diff --git a/backport-Check-file-iterator-for-being-NULL-consistently.patch b/backport-Check-file-iterator-for-being-NULL-consistently.patch new file mode 100644 index 0000000..403acda --- /dev/null +++ b/backport-Check-file-iterator-for-being-NULL-consistently.patch @@ -0,0 +1,61 @@ +From 470498bd5a51f8d98ae8e721beea58ef81c19a51 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Wed, 22 Sep 2021 16:10:53 +0200 +Subject: [PATCH] Check file iterator for being NULL consistently + +No point in allowing NULL only for one of the arguments. + +Thanks to ex0z3 (https://github.com/ex0z3) for reporting! + +Resolves: #1782 +--- + lib/rpmfi.c | 13 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/lib/rpmfi.c b/lib/rpmfi.c +index c6c9699f6..b67680c17 100644 +--- a/lib/rpmfi.c ++++ b/lib/rpmfi.c +@@ -735,7 +735,7 @@ uint32_t rpmfilesFLinks(rpmfiles fi, int ix, const int ** files) + + uint32_t rpmfiFLinks(rpmfi fi, const int ** files) + { +- return rpmfilesFLinks(fi->files, fi ? fi->i : -1, files); ++ return rpmfilesFLinks(fi ? fi->files : NULL, fi ? fi->i : -1, files); + } + + uint32_t rpmfilesFNlink(rpmfiles fi, int ix) +@@ -1862,17 +1862,17 @@ const char * rpmfiOFN(rpmfi fi) + + const unsigned char * rpmfiFDigest(rpmfi fi, int *algo, size_t *len) + { +- return rpmfilesFDigest(fi->files, fi ? fi->i : -1, algo, len); ++ return rpmfilesFDigest(fi ? fi->files : NULL, fi ? fi->i : -1, algo, len); + } + + const unsigned char * rpmfiFSignature(rpmfi fi, size_t *len) + { +- return rpmfilesFSignature(fi->files, fi ? fi->i : -1, len); ++ return rpmfilesFSignature(fi ? fi->files : NULL, fi ? fi->i : -1, len); + } + + uint32_t rpmfiFDepends(rpmfi fi, const uint32_t ** fddictp) + { +- return rpmfilesFDepends(fi->files, fi ? fi->i : -1, fddictp); ++ return rpmfilesFDepends(fi ? fi->files : NULL, fi ? fi->i : -1, fddictp); + } + + int rpmfiStat(rpmfi fi, int flags, struct stat *sb) +@@ -1983,7 +1983,8 @@ int rpmfiStat(rpmfi fi, int flags, struct stat *sb) + + int rpmfiCompare(const rpmfi afi, const rpmfi bfi) + { +- return rpmfilesCompare(afi->files, afi ? afi->i : -1, bfi->files, bfi ? bfi->i : -1); ++ return rpmfilesCompare(afi ? afi->files : NULL, afi ? afi->i : -1, ++ bfi ? bfi->files : NULL, bfi ? bfi->i : -1); + } + + rpmVerifyAttrs rpmfiVerify(rpmfi fi, rpmVerifyAttrs omitMask) +-- +2.27.0 + diff --git a/backport-Close-file-before-replacing-signed.patch b/backport-Close-file-before-replacing-signed.patch new file mode 100644 index 0000000..5a3a041 --- /dev/null +++ b/backport-Close-file-before-replacing-signed.patch @@ -0,0 +1,27 @@ +From 9b4c50dd67c337f2d3c927cdd01ae4433bb08b61 Mon Sep 17 00:00:00 2001 +From: Evgeniy Taishev +Date: Mon, 17 Jan 2022 22:07:13 +0300 +Subject: [PATCH] Close file before replacing signed + +--- + sign/rpmgensig.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index e88f9b748..b8c68cee9 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -695,6 +695,10 @@ static int rpmSign(const char *rpm, int deleting, int flags) + if (copyFile(&fd, rpm, &ofd, trpm) == 0) { + struct stat st; + ++ /* File must be closed before deletion due to different file locking in some file systems*/ ++ if (fd) (void) closeFile(&fd); ++ if (ofd) (void) closeFile(&ofd); ++ + /* Move final target into place, restore file permissions. */ + if (stat(rpm, &st) == 0 && unlink(rpm) == 0 && + rename(trpm, rpm) == 0 && chmod(rpm, st.st_mode) == 0) { +-- +2.27.0 + diff --git a/backport-Don-t-segfault-on-missing-priority-tag.patch b/backport-Don-t-segfault-on-missing-priority-tag.patch new file mode 100644 index 0000000..9572497 --- /dev/null +++ b/backport-Don-t-segfault-on-missing-priority-tag.patch @@ -0,0 +1,39 @@ +From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 20 Aug 2021 15:14:16 +0200 +Subject: [PATCH] Don't segfault on missing priority tag + +Resolves: #1636 +Related: #1638 +--- + lib/rpmtriggers.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c +index fc809a65e..d541974e8 100644 +--- a/lib/rpmtriggers.c ++++ b/lib/rpmtriggers.c +@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense, + if (matchFunc(ts, te, pfx, sense)) { + for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) { + struct rpmtd_s priorities; +- unsigned int priority; ++ unsigned int priority = 0; ++ unsigned int *priority_ptr; + unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i); + unsigned int tix = rpmdbIndexIteratorTagNum(ii, i); + +@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense, + trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset); + headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM); + rpmtdSetIndex(&priorities, tix); +- priority = *rpmtdGetUint32(&priorities); ++ priority_ptr = rpmtdGetUint32(&priorities); ++ if (priority_ptr) ++ priority = *priority_ptr; + headerFree(trigH); + + /* Store file trigger in array */ +-- +2.27.0 + diff --git a/backport-Ensure-database-creation-on-initial-installation.patch b/backport-Ensure-database-creation-on-initial-installation.patch new file mode 100644 index 0000000..fb9e511 --- /dev/null +++ b/backport-Ensure-database-creation-on-initial-installation.patch @@ -0,0 +1,47 @@ +From 86f593d5135b00a9dbf7dc6d5efc8b341002aa08 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 16 Apr 2021 14:06:00 +0300 +Subject: [PATCH] Ensure database creation on initial installation + +Disabling implicit database creation on read-only handles in commit +afbc2b07839c9ffe9f274f3a4bc2395c76d65472 broke number of handy +use-cases such as install to an empty chroot directory, both with +rpm itself and dnf/yum at least, probably others too. + +This minimally resurrects the desired part of the behavior: if people are +asking us to install something, creating a missing database is probably +okay to create without requiring an explicit --initdb action first. +It'll still spit some ugly errors from trying to load the keyring but +at least it'll work. The harmless errors we can try to deal with +separately later on. +--- + lib/depends.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/depends.c b/lib/depends.c +index 28a4a784d..ed5994290 100644 +--- a/lib/depends.c ++++ b/lib/depends.c +@@ -4,6 +4,8 @@ + + #include "system.h" + ++#include ++ + #include /* rpmVersionCompare, rpmlib provides */ + #include + #include +@@ -414,6 +416,10 @@ static int addPackage(rpmts ts, Header h, + if (isSource) + op = RPMTE_INSTALL; + ++ /* Ensure database creation on initial installs */ ++ if (!isSource && rpmtsGetDBMode(ts) == O_RDONLY) ++ rpmtsSetDBMode(ts, (O_RDWR|O_CREAT)); ++ + /* Do lazy (readonly?) open of rpm database for upgrades. */ + if (op != RPMTE_INSTALL && rpmtsGetRdb(ts) == NULL && rpmtsGetDBMode(ts) != -1) { + if ((ec = rpmtsOpenDB(ts, rpmtsGetDBMode(ts))) != 0) +-- +2.27.0 + diff --git a/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch b/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch new file mode 100644 index 0000000..8a60145 --- /dev/null +++ b/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch @@ -0,0 +1,25 @@ +From 989d7c593c7ab12e17ea8f486856bafac6a1ae37 Mon Sep 17 00:00:00 2001 +From: Peter Pentchev +Date: Sat, 27 Nov 2021 00:43:41 +0200 +Subject: [PATCH] Fix __cplusplus misspelled as _cplusplus. + +--- + sign/rpmsignfiles.h | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/sign/rpmsignfiles.h b/sign/rpmsignfiles.h +index 2ff623cdf..a21a00612 100644 +--- a/sign/rpmsignfiles.h ++++ b/sign/rpmsignfiles.h +@@ -19,7 +19,7 @@ extern "C" { + RPM_GNUC_INTERNAL + rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass); + +-#ifdef _cplusplus ++#ifdef __cplusplus + } + #endif + +-- +2.27.0 + diff --git a/backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch b/backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch new file mode 100644 index 0000000..7a5d277 --- /dev/null +++ b/backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch @@ -0,0 +1,26 @@ +From 5c5cd9f30b31f0255a484f7d2e3f9cfacc0ec3bf Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 15 Dec 2021 10:01:41 +0200 +Subject: [PATCH] Fix a memleak in ndb from opened but not closed dbis. + +Fixes: #1861 +--- + lib/backend/ndb/glue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c +index 7ba3056be..d528ebcea 100644 +--- a/lib/backend/ndb/glue.c ++++ b/lib/backend/ndb/glue.c +@@ -77,7 +77,7 @@ static int ndb_Close(dbiIndex dbi, unsigned int flags) + } + if (rdb->db_dbenv) + closeEnv(rdb); +- dbi->dbi_db = 0; ++ dbiFree(dbi); + return 0; + } + +-- +2.27.0 + diff --git a/backport-Fix-hash-context-leak.patch b/backport-Fix-hash-context-leak.patch new file mode 100644 index 0000000..944a192 --- /dev/null +++ b/backport-Fix-hash-context-leak.patch @@ -0,0 +1,34 @@ +From 6e9531430d70fe80b67782ed57f1526aec9ed711 Mon Sep 17 00:00:00 2001 +From: Justus Winter +Date: Thu, 28 Oct 2021 13:32:22 +0200 +Subject: [PATCH] Fix hash context leak + +The hash context is duplicated unconditionally, but there is an +execution path exiting the function without it being finalized. +--- + rpmio/rpmpgp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 861f6704c..1e4f66782 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1310,6 +1310,7 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) + } + + rpmDigestFinal(ctx, (void **)&hash, &hashlen, 0); ++ ctx = NULL; + + /* Compare leading 16 bits of digest for quick check. */ + if (hash == NULL || memcmp(hash, sig->signhash16, 2) != 0) +@@ -1333,6 +1334,7 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx) + + exit: + free(hash); ++ rpmDigestFinal(ctx, NULL, NULL, 0); + return res; + + } +-- +2.27.0 + diff --git a/backport-Fix-hashlen-overflow.patch b/backport-Fix-hashlen-overflow.patch new file mode 100644 index 0000000..cbe0713 --- /dev/null +++ b/backport-Fix-hashlen-overflow.patch @@ -0,0 +1,46 @@ +From 3f142b210ae0c01e1b21c2c057b12db574386e7a Mon Sep 17 00:00:00 2001 +From: Justus Winter +Date: Wed, 27 Oct 2021 09:51:13 +0200 +Subject: [PATCH] Fix hashlen overflow + +struct pgpDigParams_s keeps a copy of the verbatim key material for +hashing. The length of this data is kept in 'hashlen' which +previously was a uint8_t. However, the size of the signature's hashed +subpacket area can be up to 2^16 bytes, and one needs to hash some of +the signature packet's fields on top of that. + +Hence, 'hashlen' must be at least a uint32_t. + +This overflow happens in practice as soon as the signature's hashed +subpacket area contains an embedded signature. See section 11.1 of +RFC4880: + + Each Subkey packet MUST be followed by one Signature packet, which + should be a subkey binding signature issued by the top-level key. + For subkeys that can issue signatures, the subkey binding signature + MUST contain an Embedded Signature subpacket with a primary key + binding signature (0x19) issued by the subkey on the top-level key. + +While the embedded signature may be in the unhashed subpacket area +because it is self-authenticating, it is more robust to put it in the +hashed area. +--- + rpmio/digest.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/digest.h b/rpmio/digest.h +index 690d17619..3b72a2870 100644 +--- a/rpmio/digest.h ++++ b/rpmio/digest.h +@@ -33,7 +33,7 @@ struct pgpDigParams_s { + + uint8_t hash_algo; + uint8_t sigtype; +- uint8_t hashlen; ++ uint32_t hashlen; + uint8_t signhash16[2]; + pgpKeyID_t signid; + uint8_t saved; +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-in-pgpPrtParams.patch b/backport-Fix-memory-leak-in-pgpPrtParams.patch new file mode 100644 index 0000000..a633976 --- /dev/null +++ b/backport-Fix-memory-leak-in-pgpPrtParams.patch @@ -0,0 +1,38 @@ +From b6dffb6dc5ffa2ddc389743f0507876cab341315 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jan 2022 16:10:26 +0100 +Subject: [PATCH] Fix memory leak in pgpPrtParams() + +Make sure selfsig is freed in case we break out of the loop in this +block. + +Note that the tests added with the binding validation commit bd36c5d do +not cover this code path so valgrind won't show this. +--- + rpmio/rpmpgp.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 1e4f66782..35603286f 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1147,12 +1147,11 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + + if (selfsig) { + /* subkeys must be followed by binding signature */ +- if (prevtag == PGPTAG_PUBLIC_SUBKEY) { +- if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) +- break; +- } ++ int xx = 1; /* assume failure */ + +- int xx = pgpVerifySelf(digp, selfsig, all, i); ++ if (!(prevtag == PGPTAG_PUBLIC_SUBKEY && ++ selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)) ++ xx = pgpVerifySelf(digp, selfsig, all, i); + + selfsig = pgpDigParamsFree(selfsig); + if (xx) +-- +2.27.0 + diff --git a/backport-Fix-old-Python-ts.check-argument-order-regression.patch b/backport-Fix-old-Python-ts.check-argument-order-regression.patch new file mode 100644 index 0000000..ec99bb5 --- /dev/null +++ b/backport-Fix-old-Python-ts.check-argument-order-regression.patch @@ -0,0 +1,32 @@ +From f0c158cbc8a50a776b44de2c0fe744c451155a41 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 4 Jan 2022 15:57:10 +0200 +Subject: [PATCH] Fix old Python ts.check() argument order regression + +Commit fab2debfe440d677dbd072c3cd73d2c99876e7a5 managed to mess up the +order of the last two callback arguments, doh. + +Goes to show that nobody has missed this stuff in 12+ years, so it might +be more merciful to put this thing out of its misery... + +Fixes: #1871 +--- + python/rpm/transaction.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py +index 991fd9a91..ba39881f1 100644 +--- a/python/rpm/transaction.py ++++ b/python/rpm/transaction.py +@@ -159,7 +159,7 @@ class TransactionSet(TransactionSetCore): + needver = "" + + res.append(((n, v, r), +- (needname, needver), needflags, sense, p.key)) ++ (needname, needver), needflags, p.key, sense)) + + return res + +-- +2.27.0 + diff --git a/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch b/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch new file mode 100644 index 0000000..097592c --- /dev/null +++ b/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch @@ -0,0 +1,39 @@ +From 1c15d748d3536a21b6edbbf9254db76fefb4b275 Mon Sep 17 00:00:00 2001 +From: Dmitry Gerasimov +Date: Mon, 27 Dec 2021 12:27:57 +0300 +Subject: [PATCH] Fix possible NULL pointer dereference in rpmfcClassify + +Here is simplified overview of possible dereference: + + if (fc == NULL) { + rpmlog(RPMLOG_ERR, _("Empty file classifier\n")); + goto exit; + } + + // ... + + exit: + rpmstrPoolFreeze(fc->cdict, 0); + ~~~~~~~~~ + +This issue was found by Svace Static Analyzer. +--- + build/rpmfc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/rpmfc.c b/build/rpmfc.c +index eb51a3663..cf2c20316 100644 +--- a/build/rpmfc.c ++++ b/build/rpmfc.c +@@ -1168,7 +1168,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) + + if (fc == NULL) { + rpmlog(RPMLOG_ERR, _("Empty file classifier\n")); +- goto exit; ++ return RPMRC_FAIL; + } + + /* It is OK when we have no files to classify. */ +-- +2.27.0 + diff --git a/backport-Fix-rpmtsInitDB-argument-confusion.patch b/backport-Fix-rpmtsInitDB-argument-confusion.patch new file mode 100644 index 0000000..8e136ac --- /dev/null +++ b/backport-Fix-rpmtsInitDB-argument-confusion.patch @@ -0,0 +1,70 @@ +From 6e6be7d6ebd5e85c5c8ee7474b476c1038d07af8 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 2 Feb 2021 14:00:32 +0200 +Subject: [PATCH] Fix rpmtsInitDB() argument confusion + +Since it's introduction, rpmtsInitDB() has passed the second argument +directly to rpmdbInit() as permission bits. However commit +81fef9848051e5068694cde9b3c2be743d5a93e1 incorrectly documented this +as being related to the db mode read/write *mode*, and also used it +that way in the python bindings. +--- + lib/rpmts.c | 4 ++-- + lib/rpmts.h | 5 ++--- + python/rpmts-py.c | 2 +- + 3 files changed, 5 insertions(+), 6 deletions(-) + +diff --git a/lib/rpmts.c b/lib/rpmts.c +index 8c8ae420a..8a6683f9a 100644 +--- a/lib/rpmts.c ++++ b/lib/rpmts.c +@@ -104,12 +104,12 @@ int rpmtsOpenDB(rpmts ts, int dbmode) + return rc; + } + +-int rpmtsInitDB(rpmts ts, int dbmode) ++int rpmtsInitDB(rpmts ts, int perms) + { + rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); + int rc = -1; + if (txn) +- rc = rpmdbInit(ts->rootDir, dbmode); ++ rc = rpmdbInit(ts->rootDir, perms); + rpmtxnEnd(txn); + return rc; + } +diff --git a/lib/rpmts.h b/lib/rpmts.h +index e04d9e5e2..eca179009 100644 +--- a/lib/rpmts.h ++++ b/lib/rpmts.h +@@ -272,12 +272,11 @@ int rpmtsOpenDB(rpmts ts, int dbmode); + + /** \ingroup rpmts + * Initialize the database used by the transaction. +- * @deprecated An explicit rpmdbInit() is almost never needed. + * @param ts transaction set +- * @param dbmode O_RDONLY or O_RDWR ++ * @param perms database permissions (ie mode bits) + * @return 0 on success + */ +-int rpmtsInitDB(rpmts ts, int dbmode); ++int rpmtsInitDB(rpmts ts, int perms); + + /** \ingroup rpmts + * Return the transaction database mode +diff --git a/python/rpmts-py.c b/python/rpmts-py.c +index 27caa0388..4aae43712 100644 +--- a/python/rpmts-py.c ++++ b/python/rpmts-py.c +@@ -347,7 +347,7 @@ rpmts_InitDB(rpmtsObject * s) + { + int rc; + +- rc = rpmtsInitDB(s->ts, O_RDONLY); ++ rc = rpmtsInitDB(s->ts, 0644); + if (rc == 0) + rc = rpmtsCloseDB(s->ts); + +-- +2.27.0 + diff --git a/backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch b/backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch new file mode 100644 index 0000000..0f717da --- /dev/null +++ b/backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch @@ -0,0 +1,35 @@ +From 3aa1abc4cabaa77bd9d3d05064466990d7e68a59 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 18 Nov 2021 11:53:17 +0200 +Subject: [PATCH] Fix some Lua stack leaks in our initialization code + +--- + rpmio/rpmlua.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c +index 8459cd874..6ad9119a5 100644 +--- a/rpmio/rpmlua.c ++++ b/rpmio/rpmlua.c +@@ -131,14 +131,18 @@ rpmlua rpmluaNew() + + for (lib = extlibs; lib->name; lib++) { + luaL_requiref(L, lib->name, lib->func, 1); ++ lua_pop(L, 1); + } + lua_pushcfunction(L, rpm_print); + lua_setglobal(L, "print"); + + lua_getglobal(L, "os"); + luaL_setfuncs(L, os_overrides, 0); ++ lua_pop(L, 1); ++ + lua_getglobal(L, "posix"); + luaL_setfuncs(L, posix_overrides, 0); ++ lua_pop(L, 1); + + lua_getglobal(L, "package"); + lua_pushfstring(L, "%s/%s", rpmConfigDir(), "/lua/?.lua"); +-- +2.27.0 + diff --git a/backport-Fix-use-after-free-in-haveSignature.patch b/backport-Fix-use-after-free-in-haveSignature.patch new file mode 100644 index 0000000..af28643 --- /dev/null +++ b/backport-Fix-use-after-free-in-haveSignature.patch @@ -0,0 +1,33 @@ +From ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jan 2022 13:57:24 +0100 +Subject: [PATCH] Fix use-after-free in haveSignature() + +pgpPrtParams() may leave sig2 unchanged and if we're not in the very +first iteration of the while() loop, we could pass a freed pointer to +pgpDigParamsCmp(). Fix by setting it to NULL after freeing. + +Found by Coverity, after commit bd36c5d (subkey binding validation), +although note that the commit didn't introduce this bug; it just seems +to have been a false negative that got "fixed" by the changes in +pgpPrtParams() in that commit. +--- + sign/rpmgensig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index d8c84e937..e88f9b748 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -364,7 +364,7 @@ static int haveSignature(rpmtd sigtd, Header h) + pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2); + if (pgpDigParamsCmp(sig1, sig2) == 0) + rc = 1; +- pgpDigParamsFree(sig2); ++ sig2 = pgpDigParamsFree(sig2); + } + pgpDigParamsFree(sig1); + rpmtdFreeData(&oldtd); +-- +2.27.0 + diff --git a/backport-Honor-requested-file-permissions-when-creating-ndb-d.patch b/backport-Honor-requested-file-permissions-when-creating-ndb-d.patch new file mode 100644 index 0000000..f031b0e --- /dev/null +++ b/backport-Honor-requested-file-permissions-when-creating-ndb-d.patch @@ -0,0 +1,55 @@ +From 77062e68f8675a678a6d136b85fbe1dd2bdb75f1 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 2 Feb 2021 14:26:48 +0200 +Subject: [PATCH] Honor requested file permissions when creating ndb database + files + +Prior to this, ndb files were using hardcoded 0666 permissions whereas +rpm generally defaults to 0644. +--- + lib/backend/ndb/glue.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c +index a1599d8fa..96ab88679 100644 +--- a/lib/backend/ndb/glue.c ++++ b/lib/backend/ndb/glue.c +@@ -129,13 +129,13 @@ static int ndb_Open(rpmdb rdb, rpmDbiTagVal rpmtag, dbiIndex * dbip, int flags) + char *path = rstrscat(NULL, dbhome, "/", rdb->db_ops->path, NULL); + rpmlog(RPMLOG_DEBUG, "opening db index %s mode=0x%x\n", path, rdb->db_mode); + if ((rdb->db_flags & RPMDB_FLAG_SALVAGE) == 0) +- rc = rpmpkgOpen(&pkgdb, path, oflags, 0666); ++ rc = rpmpkgOpen(&pkgdb, path, oflags, rdb->db_perms); + else + rc = rpmpkgSalvage(&pkgdb, path); + if (rc && errno == ENOENT && (rdb->db_flags & RPMDB_FLAG_SALVAGE) == 0) { + oflags = O_RDWR|O_CREAT; + dbi->dbi_flags |= DBI_CREATED; +- rc = rpmpkgOpen(&pkgdb, path, oflags, 0666); ++ rc = rpmpkgOpen(&pkgdb, path, oflags, rdb->db_perms); + } + if (rc) { + perror("rpmpkgOpen"); +@@ -161,16 +161,16 @@ static int ndb_Open(rpmdb rdb, rpmDbiTagVal rpmtag, dbiIndex * dbip, int flags) + + /* Open indexes readwrite if possible */ + ioflags = O_RDWR; +- rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666); ++ rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms); + if (rc && (errno == EACCES || errno == EROFS)) { + /* If it is not asked for rw explicitly, try to open ro */ + if (!(oflags & O_RDWR)) { + ioflags = O_RDONLY; +- rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666); ++ rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms); + } + } else if (rc && errno == ENOENT) { + ioflags = O_CREAT|O_RDWR; +- rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, 0666); ++ rc = rpmxdbOpen(&ndbenv->xdb, rdb->db_pkgs->dbi_db, path, ioflags, rdb->db_perms); + created = 1; + } + if (rc) { +-- +2.27.0 + diff --git a/backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch b/backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch new file mode 100644 index 0000000..89b50f8 --- /dev/null +++ b/backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch @@ -0,0 +1,32 @@ +From 26bb41e1cb7f7836302b3555cff8f20f9fc19188 Mon Sep 17 00:00:00 2001 +From: licunlong1 +Date: Thu, 21 Oct 2021 21:29:25 +0800 +Subject: [PATCH] don not skip abnormal files + +This reverts 2d52726bd55f008ea23262c2a3a31ae689cd2af4, as when removing +the same file of different archs, if the file state is WRONGCOLOR, it +sets the action to `skip`. This will result in some elf files left over. + +--- + lib/transaction.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/lib/transaction.c b/lib/transaction.c +index e51cff2..57f7e4a 100644 +--- a/lib/transaction.c ++++ b/lib/transaction.c +@@ -673,10 +673,8 @@ assert(otherFi != NULL); + } + if (XFA_SKIPPING(rpmfsGetAction(fs, i))) + break; +- if (rpmfilesFState(fi, i) != RPMFILE_STATE_NORMAL) { +- rpmfsSetAction(fs, i, FA_SKIP); ++ if (rpmfilesFState(fi, i) != RPMFILE_STATE_NORMAL) + break; +- } + + /* Pre-existing modified config files need to be saved. */ + if (rpmfilesConfigConflict(fi, i)) { +-- +2.27.0 + diff --git a/backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch b/backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch new file mode 100644 index 0000000..1ce5437 --- /dev/null +++ b/backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch @@ -0,0 +1,39 @@ +From d41143cb5f6d88eb6e8bd999ad5ea2992bfb10f7 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 18 Nov 2021 13:38:20 +0200 +Subject: [PATCH] Simplify rpm_print(), fixing a Lua stack leak as a bonus + +Rather than laborously call tostring() in Lua, use the C-side equivalent +of luaL_tostring(). This was new as of Lua 5.2, which explains why the +original version from 2004 did things the hard way. + +Also fixes a stack leak from not popping "tostring" function after use. +--- + rpmio/rpmlua.c | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c +index 6ad9119a5..74023071a 100644 +--- a/rpmio/rpmlua.c ++++ b/rpmio/rpmlua.c +@@ -688,16 +688,9 @@ static int rpm_print (lua_State *L) + int n = lua_gettop(L); /* number of arguments */ + int i; + if (!lua) return 0; +- lua_getglobal(L, "tostring"); + for (i = 1; i <= n; i++) { +- const char *s; + size_t sl; +- lua_pushvalue(L, -1); /* function to be called */ +- lua_pushvalue(L, i); /* value to print */ +- lua_call(L, 1, 1); +- s = lua_tolstring(L, -1, &sl); /* get result */ +- if (s == NULL) +- return luaL_error(L, "`tostring' must return a string to `print'"); ++ const char *s = luaL_tolstring(L, i, &sl); + if (lua->printbuf) { + rpmluapb prbuf = lua->printbuf; + if (prbuf->used+sl+1 > prbuf->alloced) { +-- +2.27.0 + diff --git a/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch b/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch new file mode 100644 index 0000000..dbeaa27 --- /dev/null +++ b/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch @@ -0,0 +1,40 @@ +From ed07a187734addfa16be9ee922398e4ff9859f53 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Tue, 7 Dec 2021 08:08:37 +0100 +Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662) + +If a package contains a symlink in the buildroot which is declared as a +ghost or config file but is a regular file or directory on the system +where it's installed, a --setperms call will reset its permissions to +those of a symlink (777 on Linux), which almost certainly is not the +correct thing to do. + +To fix that, just skip files that were recorded as symlinks. + +This is a special case of a general issue in --setperms; since file +permission semantics may change depending on the file type, to stay on +the safe side, any (ghost or config) file whose type changes after +installation should probably be skipped. However, symlinks are the most +prominent case here, so let's just focus on that now and avoid adding +too much cleverness to a popt alias (this got us into trouble not too +long ago, see commits 38c2f6e and 0d83637). We may revisit this in the +eventual C implementation. +--- + rpmpopt.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmpopt.in b/rpmpopt.in +index 27d298651..d5a6b140b 100644 +--- a/rpmpopt.in ++++ b/rpmpopt.in +@@ -44,6 +44,7 @@ rpm alias --scripts --qf '\ + --POPTdesc=$"list install/erase scriptlets from package(s)" + + rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ ++ \[ -n %{FILELINKTOS:shescape} \] || \ + ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ + chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ + --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ +-- +2.27.0 + diff --git a/backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch b/backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch new file mode 100644 index 0000000..9ff4d54 --- /dev/null +++ b/backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch @@ -0,0 +1,57 @@ +From a34bf5bdf601d6d0ae5d28193090a29b9ef12600 Mon Sep 17 00:00:00 2001 +From: Michael Schroeder +Date: Mon, 22 Nov 2021 11:12:20 +0100 +Subject: [PATCH] Switch the floating point type in rpmhook from float to + double + +There's no real reason why it should be float. Plus, the test if +the number is an integer does not work for big integers that +do not fit into a float. +--- + rpmio/rpmhook.c | 2 +- + rpmio/rpmhook.h | 2 +- + rpmio/rpmlua.