| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
A malformed header with no zeros in it could've easily walked off the
edge of the world here. That it happens while trying to validate the
tag data content is the height of embarrasment of sorts.
(cherry picked from commit d8bfe732572e8295015a372348dd13bdecb40f8c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Checking whether data start offset is within header data area is of no use
whatsoever if the entire chunk doesn't fit. Validate the entire data
fits within range and that it does not overlap, however with string
types we can only check the array size is sane but we cant check the
actual content.
Adjust the upper limit for region trailer in headerVerifyRegion() so
it fits the new rules, but in reality calling headerVerifyInfo() for
the region tags is rather pointless since they're so different.
Partial fix for RhBug:1373107.
(cherry picked from commit 89dce2b91d7d73a1e225461a7392c3d6d7a30a95)
|
|
|
|
|
|
|
|
| |
Merge pre-existing contributions with names from git shortlog (now that
we have a reasonable mapping), all names in alphabetical order.
(cherry picked from commit ef656ca6a6edb75dd9e9ee5801c7ac3357de9f4d)
(cherry picked from commit 49f06a1d96200f17f09e22e62b3c71221272b3fe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of hardlinked files, we first create a zero-length file
to which all the links are created, the content comes in the last
link. When the links have been created with no permissions at all
(as per commit 7e26e2bd726f48836be289400c7d82cb8b067dc1), reopening
the final file for writing the actual content fails for non-root users.
Which breaks installation of hardlinked files for regular users,
including our testsuite.
Creating the files with write-only permissions solves the issue - we
*are* writing to these files afterall so it only makes sense.
This doesn't stop root from reading the file but neither does zero
permissions so no change there. But if somebody reads a file with
write-only permissions and gets garbage, at least we get to tell
them "told you so".
(cherry picked from commit 6e7c6d1a18aa14fc7a980c43d980a26d82f785c4)
|
|
|
|
|
|
|
| |
As we are calculating the check sum while writing we only know the file
content is correct after it being written comletely. CVE-2013-6435
(cherry picked from commit 7e26e2bd726f48836be289400c7d82cb8b067dc1)
|
|
|
|
|
|
|
| |
This could lead to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file.
Fixes: rhbz#1168715, CVE-2014-8118
(cherry picked from commit f255c6bdb27ad1512c043a64195410d46996395a)
|
|
|
|
|
|
| |
Fixes segfault when reading tampered package without any of the NEVRA tags.
(cherry picked from commit b4f0e7ef184f2cdfcee5289108763e46be9438db)
|
|
|
|
|
|
|
| |
Just skip duping of NULL and return it. Returned NULL is handled in
upper layer.
(cherry picked from commit cddf43a56f19711866371f02f378dc4095b0fadd)
|
|
|
|
|
|
| |
When it is read from index higher than size of rpmtd, return "(none)".
(cherry picked from commit b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
package.c:
This one is definitely an error (See commit 57000e976b1e5ed2c3c1e78567cd
stating "No functional changes").
rpminstall.c:
Judging by the code above, we should set eiu->fnp to NULL only on error,
but it happens every time we reach function end.
Signed-off-by: Boris Egorov <egorov@linux.com>
(cherry picked from commit dddc6e7be597e787917009c3d892ebe29c99eff8)
|
|
|
|
| |
(cherry picked from commit 9c36ca411332d2718eca339e867561c39abc256b)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Older rpm (< 4.11) sometimes packaged %ghost files into payload,
at least in case of a hardlinked file marked as %ghost. Just skip
them if encountered in payload, whereas older rpm thought of these
as actual hardlinks (including 'rpm -qlv' output) but handled
(whether accidentally or otherwise) somewhere in the fsm. Thanks
to Florian for pointing out this correct fix instead of reverting
back to former behavior.
- Depends on commit d85dc92e8d7fb50d16f49faa1e88c85fdc526199.
(cherry picked from commit bcb5fb50ddccdbccf6f096d0c574184c7b82c4b8)
|
|
|
|
| |
(cherry picked from commit 051ca9ec7f3c386877f9c0faa77d577f891d3a59)
|
|
|
|
|
|
|
| |
- Fix regression from commit 68bddc353a7ea87ea00ad957858cd509e845e84c,
accessing a 64bit int as if it were a 32bit one doesn't make it one.
(cherry picked from commit 104856ea17161eb3a508913c2b7ed701f2e4f6aa)
|
|
|
|
|
|
|
|
| |
for the remaining tests.
Also add a Provides: /bin/sh to one of the specs as the test does no longer
works without for some unknown reason.
