Accepting request 732635 from Base:System

OBS-URL: https://build.opensuse.org/request/show/732635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpm?expand=0&rev=275
This commit is contained in:
Dominique Leuenberger 2019-10-21 10:24:40 +00:00 committed by Git OBS Bridge
commit 96a19af311
5 changed files with 393 additions and 2 deletions

View File

@ -0,0 +1,275 @@
From 5bc138a7663e471edad24cc662366bc743d3d3e0 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 10 May 2019 13:10:00 +0300
Subject: [PATCH 1/2] Stop papering over the security disaster known as prelink
Back in the turn of the century somebody thought it was a neat idea
to completely compromise system security to improve program start-up
start-up times a wee bit. Since then, people have thankfully started
coming to their senses and removed prelink from distros entirely.
Lets stop papering over the security disaster: we obviously cannot
stop people from using prelink, but instead of trying to undo the
damage for verification purposes, we'll now report such a system as
compromised. Which is how it should be, IMNSHO.
This eliminates a whole lot of extra junk from each and every file
digest calculation that we do, so it might even show up on somebodys
performance charts. It also gets rid of libelf dependency outside
librpmbuild, which is a nice little bonus.
Inspired by a patch to eliminate a rendundant double open of regular
files in rpmDoDigest() from Denys Vlasenko, taken a little further...
---
macros.in | 10 ---
rpmio/Makefile.am | 1 -
rpmio/rpmfileutil.c | 176 +++-----------------------------------------
3 files changed, 9 insertions(+), 178 deletions(-)
diff --git a/macros.in b/macros.in
index a6069ee4d..32c453479 100644
--- a/macros.in
+++ b/macros.in
@@ -685,16 +685,6 @@ package or when debugging this package.\
# gpg --batch --no-verbose --verify --no-secmem-warning \
# %{__signature_filename} %{__plaintext_filename}
#
-# XXX rpm-4.1 verifies prelinked libraries using a prelink undo helper.
-# Normally this macro is defined in /etc/rpm/macros.prelink, installed
-# with the prelink package. If the macro is undefined, then prelinked
-# shared libraries contents are MD5 digest verified (as usual), rather
-# than MD5 verifying the output of the prelink undo helper.
-#
-# Note: The 2nd token is used as argv[0] and "library" is a
-# placeholder that will be deleted and replaced with the appropriate
-# library file path.
-#%__prelink_undo_cmd /usr/sbin/prelink prelink -y library
# Horowitz Key Protocol server configuration
#
diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am
index 6024ae4e2..cedd784de 100644
--- a/rpmio/Makefile.am
+++ b/rpmio/Makefile.am
@@ -42,7 +42,6 @@ librpmio_la_LIBADD = \
@WITH_OPENSSL_LIB@ \
@WITH_BZ2_LIB@ \
@WITH_ZLIB_LIB@ \
- @WITH_LIBELF_LIB@ \
@WITH_POPT_LIB@ \
@WITH_LZMA_LIB@ \
$(ZSTD_LIBS) \
diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c
index 98f19e8a6..4349c64a7 100644
--- a/rpmio/rpmfileutil.c
+++ b/rpmio/rpmfileutil.c
@@ -1,18 +1,5 @@
#include "system.h"
-#if HAVE_GELF_H
-
-#include <gelf.h>
-
-#if !defined(DT_GNU_PRELINKED)
-#define DT_GNU_PRELINKED 0x6ffffdf5
-#endif
-#if !defined(DT_GNU_LIBLIST)
-#define DT_GNU_LIBLIST 0x6ffffef9
-#endif
-
-#endif
-
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
@@ -34,178 +21,33 @@
static const char *rpm_config_dir = NULL;
static pthread_once_t configDirSet = PTHREAD_ONCE_INIT;
-static int is_prelinked(int fdno)
-{
- int prelinked = 0;
-#if HAVE_GELF_H && HAVE_LIBELF
- Elf *elf = NULL;
- Elf_Scn *scn = NULL;
- Elf_Data *data = NULL;
- GElf_Ehdr ehdr;
- GElf_Shdr shdr;
- GElf_Dyn dyn;
-
- (void) elf_version(EV_CURRENT);
-
- if ((elf = elf_begin (fdno, ELF_C_READ, NULL)) == NULL ||
- elf_kind(elf) != ELF_K_ELF || gelf_getehdr(elf, &ehdr) == NULL ||
- !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC))
- goto exit;
-
- while (!prelinked && (scn = elf_nextscn(elf, scn)) != NULL) {
- (void) gelf_getshdr(scn, &shdr);
- if (shdr.sh_type != SHT_DYNAMIC || shdr.sh_entsize == 0)
- continue;
- while (!prelinked && (data = elf_getdata (scn, data)) != NULL) {
- int maxndx = data->d_size / shdr.sh_entsize;
-
- for (int ndx = 0; ndx < maxndx; ++ndx) {
- (void) gelf_getdyn (data, ndx, &dyn);
- if (!(dyn.d_tag == DT_GNU_PRELINKED || dyn.d_tag == DT_GNU_LIBLIST))
- continue;
- prelinked = 1;
- break;
- }
- }
- }
-
-exit:
- if (elf) (void) elf_end(elf);
-#endif
- return prelinked;
-}
-
-static int open_dso(const char * path, pid_t * pidp, rpm_loff_t *fsizep)
-{
- static const char * cmd = NULL;
- static int initted = 0;
- int fdno;
-
- if (!initted) {
- cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL);
- initted++;
- }
-
- if (pidp) *pidp = 0;
-
- if (fsizep) {
- struct stat sb, * st = &sb;
- if (stat(path, st) < 0)
- return -1;
- *fsizep = st->st_size;
- }
-
- fdno = open(path, O_RDONLY);
- if (fdno < 0)
- return fdno;
-
- if (!(cmd && *cmd))
- return fdno;
-
- if (pidp != NULL && is_prelinked(fdno)) {
- int pipes[2];
- pid_t pid;
-
- close(fdno);
- pipes[0] = pipes[1] = -1;
- if (pipe(pipes) < 0)
- return -1;
-
- pid = fork();
- if (pid < 0) {
- close(pipes[0]);
- close(pipes[1]);
- return -1;
- }
-
- if (pid == 0) {
- ARGV_t av, lib;
- int dfd;
- argvSplit(&av, cmd, " ");
-
- close(pipes[0]);
- dfd = dup2(pipes[1], STDOUT_FILENO);
- close(pipes[1]);
- if (dfd >= 0 && (lib = argvSearch(av, "library", NULL)) != NULL) {
- *lib = (char *) path;
- unsetenv("MALLOC_CHECK_");
- execve(av[0], av+1, environ);
- }
- _exit(127); /* not normally reached */
- } else {
- *pidp = pid;
- fdno = pipes[0];
- close(pipes[1]);
- }
- }
-
- return fdno;
-}
-
int rpmDoDigest(int algo, const char * fn,int asAscii,
unsigned char * digest, rpm_loff_t * fsizep)
{
- const char * path;
- urltype ut = urlPath(fn, &path);
unsigned char * dig = NULL;
size_t diglen, buflen = 32 * BUFSIZ;
unsigned char *buf = xmalloc(buflen);
- FD_t fd;
rpm_loff_t fsize = 0;
- pid_t pid = 0;
int rc = 0;
- int fdno;
- fdno = open_dso(path, &pid, &fsize);
- if (fdno < 0) {
- rc = 1;
- goto exit;
- }
+ FD_t fd = Fopen(fn, "r.ufdio");
- switch (ut) {
- case URL_IS_PATH:
- case URL_IS_UNKNOWN:
- case URL_IS_HTTPS:
- case URL_IS_HTTP:
- case URL_IS_FTP:
- case URL_IS_HKP:
- case URL_IS_DASH:
- default:
- /* Either use the pipe to prelink -y or open the URL. */
- fd = (pid != 0) ? fdDup(fdno) : Fopen(fn, "r.ufdio");
- (void) close(fdno);
- if (fd == NULL || Ferror(fd)) {
- rc = 1;
- if (fd != NULL)
- (void) Fclose(fd);
- break;
- }
-
+ if (fd) {
fdInitDigest(fd, algo, 0);
- fsize = 0;
while ((rc = Fread(buf, sizeof(*buf), buflen, fd)) > 0)
fsize += rc;
fdFiniDigest(fd, algo, (void **)&dig, &diglen, asAscii);
- if (dig == NULL || Ferror(fd))
- rc = 1;
-
- (void) Fclose(fd);
- break;
+ Fclose(fd);
}
- /* Reap the prelink -y helper. */
- if (pid) {
- int status;
- (void) waitpid(pid, &status, 0);
- if (!WIFEXITED(status) || WEXITSTATUS(status))
- rc = 1;
+ if (dig == NULL || Ferror(fd)) {
+ rc = 1;
+ } else {
+ memcpy(digest, dig, diglen);
+ if (fsizep)
+ *fsizep = fsize;
}
-exit:
- if (fsizep)
- *fsizep = fsize;
- if (!rc)
- memcpy(digest, dig, diglen);
dig = _free(dig);
free(buf);
--
2.20.1

View File

@ -0,0 +1,39 @@
From a35fbd503d944fa1d2a0e893d2ca97f244299b35 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 14 May 2019 13:55:52 +0300
Subject: [PATCH 2/2] Fix use-after-free introduced in
0f21bdd0d7b2c45564ddb5a24bbebd530867bd54
Unlike typical fooFree() functions in rpm, Fclose() doesn't set the
pointer to NULL so there's a use-after-free in checking for Ferror()
that segfaults and stuff. Delay Fclose() until the end so we actually
catch io errors too, that was another thing that went missing in
commit 0f21bdd0d7b2c45564ddb5a24bbebd530867bd54 (although it would've
probably caused an error via null digest instead)
---
rpmio/rpmfileutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c
index 4349c64a7..16a954a10 100644
--- a/rpmio/rpmfileutil.c
+++ b/rpmio/rpmfileutil.c
@@ -37,7 +37,6 @@ int rpmDoDigest(int algo, const char * fn,int asAscii,
while ((rc = Fread(buf, sizeof(*buf), buflen, fd)) > 0)
fsize += rc;
fdFiniDigest(fd, algo, (void **)&dig, &diglen, asAscii);
- Fclose(fd);
}
if (dig == NULL || Ferror(fd)) {
@@ -50,6 +49,7 @@ int rpmDoDigest(int algo, const char * fn,int asAscii,
dig = _free(dig);
free(buf);
+ Fclose(fd);
return rc;
}
--
2.20.1

View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Aug 28 11:17:12 UTC 2019 - Fabian Vogt <fvogt@suse.com>
- Split librpmbuild into a separate subpackage, it's pulled in by
python-rpm
-------------------------------------------------------------------
Fri Aug 23 07:19:03 UTC 2019 - Martin Liška <mliska@suse.cz>
- Add set-flto=auto-by-default.patch in order to utilize -flto=auto.
-------------------------------------------------------------------
Tue Aug 6 08:49:50 UTC 2019 - Fabian Vogt <fvogt@suse.com>
- Move more into rpm-build subpackage:
* brp- and -check scripts
* .prov and .req files, with *find* scripts
* elfdeps, debugedit and sepdebugcrcfix
* librpmbuild and dependents
- Add upstream patches which remove libelf dep from librpmio and plugins:
* 0001-Stop-papering-over-the-security-disaster-known-as-pr.patch
* 0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch
-------------------------------------------------------------------
Fri Jun 7 15:03:15 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

