import rpm-4.14.3-19.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
57930f4c25
commit
0af3b82203
|
|
@ -1,48 +0,0 @@
|
|||
commit cfdb8300f6e3aed0abc41406a3c4737eb1192067
|
||||
Author: Michal Domonkos <mdomonko@redhat.com>
|
||||
Date: Sun Jul 11 18:08:26 2021 +0200
|
||||
|
||||
Don't brp-strip .ko files
|
||||
|
||||
Otherwise SecureBoot signatures may be stripped too.
|
||||
|
||||
We used to exclude shared libraries from this strip as they were
|
||||
supposed to be covered by another brp script (brp-strip-shared), however
|
||||
it turned out the latter was never really used, so we removed the
|
||||
exclusion in commit 0ab151ab138fd4fb6d3176fd0270d9cc6f4623f3.
|
||||
|
||||
As it turns out, that was a little too ambitious, since we may now
|
||||
inadvertently strip SecureBoot signatures from kernel modules too,
|
||||
provided that they're made during the build, prior to the invocation of
|
||||
brp-strip.
|
||||
|
||||
Note that this regression currently does *not* affect the following two
|
||||
cases on Fedora/RHEL systems with redhat-rpm-config installed:
|
||||
|
||||
- in-tree kernel modules; these are built from kernel.spec which
|
||||
already contains a hack ensuring that module signing only happens
|
||||
*after* any stripping (see %__modsign_install_post in kernel.spec)
|
||||
|
||||
- out-of-tree kernel modules built with debuginfo enabled; this is
|
||||
because brp-strip is only called when %debug_package is set to
|
||||
%{nil}
|
||||
|
||||
Any other combinations may be affected, depending on the macros and
|
||||
.spec files used, so let's fix this by effectively "reverting" said
|
||||
commit for .ko files only.
|
||||
|
||||
Fixes: rhbz#1967291
|
||||
|
||||
Backported into 4.14.3
|
||||
diff -up rpm-4.14.3/scripts/brp-strip.orig rpm-4.14.3/scripts/brp-strip
|
||||
--- rpm-4.14.3/scripts/brp-strip.orig 2021-07-12 17:21:04.446396789 +0200
|
||||
+++ rpm-4.14.3/scripts/brp-strip 2021-07-12 17:21:20.673633783 +0200
|
||||
@@ -12,7 +12,7 @@ Darwin*) exit 0 ;;
|
||||
esac
|
||||
|
||||
# Strip ELF binaries
|
||||
-for f in `find "$RPM_BUILD_ROOT" -type f -exec file {} \; | \
|
||||
+for f in `find "$RPM_BUILD_ROOT" -type f \! -name "*.ko" -exec file {} \; | \
|
||||
grep -v "^${RPM_BUILD_ROOT}/\?usr/lib/debug" | \
|
||||
sed -n -e 's/^\(.*\):[ ]*ELF.*, not stripped.*/\1/p'`; do
|
||||
$STRIP -g "$f" || :
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
%global rpmver 4.14.3
|
||||
#global snapver rc2
|
||||
%global rel 18
|
||||
%global rel 19
|
||||
|
||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||
|
|
@ -106,7 +106,6 @@ Patch151: 0001-Unblock-signals-in-forked-scriptlets.patch
|
|||
Patch152: rpm-4.14.3-fix-ambiguous-diagnostics-on-file-triggers.patch
|
||||
Patch153: rpm-4.14.3-ELF-files-strip-when-debuginfo-disabled.patch
|
||||
Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch
|
||||
Patch155: rpm-4.14.3-preserve-kmod-secure-boot-signature.patch
|
||||
Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch
|
||||
Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch
|
||||
Patch158: rpm-4.14.3-imp-covscan-fixes.patch
|
||||
|
|
@ -690,6 +689,9 @@ make check || cat tests/rpmtests.log
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Wed Oct 06 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19
|
||||
- Unbreak in-tree kmod strip by reverting brp-strip fix (#1967291)
|
||||
|
||||
* Thu Aug 26 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-18
|
||||
- Address important covscan issues (#1996665), vol. 2
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue