From b7b8f7e8f5cdbef3992c8ee853ecc444df930503 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 11:50:53 +0000 Subject: import rpm-4.14.3-4.el8 --- diff --git a/.gitignore b/.gitignore index e818a85..2f8a22a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/rpm-4.14.2.tar.bz2 +SOURCES/rpm-4.14.3.tar.bz2 diff --git a/.rpm.metadata b/.rpm.metadata index a860a67..4c84542 100644 --- a/.rpm.metadata +++ b/.rpm.metadata @@ -1 +1 @@ -1ca664af796ab8d05ea3fccabe2b2e4767a97c74 SOURCES/rpm-4.14.2.tar.bz2 +3f8c3ef08f93eaeef12008055a43f6872306f8a2 SOURCES/rpm-4.14.3.tar.bz2 diff --git a/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch b/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch index 43dfe47..5601c58 100644 --- a/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch +++ b/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch @@ -77,7 +77,7 @@ Adjusted for rpm-4.14.2 in RHEL eu-strip --remove-comment $r $g ${keep_remove_args} -f "$1" "$2" || exit chmod 444 "$1" || exit } -@@ -409,8 +426,12 @@ +@@ -430,8 +430,12 @@ # libraries. Other executable ELF files (like kernel modules) don't need it. if [ "$include_minidebug" = "true" -a "$strip_g" = "false" ]; then skip_mini=true @@ -89,5 +89,5 @@ Adjusted for rpm-4.14.2 in RHEL case "$(file -bi "$f")" in - application/x-sharedlib*) skip_mini=false ;; application/x-executable*) skip_mini=false ;; + application/x-pie-executable*) skip_mini=false ;; esac - $skip_mini || add_minidebug "${debugfn}" "$f" diff --git a/SOURCES/0001-Add-step-to-find-debuginfo.sh-script-to-compress-ann.patch b/SOURCES/0001-Add-step-to-find-debuginfo.sh-script-to-compress-ann.patch deleted file mode 100644 index 9ef48f7..0000000 --- a/SOURCES/0001-Add-step-to-find-debuginfo.sh-script-to-compress-ann.patch +++ /dev/null @@ -1,35 +0,0 @@ -From cc1965ce3acaa7d9356b7671050a15e2cda2f424 Mon Sep 17 00:00:00 2001 -Message-Id: -From: nickclifton <31441682+nickclifton@users.noreply.github.com> -Date: Wed, 19 Jun 2019 12:45:09 +0100 -Subject: [PATCH] Add step to find-debuginfo.sh script to compress annobin - notes. - -With the introduction of the annobin gcc plugin to the build process, -built binary files have become larger. Sometimes significantly so. -This is a patch that adds a new step to the post-link process performed -by rpmbuild, to run the objcopy program with the --merge-notes option -specified. This will reduce the size of the annobin notes in binary -files, thus alleviating the size growth. ---- - scripts/find-debuginfo.sh | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh -index d75da1108..2e9d76531 100755 ---- a/scripts/find-debuginfo.sh -+++ b/scripts/find-debuginfo.sh -@@ -405,6 +405,10 @@ do_file() - fi - fi - -+ # Compress any annobin notes in the original binary. -+ # Ignore any errors, since older objcopy don't support --merge-notes. -+ objcopy --merge-notes "$f" 2>/dev/null || true -+ - # A binary already copied into /usr/lib/debug doesn't get stripped, - # just has its file names collected and adjusted. - case "$dn" in --- -2.21.0 - diff --git a/SOURCES/0001-Consolidate-allowed-version-release-evr-allowed-char.patch b/SOURCES/0001-Consolidate-allowed-version-release-evr-allowed-char.patch deleted file mode 100644 index 2e16742..0000000 --- a/SOURCES/0001-Consolidate-allowed-version-release-evr-allowed-char.patch +++ /dev/null @@ -1,57 +0,0 @@ -From e8fce62467a421132f4ebb6ca9c0926b623ec00e Mon Sep 17 00:00:00 2001 -Message-Id: -From: Panu Matilainen -Date: Tue, 27 Nov 2018 13:40:21 +0200 -Subject: [PATCH 1/2] Consolidate allowed version/release/evr allowed - characters to macros - -Maintaining multiple variants of the same thing, that always worked -soooooo well... No functional changes here. Unless I truly messed up. ---- - build/parsePreamble.c | 2 +- - build/parseReqs.c | 2 +- - build/rpmbuild_internal.h | 2 ++ - 3 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/build/parsePreamble.c b/build/parsePreamble.c -index 2d54abeee..f5e06bac8 100644 ---- a/build/parsePreamble.c -+++ b/build/parsePreamble.c -@@ -772,7 +772,7 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag, - case RPMTAG_VERSION: - case RPMTAG_RELEASE: - SINGLE_TOKEN_ONLY; -- if (rpmCharCheck(spec, field, "._+%{}~")) -+ if (rpmCharCheck(spec, field, WHITELIST_VERREL)) - goto exit; - headerPutString(pkg->header, tag, field); - break; -diff --git a/build/parseReqs.c b/build/parseReqs.c -index 2201eebf1..9b081a5ff 100644 ---- a/build/parseReqs.c -+++ b/build/parseReqs.c -@@ -57,7 +57,7 @@ static rpmRC checkDep(rpmSpec spec, char *N, char *EVR, char **emsg) - rasprintf(emsg, _("Versioned file name not permitted")); - return RPMRC_FAIL; - } -- if (rpmCharCheck(spec, EVR, ".-_+:%{}~")) -+ if (rpmCharCheck(spec, EVR, WHITELIST_EVR)) - return RPMRC_FAIL; - if (checkSep(EVR, '-', emsg) != RPMRC_OK || - checkSep(EVR, ':', emsg) != RPMRC_OK || -diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h -index 86cc549a7..f758e6620 100644 ---- a/build/rpmbuild_internal.h -+++ b/build/rpmbuild_internal.h -@@ -18,6 +18,8 @@ - #undef HTDATATYPE - - #define WHITELIST_NAME ".-_+%{}" -+#define WHITELIST_VERREL "._+%{}~" -+#define WHITELIST_EVR WHITELIST_VERREL "-:" - - struct TriggerFileEntry { - int index; --- -2.23.0 - diff --git a/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch b/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch deleted file mode 100644 index 9f123ba..0000000 --- a/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ce11f04ed529cd84de8981b82c1185c0a30dfdcf Mon Sep 17 00:00:00 2001 -From: Pavlina Moravcova Varekova -Date: Thu, 14 Mar 2019 13:23:13 +0100 -Subject: [PATCH] Correct rpm -ql exit value when optional -p is omitted - (RhBug:1680610) - ---- - lib/query.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/query.c b/lib/query.c -index e47189ed0..e5408e211 100644 ---- a/lib/query.c -+++ b/lib/query.c -@@ -568,16 +568,18 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv) - break; - default: - for (ARGV_const_t arg = argv; arg && *arg; arg++) { -+ int ecLocal; - rpmdbMatchIterator mi = initQueryIterator(qva, ts, *arg); -- ec += rpmcliShowMatches(qva, ts, mi); -+ ecLocal = rpmcliShowMatches(qva, ts, mi); - if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) { - size_t l = strlen(*arg); - if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) { - rpmgi gi = rpmgiNew(ts, giFlags, argv); -- ec += rpmgiShowMatches(qva, ts, gi); -+ ecLocal = rpmgiShowMatches(qva, ts, gi); - rpmgiFree(gi); - } - } -+ ec += ecLocal; - rpmdbFreeIterator(mi); - } - break; --- -2.17.2 - diff --git a/SOURCES/0001-Detect-kernel-modules-by-.modinfo-section-presence-f.patch b/SOURCES/0001-Detect-kernel-modules-by-.modinfo-section-presence-f.patch deleted file mode 100644 index e169443..0000000 --- a/SOURCES/0001-Detect-kernel-modules-by-.modinfo-section-presence-f.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 68d383c39cef8d58b80940b13dd132d3f41a03f0 Mon Sep 17 00:00:00 2001 -Message-Id: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Tue, 2 Apr 2019 15:22:07 +0300 -Subject: [PATCH 1/2] Detect kernel modules by .modinfo section presence for - build-id generation - -File extension based heuristics only work so far at best, and break -completely on compressed files with arbitrary .gz/.xz etc extension. -This isn't supposed to change any behavior as such, only provide more -reliable detection of kernel modules. ---- - build/files.c | 27 ++++++++++++++++++++++++--- - 1 file changed, 24 insertions(+), 3 deletions(-) - -diff --git a/build/files.c b/build/files.c -index dbad9a7f3..3822be3d3 100644 ---- a/build/files.c -+++ b/build/files.c -@@ -1739,6 +1739,28 @@ static int addNewIDSymlink(ARGV_t *files, - return rc; - } - -+static int haveModinfo(Elf *elf) -+{ -+ Elf_Scn * scn = NULL; -+ size_t shstrndx; -+ int have_modinfo = 0; -+ const char *sname; -+ -+ if (elf_getshdrstrndx(elf, &shstrndx) == 0) { -+ while ((scn = elf_nextscn(elf, scn)) != NULL) { -+ GElf_Shdr shdr_mem, *shdr = gelf_getshdr(scn, &shdr_mem); -+ if (shdr == NULL) -+ continue; -+ sname = elf_strptr(elf, shstrndx, shdr->sh_name); -+ if (sname && rstreq(sname, ".modinfo")) { -+ have_modinfo = 1; -+ break; -+ } -+ } -+ } -+ return have_modinfo; -+} -+ - static int generateBuildIDs(FileList fl, ARGV_t *files) - { - int rc = 0; -@@ -1803,15 +1825,14 @@ static int generateBuildIDs(FileList fl, ARGV_t *files) - int fd = open (flp->diskPath, O_RDONLY); - if (fd >= 0) { - /* Only real ELF files, that are ET_EXEC, ET_DYN or -- kernel modules (ET_REL files with names ending in .ko) -+ kernel modules (ET_REL files with .modinfo section) - should have build-ids. */ - GElf_Ehdr ehdr; - Elf *elf = elf_begin (fd, ELF_C_READ, NULL); - if (elf != NULL && elf_kind(elf) == ELF_K_ELF - && gelf_getehdr(elf, &ehdr) != NULL - && (ehdr.e_type == ET_EXEC || ehdr.e_type == ET_DYN -- || (ehdr.e_type == ET_REL -- && rpmFileHasSuffix (flp->diskPath, ".ko")))) { -+ || (ehdr.e_type == ET_REL && haveModinfo(elf)))) { - const void *build_id; - ssize_t len = dwelf_elf_gnu_build_id (elf, &build_id); - /* len == -1 means error. Zero means no --- -2.21.0 - diff --git a/SOURCES/0001-Fix-a-blindingly-obvious-memleak-in-package-verify-s.patch b/SOURCES/0001-Fix-a-blindingly-obvious-memleak-in-package-verify-s.patch deleted file mode 100644 index 0dc7f30..0000000 --- a/SOURCES/0001-Fix-a-blindingly-obvious-memleak-in-package-verify-s.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 788935c9ea9d2f469f24be10a9fa998594046731 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Fri, 7 Sep 2018 11:52:33 +0300 -Subject: [PATCH] Fix a blindingly obvious memleak in package verify step - -Erm. Introduced in commit 765e2c72ae8be369ada41d4747b8999519a0e327, -but how on earth did this go unnoticed... *blush* ---- - lib/transaction.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/transaction.c b/lib/transaction.c -index 205c3f388..3969ad3fc 100644 ---- a/lib/transaction.c -+++ b/lib/transaction.c -@@ -1261,6 +1261,7 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total) - rpmteAddProblem(p, RPMPROB_VERIFY, NULL, vd.msg, 0); - - vd.msg = _free(vd.msg); -+ rpmvsFree(vs); - } - rpmtsNotify(ts, NULL, RPMCALLBACK_VERIFY_STOP, total, total); - --- -2.21.0 - diff --git a/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch b/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch deleted file mode 100644 index 494634d..0000000 --- a/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 531dc8495cd3aabd3f659ecab604106fdbacbe98 Mon Sep 17 00:00:00 2001 -Message-Id: <531dc8495cd3aabd3f659ecab604106fdbacbe98.1554974459.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Wed, 3 Oct 2018 11:51:38 +0300 -Subject: [PATCH] Fix ancient python GIL locking bug on callback - (RhBug:1632488) - -Introduced in commit c7881d801745b4c156a8aa2afc17b95f97481e34 back in 2002, -synthesizing a python object for the callback occurs before retaking -the GIL lock, which is not allowed. Somehow this has managed to stay -latent all these years, and even now requires fairly specific conditions: -when the callback gets called without an associated key, such as erasures -or file trigger script start/stop events (in the case of RhBug:1632488), -when Python 3 is running in PYTHONMALLOC=debug mode, -it crashes with "Python memory allocator called without holding the GIL". - -Simply retake the lock before any Python operations take place to fix. ---- - python/rpmts-py.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/python/rpmts-py.c b/python/rpmts-py.c -index e4c5e1250..1ddfc9a1e 100644 ---- a/python/rpmts-py.c -+++ b/python/rpmts-py.c -@@ -495,6 +495,8 @@ rpmtsCallback(const void * hd, const rpmCallbackType what, - - if (cbInfo->cb == Py_None) return NULL; - -+ PyEval_RestoreThread(cbInfo->_save); -+ - /* Synthesize a python object for callback (if necessary). */ - if (pkgObj == NULL) { - if (h) { -@@ -506,8 +508,6 @@ rpmtsCallback(const void * hd, const rpmCallbackType what, - } else - Py_INCREF(pkgObj); - -- PyEval_RestoreThread(cbInfo->_save); -- - args = Py_BuildValue("(iLLOO)", what, amount, total, pkgObj, cbInfo->data); - result = PyEval_CallObject(cbInfo->cb, args); - Py_DECREF(args); --- -2.20.1 - diff --git a/SOURCES/0001-Fix-memleak-during-transaction-verify-step-in-the-NO.patch b/SOURCES/0001-Fix-memleak-during-transaction-verify-step-in-the-NO.patch deleted file mode 100644 index d1bb187..0000000 --- a/SOURCES/0001-Fix-memleak-during-transaction-verify-step-in-the-NO.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5188a7b35eb3672c9b15e96433e033ee36f8e6a8 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 6 Aug 2019 13:06:16 +0300 -Subject: [PATCH] Fix memleak during transaction verify step in the NOKEY case. - -Found during RhBug:1714657 QA testing. -In addition, add a comment to clarify the fallthrough as intentional. ---- - lib/transaction.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/transaction.c b/lib/transaction.c -index 6e4d4be65..e51cff25a 100644 ---- a/lib/transaction.c -+++ b/lib/transaction.c -@@ -1226,8 +1226,10 @@ static int vfyCb(struct rpmsinfo_s *sinfo, void *cbdata) - */ - if (!(vd->vfylevel & RPMSIG_SIGNATURE_TYPE)) - sinfo->rc = RPMRC_OK; -+ /* fallthrough */ - default: -- vd->msg = rpmsinfoMsg(sinfo); -+ if (sinfo->rc) -+ vd->msg = rpmsinfoMsg(sinfo); - break; - } - return (sinfo->rc == 0); --- -2.21.0 - diff --git a/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch b/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch deleted file mode 100644 index a5c45e7..0000000 --- a/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0d83637769b8a122b1e80f2e960ea1bbae8b4f10 Mon Sep 17 00:00:00 2001 -Message-Id: <0d83637769b8a122b1e80f2e960ea1bbae8b4f10.1540199566.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Mon, 22 Oct 2018 10:52:39 +0300 -Subject: [PATCH] Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug: - 1640470) - -Commit 38c2f6e160d5ed3e9c3a266139c7eb2632724c15 causes --setperms and ---setugids follow symlinks instead of skipping them. - -In case of --setperms, all encountered symlinks will have their -target file/directory permissions set to the 0777 of the link itself -(so world writable etc but suid/sgid stripped), temporarily or permanently, -depending on whether the symlink occurs before or after it's target in the -package file list. When the link occurs before its target, there's a short -window where the target is world writable before having it's permissions -reset to original, making it particularly bad for suid/sgid binaries. - ---setugids is similarly affected with link targets owner/group changing -to that of the symlink. - -Add missing parentheses to the conditions introduced in commit -38c2f6e160d5ed3e9c3a266139c7eb2632724c15 to fix. -Reported by Karel Srot, patch by Pavlina Moravcova Varekova. ---- - rpmpopt.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rpmpopt.in b/rpmpopt.in -index 8aaa91f11..42d3416a3 100644 ---- a/rpmpopt.in -+++ b/rpmpopt.in -@@ -44,14 +44,14 @@ rpm alias --scripts --qf '\ - --POPTdesc=$"list install/erase scriptlets from package(s)" - - rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ -- \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \ -+ ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ - chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ - --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ - --POPTdesc=$"set permissions of files in a package" - - rpm alias --setugids -q --qf \ - '[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \ -- --pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \ -+ --pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \ - (chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \ - grep '^ch '|grep -v \(none\))|sh" \ - --POPTdesc=$"set user/group ownership of files in a package" --- -2.17.2 - diff --git a/SOURCES/0001-Fix-off-by-one-in-hdrblobGet-making-last-entry-unrea.patch b/SOURCES/0001-Fix-off-by-one-in-hdrblobGet-making-last-entry-unrea.patch deleted file mode 100644 index 14d4b1e..0000000 --- a/SOURCES/0001-Fix-off-by-one-in-hdrblobGet-making-last-entry-unrea.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e219c9548d16a3c18dd261f7043bb8d221b87c77 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 31 Jul 2019 11:56:26 +0300 -Subject: [PATCH] Fix off-by-one in hdrblobGet() making last entry unreachable - (RhBug:1722921) - -hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763 -and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko -(perhaps the idea was to skip the first, region tag) which causes -the last entry to be unreachable. In typical packages, that is -RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't -matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower -tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last, -unreachable and thus unverifiable. Oops. - -This fixes the regression introduced in rpm 4.14, affecting verification -of large packages (ie having RPMSIG_LONGARCHIVESIZE) ---- - lib/header.