From c0732da7890389c7ddef0790331e9c072fc13e8b Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Thu, 28 Mar 2024 17:11:25 +0300
Subject: [PATCH] import file-5.39-16.el9

---
 SOURCES/file-5.41-python-magic-threads.patch | 87 ++++++++++++++++++++
 SOURCES/file-5.42-cve-strlcpy.patch          | 20 +++++
 SPECS/file.spec                              | 12 ++-
 3 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/file-5.41-python-magic-threads.patch
 create mode 100644 SOURCES/file-5.42-cve-strlcpy.patch

diff --git a/SOURCES/file-5.41-python-magic-threads.patch b/SOURCES/file-5.41-python-magic-threads.patch
new file mode 100644
index 0000000..2afd459
--- /dev/null
+++ b/SOURCES/file-5.41-python-magic-threads.patch
@@ -0,0 +1,87 @@
+From c8deb32eab1089d1841482fb2e91833f114b6712 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Thu, 9 Sep 2021 17:48:54 +0000
+Subject: [PATCH] PR/285: Benjamin: python detect functions don't work in a
+ multi-threaded context.
+
+---
+ python/magic.py     | 42 ++++++++++++++++++++++++++++++-------------
+ 1 files changed, 29 insertions(+), 13 deletions(-)
+
+diff --git a/python/magic.py b/python/magic.py
+index 0c17caf2e..4b074f31c 100644
+--- a/python/magic.py
++++ b/python/magic.py
+@@ -5,6 +5,7 @@
+ '''
+ 
+ import ctypes
++import threading
+ 
+ from collections import namedtuple
+ 
+@@ -275,11 +276,25 @@ def open(flags):
+ 
+ 
+ # Objects used by `detect_from_` functions
+-mime_magic = Magic(_open(MAGIC_MIME))
+-mime_magic.load()
+-none_magic = Magic(_open(MAGIC_NONE))
+-none_magic.load()
+-
++class MagicDetect(object):
++    def __init__(self):
++        self.mime_magic = Magic(_open(MAGIC_MIME))
++        self.mime_magic.load()
++        self.none_magic = Magic(_open(MAGIC_NONE))
++        self.none_magic.load()
++
++    def __del__(self):
++        self.mime_magic.close()
++        self.none_magic.close()
++
++threadlocal = threading.local()
++
++def _detect_make():
++    v = getattr(threadlocal, "magic_instance", None)
++    if v is None:
++        v = MagicDetect()
++        setattr(threadlocal, "magic_instance", v)
++    return v
+ 
+ def _create_filemagic(mime_detected, type_detected):
+     try:
+@@ -296,9 +311,9 @@ def detect_from_filename(filename):
+ 
+     Returns a `FileMagic` namedtuple.
+     '''
+-
+-    return _create_filemagic(mime_magic.file(filename),
+-                             none_magic.file(filename))
++    x = _detect_make()
++    return _create_filemagic(x.mime_magic.file(filename),
++                             x.none_magic.file(filename))
+ 
+ 
+ def detect_from_fobj(fobj):
+@@ -308,8 +323,9 @@ def detect_from_fobj(fobj):
+     '''
+ 
+     file_descriptor = fobj.fileno()
+-    return _create_filemagic(mime_magic.descriptor(file_descriptor),
+-                             none_magic.descriptor(file_descriptor))
++    x = _detect_make()
++    return _create_filemagic(x.mime_magic.descriptor(file_descriptor),
++                             x.none_magic.descriptor(file_descriptor))
+ 
+ 
+ def detect_from_content(byte_content):
+@@ -318,5 +334,6 @@ def detect_from_content(byte_content):
+     Returns a `FileMagic` namedtuple.
+     '''
+ 
+-    return _create_filemagic(mime_magic.buffer(byte_content),
+-                             none_magic.buffer(byte_content))
++    x = _detect_make()
++    return _create_filemagic(x.mime_magic.buffer(byte_content),
++                             x.none_magic.buffer(byte_content))
diff --git a/SOURCES/file-5.42-cve-strlcpy.patch b/SOURCES/file-5.42-cve-strlcpy.patch
new file mode 100644
index 0000000..601212f
--- /dev/null
+++ b/SOURCES/file-5.42-cve-strlcpy.patch
@@ -0,0 +1,20 @@
+diff --git a/src/funcs.c b/src/funcs.c
+index 9bd054f..a5363e7 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.118 2020/12/08 21:26:00 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
diff --git a/SPECS/file.spec b/SPECS/file.spec
index eb233a1..11a2c90 100644
--- a/SPECS/file.spec
+++ b/SPECS/file.spec
@@ -15,7 +15,7 @@
 Summary: Utility for determining file types
 Name: file
 Version: 5.39
-Release: 14%{?dist}
+Release: 16%{?dist}
 License: BSD
 Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz
 
@@ -58,6 +58,10 @@ Patch14: file-5.39-floating-point-exception.patch
 Patch15: file-5.39-static-PIE-binaries.patch
 # Upstream commit 85b7ab83257b3191a1a7ca044589a092bcef2bb3 (#2219392)
 Patch16: file-5.39-wasm-magic.patch
+# Upstream commit c8deb32eab1089d1841482fb2e91833f114b6712 (#5734)
+Patch17: file-5.41-python-magic-threads.patch
+# Upstream commit 497aabb29cd08d2a5aeb63e45798d65fcbe03502 (#5733)
+Patch18: file-5.42-cve-strlcpy.patch
 
 URL: https://www.darwinsys.com/file/
 Requires: file-libs%{?_isa} = %{version}-%{release}
@@ -237,6 +241,12 @@ cd %{py3dir}
 %endif
 
 %changelog
+* Thu Nov 23 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-16
+- Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554)
+
+* Thu Oct 12 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-15
+- Fix segfault in python3-file-magic concurrent method calls
+
 * Tue Jul 11 2023 Ville-Pekka Vainio <vpvainio@iki.fi> - 5.39-14
 - fix detection of deflate encoded PDFs
   Resolves: #2213761