diff options
Diffstat (limited to 'meta/recipes-devtools/rpm')
21 files changed, 1018 insertions, 1017 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch index ac6dcaf101..331ea849e6 100644 --- a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch +++ b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch @@ -1,20 +1,21 @@ -From e3eff024826550aec4a6a5baef7210a29faf299d Mon Sep 17 00:00:00 2001 +From 5492ac3c716020a27a25253bbffe810db43202bf Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Thu, 9 Mar 2017 18:54:02 +0200 Subject: [PATCH] Add a color setting for mips64_n32 binaries Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- - build/rpmfc.c | 1 + + build/rpmfc.c | 4 ++++ rpmrc.in | 2 ++ - 2 files changed, 3 insertions(+) + 2 files changed, 6 insertions(+) diff --git a/build/rpmfc.c b/build/rpmfc.c -index d38a10916..c8e2f876a 100644 +index 10c380ee9..b7655aa93 100644 --- a/build/rpmfc.c +++ b/build/rpmfc.c -@@ -622,6 +622,7 @@ exit: +@@ -639,6 +639,7 @@ exit: static const struct rpmfcTokens_s rpmfcTokens[] = { { "directory", RPMFC_INCLUDE }, @@ -22,11 +23,21 @@ index d38a10916..c8e2f876a 100644 { "ELF 32-bit", RPMFC_ELF32|RPMFC_INCLUDE }, { "ELF 64-bit", RPMFC_ELF64|RPMFC_INCLUDE }, +@@ -1149,6 +1150,9 @@ static uint32_t getElfColor(const char *fn) + color = RPMFC_ELF32; + break; + } ++ if (ehdr.e_machine == EM_MIPS || ehdr.e_machine == EM_MIPS_RS3_LE) ++ if (ehdr.e_flags & EF_MIPS_ABI2) ++ color = RPMFC_ELFMIPSN32; + elf_end(elf); + } + close(fd); diff --git a/rpmrc.in b/rpmrc.in -index abc08fc31..f5bc820d8 100644 +index 5bd9ba3e5..f15bb8dad 100644 --- a/rpmrc.in +++ b/rpmrc.in -@@ -133,6 +133,8 @@ archcolor: mipsr6el 1 +@@ -137,6 +137,8 @@ archcolor: mipsr6el 1 archcolor: mips64r6 2 archcolor: mips64r6el 2 @@ -35,6 +46,3 @@ index abc08fc31..f5bc820d8 100644 archcolor: m68k 1 archcolor: m68kmint 1 --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch new file mode 100644 index 0000000000..044b4dd2a0 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch @@ -0,0 +1,57 @@ +From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Thu, 30 Sep 2021 09:56:20 +0300 +Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function + +No functional changes, just to reduce code duplication and needed by +the following commits. + +CVE: CVE-2021-3521 +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + rpmio/rpmpgp.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index d0688ebe9a..e472b5320f 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) + return algo; + } + ++static pgpDigParams pgpDigParamsNew(uint8_t tag) ++{ ++ pgpDigParams digp = xcalloc(1, sizeof(*digp)); ++ digp->tag = tag; ++ return digp; ++} ++ + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + pgpDigParams * ret) + { +@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + if (pkttype && pkt.tag != pkttype) { + break; + } else { +- digp = xcalloc(1, sizeof(*digp)); +- digp->tag = pkt.tag; ++ digp = pgpDigParamsNew(pkt.tag); + } + } + +@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, + digps = xrealloc(digps, alloced * sizeof(*digps)); + } + +- digps[count] = xcalloc(1, sizeof(**digps)); +- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; ++ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); + /* Copy UID from main key to subkey */ + digps[count]->userid = xstrdup(mainkey->userid); + +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch index 80e2f0fad7..4029233fb7 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch @@ -1,4 +1,4 @@ -From 87cfc0db1ed6fe381a5ed5f0016d8c3344a31a11 Mon Sep 17 00:00:00 2001 +From f39c28eb52f12ae6e82db360ffd5a903ac8faca5 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 9 Jan 2017 18:52:11 +0200 Subject: [PATCH] Do not add an unsatisfiable dependency when building rpms in @@ -9,25 +9,23 @@ hand produces rpms that way by design. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- build/pack.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build/pack.c b/build/pack.c -index 1261cdbba..bb2d6f4f6 100644 +index e6cec1816..810cd7351 100644 --- a/build/pack.c +++ b/build/pack.c -@@ -595,10 +595,6 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - headerPutBin(pkg->header, RPMTAG_SOURCEPKGID, spec->sourcePkgId,16); - } +@@ -724,10 +724,6 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch + headerPutBin(pkg->header, RPMTAG_SOURCEPKGID, spec->sourcePkgId,16); + } + +- if (cheating) { +- (void) rpmlibNeedsFeature(pkg, "ShortCircuited", "4.9.0-1"); +- } +- + if ((rc = getPkgFilename(pkg->header, filename))) + return rc; -- if (cheating) { -- (void) rpmlibNeedsFeature(pkg, "ShortCircuited", "4.9.0-1"); -- } -- - { char *binFormat = rpmGetPath("%{_rpmfilename}", NULL); - char *binRpm, *binDir; - binRpm = headerFormat(pkg->header, binFormat, &errorString); --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 82e7328757..6d236ac400 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From bd08eb0ae1312f347f49949481daa7c923752df2 Mon Sep 17 00:00:00 2001 +From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index 09af7c4..9bd6903 100644 +index eb7d6941b..10a889b5d 100644 --- a/configure.ac +++ b/configure.ac -@@ -1055,7 +1055,7 @@ else +@@ -871,7 +871,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index 09af7c4..9bd6903 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a3aa7a9..62cee5c 100644 +index a1f795e5f..689e784ef 100644 --- a/macros.in +++ b/macros.in -@@ -970,7 +970,7 @@ package or when debugging this package.\ +@@ -933,7 +933,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a3aa7a9..62cee5c 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 82c2d7c..6341b51 100644 +index 7b57f433b..9bbb9ee96 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 82c2d7c..6341b51 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 9:0:1 + rpm_version_info = 11:0:2 diff --git a/meta/recipes-devtools/rpm/files/0001-Fix-build-with-musl-C-library.patch b/meta/recipes-devtools/rpm/files/0001-Fix-build-with-musl-C-library.patch deleted file mode 100644 index 0b1d6298a9..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-Fix-build-with-musl-C-library.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d076de030deb9cafd9b2e82be5d506cebdefad0b Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Mon, 27 Feb 2017 14:43:21 +0200 -Subject: [PATCH 1/9] Fix build with musl C library. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - configure.ac | 3 ++- - rpmio/digest_nss.c | 1 + - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index c04a2e8d1..c9d9ac16d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -255,6 +255,7 @@ AC_SEARCH_LIBS(dlopen, [dl]) - # Check for libelf library. Prefer external, otherwise none. - WITH_LIBELF_LIB= - AC_CHECK_HEADER([libelf.h]) -+AC_CHECK_HEADERS([error.h], [WITH_ERROR_H=yes]) - AC_CHECK_HEADERS([gelf.h], [ - AC_CHECK_LIB(elf, gelf_getvernaux, [ - AC_DEFINE(HAVE_LIBELF, 1, [Define to 1 if you have the 'elf' library (-lelf).]) -@@ -263,7 +264,7 @@ AC_CHECK_HEADERS([gelf.h], [ - ]) - ]) - AC_SUBST(WITH_LIBELF_LIB) --AM_CONDITIONAL(LIBELF,[test "$WITH_LIBELF" = yes]) -+AM_CONDITIONAL(LIBELF,[test "$WITH_LIBELF" = yes && test "$WITH_ERROR_H" = yes]) - - AC_CHECK_HEADERS([dwarf.h], [ - WITH_LIBDWARF=yes -diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c -index 992d9acf6..e11920e3e 100644 ---- a/rpmio/digest_nss.c -+++ b/rpmio/digest_nss.c -@@ -1,5 +1,6 @@ - #include "system.h" - -+#include <signal.h> - #include <pthread.h> - #include <nss.h> - #include <sechash.h> --- -2.14.2 - diff --git a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch new file mode 100644 index 0000000000..734e38bb39 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch @@ -0,0 +1,81 @@ +From 2d53d1e308a5bd15a16cc289fa7e1f264ea706be Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Tue, 26 Jun 2018 10:46:14 +0300 +Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests + +Inspired by #453, adding configure-checks for unused digests algorithms +seems nonsensical, at no point in rpm history have these algorithms been +used for anything in rpm so there's not even backward compatibility to +care about. So the question becomes why do we appear to have (some) +support for those unused algorithms? So lets don't, problem solved... + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + rpmio/digest_beecrypt.c | 7 ------- + rpmio/digest_nss.c | 2 -- + rpmio/digest_openssl.c | 6 ------ + 3 files changed, 15 deletions(-) + +diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c +index 597027e25..653a39491 100644 +--- a/rpmio/digest_beecrypt.c ++++ b/rpmio/digest_beecrypt.c +@@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags) + ctx->Digest = (void *) sha512Digest; + break; + #endif +- case PGPHASHALGO_RIPEMD160: +- case PGPHASHALGO_MD2: +- case PGPHASHALGO_TIGER192: +- case PGPHASHALGO_HAVAL_5_160: + default: + free(ctx); + return NULL; +@@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si + case PGPHASHALGO_SHA1: + prefix = "3021300906052b0e03021a05000414"; + break; +- case PGPHASHALGO_MD2: +- prefix = "3020300c06082a864886f70d020205000410"; +- break; + case PGPHASHALGO_SHA256: + prefix = "3031300d060960864801650304020105000420"; + break; +diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c +index e11920e3e..b3d2b5595 100644 +--- a/rpmio/digest_nss.c ++++ b/rpmio/digest_nss.c +@@ -117,7 +117,6 @@ static HASH_HashType getHashType(int hashalgo) + { + switch (hashalgo) { + case PGPHASHALGO_MD5: return HASH_AlgMD5; +- case PGPHASHALGO_MD2: return HASH_AlgMD2; + case PGPHASHALGO_SHA1: return HASH_AlgSHA1; + #ifdef SHA224_LENGTH + case PGPHASHALGO_SHA224: return HASH_AlgSHA224; +@@ -217,7 +216,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo) + { + switch (hashalgo) { + case PGPHASHALGO_MD5: return SEC_OID_MD5; +- case PGPHASHALGO_MD2: return SEC_OID_MD2; + case PGPHASHALGO_SHA1: return SEC_OID_SHA1; + #ifdef SHA224_LENGTH + case PGPHASHALGO_SHA224: return SEC_OID_SHA224; +diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c +index 18e52a724..0ae48dd1d 100644 +--- a/rpmio/digest_openssl.c ++++ b/rpmio/digest_openssl.c +@@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo) + case PGPHASHALGO_SHA1: + return EVP_sha1(); + +- case PGPHASHALGO_RIPEMD160: +- return EVP_ripemd160(); +- +- case PGPHASHALGO_MD2: +- return EVP_md2(); +- + case PGPHASHALGO_SHA256: + return EVP_sha256(); + diff --git a/meta/recipes-devtools/rpm/files/0001-Split-binary-package-building-into-a-separate-functi.patch b/meta/recipes-devtools/rpm/files/0001-Split-binary-package-building-into-a-separate-functi.patch deleted file mode 100644 index 6e44f0b7fc..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-Split-binary-package-building-into-a-separate-functi.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 721a660a507d6d062e7aecafad886c643970a5d5 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Thu, 25 May 2017 18:15:27 +0300 -Subject: [PATCH 1/4] Split binary package building into a separate function - -So that it can be run as a thread pool task. - -Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/226] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - build/pack.c | 33 +++++++++++++++++++++------------ - 1 file changed, 21 insertions(+), 12 deletions(-) - -diff --git a/build/pack.c b/build/pack.c -index 518f4e92a..ccfd614cc 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -546,18 +546,13 @@ static rpmRC checkPackages(char *pkgcheck) - return RPMRC_OK; - } - --rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) -+static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int cheating, char** filename) - { -- rpmRC rc; -- const char *errorString; -- Package pkg; -- char *pkglist = NULL; -- -- for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) { -- char *fn; -+ const char *errorString; -+ rpmRC rc = RPMRC_OK; - - if (pkg->fileList == NULL) -- continue; -+ return rc; - - if ((rc = processScriptFiles(spec, pkg))) - return rc; -@@ -587,7 +582,7 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - headerGetString(pkg->header, RPMTAG_NAME), errorString); - return RPMRC_FAIL; - } -- fn = rpmGetPath("%{_rpmdir}/", binRpm, NULL); -+ *filename = rpmGetPath("%{_rpmdir}/", binRpm, NULL); - if ((binDir = strchr(binRpm, '/')) != NULL) { - struct stat st; - char *dn; -@@ -609,14 +604,28 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - free(binRpm); - } - -- rc = writeRPM(pkg, NULL, fn, NULL); -+ rc = writeRPM(pkg, NULL, *filename, NULL); - if (rc == RPMRC_OK) { - /* Do check each written package if enabled */ -- char *pkgcheck = rpmExpand("%{?_build_pkgcheck} ", fn, NULL); -+ char *pkgcheck = rpmExpand("%{?_build_pkgcheck} ", *filename, NULL); - if (pkgcheck[0] != ' ') { - rc = checkPackages(pkgcheck); - } - free(pkgcheck); -+ } -+ return rc; -+} -+ -+rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) -+{ -+ rpmRC rc; -+ Package pkg; -+ char *pkglist = NULL; -+ -+ for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) { -+ char *fn = NULL; -+ rc = packageBinary(spec, pkg, cookie, cheating, &fn); -+ if (rc == RPMRC_OK) { - rstrcat(&pkglist, fn); - rstrcat(&pkglist, " "); - } --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch new file mode 100644 index 0000000000..79b168257e --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch @@ -0,0 +1,28 @@ +From 2d351c666f09cc1b9e368422653fb42ac8b86249 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 31 Aug 2021 10:37:05 +0200 +Subject: [PATCH] build/pack.c: do not insert payloadflags into .rpm metadata + +The flags look like '19T56' where 19 is the compression level +(deterministic), and 56 is the amount of threads (varies from one +host to the next and breaks reproducibility for .rpm). + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + build/pack.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/build/pack.c b/build/pack.c +index 932cb213e..b45d0726f 100644 +--- a/build/pack.c ++++ b/build/pack.c +@@ -328,7 +328,7 @@ static char *getIOFlags(Package pkg) + headerPutString(pkg->header, RPMTAG_PAYLOADCOMPRESSOR, compr); + buf = xstrdup(rpmio_flags); + buf[s - rpmio_flags] = '\0'; +- headerPutString(pkg->header, RPMTAG_PAYLOADFLAGS, buf+1); ++ headerPutString(pkg->header, RPMTAG_PAYLOADFLAGS, ""); + free(buf); + } + exit: diff --git a/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch b/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch new file mode 100644 index 0000000000..ced52d1007 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch @@ -0,0 +1,26 @@ +From 9bf1693092385eba9841614613313010221ca01f Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 29 Jun 2021 20:11:26 +0200 +Subject: [PATCH] docs: do not build manpages (requires pandoc) + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + docs/Makefile.am | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/docs/Makefile.am b/docs/Makefile.am +index 5a6bd203a..6257767fd 100644 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -1,7 +1,5 @@ + ## Process this file with automake to produce Makefile.in + +-SUBDIRS = man +- + EXTRA_DIST = + + EXTRA_DIST += \ +-- +2.32.0 + diff --git a/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch new file mode 100644 index 0000000000..6678c105cd --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch @@ -0,0 +1,60 @@ +From 1ed066fc6fa7d7afffe3545c4e3ea937529e6c49 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 7 May 2020 17:40:58 +0800 +Subject: [PATCH] lib/transaction.c: fix file conflicts for MIPS64 N32 + +This patch is from: +https://github.com/rpm-software-management/rpm/issues/193 + +Error: Transaction check error: + file /sbin/ldconfig conflicts between attempted installs of +ldconfig-2.31+git0+71f2b249a2-r0.mips64_n32 and +lib32-ldconfig-2.31+git0+71f2b249a2-r0.mips32r2 +... + +This was because: +transactions_color = 001 (ELF32) & 010 (ELF64) & 100 (ELF32 N32 MIPS64) +FColor = Current file color (001) & transaction_color (111) +oFcolor = Previous file color (100) & transaction_color (111) + +In handleColorConflict, it only deal with conditons "new preferred" or +"old preferred". But not deal with the situation where neither is the +preferred type. so for tri-lib system, like mips64/mips64 n32/mips(32), +"Transaction check error" occurred. + +Fixed by performing a 'last-in-wins' resolution when "neither is preferred". + +Upstream-Status: Submitted <https://github.com/rpm-software-management/rpm/issues/193> + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + lib/transaction.