diff --git a/backport-Fix-Header-leak-when-running-rpm2cpio.patch b/backport-Fix-Header-leak-when-running-rpm2cpio.patch new file mode 100644 index 0000000..395234f --- /dev/null +++ b/backport-Fix-Header-leak-when-running-rpm2cpio.patch @@ -0,0 +1,29 @@ +From cf27c6f4963dcf27302d0f4fa39d7787dd03f942 Mon Sep 17 00:00:00 2001 +From: xujing +Date: Fri, 25 Nov 2022 17:18:33 +0800 +Subject: [PATCH] Fix Header leak when running rpm2cpio + +Header "h" is alloced in rpmReadPackageFile but not freed when +running rpm2cpio. Fix it. Remove redundant whitespace between +the Fclose()'s too while at it for logical cleanup grouping. +--- + rpm2cpio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpm2cpio.c b/rpm2cpio.c +index fcc3b3079..940d6ce38 100644 +--- a/rpm2cpio.c ++++ b/rpm2cpio.c +@@ -96,8 +96,8 @@ int main(int argc, char *argv[]) + */ + rc = (ufdCopy(gzdi, fdo) >= payload_size) ? EXIT_SUCCESS : EXIT_FAILURE; + ++ headerFree(h); + Fclose(fdo); +- + Fclose(gzdi); /* XXX gzdi == fdi */ + + return rc; +-- +2.33.0 + diff --git a/backport-Fix-eiu-sourceURL-info-leak-in-rpmInstall.patch b/backport-Fix-eiu-sourceURL-info-leak-in-rpmInstall.patch new file mode 100644 index 0000000..bcddb75 --- /dev/null +++ b/backport-Fix-eiu-sourceURL-info-leak-in-rpmInstall.patch @@ -0,0 +1,31 @@ +From 084c64d5ea0e1a309d3b57dc95926eb1536d0a7a Mon Sep 17 00:00:00 2001 +From: xujing +Date: Thu, 24 Nov 2022 11:43:28 +0800 +Subject: [PATCH 1/3] Fix eiu->sourceURL info leak in rpmInstall() + +When installing source rpms, eiu->sourceURL info is leaked. +--- + lib/rpminstall.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/rpminstall.c b/lib/rpminstall.c +index 097599681..eb68deb4d 100644 +--- a/lib/rpminstall.c ++++ b/lib/rpminstall.c +@@ -672,8 +672,13 @@ exit: + eiu->pkgURL[i] = _free(eiu->pkgURL[i]); + } + } ++ if (eiu->sourceURL != NULL) { ++ for (i = 0; i < eiu->numSRPMS; i++) ++ eiu->sourceURL[i] = _free(eiu->sourceURL[i]); ++ } + eiu->pkgState = _free(eiu->pkgState); + eiu->pkgURL = _free(eiu->pkgURL); ++ eiu->sourceURL = _free(eiu->sourceURL); + eiu->argv = _free(eiu->argv); + rc = eiu->numFailed; + free(eiu); +-- +2.33.0 + diff --git a/backport-Fix-h-blob-leak-when-installing-source-rpms.patch b/backport-Fix-h-blob-leak-when-installing-source-rpms.patch new file mode 100644 index 0000000..a29f84e --- /dev/null +++ b/backport-Fix-h-blob-leak-when-installing-source-rpms.patch @@ -0,0 +1,28 @@ +From 86c1d9738de58eb8f8844c5345baeb578ace9485 Mon Sep 17 00:00:00 2001 +From: xujing +Date: Thu, 24 Nov 2022 17:33:53 +0800 +Subject: [PATCH 3/3] Fix h->blob leak when installing source rpms + +When installing source rpms, "ei" is malloced and is saved in +blob->ei by rpmReadPackageFile->rpmpkgRead->hdrblobRead, and then +blob->ei is saved in h->blob by rpmReadPackageFile->hdrblobImport, +which is leaked during installation. +--- + lib/header.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/header.c b/lib/header.c +index 31d2fca30..004102dd2 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -241,6 +241,7 @@ Header headerFree(Header h) + } + h->index = _free(h->index); + } ++ h->blob = _free(h->blob); + + h = _free(h); + return NULL; +-- +2.33.0 + diff --git a/backport-Fix-header-leak-in-rpmInstall.patch b/backport-Fix-header-leak-in-rpmInstall.patch new file mode 100644 index 0000000..67dc581 --- /dev/null +++ b/backport-Fix-header-leak-in-rpmInstall.patch @@ -0,0 +1,42 @@ +From 15a0c73f4698bc58fa2a633d46527c7813150f3a Mon Sep 17 00:00:00 2001 +From: xujing +Date: Thu, 24 Nov 2022 10:43:11 +0800 +Subject: [PATCH] Fix header leak in rpmInstall() + +When rpm installs a package, the header from tryReadHeader() +in rpmInstall() is leaked in some cases. +--- + lib/rpminstall.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/rpminstall.c b/lib/rpminstall.c +index 9167dbdde..097599681 100644 +--- a/lib/rpminstall.c ++++ b/lib/rpminstall.c +@@ -561,13 +561,14 @@ restart: + rc = tryReadManifest(eiu); + if (rc == RPMRC_OK) { + eiu->prevx++; ++ headerFree(h); + goto restart; + } + } + + if (headerIsSource(h)) { ++ headerFree(h); + if (ia->installInterfaceFlags & INSTALL_FRESHEN) { +- headerFree(h); + continue; + } + rpmlog(RPMLOG_DEBUG, "\tadded source package [%d]\n", +@@ -592,6 +593,7 @@ restart: + rpmlog(RPMLOG_ERR, _("package %s is not relocatable\n"), + headerGetString(h, RPMTAG_NAME)); + eiu->numFailed++; ++ headerFree(h); + goto exit; + } + } +-- +2.33.0 + diff --git a/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch b/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch new file mode 100644 index 0000000..af8b4b1 --- /dev/null +++ b/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch @@ -0,0 +1,63 @@ +From 8e6108a5964c7289f3db70f3d188293276416528 Mon Sep 17 00:00:00 2001 +From: Daniel Alley +Date: Thu, 8 Dec 2022 09:40:00 -0500 +Subject: [PATCH] Use unsigned integers more consistently in the handling of + tag data + +Not a functional change, it just makes the code more clear and +self-consistent. +--- + lib/header.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index 004102dd2..72fb3d4fe 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -568,7 +568,7 @@ static int regionSwab(indexEntry entry, int il, int dl, + } + } break; + case RPM_INT32_TYPE: +- { int32_t * it = ie.data; ++ { uint32_t * it = ie.data; + for (; ie.info.count > 0; ie.info.count--, it += 1) { + if (dataEnd && ((unsigned char *)it) >= dataEnd) + return -1; +@@ -576,7 +576,7 @@ static int regionSwab(indexEntry entry, int il, int dl, + } + } break; + case RPM_INT16_TYPE: +- { int16_t * it = ie.data; ++ { uint16_t * it = ie.data; + for (; ie.info.count > 0; ie.info.count--, it += 1) { + if (dataEnd && ((unsigned char *)it) >= dataEnd) + return -1; +@@ -772,9 +772,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed, + count = entry->info.count; + src = entry->data; + while (count--) { +- *((int32_t *)te) = htonl(*((int32_t *)src)); +- te += sizeof(int32_t); +- src += sizeof(int32_t); ++ *((uint32_t *)te) = htonl(*((uint32_t *)src)); ++ te += sizeof(uint32_t); ++ src += sizeof(uint32_t); + } + break; + +@@ -782,9 +782,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed, + count = entry->info.count; + src = entry->data; + while (count--) { +- *((int16_t *)te) = htons(*((int16_t *)src)); +- te += sizeof(int16_t); +- src += sizeof(int16_t); ++ *((uint16_t *)te) = htons(*((uint16_t *)src)); ++ te += sizeof(uint16_t); ++ src += sizeof(uint16_t); + } + break; + +-- +2.33.0 + diff --git a/rpm.spec b/rpm.spec index f1720b6..8e1d865 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 18 +Release: 19 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -85,6 +85,11 @@ Patch6048: backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch Patch6049: backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch Patch6050: backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch Patch6051: backport-Move-file-metadata-setting-back-to-unpack-stage.patch +Patch6052: backport-Fix-header-leak-in-rpmInstall.patch +Patch6053: backport-Fix-eiu-sourceURL-info-leak-in-rpmInstall.patch +Patch6054: backport-Fix-h-blob-leak-when-installing-source-rpms.patch +Patch6055: backport-Fix-Header-leak-when-running-rpm2cpio.patch +Patch6056: backport-Use-unsigned-integers-more-consistently-in-the-handl.patch Patch9000: rpm-fix-rpm-is-blocked-when-open-fifo-file.patch @@ -367,6 +372,9 @@ make check || (cat tests/rpmtests.log; exit 0) %exclude %{_mandir}/man8/rpmspec.8.gz %changelog +* Mon Dec 19 2022 xujing - 4.17.0-19 +- backport patches from upstream to fix memleak + * Mon Nov 28 2022 renhongxun - 4.17.0-18 - Move file metadata setting back to unpack stage