configure.in | 1 +
doc/file.man | 25 ++++---
doc/magic.man | 2 +-
magic/Header | 8 +-
magic/Magdir/animation | 16 +++-
magic/Magdir/archive | 192 +++++++++++++++++++++++-----------------------
magic/Magdir/audio | 12 ++--
magic/Magdir/commands | 2 +-
magic/Magdir/compress | 24 +++---
magic/Magdir/cracklib | 2 +-
magic/Magdir/elf | 2 +-
magic/Magdir/fsav | 2 -
magic/Magdir/hp | 77 ++++++++++++-------
magic/Magdir/images | 10 +-
magic/Magdir/linux | 19 +----
magic/Magdir/macintosh | 117 +++++++++++++++--------------
magic/Magdir/mcrypt | 60 +++++++++++++--
magic/Magdir/msdos | 45 ++++++------
magic/Magdir/os400 | 42 +++++-----
magic/Magdir/perl | 17 ++--
magic/Magdir/revision | 6 ++
magic/Magdir/scientific | 16 ++--
magic/Makefile.am | 2 +-
magic/magic.mime | 64 +++++++++-------
src/Makefile.am | 2 +-
src/ascmagic.c | 4 +-
src/compress.c | 13 +--
src/file.c | 5 +-
src/fsmagic.c | 3 +-
src/funcs.c | 9 ++-
src/magic.c | 2 +-
src/readelf.c | 44 +++++++++--
src/readelf.h | 2 +
src/softmagic.c | 18 ++++-
34 files changed, 497 insertions(+), 368 deletions(-)
diff --git a/configure.in b/configure.in
index df4ca29..42eaad7 100644
--- a/configure.in
+++ b/configure.in
@@ -51,6 +51,7 @@ AC_SUBST(fsect)
AM_CONDITIONAL(FSECT5, test x$fsect = x5)
dnl Checks for programs.
+AC_GNU_SOURCE
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
diff --git a/doc/file.man b/doc/file.man
index f096104..87c1500 100644
--- a/doc/file.man
+++ b/doc/file.man
@@ -47,9 +47,9 @@ meaning anything else (data is usually
or non-printable).
Exceptions are well-known file formats (core files, tar archives)
that are known to contain binary data.
-When modifying the file
-.Pa __MAGIC__
-or the program itself, make sure to
+When adding local definitions to the file
+.Pa /etc/magic ,
+make sure to
.Em "preserve these keywords" .
People depend on knowing that all the readable files in a directory
have the word
@@ -239,7 +239,8 @@ file.
.Dq FILES
section, below).
.It Fl k , -keep-going
-Don't stop at the first match, keep going.
+Don't stop at the first match, keep going. Subsequent matches will be
+prepended by ``\\012\- ''. (If you want a newline, see ``\-r'' option.)
.It Fl L , -dereference
option causes symlinks to be followed, as the like-named option in
.Xr ls 1
@@ -413,12 +414,6 @@ will be distributed periodically.
The order of entries in the magic file is significant.
Depending on what system you are using, the order that
they are put together may be incorrect.
-If your old
-.Nm
-command uses a magic file,
-keep the old magic file around for comparison purposes
-(rename it to
-.Pa __MAGIC__.orig ).
.Sh EXAMPLES
.Bd -literal -offset indent
$ file file.c file /dev/{wd0a,hda}
@@ -586,9 +581,19 @@ This program is slower than some vendors' file commands.
The new support for multiple character codes makes it even slower.
.Pp
This manual page, and particularly this section, is too long.
+.Sh RETURN CODE
+.Nm
+almost always returns 0. It returns a different if it cannot open a file.
.Sh AVAILABILITY
You can obtain the original author's latest version by anonymous FTP
on
.Dv ftp.astron.com
in the directory
.Dv /pub/file/file-X.YZ.tar.gz
+.Pp
+This
+.Nm
+version adds a number of new magix entries.
+It can be obtained from
+.Dv git://git.altlinux.org/people/ldv/packages/file.git
+and its mirrors.
diff --git a/doc/magic.man b/doc/magic.man
index 908c61f..8ce34d8 100644
--- a/doc/magic.man
+++ b/doc/magic.man
@@ -65,7 +65,7 @@ Finally the
.Dq c
flag, specifies case insensitive matching: lowercase
characters in the magic match both lower and upper case characters in the
-targer, whereas upper case characters in the magic, only much uppercase
+target, whereas upper case characters in the magic, only much uppercase
characters in the target.
.It Dv pstring
A pascal style string where the first byte is interpreted as the an
diff --git a/magic/Header b/magic/Header
index 3ca9b0e..8bda86f 100644
--- a/magic/Header
+++ b/magic/Header
@@ -1,5 +1,5 @@
-# Magic
# Magic data for file(1) command.
-# Machine-generated from src/cmd/file/magdir/*; edit there only!
-# Format is described in magic(files), where:
-# files is 5 on V7 and BSD, 4 on SV, and ?? in the SVID.
+# Format is described in magic(5).
+# Don't edit this file, edit /etc/magic or send your suggested inclusions to
+# this file as a wishlist bug against file (using the reportbug utility).
+
diff --git a/magic/Magdir/animation b/magic/Magdir/animation
index b2cdd74..8369cdd 100644
--- a/magic/Magdir/animation
+++ b/magic/Magdir/animation
@@ -322,8 +322,8 @@
# MPA, M1A
# updated by Joerg Jenderek
# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448
-0 beshort&0xFFFE 0xFFFE
->2 ubyte&0xF0 >0x0F
+0 beshort&0xFFFE 0xFFFE
+>2 ubyte&0xF0 >0x0F
>>2 ubyte&0xF0 <0xE1 MPEG ADTS, layer I, v1
# rate
>>>2 byte&0xF0 0x10 \b, 32 kBits
@@ -640,13 +640,23 @@
0 belong 0x3026b275 Microsoft ASF
# MNG Video Format,
+# 0x8a M N G 0x0d 0x0a 0x1a 0x0a [4-byte pad]
+# M H D R [4-byte width][4-byte height][4-byte ticks][4-byte layers]
+# [4-byte frame][4-byte time][4-byte profile]
0 string \x8aMNG MNG video data,
>4 belong !0x0d0a1a0a CORRUPTED,
>4 belong 0x0d0a1a0a
>>16 belong x %ld x
->>20 belong x %ld
+>>20 belong x %ld,
+>>24 belong x %ld tps,
+>>28 belong x %ld layers,
+>>32 belong x %ld frames,
+>>36 belong x %ld time,
+>>40 belong x profile = %ld
# JNG Video Format,
+# 0x8b J N G 0x0d 0x0a 0x1a 0x0a [4-byte pad]
+# J H D R [4-byte width][4-byte height]
