Commit Graph

63 Commits

Author SHA1 Message Date
Michal Domonkos
671ef971c9 Fix root relocation regression
Resolves: RHEL-28967
2024-08-05 16:24:55 +02:00
Michal Domonkos
b3bd2e82c5 Revert "Don't confuse OpenScanHub with false array overrun"
Yikes.  This was a rushed "fix" that caused a regression in --verify
mode with the following error message:

    Header RSA signature: BAD (header tag 268: invalid OpenPGP signature)

This was immediately caught by the CI (thank god we have it!).

Since this patch was downstream-only (no internal OpenPGP parser in rpm
upstream anymore), it didn't go through the usual peer review.  I should
have asked for it in GitLab still, no matter how innocent and tiny the
change appears to be (lesson learned).

Anyway, it's probably going to be safer to just mark this finding as a
false positive (which it really is), as opposed to touching the code.

Let's revisit later, for now, just revert.

This reverts commit ae9528bbef.

Related: RHEL-22607
2024-07-12 16:50:10 +02:00
Michal Domonkos
cf0fff1708 Talk about rpmsign in the rpmsign(8) man page
Resolves: RHEL-40895
2024-07-11 17:51:58 +02:00
Michal Domonkos
a93a04ca0b Add SourceLicense tag to spec syntax
Resolves: RHEL-28798
2024-07-11 17:49:47 +02:00
Michal Domonkos
ae9528bbef Don't confuse OpenScanHub with false array overrun
We are intentionally skipping just past the header here (see RFC 4880
for details) so make that explicit by moving the pointer relative to the
header's start as opposed to relative to the pointer itself.

This is equivalent to the previous expression but makes OpenScanHub
happy.

Resolves: RHEL-22607
2024-07-11 17:49:43 +02:00
Michal Domonkos
e0ff81088a Fix OpenScanHub findings
Resolves: RHEL-22604
Resolves: RHEL-22605
2024-07-11 14:00:47 +02:00
Michal Domonkos
19aad8075d Rebuild against libimaevm.so.4
Resolves: RHEL-32505
2024-06-03 11:08:46 +02:00
Michal Domonkos
590afced8b Use unsigned integers for buildtime too for Y2K38 safety
Resolves: RHEL-22602
2024-06-03 11:08:46 +02:00
Michal Domonkos
f3557c42a9 Don't segfault on missing priority tag
Resolves: RHEL-35249
2024-06-03 11:08:44 +02:00
Florian Festi
8126eec7e0 Don't warn about missing user/group on skipped files
Resolves: RHEL-18037
2023-12-13 12:24:28 +01:00
Florian Festi
056ea9da7e Actually add --verifydb to the man page
Resolves: RHEL-14591
2023-12-13 12:22:21 +01:00
Florian Festi
3e052f3a74 Fix warning if file removal fails
Resolves: RHEL-14598 RHEL-14599 RHEL-14600
2023-12-11 16:01:23 +01:00
Florian Festi
6ae1932ef1 Fix issues with backported file handling
Resolves: RHEL-14598 RHEL-14599 RHEL-14600
2023-12-10 21:31:56 +01:00
Florian Festi
515f57c7ab Expose and document rpmdb --verifydb operation
Resolves: RHEL-14591
2023-12-10 21:31:56 +01:00
Florian Festi
9f50765424 Fix description of whatconflicts in the man page
Resolves: RHEL-6303
2023-11-16 10:09:54 +01:00
Florian Festi
443474e208 Fix short circuiting of versions in expressions
Resolves: RHEL-15688
2023-11-16 09:40:03 +01:00
Florian Festi
94360abd84 Backport file handling code from rpm-4.19
Fixes CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939

Patches include small changes found in other patches. See RHEL-8.10
patch set for intermediate steps.

Resolves: RHEL-14598 RHEL-14599 RHEL-14600
2023-11-11 10:22:18 +01:00
Florian Festi
f3da53eb6d Followup on #2166383
- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit
- Add %%__find_debuginfo macro

Resolves: #2166383
2023-06-30 16:01:47 +02:00
Florian Festi
9bfd8d7033 Use external find-debug and debugedit
Delete tools and point macro to the external ones (instead of using
symlinks)

Resolves: #2166383
2023-05-04 14:21:10 +02:00
Florian Festi
1ff4308fe4 Use external find-debug and debugedit
Resolves: #2166383
2023-05-03 12:51:07 +02:00
Florian Festi
288f177357 Don't error out on IMA signatures
on files not supporting them

