Unblock signals in forked scriptlets

Resolves: #1991667
2021-08-19 16:30:06 +02:00 · 2021-08-19 16:30:06 +02:00 · df26668d42
parent f44c30341f
commit df26668d42
2 changed files with 37 additions and 1 deletions
--- a/rpm-4.16.1.3-unblock-signals-in-forked-scriptlets.patch
+++ b/rpm-4.16.1.3-unblock-signals-in-forked-scriptlets.patch
@ -0,0 +1,32 @@
+commit cb6aa82dbc10d554f8d234e934ae7c77e39a3ce2
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Tue Jan 12 13:35:23 2021 +0200
+
+    Unblock signals in forked scriptlets
+    
+    Since commit c5f82d3f6223ebd0c5cc0a07ea60393ae7284929 we've blocked
+    most signals during transactions, which makes sense to rpm itself but
+    the signal mask is inherited to childs and carried even across exec(),
+    so all scriptlets are executing with those signals blocked as well.
+    Which in turn does not make sense, the scriptlets could run stuff that
+    actually depends on signal delivery (such as SIGALARM in RhBug:1913765).
+    
+    Unblock all signals for forked scriptlet execution (Lua scriptlets are
+    totally different as they execute in-process for now)
+
+diff --git a/lib/rpmscript.c b/lib/rpmscript.c
+index 2ae3378f7..c69d29554 100644
+--- a/lib/rpmscript.c
+++ b/lib/rpmscript.c
+@@ -152,6 +152,11 @@ static void doScriptExec(ARGV_const_t argv, ARGV_const_t prefixes,
+ 			FD_t scriptFd, FD_t out)
+ {
+     int xx;
+    sigset_t set;
+
+    /* Unmask all signals, the scripts may need them */
+    sigfillset(&set);
+    sigprocmask(SIG_UNBLOCK, &set, NULL);
+ 
+     /* SIGPIPE is ignored in rpm, reset to default for the scriptlet */
+     (void) signal(SIGPIPE, SIG_DFL);
--- a/rpm.spec
+++ b/rpm.spec
@ -32,7 +32,7 @@

 %global rpmver 4.16.1.3
 #global snapver rc1
-%global rel 6
+%global rel 7
 %global sover 9

 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -71,6 +71,7 @@ Patch7: 0001-Issue-deprecation-warning-when-creating-BDB-database.patch
 Patch100: rpm-4.16.1.3-imp-covscan-fixes.patch
 Patch101: rpm-4.16.1.3-rpmsign-support-EdDSA-sig.patch
 Patch102: rpm-4.16.1.3-add-fapolicyd-plugin.patch
+Patch103: rpm-4.16.1.3-unblock-signals-in-forked-scriptlets.patch

 # These are not yet upstream
 Patch906: rpm-4.7.1-geode-i686.patch
@ -595,6 +596,9 @@ fi
 %doc doc/librpm/html/*

 %changelog
+* Thu Aug 19 2021 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-7
+- Unblock signals in forked scriptlets (#1991667)
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 4.16.1.3-6.1
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688