From 6328e658134a586b843faabfb4a8aabfc15eea46 Mon Sep 17 00:00:00 2001
From: "Richard M. Shaw" <hobbes1069@gmail.com>
Date: Tue, 16 Jul 2013 13:24:00 -0500
Subject: [PATCH] Update to latest upstream release. Fixes security bugs
 BZ#865591 & 865592.

---
 .gitignore                          |  1 +
 fdupes-1.50-compare-file.patch      | 58 -------------------
 fdupes-1.50-destdir.patch           | 29 ----------
 fdupes-1.50-lfs.patch               | 33 -----------
 fdupes-1.51-check-permissions.patch | 90 +++++++++++++++++++++++++++++
 fdupes-1.51-destdir.patch           | 29 ++++++++++
 fdupes.spec                         | 38 ++++++------
 macros.fdupes                       |  2 +-
 sources                             |  2 +-
 9 files changed, 142 insertions(+), 140 deletions(-)
 delete mode 100644 fdupes-1.50-compare-file.patch
 delete mode 100644 fdupes-1.50-destdir.patch
 delete mode 100644 fdupes-1.50-lfs.patch
 create mode 100644 fdupes-1.51-check-permissions.patch
 create mode 100644 fdupes-1.51-destdir.patch

diff --git a/.gitignore b/.gitignore
index f326f44..2df5027 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 fdupes-1.50-PR2.tar.gz
+/fdupes-1.51.tar.gz
diff --git a/fdupes-1.50-compare-file.patch b/fdupes-1.50-compare-file.patch
deleted file mode 100644
index fa9e2a3..0000000
--- a/fdupes-1.50-compare-file.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/fdupes.c fdupes-1.50-PR2/fdupes.c
---- fdupes-1.50-PR2.orig/fdupes.c	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/fdupes.c	2009-01-31 22:01:11.872219443 +0530
-@@ -492,7 +492,10 @@ file_t **checkmatch(filetree_t **root, f
-   else {
-     if (checktree->file->crcpartial == NULL) {
-       crcsignature = getcrcpartialsignature(checktree->file->d_name);
--      if (crcsignature == NULL) return NULL;
-+      if (crcsignature == NULL) {
-+        errormsg ("cannot read file %s\n", checktree->file->d_name);
-+        return NULL;
-+      }
- 
-       checktree->file->crcpartial = (char*) malloc(strlen(crcsignature)+1);
-       if (checktree->file->crcpartial == NULL) {
-@@ -504,7 +507,10 @@ file_t **checkmatch(filetree_t **root, f
- 
-     if (file->crcpartial == NULL) {
-       crcsignature = getcrcpartialsignature(file->d_name);
--      if (crcsignature == NULL) return NULL;
-+      if (crcsignature == NULL) {
-+        errormsg ("cannot read file %s\n", file->d_name);
-+        return NULL;
-+      }
- 
-       file->crcpartial = (char*) malloc(strlen(crcsignature)+1);
-       if (file->crcpartial == NULL) {
-@@ -577,8 +583,8 @@ file_t **checkmatch(filetree_t **root, f
- 
- int confirmmatch(FILE *file1, FILE *file2)
- {
--  unsigned char c1 = 0;
--  unsigned char c2 = 0;
-+  unsigned char c1[CHUNK_SIZE];
-+  unsigned char c2[CHUNK_SIZE];
-   size_t r1;
-   size_t r2;
-   
-@@ -586,14 +592,13 @@ int confirmmatch(FILE *file1, FILE *file
-   fseek(file2, 0, SEEK_SET);
- 
-   do {
--    r1 = fread(&c1, sizeof(c1), 1, file1);
--    r2 = fread(&c2, sizeof(c2), 1, file2);
-+    r1 = fread(c1, 1, sizeof(c1), file1);
-+    r2 = fread(c2, 1, sizeof(c2), file2);
- 
--    if (c1 != c2) return 0; /* file contents are different */
--  } while (r1 && r2);
-+    if (r1 != r2) return 0; /* file lengths are different */
-+    if (memcmp (c1, c2, r1)) return 0; /* file contents are different */
-+  } while (r2);
-   
--  if (r1 != r2) return 0; /* file lengths are different */
--
-   return 1;
- }
- 
diff --git a/fdupes-1.50-destdir.patch b/fdupes-1.50-destdir.patch
deleted file mode 100644
index 960afcd..0000000
--- a/fdupes-1.50-destdir.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/Makefile fdupes-1.50-PR2/Makefile
---- fdupes-1.50-PR2.orig/Makefile	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/Makefile	2009-01-31 21:17:01.207220400 +0530
-@@ -40,6 +40,8 @@ include Makefile.inc/VERSION
- #
- PROGRAM_NAME=fdupes
- 
-+DESTDIR =
-+
- #
- # BIN_DIR indicates directory where program is to be installed. 
