diff --git a/backport-Avoid-Python-reference-leaks.patch b/backport-Avoid-Python-reference-leaks.patch new file mode 100644 index 0000000000000000000000000000000000000000..96fc9ca06fe0a3fffff28e3378debf698986c6d6 --- /dev/null +++ b/backport-Avoid-Python-reference-leaks.patch @@ -0,0 +1,64 @@ +From 70db7976d6ca0e6a4140269f21a66c14f6c177ab Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Thu, 29 May 2025 17:31:45 +0200 +Subject: [PATCH] Avoid Python reference leaks + +--- + python/rpmarchive-py.c | 11 +++++++++-- + python/rpmfiles-py.c | 1 + + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/python/rpmarchive-py.c b/python/rpmarchive-py.c +index b8b9515cf..294fabcf2 100644 +--- a/python/rpmarchive-py.c ++++ b/python/rpmarchive-py.c +@@ -138,12 +138,16 @@ static PyObject *rpmarchive_readto(rpmarchiveObject *s, + return NULL; + } + +- if (s->archive == NULL) ++ if (s->archive == NULL) { ++ Py_DECREF(fdo); + return rpmarchive_closed(); ++ } ++ + + Py_BEGIN_ALLOW_THREADS + rc = rpmfiArchiveReadToFile(s->archive, rpmfdGetFd(fdo), nodigest); + Py_END_ALLOW_THREADS ++ Py_DECREF(fdo); + + if (rc) + return rpmarchive_error(rc); +@@ -163,12 +167,15 @@ static PyObject *rpmarchive_writeto(rpmarchiveObject *s, + return NULL; + } + +- if (s->archive == NULL) ++ if (s->archive == NULL) { ++ Py_DECREF(fdo); + return rpmarchive_closed(); ++ } + + Py_BEGIN_ALLOW_THREADS + rc = rpmfiArchiveWriteFile(s->archive, rpmfdGetFd(fdo)); + Py_END_ALLOW_THREADS ++ Py_DECREF(fdo); + + if (rc) + return rpmarchive_error(rc); +diff --git a/python/rpmfiles-py.c b/python/rpmfiles-py.c +index 2c0845d7b..fb40a7b3e 100644 +--- a/python/rpmfiles-py.c ++++ b/python/rpmfiles-py.c +@@ -464,6 +464,7 @@ static PyObject *rpmfiles_archive(rpmfilesObject *s, + } else { + archive = rpmfiNewArchiveReader(fd, s->files, RPMFI_ITER_READ_ARCHIVE); + } ++ Py_DECREF(fdo); + + return rpmarchive_Wrap(&rpmarchive_Type, s->files, archive); + } +-- +2.33.0 + diff --git a/backport-Check-RPATH-and-RUNPATH-separately-in-check-rpaths.patch b/backport-Check-RPATH-and-RUNPATH-separately-in-check-rpaths.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3d3bb58e22c444d94bb8a8f77a07f3bb8ec9fb1 --- /dev/null +++ b/backport-Check-RPATH-and-RUNPATH-separately-in-check-rpaths.patch @@ -0,0 +1,59 @@ +From 65178e0cc3d1f5b64613fd046d1070b13f266e51 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 28 Mar 2025 11:19:35 +0100 +Subject: [PATCH] Check RPATH and RUNPATH separately in check-rpaths + +5417bff optimized rpath checking to only run readelf once. This breaks +in the (rare) cases when a binary has both a RPATH and RUNPATH entry. + +Move the readelf call out of the check_rpath function so both can be +processed separately while still only readelf once. + +Use simpler (and correct) calculation of $lower from before 5417bff. + +Test library from https://github.com/fitzsim/add-runpath-to-rpath-elf + +Resolves: #3667 +--- + scripts/check-rpaths-worker | 10 ++++++---- + 1 files changed, 6 insertions(+), 4 deletions(-) + create mode 100644 tests/data/misc/libboth-rpath-and-runpath.so + +diff --git a/scripts/check-rpaths-worker b/scripts/check-rpaths-worker +index 26f74f0c8..fcc8198c2 100755 +--- a/scripts/check-rpaths-worker ++++ b/scripts/check-rpaths-worker +@@ -94,8 +94,9 @@ function msg() + + function check_rpath() { + pos=0 +- rpath=$(DEBUGINFOD_URLS="" readelf -W -d "$1" 2>/dev/null | LANG=C grep -E "\((RPATH|RUNPATH)\).