[Rpm-maint] [PATCH] debugedit: skip_dir_prefix should check for dir separator.

[Mark Wielaard]

To count as a real directory prefix the string matched should either
be equal to the given prefix or start with the prefix plus '/'.

skip_dir_prefix is always used with base_dir or dest_dir which don't
end with a slash themselves.

This really only is an issue if a package would put a directory named
similar to the package source dir (which cargo on fedora does, by adding
a directory named cargo-vendor in the builddir itself).

Signed-off-by: Mark Wielaard 
---
 tools/debugedit.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tools/debugedit.c b/tools/debugedit.c
index abd2ca4..a271b91 100644
--- a/tools/debugedit.c
+++ b/tools/debugedit.c
@@ -662,7 +662,8 @@ canonicalize_path (const char *s, char *d)
 /* Returns the rest of PATH if it starts with DIR_PREFIX, skipping any
/ path separators, or NULL if PATH doesn't start with
DIR_PREFIX. Might return the empty string if PATH equals DIR_PREFIX
-   (modulo trailing slashes). Never returns path starting with '/'. */
+   (modulo trailing slashes). Never returns path starting with '/'.
+   Note that DIR_PREFIX itself should NOT end with a '/'.  */
 static const char *
 skip_dir_prefix (const char *path, const char *dir_prefix)
 {
@@ -670,12 +671,17 @@ skip_dir_prefix (const char *path, const char *dir_prefix)
   if (strncmp (path, dir_prefix, prefix_len) == 0)
 {
   path += prefix_len;
+  /* Unless path == dir_prefix there should be at least one '/'
+in the path (which we will skip).  Otherwise the path has
+a different (longer) directory prefix.  */
+  if (*path != '\0' && !IS_DIR_SEPARATOR (*path))
+   return NULL;
   while (IS_DIR_SEPARATOR (path[0]))
path++;
   return path;
 }
 
-  return 0;
+  return NULL;
 }
 
 /* Most strings will be in the existing debug string table. But to
-- 
1.8.3.1

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [PATCH] find-debuginfo.sh: Use 'return', not 'continue', to break out do_file().

[Mark Wielaard]

commit 038bfe "Split directory traversal and debuginfo extraction"
put the core of a while loop into its own function 'do_file()'.
That means that instead of using 'continue' to break out early it now
needs to use 'return'. Otherwise the script will give errors like:

  continue: only meaningful in a `for', `while', or `until' loop

https://bugzilla.redhat.com/show_bug.cgi?id=1465170

Signed-off-by: Mark Wielaard 
---
 scripts/find-debuginfo.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
index 360982d..59a4ff3 100755
--- a/scripts/find-debuginfo.sh
+++ b/scripts/find-debuginfo.sh
@@ -366,7 +366,7 @@ do_file()
   # just has its file names collected and adjusted.
   case "$dn" in
   /usr/lib/debug/*)
-continue ;;
+return ;;
   esac
 
   mkdir -p "${debugdn}"
-- 
1.8.3.1

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [PATCH] find-debuginfo.sh: Filter out all like fake file names.

[Mark Wielaard]

There is no official way to mark an instruction range as being not
part of some actual source code, but as part of a compiler built-in
construct in DWARF. So different compilers have come up with fake
source file names like  or <__thread_local_inner macros>.
We already filtered out the strings "" and "".
Just filter out all '(^|/)<[a-z _-]+>$'. They are fake files!

This is mainly to appease the rustc compiler which generates lots of
different variants to encode some instruction sequence is part of an
compiler generated macro expansion.

