import CS rpm-4.16.1.3-29.el9
This commit is contained in:
parent
dff934935e
commit
6de86b12e5
@ -0,0 +1,107 @@
|
||||
From 186e0ab025b9ad92d900697f611633a6f6162f3b Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed, 9 Feb 2022 14:47:14 +0200
|
||||
Subject: [PATCH] Add optional callback on directory changes during rpmfi
|
||||
iteration
|
||||
|
||||
Internal only for now in case we need to fiddle with the API some more,
|
||||
but no reason this couldn't be made public later.
|
||||
---
|
||||
lib/rpmfi.c | 24 ++++++++++++++++++++----
|
||||
lib/rpmfi_internal.h | 17 +++++++++++++++++
|
||||
2 files changed, 37 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
||||
index aec8220a3..6c631fdb5 100644
|
||||
--- a/lib/rpmfi.c
|
||||
+++ b/lib/rpmfi.c
|
||||
@@ -53,6 +53,9 @@ struct rpmfi_s {
|
||||
int intervalStart; /*!< Start of iterating interval. */
|
||||
int intervalEnd; /*!< End of iterating interval. */
|
||||
|
||||
+ rpmfiChdirCb onChdir; /*!< Callback for directory changes */
|
||||
+ void *onChdirData; /*!< Caller private callback data */
|
||||
+
|
||||
rpmfiles files; /*!< File info set */
|
||||
rpmcpio_t archive; /*!< Archive with payload */
|
||||
unsigned char * found; /*!< Bit field of files found in the archive */
|
||||
@@ -298,11 +301,16 @@ rpm_count_t rpmfiDC(rpmfi fi)
|
||||
return (fi != NULL ? rpmfilesDC(fi->files) : 0);
|
||||
}
|
||||
|
||||
-#ifdef NOTYET
|
||||
-int rpmfiDI(rpmfi fi)
|
||||
+int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data)
|
||||
{
|
||||
+ int rc = -1;
|
||||
+ if (fi != NULL) {
|
||||
+ fi->onChdir = cb;
|
||||
+ fi->onChdirData = data;
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+ return rc;
|
||||
}
|
||||
-#endif
|
||||
|
||||
int rpmfiFX(rpmfi fi)
|
||||
{
|
||||
@@ -314,9 +322,17 @@ int rpmfiSetFX(rpmfi fi, int fx)
|
||||
int i = -1;
|
||||
|
||||
if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {
|
||||
+ int dx = fi->j;
|
||||
i = fi->i;
|
||||
fi->i = fx;
|
||||
fi->j = rpmfilesDI(fi->files, fi->i);
|
||||
+ i = fi->i;
|
||||
+
|
||||
+ if (fi->j != dx && fi->onChdir) {
|
||||
+ int chrc = fi->onChdir(fi, fi->onChdirData);
|
||||
+ if (chrc < 0)
|
||||
+ i = chrc;
|
||||
+ }
|
||||
}
|
||||
return i;
|
||||
}
|
||||
@@ -1682,9 +1698,9 @@ static rpmfi initIter(rpmfiles files, int itype, int link)
|
||||
if (files && itype>=0 && itype<=RPMFILEITERMAX) {
|
||||
fi = xcalloc(1, sizeof(*fi));
|
||||
fi->i = -1;
|
||||
+ fi->j = -1;
|
||||
fi->files = link ? rpmfilesLink(files) : files;
|
||||
fi->next = nextfuncs[itype];
|
||||
- fi->i = -1;
|
||||
if (itype == RPMFI_ITER_BACK) {
|
||||
fi->i = rpmfilesFC(fi->files);
|
||||
} else if (itype >=RPMFI_ITER_READ_ARCHIVE
|
||||
diff --git a/lib/rpmfi_internal.h b/lib/rpmfi_internal.h
|
||||
index dccc6ccbe..37f1d45f5 100644
|
||||
--- a/lib/rpmfi_internal.h
|
||||
+++ b/lib/rpmfi_internal.h
|
||||
@@ -13,6 +13,23 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
+/** \ingroup rpmfi
|
||||
+ * Callback on file iterator directory changes
|
||||
+ * @param fi file info
|
||||
+ * @param data caller private callback data
|
||||
+ * @return 0 on success, < 0 on error (to stop iteration)
|
||||
+ */
|
||||
+typedef int (*rpmfiChdirCb)(rpmfi fi, void *data);
|
||||
+
|
||||
+/** \ingroup rpmfi
|
||||
+ * Set a callback for directory changes during iteration.
