Fix OpenScanHub findings
Resolves: RHEL-54012 Resolves: RHEL-54013 Resolves: RHEL-37564
This commit is contained in:
parent
4a205e4f23
commit
0c62987083
27
0001-Fix-memory-leak-in-rpmsign.patch
Normal file
27
0001-Fix-memory-leak-in-rpmsign.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 65fa582b5cb267bb73c3e2b4c502f456d50c41f0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Mon, 12 Aug 2024 17:15:48 +0200
|
||||||
|
Subject: [PATCH] Fix memory leak in rpmsign
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Fixes: RHEL-37564
|
||||||
|
---
|
||||||
|
tools/rpmsign.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/tools/rpmsign.c b/tools/rpmsign.c
|
||||||
|
index a47b2c109..c5e3e11b4 100644
|
||||||
|
--- a/tools/rpmsign.c
|
||||||
|
+++ b/tools/rpmsign.c
|
||||||
|
@@ -152,6 +152,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
|
||||||
|
char *key = rpmExpand("%{?_file_signing_key}", NULL);
|
||||||
|
if (rstreq(key, "")) {
|
||||||
|
fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
|
||||||
|
+ free(key);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
32
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
Normal file
32
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Fri, 7 Jun 2024 10:14:25 +0200
|
||||||
|
Subject: [PATCH] Fix potential use of uninitialized pgp struct
|
||||||
|
|
||||||
|
We only call initPgpData() after base64 encoding the pubkey so if the
|
||||||
|
latter fails, the kd struct will be left uninitialized and subsequently
|
||||||
|
read from after skipping to the exit label. Fix by initializing it.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Fixes: RHEL-22605
|
||||||
|
---
|
||||||
|
lib/rpmts.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/rpmts.c b/lib/rpmts.c
|
||||||
|
index 3070b97e6..76964c60a 100644
|
||||||
|
--- a/lib/rpmts.c
|
||||||
|
+++ b/lib/rpmts.c
|
||||||
|
@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys,
|
||||||
|
int rc = -1;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
+ memset(&kd, 0, sizeof(kd));
|
||||||
|
+
|
||||||
|
if ((enc = rpmPubkeyBase64(key)) == NULL)
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
32
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
Normal file
32
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Thu, 6 Jun 2024 09:15:02 +0200
|
||||||
|
Subject: [PATCH] Fix potential use of uninitialized pipe array
|
||||||
|
|
||||||
|
We only call pipe(2) after the script is written to disk so if the
|
||||||
|
latter fails, the array will be left uninitialized and subsequently read
|
||||||
|
after skipping to the exit label. Fix by initializing it.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Fixes: RHEL-22604
|
||||||
|
---
|
||||||
|
lib/rpmscript.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/rpmscript.c b/lib/rpmscript.c
|
||||||
|
index 281c55c53..1de4acf8e 100644
|
||||||
|
--- a/lib/rpmscript.c
|
||||||
|
+++ b/lib/rpmscript.c
|
||||||
|
@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
|
||||||
|
char * fn = NULL;
|
||||||
|
pid_t pid, reaped;
|
||||||
|
int status;
|
||||||
|
- int inpipe[2];
|
||||||
|
+ int inpipe[2] = { -1, -1 };
|
||||||
|
FILE *in = NULL;
|
||||||
|
const char *line;
|
||||||
|
char *mline = NULL;
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
11
rpm.spec
11
rpm.spec
@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
%global rpmver 4.19.1.1
|
%global rpmver 4.19.1.1
|
||||||
#global snapver rc1
|
#global snapver rc1
|
||||||
%global baserelease 2
|
%global baserelease 3
|
||||||
%global sover 10
|
%global sover 10
|
||||||
|
|
||||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||||
@ -136,7 +136,9 @@ rpm-4.18.92-disable-sysusers.patch
|
|||||||
rpm-4.18.90-weak-user-group.patch
|
rpm-4.18.90-weak-user-group.patch
|
||||||
|
|
||||||
# Patches already upstream:
|
# Patches already upstream:
|
||||||
# ...
|
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
|
||||||
|
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
|
||||||
|
0001-Fix-memory-leak-in-rpmsign.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
rpm-4.7.1-geode-i686.patch
|
rpm-4.7.1-geode-i686.patch
|
||||||
@ -614,6 +616,11 @@ fi
|
|||||||
%doc %{_defaultdocdir}/rpm/API/
|
%doc %{_defaultdocdir}/rpm/API/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3
|
||||||
|
- Fix potential use of uninitialized pipe array (RHEL-54012)
|
||||||
|
- Fix potential use of uninitialized pgp struct (RHEL-54013)
|
||||||
|
- Fix memory leak in rpmsign(8) (RHEL-37564)
|
||||||
|
|
||||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-2
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-2
|
||||||
- Bump release for June 2024 mass rebuild
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user