(backported from commit 394cbfb668655f7aa10ff6b178ec92b44a117ea6)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fakechroot returns -ENOENT for such paths:
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls /not_an.rpm
/not_an.rpm
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls $PWD/not_an.rpm
ls: cannot access /home/mmarek/GIT/rpm/not_an.rpm: No such file or directory
Signed-off-by: Michal Marek <mmarek@suse.com>
(backported from commit 3a392532b0074bb7744c4d682f52834e942f50a2)
|
|
|
|
|
| |
- Bump version
- Bump library revisions
|
|
|
|
| |
(cherry picked from commit 00b336b45a470eaed7009038a623169aff9d16f0)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fixes regression from commit 7f84a126ab43f2d0163911100b4432364d0952a6
which causes archive size to be determined before closing the archive
when closing actually writes the cpio trailer into the archive. Thus
RPMTAG_ARCHIVESIZE (and RPMTAG_LONGARCHIVESIZE) are off by the
cpio trailer size in all packages built with rpm 4.12.0 and
pre-releases :(
- Move rpmcpioFree() to rpmfiFree() to allow Tell() on the archive
after closing it, swap to original order of things on build-side.
(cherry picked from commit a655cee655f7a2b8b4c7ae214afceefa986378f5)
|
|
|
|
|
|
|
|
|
|
|
| |
- As hysterical as it seems, people keep banging their heads into this:
older distros have these invalid dependencies deployed etc and people
do expect to create srpms and do test-builds on newer distros they're
running themselves. Which, put that way, seems rather reasonable...
- For history reference, the sanity check was originally introduced in
commit b2cf1471bbe2c35e3c36510a9e3f59919d8ed2c8 and
67ccf8d99630f4edad0ea16dddaca0a3355fba00,
- Backported from commit 1b3f7547c532b1f5ad68228571f1716d5be5b455
|
| |
|
|
|
|
|
|
| |
- configure.ac is where the version is defined, so...
(cherry picked from commit 297eb7ae2f792bf55f4a4d0674800b3ccb6b43af)
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Commit 0bda2faa4de368a87f85084856a5fed701774acb fixed manual
dependencies in rpmspec queryies, but missed automatic self-provides.
Add the self-provides before the first round of header dependency
population to fix. SIGH.
- Another sorta related side-effect is that the exact order of rpmspec
output changes as things are now properly sorted, previously it
was a mixed bag.
(cherry picked from commit 4bc2900baee9ff289dabc47609059accc0f39983)
|
|
|
|
|
|
|
|
|
|
| |
- Yet another regression from the recent dependency refactoring and
ensuing patches-on-patches-on-patches work: some rpmlib() dependencies
(payload, tilde) are added as late as writeRPM(), those have been going
to /dev/null recently.
- The fix actually removing code is probably a good sign...
(cherry picked from commit cac311c2ddb43b62ad9dbdb5543d50848eb9fd65)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Commit 547a004b7e1e9e5a5d6cc04ce0539242bff5e592 introduced a regression
on stacked io Fclose() return code, details at
http://lists.rpm.org/pipermail/rpm-maint/2014-August/003731.html
- The original code seems fishy in other ways (missed errors), this
hopefully fixes both cases by only attempting to close actually
open fdno's and only considering actual closes for error codes.
(cherry picked from commit 0ffc0e29e949c63b897fb87bd705e0fb8d0990f9)
|
|
|
|
| |
(cherry picked from commit 0ab486b8e169edbe66870f5ff43f9dd07ffd2655)
|
|
|
|
|
|
|
|
| |
- Another regression from the recent rpmfc work, in rpmdeps context
there's no spec or packages from it. Allocate a dummy package so
we have some place to store the dependencies. And yes its ugly.
(cherry picked from commit 49f2bb7d8fd91f2d8b22bf7128fd3defe4ed5434)
|
|
|
|
|
|
|
|
|
|
| |
- Commit 0bda2faa4de368a87f85084856a5fed701774acb caused a regression
where rpmlib() dependencies are no longer added to src.rpm packages
as the header is populated early, whereas rpmlib() dependencies
get added late in the game. So nothing was pushing the rpmlib
stuff to header. Sigh.
(cherry picked from commit 8b540fbf1bb77320772b87d40518d761f62752b3)
|
|
|
|
|
|
|
|
|
| |
- Since commit a357c99c58a5e1367160dfa692f26d14bd3a3df1 the dependencies
are no longer in the header so there's little to print from there.
As it happens things are much saner this way, we no longer need
to create rpmds'es just to print stuff.
(cherry picked from commit 404f053f7829fa859209ded8399243dba851f263)
|
|
|
|
|
|
|
| |
It always created a triggerindex array and also did not correctly
initialize it with -1.
(cherry picked from commit 1f22cc40518b3f671201803c5f937fae6b6afe63)
|
|
|
|
|
|
|
|
| |
- Didn't realize there's rpmdsTagTi() now, which is fit for this
purpose and doesn't look as much out of line with the others.
No functional changes here though.
