Projects
Mega:24.09
rpm
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:rpm.spec
Changed
@@ -1,6 +1,6 @@ Name: rpm Version: 4.18.2 -Release: 8 +Release: 14 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -39,6 +39,12 @@ Patch6018: backport-Fix-potential-use-of-uninitialized-pgp-struct.patch Patch6019: backport-Use-unsigned-integers-more-consistently-in-the-handl.patch Patch6020: backport-Use-proper-type-for-copyTagsFromMainDebug.patch +Patch6021: backport-Reset-recursion-depth-for-error-message.patch +Patch6022: backport-Fix-division-by-zero-in-elfdeps-RhBug-2299414.patch +Patch6023: backport-Make-sure-dirs-are-not-relocated-twice.patch +Patch6024: backport-Fix-root-relocation-regression.patch +Patch6025: backport-Fix-crash-on-Lua-file-trigger-exiting-with-return-ed.patch +Patch6026: backport-Fix-V-option-usage-in-our-tests.patch Patch9000: Add-digest-list-plugin.patch Patch9001: Add-IMA-digest-list-support.patch @@ -337,6 +343,24 @@ %exclude %{_mandir}/man8/rpmspec.8.gz %changelog +* Wed Sep 4 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-14 +- Backport some patches from upstream + +* Tue Sep 3 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-13 +- Backport some patches from upstream + +* Thu Aug 22 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-12 +- Fix the calculation of hdr size + +* Tue Aug 20 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-11 +- Fix the wrong IMA signature header check + +* Mon Aug 19 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-10 +- Fix the judgement of digests count + +* Fri Aug 16 2024 luhuaxin <luhuaxin1@huawei.com> - 4.18.2-9 +- IMA digest list plugin support signature within IMA header + * Wed Jul 24 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-8 - Backport some patches from upstream
View file
_service:tar_scm:Add-digest-list-plugin.patch
Changed
@@ -1,19 +1,20 @@ -From bc3ce3b2cb903ce0f2dca39964f11c4e79256a35 Mon Sep 17 00:00:00 2001 +From 3b2fb7d5a40d25c3295e02eb3695a45189342369 Mon Sep 17 00:00:00 2001 From: zhoushuiqing <zhoushuiqing2@huawei.com> Date: Fri, 16 Jun 2023 11:21:37 +0800 Subject: PATCH Add-digest-list-plugin +Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com> --- - plugins/digest_list.c | 670 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 670 insertions(+) + plugins/digest_list.c | 680 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 680 insertions(+) create mode 100644 plugins/digest_list.c diff --git a/plugins/digest_list.c b/plugins/digest_list.c new file mode 100644 -index 0000000..70cae82 +index 0000000..715b8d6 --- /dev/null +++ b/plugins/digest_list.c -@@ -0,0 +1,670 @@ +@@ -0,0 +1,680 @@ +/* + * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH + * @@ -114,22 +115,11 @@ + uint8_t sig0; /* signature payload */ +} __attribute__((packed)); + -+static int upload_digest_list(char *path, int type, int digest_list_signed) ++static int digest_list_count_is_zero(void) +{ -+ size_t size; -+ char buf21; -+ const char *ima_path = DIGEST_LIST_DATA_PATH; -+ struct stat st; -+ pid_t pid; -+ int ret = 0, fd; -+ -+ if (type == TR_REMOVED) -+ ima_path = DIGEST_LIST_DATA_DEL_PATH; -+ -+ if (stat(ima_path, &st) == -1) -+ return 0; ++ int fd = 0, ret = 0; ++ char first = 0; + -+ /* First determine if kernel interface can accept new digest lists */ + fd = open(DIGEST_LIST_COUNT, O_RDONLY); + if (fd < 0) { + rpmlog(RPMLOG_ERR, "digest_list: could not open IMA interface " @@ -137,24 +127,39 @@ + return -EACCES; + } + -+ ret = read(fd, buf, sizeof(buf)); -+ close(fd); -+ ++ ret = read(fd, &first, 1); + if (ret <= 0) { + rpmlog(RPMLOG_ERR, "digest_list: could not read from IMA " + "interface '%s': %s\n", DIGEST_LIST_COUNT, + strerror(errno)); ++ close(fd); + return -EACCES; + } + -+ /* Last character is newline */ -+ bufret - 1 = '\0'; ++ close(fd); ++ return (first == '0'); ++} + -+ rpmlog(RPMLOG_DEBUG, "digest_list: digests count %s\n", buf); ++static int upload_digest_list(char *path, int type, int digest_list_signed) ++{ ++ int ret = 0, fd = 0; ++ pid_t pid = 0; ++ size_t size = 0; ++ struct stat st; ++ const char *ima_path = NULL; + -+ if (*buf == '0') { -+ rpmlog(RPMLOG_DEBUG, "digest_list: not uploading '%s' to IMA " -+ "interface '%s'\n", path, ima_path); ++ ima_path = (type == TR_REMOVED) ? DIGEST_LIST_DATA_DEL_PATH : ++ DIGEST_LIST_DATA_PATH; ++ if (stat(ima_path, &st) == -1) { ++ rpmlog(RPMLOG_DEBUG, "digest_list: '%s' interface " ++ "not exist\n", ima_path); ++ return RPMRC_OK; ++ } ++ ++ /* First determine if kernel interface can accept new digest lists */ ++ if (digest_list_count_is_zero()) { ++ rpmlog(RPMLOG_DEBUG, "digest_list: the count is 0, not " ++ "upload '%s' to IMA interface '%s'\n", path, ima_path); + return RPMRC_OK; + } + @@ -163,7 +168,7 @@ + if (stat(RPM_PARSER, &st) == -1) { + rpmlog(RPMLOG_DEBUG, "digest_list: %s not found, " + "not uploading digest list\n", RPM_PARSER); -+ return 0; ++ return RPMRC_OK; + } + + if ((pid = fork()) == 0) { @@ -176,12 +181,13 @@ + if (ret != 0) + rpmlog(RPMLOG_ERR, "digest_list: %s returned %d\n", + RPM_PARSER, ret); -+ return 0; ++ return RPMRC_OK; + } + ++ /* If the digest list is signed, write path to the IMA interface */ + fd = open(ima_path, O_WRONLY); + if (fd < 0) { -+ rpmlog(RPMLOG_ERR, "digest_list: could not open IMA interface " ++ rpmlog(RPMLOG_ERR, "digest_list: rcould not open IMA interface " + "'%s': %s\n", ima_path, strerror(errno)); + return -EACCES; + } @@ -205,12 +211,11 @@ +static int write_rpm_digest_list(rpmte te, char *path) +{ + FD_t fd; -+ ssize_t written; -+ Header rpm = rpmteHeader(te); -+ rpmtd immutable; + int ret = 0; ++ ssize_t written = 0; ++ Header rpm = rpmteHeader(te); ++ rpmtd immutable = rpmtdNew(); + -+ immutable = rpmtdNew(); + headerGet(rpm, RPMTAG_HEADERIMMUTABLE, immutable, 0); + + fd = Fopen(path, "w.ufdio"); @@ -221,7 +226,6 @@ + + written = Fwrite(rpm_header_magic, sizeof(uint8_t), + sizeof(rpm_header_magic), fd); -+ + if (written != sizeof(rpm_header_magic)) { + ret = -EIO; + goto out; @@ -239,20 +243,18 @@ + +static int write_rpm_digest_list_ima_xattr(rpmte te, char *path) +{ -+ rpmtd signature; -+ ssize_t written; ++ FD_t fd; ++ ssize_t written = 0; ++ int ret = 0, sig_size = 0, sig_size_rounded = 0; + uint8_t sig2048 = { 0 }; + pgpDigParams sigp = NULL; + struct signature_v2_hdr *sig_hdr = (struct signature_v2_hdr *)sig; + Header rpm = rpmteHeader(te); -+ FD_t fd; -+ int ret = 0, sig_size, sig_size_rounded; ++ rpmtd signature = rpmtdNew(); + -+ signature = rpmtdNew(); + headerGet(rpm, RPMTAG_RSAHEADER, signature, 0); + ret = pgpPrtParams(signature->data, signature->count, + PGPTAG_SIGNATURE, &sigp); -+ + if (ret) { + ret = -ENOENT; + goto out; @@ -323,22 +325,16 @@ + return ret; +} + -+static int write_digest_list_ima_xattr(rpmte te, char *path, char *path_sig) ++static int fill_pgp_signature_header(rpmte te, struct signature_v2_hdr *sig_hdr) +{ -+ rpmtd signature; -+ uint8_t sig2048 = { 0 }; ++ int ret = 0; + pgpDigParams sigp = NULL; -+ struct signature_v2_hdr *sig_hdr = (struct signature_v2_hdr *)sig; + Header rpm = rpmteHeader(te); -+ FD_t fd; -+ struct stat st; -+ int ret = 0, sig_size; ++ rpmtd signature = rpmtdNew(); + -+ signature = rpmtdNew(); + headerGet(rpm, RPMTAG_RSAHEADER, signature, 0); + ret = pgpPrtParams(signature->data, signature->count, + PGPTAG_SIGNATURE, &sigp); -+ + if (ret) { + ret = -ENOENT; + goto out; @@ -349,25 +345,42 @@ + sig_hdr->hash_algo = HASH_ALGO_SHA256; + memcpy((void *)&sig_hdr->keyid, sigp->signid + sizeof(uint32_t), + sizeof(uint32_t)); ++out: ++ pgpDigParamsFree(sigp); ++ rpmtdFree(signature); ++ return ret; ++} + -+ if (stat(path_sig, &st) == -1) { -+ ret = -EACCES; -+ goto out; ++static int write_digest_list_ima_xattr(rpmte te, char *path, char *path_sig) ++{ ++ FD_t fd; ++ struct stat st; ++ int ret = 0, sig_size, hdr_exist; ++ uint8_t sig2048 = { 0 }; ++ struct signature_v2_hdr *sig_hdr = (struct signature_v2_hdr *)sig; ++ ++ if (stat(path_sig, &st) == -1) ++ return -EACCES; ++ ++ /* Check if the signature has already included a header */ ++ hdr_exist = st.st_size % 128 == 0 ? 0 : 1; ++ if (!hdr_exist) { ++ ret = fill_pgp_signature_header(te, sig_hdr); ++ if (ret < 0) ++ return ret; + } + + if (sizeof(sig_hdr) + st.st_size > sizeof(sig)) { + rpmlog(RPMLOG_ERR, "digest_list: signature in %s too big\n", + path); -+ ret = -E2BIG; -+ goto out; ++ return -E2BIG; + } + + fd = Fopen(path_sig, "r.ufdio"); + if (fd < 0) { + rpmlog(RPMLOG_ERR, "digest_list: could not open '%s': %s\n", + path_sig, strerror(errno)); -+ ret = -EACCES; -+ goto out; ++ return -EACCES; + } + + sig_size = Fread(sig_hdr->sig, sizeof(uint8_t), st.st_size, fd); @@ -375,27 +388,28 @@ + rpmlog(RPMLOG_ERR, "digest_list: could not read '%s': %s\n", + path_sig, strerror(errno)); + Fclose(fd); -+ ret = -EIO; -+ goto out; ++ return -EIO; + } + + sig_hdr->sig_size = __cpu_to_be16(sig_size); -+ ++ Fclose(fd); + rpmlog(RPMLOG_DEBUG, + "digest_list: read signature of %d bytes from '%s'\n", + sig_size, path_sig); + -+ ret = lsetxattr(path, XATTR_NAME_IMA, -+ sig, sizeof(*sig_hdr) + sig_size, 0); ++ /* The signature may include the header */ ++ if (hdr_exist) ++ ret = lsetxattr(path, XATTR_NAME_IMA, sig_hdr->sig, sig_size, 0); ++ else ++ ret = lsetxattr(path, XATTR_NAME_IMA, sig, sizeof(*sig_hdr) + sig_size, 0); ++ + if (ret < 0) + rpmlog(RPMLOG_ERR, "digest_list: could not apply security.ima " + "on '%s': %s\n", path, strerror(errno)); + else + rpmlog(RPMLOG_DEBUG, "digest_list: security.ima successfully " + "applied on '%s'\n", path); -+out: -+ pgpDigParamsFree(sigp); -+ rpmtdFree(signature); ++ + return ret; +} + @@ -483,11 +497,17 @@ + DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te), + rpmteR(te), rpmteA(te)); + -+ if (!stat(path_sig, &st)) ++ if (!stat(path_sig, &st)) { + digest_list_signed = 1; ++ rpmlog(RPMLOG_DEBUG, "digest_list: digest_list_signed = 1\n"); ++ } else { ++ rpmlog(RPMLOG_DEBUG, "digest_list: digest_list_signed = 0\n"); ++ } + -+ if (parser && !digest_list_signed) ++ if (parser && !digest_list_signed) { ++ rpmlog(RPMLOG_DEBUG, "digest_list: parser has to be signed!"); + goto out; ++ } + + if (parser) + snprintf(path, PATH_MAX, "%s/0-parser_list-compact-libexec", @@ -498,8 +518,10 @@ + DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te), + rpmteR(te), rpmteA(te)); + -+ if (stat(path, &st) == -1) ++ if (stat(path, &st) == -1) { ++ rpmlog(RPMLOG_DEBUG, "digest_list: failed to find digest list file path!"); + goto out; ++ } + + if (!digest_list_signed && check_append_signature(path)) { + digest_list_signed = 1; @@ -564,17 +586,6 @@ + unlink(path); + goto out; + } -+ -+ if (digest_list_signed_append) -+ goto out; -+ -+ ret = lremovexattr(path, XATTR_NAME_IMA); -+ if (ret < 0) -+ rpmlog(RPMLOG_ERR, "digest_list: cannot remove " -+ "security.ima from '%s'\n", path); -+ else -+ rpmlog(RPMLOG_DEBUG, "digest_list: security.ima " -+ "successfully removed from '%s'\n", path); + } +out: + free(path); @@ -685,5 +696,5 @@ + .fsm_file_post = digest_list_file_post, +}; -- -2.33.0 +2.46.0
View file
_service:tar_scm:backport-Fix-V-option-usage-in-our-tests.patch
Added
