automatic version update by autodist [release 4.20.1-1mamba;Fri Feb 21 2025]

rpm-4.20.0-upstream-disable_unshare_plugin_in_chroot.patch

@@ -1,72 +0,0 @@
-From 931cb97455b01228c639ae8361e4553679b13d54 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 1 Aug 2024 13:54:25 +0300
-Subject: [PATCH] Disable private mounts in chroot'ed operation in the unshare
- plugin
-
-mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) inside a chroot
-fails with EINVAL if the "/" inside the chroot is not an actual
-mount point on the system - as it often isn't. For now, just disable
-that functionality on chroot operation.
-
-Related: #3187
----
- docs/man/rpm-plugin-unshare.8.md |  5 +++++
- plugins/unshare.c                | 21 ++++++++++++++++-----
- 2 files changed, 21 insertions(+), 5 deletions(-)
-
-diff --git a/docs/man/rpm-plugin-unshare.8.md b/docs/man/rpm-plugin-unshare.8.md
-index d8a4222426..33073b872d 100644
---- a/docs/man/rpm-plugin-unshare.8.md
-+++ b/docs/man/rpm-plugin-unshare.8.md
-@@ -27,6 +27,11 @@ This plugin implements the following configurables:
-     execution. Typical examples would be `/tmp` to protect against
-     insecure temporary file usage inside scriptlets, and `/home` to
-     prevent scriptlets from accessing user home directories.
-+    When path unsharing is enabled, any mounts made from scriptlets
-+    are also private to the scriptlet (and vice versa, mount changes
-+    on the host are not visible to the scriptlet).
-+
-+    Private mounts in chroot-operations is unimplemented.
- 
- `%__transaction_unshare_nonet`
- 
-diff --git a/plugins/unshare.c b/plugins/unshare.c
-index bb02201e4a..50f60fad2f 100644
---- a/plugins/unshare.c
-+++ b/plugins/unshare.c
-@@ -19,8 +19,18 @@ static rpmRC unshare_init(rpmPlugin plugin, rpmts ts)
- {
-     char *paths = rpmExpand("%{?__transaction_unshare_paths}", NULL);
-     private_mounts = argvSplitString(paths, ":", ARGV_SKIPEMPTY);
--    if (private_mounts)
--	unshare_flags |= CLONE_NEWNS;
-+    if (private_mounts) {
-+	/*
-+	 * Changing mount propagation from inside a chroot fails if the root
-+	 * is not also a mount point, disable for now.
-+	 */
-+	if (strcmp(rpmtsRootDir(ts), "/")) {
-+	    rpmlog(RPMLOG_WARNING,
-+			"private mounts in chroot not implemented\n");
-+	} else {
-+	    unshare_flags |= CLONE_NEWNS;
-+	}
-+    }
-     free(paths);
- 
-     if (rpmExpandNumeric("%{?__transaction_unshare_nonet}"))
-@@ -47,9 +57,10 @@ static rpmRC unshare_scriptlet_fork_post(rpmPlugin plugin,
- 	goto exit;
-     }
- 
--    if (private_mounts) {
--	if (mount("/", "/", NULL, MS_REC | MS_PRIVATE, NULL) == -1) {
--	    rpmlog(RPMLOG_ERR, _("failed to mount private %s: %s\n"),
-+    if (unshare_flags & CLONE_NEWNS) {
-+	if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) == -1) {
-+	    rpmlog(RPMLOG_ERR,
-+		    _("failed to change mount propagation %s: %s\n"),
- 		    "/", strerror(errno));
- 	    goto exit;
- 	}

