From 92d408d4dea5b423a58496abd16974131c9725b3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 10 2022 07:18:43 +0000 Subject: import rpm-4.14.3-23.el8 --- diff --git a/SOURCES/rpm-4.14.3-add-path-query-option.patch b/SOURCES/rpm-4.14.3-add-path-query-option.patch new file mode 100644 index 0000000..0504ec8 --- /dev/null +++ b/SOURCES/rpm-4.14.3-add-path-query-option.patch @@ -0,0 +1,197 @@ +From 013cd4ba63c35fa75feeccde0022d56e68bc5845 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 16 Aug 2021 18:21:02 +0200 +Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries + +There are legitimate reasons (such as rhbz#1940895 or the included test) +for wanting the former behavior where all file states were considered in +file queries prior to commit 9ad57bda4a82b9847826daa766b4421d877bb3d9, +so celebrate the tenth anniversary of that commit by adding a CLI switch +(a new package selector --path), as contemplated back then. + +Update the man page for --file to reflect it's current behavior and make +--path that more obvious. + +Resolves: rhbz#1940895 + +Combined with: +d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f +f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8 + +Backported for 4.14.3. +--- + doc/rpm.8 | 9 ++++++-- + lib/poptQV.c | 6 +++++- + lib/query.c | 7 +++++-- + lib/rpmcli.h | 1 + + tests/rpmquery.at | 52 +++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 70 insertions(+), 5 deletions(-) + +diff --git a/doc/rpm.8 b/doc/rpm.8 +index 15a3db25f..74604c8ec 100644 +--- a/doc/rpm.8 ++++ b/doc/rpm.8 +@@ -57,7 +57,7 @@ rpm \- RPM Package Manager + .PP + + [\fB\fIPACKAGE_NAME\fB\fR] +- [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] ++ [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] [\fB--path \fIPATH\fB\fR] + [\fB-g,--group \fIGROUP\fB\fR] {\fB-p,--package \fIPACKAGE_FILE\fB\fR] + [\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR] + [\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR] +@@ -555,7 +555,7 @@ starts with "b". + List duplicated packages. + .TP + \fB-f, --file \fIFILE\fB\fR +-Query package owning \fIFILE\fR. ++Query package owning installed \fIFILE\fR. + .TP + \fB--filecaps\fR + List file names with POSIX1.e capabilities. +@@ -598,6 +598,11 @@ that will be expanded to paths that are substituted in place of + the package manifest as additional \fIPACKAGE_FILE\fR + arguments to the query. + .TP ++\fB--path \fIPATH\fB\fR ++Query package(s) owning \fIPATH\fR, whether the file is installed or not. ++Multiple packages may own a \fIPATH\fR, but the file is only owned by the ++package installed last. ++.TP + \fB--pkgid \fIMD5\fB\fR + Query package that contains a given package identifier, i.e. the + \fIMD5\fR digest of the combined header and +diff --git a/lib/poptQV.c b/lib/poptQV.c +index 9021d7b3c..f752d8b82 100644 +--- a/lib/poptQV.c ++++ b/lib/poptQV.c +@@ -27,6 +27,7 @@ struct rpmQVKArguments_s rpmQVKArgs; + #define POPT_WHATENHANCES -1014 + #define POPT_WHATOBSOLETES -1015 + #define POPT_WHATCONFLICTS -1016 ++#define POPT_QUERYBYPATH -1017 + + /* ========== Query/Verify/Signature source args */ + static void rpmQVSourceArgCallback( poptContext con, +@@ -58,6 +59,7 @@ static void rpmQVSourceArgCallback( poptContext con, + case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break; + case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break; + case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break; ++ case POPT_QUERYBYPATH: qva->qva_source |= RPMQV_PATH_ALL; break; + case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break; + case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break; + case POPT_QUERYBYTID: qva->qva_source |= RPMQV_TID; break; +@@ -80,7 +82,9 @@ struct poptOption rpmQVSourcePoptTable[] = { + { "checksig", 'K', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'K', + N_("rpm checksig mode"), NULL }, + { "file", 'f', 0, 0, 'f', +- N_("query/verify package(s) owning file"), "FILE" }, ++ N_("query/verify package(s) owning installed file"), "FILE" }, ++ { "path", '\0', 0, 0, POPT_QUERYBYPATH, ++ N_("query/verify package(s) owning path, installed or not"), "PATH" }, + { "group", 'g', 0, 0, 'g', + N_("query/verify package(s) in group"), "GROUP" }, + { "package", 'p', 0, 0, 'p', +diff --git a/lib/query.c b/lib/query.c +index 26cdecf10..e6ea1fa2d 100644 +--- a/lib/query.c ++++ b/lib/query.c +@@ -440,6 +440,7 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar + } + /* fallthrough on absolute and relative paths */ + case RPMQV_PATH: ++ case RPMQV_PATH_ALL: + { char * fn; + + for (s = arg; *s != '\0'; s++) +@@ -458,8 +459,10 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar + fn = xstrdup(arg); + (void) rpmCleanPath(fn); + +- /* XXX Add a switch to enable former BASENAMES behavior? */ +- mi = rpmtsInitIterator(ts, RPMDBI_INSTFILENAMES, fn, 0); ++ rpmDbiTagVal tag = RPMDBI_INSTFILENAMES; ++ if (qva->qva_source == RPMQV_PATH_ALL) ++ tag = RPMDBI_BASENAMES; ++ mi = rpmtsInitIterator(ts, tag, fn, 0); + if (mi == NULL) + mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0); + +diff --git a/lib/rpmcli.h b/lib/rpmcli.h +index 99af2585a..c0d07d137 100644 +--- a/lib/rpmcli.h ++++ b/lib/rpmcli.h +@@ -102,6 +102,7 @@ enum rpmQVSources_e { + RPMQV_SPECBUILTRPMS, /*!< ... from pkgs which would be built from spec */ + RPMQV_WHATOBSOLETES, /*!< ... from obsoletes db search. */ + RPMQV_WHATCONFLICTS, /*!< ... from conflicts db search. */ ++ RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */ + }; + + typedef rpmFlags rpmQVSources; +diff --git a/tests/rpmquery.at b/tests/rpmquery.at +index 36c62339a..ad580f664 100644 +--- a/tests/rpmquery.at ++++ b/tests/rpmquery.at +@@ -194,6 +194,58 @@ runroot rpm \ + + AT_CLEANUP + ++# ------------------------------ ++# query a package by a file ++AT_SETUP([rpm -qf]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -qf /usr/local/bin/hello ++], ++[0], ++[hello-1.0-1.i386 ++], ++[]) ++AT_CLEANUP ++ ++AT_SETUP([rpm -qf on non-installed file]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ --excludedocs \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -qf /usr/share/doc/hello-1.0/FAQ ++], ++[1], ++[], ++[error: file /usr/share/doc/hello-1.0/FAQ: No such file or directory ++]) ++AT_CLEANUP ++ ++AT_SETUP([rpm -q --path on non-installed file]) ++AT_KEYWORDS([query]) ++AT_CHECK([ ++RPMDB_INIT ++runroot rpm \ ++ --nodeps \ ++ --excludedocs \ ++ -i /data/RPMS/hello-1.0-1.i386.rpm ++runroot rpm \ ++ -q --path /usr/share/doc/hello-1.0/FAQ ++], ++[0], ++[hello-1.0-1.i386 ++], ++[]) ++AT_CLEANUP ++ + # ------------------------------ + AT_SETUP([integer array query]) + AT_KEYWORDS([query]) +-- +2.35.1 + diff --git a/SOURCES/rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch b/SOURCES/rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch new file mode 100644 index 0000000..6b26ec5 --- /dev/null +++ b/SOURCES/rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch @@ -0,0 +1,184 @@ +From f17aa638649fb8de730fecdbc906dc869b626ba5 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Tue, 16 Nov 2021 11:49:18 +0200 +Subject: [PATCH 1/2] Fix spurious %transfiletriggerpostun execution + (RhBug:2023311) + +If a package has multiple %transfiletriggerpostun triggers, any one +of them matching would cause all of them to run, due to disconnect +in the intel gathering stage: we'd gather all the headers with matching +files into a lump, and then add any postun triggers found in them, +but this loses the triggering file information and causes all postuns +to run. + +The triggers need to be added while looping over the file matches, +like runFileTriggers() does. Doing so actually simplifies the code. +These should really be unified to use the same code, but leaving +that exercise to another rainy day. +--- + lib/rpmtriggers.c | 64 +++++++++++++++++++++++------------------------ + 1 file changed, 31 insertions(+), 33 deletions(-) + +diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c +index 0827af0c2..dc457f7cc 100644 +--- a/lib/rpmtriggers.c ++++ b/lib/rpmtriggers.c +@@ -97,19 +97,37 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs) + } + } + ++static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter) ++{ ++ int tix = 0; ++ rpmds ds; ++ rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0); ++ ++ while ((ds = rpmdsFilterTi(triggers, tix))) { ++ if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) { ++ struct rpmtd_s priorities; ++ ++ if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES, ++ &priorities, HEADERGET_MINMEM)) { ++ rpmtdSetIndex(&priorities, tix); ++ rpmtriggersAdd(ts->trigs2run, headerGetInstance(trigH), ++ tix, *rpmtdGetUint32(&priorities)); ++ } ++ } ++ rpmdsFree(ds); ++ tix++; ++ } ++ rpmdsFree(triggers); ++} ++ + void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) + { +- rpmdbMatchIterator mi; + rpmdbIndexIterator ii; +- Header trigH; + const void *key; + size_t keylen; + rpmfiles files; +- rpmds rpmdsTriggers; +- rpmds rpmdsTrigger; + + ii = rpmdbIndexIteratorInit(rpmtsGetRdb(ts), RPMDBI_TRANSFILETRIGGERNAME); +- mi = rpmdbNewIterator(rpmtsGetRdb(ts), RPMDBI_PACKAGES); + files = rpmteFiles(te); + + /* Iterate over file triggers in rpmdb */ +@@ -121,39 +139,19 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) + rpmfi fi = rpmfilesFindPrefix(files, pfx); + while (rpmfiNext(fi) >= 0) { + if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) { +- /* If yes then store it */ +- rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii), +- rpmdbIndexIteratorNumPkgs(ii)); +- break; ++ unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii); ++ const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii); ++ /* Save any matching postun triggers */ ++ for (int i = 0; i < npkg; i++) { ++ Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]); ++ addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN); ++ headerFree(h); ++ } + } + } + rpmfiFree(fi); + } + rpmdbIndexIteratorFree(ii); +- +- if (rpmdbGetIteratorCount(mi)) { +- /* Filter triggers and save only trans postun triggers into ts */ +- while ((trigH = rpmdbNextIterator(mi)) != NULL) { +- int tix = 0; +- rpmdsTriggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0); +- while ((rpmdsTrigger = rpmdsFilterTi(rpmdsTriggers, tix))) { +- if ((rpmdsNext(rpmdsTrigger) >= 0) && +- (rpmdsFlags(rpmdsTrigger) & RPMSENSE_TRIGGERPOSTUN)) { +- struct rpmtd_s priorities; +- +- headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES, +- &priorities, HEADERGET_MINMEM); +- rpmtdSetIndex(&priorities, tix); +- rpmtriggersAdd(ts->trigs2run, rpmdbGetIteratorOffset(mi), +- tix, *rpmtdGetUint32(&priorities)); +- } +- rpmdsFree(rpmdsTrigger); +- tix++; +- } +- rpmdsFree(rpmdsTriggers); +- } +- } +- rpmdbFreeIterator(mi); + rpmfilesFree(files); + } + +-- +2.35.1 + +From e617e7c550d3523998707c55f96b37ede2c48c78 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 2 Feb 2022 13:46:23 +0200 +Subject: [PATCH 2/2] Really fix spurious %transfiletriggerpostun execution + (RhBug:2023311) + +Commit b3d672a5523dfec033160e5cc866432a0e808649 got the base reasoning +in the ballpark but the code all wrong, introducing a severe performance +regression without actually fixing what it claimed to. + +The missing incredient is actually comparing the current prefix with the +triggers in matched package (trying to describe this makes my head +spin): a package may have multiple triggers on multiple prefixes and +we need to make sure we only execute triggers of this type, from this +prefix. + +This stuff really needs more and better testcases. + +Fixes: b3d672a5523dfec033160e5cc866432a0e808649 +--- + lib/rpmtriggers.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c +index dc457f7cc..c652981be 100644 +--- a/lib/rpmtriggers.c ++++ b/lib/rpmtriggers.c +@@ -97,14 +97,16 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs) + } + } + +-static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter) ++static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter, ++ const char *prefix) + { + int tix = 0; + rpmds ds; + rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0); + + while ((ds = rpmdsFilterTi(triggers, tix))) { +- if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) { ++ if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter) && ++ strcmp(prefix, rpmdsN(ds)) == 0) { + struct rpmtd_s priorities; + + if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES, +@@ -141,12 +143,13 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te) + if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) { + unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii); + const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii); +- /* Save any matching postun triggers */ ++ /* Save any postun triggers matching this prefix */ + for (int i = 0; i < npkg; i++) { + Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]); +- addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN); ++ addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN, pfx); + headerFree(h); + } ++ break; + } + } + rpmfiFree(fi); +-- +2.35.1 + diff --git a/SOURCES/rpm-4.14.3-macroize-find-debuginfo-script-location.patch b/SOURCES/rpm-4.14.3-macroize-find-debuginfo-script-location.patch new file mode 100644 index 0000000..2fd8e44 --- /dev/null +++ b/SOURCES/rpm-4.14.3-macroize-find-debuginfo-script-location.patch @@ -0,0 +1,38 @@ +From 77007d68782b66f2d00d7b200516731246876dca Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 27 May 2021 13:58:58 +0300 +Subject: [PATCH] Macroize find-debuginfo script location + +Makes it easier to handle varying paths, mainly in preparation for the +next step. + +Backported for 4.14.3. +--- + macros.