From 0b292128d767c77911f533001ae4d77bbaaae6d2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 02 2019 12:54:23 +0000 Subject: import rpm-4.14.2-20.el8 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e818a85 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/rpm-4.14.2.tar.bz2 diff --git a/.rpm.metadata b/.rpm.metadata new file mode 100644 index 0000000..a860a67 --- /dev/null +++ b/.rpm.metadata @@ -0,0 +1 @@ +1ca664af796ab8d05ea3fccabe2b2e4767a97c74 SOURCES/rpm-4.14.2.tar.bz2 diff --git a/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch b/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch new file mode 100644 index 0000000..43dfe47 --- /dev/null +++ b/SOURCES/0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch @@ -0,0 +1,93 @@ +From 1da9e839bb573b9187403983f5a69853ab364306 Mon Sep 17 00:00:00 2001 +From: Pavlina Moravcova Varekova +Date: Sun, 17 Mar 2019 06:47:26 +0100 +Subject: [PATCH] Add flag to use strip -g instead of full strip on DSOs + (RhBug:1663264) + +The find-debuginfo.sh flag -g had exactly this meaning. But from +version rpm-4.13.0-alpha flag -g changes its behavior. It affects +both libraries and executables. + +For some packages the original behavior was preferred. That is why +the new find-debuginfo.sh flag --g-libs is created. + +Options -g and --g-libs are mutually exclusive. + + +Adjusted for rpm-4.14.2 in RHEL + +--- rpm-4.14.2/scripts/find-debuginfo.sh.orig 2019-04-24 15:14:29.351010878 +0200 ++++ rpm-4.14.2/scripts/find-debuginfo.sh 2019-04-24 15:19:42.296240705 +0200 +@@ -4,6 +4,7 @@ + # + # Usage: find-debuginfo.sh [--strict-build-id] [-g] [-r] [-m] [-i] [-n] + # [--keep-section SECTION] [--remove-section SECTION] ++# [--g-libs] + # [-j N] [--jobs N] + # [-o debugfiles.list] + # [-S debugsourcefiles.list] +@@ -16,6 +17,8 @@ + # [builddir] + # + # The -g flag says to use strip -g instead of full strip on DSOs or EXEs. ++# The --g-libs flag says to use strip -g instead of full strip ONLY on DSOs. ++# Options -g and --g-libs are mutually exclusive. + # The -r flag says to use eu-strip --reloc-debug-sections. + # Use --keep-section SECTION or --remove-section SECTION to explicitly + # keep a (non-allocated) section in the main executable or explicitly +@@ -68,6 +71,9 @@ + # With -g arg, pass it to strip on libraries or executables. + strip_g=false + ++# With --g-libs arg, pass it to strip on libraries. ++strip_glibs=false ++ + # with -r arg, pass --reloc-debug-sections to eu-strip. + strip_r=false + +@@ -135,6 +141,9 @@ + unique_debug_src_base=$2 + shift + ;; ++ --g-libs) ++ strip_glibs=true ++ ;; + -g) + strip_g=true + ;; +@@ -204,6 +213,11 @@ + exit 2 + fi + ++if ("$strip_g" = "true") && ("$strip_glibs" = "true"); then ++ echo >&2 "*** ERROR: -g and --g-libs cannot be used together" ++ exit 2 ++fi ++ + i=0 + while ((i < nout)); do + outs[$i]="$BUILDDIR/${outs[$i]}" +@@ -237,6 +251,9 @@ + application/x-executable*) g=-g ;; + application/x-pie-executable*) g=-g ;; + esac ++ $strip_glibs && case "$(file -bi "$2")" in ++ application/x-sharedlib*) g=-g ;; ++ esac + eu-strip --remove-comment $r $g ${keep_remove_args} -f "$1" "$2" || exit + chmod 444 "$1" || exit + } +@@ -409,8 +426,12 @@ + # libraries. Other executable ELF files (like kernel modules) don't need it. + if [ "$include_minidebug" = "true" -a "$strip_g" = "false" ]; then + skip_mini=true ++ if [ "$strip_glibs" = "false" ]; then ++ case "$(file -bi "$f")" in ++ application/x-sharedlib*) skip_mini=false ;; ++ esac ++ fi + case "$(file -bi "$f")" in +- application/x-sharedlib*) skip_mini=false ;; + application/x-executable*) skip_mini=false ;; + esac + $skip_mini || add_minidebug "${debugfn}" "$f" diff --git a/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch b/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch new file mode 100644 index 0000000..9f123ba --- /dev/null +++ b/SOURCES/0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch @@ -0,0 +1,38 @@ +From ce11f04ed529cd84de8981b82c1185c0a30dfdcf Mon Sep 17 00:00:00 2001 +From: Pavlina Moravcova Varekova +Date: Thu, 14 Mar 2019 13:23:13 +0100 +Subject: [PATCH] Correct rpm -ql exit value when optional -p is omitted + (RhBug:1680610) + +--- + lib/query.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/query.c b/lib/query.c +index e47189ed0..e5408e211 100644 +--- a/lib/query.c ++++ b/lib/query.c +@@ -568,16 +568,18 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv) + break; + default: + for (ARGV_const_t arg = argv; arg && *arg; arg++) { ++ int ecLocal; + rpmdbMatchIterator mi = initQueryIterator(qva, ts, *arg); +- ec += rpmcliShowMatches(qva, ts, mi); ++ ecLocal = rpmcliShowMatches(qva, ts, mi); + if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) { + size_t l = strlen(*arg); + if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) { + rpmgi gi = rpmgiNew(ts, giFlags, argv); +- ec += rpmgiShowMatches(qva, ts, gi); ++ ecLocal = rpmgiShowMatches(qva, ts, gi); + rpmgiFree(gi); + } + } ++ ec += ecLocal; + rpmdbFreeIterator(mi); + } + break; +-- +2.17.2 + diff --git a/SOURCES/0001-Document-noverify-in-the-man-page-RhBug-1646458.patch b/SOURCES/0001-Document-noverify-in-the-man-page-RhBug-1646458.patch new file mode 100644 index 0000000..df0aaab --- /dev/null +++ b/SOURCES/0001-Document-noverify-in-the-man-page-RhBug-1646458.patch @@ -0,0 +1,37 @@ +From c4f285cff8f830447857e52848ecf909cedb192a Mon Sep 17 00:00:00 2001 +Message-Id: +From: Panu Matilainen +Date: Tue, 6 Nov 2018 12:22:55 +0200 +Subject: [PATCH] Document --noverify in the man page (RhBug:1646458) + +Should've been in commit 765e2c72ae8be369ada41d4747b8999519a0e327 +--- + doc/rpm.8 | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/doc/rpm.8 b/doc/rpm.8 +index 5ab61b2ac..31c51d821 100644 +--- a/doc/rpm.8 ++++ b/doc/rpm.8 +@@ -104,7 +104,7 @@ Scripts and triggers: + [\fB--ignoresize\fR] [\fB--ignorearch\fR] [\fB--ignoreos\fR] + [\fB--includedocs\fR] [\fB--justdb\fR] + [\fB--nodeps\fR] [\fB--nodigest\fR] [\fB--noplugins\fR] +- [\fB--nocaps\fR] [\fB--noorder\fR] ++ [\fB--nocaps\fR] [\fB--noorder\fR] [\fB--noverify\fR] + [\fB--nosignature\fR] [\fB--noscripts\fR] [\fB--notriggers\fR] + [\fB--oldpackage\fR] [\fB--percent\fR] [\fB--prefix \fINEWPATH\fB\fR] + [\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR] +@@ -315,6 +315,9 @@ Don't set file capabilities. + Don't reorder the packages for an install. The list of + packages would normally be reordered to satisfy dependencies. + .TP ++\fB--noverify\fR ++Don't perform verify package files prior to installation. ++.TP + \fB--noplugins\fR + Do not load and execute plugins. + .TP +-- +2.19.2 + diff --git a/SOURCES/0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch b/SOURCES/0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch new file mode 100644 index 0000000..df98eaa --- /dev/null +++ b/SOURCES/0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch @@ -0,0 +1,152 @@ +From 13f70e3710b2df49a923cc6450ff4a8f86e65666 Mon Sep 17 00:00:00 2001 +Message-Id: <13f70e3710b2df49a923cc6450ff4a8f86e65666.1555050140.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Wed, 20 Mar 2019 12:38:00 +0200 +Subject: [PATCH] Fix FA_TOUCH on files with suid/sgid bits and/or capabilities + +FA_TOUCH used to set suffix to "" instead of NULL which causes fsmCommit() +to rename the file onto itself, which is a bit dumb but mostly harmless +with regular permission. On suid/sgid/capabilities we strip any extra +privileges on rename to make sure hardlinks are neutered, and because +rename occurs after other permissions etc setting, on FA_TOUCH those +extra privileges are stripped and much brokenness will follow. + +A more minimal fix would be a strategically placed strcmp(), but NULL +is what the rest of the fsm expects for no suffix and differentiating +between empty and NULL suffix is too subtle for its own good as +witnessed here. So now, NULL suffix is no suffix again and the rest +of the code will do the right thing except where related to creation, +and creation is what FA_TOUCH wont do so lets just explicitly skip it +and restore the original code otherwise. The goto is ugly but reindenting +gets even uglier, shrug. Add a test-case to go with it. + +This has been broken since its introduction in commit +79ca74e15e15c1d91a9a31a9ee90abc91736f390 so all current 4.14.x versions +are affected. +--- + lib/fsm.c | 17 ++++++++++---- + tests/data/SPECS/replacetest.spec | 2 +- + tests/rpmverify.at | 38 ++++++++++++++++++++++++++++++- + 3 files changed, 50 insertions(+), 7 deletions(-) + +diff --git a/lib/fsm.c b/lib/fsm.c +index 8eb2c185c..432bcbd90 100644 +--- a/lib/fsm.c ++++ b/lib/fsm.c +@@ -898,12 +898,12 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + + action = rpmfsGetAction(fs, rpmfiFX(fi)); + skip = XFA_SKIPPING(action); +- suffix = S_ISDIR(rpmfiFMode(fi)) ? NULL : tid; + if (action != FA_TOUCH) { +- fpath = fsmFsPath(fi, suffix); ++ suffix = S_ISDIR(rpmfiFMode(fi)) ? NULL : tid; + } else { +- fpath = fsmFsPath(fi, ""); ++ suffix = NULL; + } ++ fpath = fsmFsPath(fi, suffix); + + /* Remap file perms, owner, and group. */ + rc = rpmfiStat(fi, 1, &sb); +@@ -926,6 +926,10 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + if (!skip) { + int setmeta = 1; + ++ /* When touching we don't need any of this... */ ++ if (action == FA_TOUCH) ++ goto touch; ++ + /* Directories replacing something need early backup */ + if (!suffix) { + rc = fsmBackup(fi, action); +@@ -934,7 +938,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + if (!suffix) { + rc = fsmVerify(fpath, fi); + } else { +- rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT; ++ rc = RPMERR_ENOENT; + } + + if (S_ISREG(sb.st_mode)) { +@@ -970,11 +974,14 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + if (!IS_DEV_LOG(fpath)) + rc = RPMERR_UNKNOWN_FILETYPE; + } ++ ++touch: + /* Set permissions, timestamps etc for non-hardlink entries */ + if (!rc && setmeta) { + rc = fsmSetmeta(fpath, fi, plugins, action, &sb, nofcaps); + } + } else if (firsthardlink >= 0 && rpmfiArchiveHasContent(fi)) { ++ /* On FA_TOUCH no hardlinks are created thus this is skipped. */ + /* we skip the hard linked file containing the content */ + /* write the content to the first used instead */ + char *fn = rpmfilesFN(files, firsthardlink); +@@ -987,7 +994,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, + if (rc) { + if (!skip) { + /* XXX only erase if temp fn w suffix is in use */ +- if (suffix && (action != FA_TOUCH)) { ++ if (suffix) { + (void) fsmRemove(fpath, sb.st_mode); + } + errno = saveerrno; +diff --git a/tests/data/SPECS/replacetest.spec b/tests/data/SPECS/replacetest.spec +index 54974567b..d5a1729d3 100644 +--- a/tests/data/SPECS/replacetest.spec ++++ b/tests/data/SPECS/replacetest.spec +@@ -46,4 +46,4 @@ rm -rf $RPM_BUILD_ROOT + + %files + %defattr(-,%{user},%{grp},-) +-/opt/* ++%{?fileattr} /opt/* +diff --git a/tests/rpmverify.at b/tests/rpmverify.at +index 52ee2abfb..f7dd57531 100644 +--- a/tests/rpmverify.at ++++ b/tests/rpmverify.at +@@ -575,3 +575,39 @@ + ], + []) + AT_CLEANUP ++ ++AT_SETUP([Upgraded verification with min_writes 5 (suid files)]) ++AT_KEYWORDS([upgrade verify min_writes]) ++AT_CHECK([ ++RPMDB_CLEAR ++RPMDB_INIT ++tf="${RPMTEST}"/opt/foo ++rm -rf "${tf}" "${tf}".rpm* ++rm -rf "${TOPDIR}" ++ ++for v in "1.0" "2.0"; do ++ runroot rpmbuild --quiet -bb \ ++ --define "ver $v" \ ++ --define "filetype file" \ ++ --define "filedata foo" \ ++ --define "fileattr %attr(2755,-,-)" \ ++ /data/SPECS/replacetest.spec ++done ++ ++runroot rpm -U /build/RPMS/noarch/replacetest-1.0-1.noarch.rpm ++runroot rpm -Va --nouser --nogroup replacetest ++runroot rpm -U \ ++ --define "_minimize_writes 1" \ ++ /build/RPMS/noarch/replacetest-2.0-1.noarch.rpm ++runroot rpm -Va --nouser --nogroup replacetest ++chmod 777 "${tf}" ++runroot rpm -U \ ++ --oldpackage \ ++ --define "_minimize_writes 1" \ ++ /build/RPMS/noarch/replacetest-1.0-1.noarch.rpm ++runroot rpm -Va --nouser --nogroup replacetest ++], ++[0], ++[], ++[]) ++AT_CLEANUP +-- +2.20.1 + diff --git a/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch b/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch new file mode 100644 index 0000000..494634d --- /dev/null +++ b/SOURCES/0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch @@ -0,0 +1,46 @@ +From 531dc8495cd3aabd3f659ecab604106fdbacbe98 Mon Sep 17 00:00:00 2001 +Message-Id: <531dc8495cd3aabd3f659ecab604106fdbacbe98.1554974459.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Wed, 3 Oct 2018 11:51:38 +0300 +Subject: [PATCH] Fix ancient python GIL locking bug on callback + (RhBug:1632488) + +Introduced in commit c7881d801745b4c156a8aa2afc17b95f97481e34 back in 2002, +synthesizing a python object for the callback occurs before retaking +the GIL lock, which is not allowed. Somehow this has managed to stay +latent all these years, and even now requires fairly specific conditions: +when the callback gets called without an associated key, such as erasures +or file trigger script start/stop events (in the case of RhBug:1632488), +when Python 3 is running in PYTHONMALLOC=debug mode, +it crashes with "Python memory allocator called without holding the GIL". + +Simply retake the lock before any Python operations take place to fix. +--- + python/rpmts-py.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/rpmts-py.c b/python/rpmts-py.c +index e4c5e1250..1ddfc9a1e 100644 +--- a/python/rpmts-py.c ++++ b/python/rpmts-py.c +@@ -495,6 +495,8 @@ rpmtsCallback(const void * hd, const rpmCallbackType what, + + if (cbInfo->cb == Py_None) return NULL; + ++ PyEval_RestoreThread(cbInfo->_save); ++ + /* Synthesize a python object for callback (if necessary). */ + if (pkgObj == NULL) { + if (h) { +@@ -506,8 +508,6 @@ rpmtsCallback(const void * hd, const rpmCallbackType what, + } else + Py_INCREF(pkgObj); + +- PyEval_RestoreThread(cbInfo->_save); +- + args = Py_BuildValue("(iLLOO)", what, amount, total, pkgObj, cbInfo->data); + result = PyEval_CallObject(cbInfo->cb, args); + Py_DECREF(args); +-- +2.20.1 + diff --git a/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch b/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch new file mode 100644 index 0000000..a5c45e7 --- /dev/null +++ b/SOURCES/0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch @@ -0,0 +1,52 @@ +From 0d83637769b8a122b1e80f2e960ea1bbae8b4f10 Mon Sep 17 00:00:00 2001 +Message-Id: <0d83637769b8a122b1e80f2e960ea1bbae8b4f10.1540199566.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Mon, 22 Oct 2018 10:52:39 +0300 +Subject: [PATCH] Fix nasty --setperms/--setugids regression in 4.14.2 (RhBug: + 1640470) + +Commit 38c2f6e160d5ed3e9c3a266139c7eb2632724c15 causes --setperms and +--setugids follow symlinks instead of skipping them. + +In case of --setperms, all encountered symlinks will have their +target file/directory permissions set to the 0777 of the link itself +(so world writable etc but suid/sgid stripped), temporarily or permanently, +depending on whether the symlink occurs before or after it's target in the +package file list. When the link occurs before its target, there's a short +window where the target is world writable before having it's permissions +reset to original, making it particularly bad for suid/sgid binaries. + +--setugids is similarly affected with link targets owner/group changing +to that of the symlink. + +Add missing parentheses to the conditions introduced in commit +38c2f6e160d5ed3e9c3a266139c7eb2632724c15 to fix. +Reported by Karel Srot, patch by Pavlina Moravcova Varekova. +--- + rpmpopt.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rpmpopt.in b/rpmpopt.in +index 8aaa91f11..42d3416a3 100644 +--- a/rpmpopt.in ++++ b/rpmpopt.in +@@ -44,14 +44,14 @@ rpm alias --scripts --qf '\ + --POPTdesc=$"list install/erase scriptlets from package(s)" + + rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ +- \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] || \ ++ ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ + chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ + --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ + --POPTdesc=$"set permissions of files in a package" + + rpm alias --setugids -q --qf \ + '[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape} %{FILEFLAGS}\n]' \ +- --pipe "(echo 'ch() { \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] || \ ++ --pipe "(echo 'ch() { ( \[ $(($4 & 2#1001000)) != 0 \] && \[ ! -e \"$3\" \] ) || \ + (chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\";) }'; \ + grep '^ch '|grep -v \(none\))|sh" \ + --POPTdesc=$"set user/group ownership of files in a package" +-- +2.17.2 + diff --git a/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch b/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch new file mode 100644 index 0000000..c1dfffe --- /dev/null +++ b/SOURCES/0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch @@ -0,0 +1,39 @@ +From a144c29831a39ed303d6ea8d2ae91e1c36d64c84 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Panu Matilainen +Date: Wed, 15 May 2019 13:51:19 +0300 +Subject: [PATCH] Fix packages getting erased on failed update with dnf + (RhBug:1620275) + +When adding update elements, we set the erase element to depend on the +install element, but if an API user adds the same erasure manually +after adding the update, we know its a duplicate erasure and filter +it out, BUT we zero out the dependent element in the process. And +if installing the update now fails, we end up removing the whole package +due to that missing dependent element. + +This never happens with rpm itself so we can't easily test it, but is +100% reproducable with dnf (at least dnf 3-4). Apparently it adds all +erasures by itself (which is kind of understandable I guess, perhaps +we should better allow this in the API) +--- + lib/depends.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/depends.c b/lib/depends.c +index 6e9866eae..f8a6084ab 100644 +--- a/lib/depends.c ++++ b/lib/depends.c +@@ -121,7 +121,8 @@ static int removePackage(rpmts ts, Header h, rpmte depends) + + /* Filter out duplicate erasures. */ + if (packageHashGetEntry(tsmem->removedPackages, dboffset, &pp, NULL, NULL)) { +- rpmteSetDependsOn(pp[0], depends); ++ if (depends) ++ rpmteSetDependsOn(pp[0], depends); + return 0; + } + +-- +2.21.0 + diff --git a/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch b/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch new file mode 100644 index 0000000..a3faebb --- /dev/null +++ b/SOURCES/0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch @@ -0,0 +1,60 @@ +From 050b392f8c11d111379e0d2bac52762beb97b3ae Mon Sep 17 00:00:00 2001 +Message-Id: <050b392f8c11d111379e0d2bac52762beb97b3ae.1559645935.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Tue, 2 Apr 2019 12:57:11 +0300 +Subject: [PATCH] Fix segfault on fingerprinting symlink round (RhBug:1660232) + +Both yum and dnf perform a test-transaction before the real thing, +and both neglet to check for an error code from the test-transaction +when there are no problem objects to return. Which can happen in +some special cases, such a using different vsflags between initial +package read and transaction (which is what both yum and dnf do), +which can cause the in-transaction package open fail on corrupt packages. +And when this failed transaction is fed back to rpmtsRun(), it +segfaults in fingerprinting as the second loop of symlink checking +doesn't check for NULL's element files like the first loop does. + +Add the missing NULL check and remove bogus "can't happen" comment to fix. + +FWIW, the scenario with different vsflags and corrupted packages doesn't +happen by default in rpm >= 4.14.2, the corrupt package gets caught +in the verify stage which does create problem objects and thus both +yum and dnf abort as they should. +--- + lib/fprint.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/fprint.c b/lib/fprint.c +index b810e4d2b..ab1891961 100644 +--- a/lib/fprint.c ++++ b/lib/fprint.c +@@ -488,7 +488,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) + (void) rpmsqPoll(); + + if ((fi = rpmteFiles(p)) == NULL) +- continue; /* XXX can't happen */ ++ continue; + + (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); + rpmfilesFpLookup(fi, fpc); +@@ -522,6 +522,9 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) + while ((p = rpmtsiNext(pi, 0)) != NULL) { + (void) rpmsqPoll(); + ++ if ((fi = rpmteFiles(p)) == NULL) ++ continue; ++ + fs = rpmteGetFileStates(p); + fc = rpmfsFC(fs); + (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); +@@ -531,6 +534,7 @@ void fpCachePopulate(fingerPrintCache fpc, rpmts ts, int fileCount) + fpLookupSubdir(symlinks, fpc, p, i); + } + (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0); ++ rpmfilesFree(fi); + } + rpmtsiFree(pi); + +-- +2.21.0 + diff --git a/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch b/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch new file mode 100644 index 0000000..7d99a49 --- /dev/null +++ b/SOURCES/0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch @@ -0,0 +1,28 @@ +From 66e0c929b203d684a4f58135f42435fcc29cdd51 Mon Sep 17 00:00:00 2001 +Message-Id: <66e0c929b203d684a4f58135f42435fcc29cdd51.1554982695.