rpms/rpm
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import rpm-4.16.1.3-17.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-09-27 10:19:13 -04:00 committed by Stepan Oksanichenko
parent 6620669016
commit 80899f857c
5 changed files with 148 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch Normal file
View File

@ -0,0 +1,40 @@
From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Tue, 28 Jun 2022 12:50:54 +0200
Subject: [PATCH] Give warning on not supported hash for RSA keys
This can happen when old keys are used on systems that have disabled SHA1
e.g. for FIPS requirements.
This is less than ideal but there is currently no way to pass a meaningful
error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key
or NULL.
See rhbz#2069877
---
rpmio/digest_openssl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
index a28a13acc..2ec5140f1 100644
--- a/rpmio/digest_openssl.c
+++ b/rpmio/digest_openssl.c
@@ -4,6 +4,7 @@
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <rpm/rpmpgp.h>
+#include <rpm/rpmlog.h>
#include "rpmio/digest.h"
@@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo));
if (ret < 0) {
+ rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo));
rc = 1;
goto done;
}
--
2.36.1

57
SOURCES/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch Normal file
View File

@ -0,0 +1,57 @@
diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
index 4531271cc..74aeed851 100755
--- a/scripts/rpm2cpio.sh
+++ b/scripts/rpm2cpio.sh
@@ -15,13 +15,23 @@ _dd() {
}
calcsize() {
+
+ case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in
+ "$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8'
+ *) fatal "File doesn't look like rpm: $pkg" ;;
+ esac
+
offset=$(($1 + 8))
local i b b0 b1 b2 b3 b4 b5 b6 b7
i=0
while [ $i -lt 8 ]; do
- b="$(_dd $(($offset + $i)) bs=1 count=1)"
+ # add . to not loose \n
+ # strip \0 as it gets dropped with warning otherwise
+ b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)"
+ b=${b%.} # strip . again
+
[ -z "$b" ] &&
b="0" ||
b="$(exec printf '%u\n' "'$b")"
@@ -33,7 +43,7 @@ calcsize() {
offset=$(($offset + $rsize))
}
-case "$(_dd 0 bs=8 count=1)" in
+case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
*) fatal "File doesn't look like rpm: $pkg" ;;
esac
@@ -44,11 +54,11 @@ sigsize=$rsize
calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
hdrsize=$rsize
-case "$(_dd $offset bs=3 count=1)" in
- "$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
- "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b'
- "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37'
- "$(printf '\135\000')"*) _dd $offset | unlzma ;; # '\x5d\x00'
- "$(printf '\050\265')"*) _dd $offset | unzstd ;; # '\x28\xb5'
- *) fatal "Unrecognized rpm file: $pkg" ;;
+case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in
+ "$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a'
+ "$(printf '\037\213')") _dd $offset | gunzip ;; # '\x1f\x8b'
+ "$(printf '\375\067')") _dd $offset | xzcat ;; # '\xfd\x37'
+ "$(printf '\135')") _dd $offset | unlzma ;; # '\x5d\x00'
+ "$(printf '\050\265')") _dd $offset | unzstd ;; # '\x28\xb5'
+ *) fatal "Unrecognized payload compression format in rpm file: $pkg" ;;
esac

27
SOURCES/rpm-4.16.1.3-add-path-query-option.patch
View File

@ -1,4 +1,4 @@
From ce8af503733b5661efa046cc7f5f68ee0dad75cc Mon Sep 17 00:00:00 2001 From ba659220886c1a315f50fb91b9af4615b1a8757e Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com> From: Michal Domonkos <mdomonko@redhat.com>
Date: Mon, 16 Aug 2021 18:21:02 +0200 Date: Mon, 16 Aug 2021 18:21:02 +0200
Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries
@ -14,8 +14,11 @@ Update the man page for --file to reflect it's current behavior and make
Resolves: rhbz#1940895 Resolves: rhbz#1940895
Combined with d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f and backported Combined with:
for 4.16.1.3. d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f
f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8
Backported for 4.16.1.3.
--- ---
doc/rpm.8 | 9 ++++++-- doc/rpm.8 | 9 ++++++--
lib/poptQV.c | 6 +++++- lib/poptQV.c | 6 +++++-
@ -115,17 +118,17 @@ index fdabe6e52..9a71f0dc5 100644
mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0); mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0);
diff --git a/lib/rpmcli.h b/lib/rpmcli.h diff --git a/lib/rpmcli.h b/lib/rpmcli.h
index 4886c2453..8ef992ff2 100644 index 4886c2453..3961418e7 100644
--- a/lib/rpmcli.h --- a/lib/rpmcli.h
+++ b/lib/rpmcli.h +++ b/lib/rpmcli.h
@@ -81,6 +81,7 @@ rpmcliFini(poptContext optCon); @@ -101,6 +101,7 @@ enum rpmQVSources_e {
enum rpmQVSources_e { RPMQV_SPECBUILTRPMS, /*!< ... from pkgs which would be built from spec */
RPMQV_PACKAGE = 0, /*!< ... from package name db search. */ RPMQV_WHATOBSOLETES, /*!< ... from obsoletes db search. */
RPMQV_PATH, /*!< ... from file path db search. */ RPMQV_WHATCONFLICTS, /*!< ... from conflicts db search. */
+ RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */ + RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */
RPMQV_ALL, /*!< ... from each installed package. */ };
RPMQV_RPM, /*!< ... from reading binary rpm package. */
RPMQV_GROUP, /*!< ... from group db search. */ typedef rpmFlags rpmQVSources;
diff --git a/tests/rpmquery.at b/tests/rpmquery.at diff --git a/tests/rpmquery.at b/tests/rpmquery.at
index 9a4f1cb76..335d5ee0d 100644 index 9a4f1cb76..335d5ee0d 100644
--- a/tests/rpmquery.at --- a/tests/rpmquery.at
@ -190,5 +193,5 @@ index 9a4f1cb76..335d5ee0d 100644
AT_SETUP([integer array query]) AT_SETUP([integer array query])
AT_KEYWORDS([query]) AT_KEYWORDS([query])
-- --
2.34.1 2.35.1

