import UBI rpm-4.16.1.3-34.el9
This commit is contained in:
parent
cd65c04269
commit
88660ad393
124
SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch
Normal file
124
SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
From 1dc9372821487ccace23ff1ae9cba6b30f02c91c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Festi <ffesti@redhat.com>
|
||||||
|
Date: Tue, 5 Jul 2022 16:34:08 +0200
|
||||||
|
Subject: [PATCH] Add SourceLicense tag to spec syntax
|
||||||
|
|
||||||
|
to set a separate license to the source RPM. This can be useful if the
|
||||||
|
sources have code under additional licenses that do not end up in the
|
||||||
|
binary packeges.
|
||||||
|
|
||||||
|
Resolves: #2079
|
||||||
|
|
||||||
|
Note on the backport: The spec document on this branch is ancient and
|
||||||
|
doesn't even contain the License tag's description so this backport
|
||||||
|
leaves the documentation part out.
|
||||||
|
|
||||||
|
(backported from commit 9ed9d3fce34bc3c8121989e0cf263528e7e68756)
|
||||||
|
---
|
||||||
|
build/parsePreamble.c | 6 ++++++
|
||||||
|
lib/rpmtag.h | 3 +++
|
||||||
|
tests/data/SPECS/foo.spec | 1 +
|
||||||
|
tests/data/SPECS/hello.spec | 1 +
|
||||||
|
tests/rpmbuild.at | 11 +++++++++++
|
||||||
|
tests/rpmspec.at | 1 +
|
||||||
|
6 files changed, 23 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/build/parsePreamble.c b/build/parsePreamble.c
|
||||||
|
index e7d6d8752..bd07ecdf0 100644
|
||||||
|
--- a/build/parsePreamble.c
|
||||||
|
+++ b/build/parsePreamble.c
|
||||||
|
@@ -831,6 +831,11 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag,
|
||||||
|
if (addLangTag(spec, pkg->header, tag, field, lang))
|
||||||
|
goto exit;
|
||||||
|
break;
|
||||||
|
+ case RPMTAG_SOURCELICENSE:
|
||||||
|
+ if (addLangTag(spec, spec->sourcePackage->header,
|
||||||
|
+ RPMTAG_LICENSE, field, lang))
|
||||||
|
+ goto exit;
|
||||||
|
+ break;
|
||||||
|
case RPMTAG_BUILDROOT:
|
||||||
|
/* just silently ignore BuildRoot */
|
||||||
|
break;
|
||||||
|
@@ -1012,6 +1017,7 @@ static struct PreambleRec_s const preambleList[] = {
|
||||||
|
{RPMTAG_EPOCH, 0, 0, 1, LEN_AND_STR("epoch")},
|
||||||
|
{RPMTAG_SUMMARY, 1, 0, 1, LEN_AND_STR("summary")},
|
||||||
|
{RPMTAG_LICENSE, 0, 0, 1, LEN_AND_STR("license")},
|
||||||
|
+ {RPMTAG_SOURCELICENSE, 0, 0, 1, LEN_AND_STR("sourcelicense")},
|
||||||
|
{RPMTAG_DISTRIBUTION, 0, 0, 1, LEN_AND_STR("distribution")},
|
||||||
|
{RPMTAG_DISTURL, 0, 0, 1, LEN_AND_STR("disturl")},
|
||||||
|
{RPMTAG_VENDOR, 0, 0, 1, LEN_AND_STR("vendor")},
|
||||||
|
diff --git a/lib/rpmtag.h b/lib/rpmtag.h
|
||||||
|
index 7d1943835..1fd829118 100644
|
||||||
|
--- a/lib/rpmtag.h
|
||||||
|
+++ b/lib/rpmtag.h
|
||||||
|
@@ -375,6 +375,9 @@ typedef enum rpmTag_e {
|
||||||
|
RPMTAG_MODULARITYLABEL = 5096, /* s */
|
||||||
|
RPMTAG_PAYLOADDIGESTALT = 5097, /* s[] */
|
||||||
|
|
||||||
|
+ /* Backports */
|
||||||
|
+ RPMTAG_SOURCELICENSE = 5102, /* internal */
|
||||||
|
+
|
||||||
|
RPMTAG_FIRSTFREE_TAG /*!< internal */
|
||||||
|
} rpmTag;
|
||||||
|
|
||||||
|
diff --git a/tests/data/SPECS/foo.spec b/tests/data/SPECS/foo.spec
|
||||||
|
index 859e98142..9b1087094 100644
|
||||||
|
--- a/tests/data/SPECS/foo.spec
|
||||||
|
+++ b/tests/data/SPECS/foo.spec
|
||||||
|
@@ -8,6 +8,7 @@ Source: hello-2.0.tar.gz
