rpms/rpm/devel rpm-4.7.2-chmod-selinux.patch, NONE, 1.1 rpm-4.7.2-pgp-subkey.patch, NONE, 1.1 rpm-4.7.2-rpmfc-unknown.patch, NONE, 1.1 rpm-4.7.2-sign-passcheck.patch, NONE, 1.1 rpm.spec, 1.367, 1.368
Panu Matilainen
pmatilai at fedoraproject.org
Fri Dec 4 09:32:33 UTC 2009
Author: pmatilai
Update of /cvs/pkgs/rpms/rpm/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29544
Modified Files:
rpm.spec
Added Files:
rpm-4.7.2-chmod-selinux.patch rpm-4.7.2-pgp-subkey.patch
rpm-4.7.2-rpmfc-unknown.patch rpm-4.7.2-sign-passcheck.patch
Log Message:
- missing error exit code from signing password checking (#496754)
- dont fail build on unrecognized data files (#532489)
- dont try to parse subkeys and secret keys (#436812)
- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
rpm-4.7.2-chmod-selinux.patch:
configure | 2 +-
configure.ac | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE rpm-4.7.2-chmod-selinux.patch ---
diff -up rpm-4.7.2/configure.ac.chmod-test rpm-4.7.2/configure.ac
--- rpm-4.7.2/configure.ac.chmod-test 2009-11-25 09:19:30.000000000 +0200
+++ rpm-4.7.2/configure.ac 2009-12-04 11:23:39.000000000 +0200
@@ -61,7 +61,7 @@ AC_MSG_CHECKING(POSIX chmod)
touch foo.chmodtest
chmod 744 foo.chmodtest
chmod +X foo.chmodtest 2>/dev/null
-a=`ls -l foo.chmodtest | awk '{print $1}'`
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
rm -f foo.chmodtest
if test "$a" = "-rwxr-xr-x"; then
AC_MSG_RESULT(yes)
diff -up rpm-4.7.2/configure.chmod-test rpm-4.7.2/configure
--- rpm-4.7.2/configure.chmod-test 2009-12-04 11:24:06.000000000 +0200
+++ rpm-4.7.2/configure 2009-12-04 11:24:51.000000000 +0200
@@ -17626,7 +17626,7 @@ $as_echo_n "checking POSIX chmod... " >&
touch foo.chmodtest
chmod 744 foo.chmodtest
chmod +X foo.chmodtest 2>/dev/null
-a=`ls -l foo.chmodtest | awk '{print $1}'`
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
rm -f foo.chmodtest
if test "$a" = "-rwxr-xr-x"; then
{ $as_echo "$as_me:$LINENO: result: yes" >&5
rpm-4.7.2-pgp-subkey.patch:
rpmpgp.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- NEW FILE rpm-4.7.2-pgp-subkey.patch ---
commit 6eeb0bb06466d9eb75eb55efd514d3ecfe089042
Author: Panu Matilainen <pmatilai at redhat.com>
Date: Wed Nov 25 15:07:17 2009 +0200
We can't handle OpenPGP subkeys or secret keys, so dont even try
- parsing subkeys ends up overwriting data in the main key, causing
bogus signature checking failures
- this is the final missing piece of RhBug:436812, short of adding
proper support for subkeys (maybe someday...)
(cherry picked from commit 98213fc4192c7af07037a0f3e9cce9e3b8509c02)
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index d7bbb5e..f76fc2b 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -1190,11 +1190,6 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
else
memset(_digp->signid, 0, sizeof(_digp->signid));
}
- case PGPTAG_PUBLIC_SUBKEY:
- rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
- break;
- case PGPTAG_SECRET_KEY:
- case PGPTAG_SECRET_SUBKEY:
rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
break;
case PGPTAG_USER_ID:
@@ -1205,6 +1200,9 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
rc = pgpPrtComment(tag, h, hlen);
break;
+ case PGPTAG_PUBLIC_SUBKEY:
+ case PGPTAG_SECRET_KEY:
+ case PGPTAG_SECRET_SUBKEY:
case PGPTAG_RESERVED:
case PGPTAG_PUBLIC_SESSION_KEY:
case PGPTAG_SYMMETRIC_SESSION_KEY:
rpm-4.7.2-rpmfc-unknown.patch:
rpmfc.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- NEW FILE rpm-4.7.2-rpmfc-unknown.patch ---
commit fa9fcc89146f08bce3b51d96d0ec9d4175db6978
Author: Panu Matilainen <pmatilai at redhat.com>
Date: Thu Nov 26 10:22:41 2009 +0200
Dont fail build on unrecognized non-executable files (ticket #105)
- Generally only executable files are critical for dependency extraction,
whereas oddball application data files can cause unnecessary build
failure due to libmagic misdetections etc, so just let non-executables
pass with a warning and mark them as unknown data
