Compare commits

...

No commits in common. 'c9-beta' and 'c9' have entirely different histories.
c9-beta ... c9

@ -1,124 +0,0 @@
From 1dc9372821487ccace23ff1ae9cba6b30f02c91c Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Tue, 5 Jul 2022 16:34:08 +0200
Subject: [PATCH] Add SourceLicense tag to spec syntax
to set a separate license to the source RPM. This can be useful if the
sources have code under additional licenses that do not end up in the
binary packeges.
Resolves: #2079
Note on the backport: The spec document on this branch is ancient and
doesn't even contain the License tag's description so this backport
leaves the documentation part out.
(backported from commit 9ed9d3fce34bc3c8121989e0cf263528e7e68756)
---
build/parsePreamble.c | 6 ++++++
lib/rpmtag.h | 3 +++
tests/data/SPECS/foo.spec | 1 +
tests/data/SPECS/hello.spec | 1 +
tests/rpmbuild.at | 11 +++++++++++
tests/rpmspec.at | 1 +
6 files changed, 23 insertions(+)
diff --git a/build/parsePreamble.c b/build/parsePreamble.c
index e7d6d8752..bd07ecdf0 100644
--- a/build/parsePreamble.c
+++ b/build/parsePreamble.c
@@ -831,6 +831,11 @@ static rpmRC handlePreambleTag(rpmSpec spec, Package pkg, rpmTagVal tag,
if (addLangTag(spec, pkg->header, tag, field, lang))
goto exit;
break;
+ case RPMTAG_SOURCELICENSE:
+ if (addLangTag(spec, spec->sourcePackage->header,
+ RPMTAG_LICENSE, field, lang))
+ goto exit;
+ break;
case RPMTAG_BUILDROOT:
/* just silently ignore BuildRoot */
break;
@@ -1012,6 +1017,7 @@ static struct PreambleRec_s const preambleList[] = {
{RPMTAG_EPOCH, 0, 0, 1, LEN_AND_STR("epoch")},
{RPMTAG_SUMMARY, 1, 0, 1, LEN_AND_STR("summary")},
{RPMTAG_LICENSE, 0, 0, 1, LEN_AND_STR("license")},
+ {RPMTAG_SOURCELICENSE, 0, 0, 1, LEN_AND_STR("sourcelicense")},
{RPMTAG_DISTRIBUTION, 0, 0, 1, LEN_AND_STR("distribution")},
{RPMTAG_DISTURL, 0, 0, 1, LEN_AND_STR("disturl")},
{RPMTAG_VENDOR, 0, 0, 1, LEN_AND_STR("vendor")},
diff --git a/lib/rpmtag.h b/lib/rpmtag.h
index 7d1943835..1fd829118 100644
--- a/lib/rpmtag.h
+++ b/lib/rpmtag.h
@@ -375,6 +375,9 @@ typedef enum rpmTag_e {
RPMTAG_MODULARITYLABEL = 5096, /* s */
RPMTAG_PAYLOADDIGESTALT = 5097, /* s[] */
+ /* Backports */
+ RPMTAG_SOURCELICENSE = 5102, /* internal */
+
RPMTAG_FIRSTFREE_TAG /*!< internal */
} rpmTag;
diff --git a/tests/data/SPECS/foo.spec b/tests/data/SPECS/foo.spec
index 859e98142..9b1087094 100644
--- a/tests/data/SPECS/foo.spec
+++ b/tests/data/SPECS/foo.spec
@@ -8,6 +8,7 @@ Source: hello-2.0.tar.gz
Patch1: hello-1.0-modernize.patch
Group: Testing
License: GPLv2+
+SourceLicense: GPL, ASL 1.0
BuildArch: noarch
%description
diff --git a/tests/data/SPECS/hello.spec b/tests/data/SPECS/hello.spec
index 5bc9cfaf7..4b9053aca 100644
--- a/tests/data/SPECS/hello.spec
+++ b/tests/data/SPECS/hello.spec
@@ -4,6 +4,7 @@ Version: 1.0
Release: 1
Group: Utilities
License: GPL
+SourceLicense: GPL, ASL 1.0
Distribution: RPM test suite.
Vendor: Red Hat Software
Packager: Red Hat Software <bugs@redhat.com>
diff --git a/tests/rpmbuild.at b/tests/rpmbuild.at
index bff65303b..7680f1502 100644
--- a/tests/rpmbuild.at
+++ b/tests/rpmbuild.at
@@ -31,6 +31,17 @@ run rpmbuild \
[0],
[ignore],
[ignore])
+
+AT_CHECK([
+
+runroot rpm -qp --qf "%{license}\n" /build/SRPMS/hello-1.0-1.src.rpm
+runroot rpm -qp --qf "%{license}\n" /build/RPMS/*/hello-1.0-1.*.rpm
+],
+[0],
+[GPL, ASL 1.0
+GPL
+],
+[])
AT_CLEANUP
AT_SETUP([rpmbuild -ba autosetup])
diff --git a/tests/rpmspec.at b/tests/rpmspec.at
index 2b11201db..c898ee654 100644
--- a/tests/rpmspec.at
+++ b/tests/rpmspec.at
@@ -243,6 +243,7 @@ Source: hello-2.0.tar.gz
Patch1: hello-1.0-modernize.patch
Group: Testing
License: GPLv2+
+SourceLicense: GPL, ASL 1.0
BuildArch: noarch
%description
--
2.45.2

@ -1,39 +0,0 @@
From fd57fc716231c8296d340fdb4c0f6eac176f7f7c Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Fri, 20 Aug 2021 15:14:16 +0200
Subject: [PATCH] Don't segfault on missing priority tag
Resolves: #1636
Related: #1638
---
lib/rpmtriggers.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
index fc809a65e..d541974e8 100644
--- a/lib/rpmtriggers.c
+++ b/lib/rpmtriggers.c
@@ -517,7 +517,8 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
if (matchFunc(ts, te, pfx, sense)) {
for (i = 0; i < rpmdbIndexIteratorNumPkgs(ii); i++) {
struct rpmtd_s priorities;
- unsigned int priority;
+ unsigned int priority = 0;
+ unsigned int *priority_ptr;
unsigned int offset = rpmdbIndexIteratorPkgOffset(ii, i);
unsigned int tix = rpmdbIndexIteratorTagNum(ii, i);
@@ -535,7 +536,9 @@ rpmRC runFileTriggers(rpmts ts, rpmte te, rpmsenseFlags sense,
trigH = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offset);
headerGet(trigH, priorityTag, &priorities, HEADERGET_MINMEM);
rpmtdSetIndex(&priorities, tix);
- priority = *rpmtdGetUint32(&priorities);
+ priority_ptr = rpmtdGetUint32(&priorities);
+ if (priority_ptr)
+ priority = *priority_ptr;
headerFree(trigH);
/* Store file trigger in array */
--
2.45.1

@ -1,148 +0,0 @@
From 173b737f40e7da85f79544e3f4ea4ad7b8f7d5c2 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 6 Nov 2023 15:58:54 +0200
Subject: [PATCH] Expose and document rpmdb --verifydb operation
After years of BDB, sometimes folks just want some assurance that their db
is still fine. Properly exposing an operation to do so hopefully makes
less likely to poke at the db directly (with eg sqlite3 command).
---
docs/man/rpmdb.8.md | 4 ++++
tools/rpmdb.c | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/rpmdb.c b/rpmdb.c
index 22b0b3e5d..36efff8af 100644
--- a/rpmdb.c
+++ b/rpmdb.c
@@ -23,8 +23,8 @@ static struct poptOption dbOptsTable[] = {
{ "rebuilddb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_REBUILDDB,
N_("rebuild database inverted lists from installed package headers"),
NULL},
- { "verifydb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR|POPT_ARGFLAG_DOC_HIDDEN),
- &mode, MODE_VERIFYDB, N_("verify database files"), NULL},
+ { "verifydb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
+ &mode, MODE_VERIFYDB, N_("verify database"), NULL},
{ "salvagedb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR|POPT_ARGFLAG_DOC_HIDDEN),
&mode, MODE_SALVAGEDB, N_("salvage database"), NULL},
{ "exportdb", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_EXPORTDB,
--
2.41.0
--- a/doc/rpmdb.8 2020-05-28 12:04:25.024136615 +0200
+++ b/doc/rpmdb.8 2023-12-13 11:57:30.646202901 +0100
@@ -1,48 +1,70 @@
-.TH "RPMDB" "8" "29 June 2010" "Red Hat, Inc"
+.\" Automatically generated by Pandoc 3.1.3
+.\"
+.\" Define V font for inline verbatim, using C font in formats
+.\" that render this, and otherwise B font.
+.ie "\f[CB]x\f[]"x" \{\
+. ftr V B
+. ftr VI BI
+. ftr VB B
+. ftr VBI BI
+.\}
+.el \{\
+. ftr V CR
+. ftr VI CI
+. ftr VB CB
+. ftr VBI CBI
+.\}
+.TH "RPMDB" "8" "29 June 2010" "" ""
+.hy
.SH NAME
-rpmdb \- RPM Database Tool
+.PP
+rpmdb - RPM Database Tool
.SH SYNOPSIS
-
-\fBrpm\fR {\fB--initdb|--rebuilddb\fR}
-
-.SH "DESCRIPTION"
-The general form of an rpm rebuild database command is
-.PP
-
-\fBrpm\fR {\fB--initdb|--rebuilddb\fR} [\fB-v\fR] [\fB--dbpath \fIDIRECTORY\fB\fR] [\fB--root \fIDIRECTORY\fB\fR]
-
-.PP
-Use \fB--initdb\fR to create a new database if one doesn't already exist
-(existing database is not overwritten), use
-\fB--rebuilddb\fR to rebuild the database indices from
-the installed package headers.
-.PP
-
-.SH "SEE ALSO"
-
-.nf
-\fBpopt\fR(3),
-\fBrpm\fR(8),
-\fBrpmkeys\fR(8),
-\fBrpmsign\fR(8),
-\fBrpm2cpio\fR(8),
-\fBrpmbuild\fR(8),
-\fBrpmspec\fR(8),
-.fi
-
-\fBrpm --help\fR - as rpm supports customizing the options via popt aliases
-it's impossible to guarantee that what's described in the manual matches
-what's available.
-
-
-\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
-\fR
-.SH "AUTHORS"
-
+.PP
+\f[B]rpmdb\f[R] {\f[B]--initdb|--rebuilddb\f[R]}
+.PP
+\f[B]rpmdb\f[R] {\f[B]--verifydb\f[R]}
+.PP
+\f[B]rpmdb\f[R] {\f[B]--exportdb|--importdb\f[R]}
+.SH DESCRIPTION
+.PP
+The general form of an rpmdb command is
+.PP
+\f[B]rpm\f[R] {\f[B]--initdb|--rebuilddb\f[R]} [\f[B]-v\f[R]]
+[\f[B]--dbpath \f[R]\f[I]DIRECTORY\f[R]] [\f[B]--root
+\f[R]\f[I]DIRECTORY\f[R]]
+.PP
+Use \f[B]--initdb\f[R] to create a new database if one doesn\[aq]t
+already exist (existing database is not overwritten), use
+\f[B]--rebuilddb\f[R] to rebuild the database indices from the installed
+package headers.
+.PP
+\f[B]--verifydb\f[R] performs a low-level integrity check on the
+database.
+.PP
+\f[B]--exportdb\f[R] exports the database in header-list format,
+suitable for transfporting to another host or database type.
+.PP
+\f[B]--importdb\f[R] imports a database from a header-list format as
+created by \f[B]--exportdb\f[R].
+.SH SEE ALSO
+.PP
+\f[B]popt\f[R](3), \f[B]rpm\f[R](8), \f[B]rpmkeys\f[R](8),
+\f[B]rpmsign\f[R](8), \f[B]rpm2cpio\f[R](8), \f[B]rpmbuild\f[R](8),
+\f[B]rpmspec\f[R](8)
+.PP
+\f[B]rpm --help\f[R] - as rpm supports customizing the options via popt
+aliases it\[aq]s impossible to guarantee that what\[aq]s described in
+the manual matches what\[aq]s available.
+.PP
+\f[B]http://www.rpm.org/ <URL:http://www.rpm.org/>\f[R]
+.SH AUTHORS
+.IP
.nf
-Marc Ewing <marc@redhat.com>
-Jeff Johnson <jbj@redhat.com>
-Erik Troan <ewt@redhat.com>
-Panu Matilainen <pmatilai@redhat.com>
+\f[C]
+Marc Ewing <marc\[at]redhat.com>
+Jeff Johnson <jbj\[at]redhat.com>
+Erik Troan <ewt\[at]redhat.com>
+Panu Matilainen <pmatilai\[at]redhat.com>
+\f[R]
.fi
-

@ -1,26 +0,0 @@
From 03525592c944957f3b7b200b7daeb9f615cdcde7 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 23 May 2023 12:46:22 +0300
Subject: [PATCH] Fix a copy-paste --help description of --whatconflicts
(RhBug:2208661)
---
lib/poptQV.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/poptQV.c b/lib/poptQV.c
index ac8e8975d..8bd91c652 100644
--- a/lib/poptQV.c
+++ b/lib/poptQV.c
@@ -108,7 +108,7 @@ struct poptOption rpmQVSourcePoptTable[] = {
{ "verify", 'V', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'V',
N_("rpm verify mode"), NULL },
{ "whatconflicts", '\0', 0, 0, POPT_WHATCONFLICTS,
- N_("query/verify the package(s) which require a dependency"), "CAPABILITY" },
+ N_("query/verify the package(s) which conflict with a dependency"), "CAPABILITY" },
{ "whatrequires", '\0', 0, 0, POPT_WHATREQUIRES,
N_("query/verify the package(s) which require a dependency"), "CAPABILITY" },
{ "whatobsoletes", '\0', 0, 0, POPT_WHATOBSOLETES,
--
2.41.0

@ -1,12 +0,0 @@
diff -up rpm-4.16.1.3/lib/rpmts.c.orig rpm-4.16.1.3/lib/rpmts.c
--- rpm-4.16.1.3/lib/rpmts.c.orig 2024-07-11 13:55:35.430198126 +0200
+++ rpm-4.16.1.3/lib/rpmts.c 2024-07-11 13:55:59.243061182 +0200
@@ -482,6 +482,8 @@ static int makePubkeyHeader(rpmts ts, rp
int rc = -1;
int i;
+ memset(&kd, 0, sizeof(kd));
+
if ((enc = rpmPubkeyBase64(key)) == NULL)
goto exit;
if ((dig = rpmPubkeyDig(key)) == NULL)

@ -1,32 +0,0 @@
From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Thu, 6 Jun 2024 09:15:02 +0200
Subject: [PATCH] Fix potential use of uninitialized pipe array
We only call pipe(2) after the script is written to disk so if the
latter fails, the array will be left uninitialized and subsequently read
after skipping to the exit label. Fix by initializing it.
Found by Coverity.
Fixes: RHEL-22604
---
lib/rpmscript.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/rpmscript.c b/lib/rpmscript.c
index 281c55c53..1de4acf8e 100644
--- a/lib/rpmscript.c
+++ b/lib/rpmscript.c
@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes,
char * fn = NULL;
pid_t pid, reaped;
int status;
- int inpipe[2];
+ int inpipe[2] = { -1, -1 };
FILE *in = NULL;
const char *line;
char *mline = NULL;
--
2.45.2

@ -1,91 +0,0 @@
From bce17e42f2301a88574d757740627480a38d86aa Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Fri, 26 Jul 2024 10:44:04 +0200
Subject: [PATCH] Fix root relocation regression
When relocating the root directory, make sure we insert the new path's
dirname to dirNames[] even if the root itself is owned by the package.
This appears to have been the intention from the first version (largely
untouched since) of this code as we allow the root to pass through the
first checks (by setting len to 0 in that case) as well as the second
for loop where we do the relocations.
This allows fsm to properly create and remove the relocated directory
since we're now using fd-based calls (#1919) and the parent directory
needs to be opened first.
No need to do string comparison here, the empty basename signals that
we're processing the root directory, so just use that.
Building a relocatable package that owns the root directory seems to be
a handy way to create user-installable packages (see RHEL-28967) and it
happened to work before with the path-based calls so this technically
was a regression. Add a test that emulates this use case.
Backported from commits:
31c14ba6610568c2d634647fed1fb57221178da9
308ac60677732e9979b9ce11e5a3085906da1901
Fixes: RHEL-28967
---
lib/relocation.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/lib/relocation.c b/lib/relocation.c
index 3ba4cfeab..8c35bc1a7 100644
--- a/lib/relocation.c
+++ b/lib/relocation.c
@@ -123,7 +123,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
char ** baseNames;
char ** dirNames;
uint32_t * dirIndexes;
- rpm_count_t fileCount, dirCount;
+ rpm_count_t fileCount, dirCount, dirCountOrig;
int nrelocated = 0;
int fileAlloced = 0;
char * fn = NULL;
@@ -162,7 +162,7 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
baseNames = bnames.data;
dirIndexes = dindexes.data;
fileCount = rpmtdCount(&bnames);
- dirCount = rpmtdCount(&dnames);
+ dirCount = dirCountOrig = rpmtdCount(&dnames);
/* XXX TODO: use rpmtdDup() instead */
dirNames = dnames.data = duparray(dnames.data, dirCount);
dnames.flags |= RPMTD_PTR_ALLOCED;
@@ -179,8 +179,9 @@ void rpmRelocateFileList(rpmRelocation *relocations, int numRelocations,
rpmFileTypes ft;
int fnlen;
+ size_t baselen = strlen(baseNames[i]);
size_t len = maxlen +
- strlen(dirNames[dirIndexes[i]]) + strlen(baseNames[i]) + 1;
+ strlen(dirNames[dirIndexes[i]]) + baselen + 1;
if (len >= fileAlloced) {
fileAlloced = len * 2;
fn = xrealloc(fn, fileAlloced);
@@ -242,8 +243,9 @@ assert(fn != NULL); /* XXX can't happen */
continue;
}
- /* Relocation on full paths only, please. */
- if (fnlen != len) continue;
+ /* Relocation on '/' and full paths only, please. */
+ if (baselen && fnlen != len)
+ continue;
rpmlog(RPMLOG_DEBUG, "relocating %s to %s\n",
fn, relocations[j].newPath);
@@ -294,7 +296,7 @@ assert(fn != NULL); /* XXX can't happen */
}
/* Finish off by relocating directories. */
- for (i = dirCount - 1; i >= 0; i--) {
+ for (i = dirCountOrig - 1; i >= 0; i--) {
for (j = numRelocations - 1; j >= 0; j--) {
if (relocations[j].oldPath == NULL) /* XXX can't happen */
--
2.45.2

@ -1,50 +0,0 @@
From 321933f060896f721e361a1c8a8d3731bdcee827 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Wed, 22 Jun 2022 14:07:01 +0200
Subject: [PATCH] Fix short circuiting of version strings in expressions
We use an empty string when discarding a value due to short circuiting, but
an empty string is not allowed for versions. So use "0" in that case.
Fixes: #1883
---
rpmio/expression.c | 2 +-
tests/rpmmacro.at | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/rpmio/expression.c b/rpmio/expression.c
index a389a04d5..98a44bbdb 100644
--- a/rpmio/expression.c
+++ b/rpmio/expression.c
@@ -477,7 +477,7 @@ static int rdToken(ParseState state)
if (qtok == TOK_STRING) {
v = valueMakeString(temp);
} else {
- v = valueMakeVersion(temp);
+ v = valueMakeVersion(state->flags & RPMEXPR_DISCARD ? "0" : temp);
free(temp); /* version doesn't take ownership of the string */
if (v == 0) {
exprErr(state, _("invalid version"), p+1);
diff --git a/tests/rpmmacro.at b/tests/rpmmacro.at
index d1490b4d9..c4376d49e 100644
--- a/tests/rpmmacro.at
+++ b/tests/rpmmacro.at
@@ -533,6 +533,7 @@ runroot rpm \
--eval '%["%{aaa}"]' \
--eval '%[%{?ccc}]' \
--eval '%[v"1:2.3-4"]' \
+ --eval '%[v"0" && v"0"]' \
]],
[0],
[4096
@@ -542,6 +543,7 @@ runroot rpm \
5
0
1:2.3-4
+0
],
[])
AT_CLEANUP
--
2.41.0

@ -1,51 +0,0 @@
From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Mon, 5 Aug 2024 14:40:57 +0200
Subject: [PATCH] Skip to hashed subpacket data directly
Let OpenScanHub grok the bigger picture instead of producing a spurious
overrun warning for v->hashlen when we're dereferencing p later.
Casting the v pointer back to uint8_t is unnecessary when we could just
use h directly but it's done this way in the if branch for pgp version 3
in this function as well as in pgpPrtKey() so copy that, just for the
sake of consistency.
Along the same lines (consistency), change the p pointer to a const
pointer.
No functional change.
Resolves: RHEL-22607
---
rpmio/rpmpgp.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index d0688ebe9..6f044eb1b 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
pgpDigParams _digp)
{
uint8_t version = 0;
- uint8_t * p;
+ const uint8_t * p;
unsigned int plen;
int rc = 1;
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
pgpPrtNL();
- p = &v->hashlen[0];
if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
return 1;
- p += sizeof(v->hashlen);
+ p = ((uint8_t *)v) + sizeof(*v);
if ((p + plen) > (h + hlen))
return 1;
--
2.46.0

@ -1,57 +0,0 @@
From d29651be364ef72c7c0f468157602e4ed5cab4ff Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Wed, 12 Jun 2024 15:46:12 +0200
Subject: [PATCH] Talk about rpmsign in the rpmsign man page
In the past handling signatures was done by the rpm / rpmbuild binaries
directly. When this functionality was split into rpmsign the man page
was not adjusted accoringly. This is the long overdue update.
Resolves: # 3125
(backported from commit 8e1f55c7004e8c1a7d9140ab2dd9456a7ace3e77)
---
doc/rpmsign.8 | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
index f7ceae89b..6c5bcc8ef 100644
--- a/doc/rpmsign.8
+++ b/doc/rpmsign.8
@@ -5,9 +5,9 @@ rpmsign \- RPM Package Signing
.SS "SIGNING PACKAGES:"
.PP
-\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+\fBrpmsign\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.SS "rpmsign-options"
.PP
@@ -22,10 +22,10 @@ options generate and insert new signatures for each package
existing signatures. There are two options for historical reasons,
there is no difference in behavior currently.
-To create a signature rpm needs to verify the package's checksum. As a result
+To create a signature rpmsign needs to verify the package's checksum. As a result
packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
-\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
+\fBrpmsign\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
@@ -36,7 +36,7 @@ Delete all signatures from each package \fIPACKAGE_FILE\fR given.
\fB--rpmv3\fR
Force RPM V3 header+payload signature addition.
These are expensive and redundant baggage on packages where a separate
-payload digest exists (packages built with rpm >= 4.14). Rpm will
+payload digest exists (packages built with rpm >= 4.14). Rpmsign will
automatically detect the need for V3 signatures, but this option can be
used to force their creation if the packages must be fully
signature verifiable with rpm < 4.14 or other interoperability reasons.
--
2.45.2

@ -1,32 +0,0 @@
From 97aa64d8281974fb369c66d5aef8650515b89c52 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 24 Jan 2024 12:03:39 +0200
Subject: [PATCH] Use unsigned integers for buildtime too for Y2K38 safety
This little patch buys us 68 extra years to move to 64bit time tags
in rpm. That seems achievable.
Fixes: #1228
---
build/build.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build/build.c b/build/build.c
index e4081c673..0ac8bf6c9 100644
--- a/build/build.c
+++ b/build/build.c
@@ -36,9 +36,9 @@ static rpm_time_t getBuildTime(void)
if (srcdate == endptr || *endptr || errno != 0)
rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
else
- buildTime = (int32_t) epoch;
+ buildTime = (uint32_t) epoch;
} else
- buildTime = (int32_t) time(NULL);
+ buildTime = (uint32_t) time(NULL);
return buildTime;
}
--
2.45.1

@ -32,7 +32,7 @@
%global rpmver 4.16.1.3 %global rpmver 4.16.1.3
#global snapver rc1 #global snapver rc1
%global rel 34 %global rel 27
%global sover 9 %global sover 9
%global srcver %{rpmver}%{?snapver:-%{snapver}} %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -105,16 +105,6 @@ Patch132: 0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch
Patch133: 0001-Print-full-path-if-file-removal-fails.patch Patch133: 0001-Print-full-path-if-file-removal-fails.patch
Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch Patch134: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch
Patch140: 0001-Fix-short-circuiting-of-version-strings-in-expressio.patch
Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch
Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch
Patch143: 0001-Don-t-segfault-on-missing-priority-tag.patch
Patch144: 0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch
Patch145: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
Patch146: 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
Patch147: 0001-Add-SourceLicense-tag-to-spec-syntax.patch
Patch148: 0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch
# These are not yet upstream # These are not yet upstream
Patch906: rpm-4.7.1-geode-i686.patch Patch906: rpm-4.7.1-geode-i686.patch
# Probably to be upstreamed in slightly different form # Probably to be upstreamed in slightly different form
@ -135,8 +125,6 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
Patch1002: 0001-Macroize-find-debuginfo-script-location.patch Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
Patch1003: 0001-Fix-root-relocation-regression.patch
Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch
# Partially GPL/LGPL dual-licensed and some bits with BSD # Partially GPL/LGPL dual-licensed and some bits with BSD
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@ -665,42 +653,8 @@ fi
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-34
- Fix discarded const qualifier in previous patch (RHEL-22607) * Mon Dec 11 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27
* Mon Aug 05 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-33
- Fix root relocation regression (RHEL-28967)
- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-32
- Revert incorrect fix for false array overrun (RHEL-22607)
* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-31
- Fix potential use of uninitialized pipe array (RHEL-22604)
- Fix potential use of uninitialized pgp struct (RHEL-22605)
- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
- Add SourceLicense tag to spec syntax (RHEL-28798)
- Talk about rpmsign in the rpmsign(8) man page (RHEL-40895)
* Mon Jun 03 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-30
- Don't segfault on missing priority tag (RHEL-35249)
- Use unsigned integers for buildtime too for Y2K38 safety (RHEL-22602)
- Rebuild against libimaevm.so.4 (RHEL-32505)
* Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29
- Actually add --verifydb to the man page (RHEL-14591)
- Don't warn about missing user/group on skipped files (RHEL-18037)
* Mon Dec 11 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-28
- Fix warning if file removal fails
* Mon Nov 27 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27
- Fix short circuiting of version strings in expressions (RHEL-15688)
- Fix description of whatconflicts in the man page (RHEL-6303)
- Expose and document rpmdb --verifydb operation (RHEL-14591)
- Fixes to the file handling backport
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, - Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
CVE-2021-35938 and CVE-2021-35939 CVE-2021-35938 and CVE-2021-35939

Loading…
Cancel
Save