diff --git a/SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch b/SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch new file mode 100644 index 0000000..24a7326 --- /dev/null +++ b/SOURCES/0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch @@ -0,0 +1,40 @@ +From 48546ffc0a3f3eb15bfd439a19fc9722eaea592f Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Tue, 28 Jun 2022 12:50:54 +0200 +Subject: [PATCH] Give warning on not supported hash for RSA keys + +This can happen when old keys are used on systems that have disabled SHA1 +e.g. for FIPS requirements. + +This is less than ideal but there is currently no way to pass a meaningful +error code up to rpmtsImportPubkey. rpmPubkeyNew just returns a valid key +or NULL. + +See rhbz#2069877 +--- + rpmio/digest_openssl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c +index a28a13acc..2ec5140f1 100644 +--- a/rpmio/digest_openssl.c ++++ b/rpmio/digest_openssl.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + #include "rpmio/digest.h" + +@@ -483,6 +484,7 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, + + ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)); + if (ret < 0) { ++ rpmlog(RPMLOG_WARNING, "Signature not supported. Hash algorithm %s not available.\n", pgpValString(PGPVAL_HASHALGO, hash_algo)); + rc = 1; + goto done; + } +-- +2.36.1 + diff --git a/SOURCES/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch b/SOURCES/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch new file mode 100644 index 0000000..38b2f5a --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch @@ -0,0 +1,57 @@ +diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh +index 4531271cc..74aeed851 100755 +--- a/scripts/rpm2cpio.sh ++++ b/scripts/rpm2cpio.sh +@@ -15,13 +15,23 @@ _dd() { + } + + calcsize() { ++ ++ case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in ++ "$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8' ++ *) fatal "File doesn't look like rpm: $pkg" ;; ++ esac ++ + offset=$(($1 + 8)) + + local i b b0 b1 b2 b3 b4 b5 b6 b7 + + i=0 + while [ $i -lt 8 ]; do +- b="$(_dd $(($offset + $i)) bs=1 count=1)" ++ # add . to not loose \n ++ # strip \0 as it gets dropped with warning otherwise ++ b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)" ++ b=${b%.} # strip . again ++ + [ -z "$b" ] && + b="0" || + b="$(exec printf '%u\n' "'$b")" +@@ -33,7 +43,7 @@ calcsize() { + offset=$(($offset + $rsize)) + } + +-case "$(_dd 0 bs=8 count=1)" in ++case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in + "$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb' + *) fatal "File doesn't look like rpm: $pkg" ;; + esac +@@ -44,11 +54,11 @@ sigsize=$rsize + calcsize $(($offset + (8 - ($sigsize % 8)) % 8)) + hdrsize=$rsize + +-case "$(_dd $offset bs=3 count=1)" in +- "$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a' +- "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b' +- "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37' +- "$(printf '\135\000')"*) _dd $offset | unlzma ;; # '\x5d\x00' +- "$(printf '\050\265')"*) _dd $offset | unzstd ;; # '\x28\xb5' +- *) fatal "Unrecognized rpm file: $pkg" ;; ++case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in ++ "$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a' ++ "$(printf '\037\213')") _dd $offset | gunzip ;; # '\x1f\x8b' ++ "$(printf '\375\067')") _dd $offset | xzcat ;; # '\xfd\x37' ++ "$(printf '\135')") _dd $offset | unlzma ;; # '\x5d\x00' ++ "$(printf '\050\265')") _dd $offset | unzstd ;; # '\x28\xb5' ++ *) fatal "Unrecognized payload compression format in rpm file: $pkg" ;; + esac diff --git a/SOURCES/rpm-4.16.1.3-add-path-query-option.patch b/SOURCES/rpm-4.16.1.3-add-path-query-option.patch index 0a44718..324f098 100644 --- a/SOURCES/rpm-4.16.1.3-add-path-query-option.patch +++ b/SOURCES/rpm-4.16.1.3-add-path-query-option.patch @@ -1,4 +1,4 @@ -From ce8af503733b5661efa046cc7f5f68ee0dad75cc Mon Sep 17 00:00:00 2001 +From ba659220886c1a315f50fb91b9af4615b1a8757e Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Mon, 16 Aug 2021 18:21:02 +0200 Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries @@ -14,8 +14,11 @@ Update the man page for --file to reflect it's current behavior and make Resolves: rhbz#1940895 -Combined with d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f and backported -for 4.16.1.3. +Combined with: +d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f +f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8 + +Backported for 4.16.1.3. --- doc/rpm.8 | 9 ++++++-- lib/poptQV.c | 6 +++++- @@ -115,17 +118,17 @@ index fdabe6e52..9a71f0dc5 100644 mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0); diff --git a/lib/rpmcli.h b/lib/rpmcli.h -index 4886c2453..8ef992ff2 100644 +index 4886c2453..3961418e7 100644 --- a/lib/rpmcli.h +++ b/lib/rpmcli.h -@@ -81,6 +81,7 @@ rpmcliFini(poptContext optCon); - enum rpmQVSources_e { - RPMQV_PACKAGE = 0, /*!