New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPM 4.15.1.1 #1587
Merged
pmatilai
merged 20 commits into
rpm-software-management:rpm-4.15.x
from
pmatilai:rpm-4.15.1.1-pr
Mar 22, 2021
Merged
RPM 4.15.1.1 #1587
pmatilai
merged 20 commits into
rpm-software-management:rpm-4.15.x
from
pmatilai:rpm-4.15.1.1-pr
Mar 22, 2021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It's been a while since the last 4.15 update, and this is likely to be the last one that branch gets. |
Thanks to Igor for originally setting this up, but the project and its contents are maintained by a team, not individuals.
CI has been running on latest stable Fedora and rawhide, both of which can and do change outside our control and cause previously working code to stop building overnight due to new compiler versions etc being introduced. This is not a sane situation for mandatory CI, we need to be able to validate the codebase on a given version *before* moving to it. Setting the version in the Dockerfile instead of external scripts ties the codebase and validated versions together as they should. This still leaves us subject to updates breaking stuff, but that's a lesser evil, updates are generally welcome.
Dockerhub has added download rate limiting (and who could blame them) But our CI getting blocked because of other projects being busy downloading from Docker isn't so nice, hopefully Fedora's own registry lets us work around this.
(cherry picked from commit b50ed03)
Test that the shared objects created during compilation matches the expectations of the person bumping the libtool version, which is oh so easy to get wrong. This of course needs to be skipped for static builds. Backported from commit 1c6d2f9
Otherwise executables that are not proper elf files are leaking libelf handles. This results in file being left open (mmap'ed) and fails the build on NFS as those files can't be deleted properly there. Resolves: rhbz#1840728 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1840728 (cherry picked from commit 38c03dd)
pmatilai
force-pushed
the
rpm-4.15.1.1-pr
branch
from
March 19, 2021 12:25
0678b5a
to
8ef59fa
Compare
(needed a little massaging to build...) |
Various proprietary packages in the wild have subtly malformed data in the signature header, in particular wrt the immutable region size, presumably from using some in-house/3rd party signing tools which do not understand the immutable region business at all. This can prevent resigning and signature deletion on such packages due to the more thorough checking that rpmsign does. As the old wisdom goes, be liberal in what you accept... we can easily work around the crud by just taking a fresh copy of the contents that are legit as such (otherwise the package would be uninstallable). (cherry picked from commit 8fefd2b) (cherry picked from commit 04b0d37)
This is already checked for other header entries. (cherry picked from commit f29c437)
Zero counts are invalid, and they cause problems elsewhere. For instance, strtaglen() will suffer an integer underflow. (cherry picked from commit 5e40166)
When there is number after "T" (suggested number of threads or "0" for getncpus), lzopen_internal() mode parser would skip one byte, and when it's at the end of the string it would then parse undesired garbage from the memory, making intermittent compression failures. Fixes: 7740d10 ("Add support for multithreaded xz compression") Signed-off-by: Vitaly Chikunov <vt@altlinux.org> (cherry picked from commit 405fc89)
The ‘end’ parameter to ‘strtaglen’ might point past the end of an allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop without calling ‘memchr’ on it. (cherry picked from commit 165330b)
Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN. (cherry picked from commit 9747a6a)
Users can pass untrusted data to hdrblobInit() and it must be robust against this. Backported from commit 8f4b3c3
Only look for known tags, and ensure correct type and size where known before copying over. Bump the old arbitrary 16k count limit to 16M limit though, it's not inconceivable that a package could have that many files. While at it, ensure none of these tags exist in the main header, which would confuse us greatly. This is optimized for backporting ease, upstream can remove redundancies and further improve checking later. Reported and initial patches by Demi Marie Obenour. Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ... Fixes: CVE-2021-3421, CVE-2021-20271 Backported from commit d6a86b5
Look up possible offending tags from the main header first in a separate loop, this avoids having to re-sort after each headerPut() operation. (cherry picked from commit f7b9759)
Lotsa new names, many from translations but otherwise too. (cherry picked from commit 295c522)
-fno-strict-overflow tells gcc and clang to handle signed integer and (at least on gcc) pointer arithmetic wraparound using twos-complement representation like deity intended. -fno-delete-null-pointer-checks tells gcc not to "optimize" away programmer added safeguards. Really. Suggested by Demi Marie Obenour. Backported from commit 5ee567e
The count can never be larger than header data size, which can never be larger than 256MB. Most datatypes have further restrictions of course, this is merely an outer perimeter check to catch impossibly large values that could otherwise overflow all manner of trivial calculations. Addresses the point I missed in PR rpm-software-management#1493 but with a much tighter limit. (cherry picked from commit d8fbddf)
pmatilai
force-pushed
the
rpm-4.15.1.1-pr
branch
from
March 22, 2021 09:59
8ef59fa
to
a8eade3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is primarily a security release for CVE-2021-3421, CVE-2021-20271 and CVE-2021-20266.
Some additional hardening, and couple of other important fixes included, details in commits.