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/macros.in b/macros.in +index a6069ee4d..be28a3b28 100644 +--- a/macros.in ++++ b/macros.in +@@ -82,6 +82,8 @@ + %__remsh %{__rsh} + %__strip @__STRIP@ + ++%__find_debuginfo %{_rpmconfigdir}/find-debuginfo.sh ++ + # XXX avoid failures if tools are not installed when rpm is built. + %__libtoolize libtoolize + %__aclocal aclocal +@@ -177,7 +179,7 @@ + # the script. See the script for details. + # + %__debug_install_post \ +- %{_rpmconfigdir}/find-debuginfo.sh \\\ ++ %{__find_debuginfo} \\\ + %{?_smp_mflags} \\\ + %{?_missing_build_ids_terminate_build:--strict-build-id} \\\ + %{?_no_recompute_build_ids:-n} \\\ +-- +2.33.1 + diff --git a/SOURCES/rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch b/SOURCES/rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch new file mode 100644 index 0000000..ee12010 --- /dev/null +++ b/SOURCES/rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch @@ -0,0 +1,40 @@ +From 2e61e5846f8301f85da9d30281538ea736d96fd0 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Tue, 7 Dec 2021 08:08:37 +0100 +Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662) + +If a package contains a symlink in the buildroot which is declared as a +ghost or config file but is a regular file or directory on the system +where it's installed, a --setperms call will reset its permissions to +those of a symlink (777 on Linux), which almost certainly is not the +correct thing to do. + +To fix that, just skip files that were recorded as symlinks. + +This is a special case of a general issue in --setperms; since file +permission semantics may change depending on the file type, to stay on +the safe side, any (ghost or config) file whose type changes after +installation should probably be skipped. However, symlinks are the most +prominent case here, so let's just focus on that now and avoid adding +too much cleverness to a popt alias (this got us into trouble not too +long ago, see commits 38c2f6e and 0d83637). We may revisit this in the +eventual C implementation. +--- + rpmpopt.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmpopt.in b/rpmpopt.in +index 67fcabfb1..e130a5d05 100644 +--- a/rpmpopt.in ++++ b/rpmpopt.in +@@ -44,6 +44,7 @@ rpm alias --scripts --qf '\ + --POPTdesc=$"list install/erase scriptlets from package(s)" + + rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \ ++ \[ -n %{FILELINKTOS:shescape} \] || \ + ( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \ + chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \ + --pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \ +-- +2.35.1 + diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index ce2f190..d2e8994 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.14.3 #global snapver rc2 -%global rel 19 +%global rel 23 %global srcver %{version}%{?snapver:-%{snapver}} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} @@ -44,7 +44,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}.2 +Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 @@ -109,7 +109,11 @@ Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch Patch158: rpm-4.14.3-imp-covscan-fixes.patch -Patch159: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch +Patch159: rpm-4.14.3-add-path-query-option.patch +Patch160: rpm-4.14.3-macroize-find-debuginfo-script-location.patch +Patch161: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch +Patch162: rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch +Patch163: rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch # Python 3 string API sanity Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch @@ -690,11 +694,20 @@ make check || cat tests/rpmtests.log %doc doc/librpm/html/* %changelog -* Mon Jan 10 2022 Michal Domonkos - 4.14.3-19.2 -- Address covscan issues in binding sigs validation patch (#2022537) +* Tue Apr 05 2022 Michal Domonkos - 4.14.3-23 +- Fix minor ABI regression in rpmcli.h (#1940895) -* Thu Jan 06 2022 Michal Domonkos - 4.14.3-19.1 -- Validate and require subkey binding sigs on PGP pubkeys (#2022537) +* Tue Feb 15 2022 Michal Domonkos - 4.14.3-22 +- Fix spurious %transfiletriggerpostun execution (#2023693) +- Skip recorded symlinks in --setperms (#1900662) + +* Mon Jan 10 2022 Michal Domonkos - 4.14.3-21 +- Address covscan issues in binding sigs validation patch (#1958480) + +* Thu Dec 09 2021 Michal Domonkos - 4.14.3-20 +- Add --path query option (#1940895) +- Macroize find-debuginfo script location (#2019540) +- Validate and require subkey binding sigs on PGP pubkeys (#1958480) - Fixes CVE-2021-3521 * Wed Oct 06 2021 Michal Domonkos - 4.14.3-19