< ... from package name db search. */ - RPMQV_PATH, /*!< ... from file path db search. */ +@@ -101,6 +101,7 @@ enum rpmQVSources_e { + RPMQV_SPECBUILTRPMS, /*!< ... from pkgs which would be built from spec */ + RPMQV_WHATOBSOLETES, /*!< ... from obsoletes db search. */ + RPMQV_WHATCONFLICTS, /*!< ... from conflicts db search. */ + RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */ - RPMQV_ALL, /*!< ... from each installed package. */ - RPMQV_RPM, /*!< ... from reading binary rpm package. */ - RPMQV_GROUP, /*!< ... from group db search. */ + }; + + typedef rpmFlags rpmQVSources; diff --git a/tests/rpmquery.at b/tests/rpmquery.at index 9a4f1cb76..335d5ee0d 100644 --- a/tests/rpmquery.at @@ -190,5 +193,5 @@ index 9a4f1cb76..335d5ee0d 100644 AT_SETUP([integer array query]) AT_KEYWORDS([query]) -- -2.34.1 +2.35.1 diff --git a/SOURCES/rpm-4.16.1.3-find_debuginfo_vendor_opts.patch b/SOURCES/rpm-4.16.1.3-find_debuginfo_vendor_opts.patch new file mode 100644 index 0000000..c6f30a7 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-find_debuginfo_vendor_opts.patch @@ -0,0 +1,20 @@ +--- rpm.orig/macros.in 2022-06-30 11:37:18.975312592 +0100 ++++ rpm-4.16.1.3/macros.in 2022-06-30 11:37:43.145158323 +0100 +@@ -167,6 +167,9 @@ + # A spec file can %%define _find_debuginfo_opts to pass options to + # the script. See the script for details. + # ++# Vendor spec files (eg redhat-rpm-config:macros) can %%define ++# _find_debuginfo_vendor_opts to pass options to the script. ++# + %__debug_install_post \ + %{_rpmconfigdir}/find-debuginfo.sh \\\ + %{?_smp_build_ncpus:-j%{_smp_build_ncpus}} \\\ +@@ -179,6 +182,7 @@ + %{?_unique_debug_srcs:--unique-debug-src-base "%{name}-%{VERSION}-%{RELEASE}.%{_arch}"} \\\ + %{?_find_debuginfo_dwz_opts} \\\ + %{?_find_debuginfo_opts} \\\ ++ %{?_find_debuginfo_vendor_opts} \\\ + %{?_debugsource_packages:-S debugsourcefiles.list} \\\ + "%{_builddir}/%{?buildsubdir}"\ + %{nil} diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index bcd8a8d..d21d853 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 11 +%global rel 17 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -82,11 +82,13 @@ Patch110: rpm-4.16.1.3-add-path-query-option.patch Patch111: rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch Patch112: rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch Patch113: rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch +Patch114: rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch # These are not yet upstream Patch906: rpm-4.7.1-geode-i686.patch # Probably to be upstreamed in slightly different form Patch907: rpm-4.15.x-ldflags.patch +Patch908: 0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch # Not yet (all) upstream, debugedit DWARF5 # https://code.wildebeest.org/git/user/mjw/rpm/log/?h=gcc-dwarf5-4.16.1.2 @@ -99,6 +101,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch # Downstream-only patches Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch +Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -611,6 +614,18 @@ fi %doc doc/librpm/html/* %changelog +* Wed Aug 03 2022 Florian Festi - 4.16.1.3-17 +- Make rpm2cpio.sh more robust (#1983015) + +* Thu Jun 30 2022 Nick Clifton - 4.16.1.3-15 +- Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617) + +* Tue Jun 28 2022 Florian Festi - 4.16.1.3-14 +- Warning for failed key import (#2069877) + +* Tue Apr 05 2022 Michal Domonkos - 4.16.1.3-12 +- Fix minor ABI regression in rpmcli.h (#2037352) + * Mon Feb 14 2022 Michal Domonkos - 4.16.1.3-11 - Fix IMA signature lengths assumed constant, take III (#2018937) - Fix regression reading rpm v3 and other rare packages (#2037186)