diff --git a/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch b/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch new file mode 100644 index 0000000..d088619 --- /dev/null +++ b/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch @@ -0,0 +1,26 @@ +From 213a4064a4b1b5b260a55b3933170599e617494d Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 1 Sep 2020 12:15:33 +0300 +Subject: [PATCH] Add missing terminator to copyTagsFromMainDebug array + +headerCopyTags() expects a 0-terminated array, this was overflowing +(spotted by address-sanitizer) +--- + build/files.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/files.c b/build/files.c +index f06f9ac74..47625905c 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -2838,6 +2838,7 @@ static rpmTag copyTagsFromMainDebug[] = { + RPMTAG_OS, + RPMTAG_PLATFORM, + RPMTAG_OPTFLAGS, ++ 0 + }; + + /* this is a hack: patch the summary and the description to include +-- +2.27.0 + diff --git a/backport-Always-close-libelf-handle-1313.patch b/backport-Always-close-libelf-handle-1313.patch new file mode 100644 index 0000000..6785d04 --- /dev/null +++ b/backport-Always-close-libelf-handle-1313.patch @@ -0,0 +1,32 @@ +From 38c03ddb18e86c84d89af695f72442d8365eb64e Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Tue, 21 Jul 2020 10:45:20 +0200 +Subject: [PATCH] Always close libelf handle (#1313) + +Otherwise executables that are not proper elf files are leaking libelf +handles. This results in file being left open (mmap'ed) and fails the +build on NFS as those files can't be deleted properly there. + +Resolves: rhbz#1840728 +See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728 +--- + build/files.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/files.c b/build/files.c +index f675306f7..62489c07c 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -1935,8 +1935,8 @@ static int generateBuildIDs(FileList fl, ARGV_t *files) + if (terminate) + rc = 1; + } +- elf_end (elf); + } ++ elf_end (elf); + close (fd); + } + } +-- +2.27.0 + diff --git a/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch b/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch new file mode 100644 index 0000000..da40c93 --- /dev/null +++ b/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch @@ -0,0 +1,64 @@ +From a4afbb62c94c6e0dc18c1bf08336aeb4a91f82de Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 22 Apr 2020 14:12:47 +0300 +Subject: [PATCH] Don't look into source package provides in depsolving + +Fixes regressions from commit 75ec16e660e784d7897b37cac1a2b9b135825f25: +the newly added provides of to-be-built packages were being used for +dependency resolution, such as spec satifying its own buildrequires, +and matched against conflicts in installed packages. + +Source packages cannot obsolete anything or provide capabilities or files +to transactions, don't add them to rpmal at all. Explicitly skip checks +against source provides, similarly to what we already did with obsoletes. + +Fixes: #1189 +--- + lib/depends.c | 8 ++++---- + lib/rpmal.c | 4 ++++ + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/lib/depends.c b/lib/depends.c +index 6acb21dc3..579451926 100644 +--- a/lib/depends.c ++++ b/lib/depends.c +@@ -1040,6 +1040,10 @@ int rpmtsCheck(rpmts ts) + checkDS(ts, dcache, p, rpmteNEVRA(p), rpmteDS(p, RPMTAG_OBSOLETENAME), + tscolor); + ++ /* Skip obsoletion and provides checks for source packages (ie build) */ ++ if (rpmteIsSource(p)) ++ continue; ++ + /* Check provides against conflicts in installed packages. */ + while (rpmdsNext(provides) >= 0) { + checkInstDeps(ts, dcache, p, RPMTAG_CONFLICTNAME, NULL, provides, 0); +@@ -1047,10 +1051,6 @@ int rpmtsCheck(rpmts ts) + checkInstDeps(ts, dcache, p, RPMTAG_REQUIRENAME, NULL, provides, 1); + } + +- /* Skip obsoletion checks for source packages (ie build) */ +- if (rpmteIsSource(p)) +- continue; +- + /* Check package name (not provides!) against installed obsoletes */ + checkInstDeps(ts, dcache, p, RPMTAG_OBSOLETENAME, NULL, rpmteDS(p, RPMTAG_NAME), 0); + +diff --git a/lib/rpmal.c b/lib/rpmal.c +index 3c8acd63a..8a47d025a 100644 +--- a/lib/rpmal.c ++++ b/lib/rpmal.c +@@ -247,6 +247,10 @@ void rpmalAdd(rpmal al, rpmte p) + rpmalNum pkgNum; + availablePackage alp; + ++ /* Source packages don't provide anything to depsolving */ ++ if (rpmteIsSource(p)) ++ return; ++ + if (al->size == al->alloced) { + al->alloced += al->delta; + al->list = xrealloc(al->list, sizeof(*al->list) * al->alloced); +-- +2.27.0 + diff --git a/backport-Don-t-require-signature-header-to-be-in-single-conti.patch b/backport-Don-t-require-signature-header-to-be-in-single-conti.patch new file mode 100644 index 0000000..3be02b3 --- /dev/null +++ b/backport-Don-t-require-signature-header-to-be-in-single-conti.patch @@ -0,0 +1,31 @@ +From bb30f997c4b22c0d5cf6752f15d2af17538f91f0 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 9 Jan 2020 10:24:39 +0200 +Subject: [PATCH] Don't require signature header to be in single contiguous + region part II + +The generic case was reported in #270 and fixed quite a while ago in +commit 34c2ba3c6a80a778cdf2e42a9193b3264e08e1b3, but signing uses a +different code path and require the same treatment. + +Fixes: #1002 +--- + lib/signature.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/signature.c b/lib/signature.c +index 6f04962e8..21f04c7f2 100644 +--- a/lib/signature.c ++++ b/lib/signature.c +@@ -65,7 +65,7 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, char ** msg) + if (sighp) + *sighp = NULL; + +- if (hdrblobRead(fd, 1, 1, RPMTAG_HEADERSIGNATURES, &blob, &buf) != RPMRC_OK) ++ if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, &blob, &buf) != RPMRC_OK) + goto exit; + + /* OK, blob looks sane, load the header. */ +-- +2.27.0 + diff --git a/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch b/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch new file mode 100644 index 0000000..169838c --- /dev/null +++ b/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch @@ -0,0 +1,218 @@ +From 307872f71b357a3839fd037514a1c3dabfacc611 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 3 Feb 2020 14:54:16 +0200 +Subject: [PATCH] Fix POPT_ARG_STRING memleaks in librpmbuild + +popt always returned malloc'ed memory for POPT_ARG_STRING items, but +for whatever historical reason rpm systematically passed const char * +pointers as targets, making them look non-freeable. Besides changing +just the types and adding free()'s, const-correctness requires extra +tweaks as there's mixed use from string literals and poptGetArg() which +does return const pointers. +--- + build/parseDescription.c | 11 +++++++---- + build/parseFiles.c | 5 +++-- + build/parsePolicies.c | 5 +++-- + build/parsePrep.c | 6 +++++- + build/parseScript.c | 11 +++++++---- + build/policies.c | 8 ++++++-- + 6 files changed, 31 insertions(+), 15 deletions(-) + +diff --git a/build/parseDescription.c b/build/parseDescription.c +index c0737c0..72811f5 100644 +--- a/build/parseDescription.c ++++ b/build/parseDescription.c +@@ -19,8 +19,8 @@ int parseDescription(rpmSpec spec) + int rc, argc; + int arg; + const char **argv = NULL; +- const char *name = NULL; +- const char *lang = RPMBUILD_DEFAULT_LANG; ++ char *name = NULL; ++ char *lang = NULL; + const char *descr = ""; + poptContext optCon = NULL; + struct poptOption optionsTable[] = { +@@ -52,7 +52,7 @@ int parseDescription(rpmSpec spec) + + if (poptPeekArg(optCon)) { + if (name == NULL) +- name = poptGetArg(optCon); ++ name = xstrdup(poptGetArg(optCon)); + if (poptPeekArg(optCon)) { + rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), + spec->lineNum, +@@ -75,12 +75,15 @@ int parseDescription(rpmSpec spec) + } + + if (addLangTag(spec, pkg->header, +- RPMTAG_DESCRIPTION, descr, lang)) { ++ RPMTAG_DESCRIPTION, descr, ++ lang ? lang : RPMBUILD_DEFAULT_LANG)) { + nextPart = PART_ERROR; + } + + exit: + freeStringBuf(sb); ++ free(lang); ++ free(name); + free(argv); + poptFreeContext(optCon); + return nextPart; +diff --git a/build/parseFiles.c b/build/parseFiles.c +index 69935d4..0dc1f17 100644 +--- a/build/parseFiles.c ++++ b/build/parseFiles.c +@@ -17,7 +17,7 @@ int parseFiles(rpmSpec spec) + int rc, argc; + int arg; + const char ** argv = NULL; +- const char *name = NULL; ++ char *name = NULL; + int flag = PART_SUBNAME; + poptContext optCon = NULL; + struct poptOption optionsTable[] = { +@@ -52,7 +52,7 @@ int parseFiles(rpmSpec spec) + + if (poptPeekArg(optCon)) { + if (name == NULL) +- name = poptGetArg(optCon); ++ name = xstrdup(poptGetArg(optCon)); + if (poptPeekArg(optCon)) { + rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), + spec->lineNum, +@@ -89,6 +89,7 @@ int parseFiles(rpmSpec spec) + exit: + rpmPopMacro(NULL, "license"); + free(argv); ++ free(name); + poptFreeContext(optCon); + + return res; +diff --git a/build/parsePolicies.c b/build/parsePolicies.c +index 118b92c..64b95b1 100644 +--- a/build/parsePolicies.c ++++ b/build/parsePolicies.c +@@ -19,7 +19,7 @@ int parsePolicies(rpmSpec spec) + int rc, argc; + int arg; + const char **argv = NULL; +- const char *name = NULL; ++ char *name = NULL; + int flag = PART_SUBNAME; + poptContext optCon = NULL; + +@@ -50,7 +50,7 @@ int parsePolicies(rpmSpec spec) + + if (poptPeekArg(optCon)) { + if (name == NULL) +- name = poptGetArg(optCon); ++ name = xstrdup(poptGetArg(optCon)); + if (poptPeekArg(optCon)) { + rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), + spec->lineNum, spec->line); +@@ -66,6 +66,7 @@ int parsePolicies(rpmSpec spec) + + exit: + free(argv); ++ free(name); + poptFreeContext(optCon); + + return res; +diff --git a/build/parsePrep.c b/build/parsePrep.c +index fe37575..cafb050 100644 +--- a/build/parsePrep.c ++++ b/build/parsePrep.c +@@ -242,7 +242,7 @@ static int doSetupMacro(rpmSpec spec, const char *line) + int leaveDirs = 0, skipDefaultAction = 0; + int createDir = 0, quietly = 0; + int buildInPlace = 0; +- const char * dirName = NULL; ++ char * dirName = NULL; + struct poptOption optionsTable[] = { + { NULL, 'a', POPT_ARG_STRING, NULL, 'a', NULL, NULL}, + { NULL, 'b', POPT_ARG_STRING, NULL, 'b', NULL, NULL}, +@@ -373,6 +373,7 @@ exit: + freeStringBuf(before); + freeStringBuf(after); + poptFreeContext(optCon); ++ free(dirName); + free(argv); + + return rc; +@@ -484,6 +485,9 @@ static rpmRC doPatchMacro(rpmSpec spec, const char *line) + + exit: + argvFree(patchnums); ++ free(opt_b); ++ free(opt_d); ++ free(opt_o); + free(argv); + poptFreeContext(optCon); + return rc; +diff --git a/build/parseScript.c b/build/parseScript.c +index bdf6ab3..e037bba 100644 +--- a/build/parseScript.c ++++ b/build/parseScript.c +@@ -100,9 +100,9 @@ int parseScript(rpmSpec spec, int parsePart) + int arg; + const char **argv = NULL; + poptContext optCon = NULL; +- const char *name = NULL; +- const char *prog = "/bin/sh"; +- const char *file = NULL; ++ char *name = NULL; ++ char *prog = xstrdup("/bin/sh"); ++ char *file = NULL; + int priority = 1000000; + struct poptOption optionsTable[] = { + { NULL, 'p', POPT_ARG_STRING, &prog, 'p', NULL, NULL}, +@@ -326,7 +326,7 @@ int parseScript(rpmSpec spec, int parsePart) + + if (poptPeekArg(optCon)) { + if (name == NULL) +- name = poptGetArg(optCon); ++ name = xstrdup(poptGetArg(optCon)); + if (poptPeekArg(optCon)) { + rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), + spec->lineNum, +@@ -465,6 +465,9 @@ exit: + free(reqargs); + freeStringBuf(sb); + free(progArgv); ++ free(prog); ++ free(name); ++ free(file); + free(argv); + poptFreeContext(optCon); + +diff --git a/build/policies.c b/build/policies.c +index d3b1930..e92df19 100644 +--- a/build/policies.c ++++ b/build/policies.c +@@ -276,16 +276,20 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) + } + + if (writeModuleToHeader(mod, pkg) != RPMRC_OK) { +- freeModule(mod); + goto exit; + } + +- freeModule(mod); ++ mod = freeModule(mod); ++ name = _free(name); ++ types = _free(types); + } + + rc = RPMRC_OK; + + exit: ++ freeModule(mod); ++ free(name); ++ free(types); + + return rc; + } +-- +2.27.0 + diff --git a/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch b/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch new file mode 100644 index 0000000..f169159 --- /dev/null +++ b/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch @@ -0,0 +1,39 @@ +From 4ddab4fb7e1ccc7dc466534250177b7d2682a9e2 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 29 Jan 2020 15:39:58 +0200 +Subject: [PATCH] Fix a minor memory leak on suppressed inhibition lock warning + message + +Commit 708e61307bc3fd027b016fdf5a1d1a5274c1843c introduced a memory leak +on the error object: if the message is suppressed then the error object +is never freed. Test for the suppression conditions separately to fix. +--- + plugins/systemd_inhibit.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/plugins/systemd_inhibit.c b/plugins/systemd_inhibit.c +index 0ddca9cd8..ecff30533 100644 +--- a/plugins/systemd_inhibit.c ++++ b/plugins/systemd_inhibit.c +@@ -52,12 +52,14 @@ static int inhibit(void) + dbus_message_unref(reply); + } + +- if (dbus_error_is_set(&err) +- && !dbus_error_has_name(&err, DBUS_ERROR_NO_SERVER) +- && !dbus_error_has_name(&err, DBUS_ERROR_FILE_NOT_FOUND)) { +- rpmlog(RPMLOG_WARNING, ++ if (dbus_error_is_set(&err)) { ++ if (!dbus_error_has_name(&err, DBUS_ERROR_NO_SERVER) && ++ !dbus_error_has_name(&err, DBUS_ERROR_FILE_NOT_FOUND)) ++ { ++ rpmlog(RPMLOG_WARNING, + "Unable to get systemd shutdown inhibition lock: %s\n", + err.message); ++ } + dbus_error_free(&err); + } + +-- +2.27.0 + diff --git a/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch b/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch new file mode 100644 index 0000000..10f1b7b --- /dev/null +++ b/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch @@ -0,0 +1,35 @@ +From 67f8dadebdf290c4ade36a7d3a27e52048d96032 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 4 Feb 2020 10:36:43 +0200 +Subject: [PATCH] Fix build regression in commit + 307872f71b357a3839fd037514a1c3dabfacc611 + +Commit 307872f71b357a3839fd037514a1c3dabfacc611 broke build with +SELinux enabled but was accidentally merged. Fix the breakage. +--- + build/policies.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/policies.c b/build/policies.c +index e92df194a..16d5f87e6 100644 +--- a/build/policies.c ++++ b/build/policies.c +@@ -221,6 +221,7 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) + char *types = NULL; + uint32_t flags = 0; + poptContext optCon = NULL; ++ ModuleRec mod = NULL; + + rpmRC rc = RPMRC_FAIL; + +@@ -236,7 +237,6 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) + } + + for (ARGV_const_t pol = pkg->policyList; *pol != NULL; pol++) { +- ModuleRec mod; + const char *line = *pol; + const char **argv = NULL; + int argc = 0; +-- +2.27.0 + diff --git a/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch b/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch new file mode 100644 index 0000000..72d3802 --- /dev/null +++ b/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch @@ -0,0 +1,60 @@ +From 486579912381ede82172dc6d0ff3941a6d0536b5 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Wed, 3 Jun 2020 10:25:24 +0800 +Subject: [PATCH] Fix: bump up the limit of signature header to 64MB + +Since commits [Place file signatures into the signature header where they +belong][1] applied, run `rpm -Kv **.rpm' failed if signature header +is larger than 64KB. Here are steps: + +1) A unsigned rpm package, the size is 227560 bytes +$ ls -al xz-src-5.2.5-r0.corei7_64.rpm +-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 + +2) Sign the rpm package +$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm + +3) The size of signed rpm is 312208 bytes +$ ls -al xz-src-5.2.5-r0.corei7_64.rpm +-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 + +4) Run `rpm -Kv' failed with signature hdr data out of range +$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm +xz-src-5.2.5-r0.corei7_64.rpm: +error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of +bytes(88864) out of range + +From 1) and 3), the size of signed rpm package increased +312208 - 227560 = 84648, so the check of dl_max (64KB,65536) +is not enough. + +As [1] said: + + This also means the signature header can be MUCH bigger than ever + before,so bump up the limit (to 64MB, arbitrary something for now) + +So [1] missed to multiply by 1024. + +[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c + +Signed-off-by: Hongxu Jia +--- + lib/header.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/header.c b/lib/header.c +index f9152ba90..e59d63744 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -1903,7 +1903,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl + + if (regionTag == RPMTAG_HEADERSIGNATURES) { + il_max = 32; +- dl_max = 64 * 1024; ++ dl_max = 64 * 1024 * 1024; + } + + memset(block, 0, sizeof(block)); +-- +2.27.0 + diff --git a/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch b/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch new file mode 100644 index 0000000..f882284 --- /dev/null +++ b/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch @@ -0,0 +1,98 @@ +From a58725822651f791b2e74fe40a6e85b3b7e72aca Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 10 Aug 2020 11:01:37 +0300 +Subject: [PATCH] Fix changelog trimming to work relative to newest +existing + entry (#1301) + +%_changelog_trimtime is an absolute timestamp which needs to be +%constantly +pushed forward to preserve the same relative age, and will start +trimming +entries from unchanged packages until none are left, leading to +unexpected +and confusing behavior (RhBug:1722806, ...) + +It's better to trim by age relative to newest changelog entry. This way +the +number of trimmed entries will not change unless the spec changes, and +at +least one entry is always preserved. Introduce a new %_changelog_trimage +macro for this and mark the broken by design %_changelog_trimtime as +deprecated, but autoconvert an existing trimtime into relative for now. + +As a seemingly unrelated change, move the "time" variable declaration +to a narrower scope to unmask the time() function for use on entry. + +Fixes: #1301 +--- + build/parseChangelog.c | 16 +++++++++++++++- + macros.in | 6 +++++- + 2 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/build/parseChangelog.c b/build/parseChangelog.c +index ad6d834..22f445e 100644 +--- a/build/parseChangelog.c ++++ b/build/parseChangelog.c +@@ -200,18 +200,26 @@ static rpmRC addChangelog(Header h, ARGV_const_t sb) + rpmRC rc = RPMRC_FAIL; /* assume failure */ + char *s, *sp; + int i; +- time_t time; ++ time_t firstTime = 0; + time_t lastTime = 0; + time_t trimtime = rpmExpandNumeric("%{?_changelog_trimtime}"); ++ time_t trimage = rpmExpandNumeric("%{?_changelog_trimage}"); + char *date, *name, *text, *next; + int date_words; /* number of words in date string */ + ++ /* Convert _changelog_trimtime to age for backwards compatibility */ ++ if (trimtime && !trimage) { ++ trimage = time(NULL) - trimtime; ++ trimtime = 0; ++ } ++ + s = sp = argvJoin(sb, ""); + + /* skip space */ + SKIPSPACE(s); + + while (*s != '\0') { ++ time_t time; + if (*s != '*') { + rpmlog(RPMLOG_ERR, _("%%changelog entries must start with *\n")); + goto exit; +@@ -235,6 +243,12 @@ static rpmRC addChangelog(Header h, ARGV_const_t sb) + rpmlog(RPMLOG_ERR, _("bad date in %%changelog: %s\n"), date); + goto exit; + } ++ /* Changelog trimming is always relative to first entry */ ++ if (!firstTime) { ++ firstTime = time; ++ if (trimage) ++ trimtime = firstTime - trimage; ++ } + if (lastTime && lastTime < time) { + rpmlog(RPMLOG_ERR, + _("%%changelog not in descending chronological order\n")); +diff --git a/macros.in b/macros.in +index 8619c13..5b45d73 100644 +--- a/macros.in ++++ b/macros.in +@@ -230,8 +230,12 @@ package or when debugging this package.\ + # The path to the gzip executable (legacy, use %{__gzip} instead). + %_gzipbin %{__gzip} + ++# Maximum age of preserved changelog entries in binary packages, ++# relative to newest existing entry. Unix timestamp format. ++%_changelog_trimage 0 ++ + # The Unix time of the latest kept changelog entry in binary packages. +-# Any older entry is not packaged in binary packages. ++# DEPRACATED, use %_changelog_trimage instead. + %_changelog_trimtime 0 + + # If true, set the SOURCE_DATE_EPOCH environment variable +-- +2.27.0 + diff --git a/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch b/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch new file mode 100644 index 0000000..923b694 --- /dev/null +++ b/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch @@ -0,0 +1,41 @@ +From d937b04fb1cb5d3ca303bd458169c352a4b52669 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 31 Jan 2020 12:27:26 +0100 +Subject: [PATCH] Fix isUnorderedReq() for multiple qualifiers + +isUnorderedReq() returned True as soon as any qualifier that does not +require ordering is passed. But some qulifiers - basically the scriptlets +run during installation and erasure of the package - may still require +the dependency to be taken into account during ordering. + +Now isUnorderedReq() returns 0 if any of those are also set. + +Resolves: #1030 +--- + lib/rpmds.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/rpmds.h b/lib/rpmds.h +index 491d8738d..d160c948e 100644 +--- a/lib/rpmds.h ++++ b/lib/rpmds.h +@@ -82,12 +82,14 @@ typedef rpmFlags rpmsenseFlags; + _notpre(RPMSENSE_SCRIPT_PREUN|RPMSENSE_SCRIPT_POSTUN) + #define _UNORDERED_ONLY_MASK \ + _notpre(RPMSENSE_RPMLIB|RPMSENSE_CONFIG|RPMSENSE_PRETRANS|RPMSENSE_POSTTRANS|RPMSENSE_SCRIPT_VERIFY) ++#define _FORCE_ORDER_ONLY_MASK \ ++ _notpre(RPMSENSE_SCRIPT_PRE|RPMSENSE_SCRIPT_POST|RPMSENSE_SCRIPT_PREUN|RPMSENSE_SCRIPT_POSTUN) + + #define isLegacyPreReq(_x) (((_x) & _ALL_REQUIRES_MASK) == RPMSENSE_PREREQ) + #define isInstallPreReq(_x) ((_x) & _INSTALL_ONLY_MASK) + #define isErasePreReq(_x) ((_x) & _ERASE_ONLY_MASK) +-#define isUnorderedReq(_x) ((_x) & _UNORDERED_ONLY_MASK) +- ++#define isUnorderedReq(_x) ((_x) & _UNORDERED_ONLY_MASK && \ ++ !((_x) & _FORCE_ORDER_ONLY_MASK)) + + + /** \ingroup rpmds +-- +2.27.0 + diff --git a/backport-Fix-logic-error-in-grabArgs.patch b/backport-Fix-logic-error-in-grabArgs.patch new file mode 100644 index 0000000..349d71f --- /dev/null +++ b/backport-Fix-logic-error-in-grabArgs.patch @@ -0,0 +1,54 @@ +From 6d7fa91949337c7a86bab3359b39558fdae07dce Mon Sep 17 00:00:00 2001 +From: Michael Schroeder +Date: Fri, 23 Oct 2020 14:02:35 +0200 +Subject: [PATCH] Fix logic error in grabArgs() + +If there was a \ at the end of the buffer, the code would +return a pointer after the trailing \0 leading to unallocated +memory access and weird results in some cases. + +See commit 817959609b95afe34ce0f7f6c3dc5d7d0d9a8470. +--- + rpmio/macro.c | 2 +- + tests/rpmmacro.at | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/rpmio/macro.c b/rpmio/macro.c +index 1edcb39e6..a1ed9b288 100644 +--- a/rpmio/macro.c ++++ b/rpmio/macro.c +@@ -947,7 +947,7 @@ grabArgs(MacroBuf mb, const rpmMacroEntry me, const char * se, + splitQuoted(&argv, s, " \t"); + free(s); + +- cont = ((*lastc == '\0' || *lastc == '\n') && *(lastc-1) != '\\') ? ++ cont = (*lastc == '\0') || (*lastc == '\n' && *(lastc-1) != '\\') ? + lastc : lastc + 1; + } + +diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at +index d972a1197..a21952c46 100644 +--- a/tests/rpmmacro.at ++++ b/tests/rpmmacro.at +@@ -179,6 +179,9 @@ runroot rpm \ + --eval '%foo %{quote: 2 3 5} %{quote:%{nil}}' \ + --eval '%foo x%{quote:y}z 123' \ + --eval '%foo x%{quote:%{nil}}z' \ ++ --eval '%foo 1 \ ++bar' \ ++ --eval '%foo 1 \' \ + ], + [0], + [1:"1" +@@ -190,6 +193,8 @@ runroot rpm \ + 2:" 2 3 5" "" + 2:"xyz" "123" + 1:"xz" ++2:"1" "\"bar ++2:"1" "\" + ]) + AT_CLEANUP + +-- +2.27.0 + diff --git a/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch b/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch new file mode 100644 index 0000000..999911c --- /dev/null +++ b/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch @@ -0,0 +1,33 @@ +From c886b359ba5f05eec6a8da34b55437834b7d80ee Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 6 Feb 2020 14:51:14 +0200 +Subject: [PATCH] Fix pointer dereference before testing for NULL in + rpmtdGetNumber() + +--- + lib/rpmtd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rpmtd.c b/lib/rpmtd.c +index e33c8cb53..41c6a50e8 100644 +--- a/lib/rpmtd.c ++++ b/lib/rpmtd.c +@@ -210,12 +210,12 @@ const char * rpmtdGetString(rpmtd td) + + uint64_t rpmtdGetNumber(rpmtd td) + { +- uint64_t val = 0; +- int ix = (td->ix >= 0 ? td->ix : 0); +- + if (td == NULL) + return 0; + ++ uint64_t val = 0; ++ int ix = (td->ix >= 0 ? td->ix : 0); ++ + switch (td->type) { + case RPM_INT64_TYPE: + val = *((uint64_t *) td->data + ix); +-- +2.27.0 + diff --git a/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch b/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch new file mode 100644 index 0000000..cfc242b --- /dev/null +++ b/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch @@ -0,0 +1,40 @@ +From 747b7119ae89a3ccaceeae4f5570c7ab83d2cf5d Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 1 Sep 2020 13:14:35 +0300 +Subject: [PATCH] Fix possible read beyond buffer in rstrnlenhash() + +On strings that are not \0-terminated (which are a big reason for the +existence of this function), the while-loop would try to compare the +first character beyond the specified buffer for '\0' before realizing +we're already beyond the end when checking n. Should be mostly harmless +in practise as the check for n would still terminate it, but not right. +In particular this trips up address sanitizer with the bdb backend where +some of the returned strings are not \0-terminated. + +Test for string length first, and move the decrementing side-effect into +the loop for better readability. +--- + rpmio/rpmstrpool.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/rpmio/rpmstrpool.c b/rpmio/rpmstrpool.c +index 776ca6dea..0db0b5313 100644 +--- a/rpmio/rpmstrpool.c ++++ b/rpmio/rpmstrpool.c +@@ -88,11 +88,12 @@ static inline unsigned int rstrnlenhash(const char * str, size_t n, size_t * len + unsigned int hash = 0xe4721b68; + const char * s = str; + +- while (*s != '\0' && n-- > 0) { ++ while (n > 0 && *s != '\0') { + hash += *s; + hash += (hash << 10); + hash ^= (hash >> 6); + s++; ++ n--; + } + hash += (hash << 3); + hash ^= (hash >> 11); +-- +2.27.0 + diff --git a/backport-Fix-regression-on-v3-package-handling-on-database-re.patch b/backport-Fix-regression-on-v3-package-handling-on-database-re.patch new file mode 100644 index 0000000..b24c40b --- /dev/null +++ b/backport-Fix-regression-on-v3-package-handling-on-database-re.patch @@ -0,0 +1,29 @@ +From 85e5a70368854da0537099128530b0df69ca2216 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 29 Jan 2020 13:58:16 +0200 +Subject: [PATCH] Fix regression on v3 package handling on database rebuild + +Introduced in commit 27ea3f8624560bd158fc7bc801639310a0ffab10, the +wrong header is being added in case of v3 packages. + +Fixes: #1017 +--- + lib/rpmdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmdb.c b/lib/rpmdb.c +index 7ae67563f..91543eb68 100644 +--- a/lib/rpmdb.c ++++ b/lib/rpmdb.c +@@ -2557,7 +2557,7 @@ int rpmdbRebuild(const char * prefix, rpmts ts, + /* Deleted entries are eliminated in legacy headers by copy. */ + if (headerIsEntry(h, RPMTAG_HEADERIMAGE)) { + Header nh = headerReload(headerCopy(h), RPMTAG_HEADERIMAGE); +- rc = rpmdbAdd(newdb, h); ++ rc = rpmdbAdd(newdb, nh); + headerFree(nh); + } else { + rc = rpmdbAdd(newdb, h); +-- +2.27.0 + diff --git a/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch b/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch new file mode 100644 index 0000000..a9deae0 --- /dev/null +++ b/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch @@ -0,0 +1,49 @@ +From 6b18e76f3db5dd3db5a468c947309322d8bc11aa Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 21 Nov 2019 12:22:45 +0200 +Subject: [PATCH] Fix resource leaks on zstd open error paths + +If zstd stream initialization fails, the opened fd and the stream +itself are leaked. Handle error exit in a central label. +--- + rpmio/rpmio.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c +index 243942411..10ba20cd6 100644 +--- a/rpmio/rpmio.c ++++ b/rpmio/rpmio.c +@@ -1128,13 +1128,13 @@ static rpmzstd rpmzstdNew(int fdno, const char *fmode) + if ((flags & O_ACCMODE) == O_RDONLY) { /* decompressing */ + if ((_stream = (void *) ZSTD_createDStream()) == NULL + || ZSTD_isError(ZSTD_initDStream(_stream))) { +- return NULL; ++ goto err; + } + nb = ZSTD_DStreamInSize(); + } else { /* compressing */ + if ((_stream = (void *) ZSTD_createCStream()) == NULL + || ZSTD_isError(ZSTD_initCStream(_stream, level))) { +- return NULL; ++ goto err; + } + nb = ZSTD_CStreamOutSize(); + } +@@ -1149,6 +1149,14 @@ static rpmzstd rpmzstdNew(int fdno, const char *fmode) + zstd->b = xmalloc(nb); + + return zstd; ++ ++err: ++ fclose(fp); ++ if ((flags & O_ACCMODE) == O_RDONLY) ++ ZSTD_freeDStream(_stream); ++ else ++ ZSTD_freeCStream(_stream); ++ return NULL; + } + + static FD_t zstdFdopen(FD_t fd, int fdno, const char * fmode) +-- +2.27.0 + diff --git a/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch b/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch new file mode 100644 index 0000000..dd4765d --- /dev/null +++ b/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch @@ -0,0 +1,48 @@ +From 83a5a20352dccd336a0114238c5988f0a9fa6d3e Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Thu, 23 Jan 2020 14:21:26 +0100 +Subject: [PATCH] If fork fails in getOutputFrom(), close opened unused pipe + fds on error code path + +Signed-off-by: Denys Vlasenko +--- + build/rpmfc.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/build/rpmfc.c b/build/rpmfc.c +index f5f3793b9..81101518b 100644 +--- a/build/rpmfc.c ++++ b/build/rpmfc.c +@@ -277,6 +277,17 @@ static int getOutputFrom(ARGV_t argv, + } + + child = fork(); ++ if (child < 0) { ++ rpmlog(RPMLOG_ERR, _("Couldn't fork %s: %s\n"), ++ argv[0], strerror(errno)); ++ if (doio) { ++ close(toProg[1]); ++ close(toProg[0]); ++ close(fromProg[0]); ++ close(fromProg[1]); ++ } ++ return -1; ++ } + if (child == 0) { + close(toProg[1]); + close(fromProg[0]); +@@ -299,11 +310,6 @@ static int getOutputFrom(ARGV_t argv, + argv[0], strerror(errno)); + _exit(EXIT_FAILURE); + } +- if (child < 0) { +- rpmlog(RPMLOG_ERR, _("Couldn't fork %s: %s\n"), +- argv[0], strerror(errno)); +- return -1; +- } + + if (!doio) + goto reap; +-- +2.27.0 + diff --git a/backport-Make-fdSeek-return-0-on-success-1-on-error.patch b/backport-Make-fdSeek-return-0-on-success-1-on-error.patch new file mode 100644 index 0000000..2822eff --- /dev/null +++ b/backport-Make-fdSeek-return-0-on-success-1-on-error.patch @@ -0,0 +1,31 @@ +From d1dee9c00af418004f578a97e9b794676daf6d37 Mon Sep 17 00:00:00 2001 +From: Matthew Almond +Date: Mon, 28 Sep 2020 12:41:22 -0700 +Subject: [PATCH] Make fdSeek return 0 on success, -1 on error + +This code eliminates a false positive failure when the destination +position is > 2GiB. This is done by changing the contract for `Fseek`. +Now it returns `0` on success instead of an `int` offset. +Care should be used to interpret the result as there is a difference in +semantics between the POSIX `fseek(2)`. Existing code is correct: negative +results are still failures. +--- + rpmio/rpmio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c +index 10a28a923..9f4a60aa1 100644 +--- a/rpmio/rpmio.c ++++ b/rpmio/rpmio.c +@@ -382,7 +382,7 @@ static ssize_t fdWrite(FDSTACK_t fps, const void * buf, size_t count) + + static int fdSeek(FDSTACK_t fps, off_t pos, int whence) + { +- return lseek(fps->fdno, pos, whence); ++ return (lseek(fps->fdno, pos, whence) == -1) ? -1 : 0; + } + + static int fdClose(FDSTACK_t fps) +-- +2.27.0 + diff --git a/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch b/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch new file mode 100644 index 0000000..d3876b8 --- /dev/null +++ b/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch @@ -0,0 +1,33 @@ +From 92a78e6acf3f056faccebb25a9d310ee96f8015d Mon Sep 17 00:00:00 2001 +From: Cerul Alain +Date: Mon, 13 Jul 2020 00:34:42 -0400 +Subject: [PATCH] Remove compare of global array tagsByName to NULL + +A 2016 change (57a96d2486c26142ebb168a1f00b0374d35bf044) apparently +changed tagsByName from dynamic allocation to being static, so that +Valgrind would not complain about lost memory. The definition is: + + static headerTagTableEntry tagsByName[TABLESIZE]; + +But a comparison was left of `tagsByName == NULL` in lib/tagname.c +and compiling with clang gives a warning, saying it is never NULL. +--- + lib/tagname.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/tagname.c b/lib/tagname.c +index 68b252991..4efd847eb 100644 +--- a/lib/tagname.c ++++ b/lib/tagname.c +@@ -234,7 +234,7 @@ int rpmTagGetNames(rpmtd tagnames, int fullname) + + pthread_once(&tagsLoaded, loadTags); + +- if (tagnames == NULL || tagsByName == NULL) ++ if (tagnames == NULL) + return 0; + + rpmtdReset(tagnames); +-- +2.27.0 + diff --git a/backport-Use-libelf-for-determining-file-colors.patch b/backport-Use-libelf-for-determining-file-colors.patch new file mode 100644 index 0000000..f53b901 --- /dev/null +++ b/backport-Use-libelf-for-determining-file-colors.patch @@ -0,0 +1,101 @@ +From 3c061be6aeaec1be793b406fac9f667dc5d1429b Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 4 Mar 2020 11:15:02 +0200 +Subject: [PATCH] Use libelf for determining file colors + +libmagic strings are notoriously unreliable as the details from version +to version. We link to libelf anyway so we might as well as get the +info straight from the horse's mouth. + +Besides being more reliable, this detaches the coloring business from +the hardcoded rpmfcTokens struct and informative-only FILECLASS +contents, +opening the door for other changes in that area. +--- + build/rpmfc.c | 35 +++++++++++++++++++++++++++++------ + 1 file changed, 29 insertions(+), 6 deletions(-) + +diff --git a/build/rpmfc.c b/build/rpmfc.c +index aaa0dca..0886616 100644 +--- a/build/rpmfc.c ++++ b/build/rpmfc.c +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -595,7 +596,7 @@ exit: + return rc; + } + +-/* Only used for elf coloring and controlling RPMTAG_FILECLASS inclusion now */ ++/* Only used for controlling RPMTAG_FILECLASS inclusion now */ + static const struct rpmfcTokens_s rpmfcTokens[] = { + { "directory", RPMFC_INCLUDE }, + +@@ -1076,6 +1077,29 @@ static int initAttrs(rpmfc fc) + return nattrs; + } + ++static uint32_t getElfColor(const char *fn) ++{ ++ uint32_t color = 0; ++ int fd = open(fn, O_RDONLY); ++ if (fd >= 0) { ++ Elf *elf = elf_begin (fd, ELF_C_READ, NULL); ++ GElf_Ehdr ehdr; ++ if (elf && gelf_getehdr(elf, &ehdr)) { ++ switch (ehdr.e_ident[EI_CLASS]) { ++ case ELFCLASS64: ++ color = RPMFC_ELF64; ++ break; ++ case ELFCLASS32: ++ color = RPMFC_ELF32; ++ break; ++ } ++ elf_end(elf); ++ } ++ close(fd); ++ } ++ return color; ++} ++ + rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) + { + int msflags = MAGIC_CHECK | MAGIC_COMPRESS | MAGIC_NO_CHECK_TOKENS; +@@ -1187,8 +1211,6 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) + /* Add attributes based on file type and/or path */ + rpmfcAttributes(fc, ix, ftype, s); + +- fc->fcolor[ix] = fcolor; +- + /* Add to file class dictionary and index array */ + #pragma omp ordered + if (fcolor != RPMFC_WHITE && (fcolor & RPMFC_INCLUDE)) { +@@ -1202,6 +1224,10 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) + } + /* Pool id's start from 1, for headers we want it from 0 */ + fc->fcdictx[ix] = ftypeId - 1; ++ ++ /* Add ELF colors */ ++ if (S_ISREG(mode) && is_executable) ++ fc->fcolor[ix] = getElfColor(s); + } + + if (ms != NULL) +@@ -1493,9 +1519,6 @@ rpmRC rpmfcGenerateDepends(const rpmSpec spec, Package pkg) + goto exit; + + /* Add per-file colors(#files) */ +- /* XXX Make sure only primary (i.e. Elf32/Elf64) colors are added. */ +- for (int i = 0; i < fc->nfiles; i++) +- fc->fcolor[i] &= 0x0f; + headerPutUint32(pkg->header, RPMTAG_FILECOLORS, fc->fcolor, fc->nfiles); + + /* Add classes(#classes) */ +-- +2.27.0 + diff --git a/backport-fix-zstd-magic.patch b/backport-fix-zstd-magic.patch new file mode 100644 index 0000000..121056a --- /dev/null +++ b/backport-fix-zstd-magic.patch @@ -0,0 +1,29 @@ +From c464f1ece501346da11ed7582b8d46682363a285 Mon Sep 17 00:00:00 2001 +From: Thierry Vignaud +Date: Mon, 23 Dec 2019 16:51:49 +0100 +Subject: [PATCH] fix zstd magic + +I spot it while adding support for zstd compressed metadata in +URPM/urpmi, which was broken by this typo + +typo introduced in commit 3684424fe297c996bb05bb64631336fa2903df12 +--- + rpmio/rpmfileutil.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c +index bda97adf1..84ee34f4d 100644 +--- a/rpmio/rpmfileutil.c ++++ b/rpmio/rpmfileutil.c +@@ -188,7 +188,7 @@ int rpmFileIsCompressed(const char * file, rpmCompressedMagic * compressed) + (magic[4] == 0x5a) && (magic[5] == 0x00)) { + /* new style xz (lzma) with magic */ + *compressed = COMPRESSED_XZ; +- } else if ((magic[0] == 0x28) && (magic[1] == 0x85) && ++ } else if ((magic[0] == 0x28) && (magic[1] == 0xB5) && + (magic[2] == 0x2f) ) { + *compressed = COMPRESSED_ZSTD; + } else if ((magic[0] == 'L') && (magic[1] == 'Z') && +-- +2.27.0 + diff --git a/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch b/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch new file mode 100644 index 0000000..09a8b0f --- /dev/null +++ b/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch @@ -0,0 +1,28 @@ +From 52c3ee60a1ce0e7e527dc396dd1e1a0e29b7b0ed Mon Sep 17 00:00:00 2001 +From: Michael Schroeder +Date: Fri, 10 Jan 2020 15:47:13 +0100 +Subject: [PATCH] ndb: only clear the dbenv in the rpmdb if the last reference + is gone + +Otherwise we will segfault if just one index is closed. +--- + lib/backend/ndb/glue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c +index 376e360e3..841c2fe42 100644 +--- a/lib/backend/ndb/glue.c ++++ b/lib/backend/ndb/glue.c +@@ -52,8 +52,8 @@ static void closeEnv(rpmdb rdb) + if (ndbenv->data) + free(ndbenv->data); + free(ndbenv); ++ rdb->db_dbenv = 0; + } +- rdb->db_dbenv = 0; + } + + static struct ndbEnv_s *openEnv(rpmdb rdb) +-- +2.27.0 + diff --git a/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch b/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch new file mode 100644 index 0000000..c4c0728 --- /dev/null +++ b/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch @@ -0,0 +1,47 @@ +From f34030816d84dfbf52f259404b32b81e53c21fbb Mon Sep 17 00:00:00 2001 +From: Jes Sorensen +Date: Fri, 3 Apr 2020 14:09:18 -0400 +Subject: [PATCH] rpmfiArchiveRead() use signed return value to handle -1 on + error + +size_t is unsigned, so returning -1 is not going to have the expected +behavior. Fix it to return ssize_t. + +Signed-off-by: Jes Sorensen +--- + lib/rpmarchive.h | 4 ++-- + lib/rpmfi.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rpmarchive.h b/lib/rpmarchive.h +index c864e5b56..2484b4d71 100644 +--- a/lib/rpmarchive.h ++++ b/lib/rpmarchive.h +@@ -122,9 +122,9 @@ int rpmfiArchiveWriteFile(rpmfi fi, FD_t fd); + * @param fi file info + * @param buf pointer to buffer + * @param size number of bytes to read +- * @return bytes actually read ++ * @return bytes actually read, -1 on error + */ +-size_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size); ++ssize_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size); + + /** \ingroup payload + * Has current file content stored in the archive +diff --git a/lib/rpmfi.c b/lib/rpmfi.c +index c314a8b29..af428468c 100644 +--- a/lib/rpmfi.c ++++ b/lib/rpmfi.c +@@ -2261,7 +2261,7 @@ int rpmfiArchiveHasContent(rpmfi fi) + return res; + } + +-size_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size) ++ssize_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size) + { + if (fi == NULL || fi->archive == NULL) + return -1; +-- +2.27.0 + diff --git a/backport-rpmio-initialise-libgcrypt.patch b/backport-rpmio-initialise-libgcrypt.patch new file mode 100644 index 0000000..ee837eb --- /dev/null +++ b/backport-rpmio-initialise-libgcrypt.patch @@ -0,0 +1,30 @@ +From 61ea5a8ea64dc130713da889f3f0c8da1a547bd9 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Wed, 4 Dec 2019 17:13:10 +0000 +Subject: [PATCH] rpmio: initialise libgcrypt + +If we're using libgcrypt for hashing we need to initialise libgcrypt as +otherwise it is not thread-safe. Without this it will crash when used +in parallel packaging runs. + +Fixes #968 +--- + rpmio/digest_libgcrypt.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rpmio/digest_libgcrypt.c b/rpmio/digest_libgcrypt.c +index b31fda569..291187f60 100644 +--- a/rpmio/digest_libgcrypt.c ++++ b/rpmio/digest_libgcrypt.c +@@ -20,6 +20,8 @@ struct DIGEST_CTX_s { + /**************************** init ************************************/ + + int rpmInitCrypto(void) { ++ gcry_check_version (NULL); ++ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + return 0; + } + +-- +2.27.0 + diff --git a/rpm.spec b/rpm.spec index 046b0db..ed0d2e6 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.15.1 -Release: 20 +Release: 21 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -25,6 +25,30 @@ Patch15: Don-t-add-dist-to-release-if-it-is-already-there.patch Patch16: Use-user.digest_list-to-avoid-duplicate-processing-o.patch Patch17: call-process_digest_list-after-files-are-added.patch +Patch18: backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch +Patch19: backport-Fix-resource-leaks-on-zstd-open-error-paths.patch +Patch20: backport-rpmio-initialise-libgcrypt.patch +Patch21: backport-fix-zstd-magic.patch +Patch22: backport-Don-t-require-signature-header-to-be-in-single-conti.patch +Patch23: backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch +Patch24: backport-Fix-regression-on-v3-package-handling-on-database-re.patch +Patch25: backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch +Patch26: backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch +Patch27: backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch +Patch28: backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch +Patch29: backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch +Patch30: backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch +Patch31: backport-Don-t-look-into-source-package-provides-in-depsolvin.patch +Patch32: backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch +Patch33: backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch +Patch34: backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch +Patch35: backport-Always-close-libelf-handle-1313.patch +Patch36: backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch +Patch37: backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch +Patch38: backport-Make-fdSeek-return-0-on-success-1-on-error.patch +Patch39: backport-Fix-logic-error-in-grabArgs.patch +Patch40: backport-Use-libelf-for-determining-file-colors.patch + BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils @@ -272,6 +296,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Mon Jan 11 2021 Liquor - 4.15.1-21 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:backport patches from upstream + * Thu Dec 17 2020 Anakin Zhang - 4.15.1-20 - Type:bugfix - ID:NA