar 25, 1:10pm) Message-ID: <20070325173102.E937056407@rebar.astron.com> On Mar 25, 1:10pm, vapier at gentoo.org (Mike Frysinger) wrote: -- Subject: usage of non-standard REG_STARTEND makes some ports angry | the new version of file uses a non-standard GNU extension to regex, namely= | =20 | REG_STARTEND ... looking at the code, it seems like it isnt really required= | ,=20 | but i gave it like a 5 second glance :) | | any way i could convince you to not use this extension ? :) if not, there'= | s=20 | some patches floating around to emulate the expected behavior when=20 | REG_STARTEND does not exist ... | http://bugs.gentoo.org/attachment.cgi?id=3D114330 | =2Dmike There is a patch in the ftp site for file too. christos From vapier at gentoo.org Sun Mar 25 21:02:47 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Sun, 25 Mar 2007 14:02:47 -0400 Subject: usage of non-standard REG_STARTEND makes some ports angry In-Reply-To: <20070325173102.E937056407@rebar.astron.com> References: <20070325173102.E937056407@rebar.astron.com> Message-ID: <200703251402.48082.vapier@gentoo.org> On Sunday 25 March 2007, Christos Zoulas wrote: > There is a patch in the ftp site for file too. ah, i'm only 3 weeks late to the party :/ thanks ! -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://mx.gw.com/pipermail/file/attachments/20070325/cce5169a/attachment.bin From kimmo at global-wire.fi Wed Apr 4 10:54:22 2007 From: kimmo at global-wire.fi (Kimmo Suominen) Date: Wed, 4 Apr 2007 10:54:22 +0300 Subject: Possible DoS in file 4.20 Message-ID: <20070404075422.GE25632@kimmo.suominen.com> Forwarding -- he is not subscribed to the list. ----- Forwarded message from file-bounces at mx.gw.com ----- From: file-bounces at mx.gw.com To: file-owner at mx.gw.com Date: Wed, 04 Apr 2007 10:29:25 +0300 Message-ID: Subject: Forward of moderated message From: Noah Baker To: file at mx.gw.com Date: Tue, 03 Apr 2007 09:13:46 -0700 Message-ID: <34794F3D7339657B4FB40FB3 at bort.lsit.ucsb.edu> Subject: Possible DoS in file 4.20 I've just upgraded file (used in conjunction with amavisd-new) to 4.20 on my Gentoo Linux mail server, and it appears to have opened up a new DoS. The offending files are text files containing 2.7 million linefeed characters. Hexdump output: 00000000 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a |................| * 002a6450 0a 0a |..| 002a6452 The files run through file 4.19 without a problem, but with file 4.20 processing takes ~10 minutes at 100% cpu on an unloaded machine. Has anyone else seen this yet? Can others replicate it? Anyone have a suggested fix? Noah Baker Systems Administrator noah at lsit.ucsb.edu ----- End forwarded message ----- From christos at zoulas.com Wed Apr 4 17:33:10 2007 From: christos at zoulas.com (Christos Zoulas) Date: Wed, 4 Apr 2007 10:33:10 -0400 Subject: Possible DoS in file 4.20 In-Reply-To: <20070404075422.GE25632@kimmo.suominen.com> from Kimmo Suominen (Apr 4, 10:54am) Message-ID: <20070404143310.CB3EE56407@rebar.astron.com> On Apr 4, 10:54am, kimmo at global-wire.fi (Kimmo Suominen) wrote: -- Subject: Possible DoS in file 4.20 Well, the regex stuff on later versions of linux seems to be the culprit: A profiling run of file on sle9-sp3: perl -e 'for (1..2700) {print "\n" x 10}' >0.lis Shows the top line being: 98.03 14.93 14.93 4 3.73 3.80 re_search_internal The profiling tree looks like: ----------------------------------------------- 14.93 0.29 4/4 regexec [11] [10] 99.9 14.93 0.29 4 re_search_internal [10] 0.00 0.28 53800/53800 re_string_reconstruct [12] 0.00 0.00 22/22 extend_buffers [24] 0.00 0.00 53800/107598 re_string_context_at [27] 0.00 0.00 53800/53800 match_ctx_clean [28] 0.00 0.00 6/621 cfree [36] 0.00 0.00 6/6 build_trtable [82] 0.00 0.00 4/60 memset [51] 0.00 0.00 4/8 re_string_construct_common [78 ] 0.00 0.00 4/30 re_string_realloc_buffers [57] 0.00 0.00 4/8 re_string_destruct [79] It fails on all recent glibc based linux distributions. On RH8.0 it works fine, and on all the BSD's it works fine. So it is the new gnu regex code. If you comment out the following two lines (thanks to conor at lsit.ucsb.edu for narrowing it down): # OS/2 batch files are REXX. the second regex is a bit generic, oh well # the matched commands seem to be common in REXX and uncommon elsewhere #100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text #100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text it works fine again. I will comment out the two lines for the next file release, but the bug is in the gnu regex code. christos From christos at zoulas.com Thu May 24 20:26:43 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 24 May 2007 13:26:43 -0400 Subject: 4.21 is now available. Message-ID: <20070524172643.2098456407@rebar.astron.com> This is a bug fix release for file available from: ftp://ftp.astron.com:/pub/file/file-4.21.tar.gz christos 2007-05-24 10:00 Christos Zoulas * Fix another integer overflow (Colin Percival) 2007-03-26 13:58 Christos Zoulas * make sure that all of struct magic_set is initialized appropriately (Brett) 2007-03-25 17:44 Christos Zoulas * reset left bytes in the buffer (Dmitry V. Levin) * compilation failed with COMPILE_ONLY and ENABLE_CONDITIONALS (Peter Avalos) 2007-03-15 10:51 Christos Zoulas * fix fortran and nroff reversed tests (Dmitry V. Levin) * fix exclude option (Dmitry V. Levin) From elliott at iparadigms.com Tue Jul 17 20:37:41 2007 From: elliott at iparadigms.com (Elliott A. Johnson) Date: Tue, 17 Jul 2007 10:37:41 -0700 (PDT) Subject: Conflicting file information between versions. In-Reply-To: <18614232.1022141184693730486.JavaMail.root@mail.turnitin.com> Message-ID: <2306335.1022211184693861895.JavaMail.root@mail.turnitin.com> Hello, We regularly use `file` here at work and I've noticed that between file version 4.12 and file versions 4.19-4.21 I get different results for a particular MS Word Document: With 4.19-4.21 I see this: box1 ~# file -v file-4.21 magic file from /usr/share/misc/file/magic box1: ~# file FAILED.doc FAILED.doc: Microsoft Installer With 4.12 I see the following: root at box2:~# file -v file-4.12 magic data from /etc/magic:/usr/share/misc/file/magic root at box2:~# file FAILED.doc FAILED.doc: Microsoft Office Document It appears to be a Microsoft Word 9.0 document. Is this something that I should add locally to /usr/share/misc/file/magic? I've tried downgrading `file`, but the earliest version of I can find online is 4.19 (actually I might be able to find an rpm floating around that I can extract the source out of). I'm not sure if anyone is interested, but I'd appreciate any advice. -- Elliott Johnson SysAdmin iParadigms, LLC developers of Turnitin and iThenticate 1624 Franklin Street, 7th Floor Oakland, CA 94612 From christos at zoulas.com Tue Jul 17 20:42:49 2007 From: christos at zoulas.com (Christos Zoulas) Date: Tue, 17 Jul 2007 13:42:49 -0400 Subject: Conflicting file information between versions. In-Reply-To: <2306335.1022211184693861895.JavaMail.root@mail.turnitin.com> from "Elliott A. Johnson" (Jul 17, 10:37am) Message-ID: <20070717174249.DC6AB56407@rebar.astron.com> On Jul 17, 10:37am, elliott at iparadigms.com ("Elliott A. Johnson") wrote: -- Subject: Conflicting file information between versions. | Hello, | | We regularly use `file` here at work and I've noticed that between file version 4.12 and file versions 4.19-4.21 I get different results for a particular MS Word Document: | | With 4.19-4.21 I see this: | | box1 ~# file -v | file-4.21 | magic file from /usr/share/misc/file/magic | box1: ~# file FAILED.doc | FAILED.doc: Microsoft Installer | | With 4.12 I see the following: | | root at box2:~# file -v | file-4.12 | magic data from /etc/magic:/usr/share/misc/file/magic | root at box2:~# file FAILED.doc | FAILED.doc: Microsoft Office Document | | It appears to be a Microsoft Word 9.0 document. Is this something that I should add locally to /usr/share/misc/file/magic? | | I've tried downgrading `file`, but the earliest version of I can find online is 4.19 (actually I might be able to find an rpm floating around that I can extract the source out of). | | I'm not sure if anyone is interested, but I'd appreciate any advice. The problem is that we need to have a native OLE2 parser to reliably detect microsoft documents. All the hacked magic entries in different versions of file worked for some and failed for other documents. I will be working on that... christos From elliott at iparadigms.com Tue Jul 17 20:59:19 2007 From: elliott at iparadigms.com (Elliott A. Johnson) Date: Tue, 17 Jul 2007 10:59:19 -0700 (PDT) Subject: Conflicting file information between versions. In-Reply-To: <20070717174249.DC6AB56407@rebar.astron.com> Message-ID: <31888088.1022481184695159763.JavaMail.root@mail.turnitin.com> Christos, Thanks for the info. I'm using 4.12 right now, which makes our developers happy. Is there any information from the doc file that would help you create the OLE2 parser? -E ----- Original Message ----- From: "Christos Zoulas" To: "Announcements for the file UNIX utility" Sent: Tuesday, July 17, 2007 10:42:49 AM (GMT-0800) America/Los_Angeles Subject: Re: Conflicting file information between versions. On Jul 17, 10:37am, elliott at iparadigms.com ("Elliott A. Johnson") wrote: -- Subject: Conflicting file information between versions. | Hello, | | We regularly use `file` here at work and I've noticed that between file version 4.12 and file versions 4.19-4.21 I get different results for a particular MS Word Document: | | With 4.19-4.21 I see this: | | box1 ~# file -v | file-4.21 | magic file from /usr/share/misc/file/magic | box1: ~# file FAILED.doc | FAILED.doc: Microsoft Installer | | With 4.12 I see the following: | | root at box2:~# file -v | file-4.12 | magic data from /etc/magic:/usr/share/misc/file/magic | root at box2:~# file FAILED.doc | FAILED.doc: Microsoft Office Document | | It appears to be a Microsoft Word 9.0 document. Is this something that I should add locally to /usr/share/misc/file/magic? | | I've tried downgrading `file`, but the earliest version of I can find online is 4.19 (actually I might be able to find an rpm floating around that I can extract the source out of). | | I'm not sure if anyone is interested, but I'd appreciate any advice. The problem is that we need to have a native OLE2 parser to reliably detect microsoft documents. All the hacked magic entries in different versions of file worked for some and failed for other documents. I will be working on that... christos _______________________________________________ File mailing list File at mx.gw.com http://mx.gw.com/mailman/listinfo/file -- Elliott Johnson SysAdmin iParadigms, LLC developers of Turnitin and iThenticate 1624 Franklin Street, 7th Floor Oakland, CA 94612 p +1.510.287.9720 x 251 f +1.510.444.1952 e elliott at iparadigms.com iParadigms, LLC is committed to developing standard-setting, internet-based tools that protect intellectual property, promote academic and corporate integrity, and improve overall client productivity. The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to the message and deleting it from your computer. From kop at meme.com Fri Aug 24 00:37:40 2007 From: kop at meme.com (Karl O. Pinc) Date: Thu, 23 Aug 2007 21:37:40 +0000 Subject: File reports pdf to be a Sun disk label Message-ID: <1187905060l.3641l.2l@mofo> FYI, Using file 4.10 on Centos 3.EL4.5 I've a pdf that file reports to be a Sun disk label. Here's the details. $ file /tmp/Note2.pdf /tmp/Note2.pdf: Sun disk label '%PDF-1.3h 7 0 R/Filter /FlateDecode>>ream]\261q\035\003n\022\033b\007D\277\276s\237!' 13727 alts/cyl, 10448 interleave, 1639109026 blocks $ pdfinfo /tmp/Note2.pdf Title: sasha3_3.dvi Creator: dvips(k) 5.86e Copyright 2001 Radical Eye Software Producer: AFPL Ghostscript 7.04 Tagged: no Pages: 11 Encrypted: no Page size: 595 x 842 pts (A4) File size: 215244 bytes Optimized: no PDF version: 1.3 $ head -c 256 /tmp/Note2.pdf | uuencode -m /dev/stdout begin-base64 664 /dev/stdout JVBERi0xLjMKJcfsj6IKNiAwIG9iago8PC9MZW5ndGggNyAwIFIvRmlsdGVy IC9GbGF0ZURlY29kZT4+CnN0cmVhbQp4nIVUy07bUBDduz/hJUhket+PJYiq SlWqllhdsXEdA24SG2IHRL++c58hCoJ4E50798zMuWfmsSRAWUncl/40m+Kx +HwtyruxeCwNcPfzJ6//N5vyosIwSkoqgAvFyuq2oP6MllYCMbLU0oKVuqw2 xcll92k3dkM/a4b+tPpbWAZUEEdWLYuTaTus1+3SHUgK0uSDbVs3UxeuKLxC qIgnAWMMuFUyYrWDKAfGMsHY9SuHcg7KUBXR52669w== ==== Regards, Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein From christos at zoulas.com Fri Aug 24 09:54:04 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 24 Aug 2007 09:54:04 +0300 Subject: File reports pdf to be a Sun disk label In-Reply-To: <1187905060l.3641l.2l@mofo> from "Karl O. Pinc" (Aug 23, 9:37pm) Message-ID: <20070824065404.DF41F56407@rebar.astron.com> On Aug 23, 9:37pm, kop at meme.com ("Karl O. Pinc") wrote: -- Subject: File reports pdf to be a Sun disk label | FYI, | | Using file 4.10 on Centos 3.EL4.5 I've a pdf that | file reports to be a Sun disk label. Here's the details. | | $ file /tmp/Note2.pdf | /tmp/Note2.pdf: Sun disk label '%PDF-1.3h 7 0 R/Filter | /FlateDecode>>ream]\261q\035\003n\022\033b\007D\277\276s\237!' 13727 | alts/cyl, 10448 interleave, 1639109026 blocks This is a very old version. Have you tried 4.21? christos From file at bzzt.net Sun Sep 16 20:36:41 2007 From: file at bzzt.net (Arnout Engelen) Date: Sun, 16 Sep 2007 19:36:41 +0200 Subject: MIME-type magic hierarcy Message-ID: <46ED69A9.2070405@bzzt.net> Hi! I was looking for a way to convince Apache to serve up MusicXML files, which have the plain '.xml' extension, with the proper 'application/vnd.recordare.musicxml+xml' MIME type rather than the generic 'application/xml'. Because it's impossible to distinguish between a random xml file and a MusicXML file, I turned to magic. It's a bit inelegant because I can't predict at what offset the doctype will start: # xml 0 string \38 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >39 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >40 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >41 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >42 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >43 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >44 