From b93a192b47fe39fd7442498217056139430ef1d0 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Sat, 25 Jan 2025 14:10:04 +0100 Subject: [PATCH] Add patches for next release Resolves: RHEL-69518 RHEL-54000 RHEL-56613 RHEL-56363 --- ...kage-corruption-on-delsign-resign-ad.patch | 59 ++++++++++++ ...n-build-id-generation-from-compresse.patch | 52 +++++++++++ 0003-Fix-root-relocation-regression.patch | 91 +++++++++++++++++++ macros.rpmsign-sequoia | 4 +- rpm.spec | 12 ++- 5 files changed, 215 insertions(+), 3 deletions(-) create mode 100644 0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch create mode 100644 0002-Fix-regression-on-build-id-generation-from-compresse.patch create mode 100644 0003-Fix-root-relocation-regression.patch diff --git a/0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch b/0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch new file mode 100644 index 0000000..7dd6705 --- /dev/null +++ b/0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch @@ -0,0 +1,59 @@ +From d4c98d15f1bdeaca4efdc4e2e93cc93cb01d54b5 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Wed, 20 Nov 2024 14:18:43 +0100 +Subject: [PATCH 1/3] Fix possible package corruption on + --delsign/resign/addsign + +Make sure we don't overrun the original signature header when +adjusting reserved size. Fixes a brainfart introduced in commit +be950eabb84a88e5773e096435c37b92e3d47ebb: the count reservation +size is relative to the size of the new header, obviously. + +Another crucial difference is that when considering whether we can +transplant the new signature header in the originals place we need +to consider the real on-disk signature, not the size of its +immutable region. The immutable region can be much much smaller than +the physical header if eg the IMA signatures are misplaced outside it, +making our calculations way off. + +Backported from commits: +1847fd6bea41f96ca545e744ee9ecc2896f6378a + +Fixes: RHEL-69518 +--- + sign/rpmgensig.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index d7d58fd4f..576e77f7d 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -629,8 +629,8 @@ static int rpmSign(const char *rpm, int deleting, int flags) + flags |= RPMSIGN_FLAG_RPMV3; + } + +- unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES); + origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES); ++ unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES); + + if (flags & RPMSIGN_FLAG_IMA) { + if (includeFileSignatures(&sigh, &h)) +@@ -674,12 +674,13 @@ static int rpmSign(const char *rpm, int deleting, int flags) + + /* Adjust reserved size for added/removed signatures */ + if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) { +- int diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize; ++ unsigned newSize = headerSizeof(sigh, HEADER_MAGIC_YES); ++ int diff = newSize - origSigSize; + + /* diff can be zero if nothing was added or removed */ + if (diff) { + utd.count -= diff; +- if (utd.count > 0 && utd.count < origSigSize) { ++ if (utd.count > 0 && newSize + utd.count <= origSigSize) { + char *zeros = xcalloc(utd.count, sizeof(*zeros)); + utd.data = zeros; + headerMod(sigh, &utd); +-- +2.48.1 + diff --git a/0002-Fix-regression-on-build-id-generation-from-compresse.patch b/0002-Fix-regression-on-build-id-generation-from-compresse.patch new file mode 100644 index 0000000..44f0594 --- /dev/null +++ b/0002-Fix-regression-on-build-id-generation-from-compresse.patch @@ -0,0 +1,52 @@ +From f1f6f316e9363682edbf1a2f97ceaff2e960c87c Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 22 Nov 2024 09:40:41 +0200 +Subject: [PATCH 2/3] Fix regression on build-id generation from compressed ELF + files + +Another cmake fallout - we even have the define in config.h.in but the +actual test was missing, causing us to never use the compression aware +dwelf_elf_begin() version. + +The only reproducer I'm aware of is a kernel module, and we don't want +to pull in the huge kernel-devel to the test CI for this. Manually +verified that cmake looks for and finds it: + + -- Looking for dwelf_elf_begin in dw + -- Looking for dwelf_elf_begin in dw - found + +And building kernel module, before: + +$ rpm -qpl /home/pmatilai/rpmbuild/RPMS/x86_64/kmod-lkm_example-1.0-1.x86_64.rpm +/lib/modules/6.11.8-300.fc41.x86_64/lkm_example/lkm_example.ko.xz + +After: + +$ rpm -qpl /home/pmatilai/rpmbuild/RPMS/x86_64/kmod-lkm_example-1.0-1.x86_64.rpm +/lib/modules/6.11.8-300.fc41.x86_64/lkm_example/lkm_example.ko.xz +/usr/lib/.build-id +/usr/lib/.build-id/db +/usr/lib/.build-id/db/f83477ef46b0e51abd5cc1b9382be1330083c4 + +(cherry picked from commit fe9a9147821044628cab2f7326c97d8401a2c57e) + +Fixes: RHEL-54000 +--- + CMakeLists.txt | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 7808115c1..6dbf179f3 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -357,6 +357,7 @@ if (LIBELF_FOUND) + endif() + if (LIBDW_FOUND) + set(HAVE_LIBDW 1) ++ check_library_exists(dw dwelf_elf_begin "" HAVE_DWELF_ELF_BEGIN) + endif() + + check_symbol_exists(GLOB_ONLYDIR "glob.h" HAVE_GLOB_ONLYDIR) +-- +2.48.1 + diff --git a/0003-Fix-root-relocation-regression.patch b/0003-Fix-root-relocation-regression.patch new file mode 100644 index 0000000..1ee9152 --- /dev/null +++ b/0003-Fix-root-relocation-regression.patch @@ -0,0 +1,91 @@ +From 3c08dc15ba46495eea776ab9d16d4bdc9ce0b983 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 26 Jul 2024 10:44:04 +0200 +Subject: [PATCH 3/3] Fix root relocation regression + +When relocating the root directory, make sure we insert the new path's +dirname to dirNames[] even if the root itself is owned by the package. + +This appears to have been the intention from the first version (largely +untouched since) of this code as we allow the root to pass through the +first checks (by setting len to 0 in that case) as well as the second +for loop where we do the relocations. + +This allows fsm to properly create and remove the relocated directory +since we're now using fd-based calls (#1919) and the parent directory +needs to be opened first. + +No need to do string comparison here, the empty basename signals that +we're processing the root directory, so just use that. + +Building a relocatable package that owns the root directory seems to be +a handy way to create user-installable packages (see RHEL-28967) and it +happened to work before with the path-based calls so this technically +was a regression. Add a test that emulates this use case. + +Backported from commits: +31c14ba6610568c2d634647fed1fb57221178da9 +308ac60677732e9979b9ce11e5a3085906da1901 + +Fixes: RHEL-56613 +--- + lib/relocation.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/relocation.c b/lib/relocation.c +index 2919b4873..a7110d426 100644 +--- a/lib/relocation.c ++++ b/lib/relocation.c +@@ -124,7 +124,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + char ** baseNames; + char ** dirNames; + uint32_t * dirIndexes; +- rpm_count_t fileCount, dirCount; ++ rpm_count_t fileCount, dirCount, dirCountOrig; + int nrelocated = 0; + int fileAlloced = 0; + char * fn = NULL; +@@ -163,7 +163,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + baseNames = bnames.data; + dirIndexes = dindexes.data; + fileCount = rpmtdCount(&bnames); +- dirCount = rpmtdCount(&dnames); ++ dirCount = dirCountOrig = rpmtdCount(&dnames); + /* XXX TODO: use rpmtdDup() instead */ + dirNames = dnames.data = duparray(dnames.data, dirCount); + dnames.flags |= RPMTD_PTR_ALLOCED; +@@ -180,8 +180,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + rpmFileTypes ft; + int fnlen; + ++ size_t baselen = strlen(baseNames[i]); + size_t len = maxlen + +- strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1; ++ strlen(dirNames[dirIndexes[i]]) + baselen + 1; + if (len >= fileAlloced) { + fileAlloced = len * 2; + fn = xrealloc(fn, fileAlloced); +@@ -243,8 +244,9 @@ assert(fn != NULL); /* XXX can't happen */ + continue; + } + +- /* Relocation on full paths only, please. */ +- if (fnlen != len) continue; ++ /* Relocation on '/' and full paths only, please. */ ++ if (baselen && fnlen != len) ++ continue; + + rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n", + fn, relocations[j].newPath); +@@ -295,7 +297,7 @@ assert(fn != NULL); /* XXX can't happen */ + } + + /* Finish off by relocating directories. */ +- for (i = dirCount - 1; i >= 0; i--) { ++ for (i = dirCountOrig - 1; i >= 0; i--) { + for (j = numRelocations - 1; j >= 0; j--) { + + if (relocations[j].oldPath == NULL) /* XXX can't happen */ +-- +2.48.1 + diff --git a/macros.rpmsign-sequoia b/macros.rpmsign-sequoia index 7476887..b7f8966 100644 --- a/macros.rpmsign-sequoia +++ b/macros.rpmsign-sequoia @@ -20,7 +20,7 @@ %__gpg_sign_cmd %{__gpg} %{__gpg} sign \ %{?_gpg_sign_cmd_extra_args} \ - %{?_gpg_name:--signer-key %{_gpg_name}} \ - --binary --detached --output %{shescape:%{?__signature_filename}} \ + %{?_gpg_name:--signer %{_gpg_name}} \ + --binary --signature-file %{shescape:%{?__signature_filename}} \ %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}} diff --git a/rpm.spec b/rpm.spec index 411d2bf..f2a4412 100644 --- a/rpm.spec +++ b/rpm.spec @@ -27,7 +27,7 @@ %global rpmver 4.19.1.1 #global snapver rc1 -%global baserelease 10 +%global baserelease 11 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -149,6 +149,10 @@ rpm-4.18.90-weak-user-group.patch 0001-Report-unsafe-symlinks-during-installation-as-a-spec.patch 0002-Fix-FA_TOUCH-ed-files-getting-removed-on-failed-upda.patch +0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch +0002-Fix-regression-on-build-id-generation-from-compresse.patch +0003-Fix-root-relocation-regression.patch + # These are not yet upstream rpm-4.7.1-geode-i686.patch @@ -631,6 +635,12 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Fri Jan 24 2025 Michal Domonkos - 4.19.1.1-11 +- Fix possible package corruption on --delsign/resign/addsign (RHEL-69518) +- Fix regression on build-id generation from compressed ELF (RHEL-54000) +- Fix root relocation regression (RHEL-56613) +- Update sequoia macros for sq 1.0 (RHEL-56363) + * Mon Jan 13 2025 Michal Domonkos - 4.19.1.1-10 - Report unsafe symlinks during installation as a specific case (RHEL-73186) - Fix FA_TOUCH'ed files getting removed on failed update (RHEL-54386)