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/rpmio/rpmhook.c b/rpmio/rpmhook.c +index 9fe2a21f7..119798313 100644 +--- a/rpmio/rpmhook.c ++++ b/rpmio/rpmhook.c +@@ -187,7 +187,7 @@ static rpmhookArgs rpmhookArgsParse(const char *argt, va_list ap) + args->argv[i].i = va_arg(ap, int); + break; + case 'f': +- args->argv[i].f = (float)va_arg(ap, double); ++ args->argv[i].f = va_arg(ap, double); + break; + case 'p': + args->argv[i].p = va_arg(ap, void *); +diff --git a/rpmio/rpmhook.h b/rpmio/rpmhook.h +index 52f5634ca..842c12646 100644 +--- a/rpmio/rpmhook.h ++++ b/rpmio/rpmhook.h +@@ -4,7 +4,7 @@ + typedef union { + const char * s; + int i; +- float f; ++ double f; + void * p; + } rpmhookArgv; + +diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c +index fe2e51361..c5bdf4293 100644 +--- a/rpmio/rpmlua.c ++++ b/rpmio/rpmlua.c +@@ -873,7 +873,7 @@ static int rpm_call(lua_State *L) + args->argv[i].p = NULL; + break; + case LUA_TNUMBER: { +- float f = (float)lua_tonumber(L, i+1); ++ double f = (double)lua_tonumber(L, i+1); + if (f == (int)f) { + argt[i] = 'i'; + args->argv[i].i = (int)f; +-- +2.27.0 + diff --git a/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch b/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch new file mode 100644 index 0000000..45a6a31 --- /dev/null +++ b/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch @@ -0,0 +1,53 @@ +From fc8386be36a32f8462a0d16a2dd3e5e18f7fbc2d Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Mon, 12 Apr 2021 11:30:51 -0400 +Subject: [PATCH] rpmkeys: exit non-zero on I/O errors + +If writing to stdout or stderr fails, rpmkeys should exit with a +non-zero status code. +--- + rpmkeys.c | 4 ++++ + tests/rpmsigdig.at | 13 +++++++++++++ + 2 files changed, 17 insertions(+) + +diff --git a/rpmkeys.c b/rpmkeys.c +index 542601c87..2c304de20 100644 +--- a/rpmkeys.c ++++ b/rpmkeys.c +@@ -86,5 +86,9 @@ int main(int argc, char *argv[]) + exit: + rpmtsFree(ts); + rpmcliFini(optCon); ++ fflush(stderr); ++ fflush(stdout); ++ if (ferror(stdout) || ferror(stderr)) ++ return 255; /* I/O error */ + return ec; + } +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index c8b9f139e..429163e3d 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -24,6 +24,19 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i38 + []) + AT_CLEANUP + ++# ------------------------------ ++# Test rpmkeys write errors ++AT_SETUP([[rpmkeys -K no space left on stdout]]) ++AT_KEYWORDS([rpmkeys digest]) ++AT_CHECK([ ++RPMDB_INIT[ ++ ++runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm >/dev/full ++]],255,,[[Error writing to log: No space left on device ++]]) ++AT_CLEANUP ++ ++ + # ------------------------------ + # Test corrupted package verification (corrupted signature) + AT_SETUP([rpmkeys -Kv 1]) +-- +2.27.0 + diff --git a/backport-treat-0-as-valid-file-descriptor.patch b/backport-treat-0-as-valid-file-descriptor.patch new file mode 100644 index 0000000..8509087 --- /dev/null +++ b/backport-treat-0-as-valid-file-descriptor.patch @@ -0,0 +1,27 @@ +From be64821b908fdb1ff3c12530430d1cf046839e60 Mon Sep 17 00:00:00 2001 +From: licunlong +Date: Thu, 20 Jan 2022 19:59:44 +0800 +Subject: [PATCH] treat 0 as valid file descriptor The descriptor is openned in + rpmpkgOpen, and we treat 0 as valid file descriptor. Here we should do the + same or fail earlier. + +--- + lib/backend/ndb/rpmpkg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/backend/ndb/rpmpkg.c b/lib/backend/ndb/rpmpkg.c +index 64d049350..0a041e4c0 100644 +--- a/lib/backend/ndb/rpmpkg.c ++++ b/lib/backend/ndb/rpmpkg.c +@@ -734,7 +734,7 @@ static int rpmpkgAddSlotPage(rpmpkgdb pkgdb) + + static int rpmpkgGetLock(rpmpkgdb pkgdb, int type) + { +- if (!pkgdb->fd) ++ if (pkgdb->fd < 0) + return RPMRC_FAIL; + if (flock(pkgdb->fd, type)) + return RPMRC_FAIL; +-- +2.27.0 + diff --git a/rpm.spec b/rpm.spec index 7bc2b21..5b2ad65 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.15.1 -Release: 38 +Release: 39 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -107,36 +107,60 @@ Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch Patch94: backport-Fix-memory-leak-in-decodePkts.patch Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch -Patch96: fix-lsetxattr-error-in-container.patch -Patch97: backport-Reduce-undefined-pointer-arithmetic.patch -Patch98: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch -Patch99: backport-0001-CVE-2021-3521.patch -Patch100: backport-0002-CVE-2021-3521.patch -Patch101: backport-0003-CVE-2021-3521.patch +Patch96: backport-Ensure-database-creation-on-initial-installation.patch +Patch97: backport-Honor-requested-file-permissions-when-creating-ndb-d.patch +Patch98: backport-Fix-rpmtsInitDB-argument-confusion.patch +Patch99: backport-Don-t-segfault-on-missing-priority-tag.patch +Patch100: backport-Check-file-iterator-for-being-NULL-consistently.patch -Patch102: rpm-selinux-plugin-check-context-file-exist.patch -Patch103: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch +Patch101: fix-lsetxattr-error-in-container.patch +Patch102: backport-Reduce-undefined-pointer-arithmetic.patch +Patch103: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch +Patch104: backport-0001-CVE-2021-3521.patch +Patch105: backport-0002-CVE-2021-3521.patch +Patch106: backport-0003-CVE-2021-3521.patch -Patch104: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch -Patch105: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch -Patch106: backport-Refactor-file-install-and-remove-around-a-common-str.patch -Patch107: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch -Patch108: backport-Drop-unused-filename-variable.patch -Patch109: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch -Patch110: backport-Handle-file-install-failures-more-gracefully.patch -Patch111: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch -Patch112: backport-Make-file-open-and-close-in-fsm-debuggable.patch -Patch113: backport-Streamline-consolidate-the-hardlink-handling-logic.patch -Patch114: backport-Add-diagnostics-to-archive-unpacking.patch -Patch115: backport-Add-optional-callback-on-directory-changes-during-rp.patch -Patch116: backport-0001-CVE-2021-35939-CVE-2021-35937.patch -Patch117: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch -Patch118: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch -Patch119: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch -Patch120: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch -Patch121: backport-Move-file-metadata-setting-back-to-unpack-stage.patch -Patch122: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch -Patch123: backport-0001-CVE-2021-35938.patch +Patch107: backport-Revert-Explicitly-skip-non-installed-files-on-erasur.patch +Patch108: backport-Fix-hash-context-leak.patch +Patch109: backport-Fix-hashlen-overflow.patch +Patch110: backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch +Patch111: backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch +Patch112: backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch + +Patch113: rpm-selinux-plugin-check-context-file-exist.patch +Patch114: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch + +Patch115: backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch +Patch116: backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch +Patch117: backport-Fix-old-Python-ts.check-argument-order-regression.patch +Patch118: backport-Fix-memory-leak-in-pgpPrtParams.patch +Patch119: backport-Fix-use-after-free-in-haveSignature.patch +Patch120: backport-Close-file-before-replacing-signed.patch +Patch121: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch +Patch122: backport-treat-0-as-valid-file-descriptor.patch +Patch123: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch +Patch124: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch + +Patch125: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch +Patch126: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch +Patch127: backport-Refactor-file-install-and-remove-around-a-common-str.patch +Patch128: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch +Patch129: backport-Drop-unused-filename-variable.patch +Patch130: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch +Patch131: backport-Handle-file-install-failures-more-gracefully.patch +Patch132: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch +Patch133: backport-Make-file-open-and-close-in-fsm-debuggable.patch +Patch134: backport-Streamline-consolidate-the-hardlink-handling-logic.patch +Patch135: backport-Add-diagnostics-to-archive-unpacking.patch +Patch136: backport-Add-optional-callback-on-directory-changes-during-rp.patch +Patch137: backport-0001-CVE-2021-35939-CVE-2021-35937.patch +Patch138: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch +Patch139: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch +Patch140: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch +Patch141: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch +Patch142: backport-Move-file-metadata-setting-back-to-unpack-stage.patch +Patch143: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch +Patch144: backport-0001-CVE-2021-35938.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -420,6 +444,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Fri Nov 04 2022 renhongxun - 4.15.1-39 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync patches from upstream + * Wed Nov 02 2022 renhongxun - 4.15.1-38 - Type:bugfix - ID:NA