|
||||||
|
Patch1: hello-1.0-modernize.patch
|
||||||
|
Group: Testing
|
||||||
|
License: GPLv2+
|
||||||
|
+SourceLicense: GPL, ASL 1.0
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description
|
||||||
|
diff --git a/tests/data/SPECS/hello.spec b/tests/data/SPECS/hello.spec
|
||||||
|
index 5bc9cfaf7..4b9053aca 100644
|
||||||
|
--- a/tests/data/SPECS/hello.spec
|
||||||
|
+++ b/tests/data/SPECS/hello.spec
|
||||||
|
@@ -4,6 +4,7 @@ Version: 1.0
|
||||||
|
Release: 1
|
||||||
|
Group: Utilities
|
||||||
|
License: GPL
|
||||||
|
+SourceLicense: GPL, ASL 1.0
|
||||||
|
Distribution: RPM test suite.
|
||||||
|
Vendor: Red Hat Software
|
||||||
|
Packager: Red Hat Software <bugs@redhat.com>
|
||||||
|
diff --git a/tests/rpmbuild.at b/tests/rpmbuild.at
|
||||||
|
index bff65303b..7680f1502 100644
|
||||||
|
--- a/tests/rpmbuild.at
|
||||||
|
+++ b/tests/rpmbuild.at
|
||||||
|
@@ -31,6 +31,17 @@ run rpmbuild \
|
||||||
|
[0],
|
||||||
|
[ignore],
|
||||||
|
[ignore])
|
||||||
|
+
|
||||||
|
+AT_CHECK([
|
||||||
|
+
|
||||||
|
+runroot rpm -qp --qf "%{license}\n" /build/SRPMS/hello-1.0-1.src.rpm
|
||||||
|
+runroot rpm -qp --qf "%{license}\n" /build/RPMS/*/hello-1.0-1.*.rpm
|
||||||
|
+],
|
||||||
|
+[0],
|
||||||
|
+[GPL, ASL 1.0
|
||||||
|
+GPL
|
||||||
|
+],
|
||||||
|
+[])
|
||||||
|
AT_CLEANUP
|
||||||
|
|
||||||
|
AT_SETUP([rpmbuild -ba autosetup])
|
||||||
|
diff --git a/tests/rpmspec.at b/tests/rpmspec.at
|
||||||
|
index 2b11201db..c898ee654 100644
|
||||||
|
--- a/tests/rpmspec.at
|
||||||
|
+++ b/tests/rpmspec.at
|
||||||
|
@@ -243,6 +243,7 @@ Source: hello-2.0.tar.gz
|
||||||
|
Patch1: hello-1.0-modernize.patch
|
||||||
|
Group: Testing
|
||||||
|
License: GPLv2+
|
||||||
|
+SourceLicense: GPL, ASL 1.0
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
39
SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch
Normal file
39
SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Festi <ffesti@redhat.com>
|
||||||
|
Date: Fri, 20 Aug 2021 15:14:16 +0200
|
||||||
|
Subject: [PATCH] Don't segfault on missing priority tag
|
||||||
|
|
||||||
|
Resolves: #1636
|
||||||
|
Related: #1638
|
||||||
|
---
|
||||||
|
lib/rpmtriggers.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
|
||||||
|
index fc809a65e..d541974e8 100644
|
||||||
|
--- a/lib/rpmtriggers.c
|
||||||
|
+++ b/lib/rpmtriggers.c
|
||||||
|
@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
|
||||||
|
if (matchFunc(ts, te, pfx, sense)) {
|
||||||
|
for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) {
|
||||||
|
struct rpmtd_s priorities;
|
||||||
|
- unsigned int priority;
|
||||||
|
+ unsigned int priority = 0;
|
||||||
|
+ unsigned int *priority_ptr;
|
||||||
|
unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i);
|
||||||
|
unsigned int tix = rpmdbIndexIteratorTagNum(ii, i);
|
||||||
|
|
||||||
|
@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
|
||||||
|
trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset);
|
||||||
|
headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM);
|
||||||
|
rpmtdSetIndex(&priorities, tix);
|
||||||
|
- priority = *rpmtdGetUint32(&priorities);
|
||||||
|
+ priority_ptr = rpmtdGetUint32(&priorities);
|
||||||
|
+ if (priority_ptr)
|
||||||
|
+ priority = *priority_ptr;
|
||||||
|
headerFree(trigH);
|
||||||
|
|
||||||
|
/* Store file trigger in array */
|
||||||
|
--
|
||||||
|
2.45.1
|
||||||
|
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -up rpm-4.16.1.3/lib/rpmts.c.orig rpm-4.16.1.3/lib/rpmts.c
|
||||||
|
--- rpm-4.16.1.3/lib/rpmts.c.orig 2024-07-11 13:55:35.430198126 +0200
|
||||||
|
+++ rpm-4.16.1.3/lib/rpmts.c 2024-07-11 13:55:59.243061182 +0200
|
||||||
|
@@ -482,6 +482,8 @@ static int makePubkeyHeader(rpmts ts, rp
|
||||||
|
int rc = -1;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
+ memset(&kd, 0, sizeof(kd));
|
||||||
|
+
|
||||||
|
if ((enc = rpmPubkeyBase64(key)) == NULL)
|
||||||
|
goto exit;
|
||||||
|
if ((dig = rpmPubkeyDig(key)) == NULL)
|
@ -0,0 +1,32 @@
|
|||||||
|
From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Thu, 6 Jun 2024 09:15:02 +0200
|
||||||
|
Subject: [PATCH] Fix potential use of uninitialized pipe array
|
||||||
|
|
||||||
|
We only call pipe(2) after the script is written to disk so if the
|
||||||
|
latter fails, the array will be left uninitialized and subsequently read
|
||||||
|
after skipping to the exit label. Fix by initializing it.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Fixes: RHEL-22604
|
||||||
|
---
|
||||||
|
lib/rpmscript.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/rpmscript.c b/lib/rpmscript.c
|
||||||
|
index 281c55c53..1de4acf8e 100644
|
||||||
|
--- a/lib/rpmscript.c
|
||||||
|
+++ b/lib/rpmscript.c
|
||||||
|
@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
|
||||||
|
char * fn = NULL;
|
||||||
|
pid_t pid, reaped;
|
||||||
|
int status;
|
||||||
|
- int inpipe[2];
|
||||||
|
+ int inpipe[2] = { -1, -1 };
|
||||||
|
FILE *in = NULL;
|
||||||
|
const char *line;
|
||||||
|
char *mline = NULL;
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
91
SOURCES/0001-Fix-root-relocation-regression.patch
Normal file
91
SOURCES/0001-Fix-root-relocation-regression.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
From bce17e42f2301a88574d757740627480a38d86aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Fri, 26 Jul 2024 10:44:04 +0200
|
||||||
|
Subject: [PATCH] Fix root relocation regression
|
||||||
|
|
||||||
|
When relocating the root directory, make sure we insert the new path's
|
||||||
|
dirname to dirNames[] even if the root itself is owned by the package.
|
||||||
|
|
||||||
|
This appears to have been the intention from the first version (largely
|
||||||
|
untouched since) of this code as we allow the root to pass through the
|
||||||
|
first checks (by setting len to 0 in that case) as well as the second
|
||||||
|
for loop where we do the relocations.
|
||||||
|
|
||||||
|
This allows fsm to properly create and remove the relocated directory
|
||||||
|
since we're now using fd-based calls (#1919) and the parent directory
|
||||||
|
needs to be opened first.
|
||||||
|
|
||||||
|
No need to do string comparison here, the empty basename signals that
|
||||||
|
we're processing the root directory, so just use that.
|
||||||
|
|
||||||
|
Building a relocatable package that owns the root directory seems to be
|
||||||
|
a handy way to create user-installable packages (see RHEL-28967) and it
|
||||||
|
happened to work before with the path-based calls so this technically
|
||||||
|
was a regression. Add a test that emulates this use case.
|
||||||
|
|
||||||
|
Backported from commits:
|
||||||
|
31c14ba6610568c2d634647fed1fb57221178da9
|
||||||
|
308ac60677732e9979b9ce11e5a3085906da1901
|
||||||
|
|
||||||
|
Fixes: RHEL-28967
|
||||||
|
---
|
||||||
|
lib/relocation.c | 14 ++++++++------
|
||||||
|
1 file changed, 8 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/relocation.c b/lib/relocation.c
|
||||||
|
index 3ba4cfeab..8c35bc1a7 100644
|
||||||
|
--- a/lib/relocation.c
|
||||||
|
+++ b/lib/relocation.c
|
||||||
|
@@ -123,7 +123,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
|
||||||
|
char ** baseNames;
|
||||||
|
char ** dirNames;
|
||||||
|
uint32_t * dirIndexes;
|
||||||
|
- rpm_count_t fileCount, dirCount;
|
||||||
|
+ rpm_count_t fileCount, dirCount, dirCountOrig;
|
||||||
|
int nrelocated = 0;
|
||||||
|
int fileAlloced = 0;
|
||||||
|
char * fn = NULL;
|
||||||
|
@@ -162,7 +162,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
|
||||||
|
baseNames = bnames.data;
|
||||||
|
dirIndexes = dindexes.data;
|
||||||
|
fileCount = rpmtdCount(&bnames);
|
||||||
|
- dirCount = rpmtdCount(&dnames);
|
||||||
|
+ dirCount = dirCountOrig = rpmtdCount(&dnames);
|
||||||
|
/* XXX TODO: use rpmtdDup() instead */
|
||||||
|
dirNames = dnames.data = duparray(dnames.data, dirCount);
|
||||||
|
dnames.flags |= RPMTD_PTR_ALLOCED;
|
||||||
|
@@ -179,8 +179,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
|
||||||
|
rpmFileTypes ft;
|
||||||
|
int fnlen;
|
||||||
|
|
||||||
|
+ size_t baselen = strlen(baseNames[i]);
|
||||||
|
size_t len = maxlen +
|
||||||
|
- strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1;
|
||||||
|
+ strlen(dirNames[dirIndexes[i]]) + baselen + 1;
|
||||||
|
if (len >= fileAlloced) {
|
||||||
|
fileAlloced = len * 2;
|
||||||
|
fn = xrealloc(fn, fileAlloced);
|
||||||
|
@@ -242,8 +243,9 @@ assert(fn != NULL); /* XXX can't happen */
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Relocation on full paths only, please. */
|
||||||
|
- if (fnlen != len) continue;
|
||||||
|
+ /* Relocation on '/' and full paths only, please. */
|
||||||
|
+ if (baselen && fnlen != len)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n",
|
||||||
|
fn, relocations[j].newPath);
|
||||||
|
@@ -294,7 +296,7 @@ assert(fn != NULL); /* XXX can't happen */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Finish off by relocating directories. */
|
||||||
|
- for (i = dirCount - 1; i >= 0; i--) {
|
||||||
|
+ for (i = dirCountOrig - 1; i >= 0; i--) {
|
||||||
|
for (j = numRelocations - 1; j >= 0; j--) {
|
||||||
|
|
||||||
|
if (relocations[j].oldPath == NULL) /* XXX can't happen */
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
51
SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch
Normal file
51
SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Mon, 5 Aug 2024 14:40:57 +0200
|
||||||
|
Subject: [PATCH] Skip to hashed subpacket data directly
|
||||||
|
|
||||||
|
Let OpenScanHub grok the bigger picture instead of producing a spurious
|
||||||
|
overrun warning for v->hashlen when we're dereferencing p later.
|
||||||
|
|
||||||
|
Casting the v pointer back to uint8_t is unnecessary when we could just
|
||||||
|
use h directly but it's done this way in the if branch for pgp version 3
|
||||||
|
in this function as well as in pgpPrtKey() so copy that, just for the
|
||||||
|
sake of consistency.
|
||||||
|
|
||||||
|
Along the same lines (consistency), change the p pointer to a const
|
||||||
|
pointer.
