From 6f0a88203e24e9cab099bd620ec26fcaa0048826 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Apr 03 2018 22:21:23 +0000 Subject: Rebase to koji 1.15.1 Signed-off-by: Patrick Uiterwijk --- diff --git a/796.patch b/796.patch deleted file mode 100644 index 7a88b55..0000000 --- a/796.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e45c909235825f22e2ac7da63a4d6454399224e3 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Feb 20 2018 09:10:11 +0000 -Subject: Fix comparison with Enum value - - -The CHECKSUM_TYPES[...] call returns the index in the Enum field, not a string, -which meant that the comparison would never work. - -Reported-by: Clement Verna -Signed-off-by: Patrick Uiterwijk - ---- - -diff --git a/hub/kojihub.py b/hub/kojihub.py -index eb9b67d..f910595 100644 ---- a/hub/kojihub.py -+++ b/hub/kojihub.py -@@ -5581,7 +5581,7 @@ class CG_Importer(object): - (filesize, fileinfo['filename'], fileinfo['filesize'])) - - # checksum -- if koji.CHECKSUM_TYPES[fileinfo['checksum_type']] != 'md5': -+ if fileinfo['checksum_type'] != 'md5': - # XXX - # until we change the way we handle checksums, we have to limit this to md5 - raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo) - diff --git a/koji-fix808.patch b/koji-fix808.patch deleted file mode 100644 index c659a38..0000000 --- a/koji-fix808.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -rup koji-1.15.0.orig/builder/kojid koji-1.15.0/builder/kojid ---- koji-1.15.0.orig/builder/kojid 2018-02-18 12:34:29.680250204 +0100 -+++ koji-1.15.0/builder/kojid 2018-02-18 12:35:33.857177069 +0100 -@@ -736,7 +736,10 @@ class BuildRoot(object): - # mock 1.4+ /tmp is tmpfs mounted on each run, different - # directory is needed for persistency - # 'within' is equivalent to broot.path_without_to_within(broot.tmpdir()) -- base = "/builddir/tmp" -+ # -+ # *Note by puiterwijk*: This directory is "thebuilddir" rather than "Builddir" -+ # as it's in upstream koji to avoid upstream bug #808 -+ base = "/thebuilddir/tmp" - if within: - return base - else: diff --git a/koji.spec b/koji.spec index 572b297..60d4995 100644 --- a/koji.spec +++ b/koji.spec @@ -25,8 +25,8 @@ %endif Name: koji -Version: 1.15.0 -Release: 7%{?dist} +Version: 1.15.1 +Release: 1%{?dist} # koji.ssl libs (from plague) are GPLv2+ License: LGPLv2 and GPLv2+ Summary: Build system tools @@ -37,9 +37,7 @@ Source0: https://releases.pagure.org/koji/koji-%{version}.tar.bz2 # Backported patches Patch0: https://pagure.io/koji/pull-request/735.patch Patch1: https://pagure.io/koji/pull-request/794.patch -Patch2: koji-fix808.patch -Patch3: https://pagure.io/koji/pull-request/796.patch -Patch4: https://pagure.io/koji/pull-request/841.patch +Patch2: https://pagure.io/koji/pull-request/841.patch # Not upstreamable Patch100: fedora-config.patch @@ -248,8 +246,6 @@ koji-web is a web UI to the Koji system. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 %patch100 -p1 -b .fedoraconfig %build @@ -452,6 +448,10 @@ fi %endif %changelog +* Tue Apr 03 2018 Patrick Uiterwijk - 1.15.1-1 +- Rebase to 1.15.1 +- Fixes CVE-2018-1002150 + * Fri Mar 16 2018 Kevin Fenzi - 1.15.0-7 - Backport PR #841 to allow configurable timeout for oz