View File

@ -19,6 +19,8 @@
#Compat macro for new _fillupdir macro introduced in Nov 2017
%{?!_fillupdir:%define _fillupdir /var/adm/fillup-templates}
%global librpmsover 8
Name: rpm
BuildRequires: binutils
BuildRequires: bzip2
@ -133,6 +135,9 @@ Patch118: dwz-compression.patch
Patch119: getncpus.diff
Patch120: rpmfc-push-name-epoch-version-release-macro-before-invoking-depgens.patch
Patch121: adopt-language-specific-build_fooflags-macros-from-F.patch
Patch122: 0001-Stop-papering-over-the-security-disaster-known-as-pr.patch
Patch123: 0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch
Patch124: set-flto=auto-by-default.patch
Patch6464: auto-config-update-aarch64-ppc64le.diff
Patch6465: auto-config-update-riscv64.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -149,6 +154,15 @@ is easy to update packages. RPM keeps track of all these manipulations
in a central database. This way it is possible to get an overview of
all installed packages. RPM also supports database queries.
%package -n librpmbuild%{librpmsover}
Summary: Library for building RPM packages
# Was part of rpm before
Group: System/Libraries
Conflicts: rpm < %{version}
%description -n librpmbuild%{librpmsover}
Thie package contains a library with functions for building RPM packages.
%package devel
Summary: Development files for librpm
Group: Development/Libraries/C and C++
@ -233,6 +247,9 @@ rm -f rpmdb/db.h
%patch -P 109 -P 114 -P 117 -P 118
%patch -P 119 -P 120
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%ifarch aarch64 ppc64le riscv64
%patch6464
@ -400,12 +417,22 @@ fi
/bin/rpm
/usr/bin/*
%exclude /usr/bin/rpmbuild
%exclude %{_libdir}/librpmbuild.so.*
%exclude /usr/lib/rpm/elfdeps
%exclude /usr/lib/rpm/rpmdeps
%exclude /usr/lib/rpm/debugedit
%exclude /usr/lib/rpm/sepdebugcrcfix
%exclude /usr/bin/rpmspec
%exclude /usr/lib/rpm/*.prov
%exclude /usr/lib/rpm/*.req
%exclude /usr/lib/rpm/brp-*
%exclude /usr/lib/rpm/check-*
%exclude /usr/lib/rpm/*find*
/usr/sbin/rpmconfigcheck
/usr/lib/systemd/system/rpmconfigcheck.service
/usr/lib/rpm
%{_libdir}/rpm-plugins
%{_libdir}/librpm.so.*
%{_libdir}/librpmbuild.so.*
%{_libdir}/librpmio.so.*
%{_libdir}/librpmsign.so.*
%doc %{_mandir}/man[18]/*.[18]*
@ -421,9 +448,23 @@ fi
%dir %attr(755,root,root) /usr/src/packages/RPMS/*
%{_fillupdir}/sysconfig.services-rpm
%files -n librpmbuild%{librpmsover}
%{_libdir}/librpmbuild.so.%{librpmsover}
%{_libdir}/librpmbuild.so.%{librpmsover}.*
%files build
%defattr(-,root,root)
/usr/bin/rpmbuild
/usr/lib/rpm/elfdeps
/usr/lib/rpm/rpmdeps
/usr/lib/rpm/debugedit
/usr/lib/rpm/sepdebugcrcfix
/usr/bin/rpmspec
/usr/lib/rpm/*.prov
/usr/lib/rpm/*.req
/usr/lib/rpm/brp-*
/usr/lib/rpm/check-*
/usr/lib/rpm/*find*
%files devel
%defattr(644,root,root,755)

View File

@ -0,0 +1,13 @@
diff --git a/platform.in b/platform.in
index fa3921f..cff01e1 100644
--- a/platform.in
+++ b/platform.in
@@ -60,7 +60,7 @@
%_smp_mflags -j%{_smp_build_ncpus}
# Enable LTO optimization with a maximal parallelism
-%_lto_cflags -flto=%{_smp_build_ncpus}
+%_lto_cflags -flto=auto
#==============================================================================
# ---- Build policy macros.