RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 15-Jan-2008 15:19:20
Branch: rpm-5_0 Handle: 2008011514191801
Modified files: (Branch: rpm-5_0)
rpm CHANGES macros.in rpmpopt.in
rpm/build files.c
rpm/lib fsm.c poptQV.c psm.c rpmfi.h rpmgi.c rpmns.c
transaction.c
rpm/rpmio macro.c rpmio.c rpmlog.h rpmlua.h rpmmacro.h
rpmpgp.c stringbuf.c stringbuf.h
Log:
- don't follow symlinks using chown/chgrp from --setugids pipe.
- fix PGP clearsign signature verification by correctly skipping RFC2440 "dash-escapes"
- fix line-continuation handling in macro definition parsing
- permit opt-in network access using %_rpmgio macro.
- fix: deny rpmioSlurp network access (like all other Fopen call's).
- rpm.org: Assorted int -> size_t corrections for string lengths.
- rpm.org: More assorted int -> size_t uses.
Summary:
Revision Changes Path
1.2054.2.3 +7 -0 rpm/CHANGES
1.310.2.1 +1 -1 rpm/build/files.c
2.140.2.1 +5 -4 rpm/lib/fsm.c
2.48.2.1 +1 -1 rpm/lib/poptQV.c
2.278.2.1 +4 -4 rpm/lib/psm.c
2.47.2.1 +3 -3 rpm/lib/rpmfi.h
2.47.2.1 +3 -3 rpm/lib/rpmgi.c
1.13.2.1 +2 -0 rpm/lib/rpmns.c
1.360.2.1 +6 -6 rpm/lib/transaction.c
1.227.2.1 +5 -1 rpm/macros.in
2.171.2.1 +13 -7 rpm/rpmio/macro.c
1.117.2.1 +1 -1 rpm/rpmio/rpmio.c
2.20.2.1 +2 -1 rpm/rpmio/rpmlog.h
2.9.2.1 +4 -2 rpm/rpmio/rpmlua.h
2.46.2.1 +1 -1 rpm/rpmio/rpmmacro.h
2.86.2.1 +1 -1 rpm/rpmio/rpmpgp.c
2.2.2.1 +11 -31 rpm/rpmio/stringbuf.c
2.2.2.1 +1 -1 rpm/rpmio/stringbuf.h
2.47.2.1 +2 -2 rpm/rpmpopt.in
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.2054.2.2 -r1.2054.2.3 CHANGES
--- rpm/CHANGES 13 Jan 2008 19:44:21 -0000 1.2054.2.2
+++ rpm/CHANGES 15 Jan 2008 14:19:18 -0000 1.2054.2.3
@@ -1,5 +1,12 @@
5.0.0 -> 5.0.1:
+ - jbj: don't follow symlinks using chown/chgrp from --setugids pipe.
- jbj: sync *.po with the translation project (sr@latin.po needs work).
+ - rse: fix PGP clearsign signature verification by correctly skipping RFC2440 "dash-escapes"
+ - rse: fix line-continuation handling in macro definition parsing
+ - jbj: permit opt-in network access using %_rpmgio macro.
+ - jbj: fix: deny rpmioSlurp network access (like all other Fopen call's).
+ - rpm.org: Assorted int -> size_t corrections for string lengths.
+ - rpm.org: More assorted int -> size_t uses.
=============================================================================
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/files.c
============================================================================
$ cvs diff -u -r1.310 -r1.310.2.1 files.c
--- rpm/build/files.c 23 Dec 2007 01:56:40 -0000 1.310
+++ rpm/build/files.c 15 Jan 2008 14:19:18 -0000 1.310.2.1
@@ -1198,7 +1198,7 @@
const char ** needle;
char savechar;
char * baseName;
- int len;
+ size_t len;
if (fileNames[i] == NULL) /* XXX can't happen */
continue;
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/fsm.c
============================================================================
$ cvs diff -u -r2.140 -r2.140.2.1 fsm.c
--- rpm/lib/fsm.c 6 Dec 2007 14:47:49 -0000 2.140
+++ rpm/lib/fsm.c 15 Jan 2008 14:19:18 -0000 2.140.2.1
@@ -301,7 +301,8 @@
/* Exclude parent directories that are explicitly included. */
for (i = 0; i < fi->fc; i++) {
- int dil, dnlen, bnlen;
+ int dil;
+ size_t dnlen, bnlen;
if (!S_ISDIR(fi->fmodes[i]))
continue;
@@ -311,7 +312,7 @@
bnlen = strlen(fi->bnl[i]);
for (j = 0; j < fi->dc; j++) {
- int jlen;
+ size_t jlen;
if (!dnli->active[j] || j == dil)
/*@innercontinue@*/ continue;
@@ -1245,7 +1246,7 @@
/*@-observertrans -dependenttrans@*/
if (fsm->ldn != NULL && fsm->dnlx != NULL)
while ((fsm->path = dnlNextIterator(dnli)) != NULL) {
- int dnlen = strlen(fsm->path);
+ size_t dnlen = strlen(fsm->path);
char * te;
dc = dnlIndex(dnli);
@@ -1317,7 +1318,7 @@
/*@-observertrans -dependenttrans@*/
if (fsm->dnlx != NULL)
while ((fsm->path = dnlNextIterator(dnli)) != NULL) {
- int dnlen = strlen(fsm->path);
+ size_t dnlen = strlen(fsm->path);
char * te;
dc = dnlIndex(dnli);
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/poptQV.c
============================================================================
$ cvs diff -u -r2.48 -r2.48.2.1 poptQV.c
--- rpm/lib/poptQV.c 24 Nov 2007 18:48:15 -0000 2.48
+++ rpm/lib/poptQV.c 15 Jan 2008 14:19:19 -0000 2.48.2.1
@@ -201,7 +201,7 @@
if (arg) {
char * qf = (char *)qva->qva_queryFormat;
if (qf) {
- int len = strlen(qf) + strlen(arg) + 1;
+ size_t len = strlen(qf) + strlen(arg) + 1;
qf = xrealloc(qf, len);
strcat(qf, arg);
} else {
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/psm.c
============================================================================
$ cvs diff -u -r2.278 -r2.278.2.1 psm.c
--- rpm/lib/psm.c 16 Dec 2007 17:39:20 -0000 2.278
+++ rpm/lib/psm.c 15 Jan 2008 14:19:19 -0000 2.278.2.1
@@ -352,8 +352,8 @@
/* Build dnl/dil with {_sourcedir, _specdir} as values. */
if (i < fi->fc) {
- int speclen = strlen(_specdir) + 2;
- int sourcelen = strlen(_sourcedir) + 2;
+ size_t speclen = strlen(_specdir) + 2;
+ size_t sourcelen = strlen(_sourcedir) + 2;
char * t;
/*@i@*/ fi->dnl = _free(fi->dnl);
@@ -662,8 +662,8 @@
int argc = 0;
const char ** prefixes = NULL;
int numPrefixes;
- int maxPrefixLength;
- int len;
+ size_t maxPrefixLength;
+ size_t len;
char * prefixBuf = NULL;
const char * fn = NULL;
FD_t scriptFd;
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmfi.h
============================================================================
$ cvs diff -u -r2.47 -r2.47.2.1 rpmfi.h
--- rpm/lib/rpmfi.h 3 Dec 2007 18:22:32 -0000 2.47
+++ rpm/lib/rpmfi.h 15 Jan 2008 14:19:19 -0000 2.47.2.1
@@ -210,10 +210,10 @@
/*@only@*/ /*@null@*/
char * fn; /*!< File name buffer. */
- int fnlen; /*!< File name buffer length. */
+ size_t fnlen; /*!< File name buffer length. */
- int astriplen;
- int striplen;
+ size_t astriplen;
+ size_t striplen;
unsigned long long archivePos;
unsigned long long archiveSize;
mode_t dperms; /*!< Directory perms (0755) if not mapped. */
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmgi.c
============================================================================
$ cvs diff -u -r2.47 -r2.47.2.1 rpmgi.c
--- rpm/lib/rpmgi.c 1 Dec 2007 17:54:30 -0000 2.47
+++ rpm/lib/rpmgi.c 15 Jan 2008 14:19:19 -0000 2.47.2.1
@@ -115,7 +115,7 @@
/*@globals rpmGlobalMacroContext, h_errno, internalState @*/
/*@modifies gi, rpmGlobalMacroContext, h_errno, internalState @*/
{
- FD_t fd = rpmgiOpen(path, "r.fdio");
+ FD_t fd = rpmgiOpen(path, "r%{?_rpmgio}");
rpmRC rpmrc = RPMRC_FAIL;
if (fd != NULL) {
@@ -136,7 +136,7 @@
/*@globals rpmGlobalMacroContext, h_errno, internalState @*/
/*@modifies gi, rpmGlobalMacroContext, h_errno, internalState @*/
{
- FD_t fd = rpmgiOpen(path, "r.fdio");
+ FD_t fd = rpmgiOpen(path, "r%{?_rpmgio}");
Header h = NULL;
if (fd != NULL) {
@@ -665,7 +665,7 @@
path = _free(path);
path = rpmExpand(_query_hdlist_path, NULL);
}
- gi->fd = rpmgiOpen(path, "rm.fdio");
+ gi->fd = rpmgiOpen(path, "rm%{?_rpmgio}");
gi->active = 1;
path = _free(path);
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmns.c
============================================================================
$ cvs diff -u -r1.13 -r1.13.2.1 rpmns.c
--- rpm/lib/rpmns.c 30 Dec 2007 22:44:18 -0000 1.13
+++ rpm/lib/rpmns.c 15 Jan 2008 14:19:19 -0000 1.13.2.1
@@ -431,6 +431,8 @@
while (t < be) {
const char * teol;
const char * te;
+ if (strncmp(t, "- ", 2) == 0)
+ t += 2;
if ((teol = te = strchr(t, '\n')) == NULL)
break;
while (te > t && strchr(" \t\r\n", te[-1]))
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/transaction.c
============================================================================
$ cvs diff -u -r1.360 -r1.360.2.1 transaction.c
--- rpm/lib/transaction.c 6 Dec 2007 14:47:49 -0000 1.360
+++ rpm/lib/transaction.c 15 Jan 2008 14:19:19 -0000 1.360.2.1
@@ -275,12 +275,12 @@
{
const struct fingerPrint_s * a = (const struct fingerPrint_s *)one;
const struct fingerPrint_s * b = (const struct fingerPrint_s *)two;
- int adnlen = strlen(a->entry->dirName);
- int asnlen = (a->subDir ? strlen(a->subDir) : 0);
- int abnlen = strlen(a->baseName);
- int bdnlen = strlen(b->entry->dirName);
- int bsnlen = (b->subDir ? strlen(b->subDir) : 0);
- int bbnlen = strlen(b->baseName);
+ size_t adnlen = strlen(a->entry->dirName);
+ size_t asnlen = (a->subDir ? strlen(a->subDir) : 0);
+ size_t abnlen = strlen(a->baseName);
+ size_t bdnlen = strlen(b->entry->dirName);
+ size_t bsnlen = (b->subDir ? strlen(b->subDir) : 0);
+ size_t bbnlen = strlen(b->baseName);
char * afn, * bfn, * t;
int rc = 0;
@@ .
patch -p0 <<'@@ .'
Index: rpm/macros.in
============================================================================
$ cvs diff -u -r1.227 -r1.227.2.1 macros.in
--- rpm/macros.in 4 Jan 2008 22:20:47 -0000 1.227
+++ rpm/macros.in 15 Jan 2008 14:19:18 -0000 1.227.2.1
@@ -1,7 +1,7 @@
#/*! \page config_macros Default configuration: @USRLIBRPM@/macros
# \verbatim
#
-# $Id: macros.in,v 1.227 2008/01/04 22:20:47 rse Exp $
+# $Id: macros.in,v 1.227.2.1 2008/01/15 14:19:18 jbj Exp $
#
# This is a global RPM configuration file. All changes made here will
# be lost when the rpm package is upgraded. Any per-system configuration
@@ -975,6 +975,10 @@
# Path for rpm -qH (default is /usr/share/comps/%{_arch}/hdlist)
%_query_hdlist_path %{_datadir}/comps/%{_arch}/hdlist
+#
+# Permit network access? (".fdio" prohibits network access)
+%_rpmgio .fdio
+
#==============================================================================
# ---- Run-time probe dependency macros.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/macro.c
============================================================================
$ cvs diff -u -r2.171 -r2.171.2.1 macro.c
--- rpm/rpmio/macro.c 5 Jan 2008 08:09:22 -0000 2.171
+++ rpm/rpmio/macro.c 15 Jan 2008 14:19:19 -0000 2.171.2.1
@@ -378,6 +378,8 @@
switch (*p) {
case '\\':
switch (*(p+1)) {
+ case '\r': /*@switchbreak@*/ break;
+ case '\n': /*@switchbreak@*/ break;
case '\0': /*@switchbreak@*/ break;
default: p++; /*@switchbreak@*/ break;
}
@@ -1199,7 +1201,7 @@
size_t l;
if ((cp = realpath(buf, rp)) != NULL) {
l = strlen(cp);
- if (l+1 <= bufn) {
+ if ((size_t)(l+1) <= bufn) {
memcpy(buf, cp, l+1);
b = buf;
}
@@ -1296,15 +1298,19 @@
}
static int expandFIFO(MacroBuf mb, MacroEntry me, const char *g, size_t gn)
- /*@*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies mb, rpmGlobalMacroContext, fileSystem, internalState @*/
{
int rc = 0;
- if (me && me->prev) {
- rc = expandFIFO(mb, me->prev, g, gn);
- rc = expandT(mb, g, gn);
+ if (me) {
+ if (me->prev) {
+ rc = expandFIFO(mb, me->prev, g, gn);
+ rc = expandT(mb, g, gn);
+ }
+ rc = expandT(mb, me->body, strlen(me->body));
}
- return expandT(mb, me->body, strlen(me->body));
+ return rc;
}
/**
@@ -1789,7 +1795,7 @@
int argvAlloced = POPT_ARGV_ARRAY_GROW_DELTA;
const char ** argv = malloc(sizeof(*argv) * argvAlloced);
int argc = 0;
- int buflen = strlen(s) + 1;
+ size_t buflen = strlen(s) + 1;
char * buf = memset(alloca(buflen), 0, buflen);
int rc = POPT_ERROR_MALLOC;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmio.c
============================================================================
$ cvs diff -u -r1.117 -r1.117.2.1 rpmio.c
--- rpm/rpmio/rpmio.c 16 Dec 2007 22:54:40 -0000 1.117
+++ rpm/rpmio/rpmio.c 15 Jan 2008 14:19:19 -0000 1.117.2.1
@@ -3836,7 +3836,7 @@
FD_t fd;
int rc = 0;
- fd = Fopen(fn, "r");
+ fd = Fopen(fn, "r%{?_rpmgio}");
if (fd == NULL || Ferror(fd)) {
rc = 2;
goto exit;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmlog.h
============================================================================
$ cvs diff -u -r2.20 -r2.20.2.1 rpmlog.h
--- rpm/rpmio/rpmlog.h 1 Jan 2008 20:27:52 -0000 2.20
+++ rpm/rpmio/rpmlog.h 15 Jan 2008 14:19:19 -0000 2.20.2.1
@@ -214,7 +214,8 @@
* @return none
*/
void rpmlogGetCallback(rpmlogCallback *cb, rpmlogCallbackData *data)
- /*@*/;
+ /*@globals internalState @*/
+ /*@modifies *cb, *data, internalState @*/;
/**
* Return number of messages.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmlua.h
============================================================================
$ cvs diff -u -r2.9 -r2.9.2.1 rpmlua.h
--- rpm/rpmio/rpmlua.h 1 Jan 2008 20:27:52 -0000 2.9
+++ rpm/rpmio/rpmlua.h 15 Jan 2008 14:19:19 -0000 2.9.2.1
@@ -44,8 +44,10 @@
typedef /*@abstract@*/ struct rpmluav_s * rpmluav;
/*@-exportlocal@*/
-/*@only@*/
-rpmlua rpmluaGetGlobalState(void);
+/*@only@*/ /*@exposed@*/ /*@relnull@*/
+rpmlua rpmluaGetGlobalState(void)
+ /*@*/;
+
rpmlua rpmluaNew(void)
/*@globals fileSystem, internalState @*/
/*@modifies fileSystem, internalState @*/;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmmacro.h
============================================================================
$ cvs diff -u -r2.46 -r2.46.2.1 rpmmacro.h
--- rpm/rpmio/rpmmacro.h 2 Jan 2008 19:10:14 -0000 2.46
+++ rpm/rpmio/rpmmacro.h 15 Jan 2008 14:19:19 -0000 2.46.2.1
@@ -162,7 +162,7 @@
* @return @todo Document.
*/
int rpmUndefineMacro(/*@null@*/ MacroContext mc, const char * macro)
- /*@globals rpmGlobalMacroContext, h_errno, internalState @*/
+ /*@globals rpmGlobalMacroContext, internalState @*/
/*@modifies mc, rpmGlobalMacroContext, internalState @*/;
/**
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.c
============================================================================
$ cvs diff -u -r2.86 -r2.86.2.1 rpmpgp.c
--- rpm/rpmio/rpmpgp.c 29 Dec 2007 18:32:02 -0000 2.86
+++ rpm/rpmio/rpmpgp.c 15 Jan 2008 14:19:19 -0000 2.86.2.1
@@ -1482,7 +1482,7 @@
int pgpHashAlgoStringToNumber(const char *name, size_t name_len)
{
- int i;
+ size_t i;
if (name == NULL)
return -1;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/stringbuf.c
============================================================================
$ cvs diff -u -r2.2 -r2.2.2.1 stringbuf.c
--- rpm/rpmio/stringbuf.c 21 Dec 2007 08:51:46 -0000 2.2
+++ rpm/rpmio/stringbuf.c 15 Jan 2008 14:19:19 -0000 2.2.2.1
@@ -4,6 +4,7 @@
#include "system.h"
+#include <rpmio.h> /* XXX xisspace, _free */
#include "stringbuf.h"
#include "debug.h"
@@ -11,32 +12,13 @@
struct StringBufRec {
/*@owned@*/
- char *buf;
+ char * buf;
/*@dependent@*/
- char *tail; /* Points to first "free" char */
- int allocated;
- int free;
+ char * tail; /* Points to first "free" char */
+ size_t allocated;
+ size_t free;
};
-/**
- * Locale insensitive isspace(3).
