- update to 4.9.1.2 (CVE-2011-3378)

- drop upstreamed rpmdb signal patch

.gitignore

@@ -4,3 +4,4 @@ rpm-4.8.1.tar.bz2
 /rpm-4.9.0.tar.bz2
 /rpm-4.9.1.tar.bz2
 /rpm-4.9.1.1.tar.bz2
+/rpm-4.9.1.2.tar.bz2

rpm-4.9.1-rpmdb-signals.patch

@@ -1,54 +0,0 @@
-commit 36f6874fcf5222f4553fb5b7782af18c7b6ea92a
-Author: Panu Matilainen <pmatilai@redhat.com>
-Date:   Fri Apr 15 09:18:15 2011 +0300
-
-    Only muck with signals on first and last db open/close
-    - Signals are per-process global, as long as there are other
-      databases open (or references to the same db) we shouldn't mess
-      with them. Less important on open, but if somebody is changing
-      rpmsq-handling we shouldn't override that either.
-    (cherry picked from commit dcf650f5a73846773c7b81de08e2608391f733b8)
-
-diff --git a/lib/rpmdb.c b/lib/rpmdb.c
-index 50bb6b1..44cdb2b 100644
---- a/lib/rpmdb.c
-+++ b/lib/rpmdb.c
-@@ -661,12 +661,14 @@ int rpmdbClose(rpmdb db)
- 
-     db = _free(db);
- 
-+    if (rpmdbRock == NULL) {
-+	(void) rpmsqEnable(-SIGHUP, NULL);
-+	(void) rpmsqEnable(-SIGINT, NULL);
-+	(void) rpmsqEnable(-SIGTERM, NULL);
-+	(void) rpmsqEnable(-SIGQUIT, NULL);
-+	(void) rpmsqEnable(-SIGPIPE, NULL);
-+    }
- exit:
--    (void) rpmsqEnable(-SIGHUP,	NULL);
--    (void) rpmsqEnable(-SIGINT,	NULL);
--    (void) rpmsqEnable(-SIGTERM,NULL);
--    (void) rpmsqEnable(-SIGQUIT,NULL);
--    (void) rpmsqEnable(-SIGPIPE,NULL);
-     return rc;
- }
- 
-@@ -728,11 +730,13 @@ static int openDatabase(const char * prefix,
-     /* Try to ensure db home exists, error out if we cant even create */
-     rc = rpmioMkpath(rpmdbHome(db), 0755, getuid(), getgid());
-     if (rc == 0) {
--	(void) rpmsqEnable(SIGHUP, NULL);
--	(void) rpmsqEnable(SIGINT, NULL);
--	(void) rpmsqEnable(SIGTERM,NULL);
--	(void) rpmsqEnable(SIGQUIT,NULL);
--	(void) rpmsqEnable(SIGPIPE,NULL);
-+	if (rpmdbRock == NULL) {
-+	    (void) rpmsqEnable(SIGHUP, NULL);
-+	    (void) rpmsqEnable(SIGINT, NULL);
-+	    (void) rpmsqEnable(SIGTERM, NULL);
-+	    (void) rpmsqEnable(SIGQUIT, NULL);
-+	    (void) rpmsqEnable(SIGPIPE, NULL);
-+	}
- 
- 	/* Just the primary Packages database opened here */
- 	rc = (rpmdbOpenIndex(db, RPMDBI_PACKAGES, db->db_flags) != NULL) ? 0 : -2;

rpm.spec

@@ -11,7 +11,7 @@
 
 %define rpmhome /usr/lib/rpm
 
-%define rpmver 4.9.1.1
+%define rpmver 4.9.1.2
 %define srcver %{rpmver}%{?snapver:-%{snapver}}
 
 %define bdbname db4
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}3%{?dist}
+Release: %{?snapver:0.%{snapver}.}1%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.9.x/%{name}-%{srcver}.tar.bz2
@@ -40,7 +40,6 @@ Patch3: rpm-4.8.0-no-man-dirs.patch
 Patch4: rpm-4.8.1-use-gpg2.patch
 
 # Patches already in upstream
-Patch100: rpm-4.9.1-rpmdb-signals.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@@ -210,8 +209,6 @@ packages on a system.
 %patch3 -p1 -b .no-man-dirs
 %patch4 -p1 -b .use-gpg2
 
-%patch100 -p1 -b .rpmdb-signals
-
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
 %patch303 -p1 -b .debuginfo-allnames
@@ -429,6 +426,10 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Thu Sep 29 2011 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.2-1
+- update to 4.9.1.2 (CVE-2011-3378)
+- drop upstreamed rpmdb signal patch
+
 * Mon Sep 19 2011 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.1-3
 - fix signal blocking/unblocking regression on rpmdb open/close (#739492)
 

sources

@@ -1 +1 @@
-529df3e2705d851e26a9d88d5bd2ddd3  rpm-4.9.1.1.tar.bz2
+85cc5b7adb5806b5abf5b538b088dbdc  rpm-4.9.1.2.tar.bz2