a5e32e
From f5695d04f56e27d9cf947c0502eb549c28aa817e Mon Sep 17 00:00:00 2001
a5e32e
From: Panu Matilainen <pmatilai@redhat.com>
a5e32e
Date: Tue, 25 May 2021 14:07:18 +0300
a5e32e
Subject: [PATCH] Fix regression reading rpm v3 and other rare packages (#1635)
a5e32e
a5e32e
Commit d6a86b5e69e46cc283b1e06c92343319beb42e21 introduced far stricter
a5e32e
checks on what tags are allowed in signature and main headers than rpm
a5e32e
had previously seen, and unsurprisingly this introduced some regressions
a5e32e
on less common cases:
a5e32e
a5e32e
- On rpm v3 packages and some newer 3rd party created packages (such as
a5e32e
  install4j < 9.0.2), RPMTAG_ARCHIVESIZE resides in the main header
a5e32e
  to begin with
a5e32e
- In rpm 4.13 - 4.14, file IMA signatures were incorrectly placed in
a5e32e
  the main header.
a5e32e
a5e32e
As a quirk, permit the existence of RPMTAG_ARCHIVESIZE,
a5e32e
RPMTAG_FILESIGNATURES and RPMTAG_FILESIGNATURELENGTH in the main header
a5e32e
too provided that the corresponding signature tag is not there (so
a5e32e
they can reside in either but not both headers).
a5e32e
a5e32e
Initial workaround patch by Demi Marie Obenour.
a5e32e
a5e32e
Fixes: #1635
a5e32e
a5e32e
Backported for 4.16.1.3.
a5e32e
---
a5e32e
 lib/package.c | 35 ++++++++++++++++++++---------------
a5e32e
 1 file changed, 20 insertions(+), 15 deletions(-)
a5e32e
a5e32e
diff --git a/lib/package.c b/lib/package.c
a5e32e
index 36ed5abc6..8c2b66b0b 100644
a5e32e
--- a/lib/package.c
a5e32e
+++ b/lib/package.c
a5e32e
@@ -35,21 +35,22 @@ struct taglate_s {
a5e32e
     rpmTagVal stag;
a5e32e
     rpmTagVal xtag;
a5e32e
     rpm_count_t count;
a5e32e
+    int quirk;
a5e32e
 } const xlateTags[] = {
a5e32e
-    { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 },
a5e32e
-    { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 },
a5e32e
-    { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 },
a5e32e
-    { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 },
a5e32e
-    /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */
a5e32e
-    { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 },
a5e32e
-    { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 },
a5e32e
-    { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 },
a5e32e
-    { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 },
a5e32e
-    { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 },
a5e32e
-    { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 },
a5e32e
-    { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 },
a5e32e
-    { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 },
a5e32e
-    { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 },
a5e32e
+    { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1, 0 },
a5e32e
+    { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0, 0 },
a5e32e
+    { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16, 0 },
a5e32e
+    { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0, 0 },
a5e32e
+    /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0, 0 }, */ /* long obsolete, dont use */
a5e32e
+    { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1, 1 },
a5e32e
+    { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0, 1 },
a5e32e
+    { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1, 1 },
a5e32e
+    { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1, 0 },
a5e32e
+    { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1, 0 },
a5e32e
+    { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0, 0 },
a5e32e
+    { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0, 0 },
a5e32e
+    { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1, 0 },
a5e32e
+    { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1, 0 },
a5e32e
     { 0 }
a5e32e
 };
a5e32e
 
a5e32e
@@ -67,8 +68,12 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg)
a5e32e
 
a5e32e
     for (xl = xlateTags; xl->stag; xl++) {
a5e32e
 	/* There mustn't be one in the main header */
a5e32e
-	if (headerIsEntry(h, xl->xtag))
a5e32e
+	if (headerIsEntry(h, xl->xtag)) {
a5e32e
+	    /* Some tags may exist in either header, but never both */
a5e32e
+	    if (xl->quirk && !headerIsEntry(sigh, xl->stag))
a5e32e
+		continue;
a5e32e
 	    goto exit;
a5e32e
+	}
a5e32e
     }
a5e32e
 
a5e32e
     rpmtdReset(&td);
a5e32e
-- 
a5e32e
2.35.1
a5e32e