Signed-off-by: Mark Wielaard 
---
 scripts/find-debuginfo.sh | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
index 0233d92..555e7b8 100755
--- a/scripts/find-debuginfo.sh
+++ b/scripts/find-debuginfo.sh
@@ -502,7 +502,11 @@ if [ -s "$SOURCEFILE" ]; then
   fi
 
   mkdir -p "${RPM_BUILD_ROOT}${debug_dest_name}"
-  LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(|)$' 
|
+  # Filter out anything compiler generated which isn't a source file.
+  # e.g. , , <__thread_local_inner macros>.
+  # Some compilers generate them as if they are part of the working
+  # directory (which is why we match against ^ or /).
+  LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(^|/)<[a-z _-]+>$' |
   (cd "${debug_base_name}"; cpio -pd0mL "${RPM_BUILD_ROOT}${debug_dest_name}")
   # stupid cpio creates new directories in mode 0700,
   # and non-standard modes may be inherented from original directories, fixup
-- 
1.8.3.1

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Pre-validate (all) header data for semantic consistency (#242)

[Jeff Johnson]

As long as --nosignature and --nodigest are commonly used everywhere -- 
including in depsolvers -- you can setup an internal table to associate the 
data type with the tag and never access the field in the header.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/242#issuecomment-311616024___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add %mutable and %noupdate update policies (#152) (#200)

[Panu Matilainen]

This has been put on hold, closing for now at least.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/200#issuecomment-311614203___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add %mutable and %noupdate update policies (#152) (#200)

[Panu Matilainen]

Closed #200.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/200#event-1142057457___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] out of bounds heap read in rpmstrPoolId / rstrlenhash (#135)

[Panu Matilainen]

Closed #135.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/135#event-1142044203___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] out of bounds heap read in rpmstrPoolId / rstrlenhash (#135)

[Panu Matilainen]

The immediate crasher was already addressed, the underlying larger issue of tag 
validation will be tracked in #242 from here on.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/135#issuecomment-311612068___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid memory read in function providePackageNVR / doFind (#136)

[Panu Matilainen]

The immediate crasher was already addressed, the underlying larger issue of tag 
validation will be tracked in #242 from here on.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/136#issuecomment-311612042___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid memory read in function providePackageNVR / doFind (#136)

[Panu Matilainen]

Closed #136.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/136#event-1142043981___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid memory read in rstreqn / rpmdsNewPool (#137)

[Panu Matilainen]

Closed #137.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/137#event-1142043836___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid memory read in rstreqn / rpmdsNewPool (#137)

[Panu Matilainen]

The immediate crasher was already addressed, the underlying larger issue of tag 
validation will be tracked in #242 from here on.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/137#issuecomment-311612020___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] heap out of bounds read in rpmfilesFDepends() (#139)

[Panu Matilainen]

The immediate crasher was already addressed, the underlying larger issue of tag 
validation will be tracked in #242 from here on.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/139#issuecomment-311611959___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid read in dataLength / grabData (header.c) (#138)

[Panu Matilainen]

The immediate crasher was already addressed, the underlying larger issue of tag 
validation will be tracked in #242 from here on.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/138#issuecomment-311611998___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid read in dataLength / grabData (header.c) (#138)

[Panu Matilainen]

Closed #138.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/138#event-1142043641___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] RFE: Pre-validate (all) header data for semantic consistency (#242)

[Panu Matilainen]

The common theme in tickets #135, #136, #137, #138 and #139 is that the 
datatype of a valid tag is changed to something incompatible, such as an 
integer tag is changed to string, which then causes crash-and-burn in various 
places, many of which are not able to return an error even if they bothered to 
check for the types etc.

Mandatory signature checking makes this less of an issue, or rather shift the 
issue to key management. But optimally rpm should not crash on invalid data, 
even with --nosignature/--nodigest. The signature header data is fairly 
thoroughly validated before use, we should have something similar for the main 
header. Piles of more data to deal with, and many conditionals like if tag X is 
there then otherwise optional Y must be present too etc, but validating our 
used tags are type sane etc could be considered a starting point at least.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/242___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Adding/moving RPMTAG_PUBKEYS to the signature header (#182)

[Jeff Johnson]

The suggestion of moving RPMTAG_PUBKEYS was directed to rpm.org (and you) as a 
better design for *.rpm packages, particularly if pursuing multiple signatures 
on multiple plaintext within an RPM package.

