diff --git a/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch b/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch new file mode 100644 index 0000000..99f8420 --- /dev/null +++ b/SOURCES/rpm-4.11.x-Fix-Python-hdr-refcount.patch @@ -0,0 +1,72 @@ +From 40326b5724b0cd55a21b2d86eeef344e4826f863 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Thu, 20 Oct 2016 16:06:06 +0200 +Subject: [PATCH] Do not call headerLink() in hdr_Wrap() + +as headers often already have an ref count of 1. +Add headerLink() only where it is necessary. +Plugs memory leaks in Python binding +Resolves: rhbz:#1358467 +--- + python/header-py.c | 4 ++-- + python/rpmmi-py.c | 2 ++ + python/rpmts-py.c | 1 - + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/python/header-py.c b/python/header-py.c +index 63167d9..5d98f89 100644 +--- a/python/header-py.c ++++ b/python/header-py.c +@@ -394,6 +394,7 @@ static PyObject *hdr_new(PyTypeObject *subtype, PyObject *args, PyObject *kwds) + h = headerNew(); + } else if (CAPSULE_CHECK(obj)) { + h = CAPSULE_EXTRACT(obj, "rpm._C_Header"); ++ headerLink(h); + } else if (hdrObject_Check(obj)) { + h = headerCopy(((hdrObject*) obj)->h); + } else if (PyBytes_Check(obj)) { +@@ -778,8 +779,7 @@ PyObject * hdr_Wrap(PyTypeObject *subtype, Header h) + { + hdrObject * hdr = (hdrObject *)subtype->tp_alloc(subtype, 0); + if (hdr == NULL) return NULL; +- +- hdr->h = headerLink(h); ++ hdr->h = h; + return (PyObject *) hdr; + } + +diff --git a/python/rpmmi-py.c b/python/rpmmi-py.c +index 0e27575..379cafb 100644 +--- a/python/rpmmi-py.c ++++ b/python/rpmmi-py.c +@@ -1,6 +1,7 @@ + #include "rpmsystem-py.h" + + #include ++#include + + #include "rpmmi-py.h" + #include "header-py.h" +@@ -74,6 +75,7 @@ rpmmi_iternext(rpmmiObject * s) + s->mi = rpmdbFreeIterator(s->mi); + return NULL; + } ++ headerLink(h); + return hdr_Wrap(&hdr_Type, h); + } + +diff --git a/python/rpmts-py.c b/python/rpmts-py.c +index 13951df..f05371c 100644 +--- a/python/rpmts-py.c ++++ b/python/rpmts-py.c +@@ -384,7 +384,6 @@ rpmts_HdrFromFdno(rpmtsObject * s, PyObject *arg) + + if (rpmrc == RPMRC_OK) { + ho = hdr_Wrap(&hdr_Type, h); +- h = headerFree(h); /* ref held by python object */ + } else { + Py_INCREF(Py_None); + ho = Py_None; +-- +2.9.3 + diff --git a/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch b/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch new file mode 100644 index 0000000..24cca69 --- /dev/null +++ b/SOURCES/rpm-4.11.x-Fix-off-by-one-base64.patch @@ -0,0 +1,30 @@ +From 0964912b94f9f48a0a812fbfbb2f996dbd93eff0 Mon Sep 17 00:00:00 2001 +From: Jonathan Wakely +Date: Wed, 25 May 2016 12:31:19 +0100 +Subject: [PATCH] Fix off-by-one error + +There's an off-by-one error in base64_decode_value which results in undefined behaviour: + + void* out; + size_t len; + rpmBase64Decode("\x7b", &out, &len); +--- + rpmio/base64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/base64.c b/rpmio/base64.c +index 60e67d4..4424aab 100644 +--- a/rpmio/base64.c ++++ b/rpmio/base64.c +@@ -104,7 +104,7 @@ static int base64_decode_value(unsigned char value_in) + { + static const int decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51}; + value_in -= 43; +- if (value_in > sizeof(decoding)/sizeof(int)) ++ if (value_in >= sizeof(decoding)/sizeof(int)) + return -1; + return decoding[value_in]; + } +-- +2.9.3 + diff --git a/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch b/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch new file mode 100644 index 0000000..76e2e7d --- /dev/null +++ b/SOURCES/rpm-4.11.x-export-verifysigs-to-python.patch @@ -0,0 +1,87 @@ +diff -up rpm-4.11.3/lib/rpmchecksig.c.orig rpm-4.11.3/lib/rpmchecksig.c +--- rpm-4.11.3/lib/rpmchecksig.c.orig 2013-11-22 11:31:31.000000000 +0100 ++++ rpm-4.11.3/lib/rpmchecksig.c 2017-03-15 18:18:20.688251955 +0100 +@@ -242,8 +242,8 @@ static void