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Wed, 10 Oct 2018 12:00:19 +0300 +Subject: [PATCH] Fix testing for wrong variable in selinux plugin debug log + +The strerror() case couldn't be reached as we were testing for the +wrong rc, spotted by covscan. +--- + plugins/selinux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/selinux.c b/plugins/selinux.c +index 3c9d9e4ab..accd47416 100644 +--- a/plugins/selinux.c ++++ b/plugins/selinux.c +@@ -169,7 +169,7 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, + + if (rpmIsDebug()) { + rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n", +- path, scon, (rc < 0 ? strerror(errno) : "")); ++ path, scon, (conrc < 0 ? strerror(errno) : "")); + } + + if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) +-- +2.20.1 + diff --git a/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch b/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch new file mode 100644 index 0000000..39f84d4 --- /dev/null +++ b/SOURCES/0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch @@ -0,0 +1,47 @@ +From 74766d30b95f1575df8a42d185f2643caa235a8b Mon Sep 17 00:00:00 2001 +Message-Id: <74766d30b95f1575df8a42d185f2643caa235a8b.1543835412.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Fri, 23 Nov 2018 12:47:27 +0200 +Subject: [PATCH] Handle unsupported digests the same as disabled ones + (RhBug:1652529) + +A digest type unsupported by the underlying crypto library (whether +technically or by configuration) does not mean the digest is invalid, +it just cannot be used. Which for the purposes of verification is the +same as if that digest didn't exist at all, and that's exactly how we +handle digests and signatures disabled by configuration. + +One particular case is FIPS mode which globally disables the use of MD5, +which we mishandled prior to this by showing it as OK in verification +despite actually not verifying it at all. + +The exact place for handling this case is a bit subtle: the "obvious" +place for checking for supported type is in rpmvsInitRange() but this +doesn't work because of rpmDigestBundleAddID() return code semantics. +The other "obvious" place would be rpmvsVerify(), but by that point +we have even more funny cases to consider. So for now, it's actually +easiest to check for this in rpmvsFiniRange() even if it's not the +most obvious place for doing so. Might want to change the +rpmDigestBundleAddID() semantics later, but this makes for a nicer +backport (we'll need this in 4.14.x too). +--- + lib/rpmvs.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/rpmvs.c b/lib/rpmvs.c +index 7b5b86f8e..622e48011 100644 +--- a/lib/rpmvs.c ++++ b/lib/rpmvs.c +@@ -388,6 +388,9 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range) + + if (sinfo->range == range && sinfo->rc == RPMRC_OK) { + sinfo->ctx = rpmDigestBundleDupCtx(sis->bundle, sinfo->id); ++ /* Handle unsupported digests the same as disabled ones */ ++ if (sinfo->ctx == NULL) ++ sinfo->rc = RPMRC_NOTFOUND; + rpmDigestBundleFinal(sis->bundle, sinfo->id, NULL, NULL, 0); + } + } +-- +2.19.2 + diff --git a/SOURCES/0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch b/SOURCES/0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch new file mode 100644 index 0000000..35f12c2 --- /dev/null +++ b/SOURCES/0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch @@ -0,0 +1,656 @@ +From 84920f898315d09a57a3f1067433eaeb7de5e830 Mon Sep 17 00:00:00 2001 +Message-Id: <84920f898315d09a57a3f1067433eaeb7de5e830.1554884444.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Fri, 22 Feb 2019 19:44:16 +0200 +Subject: [PATCH] In Python 3, return all our string data as surrogate-escaped + utf-8 strings + +In the almost ten years of rpm sort of supporting Python 3 bindings, quite +obviously nobody has actually tried to use them. There's a major mismatch +between what the header API outputs (bytes) and what all the other APIs +accept (strings), resulting in hysterical TypeErrors all over the place, +including but not limited to labelCompare() (RhBug:1631292). Also a huge +number of other places have been returning strings and silently assuming +utf-8 through use of Py_BuildValue("s", ...), which will just irrevocably +fail when non-utf8 data is encountered. + +The politically Python 3-correct solution would be declaring all our data +as bytes with unspecified encoding - that's exactly what it historically is. +However doing so would by definition break every single rpm script people +have developed on Python 2. And when 99% of the rpm content in the world +actually is utf-8 encoded even if it doesn't say so (and in recent times +packages even advertise themselves as utf-8 encoded), the bytes-only route +seems a wee bit too draconian, even to this grumpy old fella. + +Instead, route all our string returns through a single helper macro +which on Python 2 just does what we always did, but in Python 3 converts +the data to surrogate-escaped utf-8 strings. This makes stuff "just work" +out of the box pretty much everywhere even with Python 3 (including +our own test-suite!), while still allowing to handle the non-utf8 case. +Handling the non-utf8 case is a bit more uglier but still possible, +which is exactly how you want corner-cases to be. There might be some +uses for retrieving raw byte data from the header, but worrying about +such an API is a case for some other rainy day, for now we mostly only +care that stuff works again. + +Also add test-cases for mixed data source labelCompare() and +non-utf8 insert to + retrieve from header. +--- + python/header-py.c | 2 +- + python/rpmds-py.c | 8 ++++---- + python/rpmfd-py.c | 6 +++--- + python/rpmfi-py.c | 24 ++++++++++++------------ + python/rpmfiles-py.c | 26 +++++++++++++------------- + python/rpmkeyring-py.c | 2 +- + python/rpmmacro-py.c | 2 +- + python/rpmmodule.c | 2 +- + python/rpmps-py.c | 8 ++++---- + python/rpmstrpool-py.c | 2 +- + python/rpmsystem-py.h | 7 +++++++ + python/rpmtd-py.c | 2 +- + python/rpmte-py.c | 16 ++++++++-------- + python/rpmts-py.c | 11 ++++++----- + python/spec-py.c | 8 ++++---- + tests/local.at | 1 + + tests/rpmpython.at | 34 ++++++++++++++++++++++++++++++++++ + 17 files changed, 102 insertions(+), 59 deletions(-) + +diff --git a/python/header-py.c b/python/header-py.c +index c9d54e869..93c241cb7 100644 +--- a/python/header-py.c ++++ b/python/header-py.c +@@ -231,7 +231,7 @@ static PyObject * hdrFormat(hdrObject * s, PyObject * args, PyObject * kwds) + return NULL; + } + +- result = Py_BuildValue("s", r); ++ result = utf8FromString(r); + free(r); + + return result; +diff --git a/python/rpmds-py.c b/python/rpmds-py.c +index 39b26628e..ecc9af9d5 100644 +--- a/python/rpmds-py.c ++++ b/python/rpmds-py.c +@@ -31,19 +31,19 @@ rpmds_Ix(rpmdsObject * s) + static PyObject * + rpmds_DNEVR(rpmdsObject * s) + { +- return Py_BuildValue("s", rpmdsDNEVR(s->ds)); ++ return utf8FromString(rpmdsDNEVR(s->ds)); + } + + static PyObject * + rpmds_N(rpmdsObject * s) + { +- return Py_BuildValue("s", rpmdsN(s->ds)); ++ return utf8FromString(rpmdsN(s->ds)); + } + + static PyObject * + rpmds_EVR(rpmdsObject * s) + { +- return Py_BuildValue("s", rpmdsEVR(s->ds)); ++ return utf8FromString(rpmdsEVR(s->ds)); + } + + static PyObject * +@@ -261,7 +261,7 @@ rpmds_subscript(rpmdsObject * s, PyObject * key) + + ix = (int) PyInt_AsLong(key); + rpmdsSetIx(s->ds, ix); +- return Py_BuildValue("s", rpmdsDNEVR(s->ds)); ++ return utf8FromString(rpmdsDNEVR(s->ds)); + } + + static PyMappingMethods rpmds_as_mapping = { +diff --git a/python/rpmfd-py.c b/python/rpmfd-py.c +index 85fb0cd24..4b05cce5f 100644 +--- a/python/rpmfd-py.c ++++ b/python/rpmfd-py.c +@@ -327,17 +327,17 @@ static PyObject *rpmfd_get_closed(rpmfdObject *s) + static PyObject *rpmfd_get_name(rpmfdObject *s) + { + /* XXX: rpm returns non-paths with [mumble], python files use */ +- return Py_BuildValue("s", Fdescr(s->fd)); ++ return utf8FromString(Fdescr(s->fd)); + } + + static PyObject *rpmfd_get_mode(rpmfdObject *s) + { +- return Py_BuildValue("s", s->mode); ++ return utf8FromString(s->mode); + } + + static PyObject *rpmfd_get_flags(rpmfdObject *s) + { +- return Py_BuildValue("s", s->flags); ++ return utf8FromString(s->flags); + } + + static PyGetSetDef rpmfd_getseters[] = { +diff --git a/python/rpmfi-py.c b/python/rpmfi-py.c +index 8d2f926d0..db405c231 100644 +--- a/python/rpmfi-py.c ++++ b/python/rpmfi-py.c +@@ -41,19 +41,19 @@ rpmfi_DX(rpmfiObject * s, PyObject * unused) + static PyObject * + rpmfi_BN(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiBN(s->fi)); ++ return utf8FromString(rpmfiBN(s->fi)); + } + + static PyObject * + rpmfi_DN(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiDN(s->fi)); ++ return utf8FromString(rpmfiDN(s->fi)); + } + + static PyObject * + rpmfi_FN(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiFN(s->fi)); ++ return utf8FromString(rpmfiFN(s->fi)); + } + + static PyObject * +@@ -98,7 +98,7 @@ rpmfi_Digest(rpmfiObject * s, PyObject * unused) + { + char *digest = rpmfiFDigestHex(s->fi, NULL); + if (digest) { +- PyObject *dig = Py_BuildValue("s", digest); ++ PyObject *dig = utf8FromString(digest); + free(digest); + return dig; + } else { +@@ -109,7 +109,7 @@ rpmfi_Digest(rpmfiObject * s, PyObject * unused) + static PyObject * + rpmfi_FLink(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiFLink(s->fi)); ++ return utf8FromString(rpmfiFLink(s->fi)); + } + + static PyObject * +@@ -133,13 +133,13 @@ rpmfi_FMtime(rpmfiObject * s, PyObject * unused) + static PyObject * + rpmfi_FUser(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiFUser(s->fi)); ++ return utf8FromString(rpmfiFUser(s->fi)); + } + + static PyObject * + rpmfi_FGroup(rpmfiObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmfiFGroup(s->fi)); ++ return utf8FromString(rpmfiFGroup(s->fi)); + } + + static PyObject * +@@ -155,7 +155,7 @@ rpmfi_FClass(rpmfiObject * s, PyObject * unused) + + if ((FClass = rpmfiFClass(s->fi)) == NULL) + FClass = ""; +- return Py_BuildValue("s", FClass); ++ return utf8FromString(FClass); + } + + static PyObject * +@@ -208,7 +208,7 @@ rpmfi_iternext(rpmfiObject * s) + Py_INCREF(Py_None); + PyTuple_SET_ITEM(result, 0, Py_None); + } else +- PyTuple_SET_ITEM(result, 0, Py_BuildValue("s", FN)); ++ PyTuple_SET_ITEM(result, 0, utf8FromString(FN)); + PyTuple_SET_ITEM(result, 1, PyLong_FromLongLong(FSize)); + PyTuple_SET_ITEM(result, 2, PyInt_FromLong(FMode)); + PyTuple_SET_ITEM(result, 3, PyInt_FromLong(FMtime)); +@@ -222,12 +222,12 @@ rpmfi_iternext(rpmfiObject * s) + Py_INCREF(Py_None); + PyTuple_SET_ITEM(result, 10, Py_None); + } else +- PyTuple_SET_ITEM(result, 10, Py_BuildValue("s", FUser)); ++ PyTuple_SET_ITEM(result, 10, utf8FromString(FUser)); + if (FGroup == NULL) { + Py_INCREF(Py_None); + PyTuple_SET_ITEM(result, 11, Py_None); + } else +- PyTuple_SET_ITEM(result, 11, Py_BuildValue("s", FGroup)); ++ PyTuple_SET_ITEM(result, 11, utf8FromString(FGroup)); + PyTuple_SET_ITEM(result, 12, rpmfi_Digest(s, NULL)); + + } else +@@ -313,7 +313,7 @@ rpmfi_subscript(rpmfiObject * s, PyObject * key) + + ix = (int) PyInt_AsLong(key); + rpmfiSetFX(s->fi, ix); +- return Py_BuildValue("s", rpmfiFN(s->fi)); ++ return utf8FromString(rpmfiFN(s->fi)); + } + + static PyMappingMethods rpmfi_as_mapping = { +diff --git a/python/rpmfiles-py.c b/python/rpmfiles-py.c +index bc07dbeaf..557246cae 100644 +--- a/python/rpmfiles-py.c ++++ b/python/rpmfiles-py.c +@@ -41,37 +41,37 @@ static PyObject *rpmfile_dx(rpmfileObject *s) + static PyObject *rpmfile_name(rpmfileObject *s) + { + char * fn = rpmfilesFN(s->files, s->ix); +- PyObject *o = Py_BuildValue("s", fn); ++ PyObject *o = utf8FromString(fn); + free(fn); + return o; + } + + static PyObject *rpmfile_basename(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesBN(s->files, s->ix)); ++ return utf8FromString(rpmfilesBN(s->files, s->ix)); + } + + static PyObject *rpmfile_dirname(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesDN(s->files, rpmfilesDI(s->files, s->ix))); ++ return utf8FromString(rpmfilesDN(s->files, rpmfilesDI(s->files, s->ix))); + } + + static PyObject *rpmfile_orig_name(rpmfileObject *s) + { + char * fn = rpmfilesOFN(s->files, s->ix); +- PyObject *o = Py_BuildValue("s", fn); ++ PyObject *o = utf8FromString(fn); + free(fn); + return o; + } + + static PyObject *rpmfile_orig_basename(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesOBN(s->files, s->ix)); ++ return utf8FromString(rpmfilesOBN(s->files, s->ix)); + } + + static PyObject *rpmfile_orig_dirname(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesODN(s->files, rpmfilesODI(s->files, s->ix))); ++ return utf8FromString(rpmfilesODN(s->files, rpmfilesODI(s->files, s->ix))); + } + static PyObject *rpmfile_mode(rpmfileObject *s) + { +@@ -105,17 +105,17 @@ static PyObject *rpmfile_nlink(rpmfileObject *s) + + static PyObject *rpmfile_linkto(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFLink(s->files, s->ix)); ++ return utf8FromString(rpmfilesFLink(s->files, s->ix)); + } + + static PyObject *rpmfile_user(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFUser(s->files, s->ix)); ++ return utf8FromString(rpmfilesFUser(s->files, s->ix)); + } + + static PyObject *rpmfile_group(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFGroup(s->files, s->ix)); ++ return utf8FromString(rpmfilesFGroup(s->files, s->ix)); + } + + static PyObject *rpmfile_fflags(rpmfileObject *s) +@@ -145,7 +145,7 @@ static PyObject *rpmfile_digest(rpmfileObject *s) + NULL, &diglen); + if (digest) { + char * hex = pgpHexStr(digest, diglen); +- PyObject *o = Py_BuildValue("s", hex); ++ PyObject *o = utf8FromString(hex); + free(hex); + return o; + } +@@ -154,17 +154,17 @@ static PyObject *rpmfile_digest(rpmfileObject *s) + + static PyObject *rpmfile_class(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFClass(s->files, s->ix)); ++ return utf8FromString(rpmfilesFClass(s->files, s->ix)); + } + + static PyObject *rpmfile_caps(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFCaps(s->files, s->ix)); ++ return utf8FromString(rpmfilesFCaps(s->files, s->ix)); + } + + static PyObject *rpmfile_langs(rpmfileObject *s) + { +- return Py_BuildValue("s", rpmfilesFLangs(s->files, s->ix)); ++ return utf8FromString(rpmfilesFLangs(s->files, s->ix)); + } + + static PyObject *rpmfile_links(rpmfileObject *s) +diff --git a/python/rpmkeyring-py.c b/python/rpmkeyring-py.c +index d5f131e42..8968e0513 100644 +--- a/python/rpmkeyring-py.c ++++ b/python/rpmkeyring-py.c +@@ -38,7 +38,7 @@ static PyObject *rpmPubkey_new(PyTypeObject *subtype, + static PyObject * rpmPubkey_Base64(rpmPubkeyObject *s) + { + char *b64 = rpmPubkeyBase64(s->pubkey); +- PyObject *res = Py_BuildValue("s", b64); ++ PyObject *res = utf8FromString(b64); + free(b64); + return res; + } +diff --git a/python/rpmmacro-py.c b/python/rpmmacro-py.c +index 3cb1a51f5..d8a365547 100644 +--- a/python/rpmmacro-py.c ++++ b/python/rpmmacro-py.c +@@ -52,7 +52,7 @@ rpmmacro_ExpandMacro(PyObject * self, PyObject * args, PyObject * kwds) + if (rpmExpandMacros(NULL, macro, &str, 0) < 0) + PyErr_SetString(pyrpmError, "error expanding macro"); + else +- res = Py_BuildValue("s", str); ++ res = utf8FromString(str); + free(str); + } + return res; +diff --git a/python/rpmmodule.c b/python/rpmmodule.c +index 3faad23c7..05032edc7 100644 +--- a/python/rpmmodule.c ++++ b/python/rpmmodule.c +@@ -237,7 +237,7 @@ static void addRpmTags(PyObject *module) + + PyModule_AddIntConstant(module, tagname, tagval); + pyval = PyInt_FromLong(tagval); +- pyname = Py_BuildValue("s", shortname); ++ pyname = utf8FromString(shortname); + PyDict_SetItem(dict, pyval, pyname); + Py_DECREF(pyval); + Py_DECREF(pyname); +diff --git a/python/rpmps-py.c b/python/rpmps-py.c +index bdc899a60..902b2ae63 100644 +--- a/python/rpmps-py.c ++++ b/python/rpmps-py.c +@@ -18,12 +18,12 @@ static PyObject *rpmprob_get_type(rpmProblemObject *s, void *closure) + + static PyObject *rpmprob_get_pkgnevr(rpmProblemObject *s, void *closure) + { +- return Py_BuildValue("s", rpmProblemGetPkgNEVR(s->prob)); ++ return utf8FromString(rpmProblemGetPkgNEVR(s->prob)); + } + + static PyObject *rpmprob_get_altnevr(rpmProblemObject *s, void *closure) + { +- return Py_BuildValue("s", rpmProblemGetAltNEVR(s->prob)); ++ return utf8FromString(rpmProblemGetAltNEVR(s->prob)); + } + + static PyObject *rpmprob_get_key(rpmProblemObject *s, void *closure) +@@ -38,7 +38,7 @@ static PyObject *rpmprob_get_key(rpmProblemObject *s, void *closure) + + static PyObject *rpmprob_get_str(rpmProblemObject *s, void *closure) + { +- return Py_BuildValue("s", rpmProblemGetStr(s->prob)); ++ return utf8FromString(rpmProblemGetStr(s->prob)); + } + + static PyObject *rpmprob_get_num(rpmProblemObject *s, void *closure) +@@ -59,7 +59,7 @@ static PyGetSetDef rpmprob_getseters[] = { + static PyObject *rpmprob_str(rpmProblemObject *s) + { + char *str = rpmProblemString(s->prob); +- PyObject *res = Py_BuildValue("s", str); ++ PyObject *res = utf8FromString(str); + free(str); + return res; + } +diff --git a/python/rpmstrpool-py.c b/python/rpmstrpool-py.c +index 356bd1de5..a56e2b540 100644 +--- a/python/rpmstrpool-py.c ++++ b/python/rpmstrpool-py.c +@@ -44,7 +44,7 @@ static PyObject *strpool_id2str(rpmstrPoolObject *s, PyObject *item) + const char *str = rpmstrPoolStr(s->pool, id); + + if (str) +- ret = PyBytes_FromString(str); ++ ret = utf8FromString(str); + else + PyErr_SetObject(PyExc_KeyError, item); + } +diff --git a/python/rpmsystem-py.h b/python/rpmsystem-py.h +index 955d60cd3..87c750571 100644 +--- a/python/rpmsystem-py.h ++++ b/python/rpmsystem-py.h +@@ -19,4 +19,11 @@ + #define PyInt_AsSsize_t PyLong_AsSsize_t + #endif + ++/* In Python 3, we return all strings as surrogate-escaped utf-8 */ ++#if PY_MAJOR_VERSION >= 3 ++#define utf8FromString(_s) PyUnicode_DecodeUTF8(_s, strlen(_s), "surrogateescape") ++#else ++#define utf8FromString(_s) PyBytes_FromString(_s) ++#endif ++ + #endif /* H_SYSTEM_PYTHON */ +diff --git a/python/rpmtd-py.c b/python/rpmtd-py.c +index 247c7502a..23ca10517 100644 +--- a/python/rpmtd-py.c ++++ b/python/rpmtd-py.c +@@ -17,7 +17,7 @@ PyObject * rpmtd_ItemAsPyobj(rpmtd td, rpmTagClass tclass) + + switch (tclass) { + case RPM_STRING_CLASS: +- res = PyBytes_FromString(rpmtdGetString(td)); ++ res = utf8FromString(rpmtdGetString(td)); + break; + case RPM_NUMERIC_CLASS: + res = PyLong_FromLongLong(rpmtdGetNumber(td)); +diff --git a/python/rpmte-py.c b/python/rpmte-py.c +index 99ff2f496..2b3745754 100644 +--- a/python/rpmte-py.c ++++ b/python/rpmte-py.c +@@ -54,49 +54,49 @@ rpmte_TEType(rpmteObject * s, PyObject * unused) + static PyObject * + rpmte_N(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteN(s->te)); ++ return utf8FromString(rpmteN(s->te)); + } + + static PyObject * + rpmte_E(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteE(s->te)); ++ return utf8FromString(rpmteE(s->te)); + } + + static PyObject * + rpmte_V(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteV(s->te)); ++ return utf8FromString(rpmteV(s->te)); + } + + static PyObject * + rpmte_R(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteR(s->te)); ++ return utf8FromString(rpmteR(s->te)); + } + + static PyObject * + rpmte_A(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteA(s->te)); ++ return utf8FromString(rpmteA(s->te)); + } + + static PyObject * + rpmte_O(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteO(s->te)); ++ return utf8FromString(rpmteO(s->te)); + } + + static PyObject * + rpmte_NEVR(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteNEVR(s->te)); ++ return utf8FromString(rpmteNEVR(s->te)); + } + + static PyObject * + rpmte_NEVRA(rpmteObject * s, PyObject * unused) + { +- return Py_BuildValue("s", rpmteNEVRA(s->te)); ++ return utf8FromString(rpmteNEVRA(s->te)); + } + + static PyObject * +diff --git a/python/rpmts-py.c b/python/rpmts-py.c +index 1ddfc9a1e..96e3bb28e 100644 +--- a/python/rpmts-py.c ++++ b/python/rpmts-py.c +@@ -230,8 +230,9 @@ rpmts_SolveCallback(rpmts ts, rpmds ds, const void * data) + + PyEval_RestoreThread(cbInfo->_save); + +- args = Py_BuildValue("(Oissi)", cbInfo->tso, +- rpmdsTagN(ds), rpmdsN(ds), rpmdsEVR(ds), rpmdsFlags(ds)); ++ args = Py_BuildValue("(OiNNi)", cbInfo->tso, ++ rpmdsTagN(ds), utf8FromString(rpmdsN(ds)), ++ utf8FromString(rpmdsEVR(ds)), rpmdsFlags(ds)); + result = PyEval_CallObject(cbInfo->cb, args); + Py_DECREF(args); + +@@ -409,7 +410,7 @@ rpmts_HdrCheck(rpmtsObject * s, PyObject *obj) + rpmrc = headerCheck(s->ts, uh, uc, &msg); + Py_END_ALLOW_THREADS; + +- return Py_BuildValue("(is)", rpmrc, msg); ++ return Py_BuildValue("(iN)", rpmrc, utf8FromString(msg)); + } + + static PyObject * +@@ -500,7 +501,7 @@ rpmtsCallback(const void * hd, const rpmCallbackType what, + /* Synthesize a python object for callback (if necessary). */ + if (pkgObj == NULL) { + if (h) { +- pkgObj = Py_BuildValue("s", headerGetString(h, RPMTAG_NAME)); ++ pkgObj = utf8FromString(headerGetString(h, RPMTAG_NAME)); + } else { + pkgObj = Py_None; + Py_INCREF(pkgObj); +@@ -845,7 +846,7 @@ static PyObject *rpmts_get_tid(rpmtsObject *s, void *closure) + + static PyObject *rpmts_get_rootDir(rpmtsObject *s, void *closure) + { +- return Py_BuildValue("s", rpmtsRootDir(s->ts)); ++ return utf8FromString(rpmtsRootDir(s->ts)); + } + + static int rpmts_set_scriptFd(rpmtsObject *s, PyObject *value, void *closure) +diff --git a/python/spec-py.c b/python/spec-py.c +index 4efdbf4bf..70b796531 100644 +--- a/python/spec-py.c ++++ b/python/spec-py.c +@@ -57,7 +57,7 @@ static PyObject *pkgGetSection(rpmSpecPkg pkg, int section) + { + char *sect = rpmSpecPkgGetSection(pkg, section); + if (sect != NULL) { +- PyObject *ps = PyBytes_FromString(sect); ++ PyObject *ps = utf8FromString(sect); + free(sect); + if (ps != NULL) + return ps; +@@ -158,7 +158,7 @@ static PyObject * getSection(rpmSpec spec, int section) + { + const char *sect = rpmSpecGetSection(spec, section); + if (sect) { +- return Py_BuildValue("s", sect); ++ return utf8FromString(sect); + } + Py_RETURN_NONE; + } +@@ -208,8 +208,8 @@ static PyObject * spec_get_sources(specObject *s, void *closure) + + rpmSpecSrcIter iter = rpmSpecSrcIterInit(s->spec); + while ((source = rpmSpecSrcIterNext(iter)) != NULL) { +- PyObject *srcUrl = Py_BuildValue("(sii)", +- rpmSpecSrcFilename(source, 1), ++ PyObject *srcUrl = Py_BuildValue("(Nii)", ++ utf8FromString(rpmSpecSrcFilename(source, 1)), + rpmSpecSrcNum(source), + rpmSpecSrcFlags(source)); + if (!srcUrl) { +diff --git a/tests/local.at b/tests/local.at +index 02ead66c9..42eef1c75 100644 +--- a/tests/local.at ++++ b/tests/local.at +@@ -10,6 +10,7 @@ rm -rf "${abs_builddir}"/testing`rpm --eval '%_dbpath'`/* + + m4_define([RPMPY_RUN],[[ + cat << EOF > test.py ++# coding=utf-8 + import rpm, sys + dbpath=rpm.expandMacro('%_dbpath') + rpm.addMacro('_dbpath', '${abs_builddir}/testing%s' % dbpath) +diff --git a/tests/rpmpython.at b/tests/rpmpython.at +index ff77f868c..58f3e84a6 100644 +--- a/tests/rpmpython.at ++++ b/tests/rpmpython.at +@@ -106,6 +106,25 @@ None + 'rpm.hdr' object has no attribute '__foo__'] + ) + ++RPMPY_TEST([non-utf8 data in header],[ ++str = u'älämölö' ++enc = 'iso-8859-1' ++b = str.encode(enc) ++h = rpm.hdr() ++h['group'] = b ++d = h['group'] ++try: ++ # python 3 ++ t = bytes(d, 'utf-8', 'surrogateescape') ++except TypeError: ++ # python 2 ++ t = bytes(d) ++res = t.decode(enc) ++myprint(str == res) ++], ++[True] ++) ++ + RPMPY_TEST([invalid header data],[ + h1 = rpm.hdr() + h1['basenames'] = ['bing', 'bang', 'bong'] +@@ -125,6 +144,21 @@ for h in [h1, h2]: + /opt/bing,/opt/bang,/flopt/bong] + ) + ++RPMPY_TEST([labelCompare],[ ++v = '1.0' ++r = '1' ++e = 3 ++h = rpm.hdr() ++h['name'] = 'testpkg' ++h['version'] = v ++h['release'] = r ++h['epoch'] = e ++myprint(rpm.labelCompare((str(h['epoch']), h['version'], h['release']), ++ (str(e), v, r))) ++], ++[0] ++) ++ + RPMPY_TEST([vfyflags API],[ + ts = rpm.ts() + dlv = ts.getVfyFlags() +-- +2.20.1 + diff --git a/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch b/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch new file mode 100644 index 0000000..312d9cc --- /dev/null +++ b/SOURCES/0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch @@ -0,0 +1,86 @@ +From 8cbe8baf9c3ff4754369bcd29441df14ecc6889d Mon Sep 17 00:00:00 2001 +Message-Id: <8cbe8baf9c3ff4754369bcd29441df14ecc6889d.1554982512.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Thu, 14 Feb 2019 13:12:49 +0200 +Subject: [PATCH] Log RPMLOG_ERR level messages on actual errors in selinux + plugin, doh. + +When there's an actual error, people will want to know without having +to rerun in verbose mode. Such as in RhBug:1641631 where configured +selinux policy differs from what is installed - the former message + + error: Plugin selinux: hook tsm_pre failed + +...is not particularly helpful to anybody, whereas this actually provides +some clues now: + + error: selabel_open: (/etc/selinux/ponies/contexts/files/file_contexts) No such file or directory + error: Plugin selinux: hook tsm_pre failed +--- + plugins/selinux.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/plugins/selinux.c b/plugins/selinux.c +index accd47416..f1caf257c 100644 +--- a/plugins/selinux.c ++++ b/plugins/selinux.c +@@ -12,6 +12,11 @@ + + static struct selabel_handle * sehandle = NULL; + ++static inline rpmlogLvl loglvl(int iserror) ++{ ++ return iserror ? RPMLOG_ERR : RPMLOG_DEBUG; ++} ++ + static void sehandle_fini(int close_status) + { + if (sehandle) { +@@ -47,7 +52,7 @@ static rpmRC sehandle_init(int open_status) + + sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1); + +- rpmlog(RPMLOG_DEBUG, "selabel_open: (%s) %s\n", ++ rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n", + path, (sehandle == NULL ? strerror(errno) : "")); + + return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL; +@@ -125,10 +130,8 @@ static rpmRC selinux_scriptlet_fork_post(rpmPlugin plugin, + if ((xx = setexeccon(newcon)) == 0) + rc = RPMRC_OK; + +- if (rpmIsDebug()) { +- rpmlog(RPMLOG_DEBUG, "setexeccon: (%s, %s) %s\n", ++ rpmlog(loglvl(xx < 0), "setexeccon: (%s, %s) %s\n", + path, newcon, (xx < 0 ? strerror(errno) : "")); +- } + + exit: + context_free(con); +@@ -143,10 +146,8 @@ exit: + if ((xx = setexecfilecon(path, "rpm_script_t") == 0)) + rc = RPMRC_OK; + +- if (rpmIsDebug()) { +- rpmlog(RPMLOG_DEBUG, "setexecfilecon: (%s) %s\n", ++ rpmlog(loglvl(xx < 0), "setexecfilecon: (%s) %s\n", + path, (xx < 0 ? strerror(errno) : "")); +- } + #endif + /* If selinux is not enforcing, we don't care either */ + if (rc && security_getenforce() < 1) +@@ -167,10 +168,8 @@ static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, + if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) { + int conrc = lsetfilecon(path, scon); + +- if (rpmIsDebug()) { +- rpmlog(RPMLOG_DEBUG, "lsetfilecon: (%s, %s) %s\n", ++ rpmlog(loglvl(conrc < 0), "lsetfilecon: (%s, %s) %s\n", + path, scon, (conrc < 0 ? strerror(errno) : "")); +- } + + if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP)) + rc = RPMRC_OK; +-- +2.20.1 + diff --git a/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch b/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch new file mode 100644 index 0000000..c186017 --- /dev/null +++ b/SOURCES/0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch @@ -0,0 +1,49 @@ +From 2ec0832287bd1443ebf336f8a98293f30bfa2036 Mon Sep 17 00:00:00 2001 +Message-Id: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Mon, 18 Mar 2019 15:24:54 +0200 +Subject: [PATCH 1/3] Make rpmsign exit values more consistent with our other + tools + +rpmPkgSign*() return -1 for failure, which is not that helpful when +returned to shell and the way it was counted could easily wrap around +when signing multiple packages. Return number of failures similarly to +how rpm -q and frieds does, avoid overflows and xargs special value 255. +--- + rpmsign.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index ae86f666d..1a5cd59c2 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -134,7 +134,8 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + const char *arg; + rc = 0; + while ((arg = poptGetArg(optCon)) != NULL) { +- rc += rpmPkgSign(arg, sargs); ++ if (rpmPkgSign(arg, sargs) < 0) ++ rc++; + } + + exit: +@@ -175,7 +176,8 @@ int main(int argc, char *argv[]) + case MODE_DELSIGN: + ec = 0; + while ((arg = poptGetArg(optCon)) != NULL) { +- ec += rpmPkgDelSign(arg, &sargs); ++ if (rpmPkgDelSign(arg, &sargs) < 0) ++ ec++; + } + break; + case MODE_NONE: +@@ -188,5 +190,5 @@ int main(int argc, char *argv[]) + + exit: + rpmcliFini(optCon); +- return ec; ++ return RETVAL(ec); + } +-- +2.20.1 + diff --git a/SOURCES/0001-Mark-elements-with-associated-problems-as-failed.patch b/SOURCES/0001-Mark-elements-with-associated-problems-as-failed.patch new file mode 100644 index 0000000..320385d --- /dev/null +++ b/SOURCES/0001-Mark-elements-with-associated-problems-as-failed.patch @@ -0,0 +1,28 @@ +From 57b4f21634429ccd29d47cf93ec0841f70b68404 Mon Sep 17 00:00:00 2001 +Message-Id: <57b4f21634429ccd29d47cf93ec0841f70b68404.1545311826.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Tue, 18 Sep 2018 11:02:36 +0300 +Subject: [PATCH] Mark elements with associated problems as failed + +An element with a problem can not possibly succeed so mark these failures +early. Doesn't make much of a difference as problems will prevent the +transaction from starting in the first place but it makes sense anyway. +--- + lib/rpmte.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/rpmte.c b/lib/rpmte.c +index 4bdeeaf68..c5d614f67 100644 +--- a/lib/rpmte.c ++++ b/lib/rpmte.c +@@ -703,6 +703,7 @@ static void appendProblem(rpmte te, rpmProblemType type, + if (te->probs == NULL) + te->probs = rpmpsCreate(); + rpmpsAppendProblem(te->probs, p); ++ rpmteMarkFailed(te); + } + rpmProblemFree(p); + } +-- +2.19.2 + diff --git a/SOURCES/0001-Monkey-patch-.decode-method-to-our-strings-as-a-temp.patch b/SOURCES/0001-Monkey-patch-.decode-method-to-our-strings-as-a-temp.patch new file mode 100644 index 0000000..6df9fab --- /dev/null +++ b/SOURCES/0001-Monkey-patch-.decode-method-to-our-strings-as-a-temp.patch @@ -0,0 +1,89 @@ +From 13b0ebee7cdb1e4d200b3c40d0ec9440f198a1d4 Mon Sep 17 00:00:00 2001 +Message-Id: <13b0ebee7cdb1e4d200b3c40d0ec9440f198a1d4.1554886141.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Wed, 10 Apr 2019 11:24:44 +0300 +Subject: [PATCH] Monkey-patch .decode() method to our strings as a temporary + compat crutch + +As a temporary crutch to support faster deployment of the sane +string behavior on python3, monkey-patch a decode method into all +strings we return. This seems to be enough to fix practically all +API users who have already adapted to the long-standing broken API +on Python 3. API users compatible with both Python 2 and 3 never needed +this anyway. Issue a warning with pointer to the relevant bug when the +fake decode() method is used to alert users to the issue. + +This is certainly an evil thing to do and will be removed as soon as +the critical users have been fixed to work with the new, corrected +behavior. +--- + python/rpm/__init__.py | 3 +++ + python/rpmmodule.c | 1 + + python/rpmsystem-py.h | 22 ++++++++++++++++++++-- + 3 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/python/rpm/__init__.py b/python/rpm/__init__.py +index 54728bbd4..6d69eda7b 100644 +--- a/python/rpm/__init__.py ++++ b/python/rpm/__init__.py +@@ -61,6 +61,9 @@ except ImportError: + # backwards compatibility + give the same class both ways + ts = TransactionSet + ++def _fakedecode(self, encoding='utf-8', errors='strict'): ++ warnings.warn("decode() called on unicode string, see https://bugzilla.redhat.com/show_bug.cgi?id=1693751", UnicodeWarning, stacklevel=2) ++ return self + + def headerLoad(*args, **kwds): + """DEPRECATED! Use rpm.hdr() instead.""" +diff --git a/python/rpmmodule.c b/python/rpmmodule.c +index 05032edc7..2a76cfbd0 100644 +--- a/python/rpmmodule.c ++++ b/python/rpmmodule.c +@@ -28,6 +28,7 @@ + */ + + PyObject * pyrpmError; ++PyObject * fakedecode = NULL; + + static PyObject * archScore(PyObject * self, PyObject * arg) + { +diff --git a/python/rpmsystem-py.h b/python/rpmsystem-py.h +index 25938464a..803da0fc1 100644 +--- a/python/rpmsystem-py.h ++++ b/python/rpmsystem-py.h +@@ -19,12 +19,29 @@ + #define PyInt_AsSsize_t PyLong_AsSsize_t + #endif + ++PyObject * fakedecode; ++ + static inline PyObject * utf8FromString(const char *s) + { + /* In Python 3, we return all strings as surrogate-escaped utf-8 */ + #if PY_MAJOR_VERSION >= 3 +- if (s != NULL) +- return PyUnicode_DecodeUTF8(s, strlen(s), "surrogateescape"); ++ if (s != NULL) { ++ PyObject *o = PyUnicode_DecodeUTF8(s, strlen(s), "surrogateescape"); ++ /* fish the fake decode function from python side if not done yet */ ++ if (fakedecode == NULL) { ++ PyObject *n = PyUnicode_FromString("rpm"); ++ PyObject *m = PyImport_Import(n); ++ PyObject *md = PyModule_GetDict(m); ++ fakedecode = PyDict_GetItemString(md, "_fakedecode"); ++ Py_DECREF(m); ++ Py_DECREF(n); ++ } ++ if (fakedecode && o) { ++ /* monkey-patch it into the string object as "decode" */ ++ PyDict_SetItemString(Py_TYPE(o)->tp_dict, "decode", fakedecode); ++ } ++ return o; ++ } + #else + if (s != NULL) + return PyBytes_FromString(s); +-- +2.20.1 + diff --git a/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch b/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch new file mode 100644 index 0000000..6da9775 --- /dev/null +++ b/SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch @@ -0,0 +1,80 @@ +From 362c4401979f896de1e69a3e18d33954953912cc Mon Sep 17 00:00:00 2001 +Message-Id: <362c4401979f896de1e69a3e18d33954953912cc.1554983588.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Tue, 11 Dec 2018 13:21:47 +0200 +Subject: [PATCH] Only read through payload on verify if actually needed + +If none of our verify items ranges over the payload, then why bother? + +To do this, add an internal rpmvs API to get it's range, and use +that to decide whether trip over the payload is needed or not. +In addition, the payload digest tag needs to be grabbed outside of the +condition to avoid depending on other values. The details including +RPMVSF_NEEDPAYLOAD will be handled internally to rpmvs which makes it +actually nicer code-wise too. +--- + lib/rpmchecksig.c | 8 ++++---- + lib/rpmvs.c | 12 ++++++++++++ + lib/rpmvs.h | 3 +++ + 3 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c +index 1ba72a45e..810f7153d 100644 +--- a/lib/rpmchecksig.c ++++ b/lib/rpmchecksig.c +@@ -187,11 +187,11 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd, + /* Finalize header range */ + rpmvsFiniRange(vs, RPMSIG_HEADER); + +- /* Unless disabled, read the payload, generating digest(s) on the fly. */ +- if (!(rpmvsFlags(vs) & RPMVSF_NEEDPAYLOAD)) { +- /* Fish interesting tags from the main header. This is a bit hacky... */ +- rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST); ++ /* Fish interesting tags from the main header. This is a bit hacky... */ ++ rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST); + ++ /* If needed and not explicitly disabled, read the payload as well. */ ++ if (rpmvsRange(vs) & RPMSIG_PAYLOAD) { + /* Initialize digests ranging over the payload only */ + rpmvsInitRange(vs, RPMSIG_PAYLOAD); + +diff --git a/lib/rpmvs.c b/lib/rpmvs.c +index 622e48011..0d475af86 100644 +--- a/lib/rpmvs.c ++++ b/lib/rpmvs.c +@@ -396,6 +396,18 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range) + } + } + ++int rpmvsRange(struct rpmvs_s *vs) ++{ ++ int range = 0; ++ for (int i = 0; i < vs->nsigs; i++) { ++ if (rpmsinfoDisabled(&vs->sigs[i], vs->vsflags)) ++ continue; ++ range |= vs->sigs[i].range; ++ } ++ ++ return range; ++} ++ + static int sinfoCmp(const void *a, const void *b) + { + const struct rpmsinfo_s *sa = a; +diff --git a/lib/rpmvs.h b/lib/rpmvs.h +index b27d9a612..a836d5c94 100644 +--- a/lib/rpmvs.h ++++ b/lib/rpmvs.h +@@ -75,6 +75,9 @@ void rpmvsInitRange(struct rpmvs_s *sis, int range); + RPM_GNUC_INTERNAL + void rpmvsFiniRange(struct rpmvs_s *sis, int range); + ++RPM_GNUC_INTERNAL ++int rpmvsRange(struct rpmvs_s *vs); ++ + RPM_GNUC_INTERNAL + int rpmvsVerify(struct rpmvs_s *sis, int type, + rpmsinfoCb cb, void *cbdata); +-- +2.20.1 + diff --git a/SOURCES/0001-Return-NULL-string-as-None-from-utf8FromString.patch b/SOURCES/0001-Return-NULL-string-as-None-from-utf8FromString.patch new file mode 100644 index 0000000..e91db6f --- /dev/null +++ b/SOURCES/0001-Return-NULL-string-as-None-from-utf8FromString.patch @@ -0,0 +1,41 @@ +From aea53a4aead8bd71f519df35fcffd9eec76fbc01 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Panu Matilainen +Date: Tue, 26 Feb 2019 11:27:51 +0200 +Subject: [PATCH] Return NULL string as None from utf8FromString() + +Commit 84920f898315d09a57a3f1067433eaeb7de5e830 regressed dnf install +to segfault at the end due to some NULL string passed to strlen(). +Check for NULL and return it as None, make it an inline function +to make this saner. +--- + python/rpmsystem-py.h | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/python/rpmsystem-py.h b/python/rpmsystem-py.h +index 87c750571..25938464a 100644 +--- a/python/rpmsystem-py.h ++++ b/python/rpmsystem-py.h +@@ -19,11 +19,17 @@ + #define PyInt_AsSsize_t PyLong_AsSsize_t + #endif + ++static inline PyObject * utf8FromString(const char *s) ++{ + /* In Python 3, we return all strings as surrogate-escaped utf-8 */ + #if PY_MAJOR_VERSION >= 3 +-#define utf8FromString(_s) PyUnicode_DecodeUTF8(_s, strlen(_s), "surrogateescape") ++ if (s != NULL) ++ return PyUnicode_DecodeUTF8(s, strlen(s), "surrogateescape"); + #else +-#define utf8FromString(_s) PyBytes_FromString(_s) ++ if (s != NULL) ++ return PyBytes_FromString(s); + #endif ++ Py_RETURN_NONE; ++} + + #endif /* H_SYSTEM_PYTHON */ +-- +2.20.1 + diff --git a/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch b/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch new file mode 100644 index 0000000..863ac43 --- /dev/null +++ b/SOURCES/0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch @@ -0,0 +1,57 @@ +From 8dd8e37acc79da1ce0a36c3f86650defa474a6a9 Mon Sep 17 00:00:00 2001 +From: Pavlina Moravcova Varekova +Date: Thu, 14 Mar 2019 13:56:26 +0100 +Subject: [PATCH] Show list of files only once when use rpm -ql and multiple + rpm files + +--- + lib/query.c | 3 ++- + tests/rpmquery.at | 18 ++++++++++++++++++ + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/lib/query.c b/lib/query.c +index e5408e211..7568f67aa 100644 +--- a/lib/query.c ++++ b/lib/query.c +@@ -574,7 +574,8 @@ int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_const_t argv) + if (mi == NULL && qva->qva_source == RPMQV_PACKAGE) { + size_t l = strlen(*arg); + if (l > 4 && !strcmp(*arg + l - 4, ".rpm")) { +- rpmgi gi = rpmgiNew(ts, giFlags, argv); ++ char * const argFirst[2] = { arg[0], NULL }; ++ rpmgi gi = rpmgiNew(ts, giFlags, argFirst); + ecLocal = rpmgiShowMatches(qva, ts, gi); + rpmgiFree(gi); + } +diff --git a/tests/rpmquery.at b/tests/rpmquery.at +index ab7bb3c46..0dc6d78b6 100644 +--- a/tests/rpmquery.at ++++ b/tests/rpmquery.at +@@ -61,6 +61,24 @@ hello.spec + [ignore]) + AT_CLEANUP + ++# ------------------------------ ++AT_SETUP([rpm -ql multiple *.rpm]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++runroot rpm \ ++ -ql \ ++ /data/SRPMS/hello-1.0-1.src.rpm /data/RPMS/hello-1.0-1.i386.rpm ++], ++[0], ++[hello-1.0.tar.gz ++hello.spec ++/usr/local/bin/hello ++/usr/share/doc/hello-1.0 ++/usr/share/doc/hello-1.0/FAQ ++], ++[ignore]) ++AT_CLEANUP ++ + # ------------------------------ + AT_SETUP([rpmspec -q]) + AT_KEYWORDS([query]) +-- +2.17.2 + diff --git a/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch b/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch new file mode 100644 index 0000000..ae7d4e0 --- /dev/null +++ b/SOURCES/0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch @@ -0,0 +1,27 @@ +From 35b09eed946a7e2f2f327531b692c9f768bf9e3b Mon Sep 17 00:00:00 2001 +From: Pavlina Moravcova Varekova +Date: Sun, 7 Apr 2019 07:23:47 +0200 +Subject: [PATCH] Sort list of hard linked files in find-debuginfo.sh + (RhBug:1421272) + +It helps to make build results reproducible. Based on Mark Wielaard's idea. +--- + scripts/find-debuginfo.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh +index c75d176ac..23286139e 100755 +--- a/scripts/find-debuginfo.sh ++++ b/scripts/find-debuginfo.sh +@@ -350,7 +350,7 @@ trap 'rm -rf "$temp"' EXIT + touch "$temp/primary" + find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \ + \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \ +- -print | ++ -print | LC_ALL=C sort | + file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' | + xargs --no-run-if-empty stat -c '%h %D_%i %n' | + while read nlinks inum f; do +-- +2.17.2 + diff --git a/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch b/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch new file mode 100644 index 0000000..e2212eb --- /dev/null +++ b/SOURCES/0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch @@ -0,0 +1,64 @@ +From 3fd79a5564df97d512be283c5c8a4da2e7ef8bce Mon Sep 17 00:00:00 2001 +Message-Id: <3fd79a5564df97d512be283c5c8a4da2e7ef8bce.1554983206.git.pmatilai@redhat.com> +In-Reply-To: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> +References: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Mon, 18 Mar 2019 15:29:18 +0200 +Subject: [PATCH 2/3] Drop internal-only visibility on rpmvs-related API + +Makes it possible to use rpmvs API from eg librpmsign which we'll +need in the next commit. We need to make select parts of this +actually public eventually but for now... +--- + lib/rpmvs.h | 12 ------------ + 1 file changed, 12 deletions(-) + +diff --git a/lib/rpmvs.h b/lib/rpmvs.h +index a836d5c94..025895500 100644 +--- a/lib/rpmvs.h ++++ b/lib/rpmvs.h +@@ -48,41 +48,29 @@ typedef int (*rpmsinfoCb)(struct rpmsinfo_s *sinfo, void *cbdata); + extern "C" { + #endif + +-RPM_GNUC_INTERNAL + const char *rpmsinfoDescr(struct rpmsinfo_s *sinfo); + +-RPM_GNUC_INTERNAL + char *rpmsinfoMsg(struct rpmsinfo_s *sinfo); + +-RPM_GNUC_INTERNAL + struct rpmvs_s *rpmvsCreate(int vfylevel, rpmVSFlags vsflags, rpmKeyring keyring); + +-RPM_GNUC_INTERNAL + void rpmvsInit(struct rpmvs_s *vs, hdrblob blob, rpmDigestBundle bundle); + +-RPM_GNUC_INTERNAL + rpmVSFlags rpmvsFlags(struct rpmvs_s *vs); + +-RPM_GNUC_INTERNAL + struct rpmvs_s *rpmvsFree(struct rpmvs_s *sis); + +-RPM_GNUC_INTERNAL + void rpmvsAppendTag(struct rpmvs_s *sis, hdrblob blob, rpmTagVal tag); + +-RPM_GNUC_INTERNAL + void rpmvsInitRange(struct rpmvs_s *sis, int range); + +-RPM_GNUC_INTERNAL + void rpmvsFiniRange(struct rpmvs_s *sis, int range); + +-RPM_GNUC_INTERNAL + int rpmvsRange(struct rpmvs_s *vs); + +-RPM_GNUC_INTERNAL + int rpmvsVerify(struct rpmvs_s *sis, int type, + rpmsinfoCb cb, void *cbdata); + +-RPM_GNUC_INTERNAL + rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd, + hdrblob *sigblobp, hdrblob *blobp, char **emsg); + +-- +2.20.1 + diff --git a/SOURCES/0003-Verify-packages-before-signing-RhBug-1646388.patch b/SOURCES/0003-Verify-packages-before-signing-RhBug-1646388.patch new file mode 100644 index 0000000..c950748 --- /dev/null +++ b/SOURCES/0003-Verify-packages-before-signing-RhBug-1646388.patch @@ -0,0 +1,114 @@ +From df089e178da0918dc74a8572a99324b0987bce30 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> +References: <2ec0832287bd1443ebf336f8a98293f30bfa2036.1554983205.