From 43a9b03766214ee2c506c6f7c64e77c95f3dbfd2 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Dec 13 2021 15:15:05 +0000 Subject: Fix-up IMA signature lengths patch Related: #2018937 --- diff --git a/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch b/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch index 9be13e7..60058b4 100644 --- a/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch +++ b/rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch @@ -1,4 +1,4 @@ -From 495f25f7198fb1e0163a7ae55de55576d9dc6fe5 Mon Sep 17 00:00:00 2001 +From 1f63621d098741158b5e1e7158cc570a415d88cd Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Mon, 29 Nov 2021 14:01:39 +0200 Subject: [PATCH] Fix IMA signature lengths assumed constant (#1833, @@ -22,20 +22,22 @@ not a lot to gain anyhow. Fixes: #1833 -Combined with 0c1ad364d65c4144ff71c376e0b49fbc322b686d and backported -for 4.16.1.3. Note that the test case has been removed due to it -including a binary file (test package) for which we'd have to use -Sgit -with %autopatch and thus depend on git-core at build time. -Nevertheless, we do have this BZ covered in our internal test suite, so -no need for it anyway. +Backported for 4.16.1.3 and combined with: +31e9daf823f7052135d1decc0802b6fa775a88c5 (fix-up) +0c1ad364d65c4144ff71c376e0b49fbc322b686d (python bindings) + +Note that the test case has been removed due to it including a binary +file (test package) for which we'd have to use -Sgit with %autopatch and +thus depend on git-core at build time. Nevertheless, we do have this BZ +covered in our internal test suite, so no need for it anyway. --- - lib/rpmfi.c | 43 ++++++++++++++++++++++++++++++++++--------- - python/rpmfiles-py.c | 18 ++++++++++++++++++ - sign/rpmsignfiles.c | 5 ++++- - 3 files changed, 56 insertions(+), 10 deletions(-) + lib/rpmfi.c | 59 +++++++++++++++++++++++++++++++++----------- + python/rpmfiles-py.c | 18 ++++++++++++++ + sign/rpmsignfiles.c | 5 +++- + 3 files changed, 67 insertions(+), 15 deletions(-) diff --git a/lib/rpmfi.c b/lib/rpmfi.c -index af428468c..0878d78f2 100644 +index af428468c..ed8927fd5 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c @@ -115,7 +115,8 @@ struct rpmfiles_s { @@ -43,7 +45,7 @@ index af428468c..0878d78f2 100644 int digestalgo; /*!< File digest algorithm */ - int signaturelength; /*!< File signature length */ -+ int *signaturelengths; /*!< File signature length */ ++ int *signaturelengths; /*!< File signature lengths */ + int signaturemaxlen; /*!< Largest file signature length */ unsigned char * digests; /*!< File digests in binary. */ unsigned char * signatures; /*!< File signatures in binary. */ @@ -56,7 +58,7 @@ index af428468c..0878d78f2 100644 + signature = fi->signatures + (fi->signaturemaxlen * ix); if (len) - *len = fi->signaturelength; -+ *len = fi->signaturelengths[ix]; ++ *len = fi->signaturelengths ? fi->signaturelengths[ix] : 0; } return signature; } @@ -68,7 +70,7 @@ index af428468c..0878d78f2 100644 fi->fcaps = _free(fi->fcaps); fi->cdict = _free(fi->cdict); -@@ -1486,15 +1488,38 @@ err: +@@ -1486,23 +1488,52 @@ err: } /* Convert a tag of hex strings to binary presentation */ @@ -83,12 +85,13 @@ index af428468c..0878d78f2 100644 if (headerGet(h, tag, &td, HEADERGET_MINMEM) && rpmtdCount(&td) == num) { - uint8_t *t = bin = xmalloc(num * len); const char *s; - ++ int maxl = 0; ++ int *lens = NULL; ++ + /* Figure string sizes + max length for allocation purposes */ + if (lengths) { -+ int maxl = 0; -+ int *lens = xmalloc(num * sizeof(*lens)); + int i = 0; ++ lens = xmalloc(num * sizeof(*lens)); + + while ((s = rpmtdNextString(&td))) { + lens[i] = strlen(s) / 2; @@ -99,17 +102,35 @@ index af428468c..0878d78f2 100644 + + *lengths = lens; + *maxlen = maxl; -+ len = maxl; + + /* Reinitialize iterator for next round */ + rpmtdInit(&td); ++ } else { ++ maxl = len; + } -+ -+ uint8_t *t = bin = xmalloc(num * len); + ++ uint8_t *t = bin = xmalloc(num * maxl); ++ int i = 0; while ((s = rpmtdNextString(&td))) { if (*s == '\0') { - memset(t, 0, len); -@@ -1570,15 +1595,15 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags) +- memset(t, 0, len); +- t += len; +- continue; ++ memset(t, 0, maxl); ++ } else { ++ if (lens) ++ len = lens[i]; ++ for (int j = 0; j < len; j++, s += 2) ++ t[j] = (rnibble(s[0]) << 4) | rnibble(s[1]); + } +- for (int j = 0; j < len; j++, t++, s += 2) +- *t = (rnibble(s[0]) << 4) | rnibble(s[1]); ++ t += maxl; ++ i++; + } + } + rpmtdFreeData(&td); +@@ -1570,15 +1601,15 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags) /* grab hex digests from header and store in binary format */ if (!(flags & RPMFI_NOFILEDIGESTS)) { size_t diglen = rpmDigestLength(fi->digestalgo); diff --git a/rpm.spec b/rpm.spec index 9da035d..f598ac7 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 8 +%global rel 9 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -606,6 +606,9 @@ fi %doc doc/librpm/html/* %changelog +* Mon Dec 13 2021 Michal Domonkos - 4.16.1.3-9 +- Fix-up IMA signature lengths patch (#2018937) + * Thu Dec 09 2021 Michal Domonkos - 4.16.1.3-8 - Support hash v8 databases from BDB < 4.6 (#1965147) - Ensure ELF files get stripped when debuginfo is disabled (#1999009)