From b479b75d29edeb5cdfd76a40fa998d461d63553e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 30 Sep 2024 16:31:44 +0000 Subject: [PATCH] import CS rpm-4.16.1.3-34.el9 --- ...Add-SourceLicense-tag-to-spec-syntax.patch | 124 ++++++++++++++++++ ...n-t-segfault-on-missing-priority-tag.patch | 39 ++++++ ...tial-use-of-uninitialized-pgp-struct.patch | 12 ++ ...tial-use-of-uninitialized-pipe-array.patch | 32 +++++ .../0001-Fix-root-relocation-regression.patch | 91 +++++++++++++ ...ip-to-hashed-subpacket-data-directly.patch | 51 +++++++ ...bout-rpmsign-in-the-rpmsign-man-page.patch | 57 ++++++++ ...egers-for-buildtime-too-for-Y2K38-sa.patch | 32 +++++ SPECS/rpm.spec | 32 ++++- 9 files changed, 469 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch create mode 100644 SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch create mode 100644 SOURCES/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch create mode 100644 SOURCES/0001-Fix-potential-use-of-uninitialized-pipe-array.patch create mode 100644 SOURCES/0001-Fix-root-relocation-regression.patch create mode 100644 SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch create mode 100644 SOURCES/0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch create mode 100644 SOURCES/0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch diff --git a/SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch b/SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch new file mode 100644 index 0000000..0f48138 --- /dev/null +++ b/SOURCES/0001-Add-SourceLicense-tag-to-spec-syntax.patch @@ -0,0 +1,124 @@ +From 1dc9372821487ccace23ff1ae9cba6b30f02c91c Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Tue, 5 Jul 2022 16:34:08 +0200 +Subject: [PATCH] Add SourceLicense tag to spec syntax + +to set a separate license to the source RPM. This can be useful if the +sources have code under additional licenses that do not end up in the +binary packeges. + +Resolves: #2079 + +Note on the backport: The spec document on this branch is ancient and +doesn't even contain the License tag's description so this backport +leaves the documentation part out. + +(backported from commit 9ed9d3fce34bc3c8121989e0cf263528e7e68756) +--- + build/parsePreamble.c | 6 ++++++ + lib/rpmtag.h | 3 +++ + tests/data/SPECS/foo.spec | 1 + + tests/data/SPECS/hello.spec | 1 + + tests/rpmbuild.at | 11 +++++++++++ + tests/rpmspec.at | 1 + + 6 files changed, 23 insertions(+) + +diff --git a/build/parsePreamble.c b/build/parsePreamble.c +index e7d6d8752..bd07ecdf0 100644 +--- a/build/parsePreamble.c ++++ b/build/parsePreamble.c +@@ -831,6 +831,11 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag, + if (addLangTag(spec, pkg->header, tag, field, lang)) + goto exit; + break; ++ case RPMTAG_SOURCELICENSE: ++ if (addLangTag(spec, spec->sourcePackage->header, ++ RPMTAG_LICENSE, field, lang)) ++ goto exit; ++ break; + case RPMTAG_BUILDROOT: + /* just silently ignore BuildRoot */ + break; +@@ -1012,6 +1017,7 @@ static struct PreambleRec_s const preambleList[] = { + {RPMTAG_EPOCH, 0, 0, 1, LEN_AND_STR("epoch")}, + {RPMTAG_SUMMARY, 1, 0, 1, LEN_AND_STR("summary")}, + {RPMTAG_LICENSE, 0, 0, 1, LEN_AND_STR("license")}, ++ {RPMTAG_SOURCELICENSE, 0, 0, 1, LEN_AND_STR("sourcelicense")}, + {RPMTAG_DISTRIBUTION, 0, 0, 1, LEN_AND_STR("distribution")}, + {RPMTAG_DISTURL, 0, 0, 1, LEN_AND_STR("disturl")}, + {RPMTAG_VENDOR, 0, 0, 1, LEN_AND_STR("vendor")}, +diff --git a/lib/rpmtag.h b/lib/rpmtag.h +index 7d1943835..1fd829118 100644 +--- a/lib/rpmtag.h ++++ b/lib/rpmtag.h +@@ -375,6 +375,9 @@ typedef enum rpmTag_e { + RPMTAG_MODULARITYLABEL = 5096, /* s */ + RPMTAG_PAYLOADDIGESTALT = 5097, /* s[] */ + ++ /* Backports */ ++ RPMTAG_SOURCELICENSE = 5102, /* internal */ ++ + RPMTAG_FIRSTFREE_TAG /*!