diff --git a/Add-digest-list-plugin.patch b/Add-digest-list-plugin.patch index f79c1fe..2256824 100644 --- a/Add-digest-list-plugin.patch +++ b/Add-digest-list-plugin.patch @@ -17,9 +17,9 @@ index 402749362..8619c1323 100644 --- a/macros.in +++ b/macros.in @@ -1184,6 +1184,7 @@ package or when debugging this package.\ - %__transaction_ima %{__plugindir}/ima.so %__transaction_prioreset %{__plugindir}/prioreset.so %__transaction_audit %{__plugindir}/audit.so + %__transaction_dbus_announce %{__plugindir}/dbus_announce.so +%__transaction_digest_list %{__plugindir}/digest_list.so #------------------------------------------------------------------------------ @@ -41,10 +41,11 @@ new file mode 100644 index 000000000..beb397309 --- /dev/null +++ b/plugins/digest_list.c -@@ -0,0 +1,498 @@ +@@ -0,0 +1,499 @@ +#include "system.h" +#include "errno.h" + ++#include +#include +#include +#include @@ -565,7 +566,7 @@ index 46cd0f31a..3c6b18b53 100644 } break; case 4: @@ -658,6 +659,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - if (p > (h + hlen)) + if (p > hend) return 1; + _digp->data = p; diff --git a/CVE-2021-20266.patch b/CVE-2021-20266.patch deleted file mode 100644 index 175200a..0000000 --- a/CVE-2021-20266.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 8f4b3c3cab8922a2022b9e47c71f1ecf906077ef Mon Sep 17 00:00:00 2001 -From: Demi Marie Obenour -Date: Mon, 8 Feb 2021 16:05:01 -0500 -Subject: [PATCH] hdrblobInit() needs bounds checks too - -Users can pass untrusted data to hdrblobInit() and it must be robust -against this. ---- - lib/header.c | 48 +++++++++++++++++++++++++++++++----------------- - 1 file changed, 31 insertions(+), 17 deletions(-) - -diff --git a/lib/header.c b/lib/header.c -index ea39e679f4..ebba9c2b09 100644 ---- a/lib/header.c -+++ b/lib/header.c -@@ -11,6 +11,7 @@ - #include "system.h" - #include - #include -+#include - #include - #include - #include "lib/header_internal.h" -@@ -1912,6 +1913,25 @@ hdrblob hdrblobFree(hdrblob blob) - return NULL; - } - -+static rpmRC hdrblobVerifyLengths(rpmTagVal regionTag, uint32_t il, uint32_t dl, -+ char **emsg) { -+ uint32_t il_max = HEADER_TAGS_MAX; -+ uint32_t dl_max = HEADER_DATA_MAX; -+ if (regionTag == RPMTAG_HEADERSIGNATURES) { -+ il_max = 32; -+ dl_max = 64 * 1024 * 1024; -+ } -+ if (hdrchkRange(il_max, il)) { -+ rasprintf(emsg, _("hdr tags: BAD, no. of tags(%" PRIu32 ") out of range"), il); -+ return RPMRC_FAIL; -+ } -+ if (hdrchkRange(dl_max, dl)) { -+ rasprintf(emsg, _("hdr data: BAD, no. of bytes(%" PRIu32 ") out of range"), dl); -+ return RPMRC_FAIL; -+ } -+ return RPMRC_OK; -+} -+ - rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrblob blob, char **emsg) - { - int32_t block[4]; -@@ -1924,13 +1944,6 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl - size_t nb; - rpmRC rc = RPMRC_FAIL; /* assume failure */ - int xx; -- int32_t il_max = HEADER_TAGS_MAX; -- int32_t dl_max = HEADER_DATA_MAX; -- -- if (regionTag == RPMTAG_HEADERSIGNATURES) { -- il_max = 32; -- dl_max = 64 * 1024 * 1024; -- } - - memset(block, 0, sizeof(block)); - if ((xx = Freadall(fd, bs, blen)) != blen) { -@@ -1943,15 +1956,9 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl - goto exit; - } - il = ntohl(block[2]); -- if (hdrchkRange(il_max, il)) { -- rasprintf(emsg, _("hdr tags: BAD, no. of tags(%d) out of range"), il); -- goto exit; -- } - dl = ntohl(block[3]); -- if (hdrchkRange(dl_max, dl)) { -- rasprintf(emsg, _("hdr data: BAD, no. of bytes(%d) out of range"), dl); -+ if (hdrblobVerifyLengths(regionTag, il, dl, emsg)) - goto exit; -- } - - nb = (il * sizeof(struct entryInfo_s)) + dl; - uc = sizeof(il) + sizeof(dl) + nb; -@@ -1995,11 +2002,18 @@ rpmRC hdrblobInit(const void *uh, size_t uc, - struct hdrblob_s *blob, char **emsg) - { - rpmRC rc = RPMRC_FAIL; -- - memset(blob, 0, sizeof(*blob)); -+ if (uc && uc < 8) { -+ rasprintf(emsg, _("hdr length: BAD")); -+ goto exit; -+ } -+ - blob->ei = (int32_t *) uh; /* discards const */ -- blob->il = ntohl(blob->ei[0]); -- blob->dl = ntohl(blob->ei[1]); -+ blob->il = ntohl((uint32_t)(blob->ei[0])); -+ blob->dl = ntohl((uint32_t)(blob->ei[1])); -+ if (hdrblobVerifyLengths(regionTag, blob->il, blob->dl, emsg) != RPMRC_OK) -+ goto exit; -+ - blob->pe = (entryInfo) &(blob->ei[2]); - blob->pvlen = sizeof(blob->il) + sizeof(blob->dl) + - (blob->il * sizeof(*blob->pe)) + blob->dl; diff --git a/Don-t-add-dist-to-release-if-it-is-already-there.patch b/Don-t-add-dist-to-release-if-it-is-already-there.patch index 11bff23..8820ef2 100644 --- a/Don-t-add-dist-to-release-if-it-is-already-there.patch +++ b/Don-t-add-dist-to-release-if-it-is-already-there.patch @@ -20,7 +20,7 @@ index 147059bb5..c3d898b4c 100644 + (dist && strstr(field, dist)) ? "" : dist); free(dist); } - if (rpmCharCheck(spec, field, WHITELIST_VERREL)) + if (rpmCharCheck(spec, field, ALLOWED_CHARS_VERREL)) -- 2.27.GIT diff --git a/Generate-digest-lists.patch b/Generate-digest-lists.patch index cc74351..7fbac1c 100644 --- a/Generate-digest-lists.patch +++ b/Generate-digest-lists.patch @@ -39,19 +39,19 @@ index 6dfd801c8..ab6938d8c 100644 static void nullAttrRec(AttrRec ar) { memset(ar, 0, sizeof(*ar)); -@@ -984,11 +991,13 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) +@@ -997,11 +997,14 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) { FileListRec flp; char buf[BUFSIZ]; + char file_info[BUFSIZ]; + char file_digest[128 * 2 + 1]; int i, npaths = 0; + int fail_on_dupes = rpmExpandNumeric("%{?_duplicate_files_terminate_build}") > 0; uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo; rpm_loff_t totalFileSize = 0; Header h = pkg->header; /* just a shortcut */ -- int override_date = 0; -+ int override_date = 0, processed = 0; - time_t source_date_epoch; ++ int processed = 0; + time_t source_date_epoch = 0; char *srcdate = getenv("SOURCE_DATE_EPOCH"); @@ -1058,8 +1067,9 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc) diff --git a/Silence-spurious-error-message-from-lsetfilecon-on-E.patch b/Silence-spurious-error-message-from-lsetfilecon-on-E.patch deleted file mode 100644 index 1a708a2..0000000 --- a/Silence-spurious-error-message-from-lsetfilecon-on-E.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4a71a3eccd7e9e14ee0e83b1cb300386a93622cd Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Fri, 13 Dec 2019 14:14:10 +0200 -Subject: [PATCH] Silence spurious error message from lsetfilecon() on - -EOPNOTSUPP - -We already filter out -EOPNOTSUPP and return OK, but the message was -getting logged before the filtering so we'd spit out spurious error -messages on filesystems that don't support SELinux (RhBug:1777502) ---- - plugins/selinux.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/plugins/selinux.c b/plugins/selinux.c -index a51f95e..ba37ffa 100644 ---- a/plugins/selinux.c -+++ b/plugins/selinux.c -@@ -168,11 +168,12 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, - if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) { - int conrc = lsetfilecon(path, scon); - -- rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n", -- path, scon, (conrc < 0 ? strerror(errno) : "")); -- - if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) - rc = RPMRC_OK; -+ -+ rpmlog(loglvl(rc != RPMRC_OK), "lsetfilecon: (%s, %s) %s\n", -+ path, scon, (conrc < 0 ? strerror(errno) : "")); -+ - freecon(scon); - } else { - /* No context for dest is not our headache */ --- -1.8.3.1 - diff --git a/Unbundle-config-site-and-add-RPM-LD-FLAGS-macro.patch b/Unbundle-config-site-and-add-RPM-LD-FLAGS-macro.patch index e7fe492..920a285 100644 --- a/Unbundle-config-site-and-add-RPM-LD-FLAGS-macro.patch +++ b/Unbundle-config-site-and-add-RPM-LD-FLAGS-macro.patch @@ -31,7 +31,7 @@ index fe9803a..4027493 100644 + CONFIG_SITE=${CONFIG_SITE:-NONE}\ + export CONFIG_SITE\ \ - %{verbose:set -x}\ + %[%{verbose}?"set -x":""]\ umask 022\ -- 1.8.3.1 diff --git a/Use-common-error-logic-regardless-of-setexecfilecon-.patch b/Use-common-error-logic-regardless-of-setexecfilecon-.patch deleted file mode 100644 index 407dec9..0000000 --- a/Use-common-error-logic-regardless-of-setexecfilecon-.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 153c5c219844f0f294862c9043b20f4d24f7fa69 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 18 Feb 2020 15:50:40 +0200 -Subject: [PATCH] Use common error logic regardless of setexecfilecon() - availability - -Refactor the custom exec context setting code to look like setexecfilecon() -in case the real one is not available to eliminate pesky behavioral -differences between the two cases. - -This fixes a concrete bug of libselinux setexecfilecon() returning with -an error when security_getenforce() returns with -1 (such as a bare -chroot with no /sys mounts etc), causing us to spit out useless error -messages in that case ever since fixing the bogus if-logic in -commit ab601b882b9d9d8248250111317615db1aa7b7c6. - -Fixes: #1077 ---- - plugins/selinux.c | 44 +++++++++++++++++++++----------------------- - 1 file changed, 21 insertions(+), 23 deletions(-) - -diff --git a/plugins/selinux.c b/plugins/selinux.c -index ba37ffabe..12545174d 100644 ---- a/plugins/selinux.c -+++ b/plugins/selinux.c -@@ -94,65 +94,63 @@ static rpmRC selinux_psm_pre(rpmPlugin plugin, rpmte te) - return rc; - } - --static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin, -- const char *path, int type) --{ -- rpmRC rc = RPMRC_FAIL; -- int xx; - #ifndef HAVE_SETEXECFILECON -+static int setexecfilecon(const char *path, const char *fallback_type) -+{ -+ int rc = -1; - security_context_t mycon = NULL, fcon = NULL, newcon = NULL; - context_t con = NULL; - -- if (sehandle == NULL) -- return RPMRC_OK; -- - /* Figure the context to for next exec() */ - if (getcon(&mycon) < 0) - goto exit; - if (getfilecon(path, &fcon) < 0) - goto exit; -- if (security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon) < 0) -+ if (security_compute_create(mycon, fcon, -+ string_to_security_class("process"), &newcon) < 0) - goto exit; - - if (rstreq(mycon, newcon)) { -- /* No default transition, use rpm_script_t for now. */ -- const char * script_type = "rpm_script_t"; -- - con = context_new(mycon); - if (!con) - goto exit; -- if (context_type_set(con, script_type)) -+ if (context_type_set(con, fallback_type)) - goto exit; - freecon(newcon); - newcon = xstrdup(context_str(con)); - } - -- if ((xx = setexeccon(newcon)) == 0) -- rc = RPMRC_OK; -- -- rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n", -- path, newcon, (xx < 0 ? strerror(errno) : "")); -+ rc = setexeccon(newcon); - - exit: - context_free(con); - freecon(newcon); - freecon(fcon); - freecon(mycon); -+ return rc; -+} -+#endif -+ -+static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin, -+ const char *path, int type) -+{ -+ /* No default transition, use rpm_script_t for now. */ -+ const char *script_type = "rpm_script_t"; -+ rpmRC rc = RPMRC_FAIL; - --#else - if (sehandle == NULL) - return RPMRC_OK; - -- if ((xx = setexecfilecon(path, "rpm_script_t")) == 0) -+ if (setexecfilecon(path, script_type) == 0) - rc = RPMRC_OK; - -- rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n", -- path, (xx < 0 ? strerror(errno) : "")); --#endif - /* If selinux is not enforcing, we don't care either */ - if (rc && security_getenforce() < 1) - rc = RPMRC_OK; - -+ rpmlog(loglvl(rc), "setexecfilecon: (%s, %s) %s\n", -+ path, script_type, rc ? strerror(errno) : ""); -+ - return rc; - } - --- diff --git a/add-dist-to-release-by-default.patch b/add-dist-to-release-by-default.patch index 9640c15..36c8226 100644 --- a/add-dist-to-release-by-default.patch +++ b/add-dist-to-release-by-default.patch @@ -20,7 +20,7 @@ index b0a17c8..cac899a 100644 + rasprintf(&field,"%s%s",field,dist); + free(dist); + } - if (rpmCharCheck(spec, field, WHITELIST_VERREL)) + if (rpmCharCheck(spec, field, ALLOWED_CHARS_VERREL)) goto exit; headerPutString(pkg->header, tag, field); @@ -987,6 +992,8 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag, diff --git a/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch b/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch deleted file mode 100644 index d088619..0000000 --- a/backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 213a4064a4b1b5b260a55b3933170599e617494d Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 1 Sep 2020 12:15:33 +0300 -Subject: [PATCH] Add missing terminator to copyTagsFromMainDebug array - -headerCopyTags() expects a 0-terminated array, this was overflowing -(spotted by address-sanitizer) ---- - build/files.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/build/files.c b/build/files.c -index f06f9ac74..47625905c 100644 ---- a/build/files.c -+++ b/build/files.c -@@ -2838,6 +2838,7 @@ static rpmTag copyTagsFromMainDebug[] = { - RPMTAG_OS, - RPMTAG_PLATFORM, - RPMTAG_OPTFLAGS, -+ 0 - }; - - /* this is a hack: patch the summary and the description to include --- -2.27.0 - diff --git a/backport-Always-close-libelf-handle-1313.patch b/backport-Always-close-libelf-handle-1313.patch deleted file mode 100644 index 6785d04..0000000 --- a/backport-Always-close-libelf-handle-1313.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 38c03ddb18e86c84d89af695f72442d8365eb64e Mon Sep 17 00:00:00 2001 -From: Florian Festi -Date: Tue, 21 Jul 2020 10:45:20 +0200 -Subject: [PATCH] Always close libelf handle (#1313) - -Otherwise executables that are not proper elf files are leaking libelf -handles. This results in file being left open (mmap'ed) and fails the -build on NFS as those files can't be deleted properly there. - -Resolves: rhbz#1840728 -See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728 ---- - build/files.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/files.c b/build/files.c -index f675306f7..62489c07c 100644 ---- a/build/files.c -+++ b/build/files.c -@@ -1935,8 +1935,8 @@ static int generateBuildIDs(FileList fl, ARGV_t *files) - if (terminate) - rc = 1; - } -- elf_end (elf); - } -+ elf_end (elf); - close (fd); - } - } --- -2.27.0 - diff --git a/backport-CVE-2021-20271.patch b/backport-CVE-2021-20271.patch deleted file mode 100644 index 18f73f5..0000000 --- a/backport-CVE-2021-20271.patch +++ /dev/null @@ -1,169 +0,0 @@ -From d6a86b5e69e46cc283b1e06c92343319beb42e21 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 4 Mar 2021 13:21:19 +0200 -Subject: [PATCH] Be much more careful about copying data from the signature - header -Conflict:NA -Reference:https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 - -Only look for known tags, and ensure correct type and size where known -before copying over. Bump the old arbitrary 16k count limit to 16M limit -though, it's not inconceivable that a package could have that many files. -While at it, ensure none of these tags exist in the main header, -which would confuse us greatly. -This is optimized for backporting ease, upstream can remove redundancies -and further improve checking later. -Reported and initial patches by Demi Marie Obenour. -Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ... -Fixes: CVE-2021-3421, CVE-2021-20271 ---- - lib/package.c | 112 +++++++++++++++++++++++++--------------------------------- - 1 file changed, 49 insertions(+), 63 deletions(-) - -diff --git a/lib/package.c b/lib/package.c -index db70d13..6f10bb9 100644 ---- a/lib/package.c -+++ b/lib/package.c -@@ -31,82 +31,67 @@ struct pkgdata_s { - rpmRC rc; - }; - -+struct taglate_s { -+ rpmTagVal stag; -+ rpmTagVal xtag; -+ rpm_count_t count; -+} const xlateTags[] = { -+ { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 }, -+ { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 }, -+ { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 }, -+ { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 }, -+ /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */ -+ { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 }, -+ { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 }, -+ { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 }, -+ { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 }, -+ { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 }, -+ { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 }, -+ { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 }, -+ { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 }, -+ { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 }, -+ { 0 } -+}; -+ - /** \ingroup header - * Translate and merge legacy signature tags into header. - * @param h header (dest) - * @param sigh signature header (src) -+ * @return failing tag number, 0 on success - */ - static --void headerMergeLegacySigs(Header h, Header sigh) -+rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg) - { -- HeaderIterator hi; -+ const struct taglate_s *xl; - struct rpmtd_s td; -- -- hi = headerInitIterator(sigh); -- for (; headerNext(hi, &td); rpmtdFreeData(&td)) -- { -- switch (td.tag) { -- /* XXX Translate legacy signature tag values. */ -- case RPMSIGTAG_SIZE: -- td.tag = RPMTAG_SIGSIZE; -- break; -- case RPMSIGTAG_PGP: -- td.tag = RPMTAG_SIGPGP; -- break; -- case RPMSIGTAG_MD5: -- td.tag = RPMTAG_SIGMD5; -- break; -- case RPMSIGTAG_GPG: -- td.tag = RPMTAG_SIGGPG; -- break; -- case RPMSIGTAG_PGP5: -- td.tag = RPMTAG_SIGPGP5; -- break; -- case RPMSIGTAG_PAYLOADSIZE: -- td.tag = RPMTAG_ARCHIVESIZE; -- break; -- case RPMSIGTAG_FILESIGNATURES: -- td.tag = RPMTAG_FILESIGNATURES; -- break; -- case RPMSIGTAG_FILESIGNATURELENGTH: -- td.tag = RPMTAG_FILESIGNATURELENGTH; -- break; -- case RPMSIGTAG_SHA1: -- case RPMSIGTAG_SHA256: -- case RPMSIGTAG_DSA: -- case RPMSIGTAG_RSA: -- default: -- if (!(td.tag >= HEADER_SIGBASE && td.tag < HEADER_TAGBASE)) -- continue; -- break; -- } -- if (!headerIsEntry(h, td.tag)) { -- switch (td.type) { -- case RPM_NULL_TYPE: -- continue; -+ rpmtdReset(&td); -+ for (xl = xlateTags; xl->stag; xl++) { -+ /* There mustn't be one in the main header */ -+ if (headerIsEntry(h, xl->xtag)) -+ if (headerGet(sigh, xl->stag, &td, HEADERGET_RAW|HEADERGET_MINMEM)) { -+ /* Translate legacy tags */ -+ if (xl->stag != xl->xtag) -+ td.tag = xl->xtag; -+ /* Ensure type and tag size match expectations */ -+ if (td.type != rpmTagGetTagType(td.tag)) - break; -- case RPM_CHAR_TYPE: -- case RPM_INT8_TYPE: -- case RPM_INT16_TYPE: -- case RPM_INT32_TYPE: -- case RPM_INT64_TYPE: -- if (td.count != 1) -- continue; -+ if (td.count < 1 || td.count > 16*1024*1024) - break; -- case RPM_STRING_TYPE: -- case RPM_STRING_ARRAY_TYPE: -- case RPM_BIN_TYPE: -- if (td.count >= 16*1024) -- continue; -+ if (xl->count && td.count != xl->count) - break; -- case RPM_I18NSTRING_TYPE: -- continue; -+ if (!headerPut(h, &td, HEADERPUT_DEFAULT)) - break; -- } -- (void) headerPut(h, &td, HEADERPUT_DEFAULT); -+ rpmtdFreeData(&td); - } - } -- headerFreeIterator(hi); -+ rpmtdFreeData(&td); -+ -+ if (xl->stag) { -+ rasprintf(msg, "invalid signature tag %s (%d)", -+ rpmTagGetName(xl->xtag), xl->xtag); -+ } -+ -+ return xl->stag; - } - - /** -@@ -369,7 +354,8 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) - goto exit; - - /* Append (and remap) signature tags to the metadata. */ -- headerMergeLegacySigs(h, sigh); -+ if (headerMergeLegacySigs(h, sigh, &msg)) -+ goto exit; - applyRetrofits(h); - - /* Bump reference count for return. */ --- -1.8.3.1 - diff --git a/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch b/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch deleted file mode 100644 index da40c93..0000000 --- a/backport-Don-t-look-into-source-package-provides-in-depsolvin.patch +++ /dev/null @@ -1,64 +0,0 @@ -From a4afbb62c94c6e0dc18c1bf08336aeb4a91f82de Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 22 Apr 2020 14:12:47 +0300 -Subject: [PATCH] Don't look into source package provides in depsolving - -Fixes regressions from commit 75ec16e660e784d7897b37cac1a2b9b135825f25: -the newly added provides of to-be-built packages were being used for -dependency resolution, such as spec satifying its own buildrequires, -and matched against conflicts in installed packages. - -Source packages cannot obsolete anything or provide capabilities or files -to transactions, don't add them to rpmal at all. Explicitly skip checks -against source provides, similarly to what we already did with obsoletes. - -Fixes: #1189 ---- - lib/depends.c | 8 ++++---- - lib/rpmal.c | 4 ++++ - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/lib/depends.c b/lib/depends.c -index 6acb21dc3..579451926 100644 ---- a/lib/depends.c -+++ b/lib/depends.c -@@ -1040,6 +1040,10 @@ int rpmtsCheck(rpmts ts) - checkDS(ts, dcache, p, rpmteNEVRA(p), rpmteDS(p, RPMTAG_OBSOLETENAME), - tscolor); - -+ /* Skip obsoletion and provides checks for source packages (ie build) */ -+ if (rpmteIsSource(p)) -+ continue; -+ - /* Check provides against conflicts in installed packages. */ - while (rpmdsNext(provides) >= 0) { - checkInstDeps(ts, dcache, p, RPMTAG_CONFLICTNAME, NULL, provides, 0); -@@ -1047,10 +1051,6 @@ int rpmtsCheck(rpmts ts) - checkInstDeps(ts, dcache, p, RPMTAG_REQUIRENAME, NULL, provides, 1); - } - -- /* Skip obsoletion checks for source packages (ie build) */ -- if (rpmteIsSource(p)) -- continue; -- - /* Check package name (not provides!) against installed obsoletes */ - checkInstDeps(ts, dcache, p, RPMTAG_OBSOLETENAME, NULL, rpmteDS(p, RPMTAG_NAME), 0); - -diff --git a/lib/rpmal.c b/lib/rpmal.c -index 3c8acd63a..8a47d025a 100644 ---- a/lib/rpmal.c -+++ b/lib/rpmal.c -@@ -247,6 +247,10 @@ void rpmalAdd(rpmal al, rpmte p) - rpmalNum pkgNum; - availablePackage alp; - -+ /* Source packages don't provide anything to depsolving */ -+ if (rpmteIsSource(p)) -+ return; -+ - if (al->size == al->alloced) { - al->alloced += al->delta; - al->list = xrealloc(al->list, sizeof(*al->list) * al->alloced); --- -2.27.0 - diff --git a/backport-Don-t-require-signature-header-to-be-in-single-conti.patch b/backport-Don-t-require-signature-header-to-be-in-single-conti.patch deleted file mode 100644 index 3be02b3..0000000 --- a/backport-Don-t-require-signature-header-to-be-in-single-conti.patch +++ /dev/null @@ -1,31 +0,0 @@ -From bb30f997c4b22c0d5cf6752f15d2af17538f91f0 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 9 Jan 2020 10:24:39 +0200 -Subject: [PATCH] Don't require signature header to be in single contiguous - region part II - -The generic case was reported in #270 and fixed quite a while ago in -commit 34c2ba3c6a80a778cdf2e42a9193b3264e08e1b3, but signing uses a -different code path and require the same treatment. - -Fixes: #1002 ---- - lib/signature.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/signature.c b/lib/signature.c -index 6f04962e8..21f04c7f2 100644 ---- a/lib/signature.c -+++ b/lib/signature.c -@@ -65,7 +65,7 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, char ** msg) - if (sighp) - *sighp = NULL; - -- if (hdrblobRead(fd, 1, 1, RPMTAG_HEADERSIGNATURES, &blob, &buf) != RPMRC_OK) -+ if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, &blob, &buf) != RPMRC_OK) - goto exit; - - /* OK, blob looks sane, load the header. */ --- -2.27.0 - diff --git a/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch b/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch deleted file mode 100644 index 169838c..0000000 --- a/backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 307872f71b357a3839fd037514a1c3dabfacc611 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Mon, 3 Feb 2020 14:54:16 +0200 -Subject: [PATCH] Fix POPT_ARG_STRING memleaks in librpmbuild - -popt always returned malloc'ed memory for POPT_ARG_STRING items, but -for whatever historical reason rpm systematically passed const char * -pointers as targets, making them look non-freeable. Besides changing -just the types and adding free()'s, const-correctness requires extra -tweaks as there's mixed use from string literals and poptGetArg() which -does return const pointers. ---- - build/parseDescription.c | 11 +++++++---- - build/parseFiles.c | 5 +++-- - build/parsePolicies.c | 5 +++-- - build/parsePrep.c | 6 +++++- - build/parseScript.c | 11 +++++++---- - build/policies.c | 8 ++++++-- - 6 files changed, 31 insertions(+), 15 deletions(-) - -diff --git a/build/parseDescription.c b/build/parseDescription.c -index c0737c0..72811f5 100644 ---- a/build/parseDescription.c -+++ b/build/parseDescription.c -@@ -19,8 +19,8 @@ int parseDescription(rpmSpec spec) - int rc, argc; - int arg; - const char **argv = NULL; -- const char *name = NULL; -- const char *lang = RPMBUILD_DEFAULT_LANG; -+ char *name = NULL; -+ char *lang = NULL; - const char *descr = ""; - poptContext optCon = NULL; - struct poptOption optionsTable[] = { -@@ -52,7 +52,7 @@ int parseDescription(rpmSpec spec) - - if (poptPeekArg(optCon)) { - if (name == NULL) -- name = poptGetArg(optCon); -+ name = xstrdup(poptGetArg(optCon)); - if (poptPeekArg(optCon)) { - rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), - spec->lineNum, -@@ -75,12 +75,15 @@ int parseDescription(rpmSpec spec) - } - - if (addLangTag(spec, pkg->header, -- RPMTAG_DESCRIPTION, descr, lang)) { -+ RPMTAG_DESCRIPTION, descr, -+ lang ? lang : RPMBUILD_DEFAULT_LANG)) { - nextPart = PART_ERROR; - } - - exit: - freeStringBuf(sb); -+ free(lang); -+ free(name); - free(argv); - poptFreeContext(optCon); - return nextPart; -diff --git a/build/parseFiles.c b/build/parseFiles.c -index 69935d4..0dc1f17 100644 ---- a/build/parseFiles.c -+++ b/build/parseFiles.c -@@ -17,7 +17,7 @@ int parseFiles(rpmSpec spec) - int rc, argc; - int arg; - const char ** argv = NULL; -- const char *name = NULL; -+ char *name = NULL; - int flag = PART_SUBNAME; - poptContext optCon = NULL; - struct poptOption optionsTable[] = { -@@ -52,7 +52,7 @@ int parseFiles(rpmSpec spec) - - if (poptPeekArg(optCon)) { - if (name == NULL) -- name = poptGetArg(optCon); -+ name = xstrdup(poptGetArg(optCon)); - if (poptPeekArg(optCon)) { - rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), - spec->lineNum, -@@ -89,6 +89,7 @@ int parseFiles(rpmSpec spec) - exit: - rpmPopMacro(NULL, "license"); - free(argv); -+ free(name); - poptFreeContext(optCon); - - return res; -diff --git a/build/parsePolicies.c b/build/parsePolicies.c -index 118b92c..64b95b1 100644 ---- a/build/parsePolicies.c -+++ b/build/parsePolicies.c -@@ -19,7 +19,7 @@ int parsePolicies(rpmSpec spec) - int rc, argc; - int arg; - const char **argv = NULL; -- const char *name = NULL; -+ char *name = NULL; - int flag = PART_SUBNAME; - poptContext optCon = NULL; - -@@ -50,7 +50,7 @@ int parsePolicies(rpmSpec spec) - - if (poptPeekArg(optCon)) { - if (name == NULL) -- name = poptGetArg(optCon); -+ name = xstrdup(poptGetArg(optCon)); - if (poptPeekArg(optCon)) { - rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), - spec->lineNum, spec->line); -@@ -66,6 +66,7 @@ int parsePolicies(rpmSpec spec) - - exit: - free(argv); -+ free(name); - poptFreeContext(optCon); - - return res; -diff --git a/build/parsePrep.c b/build/parsePrep.c -index fe37575..cafb050 100644 ---- a/build/parsePrep.c -+++ b/build/parsePrep.c -@@ -242,7 +242,7 @@ static int doSetupMacro(rpmSpec spec, const char *line) - int leaveDirs = 0, skipDefaultAction = 0; - int createDir = 0, quietly = 0; - int buildInPlace = 0; -- const char * dirName = NULL; -+ char * dirName = NULL; - struct poptOption optionsTable[] = { - { NULL, 'a', POPT_ARG_STRING, NULL, 'a', NULL, NULL}, - { NULL, 'b', POPT_ARG_STRING, NULL, 'b', NULL, NULL}, -@@ -373,6 +373,7 @@ exit: - freeStringBuf(before); - freeStringBuf(after); - poptFreeContext(optCon); -+ free(dirName); - free(argv); - - return rc; -@@ -484,6 +485,9 @@ static rpmRC doPatchMacro(rpmSpec spec, const char *line) - - exit: - argvFree(patchnums); -+ free(opt_b); -+ free(opt_d); -+ free(opt_o); - free(argv); - poptFreeContext(optCon); - return rc; -diff --git a/build/parseScript.c b/build/parseScript.c -index bdf6ab3..e037bba 100644 ---- a/build/parseScript.c -+++ b/build/parseScript.c -@@ -100,9 +100,9 @@ int parseScript(rpmSpec spec, int parsePart) - int arg; - const char **argv = NULL; - poptContext optCon = NULL; -- const char *name = NULL; -- const char *prog = "/bin/sh"; -- const char *file = NULL; -+ char *name = NULL; -+ char *prog = xstrdup("/bin/sh"); -+ char *file = NULL; - int priority = 1000000; - struct poptOption optionsTable[] = { - { NULL, 'p', POPT_ARG_STRING, &prog, 'p', NULL, NULL}, -@@ -326,7 +326,7 @@ int parseScript(rpmSpec spec, int parsePart) - - if (poptPeekArg(optCon)) { - if (name == NULL) -- name = poptGetArg(optCon); -+ name = xstrdup(poptGetArg(optCon)); - if (poptPeekArg(optCon)) { - rpmlog(RPMLOG_ERR, _("line %d: Too many names: %s\n"), - spec->lineNum, -@@ -465,6 +465,9 @@ exit: - free(reqargs); - freeStringBuf(sb); - free(progArgv); -+ free(prog); -+ free(name); -+ free(file); - free(argv); - poptFreeContext(optCon); - -diff --git a/build/policies.c b/build/policies.c -index d3b1930..e92df19 100644 ---- a/build/policies.c -+++ b/build/policies.c -@@ -276,16 +276,20 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) - } - - if (writeModuleToHeader(mod, pkg) != RPMRC_OK) { -- freeModule(mod); - goto exit; - } - -- freeModule(mod); -+ mod = freeModule(mod); -+ name = _free(name); -+ types = _free(types); - } - - rc = RPMRC_OK; - - exit: -+ freeModule(mod); -+ free(name); -+ free(types); - - return rc; - } --- -2.27.0 - diff --git a/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch b/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch deleted file mode 100644 index f169159..0000000 --- a/backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 4ddab4fb7e1ccc7dc466534250177b7d2682a9e2 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 29 Jan 2020 15:39:58 +0200 -Subject: [PATCH] Fix a minor memory leak on suppressed inhibition lock warning - message - -Commit 708e61307bc3fd027b016fdf5a1d1a5274c1843c introduced a memory leak -on the error object: if the message is suppressed then the error object -is never freed. Test for the suppression conditions separately to fix. ---- - plugins/systemd_inhibit.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/plugins/systemd_inhibit.c b/plugins/systemd_inhibit.c -index 0ddca9cd8..ecff30533 100644 ---- a/plugins/systemd_inhibit.c -+++ b/plugins/systemd_inhibit.c -@@ -52,12 +52,14 @@ static int inhibit(void) - dbus_message_unref(reply); - } - -- if (dbus_error_is_set(&err) -- && !dbus_error_has_name(&err, DBUS_ERROR_NO_SERVER) -- && !dbus_error_has_name(&err, DBUS_ERROR_FILE_NOT_FOUND)) { -- rpmlog(RPMLOG_WARNING, -+ if (dbus_error_is_set(&err)) { -+ if (!dbus_error_has_name(&err, DBUS_ERROR_NO_SERVER) && -+ !dbus_error_has_name(&err, DBUS_ERROR_FILE_NOT_FOUND)) -+ { -+ rpmlog(RPMLOG_WARNING, - "Unable to get systemd shutdown inhibition lock: %s\n", - err.message); -+ } - dbus_error_free(&err); - } - --- -2.27.0 - diff --git a/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch b/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch deleted file mode 100644 index 10f1b7b..0000000 --- a/backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 67f8dadebdf290c4ade36a7d3a27e52048d96032 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 4 Feb 2020 10:36:43 +0200 -Subject: [PATCH] Fix build regression in commit - 307872f71b357a3839fd037514a1c3dabfacc611 - -Commit 307872f71b357a3839fd037514a1c3dabfacc611 broke build with -SELinux enabled but was accidentally merged. Fix the breakage. ---- - build/policies.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/policies.c b/build/policies.c -index e92df194a..16d5f87e6 100644 ---- a/build/policies.c -+++ b/build/policies.c -@@ -221,6 +221,7 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) - char *types = NULL; - uint32_t flags = 0; - poptContext optCon = NULL; -+ ModuleRec mod = NULL; - - rpmRC rc = RPMRC_FAIL; - -@@ -236,7 +237,6 @@ static rpmRC processPolicies(rpmSpec spec, Package pkg, int test) - } - - for (ARGV_const_t pol = pkg->policyList; *pol != NULL; pol++) { -- ModuleRec mod; - const char *line = *pol; - const char **argv = NULL; - int argc = 0; --- -2.27.0 - diff --git a/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch b/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch deleted file mode 100644 index 72d3802..0000000 --- a/backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 486579912381ede82172dc6d0ff3941a6d0536b5 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Wed, 3 Jun 2020 10:25:24 +0800 -Subject: [PATCH] Fix: bump up the limit of signature header to 64MB - -Since commits [Place file signatures into the signature header where they -belong][1] applied, run `rpm -Kv **.rpm' failed if signature header -is larger than 64KB. Here are steps: - -1) A unsigned rpm package, the size is 227560 bytes -$ ls -al xz-src-5.2.5-r0.corei7_64.rpm --rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 - -2) Sign the rpm package -$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm - -3) The size of signed rpm is 312208 bytes -$ ls -al xz-src-5.2.5-r0.corei7_64.rpm --rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 - -4) Run `rpm -Kv' failed with signature hdr data out of range -$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm -xz-src-5.2.5-r0.corei7_64.rpm: -error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of -bytes(88864) out of range - -From 1) and 3), the size of signed rpm package increased -312208 - 227560 = 84648, so the check of dl_max (64KB,65536) -is not enough. - -As [1] said: - - This also means the signature header can be MUCH bigger than ever - before,so bump up the limit (to 64MB, arbitrary something for now) - -So [1] missed to multiply by 1024. - -[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c - -Signed-off-by: Hongxu Jia ---- - lib/header.