+2018-04-15 14:52 Christos Zoulas <christos@zoulas.com>
+
+ * release 5.33
+
+2018-02-24 14:50 Christos Zoulas <christos@zoulas.com>
+
+ * extend the support for ${x?:} expansions for magic descriptions
+
+2018-02-21 16:25 Christos Zoulas <christos@zoulas.com>
+
+ * add support for ${x?:} in mime types to handle
+ pie binaries.
+
+2017-11-03 9:23 Christos Zoulas <christos@zoulas.com>
+
+ * add support for negative offsets (offsets from the end of file)
+
+2017-09-26 8:22 Christos Zoulas <christos@zoulas.com>
+
+ * close the file on error when writing magic (Steve Grubb)
+
+2017-09-24 12:02 Christos Zoulas <christos@zoulas.com>
+
+ * seccomp support (Paul Moore)
+
2017-09-02 11:53 Christos Zoulas <christos@zoulas.com>
* release 5.32
## README for file(1) Command ##
- @(#) $File: README,v 1.49 2015/01/02 20:23:04 christos Exp $
+ @(#) $File: README,v 1.53 2018/03/11 13:06:47 glen Exp $
-Mailing List: file@mx.gw.com
-Mailing List archives: http://mx.gw.com/pipermail/file/
-Bug tracker: http://bugs.gw.com/
+Mailing List: file@mx.gw.com [currently down]
+Mailing List archives: http://mx.gw.com/pipermail/file/ [currently down]
+Bug tracker: http://bugs.gw.com/ [currently down]
E-mail: christos@astron.com
-
-[![Build Status](https://travis-ci.org/file/file.png?branch=master)](https://travis-ci.org/file/file)
+Build Status: https://travis-ci.org/file/file
Phone: Do not even think of telephoning me about this program. Send cash first!
COPYING - read this first.
README - read this second (you are currently reading this file).
INSTALL - read on how to install
-src/localtime_r.c
-src/magic.c
-src/magic.h
-src/mygetopt.h
-src/newtest2.c
-src/newtest3.c
-src/pread.c
-src/print.c
-src/readcdf.c
-src/readelf.c
-src/readelf.h
-src/regex.c
-src/regex2.c
-src/softmagic.c
-src/strcasestr.c
-src/strlcat.c
-src/strlcpy.c
-src/strndup.c
-src/tar.h
-src/teststrchr.c
-src/vasprintf.c
-src/x.c
src/apprentice.c - parses /etc/magic to learn magic
src/apptype.c - used for OS/2 specific application type magic
src/ascmagic.c - third & last set of tests, based on hardwired assumptions.
src/asprintf.c - replacement for OS's that don't have it.
src/asctime_r.c - replacement for OS's that don't have it.
src/asprintf.c - replacement for OS's that don't have it.
+src/buffer.c - buffer handling functions.
src/cdf.[ch] - parser for Microsoft Compound Document Files
src/cdf_time.c - time converter for CDF.
src/compress.c - handles decompressing files to look inside.
src/strcasestr.c - replacement for OS's that don't have it.
src/strlcat.c - replacement for OS's that don't have it.
src/strlcpy.c - replacement for OS's that don't have it.
+src/strndup.c - replacement for OS's that don't have it.
src/tar.h - tar file definitions
src/vasprintf.c - for systems that don't have it.
doc/file.man - man page for the command
------------------------------------------------------------------------------
+gpg for dummies:
+
+$ gpg --verify file-X.YY.tar.gz.asc file-X.YY.tar.gz
+gpg: assuming signed data in `file-X.YY.tar.gz'
+gpg: Signature made WWW MMM DD HH:MM:SS YYYY ZZZ using DSA key ID KKKKKKKK
+
+To download the key:
+
+$ gpg --keyserver hkp://keys.gnupg.net --recv-keys KKKKKKKK
+
+------------------------------------------------------------------------------
+
+
Parts of this software were developed at SoftQuad Inc., developers
of SGML/HTML/XML publishing software, in Toronto, Canada.
SoftQuad was swallowed up by Corel in 2002 and does not exist any longer.
# rule 2
>0 ....
...
+---
+- Merge the stat code dance in one place and keep it in one place
+ (perhaps struct buffer).
+- Enable seeking around if offset > nbytes if possible (the fd
+ is seekable).
+- We could use file_pipe2file more (for EOF offsets, CDF documents),
+ but that is expensive; perhaps we should provide a way to disable it
+- The implementation of struct buffer needs re-thinking and more work.
+ For example we don't always pass the fd in the child. This is not
+ important yet as we don't have yet cases where use/indirect magic
+ needs negative offsets.
+- Really the whole thing just needs here's an (offset, buffer, size)
+ you have (filebuffer, filebuffersize &&|| fd), fill the buffer with
+ data from offset. The buffer API should be changed to just do that.
christos
-
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([file],[5.32],[christos@astron.com])
+AC_INIT([file],[5.33],[christos@astron.com])
AM_INIT_AUTOMAKE([subdir-objects foreign])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
[AS_HELP_STRING([--disable-zlib], [disable zlib compression support @<:@default=auto@:>@])])
AC_MSG_RESULT($enable_zlib)
+AC_MSG_CHECKING(for libseccomp support)
+AC_ARG_ENABLE(libseccomp,
+[AS_HELP_STRING([--disable-libseccomp], [disable libseccomp sandboxing @<:@default=auto@:>@])])
+AC_MSG_RESULT($enable_libseccomp)
+
AC_MSG_CHECKING(for file formats in man section 5)
AC_ARG_ENABLE(fsect-man5,
[ --enable-fsect-man5 enable file formats in man section 5],
if test "$enable_zlib" != "no"; then
AC_CHECK_LIB(z, gzopen)
fi
+if test "$enable_libseccomp" != "no"; then
+ AC_CHECK_LIB(seccomp, seccomp_init)
+fi
if test "$MINGW" = 1; then
AC_CHECK_LIB(gnurx,regexec,,AC_MSG_ERROR([libgnurx is required to build file(1) with MinGW]))
fi
-.\" $File: file.man,v 1.124 2016/10/19 20:52:45 christos Exp $
-.Dd October 19, 2016
+.\" $File: file.man,v 1.129 2018/03/02 16:17:54 christos Exp $
+.Dd March 2, 2018
.Dt FILE __CSECTION__
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm
.Bk -words
-.Op Fl bcdEhiklLNnprsvzZ0
+.Op Fl bcdEhiklLNnprsSvzZ0
.Op Fl Fl apple
.Op Fl Fl extension
.Op Fl Fl mime-encoding
.Bl -tag -width indent
.It Fl Fl apple
Causes the file command to output the file type and creator code as
-used by older MacOS versions. The code consists of eight letters,
+used by older MacOS versions.
+The code consists of eight letters,
the first describing the file type, the latter the creator.
.It Fl b , Fl Fl brief
Do not prepend filenames to output lines (brief mode).
.It soft
Consults magic files.
.It tar
-Examines tar files.
+Examines tar files by verifying the checksum of the 512 byte tar header.
+Excluding this test can provide more detailed content description by using
+the soft magic method.
.It text
A synonym for
.Sq ascii .
.El
-.It Fl Fl extension
+.It Fl Fl extension
Print a slash-separated list of valid extensions for the file type found.
.It Fl F , Fl Fl separator Ar separator
Use the specified string as the separator between the filename and the
to disregard the file size as reported by
.Xr stat 2
since on some systems it reports a zero size for raw disk partitions.
+.If Fl S , Fl Fl no-sandbox
+On systems where libseccomp
+.Pa ( https://github.com/seccomp/libseccomp )
+is available, the
+.Fl S
+flag disables sandboxing which is enabled by default.
+This option is needed for file to execute external descompressing programs,
+i.e. when the
+.Fl z
+flag is specified and the built-in decompressors are not available.
.It Fl v , Fl Fl version
Print the version of the program and exit.
.It Fl z , Fl Fl uncompress
the output.
This does not affect the separator, which is still printed.
.Pp
-If this option is repeated more than once, then
+If this option is repeated more than once, then
.Nm
prints just the filename followed by a NUL followed by the description
(or ERROR: text) followed by a second NUL for each entry.
.It Fl -help
Print a help message and exit.
.El
-.Sh FILES
-.Bl -tag -width __MAGIC__.mgc -compact
-.It Pa __MAGIC__.mgc
-Default compiled list of magic.
-.It Pa __MAGIC__
-Directory containing default magic files.
-.El
.Sh ENVIRONMENT
The environment variable
.Ev MAGIC
adds
.Dq Pa .mgc
to the value of this variable as appropriate.
-However,
-.Pa file
-has to exist in order for
-.Pa file.mime
-to be considered.
The environment variable
.Ev POSIXLY_CORRECT
controls (on systems that support symbolic links), whether
and
.Fl h
options.
+.Sh FILES
+.Bl -tag -width __MAGIC__.mgc -compact
+.It Pa __MAGIC__.mgc
+Default compiled list of magic.
+.It Pa __MAGIC__
+Directory containing default magic files.
+.El
+.Sh EXIT STATUS
+.Nm
+will exit with
+.Dv 0
+if the operation was successful or
+.Dv >0
+if an error was encountered.
+The following errors cause diagnostic messages, but don't affect the program
+exit code (as POSIX requires), unless
+.Fl E
+is specified:
+.Bl -bullet -compact -offset indent
+.It
+A file cannot be found
+.It
+There is no permission to read a file
+.It
+The file type cannot be determined
+.El
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ file file.c file /dev/{wd0a,hda}
+file.c: C program text
+file: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
+ dynamically linked (uses shared libs), stripped
+/dev/wd0a: block special (0/0)
+/dev/hda: block special (3/0)
+
+$ file -s /dev/wd0{b,d}
+/dev/wd0b: data
+/dev/wd0d: x86 boot sector
+
+$ file -s /dev/hda{,1,2,3,4,5,6,7,8,9,10}
+/dev/hda: x86 boot sector
+/dev/hda1: Linux/i386 ext2 filesystem
+/dev/hda2: x86 boot sector
+/dev/hda3: x86 boot sector, extended partition table
+/dev/hda4: Linux/i386 ext2 filesystem
+/dev/hda5: Linux/i386 swap file
+/dev/hda6: Linux/i386 swap file
+/dev/hda7: Linux/i386 swap file
+/dev/hda8: Linux/i386 swap file
+/dev/hda9: empty
+/dev/hda10: empty
+
+$ file -i file.c file /dev/{wd0a,hda}
+file.c: text/x-c
+file: application/x-executable
+/dev/hda: application/x-not-regular-file
+/dev/wd0a: application/x-not-regular-file
+
+.Ed
.Sh SEE ALSO
.Xr hexdump 1 ,
.Xr od 1 ,
.Bd -literal -offset indent
\*[Gt]16 long\*[Am]0x7fffffff \*[Gt]0 not stripped
.Ed
+.Sh SECURITY
+On systems where libseccomp
+.Pa ( https://github.com/seccomp/libseccomp )
+is available,
+.Nm
+is enforces limiting system calls to only the ones necessary for the
+operation of the program.
+This enforcement does not provide any security benefit when
+.Nm
+is asked to decompress input files running external programs with
+the
+.Fl z
+option.
+To enable execution of external decompressors, one needs to disable
+sandboxing using the
+.Fl S
+flag.
.Sh MAGIC DIRECTORY
The magic file entries have been collected from various sources,
mainly USENET, and contributed by various authors.
keep the old magic file around for comparison purposes
(rename it to
.Pa __MAGIC__.orig ) .
-.Sh EXAMPLES
-.Bd -literal -offset indent
-$ file file.c file /dev/{wd0a,hda}
-file.c: C program text
-file: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
- dynamically linked (uses shared libs), stripped
-/dev/wd0a: block special (0/0)
-/dev/hda: block special (3/0)
-
-$ file -s /dev/wd0{b,d}
-/dev/wd0b: data
-/dev/wd0d: x86 boot sector
-
-$ file -s /dev/hda{,1,2,3,4,5,6,7,8,9,10}
-/dev/hda: x86 boot sector
-/dev/hda1: Linux/i386 ext2 filesystem
-/dev/hda2: x86 boot sector
-/dev/hda3: x86 boot sector, extended partition table
-/dev/hda4: Linux/i386 ext2 filesystem
-/dev/hda5: Linux/i386 swap file
-/dev/hda6: Linux/i386 swap file
-/dev/hda7: Linux/i386 swap file
-/dev/hda8: Linux/i386 swap file
-/dev/hda9: empty
-/dev/hda10: empty
-
-$ file -i file.c file /dev/{wd0a,hda}
-file.c: text/x-c
-file: application/x-executable
-/dev/hda: application/x-not-regular-file
-/dev/wd0a: application/x-not-regular-file
-
-.Ed
.Sh HISTORY
There has been a
.Nm
and provided some magic file entries.
Contributions of the
.Sq \*[Am]
-operator by Rob McMahon,
+operator by Rob McMahon,
.Aq cudcv@warwick.ac.uk ,
1989.
.Pp
were written by John Gilmore from his public-domain
.Xr tar 1
program, and are not covered by the above license.
-.Sh RETURN CODE
-.Nm
-returns 0 on success, and non-zero on error.
.Sh BUGS
Please report bugs and send patches to the bug tracker at
.Pa http://bugs.gw.com/
-.\" $File: magic.man,v 1.90 2017/02/08 21:52:03 christos Exp $
-.Dd February 12, 2017
+.\" $File: magic.man,v 1.92 2017/11/04 01:11:32 christos Exp $
+.Dd Noveber 3, 2017
.Dt MAGIC __FSECTION__
.Os
.\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems.
The line consists of the following fields:
.Bl -tag -width ".Dv message"
.It Dv offset
-A number specifying the offset, in bytes, into the file of the data
+A number specifying the offset (in bytes) into the file of the data
which is to be tested.
+This offset can be a negative number if it is:
+.Bl -bullet -compact
+.It
+The first direct offset of the magic entry (at continuation level 0),
+in which case it is interpreted an offset from end end of the file
+going backwards.
+This works only when a file descriptor to the file is a available and it
+is a regular file.
+.It
+A continuation offset relative to the end of the last up-level field
+.Dv ( \*[Am] ) .
+.El
.It Dv type
The type of the data to be tested.
The possible values are:
#------------------------------------------------------------------------------
-# $File$
+# $File: acorn,v 1.6 2017/10/19 16:40:37 christos Exp $
# acorn: file(1) magic for files found on Acorn systems
#
>>8 byte x version %d,
>>10 leshort =1 1 pattern
>>10 leshort !1 %d patterns
+
+# From: Joerg Jenderek
+# URL: https://www.kyzer.me.uk/pack/xad/#PackDir
+# reference: https://www.kyzer.me.uk/pack/xad/xad_PackDir.lha/PackDir.c
+# GRR: line below is too general as it matches also "Git pack" in ./revision
+0 string PACK\0
+# check for valid compression method 0-4
+>5 ulelong <5
+# https://www.riscosopen.org/wiki/documentation/show/Introduction%20To%20Filing%20Systems
+# To skip "Git pack" version 0 test for root directory object like
+# ADFS::RPC.$.websitezip.FONTFIX
+>>9 string >ADFS\ PackDir archive (RISC OS)
+# TrID labels above as "Acorn PackDir compressed Archive"
+# compression mode y (0 - 4) for GIF LZW with a maximum n bits
+# (y~n,0~12,1~13,2~14,3~15,4~16)
+>>>5 ulelong+12 x \b, LZW %u-bits compression
+# http://www.filebase.org.uk/filetypes
+# !Packdir compressed archive has three hexadecimal digits code 68E
+!:mime application/x-acorn-68E
+!:ext pkd/bin
+# null terminated root directory object like IDEFS::IDE-4.$.Apps.GRAPHICS.!XFMPdemo
+>>>9 string x \b, root "%s"
+# load address 0xFFFtttdd, ttt is the object filetype and dddddddddd is time
+>>>>&1 ulelong x \b, load address 0x%x
+# execution address 0xdddddddd dddddddddd is 40 bit unsigned centiseconds since 1.1.1900 UTC
+>>>>&5 ulelong x \b, exec address 0x%x
+# attributes (bits: 0~owner read,1~owner write,3~no delete,4~public read,5~public write)
+>>>>&9 ulelong x \b, attributes 0x%x
+# number of entries in this directory. for root dir 0
+#>>>&13 ulelong x \b, entries 0x%x
+# the entries start here with object name
+>>>>&17 string x \b, 1st object "%s"
+
#------------------------------------------------------------------------------
-# $File: animation,v 1.63 2017/05/26 14:33:07 christos Exp $
+# $File: animation,v 1.66 2017/10/06 15:36:38 christos Exp $
# animation: file(1) magic for animation/movie formats
#
# animation formats
>>11 byte 6 \b, Release 6 MBMS Extended Presentations
>>11 byte 7 \b, Release 7 MBMS Extended Presentations
>8 string 3gg \b, MPEG v4 system, 3GPP
->11 byte 6 \b, Release 6 General Profile
!:mime video/3gpp
+>>11 byte 6 \b, Release 6 General Profile
>8 string 3gp \b, MPEG v4 system, 3GPP
->11 byte 1 \b, Release %d (non existent)
->11 byte 2 \b, Release %d (non existent)
->11 byte 3 \b, Release %d (non existent)
->11 byte 4 \b, Release %d
->11 byte 5 \b, Release %d
->11 byte 6 \b, Release %d
->11 byte 7 \b, Release %d Streaming Servers
!:mime video/3gpp
+>>11 byte 1 \b, Release %d (non existent)
+>>11 byte 2 \b, Release %d (non existent)
+>>11 byte 3 \b, Release %d (non existent)
+>>11 byte 4 \b, Release %d
+>>11 byte 5 \b, Release %d
+>>11 byte 6 \b, Release %d
+>>11 byte 7 \b, Release %d Streaming Servers
>8 string 3gs \b, MPEG v4 system, 3GPP
->11 byte 7 \b, Release %d Streaming Servers
!:mime video/3gpp
+>>11 byte 7 \b, Release %d Streaming Servers
>8 string avc1 \b, MPEG v4 system, 3GPP JVT AVC [ISO 14496-12:2005]
!:mime video/mp4
>8 string/W qt \b, Apple QuickTime movie
>8 string pana \b, Panasonic Digital Camera
>8 string qt \b, Apple QuickTime (.MOV/QT)
!:mime video/quicktime
+# HEIF image format
+# see https://nokiatech.github.io/heif/technical.html
+>8 string mif1 \b, HEIF Image
+!:mime image/heif
+>8 string msf1 \b, HEIF Image Sequence
+!:mime image/heif-sequence
+>8 string heic \b, HEIF Image HEVC Main or Main Still Picture Profile
+!:mime image/heic
+>8 string heix \b, HEIF Image HEVC Main 10 Profile
+!:mime image/heic
+>8 string hevc \b, HEIF Image Sequenz HEVC Main or Main Still Picture Profile
+!:mime image/heic-sequence
+>8 string hevx \b, HEIF Image Sequence HEVC Main 10 Profile
+!:mime image/heic-sequence
+# following HEIF brands are not mentioned in the heif technical info currently (Oct 2017)
+# but used in the reference implementation:
+# https://github.com/nokiatech/heif/blob/d5e9a21c8ba8df712bdf643021dd9f6518134776/Srcs/reader/hevcimagefilereader.cpp
+>8 string heim \b, HEIF Image L-HEVC
+!:mime image/heif
+>8 string heis \b, HEIF Image L-HEVC
+!:mime image/heif
+>8 string avic \b, HEIF Image AVC
+!:mime image/heif
+>8 string hevm \b, HEIF Image Sequence L-HEVC
+!:mime image/heif-sequence
+>8 string hevs \b, HEIF Image Sequence L-HEVC
+!:mime image/heif-sequence
+>8 string avcs \b, HEIF Image Sequence AVC
+!:mime image/heif-sequence
+
>8 string ROSS \b, Ross Video
>8 string sdv \b, SD Memory Card Video
>8 string ssc1 \b, Samsung stereo, single stream (patent pending)
#------------------------------------------------------------------------------
-# $File: apple,v 1.36 2017/03/17 21:35:28 christos Exp $
+# $File: apple,v 1.39 2018/03/02 15:26:39 christos Exp $
# apple: file(1) magic for Apple file formats
#
0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text
>>>>0 use appleworks
>0 belong 0x0481ad00
>>0 use appleworks
+
+# magic for Apple File System (APFS)
+# from Alex Myczko <alex@aiei.ch>
+32 string NXSB Apple File System (APFS)
+>36 ulelong x \b, blocksize %u
+
+# iTunes cover art (versions 1 and 2)
+4 string itch
+>24 string artw
+>>0x1e8 string data iTunes cover art
+>>>0x1ed string PNG (PNG)
+>>>0x1ec beshort 0xffd8 (JPEG)
+
+# MacPaint image
+65 string PNTGMPNT MacPaint image data
+#0 belong 2 MacPaint image data
#------------------------------------------------------------------------------
-# $File: archive,v 1.108 2017/08/30 13:45:10 christos Exp $
+# $File: archive,v 1.117 2018/03/17 02:11:04 christos Exp $
# archive: file(1) magic for archive formats (see also "msdos" for self-
# extracting compressed archives)
#
# cpio, ar, arc, arj, hpack, lha/lharc, rar, squish, uc2, zip, zoo, etc.
-# pre-POSIX "tar" archives are handled in the C code.
+# pre-POSIX "tar" archives are also handled in the C code ../../src/is_tar.c.
