| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Bump current in rpm_version_info to supersede 4.17.x. No soname bump
(age 0) required though since we didn't change or remove any interfaces
since 4.18.0.
Resolves: #2113
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression from commit 3255273ae0fabd03c9738249a29c9c1e15f28f64
where the arch and os fields of the lead may change depending on the
package arch and the host where --addsign/--delsign is executed.
This is hard to test for specifically as the test-suite can run on any
architecture, but the bit-per-bit comparison test added in the previous
commit will catch differences here too.
Fixes: #1326
(cherry picked from commit 0c02e4899e72eae8ccb484fbb22c04f12fae2f0d)
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression from commit 5c279fb149a44a1bc4d19e11c3c01942732b8486
simplifying this a bit too much, and failing to restore the reclaimed
reserved signature space on after --delsign. Add a test-case to ensure
--addsign + --delsign returns the package to its original state
bit-by-bit.
Fixes: #2382
(cherry picked from commit be950eabb84a88e5773e096435c37b92e3d47ebb)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid flooding the build log for SPECs that contain a lot of these
lines, one warning should be enough. Just mention how many were found.
Including the line itself in the message is no longer relevant so remove
that, too.
The cost we pay for having the total count is that we'll no longer log
the warning when an RPMLOG_ERR occurs somewhere in the process. Moving
it below the exit label would fix that but also cause the warning to
always be printed *last*, possibly confusing the user if there's an
actual error further up in the output... so just go with the former.
Note that we may want to revert this in the future and replace it with a
proper rpmlog-native suppression mechanism for duplicate warnings.
Fixes: #2383
(backported from commit 6c17e2fbee8ae2aa7ab960a4ede380dfba55e610)
|
|
|
|
| |
(cherry picked from commit e3c11a790367016aed7ea48cfcc78751a71ce862)
|
|
|
|
|
|
|
|
|
|
| |
With recent elfutils (0.182 or so) various seemingly innocuous tools
such as `readelf` like to do network lookups for ELF symbol information.
There's no circumstance where we'd want that to happen during rpmbuild,
so disable these lookups during all spec build scriptlets and also
dependency generator children.
(cherry picked from commit b927c044b8809c4dd892f75737240a20c32c2b90)
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel modules are technically ELF DSO's but we only care about
library level dependencies which the kernel modules will never have, so
processing them is just waste of time.
This "regressed" when we dropped the "exeonly" flag from ELF in
commit 8901a6be1652519c4875436e29e0a663be0790b7.
(cherry picked from commit 91467e715769e8ef0b1dafce288e9313aca41bb4)
|
|
|
|
| |
(cherry picked from commit 045dd10e1f52190b6bada3c83e4537354889626f)
|
|
|
|
| |
(cherry picked from commit 7f8675936c87209f41e248da79277ff5f2a385c2)
|
|
|
|
|
|
| |
[POSIX defines optarg only for options with arguments](https://pubs.opengroup.org/onlinepubs/000095399/functions/getopt.html) and callback() is expecting optarg to be NULL for options without arguments, however, at least on musl optarg will carry a pointer to the argument of the previous option with argument. This commit makes the behaviour deterministic and expected.
(cherry picked from commit 1f47b1cc0eddbb1921d81249a4bd604089c71495)
|
|
|
|
|
|
|
|
|
| |
New macro ___build_package_notes_env contains environment variables
that package-notes depends on. This allows easier mocking of rpm
build environment and isolated execution of check phase of rpm
packages possible.
(cherry picked from commit a3889fe5b96812c0dd787317cbc9f1ecda917995)
|
|
|
|
| |
(cherry picked from commit a9ac1727a637e24c27570daeb045651cc1b8f45f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the same issue as commit 1767bc4fd82bfacee622e698f9f0ae42c02126fa
was with Lua, and so the same fix works: restore the nesting level
from the macro context when re-entering macro engine from %[]
expression. Analysis and suggested fix by Michael Schroeder,
reproducer from Miro Hrončok.
Add tests for both %[] and %{expr:...}, although the latter isn't
affected because the expression is macro-expanded beforehand.
