diff --git a/backport-Allow-database-probing-if-_db_backend-is-not-set.patch b/backport-Allow-database-probing-if-_db_backend-is-not-set.patch new file mode 100644 index 0000000..558b645 --- /dev/null +++ b/backport-Allow-database-probing-if-_db_backend-is-not-set.patch @@ -0,0 +1,75 @@ +From 0644e4e79c841b03d606fc8bb035ec311f4bfb17 Mon Sep 17 00:00:00 2001 +From: Michael Schroeder +Date: Tue, 1 Dec 2020 13:42:45 +0100 +Subject: [PATCH] Allow database probing if _db_backend is not set + +There is no harm in allowing read access in this case. We still +error out in the database rebuild case, just to be on the safe +side. We now have the following logic: + +_db_backend unset: + * error out for rebuilddb or read-write access + * use detected backend and print a debug message +_db_backend unknown: + * error out for rebuilddb or read-write access + * use detected backend and print a warning message +_db_backend set: + * use detected backend and print a warning message if it + does not match the configured backend +--- + lib/backend/dbi.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index 8fbe5f374..809d013bf 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -5,6 +5,7 @@ + #include "system.h" + + #include ++#include + #include + #include + #include +@@ -77,7 +78,7 @@ dbDetectBackend(rpmdb rdb) + } + } + +- if (!cfg) { ++ if (!cfg && ((rdb->db_mode & O_ACCMODE) != O_RDONLY || (rdb->db_flags & RPMDB_FLAG_REBUILD) != 0)) { + rpmlog(RPMLOG_WARNING, _("invalid %%_db_backend: %s\n"), db_backend); + goto exit; + } +@@ -93,15 +94,20 @@ dbDetectBackend(rpmdb rdb) + + /* On-disk database differs from configuration */ + if (ondisk && ondisk != cfg) { +- if (rdb->db_flags & RPMDB_FLAG_REBUILD) { +- rpmlog(RPMLOG_WARNING, +- _("Converting database from %s to %s backend\n"), +- ondisk->name, cfg->name); ++ if (*db_backend) { ++ if (rdb->db_flags & RPMDB_FLAG_REBUILD) { ++ rpmlog(RPMLOG_WARNING, ++ _("Converting database from %s to %s backend\n"), ++ ondisk->name, db_backend); ++ } else { ++ rpmlog(RPMLOG_WARNING, ++ _("Found %s %s database while attempting %s backend: " ++ "using %s backend.\n"), ++ ondisk->name, ondisk->path, db_backend, ondisk->name); ++ } + } else { +- rpmlog(RPMLOG_WARNING, +- _("Found %s %s database while attempting %s backend: " +- "using %s backend.\n"), +- ondisk->name, ondisk->path, db_backend, ondisk->name); ++ rpmlog(RPMLOG_DEBUG, "Found %s %s database: using %s backend.\n", ++ ondisk->name, ondisk->path, ondisk->name); + } + rdb->db_ops = ondisk; + } +-- +2.27.0 + diff --git a/backport-Always-free-the-arg-list-passed-to-rpmGlob.patch b/backport-Always-free-the-arg-list-passed-to-rpmGlob.patch new file mode 100644 index 0000000..b225140 --- /dev/null +++ b/backport-Always-free-the-arg-list-passed-to-rpmGlob.patch @@ -0,0 +1,31 @@ +From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 25 Jun 2021 11:21:46 +0200 +Subject: [PATCH] Always free the arg list passed to rpmGlob() + +Even though the actual implementation of rpmGlob() does not allocate the +passed arg list (av) if the return code (rc) is non-zero or arg count +(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to +free that memory, so make sure we do that irrespectively of the above +conditions. + +Found by Coverity. +--- + lib/rpminstall.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/rpminstall.c b/lib/rpminstall.c +index 724126e94..302ec0ba1 100644 +--- a/lib/rpminstall.c ++++ b/lib/rpminstall.c +@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv) + rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp); + } + eiu->numFailed++; ++ argvFree(av); + continue; + } + +-- +2.27.0 + diff --git a/backport-Avoid-incrementing-a-pointer-past-the-end.patch b/backport-Avoid-incrementing-a-pointer-past-the-end.patch new file mode 100644 index 0000000..4ae42d9 --- /dev/null +++ b/backport-Avoid-incrementing-a-pointer-past-the-end.patch @@ -0,0 +1,35 @@ +From 165330b7bf0757e30fa8a6de9998a564fb62796f Mon Sep 17 00:00:00 2001 +From: "Demi M. Obenour" +Date: Tue, 29 Dec 2020 22:59:36 -0500 +Subject: [PATCH] Avoid incrementing a pointer past the end +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The ‘end’ parameter to ‘strtaglen’ might point past the end of an +allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop +without calling ‘memchr’ on it. +--- + lib/header.