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/lib/transaction.c b/lib/transaction.c +index 67b9db5..82386b8 100644 +--- a/lib/transaction.c ++++ b/lib/transaction.c +@@ -391,7 +391,18 @@ static int handleColorConflict(rpmts ts, + rpmfsSetAction(ofs, ofx, FA_CREATE); + rpmfsSetAction(fs, fx, FA_SKIPCOLOR); + rConflicts = 0; +- } ++ }else { ++ /* ++ * If neither is already skipped, we skip the old one, and ++ * install the new one (last in wins). ++ */ ++ if (ofs && !XFA_SKIPPING(rpmfsGetAction(ofs, ofx)) && ++ fs && !XFA_SKIPPING(rpmfsGetAction(fs, fx))) { ++ rpmfsSetAction(ofs, ofx, FA_SKIPCOLOR); ++ rpmfsSetAction(fs, fx, FA_CREATE); ++ } ++ rConflicts = 0; ++ } + } + } + +-- +2.7.4 + diff --git a/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch b/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch new file mode 100644 index 0000000000..9783396639 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch @@ -0,0 +1,71 @@ +From 9b9d717f484ec913cdd3804e43489b3dc18bd77c Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 31 Oct 2020 22:14:05 -0700 +Subject: [PATCH] tools: Add error.h for non-glibc case + +error is glibc specific API, so this patch will mostly not accepted +upstream given that elfutils has been closely tied to glibc + +Upstream-Status: Inappropriate [workaround for musl] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + tools/elfdeps.c | 6 +++++- + tools/error.h | 27 +++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+), 1 deletion(-) + create mode 100644 tools/error.h + +diff --git a/tools/elfdeps.c b/tools/elfdeps.c +index d205935bb..3a8945b33 100644 +--- a/tools/elfdeps.c ++++ b/tools/elfdeps.c +@@ -5,10 +5,14 @@ + #include <unistd.h> + #include <stdlib.h> + #include <fcntl.h> +-#include <error.h> + #include <errno.h> + #include <popt.h> + #include <gelf.h> ++#ifdef __GLIBC__ ++#include <error.h> ++#else ++#include "error.h" ++#endif + + #include <rpm/rpmstring.h> + #include <rpm/argv.h> +diff --git a/tools/error.h b/tools/error.h +new file mode 100644 +index 000000000..ef06827a0 +--- /dev/null ++++ b/tools/error.h +@@ -0,0 +1,27 @@ ++#ifndef _ERROR_H_ ++#define _ERROR_H_ ++ ++#include <stdarg.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <errno.h> ++ ++static unsigned int error_message_count = 0; ++ ++static inline void error(int status, int errnum, const char* format, ...) ++{ ++ va_list ap; ++ fprintf(stderr, "%s: ", program_invocation_name); ++ va_start(ap, format); ++ vfprintf(stderr, format, ap); ++ va_end(ap); ++ if (errnum) ++ fprintf(stderr, ": %s", strerror(errnum)); ++ fprintf(stderr, "\n"); ++ error_message_count++; ++ if (status) ++ exit(status); ++} ++ ++#endif /* _ERROR_H_ */ diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch new file mode 100644 index 0000000000..683b57d455 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch @@ -0,0 +1,64 @@ +From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Thu, 30 Sep 2021 09:51:10 +0300 +Subject: [PATCH 2/3] Process MPI's from all kinds of signatures + +No immediate effect but needed by the following commits. + +CVE: CVE-2021-3521 +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + rpmio/rpmpgp.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 25f67048fd..509e777e6d 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) + return NULL; + } + +-static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, ++static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, + const uint8_t *p, const uint8_t *h, size_t hlen, + pgpDigParams sigp) + { +@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, + int mpil = pgpMpiLen(p); + if (pend - p < mpil) + break; +- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { +- if (sigalg->setmpi(sigalg, i, p)) +- break; +- } ++ if (sigalg->setmpi(sigalg, i, p)) ++ break; + p += mpil; + } + +@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + } + + p = ((uint8_t *)v) + sizeof(*v); +- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); ++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); + } break; + case 4: + { pgpPktSigV4 v = (pgpPktSigV4)h; +@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + p += 2; + if (p > hend) + return 1; +- +- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); ++ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); + } break; + default: + rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/files/0002-Run-binary-package-creation-via-thread-pools.patch b/meta/recipes-devtools/rpm/files/0002-Run-binary-package-creation-via-thread-pools.patch deleted file mode 100644 index d10041c2e1..0000000000 --- a/meta/recipes-devtools/rpm/files/0002-Run-binary-package-creation-via-thread-pools.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 513200cf76758de4668312c628d6362bdabfaf4b Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Thu, 25 May 2017 19:30:20 +0300 -Subject: [PATCH 1/3] Run binary package creation via thread pools. - -Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/226] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - build/pack.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++----------- - configure.ac | 3 +++ - 2 files changed, 70 insertions(+), 14 deletions(-) - -diff --git a/build/pack.c b/build/pack.c -index ccfd614cc..ed5b9ab4e 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -616,25 +616,78 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch - return rc; - } - --rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) -+struct binaryPackageTaskData - { -- rpmRC rc; - Package pkg; -+ char *filename; -+ rpmRC result; -+ struct binaryPackageTaskData *next; -+}; -+ -+static struct binaryPackageTaskData* runBinaryPackageTasks(rpmSpec spec, const char *cookie, int cheating) -+{ -+ struct binaryPackageTaskData *tasks = NULL; -+ struct binaryPackageTaskData *task = NULL; -+ struct binaryPackageTaskData *prev = NULL; -+ -+ for (Package pkg = spec->packages; pkg != NULL; pkg = pkg->next) { -+ task = rcalloc(1, sizeof(*task)); -+ task->pkg = pkg; -+ if (pkg == spec->packages) { -+ // the first package needs to be processed ahead of others, as they copy -+ // changelog data from it, and so otherwise data races would happen -+ task->result = packageBinary(spec, pkg, cookie, cheating, &(task->filename)); -+ rpmlog(RPMLOG_NOTICE, _("Finished binary package job, result %d, filename %s\n"), task->result, task->filename); -+ tasks = task; -+ } -+ if (prev != NULL) { -+ prev->next = task; -+ } -+ prev = task; -+ } -+ -+ #pragma omp parallel -+ #pragma omp single -+ // re-declaring task variable is necessary, or older gcc versions will produce code that segfaults -+ for (struct binaryPackageTaskData *task = tasks; task != NULL; task = task->next) { -+ if (task != tasks) -+ #pragma omp task -+ { -+ task->result = packageBinary(spec, task->pkg, cookie, cheating, &(task->filename)); -+ rpmlog(RPMLOG_NOTICE, _("Finished binary package job, result %d, filename %s\n"), task->result, task->filename); -+ } -+ } -+ -+ return tasks; -+} -+ -+static void freeBinaryPackageTasks(struct binaryPackageTaskData* tasks) -+{ -+ while (tasks != NULL) { -+ struct binaryPackageTaskData* next = tasks->next; -+ rfree(tasks->filename); -+ rfree(tasks); -+ tasks = next; -+ } -+} -+ -+rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) -+{ - char *pkglist = NULL; - -- for (pkg = spec->packages; pkg != NULL; pkg = pkg->next) { -- char *fn = NULL; -- rc = packageBinary(spec, pkg, cookie, cheating, &fn); -- if (rc == RPMRC_OK) { -- rstrcat(&pkglist, fn); -- rstrcat(&pkglist, " "); -- } -- free(fn); -- if (rc != RPMRC_OK) { -- pkglist = _free(pkglist); -- return rc; -- } -+ struct binaryPackageTaskData *tasks = runBinaryPackageTasks(spec, cookie, cheating); -+ -+ for (struct binaryPackageTaskData *task = tasks; task != NULL; task = task->next) { -+ if (task->result == RPMRC_OK) { -+ rstrcat(&pkglist, task->filename); -+ rstrcat(&pkglist, " "); -+ } else { -+ _free(pkglist); -+ freeBinaryPackageTasks(tasks); -+ return RPMRC_FAIL; -+ } - } -+ freeBinaryPackageTasks(tasks); - - /* Now check the package set if enabled */ - if (pkglist != NULL) { -diff --git a/configure.ac b/configure.ac -index a506ec819..59fa0acaf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -17,6 +17,9 @@ AC_DISABLE_STATIC - - PKG_PROG_PKG_CONFIG - -+AC_OPENMP -+RPMCFLAGS="$OPENMP_CFLAGS $RPMCFLAGS" -+ - dnl Checks for programs. - AC_PROG_CXX - AC_PROG_AWK --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch new file mode 100644 index 0000000000..a5ec802501 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch @@ -0,0 +1,329 @@ +From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Thu, 30 Sep 2021 09:59:30 +0300 +Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP + public keys + +All subkeys must be followed by a binding signature by the primary key +as per the OpenPGP RFC, enforce the presence and validity in the parser. + +The implementation is as kludgey as they come to work around our +simple-minded parser structure without touching API, to maximise +backportability. Store all the raw packets internally as we decode them +to be able to access previous elements at will, needed to validate ordering +and access the actual data. Add testcases for manipulated keys whose +import previously would succeed. + +Depends on the two previous commits: +7b399fcb8f52566e6f3b4327197a85facd08db91 and +236b802a4aa48711823a191d1b7f753c82a89ec5 + +Fixes CVE-2021-3521. + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] +CVE:CVE-2021-3521 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + rpmio/rpmpgp.c | 99 +++++++++++++++++-- + tests/Makefile.am | 3 + + tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ + .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ + tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ + tests/rpmsigdig.at | 28 ++++++ + 6 files changed, 209 insertions(+), 8 deletions(-) + create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc + create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc + create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 509e777e6d..371ad4d9b6 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) + return digp; + } + ++static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) ++{ ++ int rc = -1; ++ if (pkt->tag == exptag) { ++ uint8_t head[] = { ++ 0x99, ++ (pkt->blen >> 8), ++ (pkt->blen ), ++ }; ++ ++ rpmDigestUpdate(hash, head, 3); ++ rpmDigestUpdate(hash, pkt->body, pkt->blen); ++ rc = 0; ++ } ++ return rc; ++} ++ ++static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, ++ const struct pgpPkt *all, int i) ++{ ++ int rc = -1; ++ DIGEST_CTX hash = NULL; ++ ++ switch (selfsig->sigtype) { ++ case PGPSIGTYPE_SUBKEY_BINDING: ++ hash = rpmDigestInit(selfsig->hash_algo, 0); ++ if (hash) { ++ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); ++ if (!rc) ++ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); ++ } ++ break; ++ default: ++ /* ignore types we can't handle */ ++ rc = 0; ++ break; ++ } ++ ++ if (hash && rc == 0) ++ rc = pgpVerifySignature(key, selfsig, hash); ++ ++ rpmDigestFinal(hash, NULL, NULL, 0); ++ ++ return rc; ++} ++ + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + pgpDigParams * ret) + { + const uint8_t *p = pkts; + const uint8_t *pend = pkts + pktlen; + pgpDigParams digp = NULL; +- struct pgpPkt pkt; ++ pgpDigParams selfsig = NULL; ++ int i = 0; ++ int alloced = 16; /* plenty for normal cases */ ++ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); + int rc = -1; /* assume failure */ ++ int expect = 0; ++ int prevtag = 0; + + while (p < pend) { +- if (decodePkt(p, (pend - p), &pkt)) ++ struct pgpPkt *pkt = &all[i]; ++ if (decodePkt(p, (pend - p), pkt)) + break; + + if (digp == NULL) { +- if (pkttype && pkt.tag != pkttype) { ++ if (pkttype && pkt->tag != pkttype) { + break; + } else { +- digp = pgpDigParamsNew(pkt.tag); ++ digp = pgpDigParamsNew(pkt->tag); + } + } + +- if (pgpPrtPkt(&pkt, digp)) ++ if (expect) { ++ if (pkt->tag != expect) ++ break; ++ selfsig = pgpDigParamsNew(pkt->tag); ++ } ++ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) + break; + +- p += (pkt.body - pkt.head) + pkt.blen; +- if (pkttype == PGPTAG_SIGNATURE) +- break; ++ if (selfsig) { ++ /* subkeys must be followed by binding signature */ ++ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { ++ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) ++ break; ++ } ++ ++ int xx = pgpVerifySelf(digp, selfsig, all, i); ++ ++ selfsig = pgpDigParamsFree(selfsig); ++ if (xx) ++ break; ++ expect = 0; ++ } ++ ++ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) ++ expect = PGPTAG_SIGNATURE; ++ prevtag = pkt->tag; ++ ++ i++; ++ p += (pkt->body - pkt->head) + pkt->blen; ++ if (pkttype == PGPTAG_SIGNATURE) ++ break; ++ ++ if (alloced <= i) { ++ alloced *= 2; ++ all = xrealloc(all, alloced * sizeof(*all)); ++ } ++ + } + + rc = (digp && (p == pend)) ? 0 : -1; +diff --git a/tests/Makefile.am b/tests/Makefile.am +index a41ce10de8..7bb23247f1 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec + EXTRA_DIST += data/SPECS/hello-cd.spec + EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub + EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret ++EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc ++EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc ++EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc + EXTRA_DIST += data/macros.testfile + EXTRA_DIST += data/macros.debug + EXTRA_DIST += data/SOURCES/foo.c +diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc +new file mode 100644 +index 0000000000..aea00f9d7a +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-badbind.asc +@@ -0,0 +1,25 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= ++=WCfs ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc +new file mode 100644 +index 0000000000..aea00f9d7a +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc +@@ -0,0 +1,25 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= ++=WCfs ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc +new file mode 100644 +index 0000000000..3a2e7417f8 +--- /dev/null ++++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc +@@ -0,0 +1,37 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Version: rpm-4.17.90 (NSS-3) ++ ++mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g ++HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY ++91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 ++eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas ++7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ ++1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl ++c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK ++CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf ++Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB ++BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr ++XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX ++fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN ++BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY ++zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz ++iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 ++Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c ++KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m ++L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 ++VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En ++uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ ++8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF ++v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ ++qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB ++Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j ++mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos ++3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ ++zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX ++Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ ++gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ ++E4XX4jtDmdZPreZALsiB ++=rRop ++-----END PGP PUBLIC KEY BLOCK----- ++ +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index 8e7c759b8f..e2d30a7f1b 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -2,6 +2,34 @@ + + AT_BANNER([RPM signatures and digests]) + ++AT_SETUP([rpmkeys --import invalid keys]) ++AT_KEYWORDS([rpmkeys import]) ++RPMDB_INIT ++ ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] ++) ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] ++) ++ ++AT_CHECK([ ++runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc ++], ++[1], ++[], ++[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] ++) ++AT_CLEANUP ++ + # ------------------------------ + # Test pre-built package verification + AT_SETUP([rpmkeys -Kv <unsigned> 1]) +-- +2.17.1 + diff --git a/meta/recipes-devtools/rpm/files/0003-rpmstrpool.c-make-operations-over-string-pools-threa.patch b/meta/recipes-devtools/rpm/files/0003-rpmstrpool.c-make-operations-over-string-pools-threa.patch deleted file mode 100644 index c348ae5330..0000000000 --- a/meta/recipes-devtools/rpm/files/0003-rpmstrpool.c-make-operations-over-string-pools-threa.patch +++ /dev/null @@ -1,207 +0,0 @@ -From c80892f17e44331206c8318d53b63bb6a99554d0 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 30 May 2017 13:58:30 +0300 -Subject: [PATCH 3/4] rpmstrpool.c: make