diff --git a/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch new file mode 100644 index 0000000..217597a --- /dev/null +++ b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.16.1.3/rpmio/rpmpgp.c.orig rpm-4.16.1.3/rpmio/rpmpgp.c +--- rpm-4.16.1.3/rpmio/rpmpgp.c.orig 2024-07-11 13:20:04.872431485 +0200 ++++ rpm-4.16.1.3/rpmio/rpmpgp.c 2024-07-11 13:20:33.828279453 +0200 +@@ -619,7 +619,7 @@ static int pgpPrtSig(pgpTag tag, const u + p = &v->hashlen[0]; + if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) + return 1; +- p += sizeof(v->hashlen); ++ p = h + sizeof(v); + + if ((p + plen) > (h + hlen)) + return 1; diff --git a/rpm.spec b/rpm.spec index 108e55f..8a52d3c 100644 --- a/rpm.spec +++ b/rpm.spec @@ -133,6 +133,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Patch1002: 0001-Macroize-find-debuginfo-script-location.patch +Patch1003: rpm-4.16.1.3-pgp-explicit-pointer-increment.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -664,6 +665,7 @@ fi * Thu Jul 11 2024 Michal Domonkos - 4.16.1.3-31 - Fix potential use of uninitialized pipe array (RHEL-22604) - Fix potential use of uninitialized pgp struct (RHEL-22605) +- Don't confuse OpenScanHub with false array overrun (RHEL-22607) * Mon Jun 03 2024 Michal Domonkos - 4.16.1.3-30 - Don't segfault on missing priority tag (RHEL-35249)