michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0001-Work-around-buggy-signature-region-preventing-resign.patch

787856
From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
787856
From: Panu Matilainen <pmatilai@redhat.com>
787856
Date: Thu, 13 Aug 2020 13:29:10 +0300
787856
Subject: [PATCH] Work around buggy signature region preventing resigning
787856
 (RhBug:1851508)
787856
787856
Various proprietary packages in the wild have subtly malformed data
787856
in the signature header, in particular wrt the immutable region size,
787856
presumably from using some in-house/3rd party signing tools which do
787856
not understand the immutable region business at all. This can prevent
787856
resigning and signature deletion on such packages due to the more
787856
thorough checking that rpmsign does.
787856
787856
As the old wisdom goes, be liberal in what you accept... we can easily
787856
work around the crud by just taking a fresh copy of the contents that
787856
are legit as such (otherwise the package would be uninstallable).
787856
787856
787856
Adjusted for 4.14.3
787856
787856
--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-10-29 16:00:38.785229048 +0100
787856
+++ rpm-4.14.3/sign/rpmgensig.c	2020-10-29 16:08:55.997791345 +0100
787856
@@ -401,12 +401,19 @@
787856
 
787856
     if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
787856
 	oh = headerCopyLoad(utd->data);
787856
-	nh = headerCopy(oh);
787856
-	headerFree(oh);
787856
 	rpmtdFreeData(utd);
787856
+    } else {
787856
+	/* XXX should we warn if the immutable region is corrupt/missing? */
787856
+	oh = headerLink(*hdrp);
787856
+    }
787856
+
787856
+    if (oh) {
787856
+	/* Perform a copy to eliminate crud from buggy signing tools etc */
787856
+	nh = headerCopy(oh);
787856
 	headerFree(*hdrp);
787856
 	*hdrp = headerLink(nh);
787856
 	headerFree(nh);
787856
+	headerFree(oh);
787856
     }
787856
 }
787856