Changelog for
file-magic-5.32-lp151.7.9.noarch.rpm :
* Thu Feb 21 2019 Dr. Werner Fink
- Add patch 0002-PR-62-spinpx-limit-size-of-file_printable.patch to fix bsc#1126117, bsc#1126118, and bsc#1126119 for CVE-2019-8905, CVE-2019-8906, and CVE-2019-8907
* Tue Jun 12 2018 wernerAATTsuse.de- Add patch file-a642587a9c.patch for bsc#1096974, bsc#1096984, and CVE-2018-10360 -- Avoid reading past the end of buffer
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Mon Jan 22 2018 wernerAATTsuse.de- Add patch file-5.32-ncurses-6.1.patch to support extend magic format for new ncurses 6.1
* Sun Oct 08 2017 jengelhAATTinai.de- Update package summaries. Replace old RPM constructs.- Remove --with-pic which is useless with --disable-static.- Edit pre_checkin.sh to remove dead python3 file.
* Tue Sep 26 2017 jmatejekAATTsuse.com- remove python build instructions from master spec file, move completely into python-magic.spec
* Wed Sep 13 2017 wernerAATTsuse.de- Update to file version 5.32
* Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski)
* Fix always true condition (Thomas Jarosch)
* pickier parsing of numeric values in magic files.
* PR/615 add magic_getflags()- This release fix the bug bsc#1056838 for CVE-2017-1000249- Remove patch file-5.31-fix-tga.dif as now upstream- Rename patch file-5.31.dif which now becomes file-5.32.dif- Modify the patches
* file-5.16-ocloexec.patch
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
* Mon Jun 05 2017 cooloAATTsuse.com- add file-5.31-fix-tga.dif upstream commited after I reported a failure in File::Unpack\'s test suite
* Wed May 24 2017 wernerAATTsuse.de- Update to file version 5.31
* remove trailing spaces from magic files
* refactor is_tar
* better bounds checks for cdf- Remove patches now upstream
* file-5.30-150735.patch
* file-5.30-3c60e5.patch- Rename patch file-5.30.dif which becomes file-5.31.dif- Modify the patches
* file-4.24-autoconf.dif
* file-5.14-tex.dif
* file-5.16-ocloexec.patch
* file-5.19-printf.dif
* file-5.23-endian.patch
* Thu Mar 02 2017 wernerAATTsuse.de- Update to file version 5.30
* If we exceeded the offset in a search return no match (Christoph Biedl)
* Be more lenient on corrupt CDF files (Christoph Biedl)
* pacify ubsan sign extension (oss-fuzz/524)
* off by one in cdf parsing (PR/593)
* report debugging sections in elf (PR/591)
* Allow AATTAATTAATT in extensions
* Add missing overflow check in der magic (Jonas Wagner)- Mofify the patches file-5.16-ocloexec.patch file-5.19-biorad.dif file-5.28-btrfs-image.dif- Rename patch file-5.29.dif to file-5.30.dif- Add upstream patches file-5.30-150735.patch file-5.30-3c60e5.patch
* Wed Nov 30 2016 wernerAATTsuse.de- Modify patch file-5.29.dif that is replace colon with dot in offset (boo#1012779)
* Thu Nov 24 2016 wernerAATTsuse.de- Update to file version 5.29
* der getlength overflow (Jonas Wagner)
* multiple magic file load failure (Christoph Biedl)
* CDF parsing improvements (Guy Helmer)
* Add support for signed indirect offsets
* cat /dev/null | file - should print empty (Christoph Biedl)
* Bump string size from 64 to 96.
* PR/556: Fix separators on annotations.- Remove patch file-5.28-compress.patch now upstream- Rename patch file-5.28.dif which becomes now file-5.29.dif
* Thu Oct 20 2016 jeffmAATTsuse.com- Add patch file-5.28-btrfs-image.dif to add support for files output by btrfs-image.
* Wed Aug 24 2016 dimstarAATTopensuse.org- Fix boo#995089:
* Do not attempt to produce a file-magic-32bit package: there is nothing arch-dependant in this package (for completeness, this was already fixed just before by Marcus)
* Fix baselibs.conf for libmagic1-32bit to require file-magic instead of file-magic-32bit.
* Build file-magic as noarch on openSUSE >= 1200 (where rpm is new enough to support this).
* Wed Aug 24 2016 meissnerAATTsuse.com- file-magic is architecture independend, no need for a baselibs package.
* Thu Aug 18 2016 wernerAATTsuse.de- Add patch file-5.28-compress.patch to fix crash as found in build system
* Tue Aug 16 2016 wernerAATTsuse.de- Update to file version 5.28
* fix leak on allocation failure
* PR/555: Avoid overflow for offset > nbytes
* PR/550: Segv on DER parsing: - use the correct variable for length - set offset to 0 on failure.- Port patches to 5.28 file-4.24-autoconf.dif file-5.15-clear-invalid.patch file-5.16-ocloexec.patch file-5.19-biorad.dif file-5.23-endian.patch file-5.24-nitpick.dif file-secure_getenv.patch- Remove patches now upstream file-5.26-revert-close.patch- Rename patches file-5.26.dif becomes file-5.28.dif
* Wed Jun 01 2016 wernerAATTsuse.de- Update to file version 5.27
* Errors comparing DER entries or computing offsets are just indications of malformed non-DER files. Don\'t print them.
* Offset comparison was off-by-one.
