| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Bump version and libtool revision, update translations.
|
|
|
|
|
|
|
|
|
|
| |
The old code just subtracted 8 bytes from the reserved space, but
that does not take tag alignment into account and led to the
signature header overwriting the package header.
We now use headerSizeof to calculate the real size difference.
(cherry picked from commit a76ca4d569f01e58bb7f0b678b7d50ea0626f11a)
|
|
|
|
|
|
|
|
| |
The 'nocontent' parameter is now always 0, and the 'exclusive' parameter
is now always 1 so they can be removed, along with the linkSane() helper
which becomes unused here.
(cherry picked from commit b58096e586fba3923c1ff6029b0e10ed02d6397d)
|
|
|
|
|
|
|
|
|
| |
This avoids having to reopen the file later on, which was problematic
in various ways: it was fundamentally incompatible with IMA (#333) and
also required validating the file wasn't changed in the meanwhile so
it simplifies things too.
(cherry picked from commit ef3ff412c33a71be6b3543a50c244377dff3d9e7)
|
|
|
|
| |
(cherry picked from commit 0afe0c3c6cba64d8b7adcdec6ed70f8d32961b58)
|
|
|
|
| |
(cherry picked from commit e276991614fd127f21aba94946f81f22cb7e6b73)
|
|
|
|
|
|
|
|
| |
Files that are not actually being installed (or removed) should not
fire triggers. Look at the file states on installed packages and file
actions on transaction elements to determine this.
(cherry picked from commit b22f9609d82625ec451d48515d6d318c5bf72d83)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up to now, actions of non-installed files (due to eg --nodocs) were left
uninitialized making us look kinda confused:
D: unknown 000000 0 ( 0, 0) 0 /usr/share/man/man1/telnet.1.gz
D: unknown 000000 0 ( 0, 0) 0 /usr/share/doc/telnet/README
D: unknown 000000 0 ( 0, 0) 0 /usr/share/doc/telnet
D: erase 100755 1 ( 0, 0)101848 /usr/bin/telnet
We know perfectly well what to do with them - they should be skipped. So
lets explicitly mark them that way, which makes the debug output more
sensible and the logic a wee bit mmore robust. However this is not supposed
to change any actual behavior. Supposed.
(cherry picked from commit 2d52726bd55f008ea23262c2a3a31ae689cd2af4)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no reason for this to be as evil as %pretrans, it's used for
entirely different purposes such as unregistering a whole bunch of
modules at once on the uninstall-transaction, and we don't want that
to happen if there were file conflicts present.
Additionally, file triggers should not fire on skipped / non-installed
files. This is currently not taken into account and not changed here,
but fingerprinting results are a pre-requisite for doing that.
(cherry picked from commit d83edaa2188ecd13fabbf1d779763dcc17bf1b93)
|
|
|
|
|
|
|
|
| |
There's no "this package" in %transfiletrigger concept, eliminate
misleading copy-paste comments (this is relevant inside psm).
Use actual trigger names to make it easier to see what is what.
(cherry picked from commit 20c9f258b5f645e3a3a68757a9be9915d67b248b)
|
|
|
|
|
|
|
|
|
| |
Besides testing the output length sanity, add provisions for testing
scriptlet arguments too. All those zeros are technically wrong, but it
simply reflects what is implemented, there's no attempt at providing
anything else to the file triggers atm.
Backported from commit c6170c6c060af1a3b2c35635aeec9fb65ff8b491
|
|
|
|
|
|
|
|
|
| |
A prefix can have arbitrary number of matches within a given header,
but each header should be fed into the file list iteration just once.
Otherwise we end up feeding the same file list over and over to the
scriptlet - hundreds of megs or gigs of waste in worser cases.
(cherry picked from commit e6effe3c91b66e822db571d3129e49164ddc45ba)
|
|
|
|
| |
(cherry picked from commit 5dc33a852d83a63e55fbd000c60a29a7d2822ed7)
|
|
|
|
| |
(cherry picked from commit fc132e525a0fee21f47597bef9a757cb8d3ba6b6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Trigger indexes need to be reset to zero when the package changes,
otherwise only the first %transfiletriggerpostun encountered will
get stored and run.
