From f9bf4ad1fa1f5cd87fc5992b8e7d301ae729b52984a707e98abddfa4d31df98c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 28 Aug 2019 13:41:11 +0000 Subject: [PATCH] Revert to previous revision OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpm?expand=0&rev=274 --- ...er-the-security-disaster-known-as-pr.patch | 275 ------------------ ...ee-introduced-in-0f21bdd0d7b2c45564d.patch | 39 --- python-rpm.spec | 2 +- rpm.changes | 17 -- rpm.spec | 33 +-- set-flto=auto-by-default.patch | 13 - 6 files changed, 4 insertions(+), 375 deletions(-) delete mode 100644 0001-Stop-papering-over-the-security-disaster-known-as-pr.patch delete mode 100644 0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch delete mode 100644 set-flto=auto-by-default.patch diff --git a/0001-Stop-papering-over-the-security-disaster-known-as-pr.patch b/0001-Stop-papering-over-the-security-disaster-known-as-pr.patch deleted file mode 100644 index 6b673a6..0000000 --- a/0001-Stop-papering-over-the-security-disaster-known-as-pr.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 5bc138a7663e471edad24cc662366bc743d3d3e0 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Fri, 10 May 2019 13:10:00 +0300 -Subject: [PATCH 1/2] Stop papering over the security disaster known as prelink - -Back in the turn of the century somebody thought it was a neat idea -to completely compromise system security to improve program start-up -start-up times a wee bit. Since then, people have thankfully started -coming to their senses and removed prelink from distros entirely. - -Lets stop papering over the security disaster: we obviously cannot -stop people from using prelink, but instead of trying to undo the -damage for verification purposes, we'll now report such a system as -compromised. Which is how it should be, IMNSHO. - -This eliminates a whole lot of extra junk from each and every file -digest calculation that we do, so it might even show up on somebodys -performance charts. It also gets rid of libelf dependency outside -librpmbuild, which is a nice little bonus. - -Inspired by a patch to eliminate a rendundant double open of regular -files in rpmDoDigest() from Denys Vlasenko, taken a little further... ---- - macros.in | 10 --- - rpmio/Makefile.am | 1 - - rpmio/rpmfileutil.c | 176 +++----------------------------------------- - 3 files changed, 9 insertions(+), 178 deletions(-) - -diff --git a/macros.in b/macros.in -index a6069ee4d..32c453479 100644 ---- a/macros.in -+++ b/macros.in -@@ -685,16 +685,6 @@ package or when debugging this package.\ - # gpg --batch --no-verbose --verify --no-secmem-warning \ - # %{__signature_filename} %{__plaintext_filename} - # --# XXX rpm-4.1 verifies prelinked libraries using a prelink undo helper. --# Normally this macro is defined in /etc/rpm/macros.prelink, installed --# with the prelink package. If the macro is undefined, then prelinked --# shared libraries contents are MD5 digest verified (as usual), rather --# than MD5 verifying the output of the prelink undo helper. --# --# Note: The 2nd token is used as argv[0] and "library" is a --# placeholder that will be deleted and replaced with the appropriate --# library file path. --#%__prelink_undo_cmd /usr/sbin/prelink prelink -y library - - # Horowitz Key Protocol server configuration - # -diff --git