Fedora has issued an advisory on October 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IETNVENFZLK7YDQZYXUTFUDKZVN63KA3/ Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron. Advisory: ======================== Updated recode packages fixes security vulnerability: A buffer overflow vulnerability was found in recode. Parsing a maliciously crafted file could cause the application to crash (rhbz#1422545). References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IETNVENFZLK7YDQZYXUTFUDKZVN63KA3/ ======================== Updated packages in core/updates_testing: ======================== recode-3.6-26.1.mga5 librecode0-3.6-26.1.mga5 librecode-devel-3.6-26.1.mga5 recode-3.6-28.1.mga6 librecode0-3.6-28.1.mga6 librecode-devel-3.6-28.1.mga6 from SRPMS: recode-3.6-26.1.mga5.src.rpm recode-3.6-28.1.mga6.src.rpm
Whiteboard: (none) => MGA5TOO
Background ---------- No previous updates for this. Description : The GNU recode utility converts files between various character sets. $ urpmq --whatrequires-recursive recode | sort | uniq dropbox-servicemenu So it looks as if 'dropbox-servicemenu' is the only hosting application. However, there is a 'recode' binary, with man page, which perhaps we can use. More detail in its 'info' which includes: Quick Tutorial. I could find no test example (PoC).
CC: (none) => lewyssmith
MGA-32 on Asus A6000VM Xfce No installation issues Googled and found some help in https://superuser.com/questions/116907/how-to-recode-to-utf-8-conditionally So at CLI: $ recode -l /21-Permutation swabytes /4321-Permutation /Base64 64 b64 /CR /CR-LF cl and loads more. Further, first make a copy of your test file as recode overwrites it: $ file -bi bookmark.htm text/html; charset=iso-8859-1 $ recode ISO-8859-1..UTF-8 bookmark.htm does not give any feedback $ file -bi bookmark.htm text/html; charset=utf-8 Seems to work OK
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
mga6::x86_64 Seems to work here also. Updated the packages. $ cat transcoded.txt R�sum� $ file -i transcoded.txt transcoded.txt: text/plain; charset=iso-8859-1 $ recode iso-8859-1..utf-8 transcoded.txt $ cat transcoded.txt Résumé $ file -i transcoded.txt transcoded.txt: text/plain; charset=utf-8 $ recode us-ascii..wchar-t brillig $ file -i brillig brillig: application/octet-stream; charset=binary $ cat brillig "\n\x00\x00\x00-\x00\x00\x00-\x00\x00\x00-\x00\x00\x00-\x00\x00\x00-\x00\x00\x00 ........................... $ recode wchar-t..utf-8 brillig $ cat brillig ------------------------------------------ | | | Twas brillig and the slithy toves | | Did gyre and and gimble in the wabe. | | All mimsy were the borogoves | | And the mome raths outgrabe. | | | ------------------------------------------
CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
mga5::x86_64 $ cat t1.rb string = "R\u00E9sum\u00E9 " open( "transcoded.txt", "w:ISO-8859-1" ) do |io| io.write(string) end $ ruby t1.rb $ cat transcoded.txt R�sum� $ file -i transcoded.txt transcoded.txt: text/plain; charset=iso-8859-1 $ cat transcoded.txt Résumé $ file -i transcoded.txt transcoded.txt: text/plain; charset=utf-8 $ file -i ozymandias ozymandias: text/plain; charset=utf-8 $ recode utf-8..wchar-t ozymandias $ file -i ozymandias ozymandias: application/octet-stream; charset=binary $ less ozymandias ................ ^@h^@^@^@e^@^@^@s^@^@^@e^@^@^@ ^@^@^@w^@^@^@o^@^@^@r^@^@^@d^@^@^@s^@^@^@ ^@^@^@a^@^@^@p^@^@^@p^@^@^@e^@^@^@a^@^@^@r^@^@^@:^@^@^@ $ recode wchar-t..us-ascii ozymandias $ file -i ozymandias ozymandias: text/plain; charset=us-ascii $ cat ozymandias ............ My name is Ozymandias, King of Kings; Look on my Works, ye Mighty, and despair! Nothing beside remains. Round the decay Of that colossal Wreck, boundless and bare The lone and level sands stretch far away." Good for mga5 64-bits.
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OK
Oops. Left out a line in the report in comment 4. $ recode iso-8859-1..utf-8 transcoded.txt before $ cat transcoded.txt Résumé
That last report about the wide character conversion is misleading. I somehow mixed up the before test output with the final report. After the update the output text can be read - it looks like the original. $ file -i brillig brillig: text/plain; charset=us-ascii $ recode -v us-ascii..wchar_t brillig Request: ANSI_X3.4-1968..:libiconv:..WCHAR_T Shrunk to: ANSI_X3.4-1968..WCHAR_T Recoding brillig... done $ file -i brillig brillig: application/octet-stream; charset=binary The file reads as plain text but a hexdump shows that wide characters have been implemented. $ hexdump brillig 0000000 002d 0000 002d 0000 002d 0000 002d 0000 * 00000a0 002d 0000 002d 0000 000a 0000 007c 0000 00000b0 0020 0000 0020 0000 0020 0000 0020 0000 * ................... $ recode wchar_t..utf-8 brillig $ file -i brillig brillig: text/plain; charset=us-ascii $ hexdump brillig 0000000 2d2d 2d2d 2d2d 2d2d 2d2d 2d2d 2d2d 2d2d * 0000020 2d2d 2d2d 2d2d 2d2d 2d2d 7c0a 2020 2020 0000030 2020 2020 2020 2020 2020 2020 2020 2020 * 0000050 2020 2020 0a7c 207c 5420 6177 2073 7262 So it does work but you no longer see binary characters in the listing.
Redface again: less shows binary characters, cat suppresses them, zeroes anyway. Sorry for the noise.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0385.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED