sync patches from upstream

2022-11-17 10:30:06 +08:00 · 2022-11-17 10:30:06 +08:00 · 68fbb1d6ba
commit 68fbb1d6ba
parent f73979656e
3 changed files with 118 additions and 1 deletions
--- a/backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch
+++ b/backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch
@ -0,0 +1,45 @@
+From af08077fb4c60dee516948ce7bf9bed91de62119 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 13 Sep 2022 10:26:05 +0300
+Subject: [PATCH] Fix possible descriptor leak in fsmOpenat()
+
+For the very unlikely case when openat() succeeded but fstatat()
+doesn't, the directory descriptor may be leaved opened. Rearrange
+the code a bit to ensure it'll always get closed when appropriate.
+
+Suggested-by: Pavel Kopylov <pkopylov@cloudlinux.com>
+Suggested-by: Dmitry Antipov <dantipov@cloudlinux.com>
+---
+ lib/fsm.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index 18fe0c04c..129054067 100644
+--- a/lib/fsm.c
+++ b/lib/fsm.c
+@@ -313,14 +313,16 @@ static int fsmOpenat(int dirfd, const char *path, int flags)
+      */
+     if (fd < 0 && errno == ELOOP && flags != sflags) {
+ 	int ffd = openat(dirfd, path, flags);
+-	if (ffd >= 0 && fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
+-	    if (fstat(ffd, &sb) == 0) {
+-		if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) {
+-		    fd = ffd;
+-		} else {
+-		    close(ffd);
+	if (ffd >= 0) {
+	    if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
+		if (fstat(ffd, &sb) == 0) {
+		    if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) {
+			fd = ffd;
+		    }
+ 		}
+ 	    }
+	    if (ffd != fd)
+		close(ffd);
+ 	}
+     }
+     return fd;
+-- 
+2.27.0
+
--- a/backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch
+++ b/backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch
@ -0,0 +1,64 @@
+From dc9e8169790eba18130fb96c13f56ecba6c9b346 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 6 Sep 2022 09:28:10 +0300
+Subject: [PATCH] Make pgpPubkeyFingerprint() do something meaningful again
+
+Commit 4bbeec134aab33e24f960be28a7b2198359c1f67 "fixed" an old
+terminology confusion about keyid vs fingerprint, but in the process
+broke pgpPubkeyFingerprint() for any external callers, as it now only
+feeds on decoded packets whereas before it did the decoding by itself.
+Add the decoding step back to the public function to make it usable outside
+rpmpgp_internal.c again, retrieving a fingerprint seems like an useful
+(public) API to have.
+
+This is kind of a regression fix in that prior to commit
+4bbeec134aab33e24f960be28a7b2198359c1f67 pgpPubkeyFingerprint() returned
+meaningful data to the outside caller and afterwards it didn't, however
+that commit broke the API anyhow so it's kinda complicated.
+Maybe we should just call it a bugfix and be done with it.
+
+Related to #1549
+---
+ rpmio/rpmpgp.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index d4dd4b89d..8d0d76869 100644
+--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
+@@ -650,7 +650,7 @@ static int pgpPrtUserID(pgpTag tag, const uint8_t *h, size_t hlen,
+     return 0;
+ }
+ 
+-int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen,
+static int getPubkeyFingerprint(const uint8_t *h, size_t hlen,
+ 			  uint8_t **fp, size_t *fplen)
+ {
+     int rc = -1; /* assume failure */
+@@ -717,11 +717,22 @@ int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen,
+     return rc;
+ }
+ 
+int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen,
+                         uint8_t **fp, size_t *fplen)
+{
+    struct pgpPkt p;
+
+    if (decodePkt(pkt, pktlen, &p))
+	return -1;
+
+    return getPubkeyFingerprint(p.body, p.blen, fp, fplen);
+}
+
+ static int getKeyID(const uint8_t *h, size_t hlen, pgpKeyID_t keyid)
+ {
+     uint8_t *fp = NULL;
+     size_t fplen = 0;
+-    int rc = pgpPubkeyFingerprint(h, hlen, &fp, &fplen);
+    int rc = getPubkeyFingerprint(h, hlen, &fp, &fplen);
+     if (fp && fplen > 8) {
+ 	memcpy(keyid, (fp + (fplen-8)), 8);
+ 	free(fp);
+-- 
+2.27.0
+
--- a/rpm.spec
+++ b/rpm.spec
@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.15.1
-Release:       42
+Release:       43
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@ -184,6 +184,8 @@ Patch164: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch
 Patch165: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch
 Patch166: backport-Unblock-signals-in-forked-scriptlets.patch
 Patch167: backport-Fix-regression-on-ctrl-c-during-transaction-killing-.patch
+Patch168: backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch
+Patch169: backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch

 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@ -467,6 +469,12 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*

 %changelog
+* Thu Nov 17 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-43
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync patches from upstream
+
 * Tue Nov 15 2022 renhongxun<renhongxun@h-partners.com> - 4.15.1-42
 - Type:bugfix
 - ID:NA