From c2ec49004fcd46e73385d74b5277a12278ce685f Mon Sep 17 00:00:00 2001 From: renxichen Date: Tue, 28 Feb 2023 20:00:58 +0800 Subject: [PATCH] bugfix with upstream patches about fifo --- ...for-special-device-node-installation.patch | 79 +++++++++++++ ...lock-and-character-special-files-219.patch | 110 ++++++++++++++++++ ...-for-metadata-in-FA_TOUCH-mode-too-w.patch | 46 ++++++++ ...roper-type-for-copyTagsFromMainDebug.patch | 27 +++++ ...t-support-for-POSIX-getopt-behaviour.patch | 33 ++++++ ...x-rpm-is-blocked-when-open-fifo-file.patch | 32 ----- rpm.spec | 11 +- 7 files changed, 304 insertions(+), 34 deletions(-) create mode 100644 backport-Add-a-test-for-special-device-node-installation.patch create mode 100644 backport-Fix-install-of-block-and-character-special-files-219.patch create mode 100644 backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch create mode 100644 backport-Use-proper-type-for-copyTagsFromMainDebug.patch create mode 100644 backport-support-for-POSIX-getopt-behaviour.patch delete mode 100644 rpm-fix-rpm-is-blocked-when-open-fifo-file.patch diff --git a/backport-Add-a-test-for-special-device-node-installation.patch b/backport-Add-a-test-for-special-device-node-installation.patch new file mode 100644 index 0000000..ec0cf9b --- /dev/null +++ b/backport-Add-a-test-for-special-device-node-installation.patch @@ -0,0 +1,79 @@ +From 5dcc399cd21f607f13eb092a3abfc8b8daa59d4c Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 13 Jan 2023 10:44:28 +0200 +Subject: [PATCH] Add a test for special device node installation + +This is a bit theoretical as it does not work for regular users or in +containers which are the typical scenarios for running the test-suite. +--- + tests/atlocal.in | 6 ++++++ + tests/data/SPECS/dev.spec | 14 ++++++++++++++ + tests/rpmi.at | 17 +++++++++++++++++ + 3 files changed, 37 insertions(+) + create mode 100644 tests/data/SPECS/dev.spec + +diff --git a/tests/atlocal.in b/tests/atlocal.in +index 70383bb46..a037de728 100644 +--- a/tests/atlocal.in ++++ b/tests/atlocal.in +@@ -64,6 +64,12 @@ if grep -q '#define WITH_CAP 1' "${abs_top_builddir}/config.h"; then + else + CAP_DISABLED=true; + fi ++if mknod foodev c 123 123; then ++ MKNOD_DISABLED=false ++ rm -f foodev ++else ++ MKNOD_DISABLED=true ++fi + + function setup_env() + { +diff --git a/tests/data/SPECS/dev.spec b/tests/data/SPECS/dev.spec +new file mode 100644 +index 000000000..d784fe114 +--- /dev/null ++++ b/tests/data/SPECS/dev.spec +@@ -0,0 +1,14 @@ ++Name: dev ++Version: 1.0 ++Release: 1 ++Group: Testing ++License: GPL ++Summary: Testing dev behavior ++BuildArch: noarch ++ ++%description ++%{summary} ++ ++%files ++%dev(c 11 22) /test-char ++%dev(b 33 44) /test-block +diff --git a/tests/rpmi.at b/tests/rpmi.at +index a2389de..f439e46 100644 +--- a/tests/rpmi.at ++++ b/tests/rpmi.at +@@ -888,3 +888,20 @@ runroot rpm -Vv --nouser --nogroup fifo + ], + []) + AT_CLEANUP ++ ++AT_SETUP([rpm -U dev]) ++AT_KEYWORDS([install]) ++AT_SKIP_IF([$MKNOD_DISABLED]) ++AT_CHECK([ ++RPMDB_INIT ++ ++runroot rpmbuild -bb --quiet /data/SPECS/dev.spec ++runroot rpm -U --ignoreos /build/RPMS/noarch/dev-1.0-1.noarch.rpm ++runroot rpm -Vv --nouser --nogroup dev ++], ++[0], ++[......... /test-block ++......... /test-char ++], ++[]) ++AT_CLEANUP +-- +2.27.0 + diff --git a/backport-Fix-install-of-block-and-character-special-files-219.patch b/backport-Fix-install-of-block-and-character-special-files-219.patch