rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix malformed packages being generated around 4GB boundary (#1405570)

Browse Source
This commit is contained in:
Panu Matilainen 2017-01-23 15:45:35 +02:00
parent 21fe6e8963
commit 8fcb9658d2
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
rpm-4.13.0-signaturesize.patch Normal file
View File

@ -0,0 +1,48 @@
commit 61b41cd3d9f2003cbfd7c987f35fc6aedddd2a73
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Fri Jan 13 10:48:43 2017 +0200
Make the signature header size constant between 32- and 64-bit tags
Since commit 68bddc353a7ea87ea00ad957858cd509e845e84c we're initially
creating the signature header with estimated values, and if you're
unlucky enough to have the estimated and actual size on the different
sides of UINT32_MAX boundary, the resulting package will have the main
header off by eight bytes, making it unreadable by rpm (RhBug:1405570)
Always reserve a little bit of space in the signature header so we
we can maintain the overall size constant regardless of whether 32- or
64-bit tags were used by using a smaller "padding" with 64bit tags.
(cherry picked from commit e51644e0ee2d33c02c06560f87ea6aecb9991673)
diff --git a/lib/signature.c b/lib/signature.c
index 9784c7b..1b9fe34 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -304,7 +304,8 @@ rpmRC rpmGenerateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
struct rpmtd_s td;
rpmRC rc = RPMRC_OK;
char *reservedSpace;
- int spaceSize = 0;
+ int spaceSize = 32; /* always reserve a bit of space */
+ int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
/* Prepare signature */
sig = rpmNewSignature();
@@ -349,9 +350,14 @@ rpmRC rpmGenerateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
td.tag = RPMSIGTAG_LONGSIZE;
td.data = &s;
headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+ /* adjust for the size difference between 64- and 32bit tags */
+ spaceSize -= 8;
}
- spaceSize = rpmExpandNumeric("%{__gpg_reserved_space}");
+ if (gpgSize > 0)
+ spaceSize += gpgSize;
+
if(spaceSize > 0) {
reservedSpace = xcalloc(spaceSize, sizeof(char));
rpmtdReset(&td);

6
rpm.spec
View File

@ -29,7 +29,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}10%{?dist} Release: %{?snapver:0.%{snapver}.}11%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@ -53,6 +53,7 @@ Patch5: rpm-4.12.0-rpm2cpio-hack.patch
# Patches already upstream: # Patches already upstream:
Patch100: rpm-4.13.x-transfiletriggerpostun-invalid-read.patch Patch100: rpm-4.13.x-transfiletriggerpostun-invalid-read.patch
Patch101: rpm-4.13.0-signaturesize.patch
Patch133: rpm-4.13.x-pythondistdeps.patch Patch133: rpm-4.13.x-pythondistdeps.patch
Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch
@ -565,6 +566,9 @@ exit 0
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Mon Jan 23 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.0-11
- Fix malformed packages being generated around 4GB boundary (#1405570)
* Fri Jan 06 2017 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 4.13.0-10 * Fri Jan 06 2017 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 4.13.0-10
- Add Requires: python-setuptools for rpm-build (RHBZ #1410631) - Add Requires: python-setuptools for rpm-build (RHBZ #1410631)