- # Suggested value is "$(PREFIX)/bin"
-@@ -97,12 +99,12 @@ fdupes: $(OBJECT_FILES)
- 	$(CC) $(CFLAGS) -o fdupes $(OBJECT_FILES)
- 
- installdirs:
--	test -d $(BIN_DIR) || -$(MKDIR) $(BIN_DIR)
--	test -d $(MAN_DIR) || -$(MKDIR) $(MAN_DIR)
-+	test -d $(DESTDIR)$(BIN_DIR) || $(MKDIR) $(DESTDIR)$(BIN_DIR)
-+	test -d $(DESTDIR)$(MAN_DIR) || $(MKDIR) $(DESTDIR)$(MAN_DIR)
- 
- install: fdupes installdirs
--	$(INSTALL_PROGRAM)	fdupes   $(BIN_DIR)/$(PROGRAM_NAME)
--	$(INSTALL_DATA)		fdupes.1 $(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
-+	$(INSTALL_PROGRAM)	fdupes   $(DESTDIR)$(BIN_DIR)/$(PROGRAM_NAME)
-+	$(INSTALL_DATA)		fdupes.1 $(DESTDIR)$(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
- 
- clean:
- 	$(RM) $(OBJECT_FILES)
diff --git a/fdupes-1.50-lfs.patch b/fdupes-1.50-lfs.patch
deleted file mode 100644
index d3b83f3..0000000
--- a/fdupes-1.50-lfs.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/fdupes.c fdupes-1.50-PR2/fdupes.c
---- fdupes-1.50-PR2.orig/fdupes.c	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/fdupes.c	2009-01-31 20:29:17.103220311 +0530
-@@ -643,7 +643,7 @@ void printmatches(file_t *files)
-   while (files != NULL) {
-     if (files->hasdupes) {
-       if (!ISFLAG(flags, F_OMITFIRST)) {
--	if (ISFLAG(flags, F_SHOWSIZE)) printf("%ld byte%seach:\n", files->size,
-+	if (ISFLAG(flags, F_SHOWSIZE)) printf("%lld byte%seach:\n", files->size,
- 	 (files->size != 1) ? "s " : " ");
- 	if (ISFLAG(flags, F_DSAMELINE)) escapefilename("\\ ", &files->d_name);
- 	printf("%s%c", files->d_name, ISFLAG(flags, F_DSAMELINE)?' ':'\n');
-@@ -796,7 +796,7 @@ void deletefiles(file_t *files, int prom
-       do {
- 	printf("Set %d of %d, preserve files [1 - %d, all]", 
-           curgroup, groups, counter);
--	if (ISFLAG(flags, F_SHOWSIZE)) printf(" (%ld byte%seach)", files->size,
-+	if (ISFLAG(flags, F_SHOWSIZE)) printf(" (%lld byte%seach)", files->size,
- 	  (files->size != 1) ? "s " : " ");
- 	printf(": ");
- 	fflush(stdout);
-diff -urNp fdupes-1.50-PR2.orig/Makefile fdupes-1.50-PR2/Makefile
---- fdupes-1.50-PR2.orig/Makefile	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/Makefile	2009-01-31 20:25:59.639218322 +0530
-@@ -74,7 +74,7 @@ MKDIR   = mkdir -p
- CC = gcc
- COMPILER_OPTIONS = -Wall -O -g
- 
--CFLAGS= $(COMPILER_OPTIONS) -I. -DVERSION=\"$(VERSION)\" $(EXTERNAL_MD5) $(EXPERIMENTAL_RBTREE) $(OMIT_GETOPT_LONG)
-+CFLAGS= $(COMPILER_OPTIONS) -I. -D_FILE_OFFSET_BITS=64 -DVERSION=\"$(VERSION)\" $(EXTERNAL_MD5) $(EXPERIMENTAL_RBTREE) $(OMIT_GETOPT_LONG)
- 
- INSTALL_PROGRAM = $(INSTALL) -c -m 0755
- INSTALL_DATA    = $(INSTALL) -c -m 0644
diff --git a/fdupes-1.51-check-permissions.patch b/fdupes-1.51-check-permissions.patch
new file mode 100644
index 0000000..6977773
--- /dev/null
+++ b/fdupes-1.51-check-permissions.patch
@@ -0,0 +1,90 @@
+diff -Naur fdupes-1.51.orig/fdupes.1 fdupes-1.51/fdupes.1
+--- fdupes-1.51.orig/fdupes.1	2013-04-20 12:00:09.000000000 -0500
++++ fdupes-1.51/fdupes.1	2013-07-16 13:01:16.264491871 -0500
+@@ -56,6 +56,9 @@
+ when used together with --delete, preserve the first file in each
+ set of duplicates and delete the others without prompting the user 
+ .TP
++.B -p --permissions
++don't consider files with different owner/group or permission bits as duplicates
++.TP
+ .B -v --version
+ display fdupes version
+ .TP
+diff -Naur fdupes-1.51.orig/fdupes.c fdupes-1.51/fdupes.c
+--- fdupes-1.51.orig/fdupes.c	2013-04-20 13:02:18.000000000 -0500
++++ fdupes-1.51/fdupes.c	2013-07-16 13:03:04.529344704 -0500
+@@ -51,6 +51,7 @@
+ #define F_RECURSEAFTER      0x0200
+ #define F_NOPROMPT          0x0400
+ #define F_SUMMARIZEMATCHES  0x0800
++#define F_PERMISSIONS       0x1000
+ 
+ char *program_name;
+ 
+@@ -467,6 +468,19 @@
+   return 1;
+ }
+ 
++int same_permissions(char* name1, char* name2)
++{
++    struct stat s1, s2;
++
++    if (stat(name1, &s1) != 0) return -1;
