import rpm-4.14.3-4.el8
This commit is contained in:
parent
3e041157de
commit
d61db9f381
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/rpm-4.14.2.tar.bz2
|
SOURCES/rpm-4.14.3.tar.bz2
|
||||||
|
@ -1 +1 @@
|
|||||||
1ca664af796ab8d05ea3fccabe2b2e4767a97c74 SOURCES/rpm-4.14.2.tar.bz2
|
3f8c3ef08f93eaeef12008055a43f6872306f8a2 SOURCES/rpm-4.14.3.tar.bz2
|
||||||
|
@ -77,7 +77,7 @@ Adjusted for rpm-4.14.2 in RHEL
|
|||||||
eu-strip --remove-comment $r $g ${keep_remove_args} -f "$1" "$2" || exit
|
eu-strip --remove-comment $r $g ${keep_remove_args} -f "$1" "$2" || exit
|
||||||
chmod 444 "$1" || exit
|
chmod 444 "$1" || exit
|
||||||
}
|
}
|
||||||
@@ -409,8 +426,12 @@
|
@@ -430,8 +430,12 @@
|
||||||
# libraries. Other executable ELF files (like kernel modules) don't need it.
|
# libraries. Other executable ELF files (like kernel modules) don't need it.
|
||||||
if [ "$include_minidebug" = "true" -a "$strip_g" = "false" ]; then
|
if [ "$include_minidebug" = "true" -a "$strip_g" = "false" ]; then
|
||||||
skip_mini=true
|
skip_mini=true
|
||||||
@ -89,5 +89,5 @@ Adjusted for rpm-4.14.2 in RHEL
|
|||||||
case "$(file -bi "$f")" in
|
case "$(file -bi "$f")" in
|
||||||
- application/x-sharedlib*) skip_mini=false ;;
|
- application/x-sharedlib*) skip_mini=false ;;
|
||||||
application/x-executable*) skip_mini=false ;;
|
application/x-executable*) skip_mini=false ;;
|
||||||
|
application/x-pie-executable*) skip_mini=false ;;
|
||||||
esac
|
esac
|
||||||
$skip_mini || add_minidebug "${debugfn}" "$f"
|
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
From cc1965ce3acaa7d9356b7671050a15e2cda2f424 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <cc1965ce3acaa7d9356b7671050a15e2cda2f424.1571917336.git.pmatilai@redhat.com>
|
|
||||||
From: nickclifton <31441682+nickclifton@users.noreply.github.com>
|
|
||||||
Date: Wed, 19 Jun 2019 12:45:09 +0100
|
|
||||||
Subject: [PATCH] Add step to find-debuginfo.sh script to compress annobin
|
|
||||||
notes.
|
|
||||||
|
|
||||||
With the introduction of the annobin gcc plugin to the build process,
|
|
||||||
built binary files have become larger. Sometimes significantly so.
|
|
||||||
This is a patch that adds a new step to the post-link process performed
|
|
||||||
by rpmbuild, to run the objcopy program with the --merge-notes option
|
|
||||||
specified. This will reduce the size of the annobin notes in binary
|
|
||||||
files, thus alleviating the size growth.
|
|
||||||
---
|
|
||||||
scripts/find-debuginfo.sh | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
|
|
||||||
index d75da1108..2e9d76531 100755
|
|
||||||
--- a/scripts/find-debuginfo.sh
|
|
||||||
+++ b/scripts/find-debuginfo.sh
|
|
||||||
@@ -405,6 +405,10 @@ do_file()
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
+ # Compress any annobin notes in the original binary.
|
|
||||||
+ # Ignore any errors, since older objcopy don't support --merge-notes.
|
|
||||||
+ objcopy --merge-notes "$f" 2>/dev/null || true
|
|
||||||
+
|
|
||||||
# A binary already copied into /usr/lib/debug doesn't get stripped,
|
|
||||||
# just has its file names collected and adjusted.
|
|
||||||
case "$dn" in
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,57 +0,0 @@
|
|||||||
From e8fce62467a421132f4ebb6ca9c0926b623ec00e Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <e8fce62467a421132f4ebb6ca9c0926b623ec00e.1574338687.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 27 Nov 2018 13:40:21 +0200
|
|
||||||
Subject: [PATCH 1/2] Consolidate allowed version/release/evr allowed
|
|
||||||
characters to macros
|
|
||||||
|
|
||||||
Maintaining multiple variants of the same thing, that always worked
|
|
||||||
soooooo well... No functional changes here. Unless I truly messed up.
|
|
||||||
---
|
|
||||||
build/parsePreamble.c | 2 +-
|
|
||||||
build/parseReqs.c | 2 +-
|
|
||||||
build/rpmbuild_internal.h | 2 ++
|
|
||||||
3 files changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/build/parsePreamble.c b/build/parsePreamble.c
|
|
||||||
index 2d54abeee..f5e06bac8 100644
|
|
||||||
--- a/build/parsePreamble.c
|
|
||||||
+++ b/build/parsePreamble.c
|
|
||||||
@@ -772,7 +772,7 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag,
|
|
||||||
case RPMTAG_VERSION:
|
|
||||||
case RPMTAG_RELEASE:
|
|
||||||
SINGLE_TOKEN_ONLY;
|
|
||||||
- if (rpmCharCheck(spec, field, "._+%{}~"))
|
|
||||||
+ if (rpmCharCheck(spec, field, WHITELIST_VERREL))
|
|
||||||
goto exit;
|
|
||||||
headerPutString(pkg->header, tag, field);
|
|
||||||
break;
|
|
||||||
diff --git a/build/parseReqs.c b/build/parseReqs.c
|
|
||||||
index 2201eebf1..9b081a5ff 100644
|
|
||||||
--- a/build/parseReqs.c
|
|
||||||
+++ b/build/parseReqs.c
|
|
||||||
@@ -57,7 +57,7 @@ static rpmRC checkDep(rpmSpec spec, char *N, char *EVR, char **emsg)
|
|
||||||
rasprintf(emsg, _("Versioned file name not permitted"));
|
|
||||||
return RPMRC_FAIL;
|
|
||||||
}
|
|
||||||
- if (rpmCharCheck(spec, EVR, ".-_+:%{}~"))
|
|
||||||
+ if (rpmCharCheck(spec, EVR, WHITELIST_EVR))
|
|
||||||
return RPMRC_FAIL;
|
|
||||||
if (checkSep(EVR, '-', emsg) != RPMRC_OK ||
|
|
||||||
checkSep(EVR, ':', emsg) != RPMRC_OK ||
|
|
||||||
diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h
|
|
||||||
index 86cc549a7..f758e6620 100644
|
|
||||||
--- a/build/rpmbuild_internal.h
|
|
||||||
+++ b/build/rpmbuild_internal.h
|
|
||||||
@@ -18,6 +18,8 @@
|
|
||||||
#undef HTDATATYPE
|
|
||||||
|
|
||||||
#define WHITELIST_NAME ".-_+%{}"
|
|
||||||
+#define WHITELIST_VERREL "._+%{}~"
|
|
||||||
+#define WHITELIST_EVR WHITELIST_VERREL "-:"
|
|
||||||
|
|
||||||
struct TriggerFileEntry {
|
|
||||||
int index;
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
From ce11f04ed529cd84de8981b82c1185c0a30dfdcf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pavlina Moravcova Varekova <pmoravco@redhat.com>
|
|
||||||
Date: Thu, 14 Mar 2019 13:23:13 +0100
|
|
||||||
Subject: [PATCH] Correct rpm -ql exit value when optional -p is omitted
|
|
||||||
(RhBug:1680610)
|
|
||||||
|
|
||||||
---
|
|
||||||
lib/query.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/query.c b/lib/query.c
|
|
||||||
index e47189ed0..e5408e211 100644
|
|
||||||
--- a/lib/query.c
|
|
||||||
+++ b/lib/query.c
|
|
||||||
@@ -568,16 +568,18 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv)
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
for (ARGV_const_t arg = argv; arg && *arg; arg++) {
|
|
||||||
+ int ecLocal;
|
|
||||||
rpmdbMatchIterator mi = initQueryIterator(qva, ts, *arg);
|
|
||||||
- ec += rpmcliShowMatches(qva, ts, mi);
|
|
||||||
+ ecLocal = rpmcliShowMatches(qva, ts, mi);
|
|
||||||
if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) {
|
|
||||||
size_t l = strlen(*arg);
|
|
||||||
if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) {
|
|
||||||
rpmgi gi = rpmgiNew(ts, giFlags, argv);
|
|
||||||
- ec += rpmgiShowMatches(qva, ts, gi);
|
|
||||||
+ ecLocal = rpmgiShowMatches(qva, ts, gi);
|
|
||||||
rpmgiFree(gi);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ ec += ecLocal;
|
|
||||||
rpmdbFreeIterator(mi);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
|||||||
From 68d383c39cef8d58b80940b13dd132d3f41a03f0 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 2 Apr 2019 15:22:07 +0300
|
|
||||||
Subject: [PATCH 1/2] Detect kernel modules by .modinfo section presence for
|
|
||||||
build-id generation
|
|
||||||
|
|
||||||
File extension based heuristics only work so far at best, and break
|
|
||||||
completely on compressed files with arbitrary .gz/.xz etc extension.
|
|
||||||
This isn't supposed to change any behavior as such, only provide more
|
|
||||||
reliable detection of kernel modules.
