From patchwork Fri Sep 30 05:47:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Teoh, Jay Shen" X-Patchwork-Id: 13412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EEB96C4332F for ; Fri, 30 Sep 2022 05:47:16 +0000 (UTC) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.2523.1664516831558383180 for ; Thu, 29 Sep 2022 22:47:12 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DFS6vPFi; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jay.shen.teoh@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664516831; x=1696052831; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=935V8oVtpyGYGuEpx/cafMCctcA/775bvooCT0kjoUU=; b=DFS6vPFikKViv0T5+KN4U1aI6u/XFF0PTerKlsLRDuPIyQJubGpD8hms jBBrWwCfYTUpHuUsuH2CWRsi5O17nv1WD1bduiC+bSqE3fqbG2EsOViCe 4KxGjC5LyTTtlZ7qtzArYo7RlgIxzEG8ESvQJsK9j2uhoffzw5dume3oR ocBsPgGq/50Jqxmg+yGDQUbJlsOQDmFy9dvNLNH9JjHzTf0qeqJgahLE/ zLXcuZsAP1pdKlUUQq020A0nXcXgJCOtbDZ+V9r8rpY9Z4YXfnXjDWFMV +8KmtYYwZoFUDYBUahNkmBW/bn6U5XMYE58bjauii61PFN/MomBiLjTv9 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="303023243" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="303023243" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 22:47:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="622654683" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="622654683" Received: from andromeda02.png.intel.com ([10.221.253.198]) by orsmga002.jf.intel.com with ESMTP; 29 Sep 2022 22:47:09 -0700 From: jay.shen.teoh@intel.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][Patch 1/4] rpm: update 4.17.0 -> 4.17.1 Date: Fri, 30 Sep 2022 13:47:00 +0800 Message-Id: <20220930054703.1799739-1-jay.shen.teoh@intel.com> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 30 Sep 2022 05:47:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171207 From: Alexander Kanavin (From OE-Core rev: 826eb17fe741d38be24d31f3bba35074e404a414) Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- .../rpm/files/0001-CVE-2021-3521.patch | 57 --- ...lib-rpm-as-the-installation-path-for.patch | 14 +- ...-linux-gnux32-variant-to-triplet-han.patch | 31 ++ .../rpm/files/0002-CVE-2021-3521.patch | 64 ---- .../rpm/files/0003-CVE-2021-3521.patch | 329 ------------------ .../rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} | 6 +- 6 files changed, 40 insertions(+), 461 deletions(-) delete mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch create mode 100644 meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch delete mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch delete mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch rename meta/recipes-devtools/rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} (97%) diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..c6cf9d4c88 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 +index 372875fc4..1b7add9ee 100644 --- a/configure.ac +++ b/configure.ac -@@ -871,7 +871,7 @@ else +@@ -884,7 +884,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index d53ab5ed5..9d10441c8 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 +index ebe4e40d1..e6920e258 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 + rpm_version_info = 12:0:3 diff --git a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch new file mode 100644 index 0000000000..2174a79e75 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -0,0 +1,31 @@ +From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Thu, 4 Aug 2022 12:15:08 +0200 +Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling + +x32 is a 64 bit x86 ABI with 32 bit pointers. + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143] +Signed-off-by: Alexander Kanavin +--- + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 372875fc49..7d6a3d274e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` + host_os_gnu=-gnuabi64 + fi ++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then ++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'` ++ host_os_gnu=-gnux32 ++fi + if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnu$//'` + fi +-- +2.30.2 + diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv 1]) --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.17.1.bb similarity index 97% rename from meta/recipes-devtools/rpm/rpm_4.17.0.bb rename to meta/recipes-devtools/rpm/rpm_4.17.1.bb index c392ac0db4..9b6446f265 100644 --- a/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ b/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -39,13 +39,11 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc file://0001-tools-Add-error.h-for-non-glibc-case.patch \ file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ + file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ " PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" +SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" S = "${WORKDIR}/git" From patchwork Fri Sep 30 05:47:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Teoh, Jay Shen" X-Patchwork-Id: 13411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBB16C433FE for ; Fri, 30 Sep 2022 05:47:16 +0000 (UTC) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.2523.1664516831558383180 for ; Thu, 29 Sep 2022 22:47:15 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=A+8rUeQd; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jay.shen.teoh@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664516835; x=1696052835; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=clH2kCMxZ4gIE/aaCSSla1qBHAABGGmkFIAln3eOSyQ=; b=A+8rUeQdO/ycLKEQ9oW6egrxYzdIQ2iGW9pJ6ZcJT+K18kQ1aW//R7k5 dra+UkW2e2f592h80Hh5vd+M0JjcMSmeJzzHliJlXjGpwy3709Q5KB8gH eSzRrYDyGSe/Brq1u1lgaEexs6otQ21EytY+okME2eT7W0SQ7QQb8ppzC JQm69fjrzROhdBgF+6Kn5cvaxX8GHMklBD7xc4h2K3GHeCgP2AAT75sZq ug+3QeU6JV57QuC6zNDEUUBmJZjj/1xgTnviKlYC8Sp2BMoZI3H4qc1/V YrzpOTXeO43tn9lTjXno85x+1XnRQ3C+gvTOQcGqo5lrDMrCb8S9+VKFG Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="303023288" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="303023288" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 22:47:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="622654708" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="622654708" Received: from andromeda02.png.intel.com ([10.221.253.198]) by orsmga002.jf.intel.com with ESMTP; 29 Sep 2022 22:47:14 -0700 From: jay.shen.teoh@intel.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][Patch 2/4] rpm: Remove -Wimplicit-function-declaration warnings Date: Fri, 30 Sep 2022 13:47:01 +0800 Message-Id: <20220930054703.1799739-2-jay.shen.teoh@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220930054703.1799739-1-jay.shen.teoh@intel.com> References: <20220930054703.1799739-1-jay.shen.teoh@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 30 Sep 2022 05:47:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171208 From: Khem Raj (From OE-Core rev: 9f2dbfc51ef2faf1b6154856adb69ca9f764573b) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- ...alling-execute-package-scriptlets-wit.patch | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 4020a31092..2a0069cafe 100644 --- a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -28,11 +28,18 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index cc98c4885..f8bd3df04 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -394,8 +394,7 @@ exit: +@@ -17,7 +17,7 @@ + #include "rpmio/rpmio_internal.h" + + #include "lib/rpmplugins.h" /* rpm plugins hooks */ +- ++#include "lib/rpmchroot.h" /* rpmChrootOut */ + #include "debug.h" + + struct scriptNextFileFunc_s { +@@ -391,8 +391,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -42,7 +49,7 @@ index cc98c4885..f8bd3df04 100644 free(fn); } free(mline); -@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, +@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { @@ -57,6 +64,3 @@ index cc98c4885..f8bd3df04 100644 } else { rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); } --- -2.11.0 - From