diff --git a/0003-Avoid-leak-in-zlib-clusterfuzz.patch b/0003-Avoid-leak-in-zlib-clusterfuzz.patch new file mode 100644 index 0000000000000000000000000000000000000000..d9db24d194582431c44efa909ee94c6ede6923bd --- /dev/null +++ b/0003-Avoid-leak-in-zlib-clusterfuzz.patch @@ -0,0 +1,28 @@ +From 934225e46aefd31178f91566fa2878650ad0e544 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Tue, 20 Sep 2022 21:11:00 +0000 +Subject: [PATCH] Avoid leak in zlib (clusterfuzz) + +--- + src/compress.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/compress.c b/src/compress.c +index 67f2158..a96e099 100644 +--- a/src/compress.c ++++ b/src/compress.c +@@ -578,8 +578,10 @@ uncompresszlib(const unsigned char *old, unsigned char **newch, + goto err; + + rc = inflate(&z, Z_SYNC_FLUSH); +- if (rc != Z_OK && rc != Z_STREAM_END) ++ if (rc != Z_OK && rc != Z_STREAM_END) { ++ inflateEnd(&z); + goto err; ++ } + + *n = CAST(size_t, z.total_out); + rc = inflateEnd(&z); +-- +2.33.0 + diff --git a/file.spec b/file.spec index cbde5d50aee77e5d6eea53bfd02674b6816ac5d5..003811b66213a66fee4fa73ae823929a1d7d9d72 100644 --- a/file.spec +++ b/file.spec @@ -1,6 +1,6 @@ Name: file Version: 5.39 -Release: 7 +Release: 8 Summary: A tool to identify the type of a particular file type License: BSD URL: http://www.darwinsys.com/file/ @@ -9,6 +9,7 @@ Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz Patch1: 0001-file-localmagic.patch Patch2: 0002-improve-detection-of-static-pie-binaries.patch Patch3: CVE-2022-48554.patch +Patch4: 0003-Avoid-leak-in-zlib-clusterfuzz.patch Requires: %{name}-libs = %{version}-%{release} BuildRequires: autoconf automake libtool zlib-devel @@ -154,6 +155,9 @@ make check %{python3_sitelib}/__pycache__/* %changelog +* Tue Apr 9 2024 tangyuchen - 5.39-8 +- fix a memory leak problem + * Wed Aug 23 2023 liningjie - 5.39-7 - fix CVE-2022-48554