137a59
From f5695d04f56e27d9cf947c0502eb549c28aa817e Mon Sep 17 00:00:00 2001
137a59
From: Panu Matilainen <pmatilai@redhat.com>
137a59
Date: Tue, 25 May 2021 14:07:18 +0300
137a59
Subject: [PATCH] Fix regression reading rpm v3 and other rare packages (#1635)
137a59
137a59
Commit d6a86b5e69e46cc283b1e06c92343319beb42e21 introduced far stricter
137a59
checks on what tags are allowed in signature and main headers than rpm
137a59
had previously seen, and unsurprisingly this introduced some regressions
137a59
on less common cases:
137a59
137a59
- On rpm v3 packages and some newer 3rd party created packages (such as
137a59
  install4j < 9.0.2), RPMTAG_ARCHIVESIZE resides in the main header
137a59
  to begin with
137a59
- In rpm 4.13 - 4.14, file IMA signatures were incorrectly placed in
137a59
  the main header.
137a59
137a59
As a quirk, permit the existence of RPMTAG_ARCHIVESIZE,
137a59
RPMTAG_FILESIGNATURES and RPMTAG_FILESIGNATURELENGTH in the main header
137a59
too provided that the corresponding signature tag is not there (so
137a59
they can reside in either but not both headers).
137a59
137a59
Initial workaround patch by Demi Marie Obenour.
137a59
137a59
Fixes: #1635
137a59
137a59
Backported for 4.16.1.3.
137a59
---
137a59
 lib/package.c | 35 ++++++++++++++++++++---------------
137a59
 1 file changed, 20 insertions(+), 15 deletions(-)
137a59
137a59
diff --git a/lib/package.c b/lib/package.c
137a59
index 36ed5abc6..8c2b66b0b 100644
137a59
--- a/lib/package.c
137a59
+++ b/lib/package.c
137a59
@@ -35,21 +35,22 @@ struct taglate_s {
137a59
     rpmTagVal stag;
137a59
     rpmTagVal xtag;
137a59
     rpm_count_t count;
137a59
+    int quirk;
137a59
 } const xlateTags[] = {
137a59
-    { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1 },
137a59
-    { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0 },
137a59
-    { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16 },
137a59
-    { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 },
137a59
-    /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */
137a59
-    { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 },
137a59
-    { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 },
137a59
-    { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 },
137a59
-    { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 },
137a59
-    { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 },
137a59
-    { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 },
137a59
-    { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0 },
137a59
-    { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1 },
137a59
-    { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1 },
137a59
+    { RPMSIGTAG_SIZE, RPMTAG_SIGSIZE, 1, 0 },
137a59
+    { RPMSIGTAG_PGP, RPMTAG_SIGPGP, 0, 0 },
137a59
+    { RPMSIGTAG_MD5, RPMTAG_SIGMD5, 16, 0 },
137a59
+    { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0, 0 },
137a59
+    /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0, 0 }, */ /* long obsolete, dont use */
137a59
+    { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1, 1 },
137a59
+    { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0, 1 },
137a59
+    { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1, 1 },
137a59
+    { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1, 0 },
137a59
+    { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1, 0 },
137a59
+    { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0, 0 },
137a59
+    { RPMSIGTAG_RSA, RPMTAG_RSAHEADER, 0, 0 },
137a59
+    { RPMSIGTAG_LONGSIZE, RPMTAG_LONGSIGSIZE, 1, 0 },
137a59
+    { RPMSIGTAG_LONGARCHIVESIZE, RPMTAG_LONGARCHIVESIZE, 1, 0 },
137a59
     { 0 }
137a59
 };
137a59
 
137a59
@@ -67,8 +68,12 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg)
137a59
 
137a59
     for (xl = xlateTags; xl->stag; xl++) {
137a59
 	/* There mustn't be one in the main header */
137a59
-	if (headerIsEntry(h, xl->xtag))
137a59
+	if (headerIsEntry(h, xl->xtag)) {
137a59
+	    /* Some tags may exist in either header, but never both */
137a59
+	    if (xl->quirk && !headerIsEntry(sigh, xl->stag))
137a59
+		continue;
137a59
 	    goto exit;
137a59
+	}
137a59
     }
137a59
 
137a59
     rpmtdReset(&td);
137a59
-- 
137a59
2.35.1
137a59