formatResult(rpmTagVal sigta + free(msg); + } + +-static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, +- FD_t fd, const char *fn) ++int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd, ++ const char *fn) + { + + char *buf = NULL; +diff -up rpm-4.11.3/lib/rpmcli.h.orig rpm-4.11.3/lib/rpmcli.h +--- rpm-4.11.3/lib/rpmcli.h.orig 2014-02-05 14:04:02.000000000 +0100 ++++ rpm-4.11.3/lib/rpmcli.h 2017-03-15 18:18:20.689251950 +0100 +@@ -254,6 +254,17 @@ int showVerifyPackage(QVA_t qva, rpmts t + */ + int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn); + ++/** ++ * Check package and header signatures. ++ * @param keyring keyring handle ++ * @param flags flags to control what to verify ++ * @param fd package file handle ++ * @param fn package file name ++ * @return 0 on success, 1 on failure ++ */ ++int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd, ++ const char *fn); ++ + /** \ingroup rpmcli + * Verify package install. + * @todo hack: RPMQV_ALL can pass char ** arglist = NULL, not char * arg. Union? +diff -up rpm-4.11.3/python/rpmts-py.c.orig rpm-4.11.3/python/rpmts-py.c +--- rpm-4.11.3/python/rpmts-py.c.orig 2014-02-05 14:04:02.000000000 +0100 ++++ rpm-4.11.3/python/rpmts-py.c 2017-03-15 18:18:20.689251950 +0100 +@@ -7,6 +7,8 @@ + #include + #include + #include ++#include ++#include + + #include "header-py.h" + #include "rpmds-py.h" /* XXX for rpmdsNew */ +@@ -671,6 +672,24 @@ exit: + return mio; + } + ++static PyObject * ++rpmts_VerifySigs(rpmtsObject * s, PyObject * args) ++{ ++ rpmfdObject *fdo = NULL; ++ char *fn = NULL; ++ rpmQueryFlags flags = (VERIFY_DIGEST|VERIFY_SIGNATURE); ++ int rc = 1; ++ ++ if (!PyArg_ParseTuple(args, "O&s|i:VerifySigs", rpmfdFromPyObject, &fdo, ++ &fn, &flags)) ++ return NULL; ++ ++ rpmKeyring keyring = rpmtsGetKeyring(s->ts, 1); ++ rc = rpmpkgVerifySigs(keyring, flags, rpmfdGetFd(fdo), fn); ++ rpmKeyringFree(keyring); ++ return PyBool_FromLong(rc == 0); ++} ++ + static struct PyMethodDef rpmts_methods[] = { + {"addInstall", (PyCFunction) rpmts_AddInstall, METH_VARARGS, + NULL }, +@@ -729,6 +748,14 @@ Remove all elements from the transaction + {"dbIndex", (PyCFunction) rpmts_index, METH_VARARGS|METH_KEYWORDS, + "ts.dbIndex(TagN) -> ii\n\ + - Create a key iterator for the default transaction rpmdb.\n" }, ++ {"_verifySigs", (PyCFunction) rpmts_VerifySigs, METH_VARARGS, ++ "ts._verifySigs(fdno, fn, [flags]) -- Verify package signature\n\n" ++ "Returns True if it verifies, False otherwise.\n\n" ++ "Args:\n" ++ " fdno : file descriptor of the package to verify\n" ++ " fn : package file name (just for logging purposes)\n" ++ " flags : bitfield to control what to verify\n" ++ " (default is rpm.VERIFY_SIGNATURE | rpm.VERIFY_DIGEST)"}, + {NULL, NULL} /* sentinel */ + }; + diff --git a/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch b/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch new file mode 100644 index 0000000..61ef41b --- /dev/null +++ b/SOURCES/rpm-4.11.x-perl.req-skip-my-var-block.patch @@ -0,0 +1,39 @@ +From 4a9b7f547ce1bb6b0b352d2e29ae4b0d3bddebfb Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Mon, 13 Mar 2017 11:20:11 +0100 +Subject: [PATCH] perl.req: Also skip blocks with my var = << + +Before only +var = <) { + chomp; +-- +2.9.3 + diff --git a/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch b/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch new file mode 100644 index 0000000..a5ea75d --- /dev/null +++ b/SOURCES/rpm-4.11.x-sources-to-lua-variables.patch @@ -0,0 +1,43 @@ +From 344f938670b8f7400ef177945cef5552783d450f Mon Sep 17 00:00:00 2001 +From: Lubos Kardos +Date: Fri, 10 Apr 2015 17:28:17 +0200 +Subject: [PATCH] Fix adding of sources to lua variables during recursive + parsing of spec + +- Before this fix sources and patches weren't added to lua variables + "sources" and "patches" if they were located in spec file after tag + "BuildArch". Now it works.