summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Preparing for rpm 4.15.1.1rpm-4.15.xPanu Matilainen2021-03-2240-823/+975
|
* Better sanity check for header entry countsPanu Matilainen2021-03-221-4/+3
| | | | | | | | | | | The count can never be larger than header data size, which can never be larger than 256MB. Most datatypes have further restrictions of course, this is merely an outer perimeter check to catch impossibly large values that could otherwise overflow all manner of trivial calculations. Addresses the point I missed in PR #1493 but with a much tighter limit. (cherry picked from commit d8fbddfa5051bdc1c71e16cb11f14d9fdc7f5c5e)
* Restore (some) compiler sanityPanu Matilainen2021-03-221-1/+1
| | | | | | | | | | | | | -fno-strict-overflow tells gcc and clang to handle signed integer and (at least on gcc) pointer arithmetic wraparound using twos-complement representation like deity intended. -fno-delete-null-pointer-checks tells gcc not to "optimize" away programmer added safeguards. Really. Suggested by Demi Marie Obenour. Backported from commit 5ee567ebd600c1dec4a9ceb6161d877d891d8594
* Update credits for a changePanu Matilainen2021-03-222-4/+43
| | | | | | Lotsa new names, many from translations but otherwise too. (cherry picked from commit 295c522ade98bd51ae674a35607a38276ed13163)
* Optimize signature header merge a bitDemi Marie Obenour2021-03-221-2/+6
| | | | | | | Look up possible offending tags from the main header first in a separate loop, this avoids having to re-sort after each headerPut() operation. (cherry picked from commit f7b97593af5cf818a5c6c5b9bc55bba6d08c9cb0)
* Be much more careful about copying data from the signature headerPanu Matilainen2021-03-221-61/+49
| | | | | | | | | | | | | | | | | | | Only look for known tags, and ensure correct type and size where known before copying over. Bump the old arbitrary 16k count limit to 16M limit though, it's not inconceivable that a package could have that many files. While at it, ensure none of these tags exist in the main header, which would confuse us greatly. This is optimized for backporting ease, upstream can remove redundancies and further improve checking later. Reported and initial patches by Demi Marie Obenour. Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ... Fixes: CVE-2021-3421, CVE-2021-20271 Backported from commit d6a86b5e69e46cc283b1e06c92343319beb42e21
* hdrblobInit() needs bounds checks tooDemi Marie Obenour2021-03-221-17/+31
| | | | | | | Users can pass untrusted data to hdrblobInit() and it must be robust against this. Backported from commit 8f4b3c3cab8922a2022b9e47c71f1ecf906077ef
* Fix a tiny memory leakDemi Marie Obenour2021-03-221-1/+3
| | | | | | Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN. (cherry picked from commit 9747a6af016a3458d54fe060777c95e3900b5fa4)
* Fix regression from commit 165330b7bf0757e30fa8a6de9998a564fb62796fPanu Matilainen2021-03-221-2/+7
| | | | | | | | | With the changed logic, the if-clause can fall through without ever initializing s. The exit code condition is getting more complicated now so move it to helper variable, assume failure for a safe default. Fixes: 165330b7bf0757e30fa8a6de9998a564fb62796f (cherry picked from commit 34f28c1492240c0a02b0abb13af7f1870197e41d)
* Avoid incrementing a pointer past the endDemi M. Obenour2021-03-221-4/+2
| | | | | | | | The ‘end’ parameter to ‘strtaglen’ might point past the end of an allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop without calling ‘memchr’ on it. (cherry picked from commit 165330b7bf0757e30fa8a6de9998a564fb62796f)
* rpmio: Fix lzopen_internal mode parsing when 'Tn' is usedVitaly Chikunov2021-03-221-0/+1
| | | | | | | | | | | When there is number after "T" (suggested number of threads or "0" for getncpus), lzopen_internal() mode parser would skip one byte, and when it's at the end of the string it would then parse undesired garbage from the memory, making intermittent compression failures. Fixes: 7740d1098 ("Add support for multithreaded xz compression") Signed-off-by: Vitaly Chikunov <vt@altlinux.org> (cherry picked from commit 405fc8998181353bd510864ca251dc233afec276)
* Tag data must have count greater than zeroDemi Marie Obenour2021-03-221-0/+9
| | | | | | | Zero counts are invalid, and they cause problems elsewhere. For instance, strtaglen() will suffer an integer underflow. (cherry picked from commit 5e40166380a450a36b302914be60fd004624f724)
