diff --git a/SOURCES/rpm-4.11.x-bump-up-the-limit-of-signature-header-to-64MB.patch b/SOURCES/rpm-4.11.x-bump-up-the-limit-of-signature-header-to-64MB.patch new file mode 100644 index 0000000..7bf036d --- /dev/null +++ b/SOURCES/rpm-4.11.x-bump-up-the-limit-of-signature-header-to-64MB.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.11.3/lib/signature.c.orig rpm-4.11.3/lib/signature.c +--- rpm-4.11.3/lib/signature.c.orig 2021-09-17 09:47:03.635252057 +0200 ++++ rpm-4.11.3/lib/signature.c 2021-09-17 09:50:12.172825113 +0200 +@@ -102,7 +102,7 @@ rpmRC rpmReadSignature(FD_t fd, Header * + goto exit; + } + dl = ntohl(block[3]); +- if (dl < 0 || dl > 8192) { ++ if (dl < 0 || dl > 64 * 1024 * 1024) { + rasprintf(&buf, + _("sigh data: BAD, no. of bytes(%d) out of range\n"), dl); + goto exit; diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index d49a2fc..dccf4bb 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -21,7 +21,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}45%{?dist} +Release: %{?snapver:0.%{snapver}.}46%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/rpm-4.11.x/%{name}-%{srcver}.tar.bz2 @@ -105,6 +105,7 @@ Patch200: rpm-4.11.x-filter-soname-deps.patch Patch201: rpm-4.11.x-do-not-filter-ld64.patch Patch202: rpm-4.14.x-PGP-handle-no-EOL-at-EOF.patch +Patch203: rpm-4.11.x-bump-up-the-limit-of-signature-header-to-64MB.patch # These are not yet upstream Patch301: rpm-4.6.0-niagara.patch @@ -395,6 +396,7 @@ Requires: rpm-libs%{_isa} = %{version}-%{release} %patch201 -p1 -b .dont-filter-ld64 %patch202 -p1 -b .PGP-no-EOL +%patch203 -p1 -b .sig-limit-bump %patch301 -p1 -b .niagara %patch302 -p1 -b .geode @@ -657,6 +659,9 @@ exit 0 %doc COPYING doc/librpm/html/* %changelog +* Fri Sep 17 2021 Michal Domonkos - 4.11.3-46 +- Bump up the limit of signature header to 64MB (#1993242) + * Tue Jun 02 2020 Michal Domonkos - 4.11.3-45 - Actually apply the previous patch