rpms
/
rpm
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Include upstream patch to fix find-debuginfo (http://www.rpm.org/ticket/887).

This commit is contained in:
Richard W.M. Jones 2015-02-17 14:08:50 +00:00 committed by Florian Festi
parent 3c276f2744
commit 5c14c3499e
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0001-Fix-find-debuginfo.sh-for-ELF-with-file-warnings.patch Normal file
View File

@ -0,0 +1,37 @@
From 4f58e5abcb336292f78bc6d54e1140b4fdded30b Mon Sep 17 00:00:00 2001
From: Pascal Terjan <pterjan@mandriva.org>
Date: Sat, 14 Feb 2015 21:58:19 +0000
Subject: [PATCH] Fix find-debuginfo.sh for ELF with file warnings
Since the fix for CVE-2014-9620, file will print a "warning" that it
only processed 256 notes:
$ file -N libjvm.so
libjvm.so: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=63ece24db1a29f9df8231337f741664e0b10fc7f, not stripped, too many notes (256)
And this leads to those messages and a failure:
stat: cannot stat 'libjvm.so,': No such file or directory
stat: cannot stat 'too': No such file or directory
stat: cannot stat 'many': No such file or directory
stat: cannot stat 'notes': No such file or directory
stat: cannot stat '(256)': No such file or directory
---
scripts/find-debuginfo.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
index 57449f7..264fad5 100644
--- a/scripts/find-debuginfo.sh
+++ b/scripts/find-debuginfo.sh
@@ -205,7 +205,7 @@ $strict || strict_error=WARNING
find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
\( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
-print |
-file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped/\1/p' |
+file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' |
xargs --no-run-if-empty stat -c '%h %D_%i %n' |
while read nlinks inum f; do
get_debugfn "$f"
--
2.3.0

8
rpm.spec
View File

@ -27,7 +27,7 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}4%{?dist}
Release: %{?snapver:0.%{snapver}.}5%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
@ -56,6 +56,9 @@ Patch100: rpm-4.12.0-tslock-nowait.patch
Patch101: rpm-4.12.0-payload-ghost.patch
# Unbreak size tag generation on big-endian systems
Patch102: rpm-4.12.0-archive-endian.patch
# find-debuginfo.sh fails on ELF with more than 256 notes
# http://www.rpm.org/ticket/887
Patch103: 0001-Fix-find-debuginfo.sh-for-ELF-with-file-warnings.patch
# These are not yet upstream
Patch302: rpm-4.7.1-geode-i686.patch
@ -538,6 +541,9 @@ exit 0
%doc doc/librpm/html/*
%changelog
* Tue Mar 03 2015 Florian Festi <ffesti@redhat.com> - 4.12.0.1-5
- Include upstream patch to fix find-debuginfo (http://www.rpm.org/ticket/887).
* Fri Dec 12 2014 Lubos Kardos <lkardos@redhat.com> - 4.12.0.1-4
- Add check against malicious CPIO file name size (#1168715)
- Fixes CVE-2014-8118