From 0c01c6c354a6fa314f02e57910b9c3ecf35620f8 Mon Sep 17 00:00:00 2001 From: gengqihu <2712504175@qq.com> Date: Mon, 22 Jul 2024 18:51:30 +0800 Subject: [PATCH] Backport some patches from upstream (cherry picked from commit 40d326a6fe54315b757473004c4d7157175cbb70) --- ...nt-memleak-on-caps-parsing-add-tests.patch | 36 +++++++++++++++++++ ...-pointer-bogosity-in-rpmlog-callback.patch | 31 ++++++++++++++++ ...tial-use-of-uninitialized-pgp-struct.patch | 35 ++++++++++++++++++ ...tial-use-of-uninitialized-pipe-array.patch | 35 ++++++++++++++++++ rpm.spec | 9 ++++- 5 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch create mode 100644 backport-Fix-pointer-bogosity-in-rpmlog-callback.patch create mode 100644 backport-Fix-potential-use-of-uninitialized-pgp-struct.patch create mode 100644 backport-Fix-potential-use-of-uninitialized-pipe-array.patch diff --git a/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch b/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch new file mode 100644 index 0000000..fdf21ce --- /dev/null +++ b/backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch @@ -0,0 +1,36 @@ +From a385821780804b558ae18aec820d127e4144fafd Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 11 Apr 2024 12:08:04 +0300 +Subject: [PATCH] Fix an ancient memleak on %caps() parsing, add tests + +Conflict:don't modify tests because the test framework is changed and +the test case depends on the gcc, the current test framework reports an +error indicating that the gcc cannot be found. +Reference:https://github.com/rpm-software-management/rpm/commit/a385821780804b558ae18aec820d127e4144fafd + +This leak has been there ever since rpm 4.7.0, so pretty close to 15 +years. ASAN would've caught it, if it had it been tested. Oops. +Of course, in the fakechroot era we couldn't have tested installation +but we could've at least tested the parsing side. + +Add tests for parsing, query and install functionality, and fix the +leak that is now very visible. +--- + build/files.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/files.c b/build/files.c +index 14e4c55ef..b059458a1 100644 +--- a/build/files.c ++++ b/build/files.c +@@ -228,6 +228,7 @@ static void copyFileEntry(FileEntry src, FileEntry dest) + static void FileEntryFree(FileEntry entry) + { + argvFree(entry->langs); ++ free(entry->caps); + memset(entry, 0, sizeof(*entry)); + } + +-- +2.33.0 + diff --git a/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch b/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch new file mode 100644 index 0000000..d95cf48 --- /dev/null +++ b/backport-Fix-pointer-bogosity-in-rpmlog-callback.patch @@ -0,0 +1,31 @@ +From f8a72afbdb560dc534ca1ff390bc54e01d1144a6 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 8 Apr 2024 14:41:48 +0300 +Subject: [PATCH] Fix pointer bogosity in rpmlog callback + +Conflict:NA +Reference:https://github.com/rpm-software-management/rpm/commit/f8a72afbdb560dc534ca1ff390bc54e01d1144a6 + +rpmlogCallbackData is already a pointer type, we don't want a pointer +to a pointer for this. Kinda surprising it actually worked, but then +it's just a void pointer so... +--- + rpmio/rpmlog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmio/rpmlog.c b/rpmio/rpmlog.c +index 2bb5ab0e3..3ccbe2692 100644 +--- a/rpmio/rpmlog.c ++++ b/rpmio/rpmlog.c +@@ -382,7 +382,7 @@ static void dolog(struct rpmlogRec_s *rec, int saverec) + int cbrc = RPMLOG_DEFAULT; + int needexit = 0; + FILE *clog = NULL; +- rpmlogCallbackData *cbdata = NULL; ++ rpmlogCallbackData cbdata = NULL; + rpmlogCallback cbfunc = NULL; + rpmlogCtx ctx = rpmlogCtxAcquire(saverec); + +-- +2.33.0 + diff --git a/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch b/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch new file mode 100644 index 0000000..4595196 --- /dev/null +++ b/backport-Fix-potential-use-of-uninitialized-pgp-struct.patch @@ -0,0 +1,35 @@ +From 1b90b8c7d176026b669ce28c6e185724a4b208b0 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Fri, 7 Jun 2024 10:14:25 +0200 +Subject: [PATCH] Fix potential use of uninitialized pgp struct + +Conflict:NA +Reference:https://github.com/rpm-software-management/rpm/commit/1b90b8c7d176026b669ce28c6e185724a4b208b0 + +We only call initPgpData() after base64 encoding the pubkey so if the +latter fails, the kd struct will be left uninitialized and subsequently +read from after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22605 +--- + lib/rpmts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/rpmts.c b/lib/rpmts.c +index 3070b97e6..76964c60a 100644 +--- a/lib/rpmts.c ++++ b/lib/rpmts.c +@@ -508,6 +508,8 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, rpmPubkey *subkeys, + int rc = -1; + int i; + ++ memset(&kd, 0, sizeof(kd)); ++ + if ((enc = rpmPubkeyBase64(key)) == NULL) + goto exit; + +-- +2.33.0 + diff --git a/backport-Fix-potential-use-of-uninitialized-pipe-array.patch b/backport-Fix-potential-use-of-uninitialized-pipe-array.patch new file mode 100644 index 0000000..c90e429 --- /dev/null +++ b/backport-Fix-potential-use-of-uninitialized-pipe-array.patch @@ -0,0 +1,35 @@ +From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Thu, 6 Jun 2024 09:15:02 +0200 +Subject: [PATCH] Fix potential use of uninitialized pipe array + +Conflict:NA +Reference:https://github.com/rpm-software-management/rpm/commit/bff65aad8af719542c7b0c6429e09223c014a909 + +We only call pipe(2) after the script is written to disk so if the +latter fails, the array will be left uninitialized and subsequently read +after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22604 +--- + lib/rpmscript.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index 281c55c53..1de4acf8e 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + char * fn = NULL; + pid_t pid, reaped; + int status; +- int inpipe[2]; ++ int inpipe[2] = { -1, -1 }; + FILE *in = NULL; + const char *line; + char *mline = NULL; +-- +2.33.0 + diff --git a/rpm.spec b/rpm.spec index d37c9b8..76c9801 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 39 +Release: 40 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -121,6 +121,10 @@ Patch6089: backport-Fix-an-enum-int-type-mismatch-in-rpmfiArchiveReadToF.patch Patch6090: backport-Fix-an-enum-int-type-mismatch-in-transaction-verify-.patch Patch6091: backport-Fix-enum-type-mismatch-in-rpmTagGetValue.patch Patch6092: backport-Don-t-segfault-on-missing-priority-tag.patch +Patch6093: backport-Fix-pointer-bogosity-in-rpmlog-callback.patch +Patch6094: backport-Fix-an-ancient-memleak-on-caps-parsing-add-tests.patch +Patch6095: backport-Fix-potential-use-of-uninitialized-pipe-array.patch +Patch6096: backport-Fix-potential-use-of-uninitialized-pgp-struct.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -411,6 +415,9 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Mon Jul 22 2024 gengqihu - 4.17.0-40 +- Backport some patches from upstream + * Fri Jul 05 2024 luhuaxin - 4.17.0-39 - IMA digest list plugin support signature within IMA header