# POSIX tar archives
-257 string ustar\0 POSIX tar archive
-!:mime application/x-tar # encoding: posix
-257 string ustar\040\040\0 GNU tar archive
-!:mime application/x-tar # encoding: gnu
+# URL: https://en.wikipedia.org/wiki/Tar_(computing)
+# Reference: https://www.freebsd.org/cgi/man.cgi?query=tar&sektion=5&manpath=FreeBSD+8-current
+# header mainly padded with nul bytes
+500 quad 0
+# filename or extended attribute printable strings in range space null til umlaut ue
+>0 ubeshort >0x1F00
+>>0 ubeshort <0xFCFD
+# last 4 header bytes often null but tar\0 in gtarfail2.tar gtarfail.tar-bad
+# at https://sourceforge.net/projects/s-tar/files/testscripts/
+>>>508 ubelong&0x8B9E8DFF 0
+# nul, space or ascii digit 0-7 at start of mode
+>>>>100 ubyte&0xC8 =0
+>>>>>101 ubyte&0xC8 =0
+# nul, space at end of check sum
+>>>>>>155 ubyte&0xDF =0
+# space or ascii digit 0 at start of check sum
+>>>>>>>148 ubyte&0xEF =0x20
+>>>>>>>>0 use tar-file
+# minimal check and then display tar archive information which can also be
+# embedded inside others like Android Backup, Clam AntiVirus database
+0 name tar-file
+>257 string !ustar
+# header padded with nuls
+>>257 ulong =0
+# GNU tar version 1.29 with non pax format option without refusing
+# creates misleading V7 header for Long path, Multi-volume, Volume type
+>>>156 ubyte 0x4c GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 ubyte 0x4d GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 ubyte 0x56 GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 default x tar archive (V7)
+!:mime application/x-tar
+!:ext tar
+# other stuff in padding
+# some implementations add new fields to the blank area at the end of the header record
+# created for example by DOS TAR 3.20g 1994 Tim V.Shapore with -j option
+>>257 ulong !0 tar archive (old)
+!:mime application/x-tar
+!:ext tar
+# magic in newer, GNU, posix variants
+>257 string =ustar
+# 2 last char of magic and UStar version because string expression does not work
+# 2 space characters followed by a null for GNU variant
+>>261 ubelong =0x72202000 POSIX tar archive (GNU)
+!:mime application/x-gtar
+!:ext tar/gtar
+# UStar version with ASCII "00"
+>>261 ubelong 0x72003030 POSIX
+# gLOBAL and ExTENSION type only found in POSIX.1-2001 format
+>>>156 ubyte 0x67 \b.1-2001
+>>>156 ubyte 0x78 \b.1-2001
+>>>156 ubyte x tar archive
+!:mime application/x-ustar
+!:ext tar/ustar
+# version with 2 binary nuls embedded in Android Backup like com.android.settings.ab
+>>261 ubelong 0x72000000 tar archive (ustar)
+!:mime application/x-ustar
+!:ext tar/ustar
+# not seen ustar variant with garbish version
+>>261 default x tar archive (unknown ustar)
+!:mime application/x-ustar
+!:ext tar/ustar
+# type flag of 1st tar archive member
+#>156 ubyte x \b, %c-type
+>156 ubyte x
+>>156 ubyte 0 \b, file
+>>156 ubyte 0x30 \b, file
+>>156 ubyte 0x31 \b, hard link
+>>156 ubyte 0x32 \b, symlink
+>>156 ubyte 0x33 \b, char device
+>>156 ubyte 0x34 \b, block device
+>>156 ubyte 0x35 \b, directory
+>>156 ubyte 0x36 \b, fifo
+>>156 ubyte 0x37 \b, reserved
+>>156 ubyte 0x4c \b, long path
+>>156 ubyte 0x4d \b, multi volume
+>>156 ubyte 0x56 \b, volume
+>>156 ubyte 0x67 \b, global
+>>156 ubyte 0x78 \b, extension
+>>156 default x \b, type
+>>>156 ubyte x '%c'
+# name[100]
+>0 string >\0 %-.60s
+# mode mainly stored as an octal number in ASCII null or space terminated
+>100 string >\0 \b, mode %-.7s
+# user id mainly as octal numbers in ASCII null or space terminated
+>108 string >\0 \b, uid %-.7s
+# group id mainly as octal numbers in ASCII null or space terminated
+>116 string >\0 \b, gid %-.7s
+# size mainly as octal number in ASCII
+>124 ubyte <0x38
+>>124 string >\0 \b, size %-.12s
+# coding indicated by setting the high-order bit of the leftmost byte
+>124 ubyte >0xEF \b, size 0x
+>>124 ubyte !0xff \b%2.2x
+>>125 ubyte !0xff \b%2.2x
+>>126 ubyte !0xff \b%2.2x
+>>127 ubyte !0xff \b%2.2x
+>>128 ubyte !0xff \b%2.2x
+>>129 ubyte !0xff \b%2.2x
+>>130 ubyte !0xff \b%2.2x
+>>131 ubyte !0xff \b%2.2x
+>>132 ubyte !0xff \b%2.2x
+>>133 ubyte !0xff \b%2.2x
+>>134 ubyte !0xff \b%2.2x
+>>135 ubyte !0xff \b%2.2x
+# seconds since 0:0:0 1 jan 1970 UTC as octal number mainly in ASCII null or space terminated
+>136 string >\0 \b, seconds %-.11s
+# header checksum stored as an octal number in ASCII null or space terminated
+#>148 string x \b, cksum %.7s
+# linkname[100]
+>157 string >\0 \b, linkname %-.40s
+# additional fields for ustar
+>257 string =ustar
+# owner user name null terminated
+>>265 string >\0 \b, user %-.32s
+# group name null terminated
+>>297 string >\0 \b, group %-.32s
+# device major minor if not zero
+>>329 ubequad&0xCFCFCFCFcFcFcFdf !0
+>>>329 string x \b, devmaj %-.7s
+>>337 ubequad&0xCFCFCFCFcFcFcFdf !0
+>>>337 string x \b, devmin %-.7s
+# prefix[155]
+>>345 string >\0 \b, prefix %-.155s
+# old non ustar/POSIX tar
+>257 string !ustar
+>>508 string =tar\0
+# padding[255] in old star
+>>>257 string >\0 \b, padding: %-.40s
+>>508 default x
+# padding[255] in old tar sometimes comment field
+>>>257 string >\0 \b, comment: %-.40s
# Incremental snapshot gnu-tar format from:
# http://www.gnu.org/software/tar/manual/html_node/Snapshot-Files.html
# PPMZ
0 string PPMZ PPMZ archive data
# MS Compress
-4 string \x88\xf0\x27 MS Compress archive data
-# updated by Joerg Jenderek
->9 string \0
->>0 string KWAJ
->>>7 string \321\003 MS Compress archive data
->>>>14 ulong >0 \b, original size: %d bytes
->>>>18 ubyte >0x65
->>>>>18 string x \b, was %.8s
->>>>>(10.b-4) string x \b.%.3s
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/MS-DOS_installation_compression
+# Reference: https://hwiegman.home.xs4all.nl/fileformats/compress/szdd_kwaj_format.html
+# Note: use correct version of extracting tool like EXPAND, UNPACK, DECOMP or 7Z
+4 string \x88\xf0\x27
+# KWAJ variant
+>0 string KWAJ MS Compress archive data, KWAJ variant
+!:mime application/x-ms-compress-kwaj
+# extension not working in version 5.32
+# magic/Magdir/archive, 284: Warning: EXTENSION type ` ??_' has bad char '?'
+# file: line 284: Bad magic entry ' ??_'
+!:ext ??_
+# compression method (0-4)
+>>8 uleshort x \b, %u method
+# offset of compressed data
+>>10 uleshort x \b, 0x%x offset
+#>>(10.s) uleshort x
+#>>>&-6 string x \b, TEST extension %-.3s
+# header flags to mark header extensions
+>>12 uleshort >0 \b, 0x%x flags
+# 4 bytes: decompressed length of file
+>>12 uleshort &0x01
+>>>14 ulelong x \b, original size: %u bytes
+# 2 bytes: unknown purpose
+# 2 bytes: length of unknown data + mentioned bytes
+# 1-9 bytes: null-terminated file name
+# 1-4 bytes: null-terminated file extension
+>>12 uleshort &0x08
+>>>12 uleshort ^0x01
+>>>>12 uleshort ^0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>14 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>14 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(14.s) uleshort x
+>>>>>>>>&14 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(14.s) uleshort x
+>>>>>>>>&14 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+>>>>12 uleshort &0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>16 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>16 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(16.s) uleshort x
+>>>>>>>>&16 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(16.s) uleshort x
+>>>>>>>&16 string x %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>12 uleshort &0x01
+>>>>12 uleshort ^0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>18 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>18 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(18.s) uleshort x
+>>>>>>>>&18 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(18.s) uleshort x
+>>>>>>>>&18 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+>>>>12 uleshort &0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>20 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>20 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(20.s) uleshort x
+>>>>>>>>&20 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(20.s) uleshort x
+>>>>>>>>&20 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+# 2 bytes: length of data + mentioned bytes
+#
+# SZDD variant Haruhiko Okumura's LZSS or 7z type MsLZ
+>0 string SZDD MS Compress archive data, SZDD variant
+!:mime application/x-ms-compress-szdd
+!:ext ??_
+# The character missing from the end of the filename (0=unknown)
+>>9 string >\0 \b, %-.1s is last character of original name
+# https://www.betaarchive.com/forum/viewtopic.php?t=26161
+# Compression mode: "A" (0x41) found but sometimes "B" in Windows 3.1 builds 026 and 034e
+>>8 string !A \b, %-.1s method
+>>10 ulelong >0 \b, original size: %u bytes
+# QBasic SZDD variant
+3 string \x88\xf0\x27
+>0 string SZ\x20 MS Compress archive data, QBasic variant
+!:mime application/x-ms-compress-sz
+!:ext ??$
+>>8 ulelong >0 \b, original size: %u bytes
+
# MP3 (archiver, not lossy audio compression)
0 string MP3\x1a MP3-Archiver archive data
# ZET
# These were inspired by idarc, but actually verified
# Dzip archiver (.dz)
-0 string DZ Dzip archive data
->2 byte x \b, version %i
->3 byte x \b.%i
+# Update: Joerg Jenderek
+# URL: http://speeddemosarchive.com/dzip/
+# reference: http://speeddemosarchive.com/dzip/dz29src.zip/main.c
+# GRR: line below is too general as it matches also ASCII texts like Doszip commander help dz.txt
+0 string DZ
+# latest version is 2.9 dated 7 may 2003
+>2 byte <4 Dzip archive data
+!:mime application/x-dzip
+!:ext dz
+>>2 byte x \b, version %i
+>>3 byte x \b.%i
+>>4 ulelong x \b, offset 0x%x
+>>8 ulelong x \b, %u files
# ZZip archiver (.zz)
0 string ZZ\ \0\0 ZZip archive data
0 string ZZ0 ZZip archive data
!:mime application/vnd.oasis.opendocument.formula-template
>>>73 string database Database
!:mime application/vnd.oasis.opendocument.database
+# Valid for LibreOffice Base 6.0.1.1 at least
+>>>73 string base Database
+!:mime application/vnd.oasis.opendocument.base
>>>73 string image
>>>>78 byte !0x2d Image
!:mime application/vnd.oasis.opendocument.image
>(26.s+30) leshort !0xcafe
>>26 string !\x8\0\0\0mimetype Zip archive data
!:mime application/zip
->>>4 byte 0x09 \b, at least v0.9 to extract
->>>4 byte 0x0a \b, at least v1.0 to extract
->>>4 byte 0x0b \b, at least v1.1 to extract
->>>4 byte 0x14 \b, at least v2.0 to extract
->>>4 byte 0x15 \b, at least v2.1 to extract
->>>4 byte 0x19 \b, at least v2.5 to extract
->>>4 byte 0x1b \b, at least v2.7 to extract
->>>4 byte 0x2d \b, at least v4.5 to extract
->>>4 byte 0x2e \b, at least v4.6 to extract
->>>4 byte 0x32 \b, at least v5.0 to extract
->>>4 byte 0x33 \b, at least v5.1 to extract
->>>4 byte 0x34 \b, at least v5.2 to extract
->>>4 byte 0x3d \b, at least v6.1 to extract
->>>4 byte 0x3e \b, at least v6.2 to extract
->>>4 byte 0x3f \b, at least v6.3 to extract
+>>>4 beshort x \b, at least
+>>>4 use zipversion
+>>>4 beshort x to extract
>>>0x161 string WINZIP \b, WinZIP self-extracting
# StarView Metafile
# Alternate ZIP string (amc@arwen.cs.berkeley.edu)
0 string PK00PK\003\004 Zip archive data
+!:mime application/zip
+!:ext zip/cbz
# ACE archive (from http://www.wotsit.org/download.asp?f=ace)
# by Stefan `Sec` Zehl <sec@42.org>
# reference: https://github.com/MarcoPon/SeqBox
0 string SBx SeqBox,
>3 byte x version %d
+
+# LyNX archive
+56 string USE\040LYNX\040TO\040DISSOLVE\040THIS\040FILE LyNX archive
#------------------------------------------------------------------------------
-# $File: audio,v 1.80 2017/08/13 00:21:47 christos Exp $
+# $File: audio,v 1.86 2018/03/11 00:53:11 christos Exp $
# audio: file(1) magic for sound formats (see also "iff")
#
# Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com),
# Free lossless audio codec <http://flac.sourceforge.net>
# From: Przemyslaw Augustyniak <silvathraec@rpg.pl>
0 string fLaC FLAC audio bitstream data
-!:mime audio/x-flac
+!:mime audio/flac
>4 byte&0x7f >0 \b, unknown version
>4 byte&0x7f 0 \b
# some common bits/sample values
>>20 byte&0xe 0xa \b, 6 channels
>>20 byte&0xe 0xc \b, 7 channels
>>20 byte&0xe 0xe \b, 8 channels
-# some common sample rates
->>17 belong&0xfffff0 0x2ee000 \b, 192 kHz
->>17 belong&0xfffff0 0x158880 \b, 88.2 kHz
->>17 belong&0xfffff0 0x0ac440 \b, 44.1 kHz
->>17 belong&0xfffff0 0x0bb800 \b, 48 kHz
->>17 belong&0xfffff0 0x07d000 \b, 32 kHz
->>17 belong&0xfffff0 0x056220 \b, 22.05 kHz
->>17 belong&0xfffff0 0x05dc00 \b, 24 kHz
->>17 belong&0xfffff0 0x03e800 \b, 16 kHz
->>17 belong&0xfffff0 0x02b110 \b, 11.025 kHz
->>17 belong&0xfffff0 0x02ee00 \b, 12 kHz
->>17 belong&0xfffff0 0x01f400 \b, 8 kHz
->>17 belong&0xfffff0 0x177000 \b, 96 kHz
->>17 belong&0xfffff0 0x0fa000 \b, 64 kHz
+# sample rates derived from known oscillator frequencies;
+# 24.576 MHz (video/fs=48kHz), 22.5792 (audio/fs=44.1kHz) and
+# 16.384 (other/fs=32kHz).
+>>17 belong&0xfffff0 0x02b110 \b, 11.025 kHz
+>>17 belong&0xfffff0 0x03e800 \b, 16 kHz
+>>17 belong&0xfffff0 0x056220 \b, 22.05 kHz
+>>17 belong&0xfffff0 0x05dc00 \b, 24 kHz
+>>17 belong&0xfffff0 0x07d000 \b, 32 kHz
+>>17 belong&0xfffff0 0x0ac440 \b, 44.1 kHz
+>>17 belong&0xfffff0 0x0bb800 \b, 48 kHz
+>>17 belong&0xfffff0 0x0fa000 \b, 64 kHz
+>>17 belong&0xfffff0 0x158880 \b, 88.2 kHz
+>>17 belong&0xfffff0 0x177000 \b, 96 kHz
+>>17 belong&0xfffff0 0x1f4000 \b, 128 kHz
+>>17 belong&0xfffff0 0x2b1100 \b, 176.4 kHz
+>>17 belong&0xfffff0 0x2ee000 \b, 192 kHz
+>>17 belong&0xfffff0 0x3e8000 \b, 256 kHz
+>>17 belong&0xfffff0 0x562200 \b, 352.8 kHz
+>>17 belong&0xfffff0 0x5dc000 \b, 384 kHz
>>21 byte&0xf >0 \b, >4G samples
>>21 byte&0xf 0 \b
>>>22 belong >0 \b, %u samples
>>12 ulelong x \b, sample rate %d
# adlib sound files
-# From Gurkan Sengun <gurkan@linuks.mine.nu>, http://www.linuks.mine.nu
+# From: Alex Myczko <alex@aiei.ch>
0 string RAWADATA RdosPlay RAW
1068 string RoR AMUSIC Adlib Tracker
>>>0x31 byte/16 x Version %d.
>>>0x31 byte&0x0F x \b%02d
>>>>0x4 string >\0 \b, title: "%s"
+
+# magic for Klystrack, http://kometbomb.github.io/klystrack/
+# from Alex Myczko <alex@aiei.ch>
+0 string cyd!song Klystrack song
+>8 byte >0 \b, version %u
+>8 byte >26
+#>>9 byte x \b, channels %u
+#>>10 leshort x \b, time signature %u
+#>>12 leshort x \b, sequence step %u
+#>>14 byte x \b, instruments %u
+#>>15 leshort x \b, patterns %u
+#>>17 leshort x \b, sequences %u
+#>>19 leshort x \b, length %u
+#>>21 leshort x \b, loop point %u
+#>>23 byte x \b, master volume %u
+#>>24 byte x \b, song speed %u
+#>>25 byte x \b, song speed2 %u
+#>>26 byte x \b, song rate %u
+#>>27 belong x \b, flags %#x
+#>>31 byte x \b, multiplex period %u
+#>>32 byte x \b, pitch inaccuracy %u
+>>149 pstring x \b, title %s
+
+0 string cyd!inst Klystrack instrument
+
+# magic for WOPL instrument files, https://github.com/Wohlstand/OPL3BankEditor
+# see Specifications/WOPL-and-OPLI-Specification.txt
+
+0 string WOPL3-INST\0 WOPL instrument
+>11 leshort x \b, version %u
+0 string WOPL3-BANK\0 WOPL instrument bank
+>11 leshort x \b, version %u
+
+# AdLib/OPL instrument files. Format specifications on
+# http://www.shikadi.net/moddingwiki
+0 string Junglevision\ Patch\ File Junglevision instrument data
+0 string #OPL_II# DMX OP2 instrument data
+0 string IBK\x1a IBK instrument data
+0 string 2OP\x1a IBK instrument data, 2 operators
+0 string 4OP\x1a IBK instrument data, 4 operators
+2 string ADLIB- AdLib instrument data
+>0 byte x \b, version %u
+>1 byte x \b.%u
--- /dev/null
+#------------------------------------------------------------------------------
+# $File: beetle,v 1.2 2018/02/05 23:42:17 rrt Exp $
+# beetle: file(1) magic for Beetle VM object files
+# https://github.com/rrthomas/beetle/
+
+# Beetle object module
+0 string BEETLE\000 Beetle VM object file
#------------------------------------------------------------------------------
-# $File: c64,v 1.5 2009/09/19 16:28:08 christos Exp $
+# $File: c64,v 1.7 2017/11/15 12:19:06 christos Exp $
# c64: file(1) magic for various commodore 64 related files
#
# From: Dirk Jagdmann <doj@cubic.org>
# Esa Hyyti <esa@netlab.tkk.fi>
0 string C64-TAPE-RAW C64 Raw Tape File (.tap),
>0x0c byte x Version:%u,
->0x10 lelong x Length:%u cycles
+>0x10 lelong x Length:%u cycles
+
+# magic for Goattracker2, http://covertbitops.c64.org/
+# from Alex Myczko <alex@aiei.ch>
+0 string GTS5 GoatTracker 2 song
+>4 string >\0 \b, "%s"
+>36 string >\0 \b by %s
+>68 string >\0 \b (C) %s
+>100 byte >0 \b, %u subsong(s)
+
#------------------------------------------------------------------------------
-# $File: compress,v 1.68 2017/05/25 20:07:23 christos Exp $
+# $File: compress,v 1.72 2018/03/27 23:26:41 christos Exp $
# compress: file(1) magic for pure-compression formats (no archives)
#
# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc.
>9 byte =0x0B \b, from NTFS filesystem (NT)
>9 byte =0x0C \b, from QDOS
>9 byte =0x0D \b, from Acorn RISCOS
+>-4 lelong x \b, original size %d
# packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis
0 string \037\036 packed data
!:mime application/x-bzip2
>3 byte >47 \b, block size = %c00k
+# bzip a block-sorting file compressor
+# by Julian Seward <sewardj@cs.man.ac.uk> and others
+0 string BZ0 bzip compressed data
+!:mime application/x-bzip
+>3 byte >47 \b, block size = %c00k
+
# lzip
0 string LZIP lzip compressed data
!:mime application/x-lzip
#>99 byte&0xF0 0xd0
#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio
-# bzip a block-sorting file compressor
-# by Julian Seward <sewardj@cs.man.ac.uk> and others
-#
-#0 string BZ bzip compressed data
-#>2 byte x \b, version: %c
-#>3 string =1 \b, compression block size 100k
-#>3 string =2 \b, compression block size 200k
-#>3 string =3 \b, compression block size 300k
-#>3 string =4 \b, compression block size 400k
-#>3 string =5 \b, compression block size 500k
-#>3 string =6 \b, compression block size 600k
-#>3 string =7 \b, compression block size 700k
-#>3 string =8 \b, compression block size 800k
-#>3 string =9 \b, compression block size 900k
-
# lzop from <markus.oberhumer@jk.uni-linz.ac.at>
0 string \x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a lzop compressed data
>9 beshort <0x0940
>>0 byte&0xf =8
>>>0 byte&0x80 =0 zlib compressed data
!:mime application/zlib
+
+# BWC compression
+0 string BWC
+>3 byte 0 BWC compressed data
+
+# UCL compression
+0 bequad 0x00e955434cff011a UCL compressed data
+
+# Softlib archive
+0 string SLIB Softlib archive
+>4 leshort x \b, version %d
+>6 leshort x (contains %d files)
+
+# URL: https://github.com/lzfse/lzfse/blob/master/src/lzfse_internal.h#L276
+# From: Eric Hall <eric.hall@darkart.com>
+0 string bvx- lzfse encoded, no compression
+0 string bvx1 lzfse compressed, uncompressed tables
+0 string bvx2 lzfse compressed, compressed tables
+0 string bvxn lzfse encoded, lzvn compressed
#------------------------------------------------------------------------------
-# $File: console,v 1.32 2017/08/13 00:21:47 christos Exp $
+# $File: console,v 1.35 2017/11/14 15:48:36 christos Exp $
# Console game magic
# Toby Deshane <hac@shoelace.digivill.net>
# From: Serge van den Boom <svdb@stack.nl>
0 string \x01ZZZZZ\x01 3DO "Opera" file system
-# From: Gurkan Sengun <gurkan@linuks.mine.nu>, www.linuks.mine.nu
+# From: Alex Myczko <alex@aiei.ch>
# From: David Pflug <david@pflug.email>
# is the offset 12 or the offset 16 correct?
# GBS (Game Boy Sound) magic
--- /dev/null
+
+#------------------------------------------------------------------------------
+# $File: dbpf,v 1.1 2017/10/13 20:47:14 christos Exp $
+# dppf: Maxis Database Packed Files, the stored data file format used by all
+# Maxis games after the Sims: http://wiki.niotso.org/DBPF
+# http://www.wiki.sc4devotion.com/index.php?title=DBPF
+# 13 Oct 2017, Kip Warner <kip at thevertigo dot com>
+0 string DBPF Maxis Database Packed File
+>4 ulelong x \b, version: %u.
