From 3ee291da511aca19081a8cf1a9b5eba3c5d7fc36 Mon Sep 17 00:00:00 2001 From: renxichen Date: Mon, 7 Nov 2022 11:32:14 +0800 Subject: [PATCH] sync patches from upstream --- ...t-Add-a-hashed-flag-to-pgpPrtSubtype.patch | 55 ++++++++ ...lback-on-directory-changes-during-rp.patch | 4 +- ...e-frees-if-EVP_PKEY_assign_RSA-fails.patch | 95 +++++++++++++ ...ading-out-of-bounds-of-the-i18ntable.patch | 29 ++++ backport-Avoid-unneded-MPI-reparsing.patch | 39 ++++++ ...Check-that-the-CRC-length-is-correct.patch | 27 ++++ ...acro-traceback-dump-on-rpm-verbosity.patch | 40 ++++++ ...ix-OpenPGP-key-ID-parsing-regression.patch | 28 ++++ ...rsing-affecting-caller-timezone-stat.patch | 30 ++++ ...rt-Fix-memory-leak-in-pgpPrtParams-2.patch | 25 ++++ ...-return-value-checks-in-OpenSSL-code.patch | 131 ++++++++++++++++++ ...keys-that-cannot-be-used-for-signing.patch | 104 ++++++++++++++ ...ke-rpmfiSetFX-return-code-meaningful.patch | 51 +++++++ backport-Parse-key-usage-flags.patch | 77 ++++++++++ ...Prevent-NULL-deref-in-rpmfsGetStates.patch | 25 ++++ ...reation-time-to-be-unique-and-hashed.patch | 100 +++++++++++++ ...macro-stack-backtrace-printing-to-de.patch | 52 +++++++ ...-rpm2archive-Add-more-error-handling.patch | 51 +++++++ ...ve-Use-last-part-of-URL-as-file-name.patch | 49 +++++++ ...on-t-drop-newlines-from-header-sizes.patch | 35 +++++ ...only-read-needed-bytes-of-file-magic.patch | 27 ++++ ...rpm2cpio.sh-strip-null-bytes-with-tr.patch | 35 +++++ rpm.spec | 71 +++++++--- 23 files changed, 1156 insertions(+), 24 deletions(-) create mode 100644 backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch create mode 100644 backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch create mode 100644 backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch create mode 100644 backport-Avoid-unneded-MPI-reparsing.patch create mode 100644 backport-Check-that-the-CRC-length-is-correct.patch create mode 100644 backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch create mode 100644 backport-Fix-OpenPGP-key-ID-parsing-regression.patch create mode 100644 backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch create mode 100644 backport-Fix-memory-leak-in-pgpPrtParams-2.patch create mode 100644 backport-Fix-return-value-checks-in-OpenSSL-code.patch create mode 100644 backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch create mode 100644 backport-Make-rpmfiSetFX-return-code-meaningful.patch create mode 100644 backport-Parse-key-usage-flags.patch create mode 100644 backport-Prevent-NULL-deref-in-rpmfsGetStates.patch create mode 100644 backport-Require-creation-time-to-be-unique-and-hashed.patch create mode 100644 backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch create mode 100644 backport-rpm2archive-Add-more-error-handling.patch create mode 100644 backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch create mode 100644 backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch create mode 100644 backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch create mode 100644 backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch diff --git a/backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch b/backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch new file mode 100644 index 0000000..9db39bd --- /dev/null +++ b/backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch @@ -0,0 +1,55 @@ +From 55849d2d6e16096dbd30fd3a5c751f13bb03484b Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 27 Mar 2022 12:04:46 -0400 +Subject: [PATCH] Add a hashed flag to pgpPrtSubtype() + +This is needed for key usage flags parsing, as key usage flags outside +of the hashed region must be ignored. For now, just use it to +unconditionally ignore unhashed creation time subpackets. +--- + rpmio/rpmpgp.