20
SOURCES/rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Normal file
View File

@ -0,0 +1,20 @@
--- rpm.orig/macros.in 2022-06-30 11:37:18.975312592 +0100
+++ rpm-4.16.1.3/macros.in 2022-06-30 11:37:43.145158323 +0100
@@ -167,6 +167,9 @@
# A spec file can %%define _find_debuginfo_opts to pass options to
# the script. See the script for details.
#
+# Vendor spec files (eg redhat-rpm-config:macros) can %%define
+# _find_debuginfo_vendor_opts to pass options to the script.
+#
%__debug_install_post \
%{_rpmconfigdir}/find-debuginfo.sh \\\
%{?_smp_build_ncpus:-j%{_smp_build_ncpus}} \\\
@@ -179,6 +182,7 @@
%{?_unique_debug_srcs:--unique-debug-src-base "%{name}-%{VERSION}-%{RELEASE}.%{_arch}"} \\\
%{?_find_debuginfo_dwz_opts} \\\
%{?_find_debuginfo_opts} \\\
+ %{?_find_debuginfo_vendor_opts} \\\
%{?_debugsource_packages:-S debugsourcefiles.list} \\\
"%{_builddir}/%{?buildsubdir}"\
%{nil}

17
SPECS/rpm.spec
View File

@ -32,7 +32,7 @@
%global rpmver 4.16.1.3 %global rpmver 4.16.1.3
#global snapver rc1 #global snapver rc1
%global rel 11 %global rel 17
%global sover 9 %global sover 9
%global srcver %{rpmver}%{?snapver:-%{snapver}} %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -82,11 +82,13 @@ Patch110: rpm-4.16.1.3-add-path-query-option.patch
Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch
Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch
Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch
Patch114: rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch
# These are not yet upstream # These are not yet upstream
Patch906: rpm-4.7.1-geode-i686.patch Patch906: rpm-4.7.1-geode-i686.patch
# Probably to be upstreamed in slightly different form # Probably to be upstreamed in slightly different form
Patch907: rpm-4.15.x-ldflags.patch Patch907: rpm-4.15.x-ldflags.patch
Patch908: 0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch
# Not yet (all) upstream, debugedit DWARF5 # Not yet (all) upstream, debugedit DWARF5
# https://code.wildebeest.org/git/user/mjw/rpm/log/?h=gcc-dwarf5-4.16.1.2 # https://code.wildebeest.org/git/user/mjw/rpm/log/?h=gcc-dwarf5-4.16.1.2
@ -99,6 +101,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
# Downstream-only patches # Downstream-only patches
Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
# Partially GPL/LGPL dual-licensed and some bits with BSD # Partially GPL/LGPL dual-licensed and some bits with BSD
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@ -611,6 +614,18 @@ fi
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Wed Aug 03 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-17
- Make rpm2cpio.sh more robust (#1983015)
* Thu Jun 30 2022 Nick Clifton <nickc@redhat.com> - 4.16.1.3-15
- Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617)
* Tue Jun 28 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-14
- Warning for failed key import (#2069877)
* Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-12
- Fix minor ABI regression in rpmcli.h (#2037352)
* Mon Feb 14 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-11 * Mon Feb 14 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-11
- Fix IMA signature lengths assumed constant, take III (#2018937) - Fix IMA signature lengths assumed constant, take III (#2018937)
- Fix regression reading rpm v3 and other rare packages (#2037186) - Fix regression reading rpm v3 and other rare packages (#2037186)