operations over string pools - thread-safe - -Otherwise multithreaded rpm building explodes in various ways due -to data races. - -Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/226] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - rpmio/rpmstrpool.c | 56 +++++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 47 insertions(+), 9 deletions(-) - -diff --git a/rpmio/rpmstrpool.c b/rpmio/rpmstrpool.c -index 30a57eb10..58ba95a02 100644 ---- a/rpmio/rpmstrpool.c -+++ b/rpmio/rpmstrpool.c -@@ -113,6 +113,8 @@ static poolHash poolHashCreate(int numBuckets) - return ht; - } - -+static const char * rpmstrPoolStrNoLock(rpmstrPool pool, rpmsid sid); -+ - static void poolHashResize(rpmstrPool pool, int numBuckets) - { - poolHash ht = pool->hash; -@@ -120,7 +122,7 @@ static void poolHashResize(rpmstrPool pool, int numBuckets) - - for (int i=0; i<ht->numBuckets; i++) { - if (!ht->buckets[i].keyid) continue; -- unsigned int keyHash = rstrhash(rpmstrPoolStr(pool, ht->buckets[i].keyid)); -+ unsigned int keyHash = rstrhash(rpmstrPoolStrNoLock(pool, ht->buckets[i].keyid)); - for (unsigned int j=0;;j++) { - unsigned int hash = hashbucket(keyHash, j) % numBuckets; - if (!buckets[hash].keyid) { -@@ -149,7 +151,7 @@ static void poolHashAddHEntry(rpmstrPool pool, const char * key, unsigned int ke - ht->buckets[hash].keyid = keyid; - ht->keyCount++; - break; -- } else if (!strcmp(rpmstrPoolStr(pool, ht->buckets[hash].keyid), key)) { -+ } else if (!strcmp(rpmstrPoolStrNoLock(pool, ht->buckets[hash].keyid), key)) { - return; - } - } -@@ -191,7 +193,7 @@ static void poolHashPrintStats(rpmstrPool pool) - int maxcollisions = 0; - - for (i=0; i<ht->numBuckets; i++) { -- unsigned int keyHash = rstrhash(rpmstrPoolStr(pool, ht->buckets[i].keyid)); -+ unsigned int keyHash = rstrhash(rpmstrPoolStrNoLock(pool, ht->buckets[i].keyid)); - for (unsigned int j=0;;j++) { - unsigned int hash = hashbucket(keyHash, i) % ht->numBuckets; - if (hash==i) { -@@ -221,7 +223,7 @@ static void rpmstrPoolRehash(rpmstrPool pool) - - pool->hash = poolHashCreate(sizehint); - for (int i = 1; i <= pool->offs_size; i++) -- poolHashAddEntry(pool, rpmstrPoolStr(pool, i), i); -+ poolHashAddEntry(pool, rpmstrPoolStrNoLock(pool, i), i); - } - - rpmstrPool rpmstrPoolCreate(void) -@@ -245,6 +247,8 @@ rpmstrPool rpmstrPoolCreate(void) - - rpmstrPool rpmstrPoolFree(rpmstrPool pool) - { -+ #pragma omp critical(rpmstrpool) -+ { - if (pool) { - if (pool->nrefs > 1) { - pool->nrefs--; -@@ -260,18 +264,24 @@ rpmstrPool rpmstrPoolFree(rpmstrPool pool) - free(pool); - } - } -+ } - return NULL; - } - - rpmstrPool rpmstrPoolLink(rpmstrPool pool) - { -+ #pragma omp critical(rpmstrpool) -+ { - if (pool) - pool->nrefs++; -+ } - return pool; - } - - void rpmstrPoolFreeze(rpmstrPool pool, int keephash) - { -+ #pragma omp critical(rpmstrpool) -+ { - if (pool && !pool->frozen) { - if (!keephash) { - pool->hash = poolHashFree(pool->hash); -@@ -281,16 +291,20 @@ void rpmstrPoolFreeze(rpmstrPool pool, int keephash) - pool->offs_alloced * sizeof(*pool->offs)); - pool->frozen = 1; - } -+ } - } - - void rpmstrPoolUnfreeze(rpmstrPool pool) - { -+ #pragma omp critical(rpmstrpool) -+ { - if (pool) { - if (pool->hash == NULL) { - rpmstrPoolRehash(pool); - } - pool->frozen = 0; - } -+ } - } - - static rpmsid rpmstrPoolPut(rpmstrPool pool, const char *s, size_t slen, unsigned int hash) -@@ -350,7 +364,7 @@ static rpmsid rpmstrPoolGet(rpmstrPool pool, const char * key, size_t keylen, - return 0; - } - -- s = rpmstrPoolStr(pool, ht->buckets[hash].keyid); -+ s = rpmstrPoolStrNoLock(pool, ht->buckets[hash].keyid); - /* pool string could be longer than keylen, require exact matche */ - if (strncmp(s, key, keylen) == 0 && s[keylen] == '\0') - return ht->buckets[hash].keyid; -@@ -373,27 +387,31 @@ static inline rpmsid strn2id(rpmstrPool pool, const char *s, size_t slen, - rpmsid rpmstrPoolIdn(rpmstrPool pool, const char *s, size_t slen, int create) - { - rpmsid sid = 0; -- -+ #pragma omp critical(rpmstrpool) -+ { - if (s != NULL) { - unsigned int hash = rstrnhash(s, slen); - sid = strn2id(pool, s, slen, hash, create); - } -+ } - return sid; - } - - rpmsid rpmstrPoolId(rpmstrPool pool, const char *s, int create) - { - rpmsid sid = 0; -- -+ #pragma omp critical(rpmstrpool) -+ { - if (s != NULL) { - size_t slen; - unsigned int hash = rstrlenhash(s, &slen); - sid = strn2id(pool, s, slen, hash, create); - } -+ } - return sid; - } - --const char * rpmstrPoolStr(rpmstrPool pool, rpmsid sid) -+static const char * rpmstrPoolStrNoLock(rpmstrPool pool, rpmsid sid) - { - const char *s = NULL; - if (pool && sid > 0 && sid <= pool->offs_size) -@@ -401,12 +419,25 @@ const char * rpmstrPoolStr(rpmstrPool pool, rpmsid sid) - return s; - } - -+const char * rpmstrPoolStr(rpmstrPool pool, rpmsid sid) -+{ -+ const char *s = NULL; -+ #pragma omp critical(rpmstrpool) -+ { -+ s = rpmstrPoolStrNoLock(pool, sid); -+ } -+ return s; -+} -+ - size_t rpmstrPoolStrlen(rpmstrPool pool, rpmsid sid) - { - size_t slen = 0; -+ #pragma omp critical(rpmstrpool) -+ { - if (pool && sid > 0 && sid <= pool->offs_size) { - slen = strlen(pool->offs[sid]); - } -+ } - return slen; - } - -@@ -421,5 +452,12 @@ int rpmstrPoolStreq(rpmstrPool poolA, rpmsid sidA, - - rpmsid rpmstrPoolNumStr(rpmstrPool pool) - { -- return (pool != NULL) ? pool->offs_size : 0; -+ rpmsid id = 0; -+ #pragma omp critical(rpmstrpool) -+ { -+ if (pool) { -+ id = pool->offs_size; -+ } -+ } -+ return id; - } --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0004-build-pack.c-remove-static-local-variables-from-buil.patch b/meta/recipes-devtools/rpm/files/0004-build-pack.c-remove-static-local-variables-from-buil.patch deleted file mode 100644 index 652e30b3e4..0000000000 --- a/meta/recipes-devtools/rpm/files/0004-build-pack.c-remove-static-local-variables-from-buil.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 792693bb90768cfde4898e8dd31ee1b5de803d2f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Thu, 8 Jun 2017 17:08:09 +0300 -Subject: [PATCH] build/pack.c: remove static local variables from buildHost() - and getBuildTime() - -Their use is causing difficult to diagnoze data races when building multiple -packages in parallel, and is a bad idea in general, as it also makes it more -difficult to reason about code. - -Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/226] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - build/build.c | 54 ++++++++++++++++++++++++++++-- - build/pack.c | 84 +++++++++-------------------------------------- - build/rpmbuild_internal.h | 8 +++-- - 3 files changed, 74 insertions(+), 72 deletions(-) - -diff --git a/build/build.c b/build/build.c -index 13c3df2..b154f08 100644 ---- a/build/build.c -+++ b/build/build.c -@@ -6,6 +6,8 @@ - #include "system.h" - - #include <errno.h> -+#include <netdb.h> -+#include <time.h> - #include <sys/wait.h> - - #include <rpm/rpmlog.h> -@@ -16,6 +18,50 @@ - - #include "debug.h" - -+static rpm_time_t getBuildTime(void) -+{ -+ rpm_time_t buildTime = 0; -+ char *srcdate; -+ time_t epoch; -+ char *endptr; -+ -+ srcdate = getenv("SOURCE_DATE_EPOCH"); -+ if (srcdate) { -+ errno = 0; -+ epoch = strtol(srcdate, &endptr, 10); -+ if (srcdate == endptr || *endptr || errno != 0) -+ rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n")); -+ else -+ buildTime = (int32_t) epoch; -+ } else -+ buildTime = (int32_t) time(NULL); -+ -+ return buildTime; -+} -+ -+static char * buildHost(void) -+{ -+ char* hostname; -+ struct hostent *hbn; -+ char *bhMacro; -+ -+ bhMacro = rpmExpand("%{?_buildhost}", NULL); -+ if (strcmp(bhMacro, "") != 0) { -+ rasprintf(&hostname, "%s", bhMacro); -+ } else { -+ hostname = rcalloc(1024, sizeof(*hostname)); -+ (void) gethostname(hostname, 1024); -+ hbn = gethostbyname(hostname); -+ if (hbn) -+ strcpy(hostname, hbn->h_name); -+ else -+ rpmlog(RPMLOG_WARNING, -+ _("Could not canonicalize hostname: %s\n"), hostname); -+ } -+ free(bhMacro); -+ return(hostname); -+} -+ - /** - */ - static rpmRC doRmSource(rpmSpec spec) -@@ -201,6 +247,9 @@ static rpmRC buildSpec(BTA_t buildArgs, rpmSpec spec, int what) - rpmRC rc = RPMRC_OK; - int test = (what & RPMBUILD_NOBUILD); - char *cookie = buildArgs->cookie ? xstrdup(buildArgs->cookie) : NULL; -+ const char* host = buildHost(); -+ rpm_time_t buildTime = getBuildTime(); -+ - - if (rpmExpandNumeric("%{?source_date_epoch_from_changelog}") && - getenv("SOURCE_DATE_EPOCH") == NULL) { -@@ -269,11 +318,11 @@ static rpmRC buildSpec(BTA_t buildArgs, rpmSpec spec, int what) - goto exit; - - if (((what & RPMBUILD_PACKAGESOURCE) && !test) && -- (rc = packageSources(spec, &cookie))) -+ (rc = packageSources(spec, &cookie, buildTime, host))) - goto exit; - - if (((what & RPMBUILD_PACKAGEBINARY) && !test) && -- (rc = packageBinaries(spec, cookie, (didBuild == 0)))) -+ (rc = packageBinaries(spec, cookie, (didBuild == 0), buildTime, host))) - goto exit; - - if ((what & RPMBUILD_CLEAN) && -@@ -293,6 +342,7 @@ static rpmRC buildSpec(BTA_t buildArgs, rpmSpec spec, int what) - (void) unlink(spec->specFile); - - exit: -+ free(host); - free(cookie); - spec->rootDir = NULL; - if (rc != RPMRC_OK && rpmlogGetNrecs() > 0) { -diff --git a/build/pack.c b/build/pack.c -index df15876..17a4b09 100644 ---- a/build/pack.c -+++ b/build/pack.c -@@ -6,8 +6,6 @@ - #include "system.h" - - #include <errno.h> --#include <netdb.h> --#include <time.h> - #include <sys/wait.h> - - #include <rpm/rpmlib.h> /* RPMSIGTAG*, rpmReadPackageFile */ -@@ -152,57 +150,6 @@ exit: - return rc; - } - --static rpm_time_t * getBuildTime(void) --{ -- static rpm_time_t buildTime[1]; -- char *srcdate; -- time_t epoch; -- char *endptr; -- -- if (buildTime[0] == 0) { -- srcdate = getenv("SOURCE_DATE_EPOCH"); -- if (srcdate) { -- errno = 0; -- epoch = strtol(srcdate, &endptr, 10); -- if (srcdate == endptr || *endptr || errno != 0) -- rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n")); -- else -- buildTime[0] = (int32_t) epoch; -- } else -- buildTime[0] = (int32_t) time(NULL); -- } -- -- return buildTime; --} -- --static const char * buildHost(void) --{ -- static char hostname[1024]; -- static int oneshot = 0; -- struct hostent *hbn; -- char *bhMacro; -- -- if (! oneshot) { -- bhMacro = rpmExpand("%{?_buildhost}", NULL); -- if (strcmp(bhMacro, "") != 0 && strlen(bhMacro) < 1024) { -- strcpy(hostname, bhMacro); -- } else { -- if (strcmp(bhMacro, "") != 0) -- rpmlog(RPMLOG_WARNING, _("The _buildhost macro is too long\n")); -- (void) gethostname(hostname, sizeof(hostname)); -- hbn = gethostbyname(hostname); -- if (hbn) -- strcpy(hostname, hbn->h_name); -- else -- rpmlog(RPMLOG_WARNING, -- _("Could not canonicalize hostname: %s\n"), hostname); -- } -- free(bhMacro); -- oneshot = 1; -- } -- return(hostname); --} -- - static rpmRC processScriptFiles(rpmSpec spec, Package pkg) - { - struct TriggerFileEntry *p; -@@ -476,7 +423,8 @@ exit: - * order to how the RPM format is laid on disk. - */ - static rpmRC writeRPM(Package pkg, unsigned char ** pkgidp, -- const char *fileName, char **cookie) -+ const char *fileName, char **cookie, -+ rpm_time_t buildTime, const char* buildHost) - { - FD_t fd = NULL; - char * rpmio_flags = NULL; -@@ -500,7 +448,7 @@ static rpmRC writeRPM(Package pkg, unsigned char ** pkgidp, - - /* Create and add the cookie */ - if (cookie) { -- rasprintf(cookie, "%s %d", buildHost(), (int) (*getBuildTime())); -+ rasprintf(cookie, "%s %d", buildHost, buildTime); - headerPutString(pkg->header, RPMTAG_COOKIE, *cookie); - } - -@@ -641,7 +589,7 @@ static rpmRC checkPackages(char *pkgcheck) - return RPMRC_OK; - } - --static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int cheating, char** filename) -+static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int cheating, char** filename, rpm_time_t buildTime, const char* buildHost) - { - const char *errorString; - rpmRC rc = RPMRC_OK; -@@ -660,8 +608,8 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch - headerCopyTags(spec->packages->header, pkg->header, copyTags); - - headerPutString(pkg->header, RPMTAG_RPMVERSION, VERSION); -- headerPutString(pkg->header, RPMTAG_BUILDHOST, buildHost()); -- headerPutUint32(pkg->header, RPMTAG_BUILDTIME, getBuildTime(), 1); -+ headerPutString(pkg->header, RPMTAG_BUILDHOST, buildHost); -+ headerPutUint32(pkg->header, RPMTAG_BUILDTIME, &buildTime, 1); - - if (spec->sourcePkgId != NULL) { - headerPutBin(pkg->header, RPMTAG_SOURCEPKGID, spec->sourcePkgId,16); -@@ -699,7 +647,7 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch - free(binRpm); - } - -- rc = writeRPM(pkg, NULL, *filename, NULL); -+ rc = writeRPM(pkg, NULL, *filename, NULL, buildTime, buildHost); - if (rc == RPMRC_OK) { - /* Do check each written package if enabled */ - char *pkgcheck = rpmExpand("%{?_build_pkgcheck} ", *filename, NULL); -@@ -719,7 +667,7 @@ struct binaryPackageTaskData - struct binaryPackageTaskData *next; - }; - --static struct binaryPackageTaskData* runBinaryPackageTasks(rpmSpec spec, const char *cookie, int cheating) -+static struct binaryPackageTaskData* runBinaryPackageTasks(rpmSpec spec, const char *cookie, int cheating, rpm_time_t buildTime, char* buildHost) - { - struct binaryPackageTaskData *tasks = NULL; - struct binaryPackageTaskData *task = NULL; -@@ -731,7 +679,7 @@ static struct binaryPackageTaskData* runBinaryPackageTasks(rpmSpec spec, const c - if (pkg == spec->packages) { - // the first package needs to be processed ahead of others, as they copy - // changelog data from it, and so otherwise data races would happen -- task->result = packageBinary(spec, pkg, cookie, cheating, &(task->filename)); -+ task->result = packageBinary(spec, pkg, cookie, cheating, &(task->filename), buildTime, buildHost); - rpmlog(RPMLOG_NOTICE, _("Finished binary package job, result %d, filename %s\n"), task->result, task->filename); - tasks = task; - } -@@ -748,7 +696,7 @@ static struct binaryPackageTaskData* runBinaryPackageTasks(rpmSpec spec, const c - if (task != tasks) - #pragma omp task - { -- task->result = packageBinary(spec, task->pkg, cookie, cheating, &(task->filename)); -+ task->result = packageBinary(spec, task->pkg, cookie, cheating, &(task->filename), buildTime, buildHost); - rpmlog(RPMLOG_NOTICE, _("Finished binary package job, result %d, filename %s\n"), task->result, task->filename); - } - } -@@ -766,11 +714,11 @@ static void freeBinaryPackageTasks(struct binaryPackageTaskData* tasks) - } - } - --rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) -+rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating, rpm_time_t buildTime, char* buildHost) - { - char *pkglist = NULL; - -- struct binaryPackageTaskData *tasks = runBinaryPackageTasks(spec, cookie, cheating); -+ struct binaryPackageTaskData *tasks = runBinaryPackageTasks(spec, cookie, cheating, buildTime, buildHost); - - for (struct binaryPackageTaskData *task = tasks; task != NULL; task = task->next) { - if (task->result == RPMRC_OK) { -@@ -797,7 +745,7 @@ rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating) - return RPMRC_OK; - } - --rpmRC packageSources(rpmSpec spec, char **cookie) -+rpmRC packageSources(rpmSpec spec, char **cookie, rpm_time_t buildTime, char* buildHost) - { - Package sourcePkg = spec->sourcePackage; - rpmRC rc; -@@ -805,8 +753,8 @@ rpmRC packageSources(rpmSpec spec, char **cookie) - - /* Add some cruft */ - headerPutString(sourcePkg->header, RPMTAG_RPMVERSION, VERSION); -- headerPutString(sourcePkg->header, RPMTAG_BUILDHOST, buildHost()); -- headerPutUint32(sourcePkg->header, RPMTAG_BUILDTIME, getBuildTime(), 1); -+ headerPutString(sourcePkg->header, RPMTAG_BUILDHOST, buildHost); -+ headerPutUint32(sourcePkg->header, RPMTAG_BUILDTIME, &buildTime, 1); - headerPutUint32(sourcePkg->header, RPMTAG_SOURCEPACKAGE, &one, 1); - - /* XXX this should be %_srpmdir */ -@@ -814,7 +762,7 @@ rpmRC packageSources(rpmSpec spec, char **cookie) - char *pkgcheck = rpmExpand("%{?_build_pkgcheck_srpm} ", fn, NULL); - - spec->sourcePkgId = NULL; -- rc = writeRPM(sourcePkg, &spec->sourcePkgId, fn, cookie); -+ rc = writeRPM(sourcePkg, &spec->sourcePkgId, fn, cookie, buildTime, buildHost); - - /* Do check SRPM package if enabled */ - if (rc == RPMRC_OK && pkgcheck[0] != ' ') { -diff --git a/build/rpmbuild_internal.h b/build/rpmbuild_internal.h -index 439b7d3..07e8338 100644 ---- a/build/rpmbuild_internal.h -+++ b/build/rpmbuild_internal.h -@@ -427,19 +427,23 @@ rpmRC processSourceFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags); - * @param spec spec file control structure - * @param cookie build identifier "cookie" or NULL - * @param cheating was build shortcircuited? -+ * @param buildTime the build timestamp that goes into packages -+ * @param buildHost the hostname where the build is happening - * @return RPMRC_OK on success - */ - RPM_GNUC_INTERNAL --rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating); -+rpmRC packageBinaries(rpmSpec spec, const char *cookie, int cheating, rpm_time_t buildTime, char* buildHost); - - /** \ingroup rpmbuild - * Generate source package. - * @param spec spec file control structure - * @retval cookie build identifier "cookie" or NULL -+ * @param buildTime the build timestamp that goes into packages -+ * @param buildHost the hostname where the build is happening - * @return RPMRC_OK on success - */ - RPM_GNUC_INTERNAL --rpmRC packageSources(rpmSpec spec, char **cookie); -+rpmRC packageSources(rpmSpec spec, char **cookie, rpm_time_t buildTime, char* buildHost); - - RPM_GNUC_INTERNAL - int addLangTag(rpmSpec spec, Header h, rpmTagVal tag, diff --git a/meta/recipes-devtools/rpm/files/0011-Do-not-require-that-ELF-binaries-are-executable-to-b.patch b/meta/recipes-devtools/rpm/files/0011-Do-not-require-that-ELF-binaries-are-executable-to-b.patch deleted file mode 100644 index 4ac5c38f06..0000000000 --- a/meta/recipes-devtools/rpm/files/0011-Do-not-require-that-ELF-binaries-are-executable-to-b.