From 8c53555c574da8ac34df2657e39fa9415f585f0b Mon Sep 17 00:00:00 2001 From: hugel <2712504175@qq.com> Date: Wed, 27 Nov 2024 09:37:13 +0800 Subject: [PATCH] Require macro filenames to end in alphanum char --- ...ro-filenames-to-end-in-alphanum-char.patch | 77 +++++++++++++++++++ rpm.spec | 6 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 backport-Require-macro-filenames-to-end-in-alphanum-char.patch diff --git a/backport-Require-macro-filenames-to-end-in-alphanum-char.patch b/backport-Require-macro-filenames-to-end-in-alphanum-char.patch new file mode 100644 index 0000000..aebeec2 --- /dev/null +++ b/backport-Require-macro-filenames-to-end-in-alphanum-char.patch @@ -0,0 +1,77 @@ +From 63e3061fa2471c663bed43d02f97c80953dfc9f7 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Wed, 23 Oct 2024 15:45:07 +0200 +Subject: [PATCH] Require macro filenames to end in alphanum char + +Conflict:modify macro.c instead of macro.cc; use AT_{CHECK,CLEANUP} +instead of RPMTEST_{CHECK,CLEANUP} because adafe8d04724b is not merged; +use "/usr/lib/rpm" instead of $RPM_CONFIGDIR_PATH because f134eb1 and +1592f16 are not merged; "mkdir -p $RPMTEST/usr/lib/rpm/macros.d/" to +ensure directory exist. +Reference:https://github.com/rpm-software-management/rpm/commit/63e3061fa2471c663bed43d02f97c80953dfc9f7 + +Make sure (text editor) backup files, such as those with the tilde (~) +at the end, aren't processed by our macrofiles globs. These can appear +while editing a macro file in place and may result in confusing behavior +where an old version of a macro overrides the one being written, like +seen in the ticket #3373. + +Rather than enumerating any specific suffixes, just mandate that macro +files end with alphanumerics. That's more of a name sanity check than +anything but fits the bill here. + +Co-authored-by: Peter Oliver +--- + rpmio/macro.c | 4 +++- + tests/rpmmacro.at | 18 ++++++++++++++++++ + 2 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/rpmio/macro.c b/rpmio/macro.c +index 1a9f2f63a..11668b7ee 100644 +--- a/rpmio/macro.c ++++ b/rpmio/macro.c +@@ -1981,9 +1981,11 @@ rpmInitMacros(rpmMacroContext mc, const char * macrofiles) + + /* Read macros from each file. */ + for (path = files; *path; path++) { ++ size_t len = strlen(*path); + if (rpmFileHasSuffix(*path, ".rpmnew") || + rpmFileHasSuffix(*path, ".rpmsave") || +- rpmFileHasSuffix(*path, ".rpmorig")) { ++ rpmFileHasSuffix(*path, ".rpmorig") || ++ (len > 0 && !risalnum((*path)[len - 1]))) { + continue; + } + (void) loadMacroFile(mc, *path); +diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at +index 50096fd5d..968d48ee7 100644 +--- a/tests/rpmmacro.at ++++ b/tests/rpmmacro.at +@@ -2,6 +2,24 @@ + # + AT_BANNER([RPM macros]) + ++# ------------------------------ ++AT_SETUP([macro path: skip editor backups]) ++AT_KEYWORDS([macros]) ++RPMTEST_SETUP ++AT_CHECK([ ++mkdir -p $RPMTEST/usr/lib/rpm/macros.d/ ++echo '%this that' > $RPMTEST/usr/lib/rpm/macros.d/macros.this ++runroot rpm --eval '%{this}' ++mv $RPMTEST/usr/lib/rpm/macros.d/macros.this{,~} ++runroot rpm --eval '%{this}' ++], ++[0], ++[that ++%{this} ++], ++[]) ++AT_CLEANUP ++ + # ------------------------------ + AT_SETUP([simple rpm --eval]) + AT_KEYWORDS([macros]) +-- +2.33.0 + diff --git a/rpm.spec b/rpm.spec index 37da6c0..96cf15a 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.18.2 -Release: 20 +Release: 21 Summary: RPM Package Manager License: GPL-2.0-or-later URL: https://rpm.org/ @@ -51,6 +51,7 @@ Patch6028: backport-Specify-the-private-key-in-rpm-addsign.patch Patch6029: backport-Fix-memleak-when-process-policies.patch Patch6030: backport-Enforce-the-same-sanity-checks-on-db-add-and-rebuild.patch Patch6031: backport-Fix-a-memory-leak-on-rpmdb-importdb.patch +Patch6032: backport-Require-macro-filenames-to-end-in-alphanum-char.patch Patch9000: Add-digest-list-plugin.patch Patch9001: Add-IMA-digest-list-support.patch @@ -339,6 +340,9 @@ make clean %exclude %{_mandir}/man8/rpmspec.8* %changelog +* Wed Nov 27 2024 hugel - 4.18.2-21 +- Require macro filenames to end in alphanum char + * Mon Nov 25 2024 hugel - 4.18.2-20 - sync patches from upstream