*shrug*


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/182#issuecomment-311601586___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] stack buffer overflow in glob/rpmGlob - rpm 4.13.0.1 (#156)

[Panu Matilainen]

Closing due to lack of activity and missing information. Feel free to reopen 
when providing the requested information about reproducing details.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/156#issuecomment-311600608___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Adding/moving RPMTAG_PUBKEYS to the signature header (#182)

[Panu Matilainen]

You're of course free to do whatever you wish in RPM5 but this is an issue 
tracker of rpm.org, please limit usage to that purpose. Closing.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/182#issuecomment-311599929___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Adding/moving RPMTAG_PUBKEYS to the signature header (#182)

[Panu Matilainen]

Closed #182.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/182#event-1141967870___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Q: RPMTAG_PAYLOADDIGEST: compute before or after compression? (#184)

[Panu Matilainen]

This is an issue tracker, not a support forum. Closing.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/184#issuecomment-311599374___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Q: RPMTAG_PAYLOADDIGEST: compute before or after compression? (#184)

[Panu Matilainen]

Closed #184.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/184#event-1141964299___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make rpm fail to install unverified packages (#231)

[Panu Matilainen]

This is an issue tracker and there's no actual issue here, just a question. See 
http://rpm.org/community.html for the appropriate forums for questions and 
discussion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/231#issuecomment-311598897___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make rpm fail to install unverified packages (#231)

[Panu Matilainen]

Closed #231.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/231#event-1141961457___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Check signatures in the code (#240)

[Panu Matilainen]

Sorry but this is an issue tracker, not a support forum. See 
http://rpm.org/community.html

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/240#issuecomment-311598264___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Check signatures in the code (#240)

[Panu Matilainen]

Closed #240.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/240#event-1141957245___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add support for new package declarations in Perl 5.12+ (#237)

[Panu Matilainen]

Excellent, thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/237#issuecomment-311594948___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [PATCH] find-debuginfo.sh: Don't create dwz multi file if there is only one .debug.

[Panu Matilainen]

On 06/26/2017 06:38 PM, Mark Wielaard wrote:

dwz -m multi only works when there are multiple .debug input files.
With just one .debug file it doesn't really make sense to extract
the shared debug info into a separate file and dwz will complain:

   dwz: Too few files for multifile optimization.

So only add -m multi if there is more than one .debug file.

Signed-off-by: Mark Wielaard 
---


Applied, thanks for the patch!

- Panu -
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [PATCH] Update find-debuginfo.sh options and macros documentation.

[Panu Matilainen]

On 06/26/2017 02:35 PM, Mark Wielaard wrote:

This adds some missing documentation for rpm macros and find-debuginfo.sh
options that were recently added (or renamed). -j N, --build-id-seed SEED,
--unique-debug-suffix SUFFIX and --unique-debug-src-base BASE.

Signed-off-by: Mark Wielaard 


Documentation! And voluntary documentation at that! What's the world 
coming to...


Applied, thanks :)

- Panu -
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Python macro improvements (#221)

[Panu Matilainen]

Sorry, was on vacation for a week (and will be again for all of July)

The patch as such looks fine to me, no problem with that.

What I'm wondering about is that this of course loses is the ability to easily 
override python version both at run- and buildtime. The latter isn't that 
relevant since `PYTHON=python3 ./configure [...]` doesn't actually work, but 
the former will break some specs. There are more than just a handful of specs 
that override __python to eg python3 in rawhide, for example:
```
gaupol.spec:%global __python %{__python3}
gdb.spec:%global __python %{__python3}
gedit-code-assistance.spec:%global __python %{__python3}
gedit-plugins.spec:%global __python %{__python3}
gedit.spec:%global __python %{__python3}
git-cola.spec:%global __python %{__python3}
```

I'm not really up to date with Fedora (python) packaging policies, perhaps 
these are not either, but Fedora aside there *is*  chance of breaking packages 
that expect to override `%__python` to point to python3 for use with 
`%python_*` macros, which they quite legitimately (AFAICS) could've been doing 
up to this point. So if we break that, we need to at least have an alternative 
that we can point to. Do we?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/221#issuecomment-311585242___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make source package detection less error prone. (#218)

[Panu Matilainen]

Sorry I'd managed to forget this whole thing between vacations and other stuff. 
Thanks for the patches!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/218#issuecomment-311578323___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make source package detection less error prone. (#218)

[Panu Matilainen]

Merged #218.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/218#event-1141832657___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint