Changelog for file-magic-5.22-16.1.x86_64.rpm :
Thu Feb 21 13:00:00 2019 Dr. Werner Fink
- Add patch 0002-PR-62-spinpx-limit-size-of-file_printable.patch to
fix bsc#1126117, bsc#1126118, and bsc#1126119 for CVE-2019-8905,
CVE-2019-8906, and CVE-2019-8907

Tue Jun 12 14:00:00 2018
- Add patch file-a642587a9c.patch for bsc#1096974, bsc#1096984, and
CVE-2018-10360 -- Avoid reading past the end of buffer

Mon Dec 4 13:00:00 2017
- Add patches file-78c2b81ccb.patch and file-9f0601f3c0.patch which
are backports of the commits -78c2b81ccb and 9f0601f3c0 to fix
e.g. recursion bug in jpeg detection (bsc#1070958, boo#1070878)

Fri Oct 20 14:00:00 2017
- Add patch file-9fbe768a87.patch and patch file-91a5efbb98.patch
which are backport of the upstream commits 9fbe768a87 and
91a5efbb98 (bsc#1063269)

Fri Mar 17 13:00:00 2017
- Add patch file-5.22-strings.patch which is a backport for an
increased printable string length as found in file 5.30 (bsc#996511)

Fri Feb 13 13:00:00 2015
- Upgrade to file version 5.22 to fix boo#913650 (CVE-2014-9621),
boo#913651 (CVE-2014-9620), boo#917152 (CVE-2014-9653), and
bsc#1009966 as well

Mon Jan 19 13:00:00 2015
- Update to file version 5.22 (also related to bsc#913650 and bsc#913651)

* add indirect relative for TIFF/Exif

* restructure elf note printing to avoid repeated messages

* add note limit, suggested by Alexander Cherepanov

* Bail out on partial pread()\'s (Alexander Cherepanov)

* Fix incorrect bounds check in file_printable (Alexander Cherepanov)

* PR/405: ignore SIGPIPE from uncompress programs

* change printable -> file_printable and use it in
more places for safety

* in ELF, instead of \"(uses dynamic libraries)\" when PT_INTERP
is present print the interpreter name.
- Patch file-5.18-elf.dif is modified and renamed to file-5.22-elf.dif
- Patch file-5.20.dif s modified and renamed to file-5.22.dif

Sat Dec 20 13:00:00 2014
- build with PIE

Wed Dec 17 13:00:00 2014
- Drop patch file-5.20-CVE-2014-3710.patch as now part of upstream
- Update to file version 5.21

* Fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253)

* there was an incorrect free in magic_load_buffers()

* there was an out of bounds read for some pascal strings

* there was a memory leak in magic lists

* don\'t interpret strings printed from files using the current
locale, convert them to ascii format first.

* there was an out of bounds read in elf note reads

* fix MacOS/X locale.h vs. xlocale.h issues

Wed Dec 17 13:00:00 2014
- Port and add upstream patches
to fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253)

Thu Oct 23 14:00:00 2014
- Add patch file-5.20-CVE-2014-3710.patch to fic bsc#902367
CVE-2014-3710: file: out-of-bounds read in elf note headers

Mon Oct 13 14:00:00 2014
- Update to file version 5.20

* recognize encrypted CDF documents

* add magic_load_buffers from Brooks Davis

* add thumbs.db support
- Remove file-5.07-iso9660.dif as now upstream
- Remove file-5.19-gdbm.patch as now upstream
- Adapt and rename file-5.18-endian.patch to file-5.20-endian.patch
- Adapt and rename file-5.19.dif file-5.20.dif

Tue Aug 19 14:00:00 2014
- correctly identify GDBM files created by libgdbm4 [bnc#888308]

* add file-5.19-gdbm.patch

Mon Aug 18 14:00:00 2014
- Add file-rpmlintrc to file list

Mon Aug 18 14:00:00 2014
- Add obsoletes/provides to baselibs.conf.

Tue Jun 24 14:00:00 2014
- Update to file version 5.19

* Misc buffer overruns and missing buffer size tests in cdf parsing
(Francisco Alonso, Jan Kaluza)

* Enforce limit of 8K on regex searches that have no limits

* Allow the l modifier for regex to mean line count. Default
to byte count. If line count is specified, assume a max
of 80 characters per line to limit the byte count.

* Don\'t allow conversions to be used for dates, allowing
the mask field to be used as an offset.

* Make the range operator limit the length of the
regex search.

