update to new version 5.38

file-5.37-CVE-2019-18218.patch

@@ -1,52 +0,0 @@
-From f73ad90e797824569008a054bea6c8215883a3a0 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 26 Aug 2019 14:31:39 +0000
-Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
-
-Upstream-commit: 46a8443f76cec4b41ec736eca396984c74664f84
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- src/cdf.c | 7 +++----
- src/cdf.h | 1 +
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/cdf.c b/src/cdf.c
-index 556a3ff..8bb0a6d 100644
---- a/src/cdf.c
-+++ b/src/cdf.c
-@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
- 				goto out;
- 			}
- 			nelements = CDF_GETUINT32(q, 1);
--			if (nelements == 0) {
--				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
-+			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
-+				DPRINTF(("CDF_VECTOR with nelements == %"
-+				    SIZE_T_FORMAT "u\n", nelements));
- 				goto out;
- 			}
- 			slen = 2;
-@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
- 					goto out;
- 				inp += nelem;
- 			}
--			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
--			    nelements));
- 			for (j = 0; j < nelements && i < sh.sh_properties;
- 			    j++, i++)
- 			{
-diff --git a/src/cdf.h b/src/cdf.h
-index 2f7e554..0505666 100644
---- a/src/cdf.h
-+++ b/src/cdf.h
-@@ -48,6 +48,7 @@
- typedef int32_t cdf_secid_t;
- 
- #define CDF_LOOP_LIMIT					10000
-+#define CDF_ELEMENT_LIMIT				100000
- 
- #define CDF_SECID_NULL					0
- #define CDF_SECID_FREE					-1
--- 
-2.20.1
-

file-5.37-double-free.patch

@@ -1,26 +0,0 @@
-From 23c6cde85e411d72b13b1d10d45fc664c3da6a5d Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Mon, 10 Jun 2019 21:35:26 +0000
-Subject: [PATCH] Set buffer to NULL to prevent double free (Kamil Dudka at redhat)
-
-Upstream-commit: d13204e8da43f1d8a98cf3f74591cde02ecdb2f7
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- src/buffer.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/buffer.c b/src/buffer.c
-index 6d8967d2..0a27e578 100644
---- a/src/buffer.c
-+++ b/src/buffer.c
-@@ -77,6 +77,7 @@ buffer_fill(const struct buffer *bb)
- 	b->eoff = b->st.st_size - b->elen;
- 	if (pread(b->fd, b->ebuf, b->elen, b->eoff) == -1) {
- 		free(b->ebuf);
-+		b->ebuf = NULL;
- 		goto out;
- 	}
- 
--- 
-2.20.1
-

file-5.37-jffs-magic.patch

@@ -1,40 +0,0 @@
-From 432267e707aca36bec55704fd404fa572e2c4b45 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Fri, 15 Nov 2019 23:49:38 +0000
-Subject: [PATCH] fix JFFS2 (the old magic was just hex encoded 0x1984 which is
- wrong (Kamil Dudka)
-
-Upstream-commit: 5ad78c726bb03e0fbdb6d237ef2b13e51968ffea
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- magic/Magdir/filesystems | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/magic/Magdir/filesystems b/magic/Magdir/filesystems
-index 1920e56..da5c580 100644
---- a/magic/Magdir/filesystems
-+++ b/magic/Magdir/filesystems
-@@ -2057,10 +2057,6 @@
- >0x10040	lelong	2		yura hash
- >0x10040	lelong	3		r5 hash
- 
--# JFFS - russell@coker.com.au
--0	lelong	0x34383931	Linux Journalled Flash File system, little endian
--0	belong	0x34383931	Linux Journalled Flash File system, big endian
--
- # EST flat binary format (which isn't, but anyway)
- # From: Mark Brown <broonie@sirena.org.uk>
- 0	string	ESTFBINR	EST flat binary
-@@ -2144,7 +2140,9 @@
- 
- # JFFS2 file system
- 0	leshort	0x1984		Linux old jffs2 filesystem data little endian
-+0	beshort	0x1984		Linux old jffs2 filesystem data big endian
- 0	leshort	0x1985		Linux jffs2 filesystem data little endian
-+0	beshort	0x1985		Linux jffs2 filesystem data big endian
- 
- # Squashfs
- 0	string	sqsh	Squashfs filesystem, big endian,
--- 
-2.20.1
-

file-5.37.tar.gz.asc

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iEYEABECAAYFAlzeHJcACgkQcREqsWyzOzrudwCg6X2ESwogvW+LinRPNULUDrZV
-bE4An2pcK2m7rmImJ3TBoFEH+osRFwyO
-=AZbT
------END PGP SIGNATURE-----

file-5.38.tar.gz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iEYEABECAAYFAl34OjcACgkQcREqsWyzOzoVWwCfY69DDEEy9Uf5tQ/Ryr8CFjKu
+spYAoIMICtX8ZHca0UxCgha/8NL5PaJa
+=xRVg
+-----END PGP SIGNATURE-----

file.spec

@@ -14,8 +14,8 @@
 
 Summary: A utility for determining file types
 Name: file
-Version: 5.37
-Release: 9%{?dist}
+Version: 5.38
+Release: 1%{?dist}
 License: BSD
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
@@ -26,15 +26,6 @@ Patch0: file-localmagic.patch
 Patch1: file-4.17-rpm-name.patch
 Patch2: file-5.04-volume_key.patch
 
-# remove wrong magic for JFFS file system (#1771242)
-Patch5: file-5.37-jffs-magic.patch
-
-# fix double free on read error (#1685217)
-Patch14: file-5.37-double-free.patch
-
-# fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)
-Patch15: file-5.37-CVE-2019-18218.patch
-
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -209,6 +200,9 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Tue Dec 17 2019 Kamil Dudka <kdudka@redhat.com> - 5.38-1
+- update to new version 5.38
+
 * Mon Nov 18 2019 Kamil Dudka <kdudka@redhat.com> - 5.37-9
 - remove wrong magic for JFFS file system (#1771242)
 

sources

@@ -1 +1 @@
-SHA512 (file-5.37.tar.gz) = bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d
+SHA512 (file-5.38.tar.gz) = 9eeeba69cbc9f0c00a0bdf9eaf60c73a4a709e797068f109d85c1ef2a19c8b0e012ecd73714f03cbb1770dfa717e8a661ad746b644cc030cafbfb1f7aac35a40