!39 [sync] PR-36: file: fix a memory leak problem

From: @openeuler-sync-bot 
Reviewed-by: @swf504 
Signed-off-by: @swf504

0002-fix-typos-fxlb.patch

@@ -0,0 +1,24 @@
+From ab812bb4f64a6d1410263259a6881c620730e7dd Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sun, 14 Nov 2021 17:42:43 +0000
+Subject: [PATCH] fix typos (fxlb)
+
+---
+ magic/Magdir/images      | 2 ++--
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/magic/Magdir/images b/magic/Magdir/images
+index 6ce08725..71982d05 100644
+--- a/magic/Magdir/images
++++ b/magic/Magdir/images
+@@ -1985,7 +1985,7 @@
+ >>>14		leshort		x		\b%d)
+ # no Color LookUp Table (CLUT)
+ >>4		lelong		^8
+-# image orgin X Y
++# image origin X Y
+ >>>12		leshort		x		Pixel at (%d,
+ >>>14		leshort		x		\b%d) Size=
+ # real image width = multiply by 4 (4BPP) 2 (8BPP) 1 (16BPP) 2/3 (24BPP)
+-- 
+2.37.0.windows.1

0002-improve-detection-of-static-pie-binaries.patch

@@ -1,133 +0,0 @@
-From 363d7fcf703ad3ebf37b45693b2c9e43eb8b4176 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <christos@zoulas.com>
-Date: Sat, 22 Aug 2020 18:04:18 +0000
-Subject: [PATCH] Improve detection of static-pie binaries, and don't call them
- "dynamically linked", but call them "static-pie" linked.
-
----
- src/readelf.c | 37 ++++++++++++++++++++++++++-----------
- 1 file changed, 26 insertions(+), 11 deletions(-)
-
-diff --git a/src/readelf.c b/src/readelf.c
-index cf1dc91..d390d5f 100644
---- a/src/readelf.c
-+++ b/src/readelf.c
-@@ -27,7 +27,7 @@
- #include "file.h"
- 
- #ifndef lint
--FILE_RCSID("@(#)$File: readelf.c,v 1.173 2020/06/07 22:12:54 christos Exp $")
-+FILE_RCSID("@(#)$File: readelf.c,v 1.174 2020/08/22 18:04:18 christos Exp $")
- #endif
- 
- #ifdef BUILTIN_ELF
-@@ -1099,7 +1099,7 @@ do_auxv_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
- 
- private size_t
- dodynamic(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
--    int clazz, int swap)
-+    int clazz, int swap, int *pie, size_t *need)
- {
- 	Elf32_Dyn dh32;
- 	Elf64_Dyn dh64;
-@@ -1117,11 +1117,15 @@ dodynamic(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
- 
- 	switch (xdh_tag) {
- 	case DT_FLAGS_1:
-+		*pie = 1;
- 		if (xdh_val & DF_1_PIE)
- 			ms->mode |= 0111;
- 		else
- 			ms->mode &= ~0111;
- 		break;
-+	case DT_NEEDED:
-+		(*need)++;
-+		break;
- 	default:
- 		break;
- 	}
-@@ -1608,9 +1612,10 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
- }
- 
- /*
-- * Look through the program headers of an executable image, searching
-- * for a PT_INTERP section; if one is found, it's dynamically linked,
-- * otherwise it's statically linked.
-+ * Look through the program headers of an executable image, to determine
-+ * if it is statically or dynamically linked. If it has a dynamic section,
-+ * it is pie, and does not have an interpreter or needed libraries, we
-+ * call it static pie.
-  */
- private int
- dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
-@@ -1619,12 +1624,13 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- {
- 	Elf32_Phdr ph32;
- 	Elf64_Phdr ph64;
--	const char *linking_style = "statically";
-+	const char *linking_style;
- 	unsigned char nbuf[BUFSIZ];
- 	char ibuf[BUFSIZ];
- 	char interp[BUFSIZ];
- 	ssize_t bufsize;
--	size_t offset, align, len;
-+	size_t offset, align, len, need = 0;
-+	int pie = 0, dynamic = 0;
- 
- 	if (num == 0) {
- 		if (file_printf(ms, ", no program header") == -1)
-@@ -1654,7 +1660,6 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- 		switch (xph_type) {
- 		case PT_DYNAMIC:
- 			doread = 1;
--			linking_style = "dynamically";
- 			break;
- 		case PT_NOTE:
- 			if (sh_num)	/* Did this through section headers */
-@@ -1694,6 +1699,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- 		/* Things we can determine when we seek */
- 		switch (xph_type) {
- 		case PT_DYNAMIC:
-+			dynamic = 1;
- 			offset = 0;
- 			// Let DF_1 determine if we are PIE or not.
- 			ms->mode &= ~0111;
-@@ -1701,7 +1707,8 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- 				if (offset >= CAST(size_t, bufsize))
- 					break;
- 				offset = dodynamic(ms, nbuf, offset,
--				    CAST(size_t, bufsize), clazz, swap);
-+				    CAST(size_t, bufsize), clazz, swap,
-+				    &pie, &need);
- 				if (offset == 0)
- 					break;
- 			}
-@@ -1710,6 +1717,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- 			break;
- 
- 		case PT_INTERP:
-+			need++;
- 			if (ms->flags & MAGIC_MIME)
- 				continue;
- 			if (bufsize && nbuf[0]) {
-@@ -1744,8 +1752,15 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
- 	}
- 	if (ms->flags & MAGIC_MIME)
- 		return 0;
--	if (file_printf(ms, ", %s linked", linking_style)
--	    == -1)
-+	if (dynamic) {
-+		if (pie && need == 0)
-+			linking_style = "static-pie";
-+		else
-+			linking_style = "dynamically";
-+	} else {
-+		linking_style = "statically";
-+	}
-+	if (file_printf(ms, ", %s linked", linking_style) == -1)
- 		return -1;
- 	if (interp[0])
- 		if (file_printf(ms, ", interpreter %s",
--- 
-1.8.3.1
-

