diff --git a/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch new file mode 100644 index 0000000..8e4e835 --- /dev/null +++ b/SOURCES/rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch @@ -0,0 +1,186 @@ +diff -up rpm-4.14.3/sign/rpmgensig.c.orig rpm-4.14.3/sign/rpmgensig.c +--- rpm-4.14.3/sign/rpmgensig.c.orig 2020-06-26 15:57:43.781333983 +0200 ++++ rpm-4.14.3/sign/rpmgensig.c 2020-06-26 15:58:29.819229616 +0200 +@@ -8,7 +8,6 @@ + #include + #include + #include +-#include + + #include /* RPMSIGTAG & related */ + #include +@@ -33,68 +32,6 @@ typedef struct sigTarget_s { + rpm_loff_t size; + } *sigTarget; + +-/* +- * There is no function for creating unique temporary fifos so create +- * unique temporary directory and then create fifo in it. +- */ +-static char *mkTempFifo(void) +-{ +- char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL; +- mode_t mode; +- +- tmppath = rpmExpand("%{_tmppath}", NULL); +- if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1)) +- goto exit; +- +- +- tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL); +- mode = umask(0077); +- tmpdir = mkdtemp(tmpdir); +- umask(mode); +- if (tmpdir == NULL) { +- rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"), +- tmpdir); +- tmpdir = _free(tmpdir); +- goto exit; +- } +- +- fifofn = rpmGetPath(tmpdir, "/fifo", NULL); +- if (mkfifo(fifofn, 0600) == -1) { +- rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn); +- fifofn = _free(fifofn); +- } +- +-exit: +- if (fifofn == NULL && tmpdir != NULL) +- unlink(tmpdir); +- +- free(tmppath); +- free(tmpdir); +- +- return fifofn; +-} +- +-/* Delete fifo and then temporary directory in which it was located */ +-static int rpmRmTempFifo(const char *fn) +-{ +- int rc = 0; +- char *dfn = NULL, *dir = NULL; +- +- if ((rc = unlink(fn)) != 0) { +- rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn); +- return rc; +- } +- +- dfn = xstrdup(fn); +- dir = dirname(dfn); +- +- if ((rc = rmdir(dir)) != 0) +- rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir); +- free(dfn); +- +- return rc; +-} +- + static int closeFile(FD_t *fdp) + { + if (fdp == NULL || *fdp == NULL) +@@ -241,27 +178,38 @@ exit: + static int runGPG(sigTarget sigt, const char *sigfile) + { + int pid = 0, status; +- FD_t fnamedPipe = NULL; +- char *namedPipeName = NULL; ++ int pipefd[2]; ++ FILE *fpipe = NULL; + unsigned char buf[BUFSIZ]; + ssize_t count; + ssize_t wantCount; + rpm_loff_t size; + int rc = 1; /* assume failure */ + +- namedPipeName = mkTempFifo(); ++ if (pipe(pipefd) < 0) { ++ rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n")); ++ goto exit; ++ } + +- rpmPushMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1); ++ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1); + rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1); + + if (!(pid = fork())) { + char *const *av; + char *cmd = NULL; +- const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL); ++ const char *tty = ttyname(STDIN_FILENO); ++ const char *gpg_path = NULL; ++ ++ if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0))) ++ rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n")); + ++ gpg_path = rpmExpand("%{?_gpg_path}", NULL); + if (gpg_path && *gpg_path != '\0') + (void) setenv("GNUPGHOME", gpg_path, 1); + ++ dup2(pipefd[0], STDIN_FILENO); ++ close(pipefd[1]); ++ + unsetenv("MALLOC_CHECK_"); + cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL); + rc = poptParseArgvString(cmd, NULL, (const char ***)&av); +@@ -276,9 +224,10 @@ static int runGPG(sigTarget sigt, const + rpmPopMacro(NULL, "__plaintext_filename"); + rpmPopMacro(NULL, "__signature_filename"); + +- fnamedPipe = Fopen(namedPipeName, "w"); +- if (!fnamedPipe) { +- rpmlog(RPMLOG_ERR, _("Fopen failed\n")); ++ close(pipefd[0]); ++ fpipe = fdopen(pipefd[1], "w"); ++ if (!fpipe) { ++ rpmlog(RPMLOG_ERR, _("Could not open pipe for writing: %m\n")); + goto exit; + } + +@@ -291,8 +240,8 @@ static int runGPG(sigTarget sigt, const + size = sigt->size; + wantCount = size < sizeof(buf) ? size : sizeof(buf); + while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) { +- Fwrite(buf, sizeof(buf[0]), count, fnamedPipe); +- if (Ferror(fnamedPipe)) { ++ fwrite(buf, sizeof(buf[0]), count, fpipe); ++ if (ferror(fpipe)) { + rpmlog(RPMLOG_ERR, _("Could not write to pipe\n")); + goto exit; + } +@@ -304,8 +253,13 @@ static int runGPG(sigTarget sigt, const + sigt->fileName, Fstrerror(sigt->fd)); + goto exit; + } +- Fclose(fnamedPipe); +- fnamedPipe = NULL; ++ ++exit: ++ ++ if (fpipe) ++ fclose(fpipe); ++ if (pipefd[1]) ++ close(pipefd[1]); + + (void) waitpid(pid, &status, 0); + pid = 0; +@@ -314,20 +268,6 @@ static int runGPG(sigTarget sigt, const + } else { + rc = 0; + } +- +-exit: +- +- if (fnamedPipe) +- Fclose(fnamedPipe); +- +- if (pid) +- waitpid(pid, &status, 0); +- +- if (namedPipeName) { +- rpmRmTempFifo(namedPipeName); +- free(namedPipeName); +- } +- + return rc; + } + diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index 3677afc..1cef8f9 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -30,7 +30,7 @@ %global rpmver 4.14.3 #global snapver rc2 -%global rel 3 +%global rel 4 %global srcver %{version}%{?snapver:-%{snapver}} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} @@ -91,6 +91,7 @@ Patch139: 0001-Make-check-buildroot-check-the-build-files-in-parall.patch Patch140: 0001-Fix-resource-leaks-on-zstd-open-error-paths.patch # XXX should be before 0001-Pass-RPM_BUILD_NCPUS-to-build-scripts.patch Patch141: 0001-Isolate-_smp_build_ncpus-and-use-it-for-_smp_mflags.patch +Patch142: rpm-4.14.3-GPG-Switch-back-to-pipe-7-for-signing.patch # Python 3 string API sanity Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch @@ -652,6 +653,9 @@ make check || cat tests/rpmtests.log %doc doc/librpm/html/* %changelog +* Fri Jun 26 2020 Michal Domonkos - 4.14.3-4 +- Fix hang when signing with expired key (#1746353) + * Wed May 13 2020 Panu Matilainen - 4.14.3-3 - Fix configure option for --with ndb (#1817010, Matthew Almond)