import rpm-ostree-2024.7-2.el9

c9-beta imports/c9-beta/rpm-ostree-2024.7-2.el9
MSVSphere Packaging Team 4 months ago
parent f5657a21f3
commit 7f12c3d26b
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

2
.gitignore vendored

@ -1 +1 @@
SOURCES/rpm-ostree-2024.3.tar.xz SOURCES/rpm-ostree-2024.7.tar.xz

@ -1 +1 @@
dc6e0ea9f33f162b5ca2d1ea1cb79ec7f9f7d71c SOURCES/rpm-ostree-2024.3.tar.xz d9cceab814a10d116e41911a00ca5d5134715da1 SOURCES/rpm-ostree-2024.7.tar.xz

@ -1,56 +0,0 @@
From d02993e30078db2a04820065ccbf22bd56d0d064 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Thu, 22 Feb 2024 14:44:50 -0500
Subject: [PATCH] cliwrap/rpm: mark `--eval`/`-E` as safe
This is sometimes used in scripts to query aspects of the host system.
E.g. this is used by Fedora's pkg-config:
https://src.fedoraproject.org/rpms/pkgconf/blob/95c0bbee/f/pkg-config.in#_6
This in turn gets hit by kdump which runs dracut which has modules that
runs `pkgconf` to query some directory paths.
---
rust/src/cliwrap/rpm.rs | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/rust/src/cliwrap/rpm.rs b/rust/src/cliwrap/rpm.rs
index c6ed5901..3332f76c 100644
--- a/rust/src/cliwrap/rpm.rs
+++ b/rust/src/cliwrap/rpm.rs
@@ -19,6 +19,12 @@ fn new_rpm_app() -> Command {
.long("version")
.action(clap::ArgAction::Version),
)
+ .arg(
+ Arg::new("eval")
+ .long("eval")
+ .short('E')
+ .action(clap::ArgAction::Set),
+ )
.arg(
Arg::new("package")
.help("package")
@@ -130,6 +136,19 @@ mod tests {
Ok(())
}
+ #[test]
+ fn test_eval() -> Result<()> {
+ assert_eq!(
+ disposition(SystemHostType::OstreeHost, &["-E", "%{_target_cpu}"])?,
+ RunDisposition::Ok
+ );
+ assert_eq!(
+ disposition(SystemHostType::OstreeHost, &["--eval=%{_target_cpu}}"])?,
+ RunDisposition::Ok
+ );
+ Ok(())
+ }
+
#[test]
fn test_query_file() -> Result<()> {
assert_eq!(
--
2.43.2

@ -0,0 +1,33 @@
From 96ddae1acba59cf5249dcfff1157e44b5ed69650 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 15 Aug 2024 11:41:43 -0400
Subject: [PATCH 1/1] core: Fix Coverity WRAPPER_ESCAPE
This should fix:
```
32. rpm-ostree-2024.7/src/libpriv/rpmostree-core.cxx:1786:15: use_after_free: Using internal representation of destroyed object temporary of type "std::string".
```
Signed-off-by: Colin Walters <walters@verbum.org>
---
src/libpriv/rpmostree-core.cxx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx
index a2de7262..615e2636 100644
--- a/src/libpriv/rpmostree-core.cxx
+++ b/src/libpriv/rpmostree-core.cxx
@@ -1782,7 +1782,8 @@ rpmostree_context_prepare (RpmOstreeContext *self, gboolean enable_filelists,
auto pkg = "";
for (auto &pkg_str : packages)
{
- pkg = std::string (pkg_str).c_str ();
+ auto pkg_buf = std::string (pkg_str);
+ pkg = pkg_buf.c_str ();
char *query = strchr ((char *)pkg, '/');
if (query)
{
--
2.46.0

@ -3,15 +3,15 @@
Summary: Hybrid image/package system Summary: Hybrid image/package system
Name: rpm-ostree Name: rpm-ostree
Version: 2024.3 Version: 2024.7
Release: 1%{?dist} Release: 2%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/coreos/rpm-ostree URL: https://github.com/coreos/rpm-ostree
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
# in the upstream git. It also contains vendored Rust sources. # in the upstream git. It also contains vendored Rust sources.
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
Patch0: 0001-cliwrap-rpm-mark-eval-E-as-safe.patch Patch0: 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
ExclusiveArch: %{rust_arches} ExclusiveArch: %{rust_arches}
@ -231,6 +231,13 @@ $PYTHON autofiles.py > files.devel \
'%{_datadir}/gtk-doc/html/*' \ '%{_datadir}/gtk-doc/html/*' \
'%{_datadir}/gir-1.0/*-1.0.gir' '%{_datadir}/gir-1.0/*-1.0.gir'
%post
# Only enable on rpm-ostree based systems and manually force unit enablement to
# explicitly ignore presets for this security fix
if [ -e /run/ostree-booted ]; then
ln -snf /usr/lib/systemd/system/rpm-ostree-fix-shadow-mode.service /usr/lib/systemd/system/multi-user.target.wants/
fi
%files -f files %files -f files
%doc COPYING.GPL COPYING.LGPL LICENSE README.md %doc COPYING.GPL COPYING.LGPL LICENSE README.md
@ -239,6 +246,33 @@ $PYTHON autofiles.py > files.devel \
%files devel -f files.devel %files devel -f files.devel
%changelog %changelog
* Thu Aug 15 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-2
- Backport https://github.com/coreos/rpm-ostree/pull/5051
Resolves: #RHEL-53871
* Tue Aug 09 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-1
- Rebase to 2024.7
Resolves: #RHEL-53871
* Tue May 21 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.5-1
- Rebase to 2024.6
Resolves: #RHEL-29339
* Mon Apr 15 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.5-1
- Rebase to 2024.5
Adds fix for https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
Resolves: #RHEL-30415
* Tue Apr 09 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.4-4
- Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
* Thu Mar 21 2024 Colin Walters <walters@verbum.org> - 2024.4-3
- Backport patch to fix https://issues.redhat.com/browse/RHEL-29559
* Fri Mar 15 2024 Colin Walters <walters@verbum.org> - 2024.4-2
- https://github.com/coreos/rpm-ostree/releases/tag/v2024.4
Resolves: #RHEL-29339
* Sun Feb 25 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.3-1 * Sun Feb 25 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.3-1
- https://github.com/coreos/rpm-ostree/releases/tag/v2024.3 - https://github.com/coreos/rpm-ostree/releases/tag/v2024.3
Backport https://github.com/coreos/rpm-ostree/commit/fe586621e5014d14f92b913338171a02ed29e6cc Backport https://github.com/coreos/rpm-ostree/commit/fe586621e5014d14f92b913338171a02ed29e6cc

Loading…
Cancel
Save