0003-Avoid-leak-in-zlib-clusterfuzz.patch

@@ -0,0 +1,28 @@
+From 54466c8b4cc07eaabaa2602bdf6b858bfe82e3d1 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Tue, 20 Sep 2022 21:11:00 +0000
+Subject: [PATCH] Avoid leak in zlib (clusterfuzz)
+
+---
+ src/compress.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/compress.c b/src/compress.c
+index 9f65e4f..fb9b55e 100644
+--- a/src/compress.c
++++ b/src/compress.c
+@@ -578,8 +578,10 @@ uncompresszlib(const unsigned char *old, unsigned char **newch,
+ 		goto err;
+ 
+ 	rc = inflate(&z, Z_SYNC_FLUSH);
+-	if (rc != Z_OK && rc != Z_STREAM_END)
++	if (rc != Z_OK && rc != Z_STREAM_END) {
++		inflateEnd(&z);
+ 		goto err;
++	}
+ 
+ 	*n = CAST(size_t, z.total_out);
+ 	rc = inflateEnd(&z);
+-- 
+2.33.0
+

CVE-2022-48554.patch

@@ -0,0 +1,34 @@
+From c4d10f78b3946fc32624d78c038e9731ca2ce454 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Tue, 15 Aug 2023 00:54:28 +0800
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 33c3f85..295fb75 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.122 2021/06/30 10:08:48 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
+-- 
+2.33.0
+

file.spec

@@ -1,16 +1,18 @@
 Name:          file
-Version:       5.39
-Release:       5
+Version:       5.41
+Release:       4
 Summary:       A tool to identify the type of a particular file type
 License:       BSD
 URL:           http://www.darwinsys.com/file/
 Source0:       ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
 Patch1: 0001-file-localmagic.patch
-Patch2: 0002-improve-detection-of-static-pie-binaries.patch 
+Patch2: 0002-fix-typos-fxlb.patch
+Patch3: CVE-2022-48554.patch
+Patch4: 0003-Avoid-leak-in-zlib-clusterfuzz.patch
 
 Requires: %{name}-libs = %{version}-%{release}
-BuildRequires: autoconf automake libtool git zlib-devel
+BuildRequires: autoconf automake libtool zlib-devel make
 
 %description
 The program checks to see if the file is empty,or if
@@ -55,7 +57,7 @@ This package contains the Python 3 bindings to access to the libmagic
 API. The libmagic library is also used by the familiar file(1) command.
 
 %prep
-%autosetup -p1 -S git
+%autosetup -p1
 
 iconv doc/libmagic.man -f iso-8859-1 -t utf-8 -o doc/libmagic.man_
 touch -r doc/libmagic.man doc/libmagic.man_
@@ -83,6 +85,7 @@ cd -
 
 %make_install
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/*.la
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}
 cp -dR ./magic/magic.local ${RPM_BUILD_ROOT}%{_sysconfdir}/magic
 cat magic/Magdir/* > ${RPM_BUILD_ROOT}%{_datadir}/misc/magic
 ln -s misc/magic ${RPM_BUILD_ROOT}%{_datadir}/magic
@@ -95,16 +98,17 @@ cd %{py3dir}
 %ldconfig_scriptlets libs
 
 %check
-make check
+export LD_LIBRARY_PATH=$PWD/src/.libs
+make -C tests check
 
 %files
-%doc ChangeLog README
+%doc ChangeLog
 %license COPYING
 %config(noreplace) %{_sysconfdir}/magic
 %{_bindir}/*
 
 %files libs
-%doc ChangeLog README
+%doc ChangeLog
 %license COPYING
 %{_libdir}/*so.*
 %{_datadir}/magic*
@@ -129,6 +133,21 @@ make check
 %{python3_sitelib}/__pycache__/*
 
 %changelog
+* Tue Apr 9 2024 tangyuchen <tangyuchen5@huawei.com> - 5.41-4
+- fix a memory leak problem
+
+* Wed Aug 23 2023 liningjie <liningjie@xfusion.com> - 5.41-3
+- fix CVE-2022-48554
+
+* Wed Oct 19 2022 lihaoxiang <lihaoxiang9@huawei.com> - 5.41-2
+- fix typos fxlb
+
+* Fri Nov 26 2021 yanglongkang <yanglongkang@huawei.com> - 5.41-1
+- update to 5.41
+
+* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 5.39-6
+- DESC: delete -S git from %autosetup, and delete BuildRequires git
+
 * Fri Oct 30 2020 yanglongkang <yanglongkang@huawei.com> - 5.39-5
 - remove python2 dependency