rpm-4.20.0-upstream-support-u-exclamation-mark-in-sysusers-files.patch

@@ -1,168 +0,0 @@
-From 234706084d8203a22eb984b1ef3646a15f8a9a1b Mon Sep 17 00:00:00 2001
-From: Florian Festi <ffesti@redhat.com>
-Date: Mon, 18 Nov 2024 14:16:29 +0100
-Subject: [PATCH] Support new u! command in sysusers files
-
-systemd 257 defines a new modifier ! for u entries that locks the
-account by setting it as expired.
-
-See https://github.com/systemd/systemd/commit/2ec7977e1b100c1717d95417e6d825fbf939f7b3
-
-Resolves: #3450
----
- docs/manual/users_and_groups.md |  8 ++++----
- macros.in                       |  2 +-
- scripts/sysusers.sh             | 21 ++++++++++++++++-----
- tests/data/SPECS/klang.spec     |  2 +-
- tests/rpmi.at                   |  8 ++++++--
- 5 files changed, 28 insertions(+), 13 deletions(-)
-
-diff --git a/docs/manual/users_and_groups.md b/docs/manual/users_and_groups.md
-index 3950b594b5..aee103f1c2 100644
---- a/docs/manual/users_and_groups.md
-+++ b/docs/manual/users_and_groups.md
-@@ -41,10 +41,10 @@ to weaken these into recommends-dependencies by setting
- 
- ## Limitations
- 
--At this time, rpm only supports the `u`, `g` and (since RPM 4.20) `m`
--directives of sysusers.d format and ignores others. If other
--directives are needed, the package will need to call systemd-sysusers
--with the correct arguments manually.
-+At this time, rpm only supports the `u`, `g`, (since RPM 4.20) `m`
-+and (since RPM 6.0) the `u!` directives of sysusers.d format and
-+ignores others. If other directives are needed, the package will need
-+to call systemd-sysusers with the correct arguments manually.
- 
- ## Technical details
- 
-diff --git a/macros.in b/macros.in
-index cb07970e13..00c9d07715 100644
---- a/macros.in
-+++ b/macros.in
-@@ -1367,7 +1367,7 @@ end
-     name = arg[2]
-     if arg[1] == 'g' then
-         type = 'group'
--    elseif arg[1] == 'u' then
-+    elseif arg[1] == 'u' or arg[1] == 'u!' then
-         type = 'user'
-     elseif arg[1] == 'm' and #arg >=3 then
-         type = 'groupmember'
-diff --git a/scripts/sysusers.sh b/scripts/sysusers.sh
-index 22ae5f23e6..d945b281bd 100755
---- a/scripts/sysusers.sh
-+++ b/scripts/sysusers.sh
-@@ -72,6 +72,7 @@ user() {
- 	local group="$4"
- 	local home="$5"
- 	local shell="$6"
-+	local expire="$7"
- 
- 	[ "$desc" = '-' ] && desc=
- 	{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
-@@ -90,6 +91,10 @@ user() {
- 			fi
- 		fi
- 	fi
-+
-+	if [[ $expire ]]; then
-+	    usermod -e 1 "${user}"
-+	fi
- }
- 
- group() {
-@@ -109,13 +114,13 @@ addtogroup() {
- 	local group="$2"
- 	
- 	group "${group}" "-"
--	user "${user}" "-" "" "${group}" "" ""
-+	user "${user}" "-" "" "${group}" "" "" ""
- 
- 	usermod -R "$ROOT" -a -G "${group}" "$user" || :
- }
- 
- parse() {
--	local line arr
-+	local line arr expire
- 
- 	while read -r line || [ -n "$line" ] ; do
- 		{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
-@@ -123,13 +128,19 @@ parse() {
- 		[ -z "$line" ] && continue
- 		mapfile -t arr < <(xargs -n1 <<<"$line")
- 
-+		expire=""
-+
- 		case "${arr[0]}" in
--			('u')
-+			('u' | 'u!')
-+				if [[ "${arr[0]}" == 'u!' ]]; then
-+					expire="1";
-+				fi
-+
- 				if [[ "${arr[2]}" == *":"* ]]; then
--					user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
-+					user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" $expire
- 				else
- 					group "${arr[1]}" "${arr[2]}"
--					user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
-+					user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" $expire
- 				fi
- 				;;
- 			('g')
-diff --git a/tests/data/SPECS/klang.spec b/tests/data/SPECS/klang.spec
-index cc35b87bd4..6d71de6ea0 100644
---- a/tests/data/SPECS/klang.spec
-+++ b/tests/data/SPECS/klang.spec
-@@ -47,7 +47,7 @@ EOF
- cat << EOF > ${RPM_BUILD_ROOT}/%{_sysusersdir}/plong.conf
- 
- # Real life files have all sorts of anomalies
--u plong - "Plong fu" /var/lib/plong /sbin/nologin
-+u! plong - "Plong fu" /var/lib/plong /sbin/nologin
- #...such as empty lines
- 
- # and comments comments
-diff --git a/tests/rpmi.at b/tests/rpmi.at
-index 7ea6a75207..6c7b84cdfe 100644
---- a/tests/rpmi.at
-+++ b/tests/rpmi.at
-@@ -1589,7 +1589,7 @@ group(klong) = ZyBrbG9uZyAt
- group(plong)
- groupmember(klangd/klong) = bSBrbGFuZ2Qga2xvbmcA
- user(klangd) = dSBrbGFuZ2QgLSAiS2xhbmcgc2VydmVyIiAvdmFyL2xpYi9rbGFuZ2QgL3NiaW4vbm9sb2dpbgAA
--user(plong) = dSBwbG9uZyAtICJQbG9uZyBmdSIgL3Zhci9saWIvcGxvbmcgL3NiaW4vbm9sb2dpbgAA
-+user(plong) = dSEgcGxvbmcgLSAiUGxvbmcgZnUiIC92YXIvbGliL3Bsb25nIC9zYmluL25vbG9naW4A
- ],
- [warning: ignoring unsupported sysuser type: r
- ])
-@@ -1618,7 +1618,7 @@ group(klong) = ZyBrbG9uZyAt
- group(plong)
- groupmember(klangd/klong) = bSBrbGFuZ2Qga2xvbmcA
- user(klangd) = dSBrbGFuZ2QgLSAiS2xhbmcgc2VydmVyIiAvdmFyL2xpYi9rbGFuZ2QgL3NiaW4vbm9sb2dpbgAA
--user(plong) = dSBwbG9uZyAtICJQbG9uZyBmdSIgL3Zhci9saWIvcGxvbmcgL3NiaW4vbm9sb2dpbgAA
-+user(plong) = dSEgcGxvbmcgLSAiUGxvbmcgZnUiIC92YXIvbGliL3Bsb25nIC9zYmluL25vbG9naW4A
- ],
- [warning: ignoring unsupported sysuser type: r
- ])
-@@ -1660,15 +1660,19 @@ runroot rpm -V ${VERIFYOPTS} klang-client klang-common
- RPMTEST_CHECK([
- runroot rpm -U /build/RPMS/noarch/klang-server-1.0-1.noarch.rpm
- runroot_other grep ^klangd /etc/passwd | cut -f1 -d:
-+runroot_other chage -l klangd | grep "Account expires" | cut -f2 -d:
- runroot_other grep ^klangd /etc/group | cut -f1 -d:
- runroot_other grep ^plong /etc/passwd | cut -f1 -d:
-+runroot_other chage -l plong | grep "Account expires" | cut -f2 -d:
- runroot_other grep ^klong /etc/group | cut -f4 -d:
- runroot rpm -V ${VERIFYOPTS} klang-server
- ],
- [0],
- [klangd
-+ never
- klangd
- plong
-+ Jan 02, 1970
- klangd
- ],
- [ignore])