* Verify that data does not overlap region trailerDemi Marie Obenour2021-03-221-0/+9
| | | | | | This is already checked for other header entries. (cherry picked from commit f29c43728c492b1dbfe50136d33bf12f3704d8a0)
* Work around buggy signature region preventing resigning (RhBug:1851508)Panu Matilainen2021-03-221-2/+10
| | | | | | | | | | | | | | | | Various proprietary packages in the wild have subtly malformed data in the signature header, in particular wrt the immutable region size, presumably from using some in-house/3rd party signing tools which do not understand the immutable region business at all. This can prevent resigning and signature deletion on such packages due to the more thorough checking that rpmsign does. As the old wisdom goes, be liberal in what you accept... we can easily work around the crud by just taking a fresh copy of the contents that are legit as such (otherwise the package would be uninstallable). (cherry picked from commit 8fefd2bd21b30996ad0748eab6baadf915610642) (cherry picked from commit 04b0d37cadbdd6483d3454963ea8ad2d13602112)
* Always close libelf handle (#1313)Florian Festi2021-03-221-1/+1
| | | | | | | | | | | Otherwise executables that are not proper elf files are leaking libelf handles. This results in file being left open (mmap'ed) and fails the build on NFS as those files can't be deleted properly there. Resolves: rhbz#1840728 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728 (cherry picked from commit 38c03ddb18e86c84d89af695f72442d8365eb64e)
* Add test for libtool versioning sanityPanu Matilainen2021-03-222-1/+18
| | | | | | | | Test that the shared objects created during compilation matches the expectations of the person bumping the libtool version, which is oh so easy to get wrong. This of course needs to be skipped for static builds. Backported from commit 1c6d2f9352537fe391237e292566224ca7d22515
* Add a "ci" make target for easy local runningPanu Matilainen2021-03-221-0/+5
| | | | (cherry picked from commit b50ed03bf09ab6190c4f64b5df295a7136055ee1)
* Pull CI image from registry.fedoraproject.orgPanu Matilainen2021-03-221-1/+1
| | | | | | | Dockerhub has added download rate limiting (and who could blame them) But our CI getting blocked because of other projects being busy downloading from Docker isn't so nice, hopefully Fedora's own registry lets us work around this.
* Hardwire the Fedora version used for CIPanu Matilainen2021-03-221-1/+1
| | | | | | | | | | | | | CI has been running on latest stable Fedora and rawhide, both of which can and do change outside our control and cause previously working code to stop building overnight due to new compiler versions etc being introduced. This is not a sane situation for mandatory CI, we need to be able to validate the codebase on a given version *before* moving to it. Setting the version in the Dockerfile instead of external scripts ties the codebase and validated versions together as they should. This still leaves us subject to updates breaking stuff, but that's a lesser evil, updates are generally welcome.
* Set rpm-maint list as the CI Dockerfile maintainerPanu Matilainen2021-03-221-1/+1
| | | | | Thanks to Igor for originally setting this up, but the project and its contents are maintained by a team, not individuals.
* Preparing for rpm 4.15.1rpm-4.15.1-releasePanu Matilainen2019-11-1839-5758/+6220
| | | | | Bump versions, and update reproducable builds test expectations for the new digests (from the version change)
* Resurrect our reproducable build testPanu Matilainen2019-11-181-1/+9
| | | | | | | | | | | | | | | | | | | We used to test against explicit digest values until commit e20527ae07e0a72eb8133d3ab5c2ddef2b5d6b39 changed the rpmkeys output to drop the actual values and breaking the reproducability test - it was now only testing whether the package we just built has intact digests. Doh. And because of that, commit fa303d5ba6bef5b4a44b884c6dadadc27b594caa was able to silently break setting buildtime from changelog (#932) and why commit 4b15a9e48bd3d4bef96e8a8865044346be20d6dc didn't require adjustment of the test-suite, and why addition of the alternative payload digest in commit 83a26ae9e19fa3526b7331e824e273521c27b0a9 didn't require changing this test. Maybe something else too. Doh. Backported from commit 7cb8ebdf92f7f3d42a12afb9720e142284e71810, 4.15.x doesn't have PAYLOADDIGESTALT so the original test will fail and the digests are different too.
* Preserve processing order in file classificationPanu Matilainen2019-11-181-2/+2
| | | | | | | | | | | | | | | The order of file classification isn't interesting in itself, but arbitrary order makes contents of RPMTAG_CLASSDICT non-deterministic which is not nice for reproducable builds. Tell OMP to handle the class dictionary in order. Cancellation points are not allowed in ordered construct so we need to drop that. It doesn't change the actual results, just means that we run a little longer in case errors are encountered. Fixes #934 (cherry picked from commit 3691d99c8bf8c81a3130333f9cbfaef704b8686f)
* Only calculate buildhost and buildtime during an actual buildPanu Matilainen2019-11-182-50/+49
| | | | | | | | | | | | | | | Commit fa303d5ba6bef5b4a44b884c6dadadc27b594caa moved buildhost and buildtime calculation out of the package generation to early spec initialization, but this broke reproducable builds: if buildtime is to be set from changelog, changelog needs to be parsed first. So either we need to do it twice or we need to do it right, and besides avoiding duplication, conceptually these values are only meaningful during a build and not a parse, so this restores that part of the original code while keeping things thread-safe. Fixes: #932 (cherry picked from commit d16b082354ad9defbdc85e9c60c7105eecb76464)
* Fix Icon tag crash on src.rpm build, regression in 4.15.0 (RhBug:1769579)Panu Matilainen2019-11-181-0/+1
| | | | | | | | | | | | Commit e68eb68c4a6c3635b8cf58a05277f7da49058d16 introduced a regression on Icon tag causing a crash on source rpm build, due to spec->numSources being off by one if an icon was present. A nicer fix would be eliminating numSources entirely but it's not as easy as it should be due to dynamic buildrequires messing with it, leaving that for another time. (cherry picked from commit 4e1fe6af0b9b2d3155605e4416dbbb7d7cf09e35)
* Document popt build-requirement and point a download locationPanu Matilainen2019-11-181-0/+4
| | | | | | | | | | Oops, all this time our most important build-dependency had been missing. Add a version recommendation too - while rpm almost certainly works with 1.12 and 1.11 too, those are getting *really* long in the tooth, and 1.13 has an important type fix in poptGetOptArg() return value so might as well use that as the base. (cherry picked from commit 2c5794469188ab7a6e7e930ff167bfa0e08f2415)
* Fix ancient memleak on %setup argumentsPanu Matilainen2019-11-181-2/+2
| | | | | | | poptGetOptArg() returns malloced strings and caller needs to free. This will still leak on error paths but at least normal use is covered. (cherry picked from commit af73aba20f856de3ebc9751166a2364e795b199d)
* Fix ancient memleak on %patch -P from unused popt arg pointerPanu Matilainen2019-11-181-2/+2
| | | | | | | | | | | -P can appear multiple times so a string arg pointer is not the right thing here in any case. There are other similar and related leaks all over the codebase but this is especially insulting as the leaked pointer was never used for anything at all. Thanks for Peter Jones for pointing this out. (cherry picked from commit 29d70efb1d9b2161f3fcdbdf71945d6c7308432d)
* Fix memleak on %generate_buildrequires usagePanu Matilainen2019-11-181-0/+1
| | | | | | Leak introduced in commit 58dcfddc376a7c97de1432f0082be0d5f01adbcd (cherry picked from commit 97a873aff54ebc9801d0d6663da6a084055443e4)
* Handle incomplete escape seq in queryformat (RhBug:1755230)Michal Domonkos2019-11-182-0/+19
| | | | | | | | | | | | | | Previously, we assumed a backslash character would always be followed by a character to be escaped, and advanced our "start" pointer by two places before the next iteration. However, this assumption breaks if the lonely backslash happens to be the last character in the query string, in which case we would end up pointing beyond the \0 and let the parser wander into the unknown, possibly crashing later. This commit ensures we detect this corner case and error out gracefully with a message. (cherry picked from commit 1cb3be0009fbfd5549844ec361cc1ae5efa9c153)
* Resurrect --prtpkts debug switch functionalityPanu Matilainen2019-11-182-4/+4
| | | | | | | | Move the _print_pkts global to librpmio where the two relevant users can actually access it, and make them use it. This has been broken for years... (cherry picked from commit d609a426f66d3868b50bcd3a2038fb264fd2ab40)
* Only permit comments at beginning of line in file manifests (RhBug:112727)Panu Matilainen2019-11-181-1/+2
| | | | | | | | We only permit comments at beginning of line in specs and macro files too, of all things file manifests don't need anything fancier. Resolves the oldest rpm bug in RH bugzilla, only took 16 years... (cherry picked from commit 63930cd5244bd646d226b73dd43a2a3e681c58ad)