(rhbz:#1084309) +--- + build/parsePreamble.c | 2 +- + build/spec.c | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/build/parsePreamble.c b/build/parsePreamble.c +index 21160cd..521068c 100644 +--- a/build/parsePreamble.c ++++ b/build/parsePreamble.c +@@ -308,7 +308,7 @@ static int addSource(rpmSpec spec, Package pkg, const char *field, rpmTagVal tag + addMacro(spec->macros, buf, NULL, p->fullSource, RMIL_SPEC); + free(buf); + #ifdef WITH_LUA +- if (!spec->recursing) { ++ { + rpmlua lua = NULL; /* global state */ + const char * what = (flag & RPMBUILD_ISPATCH) ? "patches" : "sources"; + rpmluaPushTable(lua, what); +diff --git a/build/spec.c b/build/spec.c +index d06e2c1..1db5d15 100644 +--- a/build/spec.c ++++ b/build/spec.c +@@ -239,6 +239,8 @@ rpmSpec newSpec(void) + { + /* make sure patches and sources tables always exist */ + rpmlua lua = NULL; /* global state */ ++ rpmluaDelVar(lua, "patches"); ++ rpmluaDelVar(lua, "sources"); + rpmluaPushTable(lua, "patches"); + rpmluaPushTable(lua, "sources"); + rpmluaPop(lua); +-- +2.9.3 + diff --git a/SOURCES/rpm-4.11.x-verify-data-range.patch b/SOURCES/rpm-4.11.x-verify-data-range.patch new file mode 100644 index 0000000..a90614c --- /dev/null +++ b/SOURCES/rpm-4.11.x-verify-data-range.patch @@ -0,0 +1,96 @@ +Adjusted lib/package.c section to apply, and 4.11.x requires the +same change in lib/signature.c as well. + +From 89dce2b91d7d73a1e225461a7392c3d6d7a30a95 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 19 Oct 2016 14:48:08 +0300 +Subject: [PATCH] Verify data is within range and does not overlap in + headerVerifyInfo() + +Checking whether data start offset is within header data area is of no use +whatsoever if the entire chunk doesn't fit. Validate the entire data +fits within range and that it does not overlap, however with string +types we can only check the array size is sane but we cant check the +actual content. + +Adjust the upper limit for region trailer in headerVerifyRegion() so +it fits the new rules, but in reality calling headerVerifyInfo() for +the region tags is rather pointless since they're so different. + +Partial fix for RhBug:1373107. +--- + lib/header.c | 21 ++++++++++++++++----- + lib/package.c | 2 +- + 2 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/lib/header.c b/lib/header.c +index 7f7c115..cac5c94 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -196,7 +196,8 @@ int headerVerifyInfo(int il, int dl, const void * pev, void * iv, int negate) + { + entryInfo pe = (entryInfo) pev; + entryInfo info = iv; +- int i; ++ int i, tsize; ++ int32_t end = 0; + + for (i = 0; i < il; i++) { + info->tag = ntohl(pe[i].tag); +@@ -206,16 +207,26 @@ int headerVerifyInfo(int il, int dl, const void * pev, void * iv, int negate) + info->offset = -info->offset; + info->count = ntohl(pe[i].count); + ++ /* Previous data must not overlap */ ++ if (end > info->offset) ++ return i; ++ + if (hdrchkType(info->type)) + return i; + if (hdrchkAlign(info->type, info->offset)) + return i; +- if (hdrchkRange(dl, info->offset)) +- return i; +- if (hdrchkData(info->count)) +- return i; + ++ /* For string types we can only check the array size is sane */ ++ tsize = typeSizes[info->type]; ++ if (tsize < 1) ++ tsize = 1; ++ ++ /* Verify the data actually fits */ ++ end = info->offset + (info->count * tsize); ++ if (hdrchkRange(dl, end)) ++ return i; + } ++ + return -1; + } + +diff --git a/lib/package.c b/lib/package.c +index b6bea09..bb83163 100644 +--- a/lib/package.c ++++ b/lib/package.c +@@ -339,7 +339,7 @@ static rpmRC headerVerify(rpmKeyring keyring, rpmVSFlags vsflags, + (void) memcpy(&info, regionEnd, REGION_TAG_COUNT); + regionEnd += REGION_TAG_COUNT; + +- if (headerVerifyInfo(1, il * sizeof(*pe), &info, &entry.info, 1) != -1 || ++ if (headerVerifyInfo(1, il * sizeof(*pe) + REGION_TAG_COUNT, &info, &entry.info, 1) != -1 || + !