Resolves: #2157835
Resolves: #2157836
2023-05-03 11:13:41 +02:00
Florian Festi
31b00a05e3 Fix option parsing in rpm2archive
Related: #2150804
2022-12-19 19:00:32 +01:00
Yaakov Selkowitz
040ce1a127 Support long language names for QT
Resolves: #2144005
2022-12-05 14:40:40 +01:00
Florian Festi
b67be025eb Add --nocompression to rpm2archive
Resolves: #2150804
2022-12-05 14:39:09 +01:00
Florian Festi
63a09f826d Handle SELinux log messages
Resolves: #2123719
2022-12-05 12:15:30 +01:00
Florian Festi
e418fc901c Remove spurious Python rpm module
Resolves: #2135731
2022-12-05 12:05:07 +01:00
Florian Festi
f27d9231a3 Fix db queries with carets
Resolves: #2129468
2022-12-05 12:04:59 +01:00
Florian Festi
d0e93abb8f Add bcond macros
Resolves: #2129060
2022-11-07 17:30:21 +01:00
Michal Domonkos
7da4871c04 Bump release for rebuild
Resolves: #2136770
2022-10-21 15:13:33 +02:00
Michal Domonkos
6ea23edd58 Make write() nonblocking in fapolicyd plugin
Resolves: #2111251
2022-09-23 13:28:31 +02:00
Florian Festi
e3ce4eba28 Make rpm2cpio.sh more robust
Also reduce bytes read for checking the magic header to 4 as the zero
bytes read break on aarch64 for some reason.

Resolves: #1983015
2022-08-03 17:42:27 +02:00
Florian Festi
0a4ec89b01 Make rpm2cpio.sh more robust
Resolves: #1983015
2022-08-01 09:07:44 +02:00
Nick Clifton
a44688b636 Pass _find_debuginfo_vendor_opts to the find-debuginfo script.
Resolves: #2099617
2022-06-30 11:49:55 +01:00
Florian Festi
a654ea1b9c Give warning on not supported hash for RSA keys
Resolves: #2069877
2022-06-29 08:56:02 +02:00
Florian Festi
5a103aa493 Give error message for failed PGP key import
due to missing SHA1 support

Resolves: #2069877
2022-06-16 14:42:05 +02:00
Michal Domonkos
60b30271bc Fix minor ABI regression in rpmcli.h
Upstream commit:
f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8

Related: #2037352
Resolves: #2072175
2022-04-05 20:33:27 +02:00
Michal Domonkos
0b3e36cfc6 Add patches for release 11
Resolves: #2037186
Resolves: #2018937
Resolves: #2023692
2022-02-15 10:38:13 +01:00
Michal Domonkos
1a9baff802 Add patches for release 10
Resolves: #1943724
Resolves: #2048455
Resolves: #2037352
Resolves: #2025906
2022-02-01 15:38:08 +01:00
Michal Domonkos
43a9b03766 Fix-up IMA signature lengths patch
Related: #2018937
2021-12-13 16:15:05 +01:00
Michal Domonkos
e2e5e2b2d1 Add patches for release 8
Resolves: #1965147, #1999009, #1999012, #2015407, #2026079, #2018937
Resolves: #1943724
2021-12-10 14:51:49 +01:00
Michal Domonkos
6a3e594a7c Fix dist tag
Related: #1991667
2021-08-19 16:35:31 +02:00
Michal Domonkos
df26668d42 Unblock signals in forked scriptlets
Resolves: #1991667
2021-08-19 16:30:08 +02:00
Mohan Boddu
f44c30341f Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:39:19 +00:00
Florian Weimer
c168e50528 Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
2021-07-28 11:07:34 +02:00
Michal Domonkos
4d65fa1daf Rebuild for gating.yaml
Related: #1942549
2021-07-23 12:08:18 +02:00
Aleksandra Fedorova
5a6e013789 Add RHEL gating configuration 2021-07-22 15:48:09 +00:00
Michal Domonkos
205cd9b1fc Add fapolicyd plugin
Resolves: #1942549
2021-07-22 16:27:19 +02:00
Michal Domonkos
44ada860a5 Add support for EdDSA signatures to rpmsign
Resolves: #1962234
2021-07-22 13:04:51 +02:00
Michal Domonkos
b08bb75da3 Release bump for a rebuild
Related: #1938861
2021-07-12 17:29:02 +02:00
Michal Domonkos
3b3295a9de Add forgotten sqlite patch
Related: #1938861
2021-07-01 16:21:14 +02:00