a/rpmio/Makefile.am b/rpmio/Makefile.am -index 6024ae4e2..cedd784de 100644 ---- a/rpmio/Makefile.am -+++ b/rpmio/Makefile.am -@@ -42,7 +42,6 @@ librpmio_la_LIBADD = \ - @WITH_OPENSSL_LIB@ \ - @WITH_BZ2_LIB@ \ - @WITH_ZLIB_LIB@ \ -- @WITH_LIBELF_LIB@ \ - @WITH_POPT_LIB@ \ - @WITH_LZMA_LIB@ \ - $(ZSTD_LIBS) \ -diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c -index 98f19e8a6..4349c64a7 100644 ---- a/rpmio/rpmfileutil.c -+++ b/rpmio/rpmfileutil.c -@@ -1,18 +1,5 @@ - #include "system.h" - --#if HAVE_GELF_H -- --#include -- --#if !defined(DT_GNU_PRELINKED) --#define DT_GNU_PRELINKED 0x6ffffdf5 --#endif --#if !defined(DT_GNU_LIBLIST) --#define DT_GNU_LIBLIST 0x6ffffef9 --#endif -- --#endif -- - #include - #include - #include -@@ -34,178 +21,33 @@ - static const char *rpm_config_dir = NULL; - static pthread_once_t configDirSet = PTHREAD_ONCE_INIT; - --static int is_prelinked(int fdno) --{ -- int prelinked = 0; --#if HAVE_GELF_H && HAVE_LIBELF -- Elf *elf = NULL; -- Elf_Scn *scn = NULL; -- Elf_Data *data = NULL; -- GElf_Ehdr ehdr; -- GElf_Shdr shdr; -- GElf_Dyn dyn; -- -- (void) elf_version(EV_CURRENT); -- -- if ((elf = elf_begin (fdno, ELF_C_READ, NULL)) == NULL || -- elf_kind(elf) != ELF_K_ELF || gelf_getehdr(elf, &ehdr) == NULL || -- !(ehdr.e_type == ET_DYN || ehdr.e_type == ET_EXEC)) -- goto exit; -- -- while (!prelinked && (scn = elf_nextscn(elf, scn)) != NULL) { -- (void) gelf_getshdr(scn, &shdr); -- if (shdr.sh_type != SHT_DYNAMIC || shdr.sh_entsize == 0) -- continue; -- while (!prelinked && (data = elf_getdata (scn, data)) != NULL) { -- int maxndx = data->d_size / shdr.sh_entsize; -- -- for (int ndx = 0; ndx < maxndx; ++ndx) { -- (void) gelf_getdyn (data, ndx, &dyn); -- if (!(dyn.d_tag == DT_GNU_PRELINKED || dyn.d_tag == DT_GNU_LIBLIST)) -- continue; -- prelinked = 1; -- break; -- } -- } -- } -- --exit: -- if (elf) (void) elf_end(elf); --#endif -- return prelinked; --} -- --static int open_dso(const char * path, pid_t * pidp, rpm_loff_t *fsizep) --{ -- static const char * cmd = NULL; -- static int initted = 0; -- int fdno; -- -- if (!initted) { -- cmd = rpmExpand("%{?__prelink_undo_cmd}", NULL); -- initted++; -- } -- -- if (pidp) *pidp = 0; -- -- if (fsizep) { -- struct stat sb, * st = &sb; -- if (stat(path, st) < 0) -- return -1; -- *fsizep = st->st_size; -- } -- -- fdno = open(path, O_RDONLY); -- if (fdno < 0) -- return fdno; -- -- if (!(cmd && *cmd)) -- return fdno; -- -- if (pidp != NULL && is_prelinked(fdno)) { -- int pipes[2]; -- pid_t pid; -- -- close(fdno); -- pipes[0] = pipes[1] = -1; -- if (pipe(pipes) < 0) -- return -1; -- -- pid = fork(); -- if (pid < 0) { -- close(pipes[0]); -- close(pipes[1]); -- return -1; -- } -- -- if (pid == 0) { -- ARGV_t av, lib; -- int dfd; -- argvSplit(&av, cmd, " "); -- -- close(pipes[0]); -- dfd = dup2(pipes[1], STDOUT_FILENO); -- close(pipes[1]); -- if (dfd >= 0 && (lib = argvSearch(av, "library", NULL)) != NULL) { -- *lib = (char *) path; -- unsetenv("MALLOC_CHECK_"); -- execve(av[0], av+1, environ); -- } -- _exit(127); /* not normally reached */ -- } else { -- *pidp = pid; -- fdno = pipes[0]; -- close(pipes[1]); -- } -- } -- -- return fdno; --} -- - int rpmDoDigest(int algo, const char * fn,int asAscii, - unsigned char * digest, rpm_loff_t * fsizep) - { -- const char * path; -- urltype ut = urlPath(fn, &path); - unsigned char * dig = NULL; - size_t diglen, buflen = 32 * BUFSIZ; - unsigned char *buf = xmalloc(buflen); -- FD_t fd; - rpm_loff_t fsize = 0; -- pid_t pid = 0; - int rc = 0; -- int fdno; - -- fdno = open_dso(path, &pid, &fsize); -- if (fdno < 0) { -- rc = 1; -- goto exit; -- } -+ FD_t fd = Fopen(fn, "r.ufdio"); - -- switch (ut) { -- case URL_IS_PATH: -- case URL_IS_UNKNOWN: -- case URL_IS_HTTPS: -- case URL_IS_HTTP: -- case URL_IS_FTP: -- case URL_IS_HKP: -- case URL_IS_DASH: -- default: -- /* Either use the pipe to prelink -y or open the URL. */ -- fd = (pid != 0) ? fdDup(fdno) : Fopen(fn, "r.ufdio"); -- (void) close(fdno); -- if (fd == NULL || Ferror(fd)) { -- rc = 1; -- if (fd != NULL) -- (void) Fclose(fd); -- break; -- } -- -+ if (fd) { - fdInitDigest(fd, algo, 0); -- fsize = 0; - while ((rc = Fread(buf, sizeof(*buf), buflen, fd)) > 0) - fsize += rc; - fdFiniDigest(fd, algo, (void **)&dig, &diglen, asAscii); -- if (dig == NULL || Ferror(fd)) -- rc = 1; -- -- (void) Fclose(fd); -- break; -+ Fclose(fd); - } - -- /* Reap the prelink -y helper. */ -- if (pid) { -- int status; -- (void) waitpid(pid, &status, 0); -- if (!WIFEXITED(status) || WEXITSTATUS(status)) -- rc = 1; -+ if (dig == NULL || Ferror(fd)) { -+ rc = 1; -+ } else { -+ memcpy(digest, dig, diglen); -+ if (fsizep) -+ *fsizep = fsize; - } - --exit: -- if (fsizep) -- *fsizep = fsize; -- if (!rc) -- memcpy(digest, dig, diglen); - dig = _free(dig); - free(buf); - --- -2.20.1 - diff --git a/0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch b/0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch deleted file mode 100644 index 3d8b76e..0000000 --- a/0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a35fbd503d944fa1d2a0e893d2ca97f244299b35 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Tue, 14 May 2019 13:55:52 +0300 -Subject: [PATCH 2/2] Fix use-after-free introduced in - 0f21bdd0d7b2c45564ddb5a24bbebd530867bd54 - -Unlike typical fooFree() functions in rpm, Fclose() doesn't set the -pointer to NULL so there's a use-after-free in checking for Ferror() -that segfaults and stuff. Delay Fclose() until the end so we actually -catch io errors too, that was another thing that went missing in -commit 0f21bdd0d7b2c45564ddb5a24bbebd530867bd54 (although it would've -probably caused an error via null digest instead) ---- - rpmio/rpmfileutil.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c -index 4349c64a7..16a954a10 100644 ---- a/rpmio/rpmfileutil.c -+++ b/rpmio/rpmfileutil.c -@@ -37,7 +37,6 @@ int rpmDoDigest(int algo, const char * fn,int asAscii, - while ((rc = Fread(buf, sizeof(*buf), buflen, fd)) > 0) - fsize += rc; - fdFiniDigest(fd, algo, (void **)&dig, &diglen, asAscii); -- Fclose(fd); - } - - if (dig == NULL || Ferror(fd)) { -@@ -50,6 +49,7 @@ int rpmDoDigest(int algo, const char * fn,int asAscii, - - dig = _free(dig); - free(buf); -+ Fclose(fd); - - return rc; - } --- -2.20.1 - diff --git a/python-rpm.spec b/python-rpm.spec index 34ee7ae..e307442 100644 --- a/python-rpm.spec +++ b/python-rpm.spec @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # diff --git a/rpm.changes b/rpm.changes index 3107232..718fd22 100644 --- a/rpm.changes +++ b/rpm.changes @@ -1,20 +1,3 @@ -------------------------------------------------------------------- -Fri Aug 23 07:19:03 UTC 2019 - Martin Liška - -- Add set-flto=auto-by-default.patch in order to utilize -flto=auto. - -------------------------------------------------------------------- -Tue Aug 6 08:49:50 UTC 2019 - Fabian Vogt - -- Move more into rpm-build subpackage: - * brp- and -check scripts - * .prov and .req files, with *find* scripts - * elfdeps, debugedit and sepdebugcrcfix - * librpmbuild and dependents -- Add upstream patches which remove libelf dep from librpmio and plugins: - * 0001-Stop-papering-over-the-security-disaster-known-as-pr.patch - * 0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch - ------------------------------------------------------------------- Fri Jun 7 15:03:15 UTC 2019 - Jan Engelhardt diff --git a/rpm.spec b/rpm.spec index 2f6e999..70025c3 100644 --- a/rpm.spec +++ b/rpm.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -133,9 +133,6 @@ Patch118: dwz-compression.patch Patch119: getncpus.diff Patch120: rpmfc-push-name-epoch-version-release-macro-before-invoking-depgens.patch Patch121: adopt-language-specific-build_fooflags-macros-from-F.patch -Patch122: 0001-Stop-papering-over-the-security-disaster-known-as-pr.patch -Patch123: 0002-Fix-use-after-free-introduced-in-0f21bdd0d7b2c45564d.patch -Patch124: set-flto=auto-by-default.patch Patch6464: auto-config-update-aarch64-ppc64le.diff Patch6465: auto-config-update-riscv64.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -236,9 +233,6 @@ rm -f rpmdb/db.h %patch -P 109 -P 114 -P 117 -P 118 %patch -P 119 -P 120 %patch121 -p1 -%patch122 -p1 -%patch123 -p1 -%patch124 -p1 %ifarch aarch64 ppc64le riscv64 %patch6464 @@ -405,23 +399,13 @@ fi /etc/rpm /bin/rpm /usr/bin/* - %exclude /usr/bin/rpmbuild - %exclude %{_libdir}/librpmbuild.so.* - %exclude /usr/lib/rpm/elfdeps - %exclude /usr/lib/rpm/rpmdeps - %exclude /usr/lib/rpm/debugedit - %exclude /usr/lib/rpm/sepdebugcrcfix - %exclude /usr/bin/rpmspec - %exclude /usr/lib/rpm/*.prov - %exclude /usr/lib/rpm/*.req - %exclude /usr/lib/rpm/brp-* - %exclude /usr/lib/rpm/check-* - %exclude /usr/lib/rpm/*find* + %exclude /usr/bin/rpmbuild /usr/sbin/rpmconfigcheck /usr/lib/systemd/system/rpmconfigcheck.service /usr/lib/rpm %{_libdir}/rpm-plugins %{_libdir}/librpm.so.* + %{_libdir}/librpmbuild.so.* %{_libdir}/librpmio.so.* %{_libdir}/librpmsign.so.* %doc %{_mandir}/man[18]/*.[18]* @@ -440,17 +424,6 @@ fi %files build %defattr(-,root,root) /usr/bin/rpmbuild -%{_libdir}/librpmbuild.so.* -/usr/lib/rpm/elfdeps -/usr/lib/rpm/rpmdeps -/usr/lib/rpm/debugedit -/usr/lib/rpm/sepdebugcrcfix -/usr/bin/rpmspec -/usr/lib/rpm/*.prov -/usr/lib/rpm/*.req -/usr/lib/rpm/brp-* -/usr/lib/rpm/check-* -/usr/lib/rpm/*find* %files devel %defattr(644,root,root,755) diff --git a/set-flto=auto-by-default.patch b/set-flto=auto-by-default.patch deleted file mode 100644 index 0e9e0cb..0000000 --- a/set-flto=auto-by-default.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/platform.in b/platform.in -index fa3921f..cff01e1 100644 ---- a/platform.in -+++ b/platform.in -@@ -60,7 +60,7 @@ - %_smp_mflags -j%{_smp_build_ncpus} - - # Enable LTO optimization with a maximal parallelism --%_lto_cflags -flto=%{_smp_build_ncpus} -+%_lto_cflags -flto=auto - - #============================================================================== - # ---- Build policy macros.