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >45 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >46 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >47 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >48 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >49 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >50 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >51 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >52 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >53 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >54 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >55 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >56 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml >57 string \<\!DOCTYPE\040score application/vnd.recordare.musicxml+xml However, Apache will choke on this, because for a MusicXML file it will yield both application/xml and application/vnd.recordare.musicxml+xml. Is there another way to do this? Would there be anything fundamentally wrong with adapting the software so that in case of multiple matches, the last (most specific) one is chosen? Arnout From reza at zeerak.ir Sat Sep 29 08:30:04 2007 From: reza at zeerak.ir (Reza Mohammadi) Date: Sat, 29 Sep 2007 09:00:04 +0330 Subject: Bug report Message-ID: <1191043804.6133.11.camel@pesarak> Hi! When I call file using -k switch to determine my "Windows icon" file, it inserts a '\012- ' somewhere which is not excepted according to magic documentation: reza at .../file-4.21/src$ ./file -km ../magic/magic /somewhere/icon-2.ico /somewhere/icon-2.ico: MPEG sequence\012- MS Windows icon resource\012- - 1 icon 0 string \000\000\001\000 MS Windows icon resource >4 byte 1 - 1 icon >4 ... reza at ...file-4.21/src$ ./file -v lt-file-4.21 Regards, Reza. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mx.gw.com/pipermail/file/attachments/20070929/7fd8019d/attachment.html From Andreas.Kasenides at cs.ucy.ac.cy Wed Nov 21 10:42:30 2007 From: Andreas.Kasenides at cs.ucy.ac.cy (Andreas Kasenides) Date: Wed, 21 Nov 2007 10:42:30 +0200 Subject: Problems with file detecting non-ASCII characters Message-ID: <4743EF76.1020102@cs.ucy.ac.cy> Hi all. I am using MailScanner as part of our email services which uses "file" to detect (and thus reject) any potnetnially malicious file attachments to email messages (such as .exe .com etc.). Unfortunately "file" will also mark some purely text messages as "COM executable for DOS" resulting in MailScanner rejecting the messages. This is not good at all. Here is some info: [root at iolaos-new src]# uname -a Linux iolaos-new 2.6.18-8.1.15.el5 #1 SMP Mon Oct 22 08:32:28 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux which is a CentOS 5 system. With the installed file command: [root at iolaos-new src]# file -v file-4.17 magic file from /usr/share/file/magic [root at iolaos-new src]# file /var/spool/MailScanner/quarantine/20071106/4EBAA26C61.636E7/msg-15753-12.txt /var/spool/MailScanner/quarantine/20071106/4EBAA26C61.636E7/msg-15753-12.txt: COM executable for DOS With a compiled "file": [root at iolaos-new src]# ./file -v lt-file-4.21 magic file from /usr/local/share/file/magic [root at iolaos-new src]# ./file -m ../magic/magic /var/spool/MailScanner/quarantine/20071106/4EBAA26C61.636E7/msg-15753-12.txt /var/spool/MailScanner/quarantine/20071106/4EBAA26C61.636E7/msg-15753-12.txt: COM executable for DOS And a 256-byte file dump (below and above the ======: [root at iolaos-new src]# head -c 256 /var/spool/MailScanner/quarantine/20071106/4EBAA26C61.636E7/msg-15753-12.txt ========= ??????? ???; ???? ????? ?????? ??? ?? ??? ?? ???? ????? ??? ?????.. ????? ?????? ??????? ?? ???????? ?? ?????? ??? ?????????. -----Original Message----- From: Andreas Kasenides [mailto:Andreas.Kasenides at cs.ucy.ac.cy] ========== The above is pure text but alas! the unreadable part (for you) in Greek (ISO-8859-7). Any idea on how to get this fixed. Thank you Andreas Kasenides From christos at zoulas.com Wed Nov 21 15:50:21 2007 From: christos at zoulas.com (Christos Zoulas) Date: Wed, 21 Nov 2007 08:50:21 -0500 Subject: Problems with file detecting non-ASCII characters In-Reply-To: <4743EF76.1020102@cs.ucy.ac.cy> from Andreas Kasenides (Nov 21, 10:42am) Message-ID: <20071121135021.C0B2B5654B@rebar.astron.com> On Nov 21, 10:42am, Andreas.Kasenides at cs.ucy.ac.cy (Andreas Kasenides) wrote: -- Subject: Problems with file detecting non-ASCII characters | Hi all. | I am using MailScanner as part of our email services which uses "file" | to detect (and thus reject) any potnetnially malicious file attachments | to email messages (such as .exe .com etc.). Unfortunately "file" will | also mark some purely text messages as "COM executable for DOS" | resulting in MailScanner rejecting the messages. This is not good at all. With the head code from cvs I am getting: $ file test test: UTF-8 Unicode text Here are the current magic diffs from 4.21... christos Index: animation =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/animation,v retrieving revision 1.19 retrieving revision 1.21 diff -u -r1.19 -r1.21 --- animation 14 Jan 2007 18:48:41 -0000 1.19 +++ animation 8 Nov 2007 00:31:37 -0000 1.21 @@ -678,3 +678,14 @@ >0x21 byte x v%x 0 string DVDVIDEO-VMG Video manager, >0x21 byte x v%x + +# From: Behan Webster +# NuppelVideo used by Mythtv (*.nuv) +0 regex NuppelVideo|MythTVVideo MythTV NuppelVideo +>12 string x v%s +>20 lelong x (%d +>24 lelong x \bx%d), +>36 string P \bprogressive, +>36 string I \binterlaced, +>40 ledouble x \baspect:%.2f, +>48 ledouble x \bfps:%.2f Index: apple =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/apple,v retrieving revision 1.15 retrieving revision 1.17 diff -u -r1.15 -r1.17 --- apple 2 Mar 2006 22:10:26 -0000 1.15 +++ apple 7 Nov 2007 22:10:13 -0000 1.17 @@ -189,3 +189,40 @@ >0 byte <5 \b >>13 byte 0x81 \b >>>14 uleshort x \b, system %hd + +#------------------------------------------------------------------------------ +# CAF: Apple CoreAudio File Format +# +# Container format for high-end audio purposes. +# From: David Remahl +# +0 string caff CoreAudio Format audio file +>4 beshort <10 version %d +>6 beshort x + + +#------------------------------------------------------------------------------ +# Keychain database files +0 string kych Mac OS X Keychain File + +#------------------------------------------------------------------------------ +# Code Signing related file types +0 belong 0xfade0c00 Mac OS X Code Requirement +>8 belong 1 (opExpr) +>4 belong x - %d bytes + +0 belong 0xfade0c01 Mac OS X Code Requirement Set +>8 belong >1 containing %d items +>4 belong x - %d bytes + +0 belong 0xfade0c02 Mac OS X Code Directory +>8 belong x version %x +>12 belong >0 flags 0x%x +>4 belong x - %d bytes + +0 belong 0xfade0cc0 Mac OS X Detached Code Signature (non-executable) +>4 belong x - %d bytes + +0 belong 0xfade0cc1 Mac OS X Detached Code Signature +>8 belong >1 (%d elements) +>4 belong x - %d bytes Index: archive =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/archive,v retrieving revision 