From 137a597a82550d8c9563615e057ee6679e497ce6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 13:00:57 +0000 Subject: import rpm-4.16.1.3-11.el9 --- diff --git a/SOURCES/rpm-4.16.1.3-add-path-query-option.patch b/SOURCES/rpm-4.16.1.3-add-path-query-option.patch new file mode 100644 index 0000000..0a44718 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-add-path-query-option.patch @@ -0,0 +1,194 @@ +From ce8af503733b5661efa046cc7f5f68ee0dad75cc Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 16 Aug 2021 18:21:02 +0200 +Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries + +There are legitimate reasons (such as rhbz#1940895 or the included test) +for wanting the former behavior where all file states were considered in +file queries prior to commit 9ad57bda4a82b9847826daa766b4421d877bb3d9, +so celebrate the tenth anniversary of that commit by adding a CLI switch +(a new package selector --path), as contemplated back then. + +Update the man page for --file to reflect it's current behavior and make +--path that more obvious. + +Resolves: rhbz#1940895 + +Combined with d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f and backported +for 4.16.1.3. +--- + doc/rpm.8 | 9 ++++++-- + lib/poptQV.c | 6 +++++- + lib/query.c | 7 +++++-- + lib/rpmcli.h | 1 + + tests/rpmquery.at | 52 +++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 70 insertions(+), 5 deletions(-) + +diff --git a/doc/rpm.8 b/doc/rpm.8 +index 80055b675..ab7364cf6 100644 +--- a/doc/rpm.8 ++++ b/doc/rpm.8 +@@ -57,7 +57,7 @@ rpm \- RPM Package Manager + .PP + + [\fB\fIPACKAGE_NAME\fB\fR] +- [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] ++ [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] [\fB--path \fIPATH\fB\fR] + [\fB-g,--group \fIGROUP\fB\fR] [\fB-p,--package \fIPACKAGE_FILE\fB\fR] + [\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR] + [\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR] +@@ -569,7 +569,7 @@ starts with "b". + List duplicated packages. + .TP + \fB-f, --file \fIFILE\fB\fR +-Query package owning \fIFILE\fR. ++Query package owning installed \fIFILE\fR. + .TP + \fB--filecaps\fR + List file names with POSIX1.e capabilities. +@@ -612,6 +612,11 @@ that will be expanded to paths that are substituted in place of + the package manifest as additional \fIPACKAGE_FILE\fR + arguments to the query. + .TP ++\fB--path \fIPATH\fB\fR ++Query package(s) owning \fIPATH\fR, whether the file is installed or not. ++Multiple packages may own a \fIPATH\fR, but the file is only owned by the ++package installed last. ++.TP + \fB--pkgid \fIMD5\fB\fR + Query package that contains a given package identifier, i.e. the + \fIMD5\fR digest of the combined header and +diff --git a/lib/poptQV.c b/lib/poptQV.c +index d9d1fad75..9b6101009 100644 +--- a/lib/poptQV.c ++++ b/lib/poptQV.c +@@ -27,6 +27,7 @@ struct rpmQVKArguments_s rpmQVKArgs; + #define POPT_WHATENHANCES -1014 + #define POPT_WHATOBSOLETES -1015 + #define POPT_WHATCONFLICTS -1016 ++#define POPT_QUERYBYPATH -1017 + + /* ========== Query/Verify/Signature source args */ + static void rpmQVSourceArgCallback( poptContext con, +@@ -58,6 +59,7 @@ static void rpmQVSourceArgCallback( poptContext con, + case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break; + case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break; + case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break; ++ case POPT_QUERYBYPATH: qva->qva_source |= RPMQV_PATH_ALL; break; + case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break; + case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break; + case POPT_QUERYBYTID: qva->qva_source |= RPMQV_TID; break; +@@ -80,7 +82,9 @@ struct poptOption rpmQVSourcePoptTable[] = { + { "checksig", 'K', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'K', + N_("rpm checksig mode"), NULL }, + { "file", 'f', 0, 0, 'f', +- N_("query/verify package(s) owning file"), "FILE" }, ++ N_("query/verify package(s) owning installed file"), "FILE" }, ++ { "path", '\0', 0, 0, POPT_QUERYBYPATH, ++ N_("query/verify package(s) owning path, installed or not"), "PATH" }, + { "group", 'g', 0, 0, 'g', + N_("query/verify package(s) in group"), "GROUP" }, + { "package", 'p', 0, 0, 'p', +diff --git a/lib/query.c b/lib/query.c +index fdabe6e52..9a71f0dc5 100644 +--- a/lib/query.c ++++ b/lib/query.c +@@ -445,6 +445,7 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar + } + /* fallthrough on absolute and relative paths */ + case RPMQV_PATH: ++ case RPMQV_PATH_ALL: + { char * fn; + + for (s = arg; *s != '\0'; s++) +@@ -463,8 +464,10 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar + fn = xstrdup(arg); + (void) rpmCleanPath(fn); + +- /* XXX Add a switch to enable former BASENAMES behavior? */ +- mi = rpmtsInitIterator(ts, RPMDBI_INSTFILENAMES, fn, 0); ++ rpmDbiTagVal tag = RPMDBI_INSTFILENAMES; ++ if (qva->qva_source == RPMQV_PATH_ALL) ++ tag = RPMDBI_BASENAMES; ++ mi = rpmtsInitIterator(ts, tag, fn, 0); + if (mi == NULL) + mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0); + +diff --git a/lib/rpmcli.h b/lib/rpmcli.h +index 4886c2453..8ef992ff2 100644 +--- a/lib/rpmcli.h ++++ b/lib/rpmcli.h +@@ -81,6 +81,7 @@ rpmcliFini(poptContext optCon); + enum rpmQVSources_e { + RPMQV_PACKAGE = 0, /*!