@@ -0,0 +1,242 @@ +From 826cbb8869e7d640fe3c2582a3a8dacf393e1ee0 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos <mdomonko@redhat.com> +Date: Wed, 21 Aug 2024 15:02:36 +0200 +Subject: PATCH Fix -V option usage in our tests + +Conflict:adapt context because 760eb8638 is not merged +Reference:https://github.com/rpm-software-management/rpm/commit/826cbb8869e7d640fe3c2582a3a8dacf393e1ee0 + +Coupling -V with -a when querying for specific packages makes little +sense and only causes the order of the output lines to depend on the +database ordering. + +This is known to vary between the ndb and sqlite backends in particular, +confusing some of the tests that expect the lines to be in a specific +order. + +While at it, fix all such questionable usages, even those that only +entail one package argument. + +Fixes: #3242 +--- + tests/rpme.at | 16 ++++++++-------- + tests/rpmverify.at | 38 +++++++++++++++++++------------------- + 2 files changed, 27 insertions(+), 27 deletions(-) + +diff --git a/tests/rpme.at b/tests/rpme.at +index ead757579..058d929fd 100644 +--- a/tests/rpme.at ++++ b/tests/rpme.at +@@ -293,9 +293,9 @@ done + RPMTEST_CHECK( + runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm + runroot rpm -U --ignoreos --excludepath=/usr/share /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm +-runroot rpm -Vav --nogroup --nouser conflicta conflictb ++runroot rpm -Vv --nogroup --nouser conflicta conflictb + runroot rpm -e conflicta +-runroot rpm -Vav --nogroup --nouser conflictb ++runroot rpm -Vv --nogroup --nouser conflictb + runroot rpm -e conflictb + runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm + , +@@ -310,9 +310,9 @@ missing /usr/share/my.version + RPMTEST_CHECK( + runroot rpm -U --ignoreos --excludepath=/usr/share /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm + runroot rpm -U --ignoreos /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm +-runroot rpm -Vav --nogroup --nouser conflicta conflictb ++runroot rpm -Vv --nogroup --nouser conflicta conflictb + runroot rpm -e conflicta +-runroot rpm -Vav --nogroup --nouser conflictb ++runroot rpm -Vv --nogroup --nouser conflictb + runroot rpm -e conflictb + runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm + , +@@ -327,9 +327,9 @@ missing /usr/share/my.version + RPMTEST_CHECK( + runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm + runroot rpm -U --ignoreos --force /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm +-runroot rpm -Vav --nogroup --nouser conflicta conflictb ++runroot rpm -Vv --nogroup --nouser conflicta conflictb + runroot rpm -e conflicta +-runroot rpm -Vav --nogroup --nouser conflictb ++runroot rpm -Vv --nogroup --nouser conflictb + runroot rpm -e conflictb + runroot rpm -Vp --nogroup --nouser /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm + , +@@ -344,9 +344,9 @@ missing /usr/share/my.version + RPMTEST_CHECK( + runroot rpm -U --ignoreos /build/RPMS/noarch/conflicta-1.0-1.noarch.rpm + runroot rpm -U --ignoreos --force /build/RPMS/noarch/conflictb-1.0-1.noarch.rpm +-runroot rpm -Vav --nogroup --nouser conflicta conflictb ++runroot rpm -Vv --nogroup --nouser conflicta conflictb + runroot rpm -e conflictb +-runroot rpm -Vav --nogroup --nouser conflicta ++runroot rpm -Vv --nogroup --nouser conflicta + runroot rpm -e conflicta + , + 0, +diff --git a/tests/rpmverify.at b/tests/rpmverify.at +index 3a87b085f..32427021d 100644 +--- a/tests/rpmverify.at ++++ b/tests/rpmverify.at +@@ -304,13 +304,13 @@ touch -t 201703171717 ${tf} + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + cat "${tf}" + + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + cat "${tf}" + + echo "xx" > "${tf}" +@@ -319,7 +319,7 @@ cat "${tf}" + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-4.