|
|
517f18 |
commit c7d7c5acd0c14d0450016887cba1d86483086794
|
|
|
517f18 |
Author: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Mon Jun 21 10:05:10 2021 +0200
|
|
|
517f18 |
|
|
|
517f18 |
Add quoting to literal curly brackets
|
|
|
517f18 |
|
|
|
517f18 |
These curly brackets are already treated as literals by the shell, so
|
|
|
517f18 |
let's make that explicit for clarity, and silence a ShellCheck warning
|
|
|
517f18 |
at the same time.
|
|
|
517f18 |
|
|
|
517f18 |
More info: https://github.com/koalaman/shellcheck/wiki/SC1083
|
|
|
517f18 |
|
|
|
517f18 |
Found by ShellCheck.
|
|
|
517f18 |
|
|
|
517f18 |
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
|
|
|
517f18 |
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig 2021-06-29 15:34:31.671003589 +0200
|
|
|
517f18 |
+++ rpm-4.16.1.3/scripts/check-rpaths-worker 2021-06-29 15:34:51.993414093 +0200
|
|
|
517f18 |
@@ -120,13 +120,13 @@ for i; do
|
|
|
517f18 |
(/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
|
|
|
517f18 |
badness=0;;
|
|
|
517f18 |
|
|
|
517f18 |
- (\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
|
|
|
517f18 |
+ (\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
|
|
|
517f18 |
test $allow_ORIGIN -eq 0 && badness=8 || {
|
|
|
517f18 |
badness=0
|
|
|
517f18 |
new_allow_ORIGIN=1
|
|
|
517f18 |
}
|
|
|
517f18 |
;;
|
|
|
517f18 |
- (/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
|
|
|
517f18 |
+ (/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
|
|
|
517f18 |
badness=0;;
|
|
|
517f18 |
|
|
|
517f18 |
(/lib|/usr/lib|/usr/X11R6/lib)
|
|
|
517f18 |
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Wed, 9 Jun 2021 21:31:40 +0200
|
|
|
517f18 |
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
|
|
|
517f18 |
|
|
|
517f18 |
Callers are supposed to free the error strings themselves:
|
|
|
517f18 |
https://www.sqlite.org/capi3ref.html#sqlite3_exec
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
lib/backend/sqlite.c | 1 +
|
|
|
517f18 |
1 file changed, 1 insertion(+)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
|
|
|
517f18 |
index 7c2de45aa..dbefeb163 100644
|
|
|
517f18 |
--- a/lib/backend/sqlite.c
|
|
|
517f18 |
+++ b/lib/backend/sqlite.c
|
|
|
517f18 |
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
|
|
|
517f18 |
rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
|
|
|
517f18 |
|
|
|
517f18 |
sqlite3_free(cmd);
|
|
|
517f18 |
+ sqlite3_free(err);
|
|
|
517f18 |
|
|
|
517f18 |
return rc ? RPMRC_FAIL : RPMRC_OK;
|
|
|
517f18 |
}
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Fri, 25 Jun 2021 11:21:46 +0200
|
|
|
517f18 |
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
|
|
|
517f18 |
|
|
|
517f18 |
Even though the actual implementation of rpmGlob() does not allocate the
|
|
|
517f18 |
passed arg list (av) if the return code (rc) is non-zero or arg count
|
|
|
517f18 |
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
|
|
|
517f18 |
free that memory, so make sure we do that irrespectively of the above
|
|
|
517f18 |
conditions.
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
lib/rpminstall.c | 1 +
|
|
|
517f18 |
1 file changed, 1 insertion(+)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
|
|
|
517f18 |
index 724126e94..302ec0ba1 100644
|
|
|
517f18 |
--- a/lib/rpminstall.c
|
|
|
517f18 |
+++ b/lib/rpminstall.c
|
|
|
517f18 |
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
|
|
|
517f18 |
rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
|
|
|
517f18 |
}
|
|
|
517f18 |
eiu->numFailed++;
|
|
|
517f18 |
+ argvFree(av);
|
|
|
517f18 |
continue;
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Mon, 14 Jun 2021 10:21:25 +0200
|
|
|
517f18 |
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
|
|
|
517f18 |
|
|
|
517f18 |
This function is not used anywhere within our codebase (and neither is
|
|
|
517f18 |
it part of the public API) so it's basically a no-op... Still, rather
|
|
|
517f18 |
than yanking it completely, let's just silence the Coverity error here.
