diff --git a/rpm-4.13.0-testsuite-nss.patch b/rpm-4.13.0-testsuite-nss.patch new file mode 100644 index 0000000..d5725d0 --- /dev/null +++ b/rpm-4.13.0-testsuite-nss.patch @@ -0,0 +1,21 @@ +commit 36db47bf59213befbb0afb37032b82e634c7ba78 +Author: Panu Matilainen +Date: Wed May 10 09:17:20 2017 +0300 + + Fix testsuite with newer NSS versions which require /dev/urandom + + (cherry picked from commit 9e3256d2e8fa1bed042f7c4ded7e40e232342539) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 7a5cc6544..1e71d685f 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -109,7 +109,7 @@ testing$(bindir)/rpmbuild: ../rpmbuild + $(MAKE) DESTDIR=`pwd`/${subdir}/testing install) + cp -r ${srcdir}/data/ testing/ + for d in dev etc magic tmp var; do if [ ! -d testing/$${d} ]; then mkdir testing/$${d}; fi; done +- for node in stdin stderr stdout null; do ln -s /dev/$${node} testing/dev/$${node}; done ++ for node in urandom stdin stderr stdout null; do ln -s /dev/$${node} testing/dev/$${node}; done + for cf in hosts resolv.conf passwd shadow group gshadow mtab fstab; do [ -f /etc/$${cf} ] && ln -s /etc/$${cf} testing/etc/$${cf}; done + ln -s ../$(bindir) testing/usr/bin + for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch; do p=`which $${prog}`; ln -s $${p} testing/$${p}; done diff --git a/rpm-4.13.0-unknown-sigtags.patch b/rpm-4.13.0-unknown-sigtags.patch new file mode 100644 index 0000000..f2355eb --- /dev/null +++ b/rpm-4.13.0-unknown-sigtags.patch @@ -0,0 +1,25 @@ +commit 5e311d32e4079bf7f2db001d4f08db3ac0d93af9 +Author: Panu Matilainen +Date: Fri Aug 11 12:48:23 2017 +0300 + + Really ignore unknown signature tags (RhBug:1480407) + + Rather embarrassingly, rpm 4.13 fails rpmkeys -K signature verification + of rpm 4.14 packages because it doesn't really ignore unknown + signature tags like it claims to, and should. And so it reports a + bogus failure on the new SHA256 header-only digest. This bug as it is + only exists in 4.13.x, older versions are fine and >= 4.14 only + ever looks for tags it knows about. + +diff --git a/lib/signature.c b/lib/signature.c +index 1b9fe345f..41bf85893 100644 +--- a/lib/signature.c ++++ b/lib/signature.c +@@ -71,6 +71,7 @@ rpmRC rpmSigInfoParse(rpmtd td, const char *origin, + break; + default: + /* anything unknown just falls through for now */ ++ sinfo->type = RPMSIG_OTHER_TYPE; + break; + } + diff --git a/rpm.spec b/rpm.spec index 9444f10..5ba7cc6 100644 --- a/rpm.spec +++ b/rpm.spec @@ -29,7 +29,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}5%{?dist} +Release: %{?snapver:0.%{snapver}.}6%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 @@ -53,6 +53,8 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch # Patches already upstream: Patch100: rpm-4.13.0-python-rpmsign.patch +Patch101: rpm-4.13.0-unknown-sigtags.patch +Patch102: rpm-4.13.0-testsuite-nss.patch Patch133: rpm-4.13.x-pythondistdeps.patch Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch @@ -573,6 +575,10 @@ exit 0 %doc doc/librpm/html/* %changelog +* Wed Aug 16 2017 Panu Matilainen - 4.13.0.1-6 +- Really ignore unknown tags in the signature header (#1480492) +- Fix testsuite with recent NSS-versions + * Tue May 23 2017 Panu Matilainen - 4.13.0.1-5 - Fix rpmsign python module import failing (#1462671)