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index c0a989691..98eda4138 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -412,10 +412,8 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end) + const char *s; + + if (end) { +- if (str >= end) +- return -1; +- while ((s = memchr(start, '\0', end-start))) { +- if (--c == 0 || s > end) ++ while (end > start && (s = memchr(start, '\0', end-start))) { ++ if (--c == 0) + break; + start = s + 1; + } +-- +2.27.0 + diff --git a/backport-Better-sanity-check-for-header-entry-counts.patch b/backport-Better-sanity-check-for-header-entry-counts.patch new file mode 100644 index 0000000..496d84e --- /dev/null +++ b/backport-Better-sanity-check-for-header-entry-counts.patch @@ -0,0 +1,44 @@ +From d8fbddfa5051bdc1c71e16cb11f14d9fdc7f5c5e Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 18 Mar 2021 10:39:38 +0200 +Subject: [PATCH] Better sanity check for header entry counts + +The count can never be larger than header data size, which can never be +larger than 256MB. Most datatypes have further restrictions of course, this +is merely an outer perimeter check to catch impossibly large values that +could otherwise overflow all manner of trivial calculations. + +Addresses the point I missed in PR #1493 but with a much tighter limit. +--- + lib/header.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index ebba9c2b0..34d291e91 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -131,10 +131,9 @@ static const size_t headerMaxbytes = (256*1024*1024); + + /** + * Reasonableness check on count values. +- * Catches nasty stuff like negative or zero counts, which would cause +- * integer underflows in strtaglen(). ++ * Most types have further restrictions, these are just the outer perimeter. + */ +-#define hdrchkCount(_count) ((_count) == 0) ++#define hdrchkCount(_dl, _count) ((_count) < 1 || (_count) > (_dl)) + + /** + * Sanity check on type values. +@@ -287,7 +286,7 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg) + goto err; + if (hdrchkType(info.type)) + goto err; +- if (hdrchkCount(info.count)) ++ if (hdrchkCount(blob->dl, info.count)) + goto err; + if (hdrchkAlign(info.type, info.offset)) + goto err; +-- +2.27.0 + diff --git a/backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch b/backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch new file mode 100644 index 0000000..91f3c4b --- /dev/null +++ b/backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch @@ -0,0 +1,40 @@ +From ca72e2b923fe16ac23172edb8d5459c917a9b727 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 21 Oct 2019 15:14:32 +0300 +Subject: [PATCH] Document dummy backend in macros, warn on dummy fallback + +As the dummy backend supports no operations whatsoever, using it as +a fallback if all else fails needs to emit a warning, not debug goo. +--- + lib/backend/dbi.c | 2 +- + macros.in | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index a4a40a846..c7c33c7c6 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -84,7 +84,7 @@ dbDetectBackend(rpmdb rdb) + + if (rdb->db_ops == NULL) { + rdb->db_ops = &dummydb_dbops; +- rpmlog(RPMLOG_DEBUG, "using dummy database, installs not possible\n"); ++ rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n"); + } + + if (db_backend) +diff --git a/macros.in b/macros.in +index ff9270ac8..4f7efb2ae 100644 +--- a/macros.in ++++ b/macros.in +@@ -622,6 +622,7 @@ package or when debugging this package.\ + # bdb Berkeley DB + # lmdb Lightning Memory-mapped Database + # ndb new data base format ++# dummy dummy backend (no actual functionality) + # + %_db_backend bdb + +-- +2.27.0 + diff --git a/backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch b/backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch new file mode 100644 index 0000000..b7db955 --- /dev/null +++ b/backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch @@ -0,0 +1,27 @@ +From 822c3dc2046c29718e34ac2da16a9757a9be11da Mon Sep 17 00:00:00 2001 +From: Peter Pentchev +Date: Wed, 30 Jun 2021 10:24:50 +0300 +Subject: [PATCH] Exclude the xlateTags symbol from librpm's public API. + +The d6a86b5e69e46cc283b1e06c92343319beb42e21 commit introduced +a new variable that is only used internally by headerMergeLegacySigs(). +--- + lib/package.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/package.c b/lib/package.c +index 4b6b16497..281275029 100644 +--- a/lib/package.c ++++ b/lib/package.c +@@ -31,7 +31,7 @@ struct pkgdata_s { + rpmRC rc; + }; + +-struct taglate_s { ++static struct taglate_s { + rpmTagVal stag; + rpmTagVal xtag; + rpm_count_t count; +-- +2.27.0 + diff --git a/backport-Fix-a-tiny-memory-leak.patch b/backport-Fix-a-tiny-memory-leak.patch new file mode 100644 index 0000000..336bce0 --- /dev/null +++ b/backport-Fix-a-tiny-memory-leak.patch @@ -0,0 +1,29 @@ +From 9747a6af016a3458d54fe060777c95e3900b5fa4 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Tue, 2 Mar 2021 12:47:29 -0500 +Subject: [PATCH] Fix a tiny memory leak + +Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN. +--- + lib/headerutil.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/headerutil.c b/lib/headerutil.c +index 22e36c74d..fab210ff2 100644 +--- a/lib/headerutil.c ++++ b/lib/headerutil.c +@@ -333,8 +333,10 @@ static void providePackageNVR(Header h) + rpmds hds, nvrds; + + /* Generate provides for this package name-version-release. */ +- if (!(name && pEVR)) ++ if (!