- missing error exit code from signing password checking (#496754)
- dont fail build on unrecognized data files (#532489) - dont try to parse subkeys and secret keys (#436812) - fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
This commit is contained in:
parent
4203349708
commit
4a8173e79b
24
rpm-4.7.2-chmod-selinux.patch
Normal file
24
rpm-4.7.2-chmod-selinux.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up rpm-4.7.2/configure.ac.chmod-test rpm-4.7.2/configure.ac
|
||||||
|
--- rpm-4.7.2/configure.ac.chmod-test 2009-11-25 09:19:30.000000000 +0200
|
||||||
|
+++ rpm-4.7.2/configure.ac 2009-12-04 11:23:39.000000000 +0200
|
||||||
|
@@ -61,7 +61,7 @@ AC_MSG_CHECKING(POSIX chmod)
|
||||||
|
touch foo.chmodtest
|
||||||
|
chmod 744 foo.chmodtest
|
||||||
|
chmod +X foo.chmodtest 2>/dev/null
|
||||||
|
-a=`ls -l foo.chmodtest | awk '{print $1}'`
|
||||||
|
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
|
||||||
|
rm -f foo.chmodtest
|
||||||
|
if test "$a" = "-rwxr-xr-x"; then
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
diff -up rpm-4.7.2/configure.chmod-test rpm-4.7.2/configure
|
||||||
|
--- rpm-4.7.2/configure.chmod-test 2009-12-04 11:24:06.000000000 +0200
|
||||||
|
+++ rpm-4.7.2/configure 2009-12-04 11:24:51.000000000 +0200
|
||||||
|
@@ -17626,7 +17626,7 @@ $as_echo_n "checking POSIX chmod... " >&
|
||||||
|
touch foo.chmodtest
|
||||||
|
chmod 744 foo.chmodtest
|
||||||
|
chmod +X foo.chmodtest 2>/dev/null
|
||||||
|
-a=`ls -l foo.chmodtest | awk '{print $1}'`
|
||||||
|
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
|
||||||
|
rm -f foo.chmodtest
|
||||||
|
if test "$a" = "-rwxr-xr-x"; then
|
||||||
|
{ $as_echo "$as_me:$LINENO: result: yes" >&5
|
37
rpm-4.7.2-pgp-subkey.patch
Normal file
37
rpm-4.7.2-pgp-subkey.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
commit 6eeb0bb06466d9eb75eb55efd514d3ecfe089042
|
||||||
|
Author: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Wed Nov 25 15:07:17 2009 +0200
|
||||||
|
|
||||||
|
We can't handle OpenPGP subkeys or secret keys, so dont even try
|
||||||
|
- parsing subkeys ends up overwriting data in the main key, causing
|
||||||
|
bogus signature checking failures
|
||||||
|
- this is the final missing piece of RhBug:436812, short of adding
|
||||||
|
proper support for subkeys (maybe someday...)
