From f9a2173a0acdebe68d4efeb6967bb215ceae476a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 6 Mar 2017 14:20:16 -0500 Subject: [PATCH] New upstream version Fixes: CVE-2017-2623 Resolves: #1422157 --- .gitignore | 1 + ...al-with-gperf-3.1-changing-to-size_t.patch | 61 ------------------- ...ostree-2017.2-drop-check-for-gpg-sym.patch | 59 ------------------ rpm-ostree.spec | 16 ++--- sources | 2 +- 5 files changed, 11 insertions(+), 128 deletions(-) delete mode 100644 0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch delete mode 100644 0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch diff --git a/.gitignore b/.gitignore index 12e064e..42956c9 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,4 @@ /rpm-ostree-2016.13.tar.xz /rpm-ostree-2017.1.tar.xz /rpm-ostree-2017.2.tar.xz +/rpm-ostree-2017.3.tar.xz diff --git a/0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch b/0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch deleted file mode 100644 index 9305e3b..0000000 --- a/0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch +++ /dev/null @@ -1,61 +0,0 @@ -From f6842838d709439c30b82ba90324d201b0498dbf Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Fri, 17 Feb 2017 12:29:10 -0500 -Subject: [PATCH] build: Deal with gperf 3.1 changing to size_t - -https://bugzilla.redhat.com/show_bug.cgi?id=1424268 - -Closes: #631 -Approved by: jlebon ---- - configure.ac | 20 ++++++++++++++++++++ - src/libpriv/rpmostree-scripts.h | 2 +- - 2 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 6273806..b088b89 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -102,6 +102,26 @@ AC_CHECK_TOOL(GPERF, gperf) - AS_IF([test -z "$GPERF"], - AC_MSG_ERROR([*** gperf not found]) - ) -+dnl stolen from https://github.com/systemd/systemd/commit/c9f7b4d -+GPERF_TEST="$(echo foo,bar | ${GPERF} -L ANSI-C)" -+AC_COMPILE_IFELSE( -+[AC_LANG_PROGRAM([ -+#include -+const char * in_word_set(const char *, size_t); -+$GPERF_TEST] -+)], -+[GPERF_LEN_TYPE=size_t], -+[AC_COMPILE_IFELSE( -+[AC_LANG_PROGRAM([ -+#include -+const char * in_word_set(const char *, unsigned); -+$GPERF_TEST] -+)], -+[GPERF_LEN_TYPE=unsigned], -+[AC_MSG_ERROR([** unable to determine gperf len type])] -+)] -+) -+AC_DEFINE_UNQUOTED([GPERF_LEN_TYPE], [$GPERF_LEN_TYPE], [gperf len type]) - - m4_ifdef([GOBJECT_INTROSPECTION_CHECK], [ - GOBJECT_INTROSPECTION_CHECK([1.34.0]) -diff --git a/src/libpriv/rpmostree-scripts.h b/src/libpriv/rpmostree-scripts.h -index c981131..87d64d2 100644 ---- a/src/libpriv/rpmostree-scripts.h -+++ b/src/libpriv/rpmostree-scripts.h -@@ -43,7 +43,7 @@ struct RpmOstreePackageScriptHandler { - RpmOstreeScriptAction action; - }; - --const struct RpmOstreePackageScriptHandler* rpmostree_script_gperf_lookup(const char *key, unsigned length); -+const struct RpmOstreePackageScriptHandler* rpmostree_script_gperf_lookup(const char *key, GPERF_LEN_TYPE length); - - gboolean rpmostree_script_ignore_hash_from_strv (const char *const *strv, - GHashTable **out_hash, --- -2.9.3 - diff --git a/0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch b/0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch deleted file mode 100644 index 7b5a3b3..0000000 --- a/0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch +++ /dev/null @@ -1,59 +0,0 @@ -From a2ac7531be72e31248b21441aa16275769826427 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Thu, 2 Mar 2017 20:10:28 -0500 -Subject: [PATCH] build: Depend on ostree 2017.2, drop check for gpg symbol - -Since somehow it's breaking in [Fedora's