(cherry picked from commit cfcd1f9bd98d5d0fc46a84931984efec3b9d47e2)
diff --git a/build/rpmfc.c b/build/rpmfc.c
index bcb5383..e4ba6b2 100644
--- a/build/rpmfc.c
+++ b/build/rpmfc.c
@@ -1245,6 +1245,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
for (fc->ix = 0; fc->ix < fc->nfiles; fc->ix++) {
const char * ftype;
rpm_mode_t mode = (fmode ? fmode[fc->ix] : 0);
+ int is_executable = (mode & (S_IXUSR|S_IXGRP|S_IXOTH));
s = argv[fc->ix];
slen = strlen(s);
@@ -1277,11 +1278,16 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
ftype = magic_file(ms, s);
if (ftype == NULL) {
- rpmlog(RPMLOG_ERR,
+ rpmlog(is_executable ? RPMLOG_ERR : RPMLOG_WARNING,
_("Recognition of file \"%s\" failed: mode %06o %s\n"),
s, mode, magic_error(ms));
- magic_close(ms);
- return RPMRC_FAIL;
+ /* only executable files are critical to dep extraction */
+ if (is_executable) {
+ magic_close(ms);
+ return RPMRC_FAIL;
+ }
+ /* unrecognized non-executables get treated as "data" */
+ ftype = "data";
}
}
rpm-4.7.2-sign-passcheck.patch:
signature.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE rpm-4.7.2-sign-passcheck.patch ---
commit 31c5e0f9b7b09661611b50d84d26ba47ce97fffe
Author: Panu Matilainen <pmatilai at redhat.com>
Date: Wed Nov 25 16:42:43 2009 +0200
Fix signature password checking result on abnormal conditions (RhBug:496754)
- Execve() failure wasn't returning an error code, causing rpm to
think the password was ok when we couldn't even try verifying
- Stricter return code checking from the password checking child:
the password can only be ok if the child exits with WIFEXITED() *and*
WIFEXITCODE() of 0. Also WIFEXITCODE() should only be called if
WIFEXITED() returns true.
(cherry picked from commit 2b41860984f0c4ebba5ebce93a18c9c0ca5e1065)
diff --git a/lib/signature.c b/lib/signature.c
index a501f3e..a2eaf9b 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -883,6 +883,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
strerror(errno));
+ _exit(EXIT_FAILURE);
} break;
case RPMSIGTAG_RSA:
case RPMSIGTAG_PGP5: /* XXX legacy */
@@ -932,7 +933,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
(void) waitpid(pid, &status, 0);
- return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
+ return ((WIFEXITED(status) && WEXITSTATUS(status) == 0)) ? 0 : 1;
}
char * rpmGetPassPhrase(const char * prompt, const rpmSigTag sigTag)
Index: rpm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rpm/devel/rpm.spec,v
retrieving revision 1.367
retrieving revision 1.368
diff -u -p -r1.367 -r1.368
--- rpm.spec 25 Nov 2009 08:23:31 -0000 1.367
+++ rpm.spec 4 Dec 2009 09:32:33 -0000 1.368
@@ -21,7 +21,7 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@@ -42,6 +42,10 @@ Patch3: rpm-4.6.0-fedora-specspo.patch
Patch200: rpm-4.7.1-bugurl.patch
Patch201: rpm-4.7.0-extra-provides.patch
Patch202: rpm-4.7.1-python-bytecompile.patch
+Patch203: rpm-4.7.2-sign-passcheck.patch
+Patch204: rpm-4.7.2-rpmfc-unknown.patch
+Patch205: rpm-4.7.2-pgp-subkey.patch
+Patch206: rpm-4.7.2-chmod-selinux.patch
# These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch
@@ -197,6 +201,10 @@ packages on a system.
%patch200 -p1 -b .bugurl
%patch201 -p1 -b .extra-prov
%patch202 -p1 -b .python-bytecompile
+%patch203 -p1 -b .sign-passcheck
+%patch204 -p1 -b .rpmfc-unknown
+%patch205 -p1 -b .pgp-subkey
+%patch206 -p1 -b .chmod-test
%patch301 -p1 -b .niagara
%patch302 -p1 -b .geode
@@ -411,6 +419,12 @@ exit 0
%doc doc/librpm/html/*
%changelog
+* Fri Dec 04 2009 Panu Matilainen <pmatilai at redhat.com> - 4.7.2-2
+- missing error exit code from signing password checking (#496754)
+- dont fail build on unrecognized data files (#532489)
+- dont try to parse subkeys and secret keys (#436812)
+- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
+
* Wed Nov 25 2009 Panu Matilainen <pmatilai at redhat.com> - 4.7.2-1
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
- fixes #464750, #529214
More information about the fedora-extras-commits
mailing list