|
|
||||||
---
|
|
||||||
build/files.c | 27 ++++++++++++++++++++++++---
|
|
||||||
1 file changed, 24 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/build/files.c b/build/files.c
|
|
||||||
index dbad9a7f3..3822be3d3 100644
|
|
||||||
--- a/build/files.c
|
|
||||||
+++ b/build/files.c
|
|
||||||
@@ -1739,6 +1739,28 @@ static int addNewIDSymlink(ARGV_t *files,
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int haveModinfo(Elf *elf)
|
|
||||||
+{
|
|
||||||
+ Elf_Scn * scn = NULL;
|
|
||||||
+ size_t shstrndx;
|
|
||||||
+ int have_modinfo = 0;
|
|
||||||
+ const char *sname;
|
|
||||||
+
|
|
||||||
+ if (elf_getshdrstrndx(elf, &shstrndx) == 0) {
|
|
||||||
+ while ((scn = elf_nextscn(elf, scn)) != NULL) {
|
|
||||||
+ GElf_Shdr shdr_mem, *shdr = gelf_getshdr(scn, &shdr_mem);
|
|
||||||
+ if (shdr == NULL)
|
|
||||||
+ continue;
|
|
||||||
+ sname = elf_strptr(elf, shstrndx, shdr->sh_name);
|
|
||||||
+ if (sname && rstreq(sname, ".modinfo")) {
|
|
||||||
+ have_modinfo = 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return have_modinfo;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static int generateBuildIDs(FileList fl, ARGV_t *files)
|
|
||||||
{
|
|
||||||
int rc = 0;
|
|
||||||
@@ -1803,15 +1825,14 @@ static int generateBuildIDs(FileList fl, ARGV_t *files)
|
|
||||||
int fd = open (flp->diskPath, O_RDONLY);
|
|
||||||
if (fd >= 0) {
|
|
||||||
/* Only real ELF files, that are ET_EXEC, ET_DYN or
|
|
||||||
- kernel modules (ET_REL files with names ending in .ko)
|
|
||||||
+ kernel modules (ET_REL files with .modinfo section)
|
|
||||||
should have build-ids. */
|
|
||||||
GElf_Ehdr ehdr;
|
|
||||||
Elf *elf = elf_begin (fd, ELF_C_READ, NULL);
|
|
||||||
if (elf != NULL && elf_kind(elf) == ELF_K_ELF
|
|
||||||
&& gelf_getehdr(elf, &ehdr) != NULL
|
|
||||||
&& (ehdr.e_type == ET_EXEC || ehdr.e_type == ET_DYN
|
|
||||||
- || (ehdr.e_type == ET_REL
|
|
||||||
- && rpmFileHasSuffix (flp->diskPath, ".ko")))) {
|
|
||||||
+ || (ehdr.e_type == ET_REL && haveModinfo(elf)))) {
|
|
||||||
const void *build_id;
|
|
||||||
ssize_t len = dwelf_elf_gnu_build_id (elf, &build_id);
|
|
||||||
/* len == -1 means error. Zero means no
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 788935c9ea9d2f469f24be10a9fa998594046731 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Fri, 7 Sep 2018 11:52:33 +0300
|
|
||||||
Subject: [PATCH] Fix a blindingly obvious memleak in package verify step
|
|
||||||
|
|
||||||
Erm. Introduced in commit 765e2c72ae8be369ada41d4747b8999519a0e327,
|
|
||||||
but how on earth did this go unnoticed... *blush*
|
|
||||||
---
|
|
||||||
lib/transaction.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/lib/transaction.c b/lib/transaction.c
|
|
||||||
index 205c3f388..3969ad3fc 100644
|
|
||||||
--- a/lib/transaction.c
|
|
||||||
+++ b/lib/transaction.c
|
|
||||||
@@ -1261,6 +1261,7 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
|
|
||||||
rpmteAddProblem(p, RPMPROB_VERIFY, NULL, vd.msg, 0);
|
|
||||||
|
|
||||||
vd.msg = _free(vd.msg);
|
|
||||||
+ rpmvsFree(vs);
|
|
||||||
}
|
|
||||||
rpmtsNotify(ts, NULL, RPMCALLBACK_VERIFY_STOP, total, total);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
|||||||
From 531dc8495cd3aabd3f659ecab604106fdbacbe98 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <531dc8495cd3aabd3f659ecab604106fdbacbe98.1554974459.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Wed, 3 Oct 2018 11:51:38 +0300
|
|
||||||
Subject: [PATCH] Fix ancient python GIL locking bug on callback
|
|
||||||
(RhBug:1632488)
|
|
||||||
|
|
||||||
Introduced in commit c7881d801745b4c156a8aa2afc17b95f97481e34 back in 2002,
|
|
||||||
synthesizing a python object for the callback occurs before retaking
|
|
||||||
the GIL lock, which is not allowed. Somehow this has managed to stay
|
|
||||||
latent all these years, and even now requires fairly specific conditions:
|
|
||||||
when the callback gets called without an associated key, such as erasures
|
|
||||||
or file trigger script start/stop events (in the case of RhBug:1632488),
|
|
||||||
when Python 3 is running in PYTHONMALLOC=debug mode,
|
|
||||||
it crashes with "Python memory allocator called without holding the GIL".
|
|
||||||
|
|
||||||
Simply retake the lock before any Python operations take place to fix.
|
|
||||||
---
|
|
||||||
python/rpmts-py.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/rpmts-py.c b/python/rpmts-py.c
|
|
||||||
index e4c5e1250..1ddfc9a1e 100644
|
|
||||||
--- a/python/rpmts-py.c
|
|
||||||
+++ b/python/rpmts-py.c
|
|
||||||
@@ -495,6 +495,8 @@ rpmtsCallback(const void * hd, const rpmCallbackType what,
|
|
||||||
|
|
||||||
if (cbInfo->cb == Py_None) return NULL;
|
|
||||||
|
|
||||||
+ PyEval_RestoreThread(cbInfo->_save);
|
|
||||||
+
|
|
||||||
/* Synthesize a python object for callback (if necessary). */
|
|
||||||
if (pkgObj == NULL) {
|
|
||||||
if (h) {
|
|
||||||
@@ -506,8 +508,6 @@ rpmtsCallback(const void * hd, const rpmCallbackType what,
|
|
||||||
} else
|
|
||||||
Py_INCREF(pkgObj);
|
|
||||||
|
|
||||||
- PyEval_RestoreThread(cbInfo->_save);
|
|
||||||
-
|
|
||||||
args = Py_BuildValue("(iLLOO)", what, amount, total, pkgObj, cbInfo->data);
|
|
||||||
result = PyEval_CallObject(cbInfo->cb, args);
|
|
||||||
Py_DECREF(args);
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From 5188a7b35eb3672c9b15e96433e033ee36f8e6a8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 6 Aug 2019 13:06:16 +0300
|
|
||||||
Subject: [PATCH] Fix memleak during transaction verify step in the NOKEY case.
|
|
||||||
|
|
||||||
Found during RhBug:1714657 QA testing.
|
|
||||||
In addition, add a comment to clarify the fallthrough as intentional.
|
|
||||||
---
|
|
||||||
lib/transaction.c | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/transaction.c b/lib/transaction.c
|
|
||||||
index 6e4d4be65..e51cff25a 100644
|
|
||||||
--- a/lib/transaction.c
|
|
||||||
+++ b/lib/transaction.c
|
|
||||||
@@ -1226,8 +1226,10 @@ static int vfyCb(struct rpmsinfo_s *sinfo, void *cbdata)
|
|
||||||
*/
|
|
||||||
if (!(vd->vfylevel & RPMSIG_SIGNATURE_TYPE))
|
|
||||||
sinfo->rc = RPMRC_OK;
|
|
||||||
+ /* fallthrough */
|
|
||||||
default:
|
|
||||||
- vd->msg = rpmsinfoMsg(sinfo);
|
|
||||||
+ if (sinfo->rc)
|
|
||||||
+ vd->msg = rpmsinfoMsg(sinfo);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return (sinfo->rc == 0);
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From 0d83637769b8a122b1e80f2e960ea1bbae8b4f10 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <0d83637769b8a122b1e80f2e960ea1bbae8b4f10.1540199566.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Mon, 22 Oct 2018 10:52:39 +0300
|
|
||||||
Subject: [PATCH] Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug:
|
|
||||||
1640470)
|
|
||||||
|
|
||||||
Commit 38c2f6e160d5ed3e9c3a266139c7eb2632724c15 causes --setperms and
|
|
||||||
--setugids follow symlinks instead of skipping them.
|
|
||||||
|
|
||||||
In case of --setperms, all encountered symlinks will have their
|
|
||||||
target file/directory permissions set to the 0777 of the link itself
|
|
||||||
(so world writable etc but suid/sgid stripped), temporarily or permanently,
|
|
||||||
depending on whether the symlink occurs before or after it's target in the
|
|
||||||
package file list. When the link occurs before its target, there's a short
|
|
||||||
window where the target is world writable before having it's permissions
|
|
||||||
reset to original, making it particularly bad for suid/sgid binaries.
|
|
||||||
|
|
||||||
--setugids is similarly affected with link targets owner/group changing
|
|
||||||
to that of the symlink.
|
|
||||||
|
|
||||||
Add missing parentheses to the conditions introduced in commit
|
|
||||||
38c2f6e160d5ed3e9c3a266139c7eb2632724c15 to fix.
|
|
||||||
Reported by Karel Srot, patch by Pavlina Moravcova Varekova.
|
|
||||||
---
|
|
||||||
rpmpopt.in | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rpmpopt.in b/rpmpopt.in
|
|
||||||
index 8aaa91f11..42d3416a3 100644
|
|
||||||
--- a/rpmpopt.in
|
|
||||||
+++ b/rpmpopt.in
|
|
||||||
@@ -44,14 +44,14 @@ rpm alias --scripts --qf '\
|
|
||||||
--POPTdesc=$"list install/erase scriptlets from package(s)"
|
|
||||||
|
|
||||||
rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
|
|
||||||
- \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \
|
|
||||||
+ ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
|
|
||||||
chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
|
|
||||||
--pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
|
|
||||||
--POPTdesc=$"set permissions of files in a package"
|
|
||||||
|
|
||||||
rpm alias --setugids -q --qf \
|
|
||||||
'[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \
|
|
||||||
- --pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \
|
|
||||||
+ --pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \
|
|
||||||
(chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \
|
|
||||||
grep '^ch '|grep -v \(none\))|sh" \
|
|
||||||
--POPTdesc=$"set user/group ownership of files in a package"
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
From e219c9548d16a3c18dd261f7043bb8d221b87c77 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Wed, 31 Jul 2019 11:56:26 +0300
|
|
||||||
Subject: [PATCH] Fix off-by-one in hdrblobGet() making last entry unreachable
|
|
||||||
(RhBug:1722921)
|
|
||||||
|
|
||||||
hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
|
|
||||||
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
|
|
||||||
(perhaps the idea was to skip the first, region tag) which causes
|
|
||||||
the last entry to be unreachable. In typical packages, that is
|
|
||||||
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
|
|
||||||
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
|
|
||||||
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
|
|
||||||
unreachable and thus unverifiable. Oops.
|
|
||||||
|
|
||||||
This fixes the regression introduced in rpm 4.14, affecting verification
|
|
||||||
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
|
|
||||||
---
|
|
||||||
lib/header.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/header.c b/lib/header.c
|
|
||||||
index 33623884a..9ec7ed0e4 100644
|
|
||||||
--- a/lib/header.c
|
|
||||||
+++ b/lib/header.c
|
|
||||||
@@ -2015,7 +2015,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td)
|
|
||||||
memset(&einfo, 0, sizeof(einfo));
|
|
||||||
rpmtdReset(td);
|
|
||||||
|
|
||||||
- for (int i = 1; i < blob->il; i++, pe++) {
|
|
||||||
+ for (int i = 0; i < blob->il; i++, pe++) {
|
|
||||||
if (pe->tag != ntag)
|
|
||||||
continue;
|
|
||||||
ei2h(pe, &einfo);
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,39 +0,0 @@
|
|||||||
From a144c29831a39ed303d6ea8d2ae91e1c36d64c84 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <a144c29831a39ed303d6ea8d2ae91e1c36d64c84.1559799452.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Wed, 15 May 2019 13:51:19 +0300
|
|
||||||
Subject: [PATCH] Fix packages getting erased on failed update with dnf
|
|
||||||
(RhBug:1620275)
|
|
||||||
|
|
||||||
When adding update elements, we set the erase element to depend on the
|
|
||||||
install element, but if an API user adds the same erasure manually
|
|
||||||
after adding the update, we know its a duplicate erasure and filter
|
|
||||||
it out, BUT we zero out the dependent element in the process. And
|
|
||||||
if installing the update now fails, we end up removing the whole package
|
|
||||||
due to that missing dependent element.
|
|
||||||
|
|
||||||
This never happens with rpm itself so we can't easily test it, but is
|
|
||||||
100% reproducable with dnf (at least dnf 3-4). Apparently it adds all
|
|
||||||
erasures by itself (which is kind of understandable I guess, perhaps
|
|
||||||
we should better allow this in the API)
|
|
||||||
---
|
|
||||||
lib/depends.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/depends.c b/lib/depends.c
|
|
||||||
index 6e9866eae..f8a6084ab 100644
|
|
||||||
--- a/lib/depends.c
|
|
||||||
+++ b/lib/depends.c
|
|
||||||
@@ -121,7 +121,8 @@ static int removePackage(rpmts ts, Header h, rpmte depends)
|
|
||||||
|
|
||||||
/* Filter out duplicate erasures. */
|
|
||||||
if (packageHashGetEntry(tsmem->removedPackages, dboffset, &pp, NULL, NULL)) {
|
|
||||||
- rpmteSetDependsOn(pp[0], depends);
|
|
||||||
+ if (depends)
|
|
||||||
+ rpmteSetDependsOn(pp[0], depends);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 475af64f64cbc210c87588d425fa9a14cd9760b6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Wed, 29 May 2019 11:38:53 +0300
|
|
||||||
Subject: [PATCH] Fix rpmfiles memory leak on %postuntrans file trigger
|
|
||||||
preparation
|
|
||||||
|
|
||||||
---
|
|
||||||
lib/rpmtriggers.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
|
|
||||||
index cb2441c5a..b7c76e7fc 100644
|
|
||||||
--- a/lib/rpmtriggers.c
|
|
||||||
+++ b/lib/rpmtriggers.c
|
|
||||||
@@ -154,6 +154,7 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
rpmdbFreeIterator(mi);
|
|
||||||
+ rpmfilesFree(files);
|
|
||||||
}
|
|
||||||
|
|
||||||
int runPostUnTransFileTrigs(rpmts ts)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,60 +0,0 @@
|
|||||||
From 050b392f8c11d111379e0d2bac52762beb97b3ae Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <050b392f8c11d111379e0d2bac52762beb97b3ae.1559645935.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 2 Apr 2019 12:57:11 +0300
|
|
||||||
Subject: [PATCH] Fix segfault on fingerprinting symlink round (RhBug:1660232)
|
|
||||||
|
|
||||||
Both yum and dnf perform a test-transaction before the real thing,
|
|
||||||
and both neglet to check for an error code from the test-transaction
|
|
||||||
when there are no problem objects to return. Which can happen in
|
|
||||||
some special cases, such a using different vsflags between initial
|
|
||||||
package read and transaction (which is what both yum and dnf do),
|
|
||||||
which can cause the in-transaction package open fail on corrupt packages.
|
|
||||||
And when this failed transaction is fed back to rpmtsRun(), it
|
|
||||||
segfaults in fingerprinting as the second loop of symlink checking
|
|
||||||
doesn't check for NULL's element files like the first loop does.
|
|
||||||
|
|
||||||
Add the missing NULL check and remove bogus "can't happen" comment to fix.
|
|
||||||
|
|
||||||
FWIW, the scenario with different vsflags and corrupted packages doesn't
|
|
||||||
happen by default in rpm >= 4.14.2, the corrupt package gets caught
|
|
||||||
in the verify stage which does create problem objects and thus both
|
|
||||||
yum and dnf abort as they should.
|
|
||||||
---
|
|
||||||
lib/fprint.c | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/fprint.c b/lib/fprint.c
|
|
||||||
index b810e4d2b..ab1891961 100644
|
|
||||||
--- a/lib/fprint.c
|
|
||||||
+++ b/lib/fprint.c
|
|
||||||
@@ -488,7 +488,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount)
|
|
||||||
(void) rpmsqPoll();
|
|
||||||
|
|
||||||
if ((fi = rpmteFiles(p)) == NULL)
|
|
||||||
- continue; /* XXX can't happen */
|
|
||||||
+ continue;
|
|
||||||
|
|
||||||
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0);
|
|
||||||
rpmfilesFpLookup(fi, fpc);
|
|
||||||
@@ -522,6 +522,9 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount)
|
|
||||||
while ((p = rpmtsiNext(pi, 0)) != NULL) {
|
|
||||||
(void) rpmsqPoll();
|
|
||||||
|
|
||||||
+ if ((fi = rpmteFiles(p)) == NULL)
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
fs = rpmteGetFileStates(p);
|
|
||||||
fc = rpmfsFC(fs);
|
|
||||||
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0);
|
|
||||||
@@ -531,6 +534,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount)
|
|
||||||
fpLookupSubdir(symlinks, fpc, p, i);
|
|
||||||
}
|
|
||||||
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0);
|
|
||||||
+ rpmfilesFree(fi);
|
|
||||||
}
|
|
||||||
rpmtsiFree(pi);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 66e0c929b203d684a4f58135f42435fcc29cdd51 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <66e0c929b203d684a4f58135f42435fcc29cdd51.1554982695.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Wed, 10 Oct 2018 12:00:19 +0300
|
|
||||||
Subject: [PATCH] Fix testing for wrong variable in selinux plugin debug log
|
|
||||||
|
|
||||||
The strerror() case couldn't be reached as we were testing for the
|
|
||||||
wrong rc, spotted by covscan.
|
|
||||||
---
|
|
||||||
plugins/selinux.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/plugins/selinux.c b/plugins/selinux.c
|
|
||||||
index 3c9d9e4ab..accd47416 100644
|
|
||||||
--- a/plugins/selinux.c
|
|
||||||
+++ b/plugins/selinux.c
|
|
||||||
@@ -169,7 +169,7 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
|
||||||
|
|
||||||
if (rpmIsDebug()) {
|
|
||||||
rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
|
|
||||||
- path, scon, (rc < 0 ? strerror(errno) : ""));
|
|
||||||
+ path, scon, (conrc < 0 ? strerror(errno) : ""));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 74766d30b95f1575df8a42d185f2643caa235a8b Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <74766d30b95f1575df8a42d185f2643caa235a8b.1543835412.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Fri, 23 Nov 2018 12:47:27 +0200
|
|
||||||
Subject: [PATCH] Handle unsupported digests the same as disabled ones
|
|
||||||
(RhBug:1652529)
|
|
||||||
|
|
||||||
A digest type unsupported by the underlying crypto library (whether
|
|
||||||
technically or by configuration) does not mean the digest is invalid,
|
|
||||||
it just cannot be used. Which for the purposes of verification is the
|
|
||||||
same as if that digest didn't exist at all, and that's exactly how we
|
|
||||||
handle digests and signatures disabled by configuration.
|
|
||||||
|
|
||||||
One particular case is FIPS mode which globally disables the use of MD5,
|
|
||||||
which we mishandled prior to this by showing it as OK in verification
|
|
||||||
despite actually not verifying it at all.
|
|
||||||
|
|
||||||
The exact place for handling this case is a bit subtle: the "obvious"
|
|
||||||
place for checking for supported type is in rpmvsInitRange() but this
|
|
||||||
doesn't work because of rpmDigestBundleAddID() return code semantics.
|
|
||||||
The other "obvious" place would be rpmvsVerify(), but by that point
|
|
||||||
we have even more funny cases to consider. So for now, it's actually
|
|
||||||
easiest to check for this in rpmvsFiniRange() even if it's not the
|
|
||||||
most obvious place for doing so. Might want to change the
|
|
||||||
rpmDigestBundleAddID() semantics later, but this makes for a nicer
|
|
||||||
backport (we'll need this in 4.14.x too).
|
|
||||||
---
|
|
||||||
lib/rpmvs.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
|
|
||||||
index 7b5b86f8e..622e48011 100644
|
|
||||||
--- a/lib/rpmvs.c
|
|
||||||
+++ b/lib/rpmvs.c
|
|
||||||
@@ -388,6 +388,9 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range)
|
|
||||||
|
|
||||||
if (sinfo->range == range && sinfo->rc == RPMRC_OK) {
|
|
||||||
sinfo->ctx = rpmDigestBundleDupCtx(sis->bundle, sinfo->id);
|
|
||||||
+ /* Handle unsupported digests the same as disabled ones */
|
|
||||||
+ if (sinfo->ctx == NULL)
|
|
||||||
+ sinfo->rc = RPMRC_NOTFOUND;
|
|
||||||
rpmDigestBundleFinal(sis->bundle, sinfo->id, NULL, NULL, 0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.19.2
|
|
||||||
|
|
@ -28,31 +28,26 @@ index eaf817cc2..21ca216a8 100644
|
|||||||
EXTRA_DIST += atlocal.in
|
EXTRA_DIST += atlocal.in
|
||||||
diff --git a/tests/atlocal.in b/tests/atlocal.in
|
diff --git a/tests/atlocal.in b/tests/atlocal.in
|
||||||
index d7d837f45..3b1474b56 100644
|
index d7d837f45..3b1474b56 100644
|
||||||
--- a/tests/atlocal.in
|
--- rpm-4.14.3/tests/atlocal.in.orig 2020-04-28 14:19:26.866602968 +0200
|
||||||
+++ b/tests/atlocal.in
|
+++ rpm-4.14.3/tests/atlocal.in 2020-04-28 14:21:07.977910054 +0200
|
||||||
@@ -3,7 +3,8 @@ export LD_LIBRARY_PATH
|
@@ -3,7 +3,8 @@
|
||||||
PATH="${abs_builddir}/testing@rpmbindir@:${abs_builddir}/testing@usrbindir@:$PATH"
|
PATH="${abs_builddir}/testing@rpmbindir@:${abs_builddir}/testing@usrbindir@:$PATH"
|
||||||
export PATH
|
export PATH
|
||||||
|
|
||||||
-PYLIBDIR=`python -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))"`
|
-PYLIBDIR=`python2 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))"`
|
||||||
+PYTHON=@PYTHON@
|
+PYTHON=@PYTHON@
|
||||||
+PYLIBDIR=$(${PYTHON} -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))")
|
+PYLIBDIR=$(${PYTHON} -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))")
|
||||||
PYTHONPATH="${abs_builddir}/testing${PYLIBDIR}"
|
PYTHONPATH="${abs_builddir}/testing${PYLIBDIR}"
|
||||||
export PYTHONPATH
|
export PYTHONPATH
|
||||||
|
|
||||||
diff --git a/tests/local.at b/tests/local.at
|
--- rpm-4.14.3/tests/local.at.orig 2020-04-28 14:28:33.106664317 +0200
|
||||||
index 48c5d3f96..4952b9d61 100644
|
+++ rpm-4.14.3/tests/local.at 2020-04-28 14:29:02.064038653 +0200
|
||||||
--- a/tests/local.at
|
@@ -18,7 +18,7 @@
|
||||||
+++ b/tests/local.at
|
|
||||||
@@ -17,7 +17,7 @@ def myprint(msg = ''):
|
|
||||||
sys.stdout.write('%s\n' % msg)
|
sys.stdout.write('%s\n' % msg)
|
||||||
$1
|
$1
|
||||||
EOF
|
EOF
|
||||||
-python test.py
|
-python2 test.py
|
||||||
+${PYTHON} test.py
|
+${PYTHON} test.py test.py
|
||||||
]])
|
]])
|
||||||
|
|
||||||
m4_define([RPMPY_CHECK],[
|
m4_define([RPMPY_CHECK],[
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
||||||
|
@ -1,86 +0,0 @@
|
|||||||
From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Thu, 14 Feb 2019 13:12:49 +0200
|
|
||||||
Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux
|
|
||||||
plugin, doh.
|
|
||||||
|
|
||||||
When there's an actual error, people will want to know without having
|
|
||||||
to rerun in verbose mode. Such as in RhBug:1641631 where configured
|
|
||||||
selinux policy differs from what is installed - the former message
|
|
||||||
|
|
||||||
error: Plugin selinux: hook tsm_pre failed
|
|
||||||
|
|
||||||
...is not particularly helpful to anybody, whereas this actually provides
|
|
||||||
some clues now:
|
|
||||||
|
|
||||||
error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory
|
|
||||||
error: Plugin selinux: hook tsm_pre failed
|
|
||||||
---
|
|
||||||
plugins/selinux.c | 19 +++++++++----------
|
|
||||||
1 file changed, 9 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/plugins/selinux.c b/plugins/selinux.c
|
|
||||||
index accd47416..f1caf257c 100644
|
|
||||||
--- a/plugins/selinux.c
|
|
||||||
+++ b/plugins/selinux.c
|
|
||||||
@@ -12,6 +12,11 @@
|
|
||||||
|
|
||||||
static struct selabel_handle * sehandle = NULL;
|
|
||||||
|
|
||||||
+static inline rpmlogLvl loglvl(int iserror)
|
|
||||||
+{
|
|
||||||
+ return iserror ? RPMLOG_ERR : RPMLOG_DEBUG;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void sehandle_fini(int close_status)
|
|
||||||
{
|
|
||||||
if (sehandle) {
|
|
||||||
@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status)
|
|
||||||
|
|
||||||
sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
|
|
||||||
|
|
||||||
- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
|
|
||||||
+ rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
|
|
||||||
path, (sehandle == NULL ? strerror(errno) : ""));
|
|
||||||
|
|
||||||
return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
|
|
||||||
@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin,
|
|
||||||
if ((xx = setexeccon(newcon)) == 0)
|
|
||||||
rc = RPMRC_OK;
|
|
||||||
|
|
||||||
- if (rpmIsDebug()) {
|
|
||||||
- rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n",
|
|
||||||
+ rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n",
|
|
||||||
path, newcon, (xx < 0 ? strerror(errno) : ""));
|
|
||||||
- }
|
|
||||||
|
|
||||||
exit:
|
|
||||||
context_free(con);
|
|
||||||
@@ -143,10 +146,8 @@ exit:
|
|
||||||
if ((xx = setexecfilecon(path, "rpm_script_t") == 0))
|
|
||||||
rc = RPMRC_OK;
|
|
||||||
|
|
||||||
- if (rpmIsDebug()) {
|
|
||||||
- rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n",
|
|
||||||
+ rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n",
|
|
||||||
path, (xx < 0 ? strerror(errno) : ""));
|
|
||||||
- }
|
|
||||||
#endif
|
|
||||||
/* If selinux is not enforcing, we don't care either */
|
|
||||||
if (rc && security_getenforce() < 1)
|
|
||||||
@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
|
||||||
if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
|
|
||||||
int conrc = lsetfilecon(path, scon);
|
|
||||||
|
|
||||||
- if (rpmIsDebug()) {
|
|
||||||
- rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n",
|
|
||||||
+ rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n",
|
|
||||||
path, scon, (conrc < 0 ? strerror(errno) : ""));
|
|
||||||
- }
|
|
||||||
|
|
||||||
if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
|
|
||||||
rc = RPMRC_OK;
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 2ec0832287bd1443ebf336f8a98293f30bfa2036 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Mon, 18 Mar 2019 15:24:54 +0200
|
|
||||||
Subject: [PATCH 1/3] Make rpmsign exit values more consistent with our other
|
|
||||||
tools
|
|
||||||
|
|
||||||
rpmPkgSign*() return -1 for failure, which is not that helpful when
|
|
||||||
returned to shell and the way it was counted could easily wrap around
|
|
||||||
when signing multiple packages. Return number of failures similarly to
|
|
||||||
how rpm -q and frieds does, avoid overflows and xargs special value 255.
|
|
||||||
---
|
|
||||||
rpmsign.c | 8 +++++---
|
|
||||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rpmsign.c b/rpmsign.c
|
|
||||||
index ae86f666d..1a5cd59c2 100644
|
|
||||||
--- a/rpmsign.c
|
|
||||||
+++ b/rpmsign.c
|
|
||||||
@@ -134,7 +134,8 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
|
|
||||||
const char *arg;
|
|
||||||
rc = 0;
|
|
||||||
while ((arg = poptGetArg(optCon)) != NULL) {
|
|
||||||
- rc += rpmPkgSign(arg, sargs);
|
|
||||||
+ if (rpmPkgSign(arg, sargs) < 0)
|
|
||||||
+ rc++;
|
|
||||||
}
|
|
||||||
|
|
||||||
exit:
|
|
||||||
@@ -175,7 +176,8 @@ int main(int argc, char *argv[])
|
|
||||||
case MODE_DELSIGN:
|
|
||||||
ec = 0;
|
|
||||||
while ((arg = poptGetArg(optCon)) != NULL) {
|
|
||||||
- ec += rpmPkgDelSign(arg, &sargs);
|
|
||||||
+ if (rpmPkgDelSign(arg, &sargs) < 0)
|
|
||||||
+ ec++;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case MODE_NONE:
|
|
||||||
@@ -188,5 +190,5 @@ int main(int argc, char *argv[])
|
|
||||||
|
|
||||||
exit:
|
|
||||||
rpmcliFini(optCon);
|
|
||||||
- return ec;
|
|
||||||
+ return RETVAL(ec);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -61,20 +61,16 @@ index 622e48011..0d475af86 100644
|
|||||||
static int sinfoCmp(const void *a, const void *b)
|
static int sinfoCmp(const void *a, const void *b)
|
||||||
{
|
{
|
||||||
const struct rpmsinfo_s *sa = a;
|
const struct rpmsinfo_s *sa = a;
|
||||||
diff --git a/lib/rpmvs.h b/lib/rpmvs.h
|
--- rpm-4.14.3/lib/rpmvs.h.orig 2020-04-28 10:57:19.727347211 +0200
|
||||||
index b27d9a612..a836d5c94 100644
|
+++ rpm-4.14.3/lib/rpmvs.h 2020-04-28 10:57:43.622612015 +0200
|
||||||
--- a/lib/rpmvs.h
|
@@ -66,6 +66,8 @@
|
||||||
+++ b/lib/rpmvs.h
|
|
||||||
@@ -75,6 +75,9 @@ void rpmvsInitRange(struct rpmvs_s *sis, int range);
|
|
||||||
RPM_GNUC_INTERNAL
|
|
||||||
void rpmvsFiniRange(struct rpmvs_s *sis, int range);
|
void rpmvsFiniRange(struct rpmvs_s *sis, int range);
|
||||||
|
|
||||||
+RPM_GNUC_INTERNAL
|
+int rpmvsRange(struct rpmvs_s *vs);
|
||||||
+int rpmvsRange(struct rpmvs_s *vs);
|
|
||||||
+
|
+
|
||||||
RPM_GNUC_INTERNAL
|
|
||||||
int rpmvsVerify(struct rpmvs_s *sis, int type,
|
int rpmvsVerify(struct rpmvs_s *sis, int type,
|
||||||
rpmsinfoCb cb, void *cbdata);
|
rpmsinfoCb cb, void *cbdata);
|
||||||
|
|
||||||
--
|
--
|
||||||
2.20.1
|
2.20.1
|
||||||
|
|
||||||
|
@ -1,49 +0,0 @@
|
|||||||
From b4178c979fff344a1c5142a305f274dd9aff8f45 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Markus Linnala <markus.linnala@gmail.com>
|
|
||||||
Date: Sun, 28 Oct 2018 14:59:52 +0200
|
|
||||||
Subject: [PATCH] Remove capabilities instead of setting empty caps via.
|
|
||||||
--setcaps
|
|
||||||
|
|
||||||
If a file in a package does not have any capabilities rpm --setcaps should
|
|
||||||
remove capabilities of the file. Prior to this patch capabilities of the file
|
|
||||||
were set as empty.
|
|
||||||
|
|
||||||
Empty capabilities mean more than no capabilities. A file with no capabilities
|
|
||||||
can inherit capabilities, but file with empty capabilities can not.
|
|
||||||
|
|
||||||
When ever package does not have any capabilities set %|FILECAPS? is false.
|
|
||||||
If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is ''
|
|
||||||
when the file does not have capabilities and '= <capstring>' when there is some.
|
|
||||||
|
|
||||||
Reported and patch created by Markus Linnala
|
|
||||||
Commit message edited by Pavlina Moravcova Varekova and Florian Festi.
|
|
||||||
|
|
||||||
Fixes #585
|
|
||||||
Fixes #586
|
|
||||||
---
|
|
||||||
rpmpopt.in | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rpmpopt.in b/rpmpopt.in
|
|
||||||
index 42d3416a3..557050a24 100644
|
|
||||||
--- a/rpmpopt.in
|
|
||||||
+++ b/rpmpopt.in
|
|
||||||
@@ -57,8 +57,13 @@ rpm alias --setugids -q --qf \
|
|
||||||
--POPTdesc=$"set user/group ownership of files in a package"
|
|
||||||
|
|
||||||
rpm alias --setcaps -q --qf \
|
|
||||||
- "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \
|
|
||||||
- && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \
|
|
||||||
+ "[if \[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \]; then\n\
|
|
||||||
+%|FILECAPS?{ if \[ -n %{FILECAPS:shescape} \]; then\n\
|
|
||||||
+ setcap %{FILECAPS:shescape} %{FILENAMES:shescape}\n\
|
|
||||||
+ el}:{ }|if \[ -n \"\$(getcap %{FILENAMES:shescape})\" \]; then\n\
|
|
||||||
+ setcap -r %{FILENAMES:shescape}\n\
|
|
||||||
+ fi\n\
|
|
||||||
+fi\n]" \
|
|
||||||
--pipe "sh" \
|
|
||||||
--POPTdesc=$"set capabilities of files in a package"
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,57 +0,0 @@
|
|||||||
From 8dd8e37acc79da1ce0a36c3f86650defa474a6a9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pavlina Moravcova Varekova <pmoravco@redhat.com>
|
|
||||||
Date: Thu, 14 Mar 2019 13:56:26 +0100
|
|
||||||
Subject: [PATCH] Show list of files only once when use rpm -ql and multiple
|
|
||||||
rpm files
|
|
||||||
|
|
||||||
---
|
|
||||||
lib/query.c | 3 ++-
|
|
||||||
tests/rpmquery.at | 18 ++++++++++++++++++
|
|
||||||
2 files changed, 20 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/query.c b/lib/query.c
|
|
||||||
index e5408e211..7568f67aa 100644
|
|
||||||
--- a/lib/query.c
|
|
||||||
+++ b/lib/query.c
|
|
||||||
@@ -574,7 +574,8 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv)
|
|
||||||
if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) {
|
|
||||||
size_t l = strlen(*arg);
|
|
||||||
if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) {
|
|
||||||
- rpmgi gi = rpmgiNew(ts, giFlags, argv);
|
|
||||||
+ char * const argFirst[2] = { arg[0], NULL };
|
|
||||||
+ rpmgi gi = rpmgiNew(ts, giFlags, argFirst);
|
|
||||||
ecLocal = rpmgiShowMatches(qva, ts, gi);
|
|
||||||
rpmgiFree(gi);
|
|
||||||
}
|
|
||||||
diff --git a/tests/rpmquery.at b/tests/rpmquery.at
|
|
||||||
index ab7bb3c46..0dc6d78b6 100644
|
|
||||||
--- a/tests/rpmquery.at
|
|
||||||
+++ b/tests/rpmquery.at
|
|
||||||
@@ -61,6 +61,24 @@ hello.spec
|
|
||||||
[ignore])
|
|
||||||
AT_CLEANUP
|
|
||||||
|
|
||||||
+# ------------------------------
|
|
||||||
+AT_SETUP([rpm -ql multiple *.rpm])
|
|
||||||
+AT_KEYWORDS([query])
|
|
||||||
+AT_CHECK([
|
|
||||||
+runroot rpm \
|
|
||||||
+ -ql \
|
|
||||||
+ /data/SRPMS/hello-1.0-1.src.rpm /data/RPMS/hello-1.0-1.i386.rpm
|
|
||||||
+],
|
|
||||||
+[0],
|
|
||||||
+[hello-1.0.tar.gz
|
|
||||||
+hello.spec
|
|
||||||
+/usr/local/bin/hello
|
|
||||||
+/usr/share/doc/hello-1.0
|
|
||||||
+/usr/share/doc/hello-1.0/FAQ
|
|
||||||
+],
|
|
||||||
+[ignore])
|
|
||||||
+AT_CLEANUP
|
|
||||||
+
|
|
||||||
# ------------------------------
|
|
||||||
AT_SETUP([rpmspec -q])
|
|
||||||
AT_KEYWORDS([query])
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
From 35b09eed946a7e2f2f327531b692c9f768bf9e3b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pavlina Moravcova Varekova <pmoravco@redhat.com>
|
|
||||||
Date: Sun, 7 Apr 2019 07:23:47 +0200
|
|
||||||
Subject: [PATCH] Sort list of hard linked files in find-debuginfo.sh
|
|
||||||
(RhBug:1421272)
|
|
||||||
|
|
||||||
It helps to make build results reproducible. Based on Mark Wielaard's idea.
|
|
||||||
---
|
|
||||||
scripts/find-debuginfo.sh | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
|
|
||||||
index c75d176ac..23286139e 100755
|
|
||||||
--- a/scripts/find-debuginfo.sh
|
|
||||||
+++ b/scripts/find-debuginfo.sh
|
|
||||||
@@ -350,7 +350,7 @@ trap 'rm -rf "$temp"' EXIT
|
|
||||||
touch "$temp/primary"
|
|
||||||
find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
|
|
||||||
\( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
|
|
||||||
- -print |
|
|
||||||
+ -print | LC_ALL=C sort |
|
|
||||||
file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' |
|
|
||||||
xargs --no-run-if-empty stat -c '%h %D_%i %n' |
|
|
||||||
while read nlinks inum f; do
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From d313baf1d3a4756447e398ee55f8c6760f942d50 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pavlina Moravcova Varekova <pmoravco@redhat.com>
|
|
||||||
Date: Wed, 24 Apr 2019 10:29:14 +0200
|
|
||||||
Subject: [PATCH] Use --dpbath only with full path (RhBug:1696408)
|
|
||||||
|
|
||||||
Before the patch rpm treats the relative path as a full path.
|
|
||||||
The new behavior is similar to the "--root" option.
|
|
||||||
---
|
|
||||||
lib/poptALL.c | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/poptALL.c b/lib/poptALL.c
|
|
||||||
index 9983c1e62..69fd49846 100644
|
|
||||||
--- a/lib/poptALL.c
|
|
||||||
+++ b/lib/poptALL.c
|
|
||||||
@@ -147,6 +147,10 @@ static void rpmcliAllArgCallback( poptContext con,
|
|
||||||
break;
|
|
||||||
case POPT_DBPATH:
|
|
||||||
rpmcliConfigured();
|
|
||||||
+ if (arg && arg[0] != '/') {
|
|
||||||
+ fprintf(stderr, _("arguments to --dbpath must begin with '/'\n"));
|
|
||||||
+ exit(EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
rpmPushMacro(NULL, "_dbpath", NULL, arg, RMIL_CMDLINE);
|
|
||||||
break;
|
|
||||||
case POPT_SHOWVERSION:
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From 655c4c72a3467037abd51aab29f0300e97caf54c Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <655c4c72a3467037abd51aab29f0300e97caf54c.1571919390.git.pmatilai@redhat.com>
|
|
||||||
From: Stepan Broz <sbroz@redhat.com>
|
|
||||||
Date: Thu, 25 Jul 2019 11:00:47 +0200
|
|
||||||
Subject: [PATCH] rpmpgp: Handle EOF without EOL better at END PGP
|
|
||||||
|
|
||||||
---
|
|
||||||
rpmio/rpmpgp.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
|
|
||||||
index 061751a4d..46cd0f31a 100644
|
|
||||||
--- a/rpmio/rpmpgp.c
|
|
||||||
+++ b/rpmio/rpmpgp.c
|
|
||||||
@@ -1289,9 +1289,10 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
t += (sizeof("-----")-1);
|
|
||||||
- if (t >= te) continue;
|
|
||||||
+ /* Handle EOF without EOL here, *t == '\0' at EOF */
|
|
||||||
+ if (*t && (t >= te)) continue;
|
|
||||||
/* XXX permitting \r here is not RFC-2440 compliant <shrug> */
|
|
||||||
- if (!(*t == '\n' || *t == '\r')) continue;
|
|
||||||
+ if (!(*t == '\n' || *t == '\r' || *t == '\0')) continue;
|
|
||||||
|
|
||||||
crcdec = NULL;
|
|
||||||
crclen = 0;
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From be3347b5bff6142e86e533174fe0ec352405d159 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Florian Festi <ffesti@redhat.com>
|
|
||||||
Date: Thu, 18 Jul 2019 07:45:53 +0200
|
|
||||||
Subject: [PATCH] rpmsign man page: Add line about rpmsign requiring a valid
|
|
||||||
checksum
|
|
||||||
|
|
||||||
and the limitations in FIPS mode
|
|
||||||
---
|
|
||||||
doc/rpmsign.8 | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
|
|
||||||
index 80ffb6a32..d895a3b8c 100644
|
|
||||||
--- a/doc/rpmsign.8
|
|
||||||
+++ b/doc/rpmsign.8
|
|
||||||
@@ -21,6 +21,9 @@ options generate and insert new signatures for each package
|
|
||||||
existing signatures. There are two options for historical reasons,
|
|
||||||
there is no difference in behavior currently.
|
|
||||||
|
|
||||||
+To create a signature rpm needs to verify the package's checksum. As a result
|
|
||||||
+packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
|
|
||||||
+
|
|
||||||
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
||||||
|
|
||||||
.PP
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 15b296c324794d288750136b3b4f3350c3d0b8c7 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <15b296c324794d288750136b3b4f3350c3d0b8c7.1574338687.git.pmatilai@redhat.com>
|
|
||||||
In-Reply-To: <e8fce62467a421132f4ebb6ca9c0926b623ec00e.1574338687.git.pmatilai@redhat.com>
|
|
||||||
References: <e8fce62467a421132f4ebb6ca9c0926b623ec00e.1574338687.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 27 Nov 2018 13:50:14 +0200
|
|
||||||
Subject: [PATCH 2/2] Actually permit caret in version, release and evr strings
|
|
||||||
|
|
||||||
Should've been in commit c7e711bba58374f03347c795a567441cbef3de58 really.
|
|
||||||
---
|
|
||||||
build/rpmbuild_internal.h | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h
|
|
||||||
index f758e6620..948632a16 100644
|
|
||||||
--- a/build/rpmbuild_internal.h
|
|
||||||
+++ b/build/rpmbuild_internal.h
|
|
||||||
@@ -18,7 +18,7 @@
|
|
||||||
#undef HTDATATYPE
|
|
||||||
|
|
||||||
#define WHITELIST_NAME ".-_+%{}"
|
|
||||||
-#define WHITELIST_VERREL "._+%{}~"
|
|
||||||
+#define WHITELIST_VERREL "._+%{}~^"
|
|
||||||
#define WHITELIST_EVR WHITELIST_VERREL "-:"
|
|
||||||
|
|
||||||
struct TriggerFileEntry {
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,64 +0,0 @@
|
|||||||
From 3fd79a5564df97d512be283c5c8a4da2e7ef8bce Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <3fd79a5564df97d512be283c5c8a4da2e7ef8bce.1554983206.git.pmatilai@redhat.com>
|
|
||||||
In-Reply-To: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com>
|
|
||||||
References: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Mon, 18 Mar 2019 15:29:18 +0200
|
|
||||||
Subject: [PATCH 2/3] Drop internal-only visibility on rpmvs-related API
|
|
||||||
|
|
||||||
Makes it possible to use rpmvs API from eg librpmsign which we'll
|
|
||||||
need in the next commit. We need to make select parts of this
|
|
||||||
actually public eventually but for now...
|
|
||||||
---
|
|
||||||
lib/rpmvs.h | 12 ------------
|
|
||||||
1 file changed, 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/rpmvs.h b/lib/rpmvs.h
|
|
||||||
index a836d5c94..025895500 100644
|
|
||||||
--- a/lib/rpmvs.h
|
|
||||||
+++ b/lib/rpmvs.h
|
|
||||||
@@ -48,41 +48,29 @@ typedef int (*rpmsinfoCb)(struct rpmsinfo_s *sinfo, void *cbdata);
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
const char *rpmsinfoDescr(struct rpmsinfo_s *sinfo);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
char *rpmsinfoMsg(struct rpmsinfo_s *sinfo);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
struct rpmvs_s *rpmvsCreate(int vfylevel, rpmVSFlags vsflags, rpmKeyring keyring);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
void rpmvsInit(struct rpmvs_s *vs, hdrblob blob, rpmDigestBundle bundle);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
rpmVSFlags rpmvsFlags(struct rpmvs_s *vs);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
struct rpmvs_s *rpmvsFree(struct rpmvs_s *sis);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
void rpmvsAppendTag(struct rpmvs_s *sis, hdrblob blob, rpmTagVal tag);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
void rpmvsInitRange(struct rpmvs_s *sis, int range);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
void rpmvsFiniRange(struct rpmvs_s *sis, int range);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
int rpmvsRange(struct rpmvs_s *vs);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
int rpmvsVerify(struct rpmvs_s *sis, int type,
|
|
||||||
rpmsinfoCb cb, void *cbdata);
|
|
||||||
|
|
||||||
-RPM_GNUC_INTERNAL
|
|
||||||
rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
|
|
||||||
hdrblob *sigblobp, hdrblob *blobp, char **emsg);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From d48981ad7e36abb3500161d823acf92345c94f5d Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <d48981ad7e36abb3500161d823acf92345c94f5d.1571917458.git.pmatilai@redhat.com>
|
|
||||||
In-Reply-To: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com>
|
|
||||||
References: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com>
|
|
||||||
From: Panu Matilainen <pmatilai@redhat.com>
|
|
||||||
Date: Tue, 2 Apr 2019 16:07:56 +0300
|
|
||||||
Subject: [PATCH 2/2] Support build-id generation from compressed ELF files
|
|
||||||
(elfutils >= 0.175)
|
|
||||||
|
|
||||||
Use dwelf_elf_begin() for reading ELF files for build-id generation on
|
|
||||||
versions that have it to support compressed ELF files such as kernel
|
|
||||||
modules (RhBug:1650072,1650074). Note that debugedit still cannot handle
|
|
||||||
compressed files, this is only for build-id generation.
|
|
||||||
---
|
|
||||||
build/files.c | 4 ++++
|
|
||||||
configure.ac | 4 ++++
|
|
||||||
2 files changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/build/files.c b/build/files.c
|
|
||||||
index 3822be3d3..f72a7c866 100644
|
|
||||||
--- a/build/files.c
|
|
||||||
+++ b/build/files.c
|
|
||||||
@@ -1828,7 +1828,11 @@ static int generateBuildIDs(FileList fl, ARGV_t *files)
|
|
||||||
kernel modules (ET_REL files with .modinfo section)
|
|
||||||
should have build-ids. */
|
|
||||||
GElf_Ehdr ehdr;
|
|
||||||
+#if HAVE_DWELF_ELF_BEGIN
|
|
||||||
+ Elf *elf = dwelf_elf_begin(fd);
|
|
||||||
+#else
|
|
||||||
Elf *elf = elf_begin (fd, ELF_C_READ, NULL);
|
|
||||||
+#endif
|
|
||||||
if (elf != NULL && elf_kind(elf) == ELF_K_ELF
|
|
||||||
&& gelf_getehdr(elf, &ehdr) != NULL
|
|
||||||
&& (ehdr.e_type == ET_EXEC || ehdr.e_type == ET_DYN
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 99ce7df32..b2d7ed806 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -487,6 +487,10 @@ AS_IF([test "$WITH_LIBELF" = yes],[
|
|
||||||
# If possible we also want the strtab functions from elfutils 0.167.
|
|
||||||
# But we can fall back on the (unsupported) ebl alternatives if not.
|
|
||||||
AC_CHECK_LIB(dw, dwelf_strtab_init, [HAVE_LIBDW_STRTAB=yes])
|
|
||||||
+ # whether libdw supports compressed ELF objects
|
|
||||||
+ AC_CHECK_LIB(dw, dwelf_elf_begin, [
|
|
||||||
+ AC_DEFINE(HAVE_DWELF_ELF_BEGIN, 1, [Have dwelf_elf_begin?])
|
|
||||||
+ ])
|
|
||||||
])
|
|
||||||
])
|
|
||||||
])
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
|||||||
From e7fa1f1c1c4a6161c2254c761e857fdf04fba5ef Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <e7fa1f1c1c4a6161c2254c761e857fdf04fba5ef.1574338784.git.pmatilai@redhat.com>
|
|
||||||
In-Reply-To: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com>
|
|
||||||
References: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com>
|
|
||||||
From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
||||||
Date: Wed, 21 Nov 2018 15:36:35 +0100
|
|
||||||
Subject: [PATCH 2/3] build: check rich dependencies for special characters
|
|
||||||
|
|
||||||
Reported-by: Michael Schroeder <mls@suse.de
|
|
||||||
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
||||||
---
|
|
||||||
build/pack.c | 30 +++++++++++++++++++++++++++---
|
|
||||||
1 file changed, 27 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/build/pack.c b/build/pack.c
|
|
||||||
index daf878c76..c94964be2 100644
|
|
||||||
--- a/build/pack.c
|
|
||||||
+++ b/build/pack.c
|
|
||||||
@@ -228,12 +228,36 @@ exit:
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int haveTildeDep(Package pkg)
|
|
||||||
+struct charInDepData {
|
|
||||||
+ char c;
|
|
||||||
+ int present;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static rpmRC charInDepCb(void *cbdata, rpmrichParseType type,
|
|
||||||
+ const char *n, int nl, const char *e, int el, rpmsenseFlags sense,
|
|
||||||
+ rpmrichOp op, char **emsg) {
|
|
||||||
+ struct charInDepData *data = cbdata;
|
|
||||||
+ if (memchr(e, data->c, el))
|
|
||||||
+ data->present = 1;
|
|
||||||
+
|
|
||||||
+ return RPMRC_OK;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int haveCharInDep(Package pkg, char c)
|
|
||||||
{
|
|
||||||
+ struct charInDepData data = {c, 0};
|
|
||||||
for (int i = 0; i < PACKAGE_NUM_DEPS; i++) {
|
|
||||||
rpmds ds = rpmdsInit(pkg->dependencies[i]);
|
|
||||||
while (rpmdsNext(ds) >= 0) {
|
|
||||||
- if (strchr(rpmdsEVR(ds), '~'))
|
|
||||||
+ if (rpmdsIsRich(ds)) {
|
|
||||||
+ const char *depstr = rpmdsN(ds);
|
|
||||||
+ rpmrichParse(&depstr, NULL, charInDepCb, &data);
|
|
||||||
+ } else {
|
|
||||||
+ const char *evr = rpmdsEVR(ds);
|
|
||||||
+ if (strchr(evr, c))
|
|
||||||
+ data.present = 1;
|
|
||||||
+ }
|
|
||||||
+ if (data.present)
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -327,7 +351,7 @@ exit:
|
|
||||||
static void finalizeDeps(Package pkg)
|
|
||||||
{
|
|
||||||
/* check if the package has a dependency with a '~' */
|
|
||||||
- if (haveTildeDep(pkg))
|
|
||||||
+ if (haveCharInDep(pkg, '~'))
|
|
||||||
(void) rpmlibNeedsFeature(pkg, "TildeInVersions", "4.10.0-1");
|
|
||||||
|
|
||||||
/* check if the package has a rich dependency */
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,131 +0,0 @@
|
|||||||
From c7e711bba58374f03347c795a567441cbef3de58 Mon Sep 17 00:00:00 2001
|
|
||||||
Message-Id: <c7e711bba58374f03347c795a567441cbef3de58.1574338784.git.pmatilai@redhat.com>
|
|
||||||
In-Reply-To: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com>
|
|
||||||
References: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com>
|
|
||||||
From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
||||||
Date: Sat, 10 Sep 2016 11:39:23 +0200
|
|
||||||
Subject: [PATCH 3/3] Add support for sorting caret ('^') higher than base
|
|
||||||
version
|
|
||||||
|
|
||||||
1.1^20160101 means 1.1 version (base) and patches which were applied at
|
|
||||||
that date on top of it.
|
|
||||||
|
|
||||||
* 1.1^201601 > 1.1
|
|
||||||
* 1.1^201601 < 1.1.1
|
|
||||||
|
|
||||||
Having symmetry is also good.
|
|
||||||
|
|
||||||
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
||||||
---
|
|
||||||
build/pack.c | 4 ++++
|
|
||||||
lib/rpmds.c | 3 +++
|
|
||||||
lib/rpmvercmp.c | 19 +++++++++++++++++--
|
|
||||||
tests/rpmvercmp.at | 26 ++++++++++++++++++++++++++
|
|
||||||
4 files changed, 50 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/build/pack.c b/build/pack.c
|
|
||||||
index c94964be2..d7adcb0e2 100644
|
|
||||||
--- a/build/pack.c
|
|
||||||
+++ b/build/pack.c
|
|
||||||
@@ -354,6 +354,10 @@ static void finalizeDeps(Package pkg)
|
|
||||||
if (haveCharInDep(pkg, '~'))
|
|
||||||
(void) rpmlibNeedsFeature(pkg, "TildeInVersions", "4.10.0-1");
|
|
||||||
|
|
||||||
+ /* check if the package has a dependency with a '^' */
|
|
||||||
+ if (haveCharInDep(pkg, '^'))
|
|
||||||
+ (void) rpmlibNeedsFeature(pkg, "CaretInVersions", "4.15.0-1");
|
|
||||||
+
|
|
||||||
/* check if the package has a rich dependency */
|
|
||||||
if (haveRichDep(pkg))
|
|
||||||
(void) rpmlibNeedsFeature(pkg, "RichDependencies", "4.12.0-1");
|
|
||||||
diff --git a/lib/rpmds.c b/lib/rpmds.c
|
|
||||||
index 01aa1022b..730a58c35 100644
|
|
||||||
--- a/lib/rpmds.c
|
|
||||||
+++ b/lib/rpmds.c
|
|
||||||
@@ -1240,6 +1240,9 @@ static const struct rpmlibProvides_s rpmlibProvides[] = {
|
|
||||||
{ "rpmlib(TildeInVersions)", "4.10.0-1",
|
|
||||||
( RPMSENSE_EQUAL),
|
|
||||||
N_("dependency comparison supports versions with tilde.") },
|
|
||||||
+ { "rpmlib(CaretInVersions)", "4.15.0-1",
|
|
||||||
+ ( RPMSENSE_EQUAL),
|
|
||||||
+ N_("dependency comparison supports versions with caret.") },
|
|
||||||
{ "rpmlib(LargeFiles)", "4.12.0-1",
|
|
||||||
( RPMSENSE_EQUAL),
|
|
||||||
N_("support files larger than 4GB") },
|
|
||||||
diff --git a/lib/rpmvercmp.c b/lib/rpmvercmp.c
|
|
||||||
index b3d08faa4..13857e151 100644
|
|
||||||
--- a/lib/rpmvercmp.c
|
|
||||||
+++ b/lib/rpmvercmp.c
|
|
||||||
@@ -33,8 +33,8 @@ int rpmvercmp(const char * a, const char * b)
|
|
||||||
|
|
||||||
/* loop through each version segment of str1 and str2 and compare them */
|
|
||||||
while (*one || *two) {
|
|
||||||
- while (*one && !risalnum(*one) && *one != '~') one++;
|
|
||||||
- while (*two && !risalnum(*two) && *two != '~') two++;
|
|
||||||
+ while (*one && !risalnum(*one) && *one != '~' && *one != '^') one++;
|
|
||||||
+ while (*two && !risalnum(*two) && *two != '~' && *two != '^') two++;
|
|
||||||
|
|
||||||
/* handle the tilde separator, it sorts before everything else */
|
|
||||||
if (*one == '~' || *two == '~') {
|
|
||||||
@@ -45,6 +45,21 @@ int rpmvercmp(const char * a, const char * b)
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * Handle caret separator. Concept is the same as tilde,
|
|
||||||
+ * except that if one of the strings ends (base version),
|
|
||||||
+ * the other is considered as higher version.
|
|
||||||
+ */
|
|
||||||
+ if (*one == '^' || *two == '^') {
|
|
||||||
+ if (!*one) return -1;
|
|
||||||
+ if (!*two) return 1;
|
|
||||||
+ if (*one != '^') return 1;
|
|
||||||
+ if (*two != '^') return -1;
|
|
||||||
+ one++;
|
|
||||||
+ two++;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* If we ran to the end of either, we are finished with the loop */
|
|
||||||
if (!(*one && *two)) break;
|
|
||||||
|
|
||||||
diff --git a/tests/rpmvercmp.at b/tests/rpmvercmp.at
|
|
||||||
index 8b32209aa..1e7c960ea 100644
|
|
||||||
--- a/tests/rpmvercmp.at
|
|
||||||
+++ b/tests/rpmvercmp.at
|
|
||||||
@@ -102,6 +102,32 @@ RPMVERCMP(1.0~rc1~git123, 1.0~rc1~git123, 0)
|
|
||||||
RPMVERCMP(1.0~rc1~git123, 1.0~rc1, -1)
|
|
||||||
RPMVERCMP(1.0~rc1, 1.0~rc1~git123, 1)
|
|
||||||
|
|
||||||
+dnl Basic testcases for caret sorting
|
|
||||||
+RPMVERCMP(1.0^, 1.0^, 0)
|
|
||||||
+RPMVERCMP(1.0^, 1.0, 1)
|
|
||||||
+RPMVERCMP(1.0, 1.0^, -1)
|
|
||||||
+RPMVERCMP(1.0^git1, 1.0^git1, 0)
|
|
||||||
+RPMVERCMP(1.0^git1, 1.0, 1)
|
|
||||||
+RPMVERCMP(1.0, 1.0^git1, -1)
|
|
||||||
+RPMVERCMP(1.0^git1, 1.0^git2, -1)
|
|
||||||
+RPMVERCMP(1.0^git2, 1.0^git1, 1)
|
|
||||||
+RPMVERCMP(1.0^git1, 1.01, -1)
|
|
||||||
+RPMVERCMP(1.01, 1.0^git1, 1)
|
|
||||||
+RPMVERCMP(1.0^20160101, 1.0^20160101, 0)
|
|
||||||
+RPMVERCMP(1.0^20160101, 1.0.1, -1)
|
|
||||||
+RPMVERCMP(1.0.1, 1.0^20160101, 1)
|
|
||||||
+RPMVERCMP(1.0^20160101^git1, 1.0^20160101^git1, 0)
|
|
||||||
+RPMVERCMP(1.0^20160102, 1.0^20160101^git1, 1)
|
|
||||||
+RPMVERCMP(1.0^20160101^git1, 1.0^20160102, -1)
|
|
||||||
+
|
|
||||||
+dnl Basic testcases for tilde and caret sorting
|
|
||||||
+RPMVERCMP(1.0~rc1^git1, 1.0~rc1^git1, 0)
|
|
||||||
+RPMVERCMP(1.0~rc1^git1, 1.0~rc1, 1)
|
|
||||||
+RPMVERCMP(1.0~rc1, 1.0~rc1^git1, -1)
|
|
||||||
+RPMVERCMP(1.0^git1~pre, 1.0^git1~pre, 0)
|
|
||||||
+RPMVERCMP(1.0^git1, 1.0^git1~pre, 1)
|
|
||||||
+RPMVERCMP(1.0^git1~pre, 1.0^git1, -1)
|
|
||||||
+
|
|
||||||
dnl These are included here to document current, arguably buggy behaviors
|
|
||||||
dnl for reference purposes and for easy checking against unintended
|
|
||||||
dnl behavior changes.
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
11
SOURCES/rpm-4-14.3-selinux-log-error.patch
Normal file
11
SOURCES/rpm-4-14.3-selinux-log-error.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- rpm-4.14.3/plugins/selinux.c.orig 2020-05-11 16:07:22.873791795 +0200
|
||||||
|
+++ rpm-4.14.3/plugins/selinux.c 2020-05-11 16:10:11.701771157 +0200
|
||||||
|
@@ -47,7 +47,7 @@
|
||||||
|
|
||||||
|
sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
|
||||||
|
|
||||||
|
- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
|
||||||
|
+ rpmlog((sehandle == NULL) ? RPMLOG_ERR : RPMLOG_DEBUG, "selabel_open: (%s) %s\n",
|
||||||
|
path, (sehandle == NULL ? strerror(errno) : ""));
|
||||||
|
|
||||||
|
return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
|
186
SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
Normal file
186
SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
Normal file
@ -0,0 +1,186 @@
|
|||||||
|
diff -up rpm-4.14.3/sign/rpmgensig.c.orig rpm-4.14.3/sign/rpmgensig.c
|
||||||
|
--- rpm-4.14.3/sign/rpmgensig.c.orig 2020-06-26 15:57:43.781333983 +0200
|
||||||
|
+++ rpm-4.14.3/sign/rpmgensig.c 2020-06-26 15:58:29.819229616 +0200
|
||||||
|
@@ -8,7 +8,6 @@
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
#include <popt.h>
|
||||||
|
-#include <libgen.h>
|
||||||
|
|
||||||
|
#include <rpm/rpmlib.h> /* RPMSIGTAG & related */
|
||||||
|
#include <rpm/rpmmacro.h>
|
||||||
|
@@ -33,68 +32,6 @@ typedef struct sigTarget_s {
|
||||||
|
rpm_loff_t size;
|
||||||
|
} *sigTarget;
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * There is no function for creating unique temporary fifos so create
|
||||||
|
- * unique temporary directory and then create fifo in it.
|
||||||
|
- */
|
||||||
|
-static char *mkTempFifo(void)
|
||||||
|
-{
|
||||||
|
- char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL;
|
||||||
|
- mode_t mode;
|
||||||
|
-
|
||||||
|
- tmppath = rpmExpand("%{_tmppath}", NULL);
|
||||||
|
- if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1))
|
||||||
|
- goto exit;
|
||||||
|
-
|
||||||
|
-
|
||||||
|
- tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL);
|
||||||
|
- mode = umask(0077);
|
||||||
|
- tmpdir = mkdtemp(tmpdir);
|
||||||
|
- umask(mode);
|
||||||
|
- if (tmpdir == NULL) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"),
|
||||||
|
- tmpdir);
|
||||||
|
- tmpdir = _free(tmpdir);
|
||||||
|
- goto exit;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- fifofn = rpmGetPath(tmpdir, "/fifo", NULL);
|
||||||
|
- if (mkfifo(fifofn, 0600) == -1) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn);
|
||||||
|
- fifofn = _free(fifofn);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-exit:
|
||||||
|
- if (fifofn == NULL && tmpdir != NULL)
|
||||||
|
- unlink(tmpdir);
|
||||||
|
-
|
||||||
|
- free(tmppath);
|
||||||
|
- free(tmpdir);
|
||||||
|
-
|
||||||
|
- return fifofn;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-/* Delete fifo and then temporary directory in which it was located */
|
||||||
|
-static int rpmRmTempFifo(const char *fn)
|
||||||
|
-{
|
||||||
|
- int rc = 0;
|
||||||
|
- char *dfn = NULL, *dir = NULL;
|
||||||
|
-
|
||||||
|
- if ((rc = unlink(fn)) != 0) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn);
|
||||||
|
- return rc;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- dfn = xstrdup(fn);
|
||||||
|
- dir = dirname(dfn);
|
||||||
|
-
|
||||||
|
- if ((rc = rmdir(dir)) != 0)
|
||||||
|
- rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir);
|
||||||
|
- free(dfn);
|
||||||
|
-
|
||||||
|
- return rc;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
static int closeFile(FD_t *fdp)
|
||||||
|
{
|
||||||
|
if (fdp == NULL || *fdp == NULL)
|
||||||
|
@@ -241,27 +178,38 @@ exit:
|
||||||
|
static int runGPG(sigTarget sigt, const char *sigfile)
|
||||||
|
{
|
||||||
|
int pid = 0, status;
|
||||||
|
- FD_t fnamedPipe = NULL;
|
||||||
|
- char *namedPipeName = NULL;
|
||||||
|
+ int pipefd[2];
|
||||||
|
+ FILE *fpipe = NULL;
|
||||||
|
unsigned char buf[BUFSIZ];
|
||||||
|
ssize_t count;
|
||||||
|
ssize_t wantCount;
|
||||||
|
rpm_loff_t size;
|
||||||
|
int rc = 1; /* assume failure */
|
||||||
|
|
||||||
|
- namedPipeName = mkTempFifo();
|
||||||
|
+ if (pipe(pipefd) < 0) {
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n"));
|
||||||
|
+ goto exit;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- rpmPushMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
|
||||||
|
+ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
||||||
|
rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
||||||
|
|
||||||
|
if (!(pid = fork())) {
|
||||||
|
char *const *av;
|
||||||
|
char *cmd = NULL;
|
||||||
|
- const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||||
|
+ const char *tty = ttyname(STDIN_FILENO);
|
||||||
|
+ const char *gpg_path = NULL;
|
||||||
|
+
|
||||||
|
+ if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
|
||||||
|
+ rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
|
||||||
|
|
||||||
|
+ gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||||
|
if (gpg_path && *gpg_path != '\0')
|
||||||
|
(void) setenv("GNUPGHOME", gpg_path, 1);
|
||||||
|
|
||||||
|
+ dup2(pipefd[0], STDIN_FILENO);
|
||||||
|
+ close(pipefd[1]);
|
||||||
|
+
|
||||||
|
unsetenv("MALLOC_CHECK_");
|
||||||
|
cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
||||||
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
||||||
|
@@ -276,9 +224,10 @@ static int runGPG(sigTarget sigt, const
|
||||||
|
rpmPopMacro(NULL, "__plaintext_filename");
|
||||||
|
rpmPopMacro(NULL, "__signature_filename");
|
||||||
|
|
||||||
|
- fnamedPipe = Fopen(namedPipeName, "w");
|
||||||
|
- if (!fnamedPipe) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
|
||||||
|
+ close(pipefd[0]);
|
||||||
|
+ fpipe = fdopen(pipefd[1], "w");
|
||||||
|
+ if (!fpipe) {
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("Could not open pipe for writing: %m\n"));
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -291,8 +240,8 @@ static int runGPG(sigTarget sigt, const
|
||||||
|
size = sigt->size;
|
||||||
|
wantCount = size < sizeof(buf) ? size : sizeof(buf);
|
||||||
|
while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) {
|
||||||
|
- Fwrite(buf, sizeof(buf[0]), count, fnamedPipe);
|
||||||
|
- if (Ferror(fnamedPipe)) {
|
||||||
|
+ fwrite(buf, sizeof(buf[0]), count, fpipe);
|
||||||
|
+ if (ferror(fpipe)) {
|
||||||
|
rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
@@ -304,8 +253,13 @@ static int runGPG(sigTarget sigt, const
|
||||||
|
sigt->fileName, Fstrerror(sigt->fd));
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
- Fclose(fnamedPipe);
|
||||||
|
- fnamedPipe = NULL;
|
||||||
|
+
|
||||||
|
+exit:
|
||||||
|
+
|
||||||
|
+ if (fpipe)
|
||||||
|
+ fclose(fpipe);
|
||||||
|
+ if (pipefd[1])
|
||||||
|
+ close(pipefd[1]);
|
||||||
|
|
||||||
|
(void) waitpid(pid, &status, 0);
|
||||||
|
pid = 0;
|
||||||
|
@@ -314,20 +268,6 @@ static int runGPG(sigTarget sigt, const
|
||||||
|
} else {
|
||||||
|
rc = 0;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-exit:
|
||||||
|
-
|
||||||
|
- if (fnamedPipe)
|
||||||
|
- Fclose(fnamedPipe);
|
||||||
|
-
|
||||||
|
- if (pid)
|
||||||
|
- waitpid(pid, &status, 0);
|
||||||
|
-
|
||||||
|
- if (namedPipeName) {
|
||||||
|
- rpmRmTempFifo(namedPipeName);
|
||||||
|
- free(namedPipeName);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
13
SOURCES/rpm-4.14.3-python3.diff
Normal file
13
SOURCES/rpm-4.14.3-python3.diff
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
--- rpm-4.14.3/configure.ac.orig 2020-05-04 21:08:41.481365399 +0200
|
||||||
|
+++ rpm-4.14.3/configure.ac 2020-05-04 21:09:03.550604043 +0200
|
||||||
|
@@ -129,8 +129,8 @@
|
||||||
|
|
||||||
|
AC_PATH_PROG(__PERL, perl, /usr/bin/perl, $MYPATH)
|
||||||
|
AC_PATH_PROG(__PGP, pgp, /usr/bin/pgp, $MYPATH)
|
||||||
|
-AC_PATH_PROG(__PYTHON, python2, /usr/bin/python2, $MYPATH)
|
||||||
|
-AC_PATH_PROG(PYTHON, python2, /usr/bin/python2, $MYPATH)
|
||||||
|
+AC_PATH_PROG(__PYTHON, python3, /usr/bin/python3, $MYPATH)
|
||||||
|
+AC_PATH_PROG(PYTHON, python3, /usr/bin/python3, $MYPATH)
|
||||||
|
AC_PATH_PROG(__RM, rm, /bin/rm, $MYPATH)
|
||||||
|
AC_PATH_PROG(__RSH, rsh, /usr/bin/rsh, $MYPATH)
|
||||||
|
AC_PATH_PROG(__SED, sed, /bin/sed, $MYPATH)
|
@ -1,29 +0,0 @@
|
|||||||
A partial no-op backport of commit 9e8e8bcfb1b1fa359c37499e11a302ec7bde1595
|
|
||||||
to get caret patches to apply nicely
|
|
||||||
|
|
||||||
diff --git a/build/parsePreamble.c b/build/parsePreamble.c
|
|
||||||
index 5715d2569..7d89617c2 100644
|
|
||||||
--- a/build/parsePreamble.c
|
|
||||||
+++ b/build/parsePreamble.c
|
|
||||||
@@ -22,8 +22,6 @@
|
|
||||||
#define SKIPWHITE(_x) {while (*(_x) && (risspace(*_x) || *(_x) == ',')) (_x)++;}
|
|
||||||
#define SKIPNONWHITE(_x){while (*(_x) &&!(risspace(*_x) || *(_x) == ',')) (_x)++;}
|
|
||||||
|
|
||||||
-#define WHITELIST_NAME ".-_+%{}"
|
|
||||||
-
|
|
||||||
/**
|
|
||||||
*/
|
|
||||||
static const rpmTagVal copyTagsDuringParse[] = {
|
|
||||||
diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h
|
|
||||||
index 439b7d3b5..cc9de88f9 100644
|
|
||||||
--- a/build/rpmbuild_internal.h
|
|
||||||
+++ b/build/rpmbuild_internal.h
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
#undef HTKEYTYPE
|
|
||||||
#undef HTDATATYPE
|
|
||||||
|
|
||||||
+#define WHITELIST_NAME ".-_+%{}"
|
|
||||||
+
|
|
||||||
struct TriggerFileEntry {
|
|
||||||
int index;
|
|
||||||
char * fileName;
|
|
@ -28,9 +28,9 @@
|
|||||||
|
|
||||||
%define rpmhome /usr/lib/rpm
|
%define rpmhome /usr/lib/rpm
|
||||||
|
|
||||||
%global rpmver 4.14.2
|
%global rpmver 4.14.3
|
||||||
#global snapver rc2
|
#global snapver rc2
|
||||||
%global rel 37
|
%global rel 4
|
||||||
|
|
||||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||||
@ -72,37 +72,14 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch
|
|||||||
Patch7: rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch
|
Patch7: rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch
|
||||||
|
|
||||||
# Patches already upstream:
|
# Patches already upstream:
|
||||||
Patch100: 0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch
|
|
||||||
Patch101: rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch
|
Patch101: rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch
|
||||||
Patch102: 0001-Document-noverify-in-the-man-page-RhBug-1646458.patch
|
Patch102: 0001-Document-noverify-in-the-man-page-RhBug-1646458.patch
|
||||||
Patch103: 0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch
|
|
||||||
Patch104: 0001-Mark-elements-with-associated-problems-as-failed.patch
|
Patch104: 0001-Mark-elements-with-associated-problems-as-failed.patch
|
||||||
Patch105: 0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch
|
|
||||||
Patch106: 0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch
|
|
||||||
Patch107: 0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch
|
|
||||||
Patch108: 0001-Only-read-through-payload-on-verify-if-actually-need.patch
|
Patch108: 0001-Only-read-through-payload-on-verify-if-actually-need.patch
|
||||||
Patch109: 0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch
|
|
||||||
Patch110: 0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch
|
|
||||||
Patch111: 0003-Verify-packages-before-signing-RhBug-1646388.patch
|
Patch111: 0003-Verify-packages-before-signing-RhBug-1646388.patch
|
||||||
Patch112: 0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch
|
Patch112: 0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch
|
||||||
Patch113: 0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch
|
|
||||||
Patch114: 0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch
|
|
||||||
Patch115: 0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch
|
|
||||||
Patch116: 0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch
|
Patch116: 0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch
|
||||||
Patch117: 0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch
|
|
||||||
Patch118: 0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch
|
|
||||||
Patch119: 0001-Use-in-condition-to-avoid-sub-processes-in-find-debu.patch
|
Patch119: 0001-Use-in-condition-to-avoid-sub-processes-in-find-debu.patch
|
||||||
Patch120: 0001-rpmsign-man-page-Add-line-about-rpmsign-requiring-a-.patch
|
|
||||||
Patch121: 0001-Use-dpbath-only-with-full-path-RhBug-1696408.patch
|
|
||||||
Patch122: 0001-Fix-a-blindingly-obvious-memleak-in-package-verify-s.patch
|
|
||||||
Patch123: 0001-Fix-rpmfiles-memory-leak-on-postuntrans-file-trigger.patch
|
|
||||||
Patch125: 0001-Remove-capabilities-instead-of-setting-empty-caps-vi.patch
|
|
||||||
Patch126: 0001-Fix-off-by-one-in-hdrblobGet-making-last-entry-unrea.patch
|
|
||||||
Patch127: 0001-Fix-memleak-during-transaction-verify-step-in-the-NO.patch
|
|
||||||
Patch128: 0001-Detect-kernel-modules-by-.modinfo-section-presence-f.patch
|
|
||||||
Patch129: 0002-Support-build-id-generation-from-compressed-ELF-file.patch
|
|
||||||
Patch130: 0001-Add-step-to-find-debuginfo.sh-script-to-compress-ann.patch
|
|
||||||
Patch131: 0001-rpmpgp-Handle-EOF-without-EOL-better-at-END-PGP.patch
|
|
||||||
Patch132: 0001-debugedit-Refactor-reading-writing-of-relocated-valu.patch
|
Patch132: 0001-debugedit-Refactor-reading-writing-of-relocated-valu.patch
|
||||||
Patch133: 0002-Handle-.debug_macro-in-debugedit.patch
|
Patch133: 0002-Handle-.debug_macro-in-debugedit.patch
|
||||||
Patch134: 0003-debugedit-Make-sure-.debug_line-old-new-idx-start-eq.patch
|
Patch134: 0003-debugedit-Make-sure-.debug_line-old-new-idx-start-eq.patch
|
||||||
@ -114,11 +91,7 @@ Patch139: 0001-Make-check-buildroot-check-the-build-files-in-parall.patch
|
|||||||
Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch
|
Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch
|
||||||
# XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch
|
# XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch
|
||||||
Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch
|
Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch
|
||||||
Patch143: 0002-build-check-rich-dependencies-for-special-characters.patch
|
Patch142: rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch
|
||||||
Patch144: 0003-Add-support-for-sorting-caret-higher-than-base-versi.patch
|
|
||||||
Patch145: rpm-4.14.x-whitelist-name.patch
|
|
||||||
Patch146: 0001-Consolidate-allowed-version-release-evr-allowed-char.patch
|
|
||||||
Patch147: 0002-Actually-permit-caret-in-version-release-and-evr-str.patch
|
|
||||||
|
|
||||||
# Python 3 string API sanity
|
# Python 3 string API sanity
|
||||||
Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
|
Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
|
||||||
@ -131,6 +104,8 @@ Patch504: 0002-Use-Python-3-compatible-exception-syntax-in-tests.patch
|
|||||||
Patch505: 0003-Fix-couple-of-bytes-vs-strings-issues-in-Python-test.patch
|
Patch505: 0003-Fix-couple-of-bytes-vs-strings-issues-in-Python-test.patch
|
||||||
Patch506: 0004-Bump-the-minimum-Python-version-requirement-to-2.7.patch
|
Patch506: 0004-Bump-the-minimum-Python-version-requirement-to-2.7.patch
|
||||||
Patch507: 0005-Drop-an-unnecessary-Python-2-vs-3-incompatibility-fr.patch
|
Patch507: 0005-Drop-an-unnecessary-Python-2-vs-3-incompatibility-fr.patch
|
||||||
|
Patch508: rpm-4.14.3-python3.diff
|
||||||
|
Patch509: rpm-4-14.3-selinux-log-error.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
# Audit support
|
# Audit support
|
||||||
@ -458,7 +433,7 @@ done;
|
|||||||
--with-selinux \
|
--with-selinux \
|
||||||
--with-cap \
|
--with-cap \
|
||||||
--with-acl \
|
--with-acl \
|
||||||
%{?with_ndb: --with-ndb} \
|
%{?with_ndb: --enable-ndb} \
|
||||||
%{?with_libimaevm: --with-imaevm} \
|
%{?with_libimaevm: --with-imaevm} \
|
||||||
%{?with_zstd: --enable-zstd} \
|
%{?with_zstd: --enable-zstd} \
|
||||||
%{?with_lmdb: --enable-lmdb} \
|
%{?with_lmdb: --enable-lmdb} \
|
||||||
@ -678,6 +653,18 @@ make check || cat tests/rpmtests.log
|
|||||||
%doc doc/librpm/html/*
|
%doc doc/librpm/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 26 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-4
|
||||||
|
- Fix hang when signing with expired key (#1746353)
|
||||||
|
|
||||||
|
* Wed May 13 2020 Panu Matilainen <pmatilai@redhat.com> - 4.14.3-3
|
||||||
|
- Fix configure option for --with ndb (#1817010, Matthew Almond)
|
||||||
|
|
||||||
|
* Mon May 11 2020 Florian Festi <ffesti@redhat.com> - 4.14.3-2
|
||||||
|
- Re-add selinux fix dropped in rebase
|
||||||
|
|
||||||
|
* Mon May 4 2020 Florian Festi <ffesti@redhat.com> - 4.14.3-1
|
||||||
|
- Rebase to 4.14.3 (#1765187)
|
||||||
|
|
||||||
* Fri Feb 21 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.2-37
|
* Fri Feb 21 2020 Michal Domonkos <mdomonko@redhat.com> - 4.14.2-37
|
||||||
- Add API safeguard for DNF by using Conflicts: (#1790400)
|
- Add API safeguard for DNF by using Conflicts: (#1790400)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user