|
||||
+ * @param fi file info
|
||||
+ * @param cb callback function
|
||||
+ * @param data caller private callback data
|
||||
+ * @return string pool handle (weak reference)
|
||||
+ */
|
||||
+int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data);
|
||||
+
|
||||
/** \ingroup rpmfi
|
||||
* Return file info set string pool handle
|
||||
* @param fi file info
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,30 @@
|
||||
From 6c66abd34cccbb5b3c063f8f613e0c2faffc415f Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed, 13 Dec 2023 11:57:50 +0200
|
||||
Subject: [PATCH] Don't warn about missing user/group on skipped files
|
||||
|
||||
There's no reason to complain about missing user/group for entities
|
||||
we don't create at all. It's cosmetical only, but "regressed" in the
|
||||
4.17 fsm robustness rewrite.
|
||||
|
||||
Reported in https://issues.redhat.com/browse/RHEL-18037
|
||||
---
|
||||
lib/fsm.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 2189bd84c..a54e43bae 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -903,7 +903,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
fp->fpath = fsmFsPath(fi, fp->suffix);
|
||||
|
||||
/* Remap file perms, owner, and group. */
|
||||
- rc = rpmfiStat(fi, 1, &fp->sb);
|
||||
+ rc = rpmfiStat(fi, (fp->skip == 0), &fp->sb);
|
||||
|
||||
/* Hardlinks are tricky and handled elsewhere for install */
|
||||
fp->setmeta = (fp->skip == 0) &&
|
||||
--
|
||||
2.43.0
|
||||
|
35
SOURCES/0001-Eliminate-code-duplication-from-rpmfiNext.patch
Normal file
35
SOURCES/0001-Eliminate-code-duplication-from-rpmfiNext.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 0bc13d75b5883ccf4d6579f7a60fb1badd104649 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Thu, 10 Feb 2022 10:23:22 +0200
|
||||
Subject: [PATCH] Eliminate code duplication from rpmfiNext()
|
||||
|
||||
Now that we can, let rpmfiSetFX() take care of the details.
|
||||
---
|
||||
lib/rpmfi.c | 11 ++---------
|
||||
1 file changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
||||
index 689ead2c5..aec8220a3 100644
|
||||
--- a/lib/rpmfi.c
|
||||
+++ b/lib/rpmfi.c
|
||||
@@ -856,15 +856,8 @@ int rpmfiNext(rpmfi fi)
|
||||
next = fi->next(fi);
|
||||
} while (next == RPMERR_ITER_SKIP);
|
||||
|
||||
- if (next >= 0 && next < rpmfilesFC(fi->files)) {
|
||||
- fi->i = next;
|
||||
- fi->j = rpmfilesDI(fi->files, fi->i);
|
||||
- } else {
|
||||
- fi->i = -1;
|
||||
- if (next >= 0) {
|
||||
- next = -1;
|
||||
- }
|
||||
- }
|
||||
+ if (next >= 0)
|
||||
+ next = rpmfiSetFX(fi, next);
|
||||
}
|
||||
return next;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,66 @@
|
||||
From c140768202e271b60910644c1e4bf848a50218d3 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Mon, 27 Nov 2023 11:52:34 +0200
|
||||
Subject: [PATCH] Emit full paths for file disposition diagnostics on
|
||||
--fsmdebug
|
||||
|
||||
The full path is visible in the actual file operations later, but the
|
||||
pre-flight disposition diagnostics is unreadable without the full path.
|
||||
This regressed in the switch to relative paths for the *at() API family
|
||||
for the symlink CVE fixes.