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
misc/fts.c | 4 +++-
|
|
|
517f18 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/misc/fts.c b/misc/fts.c
|
|
|
517f18 |
index d3ebb2946..caf27495d 100644
|
|
|
517f18 |
--- a/misc/fts.c
|
|
|
517f18 |
+++ b/misc/fts.c
|
|
|
517f18 |
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
|
|
|
517f18 |
if ((fd = __open(".", O_RDONLY, 0)) < 0)
|
|
|
517f18 |
return (NULL);
|
|
|
517f18 |
sp->fts_child = fts_build(sp, instr);
|
|
|
517f18 |
- if (__fchdir(fd))
|
|
|
517f18 |
+ if (__fchdir(fd)) {
|
|
|
517f18 |
+ (void)__close(fd);
|
|
|
517f18 |
return (NULL);
|
|
|
517f18 |
+ }
|
|
|
517f18 |
(void)__close(fd);
|
|
|
517f18 |
return (sp->fts_child);
|
|
|
517f18 |
}
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Mon, 14 Jun 2021 12:34:23 +0200
|
|
|
517f18 |
Subject: [PATCH 4/7] Fix memory leak in fts_build()
|
|
|
517f18 |
|
|
|
517f18 |
Turns out this leak is already fixed in glibc's current version of fts.c
|
|
|
517f18 |
(where our copy originates from), so let's just backport that.
|
|
|
517f18 |
|
|
|
517f18 |
Original commit in glibc:
|
|
|
517f18 |
https://sourceware.org/git/?p=glibc.git;\
|
|
|
517f18 |
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
misc/fts.c | 2 ++
|
|
|
517f18 |
1 file changed, 2 insertions(+)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/misc/fts.c b/misc/fts.c
|
|
|
517f18 |
index caf27495d..f7fce0eaa 100644
|
|
|
517f18 |
--- a/misc/fts.c
|
|
|
517f18 |
+++ b/misc/fts.c
|
|
|
517f18 |
@@ -855,6 +855,7 @@ mem1: saved_errno = errno;
|
|
|
517f18 |
fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
|
|
|
517f18 |
cur->fts_info = FTS_ERR;
|
|
|
517f18 |
SET(FTS_STOP);
|
|
|
517f18 |
+ fts_lfree(head);
|
|
|
517f18 |
return (NULL);
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
@@ -862,6 +863,7 @@ mem1: saved_errno = errno;
|
|
|
517f18 |
if (!nitems) {
|
|
|
517f18 |
if (type == BREAD)
|
|
|
517f18 |
cur->fts_info = FTS_DP;
|
|
|
517f18 |
+ fts_lfree(head);
|
|
|
517f18 |
return (NULL);
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Tue, 15 Jun 2021 13:34:21 +0200
|
|
|
517f18 |
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
rpmio/rpmpgp.c | 6 +++++-
|
|
|
517f18 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
|
|
|
517f18 |
index c59185dce..ee5c81e24 100644
|
|
|
517f18 |
--- a/rpmio/rpmpgp.c
|
|
|
517f18 |
+++ b/rpmio/rpmpgp.c
|
|
|
517f18 |
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
|
|
|
517f18 |
crc = pgpCRC(dec, declen);
|
|
|
517f18 |
if (crcpkt != crc) {
|
|
|
517f18 |
ec = PGPARMOR_ERR_CRC_CHECK;
|
|
|
517f18 |
+ _free(dec);
|
|
|
517f18 |
goto exit;
|
|
|
517f18 |
}
|
|
|
517f18 |
- if (pkt) *pkt = dec;
|
|
|
517f18 |
+ if (pkt)
|
|
|
517f18 |
+ *pkt = dec;
|
|
|
517f18 |
+ else
|
|
|
517f18 |
+ _free(dec);
|
|
|
517f18 |
if (pktlen) *pktlen = declen;
|
|
|
517f18 |
ec = PGPARMOR_PUBKEY; /* XXX ASCII Pubkeys only, please. */
|
|
|
517f18 |
goto exit;
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Mon, 21 Jun 2021 17:51:14 +0200
|
|
|
517f18 |
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
|
|
|
517f18 |
|
|
|
517f18 |
We permit two equivalent forms of specifying a list of languages per
|
|
|
517f18 |
file:
|
|
|
517f18 |
|
|
|
517f18 |
%lang(xx,yy,zz) /path/to/file
|
|
|
517f18 |
%lang(xx) %lang(yy) %lang(zz) /path/to/file
|
|
|
517f18 |
|
|
|
517f18 |
The leak was when parsing the second form.
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
build/files.c | 2 ++
|
|
|
517f18 |
1 file changed, 2 insertions(+)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/build/files.c b/build/files.c
|
|
|
517f18 |
index f8153ad2b..0c8859f6c 100644
|
|
|
517f18 |
--- a/build/files.c
|
|
|
517f18 |
+++ b/build/files.c
|
|
|
517f18 |
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
|
|
|
517f18 |
|
|
|
517f18 |
if (*pe == ',') pe++; /* skip , if present */
|
|
|
517f18 |
}
|
|
|
517f18 |
+
|
|
|
517f18 |
+ q = _free(q);
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
rc = RPMRC_OK;
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
|
|
|
517f18 |
From: Michal Domonkos <mdomonko@redhat.com>
|
|
|
517f18 |
Date: Fri, 25 Jun 2021 15:15:08 +0200
|
|
|
517f18 |
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
|
|
|
517f18 |
|
|
|
517f18 |
This covers the following usage:
|
|
|
517f18 |
|
|
|
517f18 |
expr = rex.newPOSIX(<regex>)
|
|
|
517f18 |
expr:match(<string>) # A leak occurred here
|
|
|
517f18 |
expr:gmatch(<string>, <func>) # A leak occurred here
|
|
|
517f18 |
|
|
|
517f18 |
Found by Coverity.