Fixes: #2354
(cherry picked from commit fd2f743b3ef543a5b6fe963b2ec8c3c43b8424b9)
|
|
|
|
| |
(cherry picked from commit eb5ece1267a22330f6116149997cf5cc1c22b21f)
|
|
|
|
|
|
|
|
| |
Take the opportunity to document the recommended and deprecated syntaxes
and their availability across rpm versions.
Fixes: #2209
(cherry picked from commit c18f62e7b0630394e0bf2ccee0239a0cddd93d0a)
|
|
|
|
|
|
|
| |
In order to properly deprecate the syntax, we need to move ourselves
off it first...
(cherry picked from commit 6edbb02d30a862be990c634d859ac80c6239f3f8)
|
|
|
|
|
|
| |
Ie if we expect a directory, ensure we got one.
(cherry picked from commit ccfca4146d3c0c7ac3a3be37b3ea501620954d2f)
|
|
|
|
|
|
|
| |
On Linux, this is a no-op as O_RDONLY is 0 but this may not be so on
other platforms. Another 4.18 regression.
(cherry picked from commit 3a7c8bc401a97f0ebf57bef3987a337129e4371f)
|
|
|
|
|
|
|
| |
This is a bit theoretical as it does not work for regular users or in
containers which are the typical scenarios for running the test-suite.
(backported from commit 5dcc399cd21f607f13eb092a3abfc8b8daa59d4c)
|
|
|
|
|
|
|
|
|
|
|
| |
This is basically a leftover from the initial conversion to the *at()
family in commit 1bab34c6e45c549c7829e469ba35bdececbb84e8 - the logic
was already there and only converted to the *at() form. But this is not
only potentially insecure (remember all those symlink CVEs) but also
wrong simply because it's inconsistent with the other metadata ops which
never follow links in path-based mode.
(cherry picked from commit 3a3e10b9813bdfc4223aedc82292386a50510b04)
|
|
|
|
|
|
| |
Fixes another brainfart in commit 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.
(cherry picked from commit 932013698149d43720cc321c8df2f99f51866e18)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While it's possible to open special files, they are, well, special and
have "side-effects" also known as, ahem, semantics. Opening a device
file in Unix means accessing that *device*, and FIFOs have their own
semantics. In other words, for rpm's purposes, we should never EVER
open these files as a part of the install / permission setting etc.
Fix this major brainfart in 25a435e90844ea98fe5eb7bef22c1aecf3a9c033.
OTOH this forces us back to the less secure path based operations for
these files, which is what we were trying to avoid in the first place.
There always was a tiny race between create + open for these (because
there's no atomic way to create + open anything but regular files) but
this opens up the window quite a bit.
Nobody should be placing device nodes in user-owned directories but
FIFO's may be a different story.
We haven't had tests for device nodes because it requires privileges the
test-suite usually doesn't have, not testing FIFOs I have no excuse for.
Add that test now.
Fixes: #2195, #2275
(backported from commit 28c92fd54c93371c3062664d8a938438a2be88d6)
|
|
|
|
|
|
|
| |
%_isa is already adding -64. No need to have 64 twice.
Signed-off-by: Wenlong Zhang <zhangwenlong@loongson.cn>
(cherry picked from commit a4a0a10b1fc8f02b32bd21d22215b54e049e93f9)
|
|
|
|
|
| |
Signed-off-by: yangchenguang <yangchenguang@uniontech.com>
(backported from commit 2b9342a0ecde00be145653e122e8cd32fabbae5a)
|
|
|
|
|
|
|
| |
Resolves: #2335
Signed-off-by: wangpeng <wangpengb@uniontech.com>
Co-authored-by Florian Festi <ffesti@redhat.com>
(cherry picked from commit 71dedfd2f434ea54fc3a920e4b44a8737ba6cb25)
|
|
|
|
|
|
|
|
| |
Deprecating implies plans to remove later, but this is actually just an
alternative strategy for changelog trimming, and different distros may
have different needs.
(cherry picked from commit 4fde659835409669b51850a8e49743b468f0631b)
|
|
|
|
|
|
|
|
| |
Historically only %{!?foo} syntax has been used, the reversed ?! version
was only introduced in 0d75ef1e0a0609ee61386f02fa311d6d8ac79450 (perhaps
accidentally) and should not be used, much less recommended.