< ... from package name db search. */ + RPMQV_PATH, /*!< ... from file path db search. */ ++ RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */ + RPMQV_ALL, /*!< ... from each installed package. */ + RPMQV_RPM, /*!< ... from reading binary rpm package. */ + RPMQV_GROUP, /*!< ... from group db search. */ +diff --git a/tests/rpmquery.at b/tests/rpmquery.at +index 9a4f1cb76..335d5ee0d 100644 +--- a/tests/rpmquery.at ++++ b/tests/rpmquery.at +@@ -201,6 +201,58 @@ runroot rpm \ + + AT_CLEANUP + ++# ------------------------------ ++# query a package by a file ++AT_SETUP([rpm -qf]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -qf /usr/local/bin/hello ++], ++[0], ++[hello-1.0-1.i386 ++], ++[]) ++AT_CLEANUP ++ ++AT_SETUP([rpm -qf on non-installed file]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ --excludedocs \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -qf /usr/share/doc/hello-1.0/FAQ ++], ++[1], ++[], ++[error: file /usr/share/doc/hello-1.0/FAQ: No such file or directory ++]) ++AT_CLEANUP ++ ++AT_SETUP([rpm -q --path on non-installed file]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ --excludedocs \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -q --path /usr/share/doc/hello-1.0/FAQ ++], ++[0], ++[hello-1.0-1.i386 ++], ++[]) ++AT_CLEANUP ++ + # ------------------------------ + AT_SETUP([integer array query]) + AT_KEYWORDS([query]) +-- +2.34.1 + diff --git a/SOURCES/rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch b/SOURCES/rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch new file mode 100644 index 0000000..998e1f8 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch @@ -0,0 +1,32 @@ +From a26f6655546158153807017e7ded2aff5e4e10e4 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 31 Jan 2022 11:13:35 +0200 +Subject: [PATCH] Bump hash for rpmdb cookie to SHA256 to appease FIPS + +The rpmdb cookie is not a security feature, but as these existing +hashes are more convenient than coming up with our own... we then +run into the great big wall of FIPS which in its current incarnation +disallows use of SHA1. And so rpmdbCookie() fails under current FIPS. + +Just bumping the algorithm to SHA256 seems the path of lowest +resistance, whether that algo makes sense for this purpose or not. +--- + lib/rpmdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmdb.c b/lib/rpmdb.c +index 01d49a641..00bd4236f 100644 +--- a/lib/rpmdb.c ++++ b/lib/rpmdb.c +@@ -2642,7 +2642,7 @@ char *rpmdbCookie(rpmdb db) + rpmdbIndexIterator ii = rpmdbIndexIteratorInit(db, RPMDBI_NAME); + + if (ii) { +- DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); ++ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA256, RPMDIGEST_NONE); + const void *key = 0; + size_t keylen = 0; + while ((rpmdbIndexIteratorNext(ii, &key, &keylen)) == 0) { +-- +2.34.1 + diff --git a/SOURCES/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch b/SOURCES/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch index 60058b4..8c29342 100644 --- a/SOURCES/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch +++ b/SOURCES/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch @@ -1,18 +1,144 @@ -From 1f63621d098741158b5e1e7158cc570a415d88cd Mon Sep 17 00:00:00 2001 +From b66422161d68ed7f7b1cb30e4db900bf42bed146 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Mon, 29 Nov 2021 14:01:39 +0200 -Subject: [PATCH] Fix IMA signature lengths assumed constant (#1833, - RhBug:2018937) +Subject: [PATCH 1/4] Add Python bindings for rpmfilesFSignature() + +Only, use more descriptive names than the C-side counterparts. +Python has nice facilities for dealing with binary data so return it +as such rather than converting to hex. + +Backported for 4.16.1.3 (removed rpmfilesVSignature()). +--- + python/rpmfiles-py.