From cd2dcf1a1778458fb83f6963410d2c04362f3d5fde714efcc5249554b98f2aff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Fri, 26 Mar 2010 15:30:18 +0000 Subject: [PATCH] - port sles11-sp1 repackage-nomd5.diff and safeugid.diff OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=41 --- repackage-nomd5.diff | 29 ++++++ rpm-4.7.1.tar.bz2 | 3 - rpm.changes | 5 + rpm.spec | 3 + safeugid.diff | 236 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 273 insertions(+), 3 deletions(-) create mode 100644 repackage-nomd5.diff delete mode 100644 rpm-4.7.1.tar.bz2 create mode 100644 safeugid.diff diff --git a/repackage-nomd5.diff b/repackage-nomd5.diff new file mode 100644 index 0000000..639b841 --- /dev/null +++ b/repackage-nomd5.diff @@ -0,0 +1,29 @@ +--- ./lib/psm.c.orig 2010-03-26 15:06:20.000000000 +0000 ++++ ./lib/psm.c 2010-03-26 15:11:27.000000000 +0000 +@@ -1318,6 +1318,7 @@ rpmRC rpmpsmStage(rpmpsm psm, pkgStage s + + if (psm->goal == PSM_PKGINSTALL) { + FD_t payload = NULL; ++ rpmtransFlags oldtsflags; + + if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB) break; + +@@ -1343,6 +1344,9 @@ rpmRC rpmpsmStage(rpmpsm psm, pkgStage s + break; + } + ++ oldtsflags = rpmtsFlags(ts); ++ if (headerIsEntry(fi->h, RPMTAG_REMOVETID)) ++ (void) rpmtsSetFlags(ts, oldtsflags | RPMTRANS_FLAG_NOMD5); + rc = fsmSetup(rpmfiFSM(fi), FSM_PKGINSTALL, ts, psm->te, fi, + payload, NULL, &psm->failedFile); + (void) rpmswAdd(rpmtsOp(ts, RPMTS_OP_UNCOMPRESS), +@@ -1350,6 +1354,8 @@ rpmRC rpmpsmStage(rpmpsm psm, pkgStage s + (void) rpmswAdd(rpmtsOp(ts, RPMTS_OP_DIGEST), + fdOp(payload, FDSTAT_DIGEST)); + xx = fsmTeardown(rpmfiFSM(fi)); ++ if (headerIsEntry(fi->h, RPMTAG_REMOVETID)) ++ (void) rpmtsSetFlags(ts, oldtsflags); + + saveerrno = errno; /* XXX FIXME: Fclose with libio destroys errno */ + xx = Fclose(payload); diff --git a/rpm-4.7.1.tar.bz2 b/rpm-4.7.1.tar.bz2 deleted file mode 100644 index 13a628c..0000000 --- a/rpm-4.7.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b0af1f507b342eda33f9ef113b645048034fb7fef3b4ff3c084532af12b6f70d -size 3410587 diff --git a/rpm.changes b/rpm.changes index 57a3ca6..364a858 100644 --- a/rpm.changes +++ b/rpm.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 26 16:29:36 CET 2010 - mls@suse.de + +- port sles11-sp1 repackage-nomd5.diff and safeugid.diff + ------------------------------------------------------------------- Fri Mar 26 11:49:59 CET 2010 - mls@suse.de diff --git a/rpm.spec b/rpm.spec index fd317cf..fbfaa90 100644 --- a/rpm.spec +++ b/rpm.spec @@ -103,6 +103,8 @@ Patch66: defclean.diff Patch67: readlineofi.diff Patch68: rpmdb-no-svc.diff Patch69: modemuncher.diff +Patch70: repackage-nomd5.diff +Patch71: safeugid.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # # avoid bootstrapping problem @@ -163,6 +165,7 @@ rm -f rpmdb/db.h %patch -P 40 -P 41 -P 42 -P 43 -P 44 -P 45 -P 46 -P 47 -P 48 -P 49 %patch -P 50 -P 51 -P 52 -P 53 -P 54 -P 55 -P 56 -P 57 -P 58 -P 59 %patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65 -P 66 -P 67 -P 68 -P 69 +%patch -P 70 -P 71 #chmod 755 scripts/find-supplements{,.ksyms} #chmod 755 scripts/find-provides.ksyms scripts/find-requires.ksyms #chmod 755 scripts/firmware.prov diff --git a/safeugid.diff b/safeugid.diff new file mode 100644 index 0000000..d2cfa90 --- /dev/null +++ b/safeugid.diff @@ -0,0 +1,236 @@ +--- lib/fsm.c.orig 2010-03-26 15:06:20.000000000 +0000 ++++ lib/fsm.c 2010-03-26 15:16:31.000000000 +0000 +@@ -736,22 +736,26 @@ static int fsmMapAttrs(FSM_t fsm) + + /* this check is pretty moot, rpmfi accessors check array bounds etc */ + if (fi && i >= 0 && i < rpmfiFC(fi)) { ++ rpmts ts = fsmGetTs(fsm); + mode_t finalMode = rpmfiFModeIndex(fi, i); + dev_t finalRdev = rpmfiFRdevIndex(fi, i); + time_t finalMtime = rpmfiFMtimeIndex(fi, i); + const char *user = rpmfiFUserIndex(fi, i); + const char *group = rpmfiFGroupIndex(fi, i); ++ int safe = rpmtsChrootDone(ts); ++ extern int unameToUid_safe(const char *, gid_t *, int); ++ extern int gnameToGid_safe(const char *, gid_t *, int); + uid_t uid = 0; + gid_t gid = 0; + +- if (user && unameToUid(user, &uid)) { ++ if (user && unameToUid_safe(user, &uid, safe)) { + if (fsm->goal == FSM_PKGINSTALL) + rpmlog(RPMLOG_WARNING, + _("user %s does not exist - using root\n"), user); + finalMode &= ~S_ISUID; /* turn off suid bit */ + } + +- if (group && gnameToGid(group, &gid)) { ++ if (group && gnameToGid(group, &gid, safe)) { + if (fsm->goal == FSM_PKGINSTALL) + rpmlog(RPMLOG_WARNING, + _("group %s does not exist - using root\n"), group); +@@ -773,8 +777,7 @@ static int fsmMapAttrs(FSM_t fsm) + if (fsm->mapFlags & CPIO_MAP_GID) + st->st_gid = gid; + +- { rpmts ts = fsmGetTs(fsm); +- ++ { + /* + * Set file digest (if not disabled). + */ +--- lib/misc.c.orig 2009-12-07 14:36:49.000000000 +0000 ++++ lib/misc.c 2010-03-26 15:26:05.000000000 +0000 +@@ -14,6 +14,42 @@ const char * const RPMVERSION = VERSION; + + #include "debug.h" + ++/* ++ * Unfortunatelly glibc caches nss/nscd data and there is no ++ * good way to flush those caches when we did a chroot(). Thus ++ * we need to parse /etc/passwd and /etc/group ourselfs. ++ */ ++static int safe_lookup(const char * file, const char * name) ++{ ++ FILE *fp; ++ int l; ++ char buf[4096], *p; ++ ++ if (!name || !*name) ++ return -1; ++ l = strlen(name); ++ if ((fp = fopen(file, "r")) == 0) ++ return -1; ++ while ((p = fgets(buf, sizeof(buf), fp)) != 0) { ++ if (*p == '#') ++ continue; ++ while (*p && (*p == ' ' || *p == '\t')) ++ p++; ++ if (strncmp(p, name, l) != 0 || p[l] != ':') ++ continue; ++ p = strchr(p + l + 1, ':'); ++ if (!p) ++ continue; ++ fclose(fp); ++ p++; ++ while (*p && (*p == ' ' || *p == '\t')) ++ p++; ++ return atoi(p); ++ } ++ fclose(fp); ++ return -1; ++} ++ + /* unameToUid(), uidTouname() and the group variants are really poorly + implemented. They really ought to use hash tables. I just made the + guess that most files would be owned by root or the same person/group +@@ -21,11 +57,12 @@ const char * const RPMVERSION = VERSION; + is looked up via getpw() and getgr() functions. If this performs + too poorly I'll have to implement it properly :-( */ + +-int unameToUid(const char * thisUname, uid_t * uid) ++int unameToUid_safe(const char * thisUname, uid_t * uid, int safe) + { + static char * lastUname = NULL; + static size_t lastUnameLen = 0; + static size_t lastUnameAlloced; ++ static int lastUnameSafe; + static uid_t lastUid; + struct passwd * pwent; + size_t thisUnameLen; +@@ -38,6 +75,11 @@ static char * lastUname = NULL; + return 0; + } + ++ if (safe != lastUnameSafe) { ++ lastUnameLen = 0; ++ lastUnameSafe = safe; ++ } ++ + thisUnameLen = strlen(thisUname); + if (lastUname == NULL || thisUnameLen != lastUnameLen || + !rstreq(thisUname, lastUname)) +@@ -48,15 +90,21 @@ static char * lastUname = NULL; + } + strcpy(lastUname, thisUname); + +- pwent = getpwnam(thisUname); +- if (pwent == NULL) { +- /* FIX: shrug */ +- endpwent(); ++ if (safe) { ++ int uid = safe_lookup("/etc/passwd", thisUname); ++ if (uid < 0) ++ return -1; ++ lastUid = (uid_t)uid; ++ } else { + pwent = getpwnam(thisUname); +- if (pwent == NULL) return -1; ++ if (pwent == NULL) { ++ /* FIX: shrug */ ++ endpwent(); ++ pwent = getpwnam(thisUname); ++ if (pwent == NULL) return -1; ++ } ++ lastUid = pwent->pw_uid; + } +- +- lastUid = pwent->pw_uid; + } + + *uid = lastUid; +@@ -64,11 +112,18 @@ static char * lastUname = NULL; + return 0; + } + +-int gnameToGid(const char * thisGname, gid_t * gid) ++int unameToUid(const char * thisUname, uid_t * uid) ++{ ++ return unameToUid_safe(thisUname, uid, 0); ++} ++ ++ ++int gnameToGid_safe(const char * thisGname, gid_t * gid, int safe) + { + static char * lastGname = NULL; + static size_t lastGnameLen = 0; + static size_t lastGnameAlloced; ++ static int lastGnameSafe; + static gid_t lastGid; + size_t thisGnameLen; + struct group * grent; +@@ -81,6 +136,11 @@ static char * lastGname = NULL; + return 0; + } + ++ if (safe != lastGnameSafe) { ++ lastGnameLen = 0; ++ lastGnameSafe = safe; ++ } ++ + thisGnameLen = strlen(thisGname); + if (lastGname == NULL || thisGnameLen != lastGnameLen || + !rstreq(thisGname, lastGname)) +@@ -91,25 +151,34 @@ static char * lastGname = NULL; + } + strcpy(lastGname, thisGname); + +- grent = getgrnam(thisGname); +- if (grent == NULL) { +- /* FIX: shrug */ +- endgrent(); ++ if (safe) { ++ int gid = safe_lookup("/etc/group", thisGname); ++ if (gid < 0) ++ return -1; ++ lastGid = (gid_t)gid; ++ } else { + grent = getgrnam(thisGname); + if (grent == NULL) { +- /* XXX The filesystem package needs group/lock w/o getgrnam. */ +- if (rstreq(thisGname, "lock")) { +- *gid = lastGid = 54; +- return 0; +- } else +- if (rstreq(thisGname, "mail")) { +- *gid = lastGid = 12; +- return 0; +- } else +- return -1; ++ /* FIX: shrug */ ++ endgrent(); ++ grent = getgrnam(thisGname); ++ if (grent == NULL) { ++#ifdef STRANGE_FEDORA_HACKS ++ /* XXX The filesystem package needs group/lock w/o getgrnam. */ ++ if (rstreq(thisGname, "lock")) { ++ *gid = lastGid = 54; ++ return 0; ++ } else ++ if (rstreq(thisGname, "mail")) { ++ *gid = lastGid = 12; ++ return 0; ++ } else ++#endif ++ return -1; ++ } + } ++ lastGid = grent->gr_gid; + } +- lastGid = grent->gr_gid; + } + + *gid = lastGid; +@@ -117,6 +186,12 @@ static char * lastGname = NULL; + return 0; + } + ++int gnameToGid(const char * thisGname, gid_t * gid) ++{ ++ return gnameToGid_safe(thisGname, gid, 0); ++} ++ ++ + const char * uidToUname(uid_t uid) + { + static uid_t lastUid = (uid_t) -1;