* PR/347: Windows fixes

* PR/352: Hangul word processor recognition

* PR/354: Encoding irregularities in text files

* Fix uninitialized title in CDF files (Jan Kaluza)

* PR/351: Fix compilation of empty files

* Fix integer formats: We don\'t specify \'l\' or
\'h\' and \'hh\' specifiers anymore, only \'ll\' for
quads and nothing for the rest. This is so that
magic writing is simpler.

* PR/341: Jan Kaluza, fix memory leak

* PR/342: Jan Kaluza, fix out of bounds read

* Fix issue with long formats not matching fmtcheck
- Rename and change patch file-5.14-misc.dif to file-5.19-misc.dif
- Rename and change patch file-5.14-printf.dif to file-5.19-printf.dif
- Rename and change patch file-5.07-biorad.dif to file-5.19-biorad.dif
- Rename and change patch file-5.19.dif to file-5.17.dif
- Rename and change patch file-4.24-cromfs.dif to file-5.19-cromfs.dif
- Rename and change patch file-4.24-solv.dif to file-5.19-solv.dif
- Rename and change patch file-5.12-zip2.0.dif to file-5.19-zip2.0.dif
- Rename and change patch file-5.07-clicfs.dif to file-5.19-clicfs.dif

Thu May 8 14:00:00 2014
- file-secure_getenv.patch use secure_getenv only as we
can\'t know in which context the shared library is used.

Fri Mar 28 13:00:00 2014
- Update to file version 5.18

* add fmtcheck(3) for those who don\'t have it

* prevent mime entries from being attached to magic
entries with no descriptions

* adjust magic strength for regex type

* remove superfluous ascmagic with encoding test

* fix regression fix echo -ne \"\\012\\013\\014\" | file -i -
which printed \"binary\" instead of \"application/octet-stream\"

* add size_t overflow check for magic file size

* experimental support for matching with CFD CLSID

* Cache old LC_CTYPE locale before setting it to \"C\", so
we can use it to restore LC_CTYPE instead of asking
setlocale() to scan the environment variables.
- Refresh patches
file-5.07-elf.dif becomes file-5.18-elf.dif
file-5.12-javacheck.dif becomes file-5.18-javacheck.dif
file-5.12-endian.patch becomes file-5.18-endian.patch
- Drop patch
now part of upstream

Mon Mar 17 13:00:00 2014
- Add patch
to finally fix bnc#866750

Tue Feb 18 13:00:00 2014
- Update to file version 5.17 (bug fix release)

* Count recursion levels through indirect magic

* Prevent infinite recursion on files with indirect offsets of 0

* Add -E flag that makes file print filesystem errors to stderr
and exit.

* mime printing could print results from multiple magic entries
if there were multiple matches.

* in some cases overflow was not detected when computing offsets
in softmagic.

* use strcasestr() to for cdf strings

* reset to the \"C\" locale while doing regex operations, or case
insensitive comparisons; this is provisional

Mon Dec 2 13:00:00 2013
- Update to file version 5.16 (bug fix release)

* always leave magic file loaded, don\'t unload for magic_check, etc.

* fix default encoding to binary instead of unknown which broke recently

* handle empty and one byte files, less specially so that
- -mime-encoding does not break completely.

* fix erroneous non-zero exit code from non-existant file and message

* add CDF MSI file detection (Guy Helmer)

Mon Nov 4 13:00:00 2013
- Set RPM groups

Tue Oct 1 14:00:00 2013
- Add changes of Andreas Stieger

Mon Sep 30 14:00:00 2013
- Update to file version 5.15 (bug fix release, no new featuress)

* Don\'t mix errors and regular output if there was an error

* in magic_descriptor() don\'t close the file and try to restore
its position

* Don\'t treat magic as an error if offset was past EOF (Christoph Biedl)

* Fix spacing issues in softmagic and elf (Jan Kaluza)

* Fix segmentation fault with multiple magic_load commands.

* The way \"default\" was implemented was not very useful because
the \"if something was printed at that level\" was not easily
controlled by the user, and the format was bound to a string
which is too restrictive. Add a \"clear\" for that level keyword
and make \"default\" void.

* disallow strength setting in \"name\" entries
- Adjust for upstream changes:

* file-5.14-tex.dif

* file-5.07-elf.dif

* file-5.12-ocloexec.patch

* file-5.12-nitpick.dif

* file-5.13.dif
- Drop patches, applied upstream:

* file-5.13-whitespace.patch

* elf-invalid-byte-order.patch

Sun Sep 29 14:00:00 2013
- add file-5.15-clear-invalid.patch to fix an invalid format

Sun May 26 14:00:00 2013
- elf-invalid-byte-order.patch: remove bogus \"invalid byte order\" from elf

Sun May 26 14:00:00 2013
- file-5.13-whitespace.patch: remove extra whitespace in ELF magic, breaks

Fri Mar 29 13:00:00 2013
- Refresh patches and remove the visibility patch that I
upstreamed few releases ago in a different form.