|
||||||
|
(cherry picked from commit 98213fc4192c7af07037a0f3e9cce9e3b8509c02)
|
||||||
|
|
||||||
|
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
|
||||||
|
index d7bbb5e..f76fc2b 100644
|
||||||
|
--- a/rpmio/rpmpgp.c
|
||||||
|
+++ b/rpmio/rpmpgp.c
|
||||||
|
@@ -1190,11 +1190,6 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
|
||||||
|
else
|
||||||
|
memset(_digp->signid, 0, sizeof(_digp->signid));
|
||||||
|
}
|
||||||
|
- case PGPTAG_PUBLIC_SUBKEY:
|
||||||
|
- rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
|
||||||
|
- break;
|
||||||
|
- case PGPTAG_SECRET_KEY:
|
||||||
|
- case PGPTAG_SECRET_SUBKEY:
|
||||||
|
rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
|
||||||
|
break;
|
||||||
|
case PGPTAG_USER_ID:
|
||||||
|
@@ -1205,6 +1200,9 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
|
||||||
|
rc = pgpPrtComment(tag, h, hlen);
|
||||||
|
break;
|
||||||
|
|
||||||
|
+ case PGPTAG_PUBLIC_SUBKEY:
|
||||||
|
+ case PGPTAG_SECRET_KEY:
|
||||||
|
+ case PGPTAG_SECRET_SUBKEY:
|
||||||
|
case PGPTAG_RESERVED:
|
||||||
|
case PGPTAG_PUBLIC_SESSION_KEY:
|
||||||
|
case PGPTAG_SYMMETRIC_SESSION_KEY:
|
43
rpm-4.7.2-rpmfc-unknown.patch
Normal file
43
rpm-4.7.2-rpmfc-unknown.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
commit fa9fcc89146f08bce3b51d96d0ec9d4175db6978
|
||||||
|
Author: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Thu Nov 26 10:22:41 2009 +0200
|
||||||
|
|
||||||
|
Dont fail build on unrecognized non-executable files (ticket #105)
|
||||||
|
- Generally only executable files are critical for dependency extraction,
|
||||||
|
whereas oddball application data files can cause unnecessary build
|
||||||
|
failure due to libmagic misdetections etc, so just let non-executables
|
||||||
|
pass with a warning and mark them as unknown data
|
||||||
|
(cherry picked from commit cfcd1f9bd98d5d0fc46a84931984efec3b9d47e2)
|
||||||
|
|
||||||
|
diff --git a/build/rpmfc.c b/build/rpmfc.c
|
||||||
|
index bcb5383..e4ba6b2 100644
|
||||||
|
--- a/build/rpmfc.c
|
||||||
|
+++ b/build/rpmfc.c
|
||||||
|
@@ -1245,6 +1245,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
|
||||||
|
for (fc->ix = 0; fc->ix < fc->nfiles; fc->ix++) {
|
||||||
|
const char * ftype;
|
||||||
|
rpm_mode_t mode = (fmode ? fmode[fc->ix] : 0);
|
||||||
|
+ int is_executable = (mode & (S_IXUSR|S_IXGRP|S_IXOTH));
|
||||||
|
|
||||||
|
s = argv[fc->ix];
|
||||||
|
slen = strlen(s);
|
||||||
|
@@ -1277,11 +1278,16 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
|
||||||
|
ftype = magic_file(ms, s);
|
||||||
|
|
||||||
|
if (ftype == NULL) {
|
||||||
|
- rpmlog(RPMLOG_ERR,
|
||||||
|
+ rpmlog(is_executable ? RPMLOG_ERR : RPMLOG_WARNING,
|
||||||
|
_("Recognition of file \"%s\" failed: mode %06o %s\n"),
|
||||||
|
s, mode, magic_error(ms));
|
||||||
|
- magic_close(ms);
|
||||||
|
- return RPMRC_FAIL;
|
||||||
|
+ /* only executable files are critical to dep extraction */
|
||||||
|
+ if (is_executable) {
|
||||||
|
+ magic_close(ms);
|
||||||
|
+ return RPMRC_FAIL;
|
||||||
|
+ }
|
||||||
|
+ /* unrecognized non-executables get treated as "data" */
|
||||||
|
+ ftype = "data";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
34
rpm-4.7.2-sign-passcheck.patch
Normal file
34
rpm-4.7.2-sign-passcheck.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
commit 31c5e0f9b7b09661611b50d84d26ba47ce97fffe
|
||||||
|
Author: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Wed Nov 25 16:42:43 2009 +0200
|
||||||
|
|
||||||
|
Fix signature password checking result on abnormal conditions (RhBug:496754)
|
||||||
|
- Execve() failure wasn't returning an error code, causing rpm to
|
||||||
|
think the password was ok when we couldn't even try verifying
|
||||||
|
- Stricter return code checking from the password checking child:
|
||||||
|
the password can only be ok if the child exits with WIFEXITED() *and*
|
||||||
|
WIFEXITCODE() of 0. Also WIFEXITCODE() should only be called if
|
||||||
|
WIFEXITED() returns true.
|
||||||
|
(cherry picked from commit 2b41860984f0c4ebba5ebce93a18c9c0ca5e1065)
|
||||||
|
|
||||||
|
diff --git a/lib/signature.c b/lib/signature.c
|
||||||
|
index a501f3e..a2eaf9b 100644
|
||||||
|
--- a/lib/signature.c
|
||||||
|
+++ b/lib/signature.c
|
||||||
|
@@ -883,6 +883,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
|
||||||
|
|
||||||
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
||||||
|
strerror(errno));
|
||||||
|
+ _exit(EXIT_FAILURE);
|
||||||
|
} break;
|
||||||
|
case RPMSIGTAG_RSA:
|
||||||
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
||||||
|
@@ -932,7 +933,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
|
||||||
|
|
||||||
|
(void) waitpid(pid, &status, 0);
|
||||||
|
|
||||||
|
- return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
|
||||||
|
+ return ((WIFEXITED(status) && WEXITSTATUS(status) == 0)) ? 0 : 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
char * rpmGetPassPhrase(const char * prompt, const rpmSigTag sigTag)
|
16
rpm.spec
16
rpm.spec
@ -21,7 +21,7 @@
|
|||||||
Summary: The RPM package management system
|
Summary: The RPM package management system
|
||||||
Name: rpm
|
Name: rpm
|
||||||
Version: %{rpmver}
|
Version: %{rpmver}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Url: http://www.rpm.org/
|
Url: http://www.rpm.org/
|
||||||
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
|
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
|
||||||
@ -42,6 +42,10 @@ Patch3: rpm-4.6.0-fedora-specspo.patch
|
|||||||
Patch200: rpm-4.7.1-bugurl.patch
|
Patch200: rpm-4.7.1-bugurl.patch
|
||||||
Patch201: rpm-4.7.0-extra-provides.patch
|
Patch201: rpm-4.7.0-extra-provides.patch
|
||||||
Patch202: rpm-4.7.1-python-bytecompile.patch
|
Patch202: rpm-4.7.1-python-bytecompile.patch
|
||||||
|
Patch203: rpm-4.7.2-sign-passcheck.patch
|
||||||
|
Patch204: rpm-4.7.2-rpmfc-unknown.patch
|
||||||
|
Patch205: rpm-4.7.2-pgp-subkey.patch
|
||||||
|
Patch206: rpm-4.7.2-chmod-selinux.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
Patch301: rpm-4.6.0-niagara.patch
|
Patch301: rpm-4.6.0-niagara.patch
|
||||||
@ -197,6 +201,10 @@ packages on a system.
|
|||||||
%patch200 -p1 -b .bugurl
|
%patch200 -p1 -b .bugurl
|
||||||
%patch201 -p1 -b .extra-prov
|
%patch201 -p1 -b .extra-prov
|
||||||
%patch202 -p1 -b .python-bytecompile
|
%patch202 -p1 -b .python-bytecompile
|
||||||
|
%patch203 -p1 -b .sign-passcheck
|
||||||
|
%patch204 -p1 -b .rpmfc-unknown
|
||||||
|
%patch205 -p1 -b .pgp-subkey
|
||||||
|
%patch206 -p1 -b .chmod-test
|
||||||
|
|
||||||
%patch301 -p1 -b .niagara
|
%patch301 -p1 -b .niagara
|
||||||
%patch302 -p1 -b .geode
|
%patch302 -p1 -b .geode
|
||||||
@ -411,6 +419,12 @@ exit 0
|
|||||||
%doc doc/librpm/html/*
|
%doc doc/librpm/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 04 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-2
|
||||||
|
- missing error exit code from signing password checking (#496754)
|
||||||
|
- dont fail build on unrecognized data files (#532489)
|
||||||
|
- dont try to parse subkeys and secret keys (#436812)
|
||||||
|
- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
|
||||||
|
|
||||||
* Wed Nov 25 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
|
* Wed Nov 25 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
|
||||||
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
|
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
|
||||||
- fixes #464750, #529214
|
- fixes #464750, #529214
|
||||||
|
Loading…
Reference in New Issue
Block a user