|
||||
---
|
||||
lib/fsm.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 091e90554..fcd764648 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -482,14 +482,14 @@ static void removeSBITS(int dirfd, const char *path)
|
||||
}
|
||||
}
|
||||
|
||||
-static void fsmDebug(const char *fpath, rpmFileAction action,
|
||||
+static void fsmDebug(const char *dn, const char *fpath, rpmFileAction action,
|
||||
const struct stat *st)
|
||||
{
|
||||
- rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s\n",
|
||||
+ rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s%s\n",
|
||||
fileActionString(action), (int)st->st_mode,
|
||||
(int)st->st_nlink, (int)st->st_uid,
|
||||
(int)st->st_gid, (int)st->st_size,
|
||||
- (fpath ? fpath : ""));
|
||||
+ (dn ? dn : ""), (fpath ? fpath : ""));
|
||||
}
|
||||
|
||||
static int fsmSymlink(const char *opath, int dirfd, const char *path)
|
||||
@@ -910,7 +910,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
(fp->sb.st_nlink == 1 || fp->action == FA_TOUCH);
|
||||
|
||||
setFileState(fs, fx);
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
|
||||
fp->stage = FILE_PRE;
|
||||
}
|
||||
@@ -975,7 +975,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
rpmlog(RPMLOG_DEBUG, "file %s vanished unexpectedly\n",
|
||||
fp->fpath);
|
||||
fp->action = FA_CREATE;
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
}
|
||||
|
||||
/* When touching we don't need any of this... */
|
||||
@@ -1138,7 +1138,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
|
||||
|
||||
rc = fsmStat(di.dirfd, fp->fpath, 1, &fp->sb);
|
||||
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
|
||||
/* Run fsm file pre hook for all plugins */
|
||||
rc = rpmpluginsCallFsmFilePre(plugins, fi, fp->fpath,
|
||||
--
|
||||
2.43.0
|
||||
|
148
SOURCES/0001-Expose-and-document-rpmdb-verifydb-operation.patch
Normal file
148
SOURCES/0001-Expose-and-document-rpmdb-verifydb-operation.patch
Normal file
@ -0,0 +1,148 @@
|
||||
From 173b737f40e7da85f79544e3f4ea4ad7b8f7d5c2 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Mon, 6 Nov 2023 15:58:54 +0200
|
||||
Subject: [PATCH] Expose and document rpmdb --verifydb operation
|
||||
|
||||
After years of BDB, sometimes folks just want some assurance that their db
|
||||
is still fine. Properly exposing an operation to do so hopefully makes
|
||||
less likely to poke at the db directly (with eg sqlite3 command).
|
||||
---
|
||||
docs/man/rpmdb.8.md | 4 ++++
|
||||
tools/rpmdb.c | 4 ++--
|
||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/rpmdb.c b/rpmdb.c
|
||||
index 22b0b3e5d..36efff8af 100644
|
||||
--- a/rpmdb.c
|
||||
+++ b/rpmdb.c
|
||||
@@ -23,8 +23,8 @@ static struct poptOption dbOptsTable[] = {
|
||||
{ "rebuilddb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_REBUILDDB,
|
||||
N_("rebuild database inverted lists from installed package headers"),
|
||||
NULL},
|
||||
- { "verifydb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR|POPT_ARGFLAG_DOC_HIDDEN),
|
||||
- &mode, MODE_VERIFYDB, N_("verify database files"), NULL},
|
||||
+ { "verifydb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
|
||||
+ &mode, MODE_VERIFYDB, N_("verify database"), NULL},
|
||||
{ "salvagedb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR|POPT_ARGFLAG_DOC_HIDDEN),
|
||||
&mode, MODE_SALVAGEDB, N_("salvage database"), NULL},
|
||||
{ "exportdb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_EXPORTDB,
|
||||
--
|
||||
2.41.0
|
||||
|
||||
--- a/doc/rpmdb.8 2020-05-28 12:04:25.024136615 +0200
|
||||
+++ b/doc/rpmdb.8 2023-12-13 11:57:30.646202901 +0100
|
||||
@@ -1,48 +1,70 @@
|
||||
-.TH "RPMDB" "8" "29 June 2010" "Red Hat, Inc"
|
||||
+.\" Automatically generated by Pandoc 3.1.3
|
||||
+.\"
|
||||
+.\" Define V font for inline verbatim, using C font in formats
|
||||
+.\" that render this, and otherwise B font.
