- update to 4.1.9.3 (http://rpm.org/wiki/Releases/4.9.1.3)

- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815

.gitignore

@@ -4,3 +4,4 @@ rpm-4.8.1.tar.bz2
 /rpm-4.9.0.tar.bz2
 /rpm-4.9.1.tar.bz2
 /rpm-4.9.1.1.tar.bz2
+/rpm-4.9.1.3.tar.bz2

rpm-4.9.0-armhfp-logic.patch

@@ -0,0 +1,84 @@
+diff -uNr rpm-4.9.0-orig//lib/rpmrc.c rpm-4.9.0/lib/rpmrc.c
+--- rpm-4.9.0-orig//lib/rpmrc.c	2011-08-05 12:23:04.000000000 -0500
++++ rpm-4.9.0/lib/rpmrc.c	2011-08-05 12:25:13.000000000 -0500
+@@ -732,6 +732,56 @@
+ }
+ #endif
+ 
++#if defined(__linux__) && defined(__arm__)
++static int has_neon()
++{
++        char buffer[4096], *p;
++        int fd = open("/proc/cpuinfo", O_RDONLY);
++        if (read(fd, &buffer, sizeof(buffer) - 1) == -1) {
++                rpmlog(RPMLOG_WARNING, _("read(/proc/cpuinfo) failed\n"));
++                close(fd);
++                return 0;
++        }
++        close(fd);
++
++        p = strstr(buffer, "Features");
++        p = strtok(p, "\n");
++        p = strstr(p, "neon");
++        p = strtok(p, " ");
++        if (p == NULL) {
++                rpmlog(RPMLOG_WARNING, _("/proc/cpuinfo has no 'Features' line\n"));
++                return 0;
++        } else if (strcmp(p, "neon") == 0) {
++                return 1;
++        }
++        return 0;
++}
++
++static int has_hfp()
++{
++        char buffer[4096], *p;
++        int fd = open("/proc/cpuinfo", O_RDONLY);
++        if (read(fd, &buffer, sizeof(buffer) - 1) == -1) {
++                rpmlog(RPMLOG_WARNING, _("read(/proc/cpuinfo) failed\n"));
++                close(fd);
++                return 0;
++        }
++        close(fd);
++
++        p = strstr(buffer, "Features");
++        p = strtok(p, "\n");
++        p = strstr(p, "vfpv3");
++        p = strtok(p, " ");
++        if (p == NULL) {
++                rpmlog(RPMLOG_WARNING, _("/proc/cpuinfo has no 'Features' line\n"));
++                return 0;
++        } else if (strcmp(p, "vfpv3") == 0) {
++                return 1;
++        }
++        return 0;
++}
++#endif
++
+ 
+ #	if defined(__linux__) && defined(__i386__)
+ #include <setjmp.h>
+@@ -1157,6 +1207,22 @@
+ 	}
+ #	endif	/* sparc*-linux */
+ 
++#	if defined(__linux__) && defined(__arm__)
++	{
++	    if (strcmp(un.machine, "armv7l") == 0 ) {
++	        if (has_neon() && has_hfp())
++                    strcpy(un.machine, "armv7hnl");
++                else if (has_hfp())
++                    strcpy(un.machine, "armv7hl");
++	    } else if (strcmp(un.machine, "armv6l") == 0 ) {
++	        if (has_neon() && has_hfp())
++                    strcpy(un.machine, "armv6hnl");
++                else if (has_hfp())
++                    strcpy(un.machine, "armv6hl");
++	    }
++	}
++#	endif	/* arm*-linux */
++
+ #	if defined(__GNUC__) && defined(__alpha__)
+ 	{
+ 	    unsigned long amask, implver;
+