- */
-/*@unused@*/ static inline int xisspace(int c) /*@*/ {
- return (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\f' || c == '\v');
-}
-
-/**
- * Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
- * @param p memory to free
- * @return NULL always
- */
-/*@unused@*/ static inline /*@null@*/ void *
-_free(/*@only@*/ /*@null@*/ /*@out@*/ const void * p) /*@modifies *p @*/
-{
- if (p != NULL) free((void *)p);
- return NULL;
-}
-
StringBuf newStringBuf(void)
{
StringBuf sb = xmalloc(sizeof(*sb));
@@ -68,7 +50,7 @@
void stripTrailingBlanksStringBuf(StringBuf sb)
{
while (sb->free != sb->allocated) {
- if (! xisspace(*(sb->tail - 1)))
+ if (!xisspace((int)*(sb->tail - 1)))
break;
sb->free++;
sb->tail--;
@@ -81,13 +63,12 @@
return sb->buf;
}
-void appendStringBufAux(StringBuf sb, const char *s, int nl)
+void appendStringBufAux(StringBuf sb, const char *s, size_t nl)
{
- int l;
+ size_t l = strlen(s);
- l = strlen(s);
/* If free == l there is no room for NULL terminator! */
- while ((l + nl + 1) > sb->free) {
+ while ((l + nl) >= sb->free) {
sb->allocated += BUF_CHUNK;
sb->free += BUF_CHUNK;
sb->buf = xrealloc(sb->buf, sb->allocated);
@@ -100,9 +81,8 @@
sb->tail += l;
sb->free -= l;
if (nl) {
- sb->tail[0] = '\n';
- sb->tail[1] = '\0';
- sb->tail++;
+ *sb->tail++ = '\n';
sb->free--;
+ *sb->tail = '\0';
}
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/stringbuf.h
============================================================================
$ cvs diff -u -r2.2 -r2.2.2.1 stringbuf.h
--- rpm/rpmio/stringbuf.h 21 Dec 2007 08:51:46 -0000 2.2
+++ rpm/rpmio/stringbuf.h 15 Jan 2008 14:19:19 -0000 2.2.2.1
@@ -49,7 +49,7 @@
/**
*/
-void appendStringBufAux(StringBuf sb, const char * s, int nl)
+void appendStringBufAux(StringBuf sb, const char * s, size_t nl)
/*@modifies sb @*/;
#ifdef __cplusplus
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmpopt.in
============================================================================
$ cvs diff -u -r2.47 -r2.47.2.1 rpmpopt.in
--- rpm/rpmpopt.in 19 Oct 2007 23:44:34 -0000 2.47
+++ rpm/rpmpopt.in 15 Jan 2008 14:19:18 -0000 2.47.2.1
@@ -2,7 +2,7 @@
# \verbatim
#
# @USRLIBRPM@/@configure_input@
-# $Id: rpmpopt.in,v 2.47 2007/10/19 23:44:34 jbj Exp $
+# $Id: rpmpopt.in,v 2.47.2.1 2008/01/15 14:19:18 jbj Exp $
#
# This file *should not be modified*. Local customizations
# belong in /etc/popt, not here. This file will be replaced
@@ -56,7 +56,7 @@
rpm alias --setugids -q --qf \
'[ch %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape}\n]' \
- --pipe "(echo 'ch() { chown -- \"$1\" \"$3\";chgrp -- \"$2\" \"$3\"; }';grep -v \(none\))|sh" \
+ --pipe "(echo 'ch() { chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\"; }';grep -v \(none\))|sh" \
--POPTdesc=$"set user/group ownership of files in a package"
rpm alias --conflicts --qf \
@@ .
Received on Tue Jan 15 15:19:20 2008