Koji](https://kojipkgs.fedoraproject.org//packages/rpm-ostree/2017.2/2.fc25/data/logs/x86_64/build.log) -and I don't feel like debugging it. Let's just take a hard dependency -now and kill the conditional. - -Closes: https://github.com/projectatomic/rpm-ostree/issues/653 ---- - configure.ac | 7 +------ - src/daemon/rpmostreed-deployment-utils.c | 4 ---- - 2 files changed, 1 insertion(+), 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b088b89..e3f0b82 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -81,7 +81,7 @@ AC_SEARCH_LIBS([rpmsqSetInterruptSafety], [rpmio], - # Remember to update AM_CPPFLAGS in Makefile.am when bumping GIO req. - PKG_CHECK_MODULES(PKGDEP_GIO_UNIX, [gio-unix-2.0]) - PKG_CHECK_MODULES(PKGDEP_RPMOSTREE, [gio-unix-2.0 >= 2.40.0 json-glib-1.0 -- ostree-1 >= 2016.7 -+ ostree-1 >= 2017.2 - libsystemd - rpm librepo - libarchive]) -@@ -89,11 +89,6 @@ dnl bundled libdnf - PKGDEP_RPMOSTREE_CFLAGS="-I $(pwd)/libdnf -I $(pwd)/libdnf-build $PKGDEP_RPMOSTREE_CFLAGS" - PKGDEP_RPMOSTREE_LIBS="-L$(pwd)/libdnf-build/libdnf -ldnf $PKGDEP_RPMOSTREE_LIBS" - --save_LIBS=$LIBS --LIBS=$PKGDEP_RPMOSTREE_LIBS --AC_CHECK_FUNCS(ostree_repo_verify_commit_for_remote) --LIBS=$save_LIBS -- - AC_PATH_PROG([XSLTPROC], [xsltproc]) - - GLIB_TESTS -diff --git a/src/daemon/rpmostreed-deployment-utils.c b/src/daemon/rpmostreed-deployment-utils.c -index e0f615e..42a990a 100644 ---- a/src/daemon/rpmostreed-deployment-utils.c -+++ b/src/daemon/rpmostreed-deployment-utils.c -@@ -98,11 +98,7 @@ rpmostreed_deployment_gpg_results (OstreeRepo *repo, - if (!gpg_verify) - goto out; - --#ifdef HAVE_OSTREE_REPO_VERIFY_COMMIT_FOR_REMOTE - result = ostree_repo_verify_commit_for_remote (repo, csum, remote, NULL, &error); --#else -- result = ostree_repo_verify_commit_ext (repo, csum, NULL, NULL, NULL, &error); --#endif - if (!result) - goto out; - --- -2.9.3 - diff --git a/rpm-ostree.spec b/rpm-ostree.spec index 4213c4e..ba4aa25 100644 --- a/rpm-ostree.spec +++ b/rpm-ostree.spec @@ -1,7 +1,7 @@ Summary: Client side upgrade program and server side compose tool Name: rpm-ostree -Version: 2017.2 -Release: 5%{?dist} +Version: 2017.3 +Release: 1%{?dist} #VCS: https://github.com/cgwalters/rpm-ostree # This tarball is generated via "make -f Makefile.dist-packaging dist-snapshot" Source0: rpm-ostree-%{version}.tar.xz @@ -28,12 +28,9 @@ BuildRequires: libattr-devel # We currently interact directly with librepo BuildRequires: pkgconfig(librepo) -Patch0: 0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch -Patch1: 0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch - -# libhif bundling +# libdnf bundling # We're using RPATH to pick up our bundled version -%global __requires_exclude ^libhif[.]so[.].*$ +%global __requires_exclude ^libdnf[.]so[.].*$ BuildRequires: cmake BuildRequires: pkgconfig(expat) @@ -130,6 +127,11 @@ python autofiles.py > files.devel \ %files devel -f files.devel %changelog +* Mon Mar 06 2017 Colin Walters - 2017.3-1 +- New upstream version + Fixes: CVE-2017-2623 + Resolves: #1422157 + * Fri Mar 03 2017 Colin Walters - 2017.2-5 - Add patch to bump requires for ostree diff --git a/sources b/sources index 1253725..cae123a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rpm-ostree-2017.2.tar.xz) = 6f42bf91d6b0c04588ba3f4f0d08e19ee6e7f30a359e8bdf05ffba56b6bca8671978d31800adbb0b3e00d73306550cf0a05e85ec21f9167f5c3217a5562ddc66 +SHA512 (rpm-ostree-2017.3.tar.xz) = 9b6aa5a3d944e06ecc97329e7d2d7e2b89cac4e40aeea06276c23aca17afcd9eb0cefea82884cebd009e04229d759b407578a5a1898f116309fda417ea20b0aa