1.36 retrieving revision 1.42 diff -u -r1.36 -r1.42 --- archive 3 Apr 2007 21:12:26 -0000 1.36 +++ archive 8 Nov 2007 00:31:37 -0000 1.42 @@ -531,6 +531,7 @@ # ZIP archives (Greg Roelofs, c/o zip-bugs at wkuvx1.wku.edu) 0 string PK\003\004 +>4 byte 0x00 Zip archive data >4 byte 0x09 Zip archive data, at least v0.9 to extract >4 byte 0x0a Zip archive data, at least v1.0 to extract >4 byte 0x0b Zip archive data, at least v1.1 to extract @@ -731,3 +732,15 @@ >4 lelong 0x1000006D (EPOC release 3/4/5) >4 lelong 0x10003A12 (EPOC release 6) 0 lelong 0x10201A7A Symbian installation file (Symbian OS 9.x) + +# Pack200 Java archives, http://jcp.org/en/jsr/detail?id=200 +0 belong 0xcafed00d Pack200 Java archive + +# From "Nelson A. de Oliveira" +0 string MPQ\032 MoPaQ (MPQ) archive + +# From: Dirk Jagdmann +# xar archive format: http://code.google.com/p/xar/ +0 string xar! xar archive +>6 beshort x - version %ld + Index: audio =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/audio,v retrieving revision 1.45 retrieving revision 1.47 diff -u -r1.45 -r1.47 --- audio 13 Mar 2007 13:59:13 -0000 1.45 +++ audio 2 Nov 2007 15:51:57 -0000 1.47 @@ -556,3 +556,10 @@ # From: Matthew Flaschen 0 string #EXTM3U M3U playlist text +# From: "Mateus Caruccio" +# guitar pro v3,4,5 from http://filext.com/file-extension/gp3 +0 string \030FICHIER\ GUITAR\ PRO\ v3. Guitar Pro Ver. 3 Tablature + +# From: "Leslie P. Polzer" +60 string SONG SoundFX Module sound file + Index: commands =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/commands,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- commands 19 Jan 2007 19:53:18 -0000 1.27 +++ commands 1 Jun 2007 19:40:57 -0000 1.28 @@ -28,7 +28,8 @@ 0 string/b #!\ /bin/awk awk script text executable 0 string/b #!\ /usr/bin/awk awk script text executable # update to distinguish from *.vcf files -0 regex BEGIN[[:space:]]*[{] awk script text +# this is broken because postscript has /EBEGIN{ for example. +#0 regex BEGIN[[:space:]]*[{] awk script text # AT&T Bell Labs' Plan 9 shell 0 string/b #!\ /bin/rc Plan 9 rc shell script text executable Index: console =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/console,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- console 18 Mar 2007 21:45:47 -0000 1.10 +++ console 26 Sep 2007 20:45:26 -0000 1.11 @@ -191,3 +191,64 @@ 0 string PPF10 Playstation Patch File version 1.0 >5 byte 0 \b, Simple Encoding >6 string x \b, description: %s + +# From: Daniel Dawson +# SNES9x .smv "movie" file format. +0 string SMV\x1A SNES9x input recording +>0x4 lelong x \b, version %d +# version 4 is latest so far +>0x4 lelong <5 +>>0x8 ledate x \b, recorded at %s +>>0xc lelong >0 \b, rerecorded %d times +>>0x10 lelong x \b, %d frames long +>>0x14 byte >0 \b, data for controller(s): +>>>0x14 byte &0x1 #1 +>>>0x14 byte &0x2 #2 +>>>0x14 byte &0x4 #3 +>>>0x14 byte &0x8 #4 +>>>0x14 byte &0x10 #5 +>>0x15 byte ^0x1 \b, begins from snapshot +>>0x15 byte &0x1 \b, begins from reset +>>0x15 byte ^0x2 \b, NTSC standard +>>0x15 byte &0x2 \b, PAL standard +>>0x17 byte &0x1 \b, settings: +# WIP1Timing not used as of version 4 +>>>0x4 lelong <4 +>>>>0x17 byte &0x2 WIP1Timing +>>>0x17 byte &0x4 Left+Right +>>>0x17 byte &0x8 VolumeEnvX +>>>0x17 byte &0x10 FakeMute +>>>0x17 byte &0x20 SyncSound +# New flag as of version 4 +>>>0x4 lelong >3 +>>>>0x17 byte &0x80 NoCPUShutdown +>>0x4 lelong <4 +>>>0x18 lelong >0x23 +>>>>0x20 leshort !0 +>>>>>0x20 lestring16 x \b, metadata: "%s" +>>0x4 lelong >3 +>>>0x24 byte >0 \b, port 1: +>>>>0x24 byte 1 joypad +>>>>0x24 byte 2 mouse +>>>>0x24 byte 3 SuperScope +>>>>0x24 byte 4 Justifier +>>>>0x24 byte 5 multitap +>>>0x24 byte >0 \b, port 2: +>>>>0x25 byte 1 joypad +>>>>0x25 byte 2 mouse +>>>>0x25 byte 3 SuperScope +>>>>0x25 byte 4 Justifier +>>>>0x25 byte 5 multitap +>>>0x18 lelong >0x43 +>>>>0x40 leshort !0 +>>>>>0x40 lestring16 x \b, metadata: "%s" +>>0x17 byte &0x40 \b, ROM: +>>>(0x18.l-26) lelong x CRC32 0x%08x +>>>(0x18.l-23) string x "%s" + +# From: "Nelson A. de Oliveira" +# .w3g +0 string Warcraft\ III\ recorded\ game %s +# .w3m +0 string HM3W Warcraft III map file + Index: database =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/database,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- database 22 Jan 2007 06:40:50 -0000 1.16 +++ database 1 Jul 2007 23:43:26 -0000 1.17 @@ -210,3 +210,13 @@ 16 string MIT-MAGIC-COOKIE-1 X11 Xauthority data 17 string MIT-MAGIC-COOKIE-1 X11 Xauthority data 18 string MIT-MAGIC-COOKIE-1 X11 Xauthority data + +# From: Maxime Henrion +# PostgreSQL's custom dump format, Maxime Henrion +0 string PGDMP PostgreSQL custom database dump +>5 byte x - v%d +>6 byte x \b.%d +>5 beshort <=0x100 \b-0 +>5 beshort >0x100 +>>7 byte x \b-%d + Index: elf =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/elf,v retrieving revision 1.40 retrieving revision 1.42 diff -u -r1.40 -r1.42 --- elf 2 Mar 2007 17:40:58 -0000 1.40 +++ elf 19 Nov 2007 19:26:17 -0000 1.42 @@ -51,10 +51,10 @@ >>>>36 lelong&0xf0000000 0x20000000 MIPS-III >>>>36 lelong&0xf0000000 0x30000000 MIPS-IV >>>>36 lelong&0xf0000000 0x40000000 MIPS-V ->>>>36 lelong&0xf0000000 0x60000000 MIPS32 ->>>>36 lelong&0xf0000000 0x70000000 MIPS64 ->>>>36 lelong&0xf0000000 0x80000000 MIPS32 rel2 ->>>>36 lelong&0xf0000000 0x90000000 MIPS64 rel2 +>>>>36 lelong&0xf0000000 0x50000000 MIPS32 +>>>>36 lelong&0xf0000000 0x60000000 MIPS64 +>>>>36 lelong&0xf0000000 0x70000000 MIPS32 rel2 +>>>>36 lelong&0xf0000000 0x80000000 MIPS64 rel2 # only for 64-bit >>>4 byte 2 >>>>48 lelong&0xf0000000 0x00000000 MIPS-I @@ -62,10 +62,10 @@ >>>>48 lelong&0xf0000000 0x20000000 MIPS-III >>>>48 lelong&0xf0000000 0x30000000 MIPS-IV >>>>48 lelong&0xf0000000 0x40000000 MIPS-V ->>>>48 lelong&0xf0000000 0x60000000 MIPS32 ->>>>48 lelong&0xf0000000 0x70000000 MIPS64 ->>>>48 lelong&0xf0000000 0x80000000 MIPS32 rel2 ->>>>48 lelong&0xf0000000 0x90000000 MIPS64 rel2 +>>>>48 lelong&0xf0000000 0x50000000 MIPS32 +>>>>48 lelong&0xf0000000 0x60000000 MIPS64 +>>>>48 lelong&0xf0000000 0x70000000 MIPS32 rel2 +>>>>48 lelong&0xf0000000 0x80000000 MIPS64 rel2 >>18 leshort 9 Amdahl - invalid byte order, >>18 leshort 10 MIPS (deprecated), >>18 leshort 11 RS6000 - invalid byte order, @@ -139,10 +139,10 @@ >>>>36 belong&0xf0000000 0x20000000 MIPS-III >>>>36 belong&0xf0000000 0x30000000 MIPS-IV >>>>36 belong&0xf0000000 0x40000000 MIPS-V ->>>>36 belong&0xf0000000 0x60000000 MIPS32 ->>>>36 belong&0xf0000000 0x70000000 MIPS64 ->>>>36 belong&0xf0000000 0x80000000 MIPS32 rel2 ->>>>36 belong&0xf0000000 0x90000000 MIPS64 rel2 +>>>>36 belong&0xf0000000 0x50000000 MIPS32 +>>>>36 belong&0xf0000000 0x60000000 MIPS64 +>>>>36 belong&0xf0000000 0x70000000 MIPS32 rel2 +>>>>36 belong&0xf0000000 0x80000000 MIPS64 rel2 # only for 64-bit >>>4 byte 2 >>>>48 belong&0xf0000000 0x00000000 MIPS-I @@ -150,10 +150,10 @@ >>>>48 belong&0xf0000000 0x20000000 MIPS-III >>>>48 belong&0xf0000000 0x30000000 MIPS-IV >>>>48 belong&0xf0000000 0x40000000 MIPS-V ->>>>48 belong&0xf0000000 0x60000000 MIPS32 ->>>>48 belong&0xf0000000 0x70000000 MIPS64 ->>>>48 belong&0xf0000000 0x80000000 MIPS32 rel2 ->>>>48 