|
||||
+.ie "\f[CB]x\f[]"x" \{\
|
||||
+. ftr V B
|
||||
+. ftr VI BI
|
||||
+. ftr VB B
|
||||
+. ftr VBI BI
|
||||
+.\}
|
||||
+.el \{\
|
||||
+. ftr V CR
|
||||
+. ftr VI CI
|
||||
+. ftr VB CB
|
||||
+. ftr VBI CBI
|
||||
+.\}
|
||||
+.TH "RPMDB" "8" "29 June 2010" "" ""
|
||||
+.hy
|
||||
.SH NAME
|
||||
-rpmdb \- RPM Database Tool
|
||||
+.PP
|
||||
+rpmdb - RPM Database Tool
|
||||
.SH SYNOPSIS
|
||||
-
|
||||
-\fBrpm\fR {\fB--initdb|--rebuilddb\fR}
|
||||
-
|
||||
-.SH "DESCRIPTION"
|
||||
-The general form of an rpm rebuild database command is
|
||||
-.PP
|
||||
-
|
||||
-\fBrpm\fR {\fB--initdb|--rebuilddb\fR} [\fB-v\fR] [\fB--dbpath \fIDIRECTORY\fB\fR] [\fB--root \fIDIRECTORY\fB\fR]
|
||||
-
|
||||
-.PP
|
||||
-Use \fB--initdb\fR to create a new database if one doesn't already exist
|
||||
-(existing database is not overwritten), use
|
||||
-\fB--rebuilddb\fR to rebuild the database indices from
|
||||
-the installed package headers.
|
||||
-.PP
|
||||
-
|
||||
-.SH "SEE ALSO"
|
||||
-
|
||||
-.nf
|
||||
-\fBpopt\fR(3),
|
||||
-\fBrpm\fR(8),
|
||||
-\fBrpmkeys\fR(8),
|
||||
-\fBrpmsign\fR(8),
|
||||
-\fBrpm2cpio\fR(8),
|
||||
-\fBrpmbuild\fR(8),
|
||||
-\fBrpmspec\fR(8),
|
||||
-.fi
|
||||
-
|
||||
-\fBrpm --help\fR - as rpm supports customizing the options via popt aliases
|
||||
-it's impossible to guarantee that what's described in the manual matches
|
||||
-what's available.
|
||||
-
|
||||
-
|
||||
-\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
|
||||
-\fR
|
||||
-.SH "AUTHORS"
|
||||
-
|
||||
+.PP
|
||||
+\f[B]rpmdb\f[R] {\f[B]--initdb|--rebuilddb\f[R]}
|
||||
+.PP
|
||||
+\f[B]rpmdb\f[R] {\f[B]--verifydb\f[R]}
|
||||
+.PP
|
||||
+\f[B]rpmdb\f[R] {\f[B]--exportdb|--importdb\f[R]}
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+The general form of an rpmdb command is
|
||||
+.PP
|
||||
+\f[B]rpm\f[R] {\f[B]--initdb|--rebuilddb\f[R]} [\f[B]-v\f[R]]
|
||||
+[\f[B]--dbpath \f[R]\f[I]DIRECTORY\f[R]] [\f[B]--root
|
||||
+\f[R]\f[I]DIRECTORY\f[R]]
|
||||
+.PP
|
||||
+Use \f[B]--initdb\f[R] to create a new database if one doesn\[aq]t
|
||||
+already exist (existing database is not overwritten), use
|
||||
+\f[B]--rebuilddb\f[R] to rebuild the database indices from the installed
|
||||
+package headers.
|
||||
+.PP
|
||||
+\f[B]--verifydb\f[R] performs a low-level integrity check on the
|
||||
+database.
|
||||
+.PP
|
||||
+\f[B]--exportdb\f[R] exports the database in header-list format,
|
||||
+suitable for transfporting to another host or database type.
|
||||
+.PP
|
||||
+\f[B]--importdb\f[R] imports a database from a header-list format as
|
||||
+created by \f[B]--exportdb\f[R].
|
||||
+.SH SEE ALSO
|
||||
+.PP
|
||||
+\f[B]popt\f[R](3), \f[B]rpm\f[R](8), \f[B]rpmkeys\f[R](8),
|
||||
+\f[B]rpmsign\f[R](8), \f[B]rpm2cpio\f[R](8), \f[B]rpmbuild\f[R](8),
|
||||
+\f[B]rpmspec\f[R](8)
|
||||
+.PP
|
||||
+\f[B]rpm --help\f[R] - as rpm supports customizing the options via popt
|
||||
+aliases it\[aq]s impossible to guarantee that what\[aq]s described in
|
||||
+the manual matches what\[aq]s available.