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + cat "${tf}" + + touch -t 201703171717 ${tf} +@@ -327,7 +327,7 @@ touch -t 201703171717 ${tf} + runroot rpm -U --oldpackage \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + cat "${tf}" + , + 0, +@@ -352,7 +352,7 @@ touch -t 201703171717 ${tf} + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + cat "${tf}" + +@@ -360,7 +360,7 @@ cat "${tf}" + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + cat "${tf}" + echo "xx" > "${tf}" +@@ -369,7 +369,7 @@ cat "${tf}" + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-4.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + cat "${tf}" + +@@ -378,7 +378,7 @@ touch -t 201703171717 ${tf} + runroot rpm -U -Uvv --fsmdebug --oldpackage \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + cat "${tf}" + , +@@ -449,13 +449,13 @@ readlink "${tf}" + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + readlink "${tf}" + + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + readlink "${tf}" + + ln -sf "xx" "${tf}" +@@ -464,13 +464,13 @@ readlink "${tf}" + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-4.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + readlink "${tf}" + + runroot rpm -U --oldpackage \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + readlink "${tf}" + , + 0, +@@ -494,7 +494,7 @@ readlink "${tf}" + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + readlink "${tf}" + +@@ -502,7 +502,7 @@ readlink "${tf}" + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + readlink "${tf}" + ln -sf "xx" "${tf}" +@@ -511,14 +511,14 @@ readlink "${tf}" + runroot rpm -Uvv --fsmdebug \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-4.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + readlink "${tf}" + + runroot rpm -U -Uvv --fsmdebug --oldpackage \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-3.0-1.noarch.rpm > output.txt 2>&1 +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + grep -c "touch" output.txt + readlink "${tf}" + , +@@ -554,17 +554,17 @@ for v in "1.0" "2.0"; do + done + + runroot rpm -U /build/RPMS/noarch/replacetest-1.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + runroot rpm -U \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + chmod 777 "${tf}" + runroot rpm -U \ + --oldpackage \ + --define "_minimize_writes 1" \ + /build/RPMS/noarch/replacetest-1.0-1.noarch.rpm +-runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -V --nouser --nogroup replacetest + , + 0, + , +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-crash-on-Lua-file-trigger-exiting-with-return-ed.patch
Added
@@ -0,0 +1,81 @@ +From 05fbeb97a92608a9f66faa3f8d1c0fb67b0db62c Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Wed, 7 Aug 2024 12:42:36 +0300 +Subject: PATCH Fix crash on Lua file trigger exiting with return'ed data + (#3029) + +Conflict:modify the test code because b9b3f3515164 and 7f59c7dd2f4 + is not merged. +Reference:https://github.com/rpm-software-management/rpm/commit/05fbeb97a92608a9f66faa3f8d1c0fb67b0db62c + +Reset the Lua stack on return from rpmluaRunScript() to discard any +unhandled returned data from the scriptlet. This may happen if there's +eg "return 0" from a non-macro scriptlet. + +We could check for a numeric return value here and treat it as an exit +code, but then what to do with other kinds of returned data? +Our documentation states errors in Lua scriptlets should be signaled with +Lua error() function, it seems better to stick with that and avoid +introducing ambiguities and incompatibilities. + +Update the existing file trigger tests to cover this case. + +Fixes: #3029 +--- + rpmio/rpmlua.c | 2 ++ + tests/data/SPECS/filetriggers.spec | 11 +++++++++++ + tests/rpmscript.at | 3 +++ + 3 files changed, 16 insertions(+) + +diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c +index ecb21eb82..858be7739 100644 +--- a/rpmio/rpmlua.c ++++ b/rpmio/rpmlua.c +@@ -303,6 +303,8 @@ int rpmluaRunScript(rpmlua lua, const char *script, const char *name, + + exit: + free(buf); ++ /* discard any unhandled return data from the script */ ++ lua_settop(L, otop); + return ret; + } + +diff --git a/tests/data/SPECS/filetriggers.spec b/tests/data/SPECS/filetriggers.spec +index 3e2ee0034..e8d3bc7cd 100644 +--- a/tests/data/SPECS/filetriggers.spec ++++ b/tests/data/SPECS/filetriggers.spec +@@ -52,6 +52,17 @@ end + print("") + io.flush() + ++%filetriggerun -p <lua> -- /usr/bin ++print("filetriggerun(/usr/bin*)<lua>: "..arg2.." "..arg3) ++a = rpm.next_file() ++while a do ++ print(a) ++ a = rpm.next_file() ++end ++print("") ++io.flush() ++return 0 ++ + %filetriggerin -- /foo + echo "filetriggerin(/foo*):" + cat +diff --git a/tests/rpmscript.at b/tests/rpmscript.at +index 8fc729a56..d47705008 100644 +--- a/tests/rpmscript.at ++++ b/tests/rpmscript.at +@@ -461,6 +461,9 @@ filetriggerpostun(/foo*): + filetriggerun(/usr/bin*): 0 + /usr/bin/hello + ++filetriggerun(/usr/bin*)<lua>: 0 ++/usr/bin/hello ++ + filetriggerpostun(/usr/bin*): 0 + /usr/bin/hello + +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-division-by-zero-in-elfdeps-RhBug-2299414.patch
Added
@@ -0,0 +1,30 @@ +From 02ffc5158d1ad270e0b5c7ce6dfe4414a6ec029f Mon Sep 17 00:00:00 2001 +From: Michal Domonkos <mdomonko@redhat.com> +Date: Wed, 31 Jul 2024 16:19:40 +0200 +Subject: PATCH Fix division by zero in elfdeps (RhBug:2299414) + +Conflict:NA +Reference:https://github.com/rpm-software-management/rpm/commit/02ffc5158d1ad270e0b5c7ce6dfe4414a6ec029f + +Assume that the section does not hold a table if sh_entsize is 0 (as +specified in the elf(5) man page) and just skip it if that's the case. +--- + tools/elfdeps.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/elfdeps.c b/tools/elfdeps.c +index cb388f08d..822359ab9 100644 +--- a/tools/elfdeps.c ++++ b/tools/elfdeps.c +@@ -196,6 +196,8 @@ static void processVerNeed(Elf_Scn *scn, GElf_Shdr *shdr, elfInfo *ei) + static void processDynamic(Elf_Scn *scn, GElf_Shdr *shdr, elfInfo *ei) + { + Elf_Data *data = NULL; ++ if (shdr->sh_entsize == 0) ++ return; + while ((data = elf_getdata(scn, data)) != NULL) { + for (int i = 0; i < (shdr->sh_size / shdr->sh_entsize); i++) { + const char *s = NULL; +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-root-relocation-regression.patch
Added
@@ -0,0 +1,66 @@ +From 308ac60677732e9979b9ce11e5a3085906da1901 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos <mdomonko@redhat.com> +Date: Fri, 26 Jul 2024 10:44:04 +0200 +Subject: PATCH Fix root relocation regression + +Conflict:Do not modify the test code because the current test code is + different from that of the upstream community. If we directly + modify the test code, the test wull fail. Guaranteed by local + use cases. +Reference:https://github.com/rpm-software-management/rpm/commit/308ac60677732e9979b9ce11e5a3085906da1901 + +When relocating the root directory, make sure we insert the new path's +dirname to dirNames even if the root itself is owned by the package. + +This appears to have been the intention from the first version (largely +untouched since) of this code as we allow the root to pass through the +first checks (by setting len to 0 in that case) as well as the second +for loop where we do the relocations. + +This allows fsm to properly create and remove the relocated directory +since we're now using fd-based calls (#1919) and the parent directory +needs to be opened first. + +No need to do string comparison here, the empty basename signals that +we're processing the root directory, so just use that. + +Building a relocatable package that owns the root