belong&0xf0000000 0x90000000 MIPS64 rel2 +>>>>48 belong&0xf0000000 0x50000000 MIPS32 +>>>>48 belong&0xf0000000 0x60000000 MIPS64 +>>>>48 belong&0xf0000000 0x70000000 MIPS32 rel2 +>>>>48 belong&0xf0000000 0x80000000 MIPS64 rel2 >>18 beshort 9 Amdahl, >>18 beshort 10 MIPS (deprecated), >>18 beshort 11 RS6000, @@ -196,6 +196,7 @@ >>18 beshort 88 Renesas M32R, >>18 beshort 94 Tensilica Xtensa, >>18 beshort 97 NatSemi 32k, +>>18 beshort 0x18ad AVR32 (unofficial), >>18 beshort 0x9026 Alpha (unofficial), >>18 beshort 0xa390 IBM S/390 (obsolete), >>20 belong 0 invalid version Index: filesystems =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/filesystems,v retrieving revision 1.32 retrieving revision 1.35 diff -u -r1.32 -r1.35 --- filesystems 16 May 2007 00:03:15 -0000 1.32 +++ filesystems 20 Oct 2007 15:38:25 -0000 1.35 @@ -52,7 +52,13 @@ >>>>11 ulelong >0 \b, %d sectors/track >>>>15 ulelong >0 \b, %d cylinders +# updated by Joerg Jenderek at Sep 2007 +# only for sector sizes with 512 or more Bytes 0x1FE leshort 0xAA55 x86 boot sector +# to do also for sectors < than 512 Bytes and some other files, GRR +#30 search/481 \x55\xAA x86 boot sector +# not for BeOS floppy 1440k, MBRs +#(11.s-2) uleshort 0xAA55 x86 boot sector >2 string OSBS \b, OS/BS MBR # J\xf6rg Jenderek >0x8C string Invalid\ partition\ table \b, MS-DOS MBR @@ -173,56 +179,59 @@ >>498 string BCDL\ \ \ \ BIN \b, Bootable CD Loader (1.50Z) # mbr partion table entries # OEM-ID not Microsoft,SYSLINUX,or MTOOLs ->3 string !MS +>3 string !MS >>3 string !SYSLINUX >>>3 string !MTOOL # not FAT (32 bit) >>>>82 string !FAT32 #not IO.SYS >>>>>472 string !IO\ \ \ \ \ \ SYS +>>>>>>480 string !IO\ \ \ \ \ \ SYS #not Linux kernel ->>>>>>514 string !HdrS +>>>>>>>514 string !HdrS +#not BeOS +>>>>>>>>422 string !Be\ Boot\ Loader # active flag 0 or 0x80 and type > 0 ->>>>>>>446 ubyte <0x81 ->>>>>>>>446 ubyte&0x7F 0 +>>>>>>>>>446 ubyte <0x81 +>>>>>>>>>>446 ubyte&0x7F 0 >>>>>>>>>>>450 ubyte >0 \b; partition 1: ID=0x%x ->>>>>>>>>>446 ubyte 0x80 \b, active ->>>>>>>>>>447 ubyte x \b, starthead %u -#>>>>>>>>>>448 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>448 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>454 ulelong x \b, startsector %u ->>>>>>>>>>458 ulelong x \b, %u sectors -# ->>>>>>>462 ubyte <0x81 ->>>>>>>>462 ubyte&0x7F 0 ->>>>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x ->>>>>>>>>>462 ubyte 0x80 \b, active ->>>>>>>>>>463 ubyte x \b, starthead %u -#>>>>>>>>>>464 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>470 ulelong x \b, startsector %u ->>>>>>>>>>474 ulelong x \b, %u sectors -# ->>>>>>>478 ubyte <0x81 ->>>>>>>>478 ubyte&0x7F 0 ->>>>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x ->>>>>>>>>>478 ubyte 0x80 \b, active ->>>>>>>>>>479 ubyte x \b, starthead %u -#>>>>>>>>>>480 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>481 ubyte x \b, start C2S: 0x%x -#>>>>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>486 ulelong x \b, startsector %u ->>>>>>>>>>490 ulelong x \b, %u sectors -# ->>>>>>>494 ubyte <0x81 ->>>>>>>>494 ubyte&0x7F 0 ->>>>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x ->>>>>>>>>>494 ubyte 0x80 \b, active ->>>>>>>>>>495 ubyte x \b, starthead %u -#>>>>>>>>>>496 ubyte x \b, start C_S: 0x%x -#>>>>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d ->>>>>>>>>>502 ulelong x \b, startsector %u ->>>>>>>>>>506 ulelong x \b, %u sectors +>>>>>>>>>>>>446 ubyte 0x80 \b, active +>>>>>>>>>>>>447 ubyte x \b, starthead %u +#>>>>>>>>>>>>448 ubyte x \b, start C_S: 0x%x +#>>>>>>>>>>>>448 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>>>>>>454 ulelong x \b, startsector %u +>>>>>>>>>>>>458 ulelong x \b, %u sectors +# +>>>>>>>>>462 ubyte <0x81 +>>>>>>>>>>462 ubyte&0x7F 0 +>>>>>>>>>>>466 ubyte >0 \b; partition 2: ID=0x%x +>>>>>>>>>>>>462 ubyte 0x80 \b, active +>>>>>>>>>>>>463 ubyte x \b, starthead %u +#>>>>>>>>>>>>464 ubyte x \b, start C_S: 0x%x +#>>>>>>>>>>>>464 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>>>>>>470 ulelong x \b, startsector %u +>>>>>>>>>>>>474 ulelong x \b, %u sectors +# +>>>>>>>>>478 ubyte <0x81 +>>>>>>>>>>478 ubyte&0x7F 0 +>>>>>>>>>>>482 ubyte >0 \b; partition 3: ID=0x%x +>>>>>>>>>>>>478 ubyte 0x80 \b, active +>>>>>>>>>>>>479 ubyte x \b, starthead %u +#>>>>>>>>>>>>480 ubyte x \b, start C_S: 0x%x +#>>>>>>>>>>>>481 ubyte x \b, start C2S: 0x%x +#>>>>>>>>>>>>480 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>>>>>>486 ulelong x \b, startsector %u +>>>>>>>>>>>>490 ulelong x \b, %u sectors +# +>>>>>>>>>494 ubyte <0x81 +>>>>>>>>>>494 ubyte&0x7F 0 +>>>>>>>>>>>498 ubyte >0 \b; partition 4: ID=0x%x +>>>>>>>>>>>>494 ubyte 0x80 \b, active +>>>>>>>>>>>>495 ubyte x \b, starthead %u +#>>>>>>>>>>>>496 ubyte x \b, start C_S: 0x%x +#>>>>>>>>>>>>496 ubeshort&1023 x \b, startcylinder? %d +>>>>>>>>>>>>502 ulelong x \b, startsector %u +>>>>>>>>>>>>506 ulelong x \b, %u sectors # mbr partion table entries end # http://www.acronis.de/ #FAT label=ACRONIS\ SZ @@ -507,34 +516,52 @@ >>>>>>>498 ubyte&0xDF >0 >>>>>>>>498 string x \b.%-.3s # ->486 ubyte&0xDF >0 ->>416 string Non-System\ disk\ or\ ->>>435 string disk\ error\r ->>>>447 string Replace\ and\ press\ any\ key\ ->>>>>473 string when\ ready\r \b, Microsoft DOS Bootloader ->480 ubyte&0xDF >0 ->>393 string Non-System\ disk\ or\ ->>>412 string disk\ error\r ->>>>424 string Replace\ and\ press\ any\ key\ ->>>>>450 string when\ ready\r \b, Microsoft DOS bootloader -#IO.SYS ->>>>>480 string x \b %-.2s ->>>>>>482 ubyte&0xDF >0 ->>>>>>>48 string x \b%-.6s ->>>>>488 ubyte&0xDF >0 ->>>>>>488 string x \b.%-.3s -#MSDOS.SYS ->>>>>>491 ubyte&0xDF >0 \b+ ->>>>>>>491 string x \b%-.5s ->>>>>>>>496 ubyte&0xDF >0 ->>>>>>>>>496 string x \b%-.3s ->>>>>>>499 ubyte&0xDF >0 ->>>>>>>>499 string x \b.%-.3s +>376 search/41 Non-System\ disk\ or\ +>>395 search/41 disk\ error\r +>>>407 search/41 Replace\ and\ +>>>>419 search/41 press\ \b, +>>>>419 search/41 strike\ \b, old +>>>>426 search/41 any\ key\ when\ ready\r MS or PC-DOS bootloader +#449 Disk\ Boot\ failure\r MS 3.21 +#466 Boot\ Failure\r MS 3.30 +>>>>>468 search/18 \0 +#IO.SYS,IBMBIO.COM +>>>>>>&0 string x \b %-.2s +>>>>>>>&-20 ubyte&0xDF >0 +>>>>>>>>&-1 string x \b%-.4s +>>>>>>>>>&-16 ubyte&0xDF >0 +>>>>>>>>>>&-1 string x \b%-.2s +>>>>>>&8 ubyte&0xDF >0 \b. +>>>>>>>&-1 string x \b%-.3s +#MSDOS.SYS,IBMDOS.COM +>>>>>>&11 ubyte&0xDF >0 \b+ +>>>>>>>&-1 string x \b%-.5s +>>>>>>>>&-6 ubyte&0xDF >0 +>>>>>>>>>&-1 string x \b%-.1s +>>>>>>>>>>&-5 ubyte&0xDF >0 +>>>>>>>>>>>&-1 string x \b%-.2s +>>>>>>>&7 ubyte&0xDF >0 \b. +>>>>>>>>&-1 string x \b%-.3s +>441 string Cannot\ load\ from\ harddisk.\n\r +>>469 string Insert\ Systemdisk\ +>>>487 string and\ press\ any\ key.\n\r \b, MS (2.11) DOS bootloader #>43 string \224R-LOADER\ \ SYS =label >54 string SYS >>324 string VASKK >>>495 string NEWLDR\0 \b, DR-DOS Bootloader (LOADER.SYS) # +>98 string Press\ a\ key\ to\ retry\0\r +>>120 string Cannot\ find\ file\ \0\r +>>>139 string Disk\ read\ error\0\r +>>>>156 string Loading\ ...\0 \b, DR-DOS (3.41) Bootloader +#DRBIOS.SYS +>>>>>44 ubyte&0xDF >0 +>>>>>>44 string x \b %-.6s +>>>>>>>50 ubyte&0xDF >0 +>>>>>>>>50 string x \b%-.2s +>>>>>>52 ubyte&0xDF >0 +>>>>>>>52 string x \b.