(cherry picked from commit 7b0b5e7d2cf53817ec5e2545c5f591a26db72cec)
|
|
|
|
| |
(cherry picked from commit 492be59ece28a7341de0bd88c0a23125ba54d2ce)
|
|
|
|
| |
(cherry picked from commit e9bd7c761fbf1e5593a82d5ab4572854d8314593)
|
|
|
|
|
|
|
| |
The "tfn" is created by calling rpmMkTempFile but not unlinked when
urlGetFile fails in rpmInstall. Fix it.
(cherry picked from commit af81c95114bc2c01f005f15f17646a5188b5855d)
|
|
|
|
|
|
|
|
|
|
|
| |
The "*eiu->fnp" from "eiu->pkgURL[eiu->pkgx]" which is alloced. when
Fopen or rpmReadPackageFile fails in tryReadHeader, "*eiu->fnp" is
set to NULL but not freed. In addition, if "eiu->pkgState[eiu->pkgx]"
is set, the file is leaked too. Fix it.
Only resource free is added, no other logic change.
(cherry picked from commit f0f983b145583eeed618cf3cbc5d39bedd8af5a5)
|
|
|
|
|
|
|
| |
The "dest" is alloced in fsmFsPath but not freed when fsmRename failed
in fsmCommit. Fix it.
(cherry picked from commit 688c4ad34d197055eb8f58fb4e45065af881598c)
|
|
|
|
|
|
|
| |
The "output[i]" is alloced in argvSplit but not freed when running
%generate_buildrequires. Fix it.
(cherry picked from commit 3b0b9d491f5828a40c15b76b4a19ca00006cf81e)
|
|
|
|
|
|
|
| |
When running rpmbuild with --quiet, the "*sbp" may be alloced many
times in buildSpec by calling doScript but only freed once. Fix it.
(cherry picked from commit 6130bd31038ff17a03fcac6ec7e41ac744163dde)
|
|
|
|
|
|
| |
The "elf" is leaked in getElfColor when gelf_getehdr return fail.
(cherry picked from commit 01196e00beefc2ba6f7f0787350c5dd76891829a)
|
|
|
|
|
|
|
| |
The "prog" will be alloced when using "-p" options, which cause src
"proc" leak. Add "origproc" to point to src "proc" to fix it.
(cherry picked from commit c013821c0c9350b67d9f9a02848e1a7f87fa180b)
|
|
|
|
|
|
|
| |
The "BANames" is alloced from popParseArgvString but not freed
when spec->packages != pkg. Fix it.
(cherry picked from commit 7fcdfd3b40f69af6a1d4980683859eef05f39b4e)
|
|
|
|
|
|
|
|
| |
Header "h" is alloced in rpmReadPackageFile but not freed when
running rpm2cpio. Fix it. Remove redundant whitespace between
the Fclose()'s too while at it for logical cleanup grouping.
(cherry picked from commit cf27c6f4963dcf27302d0f4fa39d7787dd03f942)
|
|
|
|
| |
(cherry picked from commit 642dafdfc9920a563796f117923376904cf6671a)
|
|
|
|
|
|
|
|
|
| |
… introduced in [commit 8b635e2](https://github.com/rpm-software-management/rpm/commit/8b635e2016931ec5bb7dddd6608c09b0b16f7b8e):
- [Lines 98 - 101](https://github.com/rpm-software-management/rpm/commit/8b635e2016931ec5bb7dddd6608c09b0b16f7b8e#diff-f0f022b189e54462e3284599236a3b192b721928da4bea1a85d738b25ba5eaa7R98-R101): The two tildes lacked quoting, hence the text between them was struck out.
- [Line 96](https://github.com/rpm-software-management/rpm/commit/8b635e2016931ec5bb7dddd6608c09b0b16f7b8e#diff-f0f022b189e54462e3284599236a3b192b721928da4bea1a85d738b25ba5eaa7R96): Eliminate IMO superfluous triple quoting: "**\`\`\`**" → "*\`*"
- Rephrase [lines 95 - 96](https://github.com/rpm-software-management/rpm/commit/8b635e2016931ec5bb7dddd6608c09b0b16f7b8e#diff-f0f022b189e54462e3284599236a3b192b721928da4bea1a85d738b25ba5eaa7R95-R96), to be more concise.
