folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,065 Commits 19 Branches 117 Tags 103 MiB
C++ 69.9%
C 25.4%
Shell 2.6%
CMake 1.4%
Python 0.7%
Go to file
Panu Matilainen 404ef011c3 Don't follow symlinks on file creation (CVE-2017-7501) 
Open newly created files with O_EXCL to prevent symlink tricks.
When reopening hardlinks for writing the actual content, use append
mode instead. This is compatible with the write-only permissions but
is not destructive in case we got redirected to somebody elses file,
verify the target before actually writing anything.

As these are files with the temporary suffix, errors mean a local
user with sufficient privileges to break the installation of the package
anyway is trying to goof us on purpose, don't bother trying to mend it
(we couldn't fix the hardlink case anyhow) but just bail out.

Based on a patch by Florian Festi.
 		2017-09-19 14:46:36 +03:00
.tx Update transifex config for domain change 2013-06-07 12:57:57 +03:00
build Plug what's probably an ancient memleak in build code 2017-08-31 13:25:02 +03:00
ci ci: Add lmdb-devel to CI Dockerfile 2017-08-17 12:50:12 +03:00
db3 Remove BDB RPC "support" 2009-09-21 11:00:50 +03:00
doc Add documentation for %load macro 2017-09-11 14:23:02 +03:00
fileattrs Fix classification of ELF binaries with both setuid/setgid set 2017-08-31 12:01:24 +02:00
lib Don't follow symlinks on file creation (CVE-2017-7501) 2017-09-19 14:46:36 +03:00
luaext Cosmetics: if, while and switch are followed by a space 2017-02-27 17:41:37 +02:00
misc Revert "Only build bundled fts if system has a bad version that doesn't handle LFS" 2017-08-10 20:15:02 +03:00
plugins fix memleak in systemd_inhibit plugin 2017-04-27 11:36:12 +03:00
po Update translations from Transifxed for a change (yeah its been a while...) 2017-08-10 10:45:42 +03:00
python Use pkg-config for figuring python cflags and libs 2017-09-05 12:00:30 +03:00
rpmio Fix Ftell() past 2GB on 32bit architectures (RhBug:1492587) 2017-09-18 16:28:06 +03:00
scripts metainfo.prov: scan /usr/share/metainfo and /usr/share/appdata for both types 2017-08-25 12:51:28 +02:00
sign replaceSigDigests is only used with IMAEVM. 2017-07-21 15:11:04 +02:00
tests Add testcases for unpackaged files and directories detection 2017-09-19 09:39:36 +03:00
tools debugedit: skip_dir_prefix should check for dir separator. 2017-06-30 16:04:23 +03:00
.gitignore Add a mailmap file for fixing author anomalies + mapping mail addresses 2016-10-18 15:01:35 +03:00
.mailmap Add a mailmap file for fixing author anomalies + mapping mail addresses 2016-10-18 15:01:35 +03:00
CHANGES Spelling fixes 2017-06-27 14:42:21 +02:00
COPYING Update contact address in COPYING (RhBug:742362) 2012-11-05 15:09:58 +02:00
CREDITS Bring CREDITS to this millenium 2016-10-18 15:01:35 +03:00
INSTALL Fix fakechroot wrong URL. 2017-07-04 12:08:30 +02:00
Makefile.am Enable python build during dist-check 2017-09-06 17:33:30 +03:00
Makefile.maint Fix "make dist" work out of the box again 2016-11-04 11:02:50 +02:00
README Update community link in README 2017-04-05 11:57:00 +03:00
autogen.sh Just use autoreconf in autogen.sh (ticket #109) 2009-11-26 09:46:48 +02:00
cliutils.c Stop NSPR from messing with our signals 2017-05-10 13:59:58 +03:00
cliutils.h add short summaries to headers that miss one 2016-01-28 14:42:47 +01:00
configure.ac Less naive version of sync-after-transaction (RhBug:1461765) 2017-09-07 12:01:39 +03:00
debug.h Eliminate debug junk from the API 2007-12-04 11:25:46 +02:00
installplatform RISCV 64-bit (riscv64) support. 2016-08-22 21:16:48 +01:00
macros.debug Add option to have unique debug file names across version/release/arch. 2016-07-29 18:29:10 +02:00
macros.in Add LMDB backend to RPM 2017-08-17 12:49:06 +03:00
mkinstalldirs update mkinstalldirs to latest version (2009) 2017-07-27 13:59:01 +02:00
platform.in Add a %_rundir macro to the platform files. 2014-05-07 09:12:46 +03:00
preinstall.am Rip rpm 4.4.x API compatibility 2016-10-24 12:38:21 +03:00
rpm.am Bump sonames in preparation of 4.14.x branch 2017-08-10 10:34:01 +03:00
rpm.pc.in Add LMDB backend to RPM 2017-08-17 12:49:06 +03:00
rpm2archive.c rpm2cpio and rpm2archive: don't write archive data to a terminal. 2017-01-26 14:53:01 +01:00
rpm2cpio.c rpm2cpio and rpm2archive: don't write archive data to a terminal. 2017-01-26 14:53:01 +01:00
rpmbuild.c Allow running rpmbuild with debug verbosity 2017-08-23 11:50:11 +03:00
rpmdb.c Remove bunch of redundant environ declarations 2017-06-09 11:37:03 +03:00
rpmkeys.c Remove bunch of redundant environ declarations 2017-06-09 11:37:03 +03:00
rpmpopt.in Make coloring of output configurable 2017-08-09 11:19:05 +02:00
rpmqv.c Change output text to 'Exit status' 2017-07-20 15:10:30 +02:00
rpmrc.in Fix the armv5tl arch compatibility list 2017-05-11 13:29:10 +02:00
rpmsign.c Fix a number of problems in get_fskpass() 2017-06-09 12:57:00 +03:00
rpmspec.c Add --target as global option 2017-04-04 10:32:09 +03:00
system.h Actually test for __progname too 2017-03-24 14:20:48 +02:00

README 

This is RPM, the RPM Package Manager.

The latest releases are always available at:

	http://rpm.org/releases/

Additional RPM documentation (papers, slides, HOWTOs) can also be
found at the same site: http://rpm.org.

http://rpm.org/community all rpm releated mailing lists.

RPM was originally written by:

    Erik Troan <ewt@redhat.com>
    Marc Ewing <marc@redhat.com>

See the CREDITS file for a list of folks who have helped us out
tremendously.  RPM is Copyright (c) 1998 by Red Hat Software, Inc.,
and may be distributed under the terms of the GPL and LGPL (see  the
file COPYING for details).