| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The count can never be larger than header data size, which can never be
larger than 256MB. Most datatypes have further restrictions of course, this
is merely an outer perimeter check to catch impossibly large values that
could otherwise overflow all manner of trivial calculations.
Addresses the point I missed in PR #1493 but with a much tighter limit.
(cherry picked from commit d8fbddfa5051bdc1c71e16cb11f14d9fdc7f5c5e)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-fno-strict-overflow tells gcc and clang to handle signed integer and
(at least on gcc) pointer arithmetic wraparound using twos-complement
representation like deity intended.
-fno-delete-null-pointer-checks tells gcc not to "optimize" away
programmer added safeguards. Really.
Suggested by Demi Marie Obenour.
Backported from commit 5ee567ebd600c1dec4a9ceb6161d877d891d8594
|
|
|
|
|
|
| |
Lotsa new names, many from translations but otherwise too.
(cherry picked from commit 295c522ade98bd51ae674a35607a38276ed13163)
|
|
|
|
|
|
|
| |
Look up possible offending tags from the main header first in a separate
loop, this avoids having to re-sort after each headerPut() operation.
(cherry picked from commit f7b97593af5cf818a5c6c5b9bc55bba6d08c9cb0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only look for known tags, and ensure correct type and size where known
before copying over. Bump the old arbitrary 16k count limit to 16M limit
though, it's not inconceivable that a package could have that many files.
While at it, ensure none of these tags exist in the main header,
which would confuse us greatly.
This is optimized for backporting ease, upstream can remove redundancies
and further improve checking later.
Reported and initial patches by Demi Marie Obenour.
Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ...
Fixes: CVE-2021-3421, CVE-2021-20271
Backported from commit d6a86b5e69e46cc283b1e06c92343319beb42e21
|
|
|
|
|
|
|
| |
Users can pass untrusted data to hdrblobInit() and it must be robust
against this.
Backported from commit 8f4b3c3cab8922a2022b9e47c71f1ecf906077ef
|
|
|
|
|
|
| |
Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
(cherry picked from commit 9747a6af016a3458d54fe060777c95e3900b5fa4)
|
|
|
|
|
|
|
|
|
| |
With the changed logic, the if-clause can fall through without ever
initializing s. The exit code condition is getting more complicated
now so move it to helper variable, assume failure for a safe default.
Fixes: 165330b7bf0757e30fa8a6de9998a564fb62796f
(cherry picked from commit 34f28c1492240c0a02b0abb13af7f1870197e41d)
|
|
|
|
|
|
|
|
| |
The ‘end’ parameter to ‘strtaglen’ might point past the end of an
allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop
without calling ‘memchr’ on it.
(cherry picked from commit 165330b7bf0757e30fa8a6de9998a564fb62796f)
|
|
|
|
|
|
|
|
|
|
|
| |
When there is number after "T" (suggested number of threads or "0" for
getncpus), lzopen_internal() mode parser would skip one byte, and when
it's at the end of the string it would then parse undesired garbage from
the memory, making intermittent compression failures.
Fixes: 7740d1098 ("Add support for multithreaded xz compression")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
(cherry picked from commit 405fc8998181353bd510864ca251dc233afec276)
|
|
|
|
|
|
|
| |
Zero counts are invalid, and they cause problems elsewhere. For
instance, strtaglen() will suffer an integer underflow.
(cherry picked from commit 5e40166380a450a36b302914be60fd004624f724)
|
|
|
|
|
|
| |
This is already checked for other header entries.
(cherry picked from commit f29c43728c492b1dbfe50136d33bf12f3704d8a0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various proprietary packages in the wild have subtly malformed data
in the signature header, in particular wrt the immutable region size,
presumably from using some in-house/3rd party signing tools which do
not understand the immutable region business at all. This can prevent
resigning and signature deletion on such packages due to the more
thorough checking that rpmsign does.
As the old wisdom goes, be liberal in what you accept... we can easily
work around the crud by just taking a fresh copy of the contents that
are legit as such (otherwise the package would be uninstallable).
(cherry picked from commit 8fefd2bd21b30996ad0748eab6baadf915610642)
(cherry picked from commit 04b0d37cadbdd6483d3454963ea8ad2d13602112)
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise executables that are not proper elf files are leaking libelf
handles. This results in file being left open (mmap'ed) and fails the
build on NFS as those files can't be deleted properly there.
