- newer git snapshot to keep patch-count down

- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
- fix obsoletes in installing set getting matched on provides (#810077)

.gitignore

@@ -1 +1,2 @@
 /rpm-4.9.90.git11505.tar.bz2
+/rpm-4.9.90.git11519.tar.bz2

rpm-4.9.90-canonarch.patch

@@ -1,24 +0,0 @@
-commit 2e5d83e3d1a27044ee59f13f66b06e9011d1ac9f
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Fri Mar 30 09:56:43 2012 +0300
-
-    Axe leftover CANONARCH assignment messing up our "base" archs (RhBug:808250)
-    
-    - This should've been in commit 2a8d03669732f68f02fa7b21ec87ee3f65d11e5b,
-      the leftover CANONARCH resets the "base arch" we just set to a wrong
-      value.
-    (cherry picked from commit 7c39c65da4b1b012061ffbac179a650643d00ba9)
-
-diff --git a/installplatform b/installplatform
-index c56d5665..f7ae241 100755
---- a/installplatform
-+++ b/installplatform
-@@ -111,8 +111,6 @@ for ARCH in noarch `grep ^arch_canon $RPMRC | cut -d: -f2`; do
-   # skip architectures for which we dont have full config parameters
-   [ -z "$CANONARCH" ] && continue
- 
--  CANONARCH="`echo $ARCH|sed -e "$canonarch_sed"`"
--
-   if [ "$OS" = "linux" ] && [ "$CANONCOLOR" = 3 ]; then
-       LIB=${LIB}64
-   fi

rpm-4.9.90-header-datalength.patch

@@ -1,70 +0,0 @@
-commit 0b8c3218027c99a6d92c2ca53fe7f42cf87f30a4
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Fri Mar 23 14:17:47 2012 +0200
-
-    Eliminate broken data end calculation in dataLength()
-    
-    - If the caller doesn't know the end pointer, we dont have a whole lot
-      of chance to come up with a reasonable one either. Just assume
-      the terminating \0's are there when end boundary is not specified:
-      when this happens we're dealing with relatively "trusted" data
-      anyway, the more critical case of reading in unknown headers does
-      always pass end pointers.
-    - While capping the end pointer to HEADER_DATA_MAX seems like a
-      reasonable thing to do (as was done in commit
-      f79909d04e43cbfbbcdc588530a8c8033c5e0a7c), it doesn't really help
-      (bad data would likely run past bounds anyway), and it's not right
-      either: the pointer can be to a stack address, and the stack can be
-      near the top of addressable range, and ptr + HEADER_DATA_MAX can
-      cause pointer wraparound. Notably that's exactly what happens
-      when running 32bit personality process on 64bit system on Linux,
-      at least in case of i386 process on x86_64, causing all sorts of
-      breakage..
-
-diff --git a/lib/header.c b/lib/header.c
-index d741552..023c6e3 100644
---- a/lib/header.c
-+++ b/lib/header.c
-@@ -301,16 +301,27 @@ unsigned headerSizeof(Header h, int magicp)
-     return size;
- }
- 
--/* Bounded header string (array) size calculation, return -1 on error */
-+/*
-+ * Header string (array) size calculation, bounded if end is non-NULL.
-+ * Return length (including \0 termination) on success, -1 on error.
-+ */
- static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
- {
-     const char *start = str;
-     const char *s;
- 
--    while ((s = memchr(start, '\0', end-start))) {
--	if (--c == 0 || s > end)
--	    break;
--	start = s + 1;
-+    if (end) {
-+	while ((s = memchr(start, '\0', end-start))) {
-+	    if (--c == 0 || s > end)
-+		break;
-+	    start = s + 1;
-+	}
-+    } else {
-+	while ((s = strchr(start, '\0'))) {
-+	    if (--c == 0)
-+		break;
-+	    start = s + 1;
-+	}
-     }
-     return (c > 0) ? -1 : (s - str + 1);
- }
-@@ -328,8 +339,7 @@ static int dataLength(rpm_tagtype_t type, rpm_constdata_t p, rpm_count_t count,
- 			 int onDisk, rpm_constdata_t pend)
- {
-     const char * s = p;
--    /* Not all callers supply data end, avoid falling over edge of the world */
--    const char * se = pend ? pend : s + HEADER_DATA_MAX;
-+    const char * se = pend;
-     int length = 0;
- 
-     switch (type) {