This bug has been there since introduction of file triggers so 4.13.x
and 4.14.x are affected and will need updates. Besides triggeres just
not executing, I suppose this might in some circumstances cause wrong
triggers executing.
Trigger indexes must be reset to zero when package changes.
(cherry picked from commit db1b99db2543b2c2526a2e116daeffa0498d5de4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Triggers and file triggers can and do execute scriptlets from installed
packages which are not part of the current transaction and thus have no
associated transaction element, making the scriptlet callbacks
inconsistent and cumbersome for API users.
Create a fake transaction element for the poor orphan scriptlets lacking
one to make it consistent (of course, creating rpmte's with all their
associated data just to pass a header pointer along is ridiculously
expensive but *shrug*).
Regular triggers used to execute in the context of the triggering
transaction element, make them run with the owning trigger header too.
(cherry picked from commit 6d610e9b9a906548ce44265d7f36199441ea8bca)
|
|
|
|
|
|
|
|
| |
The file trigger diagnostics are ambiguous with regular triggers,
but "triggerpostun" is much closer to the mark and easier to
debug than "unknown".
(cherry picked from commit 61aef0f8357a9c12bba72e00e4e7c9bc73ecdd16)
|
|
|
|
|
|
|
| |
This was only really meant for install/erase goals, and is not really
meaningful for scriptlet goals which came much later in the history.
(cherry picked from commit 9b4bcd15a3e9817dba1262eba24b0916a9f2c05e)
|
|
|
|
|
|
|
|
| |
The header of the rpmte is only available after rpmteOpen().
Added num param to rpmteProcess to be able to signal the progress to the
callback.
(cherry picked from commit 124ed29259b05fdf574d5e3e145bc1201b24ae4d)
|
|
|
|
|
|
| |
Guide users to the correct operator instead.
(cherry picked from commit 99e6de810904c2b9d32341832f541108c196cc97)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An (A unless B) dependency implements (A and not(B)). This kind is useful
for "or" type dependencies, e.g. "Conflicts" or "Supplements".
As "Conflicts: (A unless B)" is equivalent to "Requires: (B if A)", I
thought this type is not needed. But there is no such equivalence
for Supplements, thus the change in mind.
Like with "if" we also have a syntactic sugar "else" flavor:
(A unless B else C) is the same as ((A unless B) or (B and C))
This commit also makes the "else" handling code in depends.c much
easier to understand.
(cherry picked from commit 37982efbacdc2ccc00cea988a049dfa32749936f)
|
|
|
|
|
| |
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
(cherry picked from commit 456d0e590e1e65da34104bb3ae6bce4f2a5082f0)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike the other rich rependencies they work by evaluating package
sets. This means, "Requires: (foo with bar)" is only fulfilled
by a package that provides both foo and bar. In comparison,
"Requires: (foo and bar)" can be fulfilled by two different
packages.
Without implements set subtraction, e.g. "Requires: (foo without bar)"
is only fulfilled by a package that provides foo but not bar.
(cherry picked from commit dac1c702562f57bd7ab080172d7e228cda25a819)
|
|
|
|
|
|
|
| |
It returns the index of a transaction element in the available
packages list, or (unsigned int)-1 if not fould.
(cherry picked from commit 87b8b19eba9207d6c4d30793bec5a2b8044ecadb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This brings rpmdbSortIterator in line with its documentation.
Note that there is a catch: this change also makes the dbiIndexSetPrune
function work different! It used to delete all items that had a
matching hdrNum, after the change only the one is deleted that also
has a matching tagNum. I consider this a bug fix.
Note that dbiIndexSetPrune is only used in the db3.c backend to remove
index entires, if we really want the old behavior we should add a
new dbiIndexSetPruneHdrnum function.
Also remove assertion when trying to sort an empty set.
(cherry picked from commit eb6b13f9a75ba744c88f5a74f183a210554a5c0c)
|
|
|
|
|
|
| |
They will be used to resolve "with" rich dependencies.
(cherry picked from commit 8a06ede5139abd621b7d4734e5206dd97c763d41)
|
|
|
|
|
|
| |
Also make pruning from an empty set non-fatal.
(cherry picked from commit 8d54160ecea351e5b5ef055ceb1378cb6adaf8e4)
|
|
|
|
|
|
| |
Easier to use and faster than creating a record and using dbiIndexSetAppend.