0 string \x8bJNG JNG video data,
>4 belong !0x0d0a1a0a CORRUPTED,
>4 belong 0x0d0a1a0a
diff --git a/magic/Magdir/archive b/magic/Magdir/archive
index ed75127..1de4879 100644
--- a/magic/Magdir/archive
+++ b/magic/Magdir/archive
@@ -146,84 +146,84 @@
# probably many can be enhanced by finding some 0-byte or control char near the start
# idarc calls this Crush/Uncompressed... *shrug*
-0 string CRUSH Crush archive data
+#0 string CRUSH Crush archive data
# Squeeze It (.sqz)
-0 string HLSQZ Squeeze It archive data
+#0 string HLSQZ Squeeze It archive data
# SQWEZ
-0 string SQWEZ SQWEZ archive data
+#0 string SQWEZ SQWEZ archive data
# HPack (.hpk)
-0 string HPAK HPack archive data
+#0 string HPAK HPack archive data
# HAP
-0 string \x91\x33HF HAP archive data
+#0 string \x91\x33HF HAP archive data
# MD/MDCD
-0 string MDmd MDCD archive data
+#0 string MDmd MDCD archive data
# LIM
-0 string LIM\x1a LIM archive data
+#0 string LIM\x1a LIM archive data
# SAR
-3 string LH5 SAR archive data
+#3 string LH5 SAR archive data
# BSArc/BS2
-0 string \212\3SB \0 BSArc/BS2 archive data
+#0 string \212\3SB \0 BSArc/BS2 archive data
# MAR
-2 string =-ah MAR archive data
+#2 string =-ah MAR archive data
# ACB
-0 belong&0x00f800ff 0x00800000 ACB archive data
+#0 belong&0x00f800ff 0x00800000 ACB archive data
# CPZ
# TODO, this is what idarc says: 0 string \0\0\0 CPZ archive data
# JRC
-0 string JRchive JRC archive data
+#0 string JRchive JRC archive data
# Quantum
-0 string DS\0 Quantum archive data
+#0 string DS\0 Quantum archive data
# ReSOF
-0 string PK\3\6 ReSOF archive data
+#0 string PK\3\6 ReSOF archive data
# QuArk
-0 string 7\4 QuArk archive data
+#0 string 7\4 QuArk archive data
# YAC
-14 string YC YAC archive data
+#14 string YC YAC archive data
# X1
-0 string X1 X1 archive data
-0 string XhDr X1 archive data
+#0 string X1 X1 archive data
+#0 string XhDr X1 archive data
# CDC Codec (.dqt)
-0 belong&0xffffe000 0x76ff2000 CDC Codec archive data
+#0 belong&0xffffe000 0x76ff2000 CDC Codec archive data
# AMGC
-0 string \xad6" AMGC archive data
+#0 string \xad6" AMGC archive data
# NuLIB
-0 string NõFélå NuLIB archive data
+#0 string NõFélå NuLIB archive data
# PakLeo
-0 string LEOLZW PAKLeo archive data
+#0 string LEOLZW PAKLeo archive data
# ChArc
-0 string SChF ChArc archive data
+#0 string SChF ChArc archive data
# PSA
-0 string PSA PSA archive data
+#0 string PSA PSA archive data
# CrossePAC
-0 string DSIGDCC CrossePAC archive data
+#0 string DSIGDCC CrossePAC archive data
# Freeze
-0 string \x1f\x9f\x4a\x10\x0a Freeze archive data
+#0 string \x1f\x9f\x4a\x10\x0a Freeze archive data
# KBoom
-0 string ¨MP¨ KBoom archive data
+#0 string ¨MP¨ KBoom archive data
# NSQ, must go after CDC Codec
-0 string \x76\xff NSQ archive data
+#0 string \x76\xff NSQ archive data
# DPA
-0 string Dirk\ Paehl DPA archive data
+#0 string Dirk\ Paehl DPA archive data
# BA
# TODO: idarc says "bytes 0-2 == bytes 3-5"
# TTComp
-0 string \0\6 TTComp archive data
+#0 string \0\6 TTComp archive data
# ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation?
-0 string ESP ESP archive data
+#0 string ESP ESP archive data
# ZPack
0 string \1ZPK\1 ZPack archive data
# Sky
-0 string \xbc\x40 Sky archive data
+#0 string \xbc\x40 Sky archive data
# UFA
-0 string UFA UFA archive data
+#0 string UFA UFA archive data
# Dry
-0 string =-H2O DRY archive data
+#0 string =-H2O DRY archive data
# FoxSQZ
-0 string FOXSQZ FoxSQZ archive data
+#0 string FOXSQZ FoxSQZ archive data
# AR7
-0 string ,AR7 AR7 archive data
+#0 string ,AR7 AR7 archive data
# PPMZ
-0 string PPMZ PPMZ archive data
+#0 string PPMZ PPMZ archive data
# MS Compress
4 string \x88\xf0\x27 MS Compress archive data
# updated by Joerg Jenderek
@@ -237,32 +237,32 @@
# MP3 (archiver, not lossy audio compression)
0 string MP3\x1a MP3-Archiver archive data
# ZET
-0 string OZÝ ZET archive data
+#0 string OZÝ ZET archive data
# TSComp
0 string \x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data
# ARQ
0 string gW\4\1 ARQ archive data
# Squash
-3 string OctSqu Squash archive data
+#3 string OctSqu Squash archive data
# Terse
0 string \5\1\1\0 Terse archive data
# PUCrunch
0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 PUCrunch archive data
# UHarc
-0 string UHA UHarc archive data
+#0 string UHA UHarc archive data
# ABComp
-0 string \2AB ABComp archive data
-0 string \3AB2 ABComp archive data
+#0 string \2AB ABComp archive data
+#0 string \3AB2 ABComp archive data
# CMP
-0 string CO\0 CMP archive data
+#0 string CO\0 CMP archive data
# Splint
-0 string \x93\xb9\x06 Splint archive data
+#0 string \x93\xb9\x06 Splint archive data
# InstallShield
0 string \x13\x5d\x65\x8c InstallShield Z archive Data
# Gather
-1 string GTH Gather archive data
+#1 string GTH Gather archive data
# BOA
-0 string BOA BOA archive data
+#0 string BOA BOA archive data
# RAX
0 string ULEB\xa RAX archive data
# Xtreme
@@ -270,22 +270,22 @@
# Pack Magic
0 string @â\1\0 Pack Magic archive data
# BTS
-0 belong&0xfeffffff 0x1a034465 BTS archive data
+#0 belong&0xfeffffff 0x1a034465 BTS archive data
# ELI 5750
-0 string Ora\ ELI 5750 archive data
+#0 string Ora\ ELI 5750 archive data
# QFC
-0 string \x1aFC\x1a QFC archive data
-0 string \x1aQF\x1a QFC archive data
+#0 string \x1aFC\x1a QFC archive data
+#0 string \x1aQF\x1a QFC archive data
# PRO-PACK
-0 string RNC PRO-PACK archive data
+#0 string RNC PRO-PACK archive data
# 777
-0 string 777 777 archive data
+#0 string 777 777 archive data
# LZS221
-0 string sTaC LZS221 archive data
+#0 string sTaC LZS221 archive data
# HPA
-0 string HPA HPA archive data
+#0 string HPA HPA archive data
# Arhangel
-0 string LG Arhangel archive data
+#0 string LG Arhangel archive data
# EXP1, uses bzip2
0 string 0123456789012345BZh EXP1 archive data
# IMP
@@ -293,25 +293,25 @@
# NRV
0 string \x00\x9E\x6E\x72\x76\xFF NRV archive data
# Squish
-0 string \x73\xb2\x90\xf4 Squish archive data
+#0 string \x73\xb2\x90\xf4 Squish archive data
# Par
-0 string PHILIPP Par archive data
-0 string PAR Par archive data
+#0 string PHILIPP Par archive data
+#0 string PAR Par archive data
# HIT
-0 string UB HIT archive data
+#0 string UB HIT archive data
# SBX
-0 belong&0xfffff000 0x53423000 SBX archive data
+#0 belong&0xfffff000 0x53423000 SBX archive data
# NaShrink
-0 string NSK NaShrink archive data
+#0 string NSK NaShrink archive data
# SAPCAR
0 string #\ CAR\ archive\ header SAPCAR archive data
0 string CAR\ 2.00RG SAPCAR archive data
# Disintegrator
-0 string DST Disintegrator archive data
+#0 string DST Disintegrator archive data
# ASD
-0 string ASD ASD archive data
+#0 string ASD ASD archive data
# InstallShield CAB
-0 string ISc( InstallShield CAB
+#0 string ISc( InstallShield CAB
# TOP4
0 string T4\x1a TOP4 archive data
# BatComp left out: sig looks like COM executable
@@ -319,32 +319,32 @@
# BlakHole
0 string BH\5\7 BlakHole archive data
# BIX
-0 string BIX0 BIX archive data
+#0 string BIX0 BIX archive data
# ChiefLZA
-0 string ChfLZ ChiefLZA archive data
+#0 string ChfLZ ChiefLZA archive data
# Blink
-0 string Blink Blink archive data
+#0 string Blink Blink archive data
# Logitech Compress
-0 string \xda\xfa Logitech Compress archive data
+#0 string \xda\xfa Logitech Compress archive data
# ARS-Sfx (FIXME: really a SFX? then goto COM/EXE)
-1 string (C)\ STEPANYUK ARS-Sfx archive data
+#1 string (C)\ STEPANYUK ARS-Sfx archive data
# AKT/AKT32
-0 string AKT32 AKT32 archive data
-0 string AKT AKT archive data
+#0 string AKT32 AKT32 archive data
+#0 string AKT AKT archive data
# NPack
-0 string MSTSM NPack archive data
+#0 string MSTSM NPack archive data
# PFT
0 string \0\x50\0\x14 PFT archive data
# SemOne
-0 string SEM SemOne archive data
+#0 string SEM SemOne archive data
# PPMD
0 string \x8f\xaf\xac\x84 PPMD archive data
# FIZ
-0 string FIZ FIZ archive data
+#0 string FIZ FIZ archive data
# MSXiE
0 belong&0xfffff0f0 0x4d530000 MSXiE archive data
# DeepFreezer
-0 belong&0xfffffff0 0x797a3030 DeepFreezer archive data
+#0 belong&0xfffffff0 0x797a3030 DeepFreezer archive data
# DC
0 string =2 byte x \b, version %i
->3 byte x \b.%i
+#0 string DZ Dzip archive data
+#>2 byte x \b, version %i
+#>3 byte x \b.%i
# ZZip archiver (.zz)
0 string ZZ\ \0\0 ZZip archive data
-0 string ZZ0 ZZip archive data
+#0 string ZZ0 ZZip archive data
# PAQ archiver (.paq)
0 string \xaa\x40\x5f\x77\x1f\xe5\x82\x0d PAQ archive data
-0 string PAQ PAQ archive data
->3 byte&0xf0 0x30
->>3 byte x (v%c)
+#0 string PAQ PAQ archive data
+#>3 byte&0xf0 0x30
+#>>3 byte x (v%c)
# JAR archiver (.j), this is the successor to ARJ, not Java's JAR (which is essentially ZIP)
0xe string \x1aJar\x1b JAR (ARJ Software, Inc.) archive data
0 string JARCS JAR (ARJ Software, Inc.) archive data
@@ -452,7 +452,7 @@
>7 byte 9 os: VAX/VMS
>3 byte >0 %d]
# [JW] idarc says this is also possible
-2 leshort 0xea60 ARJ archive data
+#2 leshort 0xea60 ARJ archive data
# HA archiver (Greg Roelofs, newt@uchicago.edu)
# This is a really bad format. A file containing HAWAII will match this...
diff --git a/magic/Magdir/audio b/magic/Magdir/audio
index 0c804e7..c389b87 100644
--- a/magic/Magdir/audio
+++ b/magic/Magdir/audio
@@ -110,8 +110,8 @@
#0 string FAR Module sound data
#>4 string >\15 Title: "%s"
-0x2c string SCRM ScreamTracker III Module sound data
->0 string >\0 Title: "%s"
+#0x2c string SCRM ScreamTracker III Module sound data
+#>0 string >\0 Title: "%s"
# Gravis UltraSound patches
# From
@@ -222,8 +222,8 @@
0 string _SGI_SoundTrack SGI SoundTrack project file
# ID3 version 2 tags
0 string ID3 Audio file with ID3 version 2
->3 ubyte <0xff \b%d.
->4 ubyte <0xff \b%d tag
+>3 ubyte <0xff \b.%d
+>>4 ubyte <0xff \b.%d tag
>2584 string fLaC \b, FLAC encoding
>>2588 byte&0x7f >0 \b, unknown version
>>2588 byte&0x7f 0 \b
@@ -458,7 +458,7 @@
# From Gürkan Sengün , http://www.linuks.mine.nu
0 string RAWADATA RdosPlay RAW
-1068 string RoR AMUSIC Adlib Tracker
+#1068 string RoR AMUSIC Adlib Tracker
0 string JCH EdLib
@@ -482,7 +482,7 @@
>15 byte =0 lossy,
>16 byte x mid-side
-384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones)
+#384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones)
# format VQF (proprietary codec for sound)
# some infos on the header file available at :
diff --git a/magic/Magdir/commands b/magic/Magdir/commands
index 288d3cd..bdbcb21 100644
--- a/magic/Magdir/commands
+++ b/magic/Magdir/commands
@@ -28,7 +28,7 @@
0 string/b #!\ /bin/awk awk script text executable
0 string/b #!\ /usr/bin/awk awk script text executable
# update to distinguish from *.vcf files
-0 regex BEGIN[[:space:]]*[{] awk script text
+#0 regex BEGIN[[:space:]]*[{] awk script text
# AT&T Bell Labs' Plan 9 shell
0 string/b #!\ /bin/rc Plan 9 rc shell script text executable
diff --git a/magic/Magdir/compress b/magic/Magdir/compress
index e9be46b..9871e86 100644
--- a/magic/Magdir/compress
+++ b/magic/Magdir/compress
@@ -101,18 +101,18 @@
# bzip a block-sorting file compressor
# by Julian Seward and others
-#
-0 string BZ bzip compressed data
->2 byte x \b, version: %c
->3 string =1 \b, compression block size 100k
->3 string =2 \b, compression block size 200k
->3 string =3 \b, compression block size 300k
->3 string =4 \b, compression block size 400k
->3 string =5 \b, compression block size 500k
->3 string =6 \b, compression block size 600k
->3 string =7 \b, compression block size 700k
->3 string =8 \b, compression block size 800k
->3 string =9 \b, compression block size 900k
+# Disabled because it is too weak (MPi)
+#0 string BZ bzip compressed data
+#>2 byte x \b, version: %c
+#>3 string =1 \b, compression block size 100k
+#>3 string =2 \b, compression block size 200k
+#>3 string =3 \b, compression block size 300k
+#>3 string =4 \b, compression block size 400k
+#>3 string =5 \b, compression block size 500k
+#>3 string =6 \b, compression block size 600k
+#>3 string =7 \b, compression block size 700k
+#>3 string =8 \b, compression block size 800k
+#>3 string =9 \b, compression block size 900k
# lzop from
0 string \x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a lzop compressed data
diff --git a/magic/Magdir/cracklib b/magic/Magdir/cracklib
index 8f7e0d4..a1a5a27 100644
--- a/magic/Magdir/cracklib
+++ b/magic/Magdir/cracklib
@@ -9,5 +9,5 @@
0 belong 0x70775631 Cracklib password index, big endian
>4 belong >-1 (%i words)
# really bellong 0x0000000070775631
-4 belong 0x70775631 Cracklib password index, big endian ("64-bit")
+0 search/1 \0\0\0\0pwV1 Cracklib password index, big endian ("64-bit")
>12 belong >0 (%i words)
diff --git a/magic/Magdir/elf b/magic/Magdir/elf
index cf91132..3a0c555 100644
--- a/magic/Magdir/elf
+++ b/magic/Magdir/elf
@@ -51,7 +51,7 @@
>>>>36 lelong&0xf0000000 0x20000000 MIPS-III
>>>>36 lelong&0xf0000000 0x30000000 MIPS-IV
>>>>36 lelong&0xf0000000 0x40000000 MIPS-V
->>>>36 lelong&0xf0000000 0x60000000 MIPS32
+>>>>36 lelong&0xf0000000 0x5fffffff MIPS32
>>>>36 lelong&0xf0000000 0x70000000 MIPS64
>>>>36 lelong&0xf0000000 0x80000000 MIPS32 rel2
>>>>36 lelong&0xf0000000 0x90000000 MIPS64 rel2
diff --git a/magic/Magdir/fsav b/magic/Magdir/fsav
index 4d61beb..b647225 100644
--- a/magic/Magdir/fsav
+++ b/magic/Magdir/fsav
@@ -54,7 +54,5 @@
>>>>>>>>37 string x \b%-.1s
>>>>>>>>>38 string !:
>>>>>>>>>>38 string x \b%-.1s
->>>>512 string \037\213 \b, gzipped
->>>>769 string ustar\0 \b, tared
>512 string \037\213 \b, gzipped
>769 string ustar\0 \b, tared
diff --git a/magic/Magdir/hp b/magic/Magdir/hp
index 052f09a..196b311 100644
--- a/magic/Magdir/hp
+++ b/magic/Magdir/hp
@@ -203,33 +203,36 @@
>8 long >0 %d messages
# addendum to /etc/magic with HP-48sx file-types by phk@data.fls.dk 1jan92
-0 string HPHP48- HP48 binary
->7 byte >0 - Rev %c
->8 beshort 0x1129 (ADR)
->8 beshort 0x3329 (REAL)
->8 beshort 0x5529 (LREAL)
->8 beshort 0x7729 (COMPLX)
->8 beshort 0x9d29 (LCOMPLX)
->8 beshort 0xbf29 (CHAR)
->8 beshort 0xe829 (ARRAY)
->8 beshort 0x0a2a (LNKARRAY)
->8 beshort 0x2c2a (STRING)
->8 beshort 0x4e2a (HXS)
->8 beshort 0x742a (LIST)
->8 beshort 0x962a (DIR)
->8 beshort 0xb82a (ALG)
->8 beshort 0xda2a (UNIT)
->8 beshort 0xfc2a (TAGGED)
->8 beshort 0x1e2b (GROB)
->8 beshort 0x402b (LIB)
->8 beshort 0x622b (BACKUP)
->8 beshort 0x882b (LIBDATA)
->8 beshort 0x9d2d (PROG)
->8 beshort 0xcc2d (CODE)
->8 beshort 0x482e (GNAME)
->8 beshort 0x6d2e (LNAME)
->8 beshort 0x922e (XLIB)
-0 string %%HP: HP48 text
+0 string HPHP4 HP
+>5 string 8 48 binary
+>5 string 9 49 binary
+>7 byte >64 - Rev %c
+>8 leshort 0x2911 (ADR)
+>8 leshort 0x2933 (REAL)
+>8 leshort 0x2955 (LREAL)
+>8 leshort 0x2977 (COMPLX)
+>8 leshort 0x299d (LCOMPLX)
+>8 leshort 0x29bf (CHAR)
+>8 leshort 0x29e8 (ARRAY)
+>8 leshort 0x2a0a (LNKARRAY)
+>8 leshort 0x2a2c (STRING)
+>8 leshort 0x2a4e (HXS)
+>8 leshort 0x2a74 (LIST)
+>8 leshort 0x2a96 (DIR)
+>8 leshort 0x2ab8 (ALG)
+>8 leshort 0x2ada (UNIT)
+>8 leshort 0x2afc (TAGGED)
+>8 leshort 0x2b1e (GROB)
+>8 leshort 0x2b40 (LIB)
+>8 leshort 0x2b62 (BACKUP)
+>8 leshort 0x2b88 (LIBDATA)
+>8 leshort 0x2d9d (PROG)
+>8 leshort 0x2dcc (CODE)
+>8 leshort 0x2e48 (GNAME)
+>8 leshort 0x2e6d (LNAME)
+>8 leshort 0x2e92 (XLIB)
+
+0 string %%HP: HP text
>6 string T(0) - T(0)
>6 string T(1) - T(1)
>6 string T(2) - T(2)
@@ -240,6 +243,23 @@
>14 string F(.) F(.);
>14 string F(,) F(,);
+0 string HP3 HP
+>3 string 8 38
+>3 string 9 39
+>4 string Bin binary
+>4 string Asc ASCII
+>7 string A (Directory List)
+>7 string B (Zaplet)
+>7 string C (Note)
+>7 string D (Program)
+>7 string E (Variable)
+>7 string F (List)
+>7 string G (Matrix)
+>7 string H (Library)
+>7 string I (Target List)
+>7 string J (ASCII Vector specification)
+>7 string K (wildcard)
+
# hpBSD magic numbers
0 beshort 200 hp200 (68010) BSD
>2 beshort 0407 impure binary
@@ -390,6 +410,3 @@
>>>>>>>>>0xC4 belong 33 - received SIGXCPU
>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
-# From: AMAKAWA Shuhei
-0 string HPHP49- HP49 binary
-
diff --git a/magic/Magdir/images b/magic/Magdir/images
index f04ccdb..ca8d1a6 100644
--- a/magic/Magdir/images
+++ b/magic/Magdir/images
@@ -490,11 +490,11 @@
# Bio-Rad .PIC is an image format used by microscope control systems
# and related image processing software used by biologists.
# From: Vebjorn Ljosa
-54 leshort 12345 Bio-Rad .PIC Image File
->0 leshort >0 %hd x
->2 leshort >0 %hd,
->4 leshort =1 1 image in file
->4 leshort >1 %hd images in file
+#54 leshort 12345 Bio-Rad .PIC Image File
+#>0 leshort >0 %hd x
+#>2 leshort >0 %hd,
+#>4 leshort =1 1 image in file
+#>4 leshort >1 %hd images in file
# From Jan "Yenya" Kasprzak
# The description of *.mrw format can be found at
diff --git a/magic/Magdir/linux b/magic/Magdir/linux
index fc0c42d..09119af 100644
--- a/magic/Magdir/linux
+++ b/magic/Magdir/linux
@@ -187,14 +187,6 @@
0 string OOOM User-Mode-Linux's Copy-On-Write disk image
>4 belong x version %d
-# SE Linux policy database
-# From: Mike Frysinger
-0 lelong 0xf97cff8c SE Linux policy
->16 lelong x v%d
->20 lelong 1 MLS
->24 lelong x %d symbols
->28 lelong x %d ocons
-
# Linux Logical Volume Manager (LVM)
# Emmanuel VARAGNAT
#
@@ -230,9 +222,8 @@
0x618 string LVM2\ 001 LVM2 (Linux Logical Volume Manager)
>(0x614.l+0x600) string >\0 , UUID: %s
-# SE Linux policy database
-0 lelong 0xf97cff8c SE Linux policy
->16 lelong x v%d
->20 lelong 1 MLS
->24 lelong x %d symbols
->28 lelong x %d ocons
+# File magic for Xen, the virtual machine monitor for x86
+0 string LinuxGuestRecord Xen saved domain
+#>2 regex \(name\ [^)]*\) %s
+>20 search/256 (name (name
+>>&1 string x %s...)
diff --git a/magic/Magdir/macintosh b/magic/Magdir/macintosh
index 5d96376..9510748 100644
--- a/magic/Magdir/macintosh
+++ b/magic/Magdir/macintosh
@@ -267,14 +267,15 @@
# Alternatively, the boot block is supposed to be zeroed if it's
# unused, so a simply >0 should suffice.
-0x400 beshort 0xD2D7 Macintosh MFS data
->0 beshort 0x4C4B (bootable)
->0x40a beshort &0x8000 (locked)
->0x402 beldate-0x7C25B080 x created: %s,
->0x406 beldate-0x7C25B080 >0 last backup: %s,
->0x414 belong x block size: %d,
->0x412 beshort x number of blocks: %d,
->0x424 pstring x volume name: %s
+# disabled due to false positives (ldv)
+#0x400 beshort 0xD2D7 Macintosh MFS data
+#>0 beshort 0x4C4B (bootable)
+#>0x40a beshort &0x8000 (locked)
+#>0x402 beldate-0x7C25B080 x created: %s,
+#>0x406 beldate-0x7C25B080 >0 last backup: %s,
+#>0x414 belong x block size: %d,
+#>0x412 beshort x number of blocks: %d,
+#>0x424 pstring x volume name: %s
# "BD" is has many false positives
#0x400 beshort 0x4244 Macintosh HFS data
@@ -291,24 +292,25 @@
#>0x412 beshort x number of blocks: %d,
#>0x424 pstring x volume name: %s
-0x400 beshort 0x482B Macintosh HFS Extended
->&0 beshort x version %d data
->0 beshort 0x4C4B (bootable)
->0x404 belong ^0x00000100 (mounted)
->&2 belong &0x00000200 (spared blocks)
->&2 belong &0x00000800 (unclean)
->&2 belong &0x00008000 (locked)
->&6 string x last mounted by: '%.4s',
+# disabled due to false positives (ldv)
+#0x400 beshort 0x482B Macintosh HFS Extended
+#>&0 beshort x version %d data
+#>0 beshort 0x4C4B (bootable)
+#>0x404 belong ^0x00000100 (mounted)
+#>&2 belong &0x00000200 (spared blocks)
+#>&2 belong &0x00000800 (unclean)
+#>&2 belong &0x00008000 (locked)
+#>&6 string x last mounted by: '%.4s',
# really, that should be treated as a belong and we print a string
# based on the value. TN1150 only mentions '8.10' for "MacOS 8.1"
>&14 beldate-0x7C25B080 x created: %s,
# only the creation date is local time, all other timestamps in HFS+ are UTC.
->&18 bedate-0x7C25B080 x last modified: %s,
->&22 bedate-0x7C25B080 >0 last backup: %s,
->&26 bedate-0x7C25B080 >0 last checked: %s,
->&38 belong x block size: %d,
->&42 belong x number of blocks: %d,
->&46 belong x free blocks: %d
+#>&18 bedate-0x7C25B080 x last modified: %s,
+#>&22 bedate-0x7C25B080 >0 last backup: %s,
+#>&26 bedate-0x7C25B080 >0 last checked: %s,
+#>&38 belong x block size: %d,
+#>&42 belong x number of blocks: %d,
+#>&46 belong x free blocks: %d
# I don't think this is really necessary since it doesn't do much and
# anything with a valid driver descriptor will also have a valid
@@ -320,41 +322,42 @@
# shorter than 32 bytes must be terminated with NULL" so I'll treat it as a
# cstring. Of course, partitions can contain more than four entries, but
# what're you gonna do?
-0x200 beshort 0x504D Apple Partition data
->0x2 beshort x block size: %d,
->0x230 string x first type: %s,
->0x210 string x name: %s,
->0x254 belong x number of blocks: %d,
->0x400 beshort 0x504D
->>0x430 string x second type: %s,
->>0x410 string x name: %s,
->>0x454 belong x number of blocks: %d,
->>0x800 beshort 0x504D
->>>0x830 string x third type: %s,
->>>0x810 string x name: %s,
->>>0x854 belong x number of blocks: %d,
->>>0xa00 beshort 0x504D
->>>>0xa30 string x fourth type: %s,
->>>>0xa10 string x name: %s,
->>>>0xa54 belong x number of blocks: %d
-# AFAIK, only the signature is different
-0x200 beshort 0x5453 Apple Old Partition data
->0x2 beshort x block size: %d,
->0x230 string x first type: %s,
->0x210 string x name: %s,
->0x254 belong x number of blocks: %d,
->0x400 beshort 0x504D
->>0x430 string x second type: %s,
->>0x410 string x name: %s,
->>0x454 belong x number of blocks: %d,
->>0x800 beshort 0x504D
->>>0x830 string x third type: %s,
->>>0x810 string x name: %s,
->>>0x854 belong x number of blocks: %d,
->>>0xa00 beshort 0x504D
->>>>0xa30 string x fourth type: %s,
->>>>0xa10 string x name: %s,
->>>>0xa54 belong x number of blocks: %d
+# disabled due to false positives (ldv)
+#0x200 beshort 0x504D Apple Partition data
+#>0x2 beshort x block size: %d,
+#>0x230 string x first type: %s,
+#>0x210 string x name: %s,
+#>0x254 belong x number of blocks: %d,
+#>0x400 beshort 0x504D
+#>>0x430 string x second type: %s,
+#>>0x410 string x name: %s,
+#>>0x454 belong x number of blocks: %d,
+#>>0x800 beshort 0x504D
+#>>>0x830 string x third type: %s,
+#>>>0x810 string x name: %s,
+#>>>0x854 belong x number of blocks: %d,
+#>>>0xa00 beshort 0x504D
+#>>>>0xa30 string x fourth type: %s,
+#>>>>0xa10 string x name: %s,
+#>>>>0xa54 belong x number of blocks: %d
+## AFAIK, only the signature is different
+#0x200 beshort 0x5453 Apple Old Partition data
+#>0x2 beshort x block size: %d,
+#>0x230 string x first type: %s,
+#>0x210 string x name: %s,
+#>0x254 belong x number of blocks: %d,
+#>0x400 beshort 0x504D
+#>>0x430 string x second type: %s,
+#>>0x410 string x name: %s,
+#>>0x454 belong x number of blocks: %d,
+#>>0x800 beshort 0x504D
+#>>>0x830 string x third type: %s,
+#>>>0x810 string x name: %s,
+#>>>0x854 belong x number of blocks: %d,
+#>>>0xa00 beshort 0x504D
+#>>>>0xa30 string x fourth type: %s,
+#>>>>0xa10 string x name: %s,
+#>>>>0xa54 belong x number of blocks: %d
# From: Remi Mommsen
0 string BOMStore Mac OS X bill of materials (BOM) fil
diff --git a/magic/Magdir/mcrypt b/magic/Magdir/mcrypt
index e862f59..b5145d6 100644
--- a/magic/Magdir/mcrypt
+++ b/magic/Magdir/mcrypt
@@ -1,13 +1,17 @@
#------------------------------------------------------------------------------
# Mavroyanopoulos Nikos
-# mcrypt: file(1) magic for mcrypt 2.2.x;
+# mcrypt: file(1) magic for mcrypt 2.5;
0 string \0m\3 mcrypt 2.5 encrypted data,
>4 string >\0 algorithm: %s,
>>&1 leshort >0 keysize: %d bytes,
>>>&0 string >\0 mode: %s,
+>>>>&1 string >\0 key generator: %s
+#end mcrypt 2.5
+#------------------------------------------------------------------------------
+# mcrypt: file(1) magic for mcrypt 2.2;
0 string \0m\2 mcrypt 2.2 encrypted data,
->3 byte 0 algorithm: blowfish-448,
+>3 byte 0 algorithm: BLOWFISH-448,
>3 byte 1 algorithm: DES,
>3 byte 2 algorithm: 3DES,
>3 byte 3 algorithm: 3-WAY,
@@ -17,20 +21,62 @@
>3 byte 8 algorithm: CAST-128,
>3 byte 9 algorithm: xTEA,
>3 byte 10 algorithm: TWOFISH-128,
->3 byte 11 algorithm: RC2,
+>3 byte 11 algorithm: RC2-1024,
>3 byte 12 algorithm: TWOFISH-192,
>3 byte 13 algorithm: TWOFISH-256,
->3 byte 14 algorithm: blowfish-128,
->3 byte 15 algorithm: blowfish-192,
->3 byte 16 algorithm: blowfish-256,
->3 byte 100 algorithm: RC6,
+>3 byte 14 algorithm: BLOWFISH-128,
+>3 byte 15 algorithm: BLOWFISH-192,
+>3 byte 16 algorithm: BLOWFISH-256,
+>3 byte 17 algorithm: CAST-256,
+>3 byte 18 algorithm: SAFER+,
+>3 byte 19 algorithm: LOKI97,
+>3 byte 20 algorithm: SERPENT-128,
+>3 byte 21 algorithm: SERPENT-192,
+>3 byte 22 algorithm: SERPENT-256,
+>3 byte 23 algorithm: RIJNDAEL-128,
+>3 byte 24 algorithm: RIJNDAEL-192,
+>3 byte 25 algorithm: RIJNDAEL-256,
+>3 byte 26 algorithm: RC2-256,
+>3 byte 27 algorithm: RC2-128,
+>3 byte 100 algorithm: RC6-256,
>3 byte 101 algorithm: IDEA,
+>3 byte 102 algorithm: RC6-128,
+>3 byte 103 algorithm: RC6-192,
+>3 byte 104 algorithm: RC4,
>4 byte 0 mode: CBC,
>4 byte 1 mode: ECB,
>4 byte 2 mode: CFB,
>4 byte 3 mode: OFB,
>4 byte 4 mode: nOFB,
+>4 byte 5 mode: STREAM,
>5 byte 0 keymode: 8bit
>5 byte 1 keymode: 4bit
>5 byte 2 keymode: SHA-1 hash
>5 byte 3 keymode: MD5 hash
+#end mcrypt 2.2
+
+#------------------------------------------------------------------------------
+# mcrypt: file(1) magic for mcrypt 2.1;
+0 string \0m\0 mcrypt 2.1 encrypted data,
+>3 byte 0 algorithm: BLOWFISH,
+>3 byte 1 algorithm: DES,
+>3 byte 2 algorithm: 3DES,
+>3 byte 3 algorithm: 3-WAY,
+>3 byte 4 algorithm: GOST,
+>3 byte 6 algorithm: SAFER-SK64,
+>3 byte 7 algorithm: SAFER-SK128,
+>3 byte 8 algorithm: CAST-128,
+>3 byte 9 algorithm: xTEA,
+>3 byte 10 algorithm: TWOFISH-128,
+>3 byte 11 algorithm: RC2,
+>3 byte 12 algorithm: TWOFISH-192,
+>3 byte 13 algorithm: TWOFISH-256,
+>3 byte 100 algorithm: RC6,
+>3 byte 101 algorithm: IDEA,
+>4 byte 0 mode: CBC,
+>4 byte 1 mode: ECB,
+>4 byte 2 mode: CFB,
+>4 byte 3 mode: OFB,
+>5 byte 0 keymode: 8bit
+>5 byte 1 keymode: 4bit
+#end mcrypt 2.1
diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos
index 09e0416..64f49ed 100644
--- a/magic/Magdir/msdos
+++ b/magic/Magdir/msdos
@@ -14,8 +14,8 @@
# OS/2 batch files are REXX. the second regex is a bit generic, oh well
# the matched commands seem to be common in REXX and uncommon elsewhere
-100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text
-100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text
+#100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text
+#100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text
0 leshort 0x14c MS Windows COFF Intel 80386 object file
#>4 ledate x stamp %s
@@ -337,7 +337,7 @@
# FIXME: missing diet .com compression
# miscellaneous formats
-0 string LZ MS-DOS executable (built-in)
+#0 string LZ MS-DOS executable (built-in)
#0 byte 0xf0 MS-DOS program library data
#
@@ -407,7 +407,7 @@
>15 string 1.0\ --\ HyperTerminal\ data\ file MS-windows Hyperterminal
# Windows Metafont .WMF
-0 string \327\315\306\232 ms-windows metafont .wmf
+0 string \327\315\306\232\000 ms-windows metafont .wmf
0 string \002\000\011\000 ms-windows metafont .wmf
0 string \001\000\011\000 ms-windows metafont .wmf
@@ -572,24 +572,25 @@
>4 byte =0x30 Offline database
-# Windows Enhanced Metafile (EMF)
-# See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp
-# for further information. Note that "0 lelong 1" should be true i.e.
