Blame 0001-Work-around-buggy-signature-region-preventing-resign.patch
|
James Antill |
ee2eaf |
From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
|
|
James Antill |
ee2eaf |
From: Panu Matilainen <pmatilai@redhat.com>
|
|
James Antill |
ee2eaf |
Date: Thu, 13 Aug 2020 13:29:10 +0300
|
|
James Antill |
ee2eaf |
Subject: [PATCH] Work around buggy signature region preventing resigning
|
|
James Antill |
ee2eaf |
(RhBug:1851508)
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
Various proprietary packages in the wild have subtly malformed data
|
|
James Antill |
ee2eaf |
in the signature header, in particular wrt the immutable region size,
|
|
James Antill |
ee2eaf |
presumably from using some in-house/3rd party signing tools which do
|
|
James Antill |
ee2eaf |
not understand the immutable region business at all. This can prevent
|
|
James Antill |
ee2eaf |
resigning and signature deletion on such packages due to the more
|
|
James Antill |
ee2eaf |
thorough checking that rpmsign does.
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
As the old wisdom goes, be liberal in what you accept... we can easily
|
|
James Antill |
ee2eaf |
work around the crud by just taking a fresh copy of the contents that
|
|
James Antill |
ee2eaf |
are legit as such (otherwise the package would be uninstallable).
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
Adjusted for 4.14.3
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
--- rpm-4.14.3/sign/rpmgensig.c.orig 2020-10-29 16:00:38.785229048 +0100
|
|
James Antill |
ee2eaf |
+++ rpm-4.14.3/sign/rpmgensig.c 2020-10-29 16:08:55.997791345 +0100
|
|
James Antill |
ee2eaf |
@@ -401,12 +401,19 @@
|
|
James Antill |
ee2eaf |
|
|
James Antill |
ee2eaf |
if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
|
|
James Antill |
ee2eaf |
oh = headerCopyLoad(utd->data);
|
|
James Antill |
ee2eaf |
- nh = headerCopy(oh);
|
|
James Antill |
ee2eaf |
- headerFree(oh);
|
|
James Antill |
ee2eaf |
rpmtdFreeData(utd);
|
|
James Antill |
ee2eaf |
+ } else {
|
|
James Antill |
ee2eaf |
+ /* XXX should we warn if the immutable region is corrupt/missing? */
|
|
James Antill |
ee2eaf |
+ oh = headerLink(*hdrp);
|
|
James Antill |
ee2eaf |
+ }
|
|
James Antill |
ee2eaf |
+
|
|
James Antill |
ee2eaf |
+ if (oh) {
|
|
James Antill |
ee2eaf |
+ /* Perform a copy to eliminate crud from buggy signing tools etc */
|
|
James Antill |
ee2eaf |
+ nh = headerCopy(oh);
|
|
James Antill |
ee2eaf |
headerFree(*hdrp);
|
|
James Antill |
ee2eaf |
*hdrp = headerLink(nh);
|
|
James Antill |
ee2eaf |
headerFree(nh);
|
|
James Antill |
ee2eaf |
+ headerFree(oh);
|
|
James Antill |
ee2eaf |
}
|
|
James Antill |
ee2eaf |
}
|
|
James Antill |
ee2eaf |
|