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/header.c b/lib/header.c -index 33623884a..9ec7ed0e4 100644 ---- a/lib/header.c -+++ b/lib/header.c -@@ -2015,7 +2015,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td) - memset(&einfo, 0, sizeof(einfo)); - rpmtdReset(td); - -- for (int i = 1; i < blob->il; i++, pe++) { -+ for (int i = 0; i < blob->il; i++, pe++) { - if (pe->tag != ntag) - continue; - ei2h(pe, &einfo); --- -2.21.0 - diff --git a/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch b/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch deleted file mode 100644 index c1dfffe..0000000 --- a/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a144c29831a39ed303d6ea8d2ae91e1c36d64c84 Mon Sep 17 00:00:00 2001 -Message-Id: -From: Panu Matilainen -Date: Wed, 15 May 2019 13:51:19 +0300 -Subject: [PATCH] Fix packages getting erased on failed update with dnf - (RhBug:1620275) - -When adding update elements, we set the erase element to depend on the -install element, but if an API user adds the same erasure manually -after adding the update, we know its a duplicate erasure and filter -it out, BUT we zero out the dependent element in the process. And -if installing the update now fails, we end up removing the whole package -due to that missing dependent element. - -This never happens with rpm itself so we can't easily test it, but is -100% reproducable with dnf (at least dnf 3-4). Apparently it adds all -erasures by itself (which is kind of understandable I guess, perhaps -we should better allow this in the API) ---- - lib/depends.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/depends.c b/lib/depends.c -index 6e9866eae..f8a6084ab 100644 ---- a/lib/depends.c -+++ b/lib/depends.c -@@ -121,7 +121,8 @@ static int removePackage(rpmts ts, Header h, rpmte depends) - - /* Filter out duplicate erasures. */ - if (packageHashGetEntry(tsmem->removedPackages, dboffset, &pp, NULL, NULL)) { -- rpmteSetDependsOn(pp[0], depends); -+ if (depends) -+ rpmteSetDependsOn(pp[0], depends); - return 0; - } - --- -2.21.0 - diff --git a/SOURCES/0001-Fix-rpmfiles-memory-leak-on-postuntrans-file-trigger.patch b/SOURCES/0001-Fix-rpmfiles-memory-leak-on-postuntrans-file-trigger.patch deleted file mode 100644 index ff18186..0000000 --- a/SOURCES/0001-Fix-rpmfiles-memory-leak-on-postuntrans-file-trigger.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 475af64f64cbc210c87588d425fa9a14cd9760b6 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Wed, 29 May 2019 11:38:53 +0300 -Subject: [PATCH] Fix rpmfiles memory leak on %postuntrans file trigger - preparation - ---- - lib/rpmtriggers.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c -index cb2441c5a..b7c76e7fc 100644 ---- a/lib/rpmtriggers.c -+++ b/lib/rpmtriggers.c -@@ -154,6 +154,7 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) - } - } - rpmdbFreeIterator(mi); -+ rpmfilesFree(files); - } - - int runPostUnTransFileTrigs(rpmts ts) --- -2.21.0 - diff --git a/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch b/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch deleted file mode 100644 index a3faebb..0000000 --- a/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 050b392f8c11d111379e0d2bac52762beb97b3ae Mon Sep 17 00:00:00 2001 -Message-Id: <050b392f8c11d111379e0d2bac52762beb97b3ae.1559645935.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Tue, 2 Apr 2019 12:57:11 +0300 -Subject: [PATCH] Fix segfault on fingerprinting symlink round (RhBug:1660232) - -Both yum and dnf perform a test-transaction before the real thing, -and both neglet to check for an error code from the test-transaction -when there are no problem objects to return. Which can happen in -some special cases, such a using different vsflags between initial -package read and transaction (which is what both yum and dnf do), -which can cause the in-transaction package open fail on corrupt packages. -And when this failed transaction is fed back to rpmtsRun(), it -segfaults in fingerprinting as the second loop of symlink checking -doesn't check for NULL's element files like the first loop does. - -Add the missing NULL check and remove bogus "can't happen" comment to fix. - -FWIW, the scenario with different vsflags and corrupted packages doesn't -happen by default in rpm >= 4.14.2, the corrupt package gets caught -in the verify stage which does create problem objects and thus both -yum and dnf abort as they should. ---- - lib/fprint.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/lib/fprint.c b/lib/fprint.c -index b810e4d2b..ab1891961 100644 ---- a/lib/fprint.c -+++ b/lib/fprint.c -@@ -488,7 +488,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) - (void) rpmsqPoll(); - - if ((fi = rpmteFiles(p)) == NULL) -- continue; /* XXX can't happen */ -+ continue; - - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); - rpmfilesFpLookup(fi, fpc); -@@ -522,6 +522,9 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) - while ((p = rpmtsiNext(pi, 0)) != NULL) { - (void) rpmsqPoll(); - -+ if ((fi = rpmteFiles(p)) == NULL) -+ continue; -+ - fs = rpmteGetFileStates(p); - fc = rpmfsFC(fs); - (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); -@@ -531,6 +534,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) - fpLookupSubdir(symlinks, fpc, p, i); - } - (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); -+ rpmfilesFree(fi); - } - rpmtsiFree(pi); - --- -2.21.0 - diff --git a/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch b/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch deleted file mode 100644 index 7d99a49..0000000 --- a/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 66e0c929b203d684a4f58135f42435fcc29cdd51 Mon Sep 17 00:00:00 2001 -Message-Id: <66e0c929b203d684a4f58135f42435fcc29cdd51.1554982695.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Wed, 10 Oct 2018 12:00:19 +0300 -Subject: [PATCH] Fix testing for wrong variable in selinux plugin debug log - -The strerror() case couldn't be reached as we were testing for the -wrong rc, spotted by covscan. ---- - plugins/selinux.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/selinux.c b/plugins/selinux.c -index 3c9d9e4ab..accd47416 100644 ---- a/plugins/selinux.c -+++ b/plugins/selinux.c -@@ -169,7 +169,7 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, - - if (rpmIsDebug()) { - rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n", -- path, scon, (rc < 0 ? strerror(errno) : "")); -+ path, scon, (conrc < 0 ? strerror(errno) : "")); - } - - if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) --- -2.20.1 - diff --git a/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch b/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch deleted file mode 100644 index 39f84d4..0000000 --- a/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 74766d30b95f1575df8a42d185f2643caa235a8b Mon Sep 17 00:00:00 2001 -Message-Id: <74766d30b95f1575df8a42d185f2643caa235a8b.1543835412.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Fri, 23 Nov 2018 12:47:27 +0200 -Subject: [PATCH] Handle unsupported digests the same as disabled ones - (RhBug:1652529) - -A digest type unsupported by the underlying crypto library (whether -technically or by configuration) does not mean the digest is invalid, -it just cannot be used. Which for the purposes of verification is the -same as if that digest didn't exist at all, and that's exactly how we -handle digests and signatures disabled by configuration. - -One particular case is FIPS mode which globally disables the use of MD5, -which we mishandled prior to this by showing it as OK in verification -despite actually not verifying it at all. - -The exact place for handling this case is a bit subtle: the "obvious" -place for checking for supported type is in rpmvsInitRange() but this -doesn't work because of rpmDigestBundleAddID() return code semantics. -The other "obvious" place would be rpmvsVerify(), but by that point -we have even more funny cases to consider. So for now, it's actually -easiest to check for this in rpmvsFiniRange() even if it's not the -most obvious place for doing so. Might want to change the -rpmDigestBundleAddID() semantics later, but this makes for a nicer -backport (we'll need this in 4.14.x too). ---- - lib/rpmvs.