(name && pEVR)) { ++ free(pEVR); + return; ++ } + + /* + * Rpm prior to 3.0.3 does not have versioned provides. +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-in-decodePkts.patch b/backport-Fix-memory-leak-in-decodePkts.patch new file mode 100644 index 0000000..23b6fdf --- /dev/null +++ b/backport-Fix-memory-leak-in-decodePkts.patch @@ -0,0 +1,32 @@ +From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Tue, 15 Jun 2021 13:34:21 +0200 +Subject: [PATCH] Fix memory leak in decodePkts() + +Found by Coverity. +--- + rpmio/rpmpgp.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index c59185dce..ee5c81e24 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) + crc = pgpCRC(dec, declen); + if (crcpkt != crc) { + ec = PGPARMOR_ERR_CRC_CHECK; ++ _free(dec); + goto exit; + } +- if (pkt) *pkt = dec; ++ if (pkt) ++ *pkt = dec; ++ else ++ _free(dec); + if (pktlen) *pktlen = declen; + ec = PGPARMOR_PUBKEY; /* XXX ASCII Pubkeys only, please. */ + goto exit; +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-in-fts_build.patch b/backport-Fix-memory-leak-in-fts_build.patch new file mode 100644 index 0000000..5ab4b2f --- /dev/null +++ b/backport-Fix-memory-leak-in-fts_build.patch @@ -0,0 +1,40 @@ +From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 14 Jun 2021 12:34:23 +0200 +Subject: [PATCH] Fix memory leak in fts_build() + +Turns out this leak is already fixed in glibc's current version of fts.c +(where our copy originates from), so let's just backport that. + +Original commit in glibc: +https://sourceware.org/git/?p=glibc.git;\ +a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65 + +Found by Coverity. +--- + misc/fts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/misc/fts.c b/misc/fts.c +index caf27495d..f7fce0eaa 100644 +--- a/misc/fts.c ++++ b/misc/fts.c +@@ -855,6 +855,7 @@ mem1: saved_errno = errno; + fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) { + cur->fts_info = FTS_ERR; + SET(FTS_STOP); ++ fts_lfree(head); + return (NULL); + } + +@@ -862,6 +863,7 @@ mem1: saved_errno = errno; + if (!nitems) { + if (type == BREAD) + cur->fts_info = FTS_DP; ++ fts_lfree(head); + return (NULL); + } + +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch b/backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch new file mode 100644 index 0000000..28c04c1 --- /dev/null +++ b/backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch @@ -0,0 +1,34 @@ +From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 21 Jun 2021 17:51:14 +0200 +Subject: [PATCH] Fix memory leak with multiple %lang-s in one line + +We permit two equivalent forms of specifying a list of languages per +file: + + %lang(xx,yy,zz) /path/to/file + %lang(xx) %lang(yy) %lang(zz) /path/to/file + +The leak was when parsing the second form. + +Found by Coverity. +--- + build/files.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/build/files.c b/build/files.c +index f8153ad2b..0c8859f6c 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur) + + if (*pe == ',') pe++; /* skip , if present */ + } ++ ++ q = _free(q); + } + + rc = RPMRC_OK; +-- +2.27.0 + diff --git a/backport-Fix-memory-leaks-in-Lua-rex-extension.patch b/backport-Fix-memory-leaks-in-Lua-rex-extension.patch new file mode 100644 index 0000000..76537bc --- /dev/null +++ b/backport-Fix-memory-leaks-in-Lua-rex-extension.patch @@ -0,0 +1,53 @@ +From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 25 Jun 2021 15:15:08 +0200 +Subject: [PATCH] Fix memory leaks in Lua rex extension + +This covers the following usage: + +expr = rex.newPOSIX() +expr:match() # A leak occurred here +expr:gmatch(, ) # A leak occurred here + +Found by Coverity. +--- + luaext/lrexlib.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c +index 09c5a6454..0f29b6371 100644 +--- a/luaext/lrexlib.c ++++ b/luaext/lrexlib.c +@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match, + + static int rex_match(lua_State *L) + { ++ int rc = 0; + int res; + #ifdef REG_BASIC + size_t len; +@@ -109,9 +110,10 @@ static int rex_match(lua_State *L) + lua_pushstring(L, "n"); + lua_pushnumber(L, ncapt); + lua_rawset(L, -3); +- return 3; +- } else +- return 0; ++ rc = 3; ++ } ++ free(match); ++ return rc; + } + + static int rex_gmatch(lua_State *L) +@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L) + break; + } + lua_pushnumber(L, nmatch); ++ free(match); + return 1; + } + +-- +2.27.0 + diff --git a/backport-Fix-regression-causing-segfault-on-database-autodete.patch b/backport-Fix-regression-causing-segfault-on-database-autodete.patch new file mode 100644 index 0000000..0aed034 --- /dev/null +++ b/backport-Fix-regression-causing-segfault-on-database-autodete.patch @@ -0,0 +1,28 @@ +From 853c48ba6468ce1a516621a2fa6d1fc51e4f7410 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 2 Apr 2020 09:14:36 +0300 +Subject: [PATCH] Fix regression causing segfault on database autodetection + +If configuration points to non-existent backend, tryBackend() will +segfault on the first call. Duh. Regression introduced in commit +3eb0eed3806b41efdf86f0433d0b5d7d6c953561. +--- + lib/backend/dbi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index b51fc7ba3..94823b14c 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -52,7 +52,7 @@ dbiIndex dbiNew(rpmdb rdb, rpmDbiTagVal rpmtag) + static int tryBackend(const char *dbhome, const struct rpmdbOps_s *be) + { + int rc = 0; +- if (be->path) { ++ if (be && be->path) { + char *path = rstrscat(NULL, dbhome, "/", be->path, NULL); + rc = (access(path, F_OK) == 0); + free(path); +-- +2.27.0 + diff --git a/backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch b/backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch new file mode 100644 index 0000000..5c74744 --- /dev/null +++ b/backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch @@ -0,0 +1,45 @@ +From 34f28c1492240c0a02b0abb13af7f1870197e41d Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 18 Feb 2021 11:22:41 +0200 +Subject: [PATCH] Fix regression from commit + 165330b7bf0757e30fa8a6de9998a564fb62796f + +With the changed logic, the if-clause can fall through without ever +initializing s. The exit code condition is getting more complicated +now so move it to helper variable, assume failure for a safe default. + +Fixes: 165330b7bf0757e30fa8a6de9998a564fb62796f +--- + lib/header.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index bd5dc2918..ea39e679f 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -409,7 +409,8 @@ unsigned headerSizeof(Header h, int magicp) + static inline int strtaglen(const char *str, rpm_count_t c, const char *end) + { + const char *start = str; +- const char *s; ++ const char *s = NULL; ++ int len = -1; /* assume failure */ + + if (end) { + while (end > start && (s = memchr(start, '\0', end-start))) { +@@ -424,7 +425,11 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end) + start = s + 1; + } + } +- return (c > 0) ? -1 : (s - str + 1); ++ ++ if (s != NULL && c == 0) ++ len = s - str + 1; ++ ++ return len; + } + + /** +-- +2.27.0 + diff --git a/backport-Fix-resource-leak-in-Fts_children.patch b/backport-Fix-resource-leak-in-Fts_children.patch new file mode 100644 index 0000000..53fe763 --- /dev/null +++ b/backport-Fix-resource-leak-in-Fts_children.patch @@ -0,0 +1,33 @@ +From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 14 Jun 2021 10:21:25 +0200 +Subject: [PATCH] Fix resource leak in Fts_children() + +This function is not used anywhere within our codebase (and neither is +it part of the public API) so it's basically a no-op... Still, rather +than yanking it completely, let's just silence the Coverity error here. + +Found by Coverity. +--- + misc/fts.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/misc/fts.c b/misc/fts.c +index d3ebb2946..caf27495d 100644 +--- a/misc/fts.c ++++ b/misc/fts.c +@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr) + if ((fd = __open(".", O_RDONLY, 0)) < 0) + return (NULL); + sp->fts_child = fts_build(sp, instr); +- if (__fchdir(fd)) ++ if (__fchdir(fd)) { ++ (void)__close(fd); + return (NULL); ++ } + (void)__close(fd); + return (sp->fts_child); + } +-- +2.27.0 + diff --git a/backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch b/backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch new file mode 100644 index 0000000..d01a0f3 --- /dev/null +++ b/backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch @@ -0,0 +1,110 @@ +From bd796058197420dc9eec63ef701206f9ce408d3f Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 23 Oct 2019 12:44:47 +0300 +Subject: [PATCH] Handle setting db_descr centrally from the backend name + +Now that we can, set db_descr centrally on database open instead of +relying on backends to do it (and forget, or leak memory, as has been +the case). Also don't bother mallocing, the name of the backend is +quite enough. + +With backends knowing their own names we could probably eliminate db_descr +entirely but leaving that for another rainy day, it's possible there +are code paths that assume it being set to something. +--- + lib/backend/db3.c | 4 ---- + lib/backend/dbi.c | 2 ++ + lib/backend/dbi.h | 2 +- + lib/backend/lmdb.c | 4 ---- + lib/rpmdb.c | 5 ++--- + 5 files changed, 5 insertions(+), 12 deletions(-) + +diff --git a/lib/backend/db3.c b/lib/backend/db3.c +index ab2f11f61..ff0fe4305 100644 +--- a/lib/backend/db3.c ++++ b/lib/backend/db3.c +@@ -415,10 +415,6 @@ static int db_init(rpmdb rdb, const char * dbhome) + if (rdb->db_dbenv != NULL) { + rdb->db_opens++; + return 0; +- } else { +- /* On first call, set backend description to something... */ +- free(rdb->db_descr); +- rasprintf(&rdb->db_descr, "db%u", DB_VERSION_MAJOR); + } + + /* +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index 9e8d667..5443325 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -112,6 +112,8 @@ dbDetectBackend(rpmdb rdb) + rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n"); + } + ++ rdb->db_descr = rdb->db_ops->name; ++ + if (db_backend) + free(db_backend); + } +diff --git a/lib/backend/dbi.h b/lib/backend/dbi.h +index 3fc9345c9..b2b9717c4 100644 +--- a/lib/backend/dbi.h ++++ b/lib/backend/dbi.h +@@ -49,7 +49,7 @@ struct rpmdb_s { + int db_flags; + int db_mode; /*!