-# the first double word in the file should be 1. With the extended
-# syntax available by some file commands you could write:
-# 0 lelong 1
-# &40 ulelong 0x464D4520 Windows Enhanced Metafile (EMF) image data
-40 ulelong 0x464D4520 Windows Enhanced Metafile (EMF) image data
->44 ulelong x version 0x%x.
-# If the description has a length greater than zero, it exists and is
-# found at offset (*64).
->64 ulelong >0 Description available at offset 0x%x
->>60 ulelong >0 (length 0x%x)
-# Note it would be better to print out the description, which is found
-# as below. Unfortunately the following only prints out the first couple
-# of characters instead of all the "description length"
-# number of characters -- indicated by the ulelong at offset 60.
->>(64.l) lestring16 >0 Description: %15.15s
+# This is pure ASCII magic, "EMF " at position 40 (MPi)
+## Windows Enhanced Metafile (EMF)
+## See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp
+## for further information. Note that "0 lelong 1" should be true i.e.
+## the first double word in the file should be 1. With the extended
+## syntax available by some file commands you could write:
+## 0 lelong 1
+## &40 ulelong 0x464D4520 Windows Enhanced Metafile (EMF) image data
+#40 ulelong 0x464D4520 Windows Enhanced Metafile (EMF) image data
+#>44 ulelong x version 0x%x.
+## If the description has a length greater than zero, it exists and is
+## found at offset (*64).
+#>64 ulelong >0 Description available at offset 0x%x
+#>>60 ulelong >0 (length 0x%x)
+## Note it would be better to print out the description, which is found
+## as below. Unfortunately the following only prints out the first couple
+## of characters instead of all the "description length"
+## number of characters -- indicated by the ulelong at offset 60.
+#>>(64.l) lestring16 >0 Description: %15.15s
# From: Alex Beregszaszi
0 string COWD VMWare3
diff --git a/magic/Magdir/os400 b/magic/Magdir/os400
index bee3660..fce2e74 100644
--- a/magic/Magdir/os400
+++ b/magic/Magdir/os400
@@ -9,24 +9,24 @@
# so we must search in a somewhat large area for a particular string
# that represents the EBCDIC encoding of 'QSRDSSPC' (save/restore
# descriptor space) preceded by a two byte constant.
-40 string @@@@@@@@
->1089 search/7394 \x19\xDB\xD8\xE2\xD9\xC4\xE2\xE2\xD7\xC3 IBM OS/400 save file data
->>&212 byte 0x01 \b, created with SAVOBJ
->>&212 byte 0x02 \b, created with SAVLIB
->>&212 byte 0x07 \b, created with SAVCFG
->>&212 byte 0x0B \b, created with SAVDLO
->>&213 byte 0x43 \b, at least V5R3 to open
->>&213 byte 0x42 \b, at least V5R2 to open
->>&213 byte 0x41 \b, at least V5R1 to open
->>&213 byte 0x40 \b, at least V4R5 to open
->>&213 byte 0x3F \b, at least V4R4 to open
->>&213 byte 0x3E \b, at least V4R3 to open
->>&213 byte 0x3C \b, at least V4R2 to open
->>&213 byte 0x3D \b, at least V4R1M4 to open
->>&213 byte 0x3B \b, at least V4R1 to open
->>&213 byte 0x3A \b, at least V3R7 to open
->>&213 byte 0x35 \b, at least V3R6 to open
->>&213 byte 0x36 \b, at least V3R2 to open
->>&213 byte 0x34 \b, at least V3R1 to open
->>&213 byte 0x31 \b, at least V3R0M5 to open
->>&213 byte 0x30 \b, at least V2R3 to open
+#40 string @@@@@@@@
+#>1089 search/7394 \x19\xDB\xD8\xE2\xD9\xC4\xE2\xE2\xD7\xC3 IBM OS/400 save file data