+>>8 ulelong x \b%u
+>>>36 ulelong x \b, files: %u
+!:ext dbpf/package/dat/sc4
+!:mime application/x-maxis-dbpf
+4 ulelong 1
+>8 ulelong !1
+>>24 ledate !0 \b, created: %s
+>>>28 ledate !0 \b, modified: %s
#------------------------------------------------------------------------------
-# $File: elf,v 1.69 2015/06/16 17:23:08 christos Exp $
+# $File: elf,v 1.72 2018/02/24 19:50:04 christos Exp $
# elf: file(1) magic for ELF executables
#
# We have to check the byte order flag to see what byte order all the
!:mime application/x-object
>16 leshort 2 executable,
!:mime application/x-executable
->16 leshort 3 shared object,
-!:mime application/x-sharedlib
+>16 leshort 3 ${x?pie executable:shared object}
+
+!:mime application/x-${x?pie-executable:sharedlib}
>16 leshort 4 core file
!:mime application/x-coredump
# Core file detection is not reliable.
#------------------------------------------------------------------------------
-# $File: filesystems,v 1.122 2017/07/21 10:34:41 christos Exp $
+# $File: filesystems,v 1.124 2018/01/12 12:35:30 christos Exp $
# filesystems: file(1) magic for different filesystems
#
0 name partid
#>0x464 lelong &0x0000020 (many subdirs)
#>0x463 lelong &0x0000040 (extra isize)
+# f2fs filesystem - Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
+0x400 lelong 0xF2F52010 F2FS filesystem
+>0x46c belong x \b, UUID=%08x
+>0x470 beshort x \b-%04x
+>0x472 beshort x \b-%04x
+>0x474 beshort x \b-%04x
+>0x476 belong x \b-%08x
+>0x47a beshort x \b%04x
+>0x147c lestring16 x \b, volume name "%s"
+
# Minix filesystems - Juan Cespedes <cespedes@debian.org>
0x410 leshort 0x137f
!:strength / 2
0 name cdrom
>38913 string !NSR0 ISO 9660 CD-ROM filesystem data
!:mime application/x-iso9660-image
+!:ext iso/iso9660
>38913 string NSR0 UDF filesystem data
!:mime application/x-iso9660-image
+!:ext iso/udf
>>38917 string 1 (version 1.0)
>>38917 string 2 (version 1.5)
>>38917 string 3 (version 2.0)
!:strength +34
>0 use cdrom
+# URL: https://en.wikipedia.org/wiki/NRG_(file_format)
+# Reference: https://dl.opendesktop.org/api/files/download/id/1460731811/
+# 11577-mount-iso-0.9.5.tar.bz2/mount-iso-0.9.5/install.sh
+# From: Joerg Jenderek
+# Note: Only for nero disc with once (DAO) type after 300 KB header
+339969 string CD001 Nero CD image at 0x4B000
+!:mime application/x-nrg
+!:ext nrg
+>307200 use cdrom
+
# .cso files
# Reference: http://pismotec.com/ciso/ciso.h
# NOTE: There are two other formats with the same magic but
#------------------------------------------------------------------------------
-# $File: fonts,v 1.37 2017/06/24 00:39:00 christos Exp $
+# $File: fonts,v 1.38 2017/11/14 15:48:36 christos Exp $
# fonts: file(1) magic for font data
#
0 search/1 FONT ASCII vfont text
0 string OTTO OpenType font data
!:mime application/vnd.ms-opentype
-# Gurkan Sengun <gurkan@linuks.mine.nu>, www.linuks.mine.nu
+# From: Alex Myczko <alex@aiei.ch>
0 string SplineFontDB: Spline Font Database
!:mime application/vnd.font-fontforge-sfd
>14 string x version %s
#------------------------------------------------------------------------------
-# $File: games,v 1.15 2017/03/17 21:35:28 christos Exp $
+# $File: games,v 1.16 2017/10/19 16:40:37 christos Exp $
# games: file(1) for games
# Fabio Bonelli <fabiobonelli@libero.it>
# Quake
-0 string PACK Quake I or II world or extension
->8 lelong >0 \b, %d entries
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/PAK
+# reference: https://quakewiki.org/wiki/.pak
+# GRR: line below is too general as it matches also Acorn PackDir compressed Archive
+# and Git pack ./revision
+0 string PACK
+# real Quake examples like pak0.pak have only some hundreds like 150 files
+# So test for few files
+>8 ulelong <0x01000000
+# in file version 5.32 test for null terminator is only true for
+# offset ~< FILE_BYTES_MAX = 1 MB defined in ../../src/file.h
+# look for null terminator of 1st entry name
+>>(4.l+55) ubyte 0 Quake I or II world or extension
+!:mime application/x-dzip
+!:ext pak
+#>>>8 ulelong x \b, table size %u
+# dividing this by entry size (64) gives number of files
+>>>8 ulelong/64 x \b, %u files
+# offset to the beginning of the file table
+>>>4 ulelong x \b, offset 0x%x
+# 1st file entry
+>>>(4.l) use pak-entry
+# 2nd file entry
+#>>>4 ulelong+64 x \b, offset 0x%x
+#>>>(4.l+64) use pak-entry
+#
+# display file table entry of Quake PAK archive
+0 name pak-entry
+# normally entry start after header which implies offset 12 or higher
+>56 ulelong >11
+# the offset from the beginning of pak to beginning of this entry file contents
+>>56 ulelong x at 0x%x
+# the size of file for this entry
+>>60 ulelong x %u bytes
+# 56 byte null-terminated entry name string includes path like maps/e1m1.bsp
+>>0 string x '%-.56s'
+# inspect entry content by jumping to entry offset
+>>(56) indirect x \b:
#0 string -1\x0a Quake I demo
#>30 string x version %.4s
#------------------------------------------------------------------------------
-# $File: geo,v 1.4 2017/03/17 21:35:28 christos Exp $
+# $File: geo,v 1.6 2018/03/11 00:48:16 christos Exp $
# Geo- files from Kurt Schwehr <schwehr@ccom.unh.edu>
######################################################################
>40 ledouble x \b, minz=%g
>48 ledouble x \b, maxz=%g
+# magic for LAS format files
+# alex myczko <alex@aiei.ch>
+# http://www.asprs.org/wp-content/uploads/2010/12/LAS_1_3_r11.pdf
+0 string LASF LIDAR point data records
+>24 byte >0 \b, version %u
+>25 byte >0 \b.%u
+>26 string >\0 \b, SYSID %s
+>58 string >\0 \b, Generating Software %s
+
+# magic for PCD format files
+# alex myczko <alex@aiei.ch>
+# http://pointclouds.org/documentation/tutorials/pcd_file_format.php
+0 string #\ .PCD Point Cloud Data
#------------------------------------------------------------------------------
-# $File: gnu,v 1.18 2017/03/17 21:35:28 christos Exp $
+# $File: gnu,v 1.20 2018/02/24 16:11:23 christos Exp $
# gnu: file(1) magic for various GNU tools
#
# GNU nlsutils message catalog file format
#
# GNU message catalog (.mo and .gmo files)
+# Update: Joerg Jenderek
+# URL: https://www.gnu.org/software/gettext/manual/html_node/MO-Files.html
+# Reference: ftp://ftp.gnu.org/pub/gnu/gettext/gettext-0.19.8.tar.gz/
+# gettext-0.19.8.1/gettext-runtime/intl/gmo.h
+# Note: maybe call it like "GNU translation gettext machine object"
0 string \336\22\4\225 GNU message catalog (little endian),
->6 leshort x revision %d.
->4 leshort >0 \b%d,
->>8 lelong x %d messages,
->>36 lelong x %d sysdep messages
->4 leshort =0 \b%d,
->>8 lelong x %d messages
+#0 ulelong 0x950412DE GNU-format message catalog data
+# TODO: write lines in such a way that code can also be called for big endian variant
+#>0 use gettext-object
+#0 name gettext-object
+>4 ulelong x revision
+!:mime application/x-gettext-translation
+# mo extension is also used for Easeus Partition Master PE32 executable module
+# like ConvertFatToNTFS.mo
+!:ext gmo/mo
+# only found three revision combinations 0.0 0.1 1.1 as unsigned 32-bit
+# major revision
+>4 ulelong/0xFFff x %u.
+# minor revision
+>4 ulelong&0x0000FFff x \b%u
+>>8 ulelong x \b, %u message
+# plural s
+>>8 ulelong >1 \bs
+# size of hashing table
+#>20 ulelong x \b, %u hash
+#>20 ulelong >1 \bes
+#>24 ulelong x at 0x%x
+# for revsion x.0 offset of table with originals is 1Ch if directly after header
+>4 ulelong&0x0000FFff =0
+>>12 ulelong !0x1C \b, at 0x%x string table
+# but for x.1 table offset i found is 30h. That means directly after bigger header
+>4 ulelong&0x0000FFff >0
+>>12 ulelong !0x30 \b, at 0x%x string table
+# The following variables are only used in .mo files with minor revision >= 1
+# number of system dependent segments
+#>>28 ulelong x \b, %u segment
+#>>28 ulelong >1 \bs
+# offset of table describing system dependent segments
+#>>32 ulelong x at 0x%x
+# number of system dependent strings pairs
+>>36 ulelong x \b, %u sysdep message
+>>36 ulelong >1 \bs
+# offset of table with start offsets of original sysdep strings
+#>>40 ulelong x \b, at 0x%x sysdep strings
+# offset of table with start offsets of translated sysdep strings
+#>>44 ulelong x \b, at 0x%x sysdep translations
+# >>(44.l) ulelong x 0x%x chars
+# >>>&0 ulelong x at 0x%x
+# >>>>(&-4) string x "%s"
+# string table after big header
+#>>48 ubequad x \b, string table 0x%llx
+#
+# 0th string length seems to be always 0
+#>(12.l) ulelong x \b, %u chars
+#>>&0 ulelong x at 0x%x
+# if 1st string length positiv inspect offset and string
+#>(12.l+8) ulelong >0 \b, %u chars
+#>>&0 ulelong x at 0x%x
+# if 2nd string length positiv inspect offset and string
+# >(12.l+16) ulelong >0 \b, %u chars
+# >>&0 ulelong x at 0x%x
+# skip newline byte
+#>>>(&-4) ubyte =0x0A
+#>>>>&0 string x "%s"
+#>>>(&-4) ubyte !0x0A
+#>>>>&-1 string x '%s'
+# offset of table with translation strings
+#>16 ulelong x \b, at 0x%x translation table
+# check translation 0 length and offset
+>(16.l) ulelong >0
+>>&0 ulelong x
+# translation 0 seems to be often Project-Id with name and version
+>>>(&-4) string x \b, %s
+# trans. 1 with bytes >= 1 unlike icoutils-0.31.0\po\en@boldquot.gmo with 1 NL
+>(16.l+8) ulelong >1
+>>&0 ulelong x
+>>>(&-4) ubyte !0x0A
+>>>>&-1 string x '%s'
+# 1 New Line like in tar-1.29\po\de.gmo
+>>>(&-4) ubyte =0x0A
+>>>>&0 ubyte !0x0A
+>>>>>&-1 string x '%s'
+# 2nd New Line like in parted-3.1\po\de.gmo
+>>>>&0 ubyte =0x0A
+>>>>>&0 string x '%s'
0 string \225\4\22\336 GNU message catalog (big endian),
+#0 ubelong 0x950412DE GNU-format message catalog data
+!:mime application/x-gettext-translation
+!:ext gmo/mo
+# TODO: for big endian use same code as for little endian
+#>0 use \^gettext-object
+# DEBUG code
+#>16 ubelong x \b, at 0x%x translation table
+#>(16.L) ubelong x 0x%x chars
+#>>&0 ubelong x at 0x%x
+# unexpected value HERE!
+#>>>(&-4) ubequad x 0x%llx
+#
>4 beshort x revision %d.
>6 beshort >0 \b%d,
>>8 belong x %d messages,
0 beshort 0x8502 GPG encrypted data
!:mime text/PGP # encoding: data
+# Update: Joerg Jenderek
+# Note: PGP and GPG use same data structure.
+# So recognition is now done by ./pgp with start test for byte 0x99
# This magic is not particularly good, as the keyrings don't have true
# magic. Nevertheless, it covers many keyrings.
-0 ubeshort-0x9901 <2
->3 byte 4
->>4 bedate x GPG key public ring, created %s
-!:mime application/x-gnupg-keyring
-
+# 0 ubeshort-0x9901 <2
+# >3 byte 4
+# >>4 bedate x GPG key public ring, created %s
+# !:mime application/x-gnupg-keyring
# Symmetric encryption
0 leshort 0x0d8c
>7 string 02 \b (frcode)
# Files produced by GNU gettext
-0 long 0xDE120495 GNU-format message catalog data
-0 long 0x950412DE GNU-format message catalog data
# gettext message catalogue
0 search/1024 \nmsgid
#------------------------------------------------------------------------------
-# $File: images,v 1.126 2017/06/11 22:25:44 christos Exp $
+# $File: images,v 1.131 2018/02/16 15:44:28 christos Exp $
# images: file(1) magic for image formats (see also "iff", and "c-lang" for
# XPM bitmaps)
#
# and Image Type 1 2 3 9 10 11 32 33
# and Color Map Entry Size 0 15 16 24 32
0 ubequad&0x00FeC400000000C0 0
-# skip more garbage by looking for positive image type
+# skip more garbage like *.iso by looking for positive image type
>2 ubyte >0
-# skip some compiled terminfo by looking for image type less equal 33
+# skip some compiled terminfo like xterm+tmux by looking for image type less equal 33
>>2 ubyte <34
-# skip arches.3200 , Finder.Root , Slp.1 by looking for low pixel sizes 15 16 24 32
->>>16 ubyte <33
-# skip more by looking for pixel size 0Fh 10h 18h 20h
->>>>16 ubyte&0xC0 0x00
-# Color Map
->>>>>1 belong&0xfff7ffff 0x01010000
->>>>>>0 use tga-image
->>>>>1 belong&0xfff7ffff 0x00020000
->>>>>>0 use tga-image
->>>>>1 belong&0xfff7ffff 0x00030000
->>>>>>0 use tga-image
->>>>>1 default x
-# skip 260-16.ico by looking for no color map
->>>>>>1 ubyte 0
-# implies no first map entry
->>>>>>>3 uleshort 0
->>>>>>>>0 use tga-image
+# skip arches.3200 , Finder.Root , Slp.1 by looking for low pixel depth 1 8 15 16 24 32
+>>>16 ubyte 1
+>>>>0 use tga-image
+>>>16 ubyte 8
+>>>>0 use tga-image
+>>>16 ubyte 15
+>>>>0 use tga-image
+>>>16 ubyte 16
+>>>>0 use tga-image
+>>>16 ubyte 24
+>>>>0 use tga-image
+>>>16 ubyte 32
+>>>>0 use tga-image
# display tga bitmap image information
0 name tga-image
>2 ubyte <34 Targa image data
# image height. 0 interpreted as 65536
>14 uleshort >0 %d
>14 uleshort =0 65536
-# Image Pixel Size 15 16 24 32
+# Image Pixel depth 1 8 15 16 24 32
>16 ubyte x x %d
# X origin of image. 0 normal
>8 uleshort >0 +%d
>5 byte 0x00 (white background)
>5 byte 0xFF (black background)
-# Gurkan Sengun <gurkan@linuks.mine.nu>, www.linuks.mine.nu
+# From: Alex Myczko <alex@aiei.ch>
# http://www.atarimax.com/jindroush.atari.org/afmtatr.html
0 leshort 0x0296 Atari ATR image
>>&16 byte 5 pxr24
>>&16 byte 6 b44
>>&16 byte 7 b44a
->>&16 byte >7 unknown
+>>&16 byte 8 dwaa
+>>&16 byte 9 dwab
+>>&16 byte >9 unknown
>8 search/0x1000 dataWindow\0 \b, dataWindow:
>>&10 lelong x (%d
>>&14 lelong x %d)-
# ANSI/SMPTE 268M-1994, SMPTE Standard for File Format for Digital
# Moving-Picture Exchange (DPX), v1.0, 18 February 1994
# Robert Minsk <robertminsk at yahoo.com>
+# Modified by Harry Mallon <hjmallon at gmail.com>
0 string SDPX DPX image data, big-endian,
!:mime image/x-dpx
+>0 use dpx_info
+0 string XPDS DPX image data, little-endian,
+!:mime image/x-dpx
+>0 use \^dpx_info
+
+0 name dpx_info
>768 beshort <4
>>772 belong x %dx
>>776 belong x \b%d,
>768 beshort 3 right to left/bottom to top
>768 beshort 4 top to bottom/left to right
>768 beshort 5 top to bottom/right to left
->768 leshort 6 bottom to top/left to right
->768 leshort 7 bottom to top/right to left
+>768 beshort 6 bottom to top/left to right
+>768 beshort 7 bottom to top/right to left
# From: Tom Hilinski <tom.hilinski@comcast.net>
# http://www.unidata.ucar.edu/packages/netcdf/
>4 belong 0x0D0A1A0A
>12 belong 0x00000000 Lytro Light Field Picture
>8 belong x \b, version %d
+
+# Type: Vision Research Phantom CINE Format
+# URL: https://www.phantomhighspeed.com/
+# URL2: http://phantomhighspeed.force.com/vriknowledge/servlet/fileField?id=0BEU0000000Cfyk
+# From: Harry Mallon <hjmallon at gmail.com>
+#
+# This has a short "CI" code but the 44 is the size of the struct which is
+# stable
+0 string CI
+>2 leshort 44 Vision Research CINE Video,
+>>4 leshort 0 Grayscale,
+>>4 leshort 1 JPEG Compressed,
+>>4 leshort 2 RAW,
+>>6 leshort x version %d,
+>>20 lelong x %d frames,
+>>48 lelong x %dx
+>>52 lelong x \b%d
+
+# Type: ARRI Raw Image
+# Info: SMPTE RDD30:2014
+# From: Harry Mallon <hjmallon at gmail.com>
+0 string ARRI ARRI ARI image data,
+>4 lelong 0x78563412 little-endian,
+>4 lelong 0x12345678 big-endian,
+>12 lelong x version %d,
+>20 lelong x %dx
+>24 lelong x \b%d
#------------------------------------------------------------------------------
-# $File: intel,v 1.15 2017/03/17 21:35:28 christos Exp $
+# $File: intel,v 1.16 2017/11/14 15:48:36 christos Exp $
# intel: file(1) magic for x86 Unix
#
# Various flavors of x86 UNIX executable/object (other than Xenix, which
# rom: file(1) magic for BIOS ROM Extensions found in intel machines
# mapped into memory between 0xC0000 and 0xFFFFF
-# From Gurkan Sengun <gurkan@linuks.mine.nu>, www.linuks.mine.nu
+# From: Alex Myczko <alex@aiei.ch>
# updated by Joerg Jenderek
# https://en.wikipedia.org/wiki/Option_ROM
0 beshort 0x55AA BIOS (ia32) ROM Ext.
#------------------------------------------------------------------------------
-# $File: macintosh,v 1.27 2017/03/17 21:35:28 christos Exp $
+# $File: macintosh,v 1.28 2017/12/05 02:17:48 christos Exp $
# macintosh description
#
# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
#>2 string x : %s
# MacBinary format (Eric Fischer, enf@pobox.com)
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/MacBinary
+# Reference: http://files.stairways.com/other/macbinaryii-standard-info.txt
#
# Unfortunately MacBinary doesn't really have a magic number prior
-# to the MacBinary III format. The checksum is really the way to
-# do it, but the magic file format isn't up to the challenge.
+# to the MacBinary III format.
#
-# 0 byte 0
-# 1 byte # filename length
-# 2 string # filename
-# 65 string # file type
-# 69 string # file creator
-# 73 byte # Finder flags
-# 74 byte 0
+
+# old version number, must be kept at zero for compatibility
+0 byte 0
+# length of filename (must be in the range 1-63)
+>1 ubyte >0
+# skip T.PIC.LZ INSTRUMENT.7T INVENTORY
+>>1 ubyte <64
+# skip Docs.MWII ReadMe.MacWrite "Notes (MacWrite II)"
+# by looking for printable characters at beginning of file name
+>>>2 ubelong >0x1F000000
+# zero fill, must be zero for compatibility
+>>>>74 byte 0
+# zero fill, must be zero for compatibility
+>>>>>82 byte 0
+# MacBinary I test for valid version numbers
+>>>>>>122 ubeshort 0
+# additional check for creation date after 1 Jan 1970 ~ 7C25B080h
+#>>>>>>>91 ubelong >0x7c25b07F
+# additional check for undefined header fields in MacBinary I
+#>>>>>>>101 ulong 0
+>>>>>>>0 use mac-bin
+# MacBinary II the newer versions begins at 129
+>>>>>>122 ubeshort 0x8181
+>>>>>>>0 use mac-bin
+# MacBinary III with MacBinary II to read
+>>>>>122 ubeshort 0x8281
+>>>>>>0 use mac-bin
+
+# display information of MacBinary file
+0 name mac-bin
+>122 ubyte x MacBinary
+# versions for MacBinary II/III
+>122 ubyte 129 II
+>122 ubyte 130 III
+# only in MacBinary III
+>>102 string !mBIN with surprising version
+!:mime application/x-macbinary
+!:apple PSPTBINA
+!:ext bin/macbin
+# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidetified as MacBinary
+#>1 ubyte >63 \b, name length %u too BIG!
+#>122 ubeshort x \b, version 0x%x
+# Finder flags if not 0
+# >73 byte !0 \b, flags 0x
+# >73 byte =0
+# >>101 byte !0 \b, flags 0x
+# # original Finder flags (Bits 8-15)
+# >73 byte !0 \b%x
+# # finder flags, bits 0-7
+# >101 byte !0 \b%x
+>73 byte &0x01 \b, inited
+>73 byte &0x02 \b, changed
+>73 byte &0x04 \b, busy
+>73 byte &0x08 \b, bozo
+>73 byte &0x10 \b, system
+>73 byte &0x20 \b, bundle
+>73 byte &0x40 \b, invisible
+>73 byte &0x80 \b, locked
+
# 75 beshort # vertical posn in window
+#>75 beshort !0 \b, v.pos %u
# 77 beshort # horiz posn in window
+#>77 beshort !0 \b, h.pos %u
# 79 beshort # window or folder ID
-# 81 byte # protected?
-# 82 byte 0
-# 83 belong # length of data segment
-# 87 belong # length of resource segment
-# 91 belong # file creation date
-# 95 belong # file modification date
-# 99 beshort # length of comment after resource
-# 101 byte # new Finder flags
-# 102 string mBIN # (only in MacBinary III)
-# 106 byte # char. code of file name
-# 107 byte # still more Finder flags
-# 116 belong # total file length
+>79 ubeshort !0 \b, ID 0x%x
+# protected flag
+>81 byte !0 \b, protected 0x%x
+# length of comment after resource
+>99 ubeshort !0 \b, comment length %u
+# char. code of file name
+>106 ubyte !0 \b, char. code 0x%x
+# still more Finder flags
+>107 ubyte !0 \b, more flags 0x%x
+# length of total files when unpacked only used when pack and unpack on the fly
+>116 ubelong !0 \b, total length %u
# 120 beshort # length of add'l header
-# 122 byte 129 # for MacBinary II
-# 122 byte 130 # for MacBinary III
-# 123 byte 129 # minimum version that can read fmt
+>120 ubeshort !0 \b, 2nd header length %u
# 124 beshort # checksum
-#
-# This attempts to use the version numbers as a magic number, requiring
-# that the first one be 0x80, 0x81, 0x82, or 0x83, and that the second
-# be 0x81. This works for the files I have, but maybe not for everyone's.
+#>124 ubeshort !0 \b, CRC 0x%x
+# creation date in seconds since MacOS epoch start. So 1 Jan 1970 ~ 7C25B080
+>91 beldate-0x7C25B080 x \b, %s
+# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidetified or time overflow
+>91 ubelong <0x7c25b080 INVALID date
+#>91 belong-0x7C25B080 x \b, DEBUG DATE %d
+# last modified date
+>95 beldate-0x7C25B080 x \b, modified %s
+# Apple creator+typ if not null
+# file creator (normally expressed as four characters)
+>69 ulong !0 \b, creator
+# instead 4 character code display full creator name
+>>69 use apple-creator
+# file type (normally expressed as four characters)
+>65 ulong !0 \b, type
+>>65 use apple-type
+# length of data segment
+>83 ubelong !0 \b, %u bytes
+# filename (in the range 1-63)
+>1 pstring x "%s"
+# print 1 space and then at offset 128 inspect data fork content if it has one
+>83 ubelong !0 \b
+>>128 indirect x
+# Afterwards resource fork if length of resource segment not zero
+>87 ubelong !0
+# calculate resource fork offset
+>>83 ubelong+128 x \b, at 0x%x
+# length of resource segment
+>>87 ubelong !0 %u bytes
+>>(83.S+128) ubequad x resource
+# further resource fork content inspection
+>>>&-8 indirect x
-# Unfortunately, this magic is quite weak - MPi
-#122 beshort&0xFCFF 0x8081 Macintosh MacBinary data
-
-# MacBinary I doesn't have the version number field at all, but MacBinary II
-# has been in use since 1987 so I hope there aren't many really old files
-# floating around that this will miss. The original spec calls for using
-# the nulls in 0, 74, and 82 as the magic number.