rpm-4.9.0-armhfp.patch

@@ -0,0 +1,73 @@
+diff -uNr rpm-4.9.0-orig//installplatform rpm-4.9.0/installplatform
+--- rpm-4.9.0-orig//installplatform	2010-12-03 06:11:57.000000000 -0600
++++ rpm-4.9.0/installplatform	2011-08-05 12:25:13.000000000 -0500
+@@ -19,7 +19,7 @@
+ case "$arch" in
+   i[3456]86|pentium[34]|athlon|geode) SUBSTS='s_i386_i386_ s_i386_i486_ s_i386_i586_ s_i386_i686_ s_i386_pentium3_ s_i386_pentium4_ s_i386_athlon_ s_i386_geode_' ;;
+   alpha*) SUBSTS='s_alpha_alpha_ s_alpha_alphaev5_ s_alpha_alphaev56_ s_alpha_alphapca56_ s_alpha_alphaev6_ s_alpha_alphaev67_' ;;
+-  arm*) SUBSTS='s_arm_arm_ s_arm_armv3l_ s_arm_armv4l_ s_arm_armv4tl_ s_arm_armv5tel_ s_arm_armv5tejl_ s_arm_armv6l_ s_arm_armv7l_' ;;
++  arm*) SUBSTS='s_arm_arm_ s_arm_armv3l_ s_arm_armv4l_ s_arm_armv4tl_ s_arm_armv5tel_ s_arm_armv5tejl_ s_arm_armv6l_ s_arm_armv7l_ s_arm_armv7hl_ s_arm_armv7hnl_' ;;
+   sh4*) SUBSTS='s_sh4_sh4_ s_sh4_sh4a_' ;;
+   sparc*) SUBSTS='s_sparc\(64\|64v\|v9v\|v9\)_sparc_ s_sparc64_sparcv9_;s_sparc\([^v]\|$\)_sparcv9\1_ s_sparcv9_sparc64_;s_sparc\([^6]\|$\)_sparc64\1_' ;;
+   powerpc*|ppc*) SUBSTS='s_ppc64_ppc_ s_ppc\([^6ip]\|$\)_ppc64\1_ s_ppc\([^6ip]\|$\)_ppciseries_ s_ppc\([^6ip]\|$\)_ppcpseries_ s_ppc\([^6ip]\|$\)_ppc64iseries_ s_ppc\([^6ip]\|$\)_ppc64pseries_' ;;
+diff -uNr rpm-4.9.0-orig//macros.in rpm-4.9.0/macros.in
+--- rpm-4.9.0-orig//macros.in	2011-08-05 12:23:04.000000000 -0500
++++ rpm-4.9.0/macros.in	2011-08-05 12:25:13.000000000 -0500
+@@ -1032,7 +1032,7 @@
+ 
+ #------------------------------------------------------------------------------
+ # arch macro for all supported ARM processors
+-%arm	armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv7l
++%arm	armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv7l armv7hl armv7hnl
+ 
+ #------------------------------------------------------------------------------
+ # arch macro for all supported Sparc processors
+diff -uNr rpm-4.9.0-orig//rpmrc.in rpm-4.9.0/rpmrc.in
+--- rpm-4.9.0-orig//rpmrc.in	2011-08-05 12:23:04.000000000 -0500
++++ rpm-4.9.0/rpmrc.in	2011-08-05 12:26:34.000000000 -0500
+@@ -66,6 +66,8 @@
+ optflags: armv5tejl -O2 -g -march=armv5te
+ optflags: armv6l -O2 -g -march=armv6
+ optflags: armv7l -O2 -g -march=armv7
++optflags: armv7hl -O2 -g -march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -mthumb
++optflags: armv7hnl -O2 -g -march=armv7-a -mfloat-abi=hard -mfpu=neon -mthumb
+ 
+ optflags: atarist -O2 -g -fomit-frame-pointer
+ optflags: atariste -O2 -g -fomit-frame-pointer
+@@ -140,6 +142,8 @@
+ arch_canon:     armv5tejl: armv5tejl 	12
+ arch_canon:     armv6l: armv6l 	12
+ arch_canon:     armv7l: armv7l 	12
++arch_canon:     armv7hl: armv7hl 	12
++arch_canon:     armv7hnl: armv7hnl 	12
+ 
+ arch_canon:	m68kmint: m68kmint	13
+ arch_canon:	atarist: m68kmint	13
+@@ -248,6 +252,8 @@
+ buildarchtranslate: armv5tejl: armv5tejl
+ buildarchtranslate: armv6l: armv6l
+ buildarchtranslate: armv7l: armv7l
++buildarchtranslate: armv7hl: armv7hl
++buildarchtranslate: armv7hnl: armv7hnl
+ 
+ buildarchtranslate: atarist: m68kmint
+ buildarchtranslate: atariste: m68kmint
+@@ -336,6 +342,8 @@
+ arch_compat: armv4tl: armv4l
+ arch_compat: armv4l: armv3l
+ arch_compat: armv3l: noarch
++arch_compat: armv7hnl: armv7hl
++arch_compat: armv7hl: noarch
+ 
+ arch_compat: atarist: m68kmint noarch
+ arch_compat: atariste: m68kmint noarch
+@@ -441,6 +449,9 @@
+ buildarch_compat: armv4l: armv3l
+ buildarch_compat: armv3l: noarch
+ 
++buildarch_compat: armv7hnl: armv7hl
++buildarch_compat: armv7hl: noarch
++
+ buildarch_compat: hppa2.0: hppa1.2
+ buildarch_compat: hppa1.2: hppa1.1
+ buildarch_compat: hppa1.1: hppa1.0