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Mon, 18 Mar 2019 15:56:34 +0200 +Subject: [PATCH 3/3] Verify packages before signing (RhBug:1646388) + +Permitting corrupted packages to be signed is bad business for everybody +involved, this is something we should've always done. Besides being an +actual security risk, it can lead to odd results with verification +especially with the payload digest on signed packages. + +One point worth noting is that this means that pre 4.14-packages cannot +be signed in FIPS mode now because there's no way to validate the package +payload range due to MD5 being disabled. This seems like a feature and +not a limitation, so disabler for the verify step intentionally left out. + +Optimally we'd verify the package on the same read that's passed +to gpg but for simplicitys sake that's left as an future exercise, +now we simply read the package twice. +--- + sign/rpmgensig.c | 32 ++++++++++++++++++++++++++++++++ + tests/rpmsigdig.at | 20 ++++++++++++++++++++ + 2 files changed, 52 insertions(+) + +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index 2bcbab768..5be542001 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -21,6 +21,7 @@ + + #include "lib/rpmlead.h" + #include "lib/signature.h" ++#include "lib/rpmvs.h" + #include "sign/rpmsignfiles.h" + + #include "debug.h" +@@ -489,6 +490,31 @@ static rpmRC includeFileSignatures(Header *sigp, Header *hdrp) + #endif + } + ++static int msgCb(struct rpmsinfo_s *sinfo, void *cbdata) ++{ ++ char **msg = cbdata; ++ if (sinfo->rc && *msg == NULL) ++ *msg = rpmsinfoMsg(sinfo); ++ return (sinfo->rc != RPMRC_FAIL); ++} ++ ++/* Require valid digests on entire package for signing. */ ++static int checkPkg(FD_t fd, char **msg) ++{ ++ int rc; ++ struct rpmvs_s *vs = rpmvsCreate(RPMSIG_DIGEST_TYPE, 0, NULL); ++ off_t offset = Ftell(fd); ++ ++ Fseek(fd, 0, SEEK_SET); ++ rc = rpmpkgRead(vs, fd, NULL, NULL, msg); ++ if (!rc) ++ rc = rpmvsVerify(vs, RPMSIG_DIGEST_TYPE, msgCb, msg); ++ Fseek(fd, offset, SEEK_SET); ++ ++ rpmvsFree(vs); ++ return rc; ++} ++ + /** \ingroup rpmcli + * Create/modify elements in signature header. + * @param rpm path to package +@@ -519,6 +545,12 @@ static int rpmSign(const char *rpm, int deleting, int signfiles) + if (manageFile(&fd, rpm, O_RDWR)) + goto exit; + ++ /* Ensure package is intact before attempting to sign */ ++ if ((rc = checkPkg(fd, &msg))) { ++ rpmlog(RPMLOG_ERR, "not signing corrupt package %s: %s\n", rpm, msg); ++ goto exit; ++ } ++ + if ((rc = rpmLeadRead(fd, &msg)) != RPMRC_OK) { + rpmlog(RPMLOG_ERR, "%s: %s\n", rpm, msg); + goto exit; +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index 413c3d2c8..e93420306 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -472,3 +472,23 @@ run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-sign + [], + []) + AT_CLEANUP ++ ++AT_SETUP([rpmsign --addsign ]) ++AT_KEYWORDS([rpmsign signature]) ++AT_CHECK([ ++RPMDB_CLEAR ++RPMDB_INIT ++rm -rf "${TOPDIR}" ++ ++pkg="hello-2.0-1.x86_64.rpm" ++cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} ++dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ ++ conv=notrunc bs=1 seek=333 count=4 2> /dev/null ++run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" ++], ++[1], ++[/home/pmatilai/repos/rpm/tests/testing/tmp/hello-2.0-1.x86_64.rpm: ++], ++[error: not signing corrupt package /home/pmatilai/repos/rpm/tests/testing/tmp/hello-2.0-1.x86_64.rpm: MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e) ++]) ++AT_CLEANUP +-- +2.20.1 + diff --git a/SOURCES/compile-with-Platform-Python-binary-where-relevant.patch b/SOURCES/compile-with-Platform-Python-binary-where-relevant.patch new file mode 100644 index 0000000..7b0da28 --- /dev/null +++ b/SOURCES/compile-with-Platform-Python-binary-where-relevant.patch @@ -0,0 +1,26 @@ +From 682397a8e2758058f780cccd51b570d39415b9b2 Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Tue, 3 Jul 2018 14:58:32 +0200 +Subject: [PATCH] Compile with Platform-Python binary where relevant + +--- + scripts/brp-python-bytecompile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/brp-python-bytecompile b/scripts/brp-python-bytecompile +index 7ed1d7f..9d0a421 100644 +--- a/scripts/brp-python-bytecompile ++++ b/scripts/brp-python-bytecompile +@@ -60,6 +60,9 @@ shopt -s nullglob + for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]$"`; + do + python_binary=/usr/bin/$(basename $python_libdir) ++ if [ "$python_binary" = "/usr/bin/python3.6" ]; then ++ python_binary=/usr/libexec/platform-python ++ fi + real_libdir=${python_libdir/$RPM_BUILD_ROOT/} + echo "Bytecompiling .py files below $python_libdir using $python_binary" + +-- +2.14.4 + diff --git a/SOURCES/disable-python-extra.patch b/SOURCES/disable-python-extra.patch new file mode 100644 index 0000000..8cb7595 --- /dev/null +++ b/SOURCES/disable-python-extra.patch @@ -0,0 +1,11 @@ +--- a/platform.in 2018-07-19 17:24:58.737922904 +0200 ++++ b/platform.in 2018-07-19 17:25:25.480028741 +0200 +@@ -65,7 +65,7 @@ + + %__arch_install_post @ARCH_INSTALL_POST@ + %_python_bytecompile_errors_terminate_build 0 +-%_python_bytecompile_extra 1 ++%_python_bytecompile_extra 0 + + # Standard brp-macro naming: + # convert all '-' in basename to '_', add two leading underscores. diff --git a/SOURCES/rpm-4.11.x-siteconfig.patch b/SOURCES/rpm-4.11.x-siteconfig.patch new file mode 100644 index 0000000..f32f859 --- /dev/null +++ b/SOURCES/rpm-4.11.x-siteconfig.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.11.1-rc1/macros.in.siteconfig rpm-4.11.1-rc1/macros.in +--- rpm-4.11.1-rc1/macros.in.siteconfig 2013-06-07 13:19:21.000000000 +0300 ++++ rpm-4.11.1-rc1/macros.in 2013-06-11 15:06:59.525747503 +0300 +@@ -647,6 +647,8 @@ package or when debugging this package.\ + export CLASSPATH}\ + PKG_CONFIG_PATH=\"${PKG_CONFIG_PATH}:%{_libdir}/pkgconfig:%{_datadir}/pkgconfig\"\ + export PKG_CONFIG_PATH\ ++ CONFIG_SITE=${CONFIG_SITE:-NONE}\ ++ export CONFIG_SITE\ + \ + %{verbose:set -x}%{!verbose:exec > /dev/null}\ + umask 022\ diff --git a/SOURCES/rpm-4.12.0-rpm2cpio-hack.patch b/SOURCES/rpm-4.12.0-rpm2cpio-hack.patch new file mode 100644 index 0000000..38c7dbd --- /dev/null +++ b/SOURCES/rpm-4.12.0-rpm2cpio-hack.patch @@ -0,0 +1,18 @@ +diff --git a/rpm2cpio.c b/rpm2cpio.c +index 89ebdfa..ae999ff 100644 +--- a/rpm2cpio.c ++++ b/rpm2cpio.c +@@ -84,7 +84,12 @@ int main(int argc, char *argv[]) + exit(EXIT_FAILURE); + } + +- rc = (ufdCopy(gzdi, fdo) == payload_size) ? EXIT_SUCCESS : EXIT_FAILURE; ++ /* ++ * XXX HACK for #1142949: should be equality test, but archive size ++ * short by cpio trailer size in packages built with rpm 4.12.0 ++ * and its pre-releases. ++ */ ++ rc = (ufdCopy(gzdi, fdo) >= payload_size) ? EXIT_SUCCESS : EXIT_FAILURE; + + Fclose(fdo); + diff --git a/SOURCES/rpm-4.13.0-fedora-specspo.patch b/SOURCES/rpm-4.13.0-fedora-specspo.patch new file mode 100644 index 0000000..64416c7 --- /dev/null +++ b/SOURCES/rpm-4.13.0-fedora-specspo.patch @@ -0,0 +1,95 @@ +diff --git a/lib/tagexts.c b/lib/tagexts.c +index f72ff60..2c0b179 100644 +--- a/lib/tagexts.c ++++ b/lib/tagexts.c +@@ -535,15 +535,6 @@ static int filerequireTag(Header h, rpmtd td, headerGetFlags hgflags) + return filedepTag(h, RPMTAG_REQUIRENAME, td, hgflags); + } + +-/* I18N look aside diversions */ +- +-#if defined(ENABLE_NLS) +-extern int _nl_msg_cat_cntr; /* XXX GNU gettext voodoo */ +-#endif +-static const char * const language = "LANGUAGE"; +- +-static const char * const _macro_i18ndomains = "%{?_i18ndomains}"; +- + /** + * Retrieve i18n text. + * @param h header +@@ -554,59 +545,30 @@ static const char * const _macro_i18ndomains = "%{?_i18ndomains}"; + */ + static int i18nTag(Header h, rpmTag tag, rpmtd td, headerGetFlags hgflags) + { +- int rc; ++ int rc = headerGet(h, tag, td, HEADERGET_ALLOC); + #if defined(ENABLE_NLS) +- char * dstring = rpmExpand(_macro_i18ndomains, NULL); +- +- td->type = RPM_STRING_TYPE; +- td->data = NULL; +- td->count = 0; +- +- if (dstring && *dstring) { +- char *domain, *de; +- const char * langval; +- char * msgkey; +- const char * msgid; ++ if (rc) { ++ static const char * const _macro_i18ndomains = "%{?_i18ndomains}"; ++ char *de, *dstring = rpmExpand(_macro_i18ndomains, NULL); ++ const char *domain; + +- rasprintf(&msgkey, "%s(%s)", headerGetString(h, RPMTAG_NAME), +- rpmTagGetName(tag)); +- +- /* change to en_US for msgkey -> msgid resolution */ +- langval = getenv(language); +- (void) setenv(language, "en_US", 1); +- ++_nl_msg_cat_cntr; +- +- msgid = NULL; + for (domain = dstring; domain != NULL; domain = de) { ++ const char *msgid = td->data; ++ const char *msg = NULL; ++ + de = strchr(domain, ':'); + if (de) *de++ = '\0'; +- msgid = dgettext(domain, msgkey); +- if (msgid != msgkey) break; +- } +- +- /* restore previous environment for msgid -> msgstr resolution */ +- if (langval) +- (void) setenv(language, langval, 1); +- else +- unsetenv(language); +- ++_nl_msg_cat_cntr; +- +- if (domain && msgid) { +- td->data = dgettext(domain, msgid); +- td->data = xstrdup(td->data); /* XXX xstrdup has side effects. */ +- td->count = 1; +- td->flags = RPMTD_ALLOCED; ++ msg = dgettext(domain, td->data); ++ if (msg != msgid) { ++ free(td->data); ++ td->data = xstrdup(msg); ++ break; ++ } + } +- dstring = _free(dstring); +- free(msgkey); +- if (td->data) +- return 1; ++ free(dstring); + } +- +- free(dstring); + #endif + +- rc = headerGet(h, tag, td, HEADERGET_ALLOC); + return rc; + } + diff --git a/SOURCES/rpm-4.13.90-ldflags.patch b/SOURCES/rpm-4.13.90-ldflags.patch new file mode 100644 index 0000000..ad65430 --- /dev/null +++ b/SOURCES/rpm-4.13.90-ldflags.patch @@ -0,0 +1,15 @@ +diff -up rpm-4.9.1.1/macros.in.jx rpm-4.9.1.1/macros.in +--- rpm-4.9.1.1/macros.in.jx 2011-08-03 16:19:05.000000000 -0400 ++++ rpm-4.9.1.1/macros.in 2011-08-08 09:41:52.981064316 -0400 +@@ -674,9 +674,10 @@ print (t)\ + RPM_SOURCE_DIR=\"%{u2p:%{_sourcedir}}\"\ + RPM_BUILD_DIR=\"%{u2p:%{_builddir}}\"\ + RPM_OPT_FLAGS=\"%{optflags}\"\ ++ RPM_LD_FLAGS=\"%{?__global_ldflags}\"\ + RPM_ARCH=\"%{_arch}\"\ + RPM_OS=\"%{_os}\"\ +- export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS\ ++ export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_LD_FLAGS RPM_ARCH RPM_OS\ + RPM_DOC_DIR=\"%{_docdir}\"\ + export RPM_DOC_DIR\ + RPM_PACKAGE_NAME=\"%{NAME}\"\ diff --git a/SOURCES/rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch b/SOURCES/rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch new file mode 100644 index 0000000..361e1a4 --- /dev/null +++ b/SOURCES/rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch @@ -0,0 +1,28 @@ +From bf636421120aa2c97f9e0fdcee3c211b4241bd86 Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Mon, 29 Jan 2018 16:13:18 +0100 +Subject: [PATCH] Add envvar that will be present during RPM build + +Part of a Fedora Change for F28: +"Avoid /usr/bin/python in RPM build" +https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build +--- + macros.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/macros.in b/macros.in +index dd6ef67..68449e3 100644 +--- a/macros.in ++++ b/macros.in +@@ -804,6 +804,8 @@ package or when debugging this package.\ + export PKG_CONFIG_PATH\ + CONFIG_SITE=${CONFIG_SITE:-NONE}\ + export CONFIG_SITE\ ++ PYTHON_DISALLOW_AMBIGUOUS_VERSION=warn\ ++ export PYTHON_DISALLOW_AMBIGUOUS_VERSION\ + \ + %{verbose:set -x}%{!verbose:exec > /dev/null}\ + umask 022\ +-- +2.13.6 + diff --git a/SOURCES/rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch b/SOURCES/rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch new file mode 100644 index 0000000..4c7c52c --- /dev/null +++ b/SOURCES/rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch @@ -0,0 +1,107 @@ +From 8390fa8515f499994646cf3bd113423744dc7bd9 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 30 Nov 2018 11:02:52 +0100 +Subject: [PATCH] Add RPMTAG_MODULARITYLABEL to distinguish packages build for + modularity + +Tag can be set with a ModularityLabel: statement in the spec file preamble or +via the modularitylabel macro +--- + build/parsePreamble.c | 4 ++++ + build/parseSpec.c | 1 + + lib/rpmtag.h | 1 + + macros.in | 5 +++++ + tests/rpmgeneral.at | 1 + + 5 files changed, 12 insertions(+) + +diff --git a/build/parsePreamble.c b/build/parsePreamble.c +index f5e06bac8..e340e5c7a 100644 +--- a/build/parsePreamble.c ++++ b/build/parsePreamble.c +@@ -43,6 +43,7 @@ static const rpmTagVal copyTagsDuringParse[] = { + RPMTAG_DISTTAG, + RPMTAG_BUGURL, + RPMTAG_GROUP, ++ RPMTAG_MODULARITYLABEL, + 0 + }; + +@@ -526,6 +527,7 @@ static struct optionalTag { + { RPMTAG_DISTURL, "%{disturl}" }, + { RPMTAG_DISTTAG, "%{disttag}" }, + { RPMTAG_BUGURL, "%{bugurl}" }, ++ { RPMTAG_MODULARITYLABEL, "%{modularitylabel}"}, + { -1, NULL } + }; + +@@ -779,6 +781,7 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag, + case RPMTAG_URL: + case RPMTAG_DISTTAG: + case RPMTAG_BUGURL: ++ case RPMTAG_MODULARITYLABEL: + /* XXX TODO: validate format somehow */ + case RPMTAG_VCS: + SINGLE_TOKEN_ONLY; +@@ -1018,6 +1021,7 @@ static struct PreambleRec_s const preambleList[] = { + {RPMTAG_BUGURL, 0, 0, LEN_AND_STR("bugurl")}, + {RPMTAG_ORDERNAME, 2, 0, LEN_AND_STR("orderwithrequires")}, + {RPMTAG_REMOVEPATHPOSTFIXES,0, 0, LEN_AND_STR("removepathpostfixes")}, ++ {RPMTAG_MODULARITYLABEL, 0, 0, LEN_AND_STR("modularitylabel")}, + {0, 0, 0, 0} + }; + +diff --git a/build/parseSpec.c b/build/parseSpec.c +index bf4789942..c80802baf 100644 +--- a/build/parseSpec.c ++++ b/build/parseSpec.c +@@ -517,6 +517,7 @@ static const rpmTagVal sourceTags[] = { + RPMTAG_BUGURL, + RPMTAG_HEADERI18NTABLE, + RPMTAG_VCS, ++ RPMTAG_MODULARITYLABEL, + 0 + }; + +diff --git a/lib/rpmtag.h b/lib/rpmtag.h +index 973a6b69d..b9623ef24 100644 +--- a/lib/rpmtag.h ++++ b/lib/rpmtag.h +@@ -368,6 +368,7 @@ + RPMTAG_FILESIGNATURELENGTH = 5091, /* i */ + RPMTAG_PAYLOADDIGEST = 5092, /* s[] */ + RPMTAG_PAYLOADDIGESTALGO = 5093, /* i */ ++ RPMTAG_MODULARITYLABEL = 5096, /* s */ + + RPMTAG_FIRSTFREE_TAG /*!< internal */ + } rpmTag; +diff --git a/macros.in b/macros.in +index e0a1aea4e..cb4929c10 100644 +--- a/macros.in ++++ b/macros.in +@@ -357,6 +357,11 @@ package or when debugging this package.\ + %_javadir %{_datadir}/java + %_javadocdir %{_datadir}/javadoc + ++ ++# Set ModularityLabel: for packages being build ++# ++#%modularitylabel ++ + # A colon separated list of paths where files should *not* be installed. + # Usually, these are network file system mount points. + # +diff --git a/tests/rpmgeneral.at b/tests/rpmgeneral.at +index 509277f2c..45d38698b 100644 +--- a/tests/rpmgeneral.at ++++ b/tests/rpmgeneral.at +@@ -150,6 +150,7 @@ LONGARCHIVESIZE + LONGFILESIZES + LONGSIGSIZE + LONGSIZE ++MODULARITYLABEL + N + NAME + NEVR +-- +2.17.2 + diff --git a/SOURCES/rpm-4.14.2-audit-3.patch b/SOURCES/rpm-4.14.2-audit-3.patch new file mode 100644 index 0000000..65a2b3f --- /dev/null +++ b/SOURCES/rpm-4.14.2-audit-3.patch @@ -0,0 +1,275 @@ +From 820dcc1db9f2130a21fdaf721217034376eb8e38 Mon Sep 17 00:00:00 2001 +Message-Id: <820dcc1db9f2130a21fdaf721217034376eb8e38.1544785848.git.pmatilai@redhat.com> +From: Panu Matilainen +Date: Fri, 30 Nov 2018 13:10:44 +0200 +Subject: [PATCH] Add support for logging audit events for package installs as + per OSPP v4.2 + +If enabled at build-time, log audit events for package install, update +and remove. The log includes the operation, package nevra, signature +check result, whether signatures are being enforced enforced and overall +success result. Package install/update/remove are logged as such, +obsoletion is logged as install + remove (whereas the erasure element +on updates is silent) + +Loosely based on initial RHEL 7-8 implementations by Pavlina Moravcova +Varekova and Florian Festi (RhBug:1555326, RhBug:1607612) + +(cherry picked from commit cfc9dde70fe65e91c83e03e9a9441e627b741489) +--- + configure.ac | 21 +++++++++ + lib/Makefile.am | 1 + + lib/rpmte.c | 11 +++++ + lib/rpmte_internal.h | 6 +++ + lib/transaction.c | 104 +++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 143 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 34ea85f9f..ab8a368d3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -312,6 +312,27 @@ fi + AC_SUBST(WITH_BEECRYPT_LIB) + AC_SUBST(WITH_BEECRYPT_INCLUDE) + ++ ++#================= ++# Check for audit library. ++AC_ARG_WITH(audit, ++AS_HELP_STRING([--with-audit],[log results using Linux Audit]), ++with_audit=$withval, ++with_audit=auto) ++ ++WITH_AUDIT_LIB= ++AS_IF([test "x$with_audit" != xno],[ ++ AC_SEARCH_LIBS([audit_open],[audit],[ ++ WITH_AUDIT_LIB="$ac_res" ++ AC_DEFINE(WITH_AUDIT, 1, [libaudit support]) ++ ], ++ [if test "x$with_audit" != xauto; then ++ AC_MSG_ERROR([missing audit library]) ++ fi ++ ]) ++]) ++AC_SUBST(WITH_AUDIT_LIB) ++ + #================= + # Check for OpenSSL library. + # We need evp.h from OpenSSL. +diff --git a/lib/Makefile.am b/lib/Makefile.am +index baf3238ee..c055962a3 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -51,6 +51,7 @@ librpm_la_LIBADD = \ + @WITH_POPT_LIB@ \ + @WITH_CAP_LIB@ \ + @WITH_ACL_LIB@ \ ++ @WITH_AUDIT_LIB@ \ + @LIBINTL@ + + if WITH_LUA +diff --git a/lib/rpmte.c b/lib/rpmte.c +index d980a37a4..bd5d53edc 100644 +--- a/lib/rpmte.c ++++ b/lib/rpmte.c +@@ -69,6 +69,7 @@ struct rpmte_s { + int nrelocs; /*!< (TR_ADDED) No. of relocations. */ + uint8_t *badrelocs; /*!< (TR_ADDED) Bad relocations (or NULL) */ + FD_t fd; /*!< (TR_ADDED) Payload file descriptor. */ ++ int verified; /*!