Merge branch 'c10s' into a10s

0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch

@@ -0,0 +1,59 @@
+From d4c98d15f1bdeaca4efdc4e2e93cc93cb01d54b5 Mon Sep 17 00:00:00 2001
+From: Florian Festi <ffesti@redhat.com>
+Date: Wed, 20 Nov 2024 14:18:43 +0100
+Subject: [PATCH 1/3] Fix possible package corruption on
+ --delsign/resign/addsign
+
+Make sure we don't overrun the original signature header when
+adjusting reserved size. Fixes a brainfart introduced in commit
+be950eabb84a88e5773e096435c37b92e3d47ebb: the count reservation
+size is relative to the size of the new header, obviously.
+
+Another crucial difference is that when considering whether we can
+transplant the new signature header in the originals place we need
+to consider the real on-disk signature, not the size of its
+immutable region. The immutable region can be much much smaller than
+the physical header if eg the IMA signatures are misplaced outside it,
+making our calculations way off.
+
+Backported from commits:
+1847fd6bea41f96ca545e744ee9ecc2896f6378a
+
+Fixes: RHEL-69518
+---
+ sign/rpmgensig.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index d7d58fd4f..576e77f7d 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -629,8 +629,8 @@ static int rpmSign(const char *rpm, int deleting, int flags)
+ 	flags |= RPMSIGN_FLAG_RPMV3;
+     }
+ 
+-    unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
+     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
++    unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
+ 
+     if (flags & RPMSIGN_FLAG_IMA) {
+ 	if (includeFileSignatures(&sigh, &h))
+@@ -674,12 +674,13 @@ static int rpmSign(const char *rpm, int deleting, int flags)
+ 
+     /* Adjust reserved size for added/removed signatures */
+     if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) {
+-	int diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize;
++	unsigned newSize = headerSizeof(sigh, HEADER_MAGIC_YES);
++	int diff = newSize - origSigSize;
+ 
+ 	/* diff can be zero if nothing was added or removed */
+ 	if (diff) {
+ 	    utd.count -= diff;
+-	    if (utd.count > 0 && utd.count < origSigSize) {
++	    if (utd.count > 0 && newSize + utd.count <= origSigSize) {
+ 		char *zeros = xcalloc(utd.count, sizeof(*zeros));
+ 		utd.data = zeros;
+ 		headerMod(sigh, &utd);
+-- 
+2.48.1
+

0002-Fix-regression-on-build-id-generation-from-compresse.patch

@@ -0,0 +1,52 @@
+From f1f6f316e9363682edbf1a2f97ceaff2e960c87c Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 22 Nov 2024 09:40:41 +0200
+Subject: [PATCH 2/3] Fix regression on build-id generation from compressed ELF
+ files
+
+Another cmake fallout - we even have the define in config.h.in but the
+actual test was missing, causing us to never use the compression aware
+dwelf_elf_begin() version.
+
+The only reproducer I'm aware of is a kernel module, and we don't want
+to pull in the huge kernel-devel to the test CI for this. Manually
+verified that cmake looks for and finds it:
+
+	-- Looking for dwelf_elf_begin in dw
+	-- Looking for dwelf_elf_begin in dw - found
+
+And building kernel module, before:
+
+$ rpm -qpl /home/pmatilai/rpmbuild/RPMS/x86_64/kmod-lkm_example-1.0-1.x86_64.rpm
+/lib/modules/6.11.8-300.fc41.x86_64/lkm_example/lkm_example.ko.xz
+
+After:
+
+$ rpm -qpl /home/pmatilai/rpmbuild/RPMS/x86_64/kmod-lkm_example-1.0-1.x86_64.rpm
+/lib/modules/6.11.8-300.fc41.x86_64/lkm_example/lkm_example.ko.xz
+/usr/lib/.build-id
+/usr/lib/.build-id/db
+/usr/lib/.build-id/db/f83477ef46b0e51abd5cc1b9382be1330083c4
+
+(cherry picked from commit fe9a9147821044628cab2f7326c97d8401a2c57e)
+
+Fixes: RHEL-54000
+---
+ CMakeLists.txt | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 7808115c1..6dbf179f3 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -357,6 +357,7 @@ if (LIBELF_FOUND)
+ endif()
+ if (LIBDW_FOUND)
+ 	set(HAVE_LIBDW 1)
++	check_library_exists(dw dwelf_elf_begin "" HAVE_DWELF_ELF_BEGIN)
+ endif()
+ 
+ check_symbol_exists(GLOB_ONLYDIR "glob.h" HAVE_GLOB_ONLYDIR)
+-- 
+2.48.1
+

