diff --git a/backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch b/backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch new file mode 100644 index 0000000..eca230e --- /dev/null +++ b/backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch @@ -0,0 +1,45 @@ +From af08077fb4c60dee516948ce7bf9bed91de62119 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 13 Sep 2022 10:26:05 +0300 +Subject: [PATCH] Fix possible descriptor leak in fsmOpenat() + +For the very unlikely case when openat() succeeded but fstatat() +doesn't, the directory descriptor may be leaved opened. Rearrange +the code a bit to ensure it'll always get closed when appropriate. + +Suggested-by: Pavel Kopylov +Suggested-by: Dmitry Antipov +--- + lib/fsm.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/fsm.c b/lib/fsm.c +index e4ec07e..c9ab3e1 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -427,14 +427,16 @@ static int fsmOpenat(int dirfd, const char *path, int flags) + */ + if (fd < 0 && errno == ELOOP && flags != sflags) { + int ffd = openat(dirfd, path, flags); +- if (ffd >= 0 && fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) { +- if (fstat(ffd, &sb) == 0) { +- if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) { +- fd = ffd; +- } else { +- close(ffd); ++ if (ffd >= 0) { ++ if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) { ++ if (fstat(ffd, &sb) == 0) { ++ if (lsb.st_uid == 0 || lsb.st_uid == sb.st_uid) { ++ fd = ffd; ++ } + } + } ++ if (ffd != fd) ++ close(ffd); + } + } + return fd; +-- +2.33.0 + diff --git a/backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch b/backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch new file mode 100644 index 0000000..f2be2bc --- /dev/null +++ b/backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch @@ -0,0 +1,26 @@ +From cf3150509ed7eb2407bdf1f5572cd613a30c2b86 Mon Sep 17 00:00:00 2001 +From: Vyacheslav Potoropin +Date: Thu, 25 Aug 2022 23:08:09 +0200 +Subject: [PATCH] Fix rpm lua rpm_vercmp error message if second argument is + broken + +--- + rpmio/rpmlua.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c +index 3f0bdeb3f..615146fab 100644 +--- a/rpmio/rpmlua.c ++++ b/rpmio/rpmlua.c +@@ -491,7 +491,7 @@ static int rpm_vercmp(lua_State *L) + } else { + if (v1 == NULL) + luaL_argerror(L, 1, "invalid version "); +- if (v1 == NULL) ++ if (v2 == NULL) + luaL_argerror(L, 2, "invalid version "); + } + rpmverFree(v1); +-- +2.33.0 + diff --git a/backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch b/backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch new file mode 100644 index 0000000..8cac6e0 --- /dev/null +++ b/backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch @@ -0,0 +1,64 @@ +From dc9e8169790eba18130fb96c13f56ecba6c9b346 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 6 Sep 2022 09:28:10 +0300 +Subject: [PATCH] Make pgpPubkeyFingerprint() do something meaningful again + +Commit 4bbeec134aab33e24f960be28a7b2198359c1f67 "fixed" an old +terminology confusion about keyid vs fingerprint, but in the process +broke pgpPubkeyFingerprint() for any external callers, as it now only +feeds on decoded packets whereas before it did the decoding by itself. +Add the decoding step back to the public function to make it usable outside +rpmpgp_internal.c again, retrieving a fingerprint seems like an useful +(public) API to have. + +This is kind of a regression fix in that prior to commit +4bbeec134aab33e24f960be28a7b2198359c1f67 pgpPubkeyFingerprint() returned +meaningful data to the outside caller and afterwards it didn't, however +that commit broke the API anyhow so it's kinda complicated. +Maybe we should just call it a bugfix and be done with it. + +Related to #1549 +--- + rpmio/rpmpgp.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index d4dd4b89d..8d0d76869 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -650,7 +650,7 @@ static int pgpPrtUserID(pgpTag tag, const uint8_t *h, size_t hlen, + return 0; + } + +-int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen, ++static int getPubkeyFingerprint(const uint8_t *h, size_t hlen, + uint8_t **fp, size_t *fplen) + { + int rc = -1; /* assume failure */ +@@ -717,11 +717,22 @@ int pgpPubkeyFingerprint(const uint8_t *h, size_t hlen, + return rc; + } + ++int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen, ++ uint8_t **fp, size_t *fplen) ++{ ++ struct pgpPkt p; ++ ++ if (decodePkt(pkt, pktlen, &p)) ++ return -1; ++ ++ return getPubkeyFingerprint(p.body, p.blen, fp, fplen); ++} ++ + static int getKeyID(const uint8_t *h, size_t hlen, pgpKeyID_t keyid) + { + uint8_t *fp = NULL; + size_t fplen = 0; +- int rc = pgpPubkeyFingerprint(h, hlen, &fp, &fplen); ++ int rc = getPubkeyFingerprint(h, hlen, &fp, &fplen); + if (fp && fplen > 8) { + memcpy(keyid, (fp + (fplen-8)), 8); + free(fp); +-- +2.33.0 + diff --git a/rpm.spec b/rpm.spec index 005bbe9..5ba69a7 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 12 +Release: 13 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -79,6 +79,9 @@ Patch6044: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch Patch6045: backport-CVE-2021-35938.patch Patch6046: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch Patch6047: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch +Patch6048: backport-Fix-rpm-lua-rpm_vercmp-error-message-if-second-argum.patch +Patch6049: backport-Make-pgpPubkeyFingerprint-do-something-meaningful-ag.patch +Patch6050: backport-Fix-possible-descriptor-leak-in-fsmOpenat.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -348,6 +351,9 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Tue Nov 01 2022 licunlong - 4.17.0-13 +- sync patches from upstream + * Fri Sep 09 2022 renhongxun - 4.17.0-12 - sync patches from upstream