(cherry picked from commit a0e92e8b1f00ec3520a08279c59e9af1c97ca953)
|
|
|
|
|
|
|
| |
Implement dbiIndexSetAppendSet in terms of dbiIndexSetAppend. Also,
appending an empty set is not an error.
(cherry picked from commit cb9bbf9d7da7cf1e7fc66cdac0a0cf4549b4e4c7)
|
|
|
|
|
|
|
|
|
|
| |
In case that binary compiled from source generated in /tmp, a
/usr/src/debug/tmp directory will be created with the same mode as
/tmp, a.k.a 777, which should be avoided.
Fixes: rhbz#641022
Backported from commit c707ab26362e795d3f9dba4eb87dc7ed99a28bcb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fix for rhbz#444310 (commit c1a5eb - Include empty CU current dirs)
was a little greedy. It would also include comp_dirs outside the build
root. Those are unnecessary and we don't have a good way to store them.
Such dirs (e.g. /tmp) would then show up at the root of /usr/src/debug.
Fix this by including only comp_dirs under base_dir. Also only output
all dirs once (during phase zero) and don't output empty dirs (which
was harmless but would produce a warning from cpio).
This still includes all empty dirs from the original rhbz#444310
nodir testcase and it is an alternative fix for rhbz#641022
(commit c707ab).
Both fixes are necessary in case of an unexpected mode for a directory
actually in the build root that we want to include in the source list.
Signed-off-by: Mark Wielaard <mark@klomp.org>
Backported from commit e795899780337dea751d85db8f381eff3fe75275
|
|
|
|
|
| |
rpmtdFreeData resets td.count to 0, so the whole thing never worked.
Better late than never, they say.
|
| |
|
|
|
|
|
|
|
|
|
| |
The tests from commits f2d3be2a8741234faaa96f5fd05fdfdc75779a79 and
c815822c8bdb138066ff58c624ae83e3a12ebfa9 assume per-user groups,
but this is not a generally valid assumption and causes unnecessary
bogus failures in the test-suite in some setups (eg mock)
(cherry picked from commit 92b718bb0e98ecaea6d4229eab9ef3bc0220d9c2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only follow directory symlinks owned by target directory owner or root
during verification to match the behavior of fsmVerify() in the new
CVE-2017-7500 world order.
The code is klunkier than it should and the logic should use common code
with fsmVerify() instead of duplicating it here, but that needs more
changes than is comfortable to backport so starting with this.
Also worth noting that the previous "follow the link" logic from
commit 3ccd774255b8215733e0bdfdf5a683da9dd10923 was not quite right,
it'd fail with RPMVERIFY_LSTATFAIL on a broken symlink when it should've
ran verification on the symlink itself. This behavior is fixed here too.
Finally, once again fakechroot gets in the way and forces the related
verify testcase to be changed to be able to create a valid link. Reuse
the replacement testcase for the purpose and add another case for
verifying an invalid link.
Backported from commit c815822c8bdb138066ff58c624ae83e3a12ebfa9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only follow directory symlinks owned by target directory owner or root.
This prevents privilege escalation from user-writable directories via
directory symlinks to privileged directories on package upgrade, while
still allowing admin to arrange disk usage with symlinks.
The rationale is that if you can create symlinks owned by user X you *are*
user X (or root), and if you also own directory Y you can do whatever with
it already, including change permissions. So when you create a symlink to
that directory, the link ownership acts as a simple stamp of authority that
you indeed want rpm to treat this symlink as it were the directory that
you own. Such a permission can only be given by you or root, which
is just the way we want it. Plus it's almost ridiculously simple as far
as rules go, compared to trying to calculate something from the
source vs destination directory permissions etc.
In the normal case, the user arranging diskspace with symlinks is indeed
root so nothing changes, the only real change here is to links created by
non-privileged users which should be few and far between in practise.
Unfortunately our test-suite runs as a regular user via fakechroot and
thus the testcase for this fails under the new rules. Adjust the testcase
to get the ownership straight and add a second case for the illegal
behavior, basically the same as the old one but with different expectations.
(cherry picked from commit f2d3be2a8741234faaa96f5fd05fdfdc75779a79)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Open newly created files with O_EXCL to prevent symlink tricks.
When reopening hardlinks for writing the actual content, use append
mode instead. This is compatible with the write-only permissions but
is not destructive in case we got redirected to somebody elses file,
verify the target before actually writing anything.
As these are files with the temporary suffix, errors mean a local
user with sufficient privileges to break the installation of the package
anyway is trying to goof us on purpose, don't bother trying to mend it
(we couldn't fix the hardlink case anyhow) but just bail out.
Based on a patch by Florian Festi.
(cherry picked from commit 404ef011c300207cdb1e531670384564aae04bdc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Back in 2011 "somebody" forgot to apply brain when copying the return
type of "long" from ftell() to the Ftell() implementations within rpmio
(commit 61f5838aa849b8a75f7f08a33c868b518e1ccd44).
Fast-forward six years and suddenly TexLive in Fedora no longer builds
on 32bit architectures due to that thinko, appearing to be a regression
in commit 7d1a303c456ce459cf550e8154fa4b6f29012b05. However that only
exposes the inner flaw of Ftell() as the code now relies on values
past the initial header range, for which the 2G of "long" has been more
than enough on 32bit architectures too.
Doh, dude...
(cherry picked from commit 90802a894ad75df3a94edbe66a901fca006e65ee)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Directory names as stored in RPMTAG_DIRNAMES are not sorted when
separated from basenames, so binary search has no chance of working.
While a linear search on the dirnames would be guaranteed to find *some*
matches when they exist, it could still miss some results as the
matches are not guaranteed to exist in a neat low-high range.
Construct the entire pathname for prefix comparisons to ensure sorted
paths and adjust the file trigger testcase to cover this too.
Thanks to Pascal Terjan for initial investigations and Thierry
Vignaud for providing a workable reproducer.
(cherry picked from commit e760730738a2383f3ab2d558a3f2bff9d4450044)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All these years BDB has been relying on undefined behavior by storing
POSIX thread objects in its persistent environment files (for the long
story, see RhBug:1394862). As a side-effect of fixing it in BDB,
all sorts of creatures from dark corners are getting dragged into
the daylight: rawhide glibc gets updated a lot and we're getting
DB_VERSION_MISMATCH hits from rpm queries from package scriptlets
(told you so...), other tools not closing their database handles
when they should etc etc. This lets those cases continue "working"
to the extent they always did (ie unreliably) for now.
We should log some diagnostic message in this case, but coming up
with an understandable and reasonably short message for this mess
isn't that easy :)
(cherry picked from commit 2822ccbcdf3e898b960fafb23c4d571e26cef0a4)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only permit automatic fallback to the essentially lockless operation
of DB_PRIVATE when read-only database is requested. This isn't exactly
correct, as readers need locks for correct operation just like writers do,
but at least in the readonly case the database wont be damaged.
The exception to the rule is systems which don't support the shared mapping
at all so we don't have much choice. Explicitly configured
I-know-what-I'm-doing DB_PRIVATE is not affected either.
(cherry picked from commit 70a1efa52b2c442308fd1ddfd706770b6515a2c5)
|
|
|
|
| |
(cherry picked from commit 9a0afef3397ea0899303b4bbb722cdf4fd2bd6ff)
|
|
|
|
|
|
|
|
|
|
| |
Commit 8192746196745e15517e49230de183a0211017b6 enabled digest checks
for empty files, which is fine for modern era packages but rpm didn't
always generate a proper digest for them. Handle that as the special
case it is: preserve the digests checks as they are, but additionally
test and accept zeros too for MD5-era zero-length files.
(cherry picked from commit ab052ab775a789afc02cc9691b2e0526573bbea7)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some testcases we extract the BuildID with the file command.
Unfortunately the file command output changed slightly between versions.
Make the sed regexp more strict by only matching a hex-string.
Also properly "escape" [ and ] which inside an AT_CHECK should be [[ and ]].
Tested against file versions 5.11, 5.29 and 5.30.
