Backport some patches from upstream

(cherry picked from commit dc2d4dc8f6325495fda6b2b2565b76b5b8d9a0fe)
2024-07-24 10:20:07 +08:00 · 2024-07-24 10:20:07 +08:00 · f189a4944a
commit f189a4944a
parent b5d95e62eb
7 changed files with 242 additions and 2 deletions
--- a/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
+++ b/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
@ -0,0 +1,34 @@
 From a385821780804b558ae18aec820d127e4144fafd Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Thu, 11 Apr 2024 12:08:04 +0300
 Subject: [PATCH] Fix an ancient memleak on %caps() parsing, add tests
 Conflict:don't modify tests because the test case depends on the gcc.
 Reference:https://github.com/rpm-software-management/rpm/commit/a385821780804b558ae18aec820d127e4144fafd
 This leak has been there ever since rpm 4.7.0, so pretty close to 15
 years. ASAN would've caught it, if it had it been tested. Oops.
 Of course, in the fakechroot era we couldn't have tested installation
 but we could've at least tested the parsing side.
 Add tests for parsing, query and install functionality, and fix the
 leak that is now very visible.
 ---
 build/files.c              |  1 +
 1 file changed, 1 insertion(+)
 diff --git a/build/files.c b/build/files.c
 index 14e4c55ef..b059458a1 100644
 --- a/build/files.c
 +++ b/build/files.c
@@ -228,6 +228,7 @@ static void copyFileEntry(FileEntry src, FileEntry dest)
 static void FileEntryFree(FileEntry entry)
 {
     argvFree(entry->langs);
 +    free(entry->caps);
     memset(entry, 0, sizeof(*entry));
 }
 -- 
 2.33.0
--- a/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
+++ b/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
@ -0,0 +1,31 @@
 From f8a72afbdb560dc534ca1ff390bc54e01d1144a6 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Mon, 8 Apr 2024 14:41:48 +0300
 Subject: [PATCH] Fix pointer bogosity in rpmlog callback
 Conflict:NA
 Reference:https://github.com/rpm-software-management/rpm/commit/f8a72afbdb560dc534ca1ff390bc54e01d1144a6
 rpmlogCallbackData is already a pointer type, we don't want a pointer
 to a pointer for this. Kinda surprising it actually worked, but then
 it's just a void pointer so...
 ---
 rpmio/rpmlog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/rpmio/rpmlog.c b/rpmio/rpmlog.c
 index 2bb5ab0e3..3ccbe2692 100644
 --- a/rpmio/rpmlog.c
 +++ b/rpmio/rpmlog.c
@@ -382,7 +382,7 @@ static void dolog(struct rpmlogRec_s *rec, int saverec)
     int cbrc = RPMLOG_DEFAULT;
     int needexit = 0;
     FILE *clog = NULL;
 -    rpmlogCallbackData *cbdata = NULL;
 +    rpmlogCallbackData cbdata = NULL;
     rpmlogCallback cbfunc = NULL;
     rpmlogCtx ctx = rpmlogCtxAcquire(saverec);
 -- 
 2.33.0
--- a/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
+++ b/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
@ -0,0 +1,35 @@
 From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Fri, 7 Jun 2024 10:14:25 +0200
 Subject: [PATCH] Fix potential use of uninitialized pgp struct
 Conflict:NA
 Reference:https://github.com/rpm-software-management/rpm/commit/1b90b8c7d176026b669ce28c6e185724a4b208b0
 We only call initPgpData() after base64 encoding the pubkey so if the
 latter fails, the kd struct will be left uninitialized and subsequently
 read from after skipping to the exit label.  Fix by initializing it.
 Found by Coverity.
 Fixes: RHEL-22605
 ---
 lib/rpmts.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/lib/rpmts.c b/lib/rpmts.c
 index 3070b97e6..76964c60a 100644
 --- a/lib/rpmts.c
 +++ b/lib/rpmts.c
@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys,
     int rc = -1;
     int i;
 +    memset(&kd, 0, sizeof(kd));
 +
     if ((enc = rpmPubkeyBase64(key)) == NULL)
 	goto exit;
 -- 
 2.33.0
--- a/backport-Fix-potential-use-of-uninitialized-pipe-array.patch
+++ b/backport-Fix-potential-use-of-uninitialized-pipe-array.patch
@ -0,0 +1,35 @@
 From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
 From: Michal Domonkos <mdomonko@redhat.com>
 Date: Thu, 6 Jun 2024 09:15:02 +0200
 Subject: [PATCH] Fix potential use of uninitialized pipe array
 Conflict:NA
 Reference:https://github.com/rpm-software-management/rpm/commit/bff65aad8af719542c7b0c6429e09223c014a909
 We only call pipe(2) after the script is written to disk so if the
 latter fails, the array will be left uninitialized and subsequently read
 after skipping to the exit label.  Fix by initializing it.
 Found by Coverity.
 Fixes: RHEL-22604
 ---
 lib/rpmscript.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/rpmscript.c b/lib/rpmscript.c
 index 281c55c53..1de4acf8e 100644
 --- a/lib/rpmscript.c
 +++ b/lib/rpmscript.c
@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
     char * fn = NULL;
     pid_t pid, reaped;
     int status;
 -    int inpipe[2];
 +    int inpipe[2] = { -1, -1 };
     FILE *in = NULL;
     const char *line;
     char *mline = NULL;
 -- 
 2.33.0
--- a/backport-Use-proper-type-for-copyTagsFromMainDebug.patch
+++ b/backport-Use-proper-type-for-copyTagsFromMainDebug.patch
@ -0,0 +1,30 @@
 From 42694806bf73b07514554233d0d58d17a58cd863 Mon Sep 17 00:00:00 2001
 From: Panu Matilainen <pmatilai@redhat.com>
 Date: Thu, 9 Feb 2023 13:05:24 +0200
 Subject: [PATCH] Use proper type for copyTagsFromMainDebug
 Conflict:NA
 Reference:https://github.com/rpm-software-management/rpm/commit/42694806bf73b07514554233d0d58d17a58cd863
 The array contains a non-enum value (0), this is why headerCopyTags()
 uses rpmTagVal pointer, not rpmTag.