< (TR_ADDED) Verification status */ + + #define RPMTE_HAVE_PRETRANS (1 << 0) + #define RPMTE_HAVE_POSTTRANS (1 << 1) +@@ -753,6 +754,16 @@ rpmfs rpmteGetFileStates(rpmte te) + return te->fs; + } + ++void rpmteSetVerified(rpmte te, int verified) ++{ ++ te->verified = verified; ++} ++ ++int rpmteGetVerified(rpmte te) ++{ ++ return te->verified; ++} ++ + int rpmteProcess(rpmte te, pkgGoal goal, int num) + { + /* Only install/erase resets pkg file info */ +diff --git a/lib/rpmte_internal.h b/lib/rpmte_internal.h +index a5a991ec5..2895925ce 100644 +--- a/lib/rpmte_internal.h ++++ b/lib/rpmte_internal.h +@@ -86,6 +86,12 @@ int rpmteHaveTransScript(rpmte te, rpmTagVal tag); + /* XXX should be internal too but build code needs for now... */ + rpmfs rpmteGetFileStates(rpmte te); + ++RPM_GNUC_INTERNAL ++void rpmteSetVerified(rpmte te, int verified); ++ ++RPM_GNUC_INTERNAL ++int rpmteGetVerified(rpmte te); ++ + /** \ingroup rpmte + * Retrieve size in bytes of package header. + * @param te transaction element +diff --git a/lib/transaction.c b/lib/transaction.c +index 67b9db579..866e87fc2 100644 +--- a/lib/transaction.c ++++ b/lib/transaction.c +@@ -7,6 +7,10 @@ + #include + #include + ++#if WITH_AUDIT ++#include ++#endif ++ + #include /* rpmMachineScore, rpmReadPackageFile */ + #include /* XXX for rpmExpand */ + #include +@@ -1195,12 +1199,17 @@ static rpm_loff_t countPkgs(rpmts ts, rpmElementTypes types) + + struct vfydata_s { + char *msg; ++ int signature; + int vfylevel; + }; + + static int vfyCb(struct rpmsinfo_s *sinfo, void *cbdata) + { + struct vfydata_s *vd = cbdata; ++ ++ if (sinfo->type == RPMSIG_SIGNATURE_TYPE && sinfo->rc == RPMRC_OK) ++ vd->signature = RPMRC_OK; ++ + switch (sinfo->rc) { + case RPMRC_OK: + break; +@@ -1241,6 +1250,7 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total) + struct rpmvs_s *vs = rpmvsCreate(vfylevel, vsflags, keyring); + struct vfydata_s vd = { + .msg = NULL, ++ .signature = RPMRC_NOTFOUND, + .vfylevel = vfylevel, + }; + rpmRC prc = RPMRC_FAIL; +@@ -1255,6 +1265,9 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total) + if (prc == RPMRC_OK) + prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd); + ++ /* Record verify result, signatures only for now */ ++ rpmteSetVerified(p, vd.signature == RPMRC_OK); ++ + if (prc) + rpmteAddProblem(p, RPMPROB_VERIFY, NULL, vd.msg, 0); + +@@ -1619,6 +1632,95 @@ rpmRC runScript(rpmts ts, rpmte te, Header h, ARGV_const_t prefixes, + return rc; + } + ++#if WITH_AUDIT ++struct teop { ++ rpmte te; ++ const char *op; ++}; ++ ++/* ++ * Figure out the actual operations: ++ * Install and remove are straightforward. Updates need to discovered ++ * via their erasure element: locate the updating element, adjust it's ++ * op to update and silence the erasure part. Obsoletion is handled as ++ * as install + remove, which it technically is. ++ */ ++static void getAuditOps(rpmts ts, struct teop *ops, int nelem) ++{ ++ rpmtsi pi = rpmtsiInit(ts); ++ rpmte p; ++ int i = 0; ++ while ((p = rpmtsiNext(pi, 0)) != NULL) { ++ const char *op = NULL; ++ if (rpmteType(p) == TR_ADDED) { ++ op = "install"; ++ } else { ++ op = "remove"; ++ rpmte d = rpmteDependsOn(p); ++ /* Fixup op on updating elements, silence the cleanup stage */ ++ if (d != NULL && rstreq(rpmteN(d), rpmteN(p))) { ++ /* Linear lookup, but we're only dealing with a few thousand */ ++ for (int x = 0; x < i; x++) { ++ if (ops[x].te == d) { ++ ops[x].op = "update"; ++ op = NULL; ++ break; ++ } ++ } ++ } ++ } ++ ops[i].te = p; ++ ops[i].op = op; ++ i++; ++ } ++ rpmtsiFree(pi); ++} ++ ++/* ++ * If enabled, log audit events for the operations in this transaction. ++ * In the event values, 1 means true/success and 0 false/failure. Shockingly. ++ */ ++static void rpmtsAudit(rpmts ts) ++{ ++ int auditFd = audit_open(); ++ if (auditFd < 0) ++ return; ++ ++ int nelem = rpmtsNElements(ts); ++ struct teop *ops = xcalloc(nelem, sizeof(*ops)); ++ char *dir = audit_encode_nv_string("root_dir", rpmtsRootDir(ts), 0); ++ int enforce = (rpmtsVfyLevel(ts) & RPMSIG_SIGNATURE_TYPE) != 0; ++ ++ getAuditOps(ts, ops, nelem); ++ ++ for (int i = 0; i < nelem; i++) { ++ const char *op = ops[i].op; ++ if (op) { ++ rpmte p = ops[i].te; ++ char *nevra = audit_encode_nv_string("sw", rpmteNEVRA(p), 0); ++ char eventTxt[256]; ++ int verified = rpmteGetVerified(p); ++ int result = (rpmteFailed(p) == 0); ++ ++ snprintf(eventTxt, sizeof(eventTxt), ++ "op=%s %s sw_type=rpm key_enforce=%u gpg_res=%u %s", ++ op, nevra, enforce, verified, dir); ++ audit_log_user_comm_message(auditFd, AUDIT_SOFTWARE_UPDATE, ++ eventTxt, NULL, NULL, NULL, NULL, result); ++ free(nevra); ++ } ++ } ++ ++ free(dir); ++ free(ops); ++ audit_close(auditFd); ++} ++#else ++static void rpmtsAudit(rpmts ts) ++{ ++} ++#endif ++ + int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet) + { + int rc = -1; /* assume failure */ +@@ -1732,6 +1834,8 @@ exit: + rpmpluginsCallTsmPost(rpmtsPlugins(ts), ts, rc); + + /* Finish up... */ ++ if (!(rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS))) ++ rpmtsAudit(ts); + (void) umask(oldmask); + (void) rpmtsFinish(ts); + rpmpsFree(tsprobs); +-- +2.19.2 + diff --git a/SOURCES/rpm-4.14.2-unversioned-python.patch b/SOURCES/rpm-4.14.2-unversioned-python.patch new file mode 100644 index 0000000..7e9ba8d --- /dev/null +++ b/SOURCES/rpm-4.14.2-unversioned-python.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.14.2/macros.in.pyerror rpm-4.14.2/macros.in +--- rpm-4.14.2/macros.in.pyerror 2019-06-04 13:33:48.450727270 +0300 ++++ rpm-4.14.2/macros.in 2019-06-04 13:34:09.717695822 +0300 +@@ -50,7 +50,7 @@ + %__mv @__MV@ + %__patch @__PATCH@ + %__perl @__PERL@ +-%__python @__PYTHON@ ++%__python %{error:attempt to use unversioned python, define %%__python to %{_bindir}/python2 or %{_bindir}/python3 explicitly} + %__restorecon @__RESTORECON@ + %__rm @__RM@ + %__rsh @__RSH@ diff --git a/SOURCES/rpm-4.7.1-geode-i686.patch b/SOURCES/rpm-4.7.1-geode-i686.patch new file mode 100644 index 0000000..2e8692a --- /dev/null +++ b/SOURCES/rpm-4.7.1-geode-i686.patch @@ -0,0 +1,14 @@ +diff --git a/rpmrc.in b/rpmrc.in +index 4a6cca9..d62ddaf 100644 +--- a/rpmrc.in ++++ b/rpmrc.in +@@ -281,7 +281,7 @@ arch_compat: alphaev5: alpha + arch_compat: alpha: axp noarch + + arch_compat: athlon: i686 +-arch_compat: geode: i586 ++arch_compat: geode: i686 + arch_compat: pentium4: pentium3 + arch_compat: pentium3: i686 + arch_compat: i686: i586 + diff --git a/SOURCES/rpm-4.8.1-use-gpg2.patch b/SOURCES/rpm-4.8.1-use-gpg2.patch new file mode 100644 index 0000000..61ef55e --- /dev/null +++ b/SOURCES/rpm-4.8.1-use-gpg2.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.8.1/macros.in.gpg2 rpm-4.8.1/macros.in +--- rpm-4.8.0/macros.in.gpg2 2011-01-17 12:17:38.000000000 +0200 ++++ rpm-4.8.0/macros.in 2011-01-17 12:17:59.000000000 +0200 +@@ -40,7 +40,7 @@ + %__cp @__CP@ + %__cpio @__CPIO@ + %__file @__FILE@ +-%__gpg @__GPG@ ++%__gpg /usr/bin/gpg2 + %__grep @__GREP@ + %__gzip @__GZIP@ + %__id @__ID@ diff --git a/SOURCES/rpm-4.9.90-no-man-dirs.patch b/SOURCES/rpm-4.9.90-no-man-dirs.patch new file mode 100644 index 0000000..04f276a --- /dev/null +++ b/SOURCES/rpm-4.9.90-no-man-dirs.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.9.90.git11486/scripts/find-lang.sh.no-man-dirs rpm-4.9.90.git11486/scripts/find-lang.sh +--- rpm-4.9.90.git11486/scripts/find-lang.sh.no-man-dirs 2012-03-07 11:31:10.000000000 +0200 ++++ rpm-4.9.90.git11486/scripts/find-lang.sh 2012-03-07 15:11:57.465801075 +0200 +@@ -181,7 +181,7 @@ s:%lang(C) :: + find "$TOP_DIR" -type d|sed ' + s:'"$TOP_DIR"':: + '"$ALL_NAME$MAN"'s:\(.*/man/\([^/_]\+\).*/man[a-z0-9]\+/\):: +-'"$ALL_NAME$MAN"'s:\(.*/man/\([^/_]\+\).*/man[a-z0-9]\+$\):%lang(\2) \1*: ++'"$ALL_NAME$MAN"'s:\(.*/man/\([^/_]\+\).*/man[a-z0-9]\+$\):%lang(\2) \1/*: + s:^\([^%].*\):: + s:%lang(C) :: + /^$/d' >> $MO_NAME diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec new file mode 100644 index 0000000..cdd271e --- /dev/null +++ b/SPECS/rpm.spec @@ -0,0 +1,2204 @@ +# build against xz? +%bcond_without xz +# just for giggles, option to build with internal Berkeley DB +%bcond_with int_bdb +# run internal testsuite? +%bcond_with check +# build with plugins? +%bcond_without plugins +# build with sanitizers? +%bcond_with sanitizer +# build with libarchive? (needed for rpm2archive) +%bcond_without libarchive +# build with libimaevm.so +%bcond_without libimaevm +# build with new db format +%bcond_with ndb +# build with zstd support? +%bcond_with zstd +# build with lmdb support? +%bcond_with lmdb + +%if 0%{?rhel} > 7 +# Disable python2 build by default +%bcond_with python2 +%else +%bcond_without python2 +%endif + +%define rpmhome /usr/lib/rpm + +%global rpmver 4.14.2 +#global snapver rc2 +%global rel 20 + +%global srcver %{version}%{?snapver:-%{snapver}} +%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} + +%define bdbname libdb +%define bdbver 5.3.15 +%define dbprefix db + +Summary: The RPM package management system +Name: rpm +Version: %{rpmver} +Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist} +Group: System Environment/Base +Url: http://www.rpm.org/ +Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 +%if %{with int_bdb} +Source1: db-%{bdbver}.tar.gz +%else +BuildRequires: libdb-devel +%endif + +# Disable autoconf config.site processing (#962837) +Patch1: rpm-4.11.x-siteconfig.patch +# Fedora specspo is setup differently than what rpm expects, considering +# this as Fedora-specific patch for now +Patch2: rpm-4.13.0-fedora-specspo.patch +# In current Fedora, man-pages pkg owns all the localized man directories +Patch3: rpm-4.9.90-no-man-dirs.patch +# gnupg2 comes installed by default, avoid need to drag in gnupg too +Patch4: rpm-4.8.1-use-gpg2.patch +# Temporary band-aid for rpm2cpio whining on payload size mismatch (#1142949) +Patch5: rpm-4.12.0-rpm2cpio-hack.patch + +# Downstream-only patch: +# Add envvar that will be present during RPM build +# - Part of a Fedora Change for F28: +# - "Avoid /usr/bin/python in RPM build" +# - https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build +Patch7: rpm-4.14.1-Add-envvar-that-will-be-present-during-RPM-build.patch + +# Patches already upstream: +Patch100: 0001-Fix-nasty-setperms-setugids-regression-in-4.14.2-RhB.patch +Patch101: rpm-4.14.2-RPMTAG_MODULARITYLABEL.patch +Patch102: 0001-Document-noverify-in-the-man-page-RhBug-1646458.patch +Patch103: 0001-Handle-unsupported-digests-the-same-as-disabled-ones.patch +Patch104: 0001-Mark-elements-with-associated-problems-as-failed.patch +Patch105: 0001-Fix-ancient-python-GIL-locking-bug-on-callback-RhBug.patch +Patch106: 0001-Fix-testing-for-wrong-variable-in-selinux-plugin-deb.patch +Patch107: 0001-Log-RPMLOG_ERR-level-messages-on-actual-errors-in-se.patch +Patch108: 0001-Only-read-through-payload-on-verify-if-actually-need.patch +Patch109: 0001-Make-rpmsign-exit-values-more-consistent-with-our-ot.patch +Patch110: 0002-Drop-internal-only-visibility-on-rpmvs-related-API.patch +Patch111: 0003-Verify-packages-before-signing-RhBug-1646388.patch +Patch112: 0001-Fix-FA_TOUCH-on-files-with-suid-sgid-bits-and-or-cap.patch +Patch113: 0001-Sort-list-of-hard-linked-files-in-find-debuginfo.sh-.patch +Patch114: 0001-Correct-rpm-ql-exit-value-when-optional-p-is-omitted.patch +Patch115: 0001-Show-list-of-files-only-once-when-use-rpm-ql-and-mul.patch +Patch116: 0001-Add-flag-to-use-strip-g-instead-of-full-strip-on-DSO.patch +Patch117: 0001-Fix-segfault-on-fingerprinting-symlink-round-RhBug-1.patch +Patch118: 0001-Fix-packages-getting-erased-on-failed-update-with-dn.patch + +# Python 3 string API sanity +Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch +Patch501: 0001-Return-NULL-string-as-None-from-utf8FromString.patch +# Temporary compat crutch, not upstream +Patch502: 0001-Monkey-patch-.decode-method-to-our-strings-as-a-temp.patch + +# These are not yet upstream +# Audit support +Patch800: rpm-4.14.2-audit-3.patch + +Patch906: rpm-4.7.1-geode-i686.patch +# Probably to be upstreamed in slightly different form +Patch907: rpm-4.13.90-ldflags.patch + +# Switch off the part of the brp-python-bytecompile script +# that utilizes python2 to bytecompile .py files within +# non-standard paths. +Patch1000: disable-python-extra.patch + +# Compile Python 3.6 stuff with /usr/libexec/platform-python instead of +# /usr/bin/python3.6 +Patch1001: compile-with-Platform-Python-binary-where-relevant.patch +# make unversioned %%__python an error unless explicitly overridden +Patch1002: rpm-4.14.2-unversioned-python.patch + +# Partially GPL/LGPL dual-licensed and some bits with BSD +# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD +License: GPLv2+ + +Requires: coreutils +%if %{without int_bdb} +# db recovery tools, rpmdb_util symlinks +Requires: %{_bindir}/%{dbprefix}_stat +%endif +Requires: popt%{_isa} >= 1.10.2.1 +Requires: curl + +%if %{without int_bdb} +BuildRequires: %{bdbname}-devel +%endif + +%if %{with check} +BuildRequires: fakechroot gnupg2 +%endif + +# XXX generally assumed to be installed but make it explicit as rpm +# is a bit special... +BuildRequires: redhat-rpm-config +BuildRequires: gcc make +BuildRequires: gawk +BuildRequires: elfutils-devel >= 0.112 +BuildRequires: elfutils-libelf-devel +BuildRequires: readline-devel zlib-devel +BuildRequires: openssl-devel +# The popt version here just documents an older known-good version +BuildRequires: popt-devel >= 1.10.2 +BuildRequires: file-devel +BuildRequires: gettext-devel +BuildRequires: ncurses-devel +BuildRequires: bzip2-devel >= 0.9.0c-2 +BuildRequires: lua-devel >= 5.1 +BuildRequires: libcap-devel +BuildRequires: libacl-devel +BuildRequires: audit-libs-devel +%if %{with xz} +BuildRequires: xz-devel >= 4.999.8 +%endif +%if %{with libarchive} +BuildRequires: libarchive-devel +%endif +%if %{with zstd} +BuildRequires: libzstd-devel +%endif +%if %{with lmdb} +BuildRequires: lmdb-devel +%endif +# Only required by sepdebugcrcfix patch +BuildRequires: binutils-devel +# Couple of patches change makefiles so, require for now... +BuildRequires: automake libtool + +%if %{with plugins} +BuildRequires: libselinux-devel +BuildRequires: dbus-devel +%endif + +%if %{with sanitizer} +BuildRequires: libasan +BuildRequires: libubsan +#BuildRequires: liblsan +#BuildRequires: libtsan +%global sanitizer_flags -fsanitize=address -fsanitize=undefined +%endif + +%if %{with libimaevm} +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%global imadevname ima-evm-utils-devel +%else +%global imadevname ima-evm-utils +%endif +BuildRequires: %{imadevname} >= 1.0 +%endif + +%description +The RPM Package Manager (RPM) is a powerful command line driven +package management system capable of installing, uninstalling, +verifying, querying, and updating software packages. Each software +package consists of an archive of files along with information about +the package like its version, a description, etc. + +%package libs +Summary: Libraries for manipulating RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: %{name} = %{version}-%{release} +# librpm uses cap_compare, introduced sometimes between libcap 2.10 and 2.16. +# A manual require is needed, see #505596 +Requires: libcap%{_isa} >= 2.16 + +%description libs +This package contains the RPM shared libraries. + +%package build-libs +Summary: Libraries for building and signing RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: rpm-libs%{_isa} = %{version}-%{release} +Requires: %{_bindir}/gpg2 + +%description build-libs +This package contains the RPM shared libraries for building and signing +packages. + +%package devel +Summary: Development files for manipulating RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: %{name} = %{version}-%{release} +Requires: %{name}-libs%{_isa} = %{version}-%{release} +Requires: %{name}-build-libs%{_isa} = %{version}-%{release} +Requires: popt-devel%{_isa} + +%description devel +This package contains the RPM C library and header files. These +development files will simplify the process of writing programs that +manipulate RPM packages and databases. These files are intended to +simplify the process of creating graphical package managers or any +other tools that need an intimate knowledge of RPM packages in order +to function. + +This package should be installed if you want to develop programs that +will manipulate RPM packages and databases. + +%package build +Summary: Scripts and executable programs used to build packages +Group: Development/Tools +Requires: rpm = %{version}-%{release} +Requires: elfutils >= 0.128 binutils +Requires: findutils sed grep gawk diffutils file patch >= 2.5 +Requires: tar unzip gzip bzip2 cpio xz +%if %{with zstd} +Requires: zstd +%endif +Requires: pkgconfig >= 1:0.24 +Requires: /usr/bin/gdb-add-index +# Technically rpmbuild doesn't require any external configuration, but +# creating distro-compatible packages does. To make the common case +# "just work" while allowing for alternatives, depend on a virtual +# provide, typically coming from redhat-rpm-config. +Requires: system-rpm-config + +%description build +The rpm-build package contains the scripts and executable programs +that are used to build packages using the RPM Package Manager. + +%package sign +Summary: Package signing support +Group: System Environment/Base +Requires: rpm-build-libs%{_isa} = %{version}-%{release} + +%description sign +This package contains support for digitally signing RPM packages. + +%if %{with python2} +%package -n python2-%{name} +Summary: Python 2 bindings for apps which will manipulate RPM packages +Group: Development/Libraries +BuildRequires: python2-devel +%{?python_provide:%python_provide python2-%{name}} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}-python = %{version}-%{release} +Obsoletes: %{name}-python < %{version}-%{release} + +%description -n python2-%{name} +The python2-rpm package contains a module that permits applications +written in the Python programming language to use the interface +supplied by RPM Package Manager libraries. + +This package should be installed if you want to develop Python 2 +programs that will manipulate RPM packages and databases. +%endif # with python2 + +%package -n python3-%{name} +Summary: Python 3 bindings for apps which will manipulate RPM packages +Group: Development/Libraries +BuildRequires: python3-devel +%{?python_provide:%python_provide python3-%{name}} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}-python3 = %{version}-%{release} +Obsoletes: %{name}-python3 < %{version}-%{release} + +%description -n python3-%{name} +The python3-rpm package contains a module that permits applications +written in the Python programming language to use the interface +supplied by RPM Package Manager libraries. + +This package should be installed if you want to develop Python 3 +programs that will manipulate RPM packages and databases. + +%package apidocs +Summary: API documentation for RPM libraries +Group: Documentation +BuildArch: noarch + +%description apidocs +This package contains API documentation for developing applications +that will manipulate RPM packages and databases. + +%package cron +Summary: Create daily logs of installed packages. +Group: System Environment/Base +BuildArch: noarch +Requires: crontabs logrotate rpm = %{version}-%{release} + +%description cron +This package contains a cron job which creates daily logs of installed +packages on a system. + +%if %{with plugins} +%package plugin-selinux +Summary: Rpm plugin for SELinux functionality +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} +Requires: selinux-policy-base + +%description plugin-selinux +%{summary} + +%package plugin-syslog +Summary: Rpm plugin for syslog functionality +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} + +%description plugin-syslog +%{summary} + +%package plugin-systemd-inhibit +Summary: Rpm plugin for systemd inhibit functionality +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} + +%description plugin-systemd-inhibit +This plugin blocks systemd from entering idle, sleep or shutdown while an rpm +transaction is running using the systemd-inhibit mechanism. + +%package plugin-ima +Summary: Rpm plugin ima file signatures +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} + +%description plugin-ima +%{summary} + +%package plugin-prioreset +Summary: Rpm plugin for resetting scriptlet priorities for SysV init +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} + +%description plugin-prioreset +%{summary} + +Useful on legacy SysV init systems if you run rpm transactions with +nice/ionice priorities. Should not be used on systemd systems. + +%endif # with plugins + +%prep +%autosetup -n %{name}-%{srcver} %{?with_int_bdb:-a 1} -p1 + +%if %{with int_bdb} +ln -s db-%{bdbver} db +%endif + +%build +%if %{without int_bdb} +#CPPFLAGS=-I%{_includedir}/db%{bdbver} +#LDFLAGS=-L%{_libdir}/db%{bdbver} +%endif +CPPFLAGS="$CPPFLAGS -DLUA_COMPAT_APIINTCASTS" +CFLAGS="$RPM_OPT_FLAGS %{?sanitizer_flags} -DLUA_COMPAT_APIINTCASTS" +LDFLAGS="$LDFLAGS %{?__global_ldflags}" +export CPPFLAGS CFLAGS LDFLAGS + +autoreconf -i -f + +# Hardening hack taken from macro %%configure defined in redhat-rpm-config +for i in $(find . -name ltmain.sh) ; do + %{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i +done; + +# Using configure macro has some unwanted side-effects on rpm platform +# setup, use the old-fashioned way for now only defining minimal paths. +./configure \ + --prefix=%{_usr} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_var} \ + --sharedstatedir=%{_var}/lib \ + --libdir=%{_libdir} \ + --build=%{_target_platform} \ + --host=%{_target_platform} \ + --with-vendor=redhat \ + %{!?with_int_bdb: --with-external-db} \ + %{!?with_plugins: --disable-plugins} \ + --with-lua \ + --with-selinux \ + --with-cap \ + --with-acl \ + %{?with_ndb: --with-ndb} \ + %{?with_libimaevm: --with-imaevm} \ + %{?with_zstd: --enable-zstd} \ + %{?with_lmdb: --enable-lmdb} \ + --enable-python \ + --with-crypto=openssl + +make %{?_smp_mflags} + +pushd python +%if %{with python2} +%{__python2} setup.py build +%endif # with python2 +%{__python3} setup.py build +popd + +%install +rm -rf $RPM_BUILD_ROOT + +make DESTDIR="$RPM_BUILD_ROOT" install + +# We need to build with --enable-python for the self-test suite, but we +# actually package the bindings built with setup.py (#531543#c26) +pushd python +%if %{with python2} +%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT +%endif # with python2 +%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT +popd + + +# Save list of packages through cron +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily +install -m 755 scripts/rpm.daily ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/rpm + +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d +install -m 644 scripts/rpm.log ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/rpm + +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d +echo "r /var/lib/rpm/__db.*" > ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/rpm.conf + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm +mkdir -p $RPM_BUILD_ROOT%{rpmhome}/macros.d + +mkdir -p $RPM_BUILD_ROOT/var/lib/rpm +for dbi in \ + Basenames Conflictname Dirnames Group Installtid Name Obsoletename \ + Packages Providename Requirename Triggername Sha1header Sigmd5 \ + __db.001 __db.002 __db.003 __db.004 __db.005 __db.006 __db.007 \ + __db.008 __db.009 +do + touch $RPM_BUILD_ROOT/var/lib/rpm/$dbi +done + +# plant links to relevant db utils as rpmdb_foo for documention compatibility +%if %{without int_bdb} +for dbutil in dump load recover stat upgrade verify +do + ln -s ../../bin/%{dbprefix}_${dbutil} $RPM_BUILD_ROOT/%{rpmhome}/rpmdb_${dbutil} +done +%endif + +%find_lang %{name} + +find $RPM_BUILD_ROOT -name "*.la"|xargs rm -f + +# These live in perl-generators and python-rpm-generators now +rm -f $RPM_BUILD_ROOT/%{rpmhome}/{perldeps.pl,perl.*,pythond*} +rm -f $RPM_BUILD_ROOT/%{_fileattrsdir}/{perl*,python*} +# Axe unused cruft +rm -f $RPM_BUILD_ROOT/%{rpmhome}/{tcl.req,osgideps.pl} + +# Avoid unnecessary dependency on /usr/bin/python +chmod a-x $RPM_BUILD_ROOT/%{rpmhome}/python-macro-helper + +%if %{with check} +%check +make check || cat tests/rpmtests.log +%endif + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%post build-libs -p /sbin/ldconfig +%postun build-libs -p /sbin/ldconfig + +%files -f %{name}.lang +%license COPYING +%doc CREDITS doc/manual/[a-z]* + +/usr/lib/tmpfiles.d/rpm.conf +%dir %{_sysconfdir}/rpm + +%attr(0755, root, root) %dir /var/lib/rpm +%attr(0644, root, root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/rpm/* + +%{_bindir}/rpm +%{_bindir}/rpm2archive +%{_bindir}/rpm2cpio +%{_bindir}/rpmdb +%{_bindir}/rpmkeys +%{_bindir}/rpmquery +%{_bindir}/rpmverify + +%{_mandir}/man8/rpm.8* +%{_mandir}/man8/rpmdb.8* +%{_mandir}/man8/rpmkeys.8* +%{_mandir}/man8/rpm2cpio.8* +%{_mandir}/man8/rpm-misc.8* + +# XXX this places translated manuals to wrong package wrt eg rpmbuild +%lang(fr) %{_mandir}/fr/man[18]/*.[18]* +%lang(ko) %{_mandir}/ko/man[18]/*.[18]* +%lang(ja) %{_mandir}/ja/man[18]/*.[18]* +%lang(pl) %{_mandir}/pl/man[18]/*.[18]* +%lang(ru) %{_mandir}/ru/man[18]/*.[18]* +%lang(sk) %{_mandir}/sk/man[18]/*.[18]* + +%attr(0755, root, root) %dir %{rpmhome} +%{rpmhome}/macros +%{rpmhome}/macros.d +%{rpmhome}/rpmpopt* +%{rpmhome}/rpmrc + +%{rpmhome}/rpmdb_* +%{rpmhome}/rpm.daily +%{rpmhome}/rpm.log +%{rpmhome}/rpm.supp +%{rpmhome}/rpm2cpio.sh +%{rpmhome}/tgpg +%{rpmhome}/python-macro-helper + +%{rpmhome}/platform + +%dir %{rpmhome}/fileattrs + +%files libs +%{_libdir}/librpmio.so.* +%{_libdir}/librpm.so.* +%if %{with plugins} +%dir %{_libdir}/rpm-plugins + +%files plugin-syslog +%{_libdir}/rpm-plugins/syslog.so + +%files plugin-selinux +%{_libdir}/rpm-plugins/selinux.so + +%files plugin-systemd-inhibit +%{_libdir}/rpm-plugins/systemd_inhibit.so +%{_mandir}/man8/rpm-plugin-systemd-inhibit.8* + +%files plugin-ima +%{_libdir}/rpm-plugins/ima.so + +%files plugin-prioreset +%{_libdir}/rpm-plugins/prioreset.so +%endif # with plugins + +%files build-libs +%{_libdir}/librpmbuild.so.* +%{_libdir}/librpmsign.so.* + +%files build +%{_bindir}/rpmbuild +%{_bindir}/gendiff +%{_bindir}/rpmspec + +%{_mandir}/man1/gendiff.1* +%{_mandir}/man8/rpmbuild.8* +%{_mandir}/man8/rpmdeps.8* +%{_mandir}/man8/rpmspec.8* + +%{rpmhome}/brp-* +%{rpmhome}/check-* +%{rpmhome}/debugedit +%{rpmhome}/sepdebugcrcfix +%{rpmhome}/find-debuginfo.sh +%{rpmhome}/find-lang.sh +%{rpmhome}/*provides* +%{rpmhome}/*requires* +%{rpmhome}/*deps* +%{rpmhome}/*.prov +%{rpmhome}/*.req +%{rpmhome}/config.* +%{rpmhome}/mkinstalldirs +%{rpmhome}/macros.p* +%{rpmhome}/fileattrs/* + +%files sign +%{_bindir}/rpmsign +%{_mandir}/man8/rpmsign.8* + +%if %{with python2} +%files -n python2-%{name} +%{python2_sitearch}/%{name}/ +%{python2_sitearch}/%{name}-%{version}*.egg-info +%endif # with python2 + +%files -n python3-%{name} +%{python3_sitearch}/%{name}/ +%{python3_sitearch}/%{name}-%{version}*.egg-info + +%files devel +%{_mandir}/man8/rpmgraph.8* +%{_bindir}/rpmgraph +%{_libdir}/librp*[a-z].so +%{_libdir}/pkgconfig/%{name}.pc +%{_includedir}/%{name}/ + +%files cron +%{_sysconfdir}/cron.daily/rpm +%config(noreplace) %{_sysconfdir}/logrotate.d/rpm + +%files apidocs +%license COPYING +%doc doc/librpm/html/* + +%changelog +* Tue Jun 06 2019 Panu Matilainen - 4.14.2-20 +- Fix packages getting removed on failed update via dnf (#1710346) + +* Tue Jun 04 2019 Panu Matilainen - 4.14.2-19 +- Fix rare segfault in fingerprinting symlink round (#1660232) + +* Tue Jun 04 2019 Panu Matilainen - 4.14.2-18 +- Make use of unversioned %%__python macro an error (#1645663) + +* Wed Apr 24 2019 Florian Festi - 4.14.2-17 +- Add flag to use strip -g instead of full strip on DSOs (#1689810) + +* Wed Apr 24 2019 Florian Festi - 4.14.2-16 +- Sort list of hard linked files in find-debuginfo.sh (#1421272) +- Correct rpm -ql exit value when optional -p is omitted (#1680610) +- Show list of files only once when use rpm -ql and multiple rpm files (#1689898) + +* Fri Apr 12 2019 Panu Matilainen - 4.14.2-15 +- Fix %_minimize_writes stripping suid/sgid bits and capabilities (#1690876) + +* Thu Apr 11 2019 Panu Matilainen - 4.14.2-14 +- Verify packages before signing (#1646388) +- Make rpmsign exist values more consistent with our other tools + +* Thu Apr 11 2019 Panu Matilainen - 4.14.2-13 +- Report meaningful errors from SElinux plugin (#1679028) + +* Thu Apr 11 2019 Panu Matilainen - 4.14.2-12 +- Fix an ancient GIL locking bug, required for the .decode() trick + +* Thu Apr 11 2019 Panu Matilainen - 4.14.2-11 +- Revised patch for Py3 string data as surrogate-escaped utf-8 (#1631292) +- Add a .decode() method to returned Py3 strings for compatibility + +* Wed Mar 06 2019 Panu Matilainen - 4.14.2-10 +- Return all string data as surrogate-escaped utf-8 in Python 3 (#1631292) + +* Thu Dec 20 2018 Panu Matilainen - 4.14.2-9 +- Mark elements with associated problems as failed (needed for audit) + +* Fri Dec 14 2018 Panu Matilainen - 4.14.2-8 +- Differentiate between install and update in audit log + +* Mon Dec 03 2018 Panu Matilainen - 4.14.2-7 +- Move python-macro-helper to main package where the macros are (#1651926) +- Document --noverify in the man page (#1646458) +- Handle unsupported digests the same as disabled ones (#1652529) + +* Mon Dec 03 2018 Panu Matilainen - 4.14.2-6 +- Fix our SElinux dependencies (#1651926) + +* Fri Nov 30 2018 Florian Festi - 4.14.2-5 +- Add new tag MODULARITYLABEL (#1650287) + +* Mon Oct 22 2018 Panu Matilainen - 4.14.2-4 +- Fix nasty --setperms/--setugids regression introduced in 4.14.2 (#1640470) + +* Thu Sep 13 2018 Panu Matilainen - 4.14.2-3 +- Oops, op= was supposed to be first in the audit message (#1607612) + +* Thu Sep 13 2018 Panu Matilainen - 4.14.2-2 +- Revised audit patch, log removals and verify failures too (#1607612) + +* Mon Sep 03 2018 Panu Matilainen - 4.14.2-1 +- Buildrequire audit-libs-devel to actually enable the feature (#1607612) +- Update to rpm 4.14.2 final (http://rpm.org/wiki/Releases/4.14.2) + +* Fri Aug 10 2018 Panu Matilainen - 4.14.2-0.rc2.1 +- Update to rpm 4.14.2-rc2 +- Fixes a regression in rpmlog error handling (#1597274) +- Fixes several resource leaks found by covscan (#1602681) +- Fixes DISTTAG not getting copied to source rpms (#1596193) + +* Tue Aug 07 2018 Florian Festi - 4.14.2-0.rc1.5 +- Wrap zstd Requires in build condition + +* Thu Aug 02 2018 Florian Festi - 4.14.2-0.rc1.4 +- Add log entries to audit system (#1607612) + +* Wed Aug 01 2018 Panu Matilainen - 4.14.2-0.rc1.3 +- Disable test-suite by default to avoid fakechroot dependency (#1601024) + +* Mon Jul 30 2018 Florian Festi - 4.14.2-0.rc1.2 +- Build without zstd support + +* Wed Jul 18 2018 Florian Festi - 4.14.2-0.rc1.1 +- Update to rpm 4.14.2-rc1 + +* Tue Jul 03 2018 Tomas Orsava - 4.14.1-11 +- Compile Python 3.6 stuff with /usr/libexec/platform-python instead of + /usr/bin/python3.6 + +* Fri Jun 29 2018 Charalampos Stratakis - 4.14.1-10.1 +- Bump release for rebuild + +* Tue Jun 26 2018 Charalampos Stratakis - 4.14.1-9 +- Disable python2 bytecompilation + +* Fri Jun 22 2018 Charalampos Stratakis - 4.14.1-8 +- Conditionalize the python2 subpackage + +* Mon Feb 19 2018 Panu Matilainen - 4.14.1-7 +- Explicitly BuildRequire gcc and make + +* Fri Feb 09 2018 Igor Gnatenko - 4.14.1-6.1 +- Escape macros in %%changelog + +* Wed Jan 31 2018 Panu Matilainen - 4.14.1-6 +- Avoid unnecessary macro helper dependency on /usr/bin/python (#1538657) +- Fix release of previous changelog entry + +* Tue Jan 30 2018 Tomas Orsava - 4.14.1-5 +- Add envvar that will be present during RPM build, + Part of a Fedora Change for F28: "Avoid /usr/bin/python in RPM build" + https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build + +* Tue Jan 30 2018 Petr Viktorin - 4.14.1-4 +- Skip automatic Python byte-compilation if *.py files are not present + +* Thu Jan 25 2018 Florian Weimer - 4.14.1-3 +- Rebuild to work around gcc bug leading to librpm miscompilation (#1538648) + +* Thu Jan 18 2018 Panu Matilainen - 4.14.1-2 +- Avoid nuking the new python-macro-helper along with dep generators (#1535692) + +* Tue Jan 16 2018 Panu Matilainen - 4.14.1-1 +- Rebase to rpm 4.14.1 (http://rpm.org/wiki/Releases/4.14.1) + +* Tue Nov 07 2017 Igor Gnatenko - 4.14.0-5 +- Fix typo in Obsoletes + +* Mon Nov 06 2017 Igor Gnatenko - 4.14.0-4 +- Remove platform-python bits + +* Thu Oct 26 2017 Panu Matilainen - 4.14.0-3 +- Move selinux plugin dependency to selinux-policy in Fedora >= 28 (#1493267) + +* Thu Oct 12 2017 Panu Matilainen - 4.14.0-2 +- Dump out test-suite log in case of failures again +- Don't assume per-user groups in test-suite + +* Thu Oct 12 2017 Panu Matilainen - 4.14.0-1 +- Rebase to rpm 4.14.0 final (http://rpm.org/wiki/Releases/4.14.0) + +* Tue Oct 10 2017 Troy Dawson - 4.14.0-0.rc2.6 +- Cleanup spec file conditionals + +* Tue Oct 03 2017 Panu Matilainen - 4.14.0-0.rc2.5 +- Add build conditionals for zstd and lmdb support +- Enable zstd support + +* Tue Oct 03 2017 Panu Matilainen - 4.14.0-0.rc2.4 +- Spec cleanups + +* Fri Sep 29 2017 Panu Matilainen - 4.14.0-0.rc2.3 +- BuildRequire gnupg2 for the testsuite + +* Fri Sep 29 2017 Panu Matilainen - 4.14.0-0.rc2.2 +- ima-evm-utils only has a -devel package in fedora >= 28 + +* Thu Sep 28 2017 Panu Matilainen - 4.14.0-0.rc2.1 +- Rebase to rpm 4.14.0-rc2 (http://rpm.org/wiki/Releases/4.14.0) + +* Mon Sep 18 2017 Panu Matilainen - 4.14.0-0.rc1.3 +- Fix Ftell() past 2GB on 32bit architectures (#1492587) + +* Thu Sep 07 2017 Panu Matilainen - 4.14.0-0.rc1.2 +- Actually honor with/without libimaevm option +- ima-evm-utils-devel >= 1.0 is required for rpm >= 4.14.0 + +* Wed Sep 06 2017 Panu Matilainen - 4.14.0-0.rc1.1 +- Rebase to rpm 4.14.0-rc1 (http://rpm.org/wiki/Releases/4.14.0) +- Re-enable SHA256 header digest generation (see #1480407) + +* Mon Aug 28 2017 Panu Matilainen - 4.13.90-0.git14000.8 +- Band-aid for DB_VERSION_MISMATCH errors on glibc updates (#1465809) + +* Thu Aug 24 2017 Panu Matilainen - 4.13.90-0.git14000.7 +- Remove ugly kludges from posttrans script, BDB handles this now + +* Fri Aug 18 2017 Panu Matilainen - 4.13.90-0.git14000.6 +- Silence harmless but bogus error message on noarch packages (#1482144) + +* Thu Aug 17 2017 Miro Hrončok - 4.13.90-0.git14002.5 +- Build with platform_python + +* Mon Aug 14 2017 Miro Hrončok - 4.13.90-0.git14000.4 +- Add platform-python bytecompilation patch: platform-python-bytecompile.patch +- Add platform python deps generator patch: platform-python-abi.patch +- Add a platform-python subpackage and remove system python related declarations +- Build rpm without platform_python for bytecompilation + (https://fedoraproject.org/wiki/Changes/Platform_Python_Stack) + +* Mon Aug 14 2017 Panu Matilainen - 4.13.90-0.git14000.3 +- Disable macro argument quoting as a band-aid to #1481025 + +* Fri Aug 11 2017 Panu Matilainen - 4.13.90-0.git14000.2 +- Disable SHA256 header-only digest generation temporarily (#1480407) + +* Thu Aug 10 2017 Panu Matilainen - 4.13.90-0.git14000.1 +- Rebase to rpm 4.13.90 aka 4.14.0-alpha (#1474836) + +* Mon Jul 31 2017 Igor Gnatenko - 4.13.0.1-41 +- Move _debuginfo_subpackages and _debugsource_packages to redhat-rpm-config + +* Sat Jul 29 2017 Igor Gnatenko - 4.13.0.1-40 +- Update latest patches from merged versions + +* Fri Jul 28 2017 Igor Gnatenko - 4.13.0.1-39 +- Backport fixes for debuginfo subpackages + +* Wed Jul 26 2017 Igor Gnatenko - 4.13.0.1-38 +- Backport trivial fix for debugsourcefiles.list ending up in random dir + +* Tue Jul 25 2017 Igor Gnatenko - 4.13.0.1-37 +- Enable debugsource and debuginfo subpackages by default + +* Mon Jul 24 2017 Igor Gnatenko - 4.13.0.1-36 +- Make sure that test results are not ignored + +* Sun Jul 23 2017 Mark Wielaard - 4.13.0.1-35 +- Fix rpmfd_write on big endian arches. + +* Fri Jul 21 2017 Mark Wielaard - 4.13.0.1-34 +- find-debuginfo.sh: Remove non-allocated NOBITS sections from minisymtab. + +* Thu Jul 20 2017 Igor Gnatenko - 4.13.0.1-33 +- Remove strict requirement on python libs + +* Tue Jul 18 2017 Mark Wielaard - 4.13.0.1-32 +- Add find-debuginfo.sh: Add --keep-section and --remove-section (#1465997) + +* Wed Jul 12 2017 Igor Gnatenko - 4.13.0.1-31 +- Add automatic provides debuginfo(build-id) = ... into debuginfo subpackages + +* Fri Jul 07 2017 Igor Gnatenko - 4.13.0.1-30 +- Fix brokeness when using %%filter_setup (RHBZ #1468476) + +* Tue Jul 04 2017 Mark Wielaard - 4.13.0.1-29 +- Track patches using https://pagure.io/rpm-fedora +- Use file list to explicitly set mode for build-id dirs/files + (#1452893, #1458839) + +* Thu Jun 29 2017 Mark Wielaard - 4.13.0.1-28 +- Add debugedit-prefix.patch. +- Add find-debuginfo-filter-built-ins.patch. +- Add find-debuginfo-dwz-multi.patch. +- Add find-debuginfo-and-macro-docs.patch. + +* Wed Jun 28 2017 Mark Wielaard - 4.13.0.1-27 +- Add find-debuginfo-split-traversal-and-extraction-fix.patch (#1465170) + +* Wed Jun 28 2017 Igor Gnatenko - 4.13.0.1-26 +- Backport patches for rich dependencies from dependency generators + +* Sun Jun 25 2017 Mark Wielaard - 4.13.0.1-25 +- Add support for debugsource and debuginfo subpackages + - find-debuginfo-untangle-unique-build-options.patch + - debugsrc-and-sub-debuginfo-packages.patch + +* Fri Jun 23 2017 Mark Wielaard - 4.13.0.1-24 +- Backport parallel debuginfo processing. + +* Tue May 30 2017 Mark Wielaard - 4.13.0.1-23 +- Fix resetting attr flags in buildid creation (#1449732) + +* Tue May 23 2017 Panu Matilainen - 4.13.0.1-22 +- Python dependency generators live in python-rpm-generators now (#1444925) + +* Tue May 23 2017 Panu Matilainen - 4.13.0.1-21 +- Fix rpmsign python module import failing (#1393659) + +* Tue Apr 25 2017 Mark Wielaard - 4.13.0.1-20 +- Fix rpmbuild world writable empty (tmp) dirs in debuginfo (#641022) + +* Sat Apr 15 2017 Mark Wielaard - 4.13.0.1-19 +- Minisymtab should only be added for executables or shared libraries. +- Add find-debuginfo.sh -n (debugedit --no-recompute-build-id) option. + +* Fri Mar 31 2017 Panu Matilainen - 4.13.0.1-18 +- gpg path must not depend on %%_prefix and such (#1437726) + +* Mon Mar 27 2017 Panu Matilainen - 4.13.0.1-17 +- Work around missing python[23] during build dependency parse +- Include ISA in the new python library version dependencies too + +* Mon Mar 27 2017 Panu Matilainen - 4.13.0.1-16 +- Band-aid for python library versioning inadequacies (#1435135) + +* Mon Mar 27 2017 Mark Wielaard - 4.13.0.1-15 +- Unbreak short-circuited binary builds (#1434235). + +* Tue Mar 21 2017 Mark Wielaard - 4.13.0.1-14 +- Add fix for off by one adding DW_FORM_string replacement (#1434347). + +* Mon Mar 20 2017 Mark Wielaard - 4.13.0.1-13 +- Add tests fix for sed file build-id regexp matching. +- Add fix for build-ids in non-executable ELF files (#1433837). + +* Fri Mar 17 2017 Mark Wielaard - 4.13.0.1-12 +- Fix reading and updating (cross-endian) build-id information. + +* Fri Mar 17 2017 Mark Wielaard - 4.13.0.1-11 +- Do not process build-ids for noarch packages. + +* Thu Mar 16 2017 Mark Wielaard - 4.13.0.1-10 +- Add fix for debugedit replace debug_line files. + +* Thu Mar 16 2017 Igor Gnatenko - 4.13.0.1-9 +- Switch to OpenSSL (RHBZ #1390624) + +* Wed Mar 15 2017 Mark Wielaard - 4.13.0.1-8 +- Add fix to reset buildid file attributes (#1432372) + +* Fri Mar 10 2017 Mark Wielaard - 4.13.0.1-7 +- Add fixup fix for build-id warnings on object files (#1430587) + +* Thu Mar 09 2017 Mark Wielaard - 4.13.0.1-6 +- Add fix for missing_build_ids_terminate_build without __debug_package. + +* Thu Mar 09 2017 Mark Wielaard - 4.13.0.1-5 +- Add fix for build-id warnings on object files (#1430587) + +* Wed Mar 08 2017 Panu Matilainen - 4.13.0.1-4 +- Mark Wielaard's backports for debuginfo parallel installation etc (#1427970) + +* Fri Feb 24 2017 Pavlina Moravcova Varekova - 4.13.0.1-3 +- Fix number of references on spec_Type (#1426578) + +* Thu Feb 16 2017 Tomas Orsava - 4.13.0.1-2 +- Fix handling of Python wheels by pythondistdeps.py --provides (#1421776) + +* Thu Feb 16 2017 Panu Matilainen - 4.13.0.1-1 +- Update to 4.13.0.1 ((http://rpm.org/wiki/Releases/4.13.0) + +* Tue Feb 14 2017 Florian Festi - 4.13.0-12 +- Fix Python byte compilation for Python3 only packages (#1411588) + +* Sat Feb 11 2017 Fedora Release Engineering - 4.13.0-11.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 23 2017 Panu Matilainen - 4.13.0-11 +- Fix malformed packages being generated around 4GB boundary (#1405570) +- Resurrect debuginfo GDB index generation (#1410907) + +* Fri Jan 06 2017 Igor Gnatenko - 4.13.0-10 +- Add Requires: python-setuptools for rpm-build (RHBZ #1410631) + +* Wed Dec 21 2016 Peter Robinson 4.13.0-9 +- Rebuild for Python 3.6 + +* Sun Dec 18 2016 Igor Gnatenko - 4.13.0-8 +- Switch rpm-build to system-python (RHBZ #1405483) + +* Fri Dec 09 2016 Charalampos Stratakis - 4.13.0-7 +- Rebuild for Python 3.6 + +* Sat Dec 03 2016 Igor Gnatenko - 4.13.0-6 +- Fix arch-dependent requires in subpackages (RHBZ #1398591) + +* Fri Nov 25 2016 Igor Gnatenko - 4.13.0-5 +- Fix arch-dependent requires in subpackages (RHBZ #1398591) + +* Fri Nov 11 2016 Panu Matilainen - 4.13.0-4 +- Expand python subpackage obsoletion range (related: #1394125) + +* Mon Nov 07 2016 Panu Matilainen - 4.13.0-3 +- Fix invalid memory access on %%transfiletriggerpostun (#1284645) + +* Fri Nov 04 2016 Thierry Vignaud - 4.13.0-2 +- Fix package name references in python sub-packages to match reality +- Re-enable test-suite now that it works again + +* Thu Nov 03 2016 Panu Matilainen - 4.13.0-1 +- Rebase to rpm 4.13.0 final (http://rpm.org/wiki/Releases/4.13.0) + +* Wed Nov 02 2016 Panu Matilainen - 4.13.0-0.rc2.2 +- Fix harmless unused variable warning from fedora-specspo patch + +* Thu Oct 20 2016 Panu Matilainen - 4.13.0-0.rc2.1 +- Rebase to rpm 4.13.0-rc2 + +* Fri Sep 23 2016 Richard W.M. Jones - 4.13.0-0.rc1.47 +- Backport two upstream patches which add riscv64 architecture support. + +* Wed Aug 24 2016 Igor Gnatenko - 4.13.0-0.rc1.46 +- Backport patch for missing import in Python dependency generator + +* Wed Aug 24 2016 Kalev Lember - 4.13.0-0.rc1.45 +- Fix -python2 and -python3 subpackage obsoleting from .42 + +* Tue Aug 23 2016 Igor Gnatenko - 4.13.0-0.rc1.44 +- Use %%python_provide for python3 subpackage + +* Mon Aug 22 2016 Igor Gnatenko - 4.13.0-0.rc1.43 +- Backport fixes to ignore .egg-link files in Python dependency generator + +* Fri Aug 12 2016 Florian Festi - 4.13.0-0.rc1.42 +- Enable --majorver-provides in Python dependency generator + +* Tue Aug 09 2016 Igor Gnatenko - 4.13.0-0.rc1.41 +- Add %%{?system_python_abi} +- rpm-python -> python2-rpm && rpm-python3 -> python3-rpm with providing old names +- Fixes and cleanups + +* Tue Jul 19 2016 Fedora Release Engineering - 4.13.0-0.rc1.40.1 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Mon Jul 18 2016 Petr Pisar - 4.13.0-0.rc1.40 +- Drop rpm-build's dependency on perl-generators (bug #1158860) + +* Fri Jul 15 2016 Florian Festi - 4.13.0-0.rc1.39 +- Pass relevant files to new Python dependency generator + +* Mon Jun 13 2016 Florian Festi - 4.13.0-0.rc1.38 +- Add new Python dependency generator (provides only for now) (#1340885) + +* Thu Jun 02 2016 Florian Festi - 4.13.0-0.rc1.37 +- Add support for _buildhost macro (#1309367) + +* Mon May 23 2016 Lubos Kardos 4.13.0-0.rc1.36 +- Fix signing with non-ASCII uid keys (#1243963) + +* Thu May 19 2016 Lubos Kardos 4.13.0-0.rc1.35 +- Use armv7hl isa for all armhfp (armv7h*l) arches (#1326871) + +* Tue May 17 2016 Lubos Kardos 4.13.0-0.rc1.34 +- Filter unversioned deps if corresponding versioned deps exist (#678605) + +* Mon Apr 25 2016 Lubos Kardos 4.13.0-0.rc1.33 +- Fix sigsegv in stringFormat() (#1316903) +- Fix reading rpmtd behind its size in formatValue() (#1316896) + +* Fri Apr 15 2016 Lubos Kardos 4.13.0-0.rc1.32 +- escape %% chars in previous changelog record + +* Fri Apr 15 2016 Lubos Kardos 4.13.0-0.rc1.31 +- Enable --no-backup-if-mismatch by default in %%patch macro (#884755) +- Add %%{_default_patch_flags} to %%__patch which is used in %%autosetup +- Use fuzz settings for %%autopatch/%%autosetup + +* Thu Apr 14 2016 Lubos Kardos 4.13.0-0-rc1.30 +- Make creating index records consistent for rich and rich-weak deps (#1325982) + +* Tue Apr 12 2016 Lubos Kardos 4.13.0-0.rc1.29 +- Add RPMCALLBACK_ELEM_PROGRESS callback type (needed by dnf) + +* Wed Apr 06 2016 Lubos Kardos 4.13.0-0.rc1.28 +- Fix non-working combination