rpm-4.9.1.2-rpmlib-filesystem-check.patch

@@ -0,0 +1,127 @@
+diff --git a/lib/depends.c b/lib/depends.c
+index 69aecbb..5101d32 100644
+--- a/lib/depends.c
++++ b/lib/depends.c
+@@ -386,6 +386,108 @@ static int rpmdbProvides(rpmts ts, depCache dcache, rpmds dep)
+     return rc;
+ }
+ 
++/*
++ * Temporary support for live-conversion of the filesystem hierarchy
++ *   mailto: kay@redhat.com, harald@redhat.com
++ *   https://fedoraproject.org/wiki/Features/UsrMove
++ *
++ *   X-CheckUnifiedSystemdir:
++ *     /bin, /sbin, /lib, /lib64 --> /usr
++ *
++ *   X-CheckUnifiedBindir:
++ *     /usr/sbin -> /usr/bin
++ *
++ *   X-CheckMultiArchLibdir:
++ *     /usr/lib64 /usr/lib/<platform tuple> (e.g. x86_64-linux-gnu)
++ *
++ * This code is not needed for new installations, it can be removed after
++ * updates from older systems are no longer supported: Fedora 19 / RHEL 8.
++ */
++
++static int CheckLink(const char *dir, const char *root)
++{
++    char *d = NULL;
++    struct stat sbuf;
++    int rc = 0;
++
++    if (!root)
++	root = "/";
++
++    rasprintf(&d, "%s%s", root, dir);
++    if (!d) {
++	rc = -1;
++	goto exit;
++    }
++
++    /* directory or symlink does not exist, all is fine */
++    if (lstat(d, &sbuf) < 0) {
++	rc = 1;
++	goto exit;
++    }
++
++    /* if it is a symlink, all is fine */
++    if (S_ISLNK(sbuf.st_mode))
++	rc = 1;
++
++exit:
++    free(d);
++    return rc;
++}
++
++static int CheckFilesystemHierarchy(rpmds * dsp, const char *root)
++{
++    static const char *dirs[] = { "bin", "sbin", "lib", "lib64" };
++    int check;
++    int i;
++    rpmds ds;
++    int rc = 0;
++
++    for (i = 0; i < sizeof(dirs) / sizeof(dirs[0]); i++) {
++	check = CheckLink(dirs[i], root);
++	if (check < 0) {
++	    rc = -1;
++	    goto exit;
++	}
++
++	if (check == 0)
++	    goto exit;
++    }
++    ds = rpmdsSingle(RPMTAG_PROVIDENAME,
++		     "rpmlib(X-CheckUnifiedSystemdir)", "1",
++		     RPMSENSE_EQUAL);
++    rpmdsMerge(dsp, ds);
++    rpmdsFree(ds);
++
++    check = CheckLink("usr/lib64", root);
++    if (check < 0) {
++        rc = -1;
++        goto exit;
++    }
++    if (check > 0) {
++	ds = rpmdsSingle(RPMTAG_PROVIDENAME,
++			 "rpmlib(X-CheckMultiArchLibdir)", "1",
++			 RPMSENSE_EQUAL);
++	rpmdsMerge(dsp, ds);
++	rpmdsFree(ds);
++    }
++
++    check = CheckLink("usr/sbin", root);
++    if (check < 0) {
++	rc = -1;
++	goto exit;
++    }
++    if (check > 0) {
++	ds = rpmdsSingle(RPMTAG_PROVIDENAME,
++			 "rpmlib(X-CheckUnifiedBindir)", "1",
++			 RPMSENSE_EQUAL);
++	rpmdsMerge(dsp, ds);
++	rpmdsFree(ds);
++    }
++
++exit:
++    return rc;
++}
++
+ /**
+  * Check dep for an unsatisfied dependency.
+  * @param ts		transaction set
+@@ -410,9 +512,11 @@ retry:
+      */
+     if (dsflags & RPMSENSE_RPMLIB) {
+ 	static int oneshot = -1;
+-	if (oneshot) 
++	if (oneshot) {
+ 	    oneshot = rpmdsRpmlib(&rpmlibP, NULL);
+-	
++	    CheckFilesystemHierarchy(&rpmlibP, rpmtsRootDir(ts));
++	}
++
+ 	if (rpmlibP != NULL && rpmdsSearch(rpmlibP, dep) >= 0) {
+ 	    rpmdsNotify(dep, "(rpmlib provides)", rc);
+ 	    goto exit;

