- fix build-time double-free on file capability processing (#956190)

- fix relocation related regression on file sanity check (#1001553)
- fix segfault on empty -p <lua> scriptlet body (#1004062)
- fix source url, once again
This commit is contained in:
Panu Matilainen 2013-09-09 14:58:21 +03:00
parent f5c5c333a8
commit 9c611011c4
4 changed files with 83 additions and 2 deletions

View File

@ -0,0 +1,19 @@
commit 65eec62cb7796dad6fbf1d5436251e176449f522
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Thu Aug 29 16:32:32 2013 +0300
Fix double-free on %caps() wildcard %files entry (RhBug:956190)
diff --git a/build/files.c b/build/files.c
index 20f452f..eed5696 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1448,7 +1448,7 @@ static rpmRC addFile(FileList fl, const char * diskPath,
}
if (fl->cur.caps) {
- flp->caps = fl->cur.caps;
+ flp->caps = xstrdup(fl->cur.caps);
} else {
flp->caps = xstrdup("");
}

View File

@ -0,0 +1,23 @@
commit 5f3598a700e8e028f9140682262869ca319597ee
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Fri Sep 6 16:31:25 2013 +0300
Fix segfault executing a -p <lua> scriptlet without a body (RhBug:1004062)
- There are any number of places where this could be fixed, but
to keep the behavior similar to eg /bin/sh scriptlet without a body,
just turn a non-existent script into an empty string.
diff --git a/rpmio/rpmlua.c b/rpmio/rpmlua.c
index 0576318..921cc37 100644
--- a/rpmio/rpmlua.c
+++ b/rpmio/rpmlua.c
@@ -526,6 +526,8 @@ int rpmluaRunScript(rpmlua _lua, const char *script, const char *name)
int ret = 0;
if (name == NULL)
name = "<lua>";
+ if (script == NULL)
+ script = "";
if (luaL_loadbuffer(L, script, strlen(script), name) != 0) {
rpmlog(RPMLOG_ERR, _("invalid syntax in lua script: %s\n"),
lua_tostring(L, -1));

View File

@ -0,0 +1,27 @@
commit 65c7cc17664358051f0358de272e616dd88ab624
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Tue Aug 27 15:15:40 2013 +0300
Relax the filename triplet sanity check a bit (RhBug:1001553)
- At least unowned directories can cause orphans to be left around
in RPMTAG_DIRNAMES, in which case its possible for number of
dirnames to be larger than the number of basenames. This is
arguably a bug in the relocation code but doesn't seem worth
the trouble... so just relax the check to simply permit non-empty
dirnames array, the index bound checking is far more important.
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index 30663d0..00506ce 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -1128,7 +1128,8 @@ static int indexSane(rpmtd xd, rpmtd yd, rpmtd zd)
uint32_t zc = rpmtdCount(zd);
/* check that the amount of data in each is sane */
- if (xc > 0 && yc > 0 && yc <= xc && zc == xc) {
+ /* normally yc <= xc but larger values are not fatal (RhBug:1001553) */
+ if (xc > 0 && yc > 0 && zc == xc) {
uint32_t * i;
/* ...and that the indexes are within bounds */
while ((i = rpmtdNextUint32(zd))) {

View File

@ -21,10 +21,10 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}6%{?dist} Release: %{?snapver:0.%{snapver}.}7%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://rpm.org/releases/testing/%{name}-%{srcver}.tar.bz2 Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2
%if %{with int_bdb} %if %{with int_bdb}
Source1: db-%{bdbver}.tar.gz Source1: db-%{bdbver}.tar.gz
%else %else
@ -50,6 +50,9 @@ Patch6: rpm-4.9.0-armhfp-logic.patch
Patch100: rpm-4.11.x-filter-soname-deps.patch Patch100: rpm-4.11.x-filter-soname-deps.patch
Patch101: rpm-4.11.1-instprefix.patch Patch101: rpm-4.11.1-instprefix.patch
Patch102: rpm-4.11.x-do-not-filter-ld64.patch Patch102: rpm-4.11.x-do-not-filter-ld64.patch
Patch103: rpm-4.11.1-file-triplet-check.patch
Patch104: rpm-4.11.1-caps-double-free.patch
Patch105: rpm-4.11.1-empty-lua-script.patch
# These are not yet upstream # These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch Patch301: rpm-4.6.0-niagara.patch
@ -251,6 +254,9 @@ packages on a system.
%patch100 -p1 -b .filter-soname-deps %patch100 -p1 -b .filter-soname-deps
%patch101 -p1 -b .instprefix %patch101 -p1 -b .instprefix
%patch102 -p1 -b .dont-filter-ld64 %patch102 -p1 -b .dont-filter-ld64
%patch103 -p1 -b .file-triplet-check
%patch104 -p1 -b .caps-double-free
%patch105 -p1 -b .empty-lua-script
%patch301 -p1 -b .niagara %patch301 -p1 -b .niagara
%patch302 -p1 -b .geode %patch302 -p1 -b .geode
@ -507,6 +513,12 @@ exit 0
%doc COPYING doc/librpm/html/* %doc COPYING doc/librpm/html/*
%changelog %changelog
* Mon Sep 09 2013 Matilainen <pmatilai@redhat.com> - 4.11.1-7
- fix build-time double-free on file capability processing (#956190)
- fix relocation related regression on file sanity check (#1001553)
- fix segfault on empty -p <lua> scriptlet body (#1004062)
- fix source url, once again
* Wed Aug 21 2013 Panu Matilainen <pmatilai@redhat.com> - 4.11.1-6 * Wed Aug 21 2013 Panu Matilainen <pmatilai@redhat.com> - 4.11.1-6
- add python3 sub-package, based on patch by Bohuslav Kabrda - add python3 sub-package, based on patch by Bohuslav Kabrda