Fix malformed packages being generated around 4GB boundary (#1405570)

2017-01-23 15:45:35 +02:00 · 2017-01-23 15:45:35 +02:00 · 8fcb9658d2
commit 8fcb9658d2
parent 21fe6e8963
2 changed files with 53 additions and 1 deletions
--- a/rpm-4.13.0-signaturesize.patch
+++ b/rpm-4.13.0-signaturesize.patch
@ -0,0 +1,48 @@
+commit 61b41cd3d9f2003cbfd7c987f35fc6aedddd2a73
+Author: Panu Matilainen <pmatilai@redhat.com>
+Date:   Fri Jan 13 10:48:43 2017 +0200
+
+    Make the signature header size constant between 32- and 64-bit tags
+    
+    Since commit 68bddc353a7ea87ea00ad957858cd509e845e84c we're initially
+    creating the signature header with estimated values, and if you're
+    unlucky enough to have the estimated and actual size on the different
+    sides of UINT32_MAX boundary, the resulting package will have the main
+    header off by eight bytes, making it unreadable by rpm (RhBug:1405570)
+    
+    Always reserve a little bit of space in the signature header so we
+    we can maintain the overall size constant regardless of whether 32- or
+    64-bit tags were used by using a smaller "padding" with 64bit tags.
+    
+    (cherry picked from commit e51644e0ee2d33c02c06560f87ea6aecb9991673)
+
+diff --git a/lib/signature.c b/lib/signature.c
+index 9784c7b..1b9fe34 100644
+--- a/lib/signature.c
+++ b/lib/signature.c
+@@ -304,7 +304,8 @@ rpmRC rpmGenerateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
+     struct rpmtd_s td;
+     rpmRC rc = RPMRC_OK;
+     char *reservedSpace;
+-    int spaceSize = 0;
+    int spaceSize = 32; /* always reserve a bit of space */
+    int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
+ 
+     /* Prepare signature */
+     sig = rpmNewSignature();
+@@ -349,9 +350,14 @@ rpmRC rpmGenerateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
+ 	td.tag = RPMSIGTAG_LONGSIZE;
+ 	td.data = &s;
+ 	headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+	/* adjust for the size difference between 64- and 32bit tags */
+	spaceSize -= 8;
+     }
+ 
+-    spaceSize = rpmExpandNumeric("%{__gpg_reserved_space}");
+    if (gpgSize > 0)
+	spaceSize += gpgSize;
+
+     if(spaceSize > 0) {
+ 	reservedSpace = xcalloc(spaceSize, sizeof(char));
+ 	rpmtdReset(&td);
--- a/rpm.spec
+++ b/rpm.spec
@ -29,7 +29,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: %{?snapver:0.%{snapver}.}10%{?dist}
+Release: %{?snapver:0.%{snapver}.}11%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@ -53,6 +53,7 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch

 # Patches already upstream:
 Patch100: rpm-4.13.x-transfiletriggerpostun-invalid-read.patch
+Patch101: rpm-4.13.0-signaturesize.patch

 Patch133: rpm-4.13.x-pythondistdeps.patch
 Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch
@ -565,6 +566,9 @@ exit 0
 %doc doc/librpm/html/*

 %changelog
+* Mon Jan 23 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.0-11
+- Fix malformed packages being generated around 4GB boundary (#1405570)
+
 * Fri Jan 06 2017 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 4.13.0-10
 - Add Requires: python-setuptools for rpm-build (RHBZ #1410631)