-#
-# Another possibility, that would also work for MacBinary I, is to use
-# the assumption that 65-72 will all be ASCII (0x20-0x7F), that 73 will
-# have bits 1 (changed), 2 (busy), 3 (bozo), and 6 (invisible) unset,
-# and that 74 will be 0. So something like
-#
-# 71 belong&0x80804EFF 0x00000000 Macintosh MacBinary data
-#
-# >73 byte&0x01 0x01 \b, inited
-# >73 byte&0x02 0x02 \b, changed
-# >73 byte&0x04 0x04 \b, busy
-# >73 byte&0x08 0x08 \b, bozo
-# >73 byte&0x10 0x10 \b, system
-# >73 byte&0x10 0x20 \b, bundle
-# >73 byte&0x10 0x40 \b, invisible
-# >73 byte&0x10 0x80 \b, locked
+# Apple Type/Creator Database
+# URL: https://en.wikipedia.org/wiki/Type_code
+# Reference: http://www.lacikam.co.il/tcdb/
+# http://www.macdisk.com/macsigen.php
+# Note: classic Mac OS files have two 4 character codes for type and creator.
+# Thereby the Finder attach documents types to applications.
#>65 string x \b, type "%4.4s"
-#>65 string 8BIM (PhotoShop)
-#>65 string ALB3 (PageMaker 3)
-#>65 string ALB4 (PageMaker 4)
-#>65 string ALT3 (PageMaker 3)
-#>65 string APPL (application)
-#>65 string AWWP (AppleWorks word processor)
-#>65 string CIRC (simulated circuit)
-#>65 string DRWG (MacDraw)
-#>65 string EPSF (Encapsulated PostScript)
-#>65 string FFIL (font suitcase)
-#>65 string FKEY (function key)
-#>65 string FNDR (Macintosh Finder)
-#>65 string GIFf (GIF image)
-#>65 string Gzip (GNU gzip)
-#>65 string INIT (system extension)
-#>65 string LIB\ (library)
-#>65 string LWFN (PostScript font)
-#>65 string MSBC (Microsoft BASIC)
-#>65 string PACT (Compact Pro archive)
-#>65 string PDF\ (Portable Document Format)
-#>65 string PICT (picture)
-#>65 string PNTG (MacPaint picture)
-#>65 string PREF (preferences)
-#>65 string PROJ (Think C project)
-#>65 string QPRJ (Think Pascal project)
-#>65 string SCFL (Defender scores)
-#>65 string SCRN (startup screen)
-#>65 string SITD (StuffIt Deluxe)
-#>65 string SPn3 (SuperPaint)
-#>65 string STAK (HyperCard stack)
-#>65 string Seg\ (StuffIt segment)
-#>65 string TARF (Unix tar archive)
-#>65 string TEXT (ASCII)
-#>65 string TIFF (TIFF image)
-#>65 string TOVF (Eudora table of contents)
-#>65 string WDBN (Microsoft Word word processor)
-#>65 string WORD (MacWrite word processor)
-#>65 string XLS\ (Microsoft Excel)
-#>65 string ZIVM (compress (.Z))
-#>65 string ZSYS (Pre-System 7 system file)
-#>65 string acf3 (Aldus FreeHand)
-#>65 string cdev (control panel)
-#>65 string dfil (Desk Accessory suitcase)
-#>65 string libr (library)
-#>65 string nX^d (WriteNow word processor)
-#>65 string nX^w (WriteNow dictionary)
-#>65 string rsrc (resource)
-#>65 string scbk (Scrapbook)
-#>65 string shlb (shared library)
-#>65 string ttro (SimpleText read-only)
-#>65 string zsys (system file)
+# display information about apple type
+0 name apple-type
+>0 string 8BIM PhotoShop
+>0 string ALB3 PageMaker 3
+>0 string ALB4 PageMaker 4
+>0 string ALT3 PageMaker 3
+>0 string APPL application
+>0 string AWWP AppleWorks word processor
+>0 string CIRC simulated circuit
+>0 string DRWG MacDraw
+>0 string EPSF Encapsulated PostScript
+>0 string FFIL font suitcase
+>0 string FKEY function key
+>0 string FNDR Macintosh Finder
+>0 string GIFf GIF image
+>0 string Gzip GNU gzip
+>0 string INIT system extension
+>0 string LIB\ library
+>0 string LWFN PostScript font
+>0 string MSBC Microsoft BASIC
+>0 string PACT Compact Pro archive
+>0 string PDF\ Portable Document Format
+>0 string PICT picture
+>0 string PNTG MacPaint picture
+>0 string PREF preferences
+>0 string PROJ Think C project
+>0 string QPRJ Think Pascal project
+>0 string SCFL Defender scores
+>0 string SCRN startup screen
+>0 string SITD StuffIt Deluxe
+>0 string SPn3 SuperPaint
+>0 string STAK HyperCard stack
+>0 string Seg\ StuffIt segment
+>0 string TARF Unix tar archive
+>0 string TEXT ASCII
+>0 string TIFF TIFF image
+>0 string TOVF Eudora table of contents
+>0 string WDBN Microsoft Word word processor
+>0 string WORD MacWrite word processor
+>0 string XLS\ Microsoft Excel
+>0 string ZIVM compress (.Z)
+>0 string ZSYS Pre-System 7 system file
+>0 string acf3 Aldus FreeHand
+>0 string cdev control panel
+>0 string dfil Desk Accessory suitcase
+>0 string libr library
+>0 string nX^d WriteNow word processor
+>0 string nX^w WriteNow dictionary
+>0 string rsrc resource
+>0 string scbk Scrapbook
+>0 string shlb shared library
+>0 string ttro SimpleText read-only
+>0 string zsys system file
+
+# additional types added in Dec 2017
+>0 string BINA binary file
+>0 string BMPp BMP image
+>0 string JPEG JPEG image
+#>0 string W4BN Microsoft Word x.y word processor?
+# if type name is not known display 4 character identifier
+>0 default x
+>>0 string x '%4.4s'
#>69 string x \b, creator "%4.4s"
-# Somewhere, Apple has a repository of registered Creator IDs. These are
+# Now Apple has no repository of registered Creator IDs any more. These are
# just the ones that I happened to have files from and was able to identify.
-#>69 string 8BIM (Adobe Photoshop)
-#>69 string ALD3 (PageMaker 3)
-#>69 string ALD4 (PageMaker 4)
-#>69 string ALFA (Alpha editor)
-#>69 string APLS (Apple Scanner)
-#>69 string APSC (Apple Scanner)
-#>69 string BRKL (Brickles)
-#>69 string BTFT (BitFont)
-#>69 string CCL2 (Common Lisp 2)
-#>69 string CCL\ (Common Lisp)
-#>69 string CDmo (The Talking Moose)
-#>69 string CPCT (Compact Pro)
-#>69 string CSOm (Eudora)
-#>69 string DMOV (Font/DA Mover)
-#>69 string DSIM (DigSim)
-#>69 string EDIT (Macintosh Edit)
-#>69 string ERIK (Macintosh Finder)
-#>69 string EXTR (self-extracting archive)
-#>69 string Gzip (GNU gzip)
-#>69 string KAHL (Think C)
-#>69 string LWFU (LaserWriter Utility)
-#>69 string LZIV (compress)
-#>69 string MACA (MacWrite)
-#>69 string MACS (Macintosh operating system)
-#>69 string MAcK (MacKnowledge terminal emulator)
-#>69 string MLND (Defender)
-#>69 string MPNT (MacPaint)
-#>69 string MSBB (Microsoft BASIC (binary))
-#>69 string MSWD (Microsoft Word)
-#>69 string NCSA (NCSA Telnet)
-#>69 string PJMM (Think Pascal)
-#>69 string PSAL (Hunt the Wumpus)
-#>69 string PSI2 (Apple File Exchange)
-#>69 string R*ch (BBEdit)
-#>69 string RMKR (Resource Maker)
-#>69 string RSED (Resource Editor)
-#>69 string Rich (BBEdit)
-#>69 string SIT! (StuffIt)
-#>69 string SPNT (SuperPaint)
-#>69 string Unix (NeXT Mac filesystem)
-#>69 string VIM! (Vim editor)
-#>69 string WILD (HyperCard)
-#>69 string XCEL (Microsoft Excel)
-#>69 string aCa2 (Fontographer)
-#>69 string aca3 (Aldus FreeHand)
-#>69 string dosa (Macintosh MS-DOS file system)
-#>69 string movr (Font/DA Mover)
-#>69 string nX^n (WriteNow)
-#>69 string pdos (Apple ProDOS file system)
-#>69 string scbk (Scrapbook)
-#>69 string ttxt (SimpleText)
-#>69 string ufox (Foreign File Access)
-
-# Just in case...
-
-102 string mBIN MacBinary III data with surprising version number
+# display information about apple creator
+0 name apple-creator
+>0 string 8BIM Adobe Photoshop
+>0 string ALD3 PageMaker 3
+>0 string ALD4 PageMaker 4
+>0 string ALFA Alpha editor
+>0 string APLS Apple Scanner
+>0 string APSC Apple Scanner
+>0 string BRKL Brickles
+>0 string BTFT BitFont
+>0 string CCL2 Common Lisp 2
+>0 string CCL\ Common Lisp
+>0 string CDmo The Talking Moose
+>0 string CPCT Compact Pro
+>0 string CSOm Eudora
+>0 string DMOV Font/DA Mover
+>0 string DSIM DigSim
+>0 string EDIT Macintosh Edit
+>0 string ERIK Macintosh Finder
+>0 string EXTR self-extracting archive
+>0 string Gzip GNU gzip
+>0 string KAHL Think C
+>0 string LWFU LaserWriter Utility
+>0 string LZIV compress
+>0 string MACA MacWrite
+>0 string MACS Macintosh operating system
+>0 string MAcK MacKnowledge terminal emulator
+>0 string MLND Defender
+>0 string MPNT MacPaint
+>0 string MSBB Microsoft BASIC (binary)
+>0 string MSWD Microsoft Word
+>0 string NCSA NCSA Telnet
+>0 string PJMM Think Pascal
+>0 string PSAL Hunt the Wumpus
+#>0 string PSI2 Apple File Exchange
+>0 string R*ch BBEdit
+>0 string RMKR Resource Maker
+>0 string RSED Resource Editor
+>0 string Rich BBEdit
+>0 string SIT! StuffIt
+>0 string SPNT SuperPaint
+>0 string Unix NeXT Mac filesystem
+>0 string VIM! Vim editor
+>0 string WILD HyperCard
+>0 string XCEL Microsoft Excel
+>0 string aCa2 Fontographer
+>0 string aca3 Aldus FreeHand
+>0 string dosa Macintosh MS-DOS file system
+>0 string movr Font/DA Mover
+>0 string nX^n WriteNow
+>0 string pdos Apple ProDOS file system
+>0 string scbk Scrapbook
+>0 string ttxt SimpleText
+>0 string ufox Foreign File Access
+# additional creators added in Dec 2017
+# Claris/Apple Works
+>0 string BOBO Apple Works
+# CU-SeeMe_0.87b3_(68K).bin
+#>0 string CUce bar
+>0 string PSPT Apple File Exchange
+# Disk_Copy_4.2.sea.bin
+#>0 string NCse foo
+# probably StuffIt/Aladdin by Smith Micro Software, Inc.
+>0 string STi0 stuffit
+# MacGzip-1.1.3.sea.bin
+#>0 string aust bar
+# D-Disk_Copy_6.3.3.smi.bin
+>0 string oneb Disk Copy Self Mounting
+# if creator name is not known display 4 character identifier
+>0 default x
+>>0 string x '%4.4s'
# sas magic from Bruce Foster (bef@nwu.edu)
#
--- /dev/null
+
+#------------------------------------------------------------------------------
+# $File: measure,v 1.1 2017/11/28 14:01:14 christos Exp $
+# measure: file(1) magic for measurement data
+
+# DIY-Thermocam raw data
+0 name diy-thermocam-parser
+>0 beshort x scale %d-
+>2 beshort x \b%d,
+>4 lefloat x spot sensor temperature %f,
+>9 byte 0 unit celsius,
+>9 byte 1 unit fahrenheit,
+>8 byte x color scheme %d
+>10 byte 1 \b, show spot sensor
+>11 byte 1 \b, show scale bar
+>12 byte &1 \b, minimum point enabled
+>12 byte &2 \b, maximum point enabled
+>13 lefloat x \b, calibration: offset %f,
+>17 lefloat x slope %f
+
+0 name diy-thermocam-checker
+>9 byte <2
+>>10 byte <2
+>>>11 byte <2
+>>>>12 byte <4
+>>>>>17 lefloat >0.0001 DIY-Thermocam raw data
+
+# V2 and Leption 3.x:
+38408 byte <19
+>38400 use diy-thermocam-checker
+>>38400 default x (Lepton 3.x),
+>>>38400 use diy-thermocam-parser
+
+# V1 or Lepton 2.x
+9608 byte <19
+>9600 use diy-thermocam-checker
+>>9600 default x (Lepton 2.x),
+>>>9600 use diy-thermocam-parser
+
#------------------------------------------------------------------------------
-# $File: mozilla,v 1.7 2017/03/17 21:35:28 christos Exp $
+# $File: mozilla,v 1.8 2018/01/17 12:08:36 christos Exp $
# mozilla: file(1) magic for Mozilla XUL fastload files
# (XUL.mfasl and XPC.mfasl)
# URL: http://www.mozilla.org/
0 string XPCOM\nMozFASL\r\n\x1A Mozilla XUL fastload data
0 string mozLz4a Mozilla lz4 compressed bookmark data
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Firefox_4
+# Reference: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
+# Note: Most ZIP utilities are able to extract such archives
+# maybe only partly or after some warnings. Example:
+# zip -FF omni.ja --out omni.zip
+4 string PK\001\002 Mozilla archive omni.ja
+!:mime application/x-zip
+!:ext ja
+# TODO:
+#>4 use zip-dir-entry
#------------------------------------------------------------------------------
-# $File: msdos,v 1.120 2017/08/13 00:21:47 christos Exp $
+# $File: msdos,v 1.121 2017/10/27 21:43:23 christos Exp $
# msdos: file(1) magic for MS-DOS files
#
0 string/b \333\245-\0\0\0 Microsoft Word 2.0 Document
!:mime application/msword
!:ext doc
-512 string/b \354\245\301 Microsoft Word Document
-!:mime application/msword
+# Note: seems already recognized as "OLE 2 Compound Document" in ./ole2compounddocs
+#512 string/b \354\245\301 Microsoft Word Document
+#!:mime application/msword
#
0 string/b \xDB\xA5\x2D\x00 Microsoft WinWord 2.0 Document
>40 string \ EMF Windows Enhanced Metafile (EMF) image data
>>44 ulelong x version 0x%x
-# from http://filext.com by Derek M Jones <derek@knosof.co.uk>
-# False positive with PPT (also currently this string is too long)
-#0 string/b \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF\x09\x00\x06 Microsoft Installer
-0 string/b \320\317\021\340\241\261\032\341 Microsoft Office Document
-#>48 byte 0x1B Excel Document
-#!:mime application/vnd.ms-excel
->546 string bjbj Microsoft Word Document
-!:mime application/msword
->546 string jbjb Microsoft Word Document
-!:mime application/msword
0 string/b \224\246\056 Microsoft Word Document
!:mime application/msword
#------------------------------------------------------------------------------
-# $File: msooxml,v 1.4 2014/01/06 18:16:24 rrt Exp $
+# $File: msooxml,v 1.7 2018/03/12 12:38:59 christos Exp $
# msooxml: file(1) magic for Microsoft Office XML
# From: Ralf Brown <ralf.brown@gmail.com>
# file of ePub or OpenDocument, we'll have to scan for a filename
# which can distinguish between the three types
+0 name msooxml
+>0 string word/ Microsoft Word 2007+
+!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
+>0 string ppt/ Microsoft PowerPoint 2007+
+!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
+>0 string xl/ Microsoft Excel 2007+
+!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+
# start by checking for ZIP local file header signature
0 string PK\003\004
!:strength +10
# and check the subdirectory name to determine which type of OOXML
# file we have. Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
->>>>&26 string word/ Microsoft Word 2007+
-!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
->>>>&26 string ppt/ Microsoft PowerPoint 2007+
-!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
->>>>&26 string xl/ Microsoft Excel 2007+
-!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
->>>>&26 default x Microsoft OOXML
+>>>>&26 use msooxml
+>>>>&26 default x
+# OpenOffice/Libreoffice orders ZIP entry differently, so check the 4th file
+>>>>>&26 search/1000 PK\003\004
+>>>>>>&26 use msooxml
+>>>>>>&26 default x Microsoft OOXML
#------------------------------------------------------------------------------
-# $File: netbsd,v 1.24 2017/03/17 21:35:28 christos Exp $
+# $File: netbsd,v 1.25 2017/09/28 02:37:47 christos Exp $
# netbsd: file(1) magic for NetBSD objects
#
# All new-style magic numbers are in network byte order.
>0 belong&0xfc000000 0x10000000 \b, STACK
>4 leshort x \b, (headersize = %d
>6 leshort x \b, segmentsize = %d
->6 lelong x \b, segments = %d)
+>8 lelong x \b, segments = %d)
# little endian only for now.
0 name ktrace
#------------------------------------------------------------------------------
-# $File$
+# $File: ole2compounddocs,v 1.5 2017/10/27 21:43:23 christos Exp $
# Microsoft OLE 2 Compound Documents : file(1) magic for Microsoft Structured
-# storage (http://en.wikipedia.org/wiki/Structured_Storage)
+# storage (https://en.wikipedia.org/wiki/Compound_File_Binary_Format)
# Additional tests for OLE 2 Compound Documents should be under this recipe.
0 string \320\317\021\340\241\261\032\341 OLE 2 Compound Document
# - Visio documents
# Last update on 10/23/2006 by Lester Hightower
> 0x480 string V\000i\000s\000i\000o\000D\000o\000c : Visio Document
+
+# Note: moved & merged Microsoft Office parts from ./msdos Oct 2017
+# Update: Joerg Jenderek
+# from http://filext.com by Derek M Jones <derek@knosof.co.uk>
+# False positive with PPT (also currently this string is too long)
+#0 string/b \xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF\x09\x00\x06 Microsoft Installer
+#0 string/b \320\317\021\340\241\261\032\341 Microsoft Office Document
+#>48 byte 0x1B Excel Document
+#!:mime application/vnd.ms-excel
+>546 string bjbj : Microsoft Word Document
+!:mime application/msword
+# https://www.macdisk.com/macsigen.php
+!:apple MSWDWDBN
+!:ext doc/dot
+>546 string jbjb : Microsoft Word Document
+!:mime application/msword
+!:apple MSWDWDBN
+!:ext doc
+
#------------------------------------------------------------------------------
-# $File: pgp,v 1.14 2017/03/17 21:35:28 christos Exp $
+# $File: pgp,v 1.15 2018/02/24 16:11:23 christos Exp $
# pgp: file(1) magic for Pretty Good Privacy
# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
#
-0 beshort 0x9900 PGP key public ring
-!:mime application/x-pgp-keyring
+# Update: Joerg Jenderek
+# Note: verified by `gpg -v --debug 0x02 --list-packets < PUBRING263_10.PGP`
+#0 byte 0x99 MAYBE PGP 0x99
+0 byte 0x99
+# 99h~10;0110;01~2=old packet type;tag 6=Public-Key Packet;1=two-octet length
+# A two-octet body header encodes packet lengths of 192~00C0h - 8383~20BFh
+#>1 ubeshort x \b, body length 0x%.4x
+# skip Basic.Image Beauty.320 Pic.Icons by looking for low version number
+#>3 ubyte x \b, V=%u
+#>3 ubyte <5 VERSION OK
+>3 ubyte <5
+# next packet type often b4h~(tag 13)~User ID Packet, b0h~(tag 12)~Trust packet
+#>>(1.S+3) ubyte x \b, next packet type 0x%x
+# skip 9900-v4.bin 9902-v4.bin by looking for valid second packet type (bit 7=1)
+#>>(1.S+3) ubyte >0x7F TYPE OK,
+>>(1.S+3) ubyte >0x7F
+# old versions 2,3 implies Pretty Good Privacy
+>>>3 ubyte <4 PGP key public ring (v%u)
+!:mime application/pgp-keys
+!:ext pgp/ASD
+>>>>4 beldate x created %s
+# days that this key is valid. If this number is zero, then it does not expire
+>>>>8 ubeshort >0 \b, %u days valid
+>>>>8 ubeshort =0 \b, not expire
+# display key algorithm 1~RSA (Encrypt or Sign)
+>>>>10 use key_algo
+# Multiprecision Integers (MPI) size
+>>>>11 ubeshort x %u bits
+# MPI
+>>>>13 ubequad x MPI=0x%16.16llx...
+# new version implies Pretty Good Privacy (PGP) >= 5.0 or Gnu Privacy Guard (GPG)
+>>>3 ubyte >3 PGP/GPG key public ring (v%u)
+!:mime application/pgp-keys
+!:ext pgp/gpg/pkr/asd
+>>>>4 beldate x created %s
+# display key algorithm 17~DSA
+>>>>8 use key_algo
+# Multiprecision Integers (MPI) size
+>>>>9 ubeshort x %u bits
+>>>>11 ubequad x MPI=0x%16.16llx...
