Projects
openEuler:24.03
rpm
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 4
View file
_service:tar_scm:rpm.spec
Changed
@@ -1,6 +1,6 @@ Name: rpm Version: 4.18.2 -Release: 2 +Release: 3 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -20,6 +20,10 @@ Patch6000: backport-revert-Permit-building-rpm-from-git-without-pandoc.patch Patch6001: backport-Check-inside-root-when-querying-for-files.patch +Patch6002: backport-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch +Patch6003: backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch +Patch6004: backport-Fix-spec-parser-leaks-from-trans-f-file.patch +Patch6005: backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch Patch9000: Add-digest-list-plugin.patch Patch9001: Add-IMA-digest-list-support.patch @@ -318,6 +322,9 @@ %exclude %{_mandir}/man8/rpmspec.8.gz %changelog +* Thu Mar 14 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-3 +- Backport some patches from upstream + * Wed Feb 21 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-2 - Modify the version of zstd in Requires
View file
_service:tar_scm:backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch
Added
@@ -0,0 +1,31 @@ +From 656fe42af1d497c35769c740fcc98950e1455bad Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Wed, 24 Jan 2024 12:44:34 +0200 +Subject: PATCH Fix a theoretical use of uninitialized struct members + +If rpmScriptFromTriggerTag() was called with tm other than the three +handled cases in the switch, the rpmtd_s structs would be uninitialized +and weird things could happen. The value of tm is hardwired in all the +existing callers AFAICS but the extra safety doesn't hurt either. + +Discovered by static analysis in RHEL. +--- + lib/rpmscript.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index b18f851a3..3f6313278 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -641,6 +641,8 @@ rpmScript rpmScriptFromTriggerTag(Header h, rpmTagVal triggerTag, + headerGet(h, RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS, &tflags, hgflags); + prefix = "transfile"; + break; ++ default: ++ return NULL; + } + + if (rpmtdSetIndex(&tscripts, ix) >= 0 && rpmtdSetIndex(&tprogs, ix) >= 0) { +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-spec-parser-leaks-from-trans-f-file.patch
Added
@@ -0,0 +1,31 @@ +From 26a1323022e3153d99b2f1095fe040f52fb2e3f3 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Tue, 30 Jan 2024 14:55:54 +0200 +Subject: PATCH Fix spec parser leaks from %*trans -f <file> + +Conflict:don't free preunTransFile and postunTransFile because +db46bd8bd1 is not merged + +The untrans-versions leak because grepping around didn't turn up +the trans-counterparts ... because they didn't exist either. +Those leaks are adults by now. +--- + build/spec.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/build/spec.c b/build/spec.c +index 824afba27..6f8a6a155 100644 +--- a/build/spec.c ++++ b/build/spec.c +@@ -143,6 +143,8 @@ Package freePackage(Package pkg) + pkg->preUnFile = _free(pkg->preUnFile); + pkg->postUnFile = _free(pkg->postUnFile); + pkg->verifyFile = _free(pkg->verifyFile); ++ pkg->preTransFile = _free(pkg->preTransFile); ++ pkg->postTransFile = _free(pkg->postTransFile); + + pkg->header = headerFree(pkg->header); + pkg->ds = rpmdsFree(pkg->ds); +-- +2.33.0 +
View file
_service:tar_scm:backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch
Added
@@ -0,0 +1,38 @@ +From 7bf818c8344ecbf0e14a26e6393582ae79df864e Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Tue, 30 Jan 2024 15:04:03 +0200 +Subject: PATCH Tip-toe around rpmfiFN() thin ice in fsm + +Any pointer gotten from rpmfiFN() is only valid until the next +rpmfiFN() call, and here the path can end up inside plugins which +may have their own reasons for calling rpmfiFN(). At which point +the dest we passed would be invalid. strdup() it to appease ASAN, +but this needs a saner solution really. +--- + lib/fsm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/fsm.c b/lib/fsm.c +index a54e43bae..36708acc3 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -736,7 +736,7 @@ static int fsmSetmeta(int fd, int dirfd, const char *path, + int nofcaps) + { + int rc = 0; +- const char *dest = rpmfiFN(fi); ++ char *dest = xstrdup(rpmfiFN(fi)); + + if (!rc && !getuid()) { + rc = fsmChown(fd, dirfd, path, st->st_mode, st->st_uid, st->st_gid); +@@ -756,6 +756,7 @@ static int fsmSetmeta(int fd, int dirfd, const char *path, + fd, path, dest, + st->st_mode, action); + } ++ free(dest); + + return rc; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch
Added
@@ -0,0 +1,32 @@ +From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Wed, 24 Jan 2024 12:03:39 +0200 +Subject: PATCH Use unsigned integers for buildtime too for Y2K38 safety + +This little patch buys us 68 extra years to move to 64bit time tags +in rpm. That seems achievable. + +Fixes: #1228 +--- + build/build.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/build/build.c b/build/build.c +index e4081c673..0ac8bf6c9 100644 +--- a/build/build.c ++++ b/build/build.c +@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void) + if (srcdate == endptr || *endptr || errno != 0) + rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n")); + else +- buildTime = (int32_t) epoch; ++ buildTime = (uint32_t) epoch; + } else +- buildTime = (int32_t) time(NULL); ++ buildTime = (uint32_t) time(NULL); + + return buildTime; + } +-- +2.33.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/rpm.git</param> - <param name="revision">master</param> + <param name="revision">openEuler-24.03-LTS</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2