|
||||
+.PP
|
||||
+\f[B]http://www.rpm.org/ <URL:http://www.rpm.org/>\f[R]
|
||||
+.SH AUTHORS
|
||||
+.IP
|
||||
.nf
|
||||
-Marc Ewing <marc@redhat.com>
|
||||
-Jeff Johnson <jbj@redhat.com>
|
||||
-Erik Troan <ewt@redhat.com>
|
||||
-Panu Matilainen <pmatilai@redhat.com>
|
||||
+\f[C]
|
||||
+Marc Ewing <marc\[at]redhat.com>
|
||||
+Jeff Johnson <jbj\[at]redhat.com>
|
||||
+Erik Troan <ewt\[at]redhat.com>
|
||||
+Panu Matilainen <pmatilai\[at]redhat.com>
|
||||
+\f[R]
|
||||
.fi
|
||||
-
|
@ -0,0 +1,26 @@
|
||||
From 03525592c944957f3b7b200b7daeb9f615cdcde7 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 23 May 2023 12:46:22 +0300
|
||||
Subject: [PATCH] Fix a copy-paste --help description of --whatconflicts
|
||||
(RhBug:2208661)
|
||||
|
||||
---
|
||||
lib/poptQV.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/poptQV.c b/lib/poptQV.c
|
||||
index ac8e8975d..8bd91c652 100644
|
||||
--- a/lib/poptQV.c
|
||||
+++ b/lib/poptQV.c
|
||||
@@ -108,7 +108,7 @@ struct poptOption rpmQVSourcePoptTable[] = {
|
||||
{ "verify", 'V', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'V',
|
||||
N_("rpm verify mode"), NULL },
|
||||
{ "whatconflicts", '\0', 0, 0, POPT_WHATCONFLICTS,
|
||||
- N_("query/verify the package(s) which require a dependency"), "CAPABILITY" },
|
||||
+ N_("query/verify the package(s) which conflict with a dependency"), "CAPABILITY" },
|
||||
{ "whatrequires", '\0', 0, 0, POPT_WHATREQUIRES,
|
||||
N_("query/verify the package(s) which require a dependency"), "CAPABILITY" },
|
||||
{ "whatobsoletes", '\0', 0, 0, POPT_WHATOBSOLETES,
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,50 @@
|
||||
From 321933f060896f721e361a1c8a8d3731bdcee827 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Schroeder <mls@suse.de>
|
||||
Date: Wed, 22 Jun 2022 14:07:01 +0200
|
||||
Subject: [PATCH] Fix short circuiting of version strings in expressions
|
||||
|
||||
We use an empty string when discarding a value due to short circuiting, but
|
||||
an empty string is not allowed for versions. So use "0" in that case.
|
||||
|
||||
Fixes: #1883
|
||||
---
|
||||
rpmio/expression.c | 2 +-
|
||||
tests/rpmmacro.at | 2 ++
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rpmio/expression.c b/rpmio/expression.c
|
||||
index a389a04d5..98a44bbdb 100644
|
||||
--- a/rpmio/expression.c
|
||||
+++ b/rpmio/expression.c
|
||||
@@ -477,7 +477,7 @@ static int rdToken(ParseState state)
|
||||
if (qtok == TOK_STRING) {
|
||||
v = valueMakeString(temp);
|
||||
} else {
|
||||
- v = valueMakeVersion(temp);
|
||||
+ v = valueMakeVersion(state->flags & RPMEXPR_DISCARD ? "0" : temp);
|
||||
free(temp); /* version doesn't take ownership of the string */
|
||||
if (v == 0) {
|
||||
exprErr(state, _("invalid version"), p+1);
|
||||
diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at
|
||||
index d1490b4d9..c4376d49e 100644
|
||||
--- a/tests/rpmmacro.at
|
||||
+++ b/tests/rpmmacro.at
|
||||
@@ -533,6 +533,7 @@ runroot rpm \
|
||||
--eval '%["%{aaa}"]' \
|
||||
--eval '%[%{?ccc}]' \
|
||||
--eval '%[v"1:2.3-4"]' \
|
||||
+ --eval '%[v"0" && v"0"]' \
|
||||
]],
|
||||
[0],
|
||||
[4096
|
||||
@@ -542,6 +543,7 @@ runroot rpm \
|
||||
5
|
||||
0
|
||||
1:2.3-4
|
||||
+0
|
||||
],
|
||||
[])
|
||||
AT_CLEANUP
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,46 @@
|
||||
From 89ce4e7ca592f5abafc3f25aeaa07d36a7b43a61 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 14 Nov 2023 11:37:48 +0200
|
||||
Subject: [PATCH] Fix wrong return code on O_DIRECTORY open of invalid symlink
|
||||
|
||||
The dir argument to fsmOpenpath() is supposed to be a rough O_DIRECTORY
|
||||
equivalent, and if the path is actually a misowned symlink it should
|
||||
return ENOTDIR instead of ELOOP. Makes the resulting error messages
|
||||
at least a little more comprehensible.