+
0 beshort 0x9501 PGP key security ring
!:mime application/x-pgp-keyring
0 beshort 0x9500 PGP key security ring
#------------------------------------------------------------------------------
-# $File: revision,v 1.8 2010/11/25 15:00:12 christos Exp $
+# $File: revision,v 1.10 2017/10/19 16:40:37 christos Exp $
# file(1) magic for revision control files
# From Hendrik Scholz <hendrik@scholz.net>
0 string/t /1\ :pserver: cvs password text file
# Type: Git pack
# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Git
+# reference: https://github.com/git/git/blob/master/Documentation/technical/pack-format.txt
# The actual magic is 'PACK', but that clashes with Doom/Quake packs. However,
# those have a little-endian offset immediately following the magic 'PACK',
# the first byte of which is never 0, while the first byte of the Git pack
# version, since it's a tiny number stored in big-endian format, is always 0.
-0 string PACK\0 Git pack
->4 belong >0 \b, version %d
->>8 belong >0 \b, %d objects
+0 string PACK
+# GRR: line above is too general as it matches also PackDir archive ./acorn
+# test for major version. Git 2017 accepts version number 2 or 3
+>4 ubelong <9
+# Acorn PackDir with method 0 compression has root like ADFS::HardDisc4.$.AsylumSrc
+# or SystemDevice::foobar
+>>9 search/13 ::
+# but in git binary
+>>9 default x Git pack
+!:mime application/x-git
+!:ext pack
+# 4 GB limit implies unsigned integer
+>>>4 ubelong x \b, version %u
+>>>8 ubelong x \b, %u objects
# Type: Git pack index
# From: Adam Buchbinder <adam.buchbinder@gmail.com>
#------------------------------------------------------------------------------
-# $File: riff,v 1.32 2017/03/17 21:35:28 christos Exp $
+# $File: riff,v 1.33 2017/10/06 01:11:24 christos Exp $
# riff: file(1) magic for RIFF format
# See
#
# http://www.seanet.com/users/matts/riffmci/riffmci.htm
+# http://www-mmsp.ece.mcgill.ca/Documents/AudioFormats/WAVE/Docs/riffmci.pdf
#
# audio format tag. Assume limits: max 1024 bit, 128 channels, 1 MHz
#
0 string RIFF RIFF (little-endian) data
# RIFF Palette format
->8 string PAL \b, palette
->>16 leshort x \b, version %d
->>18 leshort x \b, %d entries
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Resource_Interchange_File_Format
+# Reference: http://worms2d.info/Palette_file
+>8 string PAL\ \b, palette
+!:mime application/x-riff
+# color palette by Microsoft Corporation
+!:ext pal
+# file size = chunk size + 8 in most cases
+>>4 ulelong+8 x \b, %u bytes
+# Extended PAL Format
+>>12 string plth \b, extended
+# Simple PAL Format
+>>12 string data
+# data chunk size = color entries * 4 + 4 + sometimes extra (4) appended bytes
+>>>16 ulelong x \b, data size %u
+# palVersion is always 0x0300
+#>>>20 leshort x \b, version 0x%4.4x
+# palNumEntries specifies the number of palette color entries
+>>>22 uleshort x \b, %u entries
+# after palPalEntry sized (number of color entries * 4 ) vector
+>>>(22.s*4) ubequad x
+# jump relative 22 ( 8 + 16) bytes forward points after end of file or to
+# appended extra bytes like in http://safecolours.rigdenage.com/set(ms).zip/Protan(MS).pal
+>>>>&16 ubelong x \b, extra bytes
+>>>>>&-4 ubelong >0 0x%8.8x
# RIFF Device Independent Bitmap format
>8 string RDIB \b, device-independent bitmap
>>16 string BM
--- /dev/null
+
+#------------------------------------------------------------------------------
+# $File: rpi,v 1.1 2018/01/01 05:25:17 christos Exp $
+# rpi: file(1) magic for Raspberry Pi images
+-44 lelong 0
+>4 lelong 0
+>>8 lelong 1
+>>12 lelong 4
+>>>16 string 283x
+>>>>20 lelong 1
+>>>>>24 lelong 4
+>>>>>>28 string DTOK
+>>>>>>>32 lelong 44
+>>>>>>>>36 lelong 4
+>>>>>>>>>40 string RPTL Raspberry PI kernel image
#------------------------------------------------------------------------------
-# $File: sgml,v 1.37 2017/07/23 08:23:33 christos Exp $
+# $File: sgml,v 1.38 2017/10/11 11:40:43 christos Exp $
# Type: SVG Vectorial Graphics
# From: Noel Torres <tecnico@ejerciciosresueltos.com>
0 string \<?xml\ version=
0 search/1 #\ HTTP\ Cookie\ File Web browser cookie text
0 search/1 #\ Netscape\ HTTP\ Cookie\ File Netscape cookie text
0 search/1 #\ KDE\ Cookie\ File Konqueror cookie text
+
+# XML-based format representing braille pages in a digital format.
+#
+# Specification:
+# http://files.pef-format.org/specifications/pef-2008-1/pef-specification.html
+#
+# Simon Aittamaa <simon.aittamaa@gmail.com>
+0 string \<?xml\ version=
+>14 regex ['"\ \t]*[0-9.]+['"\ \t]*
+>>19 search/4096 \<pef Portable Embosser Format
+!:mime application/x-pef+xml
\ No newline at end of file
#------------------------------------------------------------------------------
-# $File: spectrum,v 1.6 2009/09/19 16:28:12 christos Exp $
+# $File: spectrum,v 1.8 2017/09/11 23:51:12 christos Exp $
# spectrum: file(1) magic for Spectrum emulator files.
#
# John Elliott <jce@seasip.demon.co.uk>
# Hard disk images
0 string RS-IDE\x1a Spectrum .HDF hard disk image
>7 byte x \b, version 0x%02x
+
+# SZX snapshots (fuse and spectaculator)
+# Martin M. S. Pedersen <martin@linux.com>
+# http://www.spectaculator.com/docs/zx-state/header.shtml
+#
+0 string ZXST zx-state snapshot
+>4 byte x version %d
+>5 byte x \b.%d
+>>6 byte 0 16k ZX Spectrum
+>>6 byte 1 48k ZX Spectrum/ZX Spectrum+
+>>6 byte 2 ZX Spectrum 128
+>>6 byte 3 ZX Spectrum +2
+>>6 byte 4 ZX Spectrum +2A/+2B
+>>6 byte 5 ZX Spectrum +3
+>>6 byte 6 ZX Spectrum +3e
+>>6 byte 7 Pentagon 128
+>>6 byte 8 Timex Sinclair TC2048
+>>6 byte 9 Timex Sinclair TC2068
+>>6 byte 10 Scorpion ZS-256
+>>6 byte 11 ZX Spectrum SE
+>>6 byte 12 Timex Sinclair TS2068
+>>6 byte 13 Pentagon 512
+>>6 byte 14 Pentagon 1024
+>>6 byte 15 48k ZX Spectrum (NTSC)
+>>6 byte 16 ZX Spectrum 12Ke
+>>>7 byte 1 (alternate timings)
#------------------------------------------------------------------------------
-# $File: ssl,v 1.3 2017/01/18 14:59:19 christos Exp $
+# $File: ssl,v 1.5 2017/12/29 04:00:07 christos Exp $
# ssl: file(1) magic for SSL file formats
# Type: OpenSSL certificates/key files
# OpenSSL enc file (recognized by a magic string preceding the password's salt)
0 string Salted__ openssl enc'd data with salted password
# Using the -a or -base64 option, OpenSSL will base64-encode the data.
-0 string U2FsdGVkX19 openssl enc'd data with salted password, base64 encoded
+0 string U2FsdGVkX1 openssl enc'd data with salted password, base64 encoded
#------------------------------------------------------------------------------
-# $File: terminfo,v 1.9 2017/04/28 16:28:58 christos Exp $
+# $File: terminfo,v 1.10 2018/01/21 03:26:33 christos Exp $
# terminfo: file(1) magic for terminfo
#
# URL: http://invisible-island.net/ncurses/man/term.5.html
# no extension
#!:ext
#
+#------------------------------------------------------------------------------
+# The following was added for ncurses6 development:
+#------------------------------------------------------------------------------
+#
+0 string \036\002
+# imitate the legacy compiled-format, to get the entry-name printed
+>16 ubyte >32
+# namelist, if more than 1 separated by "|" like "st|stterm| simpleterm 0. 4.1"
+>>12 regex \^[a-zA-Z0-9][a-zA-Z0-9.][^|]* Compiled 32-bit terminfo entry "%-s"
+!:mime application/x-terminfo2
+#
# While the compiled terminfo uses little-endian format irregardless of
# platform, SystemV screen dumps do not. They came later, and that detail was
# overlooked.
--- /dev/null
+
+#------------------------------------------------------------------------------
+# $File: tplink,v 1.2 2017/12/14 05:52:56 christos Exp $
+# tplink: File magic for openwrt firmware files
+
+# URL: https://wiki.openwrt.org/doc/techref/header
+# Reference: http://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
+# From: Joerg Jenderek
+# check for valid header version 1 or 2
+0 ulelong <3
+>0 ulelong !0
+# test for header padding with nulls
+>>0x100 long 0
+>>>0 use firmware-tplink
+
+0 name firmware-tplink
+>0 ubyte x firmware
+!:mime application/x-tplink-bin
+!:ext bin
+# hardware id like 10430001 07410001 09410004 09410006
+>0x40 ubeshort x %x
+>0x42 ubeshort x v%x
+# hardware revision like 1
+>0x44 ubelong !1 (revision %u)
+# vendor_name[24] like OpenWrt or TP-LINK Technologies
+>4 string x %.24s
+# fw_version[36] like r49389 or ver. 1.0
+>0x1c string x %.36s
+# header version 1 or 2
+>0 ubyte !1 V%X
+# ver_hi.ver_mid.ver_lo
+>0x98 long !0 \b, version
+>>0x98 ubeshort x %u
+>>0x9A ubeshort x \b.%u
+>>0x9C ubeshort x \b.%u
+# region code 0~universal 1~US
+>0x48 ubelong x
+#>>0x48 ubelong 0 (universal)
+>>0x48 ubelong 1 (US)
+>>0x48 ubelong >1 (region %u)
+# total length of the firmware. not always true
+>0x7C ubelong x \b, %u bytes or less
+# unknown 1
+>0x48 ubelong !0 \b, UNKNOWN1 0x%x
+# md5sum1[16]
+#>0x4c ubequad x \b, MD5 %llx
+#>>0x54 ubequad x \b%llx
+# unknown 2
+>0x5c ubelong !0 \b, UNKNOWN2 0x%x
+# md5sum2[16]
+#>0x60 ubequad !0 \b, 2nd MD5 %llx
+#>>0x68 ubequad x \b%llx
+# unknown 3
+>0x70 ubelong !0 \b, UNKNOWN3 0x%x
+# kernel load address
+#>0x74 ubelong x \b, 0x%x load
+# kernel entry point
+#>0x78 ubelong x \b, 0x%x entry
+# kernel data offset. 200h means direct after header
+>0x80 ubelong x \b, at 0x%x
+# kernel data length and 1 space
+>0x84 ubelong x %u bytes
+# look for kernel type (gzip compressed vmlinux.bin by ./compress)
+>(0x80.L) indirect x
+# root file system data offset
+>0x88 ubelong x \b, at 0x%x
+# rootfs data length and 1 space
+>0x8C ubelong x %u bytes
+# in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h
+>(0x88.L) indirect x
+#>(0x88.L) string x \b, file system '%.4s'
+#>(0x88.L) ubequad x \b, file system 0x%llx
+# bootloader data offset
+>0x90 ubelong !0 \b, at 0x%x
+# bootloader data length only resonable if bootloader offset not null
+>>0x94 ubelong !0 %u bytes
+# pad[354] should be 354 null bytes.
+#>0x9E ubequad !0 \b, padding 0x%llx
+# But at 0x120 18 non null bytes in examples like
+# wr940nv4_eu_3_16_9_up_boot(160620).bin
+# wr940nv6_us_3_18_1_up_boot(171030).bin
+#>0x120 ubequad !0 \b, other padding 0x%llx
#------------------------------------------------------------------------------
-# $File: vorbis,v 1.23 2017/03/17 21:35:28 christos Exp $
+# $File: vorbis,v 1.24 2018/03/14 04:38:44 christos Exp $
# vorbis: file(1) magic for Ogg/Vorbis files
#
# From Felix von Leitner <leitner@fefe.de>
>>>>>>(84.b+117) string 20020717 (1.0)
>>>>>>(84.b+117) string 20030909 (1.0.1)
>>>>>>(84.b+117) string 20040629 (1.1.0 RC1)
+>>>>>>(84.b+117) string 20050304 (1.1.2)
+>>>>>>(84.b+117) string 20070622 (1.2.0)
+>>>>>>(84.b+117) string 20090624 (1.2.2)
+>>>>>>(84.b+117) string 20090709 (1.2.3)
+>>>>>>(84.b+117) string 20100325 (1.3.1)
+>>>>>>(84.b+117) string 20101101 (1.3.2)
+>>>>>>(84.b+117) string 20120203 (1.3.3)
+>>>>>>(84.b+117) string 20140122 (1.3.4)
+>>>>>>(84.b+117) string 20150105 (1.3.5)
# non-Vorbis content: Opus https://tools.ietf.org/html/draft-ietf-codec-oggopus-06#section-5
>>28 string OpusHead \b, Opus audio,
#------------------------------------------------------------------------------
-# $File: windows,v 1.16 2017/03/17 22:20:22 christos Exp $
+# $File: windows,v 1.22 2018/02/16 15:44:00 christos Exp $
# windows: file(1) magic for Microsoft Windows
#
# This file is mainly reserved for files where programs
# remaining files should be HeLP Bookmark WinHlp32.BMK (XP 32-bit) or WinHlp32 (Windows 8.1 64-bit)
>>>>16 default x Windows help Bookmark
!:mime application/x-winhelp
-!:ext /bmk
+!:ext bmk
## FirstFreeBlock normally FFFFFFFFh 10h for *ANN
##>>8 lelong x \b, FirstFreeBlock 0x%8.8x
# EntireFileSize
# Summary: Windows Registry text
-# Extension: .reg
+# URL: https://en.wikipedia.org/wiki/Windows_Registry#.REG_files
+# Reference: http://fileformats.archiveteam.org/wiki/Windows_Registry
# Submitted by: Abel Cheung <abelcheung@gmail.com>
-0 string REGEDIT4\r\n\r\n Windows Registry text (Win95 or above)
-0 string Windows\ Registry\ Editor\040
+# Update: Joerg Jenderek
+# Windows 3-9X variant
+0 string REGEDIT
+# skip ASCII text like "REGEDITor.txt" but match
+# L1WMAP.REG with only 1 CRNL or org.gnome.gnumeric.reg with 2 NL
+>7 search/3 \n Windows Registry text
+!:mime text/x-ms-regedit
+!:ext reg
+# Windows 9X variant
+>>0 string REGEDIT4 (Win95 or above)
+# Windows 2K ANSI variant
+0 string Windows\ Registry\ Editor\
>&0 string Version\ 5.00\r\n\r\n Windows Registry text (Win2K or above)
+!:mime text/x-ms-regedit
+!:ext reg
+# Windows 2K UTF-16 variant
+2 lestring16 Windows\ Registry\ Editor\
+>0x32 lestring16 Version\ 5.00\r\n\r\n Windows Registry little-endian text (Win2K or above)
+# relative offset not working
+#>&0 lestring16 Version\ 5.00\r\n\r\n Windows Registry little-endian text (Win2K or above)
+!:mime text/x-ms-regedit
+!:ext reg
+# WINE variant
+# URL: https://en.wikipedia.org/wiki/Wine_(software)
+# Reference: https://www.winehq.org/pipermail/wine-cvs/2005-October/018763.html
+# Note: WINE use text based registry (system.reg,user.reg,userdef.reg)
+# instead binary hiv structure like Windows
+0 string WINE\ REGISTRY\ Version\ WINE registry text
+# version 2
+>&0 string x \b, version %s
+!:mime text/x-wine-extension-reg
+!:ext reg
-# Windows *.INF *.INI files updated by Joerg Jenderek at Apr 2013
+# Windows *.INF *.INI files updated by Joerg Jenderek at Apr 2013, Feb 2018
# empty ,comment , section
# PR/383: remove unicode BOM because it is not portable across regex impls
-0 regex/s \\`(\\r\\n|;|[[])
-# left bracket in section line
->&0 search/8192 [
+#0 regex/s \\`(\\r\\n|;|[[])
+# empty line CRLF
+0 ubeshort 0x0D0A
+>0 use ini-file
+# comment line
+0 string ;
+>0 use ini-file
+# section line
+0 string [
+>0 use ini-file
+# check and then display Windows INItialization configuration
+0 name ini-file
+# look for left bracket in section line
+>0 search/8192 [
# http://en.wikipedia.org/wiki/Autorun.inf
# http://msdn.microsoft.com/en-us/library/windows/desktop/cc144200.aspx
->>&0 regex/c \^(autorun)]\r\n
->>>&0 ubyte =0x5b INItialization configuration
-!:mime application/x-wine-extension-ini
+# space after right bracket
+# or AutoRun.Amd64 for 64 bit systems
+# or only NL separator
+>>&0 regex/c \^(autorun)
+# but sometimes total commander directory tree file "treeinfo.wc" with lines like
+# [AUTORUN]
+# [boot]
+>>>&0 string =]\r\n[ Total commander directory treeinfo.wc
+!:mime text/plain
+!:ext wc
# From: Pal Tamas <folti@balabit.hu>
# Autorun File
->>>&0 ubyte !0x5b Microsoft Windows Autorun file
+>>>&0 string !]\r\n[ Microsoft Windows Autorun file
!:mime application/x-setupscript
+!:ext inf
# http://msdn.microsoft.com/en-us/library/windows/hardware/ff549520(v=vs.85).aspx
# version strings ASCII coded case-independent for Windows setup information script file
>>&0 regex/c \^(version|strings)] Windows setup INFormation
!:mime application/x-setupscript
-#!:mime application/inf
#!:mime application/x-wine-extension-inf
+!:ext inf
+# NETCRC.INF OEMCPL.INF
>>&0 regex/c \^(WinsockCRCList|OEMCPL)] Windows setup INFormation
-!:mime text/inf
+!:mime application/x-setupscript
+!:ext inf
# http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2653.htm
# http://msdn.microsoft.com/en-us/library/windows/desktop/cc144102.aspx
# .ShellClassInfo DeleteOnCopy LocalizedFileNames ASCII coded case-independent
# http://support.microsoft.com/kb/84709/
>>&0 regex/c \^(don't\ load)] Windows CONTROL.INI
!:mime application/x-wine-extension-ini
+!:ext ini
>>&0 regex/c \^(ndishlp\\$|protman\\$|NETBEUI\\$)] Windows PROTOCOL.INI
!:mime application/x-wine-extension-ini
+!:ext ini
# http://technet.microsoft.com/en-us/library/cc722567.aspx
# http://www.winfaq.de/faq_html/Content/tip0000/onlinefaq.php?h=tip0137.htm
>>&0 regex/c \^(windows|Compatibility|embedding)] Windows WIN.INI
!:mime application/x-wine-extension-ini
+!:ext ini
# http://en.wikipedia.org/wiki/SYSTEM.INI
>>&0 regex/c \^(boot|386enh|drivers)] Windows SYSTEM.INI
!:mime application/x-wine-extension-ini
+!:ext ini
# http://www.mdgx.com/newtip6.htm
>>&0 regex/c \^(SafeList)] Windows IOS.INI
!:mime application/x-wine-extension-ini
+!:ext ini
# http://en.wikipedia.org/wiki/NTLDR Windows Boot Loader information
>>&0 regex/c \^(boot\x20loader)] Windows boot.ini
!:mime application/x-wine-extension-ini
->>>&0 ubyte x
+!:ext ini
# http://en.wikipedia.org/wiki/CONFIG.SYS
->>&0 regex/c \^(menu)]\r\n MS-DOS CONFIG.SYS
+>>&0 regex/c \^(menu)] MS-DOS CONFIG.SYS
+# @CONFIG.UI configuration file of previous DOS version saved by Caldera OPENDOS INSTALL.EXE
+# CONFIG.PSS saved version of file CONFIG.SYS created by %WINDIR%\SYTEM\MSCONFIG.EXE
+# CONFIG.TSH renamed file CONFIG.SYS.BAT by %WINDIR%\SYTEM\MSCONFIG.EXE
+# dos and w40 used in dual booting scene
+!:ext sys/dos/w40
# http://support.microsoft.com/kb/118579/
>>&0 regex/c \^(Paths)]\r\n MS-DOS MSDOS.SYS
-# VERS string unicoded case-independent
->>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053
-# ION] string unicoded case-independent
->>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation
-!:mime application/x-setupscript
-# STRI string unicoded case-independent
->>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0053005400520049
-# NGS] string unicoded case-independent
->>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x004e00470053005D Windows setup INFormation
-!:mime application/x-setupscript
+!:ext sys/dos
+# http://chmspec.nongnu.org/latest/INI.html#HHP
+>>&0 regex/c \^(options)]\r\n Microsoft HTML Help Project
+!:mime text/plain
+!:ext hhp
# unknown keyword after opening bracket
>>&0 default x
+#>>>&0 string/c x UNKNOWN [%s
+# look for left bracket of second section
>>>&0 search/8192 [
# version Strings FileIdentification
>>>>&0 string/c version Windows setup INFormation
!:mime application/x-setupscript
-# VERS string unicoded case-independent
->>>>&0 ubequad&0xFFdfFFdfFFdfFFdf 0x0056004500520053
-# ION] string unicoded case-independent
->>>>>&0 ubequad&0xFFdfFFdfFFdfFFff 0x0049004f004e005d Windows setup INFormation
-!:mime application/x-setupscript
+!:ext inf
# http://en.wikipedia.org/wiki/Initialization_file Windows Initialization File or other
-#>>>>&0 default x Generic INItialization configuration
-#!:mime application/x-wine-extension-ini
+>>>>&0 default x
+>>>>>&0 ubyte x
+# characters, digits, underscore and white space followed by right bracket
+# terminated by CR implies section line to skip BOOTLOG.TXT DETLOG.TXT
+>>>>>>&-1 regex \^([A-Za-z0-9_\(\)\ ]+)\]\r Generic INItialization configuration [%-.40s
+# NETDEF.INF multiarc.ini
+#!:mime application/x-setupscript
+!:mime application/x-wine-extension-ini
+#!:mime text/plain
+!:ext ini/inf
+# UTF-16 BOM followed by CR~0D00 , comment~semicolon~3B00 , section~bracket~5B00
+0 ubelong&0xFFff89FF =0xFFFE0900
+# look for left bracket in section line
+>2 search/8192 [
+# keyword without 1st letter which is maybe up-/down-case
+>>&3 lestring16 ersion] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+>>&3 lestring16 trings] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+>>&3 lestring16 ourceDisksNames] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+# netnwcli.inf start with ;---[ NetNWCli.INX ]
+>>&3 default x
+# look for NL followed by left bracket
+>>>&0 search/8192 \x0A\x00\x5b
+>>>>&3 lestring16 ersion] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
# Windows Precompiled INF files *.PNF added by Joerg Jenderek at Mar 2013 of _PNF_HEADER inf.h
# http://read.pudn.com/downloads3/sourcecode/windows/248345/win2k/private/windows/setup/setupapi/inf.h__.htm
#>>>>>>93 ubyte x \b, MFT version %x
#
+# URL: https://en.wikipedia.org/wiki/PaintShop_Pro
+# Reference: http://www.cryer.co.uk/file-types/p/pal.htm
+# Created by: Joerg Jenderek
+# Note: there exist other color palette formats also with .pal extension
+0 string JASC-PAL\r\n PaintShop Pro color palette
+#!:mime text/plain
+# PspPalette extension is used by newer (probably 8) PaintShopPro versions
+!:ext pal/PspPalette
+# 2nd line contains palette file version. For example "0100"
+>10 string !0100 \b, version %.4s
+# third line contains the number of colours: 16 256 ...
+>16 string x \b, %.3s colors
+
+# URL: http://en.wikipedia.org/wiki/Innosetup
+# Reference: https://github.com/jrsoftware/issrc/blob/master/Projects/Undo.pas
+# Created by: Joerg Jenderek
+# Note: created by like "InnoSetup self-extracting archive" inside ./msdos
+# TrID labeles the entry as "Inno Setup Uninstall Log"
+# TUninstallLogID
+0 string Inno\ Setup\ Uninstall\ Log\ (b) InnoSetup Log
+!:mime application/x-innosetup
+# unins000.dat, unins001.dat, ...
+!:ext dat
+# " 64-bit" variant
+>0x1c string >\0 \b%.7s
+# AppName[0x80] like "Minimal SYStem", ClamWin Free Antivirus , ...