rpm-4.9.90-int-libdb.patch

@@ -1,67 +0,0 @@
-commit dd05fdd35f680dfff606731a664859ae45762bb1
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Mon Mar 26 13:03:03 2012 +0300
-
-    Dont bother building internal versions of db utilities we dont need
-    
-    - rpmdb_dump, load, recover, verify, stat etc are useful at times,
-      but these are not. This also fixes build with internal db for
-      more recent versions of Berkeley DB.
-
-diff --git a/lib/Makefile.am b/lib/Makefile.am
-index 8c3b970..2245c19 100644
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -82,29 +82,6 @@ CLEANFILES += $(libdb_la)
- 
- rpmlibexec_PROGRAMS =
- 
--rpmlibexec_PROGRAMS += rpmdb_archive
--rpmdb_archive_SOURCES =
--rpmdb_archive_LDADD = \
--	$(top_builddir)/db3/db_archive.o \
--	$(top_builddir)/db3/util_sig.o \
--	librpm.la
--
--rpmlibexec_PROGRAMS += rpmdb_checkpoint
--rpmdb_checkpoint_SOURCES =
--rpmdb_checkpoint_LDADD = \
--	$(top_builddir)/db3/db_checkpoint.o \
--	$(top_builddir)/db3/util_log.o \
--	$(top_builddir)/db3/util_sig.o \
--	librpm.la
--
--rpmlibexec_PROGRAMS += rpmdb_deadlock
--rpmdb_deadlock_SOURCES =
--rpmdb_deadlock_LDADD = \
--	$(top_builddir)/db3/db_deadlock.o \
--	$(top_builddir)/db3/util_log.o \
--	$(top_builddir)/db3/util_sig.o \
--	librpm.la
--
- rpmlibexec_PROGRAMS += rpmdb_dump
- rpmdb_dump_SOURCES =
- rpmdb_dump_LDADD = \
-@@ -121,22 +98,6 @@ rpmdb_load_LDADD = \
- 	$(top_builddir)/db3/util_sig.o \
- 	librpm.la
- 
--rpmlibexec_PROGRAMS += rpmdb_printlog
--rpmdb_printlog_SOURCES =
--rpmdb_printlog_LDADD = \
--	$(top_builddir)/db3/db_printlog.o \
--	$(top_builddir)/db3/btree_autop.o \
--	$(top_builddir)/db3/crdel_autop.o \
--	$(top_builddir)/db3/db_autop.o \
--	$(top_builddir)/db3/dbreg_autop.o \
--	$(top_builddir)/db3/fileops_autop.o \
--	$(top_builddir)/db3/hash_autop.o \
--	$(top_builddir)/db3/qam_autop.o \
--	$(top_builddir)/db3/rep_autop.o \
--	$(top_builddir)/db3/txn_autop.o \
--	$(top_builddir)/db3/util_sig.o \
--	librpm.la
--
- rpmlibexec_PROGRAMS += rpmdb_recover
- rpmdb_recover_SOURCES =
- rpmdb_recover_LDADD = \

