diff --git a/file-5.37-CVE-2019-18218.patch b/file-5.37-CVE-2019-18218.patch deleted file mode 100644 index 89b9bde..0000000 --- a/file-5.37-CVE-2019-18218.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f73ad90e797824569008a054bea6c8215883a3a0 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas -Date: Mon, 26 Aug 2019 14:31:39 +0000 -Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) - -Upstream-commit: 46a8443f76cec4b41ec736eca396984c74664f84 -Signed-off-by: Kamil Dudka ---- - src/cdf.c | 7 +++---- - src/cdf.h | 1 + - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/cdf.c b/src/cdf.c -index 556a3ff..8bb0a6d 100644 ---- a/src/cdf.c -+++ b/src/cdf.c -@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - } - nelements = CDF_GETUINT32(q, 1); -- if (nelements == 0) { -- DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == %" -+ SIZE_T_FORMAT "u\n", nelements)); - goto out; - } - slen = 2; -@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - inp += nelem; - } -- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", -- nelements)); - for (j = 0; j < nelements && i < sh.sh_properties; - j++, i++) - { -diff --git a/src/cdf.h b/src/cdf.h -index 2f7e554..0505666 100644 ---- a/src/cdf.h -+++ b/src/cdf.h -@@ -48,6 +48,7 @@ - typedef int32_t cdf_secid_t; - - #define CDF_LOOP_LIMIT 10000 -+#define CDF_ELEMENT_LIMIT 100000 - - #define CDF_SECID_NULL 0 - #define CDF_SECID_FREE -1 --- -2.20.1 - diff --git a/file-5.37-double-free.patch b/file-5.37-double-free.patch deleted file mode 100644 index 714e8c1..0000000 --- a/file-5.37-double-free.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 23c6cde85e411d72b13b1d10d45fc664c3da6a5d Mon Sep 17 00:00:00 2001 -From: Christos Zoulas -Date: Mon, 10 Jun 2019 21:35:26 +0000 -Subject: [PATCH] Set buffer to NULL to prevent double free (Kamil Dudka at redhat) - -Upstream-commit: d13204e8da43f1d8a98cf3f74591cde02ecdb2f7 -Signed-off-by: Kamil Dudka ---- - src/buffer.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/buffer.c b/src/buffer.c -index 6d8967d2..0a27e578 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -77,6 +77,7 @@ buffer_fill(const struct buffer *bb) - b->eoff = b->st.st_size - b->elen; - if (pread(b->fd, b->ebuf, b->elen, b->eoff) == -1) { - free(b->ebuf); -+ b->ebuf = NULL; - goto out; - } - --- -2.20.1 - diff --git a/file-5.37-jffs-magic.patch b/file-5.37-jffs-magic.patch deleted file mode 100644 index 1c25151..0000000 --- a/file-5.37-jffs-magic.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 432267e707aca36bec55704fd404fa572e2c4b45 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas -Date: Fri, 15 Nov 2019 23:49:38 +0000 -Subject: [PATCH] fix JFFS2 (the old magic was just hex encoded 0x1984 which is - wrong (Kamil Dudka) - -Upstream-commit: 5ad78c726bb03e0fbdb6d237ef2b13e51968ffea -Signed-off-by: Kamil Dudka ---- - magic/Magdir/filesystems | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/magic/Magdir/filesystems b/magic/Magdir/filesystems -index 1920e56..da5c580 100644 ---- a/magic/Magdir/filesystems -+++ b/magic/Magdir/filesystems -@@ -2057,10 +2057,6 @@ - >0x10040 lelong 2 yura hash - >0x10040 lelong 3 r5 hash - --# JFFS - russell@coker.com.au --0 lelong 0x34383931 Linux Journalled Flash File system, little endian --0 belong 0x34383931 Linux Journalled Flash File system, big endian -- - # EST flat binary format (which isn't, but anyway) - # From: Mark Brown - 0 string ESTFBINR EST flat binary -@@ -2144,7 +2140,9 @@ - - # JFFS2 file system - 0 leshort 0x1984 Linux old jffs2 filesystem data little endian -+0 beshort 0x1984 Linux old jffs2 filesystem data big endian - 0 leshort 0x1985 Linux jffs2 filesystem data little endian -+0 beshort 0x1985 Linux jffs2 filesystem data big endian - - # Squashfs - 0 string sqsh Squashfs filesystem, big endian, --- -2.20.1 - diff --git a/file-5.37.tar.gz.asc b/file-5.37.tar.gz.asc deleted file mode 100644 index 20cadb8..0000000 --- a/file-5.37.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iEYEABECAAYFAlzeHJcACgkQcREqsWyzOzrudwCg6X2ESwogvW+LinRPNULUDrZV -bE4An2pcK2m7rmImJ3TBoFEH+osRFwyO -=AZbT ------END PGP SIGNATURE----- diff --git a/file-5.38.tar.gz.asc b/file-5.38.tar.gz.asc new file mode 100644 index 0000000..63fce2d --- /dev/null +++ b/file-5.38.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAl34OjcACgkQcREqsWyzOzoVWwCfY69DDEEy9Uf5tQ/Ryr8CFjKu +spYAoIMICtX8ZHca0UxCgha/8NL5PaJa +=xRVg +-----END PGP SIGNATURE----- diff --git a/file.spec b/file.spec index 493822e..c5c5769 100644 --- a/file.spec +++ b/file.spec @@ -14,8 +14,8 @@ Summary: A utility for determining file types Name: file -Version: 5.37 -Release: 9%{?dist} +Version: 5.38 +Release: 1%{?dist} License: BSD Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -26,15 +26,6 @@ Patch0: file-localmagic.patch Patch1: file-4.17-rpm-name.patch Patch2: file-5.04-volume_key.patch -# remove wrong magic for JFFS file system (#1771242) -Patch5: file-5.37-jffs-magic.patch - -# fix double free on read error (#1685217) -Patch14: file-5.37-double-free.patch - -# fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) -Patch15: file-5.37-CVE-2019-18218.patch - URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -209,6 +200,9 @@ cd %{py3dir} %endif %changelog +* Tue Dec 17 2019 Kamil Dudka - 5.38-1 +- update to new version 5.38 + * Mon Nov 18 2019 Kamil Dudka - 5.37-9 - remove wrong magic for JFFS file system (#1771242) diff --git a/sources b/sources index 4d9e5bb..5c74f3d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (file-5.37.tar.gz) = bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d +SHA512 (file-5.38.tar.gz) = 9eeeba69cbc9f0c00a0bdf9eaf60c73a4a709e797068f109d85c1ef2a19c8b0e012ecd73714f03cbb1770dfa717e8a661ad746b644cc030cafbfb1f7aac35a40