From 6d748ba15fae5b88cd122ec9f3d9eb48fb152888 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 29 Sep 2011 16:22:09 +0300 Subject: [PATCH] - update to 4.9.1.2 (CVE-2011-3378) - drop upstreamed rpmdb signal patch --- .gitignore | 1 + rpm-4.9.1-rpmdb-signals.patch | 54 ----------------------------------- rpm.spec | 11 +++---- sources | 2 +- 4 files changed, 8 insertions(+), 60 deletions(-) delete mode 100644 rpm-4.9.1-rpmdb-signals.patch diff --git a/.gitignore b/.gitignore index 0ff1f5f..568136d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ rpm-4.8.1.tar.bz2 /rpm-4.9.0.tar.bz2 /rpm-4.9.1.tar.bz2 /rpm-4.9.1.1.tar.bz2 +/rpm-4.9.1.2.tar.bz2 diff --git a/rpm-4.9.1-rpmdb-signals.patch b/rpm-4.9.1-rpmdb-signals.patch deleted file mode 100644 index cb36154..0000000 --- a/rpm-4.9.1-rpmdb-signals.patch +++ /dev/null @@ -1,54 +0,0 @@ -commit 36f6874fcf5222f4553fb5b7782af18c7b6ea92a -Author: Panu Matilainen -Date: Fri Apr 15 09:18:15 2011 +0300 - - Only muck with signals on first and last db open/close - - Signals are per-process global, as long as there are other - databases open (or references to the same db) we shouldn't mess - with them. Less important on open, but if somebody is changing - rpmsq-handling we shouldn't override that either. - (cherry picked from commit dcf650f5a73846773c7b81de08e2608391f733b8) - -diff --git a/lib/rpmdb.c b/lib/rpmdb.c -index 50bb6b1..44cdb2b 100644 ---- a/lib/rpmdb.c -+++ b/lib/rpmdb.c -@@ -661,12 +661,14 @@ int rpmdbClose(rpmdb db) - - db = _free(db); - -+ if (rpmdbRock == NULL) { -+ (void) rpmsqEnable(-SIGHUP, NULL); -+ (void) rpmsqEnable(-SIGINT, NULL); -+ (void) rpmsqEnable(-SIGTERM, NULL); -+ (void) rpmsqEnable(-SIGQUIT, NULL); -+ (void) rpmsqEnable(-SIGPIPE, NULL); -+ } - exit: -- (void) rpmsqEnable(-SIGHUP, NULL); -- (void) rpmsqEnable(-SIGINT, NULL); -- (void) rpmsqEnable(-SIGTERM,NULL); -- (void) rpmsqEnable(-SIGQUIT,NULL); -- (void) rpmsqEnable(-SIGPIPE,NULL); - return rc; - } - -@@ -728,11 +730,13 @@ static int openDatabase(const char * prefix, - /* Try to ensure db home exists, error out if we cant even create */ - rc = rpmioMkpath(rpmdbHome(db), 0755, getuid(), getgid()); - if (rc == 0) { -- (void) rpmsqEnable(SIGHUP, NULL); -- (void) rpmsqEnable(SIGINT, NULL); -- (void) rpmsqEnable(SIGTERM,NULL); -- (void) rpmsqEnable(SIGQUIT,NULL); -- (void) rpmsqEnable(SIGPIPE,NULL); -+ if (rpmdbRock == NULL) { -+ (void) rpmsqEnable(SIGHUP, NULL); -+ (void) rpmsqEnable(SIGINT, NULL); -+ (void) rpmsqEnable(SIGTERM, NULL); -+ (void) rpmsqEnable(SIGQUIT, NULL); -+ (void) rpmsqEnable(SIGPIPE, NULL); -+ } - - /* Just the primary Packages database opened here */ - rc = (rpmdbOpenIndex(db, RPMDBI_PACKAGES, db->db_flags) != NULL) ? 0 : -2; diff --git a/rpm.spec b/rpm.spec index 5bcf87c..0a272ca 100644 --- a/rpm.spec +++ b/rpm.spec @@ -11,7 +11,7 @@ %define rpmhome /usr/lib/rpm -%define rpmver 4.9.1.1 +%define rpmver 4.9.1.2 %define srcver %{rpmver}%{?snapver:-%{snapver}} %define bdbname db4 @@ -21,7 +21,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}3%{?dist} +Release: %{?snapver:0.%{snapver}.}1%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/rpm-4.9.x/%{name}-%{srcver}.tar.bz2 @@ -40,7 +40,6 @@ Patch3: rpm-4.8.0-no-man-dirs.patch Patch4: rpm-4.8.1-use-gpg2.patch # Patches already in upstream -Patch100: rpm-4.9.1-rpmdb-signals.patch # These are not yet upstream Patch301: rpm-4.6.0-niagara.patch @@ -210,8 +209,6 @@ packages on a system. %patch3 -p1 -b .no-man-dirs %patch4 -p1 -b .use-gpg2 -%patch100 -p1 -b .rpmdb-signals - %patch301 -p1 -b .niagara %patch302 -p1 -b .geode %patch303 -p1 -b .debuginfo-allnames @@ -429,6 +426,10 @@ exit 0 %doc COPYING doc/librpm/html/* %changelog +* Thu Sep 29 2011 Panu Matilainen - 4.9.1.2-1 +- update to 4.9.1.2 (CVE-2011-3378) +- drop upstreamed rpmdb signal patch + * Mon Sep 19 2011 Panu Matilainen - 4.9.1.1-3 - fix signal blocking/unblocking regression on rpmdb open/close (#739492) diff --git a/sources b/sources index 2f7582a..65ac0c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -529df3e2705d851e26a9d88d5bd2ddd3 rpm-4.9.1.1.tar.bz2 +85cc5b7adb5806b5abf5b538b088dbdc rpm-4.9.1.2.tar.bz2