- fix build-time double-free on file capability processing (#956190)

- fix relocation related regression on file sanity check (#1001553) - fix segfault on empty -p <lua> scriptlet body (#1004062) - fix source url, once again
2013-09-09 14:58:21 +03:00 · 2013-09-09 14:58:21 +03:00 · 9c611011c4
commit 9c611011c4
parent f5c5c333a8
4 changed files with 83 additions and 2 deletions
--- a/rpm-4.11.1-caps-double-free.patch
+++ b/rpm-4.11.1-caps-double-free.patch
@ -0,0 +1,19 @@
+commit 65eec62cb7796dad6fbf1d5436251e176449f522
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Thu Aug 29 16:32:32 2013 +0300
+
+    Fix double-free on %caps() wildcard %files entry (RhBug:956190)
+
+diff --git a/build/files.c b/build/files.c
+index 20f452f..eed5696 100644
+--- a/build/files.c
+++ b/build/files.c
+@@ -1448,7 +1448,7 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+ 	}
+ 
+ 	if (fl->cur.caps) {
+-	    flp->caps = fl->cur.caps;
+	    flp->caps = xstrdup(fl->cur.caps);
+ 	} else {
+ 	    flp->caps = xstrdup("");
+ 	}
--- a/rpm-4.11.1-empty-lua-script.patch
+++ b/rpm-4.11.1-empty-lua-script.patch
@ -0,0 +1,23 @@
+commit 5f3598a700e8e028f9140682262869ca319597ee
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Fri Sep 6 16:31:25 2013 +0300
+
+    Fix segfault executing a -p <lua> scriptlet without a body (RhBug:1004062)
+    
+    - There are any number of places where this could be fixed, but
+      to keep the behavior similar to eg /bin/sh scriptlet without a body,
+      just turn a non-existent script into an empty string.
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index 0576318..921cc37 100644
+--- a/rpmio/rpmlua.c
+++ b/rpmio/rpmlua.c
+@@ -526,6 +526,8 @@ int rpmluaRunScript(rpmlua _lua, const char *script, const char *name)
+     int ret = 0;
+     if (name == NULL)
+ 	name = "<lua>";
+    if (script == NULL)
+	script = "";
+     if (luaL_loadbuffer(L, script, strlen(script), name) != 0) {
+ 	rpmlog(RPMLOG_ERR, _("invalid syntax in lua script: %s\n"),
+ 		 lua_tostring(L, -1));
--- a/rpm-4.11.1-file-triplet-check.patch
+++ b/rpm-4.11.1-file-triplet-check.patch
@ -0,0 +1,27 @@
+commit 65c7cc17664358051f0358de272e616dd88ab624
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Tue Aug 27 15:15:40 2013 +0300
+
+    Relax the filename triplet sanity check a bit (RhBug:1001553)
+    
+    - At least unowned directories can cause orphans to be left around
+      in RPMTAG_DIRNAMES, in which case its possible for number of
+      dirnames to be larger than the number of basenames. This is
+      arguably a bug in the relocation code but doesn't seem worth
+      the trouble... so just relax the check to simply permit non-empty
+      dirnames array, the index bound checking is far more important.
+
+diff --git a/lib/rpmfi.c b/lib/rpmfi.c
+index 30663d0..00506ce 100644
+--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
+@@ -1128,7 +1128,8 @@ static int indexSane(rpmtd xd, rpmtd yd, rpmtd zd)
+     uint32_t zc = rpmtdCount(zd);
+ 
+     /* check that the amount of data in each is sane */
+-    if (xc > 0 && yc > 0 && yc <= xc && zc == xc) {
+    /* normally yc <= xc but larger values are not fatal (RhBug:1001553) */
+    if (xc > 0 && yc > 0 && zc == xc) {
+ 	uint32_t * i;
+ 	/* ...and that the indexes are within bounds */
+ 	while ((i = rpmtdNextUint32(zd))) {
--- a/rpm.spec
+++ b/rpm.spec
@ -21,10 +21,10 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}6%{?dist}
+Release: %{?snapver:0.%{snapver}.}7%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
-Source0: http://rpm.org/releases/testing/%{name}-%{srcver}.tar.bz2
+Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2
 %if %{with int_bdb}
 Source1: db-%{bdbver}.tar.gz
 %else
@ -50,6 +50,9 @@ Patch6: rpm-4.9.0-armhfp-logic.patch
 Patch100: rpm-4.11.x-filter-soname-deps.patch
 Patch101: rpm-4.11.1-instprefix.patch
 Patch102: rpm-4.11.x-do-not-filter-ld64.patch
+Patch103: rpm-4.11.1-file-triplet-check.patch
+Patch104: rpm-4.11.1-caps-double-free.patch
+Patch105: rpm-4.11.1-empty-lua-script.patch

 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@ -251,6 +254,9 @@ packages on a system.
 %patch100 -p1 -b .filter-soname-deps
 %patch101 -p1 -b .instprefix
 %patch102 -p1 -b .dont-filter-ld64
+%patch103 -p1 -b .file-triplet-check
+%patch104 -p1 -b .caps-double-free
+%patch105 -p1 -b .empty-lua-script

 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
@ -507,6 +513,12 @@ exit 0
 %doc COPYING doc/librpm/html/*

 %changelog
+* Mon Sep 09 2013 Matilainen <pmatilai@redhat.com> - 4.11.1-7
+- fix build-time double-free on file capability processing (#956190)
+- fix relocation related regression on file sanity check (#1001553)
+- fix segfault on empty -p <lua> scriptlet body (#1004062)
+- fix source url, once again
+
 * Wed Aug 21 2013 Panu Matilainen <pmatilai@redhat.com> - 4.11.1-6
 - add python3 sub-package, based on patch by Bohuslav Kabrda