diff --git a/0003-Avoid-leak-in-zlib-clusterfuzz.patch b/0003-Avoid-leak-in-zlib-clusterfuzz.patch new file mode 100644 index 0000000000000000000000000000000000000000..c78cfa9b31f018fe214af910e420bc2aeea0b4f3 --- /dev/null +++ b/0003-Avoid-leak-in-zlib-clusterfuzz.patch @@ -0,0 +1,28 @@ +From 54466c8b4cc07eaabaa2602bdf6b858bfe82e3d1 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Tue, 20 Sep 2022 21:11:00 +0000 +Subject: [PATCH] Avoid leak in zlib (clusterfuzz) + +--- + src/compress.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/compress.c b/src/compress.c +index 9f65e4f..fb9b55e 100644 +--- a/src/compress.c ++++ b/src/compress.c +@@ -578,8 +578,10 @@ uncompresszlib(const unsigned char *old, unsigned char **newch, + goto err; + + rc = inflate(&z, Z_SYNC_FLUSH); +- if (rc != Z_OK && rc != Z_STREAM_END) ++ if (rc != Z_OK && rc != Z_STREAM_END) { ++ inflateEnd(&z); + goto err; ++ } + + *n = CAST(size_t, z.total_out); + rc = inflateEnd(&z); +-- +2.33.0 + diff --git a/file.spec b/file.spec index 23e69e500e11ad2556e5f9801a2d547aa56d86c2..81f8d502371dc64320a0ccc8b39278480b9f0785 100644 --- a/file.spec +++ b/file.spec @@ -1,6 +1,6 @@ Name: file Version: 5.41 -Release: 3 +Release: 4 Summary: A tool to identify the type of a particular file type License: BSD URL: http://www.darwinsys.com/file/ @@ -9,6 +9,7 @@ Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz Patch1: 0001-file-localmagic.patch Patch2: 0002-fix-typos-fxlb.patch Patch3: CVE-2022-48554.patch +Patch4: 0003-Avoid-leak-in-zlib-clusterfuzz.patch Requires: %{name}-libs = %{version}-%{release} BuildRequires: autoconf automake libtool zlib-devel make @@ -132,6 +133,9 @@ make -C tests check %{python3_sitelib}/__pycache__/* %changelog +* Tue Apr 9 2024 tangyuchen - 5.41-4 +- fix a memory leak problem + * Wed Aug 23 2023 liningjie - 5.41-3 - fix CVE-2022-48554