Add patches for release 10

Resolves: #1943724 Resolves: #2048455 Resolves: #2037352 Resolves: #2025906
2022-01-31 16:13:31 +01:00 · 2022-01-31 16:13:31 +01:00 · 1a9baff802
commit 1a9baff802
parent 43a9b03766
5 changed files with 303 additions and 13 deletions
--- a/rpm-4.16.1.3-add-path-query-option.patch
+++ b/rpm-4.16.1.3-add-path-query-option.patch
@ -0,0 +1,194 @@
 From ce8af503733b5661efa046cc7f5f68ee0dad75cc Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Mon, 16 Aug 2021 18:21:02 +0200
 Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries
 There are legitimate reasons (such as rhbz#1940895 or the included test)
 for wanting the former behavior where all file states were considered in
 file queries prior to commit 9ad57bda4a82b9847826daa766b4421d877bb3d9,
 so celebrate the tenth anniversary of that commit by adding a CLI switch
 (a new package selector --path), as contemplated back then.
 Update the man page for --file to reflect it's current behavior and make
 --path that more obvious.
 Resolves: rhbz#1940895
 Combined with d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f and backported
 for 4.16.1.3.
 ---
 doc/rpm.8         |  9 ++++++--
 lib/poptQV.c      |  6 +++++-
 lib/query.c       |  7 +++++--
 lib/rpmcli.h      |  1 +
 tests/rpmquery.at | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 70 insertions(+), 5 deletions(-)
 diff --git a/doc/rpm.8 b/doc/rpm.8
 index 80055b675..ab7364cf6 100644
 --- a/doc/rpm.8
 +++ b/doc/rpm.8
@@ -57,7 +57,7 @@ rpm \- RPM Package Manager
 .PP
  [\fB\fIPACKAGE_NAME\fB\fR]
 - [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR]
 + [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] [\fB--path \fIPATH\fB\fR]
  [\fB-g,--group \fIGROUP\fB\fR] [\fB-p,--package \fIPACKAGE_FILE\fB\fR]
  [\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR]
  [\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR]
@@ -569,7 +569,7 @@ starts with "b".
 List duplicated packages.
 .TP
 \fB-f, --file \fIFILE\fB\fR
 -Query package owning \fIFILE\fR.
 +Query package owning installed \fIFILE\fR.
 .TP
 \fB--filecaps\fR
 List file names with POSIX1.e capabilities.
@@ -612,6 +612,11 @@ that will be expanded to paths that are substituted in place of
 the package manifest as additional \fIPACKAGE_FILE\fR
 arguments to the query.
 .TP
 +\fB--path \fIPATH\fB\fR
 +Query package(s) owning \fIPATH\fR, whether the file is installed or not.
 +Multiple packages may own a \fIPATH\fR, but the file is only owned by the
 +package installed last.
 +.TP
 \fB--pkgid \fIMD5\fB\fR
 Query package that contains a given package identifier, i.e. the
 \fIMD5\fR digest of the combined header and
 diff --git a/lib/poptQV.c b/lib/poptQV.c
 index d9d1fad75..9b6101009 100644
 --- a/lib/poptQV.c
 +++ b/lib/poptQV.c
@@ -27,6 +27,7 @@ struct rpmQVKArguments_s rpmQVKArgs;
 #define POPT_WHATENHANCES	-1014
 #define POPT_WHATOBSOLETES	-1015
 #define POPT_WHATCONFLICTS	-1016
 +#define POPT_QUERYBYPATH	-1017
 /* ========== Query/Verify/Signature source args */
 static void rpmQVSourceArgCallback( poptContext con,
@@ -58,6 +59,7 @@ static void rpmQVSourceArgCallback( poptContext con,
     case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break;
     case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break;
     case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break;
 +    case POPT_QUERYBYPATH: qva->qva_source |= RPMQV_PATH_ALL; break;
     case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break;
     case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break;
     case POPT_QUERYBYTID: qva->qva_source |= RPMQV_TID; break;
@@ -80,7 +82,9 @@ struct poptOption rpmQVSourcePoptTable[] = {