patchwork Fri Sep 30 05:47:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Teoh, Jay Shen" X-Patchwork-Id: 13414 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE0F0C4332F for ; Fri, 30 Sep 2022 05:47:26 +0000 (UTC) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.2523.1664516831558383180 for ; Thu, 29 Sep 2022 22:47:19 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=VTAmVgSd; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jay.shen.teoh@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664516839; x=1696052839; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=eXm1Fuu5sAwucn34CWPyKZ45Ln8WwRDXeDd6b6evQYY=; b=VTAmVgSd7JvkAMlEc5FZC2YITBvDpdUHp5sfbr6OKunQyRK5HrOPQyzX iwVHmRMLzaw2U+HV9nEPk5CTeUhCDY1nSeVCQWnDfDXUHXB/C5T0ca1uB 1yWxmork2NTtglDPm7elSaunzoBRE3E8JPgimN3vWU1GQtFRMtMcLqqnV eKJAuCElv9+L/2UdD7z7+i1IjcQYIfw0PZgM0REVn9fsz++zhxJ/ftBg4 kcLVwLaJzCEsEv8apFDV75UdKjWS4+87WqrXH0OItGkeTAEVlRc2/Tvpj +HexeWX4L341feFOgosmVhnnivmiXhc+QJNFXNfsv5lsV2XP2xmoAF4PA w==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="303023329" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="303023329" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 22:47:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="622654714" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="622654714" Received: from andromeda02.png.intel.com ([10.221.253.198]) by orsmga002.jf.intel.com with ESMTP; 29 Sep 2022 22:47:17 -0700 From: jay.shen.teoh@intel.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][Patch 3/4] rpm: Upgrade 4.17.1 -> 4.18rc1 Date: Fri, 30 Sep 2022 13:47:02 +0800 Message-Id: <20220930054703.1799739-3-jay.shen.teoh@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220930054703.1799739-1-jay.shen.teoh@intel.com> References: <20220930054703.1799739-1-jay.shen.teoh@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 30 Sep 2022 05:47:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171209 From: Richard Purdie rpm is close to release and give our release timings, update to the rc1 of 4.18. Includes fixes for CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 which can't be easily backported. Add a PACKAGECONFIG option for a new readline dependency and disable it by default since it pulls in GPLv3 and that breaks a number of our test configurations as things stand. Refresh patches and drop the error.h patch as error() no longer used. (From OE-Core rev: 4b31e4f2aea490bd5056c97742b5e25a8dcc8b36) Signed-off-by: Richard Purdie --- ...olor-setting-for-mips64_n32-binaries.patch | 22 +++--- ...satisfiable-dependency-when-building.patch | 10 +-- ...lib-rpm-as-the-installation-path-for.patch | 26 +++---- ...1-Do-not-read-config-files-from-HOME.patch | 11 ++- ...-PATH-environment-variable-before-ru.patch | 10 +-- ...lling-execute-package-scriptlets-wit.patch | 20 +++--- ...not-insert-payloadflags-into-.rpm-me.patch | 8 +-- ...-linux-gnux32-variant-to-triplet-han.patch | 17 ++--- ...o-not-build-manpages-requires-pandoc.patch | 11 ++- ....c-fix-file-conflicts-for-MIPS64-N32.patch | 13 ++-- ...tools-Add-error.h-for-non-glibc-case.patch | 71 ------------------- ...prefixing-etc-from-RPM_ETCCONFIGDIR-.patch | 17 ++--- ...ge-logging-level-around-scriptlets-t.patch | 16 ++--- meta/recipes-devtools/rpm/files/fifofix.patch | 22 ++++++ meta/recipes-devtools/rpm/rpm_4.17.1.bb | 10 ++- 15 files changed, 113 insertions(+), 171 deletions(-) delete mode 100644 meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch create mode 100644 meta/recipes-devtools/rpm/files/fifofix.patch diff --git a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch index 331ea849e6..9f5dde0720 100644 --- a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch +++ b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch @@ -11,11 +11,11 @@ Signed-off-by: Alexander Kanavin rpmrc.in | 2 ++ 2 files changed, 6 insertions(+) -diff --git a/build/rpmfc.c b/build/rpmfc.c -index 10c380ee9..b7655aa93 100644 ---- a/build/rpmfc.c -+++ b/build/rpmfc.c -@@ -639,6 +639,7 @@ exit: +Index: git/build/rpmfc.c +=================================================================== +--- git.orig/build/rpmfc.c ++++ git/build/rpmfc.c +@@ -645,6 +645,7 @@ exit: static const struct rpmfcTokens_s rpmfcTokens[] = { { "directory", RPMFC_INCLUDE }, @@ -23,7 +23,7 @@ index 10c380ee9..b7655aa93 100644 { "ELF 32-bit", RPMFC_ELF32|RPMFC_INCLUDE }, { "ELF 64-bit", RPMFC_ELF64|RPMFC_INCLUDE }, -@@ -1149,6 +1150,9 @@ static uint32_t getElfColor(const char *fn) +@@ -1150,6 +1151,9 @@ static uint32_t getElfColor(const char * color = RPMFC_ELF32; break; } @@ -33,11 +33,11 @@ index 10c380ee9..b7655aa93 100644 elf_end(elf); } close(fd); -diff --git a/rpmrc.in b/rpmrc.in -index 5bd9ba3e5..f15bb8dad 100644 ---- a/rpmrc.in -+++ b/rpmrc.in -@@ -137,6 +137,8 @@ archcolor: mipsr6el 1 +Index: git/rpmrc.in +=================================================================== +--- git.orig/rpmrc.in ++++ git/rpmrc.in +@@ -139,6 +139,8 @@ archcolor: mipsr6el 1 archcolor: mips64r6 2 archcolor: mips64r6el 2 diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch index 4029233fb7..8440c3516d 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch @@ -14,11 +14,11 @@ Signed-off-by: Alexander Kanavin build/pack.c | 4 ---- 1 file changed, 4 deletions(-) -diff --git a/build/pack.c b/build/pack.c -index e6cec1816..810cd7351 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -724,10 +724,6 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch +Index: git/build/pack.c +=================================================================== +--- git.orig/build/pack.c ++++ git/build/pack.c +@@ -709,10 +709,6 @@ static rpmRC packageBinary(rpmSpec spec, headerPutBin(pkg->header, RPMTAG_SOURCEPKGID, spec->sourcePkgId,16); } diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index c6cf9d4c88..6f613d0a7d 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin rpm.am | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) -diff --git a/configure.ac b/configure.ac -index 372875fc4..1b7add9ee 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -884,7 +884,7 @@ else +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -942,7 +942,7 @@ else usrprefix=$prefix fi @@ -26,10 +26,10 @@ index 372875fc4..1b7add9ee 100644 AC_SUBST(RPMCONFIGDIR) AC_SUBST(OBJDUMP) -diff --git a/macros.in b/macros.in -index d53ab5ed5..9d10441c8 100644 ---- a/macros.in -+++ b/macros.in +Index: git/macros.in +=================================================================== +--- git.orig/macros.in ++++ git/macros.in @@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var @@ -39,10 +39,10 @@ index d53ab5ed5..9d10441c8 100644 %_includedir %{_prefix}/include %_infodir %{_datadir}/info %_mandir %{_datadir}/man -diff --git a/rpm.am b/rpm.am -index ebe4e40d1..e6920e258 100644 ---- a/rpm.am -+++ b/rpm.am +Index: git/rpm.am +=================================================================== +--- git.orig/rpm.am ++++ git/rpm.am @@ -1,10 +1,10 @@ # Internal binaries ## HACK: It probably should be $(libexecdir)/rpm or $(libdir)/rpm diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch index 96eb418952..fda64eefe0 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch @@ -9,10 +9,10 @@ Signed-off-by: Alexander Kanavin lib/rpmrc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) -diff --git a/lib/rpmrc.c b/lib/rpmrc.c -index 4ed991321..19fe80f98 100644 ---- a/lib/rpmrc.c -+++ b/lib/rpmrc.c +Index: git/lib/rpmrc.c +=================================================================== +--- git.orig/lib/rpmrc.c ++++ git/lib/rpmrc.c @@ -458,8 +458,7 @@ static void setDefaults(void) if (!defrcfiles) { defrcfiles = rstrscat(NULL, confdir, "/rpmrc", ":", @@ -33,6 +33,3 @@ index 4ed991321..19fe80f98 100644 } #else macrofiles = MACROFILES; --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch index 41cdf6ed77..ae24b663aa 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch @@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index 6a31e0d..2b0e438 100644 ---- a/lib/rpmscript.c -+++ b/lib/rpmscript.c -@@ -184,7 +184,7 @@ static void doScriptExec(ARGV_const_t argv, ARGV_const_t prefixes, +Index: git/lib/rpmscript.c +=================================================================== +--- git.orig/lib/rpmscript.c ++++ git/lib/rpmscript.c +@@ -231,7 +231,7 @@ static void doScriptExec(ARGV_const_t ar if (ipath && ipath[5] != '%') path = ipath; diff --git a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 2a0069cafe..bd3314a90f 100644 --- a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -28,9 +28,11 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) ---- a/lib/rpmscript.c -+++ b/lib/rpmscript.c -@@ -17,7 +17,7 @@ +Index: git/lib/rpmscript.c +=================================================================== +--- git.orig/lib/rpmscript.c ++++ git/lib/rpmscript.c +@@ -18,7 +18,7 @@ #include "rpmio/rpmio_internal.h" #include "lib/rpmplugins.h" /* rpm plugins hooks */ @@ -39,7 +41,7 @@ Signed-off-by: Alexander Kanavin #include "debug.h" struct scriptNextFileFunc_s { -@@ -391,8 +391,7 @@ exit: +@@ -427,8 +427,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -49,18 +51,18 @@ Signed-off-by: Alexander Kanavin free(fn); } free(mline); -@@ -426,7 +425,13 @@ rpmRC rpmScriptRun(rpmScript script, int +@@ -462,7 +461,13 @@ rpmRC rpmScriptRun(rpmScript script, int if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { -- rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); +- rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + if (getenv("RPM_NO_CHROOT_FOR_SCRIPTS") != NULL) { + rpmChrootOut(); -+ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); ++ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + rpmChrootIn(); + } else { -+ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); ++ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + } } else { - rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); + rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); } diff --git a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch index 79b168257e..64433abb6a 100644 --- a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch +++ b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch @@ -13,10 +13,10 @@ Signed-off-by: Alexander Kanavin build/pack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/build/pack.c b/build/pack.c -index 932cb213e..b45d0726f 100644 ---- a/build/pack.c -+++ b/build/pack.c +Index: git/build/pack.c +=================================================================== +--- git.orig/build/pack.c ++++ git/build/pack.c @@ -328,7 +328,7 @@ static char *getIOFlags(Package pkg) headerPutString(pkg->header, RPMTAG_PAYLOADCOMPRESSOR, compr); buf = xstrdup(rpmio_flags); diff --git a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch index 2174a79e75..29b6686a94 100644 --- a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch +++ b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -11,13 +11,13 @@ Signed-off-by: Alexander Kanavin configure.ac | 4 ++++ 1 file changed, 4 insertions(+) -diff --git a/configure.ac b/configure.ac -index 372875fc49..7d6a3d274e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then - host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` - host_os_gnu=-gnuabi64 +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -903,6 +903,10 @@ if echo "$host_os" | grep '.