< open mode */ + int db_perms; /*!< open permissions */ +- char * db_descr; /*!< db backend description (for error msgs) */ ++ const char * db_descr; /*!< db backend description (for error msgs) */ + struct dbChk_s * db_checked;/*!< headerCheck()'ed package instances */ + rpmdb db_next; + int db_opens; +diff --git a/lib/backend/lmdb.c b/lib/backend/lmdb.c +index 801f50e54..badd317c9 100644 +--- a/lib/backend/lmdb.c ++++ b/lib/backend/lmdb.c +@@ -137,10 +137,6 @@ static int db_init(rpmdb rdb, const char * dbhome) + if (rdb->db_dbenv != NULL) { + rdb->db_opens++; + return 0; +- } else { +- /* On first call, set backend description to something... */ +- free(rdb->db_descr); +- rdb->db_descr = xstrdup("lmdb"); + } + + MDB_dbi maxdbs = 32; +diff --git a/lib/rpmdb.c b/lib/rpmdb.c +index b97274e7b..9cd50e7d9 100644 +--- a/lib/rpmdb.c ++++ b/lib/rpmdb.c +@@ -408,7 +408,6 @@ int rpmdbClose(rpmdb db) + db->db_fullpath = _free(db->db_fullpath); + db->db_checked = dbChkFree(db->db_checked); + db->db_indexes = _free(db->db_indexes); +- db->db_descr = _free(db->db_descr); + + if (next) { + *prev = next->db_next; +@@ -473,7 +472,6 @@ static rpmdb newRpmdb(const char * root, const char * home, + db->db_tags = dbiTags; + db->db_ndbi = sizeof(dbiTags) / sizeof(rpmDbiTag); + db->db_indexes = xcalloc(db->db_ndbi, sizeof(*db->db_indexes)); +- db->db_descr = xstrdup("unknown db"); + db->nrefs = 0; + return rpmdbLink(db); + } +@@ -522,7 +522,8 @@ static int openDatabase(const char * prefix, + } + + rc = doOpen(db, justPkgs); +- ++ if (!db->db_descr) ++ db->db_descr = "unknown db"; + } + + if (rc || justCheck || dbp == NULL) +-- +2.27.0 + diff --git a/backport-Restore-some-compiler-sanity.patch b/backport-Restore-some-compiler-sanity.patch new file mode 100644 index 0000000..be7fef3 --- /dev/null +++ b/backport-Restore-some-compiler-sanity.patch @@ -0,0 +1,33 @@ +From 5ee567ebd600c1dec4a9ceb6161d877d891d8594 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 18 Mar 2021 13:02:16 +0200 +Subject: [PATCH] Restore (some) compiler sanity + +-fno-strict-overflow tells gcc and clang to handle signed integer and +(at least on gcc) pointer arithmetic wraparound using twos-complement +representation like deity intended. + +-fno-delete-null-pointer-checks tells gcc not to "optimize" away +programmer added safeguards. Really. + +Suggested by Demi Marie Obenour. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index fb9627d99..f2bbf2276 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -37,7 +37,7 @@ fi + AS=${AS-as} + AC_SUBST(AS) + if test "$GCC" = yes; then +- cflags_to_try="-fno-strict-aliasing -fstack-protector -Wempty-body" ++ cflags_to_try="-fno-strict-aliasing -fstack-protector -fno-strict-overflow -fno-delete-null-pointer-checks -Wempty-body" + AC_MSG_CHECKING([supported compiler flags]) + old_cflags=$CFLAGS + echo +-- +2.27.0 + diff --git a/backport-Rework-and-clarify-database-backend-detection-logic.patch b/backport-Rework-and-clarify-database-backend-detection-logic.patch new file mode 100644 index 0000000..09ae20f --- /dev/null +++ b/backport-Rework-and-clarify-database-backend-detection-logic.patch @@ -0,0 +1,109 @@ +From 3eb0eed3806b41efdf86f0433d0b5d7d6c953561 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 11 Mar 2020 15:12:23 +0200 +Subject: [PATCH] Rework and clarify database backend detection logic + +Try the configured backend first, and only if that fails try autodetection. +The former logic did not anticipate multiple backends handling same +files and gets mightily confused when both bdb and bdb-ro are enabled, +causing half the test-suite failing in "make check". + +Also emit a different message when database rebuild is in progress, +the old message is quite confusing in that case. + +Loosely based on a similar patch by Michael Schroeder. +--- + lib/backend/dbi.c | 61 +++++++++++++++++++++++++++++++++-------------- + 1 file changed, 43 insertions(+), 18 deletions(-) + +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index 784144088..ddd52bc10 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -51,40 +51,65 @@ dbiIndex dbiNew(rpmdb rdb, rpmDbiTagVal rpmtag) + return dbi; + } + ++/* Test whether there's a database for this backend, return true/false */ ++static int tryBackend(const char *dbhome, const struct rpmdbOps_s *be) ++{ ++ int rc = 0; ++ if (be->path) { ++ char *path = rstrscat(NULL, dbhome, "/", be->path, NULL); ++ rc = (access(path, F_OK) == 0); ++ free(path); ++ } ++ return rc; ++} ++ + static void + dbDetectBackend(rpmdb rdb) + { + const char *dbhome = rpmdbHome(rdb); + char *db_backend = rpmExpand("%{?_db_backend}", NULL); +- char *path = NULL; + const struct rpmdbOps_s **ops; ++ const struct rpmdbOps_s *cfg = NULL; ++ const struct rpmdbOps_s *ondisk = NULL; + ++ /* Find configured backend */ + for (ops = backends; ops && *ops; ops++) { + if (rstreq(db_backend, (*ops)->name)) { +- rdb->db_ops = *ops; ++ cfg = *ops; + break; + } + } + +- for (ops = backends; ops && *ops; ops++) { +- int stop = 0; +- if ((*ops)->path == NULL) +- continue; +- +- path = rstrscat(NULL, dbhome, "/", (*ops)->path, NULL); +- if (access(path, F_OK) == 0 && rdb->db_ops != *ops) { +- rpmlog(RPMLOG_WARNING, +- _("Found %s %s database while attempting %s backend: " +- "using %s backend.\n"), +- (*ops)->name, (*ops)->path, db_backend, (*ops)->name); +- rdb->db_ops = *ops; +- stop = 1; ++ /* If configured database doesn't exist, try autodetection */ ++ if (!tryBackend(dbhome, cfg)) { ++ for (ops = backends; ops && *ops; ops++) { ++ if (tryBackend(dbhome, *ops)) { ++ ondisk = *ops; ++ break; ++ } ++ } ++ ++ /* On-disk database differs from configuration */ ++ if (ondisk && ondisk != cfg) { ++ if (rdb->db_flags & RPMDB_FLAG_REBUILD) { ++ rpmlog(RPMLOG_WARNING, ++ _("Converting database from %s to %s backend\n"), ++ ondisk->name, cfg->name); ++ } else { ++ rpmlog(RPMLOG_WARNING, ++ _("Found %s %s database while attempting %s backend: " ++ "using %s backend.\n"), ++ ondisk->name, ondisk->path, db_backend, ondisk->name); ++ } ++ rdb->db_ops = ondisk; + } +- free(path); +- if (stop) +- break; + } + ++ /* Newly created database, use configured backend */ ++ if (rdb->db_ops == NULL && cfg) ++ rdb->db_ops = cfg; ++ ++ /* If all else fails... */ + if (rdb->db_ops == NULL) { + rdb->db_ops = &dummydb_dbops; + rpmlog(RPMLOG_WARNING, "using dummy database, installs not possible\n"); +-- +2.27.0 + diff --git a/backport-Tag-data-must-have-count-greater-than-zero.patch b/backport-Tag-data-must-have-count-greater-than-zero.patch new file mode 100644 index 0000000..4024bb0 --- /dev/null +++ b/backport-Tag-data-must-have-count-greater-than-zero.patch @@ -0,0 +1,41 @@ +From 5e40166380a450a36b302914be60fd004624f724 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Wed, 13 Jan 2021 15:54:17 -0500 +Subject: [PATCH] Tag data must have count greater than zero + +Zero counts are invalid, and they cause problems elsewhere. For +instance, strtaglen() will suffer an integer underflow. +--- + lib/header.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/lib/header.c b/lib/header.c +index fc52c3178..41c2da94f 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -128,6 +128,13 @@ static const size_t headerMaxbytes = (256*1024*1024); + **/ + #define hdrchkTag(_tag) ((_tag) < HEADER_I18NTABLE) + ++/** ++ * Reasonableness check on count values. ++ * Catches nasty stuff like negative or zero counts, which would cause ++ * integer underflows in strtaglen(). ++ */ ++#define hdrchkCount(_count) ((_count) == 0) ++ + /** + * Sanity check on type values. + */ +@@ -279,6 +286,8 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg) + goto err; + if (hdrchkType(info.type)) + goto err; ++ if (hdrchkCount(info.count)) ++ goto err; + if (hdrchkAlign(info.type, info.offset)) + goto err; + if (hdrchkRange(blob->dl, info.offset)) +-- +2.27.0 + diff --git a/backport-Verify-that-data-does-not-overlap-region-trailer.patch b/backport-Verify-that-data-does-not-overlap-region-trailer.patch new file mode 100644 index 0000000..3cd232d --- /dev/null +++ b/backport-Verify-that-data-does-not-overlap-region-trailer.patch @@ -0,0 +1,33 @@ +From f29c43728c492b1dbfe50136d33bf12f3704d8a0 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sat, 9 Jan 2021 23:42:56 -0500 +Subject: [PATCH] Verify that data does not overlap region trailer + +This is already checked for other header entries. +--- + lib/header.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/lib/header.c b/lib/header.c +index 0c450bea2..fc52c3178 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -292,6 +292,15 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg) + end = info.offset + len; + if (hdrchkRange(blob->dl, end) || len <= 0) + goto err; ++ if (blob->regionTag) { ++ /* ++ * Verify that the data does not overlap the region trailer. The ++ * region trailer is skipped by this loop, so the other checks ++ * don’t catch this case. ++ */ ++ if (end > blob->rdl - REGION_TAG_COUNT && info.offset < blob->rdl) ++ goto err; ++ } + } + return 0; /* Everything ok */ + +-- +2.27.0 + diff --git a/backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch b/backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch new file mode 100644 index 0000000..ee39ea8 --- /dev/null +++ b/backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch @@ -0,0 +1,47 @@ +From 471b7be4bd5cc7f245f9aa00c7784a7056e439b7 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 27 Aug 2020 10:43:37 +0300 +Subject: [PATCH] Warn and fall back to dummy database on unknown database + backend config + +The rpmdb is our most precious piece of data, don't make assumptions on +invalid configuration. Together with our crazy create-db-on-read behavior, +total database loss is just one 'rpmdb --rebuilddb' away in some scenarios +with the former behavior: access an sqlite/ndb database with older +version not supporting those, silently fallback to creating empty bdb, +and if db is now rebuilt, poof the data is gone. + +Detect and warn on unknown/invalid %_db_backend configuration and fall +back to using dummy backend where no damage can occur. Doesn't help with +the old versions out there, but lets at least be saner going forward. +--- + lib/backend/dbi.