1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
diff -u a/magic/Magdir/c-lang b/magic/Magdir/c-lang
--- a/magic/Magdir/c-lang 2017-08-14 09:40:38.000000000 +0200
+++ b/magic/Magdir/c-lang 2018-11-10 13:06:33.171398452 +0100
@@ -13,61 +13,61 @@
# C
# Check for class if include is found, otherwise class is beaten by include becouse of lowered strength
0 regex \^#include C
->0 regex \^class[[:space:]]+
+>0 regex/4096 \^class[[:space:]]+
>>&0 regex \\{[\.\*]\\}(;)?$ \b++
>&0 clear x source text
!:strength + 13
!:mime text/x-c
-0 regex \^#[[:space:]]*pragma C source text
+0 regex/4096 \^#[[:space:]]*pragma C source text
!:mime text/x-c
-0 regex \^#[[:space:]]*(if\|ifn)def
->&0 regex \^#[[:space:]]*endif$ C source text
+0 regex/4096 \^#[[:space:]]*(if\|ifn)def
+>&0 regex/4096 \^#[[:space:]]*endif$ C source text
!:mime text/x-c
-0 regex \^#[[:space:]]*(if\|ifn)def
->&0 regex \^#[[:space:]]*define C source text
+0 regex/4096 \^#[[:space:]]*(if\|ifn)def
+>&0 regex/4096 \^#[[:space:]]*define C source text
!:mime text/x-c
-0 regex \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+0 regex/4096 \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
!:mime text/x-c
-0 regex \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+0 regex/4096 \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
!:mime text/x-c
-0 regex \^[[:space:]]*extern[[:space:]]+ C source text
+0 regex/4096 \^[[:space:]]*extern[[:space:]]+ C source text
!:mime text/x-c
-0 regex \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+0 regex/4096 \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
!:mime text/x-c
-0 regex \^struct[[:space:]]+ C source text
+0 regex/4096 \^struct[[:space:]]+ C source text
!:mime text/x-c
-0 regex \^union[[:space:]]+ C source text
+0 regex/4096 \^union[[:space:]]+ C source text
!:mime text/x-c
0 search/8192 main(
->&0 regex \\)[[:space:]]*\\{ C source text
+>&0 regex/4096 \\)[[:space:]]*\\{ C source text
!:mime text/x-c
# C++
# The strength of these rules is increased so they beat the C rules above
-0 regex \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text
+0 regex/4096 \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text
!:strength + 30
!:mime text/x-c++
# using namespace [namespace] or using std::[lib]
-0 regex \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text
+0 regex/4096 \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text
!:strength + 30
!:mime text/x-c++
-0 regex \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text
+0 regex/4096 \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text
!:strength + 30
!:mime text/x-c++
-0 regex \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text
+0 regex/4096 \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text
!:strength + 30
!:mime text/x-c++
# But class alone is reduced to avoid beating php (Jens Schleusener)
-0 regex \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text
+0 regex/4096 \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text
!:strength + 13
!:mime text/x-c++
-0 regex \^[[:space:]]*public: C++ source text
+0 regex/4096 \^[[:space:]]*public: C++ source text
!:strength + 30
!:mime text/x-c++
-0 regex \^[[:space:]]*private: C++ source text
+0 regex/4096 \^[[:space:]]*private: C++ source text
!:strength + 30
!:mime text/x-c++
-0 regex \^[[:space:]]*protected: C++ source text
+0 regex/4096 \^[[:space:]]*protected: C++ source text
!:strength + 30
!:mime text/x-c++
diff -u a/magic/Magdir/python b/magic/Magdir/python
--- a/magic/Magdir/python 2017-08-14 09:40:38.000000000 +0200
+++ b/magic/Magdir/python 2018-11-10 13:06:36.799268528 +0100
@@ -63,7 +63,7 @@
!:mime text/x-python
# import module [as abrev]
-0 regex \^import\ [_[:alpha:]]+\ as\ [[:alpha:]][[:space:]]*$ Python script text executable
+0 regex/4096 \^import\ [_[:alpha:]]+\ as\ [[:alpha:]][[:space:]]*$ Python script text executable
!:mime text/x-python
# comments
@@ -79,7 +79,7 @@
# except: or finally:
# block
0 search/4096 try:
->&0 regex \^[[:space:]]*except.*:$ Python script text executable
+>&0 regex/4096 \^[[:space:]]*except.*:$ Python script text executable
!:strength + 15
!:mime text/x-python
>&0 search/4096 finally: Python script text executable
@@ -91,7 +91,7 @@
!:mime text/x-python
# def name(*args, **kwargs):
-0 regex \^[[:space:]]{0,50}def\ {1,50}[_a-zA-Z]{1,100}
+0 regex/4096 \^[[:space:]]{0,50}def\ {1,50}[_a-zA-Z]{1,100}
>&0 regex \\(([[:alpha:]*_,\ ]){0,255}\\):$ Python script text executable
!:strength + 15
!:mime text/x-python
diff -u a/magic/Magdir/rpm b/magic/Magdir/rpm
--- a/magic/Magdir/rpm 2013-01-11 17:45:23.000000000 +0100
+++ b/magic/Magdir/rpm 2018-11-10 12:27:29.858619326 +0100
@@ -29,6 +29,7 @@
>>8 beshort 17 SuperH
>>8 beshort 18 Xtensa
>>8 beshort 255 noarch
+>>10 string x %s
#delta RPM Daniel Novotny (dnovotny@redhat.com)
0 string drpm Delta RPM
diff -u a/magic/Magdir/ruby b/magic/Magdir/ruby
--- a/magic/Magdir/ruby 2017-08-14 15:39:18.000000000 +0200
+++ b/magic/Magdir/ruby 2018-11-10 13:06:28.703557761 +0100
@@ -22,30 +22,30 @@
# What looks like ruby, but does not have a shebang
# (modules and such)
# From: Lubomir Rintel <lkundrak@v3.sk>
-0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+'
+0 regex/4096 \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+'
>0 regex def\ [a-z]|\ do$
->>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+>>&0 regex/4096 \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
!:strength + 30
!:mime text/x-ruby
-0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z]
+0 regex/4096 \^[[:space:]]*(class|module)[[:space:]][A-Z]
>0 regex (modul|includ)e\ [A-Z]|def\ [a-z]
->>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+>>&0 regex/4096 \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
!:strength + 30
!:mime text/x-ruby
# Classes with no modules or defs, beats simple ASCII
-0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z]
->&0 regex \^[[:space:]]*end([[:space:]]+[;#if].*)?$ Ruby script text
+0 regex/4096 \^[[:space:]]*(class|module)[[:space:]][A-Z]
+>&0 regex/4096 \^[[:space:]]*end([[:space:]]+[;#if].*)?$ Ruby script text
!:strength + 10
!:mime text/x-ruby
# Looks for function definition to balance python magic
# def name (args)
# end
-0 regex \^[[:space:]]*def\ [a-z]|def\ [[:alpha:]]+::[a-z]
->&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+0 regex/4096 \^[[:space:]]*def\ [a-z]|def\ [[:alpha:]]+::[a-z]
+>&0 regex/4096 \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
!:strength + 10
!:mime text/x-ruby
-0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' Ruby script text
+0 regex/4096 \^[[:space:]]*require[[:space:]]'[A-Za-z_/]+' Ruby script text
!:mime text/x-ruby
-0 regex \^[[:space:]]*include\ ([A-Z]+[a-z]*(::))+ Ruby script text
+0 regex/4096 \^[[:space:]]*include\ ([A-Z]+[a-z]*(::))+ Ruby script text
!:mime text/x-ruby
diff -u a/magic/Magdir/securitycerts b/magic/Magdir/securitycerts
--- a/magic/Magdir/securitycerts 2009-09-19 18:28:12.000000000 +0200
+++ b/magic/Magdir/securitycerts 2018-11-10 12:27:29.858619326 +0100
@@ -4,3 +4,5 @@
0 search/1 -----BEGIN\ CERTIFICATE------ RFC1421 Security Certificate text
0 search/1 -----BEGIN\ NEW\ CERTIFICATE RFC1421 Security Certificate Signing Request text
0 belong 0xedfeedfe Sun 'jks' Java Keystore File data
+
+0 string \0volume_key volume_key escrow packet
|