*-gnux32$' > + host_os=`echo "${host_os}" | sed 's/-gnux32$//'` + host_os_gnu=-gnux32 fi +if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnux32$//'` @@ -26,6 +26,3 @@ index 372875fc49..7d6a3d274e 100644 if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then host_os=`echo "${host_os}" | sed 's/-gnu$//'` fi --- -2.30.2 - diff --git a/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch b/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch index ced52d1007..d7137f1d10 100644 --- a/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch +++ b/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch @@ -9,10 +9,10 @@ Signed-off-by: Alexander Kanavin docs/Makefile.am | 2 -- 1 file changed, 2 deletions(-) -diff --git a/docs/Makefile.am b/docs/Makefile.am -index 5a6bd203a..6257767fd 100644 ---- a/docs/Makefile.am -+++ b/docs/Makefile.am +Index: git/docs/Makefile.am +=================================================================== +--- git.orig/docs/Makefile.am ++++ git/docs/Makefile.am @@ -1,7 +1,5 @@ ## Process this file with automake to produce Makefile.in @@ -21,6 +21,3 @@ index 5a6bd203a..6257767fd 100644 EXTRA_DIST = EXTRA_DIST += \ --- -2.32.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch index 6678c105cd..82e6567dc7 100644 --- a/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch +++ b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch @@ -31,11 +31,11 @@ Signed-off-by: Changqing Li lib/transaction.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) -diff --git a/lib/transaction.c b/lib/transaction.c -index 67b9db5..82386b8 100644 ---- a/lib/transaction.c -+++ b/lib/transaction.c -@@ -391,7 +391,18 @@ static int handleColorConflict(rpmts ts, +Index: git/lib/transaction.c +=================================================================== +--- git.orig/lib/transaction.c ++++ git/lib/transaction.c +@@ -402,7 +402,18 @@ static int handleColorConflict(rpmts ts, rpmfsSetAction(ofs, ofx, FA_CREATE); rpmfsSetAction(fs, fx, FA_SKIPCOLOR); rConflicts = 0; @@ -55,6 +55,3 @@ index 67b9db5..82386b8 100644 } } --- -2.7.4 - diff --git a/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch b/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch deleted file mode 100644 index 9783396639..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9b9d717f484ec913cdd3804e43489b3dc18bd77c Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sat, 31 Oct 2020 22:14:05 -0700 -Subject: [PATCH] tools: Add error.h for non-glibc case - -error is glibc specific API, so this patch will mostly not accepted -upstream given that elfutils has been closely tied to glibc - -Upstream-Status: Inappropriate [workaround for musl] - -Signed-off-by: Khem Raj - ---- - tools/elfdeps.c | 6 +++++- - tools/error.h | 27 +++++++++++++++++++++++++++ - 2 files changed, 32 insertions(+), 1 deletion(-) - create mode 100644 tools/error.h - -diff --git a/tools/elfdeps.c b/tools/elfdeps.c -index d205935bb..3a8945b33 100644 ---- a/tools/elfdeps.c -+++ b/tools/elfdeps.c -@@ -5,10 +5,14 @@ - #include - #include - #include --#include - #include - #include - #include -+#ifdef __GLIBC__ -+#include -+#else -+#include "error.h" -+#endif - - #include - #include -diff --git a/tools/error.h b/tools/error.h -new file mode 100644 -index 000000000..ef06827a0 ---- /dev/null -+++ b/tools/error.h -@@ -0,0 +1,27 @@ -+#ifndef _ERROR_H_ -+#define _ERROR_H_ -+ -+#include -+#include -+#include -+#include -+#include -+ -+static unsigned int error_message_count = 0; -+ -+static inline void error(int status, int errnum, const char* format, ...) -+{ -+ va_list ap; -+ fprintf(stderr, "%s: ", program_invocation_name); -+ va_start(ap, format); -+ vfprintf(stderr, format, ap); -+ va_end(ap); -+ if (errnum) -+ fprintf(stderr, ": %s", strerror(errnum)); -+ fprintf(stderr, "\n"); -+ error_message_count++; -+ if (status) -+ exit(status); -+} -+ -+#endif /* _ERROR_H_ */ diff --git a/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch b/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch index b3dbc319b6..2fe96a839c 100644 --- a/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch +++ b/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch @@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin lib/rpmrc.