import rpm-4.14.3-18.el8

2021-08-27 04:20:08 +00:00 · 2021-08-27 04:20:08 +00:00 · 57930f4c25
parent 3428a030c3
commit 57930f4c25
2 changed files with 47 additions and 1 deletions
--- a/SOURCES/rpm-4.14.3-imp-covscan-fixes.patch
+++ b/SOURCES/rpm-4.14.3-imp-covscan-fixes.patch
@ -282,3 +282,46 @@ index 09c5a6454..0f29b6371 100644
 -- 
 2.31.1

+commit 9747a6af016a3458d54fe060777c95e3900b5fa4
+Author: Demi Marie Obenour <athena@invisiblethingslab.com>
+Date:   Tue Mar 2 12:47:29 2021 -0500
+
+    Fix a tiny memory leak
+    
+    Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
+
+diff --git a/lib/headerutil.c b/lib/headerutil.c
+index 22e36c74d..fab210ff2 100644
+--- a/lib/headerutil.c
+++ b/lib/headerutil.c
+@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
+     rpmds hds, nvrds;
+ 
+     /* Generate provides for this package name-version-release. */
+-    if (!(name && pEVR))
+    if (!(name && pEVR)) {
+	free(pEVR);
+ 	return;
+    }
+ 
+     /*
+      * Rpm prior to 3.0.3 does not have versioned provides.
+commit cb2ae4bdf2f60876fdc68e3f84938e9c37182fab
+Author: Igor Gnatenko <i.gnatenko.brain@gmail.com>
+Date:   Tue Feb 6 14:50:27 2018 +0100
+
+    lua: fix memory leak in Pexec()
+    
+    Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
+
+diff --git a/luaext/lposix.c b/luaext/lposix.c
+index 5d7ad3c87..2730bcff7 100644
+--- a/luaext/lposix.c
+++ b/luaext/lposix.c
+@@ -348,6 +348,7 @@ static int Pexec(lua_State *L)			/** exec(path,[args]) */
+ 	for (i=1; i<n; i++) argv[i] = (char*)luaL_checkstring(L, i+1);
+ 	argv[i] = NULL;
+ 	execvp(path,argv);
+	free(argv);
+ 	return pusherror(L, path);
+ }
--- a/SPECS/rpm.spec
+++ b/SPECS/rpm.spec
@ -32,7 +32,7 @@

 %global rpmver 4.14.3
 #global snapver rc2
-%global rel 17
+%global rel 18

 %global srcver %{version}%{?snapver:-%{snapver}}
 %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
@ -690,6 +690,9 @@ make check || cat tests/rpmtests.log
 %doc doc/librpm/html/*

 %changelog
+* Thu Aug 26 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-18
+- Address important covscan issues (#1996665), vol. 2
+
 * Mon Aug 23 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-17
 - Address important covscan issues (#1996665)