rpm.spec

@@ -16,8 +16,8 @@
 %define majver %(echo %version | cut -d. -f1-2)
 Name:          rpm
 Epoch:         1
-Version:       4.20.0
-Release:       4mamba
+Version:       4.20.1
+Release:       1mamba
 Summary:       The RPM Package Manager (RPM) is a powerful package management system
 Group:         System/Management
 Vendor:        openmamba
@@ -44,8 +44,6 @@ Patch15:       rpm-4.18.0-allow-disabling-rmbuild.patch
 Patch16:       rpm-4.19.1.1-i586-add-sse-sse2-build-flags.patch
 Patch17:       rpm-4.19.1.1-i586-only-force-i586-host-cpu.patch
 Patch19:       rpm-4.19.1.1-host-readd-gnu-suffix.patch
-Patch20:       rpm-4.20.0-upstream-support-u-exclamation-mark-in-sysusers-files.patch
-Patch21:       rpm-4.20.0-upstream-disable_unshare_plugin_in_chroot.patch
 License:       LGPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@@ -145,8 +143,6 @@ This package should be installed if you want to develop Python programs that wil
 %patch 17 -p1
 %endif
 %patch 19 -p1
-%patch 20 -p1 -b .upstream-support-u-exclamation-mark-in-sysusers-files
-%patch 21 -p1 -b .upstream-disable_unshare_plugin_in_chroot
 
 %build
 #:<< _EOF
@@ -292,6 +288,9 @@ install -d -m0755 %{buildroot}%{_sysconfdir}/rpm/
 %{python3_sitearch}/rpm/*
 
 %changelog
+* Fri Feb 21 2025 Automatic Build System <autodist@openmamba.org> 4.20.1-1mamba
+- automatic version update by autodist
+
 * Sun Jan 19 2025 Silvan Calarco <silvan.calarco@mambasoft.it> 4.20.0-4mamba
 - remove old brp-strip which was replacing -regex with -path but has problems