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) -diff --git a/lib/rpmrc.c b/lib/rpmrc.c -index 19fe80f98..6b27b3941 100644 ---- a/lib/rpmrc.c -+++ b/lib/rpmrc.c -@@ -455,10 +455,14 @@ const char * lookupInDefaultTable(const char * name, +Index: git/lib/rpmrc.c +=================================================================== +--- git.orig/lib/rpmrc.c ++++ git/lib/rpmrc.c +@@ -455,10 +455,14 @@ const char * lookupInDefaultTable(const static void setDefaults(void) { const char *confdir = rpmConfigDir(); @@ -46,7 +46,7 @@ index 19fe80f98..6b27b3941 100644 } #else macrofiles = MACROFILES; -@@ -989,7 +993,11 @@ static void read_auxv(void) +@@ -997,7 +1001,11 @@ static void read_auxv(void) */ static void defaultMachine(rpmrcCtx ctx, const char ** arch, const char ** os) { @@ -59,7 +59,7 @@ index 19fe80f98..6b27b3941 100644 static struct utsname un; char * chptr; canonEntry canon; -@@ -1286,6 +1294,7 @@ static void defaultMachine(rpmrcCtx ctx, const char ** arch, const char ** os) +@@ -1307,6 +1315,7 @@ static void defaultMachine(rpmrcCtx ctx, if (arch) *arch = un.machine; if (os) *os = un.sysname; @@ -67,6 +67,3 @@ index 19fe80f98..6b27b3941 100644 } static --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch index 43e9859ef3..9dbe7125de 100644 --- a/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch +++ b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch @@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin lib/rpmscript.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index 2b0e43862..e319673f1 100644 ---- a/lib/rpmscript.c -+++ b/lib/rpmscript.c -@@ -226,7 +226,7 @@ static char * writeScript(const char *cmd, const char *script) +Index: git/lib/rpmscript.c +=================================================================== +--- git.orig/lib/rpmscript.c ++++ git/lib/rpmscript.c +@@ -270,7 +270,7 @@ static char * writeScript(const char *cm if (Ferror(fd)) goto exit; @@ -26,7 +26,7 @@ index 2b0e43862..e319673f1 100644 static const char set_x[] = "set -x\n"; /* Assume failures will be caught by the write below */ Fwrite(set_x, sizeof(set_x[0]), sizeof(set_x)-1, fd); -@@ -258,7 +258,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -302,7 +302,7 @@ static rpmRC runExtScript(rpmPlugins plu char *mline = NULL; rpmRC rc = RPMRC_FAIL; @@ -35,7 +35,7 @@ index 2b0e43862..e319673f1 100644 if (script) { fn = writeScript(*argvp[0], script); -@@ -310,7 +310,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -354,7 +354,7 @@ static rpmRC runExtScript(rpmPlugins plu sname, strerror(errno)); goto exit; } else if (pid == 0) {/* Child */ @@ -44,7 +44,7 @@ index 2b0e43862..e319673f1 100644 sname, *argvp[0], (unsigned)getpid()); fclose(in); -@@ -353,7 +353,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -397,7 +397,7 @@ static rpmRC runExtScript(rpmPlugins plu reaped = waitpid(pid, &status, 0); } while (reaped == -1 && errno == EINTR); diff --git a/meta/recipes-devtools/rpm/files/fifofix.patch b/meta/recipes-devtools/rpm/files/fifofix.patch new file mode 100644 index 0000000000..71703d7f0c --- /dev/null +++ b/meta/recipes-devtools/rpm/files/fifofix.patch @@ -0,0 +1,22 @@ +Calling openat() on a fifo causes a pseudo hang for us (e.g. the fifo in psplash). +Avoid calling openat for fifos. + +Introduced upstream with: + +https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/issues/2195] + +Index: git/lib/fsm.c +=================================================================== +--- git.orig/lib/fsm.c ++++ git/lib/fsm.c +@@ -1010,7 +1010,7 @@ int rpmPackageFilesInstall(rpmts ts, rpm + rc = RPMERR_UNKNOWN_FILETYPE; + } + +- if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode)) { ++ if (!rc && fd == -1 && !S_ISLNK(fp->sb.st_mode) && !S_ISFIFO(fp->sb.st_mode)) { + /* Only follow safe symlinks, and never on temporary files */ + fd = fsmOpenat(di.dirfd, fp->fpath, + fp->suffix ? AT_SYMLINK_NOFOLLOW : 0, 0); diff --git a/meta/recipes-devtools/rpm/rpm_4.17.1.bb b/meta/recipes-devtools/rpm/rpm_4.17.1.bb index 9b6446f265..36ab90d91e 100644 --- a/meta/recipes-devtools/rpm/rpm_4.17.