Debian Bug report logs - #515603
Lenny upgrade of file/ libmagic1 breaks amavisd

version graph

Package: file; Maintainer for file is Christoph Biedl <debian.axhn@manchmal.in-ulm.de>; Source for file is src:file.

Reported by: Tony Folley <tonyfolley@yahoo.ca>

Date: Mon, 16 Feb 2009 13:24:02 UTC

Severity: important

Found in versions file/4.26-1, file/5.00-1

Fixed in version 5.04-1

Done: Daniel Baumann <daniel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#515603; Package file. (Mon, 16 Feb 2009 13:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tony Folley <tonyfolley@yahoo.ca>:
New Bug report received and forwarded. Copy sent to Daniel Baumann <daniel@debian.org>. (Mon, 16 Feb 2009 13:24:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Tony Folley <tonyfolley@yahoo.ca>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Lenny upgrade of file/ libmagic1 breaks amavisd
Date: Mon, 16 Feb 2009 09:23:02 -0400
Package: file
Version: 4.26-1
Severity: important


I am testing the upgrade from Etch to Lenny on a virtual machine before 
trying it on the production server. When I upgraded file and libmagic1, 
I can no longer process email through Exim4/ Amavisd-new. I get the 
followong error...

Feb 16 09:08:23 mailtest.macfarlands.com /usr/sbin/amavisd-new[2586]: (02586-01) (!)NOTICE: Skipping bad output from file(1) at [0, p001], got: file: version mismatch (6 != 2) in `/usr/share/file/magic.mgc'
Feb 16 09:08:23 mailtest.macfarlands.com /usr/sbin/amavisd-new[2586]: (02586-01) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: file(1) utility (/usr/bin/file) error: failed, exit 1, parsing failure - missing last 1 results at (eval 86) line 177.
Feb 16 09:08:23 mailtest.macfarlands.com /usr/sbin/amavisd-new[2586]: (02586-01) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20090216T090823-02586

If I downgrade file and libmagic1, mail is processed normally.


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.3 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages file depends on:
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libmagic1              4.26-1            File type determination library us
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

file recommends no packages.

file suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#515603; Package file. (Mon, 30 Mar 2009 13:36:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Angel Vicente" <angel.vicente@knipping.es>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (Mon, 30 Mar 2009 13:36:07 GMT) Full text and rfc822 format available.

Message #10 received at 515603@bugs.debian.org (full text, mbox):

From: "Angel Vicente" <angel.vicente@knipping.es>
To: <515603@bugs.debian.org>
Subject: Problem with file
Date: Mon, 30 Mar 2009 15:33:05 +0200
Hello....

I have a problem like this: I have a amd64 with kernel 2.6.28 and I´m runnig
with unstable ditribution. The version of file was 5.00, and I had the same
problem (error message about /usr/bin/file) with amavisd-new, but doing some
experiments, I see that the size of the attachments has to do something with
this issue: sending xls of 11Mb size, I got the error, but minor size (<
1Mb), seems file running well.

I´ve just downgrade to file 4.26-2, and now I have not any issues.

I don´t know if this would a clue.

Regards

 





Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Baumann <daniel@debian.org>:
Bug#515603; Package file. (Tue, 14 Apr 2009 09:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Eugene B. Berdnikov" <bd4@protva.ru>:
Extra info received and forwarded to list. Copy sent to Daniel Baumann <daniel@debian.org>. (Tue, 14 Apr 2009 09:09:03 GMT) Full text and rfc822 format available.

Message #15 received at 515603@bugs.debian.org (full text, mbox):

From: "Eugene B. Berdnikov" <bd4@protva.ru>
To: Debian Bug Tracking System <515603@bugs.debian.org>
Subject: Heap corruption in libmagic1 when parsing CDF files
Date: Tue, 14 Apr 2009 13:07:26 +0400
Package: file
Version: 5.00-1
Severity: critical


 Heap corruption happens on some Microsoft document files (including ".doc",
 ".mpp" and maybe others), while reading out-of-buffer in cdf.c, line 313.

 This bug is critical for mail processing, blocking mails on relay running
 amavisd as spam/virus filter. Symptoms:

