Fix short circuiting of versions in expressions
Resolves: RHEL-15688
This commit is contained in:
parent
94360abd84
commit
443474e208
@ -0,0 +1,50 @@
|
|||||||
|
From 321933f060896f721e361a1c8a8d3731bdcee827 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Schroeder <mls@suse.de>
|
||||||
|
Date: Wed, 22 Jun 2022 14:07:01 +0200
|
||||||
|
Subject: [PATCH] Fix short circuiting of version strings in expressions
|
||||||
|
|
||||||
|
We use an empty string when discarding a value due to short circuiting, but
|
||||||
|
an empty string is not allowed for versions. So use "0" in that case.
|
||||||
|
|
||||||
|
Fixes: #1883
|
||||||
|
---
|
||||||
|
rpmio/expression.c | 2 +-
|
||||||
|
tests/rpmmacro.at | 2 ++
|
||||||
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/rpmio/expression.c b/rpmio/expression.c
|
||||||
|
index a389a04d5..98a44bbdb 100644
|
||||||
|
--- a/rpmio/expression.c
|
||||||
|
+++ b/rpmio/expression.c
|
||||||
|
@@ -477,7 +477,7 @@ static int rdToken(ParseState state)
|
||||||
|
if (qtok == TOK_STRING) {
|
||||||
|
v = valueMakeString(temp);
|
||||||
|
} else {
|
||||||
|
- v = valueMakeVersion(temp);
|
||||||
|
+ v = valueMakeVersion(state->flags & RPMEXPR_DISCARD ? "0" : temp);
|
||||||
|
free(temp); /* version doesn't take ownership of the string */
|
||||||
|
if (v == 0) {
|
||||||
|
exprErr(state, _("invalid version"), p+1);
|
||||||
|
diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at
|
||||||
|
index d1490b4d9..c4376d49e 100644
|
||||||
|
--- a/tests/rpmmacro.at
|
||||||
|
+++ b/tests/rpmmacro.at
|
||||||
|
@@ -533,6 +533,7 @@ runroot rpm \
|
||||||
|
--eval '%["%{aaa}"]' \
|
||||||
|
--eval '%[%{?ccc}]' \
|
||||||
|
--eval '%[v"1:2.3-4"]' \
|
||||||
|
+ --eval '%[v"0" && v"0"]' \
|
||||||
|
]],
|
||||||
|
[0],
|
||||||
|
[4096
|
||||||
|
@@ -542,6 +543,7 @@ runroot rpm \
|
||||||
|
5
|
||||||
|
0
|
||||||
|
1:2.3-4
|
||||||
|
+0
|
||||||
|
],
|
||||||
|
[])
|
||||||
|
AT_CLEANUP
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
7
rpm.spec
7
rpm.spec
@ -32,7 +32,7 @@
|
|||||||
|
|
||||||
%global rpmver 4.16.1.3
|
%global rpmver 4.16.1.3
|
||||||
#global snapver rc1
|
#global snapver rc1
|
||||||
%global rel 26
|
%global rel 27
|
||||||
%global sover 9
|
%global sover 9
|
||||||
|
|
||||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||||
@ -101,6 +101,8 @@ Patch128: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch
|
|||||||
Patch129: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
Patch129: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
||||||
Patch130: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
Patch130: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||||
|
|
||||||
|
Patch131: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
Patch906: rpm-4.7.1-geode-i686.patch
|
Patch906: rpm-4.7.1-geode-i686.patch
|
||||||
# Probably to be upstreamed in slightly different form
|
# Probably to be upstreamed in slightly different form
|
||||||
@ -649,6 +651,9 @@ fi
|
|||||||
%doc doc/librpm/html/*
|
%doc doc/librpm/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu 16 Nov 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27
|
||||||
|
- Fix short circuiting of version strings in expressions (RHEL-15688)
|
||||||
|
|
||||||
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26
|
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26
|
||||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||||
CVE-2021-35938 and CVE-2021-35939
|
CVE-2021-35938 and CVE-2021-35939
|
||||||
|
Loading…
Reference in New Issue
Block a user