Fri Mar 22 13:00:00 2013
- Update to file version 5.14 (also mainly bug fixes)

* fix recursive magic separator printing

* limit recursion level for mget

* fix pread() related breakage in cdf

* handle offsets properly in recursive \"use\"
- Remove patch file-5.13-return.patch

Tue Feb 26 13:00:00 2013
- Add patch file-5.13-return.patch: avoid doubled return

Fri Feb 22 13:00:00 2013
- Update to file version 5.13 (mainly bug fixes)

* add elf reading of debug info to determine if file is stripped

* use pread()

* change mime description size from 64 to 80 to accommodate OOXML.

* Warn about inconsistent continuation levels.

* Change fsmagic to add a space after it prints.

* Make getline public so that file can link against it.
Perhaps it is better to rename it, or hide it differently.
Fixes builds on platforms that do not provide it.

* Add SuS d{,1,2,4,8}, u{,1,2,4,8} and document
what long, int, short, etc is (Guy Harris)

* add magic_version function and constant

* Redo memory allocation and de-allocation.
(prevents double frees on non mmap platforms)

* Fix bug with name/use having to do with passing
found state from the parent to the child and back.

Tue Feb 19 13:00:00 2013
- Use %libname macro and make that file-magic obsoletes libmagic-data
compare with bnc# 804323 to avoid trouble with interim package name

Wed Jan 23 13:00:00 2013
- Make if build on ppc64, that is re-add the configure check for
sizeof long long otherwise readelf fail on ppc64

Tue Jan 22 13:00:00 2013
- Update to file version 5.12

* Warn about inconsistent continuation levels.

* Change fsmagic to add a space after it prints.

* Make getline public so that file can link against it.
Perhaps it is better to rename it, or hide it differently.
Fixes builds on platforms that do not provide it.

* Add SuS d{,1,2,4,8}, u{,1,2,4,8} and document
what long, int, short, etc is (Guy Harris)

* add magic_version function and constant

* Redo memory allocation and de-allocation.
(prevents double frees on non mmap platforms)

* Fix bug with name/use having to do with passing
found state from the parent to the child and back.

* Only print elf capabilities for archs we know (Jan Kaluza)

* Add \"name\" and \"use\" file types in order to look
inside mach-o files.

* add string/T (Jan Kaluza)

* search for $HOME/.magic.mgc if it is there first

* fix reads from a pipe, and preserve errno

* use ctime_r, asctime_r

* Fixes for indirect offsets to handle apple disk formats
- Also includes our extfs-minix patch

Mon Nov 26 13:00:00 2012
- Add file-5.11-extfs-minix.dif: Change detection order of ext2/3/4
fs and minix to avoid the for the free inode numbers 4991,5007,
9320,9336 and multiple of 65536 the ext2/3/4 fs will be detected
as minix fs (bnc#788435)

Sat Oct 27 14:00:00 2012
- implement shared library policy for libmagic1

Tue Sep 18 14:00:00 2012
- Add small patch to make clear if file follows symbloc links or not
as tihs depend on the environment variable POSIXLY_CORRECT
- Remove the README file as this is for packagers and not for users

Sun Aug 19 14:00:00 2012
- add documentation (bnc#776532)

Tue Aug 14 14:00:00 2012
- Use the OS\'s byteswapping routines.

Tue Jun 26 14:00:00 2012
- license update: BSD-2-Clause
SPDX format

Wed Mar 21 13:00:00 2012
- Update to file version 5.11 (bnc#753303, CVE-2012-1571)

* Fix CDF parsing issues found by CERT\'s fuzzing tool (Will Dormann)

Mon Jan 16 13:00:00 2012
- Update to file version 5.10

* Add magic for /usr/bin/env Perl scripts

* Weaken generic script magic to avoid clashing with
language-specific magic.

* Remove hardwired token finding (names.h), turning it into soft
magic. Patterns are either anchored regexs or search/8192. English
language detection and PL/1 detection have been removed as they
were too fragile. -e tokens is still accepted for backwards

* Move 3ds patterns (which are commented out anyway) into autodesk
(they were, oddly, in c-lang).

* Tweak strength of generic hash-bang detectors to be less than
specific ones.

* Make an inconsistent description of Python scripts consistent.

* Python3 binding fixes from Kelly Anderson

* If a string type magic entry is marked as text or binary
only match text files against text entries and binary
files against binary entries.

* If the application name is not set in a cdf file, try to see
if it has a directory with the application name on it.

* Fix ELF lseek(2) madness. Inspired by PR/134 by Jan Kaluza

* Don\'t use variable string formats.