Resolves: rhbz#1840728
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728
(cherry picked from commit 38c03ddb18e86c84d89af695f72442d8365eb64e)
|
|
|
|
|
|
|
|
| |
Test that the shared objects created during compilation matches the
expectations of the person bumping the libtool version, which is oh
so easy to get wrong. This of course needs to be skipped for static builds.
Backported from commit 1c6d2f9352537fe391237e292566224ca7d22515
|
|
|
|
| |
(cherry picked from commit b50ed03bf09ab6190c4f64b5df295a7136055ee1)
|
|
|
|
|
|
|
| |
Dockerhub has added download rate limiting (and who could blame them)
But our CI getting blocked because of other projects being busy
downloading from Docker isn't so nice, hopefully Fedora's own registry
lets us work around this.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CI has been running on latest stable Fedora and rawhide, both of which
can and do change outside our control and cause previously working
code to stop building overnight due to new compiler versions etc being
introduced. This is not a sane situation for mandatory CI, we need
to be able to validate the codebase on a given version *before* moving
to it. Setting the version in the Dockerfile instead of external scripts
ties the codebase and validated versions together as they should.
This still leaves us subject to updates breaking stuff, but that's
a lesser evil, updates are generally welcome.
|
|
|
|
|
| |
Thanks to Igor for originally setting this up, but the project and
its contents are maintained by a team, not individuals.
|
|
|
|
|
| |
Bump versions, and update reproducable builds test expectations for
the new digests (from the version change)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to test against explicit digest values until commit
e20527ae07e0a72eb8133d3ab5c2ddef2b5d6b39 changed the rpmkeys output
to drop the actual values and breaking the reproducability test - it
was now only testing whether the package we just built has intact
digests. Doh.
And because of that, commit fa303d5ba6bef5b4a44b884c6dadadc27b594caa was
able to silently break setting buildtime from changelog (#932) and
why commit 4b15a9e48bd3d4bef96e8a8865044346be20d6dc didn't require
adjustment of the test-suite, and why addition of the alternative
payload digest in commit 83a26ae9e19fa3526b7331e824e273521c27b0a9 didn't
require changing this test. Maybe something else too. Doh.
Backported from commit 7cb8ebdf92f7f3d42a12afb9720e142284e71810,
4.15.x doesn't have PAYLOADDIGESTALT so the original test will fail
and the digests are different too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The order of file classification isn't interesting in itself, but arbitrary
order makes contents of RPMTAG_CLASSDICT non-deterministic which is not
nice for reproducable builds. Tell OMP to handle the class dictionary
in order.
Cancellation points are not allowed in ordered construct so we need to
drop that. It doesn't change the actual results, just means that we run
a little longer in case errors are encountered.
Fixes #934
(cherry picked from commit 3691d99c8bf8c81a3130333f9cbfaef704b8686f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit fa303d5ba6bef5b4a44b884c6dadadc27b594caa moved buildhost and
buildtime calculation out of the package generation to early spec
initialization, but this broke reproducable builds: if buildtime is
to be set from changelog, changelog needs to be parsed first.
So either we need to do it twice or we need to do it right, and
besides avoiding duplication, conceptually these values are only
meaningful during a build and not a parse, so this restores that part
of the original code while keeping things thread-safe.
Fixes: #932
(cherry picked from commit d16b082354ad9defbdc85e9c60c7105eecb76464)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit e68eb68c4a6c3635b8cf58a05277f7da49058d16 introduced a regression
on Icon tag causing a crash on source rpm build, due to spec->numSources
being off by one if an icon was present.
A nicer fix would be eliminating numSources entirely but it's not as
easy as it should be due to dynamic buildrequires messing with it,
leaving that for another time.
(cherry picked from commit 4e1fe6af0b9b2d3155605e4416dbbb7d7cf09e35)
|
|
|
|
|
|
|
|
|
|
| |
Oops, all this time our most important build-dependency had been missing.
Add a version recommendation too - while rpm almost certainly works with
1.12 and 1.11 too, those are getting *really* long in the tooth, and 1.13
has an important type fix in poptGetOptArg() return value so might as
well use that as the base.
(cherry picked from commit 2c5794469188ab7a6e7e930ff167bfa0e08f2415)
|
|
|
|
|
|
|
| |
poptGetOptArg() returns malloced strings and caller needs to free.
This will still leak on error paths but at least normal use is covered.
(cherry picked from commit af73aba20f856de3ebc9751166a2364e795b199d)
|
|
|
|
|
|
|
|
|
|
|
| |
-P can appear multiple times so a string arg pointer is not the right
thing here in any case. There are other similar and related leaks all
over the codebase but this is especially insulting as the leaked pointer
was never used for anything at all.
