RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Ralf S. Engelschall Root: /v/rpm/cvs Email: r...@rpm5.org Module: rpm Date: 18-Apr-2009 18:41:59 Branch: HEAD Handle: 2009041816415701 Modified files: rpm CHANGES VENDOR rpm/lib poptALL.c rpm/rpmio macro.c poptIO.c rpmlua.c Log: RPM_VENDOR_OPENPKG: stick with local RPM sanity checking for reasonable warning messages. The reason simply is: POPT >= 1.15 contains the poptSaneFile() function which is equivalent to rpmSecuritySaneFile(). And POPT >= 1.15 also contains a poptReadConfigFiles() which returns POPT_ERROR_BADCONFIG in case poptSaneFile() says a file is not sane. This is all fine from a raw sanity checking point of view. Unfortunately, in the error reporting it is absolutely vital to know _WHICH_ file is considered insecure. Until POPT provides an error reporting callback or other means for RPM to provide again reasonable warning messages, we stick with the RPM sanity checking code. So, this is not because OpenPKG is using POPT < 1.15, but because we need proper warning messages! Summary: Revision Changes Path 1.2945 +1 -0 rpm/CHANGES 2.69 +18 -0 rpm/VENDOR 2.126 +2 -1 rpm/lib/poptALL.c 2.228 +4 -2 rpm/rpmio/macro.c 1.49 +2 -3 rpm/rpmio/poptIO.c 2.72 +2 -1 rpm/rpmio/rpmlua.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.2944 -r1.2945 CHANGES --- rpm/CHANGES 17 Apr 2009 22:42:11 -0000 1.2944 +++ rpm/CHANGES 18 Apr 2009 16:41:57 -0000 1.2945 @@ -1,5 +1,6 @@ 5.2a4 -> 5.2b1: + - rse: RPM_VENDOR_OPENPKG: stick with local RPM sanity checking for reasonable warning messages - jbj: js: simplify the embedding to the JSAPI examples, not the js shell. - jbj: ficl: capture stdout from ficl vm. - jbj: ficl: wire-up %post -p <ficl>. @@ . patch -p0 <<'@@ .' Index: rpm/VENDOR ============================================================================ $ cvs diff -u -r2.68 -r2.69 VENDOR --- rpm/VENDOR 6 Apr 2009 00:21:20 -0000 2.68 +++ rpm/VENDOR 18 Apr 2009 16:41:58 -0000 2.69 @@ -423,6 +423,24 @@ just ignored. ________________________________________________________________________ + Change: stick-with-rpm-file-sanity-checking + Purpose: Use file sanity checking code of RPM instead of POPT + Reason: POPT >= 1.15 contains the poptSaneFile() function which + is equivalent to rpmSecuritySaneFile(). And POPT >= + 1.15 also contains a poptReadConfigFiles() which + returns POPT_ERROR_BADCONFIG in case poptSaneFile() + says a file is not sane. This is all fine from a + raw sanity checking point of view. Unfortunately, + in the error reporting it is absolutely vital to + know _WHICH_ file is considered insecure. Until + POPT provides an error reporting callback or other + means for RPM to provide again reasonable warning + messages, we stick with the RPM sanity checking + code. So, this is not because OpenPKG is using + POPT < 1.15, but because we need proper warning + messages! + ________________________________________________________________________ + o Name: RPM4DARWIN Vendor: RPM for Darwin (Mac OS X) <http://rpm4darwin.sourceforge.net/> Representative: Anders F. Bjorklund <a...@users.sourceforge.net> <a...@rpm5.org> @@ . patch -p0 <<'@@ .' Index: rpm/lib/poptALL.c ============================================================================ $ cvs diff -u -r2.125 -r2.126 poptALL.c --- rpm/lib/poptALL.c 13 Apr 2009 18:07:31 -0000 2.125 +++ rpm/lib/poptALL.c 18 Apr 2009 16:41:58 -0000 2.126 @@ -679,7 +679,8 @@ optCon = poptGetContext(__progname, argc, (const char **)argv, optionsTable, 0); /*...@=nullpass =temptr...@*/ -#if !defined(POPT_ERROR_BADCONFIG) /* XXX popt-1.15- retrofit */ +#if defined(RPM_VENDOR_OPENPKG) /* stick-with-rpm-file-sanity-checking */ || \ + !defined(POPT_ERROR_BADCONFIG) /* XXX POPT 1.15 retrofit */ { char * path_buf = xstrdup(rpmpoptfiles); char *path; char *path_next; @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/macro.c ============================================================================ $ cvs diff -u -r2.227 -r2.228 macro.c --- rpm/rpmio/macro.c 17 Apr 2009 16:10:23 -0000 2.227 +++ rpm/rpmio/macro.c 18 Apr 2009 16:41:58 -0000 2.228 @@ -2193,7 +2193,8 @@ return rc; } -#if !defined(POPT_ERROR_BADCONFIG) /* XXX popt-1.15- retrofit */ +#if defined(RPM_VENDOR_OPENPKG) /* stick-with-rpm-file-sanity-checking */ || \ + !defined(POPT_ERROR_BADCONFIG) /* XXX POPT 1.15 retrofit */ int rpmSecuritySaneFile(const char *filename) { struct stat sb; @@ -2596,7 +2597,8 @@ if (fn[0] == '@' /* attention */) { fn++; -#if !defined(POPT_ERROR_BADCONFIG) /* XXX popt-1.15- retrofit */ +#if defined(RPM_VENDOR_OPENPKG) /* stick-with-rpm-file-sanity-checking */ || \ + !defined(POPT_ERROR_BADCONFIG) /* XXX POPT 1.15 retrofit */ if (!rpmSecuritySaneFile(fn)) #else if (!poptSaneFile(fn)) @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/poptIO.c ============================================================================ $ cvs diff -u -r1.48 -r1.49 poptIO.c --- rpm/rpmio/poptIO.c 17 Apr 2009 16:10:23 -0000 1.48 +++ rpm/rpmio/poptIO.c 18 Apr 2009 16:41:58 -0000 1.49 @@ -554,7 +554,8 @@ /*...@=nullpass =temptr...@*/ #ifdef NOTYET -#if !defined(POPT_ERROR_BADCONFIG) /* XXX popt-1.15- retrofit */ +#if defined(RPM_VENDOR_OPENPKG) /* stick-with-rpm-file-sanity-checking */ || \ + !defined(POPT_ERROR_BADCONFIG) /* XXX POPT 1.15 retrofit */ { char * path_buf = xstrdup(rpmpoptfiles); char *path; char *path_next; @@ -579,7 +580,6 @@ /* work-off each resulting file from the path element */ for (i = 0; i < ac; i++) { const char *fn = av[i]; -#if defined(RPM_VENDOR_OPENPKG) /* security-sanity-check-rpmpopt-and-rpmmacros */ if (fn[0] == '@' /* attention */) { fn++; if (!rpmSecuritySaneFile(fn)) { @@ -587,7 +587,6 @@ continue; } } -#endif (void)poptReadConfigFile(optCon, fn); av[i] = _free(av[i]); } @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmlua.c ============================================================================ $ cvs diff -u -r2.71 -r2.72 rpmlua.c --- rpm/rpmio/rpmlua.c 11 Apr 2009 16:50:24 -0000 2.71 +++ rpm/rpmio/rpmlua.c 18 Apr 2009 16:41:58 -0000 2.72 @@ -214,7 +214,8 @@ const char *fn = av[i]; if (fn[0] == '@' /* attention */) { fn++; -#if !defined(POPT_ERROR_BADCONFIG) /* XXX popt-1.15- retrofit */ +#if defined(RPM_VENDOR_OPENPKG) /* stick-with-rpm-file-sanity-checking */ || \ + !defined(POPT_ERROR_BADCONFIG) /* XXX POPT 1.15 retrofit */ if (!rpmSecuritySaneFile(fn)) #else if (!poptSaneFile(fn)) @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org