Sat Nov 5 13:00:00 2011
- libmagic: use O_CLOEXEC where needed, as there is no warranty
that calling applications will not fork() and we end up leaking
file descriptors to their child processes.

Sat Oct 1 14:00:00 2011
- add libtool as buildrequire to make the spec file more reliable

Sun Sep 18 14:00:00 2011
- Apply packaging guidelines (remove redundant/obsolete
tags/sections from specfile, etc.)

Tue Aug 23 14:00:00 2011
- Update to file version 5.08

* Fix detection of Zip files (Mantis #128).

* Make some minor improvements to file(1).

* Rename MIME types for filesystem objects for consistency with
xdg-utils. Typically this means that application/x-foo becomes
inode/foo, but some names also change slightly, e.g.
application/x-character-device becomes inode/chardevice.

Mon Jul 18 14:00:00 2011
- Fixed regression on zip archive detection (bnc#706310)

Tue Jun 14 14:00:00 2011
- Update to file version 5.07

* Several regressions in magic were fixed. A buffer overflow was
corrected. The program version is now recorded in only one place.
Several documentation improvements were made.

* The Python bindings were updated and fixed. Magic support for
OCF (EPUB) files and for lrzip files was added. Zip file magic
was adapted for files with unsupported special types. Many
more magic updates and fixes were made.

* Several minor bugs were fixed.
- Add magic for clicfs evne if upstream does not support it (bnc#681329)

Wed Nov 24 13:00:00 2010
- Add patch for Bio-Rad image format to avoid conflicts with other
magic records like RPM and even some ACII files (bnc#654696)

Fri Nov 5 13:00:00 2010
- libmagic: export only public interface symbols listed
in magic.h, this also avoids exporting interesting stuff
like strlcat, strlcpy...

Mon Jun 28 14:00:00 2010
- use %_smp_mflags

Mon Apr 19 14:00:00 2010
- Add llvm bicode magic (bnc#597752)

Fri Feb 5 13:00:00 2010
- Update to file version 5.04

* print proper mime for crystal reports file

* print the last summary information of a cdf document, not the
first so that nested documents print the right info

* ctime/asctime can return NULL on some OS\'s although
they should not (Toshit Antani)

* Centralize magic path handling routines and remove the
special-casing from file.c so that the python module for
example comes up with the same magic path (Fixes ~/.magic
handling) (from Gab)

* When magic argument is a directory, read the files in
strcmp-sorted order (fixes Debian bug #488562 and our own FIXME).

* Combine overlapping epoc and psion magic files into one (epoc).

* Add some more EPOC MIME types.

* Fix 3 bugs (From Ian Darwin):
- file_showstr could move one past the end of the array
- parse_apple did not nul terminate the string in the overflow case
- parse_mime truncated the wrong string in the overflow case

* Add the necessary field handling for crystal reports files to work

* Stop \"(if\" identifying Lisp files, that\'s plain dumb!

* Add a couple of missing MP3 MIME types.

* Add full range of hash-bang tests for Python and Ruby.

* Add MIME types for Python and Ruby scripts.

* off by one in parsing hw capabilities in elf (Cheng Renquan)

Sat Dec 12 13:00:00 2009
- add baselibs.conf as a source

Tue Nov 3 13:00:00 2009
- updated patches to apply with fuzz=0

Tue Oct 27 13:00:00 2009
- Make ISO9660 magic entry working with file 5.xx (bnc#547683)

Wed Sep 30 14:00:00 2009
- file-devel only requires glibc-devel

Tue Jun 9 14:00:00 2009
- Do _not_ touch change log of python-magic
- Update to file version 5.03

* Avoid null dereference in cdf code (Drew Yao)

* More cdf bounds checks and overflow checks

Tue Jun 2 14:00:00 2009
- sync Version using

Thu May 7 14:00:00 2009
- Add support for special zip archives (bnc#500511)

Wed May 6 14:00:00 2009
- Update to file version 5.02

* Read ~/.magic in addition to the default magic file not instead
of, as documented in the man page.

* filesystem and msdos patches (Joerg Jenderek)

* Added CDF parsing

* Add text/x-lua MIME type for Lua scripts.

* >= <= is not supported, so fix the magic and warn about it.
reported by: Thien-Thi Nguyen

* use memchr instead of strchr because the string
might not be NUL terminated (Scott MacVicar)

* Fix --mime, --mime-type and --mime-encoding under new scheme.

* add loop limits to avoid DoS attacks by constructing
looping sector references.

* Allow escaping of relation characters, so that we can say \\^[A-Z]
and the ^ is not eaten as a relation char.