Fix short circuiting of versions in expressions
Resolves: RHEL-15688
This commit is contained in:
Florian Festi
parent
94360abd84
commit
443474e208
|
|
@ -0,0 +1,50 @@
|
|||
From 321933f060896f721e361a1c8a8d3731bdcee827 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Schroeder <mls@suse.de>
|
||||
Date: Wed, 22 Jun 2022 14:07:01 +0200
|
||||
Subject: [PATCH] Fix short circuiting of version strings in expressions
|
||||
|
||||
We use an empty string when discarding a value due to short circuiting, but
|
||||
an empty string is not allowed for versions. So use "0" in that case.
|
||||
|
||||
Fixes: #1883
|
||||
---
|
||||
rpmio/expression.c | 2 +-
|
||||
tests/rpmmacro.at | 2 ++
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rpmio/expression.c b/rpmio/expression.c
|
||||
index a389a04d5..98a44bbdb 100644
|
||||
--- a/rpmio/expression.c
|
||||
+++ b/rpmio/expression.c
|
||||
@@ -477,7 +477,7 @@ static int rdToken(ParseState state)
|
||||
if (qtok == TOK_STRING) {
|
||||
v = valueMakeString(temp);
|
||||
} else {
|
||||
- v = valueMakeVersion(temp);
|
||||
+ v = valueMakeVersion(state->flags & RPMEXPR_DISCARD ? "0" : temp);
|
||||
free(temp); /* version doesn't take ownership of the string */
|
||||
if (v == 0) {
|
||||
exprErr(state, _("invalid version"), p+1);
|
||||
diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at
|
||||
index d1490b4d9..c4376d49e 100644
|
||||
--- a/tests/rpmmacro.at
|
||||
+++ b/tests/rpmmacro.at
|
||||
@@ -533,6 +533,7 @@ runroot rpm \
|
||||
--eval '%["%{aaa}"]' \
|
||||
--eval '%[%{?ccc}]' \
|
||||
--eval '%[v"1:2.3-4"]' \
|
||||
+ --eval '%[v"0" && v"0"]' \
|
||||
]],
|
||||
[0],
|
||||
[4096
|
||||
@@ -542,6 +543,7 @@ runroot rpm \
|
||||
5
|
||||
0
|
||||
1:2.3-4
|
||||
+0
|
||||
],
|
||||
[])
|
||||
AT_CLEANUP
|
||||
--
|
||||
2.41.0
|
||||
|
||||
7
rpm.spec
7
rpm.spec
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
%global rpmver 4.16.1.3
|
||||
#global snapver rc1
|
||||
%global rel 26
|
||||
%global rel 27
|
||||
%global sover 9
|
||||
|
||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
|
|
@ -101,6 +101,8 @@ Patch128: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch
|
|||
Patch129: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
||||
Patch130: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||
|
||||
Patch131: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
|
||||
|
||||
# These are not yet upstream
|
||||
Patch906: rpm-4.7.1-geode-i686.patch
|
||||
# Probably to be upstreamed in slightly different form
|
||||
|
|
@ -649,6 +651,9 @@ fi
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Thu 16 Nov 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27
|
||||
- Fix short circuiting of version strings in expressions (RHEL-15688)
|
||||
|
||||
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26
|
||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||
CVE-2021-35938 and CVE-2021-35939
|
||||
|
|
|
|||
Loading…
Reference in New Issue