new file mode 100644 index 0000000..0b3f134 --- /dev/null +++ b/backport-Fix-install-of-block-and-character-special-files-219.patch @@ -0,0 +1,110 @@ +From 28c92fd54c93371c3062664d8a938438a2be88d6 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 13 Jan 2023 08:57:27 +0200 +Subject: [PATCH] Fix install of block and character special files (#2195, + #2275) + +While it's possible to open special files, they are, well, special and +have "side-effects" also known as, ahem, semantics. Opening a device +file in Unix means accessing that *device*, and FIFOs have their own +semantics. In other words, for rpm's purposes, we should never EVER +open these files as a part of the install / permission setting etc. +Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033. + +OTOH this forces us back to the less secure path based operations for +these files, which is what we were trying to avoid in the first place. +There always was a tiny race between create + open for these (because +there's no atomic way to create + open anything but regular files) but +this opens up the window quite a bit. +Nobody should be placing device nodes in user-owned directories but +FIFO's may be a different story. + +We haven't had tests for device nodes because it requires privileges the +test-suite usually doesn't have, not testing FIFOs I have no excuse for. +Add that test now. + +Fixes: #2195, #2275 +--- + lib/fsm.c | 4 +++- + tests/data/SPECS/fifo.spec | 16 ++++++++++++++++ + tests/Makefile.am | 2 +- + tests/rpmi.at | 15 +++++++++++++++ + 4 files changed, 35 insertions(+), 2 deletions(-) + create mode 100644 tests/data/SPECS/fifo.spec + +diff --git a/lib/fsm.c b/lib/fsm.c +index e38155df7..052416641 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -1014,7 +1014,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + rc = RPMERR_UNKNOWN_FILETYPE; + } + +- if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) { ++ /* Special files require path-based ops */ ++ int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode); ++ if (!rc && fd == -1 && mayopen) { + /* Only follow safe symlinks, and never on temporary files */ + fd = fsmOpenat(di.dirfd, fp->fpath, + fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0); +diff --git a/tests/data/SPECS/fifo.spec b/tests/data/SPECS/fifo.spec +new file mode 100644 +index 000000000..20b30b243 +--- /dev/null ++++ b/tests/data/SPECS/fifo.spec +@@ -0,0 +1,16 @@ ++Name: fifo ++Version: 1.0 ++Release: 1 ++Group: Testing ++License: GPL ++Summary: Testing fifo behavior ++BuildArch: noarch ++ ++%description ++%{summary} ++ ++%install ++mknod ${RPM_BUILD_ROOT}/test-fifo p ++ ++%files ++/test-fifo +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 04fa1e5..1b12148 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -174,7 +174,7 @@ populate_testing: + for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done + for node in urandom stdin stderr stdout null full; do ln -s /dev/$${node} testing/dev/$${node}; done + for cf in hosts resolv.conf passwd shadow group gshadow mtab ; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done +- for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done ++ for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod; do p=`which $${prog}`; if [ "$${p}" != "" ]; then ln -s $${p} testing/$(bindir)/; fi; done + for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done + (cd testing/magic && file -C) + chmod -R u-w testing/ +diff --git a/tests/rpmi.at b/tests/rpmi.at +index ee35bdc..a2389de 100644 +--- a/tests/rpmi.at ++++ b/tests/rpmi.at +@@ -873,3 +873,18 @@ runroot rpm -e hlinktest + ], + []) + AT_CLEANUP ++ ++AT_SETUP([rpm -U fifo]) ++AT_KEYWORDS([install]) ++AT_CHECK([ ++RPMDB_INIT ++ ++runroot rpmbuild -bb --quiet /data/SPECS/fifo.spec ++runroot rpm -U --ignoreos /build/RPMS/noarch/fifo-1.0-1.noarch.rpm ++runroot rpm -Vv --nouser --nogroup fifo ++], ++[0], ++[......... /test-fifo ++], ++[]) ++AT_CLEANUP +-- +2.27.0 + diff --git a/backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch b/backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch new file mode 100644 index 0000000..648b12f --- /dev/null +++ b/backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch @@ -0,0 +1,46 @@ +From 932013698149d43720cc321c8df2f99f51866e18 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 13 Jan 2023 10:00:37 +0200 +Subject: [PATCH] Use fd-based ops for metadata in FA_TOUCH mode too, +when + possible + +Fixes another brainfart in commit 25a435e90844ea98fe5eb7bef22c1aecf3a9c033. +--- + lib/fsm.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/fsm.c b/lib/fsm.c +index 54fea90..e6fac40 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -1002,6 +1002,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0; + int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0; + int firstlinkfile = -1; ++ int mayopen = 0; + char *tid = NULL; + struct filedata_s *fdata = xcalloc(fc, sizeof(*fdata)); + struct filedata_s *firstlink = NULL; +@@ -1136,8 +1137,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + rc = RPMERR_UNKNOWN_FILETYPE; + } + ++setmeta: + /* Special files require path-based ops */ +- int mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode); ++ mayopen = S_ISREG(fp->sb.st_mode) || S_ISDIR(fp->sb.st_mode); + if (!rc && fd == -1 && mayopen) { + /* Only follow safe symlinks, and never on temporary files */ + fd = fsmOpenat(di.dirfd, fp->fpath, +@@ -1146,7 +1148,6 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + rc = RPMERR_OPEN_FAILED; + } + +-setmeta: + if (!rc && fp->setmeta) { + rc = fsmSetmeta(fd, di.dirfd, fp->fpath, + fi, plugins, fp->action, +-- +2.27.0 + diff --git a/backport-Use-proper-type-for-copyTagsFromMainDebug.patch b/backport-Use-proper-type-for-copyTagsFromMainDebug.patch new file mode 100644 index 0000000..d60e6fb --- /dev/null +++ b/backport-Use-proper-type-for-copyTagsFromMainDebug.patch @@ -0,0 +1,27 @@ +From 42694806bf73b07514554233d0d58d17a58cd863 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 9 Feb 2023 13:05:24 +0200 +Subject: [PATCH] Use proper type for copyTagsFromMainDebug + +The array contains a non-enum value (0), this is why headerCopyTags() +uses rpmTagVal pointer, not rpmTag. +--- + build/files.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/files.c b/build/files.c +index 666c66651..24b4d80bf 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -2858,7 +2858,7 @@ exit: + return rc; + } + +-static rpmTag copyTagsFromMainDebug[] = { ++static rpmTagVal copyTagsFromMainDebug[] = { + RPMTAG_ARCH, + RPMTAG_SUMMARY, + RPMTAG_DESCRIPTION, +-- +2.27.0 + diff --git a/backport-support-for-POSIX-getopt-behaviour.patch b/backport-support-for-POSIX-getopt-behaviour.patch new file mode 100644 index 0000000..aa3c2c7 --- /dev/null +++ b/backport-support-for-POSIX-getopt-behaviour.patch @@ -0,0 +1,33 @@ +From 