diff --git a/0001-Fix-memory-leak-in-rpmsign.patch b/0001-Fix-memory-leak-in-rpmsign.patch new file mode 100644 index 0000000..d9c401f --- /dev/null +++ b/0001-Fix-memory-leak-in-rpmsign.patch @@ -0,0 +1,27 @@ +From 65fa582b5cb267bb73c3e2b4c502f456d50c41f0 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 12 Aug 2024 17:15:48 +0200 +Subject: [PATCH] Fix memory leak in rpmsign + +Found by Coverity. + +Fixes: RHEL-37564 +--- + tools/rpmsign.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/rpmsign.c b/tools/rpmsign.c +index a47b2c109..c5e3e11b4 100644 +--- a/tools/rpmsign.c ++++ b/tools/rpmsign.c +@@ -152,6 +152,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + char *key = rpmExpand("%{?_file_signing_key}", NULL); + if (rstreq(key, "")) { + fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n")); ++ free(key); + goto exit; + } + +-- +2.46.0 + diff --git a/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch new file mode 100644 index 0000000..8869bb5 --- /dev/null +++ b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch @@ -0,0 +1,32 @@ +From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jun 2024 10:14:25 +0200 +Subject: [PATCH] Fix potential use of uninitialized pgp struct + +We only call initPgpData() after base64 encoding the pubkey so if the +latter fails, the kd struct will be left uninitialized and subsequently +read from after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22605 +--- + lib/rpmts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/rpmts.c b/lib/rpmts.c +index 3070b97e6..76964c60a 100644 +--- a/lib/rpmts.c ++++ b/lib/rpmts.c +@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys, + int rc = -1; + int i; + ++ memset(&kd, 0, sizeof(kd)); ++ + if ((enc = rpmPubkeyBase64(key)) == NULL) + goto exit; + +-- +2.46.0 + diff --git a/0001-Fix-potential-use-of-uninitialized-pipe-array.patch b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch new file mode 100644 index 0000000..d6c71e2 --- /dev/null +++ b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch @@ -0,0 +1,32 @@ +From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Thu, 6 Jun 2024 09:15:02 +0200 +Subject: [PATCH] Fix potential use of uninitialized pipe array + +We only call pipe(2) after the script is written to disk so if the +latter fails, the array will be left uninitialized and subsequently read +after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22604 +--- + lib/rpmscript.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index 281c55c53..1de4acf8e 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + char * fn = NULL; + pid_t pid, reaped; + int status; +- int inpipe[2]; ++ int inpipe[2] = { -1, -1 }; + FILE *in = NULL; + const char *line; + char *mline = NULL; +-- +2.46.0 + diff --git a/rpm.spec b/rpm.spec index f8df6eb..03de2f1 100644 --- a/rpm.spec +++ b/rpm.spec @@ -27,7 +27,7 @@ %global rpmver 4.19.1.1 #global snapver rc1 -%global baserelease 2 +%global baserelease 3 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -136,7 +136,9 @@ rpm-4.18.92-disable-sysusers.patch rpm-4.18.90-weak-user-group.patch # Patches already upstream: -# ... +0001-Fix-potential-use-of-uninitialized-pipe-array.patch +0001-Fix-potential-use-of-uninitialized-pgp-struct.patch +0001-Fix-memory-leak-in-rpmsign.patch # These are not yet upstream rpm-4.7.1-geode-i686.patch @@ -614,6 +616,11 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Tue Aug 13 2024 Michal Domonkos - 4.19.1.1-3 +- Fix potential use of uninitialized pipe array (RHEL-54012) +- Fix potential use of uninitialized pgp struct (RHEL-54013) +- Fix memory leak in rpmsign(8) (RHEL-37564) + * Mon Jun 24 2024 Troy Dawson - 4.19.1.1-2 - Bump release for June 2024 mass rebuild