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 59c80d7c4..9b8503e27 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -437,7 +437,7 @@ int pgpSignatureType(pgpDigParams _digp) + } + + static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, +- pgpDigParams _digp) ++ pgpDigParams _digp, int hashed) + { + const uint8_t *p = h; + size_t plen = 0, i; +@@ -474,6 +474,8 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, + pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]); + break; + case PGPSUBTYPE_SIG_CREATE_TIME: /* signature creation time */ ++ if (!hashed) ++ break; /* RFC 4880 §5.2.3.4 creation time MUST be hashed */ + if (plen-1 != sizeof(_digp->time)) + break; /* other lengths not understood */ + if (_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME) +@@ -666,7 +668,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + _digp->hashlen = sizeof(*v) + plen; + _digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen); + } +- if (pgpPrtSubType(p, plen, v->sigtype, _digp)) ++ if (pgpPrtSubType(p, plen, v->sigtype, _digp, 1)) + return 1; + p += plen; + +@@ -680,7 +682,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + if ((p + plen) > (h + hlen)) + return 1; + +- if (pgpPrtSubType(p, plen, v->sigtype, _digp)) ++ if (pgpPrtSubType(p, plen, v->sigtype, _digp, 0)) + return 1; + p += plen; + +-- +2.27.0 + diff --git a/backport-Add-optional-callback-on-directory-changes-during-rp.patch b/backport-Add-optional-callback-on-directory-changes-during-rp.patch index c967fd3..7ad754b 100644 --- a/backport-Add-optional-callback-on-directory-changes-during-rp.patch +++ b/backport-Add-optional-callback-on-directory-changes-during-rp.patch @@ -51,10 +51,10 @@ index 4673fbb85..e8e7d08bf 100644 if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) { + int dx = fi->j; - i = fi->i; ++ i = fi->i; fi->i = fx; fi->j = rpmfilesDI(fi->files, fi->i); -+ i = fi->i; + i = fi->i; + + if (fi->j != dx && fi->onChdir) { + int chrc = fi->onChdir(fi, fi->onChdirData); diff --git a/backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch b/backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch new file mode 100644 index 0000000..042ac61 --- /dev/null +++ b/backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch @@ -0,0 +1,95 @@ +From 0a91d1f62d5b6e1cac4d0a7c2ac9f75faad50534 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Fri, 9 Apr 2021 13:34:12 -0400 +Subject: [PATCH] Avoid double frees if EVP_PKEY_assign_RSA fails + +Previously, the bignums would be left as dangling and double-freed. +--- + rpmio/digest_openssl.c | 32 +++++++++++++++++--------------- + 1 file changed, 17 insertions(+), 15 deletions(-) + +diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c +index 20c272df8..02f34a90f 100644 +--- a/rpmio/digest_openssl.c ++++ b/rpmio/digest_openssl.c +@@ -292,8 +292,8 @@ struct pgpDigKeyRSA_s { + + BIGNUM *n; /* Common Modulus */ + BIGNUM *e; /* Public Exponent */ +- + EVP_PKEY *evp_pkey; /* Fully constructed key */ ++ unsigned char immutable; /* if set, this key cannot be mutated */ + }; + + static int constructRSASigningKey(struct pgpDigKeyRSA_s *key) +@@ -301,33 +301,34 @@ static int constructRSASigningKey(struct pgpDigKeyRSA_s *key) + if (key->evp_pkey) { + /* We've already constructed it, so just reuse it */ + return 1; +- } ++ } else if (key->immutable) ++ return 0; ++ key->immutable = 1; + + /* Create the RSA key */ + RSA *rsa = RSA_new(); + if (!rsa) return 0; + +- if (!RSA_set0_key(rsa, key->n, key->e, NULL)) { +- RSA_free(rsa); +- return 0; +- } ++ if (RSA_set0_key(rsa, key->n, key->e, NULL) <= 0) ++ goto exit; ++ key->n = key->e = NULL; + + /* Create an EVP_PKEY container to abstract the key-type. */ +- key->evp_pkey = EVP_PKEY_new(); +- if (!key->evp_pkey) { +- RSA_free(rsa); +- return 0; +- } ++ if (!