michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch

b445f2
From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
b445f2
From: Panu Matilainen <pmatilai@redhat.com>
b445f2
Date: Thu, 13 Aug 2020 13:29:10 +0300
b445f2
Subject: [PATCH] Work around buggy signature region preventing resigning
b445f2
 (RhBug:1851508)
b445f2
b445f2
Various proprietary packages in the wild have subtly malformed data
b445f2
in the signature header, in particular wrt the immutable region size,
b445f2
presumably from using some in-house/3rd party signing tools which do
b445f2
not understand the immutable region business at all. This can prevent
b445f2
resigning and signature deletion on such packages due to the more
b445f2
thorough checking that rpmsign does.
b445f2
b445f2
As the old wisdom goes, be liberal in what you accept... we can easily
b445f2
work around the crud by just taking a fresh copy of the contents that
b445f2
are legit as such (otherwise the package would be uninstallable).
b445f2
b445f2
b445f2
Adjusted for 4.14.3
b445f2
b445f2
--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-10-29 16:00:38.785229048 +0100
b445f2
+++ rpm-4.14.3/sign/rpmgensig.c	2020-10-29 16:08:55.997791345 +0100
b445f2
@@ -401,12 +401,19 @@
b445f2
 
b445f2
     if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
b445f2
 	oh = headerCopyLoad(utd->data);
b445f2
-	nh = headerCopy(oh);
b445f2
-	headerFree(oh);
b445f2
 	rpmtdFreeData(utd);
b445f2
+    } else {
b445f2
+	/* XXX should we warn if the immutable region is corrupt/missing? */
b445f2
+	oh = headerLink(*hdrp);
b445f2
+    }
b445f2
+
b445f2
+    if (oh) {
b445f2
+	/* Perform a copy to eliminate crud from buggy signing tools etc */
b445f2
+	nh = headerCopy(oh);
b445f2
 	headerFree(*hdrp);
b445f2
 	*hdrp = headerLink(nh);
b445f2
 	headerFree(nh);
b445f2
+	headerFree(oh);
b445f2
     }
b445f2
 }
b445f2