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/header.c b/lib/header.c -index f9152ba90..e59d63744 100644 ---- a/lib/header.c -+++ b/lib/header.c -@@ -1903,7 +1903,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl - - if (regionTag == RPMTAG_HEADERSIGNATURES) { - il_max = 32; -- dl_max = 64 * 1024; -+ dl_max = 64 * 1024 * 1024; - } - - memset(block, 0, sizeof(block)); --- -2.27.0 - diff --git a/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch b/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch deleted file mode 100644 index f882284..0000000 --- a/backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch +++ /dev/null @@ -1,98 +0,0 @@ -From a58725822651f791b2e74fe40a6e85b3b7e72aca Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Mon, 10 Aug 2020 11:01:37 +0300 -Subject: [PATCH] Fix changelog trimming to work relative to newest -existing - entry (#1301) - -%_changelog_trimtime is an absolute timestamp which needs to be -%constantly -pushed forward to preserve the same relative age, and will start -trimming -entries from unchanged packages until none are left, leading to -unexpected -and confusing behavior (RhBug:1722806, ...) - -It's better to trim by age relative to newest changelog entry. This way -the -number of trimmed entries will not change unless the spec changes, and -at -least one entry is always preserved. Introduce a new %_changelog_trimage -macro for this and mark the broken by design %_changelog_trimtime as -deprecated, but autoconvert an existing trimtime into relative for now. - -As a seemingly unrelated change, move the "time" variable declaration -to a narrower scope to unmask the time() function for use on entry. - -Fixes: #1301 ---- - build/parseChangelog.c | 16 +++++++++++++++- - macros.in | 6 +++++- - 2 files changed, 20 insertions(+), 2 deletions(-) - -diff --git a/build/parseChangelog.c b/build/parseChangelog.c -index ad6d834..22f445e 100644 ---- a/build/parseChangelog.c -+++ b/build/parseChangelog.c -@@ -200,18 +200,26 @@ static rpmRC addChangelog(Header h, ARGV_const_t sb) - rpmRC rc = RPMRC_FAIL; /* assume failure */ - char *s, *sp; - int i; -- time_t time; -+ time_t firstTime = 0; - time_t lastTime = 0; - time_t trimtime = rpmExpandNumeric("%{?_changelog_trimtime}"); -+ time_t trimage = rpmExpandNumeric("%{?_changelog_trimage}"); - char *date, *name, *text, *next; - int date_words; /* number of words in date string */ - -+ /* Convert _changelog_trimtime to age for backwards compatibility */ -+ if (trimtime && !trimage) { -+ trimage = time(NULL) - trimtime; -+ trimtime = 0; -+ } -+ - s = sp = argvJoin(sb, ""); - - /* skip space */ - SKIPSPACE(s); - - while (*s != '\0') { -+ time_t time; - if (*s != '*') { - rpmlog(RPMLOG_ERR, _("%%changelog entries must start with *\n")); - goto exit; -@@ -235,6 +243,12 @@ static rpmRC addChangelog(Header h, ARGV_const_t sb) - rpmlog(RPMLOG_ERR, _("bad date in %%changelog: %s\n"), date); - goto exit; - } -+ /* Changelog trimming is always relative to first entry */ -+ if (!firstTime) { -+ firstTime = time; -+ if (trimage) -+ trimtime = firstTime - trimage; -+ } - if (lastTime && lastTime < time) { - rpmlog(RPMLOG_ERR, - _("%%changelog not in descending chronological order\n")); -diff --git a/macros.in b/macros.in -index 8619c13..5b45d73 100644 ---- a/macros.in -+++ b/macros.in -@@ -230,8 +230,12 @@ package or when debugging this package.\ - # The path to the gzip executable (legacy, use %{__gzip} instead). - %_gzipbin %{__gzip} - -+# Maximum age of preserved changelog entries in binary packages, -+# relative to newest existing entry. Unix timestamp format. -+%_changelog_trimage 0 -+ - # The Unix time of the latest kept changelog entry in binary packages. --# Any older entry is not packaged in binary packages. -+# DEPRACATED, use %_changelog_trimage instead. - %_changelog_trimtime 0 - - # If true, set the SOURCE_DATE_EPOCH environment variable --- -2.27.0 - diff --git a/backport-Fix-data-race-in-packageBinaries-function.patch b/backport-Fix-data-race-in-packageBinaries-function.patch deleted file mode 100644 index 0b5993b..0000000 --- a/backport-Fix-data-race-in-packageBinaries-function.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c9bb0c30d0eab5ff7db80d920d40c02623732f71 Mon Sep 17 00:00:00 2001 -From: Tom Stellard -Date: Tue, 9 Jun 2020 21:05:16 +0000 -Subject: [PATCH] Fix data race in packageBinaries() function - -The pkg variable used in the parallel loop was declared outside -of the omp parallel construct, so it was shared among tasks. This -had the potential to cause a data race. The gcc openmp implementation -did not hit this problem, but I uncovered it while trying to compile with -clang. My best guess as to what was happening is that after the last -task was launched, all tasks had the same value of pkg and were operating -on the same data at the same time. - -This patch declares the variable inside the omp parallel construct, so each -task gets its own copy of the variable. ---- - build/pack.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/pack.c b/build/pack.c -index 1f3d432bb3..8d6f74935e 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -765,7 +765,7 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - #pragma omp parallel - #pragma omp single - for (int i = 0; i < npkgs; i++) { -- pkg = tasks[i]; -+ Package pkg = tasks[i]; - #pragma omp task untied priority(i) - { - pkg->rc = packageBinary(spec, pkg, cookie, cheating, &pkg->filename); diff --git a/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch b/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch deleted file mode 100644 index 923b694..0000000 --- a/backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d937b04fb1cb5d3ca303bd458169c352a4b52669 Mon Sep 17 00:00:00 2001 -From: Florian Festi -Date: Fri, 31 Jan 2020 12:27:26 +0100 -Subject: [PATCH] Fix isUnorderedReq() for multiple qualifiers - -isUnorderedReq() returned True as soon as any qualifier that does not -require ordering is passed. But some qulifiers - basically the scriptlets -run during installation and erasure of the package - may still require -the dependency to be taken into account during ordering. - -Now isUnorderedReq() returns 0 if any of those are also set. - -Resolves: #1030 ---- - lib/rpmds.h | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/rpmds.h b/lib/rpmds.h -index 491d8738d..d160c948e 100644 ---- a/lib/rpmds.h -+++ b/lib/rpmds.h -@@ -82,12 +82,14 @@ typedef rpmFlags rpmsenseFlags; - _notpre(RPMSENSE_SCRIPT_PREUN|RPMSENSE_SCRIPT_POSTUN) - #define _UNORDERED_ONLY_MASK \ - _notpre(RPMSENSE_RPMLIB|RPMSENSE_CONFIG|RPMSENSE_PRETRANS|RPMSENSE_POSTTRANS|RPMSENSE_SCRIPT_VERIFY) -+#define _FORCE_ORDER_ONLY_MASK \ -+ _notpre(RPMSENSE_SCRIPT_PRE|RPMSENSE_SCRIPT_POST|RPMSENSE_SCRIPT_PREUN|RPMSENSE_SCRIPT_POSTUN) - - #define isLegacyPreReq(_x) (((_x) & _ALL_REQUIRES_MASK) == RPMSENSE_PREREQ) - #define isInstallPreReq(_x) ((_x) & _INSTALL_ONLY_MASK) - #define isErasePreReq(_x) ((_x) & _ERASE_ONLY_MASK) --#define isUnorderedReq(_x) ((_x) & _UNORDERED_ONLY_MASK) -- -+#define isUnorderedReq(_x) ((_x) & _UNORDERED_ONLY_MASK && \ -+ !((_x) & _FORCE_ORDER_ONLY_MASK)) - - - /** \ingroup rpmds --- -2.27.0 - diff --git a/backport-Fix-logic-error-in-grabArgs.patch b/backport-Fix-logic-error-in-grabArgs.patch deleted file mode 100644 index 349d71f..0000000 --- a/backport-Fix-logic-error-in-grabArgs.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 6d7fa91949337c7a86bab3359b39558fdae07dce Mon Sep 17 00:00:00 2001 -From: Michael Schroeder -Date: Fri, 23 Oct 2020 14:02:35 +0200 -Subject: [PATCH] Fix logic error in grabArgs() - -If there was a \ at the end of the buffer, the code would -return a pointer after the trailing \0 leading to unallocated -memory access and weird results in some cases. - -See commit 817959609b95afe34ce0f7f6c3dc5d7d0d9a8470. ---- - rpmio/macro.c | 2 +- - tests/rpmmacro.at | 5 +++++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/rpmio/macro.c b/rpmio/macro.c -index 1edcb39e6..a1ed9b288 100644 ---- a/rpmio/macro.c -+++ b/rpmio/macro.c -@@ -947,7 +947,7 @@ grabArgs(MacroBuf mb, const rpmMacroEntry me, const char * se, - splitQuoted(&argv, s, " \t"); - free(s); - -- cont = ((*lastc == '\0' || *lastc == '\n') && *(lastc-1) != '\\') ? -+ cont = (*lastc == '\0') || (*lastc == '\n' && *(lastc-1) != '\\') ? - lastc : lastc + 1; - } - -diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at -index d972a1197..a21952c46 100644 ---- a/tests/rpmmacro.at -+++ b/tests/rpmmacro.at -@@ -179,6 +179,9 @@ runroot rpm \ - --eval '%foo %{quote: 2 3 5} %{quote:%{nil}}' \ - --eval '%foo x%{quote:y}z 123' \ - --eval '%foo x%{quote:%{nil}}z' \ -+ --eval '%foo 1 \ -+bar' \ -+ --eval '%foo 1 \' \ - ], - [0], - [1:"1" -@@ -190,6 +193,8 @@ runroot rpm \ - 2:" 2 3 5" "" - 2:"xyz" "123" - 1:"xz" -+2:"1" "\"bar -+2:"1" "\" - ]) - AT_CLEANUP - --- -2.27.0 - diff --git a/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch b/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch deleted file mode 100644 index 999911c..0000000 --- a/backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c886b359ba5f05eec6a8da34b55437834b7d80ee Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 6 Feb 2020 14:51:14 +0200 -Subject: [PATCH] Fix pointer dereference before testing for NULL in - rpmtdGetNumber() - ---- - lib/rpmtd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/rpmtd.c b/lib/rpmtd.c -index e33c8cb53..41c6a50e8 100644 ---- a/lib/rpmtd.c -+++ b/lib/rpmtd.c -@@ -210,12 +210,12 @@ const char * rpmtdGetString(rpmtd td) - - uint64_t rpmtdGetNumber(rpmtd td) - { -- uint64_t val = 0; -- int ix = (td->ix >= 0 ? td->ix : 0); -- - if (td == NULL) - return 0; - -+ uint64_t val = 0; -+ int ix = (td->ix >= 0 ? td->ix : 0); -+ - switch (td->type) { - case RPM_INT64_TYPE: - val = *((uint64_t *) td->data + ix); --- -2.27.0 - diff --git a/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch b/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch deleted file mode 100644 index cfc242b..0000000 --- a/backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 747b7119ae89a3ccaceeae4f5570c7ab83d2cf5d Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 1 Sep 2020 13:14:35 +0300 -Subject: [PATCH] Fix possible read beyond buffer in rstrnlenhash() - -On strings that are not \0-terminated (which are a big reason for the -existence of this function), the while-loop would try to compare the -first character beyond the specified buffer for '\0' before realizing -we're already beyond the end when checking n. Should be mostly harmless -in practise as the check for n would still terminate it, but not right. -In particular this trips up address sanitizer with the bdb backend where -some of the returned strings are not \0-terminated. - -Test for string length first, and move the decrementing side-effect into -the loop for better readability. ---- - rpmio/rpmstrpool.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/rpmio/rpmstrpool.c b/rpmio/rpmstrpool.c -index 776ca6dea..0db0b5313 100644 ---- a/rpmio/rpmstrpool.c -+++ b/rpmio/rpmstrpool.c -@@ -88,11 +88,12 @@ static inline unsigned int rstrnlenhash(const char * str, size_t n, size_t * len - unsigned int hash = 0xe4721b68; - const char * s = str; - -- while (*s != '\0' && n-- > 0) { -+ while (n > 0 && *s != '\0') { - hash += *s; - hash += (hash << 10); - hash ^= (hash >> 6); - s++; -+ n--; - } - hash += (hash << 3); - hash ^= (hash >> 11); --- -2.27.0 - diff --git a/backport-Fix-regression-on-v3-package-handling-on-database-re.patch b/backport-Fix-regression-on-v3-package-handling-on-database-re.patch deleted file mode 100644 index b24c40b..0000000 --- a/backport-Fix-regression-on-v3-package-handling-on-database-re.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 85e5a70368854da0537099128530b0df69ca2216 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 29 Jan 2020 13:58:16 +0200 -Subject: [PATCH] Fix regression on v3 package handling on database rebuild - -Introduced in commit 27ea3f8624560bd158fc7bc801639310a0ffab10, the -wrong header is being added in case of v3 packages. - -Fixes: #1017 ---- - lib/rpmdb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/rpmdb.c b/lib/rpmdb.c -index 7ae67563f..91543eb68 100644 ---- a/lib/rpmdb.c -+++ b/lib/rpmdb.c -@@ -2557,7 +2557,7 @@ int rpmdbRebuild(const char * prefix, rpmts ts, - /* Deleted entries are eliminated in legacy headers by copy. */ - if (headerIsEntry(h, RPMTAG_HEADERIMAGE)) { - Header nh = headerReload(headerCopy(h), RPMTAG_HEADERIMAGE); -- rc = rpmdbAdd(newdb, h); -+ rc = rpmdbAdd(newdb, nh); - headerFree(nh); - } else { - rc = rpmdbAdd(newdb, h); --- -2.27.0 - diff --git a/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch b/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch deleted file mode 100644 index a9deae0..0000000 --- a/backport-Fix-resource-leaks-on-zstd-open-error-paths.