import rpm-ostree-2024.7-2.el9

79300ab6 · Rocky Automation · 9edce48f · 79300ab6 · 79300ab6 · 79300ab6
Commit 79300ab6 authored 5 months ago by Rocky Automation
--- a/.rpm-ostree.checksum
+++ b/.rpm-ostree.checksum
-dfe984ab54231ecfbe32cde0935358906c953b3e95f197d6193817e79684d582
+0224d1522795df0ea8e6b45752454b737d086ca8c5de8bcac011b564b78ea9d3
--- a/.rpm-ostree.metadata
+++ b/.rpm-ostree.metadata
-9d67141e164b5f0b34767441ad88d9f91fefb12ff4b0e89300d4631fbb50daa7 SOURCES/rpm-ostree-2024.3.tar.xz
+12187adf4e14861a26eda02f4834b65182b2c892abe17405ef4097ecf937c808 SOURCES/rpm-ostree-2024.7.tar.xz
--- a/SOURCES/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
+++ b/SOURCES/0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch
+From 96ddae1acba59cf5249dcfff1157e44b5ed69650 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 15 Aug 2024 11:41:43 -0400
+Subject: [PATCH 1/1] core: Fix Coverity WRAPPER_ESCAPE
+
+This should fix:
+
+```
+32. rpm-ostree-2024.7/src/libpriv/rpmostree-core.cxx:1786:15: use_after_free: Using internal representation of destroyed object temporary of type "std::string".
+```
+
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ src/libpriv/rpmostree-core.cxx | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx
+index a2de7262..615e2636 100644
+--- a/src/libpriv/rpmostree-core.cxx
+++ b/src/libpriv/rpmostree-core.cxx
+@@ -1782,7 +1782,8 @@ rpmostree_context_prepare (RpmOstreeContext *self, gboolean enable_filelists,
+           auto pkg = "";
+           for (auto &pkg_str : packages)
+             {
+-              pkg = std::string (pkg_str).c_str ();
+              auto pkg_buf = std::string (pkg_str);
+              pkg = pkg_buf.c_str ();
+               char *query = strchr ((char *)pkg, '/');
+               if (query)
+                 {
+-- 
+2.46.0
+
--- a/SPECS/rpm-ostree.spec
+++ b/SPECS/rpm-ostree.spec
@@ -3,15 +3,15 @@

 Summary: Hybrid image/package system
 Name: rpm-ostree
-Version: 2024.3
-Release: 1%{?dist}
+Version: 2024.7
+Release: 2%{?dist}
 License: LGPLv2+
 URL: https://github.com/coreos/rpm-ostree
 # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
 # in the upstream git.  It also contains vendored Rust sources.
 Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz

-Patch0: 0001-cliwrap-rpm-mark-eval-E-as-safe.patch
+Patch0: 0001-core-Fix-Coverity-WRAPPER_ESCAPE.patch

 ExclusiveArch: %{rust_arches}

@@ -231,6 +231,13 @@ $PYTHON autofiles.py > files.devel \
  '%{_datadir}/gtk-doc/html/*' \
  '%{_datadir}/gir-1.0/*-1.0.gir'

+%post
+# Only enable on rpm-ostree based systems and manually force unit enablement to
+# explicitly ignore presets for this security fix
+if [ -e /run/ostree-booted ]; then
+    ln -snf /usr/lib/systemd/system/rpm-ostree-fix-shadow-mode.service  /usr/lib/systemd/system/multi-user.target.wants/
+fi
+
 %files -f files
 %doc COPYING.GPL COPYING.LGPL LICENSE README.md

@@ -239,6 +246,33 @@ $PYTHON autofiles.py > files.devel \
 %files devel -f files.devel

 %changelog
+* Thu Aug 15 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-2
+- Backport https://github.com/coreos/rpm-ostree/pull/5051
+  Resolves: #RHEL-53871
+
+* Tue Aug 09 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-1
+- Rebase to 2024.7
+  Resolves: #RHEL-53871
+
+* Tue May 21 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.5-1
+- Rebase to 2024.6
+  Resolves: #RHEL-29339
+
+* Mon Apr 15 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.5-1
+- Rebase to 2024.5
+  Adds fix for https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
+  Resolves: #RHEL-30415
+
+* Tue Apr 09 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.4-4
+- Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
+
+* Thu Mar 21 2024 Colin Walters <walters@verbum.org> - 2024.4-3
+- Backport patch to fix https://issues.redhat.com/browse/RHEL-29559
+
+* Fri Mar 15 2024 Colin Walters <walters@verbum.org> - 2024.4-2
+- https://github.com/coreos/rpm-ostree/releases/tag/v2024.4
+  Resolves: #RHEL-29339
+
 * Sun Feb 25 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.3-1
 - https://github.com/coreos/rpm-ostree/releases/tag/v2024.3
  Backport https://github.com/coreos/rpm-ostree/commit/fe586621e5014d14f92b913338171a02ed29e6cc