|
||||
---
|
||||
lib/fsm.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 51f439ef3..091e90554 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -304,6 +304,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
struct stat lsb, sb;
|
||||
int sflags = flags | O_NOFOLLOW;
|
||||
int fd = openat(dirfd, path, sflags);
|
||||
+ int ffd = fd;
|
||||
|
||||
/*
|
||||
* Only ever follow symlinks by root or target owner. Since we can't
|
||||
@@ -312,7 +313,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
* it could've only been the link owner or root.
|
||||
*/
|
||||
if (fd < 0 && errno == ELOOP && flags != sflags) {
|
||||
- int ffd = openat(dirfd, path, flags);
|
||||
+ ffd = openat(dirfd, path, flags);
|
||||
if (ffd >= 0) {
|
||||
if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
|
||||
if (fstat(ffd, &sb) == 0) {
|
||||
@@ -327,7 +328,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
}
|
||||
|
||||
/* O_DIRECTORY equivalent */
|
||||
- if (dir && fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)) {
|
||||
+ if (dir && ((fd != ffd) || (fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)))) {
|
||||
errno = ENOTDIR;
|
||||
fsmClose(&fd);
|
||||
}
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,158 @@
|
||||
From ac7b0dbd5a18d2c57a942ca14ac856b8047425ff Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 15 Feb 2022 10:43:13 +0200
|
||||
Subject: [PATCH] Pass file descriptor to file prepare plugin hook, use when
|
||||
possible
|
||||
|
||||
Sadly the thing that allegedly makes things better mostly just makes
|
||||
things more complicated as symlinks can't be opened, so we'll now have
|
||||
to deal with both cases in plugins too. To make matters worse, most
|
||||
APIs out there support either an fd or a path, but very few support
|
||||
the *at() style dirfd + basename approach so plugins are stuck with
|
||||
absolute paths for now.
|
||||
|
||||
This is of course a plugin API/ABI change too.
|
||||
---
|
||||
lib/rpmplugin.h | 2 +-
|
||||
lib/rpmplugins.c | 4 ++--
|
||||
lib/rpmplugins.h | 3 ++-
|
||||
plugins/ima.c | 9 +++++++--
|
||||
plugins/selinux.c | 13 ++++++++-----
|
||||
5 files changed, 20 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
|
||||
index fd81aec8d..fab4b3e83 100644
|
||||
--- a/lib/rpmplugin.h
|
||||
+++ b/lib/rpmplugin.h
|
||||
@@ -57,7 +57,7 @@ typedef rpmRC (*plugin_fsm_file_post_func)(rpmPlugin plugin, rpmfi fi,
|
||||
const char* path, mode_t file_mode,
|
||||
rpmFsmOp op, int res);
|
||||
typedef rpmRC (*plugin_fsm_file_prepare_func)(rpmPlugin plugin, rpmfi fi,
|
||||
- const char* path,
|
||||
+ int fd, const char* path,
|
||||
const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op);
|
||||
|
||||
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
|
||||
index 65e684e84..923084b78 100644
|
||||
--- a/lib/rpmplugins.c
|
||||
+++ b/lib/rpmplugins.c
|
||||
@@ -384,7 +384,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
}
|
||||
|
||||
rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path, const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
plugin_fsm_file_prepare_func hookFunc;
|
||||
@@ -394,7 +394,7 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h
|
||||
index 39762c376..ddf5d7048 100644
|
||||
--- a/lib/rpmplugins.h
|
||||
+++ b/lib/rpmplugins.h
|
||||
@@ -156,6 +156,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,
|
||||
* permissions etc, but before committing file to destination path.
