Fedora has issued an advisory on April 26: https://lists.fedoraproject.org/pipermail/package-announce/2016-April/183150.html They added patches to fix it for rpm 4.12 in this commit: http://pkgs.fedoraproject.org/cgit/rpms/rpm.git/commit/?h=f22&id=165614f3dd42caa188f78b55e7723dad2900b2f4 Thierry has already fixed this in Cauldron. These appear to be low-severity issues. We could just check the patches into SVN for now. I'll leave that up to Thierry.
Submitted to mga5 Suggested advisory: =================== This update fix two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) List of packages: ================= lib64rpmbuild3-4.12.0.1-20.5.5mga5.x86_64.rpm lib64rpm-devel-4.12.0.1-20.5.5mga5.x86_64.rpm lib64rpmsign3-4.12.0.1-20.5.5mga5.x86_64.rpm python3-rpm-4.12.0.1-20.5.5mga5.x86_64.rpm python-rpm-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-build-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-sign-4.12.0.1-20.5.5mga5.x86_64.rpm
Assignee: thierry.vignaud => qa-bugs
Added %autosetup/%autopatch fixes Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not correctly process sources and patches, causing issues with rpmspec * %autopatch was not respecting the default patch application settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.6.mga5 lib64rpm-devel-4.12.0.1-20.6.mga5 lib64rpmsign3-4.12.0.1-20.6.mga5 python3-rpm-4.12.0.1-20.6.mga5 python-rpm-4.12.0.1-20.6.mga5 rpm-build-4.12.0.1-20.6.mga5 rpm-sign-4.12.0.1-20.6.mga5 rpm-4.12.0.1-20.6.mga5 From SRPMS: rpm-4.12.0.1-20.6.mga5.src.rpm
CC: (none) => ngompa13
Removed patch flags patch Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not always correctly process sources and patches * %autopatch was not respecting the patch fuzz settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.7.mga5 lib64rpm-devel-4.12.0.1-20.7.mga5 lib64rpmsign3-4.12.0.1-20.7.mga5 python3-rpm-4.12.0.1-20.7.mga5 python-rpm-4.12.0.1-20.7.mga5 rpm-build-4.12.0.1-20.7.mga5 rpm-sign-4.12.0.1-20.7.mga5 rpm-4.12.0.1-20.7.mga5 From SRPMS: rpm-4.12.0.1-20.7.mga5.src.rpm
Grr... Incomplete advisory Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not always correctly process sources and patches * %autopatch was not respecting the patch fuzz settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.7.mga5 lib64rpm-devel-4.12.0.1-20.7.mga5 lib64rpmsign3-4.12.0.1-20.7.mga5 librpmbuild3-4.12.0.1-20.7.mga5 librpm-devel-4.12.0.1-20.7.mga5 librpmsign3-4.12.0.1-20.7.mga5 python3-rpm-4.12.0.1-20.7.mga5 python-rpm-4.12.0.1-20.7.mga5 rpm-build-4.12.0.1-20.7.mga5 rpm-sign-4.12.0.1-20.7.mga5 rpm-4.12.0.1-20.7.mga5 From SRPMS: rpm-4.12.0.1-20.7.mga5.src.rpm
It sounds like this is going to be best tested by packagers, have you done so Neal, Thierry?
or David :)
I tested it and reported the issue that Neal just fixed. I'll test it again today once the latest build is available and I have a couple minutes.
Confirmed the autopatch works correctly now. rpm itself still functions too. The autopatch fixes shouldn't be arch-dependent, so a quick general rpm usage test on i586 should suffice for this.
Whiteboard: (none) => MGA5-64-OK
Confirmed on my end with i586 rpm.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
Thanks. Validating then.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA5-64-OK MGA5-32-OK => advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0069.html
Status: NEW => RESOLVEDResolution: (none) => FIXED