[packages/rpm] fix incorrect file permissions if group has empty password field; rel 2

atler atler at pld-linux.org
Wed Feb 26 21:13:56 CET 2025 

commit c039de4c73398c86ca1041b185257b47635f9648
Author: Jan Palus <atler at pld-linux.org>
Date:   Wed Feb 26 21:02:21 2025 +0100

    fix incorrect file permissions if group has empty password field; rel 2
    
    based on suggestion in upstream report:
    
    https://github.com/rpm-software-management/rpm/issues/3594
    
    also fixes potential (but unlikely) memory leak

 group-lookup.patch | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 rpm.spec           |  4 +++-
 2 files changed, 64 insertions(+), 1 deletion(-)
---
diff --git a/rpm.spec b/rpm.spec
index 78e107a..e9b4f56 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -34,7 +34,7 @@ Summary(ru.UTF-8):	Менеджер пакетов от RPM
 Summary(uk.UTF-8):	Менеджер пакетів від RPM
 Name:		rpm
 Version:	4.20.1
-Release:	1
+Release:	2
 Epoch:		1
 License:	GPL v2 / LGPL v2.1
 Group:		Base
@@ -87,6 +87,7 @@ Patch28:	skip-symlinks.patch
 Patch29:	build-locale.patch
 Patch30:	no-exe-for-elf-req.patch
 Patch31:	check-valid-arch-early.patch
+Patch32:	group-lookup.patch
 URL:		https://rpm.org/
 BuildRequires:	acl-devel
 %{?with_audit:BuildRequires:	audit-libs-devel}
@@ -644,6 +645,7 @@ Dokumentacja API RPM-a oraz przewodniki w formacie HTML generowane ze
 %patch -P 29 -p1
 %patch -P 30 -p1
 %patch -P 31 -p1
+%patch -P 32 -p1
 
 # generate Group translations to *.po
 awk -f %{SOURCE6} %{SOURCE5}
diff --git a/group-lookup.patch b/group-lookup.patch
new file mode 100644
index 0000000..6756df8
--- /dev/null
+++ b/group-lookup.patch
@@ -0,0 +1,61 @@
+--- rpm-4.20.1/lib/rpmug.c.orig	2025-02-19 16:29:33.000000000 +0100
++++ rpm-4.20.1/lib/rpmug.c	2025-02-26 20:58:54.695393189 +0100
+@@ -1,6 +1,7 @@
+ #include "system.h"
+ 
+ #include <errno.h>
++#include <rpm/argv.h>
+ #include <rpm/rpmlog.h>
+ #include <rpm/rpmstring.h>
+ #include <rpm/rpmmacro.h>
+@@ -51,7 +52,8 @@
+ 			char **ret)
+ {
+     int rc = -1; /* assume not found */
+-    char *str, buf[BUFSIZ];
++    int nf = vcol > rcol ? vcol : rcol;
++    char *str, buf[BUFSIZ], *lastret = NULL;
+     FILE *f = fopen(path, "r");
+     if (f == NULL) {
+ 	rpmlog(RPMLOG_ERR, _("failed to open %s for id/name lookup: %s\n"),
+@@ -60,28 +62,27 @@
+     }
+ 
+     while ((str = fgets(buf, sizeof(buf), f)) != NULL) {
+-	int nf = vcol > rcol ? vcol : rcol;
+-	const char *fields[nf + 1];
+-	char *tok, *save = NULL;
+-	int col = -1;
+-
+-	while ((tok = strtok_r(str, ":", &save)) != NULL) {
+-	    fields[++col] = tok;
+-	    str = NULL;
+-	    if (col >= nf)
+-		break;
+-	}
++	ARGV_t fields;
++
++	fields = argvSplitString(str, ":", ARGV_NONE);
+ 
+-	if (col >= nf) {
++	if (argvCount(fields) > nf) {
+ 	    if (rstreq(val, fields[vcol])) {
+-		*ret = xstrdup(fields[rcol]);
++		if (lastret != NULL)
++		    free(lastret);
++		lastret = xstrdup(fields[rcol]);
+ 		rc = 0;
+ 	    }
+ 	}
++
++	argvFree(fields);
+     }
+ 
+     fclose(f);
+ 
++    if (!rc)
++	*ret = lastret;
++
+     return rc;
+ }
+ 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/c039de4c73398c86ca1041b185257b47635f9648

More information about the pld-cvs-commit mailing list