1f47b1cc0eddbb1921d81249a4bd604089c71495 Mon Sep 17 00:00:00 2001 +From: "(GalaxyMaster)" +Date: Tue, 31 Jan 2023 18:24:55 +1100 +Subject: [PATCH] support for POSIX getopt() behaviour + +[POSIX defines optarg only for options with arguments](https://pubs.opengroup.org/onlinepubs/000095399/functions/getopt.html) and callback() is expecting optarg to be NULL for options without arguments, however, at least on musl optarg will carry a pointer to the argument of the previous option with argument. This commit makes the behaviour deterministic and expected. +--- + rpmio/rgetopt.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rpmio/rgetopt.c b/rpmio/rgetopt.c +index f789fa8fe..b14366a8a 100644 +--- a/rpmio/rgetopt.c ++++ b/rpmio/rgetopt.c +@@ -28,6 +28,7 @@ int rgetopt(int argc, char * const argv[], const char *opts, + optind = 0; + #else + optind = 1; ++ optarg = NULL; + #endif + + while ((c = getopt(argc, argv, opts)) != -1) { +@@ -39,6 +40,7 @@ int rgetopt(int argc, char * const argv[], const char *opts, + rc = -1; + break; + } ++ optarg = NULL; + } + return (rc < 0) ? -optopt : optind; + } +-- +2.27.0 + diff --git a/rpm-fix-rpm-is-blocked-when-open-fifo-file.patch b/rpm-fix-rpm-is-blocked-when-open-fifo-file.patch deleted file mode 100644 index d7cbf22..0000000 --- a/rpm-fix-rpm-is-blocked-when-open-fifo-file.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 988df03f8a293f7aa1d6bb872b981c5dfc6493d9 Mon Sep 17 00:00:00 2001 -From: xujing -Date: Tue, 8 Nov 2022 10:36:36 +0800 -Subject: [PATCH] rpm: fix rpm is blocked when open fifo file - ---- - lib/fsm.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/lib/fsm.c b/lib/fsm.c -index c9ab3e1..c1c86b0 100644 ---- a/lib/fsm.c -+++ b/lib/fsm.c -@@ -1137,8 +1137,13 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, - - if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) { - /* Only follow safe symlinks, and never on temporary files */ -- fd = fsmOpenat(di.dirfd, fp->fpath, -- fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0); -+ int flags = fp->suffix ? AT_SYMLINK_NOFOLLOW : 0; -+ -+ /* Open the FIFO file in O_RDWR mode to prevent process blocking */ -+ if (S_ISFIFO(fp->sb.st_mode)) -+ flags |= O_RDWR; -+ -+ fd = fsmOpenat(di.dirfd, fp->fpath, flags, 0); - if (fd < 0) - rc = RPMERR_OPEN_FAILED; - } --- -2.27.0 - diff --git a/rpm.spec b/rpm.spec index 17df5be..207ca46 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.18.0 -Release: 6 +Release: 7 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -33,7 +33,11 @@ Patch6011: backport-Fix-memleak-when-fsmRename-failed-in-fsmCommit.patch Patch6012: backport-Fix-fileleak-and-memleak-in-rpmInstall.patch Patch6013: backport-Fix-fileleak-when-urlGetFile-fails-in-rpmInstall.patch -Patch9000: rpm-fix-rpm-is-blocked-when-open-fifo-file.patch +Patch6014: backport-Fix-install-of-block-and-character-special-files-219.patch +Patch6015: backport-Use-fd-based-ops-for-metadata-in-FA_TOUCH-mode-too-w.patch +Patch6016: backport-Add-a-test-for-special-device-node-installation.patch +Patch6017: backport-support-for-POSIX-getopt-behaviour.patch +Patch6018: backport-Use-proper-type-for-copyTagsFromMainDebug.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -320,6 +324,9 @@ make clean %exclude %{_mandir}/man8/rpmspec.8.gz %changelog +* Tue Feb 28 2023 renhongxun - 4.18.0-7 +- bugfix with upstream patches about fifo + * Wed Feb 08 2023 gaoyusong - 4.18.0-6 - Revert digest list patches