* Flag build-time rpmlib() dependencies in src.rpm as missingokPanu Matilainen2019-11-182-3/+7
| | | | | | | | | | | | | | | | | | | rpmlib() dependencies are an install-time barrier, but dependencies in src.rpm are considered build-time dependencies. This paradox is the crux of the problem in https://pagure.io/copr/copr/issue/1038. We could move the rpmlib(DynamicBuildRequires) someplace else (eg buildrecommends) to avoid the issue, but then the dependency has technically every right to be there, and changing it would break existing software (mock) relying on what we already released. Adding MISSINGOK flag allows rpm to legitimately skip it while installing, the build-side does its own checking independently. This is not ideal as it requires backporting of commit 1ac16611f0492ae450ca0f044c83632269c7e18d to older releases to fix, but this is the least-worst compromise we were able to come up with. (cherry picked from commit 819c6c8a3e0b8bd55a358af5644389add133f893)
* Don't provide rpmlib(DynamicBuildRequires) in source packagesPanu Matilainen2019-11-181-4/+0
| | | | | | | | | | Packages can never provide rpmlib() capabilities, don't pollute the namespace with invalid (if mostly harmless) data. The use-case of identifying whether there are dynamically generated buildrequires in an src.rpm is satisfied by looking for RPMSENSE_FIND_REQUIRES type requires as of commit bee5dc94cf6ee388be821625ba77034bce61c049. (cherry picked from commit ac096e43fc9d09266c0a6f1905821d4e47bc7882)
* Honor RPMSENSE_MISSINGOK on src.rpm rpmlib() dependencies tooPanu Matilainen2019-11-181-0/+2
| | | | (cherry picked from commit b9ee269fba54a4a7c91e594f907eef3c8c6c76c0)
* Remove problematic sub variants of armv8 and relatedPeter Robinson2019-11-181-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a partial revert of b1f81b837f46 The ARMv8 aarch32 variant specifies a number of required and optional components. NEON is a required component of ARMv8 devices so we don't need the 'n' variant that was added in ARMv7 (and never widely used due to problems). The 'c' crypto variant shouldn't be added. The use of the crypto extensions to by ARMv8 HW is many and varied and there's no means of dealing with it at a package/compile extention so the detection and use of it is done at runtime and handled via a number of different mechanisms whether in code or via kernel crypto modules and the use of libkcapi allowing the device to choose the fastest crypto option for the use case. This is actively breaking Fedora and related distributions on newer generations of hardware actively stopping the actual install of an OS in some extreme cases. This architecture functionality needs to be reviewed by the architecture maintainers to ensure that active breakage doesn't happen. Fixes RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1691430 Signed-off-by: Peter Robinson <pbrobinson@gmail.com> (cherry picked from commit 8ab279ae6b3855fca5946dafd11c38e91adc9904)
* Revert "rpmrc: Add architecture compatibility mapping between aarch64 and arm64"Peter Robinson2019-11-181-8/+2
| | | | | | | | | | | | | | | | | | This reverts commit 236d6f5a2b924266b1249a82875b595e8758c52b. This change is fundamentally wrong. arm64 is a catch all that covers the naming but rpm uses "uname -m" to detect the actual architecture. The aarch64 nonclamenture specifies the ISA (Instruction Set Architecture) for the 64-bit variant of the Arm architecture which was first supported with ARMv8. Because all 64-bit variants of ARMv8 use aarch64 the arm64 would never be used in rpm. If it's useful in some context while using some Debian related tools those tools should have some translation added there. This just adds confusion and causes issues and duplication that haven't been necessary in any of the arch64 work up until now. Signed-off-by: Peter Robinson <pbrobinson@gmail.com> (cherry picked from commit 0da3c50d1fa37945ba1b01975ecf2f62b51fb3cd)
* build: Add missing ifdef to conditionalize omp.h include statementNeal Gompa2019-11-181-0/+2
| | | | | | | | | | | | | | In 464d21dc8c176222c6586e2ee503fec6207f0d29, support for building RPM without OpenMP was conditionalized on the ENABLE_OPENMP define being set by the compiler. However, the include statement for omp.h in parseSpec.c was not conditionalized as everything else was. Because the conditional was previously missing, RPM fails to build in environments where OpenMP is completely unavailable. This is the case in environments such as macOS, as Clang does not provide an OpenMP implementation there. (cherry picked from commit 86b698d546663068b0f11539180701e669769827)
* Revert "Fully shutdown DBUS on systemd_inhibit cleanup (RhBug:1714657)"Panu Matilainen2019-11-181-6/+0