++    if (stat(name2, &s2) != 0) return -1;
++
++    return (s1.st_mode == s2.st_mode &&
++            s1.st_uid == s2.st_uid &&
++            s1.st_gid == s2.st_gid);
++}
++
++
+ file_t **checkmatch(filetree_t **root, filetree_t *checktree, file_t *file)
+ {
+   int cmpresult;
+@@ -489,6 +503,10 @@
+     cmpresult = -1;
+   else 
+     if (fsize > checktree->file->size) cmpresult = 1;
++  else
++    if (ISFLAG(flags, F_PERMISSIONS) &&
++        !same_permissions(file->d_name, checktree->file->d_name))
++        cmpresult = -1;
+   else {
+     if (checktree->file->crcpartial == NULL) {
+       crcsignature = getcrcpartialsignature(checktree->file->d_name);
+@@ -958,6 +976,7 @@
+   printf(" -N --noprompt    \ttogether with --delete, preserve the first file in\n");
+   printf("                  \teach set of duplicates and delete the rest without\n");
+   printf("                  \tprompting the user\n");
++  printf(" -p --permissions \tdon't consider files with different owner/group or permission bits as duplicates\n");
+   printf(" -v --version     \tdisplay fdupes version\n");
+   printf(" -h --help        \tdisplay this help message\n\n");
+ #ifdef OMIT_GETOPT_LONG
+@@ -1000,6 +1019,7 @@
+     { "noprompt", 0, 0, 'N' },
+     { "summarize", 0, 0, 'm'},
+     { "summary", 0, 0, 'm' },
++    { "permissions", 0, 0, 'p' },
+     { 0, 0, 0, 0 }
+   };
+ #define GETOPT getopt_long
+@@ -1011,7 +1031,7 @@
+ 
+   oldargv = cloneargs(argc, argv);
+ 
+-  while ((opt = GETOPT(argc, argv, "frRq1Ss::HlndvhNm"
++  while ((opt = GETOPT(argc, argv, "frRq1Ss::HlndvhNmp"
+ #ifndef OMIT_GETOPT_LONG
+           , long_options, NULL
+ #endif
+@@ -1059,6 +1079,9 @@
+     case 'm':
+       SETFLAG(flags, F_SUMMARIZEMATCHES);
+       break;
++    case 'p':
++      SETFLAG(flags, F_PERMISSIONS);
++      break;
+ 
+     default:
+       fprintf(stderr, "Try `fdupes --help' for more information.\n");
diff --git a/fdupes-1.51-destdir.patch b/fdupes-1.51-destdir.patch
new file mode 100644
index 0000000..e2fd8b2
--- /dev/null
+++ b/fdupes-1.51-destdir.patch
@@ -0,0 +1,29 @@
+diff -Naur fdupes-1.51.orig/Makefile fdupes-1.51/Makefile
+--- fdupes-1.51.orig/Makefile	2013-04-20 12:51:58.000000000 -0500
++++ fdupes-1.51/Makefile	2013-07-16 09:22:30.169197997 -0500
+@@ -46,6 +46,8 @@
+ #
+ PROGRAM_NAME=fdupes
+ 
++DESTDIR =
++
+ #
+ # BIN_DIR indicates directory where program is to be installed. 
+ # Suggested value is "$(PREFIX)/bin"
+@@ -103,12 +105,12 @@
+ 	$(CC) $(CFLAGS) -o fdupes $(OBJECT_FILES)
+ 
+ installdirs:
+-	test -d $(BIN_DIR) || $(MKDIR) $(BIN_DIR)
+-	test -d $(MAN_DIR) || $(MKDIR) $(MAN_DIR)
++	test -d $(DESTDIR)$(BIN_DIR) || $(MKDIR) $(DESTDIR)$(BIN_DIR)
++	test -d $(DESTDIR)$(MAN_DIR) || $(MKDIR) $(DESTDIR)$(MAN_DIR)
+ 
+ install: fdupes installdirs
+-	$(INSTALL_PROGRAM)	fdupes   $(BIN_DIR)/$(PROGRAM_NAME)
+-	$(INSTALL_DATA)		fdupes.1 $(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
++	$(INSTALL_PROGRAM)      fdupes   $(DESTDIR)$(BIN_DIR)/$(PROGRAM_NAME)
++	$(INSTALL_DATA)         fdupes.1 $(DESTDIR)$(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
+ 
+ clean:
+ 	$(RM) $(OBJECT_FILES)
diff --git a/fdupes.spec b/fdupes.spec
index bc3cca2..7100065 100644
--- a/fdupes.spec
+++ b/fdupes.spec
@@ -1,20 +1,18 @@
-Name:           fdupes
-Summary:        Finds duplicate files in a given set of directories
-Version:        1.50
-Release:        0.7.PR2%{?dist}
-License:        MIT
-Group:          Applications/File
-URL:            http://netdial.caribe.net/~adrian2/fdupes.html
-Source0:        http://netdial.caribe.net/~adrian2/programs/fdupes/beta/%{name}-%{version}-PR2.tar.gz
+Name:		fdupes
+Summary:	Finds duplicate files in a given set of directories
+Version:	1.51
+Release:	1%{?dist}
+License:	MIT
+Group:		Applications/File
+URL:		https://code.google.com/p/fdupes/
+Source0:	https://fdupes.googlecode.com/files/%{name}-%{version}.tar.gz
 Source1:        macros.fdupes
 