(cherry picked from commit 6ee2468934b45c1c9d1b84b1ba70fe44373425c9)
|
|
|
|
|
|
|
|
|
|
| |
- Fixes regression introduced in the regression-fix
commit 0bda2faa4de368a87f85084856a5fed701774acb, *facepalm*
- Unlike other dependency types, trigger dependencies involve a fourth
tag which we forgot to delete before adding again, causing duplicate
trigger indexes
(cherry picked from commit 1566c18b6efbda7b4c367f4c0ee31b4d5be2d2fe)
|
|
|
|
| |
(cherry picked from commit aca73ad405c03e2f4879781d2af85b7c3d2d736f)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Similar to commit 1b41c91431d37295701281ff208f99a51f660c89, rpmspec
and other tools expect to find manually specified dependencies
from the headers of a freshly parsed spec. This means we need to
add this cruft two times: once for the manual dependencies and then
scratch all that and redo from start after automatic dependencies
have been discovered at the end of package build.
- Fixes another regression (rpmspec dependency queries went dead)
introduced in commit a357c99c58a5e1367160dfa692f26d14bd3a3df1
(cherry picked from commit 0bda2faa4de368a87f85084856a5fed701774acb)
|
|
|
|
|
|
|
| |
- Two typos in previous commit, I fail to see how I managed to test
this as "working"
(cherry picked from commit cea90b92bbd7ac9bf82a6d8216325bf2a1d9f6d1)
|
|
|
|
| |
(cherry picked from commit 2d2b90b5babe17ea90556901d9d65b2166374df4)
|
|
|
|
|
|
|
|
|
| |
- BuildRequire checking requires a header populated with dependencies,
commit a357c99c58a5e1367160dfa692f26d14bd3a3df1 changed this to
occur too late for this purpose. Move to initSourceHeader() seems
to fix, also goes to show we dont have a test-case for buildrequires...
(cherry picked from commit 1b41c91431d37295701281ff208f99a51f660c89)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Look at all providers and calculate a simple score for them:
We want to prefer self-provides during ordering (RhBug:1111349)
but only when other things are equal, coloring needs to prevail.
Otherwise ordering can miss crucial dependencies to the preferred
arch packages whose files are actually laid down: eg on x86_64
Fedora, both glibc.i686 and glibc.x86_64 provide and require
/sbin/ldconfig, but only installing glibc.x86_64 will actually
get the file on disk for itself and others to use, so glibc.i686
cannot satisfy its own /sbin/ldconfig provide, crazy as it is.
- Also fixes a memleak on self-provided dependencies introduced
in commit 6b6f8e6ecba05c69e4ecfc0ef6981a920b4b0eb6
(cherry picked from commit 9b2810544cbd30f692456344ed8d8a0d7a96fc18)
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Strip any prefixes and convert all paths to relative in rpmfnFindFN()
and to match that, convert directories to relative in cmpPoolFn().
This covers looking up "normal" absolute paths, payload paths with
or without prefix and also srpm paths which have always (?) been just
simple non-prefixed basenames.
- Fixes a regression introduced during payload refactoring, possibly
commit 3c28dcdb6546a2be543ef3beeb893d071fc73205
(cherry picked from commit 563e57d5c6497d215c1b89557dc2e723c53ef772)
|
|
|
|
|
|
|
|
| |
The code used to loop over all dependencies instead of using
the information from the database.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
(cherry picked from commit 72d40ba49a4c889906be6322444746dffa66e00e)
|
|
|
|
|
| |
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
(cherry picked from commit 3830e018c034f4da8296b17ce87b529f544c3745)
|
|
|
|
|
|
|
|
|
|
| |
This speeds up erasure/update of packages with a large amount of files
quite a bit. The cost of building the cache seems to be just a couple
of msecs, and it just needs to be done once for the complete transaction
set.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
(cherry picked from commit 0f5cc1bf4ad7f67da9e1e4186015a8a4af3e50f5)
|
|
|
|
|
|
|
|
| |
This makes the fingerprinting code work for file conflicts of
installed packages.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
(cherry picked from commit 5328f3f21494b6005d89cede75ec89fd17a7ca1a)
|
|
|
|
| |
(cherry picked from commit 5dfb6e662451ab69e7c3a98191ae773db97be39b)
|
|
|
|
|
|
|
|
| |
to prefere self provides.
This way the ordering code can ignore self provides and avoid unnessecary dependency loops as in rhbz#1111349
(cherry picked from commit 6b6f8e6ecba05c69e4ecfc0ef6981a920b4b0eb6)
|
|
|
|
|
|
|
|
|
| |
- Its never been used beyond assignment to the internal state struct,
so in reality this is entirely free of any rpmbuild-specifics.
Meaning we could trivially lift it to librpmio for macros...
- No functional changes here
(cherry picked from commit e49c51e451584d3229f629ed2923ccb34a94987b)
|
|
|
|
| |
(cherry picked from commit e6ea36806ba21cb1b4f72b28946528091b3fe635)
|