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 5141d50d7b3d3c209a22c53deedb4ceef014401d Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Mon, 15 May 2017 10:21:08 +0200 -Subject: [PATCH 09/15] Do not require that ELF binaries are executable to be - identifiable - -There is nothing that requires, e.g., a DSO to be executable, but it -is still an ELF binary and should be identified as such. - -Upstream probably expects all ELF binaries to be marked as executable, -but rather than imposing such a limitation for OE, allow any file to -be identified as an ELF binary regardless of whether it is executable -or not. - -Upstream-Status: Inappropriate -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> - ---- - fileattrs/elf.attr | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/fileattrs/elf.attr b/fileattrs/elf.attr -index 5805dd0ee..3516f309d 100644 ---- a/fileattrs/elf.attr -+++ b/fileattrs/elf.attr -@@ -1,4 +1,3 @@ - %__elf_provides %{_rpmconfigdir}/elfdeps --provides %{?__filter_GLIBC_PRIVATE:--filter-private} - %__elf_requires %{_rpmconfigdir}/elfdeps --requires %{?__filter_GLIBC_PRIVATE:--filter-private} - %__elf_magic ^(setuid,? )?(setgid,? )?(sticky )?ELF (32|64)-bit.*$ --%__elf_flags exeonly --- -2.14.2 - diff --git a/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch new file mode 100644 index 0000000000..43e9859ef3 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch @@ -0,0 +1,55 @@ +From 989e425d416474c191b020d0825895e3df4bd033 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Thu, 10 Jan 2019 18:14:18 +0100 +Subject: [PATCH] rpmscript.c: change logging level around scriptlets to INFO + from DEBUG + +That way we can debug scriptlet failures without writing lots of +irrelevant noise to rootfs logs. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + lib/rpmscript.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index 2b0e43862..e319673f1 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -226,7 +226,7 @@ static char * writeScript(const char *cmd, const char *script) + if (Ferror(fd)) + goto exit; + +- if (rpmIsDebug() && (rstreq(cmd, "/bin/sh") || rstreq(cmd, "/bin/bash"))) { ++ if (rpmIsVerbose() && (rstreq(cmd, "/bin/sh") || rstreq(cmd, "/bin/bash"))) { + static const char set_x[] = "set -x\n"; + /* Assume failures will be caught by the write below */ + Fwrite(set_x, sizeof(set_x[0]), sizeof(set_x)-1, fd); +@@ -258,7 +258,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + char *mline = NULL; + rpmRC rc = RPMRC_FAIL; + +- rpmlog(RPMLOG_DEBUG, "%s: scriptlet start\n", sname); ++ rpmlog(RPMLOG_INFO, "%s: scriptlet start\n", sname); + + if (script) { + fn = writeScript(*argvp[0], script); +@@ -310,7 +310,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + sname, strerror(errno)); + goto exit; + } else if (pid == 0) {/* Child */ +- rpmlog(RPMLOG_DEBUG, "%s: execv(%s) pid %d\n", ++ rpmlog(RPMLOG_INFO, "%s: execv(%s) pid %d\n", + sname, *argvp[0], (unsigned)getpid()); + + fclose(in); +@@ -353,7 +353,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + reaped = waitpid(pid, &status, 0); + } while (reaped == -1 && errno == EINTR); + +- rpmlog(RPMLOG_DEBUG, "%s: waitpid(%d) rc %d status %x\n", ++ rpmlog(RPMLOG_INFO, "%s: waitpid(%d) rc %d status %x\n", + sname, (unsigned)pid, (unsigned)reaped, status); + + if (reaped < 0) { diff --git a/meta/recipes-devtools/rpm/files/environment.d-rpm.sh b/meta/recipes-devtools/rpm/files/environment.d-rpm.sh new file mode 100644 index 0000000000..9b669a18d1 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/environment.d-rpm.sh @@ -0,0 +1 @@ +export RPM_CONFIGDIR="$OECORE_NATIVE_SYSROOT/usr/lib/rpm" diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.bb deleted file mode 100644 index 46f88375ff..0000000000 --- a/meta/recipes-devtools/rpm/rpm_4.14.2.bb +++ /dev/null @@ -1,150 +0,0 @@ -SUMMARY = "The RPM package management system" -DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ -package management system capable of installing, uninstalling, \ -verifying, querying, and updating software packages. Each software \ -package consists of an archive of files along with information about \ -the package like its version, a description, etc." - -SUMMARY_${PN}-dev = "Development files for manipulating RPM packages" -DESCRIPTION_${PN}-dev = "This package contains the RPM C library and header files. These \ -development files will simplify the process of writing programs that \ -manipulate RPM packages and databases. These files are intended to \ -simplify the process of creating graphical package managers or any \ -other tools that need an intimate knowledge of RPM packages in order \ -to function." - -SUMMARY_python3-rpm = "Python bindings for apps which will manupulate RPM packages" -DESCRIPTION_python3-rpm = "The python3-rpm package contains a module that permits applications \ -written in the Python programming language to use the interface \ -supplied by the RPM Package Manager libraries." - -HOMEPAGE = "http://www.rpm.org" - -# libraries are also LGPL - how to express this? -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=c0bf017c0fd1920e6158a333acabfd4a" - -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \ - file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ - file://0001-Do-not-read-config-files-from-HOME.patch \ - file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ - file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ - file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ - file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ - file://0001-Fix-build-with-musl-C-library.patch \ - file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ - file://0011-Do-not-require-that-ELF-binaries-are-executable-to-b.patch \ - file://0001-Split-binary-package-building-into-a-separate-functi.patch \ - file://0002-Run-binary-package-creation-via-thread-pools.patch \ - file://0003-rpmstrpool.c-make-operations-over-string-pools-threa.patch \ - file://0004-build-pack.c-remove-static-local-variables-from-buil.patch \ - file://0001-perl-disable-auto-reqs.patch \ - " - -PE = "1" -SRCREV = "753f6941dc32e94047b7cfe713ddd604a810b4db" - -S = "${WORKDIR}/git" - -DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3" -DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native" - -inherit autotools gettext pkgconfig python3native -export PYTHON_ABI - -# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe -EXTRA_AUTORECONF_append = " --exclude=gnu-configize" - -EXTRA_OECONF_append = " --without-lua --enable-python" -EXTRA_OECONF_append_libc-musl = " --disable-nls" - -# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs -# -# --localstatedir prevents rpm from writing its database to native sysroot when building images -# -# Disable dbus for native, so that rpm doesn't attempt to inhibit shutdown via session dbus even when plugins support is enabled. -# Also disable plugins by default for native. -EXTRA_OECONF_append_class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" -EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" - -BBCLASSEXTEND = "native nativesdk" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" - -ASNEEDED = "" - -# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in -# libmagic also has sysroot path contamination, so override it - -WRAPPER_TOOLS = " \ - ${bindir}/rpm \ - ${bindir}/rpm2archive \ - ${bindir}/rpm2cpio \ - ${bindir}/rpmbuild \ - ${bindir}/rpmdb \ - ${bindir}/rpmgraph \ - ${bindir}/rpmkeys \ - ${bindir}/rpmsign \ - ${bindir}/rpmspec \ - ${libdir}/rpm/rpmdeps \ -" - -do_install_append_class-native() { - for tool in ${WRAPPER_TOOLS}; do - create_wrapper ${D}$tool \ - RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ - RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ - MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done -} - -do_install_append_class-nativesdk() { - for tool in ${WRAPPER_TOOLS}; do - create_wrapper ${D}$tool \ - RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir', True), d.getVar('bindir', True))}/rpm \ - RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir', True), d.getVar('bindir', True))}/..