* Fix compression code (Werner Fink)
* Put new bytes constant in the right file (not the generated one)- Remove patches file-5.26-version.patch file-5.26-downgrade_DER.patch file-5.26-console.diff file-5.26-zmagic.patch as now upstream- Disable patch file-5.26-revert-close.patch for test- Modify patches file-5.17-option.dif file-5.26.dif
* Wed Apr 20 2016 wernerAATTsuse.de- Add and revert upstream patch file-5.26-revert-close.patch (commit 0177f6dd30e1f8c5639c058dcdf1d9edd9f8528c) to help rpmbuild not to loose stdin
* Tue Apr 19 2016 wernerAATTsuse.de- Add patch file-5.26-zmagic.patch to fix detection chain if for compresses files are expanded
* Tue Apr 19 2016 wernerAATTsuse.de- Add upstream patch file-5.26-console.diff to fix wrong detection of UNIF edb files
* Tue Apr 19 2016 wernerAATTsuse.de- Add upstream patch file-5.26-downgrade_DER.patch to fix DER error messages as well oas offset handling
* Mon Apr 18 2016 wernerAATTsuse.de- Update to file version 5.26
* make the number of bytes read from files configurable.
* Add bounds checks for DER code (discovered by Thomas Jarosch)
* Change indirect recursion limit to indirect use count and bump from 15 to 50 to prevent abuse.
* Add -00 which prints filename\\0description\\0
* Fix ID3 indirect parsing
* add DER parsing capability
* provide dprintf(3) for the OS\'s that don\'t have it.
* redo the compression code report decompression errors
* REG_STARTEND code is not working as expected, delete it.
* Add zlib support if we have it.
* PR/492: compression forking was broken with magic_buffer.- Removed patches as upstream now file-4.24-mips.dif file-5.25-avoid-double-evaluation-in-python-bindings.dif- Modified patches file-5.12-zip.dif file-5.16-ocloexec.patch file-5.19-printf.dif file-5.19-zip2.0.dif file-5.22-elf.dif file-5.23-endian.patch file-5.24-nitpick.dif file-secure_getenv.patch- Renamed patches file-5.23.dif becomes file-5.26.dif- Added patch from upstream to fix version handling of PHP files file-5.26-version.patch
* Tue Feb 16 2016 rolfAATTrotkraut.de- Make the python command a macro.
* Thu Jan 21 2016 dmuellerAATTsuse.com- add file-5.25-avoid-double-evaluation-in-python-bindings.dif (bsc#949905)
* Sun Oct 04 2015 astiegerAATTsuse.com- file 5.25:
* add a limit to the length of regex searches
* fix problems with --parameter
* Tue Jul 14 2015 wernerAATTsuse.de- Update to file version 5.24
* redo long option encoding to fix off-by-one in 5.23- Adapt and rename patch file-5.12-nitpick.dif becomes file-5.24-nitpick.dif
* Thu Jun 11 2015 wernerAATTsuse.de- Update to file version 5.23
* Fix issue with regex range for magic with offset
* Always return true from mget with USE (success to mget not match indication). Fixes mime evaluation after USE magic
* PR/459: Don\'t insert magic entries to the list if there are parsing errors for them.
* PR/455: Add utf-7 encoding
* PR/455: Implement -Z, look inside, but don\'t report on compression
* PR/454: Fix allocation error on bad magic.
* handle MAGIC_CONTINUE everywhere, not just in softmagic
* don\'t print descriptions for NAME types when mime.
* Add --extension to list the known extensions for this file type Idea by Andrew J Roazen
* Bump file search buffer size to 1M.
* Fix multiple issues with date formats reported by Christoph Biedl: - T_LOCAL meaning was reversed - Arithmetic did not work Also stop adjusting daylight savings for gmt printing.
* PR/411: Fix memory corruption from corrupt cdf file.- Refresh and rename patches file-5.20-endian.patch becomes file-5.23-endian.patch file-5.22.dif becomes file-5.23.dif Refresh patch file-secure_getenv.patch
* Mon Jan 19 2015 wernerAATTsuse.de- Update to file version 5.22 (also related to bsc#913650 and bsc#913651)
* add indirect relative for TIFF/Exif
* restructure elf note printing to avoid repeated messages
* add note limit, suggested by Alexander Cherepanov
* Bail out on partial pread()\'s (Alexander Cherepanov)
* Fix incorrect bounds check in file_printable (Alexander Cherepanov)
* PR/405: ignore SIGPIPE from uncompress programs
* change printable -> file_printable and use it in more places for safety
* in ELF, instead of \"(uses dynamic libraries)\" when PT_INTERP is present print the interpreter name.- Patch file-5.18-elf.dif is modified and renamed to file-5.22-elf.dif- Patch file-5.20.dif s modified and renamed to file-5.22.dif
* Sat Dec 20 2014 meissnerAATTsuse.com- build with PIE
* Wed Dec 17 2014 wernerAATTsuse.de- Drop patch file-5.20-CVE-2014-3710.patch as now part of upstream- Update to file version 5.21
* Fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253)
* there was an incorrect free in magic_load_buffers()
* there was an out of bounds read for some pascal strings
* there was a memory leak in magic lists
* don\'t interpret strings printed from files using the current locale, convert them to ascii format first.
* there was an out of bounds read in elf note reads
* fix MacOS/X locale.h vs. xlocale.h issues
* Thu Oct 23 2014 wernerAATTsuse.de- Add patch file-5.20-CVE-2014-3710.patch to fic bsc#902367 CVE-2014-3710: file: out-of-bounds read in elf note headers
* Mon Oct 13 2014 wernerAATTsuse.de- Update to file version 5.20
* recognize encrypted CDF documents
* add magic_load_buffers from Brooks Davis
* add thumbs.db support- Remove file-5.07-iso9660.dif as now upstream- Remove file-5.19-gdbm.patch as now upstream- Adapt and rename file-5.18-endian.patch to file-5.20-endian.patch- Adapt and rename file-5.19.dif file-5.20.dif