0003-Fix-root-relocation-regression.patch

@@ -0,0 +1,91 @@
+From 3c08dc15ba46495eea776ab9d16d4bdc9ce0b983 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 26 Jul 2024 10:44:04 +0200
+Subject: [PATCH 3/3] Fix root relocation regression
+
+When relocating the root directory, make sure we insert the new path's
+dirname to dirNames[] even if the root itself is owned by the package.
+
+This appears to have been the intention from the first version (largely
+untouched since) of this code as we allow the root to pass through the
+first checks (by setting len to 0 in that case) as well as the second
+for loop where we do the relocations.
+
+This allows fsm to properly create and remove the relocated directory
+since we're now using fd-based calls (#1919) and the parent directory
+needs to be opened first.
+
+No need to do string comparison here, the empty basename signals that
+we're processing the root directory, so just use that.
+
+Building a relocatable package that owns the root directory seems to be
+a handy way to create user-installable packages (see RHEL-28967) and it
+happened to work before with the path-based calls so this technically
+was a regression.  Add a test that emulates this use case.
+
+Backported from commits:
+31c14ba6610568c2d634647fed1fb57221178da9
+308ac60677732e9979b9ce11e5a3085906da1901
+
+Fixes: RHEL-56613
+---
+ lib/relocation.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/relocation.c b/lib/relocation.c
+index 2919b4873..a7110d426 100644
+--- a/lib/relocation.c
++++ b/lib/relocation.c
+@@ -124,7 +124,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     char ** baseNames;
+     char ** dirNames;
+     uint32_t * dirIndexes;
+-    rpm_count_t fileCount, dirCount;
++    rpm_count_t fileCount, dirCount, dirCountOrig;
+     int nrelocated = 0;
+     int fileAlloced = 0;
+     char * fn = NULL;
+@@ -163,7 +163,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+     baseNames = bnames.data;
+     dirIndexes = dindexes.data;
+     fileCount = rpmtdCount(&bnames);
+-    dirCount = rpmtdCount(&dnames);
++    dirCount = dirCountOrig = rpmtdCount(&dnames);
+     /* XXX TODO: use rpmtdDup() instead */
+     dirNames = dnames.data = duparray(dnames.data, dirCount);
+     dnames.flags |= RPMTD_PTR_ALLOCED;
+@@ -180,8 +180,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
+ 	rpmFileTypes ft;
+ 	int fnlen;
+ 
++	size_t baselen = strlen(baseNames[i]);
+ 	size_t len = maxlen +
+-		strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1;
++		strlen(dirNames[dirIndexes[i]]) + baselen + 1;
+ 	if (len >= fileAlloced) {
+ 	    fileAlloced = len * 2;
+ 	    fn = xrealloc(fn, fileAlloced);
+@@ -243,8 +244,9 @@ assert(fn != NULL);		/* XXX can't happen */
+ 	    continue;
+ 	}
+ 
+-	/* Relocation on full paths only, please. */
+-	if (fnlen != len) continue;
++	/* Relocation on '/' and full paths only, please. */
++	if (baselen && fnlen != len)
++	    continue;
+ 
+ 	rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n",
+ 	       fn, relocations[j].newPath);
+@@ -295,7 +297,7 @@ assert(fn != NULL);		/* XXX can't happen */
+     }
+ 
+     /* Finish off by relocating directories. */
+-    for (i = dirCount - 1; i >= 0; i--) {
++    for (i = dirCountOrig - 1; i >= 0; i--) {
+ 	for (j = numRelocations - 1; j >= 0; j--) {
+ 
+ 	    if (relocations[j].oldPath == NULL) /* XXX can't happen */
+-- 
+2.48.1
+

macros.rpmsign-sequoia

@@ -20,7 +20,7 @@
 
 %__gpg_sign_cmd %{__gpg} %{__gpg} sign \
 	%{?_gpg_sign_cmd_extra_args} \
-        %{?_gpg_name:--signer-key %{_gpg_name}} \
+        %{?_gpg_name:--signer %{_gpg_name}} \
-        --binary --detached --output %{shescape:%{?__signature_filename}} \
+        --binary --signature-file %{shescape:%{?__signature_filename}} \
         %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
 

rpm.spec

@@ -27,7 +27,7 @@
 
 %global rpmver 4.19.1.1
 #global snapver rc1
-%global baserelease 10
+%global baserelease 11
 %global sover 10
 
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@@ -152,6 +152,10 @@ rpm-4.18.90-weak-user-group.patch
 0001-Report-unsafe-symlinks-during-installation-as-a-spec.patch
 0002-Fix-FA_TOUCH-ed-files-getting-removed-on-failed-upda.patch
 
+0001-Fix-possible-package-corruption-on-delsign-resign-ad.patch
+0002-Fix-regression-on-build-id-generation-from-compresse.patch
+0003-Fix-root-relocation-regression.patch
+
 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
 
@@ -634,9 +638,15 @@ fi
 %doc %{_defaultdocdir}/rpm/API/
 
 %changelog
-* Wed Feb 12 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-10.alma.1
+* Wed Feb 12 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-11.alma.1
 - Fix: Treat x86_64_v2 as x86_64 in architecture checks
 
+* Fri Jan 24 2025 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-11
+- Fix possible package corruption on --delsign/resign/addsign (RHEL-69518)
+- Fix regression on build-id generation from compressed ELF (RHEL-54000)
+- Fix root relocation regression (RHEL-56613)
+- Update sequoia macros for sq 1.0 (RHEL-56363)
+
 * Mon Jan 13 2025 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-10
 - Report unsafe symlinks during installation as a specific case (RHEL-73186)
 - Fix FA_TOUCH'ed files getting removed on failed update (RHEL-54386)