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/rpmvs.c b/lib/rpmvs.c -index 7b5b86f8e..622e48011 100644 ---- a/lib/rpmvs.c -+++ b/lib/rpmvs.c -@@ -388,6 +388,9 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range) - - if (sinfo->range == range && sinfo->rc == RPMRC_OK) { - sinfo->ctx = rpmDigestBundleDupCtx(sis->bundle, sinfo->id); -+ /* Handle unsupported digests the same as disabled ones */ -+ if (sinfo->ctx == NULL) -+ sinfo->rc = RPMRC_NOTFOUND; - rpmDigestBundleFinal(sis->bundle, sinfo->id, NULL, NULL, 0); - } - } --- -2.19.2 - diff --git a/SOURCES/0001-Honor-PYTHON-from-configure-when-running-tests.patch b/SOURCES/0001-Honor-PYTHON-from-configure-when-running-tests.patch index b44441e..b39c52b 100644 --- a/SOURCES/0001-Honor-PYTHON-from-configure-when-running-tests.patch +++ b/SOURCES/0001-Honor-PYTHON-from-configure-when-running-tests.patch @@ -28,31 +28,26 @@ index eaf817cc2..21ca216a8 100644 EXTRA_DIST += atlocal.in diff --git a/tests/atlocal.in b/tests/atlocal.in index d7d837f45..3b1474b56 100644 ---- a/tests/atlocal.in -+++ b/tests/atlocal.in -@@ -3,7 +3,8 @@ export LD_LIBRARY_PATH +--- rpm-4.14.3/tests/atlocal.in.orig 2020-04-28 14:19:26.866602968 +0200 ++++ rpm-4.14.3/tests/atlocal.in 2020-04-28 14:21:07.977910054 +0200 +@@ -3,7 +3,8 @@ PATH="${abs_builddir}/testing@rpmbindir@:${abs_builddir}/testing@usrbindir@:$PATH" export PATH --PYLIBDIR=`python -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))"` +-PYLIBDIR=`python2 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))"` +PYTHON=@PYTHON@ +PYLIBDIR=$(${PYTHON} -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1,0,'@execprefix@'))") PYTHONPATH="${abs_builddir}/testing${PYLIBDIR}" export PYTHONPATH -diff --git a/tests/local.at b/tests/local.at -index 48c5d3f96..4952b9d61 100644 ---- a/tests/local.at -+++ b/tests/local.at -@@ -17,7 +17,7 @@ def myprint(msg = ''): +--- rpm-4.14.3/tests/local.at.orig 2020-04-28 14:28:33.106664317 +0200 ++++ rpm-4.14.3/tests/local.at 2020-04-28 14:29:02.064038653 +0200 +@@ -18,7 +18,7 @@ sys.stdout.write('%s\n' % msg) $1 EOF --python test.py -+${PYTHON} test.py +-python2 test.py ++${PYTHON} test.py test.py ]]) m4_define([RPMPY_CHECK],[ --- -2.21.0 - diff --git a/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch b/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch deleted file mode 100644 index 312d9cc..0000000 --- a/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001 -Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Thu, 14 Feb 2019 13:12:49 +0200 -Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux - plugin, doh. - -When there's an actual error, people will want to know without having -to rerun in verbose mode. Such as in RhBug:1641631 where configured -selinux policy differs from what is installed - the former message - - error: Plugin selinux: hook tsm_pre failed - -...is not particularly helpful to anybody, whereas this actually provides -some clues now: - - error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory - error: Plugin selinux: hook tsm_pre failed ---- - plugins/selinux.c | 19 +++++++++---------- - 1 file changed, 9 insertions(+), 10 deletions(-) - -diff --git a/plugins/selinux.c b/plugins/selinux.c -index accd47416..f1caf257c 100644 ---- a/plugins/selinux.c -+++ b/plugins/selinux.c -@@ -12,6 +12,11 @@ - - static struct selabel_handle * sehandle = NULL; - -+static inline rpmlogLvl loglvl(int iserror) -+{ -+ return iserror ? RPMLOG_ERR : RPMLOG_DEBUG; -+} -+ - static void sehandle_fini(int close_status) - { - if (sehandle) { -@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status) - - sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1); - -- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n", -+ rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n", - path, (sehandle == NULL ? strerror(errno) : "")); - - return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL; -@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin, - if ((xx = setexeccon(newcon)) == 0) - rc = RPMRC_OK; - -- if (rpmIsDebug()) { -- rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n", -+ rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n", - path, newcon, (xx < 0 ? strerror(errno) : "")); -- } - - exit: - context_free(con); -@@ -143,10 +146,8 @@ exit: - if ((xx = setexecfilecon(path, "rpm_script_t") == 0)) - rc = RPMRC_OK; - -- if (rpmIsDebug()) { -- rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n", -+ rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n", - path, (xx < 0 ? strerror(errno) : "")); -- } - #endif - /* If selinux is not enforcing, we don't care either */ - if (rc && security_getenforce() < 1) -@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, - if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) { - int conrc = lsetfilecon(path, scon); - -- if (rpmIsDebug()) { -- rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n", -+ rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n", - path, scon, (conrc < 0 ? strerror(errno) : "")); -- } - - if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) - rc = RPMRC_OK; --- -2.20.1 - diff --git a/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch b/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch deleted file mode 100644 index c186017..0000000 --- a/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 2ec0832287bd1443ebf336f8a98293f30bfa2036 Mon Sep 17 00:00:00 2001 -Message-Id: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Mon, 18 Mar 2019 15:24:54 +0200 -Subject: [PATCH 1/3] Make rpmsign exit values more consistent with our other - tools - -rpmPkgSign*() return -1 for failure, which is not that helpful when -returned to shell and the way it was counted could easily wrap around -when signing multiple packages. Return number of failures similarly to -how rpm -q and frieds does, avoid overflows and xargs special value 255. ---- - rpmsign.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/rpmsign.c b/rpmsign.c -index ae86f666d..1a5cd59c2 100644 ---- a/rpmsign.c -+++ b/rpmsign.c -@@ -134,7 +134,8 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) - const char *arg; - rc = 0; - while ((arg = poptGetArg(optCon)) != NULL) { -- rc += rpmPkgSign(arg, sargs); -+ if (rpmPkgSign(arg, sargs) < 0) -+ rc++; - } - - exit: -@@ -175,7 +176,8 @@ int main(int argc, char *argv[]) - case MODE_DELSIGN: - ec = 0; - while ((arg = poptGetArg(optCon)) != NULL) { -- ec += rpmPkgDelSign(arg, &sargs); -+ if (rpmPkgDelSign(arg, &sargs) < 0) -+ ec++; - } - break; - case MODE_NONE: -@@ -188,5 +190,5 @@ int main(int argc, char *argv[]) - - exit: - rpmcliFini(optCon); -- return ec; -+ return RETVAL(ec); - } --- -2.20.1 - diff --git a/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch b/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch index 6da9775..f77c039 100644 --- a/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch +++ b/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch @@ -61,20 +61,16 @@ index 622e48011..0d475af86 100644 static int sinfoCmp(const void *a, const void *b) { const struct rpmsinfo_s *sa = a; -diff --git a/lib/rpmvs.h b/lib/rpmvs.h -index b27d9a612..a836d5c94 100644 ---- a/lib/rpmvs.h -+++ b/lib/rpmvs.h -@@ -75,6 +75,9 @@ void rpmvsInitRange(struct rpmvs_s *sis, int range); - RPM_GNUC_INTERNAL +--- rpm-4.14.3/lib/rpmvs.h.orig 2020-04-28 10:57:19.727347211 +0200 ++++ rpm-4.14.3/lib/rpmvs.h 2020-04-28 10:57:43.622612015 +0200 +@@ -66,6 +66,8 @@ + void rpmvsFiniRange(struct rpmvs_s *sis, int range); -+RPM_GNUC_INTERNAL -+int rpmvsRange(struct rpmvs_s *vs); ++int rpmvsRange(struct rpmvs_s *vs); + - RPM_GNUC_INTERNAL int rpmvsVerify(struct rpmvs_s *sis, int type, rpmsinfoCb cb, void *cbdata); + -- 2.20.1 - diff --git a/SOURCES/0001-Remove-capabilities-instead-of-setting-empty-caps-vi.patch b/SOURCES/0001-Remove-capabilities-instead-of-setting-empty-caps-vi.patch deleted file mode 100644 index 23ddb28..0000000 --- a/SOURCES/0001-Remove-capabilities-instead-of-setting-empty-caps-vi.patch +++ /dev/null @@ -1,49 +0,0 @@ -From b4178c979fff344a1c5142a305f274dd9aff8f45 Mon Sep 17 00:00:00 2001 -From: Markus Linnala -Date: Sun, 28 Oct 2018 14:59:52 +0200 -Subject: [PATCH] Remove capabilities instead of setting empty caps via. - --setcaps - -If a file in a package does not have any capabilities rpm --setcaps should -remove capabilities of the file. Prior to this patch capabilities of the file -were set as empty. - -Empty capabilities mean more than no capabilities. A file with no capabilities -can inherit capabilities, but file with empty capabilities can not. - -When ever package does not have any capabilities set %|FILECAPS? is false. -If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is '' -when the file does not have capabilities and '= ' when there is some. - -Reported and patch created by Markus Linnala -Commit message edited by Pavlina Moravcova Varekova and Florian Festi. - -Fixes #585 -Fixes #586 ---- - rpmpopt.in | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/rpmpopt.in b/rpmpopt.in -index 42d3416a3..557050a24 100644 ---- a/rpmpopt.in -+++ b/rpmpopt.in -@@ -57,8 +57,13 @@ rpm alias --setugids -q --qf \ - --POPTdesc=$"set user/group ownership of files in a package" - - rpm alias --setcaps -q --qf \ -- "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \ -- && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \ -+ "[if \[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \]; then\n\ -+%|FILECAPS?{ if \[ -n %{FILECAPS:shescape} \]; then\n\ -+ setcap %{FILECAPS:shescape} %{FILENAMES:shescape}\n\ -+ el}:{ }|if \[ -n \"\$(getcap %{FILENAMES:shescape})\" \]; then\n\ -+ setcap -r %{FILENAMES:shescape}\n\ -+ fi\n\ -+fi\n]" \ - --pipe "sh" \ - --POPTdesc=$"set capabilities of files in a package" - --- -2.21.0 - diff --git a/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch b/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch deleted file mode 100644 index 863ac43..0000000 --- a/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 8dd8e37acc79da1ce0a36c3f86650defa474a6a9 Mon Sep 17 00:00:00 2001 -From: Pavlina Moravcova Varekova -Date: Thu, 14 Mar 2019 13:56:26 +0100 -Subject: [PATCH] Show list of files only once when use rpm -ql and multiple - rpm files - ---- - lib/query.c | 3 ++- - tests/rpmquery.at | 18 ++++++++++++++++++ - 2 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/lib/query.c b/lib/query.c -index e5408e211..7568f67aa 100644 ---- a/lib/query.c -+++ b/lib/query.c -@@ -574,7 +574,8 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv) - if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) { - size_t l = strlen(*arg); - if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) { -- rpmgi gi = rpmgiNew(ts, giFlags, argv); -+ char * const argFirst[2] = { arg[0], NULL }; -+ rpmgi gi = rpmgiNew(ts, giFlags, argFirst); - ecLocal = rpmgiShowMatches(qva, ts, gi); - rpmgiFree(gi); - } -diff --git a/tests/rpmquery.at b/tests/rpmquery.at -index ab7bb3c46..0dc6d78b6 100644 ---- a/tests/rpmquery.at -+++ b/tests/rpmquery.at -@@ -61,6 +61,24 @@ hello.spec - [ignore]) - AT_CLEANUP - -+# ------------------------------ -+AT_SETUP([rpm -ql multiple *.rpm]) -+AT_KEYWORDS([query]) -+AT_CHECK([ -+runroot rpm \ -+ -ql \ -+ /data/SRPMS/hello-1.0-1.src.rpm /data/RPMS/hello-1.0-1.i386.rpm -+], -+[0], -+[hello-1.0.tar.gz -+hello.spec -+/usr/local/bin/hello -+/usr/share/doc/hello-1.0 -+/usr/share/doc/hello-1.0/FAQ -+], -+[ignore]) -+AT_CLEANUP -+ - # ------------------------------ - AT_SETUP([rpmspec -q]) - AT_KEYWORDS([query]) --- -2.17.2 - diff --git a/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch b/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch deleted file mode 100644 index ae7d4e0..0000000 --- a/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 35b09eed946a7e2f2f327531b692c9f768bf9e3b Mon Sep 17 00:00:00 2001 -From: Pavlina Moravcova Varekova -Date: Sun, 7 Apr 2019 07:23:47 +0200 -Subject: [PATCH] Sort list of hard linked files in find-debuginfo.sh - (RhBug:1421272) - -It helps to make build results reproducible. Based on Mark Wielaard's idea. ---- - scripts/find-debuginfo.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh -index c75d176ac..23286139e 100755 ---- a/scripts/find-debuginfo.sh -+++ b/scripts/find-debuginfo.sh -@@ -350,7 +350,7 @@ trap 'rm -rf "$temp"' EXIT - touch "$temp/primary" - find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \ - \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \ -- -print | -+ -print | LC_ALL=C sort | - file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' | - xargs --no-run-if-empty stat -c '%h %D_%i %n' | - while read nlinks inum f; do --- -2.17.2 - diff --git a/SOURCES/0001-Use-dpbath-only-with-full-path-RhBug-1696408.patch b/SOURCES/0001-Use-dpbath-only-with-full-path-RhBug-1696408.patch deleted file mode 100644 index f753e38..0000000 --- a/SOURCES/0001-Use-dpbath-only-with-full-path-RhBug-1696408.patch +++ /dev/null @@ -1,29 +0,0 @@ -From d313baf1d3a4756447e398ee55f8c6760f942d50 Mon Sep 17 00:00:00 2001 -From: Pavlina Moravcova Varekova -Date: Wed, 24 Apr 2019 10:29:14 +0200 -Subject: [PATCH] Use --dpbath only with full path (RhBug:1696408) - -Before the patch rpm treats the relative path as a full path. -The new behavior is similar to the "--root" option. ---- - lib/poptALL.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/poptALL.c b/lib/poptALL.c -index 9983c1e62..69fd49846 100644 ---- a/lib/poptALL.c -+++ b/lib/poptALL.c -@@ -147,6 +147,10 @@ static void rpmcliAllArgCallback( poptContext con, - break; - case POPT_DBPATH: - rpmcliConfigured(); -+ if (arg && arg[0] != '/') { -+ fprintf(stderr, _("arguments to --dbpath must begin with '/'\n")); -+ exit(EXIT_FAILURE); -+ } - rpmPushMacro(NULL, "_dbpath", NULL, arg, RMIL_CMDLINE); - break; - case POPT_SHOWVERSION: --- -2.21.0 - diff --git a/SOURCES/0001-rpmpgp-Handle-EOF-without-EOL-better-at-END-PGP.patch b/SOURCES/0001-rpmpgp-Handle-EOF-without-EOL-better-at-END-PGP.patch deleted file mode 100644 index f40418f..0000000 --- a/SOURCES/0001-rpmpgp-Handle-EOF-without-EOL-better-at-END-PGP.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 655c4c72a3467037abd51aab29f0300e97caf54c Mon Sep 17 00:00:00 2001 -Message-Id: <655c4c72a3467037abd51aab29f0300e97caf54c.1571919390.git.pmatilai@redhat.com> -From: Stepan Broz -Date: Thu, 25 Jul 2019 11:00:47 +0200 -Subject: [PATCH] rpmpgp: Handle EOF without EOL better at END PGP - ---- - rpmio/rpmpgp.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 061751a4d..46cd0f31a 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1289,9 +1289,10 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) - goto exit; - } - t += (sizeof("-----")-1); -- if (t >= te) continue; -+ /* Handle EOF without EOL here, *t == '\0' at EOF */ -+ if (*t && (t >= te)) continue; - /* XXX permitting \r here is not RFC-2440 compliant */ -- if (!(*t == '\n' || *t == '\r')) continue; -+ if (!(*t == '\n' || *t == '\r' || *t == '\0')) continue; - - crcdec = NULL; - crclen = 0; --- -2.21.0 - diff --git a/SOURCES/0001-rpmsign-man-page-Add-line-about-rpmsign-requiring-a-.patch b/SOURCES/0001-rpmsign-man-page-Add-line-about-rpmsign-requiring-a-.patch deleted file mode 100644 index 8ddd2a3..0000000 --- a/SOURCES/0001-rpmsign-man-page-Add-line-about-rpmsign-requiring-a-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From be3347b5bff6142e86e533174fe0ec352405d159 Mon Sep 17 00:00:00 2001 -From: Florian Festi -Date: Thu, 18 Jul 2019 07:45:53 +0200 -Subject: [PATCH] rpmsign man page: Add line about rpmsign requiring a valid - checksum - -and the limitations in FIPS mode ---- - doc/rpmsign.8 | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/doc/rpmsign.8 b/doc/rpmsign.8 -index 80ffb6a32..d895a3b8c 100644 ---- a/doc/rpmsign.8 -+++ b/doc/rpmsign.8 -@@ -21,6 +21,9 @@ options generate and insert new signatures for each package - existing signatures. There are two options for historical reasons, - there is no difference in behavior currently. - -+To create a signature rpm needs to verify the package's checksum. As a result -+packages with a MD5/SHA1 checksums cannot be signed in FIPS mode. -+ - \fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR - - .PP --- -2.21.0 - diff --git a/SOURCES/0002-Actually-permit-caret-in-version-release-and-evr-str.patch b/SOURCES/0002-Actually-permit-caret-in-version-release-and-evr-str.patch deleted file mode 100644 index f5da7c0..0000000 --- a/SOURCES/0002-Actually-permit-caret-in-version-release-and-evr-str.