sync some patches from upstream

2022-08-11 11:48:24 +08:00 · 2022-08-11 11:48:24 +08:00 · 1c12fac2a7
commit 1c12fac2a7
parent b63a0c6669
13 changed files with 451 additions and 1 deletions
--- a/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
+++ b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
@ -0,0 +1,29 @@
 From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001
 From: Demi Marie Obenour <demi@invisiblethingslab.com>
 Date: Sat, 12 Feb 2022 13:46:28 -0500
 Subject: [PATCH] Avoid reading out of bounds of the i18ntable
 If the i18ntable was smaller than the i18nstring entry an out of bounds
 read could result.  This should not happen in a valid package, but even
 if RPM rejected such packages during load, this situation could still
 result as a result of usage of the RPM API.
 ---
 lib/header.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/header.c b/lib/header.c
 index 098ea5d..c939006 100644
 --- a/lib/header.c
 +++ b/lib/header.c
@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td,
 	/* For each entry in the header ... */
 	for (langNum = 0, t = table->data, ed = entry->data;
 -	     langNum < entry->info.count;
 +	     langNum < entry->info.count && langNum < table->info.count;
 	     langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) {
 	    int match = headerMatchLocale(t, l, le);
 -- 
 1.8.3.1
--- a/backport-Check-that-the-CRC-length-is-correct.patch
+++ b/backport-Check-that-the-CRC-length-is-correct.patch
@ -0,0 +1,27 @@
 From 1f03aba8b2881a5717af97065038fb056e02a2b3 Mon Sep 17 00:00:00 2001
 From: Demi Marie Obenour <demi@invisiblethingslab.com>
 Date: Thu, 3 Feb 2022 20:42:02 -0500
 Subject: [PATCH] Check that the CRC length is correct
 Also fix a memory leak in an error path.
 ---
 rpmio/rpmpgp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
 index 015c15a..d1966d3 100644
 --- a/rpmio/rpmpgp.c
 +++ b/rpmio/rpmpgp.c
@@ -1444,7 +1444,8 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
 	    crcdec = NULL;
 	    crclen = 0;
 -	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0) {
 +	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0 || crclen != 3) {
 +		crcdec = _free(crcdec);
 		ec = PGPARMOR_ERR_CRC_DECODE;
 		goto exit;
 	    }
 -- 
 1.8.3.1
--- a/backport-Close-file-before-replacing-signed.patch
+++ b/backport-Close-file-before-replacing-signed.patch
@ -0,0 +1,27 @@
 From 9b4c50dd67c337f2d3c927cdd01ae4433bb08b61 Mon Sep 17 00:00:00 2001
 From: Evgeniy Taishev <e.taishev@omp.ru>
 Date: Mon, 17 Jan 2022 22:07:13 +0300
 Subject: [PATCH] Close file before replacing signed
 ---
 sign/rpmgensig.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
 index e88f9b7..b8c68ce 100644
 --- a/sign/rpmgensig.c
 +++ b/sign/rpmgensig.c
@@ -695,6 +695,10 @@ static int rpmSign(const char *rpm, int deleting, int flags)
 	if (copyFile(&fd, rpm, &ofd, trpm) == 0) {
 	    struct stat st;
 +	    /* File must be closed before deletion due to different file locking in some file systems*/
 +	    if (fd) (void) closeFile(&fd);
 +	    if (ofd) (void) closeFile(&ofd);
 +
 	    /* Move final target into place, restore file permissions. */
 	    if (stat(rpm, &st) == 0 && unlink(rpm) == 0 &&
 			rename(trpm, rpm) == 0 && chmod(rpm, st.st_mode) == 0) {
 -- 
 1.8.3.1
--- a/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch
+++ b/backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch
@ -0,0 +1,39 @@
 From 989d7c593c7ab12e17ea8f486856bafac6a1ae37 Mon Sep 17 00:00:00 2001
 From: Peter Pentchev <roam@ringlet.net>
 Date: Sat, 27 Nov 2021 00:43:41 +0200
 Subject: [PATCH] Fix __cplusplus misspelled as _cplusplus.
 ---
 sign/rpmsignfiles.h  | 2 +-
 sign/rpmsignverity.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sign/rpmsignfiles.h b/sign/rpmsignfiles.h
 index 2ff623c..a21a006 100644
 --- a/sign/rpmsignfiles.h
 +++ b/sign/rpmsignfiles.h
@@ -19,7 +19,7 @@ extern "C" {
 RPM_GNUC_INTERNAL
 rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass);
 -#ifdef _cplusplus
 +#ifdef __cplusplus
 }
 #endif
 diff --git a/sign/rpmsignverity.h b/sign/rpmsignverity.h
 index d869e8d..16e6c98 100644
 --- a/sign/rpmsignverity.h
 +++ b/sign/rpmsignverity.h
@@ -29,7 +29,7 @@ RPM_GNUC_INTERNAL
 rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key,
 		    char *keypass, char *cert, uint16_t algo);
 -#ifdef _cplusplus
 +#ifdef __cplusplus
 }
 #endif
 -- 
 1.8.3.1
--- a/backport-Fix-memory-leak-in-pgpPrtParams.patch
+++ b/backport-Fix-memory-leak-in-pgpPrtParams.patch
@ -0,0 +1,38 @@
 From b6dffb6dc5ffa2ddc389743f0507876cab341315 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Fri, 7 Jan 2022 16:10:26 +0100
 Subject: [PATCH] Fix memory leak in pgpPrtParams()
 Make sure selfsig is freed in case we break out of the loop in this
 block.
 Note that the tests added with the binding validation commit bd36c5d do
 not cover this code path so valgrind won't show this.
 ---
 rpmio/rpmpgp.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
 diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
 index 1e4f667..3560328 100644
 --- a/rpmio/rpmpgp.c
 +++ b/rpmio/rpmpgp.c
@@ -1147,12 +1147,11 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
 	if (selfsig) {
 	    /* subkeys must be followed by binding signature */
 -	    if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
 -		if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
 -		    break;
 -	    }
 +	    int xx = 1; /* assume failure */
 -	    int xx = pgpVerifySelf(digp, selfsig, all, i);
 +	    if (!(prevtag == PGPTAG_PUBLIC_SUBKEY &&
 +		  selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING))
 +		xx = pgpVerifySelf(digp, selfsig, all, i);
 	    selfsig = pgpDigParamsFree(selfsig);
 	    if (xx)
 -- 
 1.8.3.1
--- a/backport-Fix-old-Python-ts.check-argument-order-regression.patch
+++ b/backport-Fix-old-Python-ts.check-argument-order-regression.patch
@ -0,0 +1,32 @@
 From f0c158cbc8a50a776b44de2c0fe744c451155a41 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Tue, 4 Jan 2022 15:57:10 +0200
 Subject: [PATCH] Fix old Python ts.check() argument order regression
 Commit fab2debfe440d677dbd072c3cd73d2c99876e7a5 managed to mess up the
 order of the last two callback arguments, doh.
 Goes to show that nobody has missed this stuff in 12+ years, so it might
 be more merciful to put this thing out of its misery...
 Fixes: #1871
 ---
 python/rpm/transaction.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py
 index 991fd9a..ba39881 100644
 --- a/python/rpm/transaction.py
 +++ b/python/rpm/transaction.py
@@ -159,7 +159,7 @@ class TransactionSet(TransactionSetCore):
                 needver = ""
             res.append(((n, v, r),
 -                        (needname, needver), needflags, sense, p.key))
 +                        (needname, needver), needflags, p.key, sense))
         return res
 -- 
 1.8.3.1
--- a/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch
+++ b/backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch
@ -0,0 +1,39 @@
 From 1c15d748d3536a21b6edbbf9254db76fefb4b275 Mon Sep 17 00:00:00 2001
 From: Dmitry Gerasimov <d.gerasimov@omp.ru>
 Date: Mon, 27 Dec 2021 12:27:57 +0300
 Subject: [PATCH] Fix possible NULL pointer dereference in rpmfcClassify
 Here is simplified overview of possible dereference:
        if (fc == NULL) {
            rpmlog(RPMLOG_ERR, _("Empty file classifier\n"));
            goto exit;
        }
        // ...
    exit:
        rpmstrPoolFreeze(fc->cdict, 0);
                         ~~~~~~~~~
 This issue was found by Svace Static Analyzer.
 ---
 build/rpmfc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/build/rpmfc.c b/build/rpmfc.c
 index eb51a36..cf2c203 100644
 --- a/build/rpmfc.c
 +++ b/build/rpmfc.c
@@ -1168,7 +1168,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
     if (fc == NULL) {
 	rpmlog(RPMLOG_ERR, _("Empty file classifier\n"));
 -	goto exit;
 +	return RPMRC_FAIL;
     }
     /* It is OK when we have no files to classify. */
 -- 
 1.8.3.1
--- a/backport-Fix-use-after-free-in-haveSignature.patch
+++ b/backport-Fix-use-after-free-in-haveSignature.patch
@ -0,0 +1,33 @@
 From ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Fri, 7 Jan 2022 13:57:24 +0100
 Subject: [PATCH] Fix use-after-free in haveSignature()
 pgpPrtParams() may leave sig2 unchanged and if we're not in the very
 first iteration of the while() loop, we could pass a freed pointer to
 pgpDigParamsCmp().  Fix by setting it to NULL after freeing.
 Found by Coverity, after commit bd36c5d (subkey binding validation),
 although note that the commit didn't introduce this bug; it just seems
 to have been a false negative that got "fixed" by the changes in
 pgpPrtParams() in that commit.
 ---
 sign/rpmgensig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
 index d8c84e9..e88f9b7 100644
 --- a/sign/rpmgensig.c
 +++ b/sign/rpmgensig.c
@@ -364,7 +364,7 @@ static int haveSignature(rpmtd sigtd, Header h)
 	pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2);
 	if (pgpDigParamsCmp(sig1, sig2) == 0)
 	    rc = 1;
 -	pgpDigParamsFree(sig2);
 +	sig2 = pgpDigParamsFree(sig2);
     }
     pgpDigParamsFree(sig1);
     rpmtdFreeData(&oldtd);
 -- 
 1.8.3.1
--- a/backport-Make-rpmfiSetFX-return-code-meaningful.patch
+++ b/backport-Make-rpmfiSetFX-return-code-meaningful.patch
@ -0,0 +1,51 @@
 From 318efbaec80a90f1d9ac76d0cd433f6ea3c103fa Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Thu, 10 Feb 2022 10:07:06 +0200
 Subject: [PATCH] Make rpmfiSetFX() return code meaningful
 Up to now, rpmfiSetFX() has returned the previous file index on success,
 and -1 on error. Which seems okay on the outset, but on a just
 initialized iterator the file index is at -1 which means the returned
 -1 sometimes indicates an error and sometimes success. This is so broken
 that none of the callers even try to use it (grep for it). Which is
 lucky in the sense that it means we can change it.
 Simply return the newly set index on success and -1 on error, it may
 not be the greatest return code on earth but at least it's
 non-ambiguous.
 ---
 lib/rpmfi.c | 2 +-
 lib/rpmfi.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/lib/rpmfi.c b/lib/rpmfi.c
 index 30e0738..4965aee 100644
 --- a/lib/rpmfi.c
 +++ b/lib/rpmfi.c
@@ -314,9 +314,9 @@ int rpmfiSetFX(rpmfi fi, int fx)
     int i = -1;
     if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {
 -	i = fi->i;
 	fi->i = fx;
 	fi->j = rpmfilesDI(fi->files, fi->i);
 +	i = fi->i;
     }
     return i;
 }
 diff --git a/lib/rpmfi.h b/lib/rpmfi.h
 index 989582b..52310c6 100644
 --- a/lib/rpmfi.h
 +++ b/lib/rpmfi.h
@@ -39,7 +39,7 @@ int rpmfiFX(rpmfi fi);
  * Set current file index in file info set iterator.
  * @param fi		file info set iterator
  * @param fx		new file index
 - * @return		current file index
 + * @return		new file index, -1 on error
  */
 int rpmfiSetFX(rpmfi fi, int fx);
 -- 
 1.8.3.1
--- a/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch
+++ b/backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch
@ -0,0 +1,40 @@
 From ed07a187734addfa16be9ee922398e4ff9859f53 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Tue, 7 Dec 2021 08:08:37 +0100
 Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662)
 If a package contains a symlink in the buildroot which is declared as a
 ghost or config file but is a regular file or directory on the system
 where it's installed, a --setperms call will reset its permissions to
 those of a symlink (777 on Linux), which almost certainly is not the
 correct thing to do.
 To fix that, just skip files that were recorded as symlinks.
 This is a special case of a general issue in --setperms; since file
 permission semantics may change depending on the file type, to stay on
 the safe side, any (ghost or config) file whose type changes after
 installation should probably be skipped.  However, symlinks are the most
 prominent case here, so let's just focus on that now and avoid adding
 too much cleverness to a popt alias (this got us into trouble not too
 long ago, see commits 38c2f6e and 0d83637).  We may revisit this in the
 eventual C implementation.
 ---
 rpmpopt.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/rpmpopt.in b/rpmpopt.in
 index 27d2986..d5a6b14 100644
 --- a/rpmpopt.in
 +++ b/rpmpopt.in
@@ -44,6 +44,7 @@ rpm	alias --scripts --qf '\
 	--POPTdesc=$"list install/erase scriptlets from package(s)"
 rpm	alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
 +        \[ -n %{FILELINKTOS:shescape} \] || \
         ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
         chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
 		   --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
 -- 
 1.8.3.1
--- a/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch
+++ b/backport-rpmkeys-exit-non-zero-on-I-O-errors.patch
@ -0,0 +1,53 @@
 From fc8386be36a32f8462a0d16a2dd3e5e18f7fbc2d Mon Sep 17 00:00:00 2001
 From: Demi Marie Obenour <demi@invisiblethingslab.com>
 Date: Mon, 12 Apr 2021 11:30:51 -0400
 Subject: [PATCH] rpmkeys: exit non-zero on I/O errors
 If writing to stdout or stderr fails, rpmkeys should exit with a
 non-zero status code.
 ---
 rpmkeys.c          |  4 ++++
 tests/rpmsigdig.at | 13 +++++++++++++
 2 files changed, 17 insertions(+)
 diff --git a/rpmkeys.c b/rpmkeys.c
 index 542601c..2c304de 100644
 --- a/rpmkeys.c
 +++ b/rpmkeys.c
@@ -86,5 +86,9 @@ int main(int argc, char *argv[])
 exit:
     rpmtsFree(ts);
     rpmcliFini(optCon);
 +    fflush(stderr);
 +    fflush(stdout);
 +    if (ferror(stdout) || ferror(stderr))
 +	return 255; /* I/O error */
     return ec;
 }
 diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
 index c8b9f13..429163e 100644
 --- a/tests/rpmsigdig.at
 +++ b/tests/rpmsigdig.at
@@ -24,6 +24,19 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i38
 [])
 AT_CLEANUP
 +# ------------------------------
 +# Test rpmkeys write errors
 +AT_SETUP([[rpmkeys -K no space left on stdout]])
 +AT_KEYWORDS([rpmkeys digest])
 +AT_CHECK([
 +RPMDB_INIT[
 +
 +runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm >/dev/full
 +]],255,,[[Error writing to log: No space left on device
 +]])
 +AT_CLEANUP
 +
 +
 AT_SETUP([rpmkeys -Kv <reconstructed> 1])
 AT_KEYWORDS([rpmkeys digest])
 AT_CHECK([
 -- 
 1.8.3.1
--- a/backport-treat-0-as-valid-file-descriptor.patch
+++ b/backport-treat-0-as-valid-file-descriptor.patch
@ -0,0 +1,27 @@
 From be64821b908fdb1ff3c12530430d1cf046839e60 Mon Sep 17 00:00:00 2001
 From: licunlong <licunlong1@huawei.com>
 Date: Thu, 20 Jan 2022 19:59:44 +0800
 Subject: [PATCH] treat 0 as valid file descriptor The descriptor is openned in
 rpmpkgOpen, and we treat 0 as valid file descriptor. Here we should do the
 same or fail earlier.
 ---
 lib/backend/ndb/rpmpkg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/backend/ndb/rpmpkg.c b/lib/backend/ndb/rpmpkg.c
 index 64d0493..0a041e4 100644
 --- a/lib/backend/ndb/rpmpkg.c
 +++ b/lib/backend/ndb/rpmpkg.c
@@ -734,7 +734,7 @@ static int rpmpkgAddSlotPage(rpmpkgdb pkgdb)
 static int rpmpkgGetLock(rpmpkgdb pkgdb, int type)
 {
 -    if (!pkgdb->fd)
 +    if (pkgdb->fd < 0)
 	return RPMRC_FAIL;
     if (flock(pkgdb->fd, type))
 	return RPMRC_FAIL;
 -- 
 1.8.3.1
--- a/rpm.spec
+++ b/rpm.spec
@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.17.0
-Release:       6
+Release:       7
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@ -41,6 +41,18 @@ Patch6008: backport-Fix-some-Lua-stack-leaks-in-our-initialization-code.patch
 Patch6009: backport-Simplify-rpm_print-fixing-a-Lua-stack-leak-as-a-bonu.patch
 Patch6010: backport-Switch-the-floating-point-type-in-rpmhook-from-float.patch
 Patch6011: backport-Fix-a-memleak-in-ndb-from-opened-but-not-closed-dbis.patch
 Patch6012: backport-Fix-possible-NULL-pointer-dereference-in-rpmfcClassi.patch
 Patch6013: backport-Fix-old-Python-ts.check-argument-order-regression.patch
 Patch6014: backport-Fix-memory-leak-in-pgpPrtParams.patch
 Patch6015: backport-Fix-use-after-free-in-haveSignature.patch
 Patch6016: backport-Close-file-before-replacing-signed.patch
 Patch6017: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch
 Patch6018: backport-treat-0-as-valid-file-descriptor.patch
 Patch6019: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch
 Patch6020: backport-Check-that-the-CRC-length-is-correct.patch
 Patch6021: backport-Make-rpmfiSetFX-return-code-meaningful.patch
 Patch6022: backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
 Patch6023: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch
 BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
 BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
@ -310,6 +322,9 @@ make check || (cat tests/rpmtests.log; exit 0)
 %{_mandir}/man1/gendiff.1*
 %changelog
 * Thu Aug 11 2022 renhongxun<renhongxun@h-partners.com> - 4.17.0-7
 - sync some patches from upstream
 * Thu Aug 11 2022 renhongxun<renhongxun@h-partners.com> - 4.17.0-6
 - sync some patches from upstream