*:") || return 0 +- rpath=$(echo "$rpath" | LANG=C sed -e "s!.*\(RPATH\|RUNPATH\).*: \[\(.*\)\]!\2!p;d") ++ rpath=$(echo "$1" | LANG=C grep -E "\(($2)\).*:") || return 0 ++ rpath=$(echo "$rpath" | LANG=C sed -e "s!.*\($2\).*: \[\(.*\)\]!\2!p;d") ++ lower=$(echo $2 | awk '{print tolower($0)}') + + tmp=aux:$rpath:/lib/aux || : + IFS=: +@@ -106,7 +107,6 @@ function check_rpath() { + + allow_ORIGIN=1 + for j; do +- lower=$(echo $j | grep -E -o "RPATH|RUNPATH" | awk '{print tolower($0)}') + new_allow_ORIGIN=0 + + if test -z "$j"; then +@@ -159,7 +159,9 @@ function check_rpath() { + old_IFS=$IFS + + for i; do +- check_rpath $i ++ paths=$(DEBUGINFOD_URLS="" readelf -W -d "$i" 2>/dev/null | LANG=C grep -E "\((RPATH|RUNPATH)\).*:") || continue ++ check_rpath "$paths" RPATH ++ check_rpath "$paths" RUNPATH + done + + test -z "$fail" +-- +2.33.0 + diff --git a/backport-Ensure-header-object-is-cleaned-even-in-case-of-an-e.patch b/backport-Ensure-header-object-is-cleaned-even-in-case-of-an-e.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f720361560de9144a13f8e629111ddf5aba3732 --- /dev/null +++ b/backport-Ensure-header-object-is-cleaned-even-in-case-of-an-e.patch @@ -0,0 +1,36 @@ +From 09a680763efef03151cfaf07dc71b6502b148138 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Thu, 26 Jun 2025 18:00:05 +0200 +Subject: [PATCH] Ensure header object is cleaned even in case of an error + +rpmReadPackageFile can set h even in case rpmrc is an error, which +resulted in memory leaks. +--- + python/rpmts-py.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/rpmts-py.c b/python/rpmts-py.c +index b1575f34e..21f6ef00f 100644 +--- a/python/rpmts-py.c ++++ b/python/rpmts-py.c +@@ -406,7 +406,7 @@ rpmts_HdrFromFdno(rpmtsObject * s, PyObject *arg) + { + PyObject *ho = NULL; + rpmfdObject *fdo = NULL; +- Header h; ++ Header h = NULL; + rpmRC rpmrc; + + if (!PyArg_Parse(arg, "O&:HdrFromFdno", rpmfdFromPyObject, &fdo)) +@@ -425,7 +425,7 @@ rpmts_HdrFromFdno(rpmtsObject * s, PyObject *arg) + Py_END_ALLOW_THREADS; + Py_XDECREF(fdo); + +- if (rpmrc == RPMRC_OK) { ++ if (h) { + ho = hdr_Wrap(&hdr_Type, h); + } else { + Py_INCREF(Py_None); +-- +2.33.0 + diff --git a/rpm.spec b/rpm.spec index acb203d9879e77a80e4f4c79cb8fa9211b6e84ac..412566902922950b6bd4546b2820b8e94fe19f39 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.17.0 -Release: 47 +Release: 48 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -132,6 +132,9 @@ Patch6100: backport-Fix-memleak-when-process-policies.patch Patch6101: backport-Enforce-the-same-sanity-checks-on-db-add-and-rebuild.patch Patch6102: backport-Fix-a-memory-leak-on-rpmdb-importdb.patch Patch6103: backport-Return-1-from-fdSize-for-non-regular-files.patch +Patch6104: backport-Check-RPATH-and-RUNPATH-separately-in-check-rpaths.patch +Patch6105: backport-Avoid-Python-reference-leaks.patch +Patch6106: backport-Ensure-header-object-is-cleaned-even-in-case-of-an-e.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: zlib-devel zstd-devel >= 1.3.8 xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -422,6 +425,9 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Thu Aug 14 2025 fuanan - 4.17.0-48 +- sync patches from upstream + * Thu Jul 17 2025 yanglongkang - 4.17.0-47 - sync patches from upstream