 ---
 build/files.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/build/files.c b/build/files.c
 index 666c66651..24b4d80bf 100644
 --- a/build/files.c
 +++ b/build/files.c
@@ -2858,7 +2858,7 @@ exit:
     return rc;
 }
 -static rpmTag copyTagsFromMainDebug[] = {
 +static rpmTagVal copyTagsFromMainDebug[] = {
     RPMTAG_ARCH,
     RPMTAG_SUMMARY,
     RPMTAG_DESCRIPTION,
 -- 
 2.33.0
--- a/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
+++ b/backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
@ -0,0 +1,66 @@
 From 8e6108a5964c7289f3db70f3d188293276416528 Mon Sep 17 00:00:00 2001
 From: Daniel Alley <dalley@redhat.com>
 Date: Thu, 8 Dec 2022 09:40:00 -0500
 Subject: [PATCH] Use unsigned integers more consistently in the handling of
 tag data
 Conflict:NA
 Reference:https://github.com/rpm-software-management/rpm/commit/8e6108a5964c7289f3db70f3d188293276416528
 Not a functional change, it just makes the code more clear and
 self-consistent.
 ---
 lib/header.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
 diff --git a/lib/header.c b/lib/header.c
 index 004102dd2..72fb3d4fe 100644
 --- a/lib/header.c
 +++ b/lib/header.c
@@ -568,7 +568,7 @@ static int regionSwab(indexEntry entry, int il, int dl,
 	    }
 	}   break;
 	case RPM_INT32_TYPE:
 -	{   int32_t * it = ie.data;
 +	{   uint32_t * it = ie.data;
 	    for (; ie.info.count > 0; ie.info.count--, it += 1) {
 		if (dataEnd && ((unsigned char *)it) >= dataEnd)
 		    return -1;
@@ -576,7 +576,7 @@ static int regionSwab(indexEntry entry, int il, int dl,
 	    }
 	}   break;
 	case RPM_INT16_TYPE:
 -	{   int16_t * it = ie.data;
 +	{   uint16_t * it = ie.data;
 	    for (; ie.info.count > 0; ie.info.count--, it += 1) {
 		if (dataEnd && ((unsigned char *)it) >= dataEnd)
 		    return -1;
@@ -772,9 +772,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed,
 	    count = entry->info.count;
 	    src = entry->data;
 	    while (count--) {
 -		*((int32_t *)te) = htonl(*((int32_t *)src));
 -		te += sizeof(int32_t);
 -		src += sizeof(int32_t);
 +		*((uint32_t *)te) = htonl(*((uint32_t *)src));
 +		te += sizeof(uint32_t);
 +		src += sizeof(uint32_t);
 	    }
 	    break;
@@ -782,9 +782,9 @@ static void * doExport(const struct indexEntry_s *hindex, int indexUsed,
 	    count = entry->info.count;
 	    src = entry->data;
 	    while (count--) {
 -		*((int16_t *)te) = htons(*((int16_t *)src));
 -		te += sizeof(int16_t);
 -		src += sizeof(int16_t);
 +		*((uint16_t *)te) = htons(*((uint16_t *)src));
 +		te += sizeof(uint16_t);
 +		src += sizeof(uint16_t);
 	    }
 	    break;
 -- 
 2.33.0
--- a/rpm.spec
+++ b/rpm.spec
@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.18.2
-Release:       7
+Release:       8
 Summary:       RPM Package Manager
 License:       GPLv2+
 URL:           http://www.rpm.org/
@ -33,6 +33,12 @@ Patch6011: backport-Fix-an-enum-int-type-mismatch-in-rpmfiArchiveReadToF.patch
 Patch6012: backport-Fix-an-enum-int-type-mismatch-in-transaction-verify-.patch
 Patch6013: backport-Fix-enum-type-mismatch-in-rpmTagGetValue.patch
 Patch6014: backport-Free-old-cookie-value-to-prevent-a-memory-leak.patch
 Patch6015: backport-Fix-pointer-bogosity-in-rpmlog-callback.patch
 Patch6016: backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch
 Patch6017: backport-Fix-potential-use-of-uninitialized-pipe-array.patch
 Patch6018: backport-Fix-potential-use-of-uninitialized-pgp-struct.patch
 Patch6019: backport-Use-unsigned-integers-more-consistently-in-the-handl.patch
 Patch6020: backport-Use-proper-type-for-copyTagsFromMainDebug.patch
 Patch9000: Add-digest-list-plugin.patch
 Patch9001: Add-IMA-digest-list-support.patch
@ -331,7 +337,10 @@ make clean
 %exclude %{_mandir}/man8/rpmspec.8.gz
 %changelog
-* Tue Jul 23 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 4.18.2-7
+* Wed Jul 24 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-8
 - Backport some patches from upstream
 * Tue Jul 23 2024 zhangxingrong<zhangxingrong@uniontech.cn> - 4.18.2-7
 - Free old cookie value to prevent a memory leak
 * Mon Jun 3 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-6