[Rpm-maint] [rpm-software-management/rpm] RPM 4.17.1 bugfix update (PR #2088)

Michal Domonkos notifications at github.com
Tue Jun 7 15:17:32 UTC 2022


Here's a crafted list of cherry picks (and a few backports) for the first maintenance update of the 4.17 line. Note that we're only focusing on regression, security and other important user-visible fixes here. Some documentation updates are also included.

The selection is based on the log between the last cherry pick on the `rpm-4.17.x` branch (commit 2a03b8fa12319d4650ee3cd1c48d1cd3ab8afe56) and master (as of today).

Please voice your opinion about the selection of commits and suggest anything that we might have missed or should not include.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/2088

-- Commit Summary --

  * Use a variable for h + hlen
  * Make a bounds check easier to read
  * Bump libtool version info in preparation of 4.17.x branch
  * Translated using Weblate (Finnish)
  * Translated using Weblate (Turkish)
  * Make hardlink test independent of rpm version string
  * Run rpath check in parallel
  * Don't break readelf output at 80 characters
  * check-rpaths: Look for RPATH and RUNPATH in one go
  * Create directories for man pages right away
  * Add generated man pages to tar ball
  * Revert "Make hardlink test independent of rpm version string"
  * Use a pre-built package for the hardlink test for reproducability
  * Allow /usr/libexec/* rpaths
  * Preparing for rpm 4.17.0 beta1
  * Also add rendered Japanese man pages
  * Don't depend on translation sub directories
  * Add quoting to literal curly brackets
  * Fix memory leak in sqlexec()
  * Always free the arg list passed to rpmGlob()
  * Fix resource leak in Fts_children()
  * Fix memory leak in fts_build()
  * Fix memory leak in decodePkts()
  * Fix memory leak with multiple %lang-s in one line
  * Fix memory leaks in Lua rex extension
  * Exclude the xlateTags symbol from librpm's public API.
  * Set an extremely high sqlite3 timeout
  * Don't brp-strip .ko files
  * Add CONTRIBUTING.md
  * Extend CONTRIBUTING.md
  * Bump the Lua minimum version to 5.3. (#1738)
  * ndb: only invalidate the database cache if we must
  * Add dbus-announce plugin
  * Preparing for rpm 4.17.0 rc1
  * Preparing for rpm 4.17.0 final
  * Don't segfault on missing priority tag
  * Explicitly protect automatic macros from being redefined and undefined
  * %autopatch: Fix patch number parameters
  * Don't strip *.go files
  * Don't strip ELF files with "no machine"
  * Check file iterator for being NULL consistently
  * Process MPI's from all kinds of signatures
  * Refactor pgpDigParams construction to helper function
  * Validate and require subkey binding signatures on PGP public keys
  * Get rid of the ME_BUILTIN macro
  * Fix consistency issues in macro expansion for builtin macros
  * Add a "parsed" argument to the doXXX() functions
  * Rename doExpandThisMacro to doMacro
  * Special case the non-parametric and the free-field macro expansion
  * Make %{define foo body} not use the free-field parsing
  * Support non-parametric builtins again
  * Allow an optional argument for the %verbose macro
  * verifySignature(): package signatures must be PGPSIGTYPE_BINARY
  * Simplify bounds check in old-format packet parsing
  * Add test for OpenPGP packet parsing bug
  * Update OCaml requires/provides to ignore cmxs
  * Fix broken output of check-rpaths-worker
  * Fix signature subpacket type handling
  * Fix hashlen overflow
  * Fix Ed25519 signature verification using libgcrypt
  * Fix hash context leak
  * Revert "Don't brp-strip .ko files"
  * remove-la-files: Use file to check for libtool files
  * Fix some Lua stack leaks in our initialization code
  * Simplify rpm_print(), fixing a Lua stack leak as a bonus
  * Restore scriptlet arguments passed as numbers to Lua scriptlets
  * Fix spurious %transfiletriggerpostun execution (RhBug:2023311)
  * Update INSTALL to reflect dropped Python 2 support
  * Make --help clearer
  * Add Python bindings for rpmfilesFSignature() and rpmfilesVSignature()
  * Use root as default UID_0_USER and UID_0_GROUP
  * Fix silly typo/thinko in commit 7b3a3f004f96ed3cb9cc377f7e64bfc88195dfc2
  * Limit maximum array size in the header to about one million
  * Separate build warnings from error summary
  * Further improve build warning/error summary
  * Fix out of tree build regression wrt man page generation
  * Fix a memleak in ndb from opened but not closed dbis.
  * Fix old Python ts.check() argument order regression
  * Fix memory leak in pgpPrtParams()
  * Fix use-after-free in haveSignature()
  * Fix minimize_writes not minimizing writes since 4.15 regression
  * Ignore strong ordering hints from weak dependencies
  * Argh, dumb thinko in commit d6353c96fed98a8d30d9ebadf4d6a19a5149edee
  * Close file before replacing signed
  * Fix the build on armhf and mipsel.
  * Strip the target triplet GNU suffix more precisely.
  * treat 0 as valid file descriptor
  * Skip recorded symlinks in --setperms (RhBug:1900662)
  * rpmkeys: exit non-zero on I/O errors
  * Explicitly state that \0 is not supported in queryformat strings. (#1904)
  * Bump hash for rpmdb cookie to SHA256 to appease FIPS
  * Really fix spurious %transfiletriggerpostun execution (RhBug:2023311)
  * Check that the CRC length is correct
  * Add %bcond macro for defining build conditionals
  * Remove `_with_*` from the documentation
  * Ensure sane string lengths for file digests from header
  * Fix IMA signature fubar, take III (#1833, RhBug:2018937)
  * Avoid reading out of bounds of the i18ntable
  * ima: Install on filesystems without xattr support without failing
  * Fix regression on ctrl-c during transaction killing scriptlets
  * Prevent NULL deref in rpmfsGetStates()
  * Fix memory leak in pgpPrtParams()
  * Require creation time to be unique and hashed
  * Force gpg to use SHA256 when generating signatures.
  * Add a bunch of file-erasure related testcases
  * Fix non-installed files taking part in file disposition calculations
  * Fix excluded paths taking part in file disposition calculations
  * Fix the OpenPGP parser tests
  * Fix return value checks in OpenSSL code
  * Avoid double frees if EVP_PKEY_assign_RSA fails
  * Make "%autosetup -S git" and "%autosetup -S git_am" work on a branch.
  * Avoid calling memcpy() on NULL
  * Fix inverted logic in base2bin()
  * Fix check-buildroot missing matches with grep >= 3.5
  * Mark deprecated PGP/keyring APIs as such
  * Kick out --nopromote remnants, add compiler deprecation warnings
  * Add compiler deprecation warnings to obsolete rpmfi APIs
  * Only print rpmio descriptor statistics when io debugging is enabled
  * Add python rpm.ds constructor docs
  * Force gpg to use SHA256 when generating signatures.
  * Avoid clobbering existing saved time
  * Add a test case to check that the key creation time is correct
  * Add test for colored file upgrade/reinstall
  * Unhide -q/--query option
  * Prevent uncontrolled sqlite WAL growth during large transactions
  * Fix changelog parsing affecting caller timezone state
  * Document --root assumptions both in the manual and API