(key->evp_pkey = EVP_PKEY_new())) ++ goto exit; + + /* Assign the RSA key to the EVP_PKEY structure. + This will take over memory management of the RSA key */ + if (!EVP_PKEY_assign_RSA(key->evp_pkey, rsa)) { + EVP_PKEY_free(key->evp_pkey); + key->evp_pkey = NULL; +- RSA_free(rsa); ++ goto exit; + } + + return 1; ++exit: ++ RSA_free(rsa); ++ return 0; + } + + static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p) +@@ -335,9 +336,10 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p) + size_t mlen = pgpMpiLen(p) - 2; + struct pgpDigKeyRSA_s *key = pgpkey->data; + +- if (!key) { ++ if (!key) + key = pgpkey->data = xcalloc(1, sizeof(*key)); +- } ++ else if (key->immutable) ++ return 1; + + switch (num) { + case 0: +@@ -347,7 +349,7 @@ static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p) + return 1; + } + +- key->nbytes = mlen; ++ key->nbytes = mlen; + /* Create a BIGNUM from the pointer. + Note: this assumes big-endian data as required by PGP */ + key->n = BN_bin2bn(p+2, mlen, NULL); +-- +2.27.0 + diff --git a/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch new file mode 100644 index 0000000..912d315 --- /dev/null +++ b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch @@ -0,0 +1,29 @@ +From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sat, 12 Feb 2022 13:46:28 -0500 +Subject: [PATCH] Avoid reading out of bounds of the i18ntable + +If the i18ntable was smaller than the i18nstring entry an out of bounds +read could result. This should not happen in a valid package, but even +if RPM rejected such packages during load, this situation could still +result as a result of usage of the RPM API. +--- + lib/header.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/header.c b/lib/header.c +index 098ea5d01..c939006ab 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td, + + /* For each entry in the header ... */ + for (langNum = 0, t = table->data, ed = entry->data; +- langNum < entry->info.count; ++ langNum < entry->info.count && langNum < table->info.count; + langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) { + + int match = headerMatchLocale(t, l, le); +-- +2.27.0 + diff --git a/backport-Avoid-unneded-MPI-reparsing.patch b/backport-Avoid-unneded-MPI-reparsing.patch new file mode 100644 index 0000000..3fac361 --- /dev/null +++ b/backport-Avoid-unneded-MPI-reparsing.patch @@ -0,0 +1,39 @@ +From 8948ec79f6c300e91319469ba72b9bd3480fe686 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 27 Mar 2022 12:54:36 -0400 +Subject: [PATCH] Avoid unneded MPI reparsing + +Modify pgpPrtSig() to ignore the MPIs of a signature if its `tag` +parameter is 0. The only caller that sets `tag` to 0 is +pgpPrtParamSubkeys() (via parseSubkeySig()), which does not actually +check any cryptographic signatures. The subkey binding signature has +been checked earlier in pgpPrtParams(). +--- + rpmio/rpmpgp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 22ac9c816..2b936619b 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -618,7 +618,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + + p = ((uint8_t *)v) + sizeof(*v); + _digp->data = p; +- rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); ++ rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0; + } break; + case 4: + { pgpPktSigV4 v = (pgpPktSigV4)h; +@@ -680,7 +680,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + return 1; + + _digp->data = p; +- rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); ++ rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0; + } break; + default: + rpmlog(RPMLOG_WARNING, _("Unsupported version of key: V%d\n"), version); +-- +2.27.0 + diff --git a/backport-Check-that-the-CRC-length-is-correct.patch b/backport-Check-that-the-CRC-length-is-correct.patch new file mode 100644 index 0000000..298e389 --- /dev/null +++ b/backport-Check-that-the-CRC-length-is-correct.patch @@ -0,0 +1,27 @@ +From 1f03aba8b2881a5717af97065038fb056e02a2b3 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Thu, 3 Feb 2022 20:42:02 -0500 +Subject: [PATCH] Check that the CRC length is correct + +Also fix a memory leak in an error path. +--- + rpmio/rpmpgp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 015c15a5c..d1966d322 