| | | | | | | | | | | Turns out this isn't a safe thing to do, as an API user could have their own dbus connections in the same process and shutting those down is a rather impolite thing to do (and causes crash, burn and other injuries, eg RhBug:1750575) This reverts commit d5f201345f6d27b6280750e5c6502f4418614fbc. (cherry picked from commit 9b512ac829a01157feb45124d22e35747eff7125)
* Run CI builds with -WerrorPanu Matilainen2019-11-181-1/+2
| | | | (cherry picked from commit 8671726738885f91f1eac725c8bbb76c9f433868)
* Add configure option to build with -WerrorPanu Matilainen2019-11-181-0/+2
| | | | | | | | | | | | -Werror is a bit tricky as it'll cause autoconf tests fail left and right if it's just passed normally via CFLAGS, so we need to sneak it in by some other means. Note that while developers should always enable this, -Werror must never ever be a default as it'll eventually just cause bogus build failures when old releases get built with newer compilers. (cherry picked from commit a84a33816ac4a791da184c81fbc40aa110c3c7ac)
* Always execute file trigger scriptlet callbacks with owning headerPanu Matilainen2019-11-181-1/+1
| | | | | | | | This is part II of commit 6d610e9b9a906548ce44265d7f36199441ea8bca which missed one but common case where the element with matches gets passed to the callback instead of the owning one, as pointed out in RhBug:1724779. (cherry picked from commit b759eee44395bdf4abd93b2f846214ee5f5f34f1)
* Avoid using types from Lua includes in rpmlua.h againPanu Matilainen2019-11-183-8/+4
| | | | | | | | | | | | | | | | | | rpmlua.h was originally written in a way that allows it to be included regardless of whether Lua is actually enabled in rpm or not, or where Lua headers are, specifically to isolate the rest of rpm from these details. That was changed in commit 62bd62286aa888c60145daf315a938dd87eadc89 when <lauxlib.h> started getting included in rpmlua.h, which leaks to places like librpmbuild which do not directly use Lua. The way Lua typedef's the luaL_Reg struct to itself defies my C fu for for handling this in some nicer typesafe way, fix this all by just using a void pointer instead, this is just an internal API where buyer can be expected to beware. Fixes #888 (cherry picked from commit facee2c70a0987567abd1287b41bbc673b5e17e3)
* Stop on invalid dynamic buildrequiresPanu Matilainen2019-11-181-2/+3
| | | | (cherry picked from commit 35fb5d7367378ccb0f4a18e54ec28bc2f7e435e7)
* Mark dynamically generated buildrequires autogeneratedPanu Matilainen2019-11-182-9/+9
| | | | | | | | | | This makes them in line with regular auto-generated dependencies and allows them to be easily identified. It also makes parseRCPOT() error reporting do the right thing: generated dependencies do not relate to spec lines. Fixes #801 (also reported as RhBug:1759100) (cherry picked from commit bee5dc94cf6ee388be821625ba77034bce61c049)
* Percolate errors up from rpmfcHelper()Panu Matilainen2019-11-184-7/+72
| | | | | | | | | | | | Ignoring the error code from rpmfcHelper() means that invalid dependencies get silently ignores. Intentionally not stopping at the first error though, as it's often useful to get all errors at once. Add testcases for legal and illegal output from dependency generator. Fixes #881 (cherry picked from commit e220cea3f2fb5cf5e6ea19d420dc65800f977ee7)
* Fix suspicious condition in selinux pluginPanu Matilainen2019-11-181-1/+1
| | | | | | | | Misplaced parenthesis introduced in commit 148e82833a. Fixes #872 (cherry picked from commit ab601b882b9d9d8248250111317615db1aa7b7c6)
* Replace hardwired man page references to "redhat" in paths with "<vendor>"Panu Matilainen2019-11-187-20/+20
| | | | | | | | | | | The politically correct version would be changing these all to .in files with autoconf substituting the correct value during the build process but that is such a PITA for what is at best a neglible benefit in this case, it's just not worth it. Fixes #779 (cherry picked from commit d47ab718518ea42fb9beb7fd09c206107d0a10a7)
* Add all of the rpmbuild macro aliases to rpmspec as wellPeter Jones2019-11-181-4/+21
| | | | | | | | | | | | This adds all of the rpmbuild popt aliases that expand to defines to rpmspec as well. It also changes --trace to include --POPTdesc argument help. [v2: fix an error that broke rpmbuild --trace] Signed-off-by: Peter Jones <pjones@redhat.com> (cherry picked from commit 1896e58ffdf2278c47fea5f6e7d29bbf81eac1ad)
* Resurrect %_missing_doc_files_terminate_build functionalityPanu Matilainen2019-11-184-5/+59
| | | | | | | | | | Fixes regression from commit 1ba05a7456aafb52e89df5dd42d494d09f9ea6a4 where doc files always terminate build regardless of the macro value. Add a testcase to go. Fixes #807 (cherry picked from commit 9dff0b37bb3a6c6acbba6d5579d7a6fe03424683)
View Lorry Controller Status