% file /tmp/VTB_DWH_plan_v_091_090331_gleb.mpp
*** glibc detected *** file: munmap_chunk(): invalid pointer: 0x08c48aa8 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7e231e4]
/usr/lib/libmagic.so.1(cdf_read_sat+0x23b)[0xb7f3e84b]
/usr/lib/libmagic.so.1(file_trycdf+0x6e)[0xb7f3ecce]
/usr/lib/libmagic.so.1(file_buffer+0x1ca)[0xb7f3c21a]
/usr/lib/libmagic.so.1[0xb7f2e092]
file[0x8048e3d]
file[0x804995c]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7dca775]
file[0x8048ba1]
======= Memory map: ========
08048000-0804b000 r-xp 00000000 03:0a 335446     /usr/bin/file
0804b000-0804c000 rw-p 00002000 03:0a 335446     /usr/bin/file
08c22000-08c5b000 rw-p 08c22000 00:00 0          [heap]
b7989000-b7995000 r-xp 00000000 03:05 40203      /lib/libgcc_s.so.1
b7995000-b7996000 rw-p 0000c000 03:05 40203      /lib/libgcc_s.so.1
b79a2000-b7a03000 rw-p b79a2000 00:00 0 
b7a03000-b7a05000 r-xp 00000000 03:0a 20213      /usr/lib/gconv/KOI8-R.so
b7a05000-b7a06000 r--p 00001000 03:0a 20213      /usr/lib/gconv/KOI8-R.so
b7a06000-b7a07000 rw-p 00002000 03:0a 20213      /usr/lib/gconv/KOI8-R.so
b7a07000-b7a0e000 r--s 00000000 03:0a 16392      /usr/lib/gconv/gconv-modules.cache
b7a0e000-b7bbd000 rw-p 00000000 03:0a 228828     /usr/share/file/magic.mgc
b7bbd000-b7db3000 r--p 00000000 03:0a 47892      /usr/lib/locale/locale-archive
b7db3000-b7db4000 rw-p b7db3000 00:00 0 
b7db4000-b7f0e000 r-xp 00000000 03:05 44190      /lib/i686/cmov/libc-2.9.so
b7f0e000-b7f0f000 ---p 0015a000 03:05 44190      /lib/i686/cmov/libc-2.9.so
b7f0f000-b7f11000 r--p 0015a000 03:05 44190      /lib/i686/cmov/libc-2.9.so
b7f11000-b7f12000 rw-p 0015c000 03:05 44190      /lib/i686/cmov/libc-2.9.so
b7f12000-b7f16000 rw-p b7f12000 00:00 0 
b7f16000-b7f2a000 r-xp 00000000 03:0a 16369      /usr/lib/libz.so.1.2.3.3
b7f2a000-b7f2b000 rw-p 00013000 03:0a 16369      /usr/lib/libz.so.1.2.3.3
b7f2b000-b7f44000 r-xp 00000000 03:0a 17555      /usr/lib/libmagic.so.1.0.0
b7f44000-b7f45000 rw-p 00019000 03:0a 17555      /usr/lib/libmagic.so.1.0.0
b7f50000-b7f53000 rw-p b7f50000 00:00 0 
b7f53000-b7f54000 r-xp b7f53000 00:00 0          [vdso]
b7f54000-b7f70000 r-xp 00000000 03:05 40274      /lib/ld-2.9.so
b7f70000-b7f71000 r--p 0001b000 03:05 40274      /lib/ld-2.9.so
b7f71000-b7f72000 rw-p 0001c000 03:05 40274      /lib/ld-2.9.so
bfc5c000-bfc71000 rw-p bffeb000 00:00 0          [stack]
/tmp/VTB_DWH_plan_v_091_090331_gleb.mpp: [2]    17253 abort      file /tmp/VTB_DWH_plan_v_091_090331_gleb.mpp

 If an assertion like this

------------------------------------------------------------------------------
--- cdf.c.orig  2009-04-14 12:47:33.000000000 +0400
+++ cdf.c       2009-04-14 12:48:48.000000000 +0400
@@ -310,6 +310,7 @@
                        goto out2;
                }
                for (k = 0; k < (ss / sizeof(mid)) - 1; k++, i++)
+                       assert(i <= sat->sat_len);
                        if (cdf_read_sector(fd, sat->sat_tab, ss * i, ss, h,
                            CDF_TOLE4(msa[k])) != (ssize_t)ss) {
                                DPRINTF(("Reading sector %d",
------------------------------------------------------------------------------

 added to the source, no corruption happens, but file aborts with message
 "cdf_read_sat: Assertion `i <= sat->sat_len' failed."

 I do not understand what this code is doing, so I do not try to patch it.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/bash

Versions of packages file depends on:
ii  libc6                  2.9-4             GNU C Library: Shared libraries
ii  libmagic1              5.00-1            File type determination library us
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

file recommends no packages.

file suggests no packages.

-- no debconf information




Severity set to `important' from `important' Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Tue, 14 Apr 2009 09:27:04 GMT) Full text and rfc822 format available.

Reply sent to daniel@debian.org:
You have taken responsibility. (Sat, 10 Jul 2010 22:36:07 GMT) Full text and rfc822 format available.

Notification sent to Tony Folley <tonyfolley@yahoo.ca>:
Bug acknowledged by developer. (Sat, 10 Jul 2010 22:36:07 GMT) Full text and rfc822 format available.

Message #22 received at 515603-done@bugs.debian.org (full text, mbox):

From: Daniel Baumann <daniel@debian.org>
To: 515603-done@bugs.debian.org
Subject: Lenny upgrade of file/ libmagic1 breaks amavisd
Date: Sun, 11 Jul 2010 00:33:03 +0200
Version: 5.04-1

this seems to have been fixed in one of the later 5.xx releases, closing.

Regards,
Daniel

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 09 Sep 2011 07:28:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 09:03:11 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.