  { "checksig", 'K', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'K',
 	N_("rpm checksig mode"), NULL },
  { "file", 'f', 0, 0, 'f',
 -	N_("query/verify package(s) owning file"), "FILE" },
 +	N_("query/verify package(s) owning installed file"), "FILE" },
 + { "path", '\0', 0, 0, POPT_QUERYBYPATH,
 +	N_("query/verify package(s) owning path, installed or not"), "PATH" },
  { "group", 'g', 0, 0, 'g',
 	N_("query/verify package(s) in group"), "GROUP" },
  { "package", 'p', 0, 0, 'p',
 diff --git a/lib/query.c b/lib/query.c
 index fdabe6e52..9a71f0dc5 100644
 --- a/lib/query.c
 +++ b/lib/query.c
@@ -445,6 +445,7 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
 	}
 	/* fallthrough on absolute and relative paths */
     case RPMQV_PATH:
 +    case RPMQV_PATH_ALL:
     {   char * fn;
 	for (s = arg; *s != '\0'; s++)
@@ -463,8 +464,10 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
 	    fn = xstrdup(arg);
 	(void) rpmCleanPath(fn);
 -	/* XXX Add a switch to enable former BASENAMES behavior? */
 -	mi = rpmtsInitIterator(ts, RPMDBI_INSTFILENAMES, fn, 0);
 +	rpmDbiTagVal tag = RPMDBI_INSTFILENAMES;
 +	if (qva->qva_source == RPMQV_PATH_ALL)
 +	    tag = RPMDBI_BASENAMES;
 +	mi = rpmtsInitIterator(ts, tag, fn, 0);
 	if (mi == NULL)
 	    mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0);
 diff --git a/lib/rpmcli.h b/lib/rpmcli.h
 index 4886c2453..8ef992ff2 100644
 --- a/lib/rpmcli.h
 +++ b/lib/rpmcli.h
@@ -81,6 +81,7 @@ rpmcliFini(poptContext optCon);
 enum rpmQVSources_e {
     RPMQV_PACKAGE = 0,	/*!< ... from package name db search. */
     RPMQV_PATH,		/*!< ... from file path db search. */
 +    RPMQV_PATH_ALL,	/*!< ... from file path db search (all states). */
     RPMQV_ALL,		/*!< ... from each installed package. */
     RPMQV_RPM, 		/*!< ... from reading binary rpm package. */
     RPMQV_GROUP,	/*!< ... from group db search. */
 diff --git a/tests/rpmquery.at b/tests/rpmquery.at
 index 9a4f1cb76..335d5ee0d 100644
 --- a/tests/rpmquery.at
 +++ b/tests/rpmquery.at
@@ -201,6 +201,58 @@ runroot rpm \
 AT_CLEANUP
 +# ------------------------------
 +# query a package by a file
 +AT_SETUP([rpm -qf])
 +AT_KEYWORDS([query])
 +AT_CHECK([
 +RPMDB_INIT
 +runroot rpm \
 +  --nodeps \
 +  -i /data/RPMS/hello-1.0-1.i386.rpm
 +runroot rpm \
 +  -qf /usr/local/bin/hello
 +],
 +[0],
 +[hello-1.0-1.i386
 +],
 +[])
 +AT_CLEANUP
 +
 +AT_SETUP([rpm -qf on non-installed file])
 +AT_KEYWORDS([query])
 +AT_CHECK([
 +RPMDB_INIT
 +runroot rpm \
 +  --nodeps \
 +  --excludedocs \
 +  -i /data/RPMS/hello-1.0-1.i386.rpm
 +runroot rpm \
 +  -qf /usr/share/doc/hello-1.0/FAQ
 +],
 +[1],
 +[],
 +[error: file /usr/share/doc/hello-1.0/FAQ: No such file or directory
 +])
 +AT_CLEANUP
 +
 +AT_SETUP([rpm -q --path on non-installed file])
 +AT_KEYWORDS([query])
 +AT_CHECK([
 +RPMDB_INIT
 +runroot rpm \
 +  --nodeps \
 +  --excludedocs \
 +  -i /data/RPMS/hello-1.0-1.i386.rpm
 +runroot rpm \
 +  -q --path /usr/share/doc/hello-1.0/FAQ
 +],
 +[0],
 +[hello-1.0-1.i386
 +],
 +[])
 +AT_CLEANUP
 +
 # ------------------------------
 AT_SETUP([integer array query])
 AT_KEYWORDS([query])
 -- 
 2.34.1
--- a/rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch
+++ b/rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch
@ -0,0 +1,32 @@
 From a26f6655546158153807017e7ded2aff5e4e10e4 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Mon, 31 Jan 2022 11:13:35 +0200
 Subject: [PATCH] Bump hash for rpmdb cookie to SHA256 to appease FIPS
 The rpmdb cookie is not a security feature, but as these existing
 hashes are more convenient than coming up with our own... we then
 run into the great big wall of FIPS which in its current incarnation
 disallows use of SHA1. And so rpmdbCookie() fails under current FIPS.
 Just bumping the algorithm to SHA256 seems the path of lowest
 resistance, whether that algo makes sense for this purpose or not.
 ---
 lib/rpmdb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/rpmdb.c b/lib/rpmdb.c
 index 01d49a641..00bd4236f 100644
 --- a/lib/rpmdb.c
 +++ b/lib/rpmdb.c
@@ -2642,7 +2642,7 @@ char *rpmdbCookie(rpmdb db)
     rpmdbIndexIterator ii = rpmdbIndexIteratorInit(db, RPMDBI_NAME);
     if (ii) {
 -	DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
 +	DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA256, RPMDIGEST_NONE);
 	const void *key = 0;
 	size_t keylen = 0;
 	while ((rpmdbIndexIteratorNext(ii, &key, &keylen)) == 0) {
 -- 
 2.34.1
--- a/rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
+++ b/rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
@ -0,0 +1,40 @@
 From 6cdcdd8770d1f0b9ba706dcc1e6392a59dbe3fe5 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Tue, 7 Dec 2021 08:08:37 +0100
 Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662)
 If a package contains a symlink in the buildroot which is declared as a
 ghost or config file but is a regular file or directory on the system
 where it's installed, a --setperms call will reset its permissions to
 those of a symlink (777 on Linux), which almost certainly is not the
 correct thing to do.
 To fix that, just skip files that were recorded as symlinks.
 This is a special case of a general issue in --setperms; since file
 permission semantics may change depending on the file type, to stay on
 the safe side, any (ghost or config) file whose type changes after
 installation should probably be skipped.  However, symlinks are the most
 prominent case here, so let's just focus on that now and avoid adding
 too much cleverness to a popt alias (this got us into trouble not too
 long ago, see commits 38c2f6e and 0d83637).  We may revisit this in the
 eventual C implementation.
 ---
 rpmpopt.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/rpmpopt.in b/rpmpopt.in
 index 27d298651..d5a6b140b 100644
 --- a/rpmpopt.in
 +++ b/rpmpopt.in
@@ -44,6 +44,7 @@ rpm	alias --scripts --qf '\
 	--POPTdesc=$"list install/erase scriptlets from package(s)"
 rpm	alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
 +        \[ -n %{FILELINKTOS:shescape} \] || \
         ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
         chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
 		   --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
 -- 
 2.34.1
--- a/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch
+++ b/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch
@ -1,4 +1,4 @@
-From a73895e6f03bef5e95a738ff680f7c42151f3959 Mon Sep 17 00:00:00 2001
+From 32b21da4bae5b8fbe0f42c31b723c4963b4b2512 Mon Sep 17 00:00:00 2001
 From: Demi Marie Obenour <demi@invisiblethingslab.com>
 Date: Thu, 6 May 2021 18:34:45 -0400
 Subject: [PATCH] Validate and require subkey binding signatures on PGP public
@ -18,22 +18,25 @@ Combined with:
 5ff86764b17f31535cb247543a90dd739076ec38
 b5e8bc74b2b05aa557f663fe227b94d2bc64fbd8
 9f03f42e2614a68f589f9db8fe76287146522c0c
 b6dffb6dc5ffa2ddc389743f0507876cab341315 (mem-leak fix)
 ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 (use-after-free fix)
 Fixes CVE-2021-3521.
 ---
- rpmio/rpmpgp.c                                | 123 +++++++++++++++---
+ rpmio/rpmpgp.c                                | 122 +++++++++++++++---
 sign/rpmgensig.c                              |   2 +-
 tests/Makefile.am                             |   3 +
 tests/data/keys/CVE-2021-3521-badbind.asc     |  25 ++++
 .../data/keys/CVE-2021-3521-nosubsig-last.asc |  25 ++++
 tests/data/keys/CVE-2021-3521-nosubsig.asc    |  37 ++++++
 tests/rpmsigdig.at                            |  28 ++++
- 6 files changed, 224 insertions(+), 17 deletions(-)
+ 7 files changed, 224 insertions(+), 18 deletions(-)
 create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc
 create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc
 create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc
 diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index d0688ebe9..b12410d67 100644
+index d0688ebe9..3372d577d 100644
 --- a/rpmio/rpmpgp.c
 +++ b/rpmio/rpmpgp.c
@@ -515,7 +515,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg)
@ -76,7 +79,7 @@ index d0688ebe9..b12410d67 100644
     }	break;
     default:
 	rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version);
-@@ -1041,36 +1039,128 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
+@@ -1041,36 +1039,127 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
     return algo;
 }
@ -178,12 +181,11 @@ index d0688ebe9..b12410d67 100644
 -	p += (pkt.body - pkt.head) + pkt.blen;
 +	if (selfsig) {
 +	    /* subkeys must be followed by binding signature */
-+	    if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
+	    int xx = 1; /* assume failure */
 +		if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
 +		    break;
 +	    }
 +
-+	    int xx = pgpVerifySelf(digp, selfsig, all, i);
+	    if (!(prevtag == PGPTAG_PUBLIC_SUBKEY &&
 +		  selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING))
 +		xx = pgpVerifySelf(digp, selfsig, all, i);
 +
 +	    selfsig = pgpDigParamsFree(selfsig);
 +	    if (xx)
@ -213,7 +215,7 @@ index d0688ebe9..b12410d67 100644
     if (ret && rc == 0) {
 	*ret = digp;
     } else {
-@@ -1105,8 +1195,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
+@@ -1105,8 +1194,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
 		digps = xrealloc(digps, alloced * sizeof(*digps));
 	    }
@ -223,6 +225,19 @@ index d0688ebe9..b12410d67 100644
 	    /* Copy UID from main key to subkey */
 	    digps[count]->userid = xstrdup(mainkey->userid);
 diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
 index e5d191cc0..988a0f611 100644
 --- a/sign/rpmgensig.c
 +++ b/sign/rpmgensig.c
@@ -351,7 +351,7 @@ static int haveSignature(rpmtd sigtd, Header h)
 	pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2);
 	if (pgpDigParamsCmp(sig1, sig2) == 0)
 	    rc = 1;
 -	pgpDigParamsFree(sig2);
 +	sig2 = pgpDigParamsFree(sig2);
     }
     pgpDigParamsFree(sig1);
     rpmtdFreeData(&oldtd);
 diff --git a/tests/Makefile.am b/tests/Makefile.am
 index f742a9e1d..328234278 100644
 --- a/tests/Makefile.am
@ -382,5 +397,5 @@ index e1a3ab062..705fc5870 100644
 # Test pre-built package verification
 AT_SETUP([rpmkeys -K <signed> 1])
 -- 
-2.33.1
+2.34.1
--- a/rpm.spec
+++ b/rpm.spec
@ -32,7 +32,7 @@
 %global rpmver 4.16.1.3
 #global snapver rc1
-%global rel 9
+%global rel 10
 %global sover 9
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -77,6 +77,9 @@ Patch105: rpm-4.16.1.3-ELF-files-strip-when-debuginfo-disabled.patch
 Patch106: rpm-4.16.1.3-unbreak-checking-of-installed-rich-deps.patch
 Patch107: rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch
 Patch108: rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch
 Patch109: rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch
 Patch110: rpm-4.16.1.3-add-path-query-option.patch
 Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
 # These are not yet upstream
 Patch906: rpm-4.7.1-geode-i686.patch
@ -606,6 +609,12 @@ fi
 %doc doc/librpm/html/*
 %changelog
 * Mon Jan 31 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-10
 - Address covscan issues in binding sigs validation patch (#1943724)
 - Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455)
 - Add --path query option (#2037352)
 - Skip recorded symlinks in --setperms (#2025906)
 * Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-9
 - Fix-up IMA signature lengths patch (#2018937)