michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch

976aaf
From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
976aaf
From: Panu Matilainen <pmatilai@redhat.com>
976aaf
Date: Thu, 13 Aug 2020 13:29:10 +0300
976aaf
Subject: [PATCH] Work around buggy signature region preventing resigning
976aaf
 (RhBug:1851508)
976aaf
976aaf
Various proprietary packages in the wild have subtly malformed data
976aaf
in the signature header, in particular wrt the immutable region size,
976aaf
presumably from using some in-house/3rd party signing tools which do
976aaf
not understand the immutable region business at all. This can prevent
976aaf
resigning and signature deletion on such packages due to the more
976aaf
thorough checking that rpmsign does.
976aaf
976aaf
As the old wisdom goes, be liberal in what you accept... we can easily
976aaf
work around the crud by just taking a fresh copy of the contents that
976aaf
are legit as such (otherwise the package would be uninstallable).
976aaf
976aaf
976aaf
Adjusted for 4.14.3
976aaf
976aaf
--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-10-29 16:00:38.785229048 +0100
976aaf
+++ rpm-4.14.3/sign/rpmgensig.c	2020-10-29 16:08:55.997791345 +0100
976aaf
@@ -401,12 +401,19 @@
976aaf
 
976aaf
     if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
976aaf
 	oh = headerCopyLoad(utd->data);
976aaf
-	nh = headerCopy(oh);
976aaf
-	headerFree(oh);
976aaf
 	rpmtdFreeData(utd);
976aaf
+    } else {
976aaf
+	/* XXX should we warn if the immutable region is corrupt/missing? */
976aaf
+	oh = headerLink(*hdrp);
976aaf
+    }
976aaf
+
976aaf
+    if (oh) {
976aaf
+	/* Perform a copy to eliminate crud from buggy signing tools etc */
976aaf
+	nh = headerCopy(oh);
976aaf
 	headerFree(*hdrp);
976aaf
 	*hdrp = headerLink(nh);
976aaf
 	headerFree(nh);
976aaf
+	headerFree(oh);
976aaf
     }
976aaf
 }
976aaf