rpm-4.9.90-keyid-size.patch

@@ -1,37 +0,0 @@
-commit c5a140133505dbe3cf59c97bbf40c2f5526e5f5b
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Thu Mar 22 12:24:55 2012 +0200
-
-    Oops, "magic eight" is necessary here afterall
-    
-    - Fix regression from commit 807b402d95702f3f91e9e2bfbd2b5ca8c9964ed9,
-      the array gets passed as a pointer (how else would it work at all),
-      so despite having seemingly correct type, sizeof(keyid) depends
-      on the pointer size. This happens to be 8 on x86_64 and friends
-      but breaks on eg i386.
-    - Also return the explicit size from pgpExtractPubkeyFingerprint(),
-      this has been "broken" for much longer but then all callers should
-      really care about is -1 for error.
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index 4aac23d..e70cf70 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -757,7 +757,7 @@ static int getFingerprint(const uint8_t *h, size_t hlen, pgpKeyID_t keyid)
- 	    (void) rpmDigestFinal(ctx, (void **)&d, &dlen, 0);
- 
- 	    if (d) {
--		memcpy(keyid, (d + (dlen-sizeof(keyid))), sizeof(keyid));
-+		memcpy(keyid, (d + (dlen-8)), 8);
- 		free(d);
- 		rc = 0;
- 	    }
-@@ -787,7 +787,7 @@ int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid)
-     if (rpmBase64Decode(b64pkt, (void **)&pkt, &pktlen) == 0) {
- 	if (pgpPubkeyFingerprint(pkt, pktlen, keyid) == 0) {
- 	    /* if there ever was a bizarre return code for success... */
--	    rc = sizeof(keyid);
-+	    rc = 8;
- 	}
- 	free(pkt);
-     }

rpm-4.9.90-rpmdeps-args.patch

@@ -1,44 +0,0 @@
-commit 9a2547ff49ae2fa9a4c9118e5472bba045379f3d
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Thu Mar 29 11:26:57 2012 +0300
-
-    Accept files as command line arguments again in rpmdeps (RhBug:807767)
-    
-    - Commit a25c3c7bac95ab7eb55f0ecf0b8793d8da341611 removed what was
-      supposedly a non-supported method of passing files as arguments
-      (instead of the normal stdin method) to rpmdeps. Turns out
-      rpmdeps is even documented to take files as cli args, and that's
-      how Fedora's %filter_setup macros are calling it...
-    - Allow files as arguments again, but in a way that doesn't cause
-      argvFoo() vs popt crash-n-burn.
-    (cherry picked from commit fe252f21b370331016a952b085465cd97837aaef)
-
-diff --git a/tools/rpmdeps.c b/tools/rpmdeps.c
-index 6b0b527..c3112eb 100644
---- a/tools/rpmdeps.c
-+++ b/tools/rpmdeps.c
-@@ -60,11 +60,19 @@ main(int argc, char *argv[])
-     if (optCon == NULL)
- 	goto exit;
- 
--    while (fgets(buf, sizeof(buf), stdin) != NULL) {
--	char *be = buf + strlen(buf) - 1;
--	while (strchr("\r\n", *be) != NULL)
--	    *be-- = '\0';
--	argvAdd(&av, buf);
-+    /* normally files get passed through stdin but also accept files as args */
-+    if (poptPeekArg(optCon)) {
-+	const char *arg;
-+	while ((arg = poptGetArg(optCon)) != NULL) {
-+	    argvAdd(&av, arg);
-+	}
-+    } else {
-+	while (fgets(buf, sizeof(buf), stdin) != NULL) {
-+	    char *be = buf + strlen(buf) - 1;
-+	    while (strchr("\r\n", *be) != NULL)
-+		*be-- = '\0';
-+	    argvAdd(&av, buf);
-+	}
-     }
-     /* Make sure file names are sorted. */
-     argvSort(av, NULL);

rpm-4.9.90-rpmte-fileinfo-2.patch

@@ -1,34 +0,0 @@
-commit 2f20f6e6b2cc6f26794678d1db16659c484a001c
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Wed Mar 21 09:07:21 2012 +0200
-
-    Transaction element file info can be legally NULL in some cases
-    
-    - rpmteClose() will wipe out the file info to free memory, we only
-      should care whether we failed to (re)load the file info. This
-      thinko in commit 06a2f1269b035a3a76464149834f2a5a8c4e89f2
-      broke %posttrans scriptlets (and without commit
-      274dbf557d1cac90f7c278f9b6d6af05997d92df, %pretrans in other
-      circumstances), whoopsie *blush*. Now, off to write a test-case
-      for our scriptlet behavior...
-
-diff --git a/lib/rpmte.c b/lib/rpmte.c
-index 65e1e76..65d65af 100644
---- a/lib/rpmte.c
-+++ b/lib/rpmte.c
-@@ -693,11 +693,12 @@ static int rpmteOpen(rpmte te, int reload_fi)
-     }
-     if (h != NULL) {
- 	if (reload_fi) {
-+	    /* This can fail if we get a different, bad header from callback */
- 	    te->fi = getFI(te, h);
-+	    rc = (te->fi != NULL);
-+	} else {
-+	    rc = 1;
- 	}
--
--	/* This can fail if we get a different, bad header from callback */
--	rc = (te->fi != NULL);
- 	
- 	rpmteSetHeader(te, h);
- 	headerFree(h);

