version up: file 5.37, with a patch for CVE-2019-18218.

5c74a799 · Kazuhiko Shiozaki · 772c47cc · 772c47cc · 5c74a799
Commit 5c74a799 authored Dec 11, 2019 by Kazuhiko Shiozaki
Showing with 3 additions and 77 deletions

component/file/0001-fix-libmagic-correctly-detect-msooxml-files.patch ...le/0001-fix-libmagic-correctly-detect-msooxml-files.patch +0 -74

component/file/buildout.cfg component/file/buildout.cfg +3 -3

No files found.
--- a/component/file/0001-fix-libmagic-correctly-detect-msooxml-files.patch
+++ b/component/file/0001-fix-libmagic-correctly-detect-msooxml-files.patch
-From a975c66c81e45433a668b7daeb4c903a78cb9d33 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
-Date: Fri, 27 Sep 2019 01:56:24 +0200
-Subject: [PATCH] fix libmagic correctly detect msooxml files
-
-Coming from slapos patch on component:
-
-commit 7a24c4e4ff96a7d00072db891761cea8db7b9122
-Author: Boris Kocherov <bk@raskon.ru>
-Date:   Sun Feb 4 10:52:17 2018 +0300
-
-    component/file: fix libmagic correctly detect msooxml files
-
-that was reformatted as a patch so that component/file supports shared
-slapos.recipe.cmmi. Maybe file now include a proper fix.
---
- magic/Magdir/msooxml | 27 ++++++++++++++++++---------
- 1 file changed, 18 insertions(+), 9 deletions(-)
-
-diff --git a/magic/Magdir/msooxml b/magic/Magdir/msooxml
-index 059e729c..f8431dc8 100644
--- a/magic/Magdir/msooxml
-+++ b/magic/Magdir/msooxml
-@@ -1,4 +1,3 @@
-
- #------------------------------------------------------------------------------
- # $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
- # msooxml:  file(1) magic for Microsoft Office XML
-@@ -13,24 +12,34 @@
- #   which can distinguish between the three types
- 
- # start by checking for ZIP local file header signature
-0		string		PK\003\004
-+0               string          PK\003\004
- !:strength +10
- # make sure the first file is correct
->0x1E		regex		\\[Content_Types\\]\\.xml|_rels/\\.rels
-+>0x1E           regex           \\[Content_Types\\]\\.xml|_rels/\\.rels
- # skip to the second local file header
- # since some documents include a 520-byte extra field following the file
- # header, we need to scan for the next header
->>(18.l+49)	search/2000	PK\003\004
-+>>(18.l+49)     search/2000     PK\003\004
- # now skip to the *third* local file header; again, we need to scan due to a
- # 520-byte extra field following the file header
->>>&26		search/1000	PK\003\004
-+>>>&26          search/1000     PK\003\004
-+# and check the subdirectory name to determine which type of OOXML
-+# file we have.  Correct the mimetype with the registered ones:
-+# http://technet.microsoft.com/en-us/library/cc179224.aspx
-+>>>>&26         string          word/           Microsoft Word 2007+
-+!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
-+>>>>&26         string          ppt/            Microsoft PowerPoint 2007+
-+!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
-+>>>>&26         string          xl/             Microsoft Excel 2007+
-+!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-+
-+>>1104          search/300      PK\003\004
- # and check the subdirectory name to determine which type of OOXML
- # file we have.  Correct the mimetype with the registered ones:
- # http://technet.microsoft.com/en-us/library/cc179224.aspx
->>>>&26		string		word/		Microsoft Word 2007+
-+>>>&26          string          word/           Microsoft Word 2007+
- !:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
->>>>&26		string		ppt/		Microsoft PowerPoint 2007+
-+>>>&26          string          ppt/            Microsoft PowerPoint 2007+
- !:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
->>>>&26		string		xl/		Microsoft Excel 2007+
-+>>>&26          string          xl/             Microsoft Excel 2007+
- !:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
->>>>&26		default		x		Microsoft OOXML
-- 
-2.11.0
-
--- a/component/file/buildout.cfg
+++ b/component/file/buildout.cfg
@@ -10,8 +10,8 @@ extends =
 [file]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://ftp.icm.edu.pl/packages/file/file-5.32.tar.gz
-md5sum = 4f2503752ff041895090ed6435610435
+url = http://ftp.icm.edu.pl/packages/file/file-5.37.tar.gz
+md5sum = 80c29aca745466c6c24d11f059329075
 configure-options =
  --disable-static
 environment =
@@ -21,4 +21,4 @@ environment =
 patch-binary = ${patch:location}/bin/patch
 patch-options = -p1
 patches =
-  ${:_profile_base_location_}/0001-fix-libmagic-correctly-detect-msooxml-files.patch#5e66a340d8ec7212d485e17d9af95f24
+  https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch#fb6f7d32ce89573bf4b4b302c812e394