(cherry picked from commit a108d36acf29796b443285658a606c1b13866d9a)
|
|
|
|
| |
(cherry picked from commit 7064a63a61ca631e745156a64c5ba9387df5e467)
|
|
|
|
|
|
|
| |
After being stuck on an EOL Fedora for so long, it's nice to be on the
leading edge for a change.
(cherry picked from commit 17eb3a457a2d9f33ec7e9f031ccf7a951318cc7c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=2141686 revealed that much
of the rpm-ecosystem is still using the obsolete v3 OpenPGP signature
format, I think largely due to workarounds for legacy rpm versions (from
around the turn of the millennium) that have just been forgotten in
place. Lets at least issue a wake-up warning when that happens.
Unfortunately this is can't really be tested as current GnuPG versions
just ignore any --force-v3-sigs arguments.
Fixes: #2286
(cherry picked from commit ee4356ef27180c370c311ce57d9829adc74264a1)
|
|
|
|
|
|
|
|
|
| |
When installing source rpms, "ei" is malloced and is saved in
blob->ei by rpmReadPackageFile->rpmpkgRead->hdrblobRead, and then
blob->ei is saved in h->blob by rpmReadPackageFile->hdrblobImport,
which is leaked during installation.
(cherry picked from commit 86c1d9738de58eb8f8844c5345baeb578ace9485)
|
|
|
|
|
|
|
| |
%{_tmppath}/rpm-tmp.* is created by rpmMkTempFile() when src rpm in
URL format is used for installation, which is leaked.
(cherry picked from commit 0b34438ccc3fdcbdaa6226d2398df88cc7439603)
|
|
|
|
|
|
| |
When installing source rpms, eiu->sourceURL info is leaked.
(cherry picked from commit 084c64d5ea0e1a309d3b57dc95926eb1536d0a7a)
|
|
|
|
|
|
|
| |
When rpm installs a package, the header from tryReadHeader()
in rpmInstall() is leaked in some cases.
(cherry picked from commit 15a0c73f4698bc58fa2a633d46527c7813150f3a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wider exposure of the Sequoia backend taught us that OpenPGP v3 signatures
are surprisingly common still in the rpm-ecosystem, and in fact more
common than v4 signatures. It's a bit surprising, considering that gnupg
has defaulted to creating v4 signatures since 1.4.8 from late 2007 gnupg2
refuses to create them at all.
For future reference, the sample package here was signed with
rpmsign --addsign --rpmv3 \
--digest-algo=sha256 \
--key-id=rsa@rpm.org \
--define "__gpg /usr/bin/gpg1" \
--define "_gpg_sign_cmd_extra_args --force-v3-sigs" \
/tmp/hello-2.0-1.x86_64.rpm
The two defines are the key to creating OpenPGP v3 signatures in 2022,
the. Note that the --rpmv3 switch has absolutely nothing to do with
OpenPGP v3 signatures, it's there to force *rpm* v3 signatures on the
package similar to the other signed sample package.
Fixes: #2276
(backported from commit 9daaf3d2ffa1a8b625e9a2657eac9b7ab3da3d8f)
|
|
|
|
|
|
| |
Have package build fail for rpm -bp
(cherry picked from commit 8a7a4e130578b11bf8087b503c53b8633478ed86)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some source packages assume that BuildRequires are installed before
%prep is executed. For example, `openssh` BuildRequires `automake` and
runs `autoreconf` in %prep.
Prior to 11c56d5 `rpmbuild -bp` checked BuildRequires and printed a
helpful error message if there were any missing dependencies. Since
that commit, `rpmbuild -bp` skips the BuildRequires check, which can
lead to misleading errors in %prep.
This commit restores the BuildRequires check in `rpmbuild -bp`.
Co-authored-by: Florian Festi <ffesti@redhat.com>
(cherry picked from commit 0d6429a4d9498786491a7b806a775585d806f96e)
|