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 15b296c324794d288750136b3b4f3350c3d0b8c7 Mon Sep 17 00:00:00 2001 -Message-Id: <15b296c324794d288750136b3b4f3350c3d0b8c7.1574338687.git.pmatilai@redhat.com> -In-Reply-To: -References: -From: Panu Matilainen -Date: Tue, 27 Nov 2018 13:50:14 +0200 -Subject: [PATCH 2/2] Actually permit caret in version, release and evr strings - -Should've been in commit c7e711bba58374f03347c795a567441cbef3de58 really. ---- - build/rpmbuild_internal.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h -index f758e6620..948632a16 100644 ---- a/build/rpmbuild_internal.h -+++ b/build/rpmbuild_internal.h -@@ -18,7 +18,7 @@ - #undef HTDATATYPE - - #define WHITELIST_NAME ".-_+%{}" --#define WHITELIST_VERREL "._+%{}~" -+#define WHITELIST_VERREL "._+%{}~^" - #define WHITELIST_EVR WHITELIST_VERREL "-:" - - struct TriggerFileEntry { --- -2.23.0 - diff --git a/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch b/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch deleted file mode 100644 index e2212eb..0000000 --- a/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 3fd79a5564df97d512be283c5c8a4da2e7ef8bce Mon Sep 17 00:00:00 2001 -Message-Id: <3fd79a5564df97d512be283c5c8a4da2e7ef8bce.1554983206.git.pmatilai@redhat.com> -In-Reply-To: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> -References: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Mon, 18 Mar 2019 15:29:18 +0200 -Subject: [PATCH 2/3] Drop internal-only visibility on rpmvs-related API - -Makes it possible to use rpmvs API from eg librpmsign which we'll -need in the next commit. We need to make select parts of this -actually public eventually but for now... ---- - lib/rpmvs.h | 12 ------------ - 1 file changed, 12 deletions(-) - -diff --git a/lib/rpmvs.h b/lib/rpmvs.h -index a836d5c94..025895500 100644 ---- a/lib/rpmvs.h -+++ b/lib/rpmvs.h -@@ -48,41 +48,29 @@ typedef int (*rpmsinfoCb)(struct rpmsinfo_s *sinfo, void *cbdata); - extern "C" { - #endif - --RPM_GNUC_INTERNAL - const char *rpmsinfoDescr(struct rpmsinfo_s *sinfo); - --RPM_GNUC_INTERNAL - char *rpmsinfoMsg(struct rpmsinfo_s *sinfo); - --RPM_GNUC_INTERNAL - struct rpmvs_s *rpmvsCreate(int vfylevel, rpmVSFlags vsflags, rpmKeyring keyring); - --RPM_GNUC_INTERNAL - void rpmvsInit(struct rpmvs_s *vs, hdrblob blob, rpmDigestBundle bundle); - --RPM_GNUC_INTERNAL - rpmVSFlags rpmvsFlags(struct rpmvs_s *vs); - --RPM_GNUC_INTERNAL - struct rpmvs_s *rpmvsFree(struct rpmvs_s *sis); - --RPM_GNUC_INTERNAL - void rpmvsAppendTag(struct rpmvs_s *sis, hdrblob blob, rpmTagVal tag); - --RPM_GNUC_INTERNAL - void rpmvsInitRange(struct rpmvs_s *sis, int range); - --RPM_GNUC_INTERNAL - void rpmvsFiniRange(struct rpmvs_s *sis, int range); - --RPM_GNUC_INTERNAL - int rpmvsRange(struct rpmvs_s *vs); - --RPM_GNUC_INTERNAL - int rpmvsVerify(struct rpmvs_s *sis, int type, - rpmsinfoCb cb, void *cbdata); - --RPM_GNUC_INTERNAL - rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd, - hdrblob *sigblobp, hdrblob *blobp, char **emsg); - --- -2.20.1 - diff --git a/SOURCES/0002-Support-build-id-generation-from-compressed-ELF-file.patch b/SOURCES/0002-Support-build-id-generation-from-compressed-ELF-file.patch deleted file mode 100644 index 1a7eb83..0000000 --- a/SOURCES/0002-Support-build-id-generation-from-compressed-ELF-file.patch +++ /dev/null @@ -1,52 +0,0 @@ -From d48981ad7e36abb3500161d823acf92345c94f5d Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com> -References: <68d383c39cef8d58b80940b13dd132d3f41a03f0.1571917458.git.pmatilai@redhat.com> -From: Panu Matilainen -Date: Tue, 2 Apr 2019 16:07:56 +0300 -Subject: [PATCH 2/2] Support build-id generation from compressed ELF files - (elfutils >= 0.175) - -Use dwelf_elf_begin() for reading ELF files for build-id generation on -versions that have it to support compressed ELF files such as kernel -modules (RhBug:1650072,1650074). Note that debugedit still cannot handle -compressed files, this is only for build-id generation. ---- - build/files.c | 4 ++++ - configure.ac | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/build/files.c b/build/files.c -index 3822be3d3..f72a7c866 100644 ---- a/build/files.c -+++ b/build/files.c -@@ -1828,7 +1828,11 @@ static int generateBuildIDs(FileList fl, ARGV_t *files) - kernel modules (ET_REL files with .modinfo section) - should have build-ids. */ - GElf_Ehdr ehdr; -+#if HAVE_DWELF_ELF_BEGIN -+ Elf *elf = dwelf_elf_begin(fd); -+#else - Elf *elf = elf_begin (fd, ELF_C_READ, NULL); -+#endif - if (elf != NULL && elf_kind(elf) == ELF_K_ELF - && gelf_getehdr(elf, &ehdr) != NULL - && (ehdr.e_type == ET_EXEC || ehdr.e_type == ET_DYN -diff --git a/configure.ac b/configure.ac -index 99ce7df32..b2d7ed806 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -487,6 +487,10 @@ AS_IF([test "$WITH_LIBELF" = yes],[ - # If possible we also want the strtab functions from elfutils 0.167. - # But we can fall back on the (unsupported) ebl alternatives if not. - AC_CHECK_LIB(dw, dwelf_strtab_init, [HAVE_LIBDW_STRTAB=yes]) -+ # whether libdw supports compressed ELF objects -+ AC_CHECK_LIB(dw, dwelf_elf_begin, [ -+ AC_DEFINE(HAVE_DWELF_ELF_BEGIN, 1, [Have dwelf_elf_begin?]) -+ ]) - ]) - ]) - ]) --- -2.21.0 - diff --git a/SOURCES/0002-build-check-rich-dependencies-for-special-characters.patch b/SOURCES/0002-build-check-rich-dependencies-for-special-characters.patch deleted file mode 100644 index c589020..0000000 --- a/SOURCES/0002-build-check-rich-dependencies-for-special-characters.patch +++ /dev/null @@ -1,69 +0,0 @@ -From e7fa1f1c1c4a6161c2254c761e857fdf04fba5ef Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com> -References: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com> -From: Igor Gnatenko -Date: Wed, 21 Nov 2018 15:36:35 +0100 -Subject: [PATCH 2/3] build: check rich dependencies for special characters - -Reported-by: Michael Schroeder ---- - build/pack.c | 30 +++++++++++++++++++++++++++--- - 1 file changed, 27 insertions(+), 3 deletions(-) - -diff --git a/build/pack.c b/build/pack.c -index daf878c76..c94964be2 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -228,12 +228,36 @@ exit: - return rc; - } - --static int haveTildeDep(Package pkg) -+struct charInDepData { -+ char c; -+ int present; -+}; -+ -+static rpmRC charInDepCb(void *cbdata, rpmrichParseType type, -+ const char *n, int nl, const char *e, int el, rpmsenseFlags sense, -+ rpmrichOp op, char **emsg) { -+ struct charInDepData *data = cbdata; -+ if (memchr(e, data->c, el)) -+ data->present = 1; -+ -+ return RPMRC_OK; -+} -+ -+static int haveCharInDep(Package pkg, char c) - { -+ struct charInDepData data = {c, 0}; - for (int i = 0; i < PACKAGE_NUM_DEPS; i++) { - rpmds ds = rpmdsInit(pkg->dependencies[i]); - while (rpmdsNext(ds) >= 0) { -- if (strchr(rpmdsEVR(ds), '~')) -+ if (rpmdsIsRich(ds)) { -+ const char *depstr = rpmdsN(ds); -+ rpmrichParse(&depstr, NULL, charInDepCb, &data); -+ } else { -+ const char *evr = rpmdsEVR(ds); -+ if (strchr(evr, c)) -+ data.present = 1; -+ } -+ if (data.present) - return 1; - } - } -@@ -327,7 +351,7 @@ exit: - static void finalizeDeps(Package pkg) - { - /* check if the package has a dependency with a '~' */ -- if (haveTildeDep(pkg)) -+ if (haveCharInDep(pkg, '~')) - (void) rpmlibNeedsFeature(pkg, "TildeInVersions", "4.10.0-1"); - - /* check if the package has a rich dependency */ --- -2.23.0 - diff --git a/SOURCES/0003-Add-support-for-sorting-caret-higher-than-base-versi.patch b/SOURCES/0003-Add-support-for-sorting-caret-higher-than-base-versi.patch deleted file mode 100644 index 0bb7be4..0000000 --- a/SOURCES/0003-Add-support-for-sorting-caret-higher-than-base-versi.patch +++ /dev/null @@ -1,131 +0,0 @@ -From c7e711bba58374f03347c795a567441cbef3de58 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com> -References: <871065ddd493c76d80345d2e80b38b9ce4c7acdd.1574338784.git.pmatilai@redhat.com> -From: Igor Gnatenko -Date: Sat, 10 Sep 2016 11:39:23 +0200 -Subject: [PATCH 3/3] Add support for sorting caret ('^') higher than base - version - -1.1^20160101 means 1.1 version (base) and patches which were applied at -that date on top of it. - -* 1.1^201601 > 1.1 -* 1.1^201601 < 1.1.1 - -Having symmetry is also good. - -Signed-off-by: Igor Gnatenko ---- - build/pack.c | 4 ++++ - lib/rpmds.c | 3 +++ - lib/rpmvercmp.c | 19 +++++++++++++++++-- - tests/rpmvercmp.at | 26 ++++++++++++++++++++++++++ - 4 files changed, 50 insertions(+), 2 deletions(-) - -diff --git a/build/pack.c b/build/pack.c -index c94964be2..d7adcb0e2 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -354,6 +354,10 @@ static void finalizeDeps(Package pkg) - if (haveCharInDep(pkg, '~')) - (void) rpmlibNeedsFeature(pkg, "TildeInVersions", "4.10.0-1"); - -+ /* check if the package has a dependency with a '^' */ -+ if (haveCharInDep(pkg, '^')) -+ (void) rpmlibNeedsFeature(pkg, "CaretInVersions", "4.15.0-1"); -+ - /* check if the package has a rich dependency */ - if (haveRichDep(pkg)) - (void) rpmlibNeedsFeature(pkg, "RichDependencies", "4.12.0-1"); -diff --git a/lib/rpmds.c b/lib/rpmds.c -index 01aa1022b..730a58c35 100644 ---- a/lib/rpmds.c -+++ b/lib/rpmds.c -@@ -1240,6 +1240,9 @@ static const struct rpmlibProvides_s rpmlibProvides[] = { - { "rpmlib(TildeInVersions)", "4.10.0-1", - ( RPMSENSE_EQUAL), - N_("dependency comparison supports versions with tilde.") }, -+ { "rpmlib(CaretInVersions)", "4.15.0-1", -+ ( RPMSENSE_EQUAL), -+ N_("dependency comparison supports versions with caret.") }, - { "rpmlib(LargeFiles)", "4.12.0-1", - ( RPMSENSE_EQUAL), - N_("support files larger than 4GB") }, -diff --git a/lib/rpmvercmp.c b/lib/rpmvercmp.c -index b3d08faa4..13857e151 100644 ---- a/lib/rpmvercmp.c -+++ b/lib/rpmvercmp.c -@@ -33,8 +33,8 @@ int rpmvercmp(const char * a, const char * b) - - /* loop through each version segment of str1 and str2 and compare them */ - while (*one || *two) { -- while (*one && !risalnum(*one) && *one != '~') one++; -- while (*two && !risalnum(*two) && *two != '~') two++; -+ while (*one && !risalnum(*one) && *one != '~' && *one != '^') one++; -+ while (*two && !risalnum(*two) && *two != '~' && *two != '^') two++; - - /* handle the tilde separator, it sorts before everything else */ - if (*one == '~' || *two == '~') { -@@ -45,6 +45,21 @@ int rpmvercmp(const char * a, const char * b) - continue; - } - -+ /* -+ * Handle caret separator. Concept is the same as tilde, -+ * except that if one of the strings ends (base version), -+ * the other is considered as higher version. -+ */ -+ if (*one == '^' || *two == '^') { -+ if (!*one) return -1; -+ if (!*two) return 1; -+ if (*one != '^') return 1; -+ if (*two != '^') return -1; -+ one++; -+ two++; -+ continue; -+ } -+ - /* If we ran to the end of either, we are finished with the loop */ - if (!(*one && *two)) break; - -diff --git a/tests/rpmvercmp.at b/tests/rpmvercmp.at -index 8b32209aa..1e7c960ea 100644 ---- a/tests/rpmvercmp.at -+++ b/tests/rpmvercmp.at -@@ -102,6 +102,32 @@ RPMVERCMP(1.0~rc1~git123, 1.0~rc1~git123, 0) - RPMVERCMP(1.0~rc1~git123, 1.0~rc1, -1) - RPMVERCMP(1.0~rc1, 1.0~rc1~git123, 1) - -+dnl Basic testcases for caret sorting -+RPMVERCMP(1.0^, 1.0^, 0) -+RPMVERCMP(1.0^, 1.0, 1) -+RPMVERCMP(1.0, 1.0^, -1) -+RPMVERCMP(1.0^git1, 1.0^git1, 0) -+RPMVERCMP(1.0^git1, 1.0, 1) -+RPMVERCMP(1.0, 1.0^git1, -1) -+RPMVERCMP(1.0^git1, 1.0^git2, -1) -+RPMVERCMP(1.0^git2, 1.0^git1, 1) -+RPMVERCMP(1.0^git1, 1.01, -1) -+RPMVERCMP(1.01, 1.0^git1, 1) -+RPMVERCMP(1.0^20160101, 1.0^20160101, 0) -+RPMVERCMP(1.0^20160101, 1.0.1, -1) -+RPMVERCMP(1.0.1, 1.0^20160101, 1) -+RPMVERCMP(1.0^20160101^git1, 1.0^20160101^git1, 0) -+RPMVERCMP(1.0^20160102, 1.0^20160101^git1, 1) -+RPMVERCMP(1.0^20160101^git1, 1.0^20160102, -1) -+ -+dnl Basic testcases for tilde and caret sorting -+RPMVERCMP(1.0~rc1^git1, 1.0~rc1^git1, 0) -+RPMVERCMP(1.0~rc1^git1, 1.0~rc1, 1) -+RPMVERCMP(1.0~rc1, 1.0~rc1^git1, -1) -+RPMVERCMP(1.0^git1~pre, 1.0^git1~pre, 0) -+RPMVERCMP(1.0^git1, 1.0^git1~pre, 1) -+RPMVERCMP(1.0^git1~pre, 1.0^git1, -1) -+ - dnl These are included here to document current, arguably buggy behaviors - dnl for reference purposes and for easy checking against unintended - dnl behavior changes. --- -2.23.0 - diff --git a/SOURCES/rpm-4-14.3-selinux-log-error.patch b/SOURCES/rpm-4-14.3-selinux-log-error.patch new file mode 100644 index 0000000..f16a908 --- /dev/null +++ b/SOURCES/rpm-4-14.3-selinux-log-error.patch @@ -0,0 +1,11 @@ +--- rpm-4.14.3/plugins/selinux.c.orig 2020-05-11 16:07:22.873791795 +0200 ++++ rpm-4.14.3/plugins/selinux.c 2020-05-11 16:10:11.701771157 +0200 +@@ -47,7 +47,7 @@ + + sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1); + +- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n", ++ rpmlog((sehandle == NULL) ? RPMLOG_ERR : RPMLOG_DEBUG, "selabel_open: (%s) %s\n", + path, (sehandle == NULL ? strerror(errno) : "")); + + return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL; diff --git a/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch new file mode 100644 index 0000000..8e4e835 --- /dev/null +++ b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch @@ -0,0 +1,186 @@ +diff -up rpm-4.14.3/sign/rpmgensig.c.orig rpm-4.14.3/sign/rpmgensig.c +--- rpm-4.14.3/sign/rpmgensig.c.orig 2020-06-26 15:57:43.781333983 +0200 ++++ rpm-4.14.3/sign/rpmgensig.c 2020-06-26 15:58:29.819229616 +0200 +@@ -8,7 +8,6 @@ + #include + #include + #include +-#include + + #include /* RPMSIGTAG & related */ + #include +@@ -33,68 +32,6 @@ typedef struct sigTarget_s { + rpm_loff_t size; + } *sigTarget; + +-/* +- * There is no function for creating unique temporary fifos so create +- * unique temporary directory and then create fifo in it. +- */ +-static char *mkTempFifo(void) +-{ +- char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL; +- mode_t mode; +- +- tmppath = rpmExpand("%{_tmppath}", NULL); +- if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1)) +- goto exit; +- +- +- tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL); +- mode = umask(0077); +- tmpdir = mkdtemp(tmpdir); +- umask(mode); +- if (tmpdir == NULL) { +- rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"), +- tmpdir); +- tmpdir = _free(tmpdir); +- goto exit; +- } +- +- fifofn = rpmGetPath(tmpdir, "/fifo", NULL); +- if (mkfifo(fifofn, 0600) == -1) { +- rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn); +- fifofn = _free(fifofn); +- } +- +-exit: +- if (fifofn == NULL && tmpdir != NULL) +- unlink(tmpdir); +- +- free(tmppath); +- free(tmpdir); +- +- return fifofn; +-} +- +-/* Delete fifo and then temporary directory in which it was located */ +-static int rpmRmTempFifo(const char *fn) +-{ +- int rc = 0; +- char *dfn = NULL, *dir = NULL; +- +- if ((rc = unlink(fn)) != 0) { +- rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn); +- return rc; +- } +- +- dfn = xstrdup(fn); +- dir = dirname(dfn); +- +- if ((rc = rmdir(dir)) != 0) +- rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir); +- free(dfn); +- +- return rc; +-} +- + static int closeFile(FD_t *fdp) + { + if (fdp == NULL || *fdp == NULL) +@@ -241,27 +178,38 @@ exit: + static int runGPG(sigTarget sigt, const char *sigfile) + { + int pid = 0, status; +- FD_t fnamedPipe = NULL; +- char *namedPipeName = NULL; ++ int pipefd[2]; ++ FILE *fpipe = NULL; + unsigned char buf[BUFSIZ]; + ssize_t count; + ssize_t wantCount; + rpm_loff_t size; + int rc = 1; /* assume failure */ + +- namedPipeName = mkTempFifo(); ++ if (pipe(pipefd) < 0) { ++ rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n")); ++ goto exit; ++ } + +- rpmPushMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1); ++ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1); + rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1); + + if (!(pid = fork())) { + char *const *av; + char *cmd = NULL; +- const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL); ++ const char *tty = ttyname(STDIN_FILENO); ++ const char *gpg_path = NULL; ++ ++ if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0))) ++ rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n")); + ++ gpg_path = rpmExpand("%{?