-Patch0:         %{name}-%{version}-destdir.patch
-# http://bugs.debian.org/213385
-Patch1:         %{name}-%{version}-compare-file.patch
-# http://bugs.debian.org/447601
-Patch2:         %{name}-%{version}-lfs.patch
+Patch0:		fdupes-1.51-destdir.patch
 # http://bugs.debian.org/353789
-Patch3:         %{name}-%{version}-typo.patch
+Patch1:		fdupes-1.50-typo.patch
+# Fix CVE
+Patch2:         fdupes-1.51-check-permissions.patch
 
 
 %description
@@ -23,11 +21,10 @@ directories.
 
 
 %prep
-%setup -q -n %{name}-%{version}-PR2
+%setup -q -n %{name}-%{version}
+%patch2 -p1 -b .cve
 %patch0 -p1 -b .destdir
-%patch1 -p1 -b .cmp
-%patch2 -p1 -b .lfs
-%patch3 -p1 -b .typo
+%patch1 -p1 -b .typo
 
 
 %build
@@ -57,7 +54,12 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/rpm/
 %{_bindir}/%{name}
 %{_sysconfdir}/rpm/macros.fdupes
 
+
 %changelog
+* Tue Jul 16 2013 Richard Shaw <hobbes1069@gmail.com> - 1.51-1
+- Update to latest upstream release.
+- Fixes security bugs BZ#865591 & 865592.
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.50-0.7.PR2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/macros.fdupes b/macros.fdupes
index a847ac8..d01d65c 100644
--- a/macros.fdupes
+++ b/macros.fdupes
@@ -2,7 +2,7 @@
  _target=""; \
  _symlinks=0; \
  %{-s:_symlinks=1;} \
- fdupes -q -n -r %1 | \
+ fdupes -q -n -r -p %1 | \
   while read _file; do \
     if test -z "$_target" ; then \
       _target="$_file"; \
diff --git a/sources b/sources
index 16c7e05..d6651ba 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a4f0de2d9a79efce3d712d6520e58c7f  fdupes-1.50-PR2.tar.gz
+47d0410c90c9e51e450933ba35a32b62  fdupes-1.51.tar.gz