89 lines
3.3 KiB
Diff
89 lines
3.3 KiB
Diff
From f5695d04f56e27d9cf947c0502eb549c28aa817e Mon Sep 17 00:00:00 2001
|
|
From: Panu Matilainen <pmatilai@redhat.com>
|
|
Date: Tue, 25 May 2021 14:07:18 +0300
|
|
Subject: [PATCH] Fix regression reading rpm v3 and other rare packages (#1635)
|
|
|
|
Commit d6a86b5e69e46cc283b1e06c92343319beb42e21 introduced far stricter
|
|
checks on what tags are allowed in signature and main headers than rpm
|
|
had previously seen, and unsurprisingly this introduced some regressions
|
|
on less common cases:
|
|
|
|
- On rpm v3 packages and some newer 3rd party created packages (such as
|
|
install4j < 9.0.2), RPMTAG_ARCHIVESIZE resides in the main header
|
|
to begin with
|
|
- In rpm 4.13 - 4.14, file IMA signatures were incorrectly placed in
|
|
the main header.
|
|
|
|
As a quirk, permit the existence of RPMTAG_ARCHIVESIZE,
|
|
RPMTAG_FILESIGNATURES and RPMTAG_FILESIGNATURELENGTH in the main header
|
|
too provided that the corresponding signature tag is not there (so
|
|
they can reside in either but not both headers).
|
|
|
|
Initial workaround patch by Demi Marie Obenour.
|
|
|
|
Fixes: #1635
|
|
|
|
Backported for 4.16.1.3.
|
|
---
|
|
lib/package.c | 35 ++++++++++++++++++++---------------
|
|
1 file changed, 20 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/lib/package.c b/lib/package.c
|
|
index 36ed5abc6..8c2b66b0b 100644
|
|
--- a/lib/package.c
|
|
+++ b/lib/package.c
|
|
@@ -35,21 +35,22 @@ struct taglate_s {
|
|
rpmTagVal stag;
|
|
rpmTagVal xtag;
|
|
rpm_count_t count;
|
|
+ int quirk;
|
|
} const xlateTags[] = {
|
|
- { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 },
|
|
- { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 },
|
|
- { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 },
|
|
- { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 },
|
|
- /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */
|
|
- { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 },
|
|
- { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 },
|
|
- { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 },
|
|
- { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 },
|
|
- { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 },
|
|
- { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 },
|
|
- { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 },
|
|
- { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 },
|
|
- { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 },
|
|
+ { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1, 0 },
|
|
+ { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0, 0 },
|
|
+ { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16, 0 },
|
|
+ { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0, 0 },
|
|
+ /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0, 0 }, */ /* long obsolete, dont use */
|
|
+ { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1, 1 },
|
|
+ { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0, 1 },
|
|
+ { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1, 1 },
|
|
+ { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1, 0 },
|
|
+ { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1, 0 },
|
|
+ { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0, 0 },
|
|
+ { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0, 0 },
|
|
+ { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1, 0 },
|
|
+ { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1, 0 },
|
|
{ 0 }
|
|
};
|
|
|
|
@@ -67,8 +68,12 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg)
|
|
|
|
for (xl = xlateTags; xl->stag; xl++) {
|
|
/* There mustn't be one in the main header */
|
|
- if (headerIsEntry(h, xl->xtag))
|
|
+ if (headerIsEntry(h, xl->xtag)) {
|
|
+ /* Some tags may exist in either header, but never both */
|
|
+ if (xl->quirk && !headerIsEntry(sigh, xl->stag))
|
|
+ continue;
|
|
goto exit;
|
|
+ }
|
|
}
|
|
|
|
rpmtdReset(&td);
|
|
--
|
|
2.35.1
|
|
|