(entry.info.tag == RPMTAG_HEADERIMMUTABLE + && entry.info.type == REGION_TAG_TYPE + && entry.info.count == REGION_TAG_COUNT)) +diff --git a/lib/signature.c b/lib/signature.c +index d8017dc..ddf2eb8 100644 +--- a/lib/signature.c ++++ b/lib/signature.c +@@ -165,7 +165,7 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, sigType sig_type, char ** msg) + } + dataEnd += REGION_TAG_COUNT; + +- xx = headerVerifyInfo(1, il * sizeof(*pe), &info, &entry.info, 1); ++ xx = headerVerifyInfo(1, il * sizeof(*pe) + REGION_TAG_COUNT, &info, &entry.info, 1); + if (xx != -1 || + !((entry.info.tag == RPMTAG_HEADERSIGNATURES || entry.info.tag == RPMTAG_HEADERIMAGE) + && entry.info.type == REGION_TAG_TYPE diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index 42a5afb..8b445aa 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -21,7 +21,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}21%{?dist} +Release: %{?snapver:0.%{snapver}.}25%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2 @@ -77,6 +77,11 @@ Patch174: rpm-4.11.x-define-PY_SSIZE_T_CLEAN.patch Patch175: rpm-4.11.x-python-binding-test-case.patch Patch176: rpm-4.11.x-Add-noplugins.patch Patch177: rpm-4.11.x-no-longer-config.patch +Patch178: rpm-4.11.x-Fix-off-by-one-base64.patch +Patch179: rpm-4.11.x-sources-to-lua-variables.patch +Patch180: rpm-4.11.x-Fix-Python-hdr-refcount.patch +Patch181: rpm-4.11.x-perl.req-skip-my-var-block.patch +Patch182: rpm-4.11.x-verify-data-range.patch # Filter soname dependencies by name Patch200: rpm-4.11.x-filter-soname-deps.patch @@ -101,6 +106,7 @@ Patch310: rpm-4.11.x-CVE-2014-8118.patch Patch311: rpm-4.11.3-update-config.guess.patch Patch312: rpm-4.11.x-man-systemd-inhibit.patch Patch313: rpm-4.11.x-quiet-signing.patch +Patch314: rpm-4.11.x-export-verifysigs-to-python.patch # Temporary Patch to provide support for updates Patch400: rpm-4.10.90-rpmlib-filesystem-check.patch @@ -324,7 +330,11 @@ Requires: rpm-libs%{_isa} = %{version}-%{release} %patch175 -p1 -b .py_size_test %patch176 -p1 -b .noplugins %patch177 -p1 -b .noconfig - +%patch178 -p1 -b .offbyone +%patch179 -p1 -b .sourceslua +%patch180 -p1 -b .hdrrefcnt +%patch181 -p1 -b .perlblock +%patch182 -p1 -b .verifysignature %patch200 -p1 -b .filter-soname-deps %patch201 -p1 -b .dont-filter-ld64 @@ -341,6 +351,7 @@ Requires: rpm-libs%{_isa} = %{version}-%{release} %patch311 -p1 -b .config.guess %patch312 -p1 -b .man-inhibit %patch313 -p1 -b .quiet-sign +%patch314 -p1 -b .verifysig %patch400 -p1 -b .rpmlib-filesystem-check %patch401 -p1 -b .disable-collection-plugins @@ -482,7 +493,6 @@ exit 0 %{_bindir}/rpmverify %{_mandir}/man8/rpm.8* -%{_mandir}/man8/rpm-plugin-systemd-inhibit.8* %{_mandir}/man8/rpmdb.8* %{_mandir}/man8/rpmkeys.8* %{_mandir}/man8/rpm2cpio.8* @@ -521,6 +531,7 @@ exit 0 %files plugin-systemd-inhibit %{_libdir}/rpm-plugins %{_libdir}/rpm-plugins/systemd_inhibit.so +%{_mandir}/man8/rpm-plugin-systemd-inhibit.8* %endif %files build-libs @@ -582,6 +593,22 @@ exit 0 %doc COPYING doc/librpm/html/* %changelog +* Fri Mar 17 2017 Panu Matilainen - 4.11.3-25 +- Really fix #1371487 + +* Thu Mar 16 2017 Florian Festi - 4.11.3-24 +- Fix include in patch for #1343692 +- Disable patch for (#1371487) temporarily + +* Mon Mar 13 2017 Florian Festi - 4.11.3-22 +- Move rpm-plugin-systemd-inhibit man page to that package (#1360706) +- Fix off by one error in base64 code (#1341913) +- Add sources to lua to prevent %%autosetup failing in some cases (#1359084) +- Fix refcounting for Python hdr objects (#1358467) +- Perl dependecy generator: Skip blocks after variable definitions (#1378307) +- Verify signatures properly (#1371487) +- Export function in Python binding for yum (#1343692) + * Tue Jul 26 2016 Florian Festi - 4.11.3-21 - Fix --sign for rpmbuild with --quiet (#1293483) - Adjusted fix for --noplugins option (#1264031)