Signed-off-by: Mark Wielaard <mark@klomp.org>
Backported from commit f0a581925ad4c948dc58cc8f9a55399ad8de351e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In %trace mode, evaluating a macro which is undefined causes an invalid
read of 1 byte when searching for the end of the string:
trillian:~$ valgrind rpmspec --eval '%trace' --eval '%{?myUndefinedMacro}'
==21534== Memcheck, a memory error detector
==21534== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==21534== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==21534== Command: rpmspec --trace --eval %{?myUndefinedMacro}
==21534==
1> %{?myUndefinedMacro}^==21534== Invalid read of size 1
==21534== at 0x55018D4: printMacro (macro.c:296)
==21534== by 0x5502DFC: expandMacro (macro.c:1077)
==21534== by 0x5503710: doExpandMacros (macro.c:1280)
==21534== by 0x5504AB6: rpmExpand (macro.c:1629)
==21534== by 0x508F59A: rpmcliAllArgCallback (poptALL.c:120)
==21534== by 0x6DAF71D: invokeCallbacksOPTION (popt.c:156)
==21534== by 0x6DAF75B: invokeCallbacksOPTION (popt.c:139)
==21534== by 0x6DB1428: poptGetNextOpt (popt.c:1515)
==21534== by 0x508F912: rpmcliInit (poptALL.c:302)
==21534== by 0x1095B2: main (rpmspec.c:63)
==21534== Address 0x8a010f3 is 0 bytes after a block of size 19 alloc'd
==21534== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==21534== by 0x5507C17: rmalloc (rpmmalloc.c:44)
==21534== by 0x5502788: expandMacro (macro.c:927)
==21534== by 0x5503710: doExpandMacros (macro.c:1280)
==21534== by 0x5504AB6: rpmExpand (macro.c:1629)
==21534== by 0x508F59A: rpmcliAllArgCallback (poptALL.c:120)
==21534== by 0x6DAF71D: invokeCallbacksOPTION (popt.c:156)
==21534== by 0x6DAF75B: invokeCallbacksOPTION (popt.c:139)
==21534== by 0x6DB1428: poptGetNextOpt (popt.c:1515)
==21534== by 0x508F912: rpmcliInit (poptALL.c:302)
==21534== by 0x1095B2: main (rpmspec.c:63)
==21534==
1> %{?_transaction_color}^
1> %{?_prefer_color}^
1> %{_netsharedpath}^
1> %{_install_langs}^
==21534==
==21534== HEAP SUMMARY:
==21534== in use at exit: 7,183 bytes in 71 blocks
==21534== total heap usage: 7,811 allocs, 7,740 frees, 3,500,361 bytes allocated
==21534==
==21534== LEAK SUMMARY:
==21534== definitely lost: 19 bytes in 1 blocks
==21534== indirectly lost: 0 bytes in 0 blocks
==21534== possibly lost: 0 bytes in 0 blocks
==21534== still reachable: 7,164 bytes in 70 blocks
==21534== suppressed: 0 bytes in 0 blocks
==21534== Rerun with --leak-check=full to see details of leaked memory
==21534==
==21534== For counts of detected and suppressed errors, rerun with: -v
==21534== ERROR SUMMARY: 5 errors from 1 contexts (suppressed: 0 from 0)
trillian:~$
This can easily be avoided by checking the first byte as well as the
second for our sentinal value (NUL).
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit bf248badd38b11951255aad30c43d3f492326516)
|
|
|
|
|
|
|
|
| |
After creating a specPkg from a spec file we must increase spec file
reference counter. Otherwise spec file may be accidentally deallocated
and usage of SpecPkg can cause an error.
(cherry picked from commit 34b61a1f82f6f9b675ab4ca820b6255af63680f1)
|
|
|
|
|
|
| |
Check for string class explicitly, treat others as errors.
(cherry picked from commit f38bf589bf0bfe90540a51c3da9a516f1c53c0e5)
|
|
|
|
|
|
|
| |
Use the proper rpmtdGetString() accessor function which knows how
to deal with array types too.
(cherry picked from commit e9e637e2559926ef0d4aa3f7cf686d1944e1d036)
|
|
|
|
| |
(cherry picked from commit eb632e5158fa4ef993b0e5df2a354f0be7a7a71d)
|
|
|
|
|
|
|
|
|
| |
Rather embarrassingly, rpm 4.13 fails rpmkeys -K signature verification
of rpm 4.14 packages because it doesn't really ignore unknown
signature tags like it claims to, and should. And so it reports a
bogus failure on the new SHA256 header-only digest. This bug as it is
only exists in 4.13.x, older versions are fine and >= 4.14 only
ever looks for tags it knows about.
|