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -24,7 +24,7 @@ HOMEPAGE = "http://www.rpm.org" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protocol=https \ file://environment.d-rpm.sh \ file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ file://0001-Do-not-read-config-files-from-HOME.patch \ @@ -36,14 +36,17 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc file://0001-perl-disable-auto-reqs.patch \ file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ - file://0001-tools-Add-error.h-for-non-glibc-case.patch \ file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ + file://fifofix.patch \ " PE = "1" -SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" +SRCREV = "07a6cca98489106b93467ecfaf5700368983a9b4" +PV = "4.17.1+4.18-rc1" +# can be removed in 4.18 +CVE_CHECK_IGNORE += "CVE-2021-35937 CVE-2021-35938 CVE-2021-35939" S = "${WORKDIR}/git" @@ -80,6 +83,7 @@ PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" +PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" From patchwork Fri Sep 30 05:47:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Teoh, Jay Shen" X-Patchwork-Id: 13413 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD671C433FE for ; Fri, 30 Sep 2022 05:47:26 +0000 (UTC) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.2523.1664516831558383180 for ; Thu, 29 Sep 2022 22:47:22 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=LCeQYUvc; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jay.shen.teoh@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664516842; x=1696052842; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=421OwMiDx8BZdRBoYNf9MMM3fysoRBn+zo5GPzF7utU=; b=LCeQYUvcVJCM7brEcAZ5JThLMoeLmyHMLhxnhoUqe8Q0lOAqPLy7WLcL Pdo4xDDd3q/f+A8ZYxxNxVK4jrDKEZzzs1JR4lXPoBQTyGiW/zU72fn8N JHHECm56ETYFMVAqERFJ8frKtC7cTOrM7GfSfuLHIDC2i39BaU+RB9Roc OaVFDvkxVXO0DrO74izsrpYWlkrfl84Q+eeTtz+AGKHkRZdd0Hebuq0cy L21iBWF7bkHfy93JyfN5xPD6EMY5m9ih19AQQ06FN94D8CuQEjo06J8Sf w+OaRYdJTlNtlzd+qRmFvd33L6SRz9n3aWI5GxEVFAjP2qm4xbh+AaCeV g==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="303023343" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="303023343" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 22:47:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="622654747" X-IronPort-AV: E=Sophos;i="5.93,357,1654585200"; d="scan'208";a="622654747" Received: from andromeda02.png.intel.com ([10.221.253.198]) by orsmga002.jf.intel.com with ESMTP; 29 Sep 2022 22:47:21 -0700 From: jay.shen.teoh@intel.com To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][Patch 4/4] rpm: update 4.18.0-rc1 -> 4.18.0-release Date: Fri, 30 Sep 2022 13:47:03 +0800 Message-Id: <20220930054703.1799739-4-jay.shen.teoh@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220930054703.1799739-1-jay.shen.teoh@intel.com> References: <20220930054703.1799739-1-jay.shen.teoh@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 30 Sep 2022 05:47:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/171210 From: Alexander Kanavin (From OE-Core rev: 0e9594bdd95a70580e5c10d5b362eb149876ed34) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- meta/recipes-devtools/rpm/{rpm_4.17.1.bb => rpm_4.18.0.bb} | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) rename meta/recipes-devtools/rpm/{rpm_4.17.1.bb => rpm_4.18.0.bb} (97%) diff --git a/meta/recipes-devtools/rpm/rpm_4.17.1.bb b/meta/recipes-devtools/rpm/rpm_4.18.0.bb similarity index 97% rename from meta/recipes-devtools/rpm/rpm_4.17.1.bb rename to meta/recipes-devtools/rpm/rpm_4.18.0.bb index 36ab90d91e..5f3986d8a3 100644 --- a/meta/recipes-devtools/rpm/rpm_4.17.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.18.0.bb @@ -43,10 +43,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc " PE = "1" -SRCREV = "07a6cca98489106b93467ecfaf5700368983a9b4" -PV = "4.17.1+4.18-rc1" -# can be removed in 4.18 -CVE_CHECK_IGNORE += "CVE-2021-35937 CVE-2021-35938 CVE-2021-35939" +SRCREV = "ea0d77c52e176e2876fdb1d07ad41e9e2635a93e" S = "${WORKDIR}/git"