Thanks for Peter Jones for pointing this out.
(cherry picked from commit 29d70efb1d9b2161f3fcdbdf71945d6c7308432d)
|
|
|
|
|
|
| |
Leak introduced in commit 58dcfddc376a7c97de1432f0082be0d5f01adbcd
(cherry picked from commit 97a873aff54ebc9801d0d6663da6a084055443e4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we assumed a backslash character would always be followed by
a character to be escaped, and advanced our "start" pointer by two
places before the next iteration. However, this assumption breaks if
the lonely backslash happens to be the last character in the query
string, in which case we would end up pointing beyond the \0 and let the
parser wander into the unknown, possibly crashing later.
This commit ensures we detect this corner case and error out gracefully
with a message.
(cherry picked from commit 1cb3be0009fbfd5549844ec361cc1ae5efa9c153)
|
|
|
|
|
|
|
|
| |
Move the _print_pkts global to librpmio where the two relevant users
can actually access it, and make them use it. This has been broken
for years...
(cherry picked from commit d609a426f66d3868b50bcd3a2038fb264fd2ab40)
|
|
|
|
|
|
|
|
| |
We only permit comments at beginning of line in specs and macro
files too, of all things file manifests don't need anything fancier.
Resolves the oldest rpm bug in RH bugzilla, only took 16 years...
(cherry picked from commit 63930cd5244bd646d226b73dd43a2a3e681c58ad)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpmlib() dependencies are an install-time barrier, but dependencies
in src.rpm are considered build-time dependencies. This paradox
is the crux of the problem in https://pagure.io/copr/copr/issue/1038.
We could move the rpmlib(DynamicBuildRequires) someplace else
(eg buildrecommends) to avoid the issue, but then the dependency has
technically every right to be there, and changing it would break
existing software (mock) relying on what we already released.
Adding MISSINGOK flag allows rpm to legitimately skip it while
installing, the build-side does its own checking independently.
This is not ideal as it requires backporting of commit
1ac16611f0492ae450ca0f044c83632269c7e18d to older releases to fix,
but this is the least-worst compromise we were able to come up with.
(cherry picked from commit 819c6c8a3e0b8bd55a358af5644389add133f893)
|
|
|
|
|
|
|
|
|
|
| |
Packages can never provide rpmlib() capabilities, don't pollute the
namespace with invalid (if mostly harmless) data. The use-case of
identifying whether there are dynamically generated buildrequires in
an src.rpm is satisfied by looking for RPMSENSE_FIND_REQUIRES type
requires as of commit bee5dc94cf6ee388be821625ba77034bce61c049.
(cherry picked from commit ac096e43fc9d09266c0a6f1905821d4e47bc7882)
|
|
|
|
| |
(cherry picked from commit b9ee269fba54a4a7c91e594f907eef3c8c6c76c0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a partial revert of b1f81b837f46
The ARMv8 aarch32 variant specifies a number of required and optional
components. NEON is a required component of ARMv8 devices so we don't
need the 'n' variant that was added in ARMv7 (and never widely used due
to problems). The 'c' crypto variant shouldn't be added. The use of
the crypto extensions to by ARMv8 HW is many and varied and there's no
means of dealing with it at a package/compile extention so the detection
and use of it is done at runtime and handled via a number of different
mechanisms whether in code or via kernel crypto modules and the use of
libkcapi allowing the device to choose the fastest crypto option for
the use case.
This is actively breaking Fedora and related distributions on newer
generations of hardware actively stopping the actual install of an OS
in some extreme cases. This architecture functionality needs to be
reviewed by the architecture maintainers to ensure that active breakage
doesn't happen.
Fixes RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1691430
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
(cherry picked from commit 8ab279ae6b3855fca5946dafd11c38e91adc9904)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 236d6f5a2b924266b1249a82875b595e8758c52b.
This change is fundamentally wrong. arm64 is a catch all that covers the
naming but rpm uses "uname -m" to detect the actual architecture. The aarch64
nonclamenture specifies the ISA (Instruction Set Architecture) for the 64-bit
variant of the Arm architecture which was first supported with ARMv8.
Because all 64-bit variants of ARMv8 use aarch64 the arm64 would never be
used in rpm. If it's useful in some context while using some Debian related
tools those tools should have some translation added there. This just adds
confusion and causes issues and duplication that haven't been necessary in
any of the arch64 work up until now.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
(cherry picked from commit 0da3c50d1fa37945ba1b01975ecf2f62b51fb3cd)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 464d21dc8c176222c6586e2ee503fec6207f0d29, support for building RPM
without OpenMP was conditionalized on the ENABLE_OPENMP define being
set by the compiler. However, the include statement for omp.h in
parseSpec.c was not conditionalized as everything else was.
