import rpm-4.14.3-19.el8
This commit is contained in:
parent
57930f4c25
commit
0af3b82203
|
@ -1,48 +0,0 @@
|
||||||
commit cfdb8300f6e3aed0abc41406a3c4737eb1192067
|
|
||||||
Author: Michal Domonkos <mdomonko@redhat.com>
|
|
||||||
Date: Sun Jul 11 18:08:26 2021 +0200
|
|
||||||
|
|
||||||
Don't brp-strip .ko files
|
|
||||||
|
|
||||||
Otherwise SecureBoot signatures may be stripped too.
|
|
||||||
|
|
||||||
We used to exclude shared libraries from this strip as they were
|
|
||||||
supposed to be covered by another brp script (brp-strip-shared), however
|
|
||||||
it turned out the latter was never really used, so we removed the
|
|
||||||
exclusion in commit 0ab151ab138fd4fb6d3176fd0270d9cc6f4623f3.
|
|
||||||
|
|
||||||
As it turns out, that was a little too ambitious, since we may now
|
|
||||||
inadvertently strip SecureBoot signatures from kernel modules too,
|
|
||||||
provided that they're made during the build, prior to the invocation of
|
|
||||||
brp-strip.
|
|
||||||
|
|
||||||
Note that this regression currently does *not* affect the following two
|
|
||||||
cases on Fedora/RHEL systems with redhat-rpm-config installed:
|
|
||||||
|
|
||||||
- in-tree kernel modules; these are built from kernel.spec which
|
|
||||||
already contains a hack ensuring that module signing only happens
|
|
||||||
*after* any stripping (see %__modsign_install_post in kernel.spec)
|
|
||||||
|
|
||||||
- out-of-tree kernel modules built with debuginfo enabled; this is
|
|
||||||
because brp-strip is only called when %debug_package is set to
|
|
||||||
%{nil}
|
|
||||||
|
|
||||||
Any other combinations may be affected, depending on the macros and
|
|
||||||
.spec files used, so let's fix this by effectively "reverting" said
|
|
||||||
commit for .ko files only.
|
|
||||||
|
|
||||||
Fixes: rhbz#1967291
|
|
||||||
|
|
||||||
Backported into 4.14.3
|
|
||||||
diff -up rpm-4.14.3/scripts/brp-strip.orig rpm-4.14.3/scripts/brp-strip
|
|
||||||
--- rpm-4.14.3/scripts/brp-strip.orig 2021-07-12 17:21:04.446396789 +0200
|
|
||||||
+++ rpm-4.14.3/scripts/brp-strip 2021-07-12 17:21:20.673633783 +0200
|
|
||||||
@@ -12,7 +12,7 @@ Darwin*) exit 0 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Strip ELF binaries
|
|
||||||
-for f in `find "$RPM_BUILD_ROOT" -type f -exec file {} \; | \
|
|
||||||
+for f in `find "$RPM_BUILD_ROOT" -type f \! -name "*.ko" -exec file {} \; | \
|
|
||||||
grep -v "^${RPM_BUILD_ROOT}/\?usr/lib/debug" | \
|
|
||||||
sed -n -e 's/^\(.*\):[ ]*ELF.*, not stripped.*/\1/p'`; do
|
|
||||||
$STRIP -g "$f" || :
|
|
|
@ -32,7 +32,7 @@
|
||||||
|
|
||||||
%global rpmver 4.14.3
|
%global rpmver 4.14.3
|
||||||
#global snapver rc2
|
#global snapver rc2
|
||||||
%global rel 18
|
%global rel 19
|
||||||
|
|
||||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||||
|
@ -106,7 +106,6 @@ Patch151: 0001-Unblock-signals-in-forked-scriptlets.patch
|
||||||
Patch152: rpm-4.14.3-fix-ambiguous-diagnostics-on-file-triggers.patch
|
Patch152: rpm-4.14.3-fix-ambiguous-diagnostics-on-file-triggers.patch
|
||||||
Patch153: rpm-4.14.3-ELF-files-strip-when-debuginfo-disabled.patch
|
Patch153: rpm-4.14.3-ELF-files-strip-when-debuginfo-disabled.patch
|
||||||
Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch
|
Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch
|
||||||
Patch155: rpm-4.14.3-preserve-kmod-secure-boot-signature.patch
|
|
||||||
Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch
|
Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch
|
||||||
Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch
|
Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch
|
||||||
Patch158: rpm-4.14.3-imp-covscan-fixes.patch
|
Patch158: rpm-4.14.3-imp-covscan-fixes.patch
|
||||||
|
@ -690,6 +689,9 @@ make check || cat tests/rpmtests.log
|
||||||
%doc doc/librpm/html/*
|
%doc doc/librpm/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 06 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19
|
||||||
|
- Unbreak in-tree kmod strip by reverting brp-strip fix (#1967291)
|
||||||
|
|
||||||
* Thu Aug 26 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-18
|
* Thu Aug 26 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-18
|
||||||
- Address important covscan issues (#1996665), vol. 2
|
- Address important covscan issues (#1996665), vol. 2
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue