import file-5.33-20.el8

SOURCES/file-5.33-bound-file_strncmp.patch

@@ -0,0 +1,68 @@
+diff -urp file-5.33.orig/src/softmagic.c file-5.33/src/softmagic.c
+--- file-5.33.orig/src/softmagic.c	2020-12-14 12:26:50.286849841 -0500
++++ file-5.33/src/softmagic.c	2020-12-14 12:35:52.679166211 -0500
+@@ -1748,7 +1748,8 @@ mget(struct magic_set *ms, struct magic
+ }
+ 
+ private uint64_t
+-file_strncmp(const char *s1, const char *s2, size_t len, uint32_t flags)
++file_strncmp(const char *s1, const char *s2, size_t len, size_t maxlen,
++    uint32_t flags)
+ {
+ 	/*
+ 	 * Convert the source args to unsigned here so that (1) the
+@@ -1760,7 +1761,7 @@ file_strncmp(const char *s1, const char
+ 	const unsigned char *b = (const unsigned char *)s2;
+ 	uint32_t ws = flags & (STRING_COMPACT_WHITESPACE |
+ 		STRING_COMPACT_OPTIONAL_WHITESPACE);
+-	const unsigned char *eb = b + (ws ? strlen(s2) : len);
++	const unsigned char *eb = b + (ws ? maxlen : len);
+ 	uint64_t v;
+ 
+ 	/*
+@@ -1818,7 +1819,8 @@ file_strncmp(const char *s1, const char
+ }
+ 
+ private uint64_t
+-file_strncmp16(const char *a, const char *b, size_t len, uint32_t flags)
++file_strncmp16(const char *a, const char *b, size_t len, size_t maxlen,
++    uint32_t flags)
+ {
+ 	/*
+ 	 * XXX - The 16-bit string compare probably needs to be done
+@@ -1826,7 +1828,7 @@ file_strncmp16(const char *a, const char
+ 	 * At the moment, I am unsure.
+ 	 */
+ 	flags = 0;
+-	return file_strncmp(a, b, len, flags);
++	return file_strncmp(a, b, len, maxlen, flags);
+ }
+ 
+ private int
+@@ -1954,13 +1956,15 @@ magiccheck(struct magic_set *ms, struct
+ 	case FILE_STRING:
+ 	case FILE_PSTRING:
+ 		l = 0;
+-		v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, m->str_flags);
++		v = file_strncmp(m->value.s, p->s, (size_t)m->vallen,
++		       sizeof(p->s), m->str_flags);
+ 		break;
+ 
+ 	case FILE_BESTRING16:
+ 	case FILE_LESTRING16:
+ 		l = 0;
+-		v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, m->str_flags);
++		v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen,
++		       sizeof(p->s), m->str_flags);
+ 		break;
+ 
+ 	case FILE_SEARCH: { /* search ms->search.s for the string m->value.s */
+@@ -1979,7 +1983,7 @@ magiccheck(struct magic_set *ms, struct
+ 				return 0;
+ 
+ 			v = file_strncmp(m->value.s, ms->search.s + idx, slen,
+-			    m->str_flags);
++			    ms->search.s_len - idx, m->str_flags);
+ 			if (v == 0) {	/* found match */
+ 				ms->search.offset += idx;
+ 				ms->search.rm_len = ms->search.s_len - idx;

SOURCES/file-5.33-more-python.patch

@@ -0,0 +1,22 @@
+diff -urp file-5.33.orig/magic/Magdir/python file-5.33/magic/Magdir/python
+--- file-5.33.orig/magic/Magdir/python	2020-12-17 13:19:08.610803723 -0500
++++ file-5.33/magic/Magdir/python	2020-12-17 13:26:07.346954161 -0500
+@@ -43,6 +43,18 @@
+ !:strength + 15
+ !:mime text/x-python
+ 
++0       search/1/wt     #!\ /usr/libexec/platform-python        Python script text executable
++!:strength + 15
++!:mime text/x-python
++
++0       search/1/wt     #!\ /usr/bin/python2    Python script text executable
++!:strength + 15
++!:mime text/x-python
++
++0       search/1/wt     #!\ /usr/bin/python3    Python script text executable
++!:strength + 15
++!:mime text/x-python
++
+ 
+ # from module.submodule import func1, func2
+ 0	regex		\^from[\040\t\f\r\n]+([A-Za-z0-9_]|\\.)+[\040\t\f\r\n]+import.*$	Python script text executable