} \ - MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir', True), d.getVar('bindir', True))}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done - - rm -rf ${D}/var -} - -# Rpm's make install creates var/tmp which clashes with base-files packaging -do_install_append_class-target() { - rm -rf ${D}/var -} - -do_install_append () { - sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ - ${D}/${libdir}/rpm/macros - - sed -i -e 's|/usr/bin/python|${USRBINPATH}/env ${PYTHON_PN}|' \ - ${D}${libdir}/rpm/pythondistdeps.py \ - ${D}${libdir}/rpm/python-macro-helper -} - -FILES_${PN} += "${libdir}/rpm-plugins/*.so \ - " - -FILES_${PN}-dev += "${libdir}/rpm-plugins/*.la \ - " - -PACKAGES += "python3-rpm" -PROVIDES += "python3-rpm" -FILES_python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" - -# rpm 5.x was packaging the rpm build tools separately -RPROVIDES_${PN} += "rpm-build" - -RDEPENDS_${PN} = "bash perl python3-core" - -PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" - -# Do not specify a sysroot when compiling on a target. -rpm_package_preprocess () { - sed -i -e 's:--sysroot[^ ]*::g' \ - ${PKGD}/${libdir}/rpm/macros -} diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.17.0.bb new file mode 100644 index 0000000000..c392ac0db4 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm_4.17.0.bb @@ -0,0 +1,208 @@ +SUMMARY = "The RPM package management system" +DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ +package management system capable of installing, uninstalling, \ +verifying, querying, and updating software packages. Each software \ +package consists of an archive of files along with information about \ +the package like its version, a description, etc." + +SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" +DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ +development files will simplify the process of writing programs that \ +manipulate RPM packages and databases. These files are intended to \ +simplify the process of creating graphical package managers or any \ +other tools that need an intimate knowledge of RPM packages in order \ +to function." + +SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" +DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ +written in the Python programming language to use the interface \ +supplied by the RPM Package Manager libraries." + +HOMEPAGE = "http://www.rpm.org" + +# libraries are also LGPL - how to express this? +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" + +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ + file://environment.d-rpm.sh \ + file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ + file://0001-Do-not-read-config-files-from-HOME.patch \ + file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ + file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ + file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ + file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ + file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ + file://0001-perl-disable-auto-reqs.patch \ + file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ + file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ + file://0001-tools-Add-error.h-for-non-glibc-case.patch \ + file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ + file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ + file://0001-CVE-2021-3521.patch \ + file://0002-CVE-2021-3521.patch \ + file://0003-CVE-2021-3521.patch \ + " + +PE = "1" +SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" + +S = "${WORKDIR}/git" + +DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" +DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" + +inherit autotools gettext pkgconfig python3native +export PYTHON_ABI + +AUTOTOOLS_AUXDIR = "${S}/build-aux" + +# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe +EXTRA_AUTORECONF:append = " --exclude=gnu-configize" + +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" +EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" + +# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs +# --localstatedir prevents rpm from writing its database to native sysroot when building images +# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset +# plugins both behave badly inside builds. +EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" +EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" + +BBCLASSEXTEND = "native nativesdk" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" +# The inhibit plugin serves no purpose outside of the target +PACKAGECONFIG:remove:class-native = "inhibit" +PACKAGECONFIG:remove:class-nativesdk = "inhibit" + +PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" +PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" +PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" +PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" +PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" +PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" +PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" + +ASNEEDED = "" + +# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in +# libmagic also has sysroot path contamination, so override it + +WRAPPER_TOOLS = " \ + ${bindir}/rpm \ + ${bindir}/rpm2archive \ + ${bindir}/rpm2cpio \ + ${bindir}/rpmbuild \ + ${bindir}/rpmdb \ + ${bindir}/rpmgraph \ + ${bindir}/rpmkeys \ + ${bindir}/rpmsign \ + ${bindir}/rpmspec \ + ${libdir}/rpm/rpmdeps \ +" + +do_configure:prepend() { + mkdir -p ${S}/build-aux +} + +do_install:append:class-native() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ + MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done +} + +do_install:append:class-nativesdk() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ + RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ + MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done + + rm -rf ${D}/var + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh +} + +# Rpm's make install creates var/tmp which clashes with base-files packaging +do_install:append:class-target() { + rm -rf ${D}/var +} +do_install:append:class-nativesdk() { + rm -rf ${D}${SDKPATHNATIVE}/var +} + +do_install:append () { + sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ + ${D}/${libdir}/rpm/macros + +} + +FILES:${PN} += "${libdir}/rpm-plugins/*.so \ + " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" + +FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ + " +PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" + +RRECOMMENDS:${PN} += "rpm-sign rpm-archive" + +FILES:${PN}-build = "\ + ${bindir}/rpmbuild \ + ${bindir}/gendiff \ + ${bindir}/rpmspec \ + ${libdir}/librpmbuild.so.* \ + ${libdir}/rpm/brp-* \ + ${libdir}/rpm/check-* \ + ${libdir}/rpm/debugedit \ + ${libdir}/rpm/sepdebugcrcfix \ + ${libdir}/rpm/find-debuginfo.sh \ + ${libdir}/rpm/find-lang.sh \ + ${libdir}/rpm/*provides* \ + ${libdir}/rpm/*requires* \ + ${libdir}/rpm/*deps* \ + ${libdir}/rpm/*.prov \ + ${libdir}/rpm/*.req \ + ${libdir}/rpm/config.* \ + ${libdir}/rpm/mkinstalldirs \ + ${libdir}/rpm/macros.p* \ + ${libdir}/rpm/fileattrs/* \ +" + +FILES:${PN}-sign = "\ + ${bindir}/rpmsign \ + ${libdir}/librpmsign.so.* \ +" + +FILES:${PN}-archive = "\ + ${bindir}/rpm2archive \ +" + +PACKAGES += "python3-rpm" +PROVIDES += "python3-rpm" +FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" + +RDEPENDS:${PN}-build = "bash perl python3-core" + +PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" + +# Do not specify a sysroot when compiling on a target. +rpm_package_preprocess () { + sed -i -e 's:--sysroot[^ ]*::g' \ + ${PKGD}/${libdir}/rpm/macros +} + +SSTATE_HASHEQUIV_FILEMAP = " \ + populate_sysroot:*/rpm/macros:${TMPDIR} \ + populate_sysroot:*/rpm/macros:${COREBASE} \ + " |