diff --git a/0001-Skip-to-hashed-subpacket-data-directly.patch b/0001-Skip-to-hashed-subpacket-data-directly.patch index f0eaf1f..ada500e 100644 --- a/0001-Skip-to-hashed-subpacket-data-directly.patch +++ b/0001-Skip-to-hashed-subpacket-data-directly.patch @@ -1,23 +1,39 @@ -From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001 +From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Mon, 5 Aug 2024 14:40:57 +0200 Subject: [PATCH] Skip to hashed subpacket data directly -Make OpenScanHub grok the bigger picture here, instead of producing a -spurious overrun warning for v->hashlen when we're dereferencing p -later. +Let OpenScanHub grok the bigger picture instead of producing a spurious +overrun warning for v->hashlen when we're dereferencing p later. + +Casting the v pointer back to uint8_t is unnecessary when we could just +use h directly but it's done this way in the if branch for pgp version 3 +in this function as well as in pgpPrtKey() so copy that, just for the +sake of consistency. + +Along the same lines (consistency), change the p pointer to a const +pointer. No functional change. Resolves: RHEL-22607 --- - rpmio/rpmpgp.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) + rpmio/rpmpgp.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9..6a7049954 100644 +index d0688ebe9..6f044eb1b 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c +@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + pgpDigParams _digp) + { + uint8_t version = 0; +- uint8_t * p; ++ const uint8_t * p; + unsigned int plen; + int rc = 1; + @@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype); pgpPrtNL(); @@ -26,10 +42,10 @@ index d0688ebe9..6a7049954 100644 if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) return 1; - p += sizeof(v->hashlen); -+ p = h + sizeof(*v); ++ p = ((uint8_t *)v) + sizeof(*v); if ((p + plen) > (h + hlen)) return 1; -- -2.45.2 +2.46.0 diff --git a/rpm.spec b/rpm.spec index 97a9cb2..67146a4 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 33 +%global rel 34 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -665,6 +665,9 @@ fi %doc doc/librpm/html/* %changelog +* Tue Aug 13 2024 Michal Domonkos - 4.16.1.3-34 +- Fix discarded const qualifier in previous patch (RHEL-22607) + * Mon Aug 05 2024 Michal Domonkos - 4.16.1.3-33 - Fix root relocation regression (RHEL-28967) - Don't confuse OpenScanHub with false array overrun (RHEL-22607)