rpm-4.9.90-rpmte-fileinfo.patch

@@ -1,28 +0,0 @@
-commit 274dbf557d1cac90f7c278f9b6d6af05997d92df
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Tue Mar 20 16:32:54 2012 +0200
-
-    Don't free up file info sets on transaction test-runs, take II
-    
-    - Despite commit cef18c94807af0935b7796c462aab8ed39f0f376, we'd still
-      end up freeing the file info sets via rpmteClose() while going
-      through the test-transaction packages. This together with commit
-      06a2f1269b035a3a76464149834f2a5a8c4e89f2 caused install failures
-      on packages which have %pretrans scriptlets, if a test-transaction
-      was first performed on the same transaction set that gets used
-      for the "real" transaction as well. How wonderfully obscure...
-
-diff --git a/lib/rpmte.c b/lib/rpmte.c
-index d1e4f87..65e1e76 100644
---- a/lib/rpmte.c
-+++ b/lib/rpmte.c
-@@ -917,7 +917,8 @@ int rpmteProcess(rpmte te, pkgGoal goal)
- {
-     /* Only install/erase resets pkg file info */
-     int scriptstage = (goal != PKG_INSTALL && goal != PKG_ERASE);
--    int reset_fi = (scriptstage == 0);
-+    int test = (rpmtsFlags(te->ts) & RPMTRANS_FLAG_TEST);
-+    int reset_fi = (scriptstage == 0 && test == 0);
-     int failed = 1;
- 
-     /* Dont bother opening for elements without pre/posttrans scripts */

rpm.spec

@@ -12,7 +12,7 @@
 %define rpmhome /usr/lib/rpm
 
 %define rpmver 4.9.90
-%define snapver git11505
+%define snapver git11519
 %define srcver %{rpmver}%{?snapver:.%{snapver}}
 
 %define bdbname libdb
@@ -46,13 +46,6 @@ Patch5: rpm-4.9.90-armhfp.patch
 Patch6: rpm-4.9.0-armhfp-logic.patch
 
 # Patches already in upstream
-Patch200: rpm-4.9.90-rpmte-fileinfo.patch
-Patch201: rpm-4.9.90-rpmte-fileinfo-2.patch
-Patch202: rpm-4.9.90-keyid-size.patch
-Patch203: rpm-4.9.90-header-datalength.patch
-Patch204: rpm-4.9.90-rpmdeps-args.patch
-Patch205: rpm-4.9.90-canonarch.patch
-Patch206: rpm-4.9.90-int-libdb.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@@ -222,14 +215,6 @@ packages on a system.
 %patch3 -p1 -b .no-man-dirs
 %patch4 -p1 -b .use-gpg2
 
-%patch200 -p1 -b .rpmte-fileinfo
-%patch201 -p1 -b .rpmte-fileinfo-2
-%patch202 -p1 -b .keyid-size
-%patch203 -p1 -b .header-datalength
-%patch204 -p1 -b .rpmdeps-args
-%patch205 -p1 -b .canonarch
-%patch206 -p1 -b .int-libdb
-
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
 %patch304 -p1 -b .ldflags
@@ -455,6 +440,11 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Thu Apr 05 2012 Panu Matilainen <pmatilai@redhat.com> - 4.9.90-0.git11519.1
+- newer git snapshot to keep patch-count down
+- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
+- fix obsoletes in installing set getting matched on provides (#810077)
+
 * Wed Apr 04 2012 Jindrich Novy <jnovy@redhat.com> - 4.9.90-0.git11505.12
 - rebuild against new libdb
 

sources

@@ -1 +1 @@
-9206167147441cda84a56c338de9ebaa  rpm-4.9.90.git11505.tar.bz2
+7e59625daeda485a9aef80c175712d1a  rpm-4.9.90.git11519.tar.bz2