|
||||||
|
|
||||||
|
No functional change.
|
||||||
|
|
||||||
|
Resolves: RHEL-22607
|
||||||
|
---
|
||||||
|
rpmio/rpmpgp.c | 5 ++---
|
||||||
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
|
||||||
|
index d0688ebe9..6f044eb1b 100644
|
||||||
|
--- a/rpmio/rpmpgp.c
|
||||||
|
+++ b/rpmio/rpmpgp.c
|
||||||
|
@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
|
||||||
|
pgpDigParams _digp)
|
||||||
|
{
|
||||||
|
uint8_t version = 0;
|
||||||
|
- uint8_t * p;
|
||||||
|
+ const uint8_t * p;
|
||||||
|
unsigned int plen;
|
||||||
|
int rc = 1;
|
||||||
|
|
||||||
|
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
|
||||||
|
pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
|
||||||
|
pgpPrtNL();
|
||||||
|
|
||||||
|
- p = &v->hashlen[0];
|
||||||
|
if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
|
||||||
|
return 1;
|
||||||
|
- p += sizeof(v->hashlen);
|
||||||
|
+ p = ((uint8_t *)v) + sizeof(*v);
|
||||||
|
|
||||||
|
if ((p + plen) > (h + hlen))
|
||||||
|
return 1;
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From d29651be364ef72c7c0f468157602e4ed5cab4ff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Festi <ffesti@redhat.com>
|
||||||
|
Date: Wed, 12 Jun 2024 15:46:12 +0200
|
||||||
|
Subject: [PATCH] Talk about rpmsign in the rpmsign man page
|
||||||
|
|
||||||
|
In the past handling signatures was done by the rpm / rpmbuild binaries
|
||||||
|
directly. When this functionality was split into rpmsign the man page
|
||||||
|
was not adjusted accoringly. This is the long overdue update.
|
||||||
|
|
||||||
|
Resolves: # 3125
|
||||||
|
|
||||||
|
(backported from commit 8e1f55c7004e8c1a7d9140ab2dd9456a7ace3e77)
|
||||||
|
---
|
||||||
|
doc/rpmsign.8 | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
|
||||||
|
index f7ceae89b..6c5bcc8ef 100644
|
||||||
|
--- a/doc/rpmsign.8
|
||||||
|
+++ b/doc/rpmsign.8
|
||||||
|
@@ -5,9 +5,9 @@ rpmsign \- RPM Package Signing
|
||||||
|
.SS "SIGNING PACKAGES:"
|
||||||
|
.PP
|
||||||
|
|
||||||
|
-\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
+\fBrpmsign\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
|
||||||
|
-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
+\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
|
||||||
|
.SS "rpmsign-options"
|
||||||
|
.PP
|
||||||
|
@@ -22,10 +22,10 @@ options generate and insert new signatures for each package
|
||||||
|
existing signatures. There are two options for historical reasons,
|
||||||
|
there is no difference in behavior currently.
|
||||||
|
|
||||||
|
-To create a signature rpm needs to verify the package's checksum. As a result
|
||||||
|
+To create a signature rpmsign needs to verify the package's checksum. As a result
|
||||||
|
packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
|
||||||
|
|
||||||
|
-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
+\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
||||||
|
|
||||||
|
.PP
|
||||||
|
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
|
||||||
|
@@ -36,7 +36,7 @@ Delete all signatures from each package \fIPACKAGE_FILE\fR given.
|
||||||
|
\fB--rpmv3\fR
|
||||||
|
Force RPM V3 header+payload signature addition.
|
||||||
|
These are expensive and redundant baggage on packages where a separate
|
||||||
|
-payload digest exists (packages built with rpm >= 4.14). Rpm will
|
||||||
|
+payload digest exists (packages built with rpm >= 4.14). Rpmsign will
|
||||||
|
automatically detect the need for V3 signatures, but this option can be
|
||||||
|
used to force their creation if the packages must be fully
|
||||||
|
signature verifiable with rpm < 4.14 or other interoperability reasons.