|
||||
* @param plugins plugins structure
|
||||
* @param fi file info iterator (or NULL)
|
||||
+ * @param fd file descriptor (or -1 if not available)
|
||||
* @param path file object current path
|
||||
* @param dest file object destination path
|
||||
* @param mode file object mode
|
||||
@@ -164,7 +165,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,
|
||||
*/
|
||||
RPM_GNUC_INTERNAL
|
||||
rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path, const char *dest,
|
||||
mode_t mode, rpmFsmOp op);
|
||||
|
||||
#ifdef __cplusplus
|
||||
diff --git a/plugins/ima.c b/plugins/ima.c
|
||||
index fe6d3ad7f..9c28a41a3 100644
|
||||
--- a/plugins/ima.c
|
||||
+++ b/plugins/ima.c
|
||||
@@ -39,7 +39,7 @@ static int check_zero_hdr(const unsigned char *fsig, size_t siglen)
|
||||
return (memcmp(fsig, &zero_hdr, sizeof(zero_hdr)) == 0);
|
||||
}
|
||||
|
||||
-static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
+static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,
|
||||
const char *path,
|
||||
const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
@@ -68,8 +68,13 @@
|
||||
|
||||
fsig = rpmfiFSignature(fi, &len);
|
||||
if (fsig && (check_zero_hdr(fsig, len) == 0)) {
|
||||
- if (lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0) < 0) {
|
||||
- int is_err = errno != EOPNOTSUPP;
|
||||
+ int xx;
|
||||
+ if (fd >= 0)
|
||||
+ xx = fsetxattr(fd, XATTR_NAME_IMA, fsig, len, 0);
|
||||
+ else
|
||||
+ xx = lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0);
|
||||
+ if (xx < 0) {
|
||||
+ int is_err = errno != EOPNOTSUPP;
|
||||
rpmlog(is_err?RPMLOG_ERR:RPMLOG_DEBUG,
|
||||
"ima: could not apply signature on '%s': %s\n",
|
||||
path, strerror(errno));
|
||||
diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c
|
||||
index 7ac44f0d0..1ff50c30f 100644
|
||||
--- a/plugins/fapolicyd.c
|
||||
+++ b/plugins/fapolicyd.c
|
||||
@@ -145,7 +145,8 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,
|
||||
}
|
||||
|
||||
static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path,
|
||||
+ const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
/* not ready */
|
||||
diff --git a/plugins/selinux.c b/plugins/selinux.c
|
||||
index 32c3b7529..a7f20aeca 100644
|
||||
--- a/plugins/selinux.c
|
||||
+++ b/plugins/selinux.c
|
||||
@@ -149,7 +149,7 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
+static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,
|
||||
const char *path, const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
@@ -194,13 +194,17 @@
|
||||
if (sehandle && !XFA_SKIPPING(action)) {
|
||||
char *scon = NULL;
|
||||
if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
|
||||
- int conrc = lsetfilecon(path, scon);
|
||||
+ int conrc;
|
||||
+ if (fd >= 0)
|
||||
+ conrc = fsetfilecon(fd, scon);
|
||||
+ else
|
||||
+ conrc = lsetfilecon(path, scon);
|
||||
|
||||
if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
|
||||
rc = RPMRC_OK;
|
||||
|
||||
- rpmlog(loglvl(rc != RPMRC_OK), "lsetfilecon: (%s, %s) %s\n",
|
||||
- path, scon, (conrc < 0 ? strerror(errno) : ""));
|
||||
+ rpmlog(loglvl(rc != RPMRC_OK), "lsetfilecon: (%d %s, %s) %s\n",
|
||||
+ fd, path, scon, (conrc < 0 ? strerror(errno) : ""));
|
||||
|
||||
freecon(scon);
|
||||
} else {
|
||||
--
|
||||
2.41.0
|
||||
|
32
SOURCES/0001-Print-full-path-if-file-removal-fails.patch
Normal file
32
SOURCES/0001-Print-full-path-if-file-removal-fails.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From f1503ab6e898430b80017c0f8347860f3a74d5bb Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Mon, 11 Dec 2023 15:50:15 +0100
|
||||
Subject: [PATCH] Print full path if file removal fails
|
||||
|
||||
For normal debug output the basename of the files are sufficient as when
|
||||
debugging is enabled the directories are also printed. But here the
|
||||
warning is given without a debug flag so we need the full context right
|
||||
there.