directory seems to be +a handy way to create user-installable packages (see RHEL-28967) and it +happened to work before with the path-based calls so this technically +was a regression. Add a test that emulates this use case. + +Fixes: #3173 +--- + lib/relocation.c | 8 +++++--- + 1 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/lib/relocation.c b/lib/relocation.c +index d31cf4779..0202b5c46 100644 +--- a/lib/relocation.c ++++ b/lib/relocation.c +@@ -181,8 +181,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + rpmFileTypes ft; + int fnlen; + ++ size_t baselen = strlen(baseNamesi); + size_t len = maxlen + +- strlen(dirNamesdirIndexesi) + strlen(baseNamesi) + 1; ++ strlen(dirNamesdirIndexesi) + baselen + 1; + if (len >= fileAlloced) { + fileAlloced = len * 2; + fn = xrealloc(fn, fileAlloced); +@@ -244,8 +245,9 @@ assert(fn != NULL); /* XXX can't happen */ + continue; + } + +- /* Relocation on full paths only, please. */ +- if (fnlen != len) continue; ++ /* Relocation on '/' and full paths only, please. */ ++ if (baselen && fnlen != len) ++ continue; + + rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n", + fn, relocationsj.newPath); +-- +2.33.0 +
View file
_service:tar_scm:backport-Make-sure-dirs-are-not-relocated-twice.patch
Added
@@ -0,0 +1,114 @@ +From 31c14ba6610568c2d634647fed1fb57221178da9 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos <mdomonko@redhat.com> +Date: Fri, 26 Jul 2024 10:43:50 +0200 +Subject: PATCH Make sure dirs are not relocated twice + +Conflict:adapt context +Reference:https://github.com/rpm-software-management/rpm/commit/31c14ba6610568c2d634647fed1fb57221178da9 + +When processing relocations, new dirnames are added to dirNames first +and then the rest is relocated. However, we go through the entire array +in the latter step, meaning that we may accidentally relocate an already +relocated path. + +Most relocations are fine as they involve two separate directory trees, +and we already skip over directories that don't match the old prefix. +However, that breaks apart if we're relocating to a nested subdirectory +(e.g. /opt -> /opt/new/dir). + +Fix this by simply stopping at the original dirCount as the new entries +are always added to the end of dirNames. + +Such relocations are perhaps not very common (or even unsupported) but +relocating the root directory itself may be useful (see the next commit +for details) and that is subject to the same issue. + +Note that we currently don't handle root relocations properly to start +with but that will be addressed in the next commit, this prepares the +ground. +--- + lib/relocation.c | 6 +++--- + tests/rpmi.at | 35 +++++++++++++++++++++++++++++++++++ + 2 files changed, 38 insertions(+), 3 deletions(-) + +diff --git a/lib/relocation.c b/lib/relocation.c +index 1eab60211..d31cf4779 100644 +--- a/lib/relocation.c ++++ b/lib/relocation.c +@@ -124,7 +124,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + char ** baseNames; + char ** dirNames; + uint32_t * dirIndexes; +- rpm_count_t fileCount, dirCount; ++ rpm_count_t fileCount, dirCount, dirCountOrig; + int nrelocated = 0; + int fileAlloced = 0; + char * fn = NULL; +@@ -163,7 +163,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations, + baseNames = bnames.data; + dirIndexes = dindexes.data; + fileCount = rpmtdCount(&bnames); +- dirCount = rpmtdCount(&dnames); ++ dirCount = dirCountOrig = rpmtdCount(&dnames); + /* XXX TODO: use rpmtdDup() instead */ + dirNames = dnames.data = duparray(dnames.data, dirCount); + dnames.flags |= RPMTD_PTR_ALLOCED; +@@ -297,7 +297,7 @@ assert(fn != NULL); /* XXX can't happen */ + } + + /* Finish off by relocating directories. */ +- for (i = dirCount - 1; i >= 0; i--) { ++ for (i = dirCountOrig - 1; i >= 0; i--) { + for (j = numRelocations - 1; j >= 0; j--) { + + if (relocationsj.oldPath == NULL) /* XXX can't happen */ +diff --git a/tests/rpmi.at b/tests/rpmi.at +index 7d1a0a871..372be0a8b 100644 +--- a/tests/rpmi.at ++++ b/tests/rpmi.at +@@ -1135,6 +1135,42 @@ runroot rpm -U --relocate /opt/bin=/bin \ + , + ) + RPMTEST_CLEANUP ++ ++AT_SETUP(rpm -i relocatable package 2) ++AT_KEYWORDS(install relocate) ++RPMDB_INIT ++ ++runroot rpmbuild --quiet -bb /data/SPECS/reloc.spec ++runroot rpmbuild --quiet -bb /data/SPECS/fakeshell.spec ++ ++runroot rpm -U /build/RPMS/noarch/fakeshell-1.0-1.noarch.rpm ++ ++RPMTEST_CHECK( ++runroot rpm -U \ ++ --relocate /opt/bin=/opt/bin/foo/bar \ ++ --relocate /opt/etc=/opt/etc/foo/bar \ ++ --relocate /opt/lib=/opt/lib/foo/bar \ ++ /build/RPMS/noarch/reloc-1.0-1.noarch.rpm ++runroot rpm -ql reloc ++, ++0, ++1: /opt/bin/foo/bar ++2: /opt/etc/foo/bar ++3: /opt/lib/foo/bar ++0: /opt/bin/foo/bar ++1: /opt/etc/foo/bar ++2: /opt/lib/foo/bar ++/opt ++/opt/bin/foo/bar ++/opt/bin/foo/bar/typo ++/opt/etc/foo/bar ++/opt/etc/foo/bar/conf ++/opt/lib/foo/bar ++/opt/lib/foo/bar/notlib ++, ++) ++RPMTEST_CLEANUP ++ + AT_SETUP(rpm -i with/without --excludedocs) + AT_KEYWORDS(install excludedocs) + RPMTEST_CHECK( +-- +2.33.0 +
View file
_service:tar_scm:backport-Reset-recursion-depth-for-error-message.patch
Added
@@ -0,0 +1,81 @@ +From ef87d2503498f65577b5d7af07cd453d622fe02c Mon Sep 17 00:00:00 2001 +From: Florian Festi <ffesti@redhat.com> +Date: Thu, 18 Jul 2024 13:04:28 +0200 +Subject: PATCH Reset recursion depth for error message +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Conflict:adapt context +Reference:https://github.com/rpm-software-management/rpm/commit/ef87d2503498f65577b5d7af07cd453d622fe02c + +$ rpm --define 'aaa %%aaa' --eval '%aaa' + +let to a core dump due to a stack overflow. This was cause by the +generation of the error message failing due to being too deep in the +recursion of the macro expansion - creating more error messages. + +Resetting the depth counter allows rendering the error message. As we are +failing and breaking off the parse run this is fine to do. + +Thanks to Miro Hrončok for reporting + +Resolves: #3197 +--- + rpmio/macro.c | 4 +++- + tests/rpmmacro.at | 22 ++++++++++++++++++++++ + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/rpmio/macro.c b/rpmio/macro.c +index b2fb1326d..3f34f718e 100644 +--- a/rpmio/macro.c ++++ b/rpmio/macro.c +@@ -447,9 +447,11 @@ static int mbInit(rpmMacroBuf mb, MacroExpansionData *med, size_t slen) + if (mb->buf == NULL) + mbAllocBuf(mb, slen); + if (++mb->depth > max_macro_depth) { ++ mb->depth--; ++ /* ensure error message can be rendered */ ++ mb->mc->depth = 0; + mbErr(mb, 1, + _("Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.\n")); +- mb->depth--; + return -1; + } + med->tpos = mb->tpos; /* save expansion pointer for printExpand */ +diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at +index 372cfa3ed..3adf48b61 100644 +--- a/tests/rpmmacro.at ++++ b/tests/rpmmacro.at +@@ -133,6 +133,28 @@ runroot rpm --define "this that" --define "that_that foo" --eval '%{expand:%{%{t + ) + RPMTEST_CLEANUP + ++AT_SETUP(recursive macro) ++AT_KEYWORDS(macros) ++RPMTEST_CHECK( ++runroot rpm --define 'aaa %aaa' --eval '%aaa' ++, ++1, ++, ++error: Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration. ++) ++RPMTEST_CLEANUP ++ ++AT_SETUP(recursive expression) ++AT_KEYWORDS(macros) ++RPMTEST_CHECK( ++runroot rpm --define 'aaa %\\%aaa\\' --eval '%aaa' ++, ++1, ++, ++error: Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration. ++) ++RPMTEST_CLEANUP ++ + AT_SETUP(parametrized macro 1) + AT_KEYWORDS(macros) + RPMTEST_CHECK( +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2