< internal */ + } rpmTag; + +diff --git a/tests/data/SPECS/foo.spec b/tests/data/SPECS/foo.spec +index 859e98142..9b1087094 100644 +--- a/tests/data/SPECS/foo.spec ++++ b/tests/data/SPECS/foo.spec +@@ -8,6 +8,7 @@ Source: hello-2.0.tar.gz + Patch1: hello-1.0-modernize.patch + Group: Testing + License: GPLv2+ ++SourceLicense: GPL, ASL 1.0 + BuildArch: noarch + + %description +diff --git a/tests/data/SPECS/hello.spec b/tests/data/SPECS/hello.spec +index 5bc9cfaf7..4b9053aca 100644 +--- a/tests/data/SPECS/hello.spec ++++ b/tests/data/SPECS/hello.spec +@@ -4,6 +4,7 @@ Version: 1.0 + Release: 1 + Group: Utilities + License: GPL ++SourceLicense: GPL, ASL 1.0 + Distribution: RPM test suite. + Vendor: Red Hat Software + Packager: Red Hat Software +diff --git a/tests/rpmbuild.at b/tests/rpmbuild.at +index bff65303b..7680f1502 100644 +--- a/tests/rpmbuild.at ++++ b/tests/rpmbuild.at +@@ -31,6 +31,17 @@ run rpmbuild \ + [0], + [ignore], + [ignore]) ++ ++AT_CHECK([ ++ ++runroot rpm -qp --qf "%{license}\n" /build/SRPMS/hello-1.0-1.src.rpm ++runroot rpm -qp --qf "%{license}\n" /build/RPMS/*/hello-1.0-1.*.rpm ++], ++[0], ++[GPL, ASL 1.0 ++GPL ++], ++[]) + AT_CLEANUP + + AT_SETUP([rpmbuild -ba autosetup]) +diff --git a/tests/rpmspec.at b/tests/rpmspec.at +index 2b11201db..c898ee654 100644 +--- a/tests/rpmspec.at ++++ b/tests/rpmspec.at +@@ -243,6 +243,7 @@ Source: hello-2.0.tar.gz + Patch1: hello-1.0-modernize.patch + Group: Testing + License: GPLv2+ ++SourceLicense: GPL, ASL 1.0 + BuildArch: noarch + + %description +-- +2.45.2 + diff --git a/SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch b/SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch new file mode 100644 index 0000000..32a72dc --- /dev/null +++ b/SOURCES/0001-Don-t-segfault-on-missing-priority-tag.patch @@ -0,0 +1,39 @@ +From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 20 Aug 2021 15:14:16 +0200 +Subject: [PATCH] Don't segfault on missing priority tag + +Resolves: #1636 +Related: #1638 +--- + lib/rpmtriggers.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c +index fc809a65e..d541974e8 100644 +--- a/lib/rpmtriggers.c ++++ b/lib/rpmtriggers.c +@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense, + if (matchFunc(ts, te, pfx, sense)) { + for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) { + struct rpmtd_s priorities; +- unsigned int priority; ++ unsigned int priority = 0; ++ unsigned int *priority_ptr; + unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i); + unsigned int tix = rpmdbIndexIteratorTagNum(ii, i); + +@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense, + trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset); + headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM); + rpmtdSetIndex(&priorities, tix); +- priority = *rpmtdGetUint32(&priorities); ++ priority_ptr = rpmtdGetUint32(&priorities); ++ if (priority_ptr) ++ priority = *priority_ptr; + headerFree(trigH); + + /* Store file trigger in array */ +-- +2.45.1 + diff --git a/SOURCES/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch b/SOURCES/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch new file mode 100644 index 0000000..3d4557c --- /dev/null +++ b/SOURCES/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.16.1.3/lib/rpmts.c.orig rpm-4.16.1.3/lib/rpmts.c +--- rpm-4.16.1.3/lib/rpmts.c.orig 2024-07-11 13:55:35.430198126 +0200 ++++ rpm-4.16.1.3/lib/rpmts.c 2024-07-11 13:55:59.243061182 +0200 +@@ -482,6 +482,8 @@ static int makePubkeyHeader(rpmts ts, rp + int rc = -1; + int i; + ++ memset(&kd, 0, sizeof(kd)); ++ + if ((enc = rpmPubkeyBase64(key)) == NULL) + goto exit; + if ((dig = rpmPubkeyDig(key)) == NULL) diff --git a/SOURCES/0001-Fix-potential-use-of-uninitialized-pipe-array.patch b/SOURCES/0001-Fix-potential-use-of-uninitialized-pipe-array.patch new file mode 100644 index 0000000..dcabc59 --- /dev/null +++ b/SOURCES/0001-Fix-potential-use-of-uninitialized-pipe-array.patch @@ -0,0 +1,32 @@ +From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Thu, 6 Jun 2024 09:15:02 +0200 +Subject: [PATCH] Fix potential use of uninitialized pipe array + +We only call pipe(2) after the script is written to disk so if the +latter fails, the array will be left uninitialized and subsequently read +after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22604 +--- + lib/rpmscript.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index 281c55c53..1de4acf8e 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + char * fn = NULL; + pid_t pid, reaped; + int status; +- int inpipe[2]; ++ int inpipe[2] = { -1, -1 }; + FILE *in = NULL; + const char *line; + char *mline = NULL; +-- +2.45.2 + diff --git a/SOURCES/0001-Fix-root-relocation-regression.patch b/SOURCES/0001-Fix-root-relocation-regression.patch new file mode 100644 index 0000000..e4ce8b6 --- /dev/null +++ b/SOURCES/0001-Fix-root-relocation-regression.patch @@ -0,0 +1,91 @@ +From bce17e42f2301a88574d757740627480a38d86aa Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 26 Jul 2024 10:44:04 +0200 +Subject: [PATCH] Fix root relocation regression + +When relocating the root directory, make sure we insert the new path's +dirname to dirNames[] even if the root itself is owned by the package. + +This appears to have been the intention from the first version (largely +untouched since) of this code as we allow the root to pass through the +first checks (by setting len to 0 in that case) as well as the second +for loop where we do the relocations. + +This allows fsm to properly create and remove the relocated directory +since we're now using fd-based calls (#1919) and the parent directory +needs to be opened first. + +No need to do string comparison here, the empty basename signals that +we're processing the root directory, so just use that. + +Building a relocatable package that owns the root directory seems to be +a handy way to create user-installable packages (see RHEL-28967) and it +happened to work before with the path-based calls so this technically +was a regression. Add a test that emulates this use case. + +Backported from commits: +31c14ba6610568c2d634647fed1fb57221178da9 +308ac60677732e9979b9ce11e5a3085906da1901 + +Fixes: RHEL-28967 +--- + lib/relocation.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/relocation.c b/lib/relocation.c +index 3ba4cfeab..8c35bc1a7 100644 +--- a/lib/relocation.c ++++ b/lib/relocation.c +@@ -123,7 +123,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + char ** baseNames; + char ** dirNames; + uint32_t * dirIndexes; +- rpm_count_t fileCount, dirCount; ++ rpm_count_t fileCount, dirCount, dirCountOrig; + int nrelocated = 0; + int fileAlloced = 0; + char * fn = NULL; +@@ -162,7 +162,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + baseNames = bnames.data; + dirIndexes = dindexes.data; + fileCount = rpmtdCount(&bnames); +- dirCount = rpmtdCount(&dnames); ++ dirCount = dirCountOrig = rpmtdCount(&dnames); + /* XXX TODO: use rpmtdDup() instead */ + dirNames = dnames.data = duparray(dnames.data, dirCount); + dnames.flags |= RPMTD_PTR_ALLOCED; +@@ -179,8 +179,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + rpmFileTypes ft; + int fnlen; + ++ size_t baselen = strlen(baseNames[i]); + size_t len = maxlen + +- strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1; ++ strlen(dirNames[dirIndexes[i]]) + baselen + 1; + if (len >= fileAlloced) { + fileAlloced = len * 2; + fn = xrealloc(fn, fileAlloced); +@@ -242,8 +243,9 @@ assert(fn != NULL); /* XXX can't happen */ + continue; + } + +- /* Relocation on full paths only, please. */ +- if (fnlen != len) continue; ++ /* Relocation on '/' and full paths only, please. */ ++ if (baselen && fnlen != len) ++ continue; + + rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n", + fn, relocations[j].newPath); +@@ -294,7 +296,7 @@ assert(fn != NULL); /* XXX can't happen */ + } + + /* Finish off by relocating directories. */ +- for (i = dirCount - 1; i >= 0; i--) { ++ for (i = dirCountOrig - 1; i >= 0; i--) { + for (j = numRelocations - 1; j >= 0; j--) { + + if (relocations[j].oldPath == NULL) /* XXX can't happen */ +-- +2.45.2 + diff --git a/SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch b/SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch new file mode 100644 index 0000000..ada500e --- /dev/null +++ b/SOURCES/0001-Skip-to-hashed-subpacket-data-directly.patch @@ -0,0 +1,51 @@ +From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 5 Aug 2024 14:40:57 +0200 +Subject: [PATCH] Skip to hashed subpacket data directly + +Let OpenScanHub grok the bigger picture instead of producing a spurious +overrun warning for v->hashlen when we're dereferencing p later. + +Casting the v pointer back to uint8_t is unnecessary when we could just +use h directly but it's done this way in the if branch for pgp version 3 +in this function as well as in pgpPrtKey() so copy that, just for the +sake of consistency. + +Along the same lines (consistency), change the p pointer to a const +pointer. + +No functional change. + +Resolves: RHEL-22607 +--- + rpmio/rpmpgp.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index d0688ebe9..6f044eb1b 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + pgpDigParams _digp) + { + uint8_t version = 0; +- uint8_t * p; ++ const uint8_t * p; + unsigned int plen; + int rc = 1; + +@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype); + pgpPrtNL(); + +- p = &v->hashlen[0]; + if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) + return 1; +- p += sizeof(v->hashlen); ++ p = ((uint8_t *)v) + sizeof(*v); + + if ((p + plen) > (h + hlen)) + return 1; +-- +2.46.0 + diff --git a/SOURCES/0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch b/SOURCES/0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch new file mode 100644 index 0000000..e198993 --- /dev/null +++ b/SOURCES/0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch @@ -0,0 +1,57 @@ +From d29651be364ef72c7c0f468157602e4ed5cab4ff Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Wed, 12 Jun 2024 15:46:12 +0200 +Subject: [PATCH] Talk about rpmsign in the rpmsign man page + +In the past handling signatures was done by the rpm / rpmbuild binaries +directly. When this functionality was split into rpmsign the man page +was not adjusted accoringly. This is the long overdue update. + +Resolves: # 3125 + +(backported from commit 8e1f55c7004e8c1a7d9140ab2dd9456a7ace3e77) +--- + doc/rpmsign.8 | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/doc/rpmsign.8 b/doc/rpmsign.8 +index f7ceae89b..6c5bcc8ef 100644 +--- a/doc/rpmsign.8 ++++ b/doc/rpmsign.8 +@@ -5,9 +5,9 @@ rpmsign \- RPM Package Signing + .SS "SIGNING PACKAGES:" + .PP + +-\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR ++\fBrpmsign\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR + +-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR ++\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR + + .SS "rpmsign-options" + .PP +@@ -22,10 +22,10 @@ options generate and insert new signatures for each package + existing signatures. There are two options for historical reasons, + there is no difference in behavior currently. + +-To create a signature rpm needs to verify the package's checksum. As a result ++To create a signature rpmsign needs to verify the package's checksum. As a result + packages with a MD5/SHA1 checksums cannot be signed in FIPS mode. + +-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR ++\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR + + .PP + Delete all signatures from each package \fIPACKAGE_FILE\fR given. +@@ -36,7 +36,7 @@ Delete all signatures from each package \fIPACKAGE_FILE\fR given. + \fB--rpmv3\fR + Force RPM V3 header+payload signature addition. + These are expensive and redundant baggage on packages where a separate +-payload digest exists (packages built with rpm >= 4.14). Rpm will ++payload digest exists (packages built with rpm >= 4.14). Rpmsign will + automatically detect the need for V3 signatures, but this option can be + used to force their creation if the packages must be fully + signature verifiable with rpm < 4.14 or other interoperability reasons. +-- +2.45.2 + diff --git a/SOURCES/0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch b/SOURCES/0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch new file mode 100644 index 0000000..f66545b --- /dev/null +++ b/SOURCES/0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch @@ -0,0 +1,32 @@ +From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 24 Jan 2024 12:03:39 +0200 +Subject: [PATCH] Use unsigned integers for buildtime too for Y2K38 safety + +This little patch buys us 68 extra years to move to 64bit time tags +in rpm. That seems achievable. + +Fixes: #1228 +--- + build/build.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/build/build.c b/build/build.c +index e4081c673..0ac8bf6c9 100644 +--- a/build/build.c ++++ b/build/build.c +@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void) + if (srcdate == endptr || *endptr || errno != 0) + rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n")); + else +- buildTime = (int32_t) epoch; ++ buildTime = (uint32_t) epoch; + } else +- buildTime = (int32_t) time(NULL); ++ buildTime = (uint32_t) time(NULL); + + return buildTime; + } +-- +2.45.1 + diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index 2aba89e..67146a4 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 29 +%global rel 34 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -108,6 +108,12 @@ Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch +Patch143: 0001-Don-t-segfault-on-missing-priority-tag.patch +Patch144: 0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch +Patch145: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch +Patch146: 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch +Patch147: 0001-Add-SourceLicense-tag-to-spec-syntax.patch +Patch148: 0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch # These are not yet upstream Patch906: rpm-4.7.1-geode-i686.patch @@ -129,6 +135,8 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Patch1002: 0001-Macroize-find-debuginfo-script-location.patch +Patch1003: 0001-Fix-root-relocation-regression.patch +Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -657,6 +665,28 @@ fi %doc doc/librpm/html/* %changelog +* Tue Aug 13 2024 Michal Domonkos - 4.16.1.3-34 +- Fix discarded const qualifier in previous patch (RHEL-22607) + +* Mon Aug 05 2024 Michal Domonkos - 4.16.1.3-33 +- Fix root relocation regression (RHEL-28967) +- Don't confuse OpenScanHub with false array overrun (RHEL-22607) + +* Fri Jul 12 2024 Michal Domonkos - 4.16.1.3-32 +- Revert incorrect fix for false array overrun (RHEL-22607) + +* Fri Jul 12 2024 Michal Domonkos - 4.16.1.3-31 +- Fix potential use of uninitialized pipe array (RHEL-22604) +- Fix potential use of uninitialized pgp struct (RHEL-22605) +- Don't confuse OpenScanHub with false array overrun (RHEL-22607) +- Add SourceLicense tag to spec syntax (RHEL-28798) +- Talk about rpmsign in the rpmsign(8) man page (RHEL-40895) + +* Mon Jun 03 2024 Michal Domonkos - 4.16.1.3-30 +- Don't segfault on missing priority tag (RHEL-35249) +- Use unsigned integers for buildtime too for Y2K38 safety (RHEL-22602) +- Rebuild against libimaevm.so.4 (RHEL-32505) + * Wed Dec 13 2023 Florian Festi - 4.16.1.3-29 - Actually add --verifydb to the man page (RHEL-14591) - Don't warn about missing user/group on skipped files (RHEL-18037)