-- File Changes --

    A CONTRIBUTING.md (59)
    M INSTALL (8)
    M build/build.c (22)
    M build/files.c (2)
    M build/parseChangelog.c (1)
    M configure.ac (23)
    M docs/man/Makefile.am (27)
    A docs/man/rpm-plugin-dbus-announce.8.md (38)
    M docs/man/rpm.8.md (8)
    M docs/manual/conditionalbuilds.md (49)
    M docs/manual/macros.md (2)
    M fileattrs/ocaml.attr (4)
    M lib/backend/ndb/glue.c (12)
    M lib/backend/ndb/rpmpkg.c (2)
    M lib/backend/sqlite.c (12)
    M lib/fsm.c (7)
    M lib/header.c (15)
    M lib/order.c (4)
    M lib/package.c (2)
    M lib/poptQV.c (2)
    M lib/rpmdb.c (2)
    M lib/rpmds.h (3)
    M lib/rpmfi.c (86)
    M lib/rpmfi.h (4)
    M lib/rpmfs.c (11)
    M lib/rpminstall.c (1)
    M lib/rpmscript.c (15)
    M lib/rpmtriggers.c (72)
    M lib/rpmts.h (5)
    M lib/rpmvs.c (4)
    M lib/transaction.c (3)
    M luaext/lrexlib.c (9)
    M macros.in (62)
    M misc/fts.c (6)
    M plugins/Makefile.am (9)
    A plugins/dbus_announce.c (142)
    M plugins/ima.c (8)
    A plugins/org.rpm.conf (10)
    M po/ar.po (1087)
    M po/br.po (1092)
    M po/ca.po (1184)
    M po/cmn.po (1165)
    M po/cs.po (1145)
    M po/da.po (1121)
    M po/de.po (1182)
    M po/el.po (1072)
    M po/eo.po (1188)
    M po/es.po (1176)
    M po/fi.po (1229)
    M po/fr.po (1179)
    M po/gu.po (1072)
    M po/he.po (1014)
    M po/id.po (1074)
    M po/is.po (1093)
    M po/it.po (1178)
    M po/ja.po (1288)
    M po/ko.po (1280)
    M po/ms.po (1096)
    M po/nb.po (1083)
    M po/nl.po (1097)
    M po/pa.po (1014)
    M po/pl.po (1183)
    M po/pt.po (1126)
    M po/pt_BR.po (1160)
    M po/rpm.pot (1018)
    M po/ru.po (1152)
    M po/si.po (1014)
    M po/sk.po (1169)
    M po/sl.po (1110)
    M po/sr.po (1149)
    M po/sr at latin.po (1149)
    M po/sv.po (1183)
    M po/te.po (1073)
    M po/tr.po (1383)
    M po/uk.po (1189)
    M po/vi.po (1187)
    M po/zh_CN.po (1170)
    M po/zh_TW.po (1179)
    M python/rpm/transaction.py (2)
    M python/rpmds-py.c (10)
    M python/rpmfiles-py.c (27)
    M rpm.am (2)
    M rpmio/digest.h (6)
    M rpmio/digest_libgcrypt.c (2)
    M rpmio/digest_openssl.c (87)
    M rpmio/macro.c (310)
    M rpmio/rpmio.c (2)
    M rpmio/rpmkeyring.h (6)
    M rpmio/rpmlog.c (34)
    M rpmio/rpmlog.h (15)
    M rpmio/rpmlua.c (13)
    M rpmio/rpmpgp.c (198)
    M rpmio/rpmpgp.h (17)
    M rpmkeys.c (4)
    M rpmpopt.in (1)
    M rpmspec.c (4)
    M scripts/brp-remove-la-files (4)
    M scripts/brp-strip (4)
    M scripts/check-buildroot (2)
    M scripts/check-rpaths (4)
    M scripts/check-rpaths-worker (19)
    M scripts/ocamldeps.sh (6)
    M sign/rpmgensig.c (6)
    M sign/rpmsignfiles.c (5)
    M tests/Makefile.am (17)
    A tests/data/RPMS/hlinktest-1.0-1.noarch.rpm (0)
    A tests/data/RPMS/imatest-1.0-1.fc34.noarch.rpm (0)
    A tests/data/SPECS/bcondtest.spec (33)
    A tests/data/SPECS/hello-autopatch.spec (32)
    A tests/data/keys/CVE-2021-3521-badbind.asc (25)
    A tests/data/keys/CVE-2021-3521-nosubsig-last.asc (25)
    A tests/data/keys/CVE-2021-3521-nosubsig.asc (37)
    A tests/data/keys/different-creation-times.asc (23)
    A tests/data/keys/different-creation-times.secret (54)
    M tests/rpmbuild.at (89)
    M tests/rpmdb.at (37)
    A tests/rpme.at (357)
    M tests/rpmgeneral.at (8)
    M tests/rpmi.at (24)
    M tests/rpmmacro.at (21)
    A tests/rpmpgp.at (11)
    A tests/rpmpgpcheck.c (67)
    M tests/rpmpython.at (19)
    M tests/rpmsigdig.at (115)
    M tests/rpmtests.at (2)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/2088.patch
https://github.com/rpm-software-management/rpm/pull/2088.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2088
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2088 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220607/eb3c2e61/attachment-0001.html>


More information about the Rpm-maint mailing list