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/python/rpmfiles-py.c b/python/rpmfiles-py.c +index 27666021d..48189a0ac 100644 +--- a/python/rpmfiles-py.c ++++ b/python/rpmfiles-py.c +@@ -152,6 +152,22 @@ static PyObject *rpmfile_digest(rpmfileObject *s) + Py_RETURN_NONE; + } + ++static PyObject *bytebuf(const unsigned char *buf, size_t len) ++{ ++ if (buf) { ++ PyObject *o = PyBytes_FromStringAndSize((const char *)buf, len); ++ return o; ++ } ++ Py_RETURN_NONE; ++} ++ ++static PyObject *rpmfile_imasig(rpmfileObject *s) ++{ ++ size_t len = 0; ++ const unsigned char *sig = rpmfilesFSignature(s->files, s->ix, &len); ++ return bytebuf(sig, len); ++} ++ + static PyObject *rpmfile_class(rpmfileObject *s) + { + return utf8FromString(rpmfilesFClass(s->files, s->ix)); +@@ -278,6 +294,8 @@ static PyGetSetDef rpmfile_getseters[] = { + "language the file provides (typically for doc files)" }, + { "caps", (getter) rpmfile_caps, NULL, + "file capabilities" }, ++ { "imasig", (getter) rpmfile_imasig, NULL, ++ "IMA signature" }, + { NULL, NULL, NULL, NULL } + }; + +-- +2.35.1 + +From 9c4622998d3d0666edbea3ed1ae518502c3ed987 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 7 Feb 2022 11:52:55 +0200 +Subject: [PATCH 2/4] Add a testcase for --dump query + +--- + tests/rpmquery.at | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/tests/rpmquery.at b/tests/rpmquery.at +index 9a4f1cb76..9bd391ac5 100644 +--- a/tests/rpmquery.at ++++ b/tests/rpmquery.at +@@ -83,6 +83,24 @@ hello.spec + [ignore]) + AT_CLEANUP + ++AT_SETUP([rpm -qp --dump]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ -qp --dump \ ++ /data/RPMS/hello-2.0-1.x86_64.rpm ++], ++[0], ++[/usr/bin/hello 7120 1489670606 c89fa87aeb1143969c0b6be9334b21d932f77f74e8f60120b5de316406369cf0 0100751 root root 0 0 0 X ++/usr/share/doc/hello-2.0 4096 1489670606 0000000000000000000000000000000000000000000000000000000000000000 040755 root root 0 0 0 X ++/usr/share/doc/hello-2.0/COPYING 48 908894882 fac3b28492ecdc16da172a6f1a432ceed356ca4d9248157b2a962b395e37b3b0 0100644 root root 0 1 0 X ++/usr/share/doc/hello-2.0/FAQ 36 908895030 678b87e217a415f05e43460e2c7b668245b412e2b4f18a75aa7399d9774ed0b4 0100644 root root 0 1 0 X ++/usr/share/doc/hello-2.0/README 39 908884468 d63fdc6c986106f57230f217d36b2395d83ecf491d2b7187af714dc8db9629e9 0100644 root root 0 1 0 X ++], ++[]) ++AT_CLEANUP ++ + # ------------------------------ + AT_SETUP([rpmspec -q]) + AT_KEYWORDS([query]) +-- +2.35.1 + +From 9b2bc10881db7691439005fd74ea53d75b15ac76 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 10 Feb 2022 11:15:04 +0200 +Subject: [PATCH 3/4] Ensure sane string lengths for file digests from header + +--- + lib/rpmfi.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/rpmfi.c b/lib/rpmfi.c +index af428468c..2dffab3aa 100644 +--- a/lib/rpmfi.c ++++ b/lib/rpmfi.c +@@ -1501,6 +1501,10 @@ static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len) + t += len; + continue; + } ++ if (strlen(s) != len * 2) { ++ bin = rfree(bin); ++ break; ++ } + for (int j = 0; j < len; j++, t++, s += 2) + *t = (rnibble(s[0]) << 4) | rnibble(s[1]); + } +-- +2.35.1 + +From ddfed9e1842a1b60a8c40de3a18add6f6d68c515 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 29 Nov 2021 14:01:39 +0200 +Subject: [PATCH 4/4] Fix IMA signature fubar, take III (#1833, RhBug:2018937) At least ECDSA and RSA signatures can vary in length, but the IMA code assumes constant lengths and thus may either place invalid signatures on disk from either truncating or overshooting, and segfault if the stars are just so. -Luckily the signatures are stored as strings so we can calculate the -actual lengths at runtime and ignore the stored constant length info. -Extend hex2bin() to optionally calculate the lengths and maximum, -and use these for returning IMA data from the rpmfi(les) API. +As we can't assume static lengths and attempts to use maximum length +have proven problematic for other reasons, use a data structure that +can actually handle variable length data properly: store offsets into +the decoded binary blob and use them to calculate lengths when needed, +empty data is simply consequtive identical offsets. This avoids a whole +class of silly overflow issues with multiplying, makes zero-length data +actually presentable in the data structure and saves memory too. + +Add tests to show behavior with variable length signatures and missing +signatures. Additionally update the signing code to store the largest IMA signature length rather than what happened to be last to be on the safe side. @@ -22,179 +148,126 @@ not a lot to gain anyhow. Fixes: #1833 -Backported for 4.16.1.3 and combined with: -31e9daf823f7052135d1decc0802b6fa775a88c5 (fix-up) -0c1ad364d65c4144ff71c376e0b49fbc322b686d (python bindings) - -Note that the test case has been removed due to it including a binary -file (test package) for which we'd have to use -Sgit with %autopatch and -thus depend on git-core at build time. Nevertheless, we do have this BZ -covered in our internal test suite, so no need for it anyway. +Backported for 4.16.1.3. Note that the test case has been removed due +to it including a binary file (test package) for which we'd have to use +-Sgit with %autopatch and thus depend on git-core at build time. +Nevertheless, we do have this BZ covered in our internal test suite, so +no need for it anyway. --- - lib/rpmfi.c | 59 +++++++++++++++++++++++++++++++++----------- - python/rpmfiles-py.c | 18 ++++++++++++++ - sign/rpmsignfiles.c | 5 +++- - 3 files changed, 67 insertions(+), 15 deletions(-) + lib/rpmfi.c | 61 +++++++++++++++++++++++++++++++++++++++------ + sign/rpmsignfiles.c | 5 +++- + 2 files changed, 58 insertions(+), 8 deletions(-) diff --git a/lib/rpmfi.c b/lib/rpmfi.c -index af428468c..ed8927fd5 100644 +index 2dffab3aa..77e73442c 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c -@@ -115,7 +115,8 @@ struct rpmfiles_s { +@@ -115,7 +115,7 @@ struct rpmfiles_s { struct fingerPrint_s * fps; /*!< File fingerprint(s). */ int digestalgo; /*!< File digest algorithm */ - int signaturelength; /*!< File signature length */ -+ int *signaturelengths; /*!< File signature lengths */ -+ int signaturemaxlen; /*!< Largest file signature length */ ++ uint32_t *signatureoffs; /*!< File signature offsets */ unsigned char * digests; /*!< File digests in binary. */ unsigned char * signatures; /*!< File signatures in binary. */ -@@ -575,9 +576,9 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len) +@@ -574,10 +574,15 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len) + const unsigned char *signature = NULL; if (fi != NULL && ix >= 0 && ix < rpmfilesFC(fi)) { - if (fi->signatures != NULL) +- if (fi->signatures != NULL) - signature = fi->signatures + (fi->signaturelength * ix); -+ signature = fi->signatures + (fi->signaturemaxlen * ix); ++ size_t slen = 0; ++ if (fi->signatures != NULL && fi->signatureoffs != NULL) { ++ uint32_t off = fi->signatureoffs[ix]; ++ slen = fi->signatureoffs[ix+1] - off; ++ if (slen > 0) ++ signature = fi->signatures + off; ++ } if (len) - *len = fi->signaturelength; -+ *len = fi->signaturelengths ? fi->signaturelengths[ix] : 0; ++ *len = slen; } return signature; } -@@ -1257,6 +1258,7 @@ rpmfiles rpmfilesFree(rpmfiles fi) +@@ -1257,6 +1262,7 @@ rpmfiles rpmfilesFree(rpmfiles fi) fi->flangs = _free(fi->flangs); fi->digests = _free(fi->digests); fi->signatures = _free(fi->signatures); -+ fi->signaturelengths = _free(fi->signaturelengths); ++ fi->signatureoffs = _free(fi->signatureoffs); fi->fcaps = _free(fi->fcaps); fi->cdict = _free(fi->cdict); -@@ -1486,23 +1488,52 @@ err: +@@ -1485,6 +1491,48 @@ err: + return; } - /* Convert a tag of hex strings to binary presentation */ --static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len) -+/* If lengths is non-NULL, assume variable length strings */ -+static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len, -+ int **lengths, int *maxlen) - { - struct rpmtd_s td; - uint8_t *bin = NULL; - - if (headerGet(h, tag, &td, HEADERGET_MINMEM) && rpmtdCount(&td) == num) { -- uint8_t *t = bin = xmalloc(num * len); - const char *s; -+ int maxl = 0; -+ int *lens = NULL; ++/* ++ * Convert a tag of variable len hex strings to binary presentation, ++ * accessed via offsets to a contiguous binary blob. Empty values ++ * are represented by identical consequtive offsets. The offsets array ++ * always has one extra element to allow calculating the size of the ++ * last element. ++ */ ++static uint8_t *hex2binv(Header h, rpmTagVal tag, rpm_count_t num, ++ uint32_t **offsetp) ++{ ++ struct rpmtd_s td; ++ uint8_t *bin = NULL; ++ uint32_t *offs = NULL; + -+ /* Figure string sizes + max length for allocation purposes */ -+ if (lengths) { -+ int i = 0; -+ lens = xmalloc(num * sizeof(*lens)); ++ if (headerGet(h, tag, &td, HEADERGET_MINMEM) && rpmtdCount(&td) == num) { ++ const char *s; ++ int i = 0; ++ uint8_t *t = bin = xmalloc(((rpmtdSize(&td) / 2) + 1)); ++ offs = xmalloc((num + 1) * sizeof(*offs)); + -+ while ((s = rpmtdNextString(&td))) { -+ lens[i] = strlen(s) / 2; -+ if (lens[i] > maxl) -+ maxl = lens[i]; -+ i++; ++ while ((s = rpmtdNextString(&td))) { ++ uint32_t slen = strlen(s); ++ uint32_t len = slen / 2; ++ if (slen % 2) { ++ bin = rfree(bin); ++ offs = rfree(offs); ++ goto exit; + } ++ offs[i] = t - bin; ++ for (int j = 0; j < len; j++, t++, s += 2) ++ *t = (rnibble(s[0]) << 4) | rnibble(s[1]); ++ i++; ++ } ++ offs[i] = t - bin; ++ *offsetp = offs; ++ } + -+ *lengths = lens; -+ *maxlen = maxl; ++exit: ++ rpmtdFreeData(&td); ++ return bin; ++} + -+ /* Reinitialize iterator for next round */ -+ rpmtdInit(&td); -+ } else { -+ maxl = len; -+ } - -+ uint8_t *t = bin = xmalloc(num * maxl); -+ int i = 0; - while ((s = rpmtdNextString(&td))) { - if (*s == '\0') { -- memset(t, 0, len); -- t += len; -- continue; -+ memset(t, 0, maxl); -+ } else { -+ if (lens) -+ len = lens[i]; -+ for (int j = 0; j < len; j++, s += 2) -+ t[j] = (rnibble(s[0]) << 4) | rnibble(s[1]); - } -- for (int j = 0; j < len; j++, t++, s += 2) -- *t = (rnibble(s[0]) << 4) | rnibble(s[1]); -+ t += maxl; -+ i++; - } - } - rpmtdFreeData(&td); -@@ -1570,15 +1601,15 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags) - /* grab hex digests from header and store in binary format */ - if (!(flags & RPMFI_NOFILEDIGESTS)) { - size_t diglen = rpmDigestLength(fi->digestalgo); -- fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen); -+ fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen, -+ NULL, NULL); - } - + /* Convert a tag of hex strings to binary presentation */ + static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len) + { +@@ -1580,9 +1628,8 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags) fi->signatures = NULL; /* grab hex signatures from header and store in binary format */ if (!(flags & RPMFI_NOFILESIGNATURES)) { - fi->signaturelength = headerGetNumber(h, RPMTAG_FILESIGNATURELENGTH); - fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES, - totalfc, fi->signaturelength); -+ fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES, totalfc, 0, -+ &fi->signaturelengths, &fi->signaturemaxlen); ++ fi->signatures = hex2binv(h, RPMTAG_FILESIGNATURES, ++ totalfc, &fi->signatureoffs); } /* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes */ -diff --git a/python/rpmfiles-py.c b/python/rpmfiles-py.c -index 27666021d..48189a0ac 100644 ---- a/python/rpmfiles-py.c -+++ b/python/rpmfiles-py.c -@@ -152,6 +152,22 @@ static PyObject *rpmfile_digest(rpmfileObject *s) - Py_RETURN_NONE; - } - -+static PyObject *bytebuf(const unsigned char *buf, size_t len) -+{ -+ if (buf) { -+ PyObject *o = PyBytes_FromStringAndSize((const char *)buf, len); -+ return o; -+ } -+ Py_RETURN_NONE; -+} -+ -+static PyObject *rpmfile_imasig(rpmfileObject *s) -+{ -+ size_t len = 0; -+ const unsigned char *sig = rpmfilesFSignature(s->files, s->ix, &len); -+ return bytebuf(sig, len); -+} -+ - static PyObject *rpmfile_class(rpmfileObject *s) - { - return utf8FromString(rpmfilesFClass(s->files, s->ix)); -@@ -278,6 +294,8 @@ static PyGetSetDef rpmfile_getseters[] = { - "language the file provides (typically for doc files)" }, - { "caps", (getter) rpmfile_caps, NULL, - "file capabilities" }, -+ { "imasig", (getter) rpmfile_imasig, NULL, -+ "IMA signature" }, - { NULL, NULL, NULL, NULL } - }; - diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c -index b143c5b9b..6f39db6be 100644 +index b143c5b9b..372ba634c 100644 --- a/sign/rpmsignfiles.c +++ b/sign/rpmsignfiles.c @@ -98,8 +98,9 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass) td.count = 1; while (rpmfiNext(fi) >= 0) { -+ uint32_t slen; ++ uint32_t slen = 0; digest = rpmfiFDigest(fi, NULL, NULL); - signature = signFile(algoname, digest, diglen, key, keypass, &siglen); + signature = signFile(algoname, digest, diglen, key, keypass, &slen); @@ -211,5 +284,5 @@ index b143c5b9b..6f39db6be 100644 if (siglen > 0) { -- -2.33.1 +2.35.1 diff --git a/SOURCES/rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch b/SOURCES/rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch new file mode 100644 index 0000000..1e8a922 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch @@ -0,0 +1,88 @@ +From f5695d04f56e27d9cf947c0502eb549c28aa817e Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 25 May 2021 14:07:18 +0300 +Subject: [PATCH] Fix regression reading rpm v3 and other rare packages (#1635) + +Commit d6a86b5e69e46cc283b1e06c92343319beb42e21 introduced far stricter +checks on what tags are allowed in signature and main headers than rpm +had previously seen, and unsurprisingly this introduced some regressions +on less common cases: + +- On rpm v3 packages and some newer 3rd party created packages (such as + install4j < 9.0.2), RPMTAG_ARCHIVESIZE resides in the main header + to begin with +- In rpm 4.13 - 4.14, file IMA signatures were incorrectly placed in + the main header. + +As a quirk, permit the existence of RPMTAG_ARCHIVESIZE, +RPMTAG_FILESIGNATURES and RPMTAG_FILESIGNATURELENGTH in the main header +too provided that the corresponding signature tag is not there (so +they can reside in either but not both headers). + +Initial workaround patch by Demi Marie Obenour. + +Fixes: #1635 + +Backported for 4.16.1.3. +--- + lib/package.c | 35 ++++++++++++++++++++--------------- + 1 file changed, 20 insertions(+), 15 deletions(-) + +diff --git a/lib/package.c b/lib/package.c +index 36ed5abc6..8c2b66b0b 100644 +--- a/lib/package.c ++++ b/lib/package.c +@@ -35,21 +35,22 @@ struct taglate_s { + rpmTagVal stag; + rpmTagVal xtag; + rpm_count_t count; ++ int quirk; + } const xlateTags[] = { +- { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 }, +- { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 }, +- { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 }, +- { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 }, +- /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */ +- { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 }, +- { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 }, +- { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 }, +- { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 }, +- { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 }, +- { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 }, +- { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 }, +- { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 }, +- { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 }, ++ { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1, 0 }, ++ { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0, 0 }, ++ { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16, 0 }, ++ { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0, 0 }, ++ /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0, 0 }, */ /* long obsolete, dont use */ ++ { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1, 1 }, ++ { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0, 1 }, ++ { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1, 1 }, ++ { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1, 0 }, ++ { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1, 0 }, ++ { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0, 0 }, ++ { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0, 0 }, ++ { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1, 0 }, ++ { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1, 0 }, + { 0 } + }; + +@@ -67,8 +68,12 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg) + + for (xl = xlateTags; xl->stag; xl++) { + /* There mustn't be one in the main header */ +- if (headerIsEntry(h, xl->xtag)) ++ if (headerIsEntry(h, xl->xtag)) { ++ /* Some tags may exist in either header, but never both */ ++ if (xl->quirk && !headerIsEntry(sigh, xl->stag)) ++ continue; + goto exit; ++ } + } + + rpmtdReset(&td); +-- +2.35.1 + diff --git a/SOURCES/rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch b/SOURCES/rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch new file mode 100644 index 0000000..7142d40 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch @@ -0,0 +1,123 @@ +From 8c37dff4ce9c887eda5ad61f78001e87473002ed Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 16 Nov 2021 11:49:18 +0200 +Subject: [PATCH] Fix spurious %transfiletriggerpostun execution + (RhBug:2023311) + +If a package has multiple %transfiletriggerpostun triggers, any one +of them matching would cause all of them to run, due to disconnect +in the intel gathering stage: we'd gather all the headers with matching +files into a lump, and then add any postun triggers found in them, +but this loses the triggering file information and causes all postuns +to run. + +The triggers need to be added while looping over the file matches, +like runFileTriggers() does. Doing so actually simplifies the code. +These should really be unified to use the same code, but leaving +that exercise to another rainy day. + +Combined with 0988ccb53abf426587d228df5c60c4042da71999 (fix-up). +--- + lib/rpmtriggers.c | 65 ++++++++++++++++++++++++----------------------- + 1 file changed, 33 insertions(+), 32 deletions(-) + +diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c +index fc809a65e..8d8f57450 100644 +--- a/lib/rpmtriggers.c ++++ b/lib/rpmtriggers.c +@@ -97,19 +97,39 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs) + } + } + ++static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter, ++ const char *prefix) ++{ ++ int tix = 0; ++ rpmds ds; ++ rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0); ++ ++ while ((ds = rpmdsFilterTi(triggers, tix))) { ++ if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter) && ++ strcmp(prefix, rpmdsN(ds)) == 0) { ++ struct rpmtd_s priorities; ++ ++ if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES, ++ &priorities, HEADERGET_MINMEM)) { ++ rpmtdSetIndex(&priorities, tix); ++ rpmtriggersAdd(ts->trigs2run, headerGetInstance(trigH), ++ tix, *rpmtdGetUint32(&priorities)); ++ } ++ } ++ rpmdsFree(ds); ++ tix++; ++ } ++ rpmdsFree(triggers); ++} ++ + void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) + { +- rpmdbMatchIterator mi; + rpmdbIndexIterator ii; +- Header trigH; + const void *key; + size_t keylen; + rpmfiles files; +- rpmds rpmdsTriggers; +- rpmds rpmdsTrigger; + + ii = rpmdbIndexIteratorInit(rpmtsGetRdb(ts), RPMDBI_TRANSFILETRIGGERNAME); +- mi = rpmdbNewIterator(rpmtsGetRdb(ts), RPMDBI_PACKAGES); + files = rpmteFiles(te); + + /* Iterate over file triggers in rpmdb */ +@@ -121,39 +141,20 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) + rpmfi fi = rpmfilesFindPrefix(files, pfx); + while (rpmfiNext(fi) >= 0) { + if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) { +- /* If yes then store it */ +- rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii), +- rpmdbIndexIteratorNumPkgs(ii)); ++ unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii); ++ const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii); ++ /* Save any postun triggers matching this prefix */ ++ for (int i = 0; i < npkg; i++) { ++ Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]); ++ addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN, pfx); ++ headerFree(h); ++ } + break; + } + } + rpmfiFree(fi); + } + rpmdbIndexIteratorFree(ii); +- +- if (rpmdbGetIteratorCount(mi)) { +- /* Filter triggers and save only trans postun triggers into ts */ +- while ((trigH = rpmdbNextIterator(mi)) != NULL) { +- int tix = 0; +- rpmdsTriggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0); +- while ((rpmdsTrigger = rpmdsFilterTi(rpmdsTriggers, tix))) { +- if ((rpmdsNext(rpmdsTrigger) >= 0) && +- (rpmdsFlags(rpmdsTrigger) & RPMSENSE_TRIGGERPOSTUN)) { +- struct rpmtd_s priorities; +- +- headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES, +- &priorities, HEADERGET_MINMEM); +- rpmtdSetIndex(&priorities, tix); +- rpmtriggersAdd(ts->trigs2run, rpmdbGetIteratorOffset(mi), +- tix, *rpmtdGetUint32(&priorities)); +- } +- rpmdsFree(rpmdsTrigger); +- tix++; +- } +- rpmdsFree(rpmdsTriggers); +- } +- } +- rpmdbFreeIterator(mi); + rpmfilesFree(files); + } + +-- +2.35.1 + diff --git a/SOURCES/rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch b/SOURCES/rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch new file mode 100644 index 0000000..6e3acf8 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch @@ -0,0 +1,40 @@ +From 6cdcdd8770d1f0b9ba706dcc1e6392a59dbe3fe5 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Tue, 7 Dec 2021 08:08:37 +0100 +Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662) + +If a package contains a symlink in the buildroot which is declared as a +ghost or config file but is a regular file or directory on the system +where it's installed, a --setperms call will reset its permissions to +those of a symlink (777 on Linux), which almost certainly is not the +correct thing to do. + +To fix that, just skip files that were recorded as symlinks. + +This is a special case of a general issue in --setperms; since file +permission semantics may change depending on the file type, to stay on +the safe side, any (ghost or config) file whose type changes after +installation should probably be skipped. However, symlinks are the most +prominent case here, so let's just focus on that now and avoid adding +too much cleverness to a popt alias (this got us into trouble not too +long ago, see commits 38c2f6e and 0d83637). We may revisit this in the +eventual C implementation. +--- + rpmpopt.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmpopt.in b/rpmpopt.in +index 27d298651..d5a6b140b 100644 +--- a/rpmpopt.in ++++ b/rpmpopt.in +@@ -44,6 +44,7 @@ rpm alias --scripts --qf '\ + --POPTdesc=$"list install/erase scriptlets from package(s)" + + rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ ++ \[ -n %{FILELINKTOS:shescape} \] || \ + ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ + chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ + --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ +-- +2.34.1 + diff --git a/SOURCES/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch b/SOURCES/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch index a1753a4..878f6e4 100644 --- a/SOURCES/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch +++ b/SOURCES/rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch @@ -1,4 +1,4 @@ -From a73895e6f03bef5e95a738ff680f7c42151f3959 Mon Sep 17 00:00:00 2001 +From 32b21da4bae5b8fbe0f42c31b723c4963b4b2512 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Thu, 6 May 2021 18:34:45 -0400 Subject: [PATCH] Validate and require subkey binding signatures on PGP public @@ -18,22 +18,25 @@ Combined with: 5ff86764b17f31535cb247543a90dd739076ec38 b5e8bc74b2b05aa557f663fe227b94d2bc64fbd8 9f03f42e2614a68f589f9db8fe76287146522c0c +b6dffb6dc5ffa2ddc389743f0507876cab341315 (mem-leak fix) +ae3d2d234ae47ff85229d3fce97a266fa1aa5a61 (use-after-free fix) Fixes CVE-2021-3521. --- - rpmio/rpmpgp.c | 123 +++++++++++++++--- + rpmio/rpmpgp.c | 122 +++++++++++++++--- + sign/rpmgensig.c | 2 +- tests/Makefile.am | 3 + tests/data/keys/CVE-2021-3521-badbind.asc | 25 ++++ .