Because the conditional was previously missing, RPM fails to build
in environments where OpenMP is completely unavailable. This is the
case in environments such as macOS, as Clang does not provide an
OpenMP implementation there.
(cherry picked from commit 86b698d546663068b0f11539180701e669769827)
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out this isn't a safe thing to do, as an API user could have
their own dbus connections in the same process and shutting those
down is a rather impolite thing to do (and causes crash, burn and
other injuries, eg RhBug:1750575)
This reverts commit d5f201345f6d27b6280750e5c6502f4418614fbc.
(cherry picked from commit 9b512ac829a01157feb45124d22e35747eff7125)
|
|
|
|
| |
(cherry picked from commit 8671726738885f91f1eac725c8bbb76c9f433868)
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Werror is a bit tricky as it'll cause autoconf tests fail left and right
if it's just passed normally via CFLAGS, so we need to sneak it in
by some other means.
Note that while developers should always enable this, -Werror must never
ever be a default as it'll eventually just cause bogus build failures
when old releases get built with newer compilers.
(cherry picked from commit a84a33816ac4a791da184c81fbc40aa110c3c7ac)
|
|
|
|
|
|
|
|
| |
This is part II of commit 6d610e9b9a906548ce44265d7f36199441ea8bca which
missed one but common case where the element with matches gets passed
to the callback instead of the owning one, as pointed out in RhBug:1724779.
(cherry picked from commit b759eee44395bdf4abd93b2f846214ee5f5f34f1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpmlua.h was originally written in a way that allows it to be included
regardless of whether Lua is actually enabled in rpm or not, or where
Lua headers are, specifically to isolate the rest of rpm from these
details. That was changed in commit 62bd62286aa888c60145daf315a938dd87eadc89
when <lauxlib.h> started getting included in rpmlua.h, which leaks to
places like librpmbuild which do not directly use Lua.
The way Lua typedef's the luaL_Reg struct to itself defies my C fu for
for handling this in some nicer typesafe way, fix this all by just using
a void pointer instead, this is just an internal API where buyer can be
expected to beware.
Fixes #888
(cherry picked from commit facee2c70a0987567abd1287b41bbc673b5e17e3)
|
|
|
|
| |
(cherry picked from commit 35fb5d7367378ccb0f4a18e54ec28bc2f7e435e7)
|
|
|
|
|
|
|
|
|
|
| |
This makes them in line with regular auto-generated dependencies and allows
them to be easily identified. It also makes parseRCPOT() error reporting
do the right thing: generated dependencies do not relate to spec lines.
Fixes #801 (also reported as RhBug:1759100)
(cherry picked from commit bee5dc94cf6ee388be821625ba77034bce61c049)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignoring the error code from rpmfcHelper() means that invalid dependencies
get silently ignores. Intentionally not stopping at the first error though,
as it's often useful to get all errors at once.
Add testcases for legal and illegal output from dependency generator.
Fixes #881
(cherry picked from commit e220cea3f2fb5cf5e6ea19d420dc65800f977ee7)
|
|
|
|
|
|
|
|
| |
Misplaced parenthesis introduced in commit 148e82833a.
Fixes #872
(cherry picked from commit ab601b882b9d9d8248250111317615db1aa7b7c6)
|
|
|
|
|
|
|
|
|
|
|
| |
The politically correct version would be changing these all to .in files
with autoconf substituting the correct value during the build process
but that is such a PITA for what is at best a neglible benefit in this case,
it's just not worth it.
Fixes #779
(cherry picked from commit d47ab718518ea42fb9beb7fd09c206107d0a10a7)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds all of the rpmbuild popt aliases that expand to defines to
rpmspec as well.
It also changes --trace to include --POPTdesc argument help.
[v2: fix an error that broke rpmbuild --trace]
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 1896e58ffdf2278c47fea5f6e7d29bbf81eac1ad)
|
|
|
|
|
|
|
|
|
|
| |
Fixes regression from commit 1ba05a7456aafb52e89df5dd42d494d09f9ea6a4
where doc files always terminate build regardless of the macro value.
Add a testcase to go.
Fixes #807
(cherry picked from commit 9dff0b37bb3a6c6acbba6d5579d7a6fe03424683)
|