%-.3s +# >70 string IBMBIO\ \ COM >>472 string Cannot\ load\ DOS!\ >>>489 string Any\ key\ to\ retry \b, DR-DOS Bootloader @@ -679,26 +706,43 @@ #it also hangs with another message ("NF"). >>>>>492 string RENF \b, FAT (12 bit) >>>>>495 string RENF \b, FAT (16 bit) +# added by Joerg Jenderek +# http://syslinux.zytor.com/iso.php +0 ulelong 0x7c40eafa isolinux Loader +# http://syslinux.zytor.com/pxe.php +0 ulelong 0x007c05ea pxelinux Loader +0 ulelong 0x60669c66 pxelinux Loader # loader end -# Joerg Jenderek ->446 ubyte 0 ->>450 ubyte >0 ->>>482 ubyte 0 ->>>>498 ubyte 0 ->>>>466 ubyte 0x05 \b, extended partition table ->>>>466 ubyte 0x0F \b, extended partition table (LBA) ->>>>466 ubyte 0x0 \b, extended partition table (last) +# updated by Joerg Jenderek at Sep 2007 +>3 ubyte 0 +#no active flag +>>446 ubyte 0 +# partition 1 not empty +>>>450 ubyte >0 +# partitions 3,4 empty +>>>>482 ubyte 0 +>>>>>498 ubyte 0 +# partition 2 ID=0,5,15 +>>>>>>466 ubyte <0x10 +>>>>>>>466 ubyte 0x05 \b, extended partition table +>>>>>>>466 ubyte 0x0F \b, extended partition table (LBA) +>>>>>>>466 ubyte 0x0 \b, extended partition table (last) # JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90 -# older drives may use E9 xx xx +# http://mirror.href.com/thestarman/asm/2bytejumps.htmm#FWD +# older drives may use Near JuMP instruction E9 xx xx >0 lelong&0x009000EB 0x009000EB >0 lelong&0x000000E9 0x000000E9 ->>1 ubyte >37 \b, code offset 0x%x +# maximal short forward jump is 07fx +>1 ubyte <0xff \b, code offset 0x%x # mtools-3.9.8/msdos.h # usual values are marked with comments to get only informations of strange FAT systems -# valid sectorsize are from 32 to 2048 ->>>11 uleshort <2049 ->>>>11 uleshort >31 +# valid sectorsize must be a power of 2 from 32 to 32768 +>>11 uleshort&0x000f x +>>>11 uleshort <32769 +>>>>11 uleshort >31 >>>>>3 string >\0 \b, OEM-ID "%8.8s" +#http://mirror.href.com/thestarman/asm/debug/debug2.htm#IHC +>>>>>>8 string IHC \b cached by Windows 9M >>>>>11 uleshort >512 \b, Bytes/sector %u #>>>>>11 uleshort =512 \b, Bytes/sector %u=512 (usual) >>>>>11 uleshort <512 \b, Bytes/sector %u @@ -725,17 +769,18 @@ >>>>>26 ubyte >2 \b, heads %u #>>>>>26 ubyte =2 \b, heads %u (usual floppy) >>>>>26 ubyte =1 \b, heads %u ->>>>>28 ulelong >0 \b, hidden sectors %u -#>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy) ->>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) -#>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB) +#skip for Digital Research DOS (version 3.41) 1440 kB Bootdisk +>>>>>38 ubyte !0x70 +>>>>>>28 ulelong >0 \b, hidden sectors %u +#>>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy) +>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB) +#>>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB) # FAT<32 specific -# NOT le FAT3=NOT 3TAF=0xCCABBEB9 ->>>>>82 ulelong&0xCCABBEB9 >0 ->>>>>>36 ubyte >0x80 \b, physical drive 0x%x -#>>>>>>36 ubyte =0x80 \b, physical drive 0x%x=0x80 (usual harddisk) ->>>>>>36 ubyte&0x7F >0 \b, physical drive 0x%x -#>>>>>>36 ubyte =0 \b, physical drive 0x%x=0 (usual floppy) +>>>>>82 string !FAT32 +#>>>>>>36 ubyte 0x80 \b, physical drive 0x%x=0x80 (usual harddisk) +#>>>>>>36 ubyte 0 \b, physical drive 0x%x=0 (usual floppy) +>>>>>>36 ubyte !0x80 +>>>>>>>36 ubyte !0 \b, physical drive 0x%x >>>>>>37 ubyte >0 \b, reserved 0x%x #>>>>>>37 ubyte =0 \b, reserved 0x%x >>>>>>38 ubyte >0x29 \b, dos < 4.0 BootSector (0x%x) @@ -1072,13 +1117,12 @@ # Modified for UDF by gerardo.cacciari at gmail.com 32769 string CD001 >38913 string !NSR0 ISO 9660 CD-ROM filesystem data ->38913 string NSR01 UDF filesystem data (version 1.0) ->38913 string NSR02 UDF filesystem data (version 1.5) ->38913 string NSR03 UDF filesystem data (version 2.0) ->38913 string >NSR03 UDF filesystem data (unknown version, ->>38917 byte x id 'NSR0%c') ->38913 string >38917 byte x id 'NSR0%c') +>38913 string NSR0 UDF filesystem data +>>38917 string 1 (version 1.0) +>>38917 string 2 (version 1.5) +>>38917 string 3 (version 2.0) +>>38917 byte >0x33 (unknown version, ID 0x%X) +>>38917 byte <0x31 (unknown version, ID 0x%X) # "application id" which appears to be used as a volume label >32808 string >\0 '%s' >34816 string \000CD001\001EL\ TORITO\ SPECIFICATION (bootable) @@ -1210,3 +1254,8 @@ >525 byte x Level %d >525 byte x (ODS-%d OpenVMS file system), >984 string x volume label is '%-12.12s' + +# From: Thomas Klausner +# http://filext.com/file-extension/DAA +# describes the daa file format. The magic would be: +0 string DAA\x0\x0\x0\x0\x0 PowerISO Direct-Access-Archive Index: macintosh =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/macintosh,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- macintosh 19 Jan 2005 17:56:21 -0000 1.11 +++ macintosh 7 Nov 2007 22:10:13 -0000 1.12 @@ -357,4 +357,4 @@ >>>>0xa54 belong x number of blocks: %d # From: Remi Mommsen -0 string BOMStore Mac OS X bill of materials (BOM) fil +0 string BOMStore Mac OS X bill of materials (BOM) file Index: msdos =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/msdos,v retrieving revision 1.43 retrieving revision 1.47 diff -u -r1.43 -r1.47 --- msdos 8 May 2007 16:46:44 -0000 1.43 +++ msdos 26 Sep 2007 20:12:31 -0000 1.47 @@ -363,8 +363,6 @@ >30 byte 12 (4kB sectors) # Popular applications -# False positive with PPT -#0 string \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF Microsoft Installer 2080 string Microsoft\ Word\ 6.0\ Document %s 2080 string Documento\ Microsoft\ Word\ 6 Spanish Microsoft Word 6 document data # Pawel Wiecek (for polish Word) @@ -610,10 +608,44 @@ 0 string VMDK VMware4 disk image 0 string KDMV VMware4 disk image -0 belong 0x514649fb QEMU Copy-On-Write disk image ->4 belong x version %d, ->24 belong x size %d + ->28 belong x %d +#-------------------------------------------------------------------- +# Qemu Emulator Images +# Lines written by Friedrich Schwittay (f.schwittay at yousable.de) +# Made by reading sources and doing trial and error on existing +# qcow files +0 string QFI Qemu Image, Format: Qcow + +# Uncomment the following line to display Magic (only used for debugging +# this magic number) +#>0 string x , Magic: %s + +# There are currently 2 Versions: "1" and "2" +# I do not use Version 2 and therefor branch here +# but can assure: it works (tested on both versions) +# Also my Qemu 0.9.0 which uses this Version 2 refuses +# to start in its bios +>0x04 belong 2 , Version: 2 +>0x04 belong 1 , Version: 1 + +# Using the existence of the Backing File Offset to Branch or not +# to read Backing File Information +>>0xc belong >0 , Backing File( Offset: %d +>>>(0xc.L) string >\0 , Path: %s + +# Didnt got the Trick here how qemu stores the "Size" at this Position +# There is actually something stored but nothing makes sense +# The header in the sources talks about it +#>>>16 lelong x , Size: %d + +# Modification time of the Backing File +# Really usefull if you want to know if your backing +# file is still usable together with this image +>>>20 bedate x , Mtime: %s ) + +# Dont know how to calculate in Magicfiles +# Also: this Information is not reliably +# stored in image-files +>>24 lelong x , Disk Size could be: %d * 256 bytes 0 string QEVM QEMU's suspend to disk image @@ -624,5 +656,14 @@ 0 lelong 0x02468ace Bochs Sparse disk image # from http://filext.com by Derek M Jones -0 string \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF Microsoft Installer +# False positive with PPT +#0 string \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF Microsoft Installer 0 string \320\317\021\340\241\261\032\341 Microsoft Office Document + +# From: "Nelson A. de Oliveira" +# Magic type for Dell's BIOS .hdr files +# Dell's .hdr +0 string $RBU +>23 string Dell %s system BIOS +>48 string x version %.3s + Index: pdf =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/pdf,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- pdf 22 Jun 1996 22:11:05 -0000 1.1 +++ pdf 26 Sep 2007 20:45:26 -0000 1.2 @@ -5,3 +5,9 @@ 0 string %PDF- PDF document >5 byte x \b, version %c >7 byte x \b.