+#>>&212 byte 0x01 \b, created with SAVOBJ
+#>>&212 byte 0x02 \b, created with SAVLIB
+#>>&212 byte 0x07 \b, created with SAVCFG
+#>>&212 byte 0x0B \b, created with SAVDLO
+#>>&213 byte 0x43 \b, at least V5R3 to open
+#>>&213 byte 0x42 \b, at least V5R2 to open
+#>>&213 byte 0x41 \b, at least V5R1 to open
+#>>&213 byte 0x40 \b, at least V4R5 to open
+#>>&213 byte 0x3F \b, at least V4R4 to open
+#>>&213 byte 0x3E \b, at least V4R3 to open
+#>>&213 byte 0x3C \b, at least V4R2 to open
+#>>&213 byte 0x3D \b, at least V4R1M4 to open
+#>>&213 byte 0x3B \b, at least V4R1 to open
+#>>&213 byte 0x3A \b, at least V3R7 to open
+#>>&213 byte 0x35 \b, at least V3R6 to open
+#>>&213 byte 0x36 \b, at least V3R2 to open
+#>>&213 byte 0x34 \b, at least V3R1 to open
+#>>&213 byte 0x31 \b, at least V3R0M5 to open
+#>>&213 byte 0x30 \b, at least V2R3 to open
diff --git a/magic/Magdir/perl b/magic/Magdir/perl
index a8daee4..81f0415 100644
--- a/magic/Magdir/perl
+++ b/magic/Magdir/perl
@@ -9,8 +9,8 @@
0 string eval\ "exec\ /bin/perl perl script text
0 string/b #!\ /usr/bin/perl perl script text executable
0 string eval\ "exec\ /usr/bin/perl perl script text
-0 string/b #!\ /usr/local/bin/perl perl script text
-0 string eval\ "exec\ /usr/local/bin/perl perl script text executable
+0 string/b #!\ /usr/local/bin/perl perl script text executable
+0 string eval\ "exec\ /usr/local/bin/perl perl script text
0 string eval\ '(exit\ $?0)'\ &&\ eval\ 'exec perl script text
@@ -25,15 +25,14 @@
>>0 regex \^1\ *;|\^(use|sub|my)\ .*[(;{=] Perl5 module source text
-
# Perl POD documents
# From: Tom Hukins
-0 string/B \=pod\n Perl POD document
-0 string/B \n\=pod\n Perl POD document
-0 string/B \=head1\ Perl POD document
-0 string/B \n\=head1\ Perl POD document
-0 string/B \=head2\ Perl POD document
-0 string/B \n\=head2\ Perl POD document
+#0 string/B \=pod\n Perl POD document
+#0 string/B \n\=pod\n Perl POD document
+#0 string/B \=head1\ Perl POD document
+#0 string/B \n\=head1\ Perl POD document
+#0 string/B \=head2\ Perl POD document
+#0 string/B \n\=head2\ Perl POD document
# Perl Storable data files.
0 string perl-store perl Storable(v0.6) data
diff --git a/magic/Magdir/revision b/magic/Magdir/revision
index 36a829b..8b57aa3 100644
--- a/magic/Magdir/revision
+++ b/magic/Magdir/revision
@@ -3,3 +3,9 @@
# file(1) magic for revision control files
# From Hendrik Scholz
0 string /1\ :pserver: cvs password text file
+
+
+# Subversion (SVN) dumps
+# Uwe Zeisberger
+0 string SVN-fs-dump-format-version: Subversion dumpfile
+>28 string >\0 (version: %s)
diff --git a/magic/Magdir/scientific b/magic/Magdir/scientific
index 81beac1..5563204 100644
--- a/magic/Magdir/scientific
+++ b/magic/Magdir/scientific
@@ -16,22 +16,22 @@
# Electron density MAP/MASK formats
0 string EZD_MAP NEWEZD Electron Density Map
-109 string MAP\040( Old EZD Electron Density Map
+#109 string MAP\040( Old EZD Electron Density Map
0 string/c :-)\040Origin BRIX Electron Density Map
>170 string >0 , Sigma:%.12s
#>4 string >0 %.178s
#>4 addr x %.178s
-7 string 18\040!NTITLE XPLOR ASCII Electron Density Map
-9 string \040!NTITLE\012\040REMARK CNS ASCII electron density map
+#7 string 18\040!NTITLE XPLOR ASCII Electron Density Map
+#9 string \040!NTITLE\012\040REMARK CNS ASCII electron density map
-208 string MAP\040 CCP4 Electron Density Map
+#208 string MAP\040 CCP4 Electron Density Map
# Assumes same stamp for float and double (normal case)
->212 byte 17 \b, Big-endian
->212 byte 34 \b, VAX format
->212 byte 68 \b, Little-endian
->212 byte 85 \b, Convex native
+#>212 byte 17 \b, Big-endian
+#>212 byte 34 \b, VAX format
+#>212 byte 68 \b, Little-endian
+#>212 byte 85 \b, Convex native
############################################################
# X-Ray Area Detector images
diff --git a/magic/Makefile.am b/magic/Makefile.am
index c7059c5..4dcee46 100644
--- a/magic/Makefile.am
+++ b/magic/Makefile.am
@@ -28,6 +28,7 @@ magic.mime.mgc: magic.mime
$(FILE_COMPILE) -C -m $(srcdir)/magic.mime
magic_FRAGMENTS = \
+Magdir/rpm \
Magdir/acorn \
Magdir/adi \
Magdir/adventure \
@@ -166,7 +167,6 @@ Magdir/pyramid \
Magdir/python \
Magdir/revision \
Magdir/riff \
-Magdir/rpm \
Magdir/rtf \
Magdir/sc \
Magdir/sccs \
diff --git a/magic/magic.mime b/magic/magic.mime
index cb9bd7c..8f0eb0a 100644
--- a/magic/magic.mime
+++ b/magic/magic.mime
@@ -273,7 +273,7 @@
0 string #!/usr/bin/awk application/x-awk
0 string #!\ /usr/bin/awk application/x-awk
# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
-0 regex BEGIN[[:space:]]*[{] application/x-awk
+#0 regex BEGIN[[:space:]]*[{] application/x-awk
# For Larry Wall's perl language. The ``eval'' line recognizes an
# outrageously clever hack for USG systems.
@@ -298,10 +298,10 @@
# because it tries to uncompress it to figure out what's inside.
# standard unix compress
-0 string \037\235 application/x-compress
+#0 string \037\235 application/x-compress
# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
-0 string \037\213 application/x-gzip
+#0 string \037\213 application/x-gzip
0 string PK\003\004 application/x-zip
@@ -402,16 +402,13 @@
#
# from Daniel Quinlan
#
-0 string \14 byte 12 (OS/2 1.x format)
#>14 byte 64 (OS/2 2.x format)
#>14 byte 40 (Windows 3.x format)
@@ -706,8 +703,10 @@
#------------------------------------------------------------------------------
# Hierarchical Data Format, used to facilitate scientific data exchange
# specifications at http://hdf.ncsa.uiuc.edu/
-0 belong 0x0e031301 Hierarchical Data Format (version 4) data
-0 string \211HDF\r\n\032 Hierarchical Data Format (version 5) data
+#Hierarchical Data Format (version 4) data
+0 belong 0x0e031301 application/x-hdf
+#Hierarchical Data Format (version 5) data
+0 string \211HDF\r\n\032 application/x-hdf
# Adobe Photoshop
0 string 8BPS image/x-photoshop
@@ -777,21 +776,27 @@
# Debian has entries for the old PGP formats:
# pgp: file(1) magic for Pretty Good Privacy
# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
-0 beshort 0x9900 text/PGP key public ring
-0 beshort 0x9501 text/PGP key security ring
-0 beshort 0x9500 text/PGP key security ring
-0 beshort 0xa600 text/PGP encrypted data
-0 string -----BEGIN\040PGP text/PGP armored data
->15 string PUBLIC\040KEY\040BLOCK- public key block
->15 string MESSAGE- message
->15 string SIGNED\040MESSAGE- signed message
->15 string PGP\040SIGNATURE- signature
-0 beshort 0x8501 data
+#text/PGP key public ring
+0 beshort 0x9900 application/pgp
+#text/PGP key security ring
+0 beshort 0x9501 application/pgp
+#text/PGP key security ring
+0 beshort 0x9500 application/pgp
+#text/PGP encrypted data
+0 beshort 0xa600 application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys
+0 string -----BEGIN\ PGP\ MESSAGE- application/pgp
+0 string -----BEGIN\ PGP\ SIGNED\ MESSAGE- application/pgp
+0 string -----BEGIN\ PGP\ SIGNATURE- application/pgp-signature
#
# GnuPG Magic:
#
-0 beshort 0x9901 text/GnuPG key public ring
-0 beshort 0x8501 text/OpenPGP data
+#text/GnuPG key public ring
+0 beshort 0x9901 application/pgp
+#text/OpenPGP data
+0 beshort 0x8501 application/pgp-encrypted
# flash: file(1) magic for Macromedia Flash file format
#
@@ -949,5 +954,10 @@
0 string WordPro\r\373 application/vnd.lotus-wordpro
0 string CPC\262 image/cpi
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39 string =flags & MAGIC_NO_CHECK_TROFF) != 0 && *ubuf == '.') {
+ if ((ms->flags & MAGIC_NO_CHECK_TROFF) == 0 && *ubuf == '.') {
unichar *tp = ubuf + 1;
while (ISSPC(*tp))
@@ -184,7 +184,7 @@ file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
}
}
- if ((ms->flags & MAGIC_NO_CHECK_FORTRAN) &&
+ if ((ms->flags & MAGIC_NO_CHECK_FORTRAN) == 0 &&
(*buf == 'c' || *buf == 'C') && ISSPC(buf[1])) {
subtype_mime = "text/fortran";
subtype = "fortran program";
diff --git a/src/compress.c b/src/compress.c
index 2c378e7..9cf26ef 100644
--- a/src/compress.c
+++ b/src/compress.c
@@ -362,6 +362,7 @@ uncompressbuf(struct magic_set *ms, int fd, size_t method,
const unsigned char *old, unsigned char **newch, size_t n)
{
int fdin[2], fdout[2];
+ pid_t pid1 = -1, pid2 = -1;
int r;
#ifdef HAVE_LIBZ
@@ -375,7 +376,7 @@ uncompressbuf(struct magic_set *ms, int fd, size_t method,
file_error(ms, errno, "cannot create pipe");
return NODATA;
}
- switch (fork()) {
+ switch ((pid1=fork())) {
case 0: /* child */
(void) close(0);
if (fd != -1) {
@@ -416,7 +417,7 @@ uncompressbuf(struct magic_set *ms, int fd, size_t method,
* fork again, to avoid blocking because both
* pipes filled
*/
- switch (fork()) {
+ switch ((pid2=fork())) {
case 0: /* child */
(void)close(fdout[0]);
if (swrite(fdin[1], old, n) != (ssize_t)n) {
@@ -471,12 +472,8 @@ err:
if (fdin[1] != -1)
(void) close(fdin[1]);
(void) close(fdout[0]);
-#ifdef WNOHANG
- while (waitpid(-1, NULL, WNOHANG) != -1)
- continue;
-#else
- (void)wait(NULL);
-#endif
+ waitpid(pid1, NULL, 0);
+ waitpid(pid2, NULL, 0);
return n;
}
}
diff --git a/src/file.c b/src/file.c
index 35d512a..6b6c0be 100644
--- a/src/file.c
+++ b/src/file.c
@@ -138,7 +138,7 @@ main(int argc, char *argv[])
{"brief", 0, 0, 'b'},
{"checking-printout", 0, 0, 'c'},
{"debug", 0, 0, 'd'},
- {"exclude", 0, 0, 'e' },
+ {"exclude", 1, 0, 'e' },
{"files-from", 1, 0, 'f'},
{"separator", 1, 0, 'F'},
{"mime", 0, 0, 'i'},
@@ -351,8 +351,9 @@ main(int argc, char *argv[])
process(argv[optind], wid);
}
+ c = magic->haderr ? 1 : 0;
magic_close(magic);
- return 0;
+ return c;
}
diff --git a/src/fsmagic.c b/src/fsmagic.c
index aa3e509..9e6a0cb 100644
--- a/src/fsmagic.c
+++ b/src/fsmagic.c
@@ -92,7 +92,8 @@ file_fsmagic(struct magic_set *ms, const char *fn, struct stat *sb)
if (file_printf(ms, "cannot open `%s' (%s)",
fn, strerror(errno)) == -1)
return -1;
- return 1;
+ ms->haderr++;
+ return -1;
}
if ((ms->flags & MAGIC_MIME) != 0) {
diff --git a/src/funcs.c b/src/funcs.c
index c5b812a..3ae1b4c 100644
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -26,7 +26,6 @@
*/
#include "file.h"
#include "magic.h"
-#include
#include
#include
#include
@@ -37,6 +36,7 @@
#if defined(HAVE_WCTYPE_H)
#include
#endif
+#include /* for ULONG_MAX */
#ifndef lint
FILE_RCSID("@(#)$File: funcs.c,v 1.28 2007/03/01 22:14:54 christos Exp $")
@@ -219,6 +219,7 @@ file_reset(struct magic_set *ms)
return -1;
}
ms->o.ptr = ms->o.buf;
+ ms->o.left = ms->o.size;
ms->haderr = 0;
ms->error = -1;
return 0;
@@ -246,8 +247,12 @@ file_getbuffer(struct magic_set *ms)
len = ms->o.size - ms->o.left;
/* * 4 is for octal representation, + 1 is for NUL */
+ if (len > (ULONG_MAX - 1) / 4) {
+ file_oomem(ms, ULONG_MAX);
+ return NULL;
+ }
psize = len * 4 + 1;
- assert(psize > len);
+
if (ms->o.psize < psize) {
if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
file_oomem(ms, psize);
diff --git a/src/magic.c b/src/magic.c
index 5047733..16eefe4 100644
--- a/src/magic.c
+++ b/src/magic.c
@@ -86,7 +86,7 @@ magic_open(int flags)
{
struct magic_set *ms;
- if ((ms = malloc(sizeof(struct magic_set))) == NULL)
+ if ((ms = calloc(1, sizeof(struct magic_set))) == NULL)
return NULL;
if (magic_setflags(ms, flags) == -1) {
diff --git a/src/readelf.c b/src/readelf.c
index dd9004b..5051497 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -45,7 +45,7 @@ private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t,
off_t, int *);
#endif
private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t,
- off_t, int *);
+ off_t, int *, int);
private int doshn(struct magic_set *, int, int, int, off_t, int, size_t, int *);
private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int,
int, size_t, int *);
@@ -396,6 +396,14 @@ donote(struct magic_set *ms, unsigned char *nbuf, size_t offset, size_t size,
if (file_printf(ms, "Solaris") == -1)
return size;
break;
+ case GNU_OS_KFREEBSD:
+ if (file_printf(ms, "kFreeBSD") == -1)
+ return size;
+ break;
+ case GNU_OS_KNETBSD:
+ if (file_printf(ms, "kNetBSD") == -1)
+ return size;
+ break;
default:
if (file_printf(ms, "") == -1)
return size;
@@ -785,7 +793,7 @@ doshn(struct magic_set *ms, int class, int swap, int fd, off_t off, int num,
*/
private int
dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
- int num, size_t size, off_t fsize, int *flags)
+ int num, size_t size, off_t fsize, int *flags, int sh_num)
{
Elf32_Phdr ph32;
Elf64_Phdr ph64;
@@ -854,6 +862,19 @@ dophn_exec(struct magic_set *ms, int class, int swap, int fd, off_t off,
return -1;
align = 4;
}
+ /* If we have a section header table, handle note
+ sections just in doshn. Handling them also here
+ means that for executables we print the note content
+ twice and, more importantly, don't handle
+ strip -o created debuginfo files correctly.
+ They have PT_NOTE header, but the actual note
+ content is not present in the debuginfo file,
+ only in the original stripped executable or library.
+ The corresponding .note.* section is SHT_NOBITS
+ rather than SHT_NOTE, so doshn will not look
+ at it. */
+ if (sh_num)
+ break;
/*
* This is a PT_NOTE section; loop through all the notes
* in the section.
@@ -908,6 +929,14 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
int flags = 0;
/*
+ * Return if it is not ELF to avoid unneeded file_pipe2file() call.
+ */
+ if (buf[EI_MAG0] != ELFMAG0
+ || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1)
+ || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3)
+ return 0;
+
+ /*
* If we cannot seek, it must be a pipe, socket or fifo.
*/
if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE))
@@ -925,11 +954,6 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
* Instead we traverse thru all section headers until a symbol table
* one is found or else the binary is stripped.
*/
- if (buf[EI_MAG0] != ELFMAG0
- || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1)
- || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3)
- return 0;
-
class = buf[EI_CLASS];
@@ -960,7 +984,8 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
fd, (off_t)getu32(swap, elfhdr.e_phoff),
getu16(swap, elfhdr.e_phnum),
(size_t)getu16(swap, elfhdr.e_phentsize),
- fsize, &flags)
+ fsize, &flags,
+ getu16(swap, elfhdr.e_shnum))
== -1)
return -1;
}
@@ -1001,7 +1026,8 @@ file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
(off_t)elf_getu64(swap, elfhdr.e_phoff),
getu16(swap, elfhdr.e_phnum),
(size_t)getu16(swap, elfhdr.e_phentsize),
- fsize, &flags) == -1)
+ fsize, &flags,
+ getu16(swap, elfhdr.e_shnum)) == -1)
return -1;
}
if (doshn(ms, class, swap, fd,
diff --git a/src/readelf.h b/src/readelf.h
index 20a4d0f..e14e4e6 100644
--- a/src/readelf.h
+++ b/src/readelf.h
@@ -232,5 +232,7 @@ typedef struct {
#define GNU_OS_LINUX 0
#define GNU_OS_HURD 1
#define GNU_OS_SOLARIS 2
+#define GNU_OS_KFREEBSD 3
+#define GNU_OS_KNETBSD 4
#endif
diff --git a/src/softmagic.c b/src/softmagic.c
index 6e191fe..cc682bc 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -38,7 +38,7 @@
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.91 2007/01/18 05:29:33 ljt Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.95 2007/03/03 19:09:25 christos Exp $")
#endif /* lint */
private int match(struct magic_set *, struct magic *, uint32_t,
@@ -168,9 +168,9 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
* main entry didn't match,
* flush its continuations
*/
- while (magindex < nmagic - 1 &&
- magic[magindex + 1].cont_level != 0)
- magindex++;
+ while (magindex + 1 < nmagic &&
+ magic[magindex + 1].cont_level != 0)
+ magindex++;
continue;
}
@@ -1523,10 +1523,20 @@ magiccheck(struct magic_set *ms, struct magic *m)
}
else {
regmatch_t pmatch[1];
+#ifndef REG_STARTEND
+#define REG_STARTEND 0
+ size_t l = ms->search.s_len - 1;
+ char c = ms->search.s[l];
+ ((char *)(intptr_t)ms->search.s)[l] = '\0';
+#else
pmatch[0].rm_so = 0;
pmatch[0].rm_eo = ms->search.s_len;
+#endif
rc = regexec(&rx, (const char *)ms->search.s,
1, pmatch, REG_STARTEND);
+#if REG_STARTEND == 0
+ ((char *)(intptr_t)ms->search.s)[l] = c;
+#endif
switch (rc) {
case 0:
ms->search.s += (int)pmatch[0].rm_so;