of %%lang and %%doc directive (#1254483) + +* Thu Mar 10 2016 Lubos Kardos 4.13.0-0.rc1.27 +- Add posix.redirect2null (#1287918) + +* Fri Feb 26 2016 Florian Festi - 4.13.0-0.rc1.26 +- Fix ExclusiveArch/ExcludeArch for noarch packages (#1298668) + +* Thu Feb 25 2016 Florian Festi - 4.13.0-0.rc1.25 +- Fix dependencies for RemovePathPostfixes (#1306559) + +* Fri Feb 19 2016 Florian Festi - 4.13.0-0.rc1.24 +- Also block idle and sleep in the systemd-inhibit plugin (#1297984) +- Add support for MIPS release 6 +- Add mips32 mips64 mipsel and mipseb macros (#1285116) + +* Tue Feb 02 2016 Lubos Kardos - 4.13.0-0.rc1.23 +- Remove size limit when expanding macros (#1301677) + +* Mon Feb 01 2016 Lubos Kardos - 4.13.0-0.rc1.22 +- Harden rpm package again, previous attempt had to be reverted (#1289734) + +* Mon Feb 01 2016 Lubos Kardos - 4.13.0-0.rc1.21 +- Remove setting %%_gnu macro explictly, no more needed (#1303265) + +* Mon Feb 01 2016 Lubos Kardos - 4.13.0-0.rc1.20 +- Revert using %%configure, it causes problems +- Temporary set %%_gnu macro explictly, just for one build (#1303265) + +* Fri Jan 29 2016 Lubos Kardos - 4.13.0-0.rc1.19 +- Use %%configure macro, harden rpm package (#1289734) + +* Tue Jan 19 2016 Lubos Kardos - 4.13.0-0.rc1.18 +- Escape %%autosetup in previous changelog record + +* Tue Jan 19 2016 Lubos Kardos - 4.13.0-0.rc1.17 +- Fix %%autosetup not to cause errors during run of rpmspec tool (#1293687) + +* Fri Jan 15 2016 Lubos Kardos - 4.13.0-0.rc1.16 +- Fix recursive calling of rpmdeps tool (#1297557) + +* Fri Jan 15 2016 Florian Festi - 4.13.0-0.rc1.15 +- Add support for missingok file attribute + +* Fri Jan 15 2016 Lubos Kardos - 4.13.0-0.rc1.14 +- Fix not chrooting transaction file triggers + +* Mon Nov 23 2015 Lubos Kardos - 4.13.0-0.rc1.13 +- Add possibility to disable file triggers +- Fix unwanted multiple execution of filetriggers in dnf (#1282115) + +* Thu Nov 12 2015 Fedora Release Engineering - 4.13.0-0.rc1.12 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Fri Nov 06 2015 Lubos Kardos - 4.13.0-0.rc1.11 +- Fix crash when parsing corrupted RPM file (#1273360) + +* Fri Nov 06 2015 Lubos Kardos - 4.13.0-0.rc1.10 +- Fix SIGSEGV in case of old unsupported gpg keys (#1277464) + +* Fri Oct 30 2015 Lubos Kardos - 4.13.0-0.rc1.9 +- Ignore SIGPIPE signals during execucton of scriptlets (#1264198) + +* Fri Oct 30 2015 Florian Festi - 4.13.0-0.rc1.8 +- Move /usr/lib/rpm/fileattrs directory from rpm-build to rpm (#1272766) + +* Fri Oct 23 2015 Lubos Kardos - 4.13-0.rc1.7 +- Fix reading a memory right after the end of an allocated area (#1260248) +- Add support for various types of dependencies to rpmdeps tool (#1247092) +- fix %%autopatch when patch do not exist (#1244172) + +* Fri Oct 23 2015 Lubos Kardos - 4.13-0.rc1.6 +- If %%_wrong_version_format_terminate_build is 1 then terminate build in case + that version format is wrong i. e. epoch is not unsigned integer or version + contains more separators (":", "-"). %%_wrong_version_format_terminate_build + is 1 by deafault (#1265700) + +* Wed Oct 14 2015 Robert Kuska - 4.13.0-0.rc1.5 +- Rebuilt for Python3.5 rebuild + +* Mon Oct 12 2015 Florian Festi - 4.13.0-0.rc1.4 +- Fix selinux plugin for permissive mode + +* Mon Sep 07 2015 Florian Festi - 4.13.0-0.rc1.3 +- Fix new rich dependency syntax + +* Sat Sep 05 2015 Kalev Lember - 4.13.0-0.rc1.2 +- Obsolete compat-librpm3 + +* Wed Sep 02 2015 Florian Festi - 4.13.0-0.rc1.1 +- Update to upstream rc1 release + +* Mon Aug 10 2015 Lubos Kardos - 4.12.90-7 +- Fix last occurence of PyString + +* Thu Aug 06 2015 Lubos Kardos - 4.12.90-6 +- Add --filetriggers option to show info about file triggers. + +* Mon Aug 03 2015 Lubos Kardos - 4.12.90-5 +- If globbing of a filename fails, try use the filename without globbing. + (#1246743) +- Modify rpmIsGlob() to be more precise and compatible with glob(). + (#1246743) + +* Thu Jul 30 2015 Lubos Kardos - 4.12.90-4 +- Don't warn when an escaped macro is in a comment (#1224660) + +* Mon Jul 27 2015 Florian Festi - 4.12.90-3 +- Fix compressed patches (#1247248) + +* Mon Jul 27 2015 Lubos Kardos - 4.12.90-2 +- Enable braces expansion in rpmGlob() (#1246743) + +* Fri Jul 24 2015 Florian Festi - 4.12.90-1 +- Update to upstream alpha release + +* Tue Jul 14 2015 Michal Toman - 4.12.0.1-18 +- Add support for MIPS platform + +* Mon Jun 29 2015 Florian Festi - 4.12.0.1-17 +- Fix Python import directive for more strict Python3 search rules (#1236493) + +* Fri Jun 19 2015 Lubos Kardos 4.12.0.1-16 +- Allow gpg to get passphrase by itself (#1228234) + +* Thu Jun 18 2015 Fedora Release Engineering - 4.12.0.1-15.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Florian Festi - 4.12.0.1-15 +- Add --whatrecommends and friends (#1231247) + +* Wed Apr 15 2015 Florian Festi - 4.12.0.1-14 +- Fix references to sources in golang debuginfo packages (#1184221) + +* Tue Mar 31 2015 Lubos Kardos 4.12.0-13 +- Fix wrong use of variable strip_g in find-debuginfo.sh (#1207434) + +* Mon Mar 30 2015 Lubos Kardos 4.12.0-12 +- Fix segmentation fault (#1206750) + +* Fri Mar 27 2015 Lubos Kardos 4.12.0-11 +- Pass _find_debuginfo_opts -g to eu-strip for executables (#1186563) +- add_minidebug is not ran when strip_g is set (#1186563) + +* Fri Mar 20 2015 Lubos Kardos 4.12.0-10 +- Fix "--excludedocs" option (#1192625) + +* Fri Mar 20 2015 Florian Festi - 4.12.0.1-9 +- Fix spec to allow building without plugins (#1182385) + +* Mon Mar 16 2015 Than Ngo - 4.12.0.1-8 +- bump release and rebuild so that koji-shadow can rebuild it + against new gcc on secondary arch + +* Sat Feb 21 2015 Till Maas - 4.12.0.1-7.1 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Tue Feb 17 2015 Richard W.M. Jones - 4.12.0.1-7 +- Include upstream patch to fix find-debuginfo (http://www.rpm.org/ticket/887). + +* Fri Jan 16 2015 Tom Callaway - 4.12.0.1-6 +- rebuild against lua 5.3 + +* Fri Dec 12 2014 Lubos Kardos - 4.12.0.1-5 +- Add check against malicious CPIO file name size (#1168715) +- Fixes CVE-2014-8118 +- Fix race condidition where unchecked data is exposed in the file system + (#1039811) +- Fixes CVE-2013-6435 + +* Thu Oct 30 2014 Panu Matilainen - 4.12.0.1-4 +- Axe unused generator scripts forcing a perl dependency (#1158580, #1158583) + +* Tue Oct 28 2014 Panu Matilainen - 4.12.0.1-3 +- Skip ghost files in payload (#1156497) +- Fix size and archice size tag generation on big-endian systems + +* Wed Oct 01 2014 Panu Matilainen - 4.12.0.1-2 +- Dont wait for transaction lock inside scriptlets (#1135596) + +* Thu Sep 18 2014 Panu Matilainen - 4.12.0.1-1 +- Update to rpm-4.12.0.1 final (http://rpm.org/wiki/Releases/4.12.0.1) +- Temporary workaround payload size mismatch issue in rpm2cpio (#1142949) + +* Wed Sep 17 2014 Panu Matilainen - 4.12.0-2 +- Reduce the double separator spec parse error into a warning (#1065563) + +* Tue Sep 16 2014 Panu Matilainen - 4.12.0-1 +- Update to rpm-4.12.0 final (http://rpm.org/wiki/Releases/4.12.0) + +* Tue Sep 02 2014 Panu Matilainen - 4.12.0-0.rc1.2 +- Resurrect payload and tilde rpmlib() dependencies + +* Wed Aug 27 2014 Panu Matilainen - 4.12.0-0.rc1.1 +- Update to rpm-4.12.0-rc1 + +* Mon Aug 25 2014 Panu Matilainen - 4.12.0-0.beta1.6 +- Resurrect dependency logging on package build +- Resurrect rpmlib() dependencies in src.rpms + +* Wed Aug 20 2014 Panu Matilainen - 4.12.0-0.beta1.5 +- Fix duplicate trigger indexes caused by beta1.3 fix (#1131960) + +* Wed Aug 20 2014 Panu Matilainen - 4.12.0-0.beta1.4 +- Emergency hack for #1131892 + +* Mon Aug 18 2014 Panu Matilainen - 4.12.0-0.beta1.3 +- Fix regression on rpmspec dependency queries + +* Mon Aug 18 2014 Panu Matilainen - 4.12.0-0.beta1.2 +- Fix regression on BuildRequires checking + +* Mon Aug 18 2014 Panu Matilainen - 4.12.0-0.beta1.1 +- Update to 4.12.0-beta1 (http://rpm.org/wiki/Releases/4.12.0) +- Fixes #1122004, #1111349, #1117912, #1123722 +- Drop upstreamed patches + +* Mon Aug 18 2014 Fedora Release Engineering - 4.11.90-0.git12844.5.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jul 03 2014 Panu Matilainen - 4.11.90-0.git12844.5 +- Fix wildcard database iterator (#1115824) + +* Wed Jul 02 2014 Panu Matilainen - 4.11.90-0.git12844.4 +- Use autosetup for building rpm itself +- Hopefully fix armv7 vfp/neon detection + +* Tue Jul 01 2014 Panu Matilainen - 4.11.90-0.git12844.3 +- Drop no longer needed temporary UsrMove patch +- Macro-expand load macro argument + +* Mon Jun 30 2014 Panu Matilainen - 4.11.90-0.git12844.2 +- Fix multiple interleaved hardlink groups during build + +* Mon Jun 30 2014 Panu Matilainen - 4.11.90-0.git12844.1 +- Update to rpm 4.12-alpha ((http://rpm.org/wiki/Releases/4.12.0) +- Drop/adjust patches as appropriate +- New sub-package(s) for plugins + +* Thu Jun 26 2014 Panu Matilainen - 4.11.2-17 +- Clean up old, no longer needed cruft from spec + +* Thu Jun 26 2014 Panu Matilainen - 4.11.2-16 +- Mark licenses as such, not documentation + +* Wed Jun 25 2014 Panu Matilainen - 4.11.2-15 +- Perl dependency generators live in perl-generators (#1110823) now + +* Wed Jun 18 2014 Lubomir Rintel - 4.11.2-14 +- Fix the armhfp patch for armv6hl + +* Tue Jun 10 2014 Panu Matilainen - 4.11.2-13 +- Rawhide broke our test-suite, disable for now to allow builds to be done + +* Sun Jun 08 2014 Fedora Release Engineering - 4.11.2-12.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat May 31 2014 Peter Robinson 4.11.2-12 +- Drop ChangeLog.bz2 (it's in the source, and it's large) + +* Thu May 15 2014 Bohuslav Kabrda - 4.11.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Mon Apr 21 2014 Tom Callaway - 4.11.2-10 +- remove _isa from all BuildRequires (bz 554854) + See: https://fedoraproject.org/wiki/Packaging:Guidelines#BuildRequires_and_.25.7B_isa.7D + +* Tue Apr 15 2014 Panu Matilainen - 4.11.2-9 +- move kmod and libsymlink dependency generators to redhat-rpm-config + +* Mon Apr 14 2014 Panu Matilainen - 4.11.2-8 +- fix appdata.prov script missing from package + +* Fri Apr 11 2014 Panu Matilainen - 4.11.2-7 +- disable sanitizers for now, needs more work... + +* Fri Apr 11 2014 Panu Matilainen - 4.11.2-6 +- build with -fsanitize=address and -fsanitize=undefined for now +- add spec build conditional for sanitizer build + +* Tue Apr 08 2014 Panu Matilainen - 4.11.2-5 +- replace unmaintained dependency generator scripts with rpmdeps wrappers + +* Thu Mar 27 2014 Panu Matilainen - 4.11.2-4 +- revert #1045723 fix for now, it breaks some java package macros + +* Wed Mar 26 2014 Panu Matilainen - 4.11.2-3 +- dont eat newlines on parametrized macro invocations (#1045723) +- fully reset file actions between rpmtsRun() calls (#1076552) +- fix build and sign module initialization in python3 (#1064758) + +* Tue Feb 18 2014 Panu Matilainen - 4.11.2-2 +- reduce the double separator spec parse error into a warning (#1065563) + +* Thu Feb 13 2014 Panu Matilainen - 4.11.2-1 +- update to 4.11.2 final (http://rpm.org/wiki/Releases/4.11.2) + +* Thu Feb 06 2014 Panu Matilainen - 4.11.2-0.rc2.1 +- update to 4.11.2-rc2 (http://rpm.org/wiki/Releases/4.11.2) + +* Mon Jan 20 2014 Panu Matilainen - 4.11.2-0.rc1.1 +- update to 4.11.2-rc1 (http://rpm.org/wiki/Releases/4.11.2) +- drop upstreamed patches, adjust others as needed +- handle python egg-info's version munging in file lists + +* Wed Jan 15 2014 Panu Matilainen - 4.11.1-12 +- include ppc64le in %%power64 macro (#1052930) + +* Tue Dec 03 2013 Panu Matilainen - 4.11.1-11 +- generate kmod(module.ko) provides for kernel (#1025513) +- dont override CONFIG_SITE if already set (related to #962837) + +* Mon Nov 18 2013 Panu Matilainen - 4.11.1-10 +- python 3 string and file compatibility fixes + +* Mon Oct 14 2013 Panu Matilainen - 4.11.1-9 +- generate application() provides for gnome-software + +* Tue Oct 01 2013 Panu Matilainen - 4.11.1-8 +- add support for ppc64le architecture + +* Mon Sep 09 2013 Panu Matilainen - 4.11.1-7 +- fix build-time double-free on file capability processing (#956190) +- fix relocation related regression on file sanity check (#1001553) +- fix segfault on empty -p scriptlet body (#1004062) +- fix source url, once again + +* Wed Aug 21 2013 Panu Matilainen - 4.11.1-6 +- add python3 sub-package, based on patch by Bohuslav Kabrda + +* Sat Aug 03 2013 Petr Pisar - 4.11.1-5.1 +- Perl 5.18 rebuild + +* Fri Aug 02 2013 Panu Matilainen - 4.11.1-5 +- add missing dependency on tar to rpm-build (#986539) + +* Tue Jul 30 2013 Florian Festi - 4.11.1-4 +- Do not filter out lib64.* dependencies (#988373) + +* Wed Jul 17 2013 Petr Pisar - 4.11.1-3.1 +- Perl 5.18 rebuild + +* Fri Jul 05 2013 Panu Matilainen - 4.11.1-3 +- ensure relocatable packages always get install-prefix(es) set (#979443) + +* Thu Jul 04 2013 Panu Matilainen - 4.11.1-2 +- fix .gnu_debuglink CRC32 after dwz, buildrequire binutils-devel (#971119) + +* Thu Jun 27 2013 Panu Matilainen - 4.11.1-1 +- update to 4.11.1 final (http://rpm.org/wiki/Releases/4.11.1) + +* Thu Jun 20 2013 Panu Matilainen - 4.11.1-0.rc2.1 +- update to 4.11.2-rc2 (http://rpm.org/wiki/Releases/4.11.1) +- drop upstreamed patches + +* Mon Jun 17 2013 Panu Matilainen - 4.11.1-0.rc1.4 +- handle aarch64 debug_info relocations in debugedit (#974860) + +* Tue Jun 11 2013 Panu Matilainen - 4.11.1-0.rc1.3 +- disable autoconf config.site processing in builds (#962837) + +* Tue Jun 11 2013 Panu Matilainen - 4.11.1-0.rc1.2 +- fix regression on addressing main package by its name (#972994) + +* Mon Jun 10 2013 Panu Matilainen - 4.11.1-0.rc1.1 +- update to 4.11.1-rc1 (http://rpm.org/wiki/Releases/4.11.1) + +* Tue May 28 2013 Panu Matilainen - - 4.11.0.1-7 +- serialize BDB environment open/close (#924417) + +* Wed May 22 2013 Panu Matilainen - - 4.11.0.1-6 +- only consider files with .pm suffix as perl modules (#927211) + +* Fri May 17 2013 Panu Matilainen - - 4.11.0.1-5 +- filter out non-library soname dependencies + +* Thu May 16 2013 Panu Matilainen - - 4.11.0.1-4 +- check for stale locks when opening write-cursors (#860500, #962750...) + +* Fri May 10 2013 Tom Callaway - 4.11.0.1-3 +- lua 5.2 fix from upstream + +* Mon Mar 25 2013 Panu Matilainen - 4.11.0.1-2 +- make rpm-build depend on virtual system-rpm-config provide + +* Mon Feb 04 2013 Panu Matilainen - 4.11.0.1-1 +- update to 4.11.0.1 (http://rpm.org/wiki/Releases/4.11.0.1) + +* Tue Jan 29 2013 Panu Matilainen - 4.11.0-0.beta1.3 +- revert yesterdays ghost-fix, it eats rpmdb's on upgrades + +* Mon Jan 28 2013 Panu Matilainen - 4.11.0-0.beta1.2 +- armv7hl and armv7hnl should not have -mthumb (#901901) +- fix duplicate directory ownership between rpm and rpm-build (#894201) +- fix regression on paths shared between a real file/dir and a ghost + +* Mon Dec 10 2012 Panu Matilainen - 4.11.0-0.beta1.1 +- update to 4.11 beta + +* Mon Nov 19 2012 Panu Matilainen - 4.10.90-0.git11989.3 +- package /usr/lib/rpm/macros.d directory (related to #846679) +- fixup a bunch of old incorrect dates in spec changelog + +* Sat Nov 17 2012 Panu Matilainen - 4.10.90-0.git11989.2 +- fix double-free on %%caps in spec (#877512) + +* Thu Nov 15 2012 Panu Matilainen - 4.10.90-0.git11989.1 +- update to 4.11 (http://rpm.org/wiki/Releases/4.11.0) post-alpha snapshot +- drop/adjust patches as necessary + +* Thu Oct 11 2012 Panu Matilainen - 4.10.1-3 +- fix noarch __isa_* macro filter in installplatform (#865436) + +* Wed Oct 10 2012 Panu Matilainen - 4.10.1-2 +- account for intentionally skipped files when verifying hardlinks (#864622) + +* Wed Oct 03 2012 Panu Matilainen - 4.10.1-1 +- update to 4.10.1 ((http://rpm.org/wiki/Releases/4.10.1) + +* Mon Jul 30 2012 Panu Matilainen - 4.10.0-6 +- move our tmpfiles config to more politically correct location (#840192) + +* Sat Jul 21 2012 Fedora Release Engineering - 4.10.0-5.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 02 2012 Panu Matilainen - 4.10.0-5 +- force _host_vendor to redhat to better match toolchain etc (#485203) + +* Thu Jun 28 2012 Panu Matilainen - 4.10.0-4 +- merge ppc64p7 related fixes that only went into f17 (#835978) + +* Wed Jun 27 2012 Panu Matilainen - 4.10.0-3 +- add support for minidebuginfo generation (#834073) + +* Mon Jun 25 2012 Panu Matilainen - 4.10.0-2 +- add dwarf compression support to debuginfo generation (#833311) + +* Thu May 24 2012 Panu Matilainen - 4.10.0-1 +- update to 4.10.0 final + +* Mon Apr 23 2012 Panu Matilainen - 4.10.0-0.beta1.1 +- update to 4.10.0-beta1 + +* Mon Apr 16 2012 Panu Matilainen - 4.9.90-0.git11536.1 +- newer git snapshot (#809402, #808750) +- adjust posttrans script wrt bdb string change (#803866, #805613) + +* Thu Apr 05 2012 Panu Matilainen - 4.9.90-0.git11519.1 +- newer git snapshot to keep patch-count down +- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815 +- fix obsoletes in installing set getting matched on provides (#810077) + +* Wed Apr 04 2012 Jindrich Novy - 4.9.90-0.git11505.12 +- rebuild against new libdb + +* Tue Apr 03 2012 Jindrich Novy - 4.9.90-0.git11505.11 +- build with internal libdb to allow libdb build with higher soname + +* Fri Mar 30 2012 Panu Matilainen - 4.9.90-0.git11505.10 +- fix base arch macro generation (#808250) + +* Thu Mar 29 2012 Panu Matilainen - 4.9.90-0.git11505.9 +- accept files as command line arguments to rpmdeps again (#807767) + +* Mon Mar 26 2012 Panu Matilainen - 4.9.90-0.git11505.8 +- remove fake library provide hacks now that deltarpm got rebuilt + +* Fri Mar 23 2012 Panu Matilainen - 4.9.90-0.git11505.7 +- fix header data length calculation breakage + +* Thu Mar 22 2012 Panu Matilainen - 4.9.90-0.git11505.6 +- fix keyid size bogosity causing breakage on 32bit systems + +* Wed Mar 21 2012 Panu Matilainen - 4.9.90-0.git11505.5 +- add temporary fake library provides to get around deltarpm "bootstrap" + dependency (yes its dirty) + +* Wed Mar 21 2012 Panu Matilainen - 4.9.90-0.git11505.4 +- fix overzealous sanity check breaking posttrans scripts + +* Tue Mar 20 2012 Panu Matilainen - 4.9.90-0.git11505.3 +- fix bad interaction with yum's test-transaction and pretrans scripts + +* Tue Mar 20 2012 Jindrich Novy - 4.9.90-0.git11505.2 +- rebuild + +* Tue Mar 20 2012 Panu Matilainen - 4.9.90-0.git11505.1 +- update to 4.10.0 alpha (http://rpm.org/wiki/Releases/4.10.0) +- drop/adjust patches as necessary + +* Wed Mar 07 2012 Panu Matilainen - 4.9.1.2-14 +- fix backport thinko in the exclude patch + +* Wed Mar 07 2012 Panu Matilainen - 4.9.1.2-13 +- fix memory corruption on rpmdb size estimation (#766260) +- fix couple of memleaks in python bindings (#782147) +- fix regression in verify output formatting (#797964) +- dont process spec include in false branch of if (#782970) +- only warn on missing excluded files on build (#745629) +- dont free up file info sets on test transactions + +* Thu Feb 09 2012 Panu Matilainen - 4.9.1.2-12 +- switch back to smaller BDB cache default (#752897) + +* Sun Jan 15 2012 Dennis Gilmore - 4.9.1.2-11 +- always apply arm hfp macros, conditionally apply the logic to detect hfp + +* Tue Jan 10 2012 Panu Matilainen - 4.9.1.2-10 +- adjust perl and python detection rules for libmagic change (#772699) + +* Mon Jan 09 2012 Jindrich Novy - 4.9.1.2-9 +- recognize perl script as perl code (#772632) + +* Tue Dec 20 2011 Kay Sievers - 4.9.1.2-8 +- add temporary rpmlib patch to support filesystem transition + https://fedoraproject.org/wiki/Features/UsrMove + +* Fri Dec 02 2011 Panu Matilainen - 4.9.1.2-7 +- switch over to libdb, aka Berkeley DB 5.x + +* Thu Dec 01 2011 Panu Matilainen - 4.9.1.2-6 +- fix classification of ELF binaries with setuid/setgid bit (#758251) + +* Fri Nov 25 2011 Panu Matilainen - 4.9.1.2-5 +- adjust font detection rules for libmagic change (#757105) + +* Wed Nov 09 2011 Dennis Gilmore - 4.9.1.2-4 +- conditionally apply arm patch for hardfp on all arches but arm softfp ones + +* Fri Oct 28 2011 Panu Matilainen - 4.9.1.2-3 +- adjust db util prefix & dependency due to #749293 +- warn but dont fail the build if STABS encountered by debugedit (#725378) + +* Wed Oct 12 2011 Panu Matilainen - 4.9.1.2-2 +- try teaching find-lang about the new gnome help layout (#736523) + +* Thu Sep 29 2011 Panu Matilainen - 4.9.1.2-1 +- update to 4.9.1.2 (CVE-2011-3378) +- drop upstreamed rpmdb signal patch + +* Mon Sep 19 2011 Panu Matilainen - 4.9.1.1-3 +- fix signal blocking/unblocking regression on rpmdb open/close (#739492) + +* Mon Aug 08 2011 Adam Jackson 4.9.1.1-2 +- Add RPM_LD_FLAGS to build environment (#728974) + +* Tue Aug 02 2011 Panu Matilainen - 4.9.1.1-1 +- update to 4.9.1.1 + +* Tue Jul 19 2011 Panu Matilainen - 4.9.1-2 +- fix recursion of directories with trailing slash in file list (#722474) + +* Fri Jul 15 2011 Panu Matilainen - 4.9.1-1 +- update to 4.9.1 (http://rpm.org/wiki/Releases/4.9.1) +- drop no longer needed patches + +* Thu Jun 16 2011 Panu Matilainen - 4.9.0-10 +- rebuild to fix a missing interpreter dependency due to bug #712251 + +* Fri Jun 10 2011 Panu Matilainen - 4.9.0-9 +- fix crash if prep or changelog section in spec is empty (#706959) +- fix crash on macro which undefines itself +- fix script dependency generation with file 5.07 string changes (#712251) + +* Thu May 26 