Package: rpm / 4.16.1.2+dfsg1-3
Metadata
Package | Version | Patches format |
---|---|---|
rpm | 4.16.1.2+dfsg1-3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
installplatform verbose.patch | (download) |
installplatform |
1 1 + 0 - 0 ! |
verbose installplatform Just make installplatform to ease debugging problems with creatin platform files. |
rpmdb in home.patch | (download) |
macros.in |
4 3 + 1 - 0 ! |
move default rpmdb path to user home |
debian disable rpm.patch | (download) |
configure.ac |
2 2 + 0 - 0 ! |
rpm is not default package manager on debian In Debian, rpm should be used to install packages, but rather as a tool to work with rpm packages or as a helper in alien. Because of this we protect complain, when user tries to install a package. This warning can be hidden by --force-debian. |
fix directories.patch | (download) |
doc/manual/builddependencies |
2 1 + 1 - 0 ! |
fix installation directories - Do not install rpm to /bin/. - Setup default directories so that source RPMs rebuilt on Debian get the right directories and also that builds occur in /usr/src/rpm - Fix statedir and init.d patch |
tempfile.patch | (download) |
scripts/vpkg-provides.sh |
24 12 + 12 - 0 ! |
use the debian standard (and safe) mechanism of generating temporary files |
autogen cleanup.patch | (download) |
autogen.sh |
24 24 + 0 - 0 ! |
delete some crap after running autogen. |
lua libname.patch | (download) |
configure.ac |
2 1 + 1 - 0 ! |
in debian, lua library is called lua5.2. |
rpm 4.10.90 rpmlib filesystem check.patch | (download) |
lib/depends.c |
107 106 + 1 - 0 ! |
add fedora compatible rpm builtin provides |
0012 pythondistdeps.py Use python3 in shebang.patch | (download) |
scripts/pythondistdeps.py |
2 1 + 1 - 0 ! |
pythondistdeps.py: use python3 in shebang |
debugedit trunk.diff | (download) |
tools/debugedit.c |
775 413 + 362 - 0 ! |
--- |
gcc dwarf5.diff | (download) |
tools/debugedit.c |
884 682 + 202 - 0 ! |
--- |
CVE 2021 3421 CVE 2021 20271.patch | (download) |
lib/package.c |
117 57 + 60 - 0 ! |
be much more careful about copying data from the signature header Only look for known tags, and ensure correct type and size where known before copying over. Bump the old arbitrary 16k count limit to 16M limit though, it's not inconceivable that a package could have that many files. While at it, ensure none of these tags exist in the main header, which would confuse us greatly. . This is optimized for backporting ease, upstream can remove redundancies and further improve checking later. . Reported and initial patches by Demi Marie Obenour. . Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ... . Fixes: CVE-2021-3421, CVE-2021-20271 . NOTE (Debian): the upstream patch was modified to remove the references to RPMSIGTAG_VERITYSIGNATURES and RPMSIGTAG_VERITYSIGNATUREALGO, which were introduced in upstream changes later than our version. . This Debian patch combines the upstream patch with two follow-up commits: |
CVE 2021 20266.patch | (download) |
lib/header.c |
48 31 + 17 - 0 ! |
hdrblobinit() needs bounds checks too Users can pass untrusted data to hdrblobInit() and it must be robust against this. |
hide symbols.patch | (download) |
lib/package.c |
2 1 + 1 - 0 ! |
do not make the xlatetags symbol public. |