Backport https://github.com/coreos/rpm-ostree/pull/5051

Resolves: #RHEL-53871
2024-08-15 15:59:56 -04:00 · 2024-08-15 15:59:56 -04:00 · 33877a016b
commit 33877a016b
parent 5013308b96
2 changed files with 40 additions and 1 deletions
--- a/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
+++ b/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
@ -0,0 +1,33 @@
+From 96ddae1acba59cf5249dcfff1157e44b5ed69650 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 15 Aug 2024 11:41:43 -0400
+Subject: [PATCH 1/1] core: Fix Coverity WRAPPER_ESCAPE
+
+This should fix:
+
+```
+32. rpm-ostree-2024.7/src/libpriv/rpmostree-core.cxx:1786:15: use_after_free: Using internal representation of destroyed object temporary of type "std::string".
+```
+
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ src/libpriv/rpmostree-core.cxx | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx
+index a2de7262..615e2636 100644
+--- a/src/libpriv/rpmostree-core.cxx
+++ b/src/libpriv/rpmostree-core.cxx
+@@ -1782,7 +1782,8 @@ rpmostree_context_prepare (RpmOstreeContext *self, gboolean enable_filelists,
+           auto pkg = "";
+           for (auto &pkg_str : packages)
+             {
+-              pkg = std::string (pkg_str).c_str ();
+              auto pkg_buf = std::string (pkg_str);
+              pkg = pkg_buf.c_str ();
+               char *query = strchr ((char *)pkg, '/');
+               if (query)
+                 {
+-- 
+2.46.0
+
--- a/rpm-ostree.spec
+++ b/rpm-ostree.spec
@ -4,13 +4,15 @@
 Summary: Hybrid image/package system
 Name: rpm-ostree
 Version: 2024.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 URL: https://github.com/coreos/rpm-ostree
 # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
 # in the upstream git.  It also contains vendored Rust sources.
 Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz

+Patch0: 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
+
 ExclusiveArch: %{rust_arches}

 BuildRequires: make
@ -244,6 +246,10 @@ fi
 %files devel -f files.devel

 %changelog
+* Thu Aug 15 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-2
+- Backport https://github.com/coreos/rpm-ostree/pull/5051
+  Resolves: #RHEL-53871
+
 * Tue Aug 09 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-1
 - Rebase to 2024.7
  Resolves: #RHEL-53871