[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch to fix bad version comparison in RPMPackageCheck
From: |
Phil D'Amore |
Subject: |
Patch to fix bad version comparison in RPMPackageCheck |
Date: |
Sat, 26 Feb 2005 23:19:50 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314 |
I was reviewing the code in RPMPackageCheck to see if there was anything
fundamentally wrong with the way it did version comparison. What I
found is fixed in the attached patch.
Basically, when comparing versions, it compares each of the three
components, epoch, version, and release, in order. Since this goes from
most significant to least, as soon as it finds one component that
differs, it should be using that result as the result of the
comparison. In reality, the code would just plow through, doing the
other comparisons, and the result of the last comparison done would be
returned. For example:
Requested - 4.12-38
Installed - 4.13-37
The installed version is greater than what is requested, because 4.12 <
4.13. However, after doing that comparison, instead of ignoring the
difference in the release portion (38 vs 37), it does the comparison,
and since 38 > 37, it would incorrectly decide that the installed
package version is *less* than what is requested, which can obviously
cause problems if you are being very specific about the version you are
looking for.
The attached patch fixes things so the comparison correctly stops after
seeing 4.12 < 4.13, since at that point the -38 and -37 components are
irrelevant.
I suspect most folks don't get this specific, so it has not really been
a problem. I know I personally have never run into this problem on my
production systems. Still, it should be fixed, so here ya go...
Thanks,
--
Phil D'Amore "Sometimes there is a fine line
Senior System Administrator between criminally abusive
Red Hat, Inc behavior and fun."
Office: 919.754.3700 x44395 -- Ted the Generic Guy
Pager: 877.383.8795 (Dilbert 4/19/2003)
diff -Naur cfengine-2.1.13.orig/src/package.c cfengine-2.1.13/src/package.c
--- cfengine-2.1.13.orig/src/package.c 2004-10-10 03:42:51.000000000 -0400
+++ cfengine-2.1.13/src/package.c 2005-02-26 19:25:28.129064928 -0500
@@ -198,23 +198,25 @@
{
result = cmpsense_lt;
}
+
/* If that did not decide it, try version. We must *always* have
* a version string. That's just the way it is.*/
-
- switch (rpmvercmp(vA, vB))
+ if (result == cmpsense_eq)
{
- case 1: result = cmpsense_gt;
- break;
- case -1: result = cmpsense_lt;
- break;
+ switch (rpmvercmp(vA, vB))
+ {
+ case 1: result = cmpsense_gt;
+ break;
+ case -1: result = cmpsense_lt;
+ break;
+ }
}
/* if we wind up here, everything rides on the release if both have it.
* RPM always stores a release internally in the database, so the A side
* will have it. It's just a matter of whether or not the user cares
* about it at this point. */
-
- if (rB && *rB)
+ if ((result == cmpsense_eq) && (rB && *rB))
{
switch (rpmvercmp(rA, rB))
{
- Patch to fix bad version comparison in RPMPackageCheck,
Phil D'Amore <=