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Wed, 24 Jan 2024 12:03:39 +0200
|
||||||
|
Subject: [PATCH] Use unsigned integers for buildtime too for Y2K38 safety
|
||||||
|
|
||||||
|
This little patch buys us 68 extra years to move to 64bit time tags
|
||||||
|
in rpm. That seems achievable.
|
||||||
|
|
||||||
|
Fixes: #1228
|
||||||
|
---
|
||||||
|
build/build.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/build/build.c b/build/build.c
|
||||||
|
index e4081c673..0ac8bf6c9 100644
|
||||||
|
--- a/build/build.c
|
||||||
|
+++ b/build/build.c
|
||||||
|
@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void)
|
||||||
|
if (srcdate == endptr || *endptr || errno != 0)
|
||||||
|
rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
|
||||||
|
else
|
||||||
|
- buildTime = (int32_t) epoch;
|
||||||
|
+ buildTime = (uint32_t) epoch;
|
||||||
|
} else
|
||||||
|
- buildTime = (int32_t) time(NULL);
|
||||||
|
+ buildTime = (uint32_t) time(NULL);
|
||||||
|
|
||||||
|
return buildTime;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.45.1
|
||||||
|
|
@ -32,7 +32,7 @@
|
|||||||
|
|
||||||
%global rpmver 4.16.1.3
|
%global rpmver 4.16.1.3
|
||||||
#global snapver rc1
|
#global snapver rc1
|
||||||
%global rel 29
|
%global rel 34
|
||||||
%global sover 9
|
%global sover 9
|
||||||
|
|
||||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||||
@ -108,6 +108,12 @@ Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch
|
|||||||
Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
|
Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
|
||||||
Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch
|
Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch
|
||||||
Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch
|
Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch
|
||||||
|
Patch143: 0001-Don-t-segfault-on-missing-priority-tag.patch
|
||||||
|
Patch144: 0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch
|
||||||
|
Patch145: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
|
||||||
|
Patch146: 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
|
||||||
|
Patch147: 0001-Add-SourceLicense-tag-to-spec-syntax.patch
|
||||||
|
Patch148: 0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
Patch906: rpm-4.7.1-geode-i686.patch
|
Patch906: rpm-4.7.1-geode-i686.patch
|
||||||
@ -129,6 +135,8 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
|
|||||||
Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
|
Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
|
||||||
Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
|
Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
|
||||||
Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
|
Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
|
||||||
|
Patch1003: 0001-Fix-root-relocation-regression.patch
|
||||||
|
Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch
|
||||||
|
|
||||||
# Partially GPL/LGPL dual-licensed and some bits with BSD
|
# Partially GPL/LGPL dual-licensed and some bits with BSD
|
||||||
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
|
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
|
||||||
@ -657,6 +665,28 @@ fi
|
|||||||
%doc doc/librpm/html/*
|
%doc doc/librpm/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-34
|
||||||
|
- Fix discarded const qualifier in previous patch (RHEL-22607)
|
||||||
|
|
||||||
|
* Mon Aug 05 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-33
|
||||||
|
- Fix root relocation regression (RHEL-28967)
|
||||||
|
- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
|
||||||
|
|
||||||
|
* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-32
|
||||||
|
- Revert incorrect fix for false array overrun (RHEL-22607)
|
||||||
|
|
||||||
|
* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-31
|
||||||
|
- Fix potential use of uninitialized pipe array (RHEL-22604)
|
||||||
|
- Fix potential use of uninitialized pgp struct (RHEL-22605)
|
||||||
|
- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
|
||||||
|
- Add SourceLicense tag to spec syntax (RHEL-28798)
|
||||||
|
- Talk about rpmsign in the rpmsign(8) man page (RHEL-40895)
|
||||||
|
|
||||||
|
* Mon Jun 03 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-30
|
||||||
|
- Don't segfault on missing priority tag (RHEL-35249)
|
||||||
|
- Use unsigned integers for buildtime too for Y2K38 safety (RHEL-22602)
|
||||||
|
- Rebuild against libimaevm.so.4 (RHEL-32505)
|
||||||
|
|
||||||
* Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29
|
* Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29
|
||||||
- Actually add --verifydb to the man page (RHEL-14591)
|
- Actually add --verifydb to the man page (RHEL-14591)
|
||||||
- Don't warn about missing user/group on skipped files (RHEL-18037)
|
- Don't warn about missing user/group on skipped files (RHEL-18037)
|
||||||
|
Loading…
Reference in New Issue
Block a user