rpms/rpm-ostree
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream version

Browse Source 
Fixes: CVE-2017-2623
  Resolves: #1422157
This commit is contained in:
Colin Walters 2017-03-06 14:20:16 -05:00
parent 244f693247
commit f9a2173a0a
5 changed files with 11 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -45,3 +45,4 @@
/rpm-ostree-2016.13.tar.xz
/rpm-ostree-2017.1.tar.xz
/rpm-ostree-2017.2.tar.xz
/rpm-ostree-2017.3.tar.xz

61
0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch
View File

@ -1,61 +0,0 @@
From f6842838d709439c30b82ba90324d201b0498dbf Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 17 Feb 2017 12:29:10 -0500
Subject: [PATCH] build: Deal with gperf 3.1 changing to size_t
https://bugzilla.redhat.com/show_bug.cgi?id=1424268
Closes: #631
Approved by: jlebon
---
configure.ac | 20 ++++++++++++++++++++
src/libpriv/rpmostree-scripts.h | 2 +-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 6273806..b088b89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -102,6 +102,26 @@ AC_CHECK_TOOL(GPERF, gperf)
AS_IF([test -z "$GPERF"],
AC_MSG_ERROR([*** gperf not found])
)
+dnl stolen from https://github.com/systemd/systemd/commit/c9f7b4d
+GPERF_TEST="$(echo foo,bar | ${GPERF} -L ANSI-C)"
+AC_COMPILE_IFELSE(
+[AC_LANG_PROGRAM([
+#include <string.h>
+const char * in_word_set(const char *, size_t);
+$GPERF_TEST]
+)],
+[GPERF_LEN_TYPE=size_t],
+[AC_COMPILE_IFELSE(
+[AC_LANG_PROGRAM([
+#include <string.h>
+const char * in_word_set(const char *, unsigned);
+$GPERF_TEST]
+)],
+[GPERF_LEN_TYPE=unsigned],
+[AC_MSG_ERROR([** unable to determine gperf len type])]
+)]
+)
+AC_DEFINE_UNQUOTED([GPERF_LEN_TYPE], [$GPERF_LEN_TYPE], [gperf len type])
m4_ifdef([GOBJECT_INTROSPECTION_CHECK], [
GOBJECT_INTROSPECTION_CHECK([1.34.0])
diff --git a/src/libpriv/rpmostree-scripts.h b/src/libpriv/rpmostree-scripts.h
index c981131..87d64d2 100644
--- a/src/libpriv/rpmostree-scripts.h
+++ b/src/libpriv/rpmostree-scripts.h
@@ -43,7 +43,7 @@ struct RpmOstreePackageScriptHandler {
RpmOstreeScriptAction action;
};
-const struct RpmOstreePackageScriptHandler* rpmostree_script_gperf_lookup(const char *key, unsigned length);
+const struct RpmOstreePackageScriptHandler* rpmostree_script_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
gboolean rpmostree_script_ignore_hash_from_strv (const char *const *strv,
GHashTable **out_hash,
--
2.9.3