%c + +# From: Nick Schmalenberger +# Forms Data Format +0 string %FDF- FDF text +>5 byte x \b, version %c +>7 byte x \b.%c Index: sgi =================================================================== RCS file: /p/file/cvsroot/file/magic/Magdir/sgi,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- sgi 22 Jun 2005 21:42:48 -0000 1.12 +++ sgi 26 Sep 2007 20:45:26 -0000 1.13 @@ -15,19 +15,22 @@ >20 lelong 0 log volume #0 >20 lelong >0 log volume #%ld >24 string >\0 host: %s -0 string PCPFolio PCP +0 string PCPFolio PCP >9 string Version: Archive Folio >18 string >\0 (V.%s) 0 string #pmchart PCP pmchart view >9 string Version >17 string >\0 (V%-3.3s) +0 string #kmchart PCP kmchart view +>9 string Version +>17 string >\0 (V.%s) 0 string pmview PCP pmview config >7 string Version >15 string >\0 (V%-3.3s) 0 string #pmlogger PCP pmlogger config >10 string Version >18 string >\0 (V%1.1s) -0 string PcPh PCP Help +0 string PcPh PCP Help >4 string 1 Index >4 string 2 Text >5 string >\0 (V.%1.1s) From christos at zoulas.com Thu Dec 27 18:45:44 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 27 Dec 2007 11:45:44 -0500 Subject: file-4.22 is now available Message-ID: <20071227164544.65A1C56539@rebar.astron.com> Hello, ... and happy holidays. You can ftp it from: ftp://ftp.astron.com/pub/file/file-4.22.tar.gz Here are the ChangeLog entries: Enjoy, christos 2007-12-27 11:35 Christos Zoulas * bring back some fixes from OpenBSD * treat ELF dynamic objects as executables * fix gcc warnings 2007-12-01 19:55 Christos Zoulas * make sure we have zlib.h and libz to compile the builtin decompress code 2007-10-28 20:48 Christos Zoulas * float and double magic support (Behan Webster) 2007-10-28 20:48 Christos Zoulas * Convert fortran to a soft test (Reuben Thomas) 2007-10-23 5:25 Christos Zoulas * Add --with-filename, and --no-filename (Reuben Thomas) 2007-10-23 3:59 Christos Zoulas * Rest of the mime split (Reuben Thomas) * Make usage message generated from the flags so that they stay consistent (Reuben Thomas) 2007-10-20 3:06 Christos Zoulas * typo in comment, missing ifdef QUICK, remove unneeded code (Charles Longeau) 2007-10-17 3:33 Christos Zoulas * Fix problem printing -\012 in some entries * Separate magic type and encoding flags (Reuben Thomas) 2007-10-09 3:55 Christos Zoulas * configure fix for int64 and strndup (Reuben Thomas) 2007-09-26 4:45 Christos Zoulas * Add magic_descriptor() function. * Fix regression in elf reading code where the core name was not being printed. * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson) 2007-08-19 6:30 Christos Zoulas * Make mime format consistent so that it can be easily parsed: mimetype [charset=character-set] [encoding=encoding-mime-type] Remove spurious extra text from some MIME type printouts (mostly in is_tar). Fix one case where -i produced nothing at all (for a 1-byte file, which is now classed as application/octet-stream). Remove 7/8bit classifications, since they were arbitrary and not based on the file data. This work was done by Reuben Thomas From christos at zoulas.com Thu Dec 27 22:33:44 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 27 Dec 2007 15:33:44 -0500 Subject: new version of file-4.22 Message-ID: <20071227203344.57C9E56539@rebar.astron.com> The previous one had a busted names.h array. If you downloaded it already, please download it again. christos From Zube at CS.ColoState.EDU Thu Dec 27 22:27:52 2007 From: Zube at CS.ColoState.EDU (Zube) Date: Thu, 27 Dec 2007 13:27:52 -0700 Subject: file 4.22 build fails on Solaris 9 due to strtof() Message-ID: <20071227202752.GA25578@mozart.cs.colostate.edu> On Solaris 9 sparc fully patched, building with gcc 3.4.6: gmake[2]: Entering directory `/stat/src/file/file-4.22/src' /bin/bash ../libtool --tag=CC --mode=link gcc -O2 -o file file.o libmagic.la -lz gcc -O2 -o .libs/file file.o ./.libs/libmagic.so -lz -R/usr/local/lib Undefined first referenced symbol in file strtof ./.libs/libmagic.so ld: fatal: Symbol referencing errors. No output written to .libs/file collect2: ld returned 1 exit status strtof() seems to have crept into apprentice.c (it wasn't in file 4.21), but I don't think Solaris 9 has it. Cheers, Zube From christos at zoulas.com Thu Dec 27 22:47:12 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 27 Dec 2007 15:47:12 -0500 Subject: file 4.22 build fails on Solaris 9 due to strtof() In-Reply-To: <20071227202752.GA25578@mozart.cs.colostate.edu> from Zube (Dec 27, 1:27pm) Message-ID: <20071227204713.08C6656539@rebar.astron.com> On Dec 27, 1:27pm, Zube at CS.ColoState.EDU (Zube) wrote: -- Subject: file 4.22 build fails on Solaris 9 due to strtof() | On Solaris 9 sparc fully patched, building with gcc 3.4.6: | | gmake[2]: Entering directory `/stat/src/file/file-4.22/src' | /bin/bash ../libtool --tag=CC --mode=link gcc -O2 -o file file.o libmagic.la -lz | gcc -O2 -o .libs/file file.o ./.libs/libmagic.so -lz -R/usr/local/lib | Undefined first referenced | symbol in file | strtof ./.libs/libmagic.so | ld: fatal: Symbol referencing errors. No output written to .libs/file | collect2: ld returned 1 exit status | | strtof() seems to have crept into apprentice.c (it wasn't in file 4.21), | but I don't think Solaris 9 has it. I will add configure tests for it: The strtod() function conforms to ANSI X3.159-1989 (``ANSI C89''). The strtof() and strtold() functions conform to ISO/IEC 9899:1999 (``ISO C99''). christos From christos at zoulas.com Thu Dec 27 22:52:03 2007 From: christos at zoulas.com (Christos Zoulas) Date: Thu, 27 Dec 2007 15:52:03 -0500 Subject: file 4.22 build fails on Solaris 9 due to strtof() In-Reply-To: <20071227202752.GA25578@mozart.cs.colostate.edu> from Zube (Dec 27, 1:27pm) Message-ID: <20071227205203.3848156539@rebar.astron.com> On Dec 27, 1:27pm, Zube at CS.ColoState.EDU (Zube) wrote: -- Subject: file 4.22 build fails on Solaris 9 due to strtof() | On Solaris 9 sparc fully patched, building with gcc 3.4.6: | | gmake[2]: Entering directory `/stat/src/file/file-4.22/src' | /bin/bash ../libtool --tag=CC --mode=link