_gpg_path}", NULL); + if (gpg_path && *gpg_path != '\0') + (void) setenv("GNUPGHOME", gpg_path, 1); + ++ dup2(pipefd[0], STDIN_FILENO); ++ close(pipefd[1]); ++ + unsetenv("MALLOC_CHECK_"); + cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL); + rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +@@ -276,9 +224,10 @@ static int runGPG(sigTarget sigt, const + rpmPopMacro(NULL, "__plaintext_filename"); + rpmPopMacro(NULL, "__signature_filename"); + +- fnamedPipe = Fopen(namedPipeName, "w"); +- if (!fnamedPipe) { +- rpmlog(RPMLOG_ERR, _("Fopen failed\n")); ++ close(pipefd[0]); ++ fpipe = fdopen(pipefd[1], "w"); ++ if (!fpipe) { ++ rpmlog(RPMLOG_ERR, _("Could not open pipe for writing: %m\n")); + goto exit; + } + +@@ -291,8 +240,8 @@ static int runGPG(sigTarget sigt, const + size = sigt->size; + wantCount = size < sizeof(buf) ? size : sizeof(buf); + while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) { +- Fwrite(buf, sizeof(buf[0]), count, fnamedPipe); +- if (Ferror(fnamedPipe)) { ++ fwrite(buf, sizeof(buf[0]), count, fpipe); ++ if (ferror(fpipe)) { + rpmlog(RPMLOG_ERR, _("Could not write to pipe\n")); + goto exit; + } +@@ -304,8 +253,13 @@ static int runGPG(sigTarget sigt, const + sigt->fileName, Fstrerror(sigt->fd)); + goto exit; + } +- Fclose(fnamedPipe); +- fnamedPipe = NULL; ++ ++exit: ++ ++ if (fpipe) ++ fclose(fpipe); ++ if (pipefd[1]) ++ close(pipefd[1]); + + (void) waitpid(pid, &status, 0); + pid = 0; +@@ -314,20 +268,6 @@ static int runGPG(sigTarget sigt, const + } else { + rc = 0; + } +- +-exit: +- +- if (fnamedPipe) +- Fclose(fnamedPipe); +- +- if (pid) +- waitpid(pid, &status, 0); +- +- if (namedPipeName) { +- rpmRmTempFifo(namedPipeName); +- free(namedPipeName); +- } +- + return rc; + } + diff --git a/SOURCES/rpm-4.14.3-python3.diff b/SOURCES/rpm-4.14.3-python3.diff new file mode 100644 index 0000000..7ec81b5 --- /dev/null +++ b/SOURCES/rpm-4.14.3-python3.diff @@ -0,0 +1,13 @@ +--- rpm-4.14.3/configure.ac.orig 2020-05-04 21:08:41.481365399 +0200 ++++ rpm-4.14.3/configure.ac 2020-05-04 21:09:03.550604043 +0200 +@@ -129,8 +129,8 @@ + + AC_PATH_PROG(__PERL, perl, /usr/bin/perl, $MYPATH) + AC_PATH_PROG(__PGP, pgp, /usr/bin/pgp, $MYPATH) +-AC_PATH_PROG(__PYTHON, python2, /usr/bin/python2, $MYPATH) +-AC_PATH_PROG(PYTHON, python2, /usr/bin/python2, $MYPATH) ++AC_PATH_PROG(__PYTHON, python3, /usr/bin/python3, $MYPATH) ++AC_PATH_PROG(PYTHON, python3, /usr/bin/python3, $MYPATH) + AC_PATH_PROG(__RM, rm, /bin/rm, $MYPATH) + AC_PATH_PROG(__RSH, rsh, /usr/bin/rsh, $MYPATH) + AC_PATH_PROG(__SED, sed, /bin/sed, $MYPATH) diff --git a/SOURCES/rpm-4.14.x-whitelist-name.patch b/SOURCES/rpm-4.14.x-whitelist-name.patch deleted file mode 100644 index de5cc5e..0000000 --- a/SOURCES/rpm-4.14.x-whitelist-name.patch +++ /dev/null @@ -1,29 +0,0 @@ -A partial no-op backport of commit 9e8e8bcfb1b1fa359c37499e11a302ec7bde1595 -to get caret patches to apply nicely - -diff --git a/build/parsePreamble.c b/build/parsePreamble.c -index 5715d2569..7d89617c2 100644 ---- a/build/parsePreamble.c -+++ b/build/parsePreamble.c -@@ -22,8 +22,6 @@ - #define SKIPWHITE(_x) {while (*(_x) && (risspace(*_x) || *(_x) == ',')) (_x)++;} - #define SKIPNONWHITE(_x){while (*(_x) &&!(risspace(*_x) || *(_x) == ',')) (_x)++;} - --#define WHITELIST_NAME ".-_+%{}" -- - /** - */ - static const rpmTagVal copyTagsDuringParse[] = { -diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h -index 439b7d3b5..cc9de88f9 100644 ---- a/build/rpmbuild_internal.h -+++ b/build/rpmbuild_internal.h -@@ -17,6 +17,8 @@ - #undef HTKEYTYPE - #undef HTDATATYPE - -+#define WHITELIST_NAME ".-_+%{}" -+ - struct TriggerFileEntry { - int index; - char * fileName; diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index 6043883..1cef8f9 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -28,9 +28,9 @@ %define rpmhome /usr/lib/rpm -%global rpmver 4.14.2 +%global rpmver 4.14.3 #global snapver rc2 -%global rel 37 +%global rel 4 %global srcver %{version}%{?snapver:-%{snapver}} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} @@ -72,37 +72,14 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch Patch7: rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch # Patches already upstream: -Patch100: 0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch Patch101: rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch Patch102: 0001-Document-noverify-in-the-man-page-RhBug-1646458.patch -Patch103: 0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch Patch104: 0001-Mark-elements-with-associated-problems-as-failed.patch -Patch105: 0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch -Patch106: 0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch -Patch107: 0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch Patch108: 0001-Only-read-through-payload-on-verify-if-actually-need.patch -Patch109: 0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch -Patch110: 0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch Patch111: 0003-Verify-packages-before-signing-RhBug-1646388.patch Patch112: 0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch -Patch113: 0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch -Patch114: 0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch -Patch115: 0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch Patch116: 0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch -Patch117: 0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch -Patch118: 0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch Patch119: 0001-Use-in-condition-to-avoid-sub-processes-in-find-debu.patch -Patch120: 0001-rpmsign-man-page-Add-line-about-rpmsign-requiring-a-.patch -Patch121: 0001-Use-dpbath-only-with-full-path-RhBug-1696408.patch -Patch122: 0001-Fix-a-blindingly-obvious-memleak-in-package-verify-s.patch -Patch123: 0001-Fix-rpmfiles-memory-leak-on-postuntrans-file-trigger.patch -Patch125: 0001-Remove-capabilities-instead-of-setting-empty-caps-vi.patch -Patch126: 0001-Fix-off-by-one-in-hdrblobGet-making-last-entry-unrea.patch -Patch127: 0001-Fix-memleak-during-transaction-verify-step-in-the-NO.patch -Patch128: 0001-Detect-kernel-modules-by-.modinfo-section-presence-f.patch -Patch129: 0002-Support-build-id-generation-from-compressed-ELF-file.patch -Patch130: 0001-Add-step-to-find-debuginfo.sh-script-to-compress-ann.patch -Patch131: 0001-rpmpgp-Handle-EOF-without-EOL-better-at-END-PGP.patch Patch132: 0001-debugedit-Refactor-reading-writing-of-relocated-valu.patch Patch133: 0002-Handle-.debug_macro-in-debugedit.patch Patch134: 0003-debugedit-Make-sure-.debug_line-old-new-idx-start-eq.patch @@ -114,11 +91,7 @@ Patch139: 0001-Make-check-buildroot-check-the-build-files-in-parall.patch Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch # XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch -Patch143: 0002-build-check-rich-dependencies-for-special-characters.patch -Patch144: 0003-Add-support-for-sorting-caret-higher-than-base-versi.patch -Patch145: rpm-4.14.x-whitelist-name.patch -Patch146: 0001-Consolidate-allowed-version-release-evr-allowed-char.patch -Patch147: 0002-Actually-permit-caret-in-version-release-and-evr-str.patch +Patch142: rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch # Python 3 string API sanity Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch @@ -131,6 +104,8 @@ Patch504: 0002-Use-Python-3-compatible-exception-syntax-in-tests.patch Patch505: 0003-Fix-couple-of-bytes-vs-strings-issues-in-Python-test.patch Patch506: 0004-Bump-the-minimum-Python-version-requirement-to-2.7.patch Patch507: 0005-Drop-an-unnecessary-Python-2-vs-3-incompatibility-fr.patch +Patch508: rpm-4.14.3-python3.diff +Patch509: rpm-4-14.3-selinux-log-error.patch # These are not yet upstream # Audit support @@ -458,7 +433,7 @@ done; --with-selinux \ --with-cap \ --with-acl \ - %{?with_ndb: --with-ndb} \ + %{?with_ndb: --enable-ndb} \ %{?with_libimaevm: --with-imaevm} \ %{?with_zstd: --enable-zstd} \ %{?with_lmdb: --enable-lmdb} \ @@ -678,6 +653,18 @@ make check || cat tests/rpmtests.log %doc doc/librpm/html/* %changelog +* Fri Jun 26 2020 Michal Domonkos - 4.14.3-4 +- Fix hang when signing with expired key (#1746353) + +* Wed May 13 2020 Panu Matilainen - 4.14.3-3 +- Fix configure option for --with ndb (#1817010, Matthew Almond) + +* Mon May 11 2020 Florian Festi - 4.14.3-2 +- Re-add selinux fix dropped in rebase + +* Mon May 4 2020 Florian Festi - 4.14.3-1 +- Rebase to 4.14.3 (#1765187) + * Fri Feb 21 2020 Michal Domonkos - 4.14.2-37 - Add API safeguard for DNF by using Conflicts: (#1790400)