|
|
|
517f18 |
---
|
|
|
517f18 |
luaext/lrexlib.c | 9 ++++++---
|
|
|
517f18 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
|
|
|
517f18 |
index 09c5a6454..0f29b6371 100644
|
|
|
517f18 |
--- a/luaext/lrexlib.c
|
|
|
517f18 |
+++ b/luaext/lrexlib.c
|
|
|
517f18 |
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
|
|
|
517f18 |
|
|
|
517f18 |
static int rex_match(lua_State *L)
|
|
|
517f18 |
{
|
|
|
517f18 |
+ int rc = 0;
|
|
|
517f18 |
int res;
|
|
|
517f18 |
#ifdef REG_BASIC
|
|
|
517f18 |
size_t len;
|
|
|
517f18 |
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
|
|
|
517f18 |
lua_pushstring(L, "n");
|
|
|
517f18 |
lua_pushnumber(L, ncapt);
|
|
|
517f18 |
lua_rawset(L, -3);
|
|
|
517f18 |
- return 3;
|
|
|
517f18 |
- } else
|
|
|
517f18 |
- return 0;
|
|
|
517f18 |
+ rc = 3;
|
|
|
517f18 |
+ }
|
|
|
517f18 |
+ free(match);
|
|
|
517f18 |
+ return rc;
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
static int rex_gmatch(lua_State *L)
|
|
|
517f18 |
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
|
|
|
517f18 |
break;
|
|
|
517f18 |
}
|
|
|
517f18 |
lua_pushnumber(L, nmatch);
|
|
|
517f18 |
+ free(match);
|
|
|
517f18 |
return 1;
|
|
|
517f18 |
}
|
|
|
517f18 |
|
|
|
517f18 |
--
|
|
|
517f18 |
2.31.1
|
|
|
517f18 |
|
|
|
517f18 |
commit 9747a6af016a3458d54fe060777c95e3900b5fa4
|
|
|
517f18 |
Author: Demi Marie Obenour <athena@invisiblethingslab.com>
|
|
|
517f18 |
Date: Tue Mar 2 12:47:29 2021 -0500
|
|
|
517f18 |
|
|
|
517f18 |
Fix a tiny memory leak
|
|
|
517f18 |
|
|
|
517f18 |
Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/lib/headerutil.c b/lib/headerutil.c
|
|
|
517f18 |
index 22e36c74d..fab210ff2 100644
|
|
|
517f18 |
--- a/lib/headerutil.c
|
|
|
517f18 |
+++ b/lib/headerutil.c
|
|
|
517f18 |
@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
|
|
|
517f18 |
rpmds hds, nvrds;
|
|
|
517f18 |
|
|
|
517f18 |
/* Generate provides for this package name-version-release. */
|
|
|
517f18 |
- if (!(name && pEVR))
|
|
|
517f18 |
+ if (!(name && pEVR)) {
|
|
|
517f18 |
+ free(pEVR);
|
|
|
517f18 |
return;
|
|
|
517f18 |
+ }
|
|
|
517f18 |
|
|
|
517f18 |
/*
|
|
|
517f18 |
* Rpm prior to 3.0.3 does not have versioned provides.
|
|
|
517f18 |
commit cb2ae4bdf2f60876fdc68e3f84938e9c37182fab
|
|
|
517f18 |
Author: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
|
517f18 |
Date: Tue Feb 6 14:50:27 2018 +0100
|
|
|
517f18 |
|
|
|
517f18 |
lua: fix memory leak in Pexec()
|
|
|
517f18 |
|
|
|
517f18 |
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
|
517f18 |
|
|
|
517f18 |
diff --git a/luaext/lposix.c b/luaext/lposix.c
|
|
|
517f18 |
index 5d7ad3c87..2730bcff7 100644
|
|
|
517f18 |
--- a/luaext/lposix.c
|
|
|
517f18 |
+++ b/luaext/lposix.c
|
|
|
517f18 |
@@ -348,6 +348,7 @@ static int Pexec(lua_State *L) /** exec(path,[args]) */
|
|
|
517f18 |
for (i=1; i
|
|
|
517f18 |
argv[i] = NULL;
|
|
|
517f18 |
execvp(path,argv);
|
|
|
517f18 |
+ free(argv);
|
|
|
517f18 |
return pusherror(L, path);
|
|
|
517f18 |
}
|