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 6b18e76f3db5dd3db5a468c947309322d8bc11aa Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 21 Nov 2019 12:22:45 +0200 -Subject: [PATCH] Fix resource leaks on zstd open error paths - -If zstd stream initialization fails, the opened fd and the stream -itself are leaked. Handle error exit in a central label. ---- - rpmio/rpmio.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c -index 243942411..10ba20cd6 100644 ---- a/rpmio/rpmio.c -+++ b/rpmio/rpmio.c -@@ -1128,13 +1128,13 @@ static rpmzstd rpmzstdNew(int fdno, const char *fmode) - if ((flags & O_ACCMODE) == O_RDONLY) { /* decompressing */ - if ((_stream = (void *) ZSTD_createDStream()) == NULL - || ZSTD_isError(ZSTD_initDStream(_stream))) { -- return NULL; -+ goto err; - } - nb = ZSTD_DStreamInSize(); - } else { /* compressing */ - if ((_stream = (void *) ZSTD_createCStream()) == NULL - || ZSTD_isError(ZSTD_initCStream(_stream, level))) { -- return NULL; -+ goto err; - } - nb = ZSTD_CStreamOutSize(); - } -@@ -1149,6 +1149,14 @@ static rpmzstd rpmzstdNew(int fdno, const char *fmode) - zstd->b = xmalloc(nb); - - return zstd; -+ -+err: -+ fclose(fp); -+ if ((flags & O_ACCMODE) == O_RDONLY) -+ ZSTD_freeDStream(_stream); -+ else -+ ZSTD_freeCStream(_stream); -+ return NULL; - } - - static FD_t zstdFdopen(FD_t fd, int fdno, const char * fmode) --- -2.27.0 - diff --git a/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch b/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch deleted file mode 100644 index dd4765d..0000000 --- a/backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 83a5a20352dccd336a0114238c5988f0a9fa6d3e Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko -Date: Thu, 23 Jan 2020 14:21:26 +0100 -Subject: [PATCH] If fork fails in getOutputFrom(), close opened unused pipe - fds on error code path - -Signed-off-by: Denys Vlasenko ---- - build/rpmfc.c | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/build/rpmfc.c b/build/rpmfc.c -index f5f3793b9..81101518b 100644 ---- a/build/rpmfc.c -+++ b/build/rpmfc.c -@@ -277,6 +277,17 @@ static int getOutputFrom(ARGV_t argv, - } - - child = fork(); -+ if (child < 0) { -+ rpmlog(RPMLOG_ERR, _("Couldn't fork %s: %s\n"), -+ argv[0], strerror(errno)); -+ if (doio) { -+ close(toProg[1]); -+ close(toProg[0]); -+ close(fromProg[0]); -+ close(fromProg[1]); -+ } -+ return -1; -+ } - if (child == 0) { - close(toProg[1]); - close(fromProg[0]); -@@ -299,11 +310,6 @@ static int getOutputFrom(ARGV_t argv, - argv[0], strerror(errno)); - _exit(EXIT_FAILURE); - } -- if (child < 0) { -- rpmlog(RPMLOG_ERR, _("Couldn't fork %s: %s\n"), -- argv[0], strerror(errno)); -- return -1; -- } - - if (!doio) - goto reap; --- -2.27.0 - diff --git a/backport-Make-fdSeek-return-0-on-success-1-on-error.patch b/backport-Make-fdSeek-return-0-on-success-1-on-error.patch deleted file mode 100644 index 2822eff..0000000 --- a/backport-Make-fdSeek-return-0-on-success-1-on-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d1dee9c00af418004f578a97e9b794676daf6d37 Mon Sep 17 00:00:00 2001 -From: Matthew Almond -Date: Mon, 28 Sep 2020 12:41:22 -0700 -Subject: [PATCH] Make fdSeek return 0 on success, -1 on error - -This code eliminates a false positive failure when the destination -position is > 2GiB. This is done by changing the contract for `Fseek`. -Now it returns `0` on success instead of an `int` offset. -Care should be used to interpret the result as there is a difference in -semantics between the POSIX `fseek(2)`. Existing code is correct: negative -results are still failures. ---- - rpmio/rpmio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c -index 10a28a923..9f4a60aa1 100644 ---- a/rpmio/rpmio.c -+++ b/rpmio/rpmio.c -@@ -382,7 +382,7 @@ static ssize_t fdWrite(FDSTACK_t fps, const void * buf, size_t count) - - static int fdSeek(FDSTACK_t fps, off_t pos, int whence) - { -- return lseek(fps->fdno, pos, whence); -+ return (lseek(fps->fdno, pos, whence) == -1) ? -1 : 0; - } - - static int fdClose(FDSTACK_t fps) --- -2.27.0 - diff --git a/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch b/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch deleted file mode 100644 index d3876b8..0000000 --- a/backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 92a78e6acf3f056faccebb25a9d310ee96f8015d Mon Sep 17 00:00:00 2001 -From: Cerul Alain -Date: Mon, 13 Jul 2020 00:34:42 -0400 -Subject: [PATCH] Remove compare of global array tagsByName to NULL - -A 2016 change (57a96d2486c26142ebb168a1f00b0374d35bf044) apparently -changed tagsByName from dynamic allocation to being static, so that -Valgrind would not complain about lost memory. The definition is: - - static headerTagTableEntry tagsByName[TABLESIZE]; - -But a comparison was left of `tagsByName == NULL` in lib/tagname.c -and compiling with clang gives a warning, saying it is never NULL. ---- - lib/tagname.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/tagname.c b/lib/tagname.c -index 68b252991..4efd847eb 100644 ---- a/lib/tagname.c -+++ b/lib/tagname.c -@@ -234,7 +234,7 @@ int rpmTagGetNames(rpmtd tagnames, int fullname) - - pthread_once(&tagsLoaded, loadTags); - -- if (tagnames == NULL || tagsByName == NULL) -+ if (tagnames == NULL) - return 0; - - rpmtdReset(tagnames); --- -2.27.0 - diff --git a/backport-Use-libelf-for-determining-file-colors.patch b/backport-Use-libelf-for-determining-file-colors.patch deleted file mode 100644 index f53b901..0000000 --- a/backport-Use-libelf-for-determining-file-colors.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 3c061be6aeaec1be793b406fac9f667dc5d1429b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 4 Mar 2020 11:15:02 +0200 -Subject: [PATCH] Use libelf for determining file colors - -libmagic strings are notoriously unreliable as the details from version -to version. We link to libelf anyway so we might as well as get the -info straight from the horse's mouth. - -Besides being more reliable, this detaches the coloring business from -the hardcoded rpmfcTokens struct and informative-only FILECLASS -contents, -opening the door for other changes in that area. ---- - build/rpmfc.c | 35 +++++++++++++++++++++++++++++------ - 1 file changed, 29 insertions(+), 6 deletions(-) - -diff --git a/build/rpmfc.c b/build/rpmfc.c -index aaa0dca..0886616 100644 ---- a/build/rpmfc.c -+++ b/build/rpmfc.c -@@ -7,6 +7,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -595,7 +596,7 @@ exit: - return rc; - } - --/* Only used for elf coloring and controlling RPMTAG_FILECLASS inclusion now */ -+/* Only used for controlling RPMTAG_FILECLASS inclusion now */ - static const struct rpmfcTokens_s rpmfcTokens[] = { - { "directory", RPMFC_INCLUDE }, - -@@ -1076,6 +1077,29 @@ static int initAttrs(rpmfc fc) - return nattrs; - } - -+static uint32_t getElfColor(const char *fn) -+{ -+ uint32_t color = 0; -+ int fd = open(fn, O_RDONLY); -+ if (fd >= 0) { -+ Elf *elf = elf_begin (fd, ELF_C_READ, NULL); -+ GElf_Ehdr ehdr; -+ if (elf && gelf_getehdr(elf, &ehdr)) { -+ switch (ehdr.e_ident[EI_CLASS]) { -+ case ELFCLASS64: -+ color = RPMFC_ELF64; -+ break; -+ case ELFCLASS32: -+ color = RPMFC_ELF32; -+ break; -+ } -+ elf_end(elf); -+ } -+ close(fd); -+ } -+ return color; -+} -+ - rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) - { - int msflags = MAGIC_CHECK | MAGIC_COMPRESS | MAGIC_NO_CHECK_TOKENS; -@@ -1187,8 +1211,6 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) - /* Add attributes based on file type and/or path */ - rpmfcAttributes(fc, ix, ftype, s); - -- fc->fcolor[ix] = fcolor; -- - /* Add to file class dictionary and index array */ - #pragma omp ordered - if (fcolor != RPMFC_WHITE && (fcolor & RPMFC_INCLUDE)) { -@@ -1202,6 +1224,10 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode) - } - /* Pool id's start from 1, for headers we want it from 0 */ - fc->fcdictx[ix] = ftypeId - 1; -+ -+ /* Add ELF colors */ -+ if (S_ISREG(mode) && is_executable) -+ fc->fcolor[ix] = getElfColor(s); - } - - if (ms != NULL) -@@ -1493,9 +1519,6 @@ rpmRC rpmfcGenerateDepends(const rpmSpec spec, Package pkg) - goto exit; - - /* Add per-file colors(#files) */ -- /* XXX Make sure only primary (i.e. Elf32/Elf64) colors are added. */ -- for (int i = 0; i < fc->nfiles; i++) -- fc->fcolor[i] &= 0x0f; - headerPutUint32(pkg->header, RPMTAG_FILECOLORS, fc->fcolor, fc->nfiles); - - /* Add classes(#classes) */ --- -2.27.0 - diff --git a/backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch b/backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch new file mode 100644 index 0000000..80b8790 --- /dev/null +++ b/backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch @@ -0,0 +1,29 @@ +From 7b3a3f004f96ed3cb9cc377f7e64bfc88195dfc2 Mon Dec 13 16:41:34 2021 +From: From: Florian Festi +Date: Mon, 13 Dec 2021 16:41:34 +0800 +Subject: [PATCH] Use root as default UID_0_USER and UID_0_GROUP + +If /etc/passwd or /etc/group was not available during building rpm itself +these ended up empty. This affects builds done later on using rpmbuild. + +Resolves: #1838 +--- + configure.ac | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.ac b/configure.ac +index cdaf2b6..8656043 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1050,6 +1050,8 @@ fi + + user_with_uid0=$(awk -F: '$3==0 {print $1;exit}' /etc/passwd) + group_with_gid0=$(awk -F: '$3==0 {print $1;exit}' /etc/group) ++if test -z "$user_with_uid0" ; then user_with_uid0=root ; fi ++if test -z "$group_with_gid0" ; then group_with_gid0=root ; fi + AC_DEFINE_UNQUOTED([UID_0_USER],["$user_with_uid0"],[Get the user name having userid 0]) + AC_DEFINE_UNQUOTED([GID_0_GROUP],["$group_with_gid0"],[Get the group name having groupid 0]) + +-- +1.8.3.1 + diff --git a/backport-build-prioritize-large-packages.patch b/backport-build-prioritize-large-packages.patch deleted file mode 100644 index de037aa..0000000 --- a/backport-build-prioritize-large-packages.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6f6f5e70f16bef21523c3e2f19e7557bfcaa2546 Mon Sep 17 00:00:00 2001 -From: Michal Domonkos -Date: Tue, 21 Apr 2020 11:38:25 +0200 -Subject: [PATCH] build: prioritize large packages - -Binary packages come in different sizes and so their build time can vary -greatly. Dynamic scheduling, which we currently use for parallel -building, is a good strategy to combat such differences and load-balance -the available CPU cores. - -That said, knowing that the build time of a package is proportional to -its size, we can reduce the overall time even further by cleverly -ordering the task queue. - -As an example, consider a set of 5 packages, 4 of which take 1 unit of -time to build and one takes 4 units. If we were to build these on a -dual-core system, one possible unit distribution would look like this: - - TIME ---> -CPU 1 * * * * * * # package 1, 3 and 5 -CPU 2 * * # package 2 and 4 - -Now, compare that to a different distribution where the largest package -5 gets built early on: - - TIME ---> -CPU 1 * * * * # package 5 -CPU 2 * * * * # package 1, 2, 3 and 4 - -It's obvious that processing the largest packages first gives better -results when dealing with such a mix of small and large packages -(typically a regular package and its debuginfo counterpart, -respectively). - -Now, with dynamic scheduling in OpenMP, we cannot directly control the -task queue; we can only generate the tasks and let the runtime system do -its work. What we can do, however, is to provide a hint to the runtime -system for the desired ordering, using the "priority" clause. - -So, in this commit, we use the clause to assign a priority value to each -build task based on the respective package size (the bigger the size, -the higher the priority), to help achieve an optimal execution order. - -Indeed, in my testing, the priorities were followed to the letter (but -remember, that's not guaranteed by the specification). Interestingly, -even without the use of priorities, simply generating the tasks in the -desired order resulted in the same execution order for me, but that's, -again, just an implementation detail. - -Also note that OpenMP is allowed to stop the thread generating the tasks -at any time, and make it execute some of the tasks instead. If the -chosen task happens to be a long-duration one, we might hit a starvation -scenario where the other threads have exhausted the task queue and -there's nobody to generate new tasks. To counter that, this commit also -adds the "untied" clause which allows other threads to pick up where the -generating thread left off, and continue generating new tasks. - -Resolves #1045. ---- - build/pack.c | 38 +++++++++++++++++++++++++++++++++++--- - 1 file changed, 35 insertions(+), 3 deletions(-) - -diff --git a/build/pack.c b/build/pack.c -index a44a3fe9c8..bc40683c4f 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -6,6 +6,7 @@ - #include "system.h" - - #include -+#include - #include - - #include /* RPMSIGTAG*, rpmReadPackageFile */ -@@ -726,16 +727,45 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch - return rc; - } - -+static int compareBinaries(const void *p1, const void *p2) { -+ Package pkg1 = *(Package *)p1; -+ Package pkg2 = *(Package *)p2; -+ uint64_t size1 = headerGetNumber(pkg1->header, RPMTAG_LONGSIZE); -+ uint64_t size2 = headerGetNumber(pkg2->header, RPMTAG_LONGSIZE); -+ if (size1 > size2) -+ return -1; -+ if (size1 < size2) -+ return 1; -+ return 0; -+} -+ -+/* -+ * Run binary creation in parallel, with task priority based on package size -+ * (largest first) to help achieve an optimal load distribution. -+ */ - rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - { - rpmRC rc = RPMRC_OK; - Package pkg; -+ Package *tasks; -+ int npkgs = 0; -+ -+ for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) -+ npkgs++; -+ tasks = xcalloc(npkgs, sizeof(Package)); -+ -+ pkg = spec->packages; -+ for (int i = 0; i < npkgs; i++) { -+ tasks[i] = pkg; -+ pkg = pkg->next; -+ } -+ qsort(tasks, npkgs, sizeof(Package), compareBinaries); - -- /* Run binary creation in parallel */ - #pragma omp parallel - #pragma omp single -- for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) { -- #pragma omp task -+ for (int i = 0; i < npkgs; i++) { -+ pkg = tasks[i]; -+ #pragma omp task untied priority(i) - { - pkg->rc = packageBinary(spec, pkg, cookie, cheating, &pkg->filename); - rpmlog(RPMLOG_DEBUG, -@@ -754,6 +784,8 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - if (rc == RPMRC_OK) - checkPackageSet(spec->packages); - -+ free(tasks); -+ - return rc; - } - diff --git a/backport-fix-zstd-magic.patch b/backport-fix-zstd-magic.patch deleted file mode 100644 index 121056a..0000000 --- a/backport-fix-zstd-magic.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c464f1ece501346da11ed7582b8d46682363a285 Mon Sep 17 00:00:00 2001 -From: Thierry Vignaud -Date: Mon, 23 Dec 2019 16:51:49 +0100 -Subject: [PATCH] fix zstd magic - -I spot it while adding support for zstd compressed metadata in -URPM/urpmi, which was broken by this typo - -typo introduced in commit 3684424fe297c996bb05bb64631336fa2903df12 ---- - rpmio/rpmfileutil.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c -index bda97adf1..84ee34f4d 100644 ---- a/rpmio/rpmfileutil.c -+++ b/rpmio/rpmfileutil.c -@@ -188,7 +188,7 @@ int rpmFileIsCompressed(const char * file, rpmCompressedMagic * compressed) - (magic[4] == 0x5a) && (magic[5] == 0x00)) { - /* new style xz (lzma) with magic */ - *compressed = COMPRESSED_XZ; -- } else if ((magic[0] == 0x28) && (magic[1] == 0x85) && -+ } else if ((magic[0] == 0x28) && (magic[1] == 0xB5) && - (magic[2] == 0x2f) ) { - *compressed = COMPRESSED_ZSTD; - } else if ((magic[0] == 'L') && (magic[1] == 'Z') && --- -2.27.0 - diff --git a/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch b/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch deleted file mode 100644 index 09a8b0f..0000000 --- a/backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 52c3ee60a1ce0e7e527dc396dd1e1a0e29b7b0ed Mon Sep 17 00:00:00 2001 -From: Michael Schroeder -Date: Fri, 10 Jan 2020 15:47:13 +0100 -Subject: [PATCH] ndb: only clear the dbenv in the rpmdb if the last reference - is gone - -Otherwise we will segfault if just one index is closed. ---- - lib/backend/ndb/glue.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/backend/ndb/glue.c b/lib/backend/ndb/glue.c -index 376e360e3..841c2fe42 100644 ---- a/lib/backend/ndb/glue.c -+++ b/lib/backend/ndb/glue.c -@@ -52,8 +52,8 @@ static void closeEnv(rpmdb rdb) - if (ndbenv->data) - free(ndbenv->data); - free(ndbenv); -+ rdb->db_dbenv = 0; - } -- rdb->db_dbenv = 0; - } - - static struct ndbEnv_s *openEnv(rpmdb rdb) --- -2.27.0 - diff --git a/backport-optimize-signature-header-merge-a-bit.patch b/backport-optimize-signature-header-merge-a-bit.patch deleted file mode 100644 index b76bf5a..0000000 --- a/backport-optimize-signature-header-merge-a-bit.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a427c3cd2776bc523bd40491a5d92d98d071ffea Mon Sep 17 00:00:00 2001 -From: Demi Marie Obenour -Date: Tue, 16 Mar 2021 11:41:16 +0200 -Subject: [PATCH] Optimize signature header merge a bit - -Look up possible offending tags from the main header first in a separate -loop, this avoids having to re-sort after each headerPut() operation ---- - lib/package.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/package.c b/lib/package.c -index 6f10bb9..355c3e7 100644 ---- a/lib/package.c -+++ b/lib/package.c -@@ -64,10 +64,14 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg) - { - const struct taglate_s *xl; - struct rpmtd_s td; -- rpmtdReset(&td); - for (xl = xlateTags; xl->stag; xl++) { - /* There mustn't be one in the main header */ - if (headerIsEntry(h, xl->xtag)) -+ goto exit; -+ } -+ -+ rpmtdReset(&td); -+ for (xl = xlateTags; xl->stag; xl++) { - if (headerGet(sigh, xl->stag, &td, HEADERGET_RAW|HEADERGET_MINMEM)) { - /* Translate legacy tags */ - if (xl->stag != xl->xtag) -@@ -86,6 +90,7 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg) - } - rpmtdFreeData(&td); - -+exit: - if (xl->stag) { - rasprintf(msg, "invalid signature tag %s (%d)", - rpmTagGetName(xl->xtag), xl->xtag); --- -2.27.0 - diff --git a/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch b/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch deleted file mode 100644 index c4c0728..0000000 --- a/backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch +++ /dev/null @@ -1,47 +0,0 @@ -From f34030816d84dfbf52f259404b32b81e53c21fbb Mon Sep 17 00:00:00 2001 -From: Jes Sorensen -Date: Fri, 3 Apr 2020 14:09:18 -0400 -Subject: [PATCH] rpmfiArchiveRead() use signed return value to handle -1 on - error - -size_t is unsigned, so returning -1 is not going to have the expected -behavior. Fix it to return ssize_t. - -Signed-off-by: Jes Sorensen ---- - lib/rpmarchive.h | 4 ++-- - lib/rpmfi.c | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/rpmarchive.h b/lib/rpmarchive.h -index c864e5b56..2484b4d71 100644 ---- a/lib/rpmarchive.h -+++ b/lib/rpmarchive.h -@@ -122,9 +122,9 @@ int rpmfiArchiveWriteFile(rpmfi fi, FD_t fd); - * @param fi file info - * @param buf pointer to buffer - * @param size number of bytes to read -- * @return bytes actually read -+ * @return bytes actually read, -1 on error - */ --size_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size); -+ssize_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size); - - /** \ingroup payload - * Has current file content stored in the archive -diff --git a/lib/rpmfi.c b/lib/rpmfi.c -index c314a8b29..af428468c 100644 ---- a/lib/rpmfi.c -+++ b/lib/rpmfi.c -@@ -2261,7 +2261,7 @@ int rpmfiArchiveHasContent(rpmfi fi) - return res; - } - --size_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size) -+ssize_t rpmfiArchiveRead(rpmfi fi, void * buf, size_t size) - { - if (fi == NULL || fi->archive == NULL) - return -1; --- -2.27.0 - diff --git a/backport-rpmio-initialise-libgcrypt.patch b/backport-rpmio-initialise-libgcrypt.patch deleted file mode 100644 index ee837eb..0000000 --- a/backport-rpmio-initialise-libgcrypt.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 61ea5a8ea64dc130713da889f3f0c8da1a547bd9 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Wed, 4 Dec 2019 17:13:10 +0000 -Subject: [PATCH] rpmio: initialise libgcrypt - -If we're using libgcrypt for hashing we need to initialise libgcrypt as -otherwise it is not thread-safe. Without this it will crash when used -in parallel packaging runs. - -Fixes #968 ---- - rpmio/digest_libgcrypt.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rpmio/digest_libgcrypt.c b/rpmio/digest_libgcrypt.c -index b31fda569..291187f60 100644 ---- a/rpmio/digest_libgcrypt.c -+++ b/rpmio/digest_libgcrypt.c -@@ -20,6 +20,8 @@ struct DIGEST_CTX_s { - /**************************** init ************************************/ - - int rpmInitCrypto(void) { -+ gcry_check_version (NULL); -+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - return 0; - } - --- -2.27.0 - diff --git a/bugfix-rpm-4.14.2-fix-tty-failed.patch b/bugfix-rpm-4.14.2-fix-tty-failed.patch deleted file mode 100644 index 8803f94..0000000 --- a/bugfix-rpm-4.14.2-fix-tty-failed.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 733a0997ba5608f6b37d0b6d47c7bbd6f9d62381 Mon Sep 17 00:00:00 2001 -From: openeuler-basic -Date: Fri, 10 Jan 2020 10:29:16 +0800 -Subject: [PATCH] bugfix rpm 4.14.2 fix tty failed - ---- - rpmpopt.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpmpopt.in b/rpmpopt.in -index 8e4ef02..9585422 100644 ---- a/rpmpopt.in -+++ b/rpmpopt.in -@@ -219,7 +219,7 @@ rpmbuild alias --buildpolicy --define '__os_install_post %{_rpmconfigdir}/brp-!# - --POPTargs=$"" - # Minimally preserve rpmbuild's --sign functionality - rpmbuild alias --sign \ -- --pipe 'rpm --addsign `grep ".*: .*\.rpm$"|cut -d: -f2` < "/dev/"`ps -p $$ -o tty | tail -n 1`' \ -+ --pipe "grep '.*: .*\.rpm$'|cut -d: -f2|xargs -r rpm --addsign" \ - --POPTdesc=$"generate GPG signature (deprecated, use command rpmsign instead)" - rpmbuild alias --trace --eval '%trace' \ - --POPTdesc=$"trace macro expansion" --- -1.8.3.1 - diff --git a/change-rpmsigdig-test-s-SHA256HEADER-SHA1HEADER-SIGM.patch b/change-rpmsigdig-test-s-SHA256HEADER-SHA1HEADER-SIGM.patch deleted file mode 100644 index d483e6b..0000000 --- a/change-rpmsigdig-test-s-SHA256HEADER-SHA1HEADER-SIGM.patch +++ /dev/null @@ -1,46 +0,0 @@ -From ab2179452c5be276a6b96c591afded485c7e58c3 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 13 Nov 2019 11:38:07 +0200 -Subject: [PATCH] change rpmsigdig test's SHA256HEADER SHA1HEADER SIGMD5 value - ---- - tests/rpmsigdig.at | 6 +++--- - tests/rpmtests | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 3c15221..91c205e 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -146,9 +146,9 @@ done - runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm - ], - [0], --[SHA256HEADER: 8d150309b6988914994ad609ff8267718f23e8034affe260e6d4361a83a45a62 --SHA1HEADER: 78606c9281c44f34470d26df2caebba117b9d183 --SIGMD5: 3269c96a8e88bf4514647c570c66723b -+[SHA256HEADER: 340fcc0e848922c0a0c5e9f988482683038b4c753d29ef4682a3ca279cef2ef4 -+SHA1HEADER: 12352190a4557cd595387fbf0474ae65fd324158 -+SIGMD5: 3dc56bbd5166fca1d2c7cb637a057049 - PAYLOADDIGEST: 749d8980cc5889419da8cdbe9a5b3292742af8a227db3635f84966481b7612a8 - /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm: - Header SHA256 digest: OK -diff --git a/tests/rpmtests b/tests/rpmtests -index 6fa80e3..ae95856 100644 ---- a/tests/rpmtests -+++ b/tests/rpmtests -@@ -14547,9 +14547,9 @@ runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm - at_status=$? at_failed=false - $at_check_filter - at_fn_diff_devnull "$at_stderr" || at_failed=: --echo >>"$at_stdout"; $as_echo "SHA256HEADER: 8d150309b6988914994ad609ff8267718f23e8034affe260e6d4361a83a45a62 --SHA1HEADER: 78606c9281c44f34470d26df2caebba117b9d183 --SIGMD5: 3269c96a8e88bf4514647c570c66723b -+echo >>"$at_stdout"; $as_echo "SHA256HEADER: 340fcc0e848922c0a0c5e9f988482683038b4c753d29ef4682a3ca279cef2ef4 -+SHA1HEADER: 12352190a4557cd595387fbf0474ae65fd324158 -+SIGMD5: 3dc56bbd5166fca1d2c7cb637a057049 - PAYLOADDIGEST: 749d8980cc5889419da8cdbe9a5b3292742af8a227db3635f84966481b7612a8 - /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm: - Header SHA256 digest: OK --- - diff --git a/find-debuginfo.sh-decompress-DWARF-compressed-ELF-se.patch b/find-debuginfo.sh-decompress-DWARF-compressed-ELF-se.patch deleted file mode 100644 index ee4b7cf..0000000 --- a/find-debuginfo.sh-decompress-DWARF-compressed-ELF-se.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f2bc669cd0a080792522dd1bb7f50ef7025f16f0 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Sat, 21 Jul 2018 10:13:04 +0200 -Subject: [PATCH] find-debuginfo.sh: decompress DWARF compressed ELF sections - -debugedit and dwz do not support DWARF compressed ELF sections, let's -just decompress those before extracting debuginfo. - -Tested-by: Igor Gnatenko ---- - scripts/find-debuginfo.sh | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh -index 90a44942d..7b01bc036 100755 ---- a/scripts/find-debuginfo.sh -+++ b/scripts/find-debuginfo.sh -@@ -357,6 +357,9 @@ do_file() - get_debugfn "$f" - [ -f "${debugfn}" ] && return - -+ echo "explicitly decompress any DWARF compressed ELF sections in $f" -+ eu-elfcompress -q -p -t none "$f" -+ - echo "extracting debug info from $f" - # See also cpio SOURCEFILE copy. Directories must match up. - debug_base_name="$RPM_BUILD_DIR" --- -2.18.0 - diff --git a/get-in-use-of-ndb.patch b/get-in-use-of-ndb.patch new file mode 100644 index 0000000..c3d31ff --- /dev/null +++ b/get-in-use-of-ndb.patch @@ -0,0 +1,42 @@ +From 8ba0780a26429bbb474e23112627ebbaeb9abfee Mon Sep 17 00:00:00 2001 +From: renmingshuai +Date: Mon, 29 Nov 2021 10:53:24 +0800 +Subject: [PATCH] get in use of ndb + +--- + configure.ac | 4 ++-- + macros.in | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 6b161dc..ab1c667 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -490,9 +490,9 @@ AM_CONDITIONAL([BDB_RO], [test "$enable_bdb_ro" = yes]) + # Check for SQLITE support + AC_ARG_ENABLE([sqlite], + [AS_HELP_STRING([--enable-sqlite=@<:@yes/no/auto@:>@)], +- [build with sqlite rpm database format support (default=yes)])], ++ [build with sqlite rpm database format support (default=auto)])], + [enable_sqlite="$enableval"], +- [enable_sqlite=yes]) ++ [enable_sqlite=auto]) + + AS_IF([test "x$enable_sqlite" != "xno"], [ + PKG_CHECK_MODULES([SQLITE], [sqlite3 >= 3.22.0], [have_sqlite=yes], [have_sqlite=no]) +diff --git a/macros.in b/macros.in +index 22f675c..3e81918 100644 +--- a/macros.in ++++ b/macros.in +@@ -602,7 +602,7 @@ package or when debugging this package.\ + # sqlite Sqlite database + # dummy dummy backend (no actual functionality) + # +-%_db_backend sqlite ++%_db_backend ndb + + #============================================================================== + # ---- GPG/PGP/PGP5 signature macros. +-- +1.8.3.1 + diff --git a/rpm-4.15.1.tar.bz2 b/rpm-4.15.1.tar.bz2 deleted file mode 100644 index 3e4c5f9..0000000 Binary files a/rpm-4.15.1.tar.bz2 and /dev/null differ diff --git a/rpm-4.17.0.tar.bz2 b/rpm-4.17.0.tar.bz2 new file mode 100644 index 0000000..0aecf44 Binary files /dev/null and b/rpm-4.17.0.tar.bz2 differ diff --git a/rpm.spec b/rpm.spec index 60231e0..d6c2a6c 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,66 +1,33 @@ Name: rpm -Version: 4.15.1 -Release: 30 +Version: 4.17.0 +Release: 1 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ -Source0: http://ftp.rpm.org/releases/rpm-4.15.x/%{name}-%{version}.tar.bz2 +Source0: http://ftp.rpm.org/releases/rpm-4.17.x/%{name}-%{version}.tar.bz2 Patch1: Unbundle-config-site-and-add-RPM-LD-FLAGS-macro.patch Patch2: rpm-4.12.0-rpm2cpio-hack.patch -Patch3: find-debuginfo.sh-decompress-DWARF-compressed-ELF-se.patch -Patch4: skip-updating-the-preferences.patch -Patch5: add-dist-to-release-by-default.patch -Patch6: Silence-spurious-error-message-from-lsetfilecon-on-E.patch -Patch7: revert-always-execute-file-trigger-scriptlet-callbac.patch -Patch8: change-rpmsigdig-test-s-SHA256HEADER-SHA1HEADER-SIGM.patch +Patch3: add-dist-to-release-by-default.patch +Patch4: revert-always-execute-file-trigger-scriptlet-callbac.patch +Patch5: bugfix-rpm-4.11.3-add-aarch64_ilp32-arch.patch +Patch6: bugfix-rpm-4.14.2-wait-once-get-rpmlock-fail.patch +Patch7: Generate-digest-lists.patch +Patch8: Add-digest-list-plugin.patch +Patch9: Don-t-add-dist-to-release-if-it-is-already-there.patch +Patch10: Use-user.digest_list-to-avoid-duplicate-processing-o.patch +Patch11: call-process_digest_list-after-files-are-added.patch +Patch12: fix-lsetxattr-error-in-container.patch +Patch13: get-in-use-of-ndb.patch +Patch14: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch +Patch15: still-in-use-of-python-scripts-from-old-version.patch -Patch9: bugfix-rpm-4.11.3-add-aarch64_ilp32-arch.patch -Patch10: bugfix-rpm-4.14.2-fix-tty-failed.patch -Patch11: bugfix-rpm-4.14.2-wait-once-get-rpmlock-fail.patch -Patch12: Use-common-error-logic-regardless-of-setexecfilecon-.patch -Patch13: Generate-digest-lists.patch -Patch14: Add-digest-list-plugin.patch -Patch15: Don-t-add-dist-to-release-if-it-is-already-there.patch -Patch16: Use-user.digest_list-to-avoid-duplicate-processing-o.patch -Patch17: call-process_digest_list-after-files-are-added.patch - -Patch18: backport-Fix-changelog-trimming-to-work-relative-to-newest-ex.patch -Patch19: backport-Fix-resource-leaks-on-zstd-open-error-paths.patch -Patch20: backport-rpmio-initialise-libgcrypt.patch -Patch21: backport-fix-zstd-magic.patch -Patch22: backport-Don-t-require-signature-header-to-be-in-single-conti.patch -Patch23: backport-ndb-only-clear-the-dbenv-in-the-rpmdb-if-the-last-re.patch -Patch24: backport-Fix-regression-on-v3-package-handling-on-database-re.patch -Patch25: backport-Fix-a-minor-memory-leak-on-suppressed-inhibition-loc.patch -Patch26: backport-Fix-POPT_ARG_STRING-memleaks-in-librpmbuild.patch -Patch27: backport-Fix-build-regression-in-commit-307872f71b357a3839fd0.patch -Patch28: backport-Fix-isUnorderedReq-for-multiple-qualifiers.patch -Patch29: backport-If-fork-fails-in-getOutputFrom-close-opened-unused-p.patch -Patch30: backport-Fix-pointer-dereference-before-testing-for-NULL-in-r.patch -Patch31: backport-Don-t-look-into-source-package-provides-in-depsolvin.patch -Patch32: backport-rpmfiArchiveRead-use-signed-return-value-to-handle-1.patch -Patch33: backport-Fix-bump-up-the-limit-of-signature-header-to-64MB.patch -Patch34: backport-Remove-compare-of-global-array-tagsByName-to-NULL.patch -Patch35: backport-Always-close-libelf-handle-1313.patch -Patch36: backport-Add-missing-terminator-to-copyTagsFromMainDebug-arra.patch -Patch37: backport-Fix-possible-read-beyond-buffer-in-rstrnlenhash.patch -Patch38: backport-Make-fdSeek-return-0-on-success-1-on-error.patch -Patch39: backport-Fix-logic-error-in-grabArgs.patch -Patch40: backport-Use-libelf-for-determining-file-colors.patch -Patch41: backport-CVE-2021-20271.patch -Patch42: backport-optimize-signature-header-merge-a-bit.patch -Patch43: CVE-2021-20266.patch -Patch44: backport-build-prioritize-large-packages.patch -Patch45: backport-Fix-data-race-in-packageBinaries-function.patch -Patch46: fix-lsetxattr-error-in-container.patch - -BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel +BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils BuildRequires: lua-devel libcap-devel libacl-devel libselinux-devel file-devel gettext-devel ncurses-devel -BuildRequires: system-rpm-config dwz gnupg2 -Requires: coreutils popt curl zstd libcap crontabs logrotate libdb-utils +BuildRequires: system-rpm-config dwz gnupg2 debugedit +Requires: coreutils popt curl zstd libcap crontabs logrotate Obsoletes: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Provides: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Obsoletes: %{name}-plugin-selinux %{name}-plugin-syslog %{name}-plugin-systemd-inhibit < 4.15.1-28 %{name}-plugin-ima %{name}-plugin-prioreset @@ -75,18 +42,18 @@ The RPM Package Manager (RPM) is a powerful package management system capability -verifying integrity of packaged software and resulting software installation %package libs -Summary: Shared library of rpm 4.15 +Summary: Shared library of rpm 4.17 Requires: %{name} = %{version}-%{release} %description libs -Shared library of rpm 4.15. +Shared library of rpm 4.17. %package build Summary: Scripts and executable programs used to build packages Requires: %{name} = %{version}-%{release} Requires: elfutils binutils findutils sed grep gawk diffutils file patch Requires: tar unzip gzip bzip2 cpio xz zstd pkgconfig system-rpm-config -Requires: gdb-headless +Requires: gdb-headless debugedit %description build This package provides scripts and executable programs that used to @@ -132,8 +99,6 @@ Obsoletes: apidocs %prep %autosetup -n %{name}-%{version} -p1 -sed -ie 's:^python test:python2 test:g' tests/rpmtests tests/local.at - %build CPPFLAGS="$CPPFLAGS -DLUA_COMPAT_APIINTCASTS" CFLAGS="$RPM_OPT_FLAGS -DLUA_COMPAT_APIINTCASTS" @@ -163,7 +128,13 @@ done; --with-imaevm \ --enable-zstd \ --enable-python \ - --with-crypto=openssl + --enable-bdb-ro \ + --enable-ndb \ + --enable-bdb=no \ + --enable-sqlite=no \ + --with-crypto=openssl \ + --with-fapolicyd=no \ + --with-fsverity=no %make_build @@ -184,6 +155,9 @@ install -m 755 scripts/rpm.daily ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/rpm mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d install -m 644 scripts/rpm.log ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/rpm +install -m 755 build-aux/config.guess ${RPM_BUILD_ROOT}%{_rpmconfigdir}/ +install -m 755 build-aux/config.sub ${RPM_BUILD_ROOT}%{_rpmconfigdir}/ + mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d echo "r /var/lib/rpm/__db.*" > ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/rpm.conf @@ -191,18 +165,10 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/macros.d mkdir -p $RPM_BUILD_ROOT/var/lib/rpm -for dbi in \ - Basenames Conflictname Dirnames Group Installtid Name Obsoletename \ - Packages Providename Requirename Triggername Sha1header Sigmd5 \ - __db.001 __db.002 __db.003 __db.004 __db.005 __db.006 __db.007 \ - __db.008 __db.009 -do - touch $RPM_BUILD_ROOT/var/lib/rpm/$dbi -done +./rpmdb --define "_db_backend ndb" --dbpath=$(pwd)/ndb/ --initdb +cp -va ndb/. $RPM_BUILD_ROOT/var/lib/rpm/ -#./rpmdb --dbpath=$RPM_BUILD_ROOT/var/lib/rpm --initdb - -for dbutil in dump load recover stat upgrade verify +for dbutil in recover stat upgrade verify do ln -s ../../bin/db_${dbutil} $RPM_BUILD_ROOT/usr/lib/rpm/rpmdb_${dbutil} done @@ -214,6 +180,7 @@ find $RPM_BUILD_ROOT -name "*.la"|xargs rm -f rm -f $RPM_BUILD_ROOT/%{_rpmconfigdir}/{perldeps.pl,perl.*,pythond*} rm -f $RPM_BUILD_ROOT/%{_fileattrsdir}/{perl*,python*} rm -f $RPM_BUILD_ROOT/%{_rpmconfigdir}/{tcl.req,osgideps.pl} +rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/dbus-1/system.d/org.rpm.conf %check make check || (cat tests/rpmtests.log; exit 0) @@ -226,6 +193,17 @@ make check || (cat tests/rpmtests.log; exit 0) %postun libs -p /sbin/ldconfig +%posttrans +{ + set -e + dbpath=$(rpm -E %{_dbpath}) + while [ -e ${dbpath}/Packages ] + do + date >> /var/log/rebuilddb.log 2>&1 + rpm -vvv --rebuilddb >> /var/log/rebuilddb.log 2>&1 + done +} & + %files -f %{name}.lang %defattr(-,root,root) %license COPYING @@ -235,7 +213,8 @@ make check || (cat tests/rpmtests.log; exit 0) %config(noreplace) %{_sysconfdir}/logrotate.d/rpm %dir %{_sysconfdir}/rpm %dir /var/lib/rpm -%attr(0644, root, root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/rpm/* +%attr(0644, root, root) %ghost %config(missingok,noreplace) /var/lib/rpm/* +%attr(0644, root, root) %ghost /var/lib/rpm/.*.lock %lang(fr) %{_mandir}/fr/man[18]/*.[18]* %lang(ko) %{_mandir}/ko/man[18]/*.[18]* %lang(ja) %{_mandir}/ja/man[18]/*.[18]* @@ -257,6 +236,8 @@ make check || (cat tests/rpmtests.log; exit 0) %{_rpmconfigdir}/platform %{_libdir}/rpm-plugins/ %exclude %{_libdir}/rpm-plugins/systemd_inhibit.so +%exclude %{_libdir}/rpm-plugins/fsverity.so +%exclude %{_libdir}/rpm-plugins/dbus_announce.so %dir %{_rpmconfigdir}/fileattrs %{_bindir}/rpm %{_bindir}/rpm2archive @@ -278,9 +259,6 @@ make check || (cat tests/rpmtests.log; exit 0) %{_rpmconfigdir}/brp-* %{_rpmconfigdir}/check-* -%{_rpmconfigdir}/debugedit -%{_rpmconfigdir}/sepdebugcrcfix -%{_rpmconfigdir}/find-debuginfo.sh %{_rpmconfigdir}/find-lang.sh %{_rpmconfigdir}/*provides* %{_rpmconfigdir}/*requires* @@ -309,13 +287,20 @@ make check || (cat tests/rpmtests.log; exit 0) %files help %defattr(-,root,root) -%doc doc/manual/[a-z]* -%doc doc/librpm/html/* +%doc docs/manual/[a-z]* +%doc docs/librpm/html/* %{_mandir}/man8/rpm*.8* %exclude %{_mandir}/man8/rpm-plugin-systemd-inhibit.8* +%exclude %{_mandir}/man8/rpm-plugin-dbus-announce.8* %{_mandir}/man1/gendiff.1* %changelog +* Mon Dec 27 2021 renhongxun - 4.17.0-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:upgrade to 4.17.0 + * Mon Sep 13 2021 zhangtianxing - 4.15.1-30 - Type:bugfix - ID:NA diff --git a/skip-updating-the-preferences.patch b/skip-updating-the-preferences.patch deleted file mode 100644 index 765d425..0000000 --- a/skip-updating-the-preferences.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 90e2b3a3b1a6d2b18c4421ed17a94aa5c56108a8 Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Thu, 13 Feb 2020 21:32:33 +0800 -Subject: [PATCH] skip updating the preferences - ---- - tests/Makefile.am | 2 +- - tests/Makefile.in | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 10f095b..ab92353 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -167,7 +167,7 @@ populate_testing: - for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done - for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done - (cd testing/magic && file -C) -- HOME=$(abs_builddir)/testing gpg2 --import ${abs_srcdir}/data/keys/*.secret -+ HOME=$(abs_builddir)/testing gpg2 --import --batch ${abs_srcdir}/data/keys/*.secret - - check_DATA = atconfig atlocal $(TESTSUITE) - -diff --git a/tests/Makefile.in b/tests/Makefile.in -index 16bcdd5..5603c54 100644 ---- a/tests/Makefile.in -+++ b/tests/Makefile.in -@@ -695,7 +695,7 @@ populate_testing: - for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done - for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done - (cd testing/magic && file -C) -- HOME=$(abs_builddir)/testing gpg2 --import ${abs_srcdir}/data/keys/*.secret -+ HOME=$(abs_builddir)/testing gpg2 --import --batch ${abs_srcdir}/data/keys/*.secret - - @HAVE_FAKECHROOT_TRUE@check-local: $(check_DATA) populate_testing - @HAVE_FAKECHROOT_TRUE@ $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) --- -1.8.3.1 - diff --git a/still-in-use-of-python-scripts-from-old-version.patch b/still-in-use-of-python-scripts-from-old-version.patch new file mode 100644 index 0000000..d9fee0b --- /dev/null +++ b/still-in-use-of-python-scripts-from-old-version.patch @@ -0,0 +1,210 @@ +From 4ec83c32024a8faf0a66a4275acbcd15751ee303 Mon Sep 17 00:00:00 2001 +From: renhongxun +Date: Wed, 29 Dec 2021 16:37:45 +0800 +Subject: [PATCH] still in use of python scripts from old version + +--- + platform.in | 3 ++ + scripts/Makefile.am | 8 +-- + scripts/brp-python-bytecompile | 112 +++++++++++++++++++++++++++++++++++++++++ + scripts/brp-python-hardlink | 25 +++++++++ + 4 files changed, 144 insertions(+), 4 deletions(-) + create mode 100644 scripts/brp-python-bytecompile + create mode 100755 scripts/brp-python-hardlink + +diff --git a/platform.in b/platform.in +index 71496b8..748186e 100644 +--- a/platform.in ++++ b/platform.in +@@ -82,10 +82,13 @@ + # + + %__arch_install_post @ARCH_INSTALL_POST@ ++%_python_bytecompile_errors_terminate_build 0 ++%_python_bytecompile_extra 1 + + # Standard brp-macro naming: + # convert all '-' in basename to '_', add two leading underscores. + %__brp_compress %{_rpmconfigdir}/brp-compress %{?_prefix} ++%__brp_python_bytecompile %{_rpmconfigdir}/brp-python-bytecompile "" "%{?_python_bytecompile_errors_terminate_build}" "%{?_python_bytecompile_extra}" + %__brp_strip %{_rpmconfigdir}/brp-strip %{__strip} + %__brp_strip_comment_note %{_rpmconfigdir}/brp-strip-comment-note %{__strip} %{__objdump} + %__brp_strip_static_archive %{_rpmconfigdir}/brp-strip-static-archive %{__strip} +diff --git a/scripts/Makefile.am b/scripts/Makefile.am +index 4aed76b..5a1c494 100644 +--- a/scripts/Makefile.am ++++ b/scripts/Makefile.am +@@ -6,8 +6,8 @@ AM_CFLAGS = @RPMCFLAGS@ + CLEANFILES = + + EXTRA_DIST = \ +- brp-compress \ +- brp-strip brp-strip-comment-note \ ++ brp-compress brp-python-bytecompile \ ++ brp-strip brp-strip-comment-note brp-python-hardlink \ + brp-strip-static-archive brp-elfperms \ + brp-remove-la-files \ + check-files check-prereqs \ +@@ -23,8 +23,8 @@ EXTRA_DIST = \ + fontconfig.prov script.req + + rpmconfig_SCRIPTS = \ +- brp-compress \ +- brp-strip brp-strip-comment-note \ ++ brp-compress brp-python-bytecompile \ ++ brp-strip brp-strip-comment-note brp-python-hardlink \ + brp-strip-static-archive brp-elfperms \ + brp-remove-la-files \ + check-files check-prereqs \ +diff --git a/scripts/brp-python-bytecompile b/scripts/brp-python-bytecompile +new file mode 100644 +index 0000000..d9c4832 +--- /dev/null ++++ b/scripts/brp-python-bytecompile +@@ -0,0 +1,112 @@ ++#!/bin/bash ++errors_terminate=$2 ++extra=$3 ++ ++# If using normal root, avoid changing anything. ++if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then ++ exit 0 ++fi ++ ++# Figure out how deep we need to descend. We could pick an insanely high ++# number and hope it's enough, but somewhere, somebody's sure to run into it. ++depth=`(find "$RPM_BUILD_ROOT" -type f -name "*.py" -print0 ; echo /) | \ ++ xargs -0 -n 1 dirname | sed 's,[^/],,g' | sort -u | tail -n 1 | wc -c` ++if [ -z "$depth" ] || [ "$depth" -le "1" ]; then ++ exit 0 ++fi ++ ++function python_bytecompile() ++{ ++ local options=$1 ++ local python_binary=$2 ++ local exclude=$3 ++ local python_libdir=$4 ++ local depth=$5 ++ local real_libdir=$6 ++ ++cat << EOF | $python_binary $options ++import compileall, sys, os, re ++ ++python_libdir = "$python_libdir" ++depth = $depth ++real_libdir = "$real_libdir" ++build_root = "$RPM_BUILD_ROOT" ++exclude = r"$exclude" ++ ++class Filter: ++ def search(self, path): ++ ret = not os.path.realpath(path).startswith(build_root) ++ if exclude: ++ ret = ret or re.search(exclude, path) ++ return ret ++ ++sys.exit(not compileall.compile_dir(python_libdir, depth, real_libdir, force=1, rx=Filter(), quiet=1)) ++EOF ++} ++ ++# .pyc/.pyo files embed a "magic" value, identifying the ABI version of Python ++# bytecode that they are for. ++# ++# The files below RPM_BUILD_ROOT could be targeting multiple versions of ++# python (e.g. a single build that emits several subpackages e.g. a ++# python26-foo subpackage, a python31-foo subpackage etc) ++# ++# Support this by assuming that below each /usr/lib/python$VERSION/, all ++# .pyc/.pyo files are to be compiled for /usr/bin/python$VERSION. ++# ++# For example, below /usr/lib/python2.6/, we're targeting /usr/bin/python2.6 ++# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1 ++ ++shopt -s nullglob ++for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]$"`; ++do ++ python_binary=/usr/bin/$(basename $python_libdir) ++ real_libdir=${python_libdir/$RPM_BUILD_ROOT/} ++ echo "Bytecompiling .py files below $python_libdir using $python_binary" ++ ++ # Generate normal (.pyc) byte-compiled files. ++ python_bytecompile "" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir" ++ if [ $? -ne 0 ] && [ 0$errors_terminate -ne 0 ]; then ++ # One or more of the files had a syntax error ++ exit 1 ++ fi ++ ++ # Generate optimized (.pyo) byte-compiled files. ++ python_bytecompile "-O" "$python_binary" "" "$python_libdir" "$depth" "$real_libdir" ++ if [ $? -ne 0 ] && [ 0$errors_terminate -ne 0 ]; then ++ # One or more of the files had a syntax error ++ exit 1 ++ fi ++done ++ ++ ++# Handle other locations in the filesystem using the default python implementation ++# if extra is set to 0, don't do this ++if [ 0$extra -eq 0 ]; then ++ exit 0 ++fi ++ ++# If we don't have a default python interpreter, we cannot proceed ++default_python=${1:-/usr/bin/python} ++if [ ! -x "$default_python" ]; then ++ exit 0 ++fi ++ ++# Figure out if there are files to be bytecompiled with the default_python at all ++# this prevents unnecessary default_python invocation ++find "$RPM_BUILD_ROOT" -type f -name "*.py" | grep -Ev "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" || exit 0 ++ ++# Generate normal (.pyc) byte-compiled files. ++python_bytecompile "" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/" ++if [ $? -ne 0 ] && [ 0$errors_terminate -ne 0 ]; then ++ # One or more of the files had a syntax error ++ exit 1 ++fi ++ ++# Generate optimized (.pyo) byte-compiled files. ++python_bytecompile "-O" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/" ++if [ $? -ne 0 ] && [ 0$errors_terminate -ne 0 ]; then ++ # One or more of the files had a syntax error ++ exit 1 ++fi ++exit 0 +diff --git a/scripts/brp-python-hardlink b/scripts/brp-python-hardlink +new file mode 100755 +index 0000000..5fd1b43 +--- /dev/null ++++ b/scripts/brp-python-hardlink +@@ -0,0 +1,25 @@ ++#!/bin/sh ++ ++# If using normal root, avoid changing anything. ++if [ -z "$RPM_BUILD_ROOT" ] || [ "$RPM_BUILD_ROOT" = "/" ]; then ++ exit 0 ++fi ++ ++hardlink_if_same() { ++ if cmp -s "$1" "$2" ; then ++ ln -f "$1" "$2" ++ return 0 ++ fi ++ return 1 ++} ++ ++# Hardlink identical *.pyc, *.pyo, and *.opt-[12].pyc. ++# Originally from PLD's rpm-build-macros ++find "$RPM_BUILD_ROOT" -type f -name "*.pyc" -not -name "*.opt-[12].pyc" | while read pyc ; do ++ hardlink_if_same "$pyc" "${pyc%c}o" ++ o1pyc="${pyc%pyc}opt-1.pyc" ++ hardlink_if_same "$pyc" "$o1pyc" ++ o2pyc="${pyc%pyc}opt-2.pyc" ++ hardlink_if_same "$pyc" "$o2pyc" || hardlink_if_same "$o1pyc" "$o2pyc" ++done ++exit 0 +-- +1.8.3.1 +