[rpm/f19] - fix build-time double-free on file capability processing (#956190) - fix relocation related regres
Panu Matilainen
pmatilai at fedoraproject.org
Mon Sep 9 12:25:27 UTC 2013
commit b0562d75d281b970380f10d6fe1c14846825e8f7
Author: Panu Matilainen <pmatilai at redhat.com>
Date: Mon Sep 9 14:58:21 2013 +0300
- fix build-time double-free on file capability processing (#956190)
- fix relocation related regression on file sanity check (#1001553)
- fix segfault on empty -p <lua> scriptlet body (#1004062)
- fix source url, once again
rpm-4.11.1-caps-double-free.patch | 19 +++++++++++++++++++
rpm-4.11.1-empty-lua-script.patch | 23 +++++++++++++++++++++++
rpm-4.11.1-file-triplet-check.patch | 27 +++++++++++++++++++++++++++
rpm.spec | 16 ++++++++++++++--
4 files changed, 83 insertions(+), 2 deletions(-)
---
diff --git a/rpm-4.11.1-caps-double-free.patch b/rpm-4.11.1-caps-double-free.patch
new file mode 100644
index 0000000..e5d9051
--- /dev/null
+++ b/rpm-4.11.1-caps-double-free.patch
@@ -0,0 +1,19 @@
+commit 65eec62cb7796dad6fbf1d5436251e176449f522
+Author: Panu Matilainen <pmatilai at redhat.com>
+Date: Thu Aug 29 16:32:32 2013 +0300
+
+ Fix double-free on %caps() wildcard %files entry (RhBug:956190)
+
+diff --git a/build/files.c b/build/files.c
+index 20f452f..eed5696 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -1448,7 +1448,7 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+ }
+
+ if (fl->cur.caps) {
+- flp->caps = fl->cur.caps;
++ flp->caps = xstrdup(fl->cur.caps);
+ } else {
+ flp->caps = xstrdup("");
+ }
diff --git a/rpm-4.11.1-empty-lua-script.patch b/rpm-4.11.1-empty-lua-script.patch
new file mode 100644
index 0000000..2c4a590
--- /dev/null
+++ b/rpm-4.11.1-empty-lua-script.patch
@@ -0,0 +1,23 @@
+commit 5f3598a700e8e028f9140682262869ca319597ee
+Author: Panu Matilainen <pmatilai at redhat.com>
+Date: Fri Sep 6 16:31:25 2013 +0300
+
+ Fix segfault executing a -p <lua> scriptlet without a body (RhBug:1004062)
+
+ - There are any number of places where this could be fixed, but
+ to keep the behavior similar to eg /bin/sh scriptlet without a body,
+ just turn a non-existent script into an empty string.
+
+diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
+index 0576318..921cc37 100644
+--- a/rpmio/rpmlua.c
++++ b/rpmio/rpmlua.c
+@@ -526,6 +526,8 @@ int rpmluaRunScript(rpmlua _lua, const char *script, const char *name)
+ int ret = 0;
+ if (name == NULL)
+ name = "<lua>";
++ if (script == NULL)
++ script = "";
+ if (luaL_loadbuffer(L, script, strlen(script), name) != 0) {
+ rpmlog(RPMLOG_ERR, _("invalid syntax in lua script: %s\n"),
+ lua_tostring(L, -1));
diff --git a/rpm-4.11.1-file-triplet-check.patch b/rpm-4.11.1-file-triplet-check.patch
new file mode 100644
index 0000000..10c5dcc
--- /dev/null
+++ b/rpm-4.11.1-file-triplet-check.patch
@@ -0,0 +1,27 @@
+commit 65c7cc17664358051f0358de272e616dd88ab624
+Author: Panu Matilainen <pmatilai at redhat.com>
+Date: Tue Aug 27 15:15:40 2013 +0300
+
+ Relax the filename triplet sanity check a bit (RhBug:1001553)
+
+ - At least unowned directories can cause orphans to be left around
+ in RPMTAG_DIRNAMES, in which case its possible for number of
+ dirnames to be larger than the number of basenames. This is
+ arguably a bug in the relocation code but doesn't seem worth
+ the trouble... so just relax the check to simply permit non-empty
+ dirnames array, the index bound checking is far more important.
+
+diff --git a/lib/rpmfi.c b/lib/rpmfi.c
+index 30663d0..00506ce 100644
+--- a/lib/rpmfi.c
++++ b/lib/rpmfi.c
+@@ -1128,7 +1128,8 @@ static int indexSane(rpmtd xd, rpmtd yd, rpmtd zd)
+ uint32_t zc = rpmtdCount(zd);
+
+ /* check that the amount of data in each is sane */
+- if (xc > 0 && yc > 0 && yc <= xc && zc == xc) {
++ /* normally yc <= xc but larger values are not fatal (RhBug:1001553) */
++ if (xc > 0 && yc > 0 && zc == xc) {
+ uint32_t * i;
+ /* ...and that the indexes are within bounds */
+ while ((i = rpmtdNextUint32(zd))) {
diff --git a/rpm.spec b/rpm.spec
index 5527cff..3a249e3 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -21,10 +21,10 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}1%{?dist}
+Release: %{?snapver:0.%{snapver}.}2%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
-Source0: http://rpm.org/releases/testing/%{name}-%{srcver}.tar.bz2
+Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2
%if %{with int_bdb}
Source1: db-%{bdbver}.tar.gz
%else
@@ -45,6 +45,9 @@ Patch6: rpm-4.9.0-armhfp-logic.patch
# Patches already in upstream
Patch100: rpm-4.11.1-instprefix.patch
+Patch101: rpm-4.11.1-file-triplet-check.patch
+Patch102: rpm-4.11.1-caps-double-free.patch
+Patch103: rpm-4.11.1-empty-lua-script.patch
# These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch
@@ -222,6 +225,9 @@ packages on a system.
%patch4 -p1 -b .use-gpg2
%patch100 -p1 -b .instprefix
+%patch101 -p1 -b .file-triplet-check
+%patch102 -p1 -b .caps-double-free
+%patch103 -p1 -b .empty-lua-script
%patch301 -p1 -b .niagara
%patch302 -p1 -b .geode
@@ -457,6 +463,12 @@ exit 0
%doc COPYING doc/librpm/html/*
%changelog
+* Mon Sep 09 2013 Matilainen <pmatilai at redhat.com> - 4.11.1-2
+- fix build-time double-free on file capability processing (#956190)
+- fix relocation related regression on file sanity check (#1001553)
+- fix segfault on empty -p <lua> scriptlet body (#1004062)
+- fix source url, once again
+
* Fri Jul 05 2013 Panu Matilainen <pmatilai at redhat.com> - 4.11.1-1
- update to 4.11.1 (http://rpm.org/wiki/Releases/4.11.1)
- drop upstreamed patches
More information about the scm-commits
mailing list