rpm-4.9.x-elfattr.patch

@@ -0,0 +1,16 @@
+commit 87d9e3c4adac92ff544440dd1239a4ae4fe05bb4
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Mon Nov 28 14:00:45 2011 +0200
+
+    Fix classification of ELF binaries with setuid/setgid bit, oops...
+
+diff --git a/fileattrs/elf.attr b/fileattrs/elf.attr
+index bc6ce83..595b33e 100644
+--- a/fileattrs/elf.attr
++++ b/fileattrs/elf.attr
+@@ -1,4 +1,4 @@
+ %__elf_provides		%{_rpmconfigdir}/elfdeps --provides %{?__filter_GLIBC_PRIVATE:--filter-private}
+ %__elf_requires		%{_rpmconfigdir}/elfdeps --requires %{?__filter_GLIBC_PRIVATE:--filter-private}
+-%__elf_magic		^(sticky )?ELF (32|64)-bit.*$
++%__elf_magic		^(setuid )?(setgid )?(sticky )?ELF (32|64)-bit.*$
+ %__elf_flags		exeonly

rpm-4.9.x-fontattr.patch

@@ -0,0 +1,15 @@
+commit fb30c0aac8b3da8c75a8cb1578a719ce38db59eb
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Fri Nov 25 16:07:38 2011 +0200
+
+    Identify "font collection" (data etc) as fonts also (RhBug:757105)
+
+diff --git a/fileattrs/font.attr b/fileattrs/font.attr
+index 5c4c78f..8c19383 100644
+--- a/fileattrs/font.attr
++++ b/fileattrs/font.attr
+@@ -1,3 +1,3 @@
+ %__font_provides	%{_rpmconfigdir}/fontconfig.prov
+ %__font_requires	%{nil}
+-%__font_magic		^.* [Ff]ont (program )?(text|data).*$
++%__font_magic		^.* [Ff]ont (program|collection )?(text|data).*$

rpm-4.9.x-mpsize.patch

@@ -0,0 +1,28 @@
+commit d8cd36058b528f56bd579204426143be1e1eac6d
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Wed Feb 8 10:56:09 2012 +0200
+
+    Switch back to former, much smaller BDB memory pool size (RhBug:752897)
+    
+    - A larger cache is beneficial in various scenarios, but triggers
+      horrible worst-case performance under memory pressure (or so my
+      current theory goes, there might be other factors too). The
+      worst-case degration is orders of magnitude bigger than the best-case
+      improvements from the larger cache and for many use-cases doesn't
+      make a whole lot difference.  We could/should tune the cache with
+      priorizing indexes and all, and perhaps dynamically select the
+      cache size but for now, the 1Mb cache size is known to "just work".
+
+diff --git a/macros.in b/macros.in
+index f835fec..6034721 100644
+--- a/macros.in
++++ b/macros.in
+@@ -535,7 +535,7 @@ print (t)\
+ #
+ 
+ # Misc BDB tuning options
+-%__dbi_other			mp_mmapsize=128Mb mp_size=64Mb
++%__dbi_other			mp_mmapsize=128Mb mp_size=1Mb
+ 
+ %_dbi_config			%{?__dbi_other}
+ 

rpm.spec

@@ -11,7 +11,7 @@
 
 %define rpmhome /usr/lib/rpm
 
-%define rpmver 4.9.1.1
+%define rpmver 4.9.1.3
 %define srcver %{rpmver}%{?snapver:-%{snapver}}
 
 %define bdbname db4
@@ -38,14 +38,22 @@ Patch2: rpm-4.8.90-fedora-specspo.patch
 Patch3: rpm-4.8.0-no-man-dirs.patch
 # gnupg2 comes installed by default, avoid need to drag in gnupg too
 Patch4: rpm-4.8.1-use-gpg2.patch
+#conditionally applied patch for arm hardware floating point
+Patch5: rpm-4.9.0-armhfp.patch
+Patch6: rpm-4.9.0-armhfp-logic.patch
 
 # Patches already in upstream
+Patch100: rpm-4.9.x-fontattr.patch
+Patch101: rpm-4.9.x-elfattr.patch
+Patch102: rpm-4.9.x-mpsize.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
 Patch302: rpm-4.7.1-geode-i686.patch
 # To be upstreamed after rawhide-testdrive (#641377)
 Patch303: rpm-4.9.0-debuginfo-allnames.patch
+# Temporary Patch to provide support for updates
+Patch400: rpm-4.9.1.2-rpmlib-filesystem-check.patch
 
 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD 
@@ -207,10 +215,23 @@ packages on a system.
 %patch3 -p1 -b .no-man-dirs
 %patch4 -p1 -b .use-gpg2
 
+%patch100 -p1 -b .fontattr
+%patch101 -p1 -b .elfattr
+%patch102 -p1 -b .mpsize
+
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
 %patch303 -p1 -b .debuginfo-allnames
 
+%patch5 -p1 -b .armhfp
+
+%patch400 -p1 -b .rpmlib-filesystem-check
+
+# this patch cant be applied on softfp builds
+%ifnarch armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv7l
+%patch6 -p1 -b .armhfp-logic
+%endif
+
 %if %{with int_bdb}
 ln -s db-%{bdbver} db
 %endif
@@ -423,6 +444,32 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Tue Apr 03 2012 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.3-1
+- update to 4.1.9.3 (http://rpm.org/wiki/Releases/4.9.1.3)
+- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815
+ 
+* Thu Feb 09 2012 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.2-4
+- adjust font detection rules for libmagic change (#757105)
+- fix classification of ELF binaries with setuid/setgid bit (#758251)
+- switch back to smaller BDB cache default (#752897)
+
+* Tue Jan 24 2012 Harald Hoyer <harald@redhat.com> 4.9.1.2-3.3
+- add temporary rpmlib patch to support filesystem transition
+  https://fedoraproject.org/wiki/Features/UsrMove
+
+* Wed Dec 21 2011 Dennis Gilmore <dennis@ausil.us> - 4.9.1.2-3.2
+- only conditionally apply the armhfp logic code we do need the hfp macros everywhere
+
+* Tue Nov 30 2011 Dennis Gilmore <dennis@ausil.us> - 4.9.1.2-3.1
+- conditionally apply arm patch for hardfp on all arches but arm softfp ones
+
+* Fri Sep 30 2011 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.2-1
+- update to 4.9.1.2 (CVE-2011-3378)
+- drop upstreamed rpmdb signal patch
+
+* Mon Sep 19 2011 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.1-2
+- fix signal blocking/unblocking regression on rpmdb open/close (#739492)
+
 * Tue Aug 02 2011 Panu Matilainen <pmatilai@redhat.com> - 4.9.1.1-1
 - update to 4.9.1.1
 

sources

@@ -1 +1 @@
-529df3e2705d851e26a9d88d5bd2ddd3  rpm-4.9.1.1.tar.bz2
+e266b959de9865cce2816451e8a62e12  rpm-4.9.1.3.tar.bz2