+>0xc0 string x %s
+# AppId[0x80] is simliar to AppName or
+# GUID like {4BB0DCDC-BC24-49EC-8937-72956C33A470} start with left brace
+>0x40 ubyte 0x7b
+>>0x40 string x %-.38s
+# do not know how this log version correlates to program version
+>0x140 ulelong x \b, version 0x%x
+# NumRecs
+#>0x144 ulelong x \b, 0x%4.4x records
+# EndOffset means files size
+>0x148 ulelong x \b, %u bytes
+# Flags 5 25h 35h
+#>0x14c ulelong x \b, flags %8.8x
+# Reserved: array[0..26] of Longint
+# the non Unicode HighestSupportedVersion may never become greater than or equal to 1000
+>0x140 ulelong <1000
+# hostname
+>>0x1d6 pstring x \b, %s
+# user name
+>>>&0 pstring x \b\%s
+# directory like C:\Program Files (x86)\GnuWin32
+>>>>&0 pstring x \b, "%s"
+# version 1000 or higher implies unicode
+>0x140 ulelong >999
+# hostname
+>>0x1db lestring16 x \b, %-.9s
+# utf string variant with prepending fe??ffFFff
+>>0x1db search/43 \xFF\xFF\xFF
+# user name
+>>>&0 lestring16 x \b\%-.9s
+>>>&0 search/43 \xFF\xFF\xFF
+# directory like C:\Program Files\GIMP 2
+>>>>&0 lestring16 x \b, %-.42s
+
--- /dev/null
+#------------------------------------------------------------------------------
+# $File: zip,v 1.1 2017/11/03 23:36:17 christos Exp $
+# zip: file(1) magic for zip files; this is not use
+# Note the version of magic in archive is currently stronger, this is
+# just an example until negative offsets are supported better
+
+# Zip Central Cirectory record
+0 name zipcd
+>0 string PK\001\002
+>>4 leshort x \b, made by
+>>4 use zipversion
+>>6 leshort x \b, extract using at least
+>>6 use zipversion
+>>12 ledate x \b, last modified %s
+>>24 lelong >0 \b, uncompressed size %d
+>>10 leshort x \b, method=
+>>10 use zipcompression
+
+# Zip known compressions
+0 name zipcompression
+>0 leshort 0 \bstore
+>0 leshort 8 \bdeflate
+>0 leshort 9 \bdeflate64
+>0 leshort 12 \bbzip2
+>0 leshort 14 \blzma
+>0 leshort 94 \bMP3
+>0 leshort 95 \bxz
+>0 leshort 96 \bJpeg
+>0 leshort 97 \bWavPack
+>0 leshort 98 \bPPMd
+>0 leshort 99 \bAES Encrypted
+>0 default x
+>>0 leshort x \b[%#x]
+
+# Zip known versions
+0 name zipversion
+>0 leshort 0x09 v0.9
+>0 leshort 0x0a v1.0
+>0 leshort 0x0b v1.1
+>0 leshort 0x14 v2.0
+>0 leshort 0x15 v2.1
+>0 leshort 0x19 v2.5
+>0 leshort 0x1b v2.7
+>0 leshort 0x2d v4.5
+>0 leshort 0x2e v4.6
+>0 leshort 0x32 v5.0
+>0 leshort 0x33 v5.1
+>0 leshort 0x34 v5.2
+>0 leshort 0x3d v6.1
+>0 leshort 0x3e v6.2
+>0 leshort 0x3f v6.3
+>0 default x
+>>0 leshort x v?[%#x]
+
+# Zip End Of Central Directory record
+-22 string PK\005\006 Zip archive data
+#>4 leshort >1 \b, %d disks
+#>6 leshort >1 \b, central directory disk %d
+#>8 leshort >1 \b, %d central directories on this disk
+#>10 leshort >1 \b, %d central directories
+#>12 lelong x \b, %d central directory bytes
+>(16.l) use zipcd
+>20 pstring/l >0 \b, %s
#
-# $File: Makefile.am,v 1.126 2017/08/10 11:01:38 christos Exp $
+# $File: Makefile.am,v 1.132 2018/01/28 00:00:17 rrt Exp $
#
MAGIC_FRAGMENT_BASE = Magdir
MAGIC_DIR = $(top_srcdir)/magic
$(MAGIC_FRAGMENT_DIR)/audio \
$(MAGIC_FRAGMENT_DIR)/basis \
$(MAGIC_FRAGMENT_DIR)/ber \
+$(MAGIC_FRAGMENT_DIR)/beetle \
$(MAGIC_FRAGMENT_DIR)/bflt \
$(MAGIC_FRAGMENT_DIR)/bhl \
$(MAGIC_FRAGMENT_DIR)/bioinformatics \
$(MAGIC_FRAGMENT_DIR)/cups \
$(MAGIC_FRAGMENT_DIR)/dact \
$(MAGIC_FRAGMENT_DIR)/database \
+$(MAGIC_FRAGMENT_DIR)/dbpf \
$(MAGIC_FRAGMENT_DIR)/der \
$(MAGIC_FRAGMENT_DIR)/diamond \
$(MAGIC_FRAGMENT_DIR)/diff \
$(MAGIC_FRAGMENT_DIR)/mathematica \
$(MAGIC_FRAGMENT_DIR)/matroska \
$(MAGIC_FRAGMENT_DIR)/mcrypt \
+$(MAGIC_FRAGMENT_DIR)/measure \
$(MAGIC_FRAGMENT_DIR)/mercurial \
$(MAGIC_FRAGMENT_DIR)/metastore \
$(MAGIC_FRAGMENT_DIR)/meteorological \
$(MAGIC_FRAGMENT_DIR)/qt \
$(MAGIC_FRAGMENT_DIR)/revision \
$(MAGIC_FRAGMENT_DIR)/riff \
+$(MAGIC_FRAGMENT_DIR)/rpi \
$(MAGIC_FRAGMENT_DIR)/rpm \
$(MAGIC_FRAGMENT_DIR)/rtf \
$(MAGIC_FRAGMENT_DIR)/ruby \
$(MAGIC_FRAGMENT_DIR)/tgif \
$(MAGIC_FRAGMENT_DIR)/ti-8x \
$(MAGIC_FRAGMENT_DIR)/timezone \
+$(MAGIC_FRAGMENT_DIR)/tplink \
$(MAGIC_FRAGMENT_DIR)/troff \
$(MAGIC_FRAGMENT_DIR)/tuxedo \
$(MAGIC_FRAGMENT_DIR)/typeset \
$(MAGIC_FRAGMENT_DIR)/yara \
$(MAGIC_FRAGMENT_DIR)/zfs \
$(MAGIC_FRAGMENT_DIR)/zilog \
+$(MAGIC_FRAGMENT_DIR)/zip \
$(MAGIC_FRAGMENT_DIR)/zyxel
MAGIC = magic.mgc
--- /dev/null
+#!/usr/bin/env bash
+
+## bash script to generate file magic support for flac.
+## https://github.com/file/file/blob/master/magic/Magdir/audio
+## below "#some common sample rates" (line 471), ie:
+## >>17 belong&0xfffff0 0x2ee000 \b, 192 kHz
+
+LANG=C
+
+target=magic/Magdir/audio
+
+## construct static list of sample rates based on standard crystal
+## oscillator frequencies.
+## 16.384 MHz Unknown audio application
+## (16384 kHz = 32 kHz * 512 = 32 * 2^9)
+## 22.5792 MHz Redbook/CD
+## (22579.2 kHz = 44.1kHz * 512 = 44.1 * 2^9)
+## also used: 11.2896, 16.9344, 33.8688 and 45.1584
+## 24.576 MHz DAT/Video
+## (24576 kHz = 48 kHz * 512 = 48 * 2^9)
+## also used: 49.1520
+
+## 33.8688 > 16.9344
+## 36.864 > 18.432000
+declare -a a_ground_fs=(16384000 22579200 24576000)
+
+## multiply ground clock frequencies by 1953 to get usable base
+## frequencies, for instance:
+## DAT/video: 24.576 MHz * 1000000 / 512 = 48000Hz
+## Redbook/CD: 22.5792 MHz * 1000000 / 512 = 44100Hz
+## use base rates for calculating derived rates
+declare -a samplerates
+## min divider: fs/n
+def_fs_n=512
+min_fs_n=4
+## start at base_fs/(def_fs*min_fs)
+## add each derived sample rate to the array
+for base_fs in "${a_ground_fs[@]}"; do
+ min_fs=$( echo "${base_fs} / ( ${def_fs_n} * ${min_fs_n} )" | bc)
+ ## max multiplier: fs*n*min_fs
+ max_fs_n=$(( 8 * min_fs_n ))
+ n=${max_fs_n}
+ while [[ ${n} -ge 1 ]]; do
+ sample_rate=$(( min_fs * n ))
+ samplerates+=(${sample_rate})
+ n=$(( n / 2 ))
+ done
+done
+
+declare -a stripped_rates
+declare -a lines
+for samplerate in "${samplerates[@]}"; do
+ ## use bc with sed to convert and format Hz to kHz
+ stripped_rate="$(LANG=C bc <<< "scale=5; ${samplerate} / 1000" | \
+ sed 's#[0\.]*$##g')"
+ ## only add uniq sample rates (should be neccessary
+ if [[ ! "${stripped_rates[@]}" =~ ${stripped_rate} ]]; then
+ printf -v line ">>17\tbelong&%#-15x\t%#08x\t%s, %s kHz\n" \
+ "16777200" \
+ "$(( samplerate * 16 ))" \
+ "\b" \
+ "${stripped_rate}"
+ stripped_rates+=("${stripped_rate}")
+ lines+=("${line}")
+ fi
+
+done
+printf "## start cutting >>> \n"
+## print out the formatted lines
+printf "%s" "${lines[@]}" | sort -k5 -n
+printf "## <<< stop cutting\n"
AM_CPPFLAGS = -DMAGIC='"$(MAGIC)"'
AM_CFLAGS = $(CFLAG_VISIBILITY) @WARNINGS@
-libmagic_la_SOURCES = magic.c apprentice.c softmagic.c ascmagic.c \
+libmagic_la_SOURCES = buffer.c magic.c apprentice.c softmagic.c ascmagic.c \
encoding.c compress.c is_tar.c readelf.c print.c fsmagic.c \
funcs.c file.h readelf.h tar.h apptype.c der.c der.h \
file_opts.h elfclass.h mygetopt.h cdf.c cdf_time.c readcdf.c cdf.h
endif
libmagic_la_LIBADD = $(LTLIBOBJS) $(MINGWLIBS)
-file_SOURCES = file.c
+file_SOURCES = file.c seccomp.c
file_LDADD = libmagic.la
CLEANFILES = magic.h
EXTRA_DIST = magic.h.in
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: apprentice.c,v 1.262 2017/08/28 13:39:18 christos Exp $")
+FILE_RCSID("@(#)$File: apprentice.c,v 1.270 2018/02/21 21:26:48 christos Exp $")
#endif /* lint */
#include "magic.h"
file_apprentice(struct magic_set *ms, const char *fn, int action)
{
char *p, *mfn;
- int file_err, errs = -1;
+ int fileerr, errs = -1;
size_t i;
(void)file_reset(ms, 0);
*p++ = '\0';
if (*fn == '\0')
break;
- file_err = apprentice_1(ms, fn, action);
- errs = MAX(errs, file_err);
+ fileerr = apprentice_1(ms, fn, action);
+ errs = MAX(errs, fileerr);
fn = p;
}
}
/* get offset, then skip over it */
- m->offset = (uint32_t)strtoul(l, &t, 0);
+ m->offset = (int32_t)strtol(l, &t, 0);
if (l == t) {
if (ms->flags & MAGIC_CHECK)
file_magwarn(ms, "offset `%s' invalid", l);
return -1;
}
+#if 0
+ if (m->offset < 0 && cont_level != 0 &&
+ (m->flag & (OFFADD | INDIROFFADD)) == 0) {
+ if (ms->flags & MAGIC_CHECK) {
+ file_magwarn(ms,
+ "negative direct offset `%s' at level %u",
+ l, cont_level);
+ }
+ return -1;
+ }
+#endif
l = t;
if (m->flag & INDIR) {
return parse_extra(ms, me, line,
CAST(off_t, offsetof(struct magic, ext)),
- sizeof(m->ext), "EXTENSION", ",!+-/@", 0);
+ sizeof(m->ext), "EXTENSION", ",!+-/@?_$", 0);
}
/*
return parse_extra(ms, me, line,
CAST(off_t, offsetof(struct magic, mimetype)),
- sizeof(m->mimetype), "MIME", "+-/.", 1);
+ sizeof(m->mimetype), "MIME", "+-/.$?:{}", 1);
}
private int
private int
getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
{
+ char *ep;
+ uint64_t ull;
+
switch (m->type) {
case FILE_BESTRING16:
case FILE_LESTRING16:
return rc ? -1 : 0;
}
return 0;
+ default:
+ if (m->reln == 'x')
+ return 0;
+ break;
+ }
+
+ switch (m->type) {
case FILE_FLOAT:
case FILE_BEFLOAT:
case FILE_LEFLOAT:
- if (m->reln != 'x') {
- char *ep;
- errno = 0;
+ errno = 0;
#ifdef HAVE_STRTOF
- m->value.f = strtof(*p, &ep);
+ m->value.f = strtof(*p, &ep);
#else
- m->value.f = (float)strtod(*p, &ep);
+ m->value.f = (float)strtod(*p, &ep);
#endif
- if (errno == 0)
- *p = ep;
- }
+ if (errno == 0)
+ *p = ep;
return 0;
case FILE_DOUBLE:
case FILE_BEDOUBLE:
case FILE_LEDOUBLE:
- if (m->reln != 'x') {
- char *ep;
- errno = 0;
- m->value.d = strtod(*p, &ep);
- if (errno == 0)
- *p = ep;
- }
+ errno = 0;
+ m->value.d = strtod(*p, &ep);
+ if (errno == 0)
+ *p = ep;
return 0;
default:
- if (m->reln != 'x') {
- char *ep;
- uint64_t ull;
- errno = 0;
- ull = (uint64_t)strtoull(*p, &ep, 0);
- m->value.q = file_signextend(ms, m, ull);
- if (*p == ep) {
- file_magwarn(ms, "Unparseable number `%s'", *p);
- } else {
- size_t ts = typesize(m->type);
- uint64_t x;
- const char *q;
-
- if (ts == (size_t)~0) {
- file_magwarn(ms, "Expected numeric type got `%s'",
- type_tbl[m->type].name);
- }
- for (q = *p; isspace((unsigned char)*q); q++)
- continue;
- if (*q == '-')
- ull = -(int64_t)ull;
- switch (ts) {
- case 1:
- x = ull & ~0xffULL;
- break;
- case 2:
- x = ull & ~0xffffULL;
- break;
- case 4:
- x = ull & ~0xffffffffULL;
- break;
- case 8:
- x = 0;
- break;
- default:
- abort();
- }
- if (x) {
- file_magwarn(ms, "Overflow for numeric type `%s' value %#" PRIx64,
- type_tbl[m->type].name, ull);
- }
+ errno = 0;
+ ull = (uint64_t)strtoull(*p, &ep, 0);
+ m->value.q = file_signextend(ms, m, ull);
+ if (*p == ep) {
+ file_magwarn(ms, "Unparseable number `%s'", *p);
+ } else {
+ size_t ts = typesize(m->type);
+ uint64_t x;
+ const char *q;
+
+ if (ts == (size_t)~0) {
+ file_magwarn(ms,
+ "Expected numeric type got `%s'",
+ type_tbl[m->type].name);
}
- if (errno == 0) {
- *p = ep;
- eatsize(p);
+ for (q = *p; isspace((unsigned char)*q); q++)
+ continue;
+ if (*q == '-')
+ ull = -(int64_t)ull;
+ switch (ts) {
+ case 1:
+ x = (uint64_t)(ull & ~0xffULL);
+ break;
+ case 2:
+ x = (uint64_t)(ull & ~0xffffULL);
+ break;
+ case 4:
+ x = (uint64_t)(ull & ~0xffffffffULL);
+ break;
+ case 8:
+ x = 0;
+ break;
+ default:
+ abort();
}
+ if (x) {
+ file_magwarn(ms, "Overflow for numeric"
+ " type `%s' value %#" PRIx64,
+ type_tbl[m->type].name, ull);
+ }
+ }
+ if (errno == 0) {
+ *p = ep;
+ eatsize(p);
}
return 0;
}
if (write(fd, &hdr, sizeof(hdr)) != (ssize_t)sizeof(hdr)) {
file_error(ms, errno, "error writing `%s'", dbname);
- goto out;
+ goto out2;
}
for (i = 0; i < MAGIC_SETS; i++) {
len = m * map->nmagic[i];
if (write(fd, map->magic[i], len) != (ssize_t)len) {
file_error(ms, errno, "error writing `%s'", dbname);
- goto out;
+ goto out2;
}
}
+ rv = 0;
+out2:
if (fd != -1)
(void)close(fd);
- rv = 0;
out:
apprentice_unmap(map);
free(dbname);
bs1(struct magic *m)
{
m->cont_level = swap2(m->cont_level);
- m->offset = swap4((uint32_t)m->offset);
+ m->offset = swap4((int32_t)m->offset);
m->in_offset = swap4((uint32_t)m->in_offset);
m->lineno = swap4((uint32_t)m->lineno);
if (IS_STRING(m->type)) {
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: ascmagic.c,v 1.96 2016/06/16 11:37:55 christos Exp $")
+FILE_RCSID("@(#)$File: ascmagic.c,v 1.98 2017/11/02 20:25:39 christos Exp $")
#endif /* lint */
#include "magic.h"
}
protected int
-file_ascmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
- int text)
+file_ascmagic(struct magic_set *ms, const struct buffer *b, int text)
{
unichar *ubuf = NULL;
size_t ulen = 0;
int rv = 1;
+ struct buffer bb;
const char *code = NULL;
const char *code_mime = NULL;
const char *type = NULL;
- nbytes = trim_nuls(buf, nbytes);
+ bb = *b;
+ bb.flen = trim_nuls(b->fbuf, b->flen);
/* If file doesn't look like any sort of text, give up. */
- if (file_encoding(ms, buf, nbytes, &ubuf, &ulen, &code, &code_mime,
+ if (file_encoding(ms, &bb, &ubuf, &ulen, &code, &code_mime,
&type) == 0)
rv = 0;
else
- rv = file_ascmagic_with_encoding(ms, buf, nbytes, ubuf, ulen, code,
- type, text);
+ rv = file_ascmagic_with_encoding(ms, &bb,
+ ubuf, ulen, code, type, text);
free(ubuf);
}
protected int
-file_ascmagic_with_encoding(struct magic_set *ms, const unsigned char *buf,
- size_t nbytes, unichar *ubuf, size_t ulen, const char *code,
+file_ascmagic_with_encoding(struct magic_set *ms,
+ const struct buffer *b, unichar *ubuf, size_t ulen, const char *code,
const char *type, int text)
{
+ struct buffer bb;
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
unsigned char *utf8_buf = NULL, *utf8_end;
size_t mlen, i;
int rv = -1;
if ((utf8_end = encode_utf8(utf8_buf, mlen, ubuf, ulen))
== NULL)
goto done;
- if ((rv = file_softmagic(ms, utf8_buf,
- (size_t)(utf8_end - utf8_buf), NULL, NULL,
+ buffer_init(&bb, b->fd, utf8_buf,
+ (size_t)(utf8_end - utf8_buf));
+
+ if ((rv = file_softmagic(ms, &bb, NULL, NULL,
TEXTTEST, text)) == 0)
rv = -1;
+ buffer_fini(&bb);
if ((ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION))) {
rv = rv == -1 ? 0 : 1;
goto done;
--- /dev/null
+/*
+ * Copyright (c) Christos Zoulas 2017.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice immediately at the beginning of the file, without modification,
+ * this list of conditions, and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "file.h"
+
+#ifndef lint
+FILE_RCSID("@(#)$File: buffer.c,v 1.4 2018/02/21 21:26:00 christos Exp $")
+#endif /* lint */
+
+#include "magic.h"
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+
+void
+buffer_init(struct buffer *b, int fd, const void *data, size_t len)
+{
+ b->fd = fd;
+ if (b->fd == -1 || fstat(b->fd, &b->st) == -1)
+ memset(&b->st, 0, sizeof(b->st));
+ b->fbuf = data;
+ b->flen = len;
+ b->eoff = 0;
+ b->ebuf = NULL;
+ b->elen = 0;
+}
+
+void
+buffer_fini(struct buffer *b)
+{
+ free(b->ebuf);
+}
+
+int
+buffer_fill(const struct buffer *bb)
+{
+ struct buffer *b = CCAST(struct buffer *, bb);
+
+ if (b->elen != 0)
+ return b->elen == (size_t)~0 ? -1 : 0;
+
+ if (!S_ISREG(b->st.st_mode))
+ goto out;
+
+ b->elen = (size_t)b->st.st_size < b->flen ?
+ (size_t)b->st.st_size : b->flen;
+ if ((b->ebuf = malloc(b->elen)) == NULL)
+ goto out;
+
+ b->eoff = b->st.st_size - b->elen;
+ if (pread(b->fd, b->ebuf, b->elen, b->eoff) == -1) {
+ free(b->ebuf);
+ goto out;
+ }
+
+ return 0;
+out:
+ b->elen = (size_t)~0;
+ return -1;
+}
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.106 2017/04/30 17:05:02 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.110 2017/12/19 00:21:21 christos Exp $")
#endif
#include <assert.h>
#define CDF_CALLOC(n, u) cdf_calloc(__FILE__, __LINE__, (n), (u))
+/*ARGSUSED*/
static void *
cdf_malloc(const char *file __attribute__((__unused__)),
size_t line __attribute__((__unused__)), size_t n)
return malloc(n);
}
+/*ARGSUSED*/
static void *
cdf_realloc(const char *file __attribute__((__unused__)),
size_t line __attribute__((__unused__)), void *p, size_t n)
return realloc(p, n);
}
+/*ARGSUSED*/
static void *
cdf_calloc(const char *file __attribute__((__unused__)),
size_t line __attribute__((__unused__)), size_t n, size_t u)
if (h->h_master_sat[i] == CDF_SECID_FREE)
break;
-#define CDF_SEC_LIMIT (UINT32_MAX / (8 * ss))
+#define CDF_SEC_LIMIT (UINT32_MAX / (64 * ss))
if ((nsatpersec > 0 &&
h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec) ||
i > CDF_SEC_LIMIT) {
return 0;
}
-#define CDF_SHLEN_LIMIT (UINT32_MAX / 8)
-#define CDF_PROP_LIMIT (UINT32_MAX / (8 * sizeof(cdf_property_info_t)))
+#define CDF_SHLEN_LIMIT (UINT32_MAX / 64)
+#define CDF_PROP_LIMIT (UINT32_MAX / (64 * sizeof(cdf_property_info_t)))
static const void *
cdf_offset(const void *p, size_t l)
info.i_len = 0;
for (i = 1; i < argc; i++) {
if ((info.i_fd = open(argv[1], O_RDONLY)) == -1)
- err(1, "Cannot open `%s'", argv[1]);
+ err(EXIT_FAILURE, "Cannot open `%s'", argv[1]);
if (cdf_read_header(&info, &h) == -1)
- err(1, "Cannot read header");
+ err(EXIT_FAILURE, "Cannot read header");
#ifdef CDF_DEBUG
cdf_dump_header(&h);
#endif
if (cdf_read_sat(&info, &h, &sat) == -1)
- err(1, "Cannot read sat");
+ err(EXIT_FAILURE, "Cannot read sat");
#ifdef CDF_DEBUG
cdf_dump_sat("SAT", &sat, CDF_SEC_SIZE(&h));
#endif
if (cdf_read_ssat(&info, &h, &sat, &ssat) == -1)
- err(1, "Cannot read ssat");
+ err(EXIT_FAILURE, "Cannot read ssat");
#ifdef CDF_DEBUG
cdf_dump_sat("SSAT", &ssat, CDF_SHORT_SEC_SIZE(&h));
#endif
if (cdf_read_dir(&info, &h, &sat, &dir) == -1)
- err(1, "Cannot read dir");
+ err(EXIT_FAILURE, "Cannot read dir");
if (cdf_read_short_stream(&info, &h, &sat, &dir, &sst, &root)
== -1)
- err(1, "Cannot read short stream");
+ err(EXIT_FAILURE, "Cannot read short stream");
#ifdef CDF_DEBUG
cdf_dump_stream(&sst);
#endif
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: compress.c,v 1.105 2017/05/25 00:13:03 christos Exp $")
+FILE_RCSID("@(#)$File: compress.c,v 1.106 2017/11/02 20:25:39 christos Exp $")
#endif
#include "magic.h"
private const char *methodname(size_t);
protected int
-file_zmagic(struct magic_set *ms, int fd, const char *name,
- const unsigned char *buf, size_t nbytes)
+file_zmagic(struct magic_set *ms, const struct buffer *b, const char *name)
{
unsigned char *newbuf = NULL;
size_t i, nsz;
file_pushbuf_t *pb;
int urv, prv, rv = 0;
int mime = ms->flags & MAGIC_MIME;
+ int fd = b->fd;
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
#ifdef HAVE_SIGNAL_H
sig_t osigpipe;
#endif
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: encoding.c,v 1.12 2015/06/03 19:51:27 christos Exp $")
+FILE_RCSID("@(#)$File: encoding.c,v 1.14 2017/11/02 20:25:39 christos Exp $")
#endif /* lint */
#include "magic.h"
* ubuf, and the number of characters converted in ulen.
*/
protected int
-file_encoding(struct magic_set *ms, const unsigned char *buf, size_t nbytes, unichar **ubuf, size_t *ulen, const char **code, const char **code_mime, const char **type)
+file_encoding(struct magic_set *ms, const struct buffer *b, unichar **ubuf,
+ size_t *ulen, const char **code, const char **code_mime, const char **type)
{
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
size_t mlen;
int rv = 1, ucs_type;
unsigned char *nbuf = NULL;
+ unichar *udefbuf;
+ size_t udeflen;
+
+ if (ubuf == NULL)
+ ubuf = &udefbuf;
+ if (ulen == NULL)
+ ulen = &udeflen;
*type = "text";
*ulen = 0;
done:
free(nbuf);
+ if (ubuf == &udefbuf)
+ free(udefbuf);
return rv;
}
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: file.c,v 1.171 2016/05/17 15:52:45 christos Exp $")
+FILE_RCSID("@(#)$File: file.c,v 1.175 2018/03/02 16:11:37 christos Exp $")
#endif /* lint */
#include "magic.h"
#endif
#if defined(HAVE_GETOPT_H) && defined(HAVE_STRUCT_OPTION)
-#include <getopt.h>
-#ifndef HAVE_GETOPT_LONG
-int getopt_long(int argc, char * const *argv, const char *optstring, const struct option *longopts, int *longindex);
+# include <getopt.h>
+# ifndef HAVE_GETOPT_LONG
+int getopt_long(int, char * const *, const char *,
+ const struct option *, int *);
+# endif
+# else
+# include "mygetopt.h"
#endif
+
+#ifdef S_IFLNK
+# define IFLNK_h "h"
+# define IFLNK_L "L"
#else
-#include "mygetopt.h"
+# define IFLNK_h ""
+# define IFLNK_L ""
#endif
-#ifdef S_IFLNK
-#define FILE_FLAGS "-bcEhikLlNnprsvzZ0"
+#ifdef HAVE_LIBSECCOMP
+# define SECCOMP_S "S"
#else
-#define FILE_FLAGS "-bcEiklNnprsvzZ0"
+# define SECCOMP_S ""
#endif
+#define FILE_FLAGS "bcCdE" IFLNK_h "ik" IFLNK_L "lNnprs" SECCOMP_S "vzZ0"
+#define OPTSTRING "bcCde:Ef:F:hiklLm:nNpP:rsSvzZ0"
+
# define USAGE \
- "Usage: %s [" FILE_FLAGS \
- "] [--apple] [--extension] [--mime-encoding] [--mime-type]\n" \
- " [-e testname] [-F separator] [-f namefile] [-m magicfiles] " \
- "file ...\n" \
- " %s -C [-m magicfiles]\n" \
+ "Usage: %s [-" FILE_FLAGS "] [--apple] [--extension] [--mime-encoding]\n" \
+ " [--mime-type] [-e <testname>] [-F <separator>] " \
+ " [-f <namefile>]\n" \
+ " [-m <magicfiles>] [-P <parameter=value>] <file> ...\n" \
+ " %s -C [-m <magicfiles>]\n" \
" %s [--help]\n"
private int /* Global command-line options */
#undef OPT
#undef OPT_LONGONLY
{0, 0, NULL, 0}
-};
-#define OPTSTRING "bcCde:Ef:F:hiklLm:nNpP:rsvzZ0"
+ };
private const struct {
const char *name;
{ "bytes", MAGIC_PARAM_BYTES_MAX, 0 },
};
-private char *progname; /* used throughout */
private int posixly;
#ifdef __dead
size_t i;
int action = 0, didsomefiles = 0, errflg = 0;
int flags = 0, e = 0;
+#ifdef HAVE_LIBSECCOMP
+ int sandbox = 1;
+#endif
struct magic_set *magic = NULL;
int longindex;
const char *magicfile = NULL; /* where the magic is */
+ char *progname;
/* makes islower etc work for other langs */
#ifdef HAVE_SETLOCALE
else
progname = argv[0];
+ file_setprogname(progname);
+
+
#ifdef S_IFLNK
posixly = getenv("POSIXLY_CORRECT") != NULL;
flags |= posixly ? MAGIC_SYMLINK : 0;
case 's':
flags |= MAGIC_DEVICES;
break;
+#ifdef HAVE_LIBSECCOMP
+ case 'S':
+ sandbox = 0;
+ break;
+#endif
case 'v':
if (magicfile == NULL)
magicfile = magic_getpath(magicfile, action);
- (void)fprintf(stdout, "%s-%s\n", progname, VERSION);
+ (void)fprintf(stdout, "%s-%s\n", file_getprogname(),
+ VERSION);
(void)fprintf(stdout, "magic file from %s\n",
- magicfile);
+ magicfile);
return 0;
case 'z':
flags |= MAGIC_COMPRESS;
if (e)
return e;
+#ifdef HAVE_LIBSECCOMP
+#if 0
+ if (sandbox && enable_sandbox_basic() == -1)
+#else
+ if (sandbox && enable_sandbox_full() == -1)
+#endif
+ file_err(EXIT_FAILURE, "SECCOMP initialisation failed");
+#endif /* HAVE_LIBSECCOMP */
+
if (MAGIC_VERSION != magic_version())
- (void)fprintf(stderr, "%s: compiled magic version [%d] "
+ file_warnx("Compiled magic version [%d] "
"does not match with shared library magic version [%d]\n",
- progname, MAGIC_VERSION, magic_version());
+ MAGIC_VERSION, magic_version());
switch(action) {
case FILE_CHECK:
*/
magic = magic_open(flags|MAGIC_CHECK);
if (magic == NULL) {
- (void)fprintf(stderr, "%s: %s\n", progname,
- strerror(errno));
+ file_warn("Can't create magic");
return 1;
}
abort();
}
if (c == -1) {
- (void)fprintf(stderr, "%s: %s\n", progname,
- magic_error(magic));
+ file_warnx("%s", magic_error(magic));
e = 1;
goto out;
}
for (i = 0; i < __arraycount(pm); i++) {
if (pm[i].value == 0)
continue;
- if (magic_setparam(magic, pm[i].tag, &pm[i].value) == -1) {
- (void)fprintf(stderr, "%s: Can't set %s %s\n", progname,
- pm[i].name, strerror(errno));
- exit(1);
- }
+ if (magic_setparam(magic, pm[i].tag, &pm[i].value) == -1)
+ file_err(EXIT_FAILURE, "Can't set %s", pm[i].name);
}
}
return;
}
badparm:
- (void)fprintf(stderr, "%s: Unknown param %s\n", progname, p);
- exit(1);
+ file_errx(EXIT_FAILURE, "Unknown param %s", p);
}
private struct magic_set *
const char *e;
if (magic == NULL) {
- (void)fprintf(stderr, "%s: %s\n", progname, strerror(errno));
+ file_warn("Can't create magic");
return NULL;
}
if (magic_load(magic, magicfile) == -1) {
- (void)fprintf(stderr, "%s: %s\n",
- progname, magic_error(magic));
+ file_warn("%s", magic_error(magic));
magic_close(magic);
return NULL;
}
if ((e = magic_error(magic)) != NULL)
- (void)fprintf(stderr, "%s: Warning: %s\n", progname, e);
+ file_warn("%s", e);
return magic;
}
wid = 1;
} else {
if ((f = fopen(fn, "r")) == NULL) {
- (void)fprintf(stderr, "%s: Cannot open `%s' (%s).\n",
- progname, fn, strerror(errno));
+ file_warn("Cannot open `%s'", fn);
return 1;
}
private void
usage(void)
{
- (void)fprintf(stderr, USAGE, progname, progname, progname);
- exit(1);
+ const char *pn = file_getprogname();
+ (void)fprintf(stderr, USAGE, pn, pn, pn);
+ exit(EXIT_FAILURE);
}
private void
#undef OPT
#undef OPT_LONGONLY
fprintf(stdout, "\nReport bugs to http://bugs.gw.com/\n");
- exit(0);
+ exit(EXIT_SUCCESS);
+}
+
+private const char *file_progname;
+
+protected void
+file_setprogname(const char *progname)
+{
+ file_progname = progname;
+}
+
+protected const char *
+file_getprogname(void)
+{
+ return file_progname;
+}
+
+protected void
+file_err(int e, const char *fmt, ...)
+{
+ va_list ap;
+ int se = errno;
+
+ va_start(ap, fmt);
+ fprintf(stderr, "%s: ", file_progname);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, " (%s)\n", strerror(se));
+ exit(e);
+}
+
+protected void
+file_errx(int e, const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ fprintf(stderr, "%s: ", file_progname);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, "\n");
+ exit(e);
+}
+
+protected void
+file_warn(const char *fmt, ...)
+{
+ va_list ap;
+ int se = errno;
+
+ va_start(ap, fmt);
+ fprintf(stderr, "%s: ", file_progname);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, " (%s)\n", strerror(se));
+ errno = se;
+}
+
+protected void
+file_warnx(const char *fmt, ...)
+{
+ va_list ap;
+ int se = errno;
+
+ va_start(ap, fmt);
+ fprintf(stderr, "%s: ", file_progname);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, "\n");
+ errno = se;
}
*/
/*
* file.h - definitions for file(1) program
- * @(#)$File: file.h,v 1.183 2017/08/28 13:39:18 christos Exp $
+ * @(#)$File: file.h,v 1.191 2018/02/21 21:26:00 christos Exp $
*/
#ifndef __file_h__
#define FILE_COMPILE 2
#define FILE_LIST 3
+struct buffer {
+ int fd;
+ struct stat st;
+ const void *fbuf;
+ size_t flen;
+ off_t eoff;
+ void *ebuf;
+ size_t elen;
+};
+
union VALUETYPE {
uint8_t b;
uint16_t h;
#endif /* ENABLE_CONDITIONALS */
/* Word 4 */
- uint32_t offset; /* offset to magic number */
+ int32_t offset; /* offset to magic number */
/* Word 5 */
int32_t in_offset; /* offset from indirection */
/* Word 6 */
char *buf; /* Accumulation buffer */
char *pbuf; /* Printable buffer */
} o;
- uint32_t offset;
+ uint32_t offset; /* a copy of m->offset while we */
+ /* are working on the magic entry */
+ uint32_t eoffset; /* offset from end of file */
int error;
int flags; /* Control magic tests. */
int event_flags; /* Note things that happened. */
protected int file_printf(struct magic_set *, const char *, ...)
__attribute__((__format__(__printf__, 2, 3)));
protected int file_reset(struct magic_set *, int);
-protected int file_tryelf(struct magic_set *, int, const unsigned char *,
- size_t);
-protected int file_trycdf(struct magic_set *, int, const unsigned char *,
- size_t);
+protected int file_tryelf(struct magic_set *, const struct buffer *);
+protected int file_trycdf(struct magic_set *, const struct buffer *);
#if HAVE_FORK
-protected int file_zmagic(struct magic_set *, int, const char *,
- const unsigned char *, size_t);
+protected int file_zmagic(struct magic_set *, const struct buffer *,
+ const char *);
#endif
-protected int file_ascmagic(struct magic_set *, const unsigned char *, size_t,
+protected int file_ascmagic(struct magic_set *, const struct buffer *,
int);
protected int file_ascmagic_with_encoding(struct magic_set *,
- const unsigned char *, size_t, unichar *, size_t, const char *,
- const char *, int);
-protected int file_encoding(struct magic_set *, const unsigned char *, size_t,
+ const struct buffer *, unichar *, size_t, const char *, const char *, int);
+protected int file_encoding(struct magic_set *, const struct buffer *,
unichar **, size_t *, const char **, const char **, const char **);
-protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
-protected int file_softmagic(struct magic_set *, const unsigned char *, size_t,
+protected int file_is_tar(struct magic_set *, const struct buffer *);
+protected int file_softmagic(struct magic_set *, const struct buffer *,
uint16_t *, uint16_t *, int, int);
protected int file_apprentice(struct magic_set *, const char *, int);
protected int buffer_apprentice(struct magic_set *, struct magic **,
size_t);
#endif /* __EMX__ */
+protected void buffer_init(struct buffer *, int, const void *, size_t);
+protected void buffer_fini(struct buffer *);
+protected int buffer_fill(const struct buffer *);
+
#if defined(HAVE_LOCALE_H)
#include <locale.h>
#endif
__attribute__((__format_arg__(2)));
#endif
+#ifdef HAVE_LIBSECCOMP
+// basic filter
+// this mode should not interfere with normal operations
+// only some dangerous syscalls are blacklisted
+int enable_sandbox_basic(void);
+
+// enhanced filter
+// this mode allows only the necessary syscalls used during normal operation
+// extensive testing required !!!
+int enable_sandbox_full(void);
+#endif
+
+protected const char *file_getprogname(void);
+protected void file_setprogname(const char *);
+protected void file_err(int, const char *, ...)
+ __attribute__((__format__(__printf__, 2, 3)));
+protected void file_errx(int, const char *, ...)
+ __attribute__((__format__(__printf__, 2, 3)));
+protected void file_warn(const char *, ...)
+ __attribute__((__format__(__printf__, 1, 2)));
+protected void file_warnx(const char *, ...)
+ __attribute__((__format__(__printf__, 1, 2)));
+
#if defined(HAVE_MMAP) && defined(HAVE_SYS_MMAN_H) && !defined(QUICK)
#define QUICK
#endif
OPT('r', "raw", 0, 0, " don't translate unprintable chars to \\ooo\n")
OPT('s', "special-files", 0, 0, " treat special (block/char devices) files as\n"
" ordinary ones\n")
+#ifdef HAVE_LIBSECCOMP
+OPT('S', "no-sandbox", 0, 0, " disable system call sandboxing\n")
+#endif
OPT('C', "compile", 0, 0, " compile file specified by -m\n")
OPT('d', "debug", 0, 0, " print debugging messages\n")
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: funcs.c,v 1.93 2017/08/28 13:39:18 christos Exp $")
+FILE_RCSID("@(#)$File: funcs.c,v 1.94 2017/11/02 20:25:39 christos Exp $")
#endif /* lint */
#include "magic.h"
const void *buf, size_t nb)
{
int m = 0, rv = 0, looks_text = 0;
- const unsigned char *ubuf = CAST(const unsigned char *, buf);
- unichar *u8buf = NULL;
- size_t ulen;
const char *code = NULL;
const char *code_mime = "binary";
const char *type = "application/octet-stream";
const char *def = "data";
const char *ftype = NULL;
+ struct buffer b;
+
+ buffer_init(&b, fd, buf, nb);
if (nb == 0) {
def = "empty";
}
if ((ms->flags & MAGIC_NO_CHECK_ENCODING) == 0) {
- looks_text = file_encoding(ms, ubuf, nb, &u8buf, &ulen,
+ looks_text = file_encoding(ms, &b, NULL, 0,
&code, &code_mime, &ftype);
}
#ifdef __EMX__
if ((ms->flags & MAGIC_NO_CHECK_APPTYPE) == 0 && inname) {
- m = file_os2_apptype(ms, inname, buf, nb);
+ m = file_os2_apptype(ms, inname, &b);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try os2_apptype %d]\n", m);
switch (m) {
#if HAVE_FORK
/* try compression stuff */
if ((ms->flags & MAGIC_NO_CHECK_COMPRESS) == 0) {
- m = file_zmagic(ms, fd, inname, ubuf, nb);
+ m = file_zmagic(ms, &b, inname);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try zmagic %d]\n", m);
if (m) {
#endif
/* Check if we have a tar file */
if ((ms->flags & MAGIC_NO_CHECK_TAR) == 0) {
- m = file_is_tar(ms, ubuf, nb);
+ m = file_is_tar(ms, &b);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try tar %d]\n", m);
if (m) {
/* Check if we have a CDF file */
if ((ms->flags & MAGIC_NO_CHECK_CDF) == 0) {
- m = file_trycdf(ms, fd, ubuf, nb);
+ m = file_trycdf(ms, &b);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try cdf %d]\n", m);
if (m) {
/* try soft magic tests */
if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) {
- m = file_softmagic(ms, ubuf, nb, NULL, NULL, BINTEST,
- looks_text);
+ m = file_softmagic(ms, &b, NULL, NULL, BINTEST, looks_text);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try softmagic %d]\n", m);
if (m) {
* ELF headers that cannot easily * be
* extracted with rules in the magic file.
*/
- m = file_tryelf(ms, fd, ubuf, nb);
+ m = file_tryelf(ms, &b);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try elf %d]\n",
m);
/* try text properties */
if ((ms->flags & MAGIC_NO_CHECK_TEXT) == 0) {
- m = file_ascmagic(ms, ubuf, nb, looks_text);
+ m = file_ascmagic(ms, &b, looks_text);
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "[try ascmagic %d]\n", m);
if (m) {
#if HAVE_FORK
done_encoding:
#endif
- free(u8buf);
+ buffer_fini(&b);
if (rv)
return rv;
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: is_tar.c,v 1.39 2017/03/17 20:45:01 christos Exp $")
+FILE_RCSID("@(#)$File: is_tar.c,v 1.41 2017/11/02 20:25:39 christos Exp $")
#endif
#include "magic.h"
private int is_tar(const unsigned char *, size_t);
private int from_oct(const char *, size_t); /* Decode octal number */
-static const char tartype[][32] = {
- "tar archive",
+static const char tartype[][32] = { /* should be equal to messages */
+ "tar archive", /* found in ../magic/Magdir/archive */
"POSIX tar archive",
- "POSIX tar archive (GNU)",
+ "POSIX tar archive (GNU)", /* */
};
protected int
-file_is_tar(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
+file_is_tar(struct magic_set *ms, const struct buffer *b)
{
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
/*
* Do the tar test first, because if the first file in the tar
* archive starts with a dot, we can confuse it with an nroff file.
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: readcdf.c,v 1.65 2017/04/08 20:58:03 christos Exp $")
+FILE_RCSID("@(#)$File: readcdf.c,v 1.66 2017/11/02 20:25:39 christos Exp $")
#endif
#include <assert.h>
}
protected int
-file_trycdf(struct magic_set *ms, int fd, const unsigned char *buf,
- size_t nbytes)
+file_trycdf(struct magic_set *ms, const struct buffer *b)
{
+ int fd = b->fd;
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
cdf_info_t info;
cdf_header_t h;
cdf_sat_t sat, ssat;
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: readelf.c,v 1.138 2017/08/27 07:55:02 christos Exp $")
+FILE_RCSID("@(#)$File: readelf.c,v 1.141 2018/04/12 16:50:52 christos Exp $")
#endif
#ifdef BUILTIN_ELF
"NetBSD",
};
-#define FLAGS_CORE_STYLE 0x003
+#define FLAGS_CORE_STYLE 0x0003
-#define FLAGS_DID_CORE 0x004
-#define FLAGS_DID_OS_NOTE 0x008
-#define FLAGS_DID_BUILD_ID 0x010
-#define FLAGS_DID_CORE_STYLE 0x020
-#define FLAGS_DID_NETBSD_PAX 0x040
-#define FLAGS_DID_NETBSD_MARCH 0x080
-#define FLAGS_DID_NETBSD_CMODEL 0x100
-#define FLAGS_DID_NETBSD_UNKNOWN 0x200
-#define FLAGS_IS_CORE 0x400
-#define FLAGS_DID_AUXV 0x800
+#define FLAGS_DID_CORE 0x0004
+#define FLAGS_DID_OS_NOTE 0x0008
+#define FLAGS_DID_BUILD_ID 0x0010
+#define FLAGS_DID_CORE_STYLE 0x0020
+#define FLAGS_DID_NETBSD_PAX 0x0040
+#define FLAGS_DID_NETBSD_MARCH 0x0080
+#define FLAGS_DID_NETBSD_CMODEL 0x0100
+#define FLAGS_DID_NETBSD_EMULATION 0x0200
+#define FLAGS_DID_NETBSD_UNKNOWN 0x0400
+#define FLAGS_IS_CORE 0x0800
+#define FLAGS_DID_AUXV 0x1000
private int
dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
"gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
file_printable(sbuf, sizeof(sbuf),
CAST(char *, pi.cpi_name)),
- elf_getu32(swap, pi.cpi_pid),
+ elf_getu32(swap, (uint32_t)pi.cpi_pid),
elf_getu32(swap, pi.cpi_euid),
elf_getu32(swap, pi.cpi_egid),
elf_getu32(swap, pi.cpi_nlwps),
- elf_getu32(swap, pi.cpi_siglwp),
+ elf_getu32(swap, (uint32_t)pi.cpi_siglwp),
elf_getu32(swap, pi.cpi_signo),
elf_getu32(swap, pi.cpi_sigcode)) == -1)
return 1;
}
+/*ARGSUSED*/
private int
do_auxv_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
int swap, uint32_t namesz __attribute__((__unused__)),
(int)descsz, (const char *)&nbuf[doff]) == -1)
return offset;
break;
+ case NT_NETBSD_EMULATION:
+ if (*flags & FLAGS_DID_NETBSD_EMULATION)
+ return offset;
+ *flags |= FLAGS_DID_NETBSD_EMULATION;
+ if (file_printf(ms, ", emulation: %.*s",
+ (int)descsz, (const char *)&nbuf[doff]) == -1)
+ return offset;
+ break;
default:
if (*flags & FLAGS_DID_NETBSD_UNKNOWN)
return offset;
protected int
-file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
- size_t nbytes)
+file_tryelf(struct magic_set *ms, const struct buffer *b)
{
+ int fd = b->fd;
+ const unsigned char *buf = b->fbuf;
+ size_t nbytes = b->flen;
union {
int32_t l;
char c[sizeof (int32_t)];
--- /dev/null
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice immediately at the beginning of the file, without modification,
+ * this list of conditions, and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * libseccomp hooks.