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/backend/dbi.c b/lib/backend/dbi.c +index 94823b14c..8fbe5f374 100644 +--- a/lib/backend/dbi.c ++++ b/lib/backend/dbi.c +@@ -77,6 +77,11 @@ dbDetectBackend(rpmdb rdb) + } + } + ++ if (!cfg) { ++ rpmlog(RPMLOG_WARNING, _("invalid %%_db_backend: %s\n"), db_backend); ++ goto exit; ++ } ++ + /* If configured database doesn't exist, try autodetection */ + if (!tryBackend(dbhome, cfg)) { + for (ops = backends; ops && *ops; ops++) { +@@ -106,6 +111,7 @@ dbDetectBackend(rpmdb rdb) + if (rdb->db_ops == NULL && cfg) + rdb->db_ops = cfg; + ++exit: + /* If all else fails... */ + if (rdb->db_ops == NULL) { + rdb->db_ops = &dummydb_dbops; +-- +2.27.0 + diff --git a/backport-Work-around-buggy-signature-region-preventing-resign.patch b/backport-Work-around-buggy-signature-region-preventing-resign.patch new file mode 100644 index 0000000..d4e2d33 --- /dev/null +++ b/backport-Work-around-buggy-signature-region-preventing-resign.patch @@ -0,0 +1,49 @@ +From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 13 Aug 2020 13:29:10 +0300 +Subject: [PATCH] Work around buggy signature region preventing resigning + (RhBug:1851508) + +Various proprietary packages in the wild have subtly malformed data +in the signature header, in particular wrt the immutable region size, +presumably from using some in-house/3rd party signing tools which do +not understand the immutable region business at all. This can prevent +resigning and signature deletion on such packages due to the more +thorough checking that rpmsign does. + +As the old wisdom goes, be liberal in what you accept... we can easily +work around the crud by just taking a fresh copy of the contents that +are legit as such (otherwise the package would be uninstallable). +--- + sign/rpmgensig.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index 80720f47b..3eecdb7fa 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -399,11 +399,19 @@ exit: + static void unloadImmutableRegion(Header *hdrp, rpmTagVal tag) + { + struct rpmtd_s td; ++ Header oh = NULL; + + if (headerGet(*hdrp, tag, &td, HEADERGET_DEFAULT)) { +- Header oh = headerCopyLoad(td.data); +- Header nh = headerCopy(oh); ++ oh = headerCopyLoad(td.data); + rpmtdFreeData(&td); ++ } else { ++ /* XXX should we warn if the immutable region is corrupt/missing? */ ++ oh = headerLink(*hdrp); ++ } ++ ++ if (oh) { ++ /* Perform a copy to eliminate crud from buggy signing tools etc */ ++ Header nh = headerCopy(oh); + headerFree(*hdrp); + *hdrp = headerLink(nh); + headerFree(nh); +-- +2.27.0 + diff --git a/backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch b/backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch new file mode 100644 index 0000000..7e44afc --- /dev/null +++ b/backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch @@ -0,0 +1,31 @@ +From 405fc8998181353bd510864ca251dc233afec276 Mon Sep 17 00:00:00 2001 +From: Vitaly Chikunov +Date: Wed, 6 Jan 2021 23:43:41 +0300 +Subject: [PATCH] rpmio: Fix lzopen_internal mode parsing when 'Tn' is used + +When there is number after "T" (suggested number of threads or "0" for +getncpus), lzopen_internal() mode parser would skip one byte, and when +it's at the end of the string it would then parse undesired garbage from +the memory, making intermittent compression failures. + +Fixes: 7740d1098 ("Add support for multithreaded xz compression") +Signed-off-by: Vitaly Chikunov +--- + rpmio/rpmio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c +index ed1e25140..9d32ec6d9 100644 +--- a/rpmio/rpmio.c ++++ b/rpmio/rpmio.c +@@ -798,6 +798,7 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz) + * should've processed + * */ + while (isdigit(*++mode)); ++ --mode; + } + #ifdef HAVE_LZMA_MT + else +-- +2.27.0 + diff --git a/rpm.spec b/rpm.spec index 0538e61..7bc2b21 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.15.1 -Release: 37 +Release: 38 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -84,35 +84,59 @@ Patch71: CVE-2021-20266.patch Patch72: backport-build-prioritize-large-packages.patch Patch73: backport-Fix-data-race-in-packageBinaries-function.patch -Patch74: fix-lsetxattr-error-in-container.patch -Patch75: backport-Reduce-undefined-pointer-arithmetic.patch -Patch76: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch -Patch77: backport-0001-CVE-2021-3521.patch -Patch78: backport-0002-CVE-2021-3521.patch -Patch79: backport-0003-CVE-2021-3521.patch -Patch80: rpm-selinux-plugin-check-context-file-exist.patch -Patch81: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch +Patch74: backport-Work-around-buggy-signature-region-preventing-resign.patch +Patch75: backport-Verify-that-data-does-not-overlap-region-trailer.patch +Patch76: backport-Tag-data-must-have-count-greater-than-zero.patch +Patch77: backport-rpmio-Fix-lzopen_internal-mode-parsing-when-Tn-is-us.patch +Patch78: backport-Avoid-incrementing-a-pointer-past-the-end.patch +Patch79: backport-Fix-a-tiny-memory-leak.patch +Patch80: backport-Restore-some-compiler-sanity.patch +Patch81: backport-Better-sanity-check-for-header-entry-counts.patch +Patch82: backport-Fix-regression-from-commit-165330b7bf0757e30fa8a6de9.patch +Patch83: backport-Document-dummy-backend-in-macros-warn-on-dummy-fallb.patch +Patch84: backport-Rework-and-clarify-database-backend-detection-logic.patch +Patch85: backport-Handle-setting-db_descr-centrally-from-the-backend-n.patch +Patch86: backport-Warn-and-fall-back-to-dummy-database-on-unknown-data.patch +Patch87: backport-Allow-database-probing-if-_db_backend-is-not-set.patch +Patch88: backport-Fix-regression-causing-segfault-on-database-autodete.patch +Patch89: backport-Exclude-the-xlateTags-symbol-from-librpm-s-public-AP.patch +Patch90: backport-Fix-memory-leak-in-fts_build.patch +Patch91: backport-Fix-resource-leak-in-Fts_children.patch +Patch92: backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch +Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch +Patch94: backport-Fix-memory-leak-in-decodePkts.patch +Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch -Patch82: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch -Patch83: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch -Patch84: backport-Refactor-file-install-and-remove-around-a-common-str.patch -Patch85: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch -Patch86: backport-Drop-unused-filename-variable.patch -Patch87: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch -Patch88: backport-Handle-file-install-failures-more-gracefully.patch -Patch89: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch -Patch90: backport-Make-file-open-and-close-in-fsm-debuggable.patch -Patch91: backport-Streamline-consolidate-the-hardlink-handling-logic.patch -Patch92: backport-Add-diagnostics-to-archive-unpacking.patch -Patch93: backport-Add-optional-callback-on-directory-changes-during-rp.patch -Patch94: backport-0001-CVE-2021-35939-CVE-2021-35937.patch -Patch95: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch -Patch96: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch -Patch97: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch -Patch98: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch -Patch99: backport-Move-file-metadata-setting-back-to-unpack-stage.patch -Patch100: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch -Patch101: backport-0001-CVE-2021-35938.patch +Patch96: fix-lsetxattr-error-in-container.patch +Patch97: backport-Reduce-undefined-pointer-arithmetic.patch +Patch98: backport-Do-not-allow-extra-packets-to-follow-a-signature.patch +Patch99: backport-0001-CVE-2021-3521.patch +Patch100: backport-0002-CVE-2021-3521.patch +Patch101: backport-0003-CVE-2021-3521.patch + +Patch102: rpm-selinux-plugin-check-context-file-exist.patch +Patch103: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch + +Patch104: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch +Patch105: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch +Patch106: backport-Refactor-file-install-and-remove-around-a-common-str.patch +Patch107: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch +Patch108: backport-Drop-unused-filename-variable.patch +Patch109: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch +Patch110: backport-Handle-file-install-failures-more-gracefully.patch +Patch111: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch +Patch112: backport-Make-file-open-and-close-in-fsm-debuggable.patch +Patch113: backport-Streamline-consolidate-the-hardlink-handling-logic.patch +Patch114: backport-Add-diagnostics-to-archive-unpacking.patch +Patch115: backport-Add-optional-callback-on-directory-changes-during-rp.patch +Patch116: backport-0001-CVE-2021-35939-CVE-2021-35937.patch +Patch117: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch +Patch118: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch +Patch119: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch +Patch120: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch +Patch121: backport-Move-file-metadata-setting-back-to-unpack-stage.patch +Patch122: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch +Patch123: backport-0001-CVE-2021-35938.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -396,6 +420,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Wed Nov 02 2022 renhongxun - 4.15.1-38 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync patches from upstream + * Wed Sep 7 2022 xujing - 4.15.1-37 - Type:CVE - ID:NA