2011 Panu Matilainen - 4.9.0-8 +- add dwarf-4 support to debugedit (#707677) +- generate build-id symlinks for all filenames sharing a build-id (#641377) + +* Thu Apr 07 2011 Panu Matilainen - 4.9.0-7 +- add missing ldconfig calls to build-libs sub-package +- fix source url + +* Thu Apr 07 2011 Panu Matilainen - 4.9.0-6 +- revert the spec query change (#693338) for now, it breaks fedpkg + +* Tue Apr 05 2011 Panu Matilainen - 4.9.0-5 +- verify some properties of replaced and wrong-colored files (#528383) +- only list packages that would be generated on spec query (#693338) +- preferred color packages should be erased last (#680261) +- fix leaks when freeing a populated transaction set +- take file state into account for file dependencies + +* Tue Mar 22 2011 Panu Matilainen - 4.9.0-4 +- fix classification of elf executables with sticky bit set (#689182) + +* Wed Mar 16 2011 Jindirch Novy - 4.9.0-3 +- fix crash in package manifest check (#688091) + +* Fri Mar 04 2011 Panu Matilainen - 4.9.0-2 +- fix duplicate rpmsign binary in rpm main package dragging in build-libs + +* Wed Mar 02 2011 Panu Matilainen - 4.9.0-1 +- update to 4.9.0 final +- drop upstreamed patches + +* Tue Mar 01 2011 Panu Matilainen - 4.9.0-0.rc1.4 +- spec cosmetics clean up extra whitespace + group more logically +- wipe out BDB environment at boot via tmpfiles.d + +* Mon Feb 21 2011 Panu Matilainen - 4.9.0-0.rc1.3 +- fix erronous double cursor open, causing yum reinstall hang (#678644) + +* Mon Feb 21 2011 Panu Matilainen - 4.9.0-0.rc1.2 +- fix broken logic in depgen collector, hopefully curing #675002 + +* Tue Feb 15 2011 Panu Matilainen - 4.9.0-0.rc1.1 +- update to 4.9.0-rc1 +- drop upstream patches +- nss packaging has changed, buildrequire nss-softokn-freebl-devel + +* Wed Feb 09 2011 Fedora Release Engineering - 4.9.0-0.beta1.7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Feb 07 2011 Panu Matilainen - 4.9.0-0.beta1.7 +- fix segfault when building more than one package at a time (#675565) + +* Sun Feb 06 2011 Panu Matilainen - 4.9.0-0.beta1.6 +- adjust ocaml rule for libmagic string change + +* Mon Jan 31 2011 Panu Matilainen - 4.9.0-0.beta1.5 +- dont try to remove environment files if private env used (related to #671200) +- unbreak mono dependency extraction (#673663) +- complain instead of silent abort if cwd is not readable (#672576) + +* Tue Jan 25 2011 Panu Matilainen - 4.9.0-0.beta1.4 +- add support for Requires(posttrans) dependencies + +* Fri Jan 21 2011 Panu Matilainen - 4.9.0-0.beta1.3 +- avoid division by zero in rpmdb size calculation (#671056) +- fix secondary index iteration returing duplicate at end (#671149) +- fix rebuilddb creating duplicate indexes for first header + +* Fri Jan 21 2011 Panu Matilainen - 4.9.0-0.beta1.2 +- permit queries from rpmdb on read-only media (#671200) + +* Tue Jan 18 2011 Panu Matilainen - 4.9.0-0.beta1.1 +- rpm 4.9.0-beta1 (http://rpm.org/wiki/Releases/4.9.0) + - drop no longer needed patches + - adjust requires + buildrequires to match current needs + - adjust rpmdb index ghosts to match the new release + - split librpmbuild and librpmsign to a separate rpm-build-libs package + - split rpmsign to its own package to allow signing without all the build goo + - build-conditionalize plugins, disabled for now + - gstreamer and printer dependency generation moving out + - handle .so symlink dependencies with fileattrs + - use gnupg2 for signing as that's what typically installed by default + +* Tue Jan 18 2011 Panu Matilainen - 4.8.1-7 +- bunch of spec tweaks, cleanups + corrections: + - shorten rpm-build filelist a bit with glob use, reorder for saner grouping + - missing isa in popt version dependency + - only add rpmdb_foo symlinks for actually relevant db_* utils + - drop no longer necessary file-devel dependency from rpm-devel + - drop sqlite backend build-conditional + - preliminaries for moving from db4 to libdb +- use gnupg2 for signing as that's more likely to be installed by default + +* Mon Oct 25 2010 Jindrich Novy - 4.8.1-6 +- rebuild with new xz-5.0.0 + +* Tue Aug 10 2010 Panu Matilainen - 4.8.1-5 +- create gdb index on debuginfo generation (#617166) +- rpm-build now requires /usr/bin/gdb-add-index for consistent index creation +- include COPYING in -apidocs for licensing guidelines compliance + +* Thu Jul 22 2010 David Malcolm - 4.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 02 2010 Panu Matilainen - 4.8.1-3 +- ugh, reversed condition braindamage in the font provide extractor "fix" + +* Wed Jun 30 2010 Panu Matilainen - 4.8.1-2 +- fix a potential getOutputFrom() error from font provide extraction +- debug-friendlier message to aid finding other similar cases (#565223) + +* Fri Jun 11 2010 Panu Matilainen - 4.8.1-1 +- update to 4.8.1 (http://rpm.org/wiki/Releases/4.8.1) +- drop no longer needed patches +- fix source url pointing to testing directory + +* Thu Jun 03 2010 Panu Matilainen - 4.8.0-19 +- also strip POSIX file capabilities from hardlinks on upgrade/erase (#598775) + +* Wed Jun 02 2010 Panu Matilainen - 4.8.0-18 +- remove s-bits on upgrade too (#598775) + +* Thu May 27 2010 Panu Matilainen - 4.8.0-17 +- fix segfault in spec parser (#597835) + +* Thu May 27 2010 Panu Matilainen - 4.8.0-16 +- adjust to new pkg-config behavior wrt private dependencies (#596433) +- rpm-build now requires pkgconfig >= 0.24 + +* Fri May 21 2010 Panu Matilainen - 4.8.0-15 +- handle non-existent dependency sets correctly in python (#593553) +- make find-lang look in all locale dirs (#584866) + +* Fri Apr 23 2010 Panu Matilainen - 4.8.0-14 +- lose dangling symlink to extinct (and useless) berkeley_db_svc (#585174) + +* Wed Mar 24 2010 Panu Matilainen - 4.8.0-13 +- fix python match iterator regression wrt boolean representation + +* Wed Mar 17 2010 Panu Matilainen - 4.8.0-12 +- unbreak find-lang --with-man from yesterdays braindamage + +* Tue Mar 16 2010 Panu Matilainen - 4.8.0-11 +- support single PPD providing driver for devices (#568351) +- merge the psdriver patch pile into one +- preserve empty lines in spec prep section (#573339) +- teach python bindings about RPMTRANS_FLAG_NOCONTEXTS (related to #573111) +- dont own localized man directories through find_lang (#569536) + +* Mon Feb 15 2010 Panu Matilainen - 4.8.0-10 +- drop bogus dependency on lzma, xz is used to handle the lzma format too + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-9 +- unbreak python(abi) requires generation (#562906) + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-8 +- more fixes to postscript provides extractor (#562228) +- avoid accessing unrelated mount points in disk space checking (#547548) +- fix disk space checking with erasures present in transaction (#561160) + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-7 +- couple of fixes to the postscript provides extractor (#538101) + +* Thu Feb 04 2010 Panu Matilainen - 4.8.0-6 +- extract provides for postscript printer drivers (#538101) + +* Wed Feb 03 2010 Panu Matilainen - 4.8.0-5 +- python byte-compilation fixes + improvements (#558997) + +* Sat Jan 30 2010 Panu Matilainen - 4.8.0-4 +- support parallel python versions in python dependency extractor (#532118) + +* Thu Jan 21 2010 Panu Matilainen - 4.8.0-3 +- fix segfault on failed url retrieval +- fix verification error code depending on verbosity level +- if anything in testsuite fails, dump out the log + +* Fri Jan 08 2010 Panu Matilainen - 4.8.0-2 +- put disttag back, accidentally nuked in 4.8.0 final update + +* Fri Jan 08 2010 Panu Matilainen - 4.8.0-1 +- update to 4.8.0 final (http://rpm.org/wiki/Releases/4.8.0) + +* Thu Jan 07 2010 Panu Matilainen - 4.8.0-0.beta1.6 +- pull out macro scoping "fix" for now, it breaks font package macros + +* Mon Jan 04 2010 Panu Matilainen - 4.8.0-0.beta1.5 +- always clear locally defined macros when they go out of scope + +* Thu Dec 17 2009 Panu Matilainen - 4.8.0-0.beta1.4 +- permit unexpanded macros when parsing spec (#547997) + +* Wed Dec 09 2009 Panu Matilainen - 4.8.0-0.beta1.3 +- fix a bunch of python refcount-errors causing major memory leaks + +* Mon Dec 07 2009 Panu Matilainen - 4.8.0-0.beta1.2 +- fix noise from python bytecompile on non-python packages (#539635) +- make all our -devel [build]requires isa-specific +- trim out superfluous -devel dependencies from rpm-devel + +* Mon Dec 07 2009 Panu Matilainen - 4.8.0-0.beta1.1 +- update to 4.8.0-beta1 (http://rpm.org/wiki/Releases/4.8.0) +- rpm-build conflicts with current ocaml-runtime + +* Fri Dec 04 2009 Panu Matilainen - 4.7.2-2 +- missing error exit code from signing password checking (#496754) +- dont fail build on unrecognized data files (#532489) +- dont try to parse subkeys and secret keys (#436812) +- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035) + +* Wed Nov 25 2009 Panu Matilainen - 4.7.2-1 +- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2) +- fixes #464750, #529214 + +* Wed Nov 18 2009 Jindrich Novy - 4.7.1-10 +- rebuild against BDB-4.8.24 + +* Wed Nov 18 2009 Jindrich Novy - 4.7.1-9 +- drop versioned dependency to BDB + +* Wed Oct 28 2009 Panu Matilainen - 4.7.1-8 +- support multiple python implementations in brp-python-bytecompile (#531117) +- make disk space problem reporting a bit saner (#517418) + +* Tue Oct 06 2009 Panu Matilainen - 4.7.1-7 +- fix build with BDB 4.8.x by removing XA "support" from BDB backend +- perl dep extractor heredoc parsing improvements (#524929) + +* Mon Sep 21 2009 Panu Matilainen - 4.7.1-6 +- use relative paths within db environment (related to #507309, #507309...) +- remove db environment on close in chrooted operation (related to above) +- initialize rpmlib earlier in rpm2cpio (#523260) +- fix file dependency tag extension formatting (#523282) + +* Tue Sep 15 2009 Panu Matilainen - 4.7.1-5 +- fix duplicate dependency filtering on build (#490378) +- permit absolute paths in file lists again (#521760) +- use permissions 444 for all .debug files (#522194) +- add support for optional bugurl tag (#512774) + +* Fri Aug 14 2009 Jesse Keating - 4.7.1-4 +- Patch to make geode appear as i686 (#517475) + +* Thu Aug 06 2009 Jindrich Novy - 4.7.1-3 +- rebuild because of the new xz + +* Sun Jul 26 2009 Fedora Release Engineering - 4.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 21 2009 Panu Matilainen - 4.7.1-1 +- update to 4.7.1 ((http://rpm.org/wiki/Releases/4.7.1) +- fix source url + +* Mon Jul 20 2009 Bill Nottingham - 4.7.0-9 +- enable XZ support + +* Thu Jun 18 2009 Panu Matilainen - 4.7.0-8 +- updated OSGi dependency extractor (#506471) +- fix segfault in symlink fingerprinting (#505777) +- fix invalid memory access causing bogus file dependency errors (#506323) + +* Tue Jun 16 2009 Panu Matilainen - 4.7.0-7 +- add dwarf-3 support to debugedit (#505774) + +* Fri Jun 12 2009 Stepan Kasal - 4.7.0-6 +- require libcap >= 2.16 (#505596) + +* Wed Jun 03 2009 Panu Matilainen - 4.7.0-5 +- don't mess up problem altNEVR in python ts.check() (#501068) +- fix hardlink size calculation on build (#503020) + +* Thu May 14 2009 Panu Matilainen - 4.7.0-4 +- split cron-job into a sub-package to avoid silly deps on core rpm (#500722) +- rpm requires coreutils but not in %%post +- build with libcap and libacl +- fix pgp pubkey signature tag parsing + +* Tue Apr 21 2009 Panu Matilainen - 4.7.0-3 +- couple of merge-review fixes (#226377) + - eliminate bogus leftover rpm:rpm rpmdb ownership + - unescaped macro in changelog +- fix find-lang --with-kde with KDE3 (#466009) +- switch back to default file digest algorithm + +* Fri Apr 17 2009 Panu Matilainen - 4.7.0-2 +- file classification tweaks for text files (#494817) + - disable libmagic text token checks, it's way too error-prone + - consistently classify all text as such and include description + +* Thu Apr 16 2009 Panu Matilainen - 4.7.0-1 +- update to 4.7.0 final (http://rpm.org/wiki/Releases/4.7.0) +- fixes #494049, #495429 +- dont permit test-suite failure anymore + +* Thu Apr 09 2009 Panu Matilainen - 4.7.0-0.rc1.1 +- update to 4.7.0-rc1 +- fixes #493157, #493777, #493696, #491388, #487597, #493162 + +* Fri Apr 03 2009 Panu Matilainen - 4.7.0-0.beta1.9 +- fix recorded file state of otherwise skipped files (#492947) +- compress ChangeLog, drop old CHANGES file (#492440) + +* Thu Apr 2 2009 Tom "spot" Callaway - 4.7.0-0.beta1.8 +- Fix sparcv9v and sparc64v targets + +* Tue Mar 24 2009 Panu Matilainen - 4.7.0-0.beta1.7 +- prefer more specific types over generic "text" in classification (#491349) + +* Mon Mar 23 2009 Panu Matilainen - 4.7.0-0.beta1.6 +- with the fd leak gone, let libmagic look into compressed files again (#491596) + +* Mon Mar 23 2009 Panu Matilainen - 4.7.0-0.beta1.5 +- fix font provide generation on filenames with whitespace (#491597) + +* Thu Mar 12 2009 Panu Matilainen - 4.7.0-0.beta1.4 +- handle RSA V4 signatures (#436812) +- add alpha arch ISA-bits +- enable internal testsuite on build + +* Mon Mar 09 2009 Panu Matilainen - 4.7.0-0.beta1.3 +- fix _install_langs behavior (#489235) +- fix recording of file states into rpmdb on install + +* Sun Mar 08 2009 Panu Matilainen - 4.7.0-0.beta1.2 +- load macros before creating directories on src.rpm install (#489104) + +* Fri Mar 06 2009 Panu Matilainen - 4.7.0-0.beta1.1 +- update to 4.7.0-beta1 (http://rpm.org/wiki/Releases/4.7.0) + +* Fri Feb 27 2009 Panu Matilainen - 4.6.0-11 +- build rpm itself with md5 file digests for now to ensure upgradability + +* Thu Feb 26 2009 Panu Matilainen - 4.6.0-10 +- handle NULL passed as EVR in rpmdsSingle() again (#485616) + +* Wed Feb 25 2009 Panu Matilainen - 4.6.0-9 +- pull out python byte-compile syntax check for now + +* Mon Feb 23 2009 Panu Matilainen - 4.6.0-8 +- make -apidocs sub-package noarch +- fix source URL + +* Sat Feb 21 2009 Panu Matilainen - 4.6.0-7 +- loosen up restrictions on dependency names (#455119) +- handle inter-dependent pkg-config files for requires too (#473814) +- error/warn on elf binaries in noarch package in build + +* Fri Feb 20 2009 Panu Matilainen - 4.6.0-6 +- error out on uncompilable python code (Tim Waugh) + +* Tue Feb 17 2009 Jindrich Novy - 4.6.0-5 +- remove two offending hunks from anyarch patch causing that + RPMTAG_BUILDARCHS isn't written to SRPMs + +* Mon Feb 16 2009 Jindrich Novy - 4.6.0-4 +- inherit group tag from the main package (#470714) +- ignore BuildArch tags for anyarch actions (#442105) +- don't check package BuildRequires when doing --rmsource (#452477) +- don't fail because of missing sources when only spec removal + is requested (#472427) + +* Mon Feb 16 2009 Panu Matilainen - 4.6.0-3 +- updated fontconfig provide script - fc-query does all the hard work now + +* Mon Feb 09 2009 Panu Matilainen - 4.6.0-2 +- build against db 4.7.x + +* Fri Feb 06 2009 Panu Matilainen - 4.6.0-1 +- update to 4.6.0 final +- revert libmagic looking into compressed files for now, breaks ooffice build + +* Fri Feb 06 2009 Panu Matilainen - 4.6.0-0.rc4.5 +- enable fontconfig provides generation + +* Thu Feb 05 2009 Panu Matilainen - 4.6.0-0.rc4.4 +- fixup rpm translation lookup to match Fedora specspo (#436941) + +* Wed Feb 04 2009 Panu Matilainen - 4.6.0-0.rc4.3 +- extract mimehandler provides from .desktop files +- preliminaries for extracting font provides (not enabled yet) +- dont classify font metrics data as fonts +- only run script dep extraction once per file, duh + +* Sat Jan 31 2009 Panu Matilainen - 4.6.0-0.rc4.2 +- change platform sharedstatedir to something more sensible (#185862) +- add rpmdb_foo links to db utils for documentation compatibility + +* Fri Jan 30 2009 Panu Matilainen - 4.6.0-0.rc4.1 +- update to 4.6.0-rc4 +- fixes #475582, #478907, #476737, #479869, #476201 + +* Fri Dec 12 2008 Panu Matilainen - 4.6.0-0.rc3.2 +- add back defaultdocdir patch which hadn't been applied on 4.6.x branch yet + +* Fri Dec 12 2008 Panu Matilainen - 4.6.0-0.rc3.1 +- add dist-tag, rebuild + +* Tue Dec 09 2008 Panu Matilainen - 4.6.0-0.rc3.1 +- update to rpm 4.6.0-rc3 +- fixes #475214, #474550, #473239 + +* Wed Dec 3 2008 Jeremy Katz - 4.6.0-0.rc2.9 +- I built into the wrong place + +* Wed Dec 3 2008 Jeremy Katz - 4.6.0-0.rc2.8 +- python 2.6 rebuild again + +* Wed Dec 03 2008 Panu Matilainen +- make rpm-build require pkgconfig (#473978) + +* Tue Dec 02 2008 Panu Matilainen +- fix pkg-config provide generation when pc's depend on each other (#473814) + +* Mon Dec 01 2008 Jindrich Novy +- include rpmfileutil.h from rpmmacro.h, unbreaks + net-snmp (#473420) + +* Sun Nov 30 2008 Panu Matilainen +- rebuild for python 2.6 + +* Sat Nov 29 2008 Panu Matilainen +- update to 4.6.0-rc2 +- fixes #471820, #473167, #469355, #468319, #472507, #247374, #426672, #444661 +- enable automatic generation of pkg-config and libtool dependencies #465377 + +* Fri Oct 31 2008 Panu Matilainen +- adjust find-debuginfo for "file" output change (#468129) + +* Tue Oct 28 2008 Panu Matilainen +- Florian's improved fingerprinting hash algorithm from upstream + +* Sat Oct 25 2008 Panu Matilainen +- Make noarch sub-packages actually work +- Fix defaultdocdir logic in installplatform to avoid hardwiring mandir + +* Fri Oct 24 2008 Jindrich Novy +- update compat-db dependencies (#459710) + +* Wed Oct 22 2008 Panu Matilainen +- never add identical NEVRA to transaction more than once (#467822) + +* Sun Oct 19 2008 Panu Matilainen +- permit tab as macro argument separator (#467567) + +* Thu Oct 16 2008 Panu Matilainen +- update to 4.6.0-rc1 +- fixes #465586, #466597, #465409, #216221, #466503, #466009, #463447... +- avoid using %%configure macro for now, it has unwanted side-effects on rpm + +* Wed Oct 01 2008 Panu Matilainen +- update to official 4.5.90 alpha tarball +- a big pile of misc bugfixes + translation updates +- isa-macro generation fix for ppc (#464754) +- avoid pulling in pile of perl dependencies for an unused script +- handle both "invalid argument" and clear env version mismatch on posttrans + +* Thu Sep 25 2008 Jindrich Novy +- don't treat %%patch numberless if -P parameter is present (#463942) + +* Thu Sep 11 2008 Panu Matilainen +- add hack to support extracting gstreamer plugin provides (#438225) +- fix another macro argument handling regression (#461180) + +* Thu Sep 11 2008 Jindrich Novy +- create directory structure for rpmbuild prior to build if it doesn't exist (#455387) +- create _topdir if it doesn't exist when installing SRPM +- don't generate broken cpio in case of hardlink pointing on softlink, + thanks to pixel@mandriva.com + +* Sat Sep 06 2008 Jindrich Novy +- fail hard if patch isn't found (#461347) + +* Mon Sep 01 2008 Jindrich Novy +- fix parsing of boolean expressions in spec (#456103) + (unbreaks pam, jpilot and maybe other builds) + +* Tue Aug 26 2008 Jindrich Novy +- add support for noarch subpackages +- fix segfault in case of insufficient disk space detected (#460146) + +* Wed Aug 13 2008 Panu Matilainen +- 4.5.90-0.git8461.2 +- fix archivesize tag generation on ppc (#458817) + +* Fri Aug 08 2008 Panu Matilainen +- 4.5.90-0.git8461.1 +- new snapshot from upstream +- fixes #68290, #455972, #446202, #453364, #456708, #456103, #456321, #456913, + #458260, #458261 +- partial fix for #457360 + +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8427.1 +- new snapshot from upstream + +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8426.10 +- rpm-4.5.90-posttrans.patch +- use header from rpmdb in posttrans to make anaconda happy + +* Sat Jul 19 2008 Panu Matilainen +- 4.5.90-0.git8426.9 +- fix regression in patch number handling (#455872) + +* Tue Jul 15 2008 Panu Matilainen +- 4.5.90-0.git8426.8 +- fix regression in macro argument handling (#455333) + +* Mon Jul 14 2008 Panu Matilainen +- 4.5.90-0.git8426.7 +- fix mono dependency extraction (adjust for libmagic string change) + +* Sat Jul 12 2008 Panu Matilainen +- 4.5.90-0.git8426.6 +- fix type mismatch causing funky breakage on ppc64 + +* Fri Jul 11 2008 Panu Matilainen +- 4.5.90-0.git8426.5 +- flip back to external bdb +- fix tab vs spaces complaints from rpmlint +- add dep for lzma and require unzip instead of zip in build (#310694) +- add pkgconfig dependency to rpm-devel +- drop ISA-dependencies for initial introduction +- new snapshot from upstream for documentation fixes + +* Thu Jul 10 2008 Panu Matilainen +- 4.5.90-0.git8424.4 +- handle int vs external db in posttrans too + +* Wed Jul 09 2008 Panu Matilainen +- 4.5.90-0.git8424.3 +- require curl as external url helper + +* Wed Jul 09 2008 Panu Matilainen +- 4.5.90-0.git8424.2 +- add support for building with or without internal db + +* Wed Jul 09 2008 Panu Matilainen +- rpm 4.5.90-0.git8424.1 (alpha snapshot) +- adjust to build against Berkeley DB 4.5.20 from compat-db for now +- add posttrans to clean up db environment mismatch after upgrade +- forward-port devel autodeps patch + +* Tue Jul 08 2008 Panu Matilainen +- adjust for rpmdb index name change +- drop unnecessary vendor-macro patch for real +- add ISA-dependencies among rpm subpackages +- make lzma and sqlite deps conditional and disabled by default for now + +* Fri Feb 01 2008 Panu Matilainen +- spec largely rewritten, truncating changelog