59
0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch
View File

@ -1,59 +0,0 @@
From a2ac7531be72e31248b21441aa16275769826427 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 2 Mar 2017 20:10:28 -0500
Subject: [PATCH] build: Depend on ostree 2017.2, drop check for gpg symbol
Since somehow it's breaking in [Fedora's Koji](https://kojipkgs.fedoraproject.org//packages/rpm-ostree/2017.2/2.fc25/data/logs/x86_64/build.log)
and I don't feel like debugging it. Let's just take a hard dependency
now and kill the conditional.
Closes: https://github.com/projectatomic/rpm-ostree/issues/653
---
configure.ac | 7 +------
src/daemon/rpmostreed-deployment-utils.c | 4 ----
2 files changed, 1 insertion(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index b088b89..e3f0b82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -81,7 +81,7 @@ AC_SEARCH_LIBS([rpmsqSetInterruptSafety], [rpmio],
# Remember to update AM_CPPFLAGS in Makefile.am when bumping GIO req.
PKG_CHECK_MODULES(PKGDEP_GIO_UNIX, [gio-unix-2.0])
PKG_CHECK_MODULES(PKGDEP_RPMOSTREE, [gio-unix-2.0 >= 2.40.0 json-glib-1.0
- ostree-1 >= 2016.7
+ ostree-1 >= 2017.2
libsystemd
rpm librepo
libarchive])
@@ -89,11 +89,6 @@ dnl bundled libdnf
PKGDEP_RPMOSTREE_CFLAGS="-I $(pwd)/libdnf -I $(pwd)/libdnf-build $PKGDEP_RPMOSTREE_CFLAGS"
PKGDEP_RPMOSTREE_LIBS="-L$(pwd)/libdnf-build/libdnf -ldnf $PKGDEP_RPMOSTREE_LIBS"
-save_LIBS=$LIBS
-LIBS=$PKGDEP_RPMOSTREE_LIBS
-AC_CHECK_FUNCS(ostree_repo_verify_commit_for_remote)
-LIBS=$save_LIBS
-
AC_PATH_PROG([XSLTPROC], [xsltproc])
GLIB_TESTS
diff --git a/src/daemon/rpmostreed-deployment-utils.c b/src/daemon/rpmostreed-deployment-utils.c
index e0f615e..42a990a 100644
--- a/src/daemon/rpmostreed-deployment-utils.c
+++ b/src/daemon/rpmostreed-deployment-utils.c
@@ -98,11 +98,7 @@ rpmostreed_deployment_gpg_results (OstreeRepo *repo,
if (!gpg_verify)
goto out;
-#ifdef HAVE_OSTREE_REPO_VERIFY_COMMIT_FOR_REMOTE
result = ostree_repo_verify_commit_for_remote (repo, csum, remote, NULL, &error);
-#else
- result = ostree_repo_verify_commit_ext (repo, csum, NULL, NULL, NULL, &error);
-#endif
if (!result)
goto out;
--
2.9.3

16
rpm-ostree.spec
View File

@ -1,7 +1,7 @@
Summary: Client side upgrade program and server side compose tool
Name: rpm-ostree
Version: 2017.2
Release: 5%{?dist}
Version: 2017.3
Release: 1%{?dist}
#VCS: https://github.com/cgwalters/rpm-ostree
# This tarball is generated via "make -f Makefile.dist-packaging dist-snapshot"
Source0: rpm-ostree-%{version}.tar.xz
@ -28,12 +28,9 @@ BuildRequires: libattr-devel
# We currently interact directly with librepo
BuildRequires: pkgconfig(librepo)
Patch0: 0001-build-Deal-with-gperf-3.1-changing-to-size_t.patch
Patch1: 0001-build-Depend-on-ostree-2017.2-drop-check-for-gpg-sym.patch
# libhif bundling
# libdnf bundling
# We're using RPATH to pick up our bundled version
%global __requires_exclude ^libhif[.]so[.].*$
%global __requires_exclude ^libdnf[.]so[.].*$
BuildRequires: cmake
BuildRequires: pkgconfig(expat)
@ -130,6 +127,11 @@ python autofiles.py > files.devel \
%files devel -f files.devel
%changelog
* Mon Mar 06 2017 Colin Walters <walters@verbum.org> - 2017.3-1
- New upstream version
Fixes: CVE-2017-2623
Resolves: #1422157
* Fri Mar 03 2017 Colin Walters <walters@verbum.org> - 2017.2-5
- Add patch to bump requires for ostree

2
sources
View File

@ -1 +1 @@
SHA512 (rpm-ostree-2017.2.tar.xz) = 6f42bf91d6b0c04588ba3f4f0d08e19ee6e7f30a359e8bdf05ffba56b6bca8671978d31800adbb0b3e00d73306550cf0a05e85ec21f9167f5c3217a5562ddc66
SHA512 (rpm-ostree-2017.3.tar.xz) = 9b6aa5a3d944e06ecc97329e7d2d7e2b89cac4e40aeea06276c23aca17afcd9eb0cefea82884cebd009e04229d759b407578a5a1898f116309fda417ea20b0aa