diff --git a/file-5.28-compress.patch b/file-5.28-compress.patch
new file mode 100644
index 0000000..e183ea5
--- /dev/null
+++ b/file-5.28-compress.patch
@@ -0,0 +1,41 @@
+-- Subject: Crash with file-5.28/libmagic and rpmbuild
+
+| Hi,
+| 
+| interesting crash with libmagic from file-5.28 used by rpmbuild or better
+| its librpmbuild.so.3.  See attached backtrace.  It looks like strlcpy()
+| runs on a NULL pointer as source.  As well as it is not clrear why an
+| ascii file like apefooter_8h__incl.md5 with a MD5 sum without line terminat=
+| or
+| does cause the libmagic to do an uncompress:
+| 
+|  file /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/pa=
+| ckages/libtag-devel/html/apefooter_8h__incl.md5
+|  /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/package=
+| s/libtag-devel/html/apefooter_8h__incl.md5: ASCII text, with no line termin=
+| ators
+| 
+
+It has been fixed on HEAD:
+
+Best,
+
+christos
+
+Index: src/compress.c
+===================================================================
+RCS file: /p/file/cvsroot/file/src/compress.c,v
+retrieving revision 1.97
+retrieving revision 1.98
+diff -u -r1.97 -r1.98
+--- src/compress.c  13 May 2016 23:02:28 -0000      1.97
++++ src/compress.c  28 Jun 2016 16:38:26 -0000      1.98
+@@ -517,7 +517,7 @@
+ 
+ 	return OKDATA;
+ err:
+-	strlcpy((char *)*newch, z.msg, bytes_max);
++	strlcpy((char *)*newch, z.msg ? z.msg : zError(rc), bytes_max);
+ 	*n = strlen((char *)*newch);
+ 	return ERRDATA;
+ }
diff --git a/file.changes b/file.changes
index f06121c..b2100fa 100644
--- a/file.changes
+++ b/file.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug 18 12:24:36 UTC 2016 - werner@suse.de
+
+- Add patch file-5.28-compress.patch
+  to fix crash as found in build system
+
 -------------------------------------------------------------------
 Tue Aug 16 11:59:36 UTC 2016 - werner@suse.de
 
diff --git a/file.spec b/file.spec
index 676e06b..dbb472c 100644
--- a/file.spec
+++ b/file.spec
@@ -63,6 +63,7 @@ Patch34:        file-5.23-endian.patch
 Patch35:        file-5.24-nitpick.dif
 Patch36:        file-5.15-clear-invalid.patch
 Patch37:        file-secure_getenv.patch
+Patch38:        file-5.28-compress.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _miscdir    %{_datadir}/misc
@@ -127,6 +128,8 @@ to develop applications that require the magic "file" interface.
 %patch35 -p0 -b .nitpick
 %patch36 -p1 -b .clear
 %patch37 -p1 -b .getenv
+# PATCH-FIX-UPSTREAM -- fix crash as found in build system
+%patch38 -p1 -b .rpmbuild
 %patch -b .0
 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
 rm -fv src/magic.h