SOURCES/file-5.33-other-languages.patch

@@ -0,0 +1,35 @@
+diff -urp file-5.33.orig/magic/Magdir/commands file-5.33/magic/Magdir/commands
+--- file-5.33.orig/magic/Magdir/commands	2017-08-14 03:40:38.000000000 -0400
++++ file-5.33/magic/Magdir/commands	2020-12-17 13:30:07.063162185 -0500
+@@ -8,6 +8,8 @@
+ !:mime	text/x-shellscript
+ 0	string/wb	#!\ /bin/sh		POSIX shell script executable (binary data)
+ !:mime	text/x-shellscript
++0       string/w        #!\ /usr/bin/sh         Shell script text executable
++!:mime  text/x-shellscript
+ 
+ 0	string/wt	#!\ /bin/csh		C shell script text executable
+ !:mime	text/x-shellscript
+diff -urp file-5.33.orig/magic/Magdir/javascript file-5.33/magic/Magdir/javascript
+--- file-5.33.orig/magic/Magdir/javascript	2012-06-16 09:30:36.000000000 -0400
++++ file-5.33/magic/Magdir/javascript	2020-12-17 13:36:56.276843745 -0500
+@@ -15,3 +15,5 @@
+ !:mime application/javascript
+ 0	search/1	#!/usr/bin/env\ nodejs	Node.js script text executable
+ !:mime application/javascript
++0       string/wt       #!\ /usr/bin/gjs        Gnome Javascript text executable
++!:mime  text/javascript
+diff -urp file-5.33.orig/magic/Magdir/tcl file-5.33/magic/Magdir/tcl
+--- file-5.33.orig/magic/Magdir/tcl	2014-01-08 17:29:21.000000000 -0500
++++ file-5.33/magic/Magdir/tcl	2020-12-17 13:36:20.855391803 -0500
+@@ -12,6 +12,10 @@
+ !:mime	text/x-tcl
+ 0	search/1	#!\ /usr/bin/env\ tcl	Tcl script text executable
+ !:mime	text/x-tcl
++0       string/wt       #!\ /usr/bin/jimsh      Jim TCL text executable
++!:mime  text/x-tcl
++0       search/1/wt      #!\ /usr/bin/tclsh     Tcl/Tk script text executable
++!:mime  text/x-tcl
+ 0	search/1/w	#!\ /usr/bin/wish	Tcl/Tk script text executable
+ !:mime	text/x-tcl
+ 0	search/1/w	#!\ /usr/local/bin/wish	Tcl/Tk script text executable

SOURCES/file-5.33-python-space.patch

@@ -0,0 +1,23 @@
+diff -urp file-5.33.orig/magic/Magdir/python file-5.33/magic/Magdir/python
+--- file-5.33.orig/magic/Magdir/python	2017-08-14 03:40:38.000000000 -0400
++++ file-5.33/magic/Magdir/python	2020-12-14 12:24:42.084905613 -0500
+@@ -30,16 +30,16 @@
+ 0	belong		0x3e0d0d0a	python 3.7 byte-compiled
+ 
+ 
+-0	search/1/w	#!\ /usr/bin/python	Python script text executable
++0	search/1/w	#!\040/usr/bin/python	Python script text executable
+ !:strength + 15
+ !:mime text/x-python
+-0	search/1/w	#!\ /usr/local/bin/python	Python script text executable
++0	search/1/w	#!\040/usr/local/bin/python	Python script text executable
+ !:strength + 15
+ !:mime text/x-python
+ 0	search/1	#!/usr/bin/env\ python	Python script text executable
+ !:strength + 15
+ !:mime text/x-python
+-0	search/10	#!\ /usr/bin/env\ python	Python script text executable
++0	search/10	#!\040/usr/bin/env\ python	Python script text executable
+ !:strength + 15
+ !:mime text/x-python
+ 

SOURCES/file-5.33-whitespace-compare.patch

@@ -0,0 +1,14 @@
+diff -urp file-5.33.orig/src/softmagic.c file-5.33/src/softmagic.c
+--- file-5.33.orig/src/softmagic.c	2018-04-15 14:49:15.000000000 -0400
++++ file-5.33/src/softmagic.c	2020-12-14 12:21:13.298285158 -0500
+@@ -1758,7 +1758,9 @@ file_strncmp(const char *s1, const char
+ 	 */
+ 	const unsigned char *a = (const unsigned char *)s1;
+ 	const unsigned char *b = (const unsigned char *)s2;
+-	const unsigned char *eb = b + len;
++	uint32_t ws = flags & (STRING_COMPACT_WHITESPACE |
++		STRING_COMPACT_OPTIONAL_WHITESPACE);
++	const unsigned char *eb = b + (ws ? strlen(s2) : len);
+ 	uint64_t v;
+ 
+ 	/*

SOURCES/file-5.37-CVE-2019-18218.patch

@@ -0,0 +1,52 @@
+From f73ad90e797824569008a054bea6c8215883a3a0 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+Upstream-commit: 46a8443f76cec4b41ec736eca396984c74664f84
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/cdf.c | 7 +++----
+ src/cdf.h | 1 +
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 556a3ff..8bb0a6d 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554..0505666 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1
+-- 
+2.20.1
+

SPECS/file.spec

@@ -15,7 +15,7 @@
 Summary: A utility for determining file types
 Name: file
 Version: 5.33
-Release: 16%{?dist}
+Release: 20%{?dist}
 License: BSD
 Group: Applications/File
 Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -67,6 +67,24 @@ Patch15: file-magic-filesystems.patch
 # search deeper in the zip file (#1845169)
 Patch16: file-5.33-msooxml-magic.patch
 
+# when ignoring whitespace compare up to the length of the string
+Patch17: file-5.33-whitespace-compare.patch
+
+# Use \040 to make space clearer
+Patch18: file-5.33-python-space.patch
+
+# Pass an upper bound to file_strncmp (string is not always NULL)
+Patch19: file-5.33-bound-file_strncmp.patch
+
+# improve magic for python scripts
+Patch20: file-5.33-more-python.patch
+
+# improve magic for Shell, Gnome Javascript and TCL scripts
+Patch21: file-5.33-other-languages.patch
+
+# fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)
+Patch22: file-5.37-CVE-2019-18218.patch
+
 URL: http://www.darwinsys.com/file/
 Requires: file-libs = %{version}-%{release}
 BuildRequires: zlib-devel
@@ -237,6 +255,15 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Tue May 04 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 5.33-20
+- rebuild (#1954434)
+
+* Wed Apr 14 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 5.33-18
+- fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)
+
+* Thu Jan 21 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 5.33-17
+- improve magic for script recognition and other changes (#1903531)
+
 * Mon Jun 22 2020 Vincent Mihalkovic <vmihalko@redhat.com> - 5.33-16
 - magic/Magdir/msooxml: Search deeper in the zip file (#1845169)