From 33877a016b77b2b66769a94952197ad88a3a0f7c Mon Sep 17 00:00:00 2001 From: Joseph Marrero Date: Thu, 15 Aug 2024 15:59:56 -0400 Subject: [PATCH] Backport https://github.com/coreos/rpm-ostree/pull/5051 Resolves: #RHEL-53871 --- 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch | 33 +++++++++++++++++++++ rpm-ostree.spec | 8 ++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch diff --git a/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch b/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch new file mode 100644 index 0000000..79b8567 --- /dev/null +++ b/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch @@ -0,0 +1,33 @@ +From 96ddae1acba59cf5249dcfff1157e44b5ed69650 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 15 Aug 2024 11:41:43 -0400 +Subject: [PATCH 1/1] core: Fix Coverity WRAPPER_ESCAPE + +This should fix: + +``` +32. rpm-ostree-2024.7/src/libpriv/rpmostree-core.cxx:1786:15: use_after_free: Using internal representation of destroyed object temporary of type "std::string". +``` + +Signed-off-by: Colin Walters +--- + src/libpriv/rpmostree-core.cxx | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx +index a2de7262..615e2636 100644 +--- a/src/libpriv/rpmostree-core.cxx ++++ b/src/libpriv/rpmostree-core.cxx +@@ -1782,7 +1782,8 @@ rpmostree_context_prepare (RpmOstreeContext *self, gboolean enable_filelists, + auto pkg = ""; + for (auto &pkg_str : packages) + { +- pkg = std::string (pkg_str).c_str (); ++ auto pkg_buf = std::string (pkg_str); ++ pkg = pkg_buf.c_str (); + char *query = strchr ((char *)pkg, '/'); + if (query) + { +-- +2.46.0 + diff --git a/rpm-ostree.spec b/rpm-ostree.spec index 745ceec..6db264a 100644 --- a/rpm-ostree.spec +++ b/rpm-ostree.spec @@ -4,13 +4,15 @@ Summary: Hybrid image/package system Name: rpm-ostree Version: 2024.7 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ URL: https://github.com/coreos/rpm-ostree # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # in the upstream git. It also contains vendored Rust sources. Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz +Patch0: 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch + ExclusiveArch: %{rust_arches} BuildRequires: make @@ -244,6 +246,10 @@ fi %files devel -f files.devel %changelog +* Thu Aug 15 2024 Joseph Marrero - 2024.7-2 +- Backport https://github.com/coreos/rpm-ostree/pull/5051 + Resolves: #RHEL-53871 + * Tue Aug 09 2024 Joseph Marrero - 2024.7-1 - Rebase to 2024.7 Resolves: #RHEL-53871