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 ++++ tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 ++++++ tests/rpmsigdig.at | 28 ++++ - 6 files changed, 224 insertions(+), 17 deletions(-) + 7 files changed, 224 insertions(+), 18 deletions(-) create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9..b12410d67 100644 +index d0688ebe9..3372d577d 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -515,7 +515,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) @@ -76,7 +79,7 @@ index d0688ebe9..b12410d67 100644 } break; default: rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version); -@@ -1041,36 +1039,128 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) +@@ -1041,36 +1039,127 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) return algo; } @@ -178,12 +181,11 @@ index d0688ebe9..b12410d67 100644 - p += (pkt.body - pkt.head) + pkt.blen; + if (selfsig) { + /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } ++ int xx = 1; /* assume failure */ + -+ int xx = pgpVerifySelf(digp, selfsig, all, i); ++ if (!(prevtag == PGPTAG_PUBLIC_SUBKEY && ++ selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)) ++ xx = pgpVerifySelf(digp, selfsig, all, i); + + selfsig = pgpDigParamsFree(selfsig); + if (xx) @@ -213,7 +215,7 @@ index d0688ebe9..b12410d67 100644 if (ret && rc == 0) { *ret = digp; } else { -@@ -1105,8 +1195,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, +@@ -1105,8 +1194,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, digps = xrealloc(digps, alloced * sizeof(*digps)); } @@ -223,6 +225,19 @@ index d0688ebe9..b12410d67 100644 /* Copy UID from main key to subkey */ digps[count]->userid = xstrdup(mainkey->userid); +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index e5d191cc0..988a0f611 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -351,7 +351,7 @@ static int haveSignature(rpmtd sigtd, Header h) + pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2); + if (pgpDigParamsCmp(sig1, sig2) == 0) + rc = 1; +- pgpDigParamsFree(sig2); ++ sig2 = pgpDigParamsFree(sig2); + } + pgpDigParamsFree(sig1); + rpmtdFreeData(&oldtd); diff --git a/tests/Makefile.am b/tests/Makefile.am index f742a9e1d..328234278 100644 --- a/tests/Makefile.am @@ -382,5 +397,5 @@ index e1a3ab062..705fc5870 100644 # Test pre-built package verification AT_SETUP([rpmkeys -K 1]) -- -2.33.1 +2.34.1 diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index f598ac7..bcd8a8d 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 9 +%global rel 11 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -77,6 +77,11 @@ Patch105: rpm-4.16.1.3-ELF-files-strip-when-debuginfo-disabled.patch Patch106: rpm-4.16.1.3-unbreak-checking-of-installed-rich-deps.patch Patch107: rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch Patch108: rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch +Patch109: rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch +Patch110: rpm-4.16.1.3-add-path-query-option.patch +Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch +Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch +Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch # These are not yet upstream Patch906: rpm-4.7.1-geode-i686.patch @@ -606,8 +611,19 @@ fi %doc doc/librpm/html/* %changelog +* Mon Feb 14 2022 Michal Domonkos - 4.16.1.3-11 +- Fix IMA signature lengths assumed constant, take III (#2018937) +- Fix regression reading rpm v3 and other rare packages (#2037186) +- Fix spurious %transfiletriggerpostun execution (#2023692) + +* Mon Jan 31 2022 Michal Domonkos - 4.16.1.3-10 +- Address covscan issues in binding sigs validation patch (#1943724) +- Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455) +- Add --path query option (#2037352) +- Skip recorded symlinks in --setperms (#2025906) + * Mon Dec 13 2021 Michal Domonkos - 4.16.1.3-9 -- Fix-up IMA signature lengths patch (#2018937) +- Fix IMA signature lengths assumed constant, take II (#2018937) * Thu Dec 09 2021 Michal Domonkos - 4.16.1.3-8 - Support hash v8 databases from BDB < 4.6 (#1965147)