gcc -O2 -o file file.o libmagic.la -lz | gcc -O2 -o .libs/file file.o ./.libs/libmagic.so -lz -R/usr/local/lib | Undefined first referenced | symbol in file | strtof ./.libs/libmagic.so | ld: fatal: Symbol referencing errors. No output written to .libs/file | collect2: ld returned 1 exit status | | strtof() seems to have crept into apprentice.c (it wasn't in file 4.21), | but I don't think Solaris 9 has it. Here's a patch: Index: config.h.in =================================================================== RCS file: /p/file/cvsroot/file/config.h.in,v retrieving revision 1.27 diff -u -u -r1.27 config.h.in --- config.h.in 2 Dec 2007 00:28:10 -0000 1.27 +++ config.h.in 27 Dec 2007 20:50:57 -0000 @@ -72,6 +72,9 @@ /* Define to 1 if you have the `strndup' function. */ #undef HAVE_STRNDUP +/* Define to 1 if you have the `strtof' function. */ +#undef HAVE_STRTOF + /* Define to 1 if you have the `strtoul' function. */ #undef HAVE_STRTOUL Index: configure =================================================================== RCS file: /p/file/cvsroot/file/configure,v retrieving revision 1.71 diff -u -u -r1.71 configure --- configure 27 Dec 2007 16:41:00 -0000 1.71 +++ configure 27 Dec 2007 20:50:57 -0000 @@ -23398,7 +23398,8 @@ -for ac_func in mmap strerror strndup strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth snprintf vsnprintf + +for ac_func in mmap strerror strndup strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth snprintf vsnprintf strtof do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 Index: configure.in =================================================================== RCS file: /p/file/cvsroot/file/configure.in,v retrieving revision 1.67 diff -u -u -r1.67 configure.in --- configure.in 27 Dec 2007 16:41:00 -0000 1.67 +++ configure.in 27 Dec 2007 20:50:57 -0000 @@ -127,7 +127,7 @@ AC_CHECK_SIZEOF_STDC_HEADERS(uint64_t, 0) dnl Checks for functions -AC_CHECK_FUNCS(mmap strerror strndup strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth snprintf vsnprintf) +AC_CHECK_FUNCS(mmap strerror strndup strtoul mbrtowc mkstemp getopt_long utimes utime wcwidth snprintf vsnprintf strtof) dnl Checks for libraries AC_CHECK_LIB(z,gzopen) Index: src/apprentice.c =================================================================== RCS file: /p/file/cvsroot/file/src/apprentice.c,v retrieving revision 1.108 diff -u -u -r1.108 apprentice.c --- src/apprentice.c 27 Dec 2007 16:35:58 -0000 1.108 +++ src/apprentice.c 27 Dec 2007 20:50:58 -0000 @@ -1418,7 +1419,11 @@ case FILE_LEFLOAT: if (m->reln != 'x') { char *ep; +#ifdef HAVE_STRTOF m->value.f = strtof(*p, &ep); +#else + m->value.f = (float)strtod(*p, &ep); +#endif *p = ep; } return 0; From Mark.Martinec+amavis at ijs.si Fri Dec 28 16:08:52 2007 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Fri, 28 Dec 2007 15:08:52 +0100 Subject: file-4.22 is now available In-Reply-To: <20071227164544.65A1C56539@rebar.astron.com> References: <20071227164544.65A1C56539@rebar.astron.com> Message-ID: <200712281508.52534.Mark.Martinec+amavis@ijs.si> Christos, > ftp://ftp.astron.com/pub/file/file-4.22.tar.gz Looks like you forgot to take out the old problematic regexps (as I wrote some time ago): 100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text 100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text while providing the fixed ones: 100 regex/c =^[\ \t]{0,10}call[\ \t]{1,10}rxfunc OS/2 REXX batch file text 100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text so the CVE-2007-2026 DoS vulnerability is still applicable to 4.22. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2026 http://www.amavis.org/security/asa-2007-3.txt Mark From christos at zoulas.com Fri Dec 28 17:15:04 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 28 Dec 2007 10:15:04 -0500 Subject: file-4.22 is now available In-Reply-To: <200712281508.52534.Mark.Martinec+amavis@ijs.si> from Mark Martinec (Dec 28, 3:08pm) Message-ID: <20071228151504.8BA0456542@rebar.astron.com> On Dec 28, 3:08pm, Mark.Martinec+amavis at ijs.si (Mark Martinec) wrote: -- Subject: Re: file-4.22 is now available | Christos, | | > ftp://ftp.astron.com/pub/file/file-4.22.tar.gz | | Looks like you forgot to take out the old problematic regexps | (as I wrote some time ago): | | 100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text | 100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text | | while providing the fixed ones: | | 100 regex/c =^[\ \t]{0,10}call[\ \t]{1,10}rxfunc OS/2 REXX batch file text | 100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text | | so the CVE-2007-2026 DoS vulnerability is still applicable to 4.22. | | See: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2026 | http://www.amavis.org/security/asa-2007-3.txt | Thanks, I removed them. I don't know how they got in... christos From vapier at gentoo.org Fri Dec 28 17:55:53 2007 From: vapier at gentoo.org (Mike Frysinger) Date: Fri, 28 Dec 2007 10:55:53 -0500 Subject: file-4.22 is now available In-Reply-To: <20071228151504.8BA0456542@rebar.astron.com> References: <20071228151504.8BA0456542@rebar.astron.com> Message-ID: <200712281055.54104.vapier@gentoo.org> On Friday 28 December 2007, Christos Zoulas wrote: > On Dec 28, 3:08pm, Mark.Martinec+amavis at ijs.si (Mark Martinec) wrote: > -- Subject: Re: file-4.22 is now available > > | Christos, > | > | > ftp://ftp.astron.com/pub/file/file-4.22.tar.gz > | > | Looks like you forgot to take out the old problematic regexps > | (as I wrote some time ago): > | > | 100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text > | 100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text > | > | while providing the fixed ones: > | > | 100 regex/c =^[\ \t]{0,10}call[\ \t]{1,10}rxfunc OS/2 REXX batch file > | text 100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file > | text > | > | so the CVE-2007-2026 DoS vulnerability is still applicable to 4.22. > | > | See: > | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2026 > | http://www.amavis.org/security/asa-2007-3.txt > > Thanks, I removed them. I don't know how they got in... another tarball change or 4.22.1 ? -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. Url : http://mx.gw.com/pipermail/file/attachments/20071228/e3e929ed/attachment.bin From christos at zoulas.com Fri Dec 28 18:47:19 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 28 Dec 2007 11:47:19 -0500 Subject: file-4.22 is now available In-Reply-To: <200712281055.54104.vapier@gentoo.org> from Mike Frysinger (Dec 28, 10:55am) Message-ID: <20071228164719.68EFE56407@rebar.astron.com> On Dec 28, 10:55am, vapier at gentoo.org (Mike Frysinger) wrote: -- Subject: Re: file-4.22 is now available | another tarball change or 4.22.1 ? 4.22.1 I guess. christos From christos at zoulas.com Fri Dec 28 22:38:19 2007 From: christos at zoulas.com (Christos Zoulas) Date: Fri, 28 Dec 2007 15:38:19 -0500 Subject: file-4.23 is available. Message-ID: <20071228203819.E8ABF56534@rebar.astron.com> Due to the missing strtof issue and bad regex magic, I decided to cut a new version and delete 4.22. christos