+ */
+#include "file.h"
+
+#ifndef lint
+FILE_RCSID("@(#)$File: seccomp.c,v 1.2 2017/11/04 01:14:25 christos Exp $")
+#endif /* lint */
+
+#if HAVE_LIBSECCOMP
+#include <seccomp.h> /* libseccomp */
+#include <sys/prctl.h> /* prctl */
+#include <sys/socket.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#define DENY_RULE(call) \
+ do \
+ if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) == -1) \
+ goto out; \
+ while (/*CONSTCOND*/0)
+#define ALLOW_RULE(call) \
+ do \
+ if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) == -1) \
+ goto out; \
+ while (/*CONSTCOND*/0)
+
+static scmp_filter_ctx ctx;
+
+
+int
+enable_sandbox_basic(void)
+{
+
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
+ return -1;
+
+#if 0
+ // prevent escape via ptrace
+ prctl(PR_SET_DUMPABLE, 0);
+#endif
+
+ if (prctl (PR_SET_DUMPABLE, 0, 0, 0, 0) == -1)
+ return -1;
+
+ // initialize the filter
+ ctx = seccomp_init(SCMP_ACT_ALLOW);
+ if (ctx == NULL)
+ return 1;
+
+ DENY_RULE(_sysctl);
+ DENY_RULE(acct);
+ DENY_RULE(add_key);
+ DENY_RULE(adjtimex);
+ DENY_RULE(chroot);
+ DENY_RULE(clock_adjtime);
+ DENY_RULE(create_module);
+ DENY_RULE(delete_module);
+ DENY_RULE(fanotify_init);
+ DENY_RULE(finit_module);
+ DENY_RULE(get_kernel_syms);
+ DENY_RULE(get_mempolicy);
+ DENY_RULE(init_module);
+ DENY_RULE(io_cancel);
+ DENY_RULE(io_destroy);
+ DENY_RULE(io_getevents);
+ DENY_RULE(io_setup);
+ DENY_RULE(io_submit);
+ DENY_RULE(ioperm);
+ DENY_RULE(iopl);
+ DENY_RULE(ioprio_set);
+ DENY_RULE(kcmp);
+#ifdef __NR_kexec_file_load
+ DENY_RULE(kexec_file_load);
+#endif
+ DENY_RULE(kexec_load);
+ DENY_RULE(keyctl);
+ DENY_RULE(lookup_dcookie);
+ DENY_RULE(mbind);
+ DENY_RULE(nfsservctl);
+ DENY_RULE(migrate_pages);
+ DENY_RULE(modify_ldt);
+ DENY_RULE(mount);
+ DENY_RULE(move_pages);
+ DENY_RULE(name_to_handle_at);
+ DENY_RULE(open_by_handle_at);
+ DENY_RULE(perf_event_open);
+ DENY_RULE(pivot_root);
+ DENY_RULE(process_vm_readv);
+ DENY_RULE(process_vm_writev);
+ DENY_RULE(ptrace);
+ DENY_RULE(reboot);
+ DENY_RULE(remap_file_pages);
+ DENY_RULE(request_key);
+ DENY_RULE(set_mempolicy);
+ DENY_RULE(swapoff);
+ DENY_RULE(swapon);
+ DENY_RULE(sysfs);
+ DENY_RULE(syslog);
+ DENY_RULE(tuxcall);
+ DENY_RULE(umount2);
+ DENY_RULE(uselib);
+ DENY_RULE(vmsplice);
+
+ // blocking dangerous syscalls that file should not need
+ DENY_RULE (execve);
+ DENY_RULE (socket);
+ // ...
+
+
+ // applying filter...
+ if (seccomp_load (ctx) == -1)
+ goto out;
+ // free ctx after the filter has been loaded into the kernel
+ seccomp_release(ctx);
+ return 0;
+
+out:
+ seccomp_release(ctx);
+ return -1;
+}
+
+
+int
+enable_sandbox_full(void)
+{
+
+ // prevent child processes from getting more priv e.g. via setuid,
+ // capabilities, ...
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
+ return -1;
+
+ if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1)
+ return -1;
+
+ // initialize the filter
+ ctx = seccomp_init(SCMP_ACT_KILL);
+ if (ctx == NULL)
+ return -1;
+
+ ALLOW_RULE(access);
+ ALLOW_RULE(brk);
+ ALLOW_RULE(close);
+ ALLOW_RULE(dup2);
+ ALLOW_RULE(exit);
+ ALLOW_RULE(exit_group);
+ ALLOW_RULE(fcntl);
+ ALLOW_RULE(fstat);
+ ALLOW_RULE(getdents);
+ ALLOW_RULE(ioctl);
+ ALLOW_RULE(lseek);
+ ALLOW_RULE(lstat);
+ ALLOW_RULE(mmap);
+ ALLOW_RULE(mprotect);
+ ALLOW_RULE(mremap);
+ ALLOW_RULE(munmap);
+ ALLOW_RULE(open);
+ ALLOW_RULE(openat);
+ ALLOW_RULE(pread64);
+ ALLOW_RULE(read);
+ ALLOW_RULE(readlink);
+ ALLOW_RULE(rt_sigaction);
+ ALLOW_RULE(rt_sigprocmask);
+ ALLOW_RULE(rt_sigreturn);
+ ALLOW_RULE(select);
+ ALLOW_RULE(stat);
+ ALLOW_RULE(sysinfo);
+ ALLOW_RULE(unlink);
+ ALLOW_RULE(write);
+
+
+#if 0
+ // needed by valgrind
+ ALLOW_RULE(gettid);
+ ALLOW_RULE(getpid);
+ ALLOW_RULE(rt_sigtimedwait);
+#endif
+
+#if 0
+ /* special restrictions for socket, only allow AF_UNIX/AF_LOCAL */
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, AF_UNIX)) == -1)
+ goto out;
+
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, AF_LOCAL)) == -1)
+ goto out;
+
+
+ /* special restrictions for open, prevent opening files for writing */
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1,
+ SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) == -1)
+ goto out;
+
+ if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), 1,
+ SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) == -1)
+ goto out;
+
+ if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), 1,
+ SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) == -1)
+ goto out;
+
+
+ /* allow stderr */
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, 2)) == -1)
+ goto out;
+#endif
+
+ // applying filter...
+ if (seccomp_load(ctx) == -1)
+ goto out;
+ // free ctx after the filter has been loaded into the kernel
+ seccomp_release(ctx);
+ return 0;
+
+out:
+ // something went wrong
+ seccomp_release(ctx);
+ return -1;
+}
+#endif
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.249 2017/06/19 18:30:25 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.259 2018/03/11 01:23:52 christos Exp $")
#endif /* lint */
#include "magic.h"
#include "der.h"
private int match(struct magic_set *, struct magic *, uint32_t,
- const unsigned char *, size_t, size_t, int, int, int, uint16_t *,
+ const struct buffer *, size_t, int, int, int, uint16_t *,
uint16_t *, int *, int *, int *);
-private int mget(struct magic_set *, const unsigned char *,
- struct magic *, size_t, size_t, unsigned int, int, int, int, uint16_t *,
+private int mget(struct magic_set *, struct magic *, const struct buffer *,
+ const unsigned char *, size_t,
+ size_t, unsigned int, int, int, int, uint16_t *,
uint16_t *, int *, int *, int *);
+private int msetoffset(struct magic_set *, struct magic *, struct buffer *,
+ const struct buffer *, size_t, unsigned int);
private int magiccheck(struct magic_set *, struct magic *);
-private int32_t mprint(struct magic_set *, struct magic *);
-private int moffset(struct magic_set *, struct magic *, size_t, int32_t *);
+private int32_t mprint(struct magic_set *, struct magic *,
+ const struct buffer *);
+private int moffset(struct magic_set *, struct magic *, const struct buffer *,
+ int32_t *);
private void mdebug(uint32_t, const char *, size_t);
private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
const unsigned char *, uint32_t, size_t, struct magic *);
private int mconvert(struct magic_set *, struct magic *, int);
private int print_sep(struct magic_set *, int);
-private int handle_annotation(struct magic_set *, struct magic *, int);
+private int handle_annotation(struct magic_set *, struct magic *,
+ const struct buffer *, int);
private int cvt_8(union VALUETYPE *, const struct magic *);
private int cvt_16(union VALUETYPE *, const struct magic *);
private int cvt_32(union VALUETYPE *, const struct magic *);
*/
/*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */
protected int
-file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
+file_softmagic(struct magic_set *ms, const struct buffer *b,
uint16_t *indir_count, uint16_t *name_count, int mode, int text)
{
struct mlist *ml;
}
for (ml = ms->mlist[0]->next; ml != ms->mlist[0]; ml = ml->next)
- if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, 0, mode,
+ if ((rv = match(ms, ml->magic, ml->nmagic, b, 0, mode,
text, 0, indir_count, name_count,
&printed_something, &need_separator, NULL)) != 0)
return rv;
#define F(a, b, c) file_fmtcheck((a), (b), (c), __FILE__, __LINE__)
private const char * __attribute__((__format_arg__(3)))
-file_fmtcheck(struct magic_set *ms, const struct magic *m, const char *def,
+file_fmtcheck(struct magic_set *ms, const char *desc, const char *def,
const char *file, size_t line)
{
- const char *ptr = fmtcheck(m->desc, def);
+ const char *ptr = fmtcheck(desc, def);
if (ptr == def)
file_magerror(ms,
"%s, %" SIZE_T_FORMAT "u: format `%s' does not match"
- " with `%s'", file, line, m->desc, def);
+ " with `%s'", file, line, desc, def);
return ptr;
}
#else
-#define F(a, b, c) fmtcheck((b)->desc, (c))
+#define F(a, b, c) fmtcheck((b), (c))
#endif
/*
*/
private int
match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
- const unsigned char *s, size_t nbytes, size_t offset, int mode, int text,
+ const struct buffer *b, size_t offset, int mode, int text,
int flip, uint16_t *indir_count, uint16_t *name_count,
int *printed_something, int *need_separator, int *returnval)
{
unsigned int cont_level = 0;
int returnvalv = 0, e; /* if a match is found it is set to 1*/
int firstline = 1; /* a flag to print X\n X\n- X */
+ struct buffer bb;
int print = (ms->flags & MAGIC_NODESC) == 0;
if (returnval == NULL)
continue; /* Skip to next top-level test*/
}
- ms->offset = m->offset;
+ if (msetoffset(ms, m, &bb, b, offset, cont_level) == -1)
+ goto flush;
ms->line = m->lineno;
/* if main entry matches, print it... */
- switch (mget(ms, s, m, nbytes, offset, cont_level, mode, text,
- flip, indir_count, name_count,
+ switch (mget(ms, m, b, bb.fbuf, bb.flen, offset, cont_level,
+ mode, text, flip, indir_count, name_count,
printed_something, need_separator, returnval)) {
case -1:
return -1;
goto flush;
}
- if ((e = handle_annotation(ms, m, firstline)) != 0) {
+ if ((e = handle_annotation(ms, m, b, firstline)) != 0) {
*need_separator = 1;
*printed_something = 1;
*returnval = 1;
return -1;
}
-
- if (print && mprint(ms, m) == -1)
+ if (print && mprint(ms, m, b) == -1)
return -1;
- switch (moffset(ms, m, nbytes, &ms->c.li[cont_level].off)) {
+ switch (moffset(ms, m, &bb, &ms->c.li[cont_level].off)) {
case -1:
case 0:
goto flush;
*/
cont_level = m->cont_level;
}
- ms->offset = m->offset;
+ if (msetoffset(ms, m, &bb, b, offset, cont_level) == -1)
+ goto flush;
if (m->flag & OFFADD) {
ms->offset +=
ms->c.li[cont_level - 1].off;
continue;
}
#endif
- switch (mget(ms, s, m, nbytes, offset, cont_level, mode,
- text, flip, indir_count, name_count,
- printed_something, need_separator, returnval)) {
+ switch (mget(ms, m, b, bb.fbuf, bb.flen, offset,
+ cont_level, mode, text, flip, indir_count,
+ name_count, printed_something, need_separator,
+ returnval)) {
case -1:
return -1;
case 0:
} else
ms->c.li[cont_level].got_match = 1;
- if ((e = handle_annotation(ms, m, firstline)) != 0) {
+ if ((e = handle_annotation(ms, m, b, firstline))
+ != 0) {
*need_separator = 1;
*printed_something = 1;
*returnval = 1;
return -1;
*need_separator = 0;
}
- if (print && mprint(ms, m) == -1)
+ if (print && mprint(ms, m, b) == -1)
return -1;
- switch (moffset(ms, m, nbytes,
+ switch (moffset(ms, m, &bb,
&ms->c.li[cont_level].off)) {
case -1:
case 0:
}
private int
-check_fmt(struct magic_set *ms, struct magic *m)
+check_fmt(struct magic_set *ms, const char *fmt)
{
file_regex_t rx;
int rc, rv = -1;
- if (strchr(m->desc, '%') == NULL)
+ if (strchr(fmt, '%') == NULL)
return 0;
rc = file_regcomp(&rx, "%[-0-9\\.]*s", REG_EXTENDED|REG_NOSUB);
if (rc) {
file_regerror(&rx, rc, ms);
} else {
- rc = file_regexec(&rx, m->desc, 0, 0, 0);
+ rc = file_regexec(&rx, fmt, 0, 0, 0);
rv = !rc;
}
file_regfree(&rx);
}
#endif /* HAVE_STRNDUP */
+static int
+varexpand(char *buf, size_t len, const struct buffer *b, const char *str)
+{
+ const char *ptr, *sptr, *e, *t, *ee, *et;
+ size_t l;
+
+ for (sptr = str; (ptr = strstr(sptr, "${")) != NULL;) {
+ l = (size_t)(ptr - sptr);
+ if (l >= len)
+ return -1;
+ memcpy(buf, sptr, l);
+ buf += l;
+ len -= l;
+ ptr += 2;
+ if (!*ptr || ptr[1] != '?')
+ return -1;
+ for (et = t = ptr + 2; *et && *et != ':'; et++)
+ continue;
+ if (*et != ':')
+ return -1;
+ for (ee = e = et + 1; *ee && *ee != '}'; ee++)
+ continue;
+ if (*ee != '}')
+ return -1;
+ switch (*ptr) {
+ case 'x':
+ if (b->st.st_mode & 0111) {
+ ptr = t;
+ l = et - t;
+ } else {
+ ptr = e;
+ l = ee - e;
+ }
+ break;
+ default:
+ return -1;
+ }
+ if (l >= len)
+ return -1;
+ memcpy(buf, ptr, l);
+ buf += l;
+ len -= l;
+ sptr = ee + 1;
+ }
+
+ l = strlen(sptr);
+ if (l >= len)
+ return -1;
+
+ memcpy(buf, sptr, l);
+ buf[l] = '\0';
+ return 0;
+}
+
+
private int32_t
-mprint(struct magic_set *ms, struct magic *m)
+mprint(struct magic_set *ms, struct magic *m, const struct buffer *b)
{
uint64_t v;
float vf;
double vd;
int64_t t = 0;
- char buf[128], tbuf[26], sbuf[512];
+ char buf[128], tbuf[26], sbuf[512], ebuf[512];
+ const char *desc;
union VALUETYPE *p = &ms->ms_value;
+ if (varexpand(ebuf, sizeof(ebuf), b, m->desc) == -1)
+ desc = m->desc;
+ else
+ desc = ebuf;
+
switch (m->type) {
case FILE_BYTE:
v = file_signextend(ms, m, (uint64_t)p->b);
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%d",
(unsigned char)v);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%d"),
+ if (file_printf(ms, F(ms, desc, "%d"),
(unsigned char) v) == -1)
return -1;
break;
case FILE_BESHORT:
case FILE_LESHORT:
v = file_signextend(ms, m, (uint64_t)p->h);
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%u",
(unsigned short)v);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%u"),
+ if (file_printf(ms, F(ms, desc, "%u"),
(unsigned short) v) == -1)
return -1;
break;
case FILE_LELONG:
case FILE_MELONG:
v = file_signextend(ms, m, (uint64_t)p->l);
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%u", (uint32_t) v);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%u"), (uint32_t) v) == -1)
+ if (file_printf(ms, F(ms, desc, "%u"), (uint32_t) v) == -1)
return -1;
break;
}
case FILE_BEQUAD:
case FILE_LEQUAD:
v = file_signextend(ms, m, p->q);
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%" INT64_T_FORMAT "u",
(unsigned long long)v);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%" INT64_T_FORMAT "u"),
+ if (file_printf(ms, F(ms, desc, "%" INT64_T_FORMAT "u"),
(unsigned long long) v) == -1)
return -1;
break;
case FILE_BESTRING16:
case FILE_LESTRING16:
if (m->reln == '=' || m->reln == '!') {
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_printable(sbuf, sizeof(sbuf), m->value.s))
== -1)
return -1;
*++last = '\0';
}
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_printable(sbuf, sizeof(sbuf), str)) == -1)
return -1;
case FILE_BEDATE:
case FILE_LEDATE:
case FILE_MEDATE:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_fmttime(p->l, 0, tbuf)) == -1)
return -1;
t = ms->offset + sizeof(uint32_t);
case FILE_BELDATE:
case FILE_LELDATE:
case FILE_MELDATE:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_fmttime(p->l, FILE_T_LOCAL, tbuf)) == -1)
return -1;
t = ms->offset + sizeof(uint32_t);
case FILE_QDATE:
case FILE_BEQDATE:
case FILE_LEQDATE:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_fmttime(p->q, 0, tbuf)) == -1)
return -1;
t = ms->offset + sizeof(uint64_t);
case FILE_QLDATE:
case FILE_BEQLDATE:
case FILE_LEQLDATE:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_fmttime(p->q, FILE_T_LOCAL, tbuf)) == -1)
return -1;
t = ms->offset + sizeof(uint64_t);
case FILE_QWDATE:
case FILE_BEQWDATE:
case FILE_LEQWDATE:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_fmttime(p->q, FILE_T_WINDOWS, tbuf)) == -1)
return -1;
t = ms->offset + sizeof(uint64_t);
case FILE_BEFLOAT:
case FILE_LEFLOAT:
vf = p->f;
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%g", vf);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%g"), vf) == -1)
+ if (file_printf(ms, F(ms, desc, "%g"), vf) == -1)
return -1;
break;
}
case FILE_BEDOUBLE:
case FILE_LEDOUBLE:
vd = p->d;
- switch (check_fmt(ms, m)) {
+ switch (check_fmt(ms, desc)) {
case -1:
return -1;
case 1:
(void)snprintf(buf, sizeof(buf), "%g", vd);
- if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ if (file_printf(ms, F(ms, desc, "%s"), buf) == -1)
return -1;
break;
default:
- if (file_printf(ms, F(ms, m, "%g"), vd) == -1)
+ if (file_printf(ms, F(ms, desc, "%g"), vd) == -1)
return -1;
break;
}
file_oomem(ms, ms->search.rm_len);
return -1;
}
- rval = file_printf(ms, F(ms, m, "%s"),
+ rval = file_printf(ms, F(ms, desc, "%s"),
file_printable(sbuf, sizeof(sbuf), cp));
free(cp);
t = ms->offset;
break;
case FILE_DER:
- if (file_printf(ms, F(ms, m, "%s"),
+ if (file_printf(ms, F(ms, desc, "%s"),
file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
return -1;
t = ms->offset;
}
private int
-moffset(struct magic_set *ms, struct magic *m, size_t nbytes, int32_t *op)
+moffset(struct magic_set *ms, struct magic *m, const struct buffer *b,
+ int32_t *op)
{
+ size_t nbytes = b->flen;
int32_t o;
switch (m->type) {
b++;
}
if (lines)
- last = RCAST(const char *, s) + bytecnt;
+ last = end;
ms->search.s = buf;
ms->search.s_len = last - buf;
}
private int
-mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
- size_t nbytes, size_t o, unsigned int cont_level, int mode, int text,
- int flip, uint16_t *indir_count, uint16_t *name_count,
+msetoffset(struct magic_set *ms, struct magic *m, struct buffer *bb,
+ const struct buffer *b, size_t o, unsigned int cont_level)
+{
+ if (m->offset < 0) {
+ if (cont_level > 0) {
+ if (m->flag & (OFFADD|INDIROFFADD))
+ goto normal;
+#if 0
+ file_error(ms, 0, "negative offset %d at continuation"
+ "level %u", m->offset, cont_level);
+ return -1;
+#endif
+ }
+ if (buffer_fill(b) == -1)
+ return -1;
+ if (o != 0) {
+ // Not yet!
+ file_magerror(ms, "non zero offset %zu at"
+ " level %u", o, cont_level);
+ return -1;
+ }
+ if ((size_t)-m->offset > b->elen)
+ return -1;
+ buffer_init(bb, -1, b->ebuf, b->elen);
+ ms->eoffset = ms->offset = b->elen + m->offset;
+ } else {
+ if (cont_level == 0) {
+normal:
+ // XXX: Pass real fd, then who frees bb?
+ buffer_init(bb, -1, b->fbuf, b->flen);
+ ms->offset = m->offset;
+ ms->eoffset = 0;
+ } else {
+ ms->offset = ms->eoffset + m->offset;
+ }
+ }
+ if ((ms->flags & MAGIC_DEBUG) != 0) {
+ fprintf(stderr, "bb=[%p,%zu], %d [b=%p,%zu], [o=%#x, c=%d]\n",
+ bb->fbuf, bb->flen, ms->offset, b->fbuf, b->flen,
+ m->offset, cont_level);
+ }
+ return 0;
+}
+
+private int
+mget(struct magic_set *ms, struct magic *m, const struct buffer *b,
+ const unsigned char *s, size_t nbytes, size_t o, unsigned int cont_level,
+ int mode, int text, int flip, uint16_t *indir_count, uint16_t *name_count,
int *printed_something, int *need_separator, int *returnval)
{
uint32_t offset = ms->offset;
+ struct buffer bb;
intmax_t lhs;
file_pushbuf_t *pb;
int rv, oneed_separator, in_type;
return -1;
}
+
+
if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o),
(uint32_t)nbytes, m) == -1)
return -1;
return -1;
(*indir_count)++;
- rv = file_softmagic(ms, s + offset, nbytes - offset,
+ bb = *b;
+ bb.fbuf = s + offset;
+ bb.flen = nbytes - offset;
+ rv = file_softmagic(ms, &bb,
indir_count, name_count, BINTEST, text);
if ((ms->flags & MAGIC_DEBUG) != 0)
if (rv == 1) {
if ((ms->flags & MAGIC_NODESC) == 0 &&
- file_printf(ms, F(ms, m, "%u"), offset) == -1) {
+ file_printf(ms, F(ms, m->desc, "%u"), offset) == -1) {
free(rbuf);
return -1;
}
oneed_separator = *need_separator;
if (m->flag & NOSPACE)
*need_separator = 0;
- rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o,
+ rv = match(ms, ml.magic, ml.nmagic, b, offset + o,
mode, text, flip, indir_count, name_count,
printed_something, need_separator, returnval);
if (rv != 1)
*need_separator = oneed_separator;
- return 1;
+ return rv;
case FILE_NAME:
if (ms->flags & MAGIC_NODESC)
}
private int
-handle_annotation(struct magic_set *ms, struct magic *m, int firstline)
+handle_annotation(struct magic_set *ms, struct magic *m, const struct buffer *b,
+ int firstline)
{
if ((ms->flags & MAGIC_APPLE) && m->apple[0]) {
if (!firstline && file_printf(ms, "\n- ") == -1)
return 1;
}
if ((ms->flags & MAGIC_MIME_TYPE) && m->mimetype[0]) {
+ char buf[1024];
+ const char *p;
if (!firstline && file_printf(ms, "\n- ") == -1)
return -1;
- if (file_printf(ms, "%s", m->mimetype) == -1)
+ if (varexpand(buf, sizeof(buf), b, m->mimetype) == -1)
+ p = m->mimetype;
+ else
+ p = buf;
+ if (file_printf(ms, "%s", p) == -1)
return -1;
return 1;
}
-Microsoft OOXML
\ No newline at end of file
+Microsoft Excel 2007+
\ No newline at end of file