|
||||
---
|
||||
lib/fsm.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index fcd764648..2189bd84c 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -1174,9 +1174,9 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
|
||||
|
||||
if (rc) {
|
||||
int lvl = strict_erasures ? RPMLOG_ERR : RPMLOG_WARNING;
|
||||
- rpmlog(lvl, _("%s %s: remove failed: %s\n"),
|
||||
+ rpmlog(lvl, _("%s %s%s: remove failed: %s\n"),
|
||||
S_ISDIR(fp->sb.st_mode) ? _("directory") : _("file"),
|
||||
- fp->fpath, strerror(errno));
|
||||
+ rpmfiDN(fi), fp->fpath, strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
@ -0,0 +1,90 @@
|
||||
From 6dd62720fe84f7e2ad902c915b952fc0b29e3dcd Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 15 Feb 2022 11:34:37 +0200
|
||||
Subject: [PATCH] Swap over to dirfd+basename based operation within the fsm
|
||||
|
||||
Within fsm this is just a matter of adjusting error messages to include
|
||||
the directory... if it only wasn't for the plugins requiring absolute
|
||||
paths for outside users. For the plugins, we need to assemble absolute
|
||||
paths as needed, both in ensureDir() and plugin file slots.
|
||||
---
|
||||
lib/rpmplugins.c | 20 +++++++++++++++++---
|
||||
2 files changed, 36 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
|
||||
index 703368c0d..f06fd7895 100644
|
||||
--- a/lib/rpmplugins.c
|
||||
+++ b/lib/rpmplugins.c
|
||||
@@ -350,21 +350,31 @@ rpmRC rpmpluginsCallScriptletPost(rpmPlugins plugins, const char *s_name, int ty
|
||||
return rc;
|
||||
}
|
||||
|
||||
+static char *abspath(rpmfi fi, const char *path)
|
||||
+{
|
||||
+ if (*path == '/')
|
||||
+ return xstrdup(path);
|
||||
+ else
|
||||
+ return rstrscat(NULL, rpmfiDN(fi), path, NULL);
|
||||
+}
|
||||
+
|
||||
rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
plugin_fsm_file_pre_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_pre failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -375,14 +385,16 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
plugin_fsm_file_post_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, res) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op, res) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_WARNING, "Plugin %s: hook fsm_file_post failed\n", plugin->name);
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -394,15 +406,17 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
plugin_fsm_file_prepare_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
|
||||
- if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, fd, apath, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
1631
SOURCES/0001-Use-file-state-machine-from-rpm-4.19.patch
Normal file
1631
SOURCES/0001-Use-file-state-machine-from-rpm-4.19.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -32,7 +32,7 @@
|
||||
|
||||
%global rpmver 4.16.1.3
|
||||
#global snapver rc1
|
||||
%global rel 25
|
||||
%global rel 29
|
||||
%global sover 9
|
||||
|
||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
@ -94,6 +94,20 @@ Patch122: rpm-4.16.1.3-Support-long-languages-names-for-QT.patch
|
||||
Patch123: rpm-4.14.3-rpm2archive-parse-popt-options.patch
|
||||
Patch124: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch
|
||||
Patch125: rpm-4.16.1.3-IMA-without-xattr.patch
|
||||
# Backport fsm to fix CVEs
|
||||
Patch126: 0001-Eliminate-code-duplication-from-rpmfiNext.patch
|
||||
Patch127: 0001-Add-optional-callback-on-directory-changes-during-rp.patch
|
||||
Patch128: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch
|
||||
Patch129: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
||||
Patch130: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||
Patch131: 0001-Emit-full-paths-for-file-disposition-diagnostics-on-.patch
|
||||
Patch132: 0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch
|
||||
Patch133: 0001-Print-full-path-if-file-removal-fails.patch
|
||||
Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch
|
||||
|
||||
Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
|
||||
Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch
|
||||
Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch
|
||||
|
||||
# These are not yet upstream
|
||||
Patch906: rpm-4.7.1-geode-i686.patch
|
||||
@ -643,6 +657,22 @@ fi
|
||||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29
|
||||
- Actually add --verifydb to the man page (RHEL-14591)
|
||||
- Don't warn about missing user/group on skipped files (RHEL-18037)
|
||||
|
||||
* Mon Dec 11 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-28
|
||||
- Fix warning if file removal fails
|
||||
|
||||
* Mon Nov 27 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27
|
||||
- Fix short circuiting of version strings in expressions (RHEL-15688)
|
||||
- Fix description of whatconflicts in the man page (RHEL-6303)
|
||||
- Expose and document rpmdb --verifydb operation (RHEL-14591)
|
||||
- Fixes to the file handling backport
|
||||
|
||||
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26
|
||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||
CVE-2021-35938 and CVE-2021-35939
|
||||
|
||||
* Fri Jun 30 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-25
|
||||
- Followup on #2166383
|
||||
|
Loading…
Reference in New Issue
Block a user