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1444,7 +1444,8 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) + + crcdec = NULL; + crclen = 0; +- if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0) { ++ if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0 || crclen != 3) { ++ crcdec = _free(crcdec); + ec = PGPARMOR_ERR_CRC_DECODE; + goto exit; + } +-- +2.27.0 + diff --git a/backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch b/backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch new file mode 100644 index 0000000..804ac93 --- /dev/null +++ b/backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch @@ -0,0 +1,40 @@ +From 5bfb49d6b7539691d5ca4b81577082fe27036f24 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 25 Jan 2021 13:38:53 +0200 +Subject: [PATCH] Conditionalize macro traceback dump on rpm verbosity level + +Only dump out macro tracebacks in verbose mode, which incidentally +rpmbuild normally runs in. + +Sadly our tracebacks are not as useful as they could be, but improving +that is a separate topic... +--- + rpmio/macro.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/rpmio/macro.c b/rpmio/macro.c +index a342b2403..6b53c6e2e 100644 +--- a/rpmio/macro.c ++++ b/rpmio/macro.c +@@ -458,7 +458,6 @@ expandMacro(macroBuf mk, const char *src, size_t slen) + mbErr(mb, 1, + _("Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.\n")); + mb->depth--; +- mb->expand_trace = 1; + goto exit; + } + +@@ -471,7 +470,9 @@ expandMacro(macroBuf mk, const char *src, size_t slen) + + mb->buf[mb->tpos] = '\0'; + mb->depth--; +- if (mb->error != 0 || mb->expand_trace) ++ if (mb->error && rpmIsVerbose()) ++ mb->expand_trace = 1; ++ if (mb->expand_trace) + printExpansion(mb, mb->buf+tpos, mb->buf+mb->tpos); + mb->macro_trace = store_macro_trace; + mb->expand_trace = store_expand_trace; +-- +2.27.0 + diff --git a/backport-Fix-OpenPGP-key-ID-parsing-regression.patch b/backport-Fix-OpenPGP-key-ID-parsing-regression.patch new file mode 100644 index 0000000..0b22ec1 --- /dev/null +++ b/backport-Fix-OpenPGP-key-ID-parsing-regression.patch @@ -0,0 +1,28 @@ +From 7f830132fe717d4b31c035bb3d08379451e3cd81 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Thu, 14 Apr 2022 15:38:11 -0400 +Subject: [PATCH] Fix OpenPGP key ID parsing regression + +This fixes a regression in 598a771d8b4f4f480d4990ccf59b978d537201dd, +which caused RPM to parse key flags from a hashed key ID subpacket. As +a result, RPM would wrongly reject a signature that had both key ID and +key usage flags subpackets in the hashed section. +--- + rpmio/rpmpgp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 93c1be2b5..ea3905bf8 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -323,6 +323,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, + _digp->saved |= PGPDIG_SAVED_ID; + memcpy(_digp->signid, p+1, sizeof(_digp->signid)); + } ++ break; + case PGPSUBTYPE_KEY_FLAGS: /* Key usage flags */ + /* Subpackets in the unhashed section cannot be trusted */ + if (!hashed) +-- +2.27.0 + diff --git a/backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch b/backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch new file mode 100644 index 0000000..e1392b1 --- /dev/null +++ b/backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch @@ -0,0 +1,30 @@ +From 1a7de551a74d73f01eb40cb744c1dbba5faeb651 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 30 May 2022 14:24:45 +0300 +Subject: [PATCH] Fix changelog parsing affecting caller timezone state + +We meddle with TZ environ which then propagates to other values through +mktime() implicitly calling tzset(), but that other data doesn't get +reset by just restoring the TZ variable. Restore initial state by explicitly +call tzset() after we're done with it. + +Fixes: #1821 +--- + build/parseChangelog.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/parseChangelog.c b/build/parseChangelog.c +index 65c0952a6..c59786f25 100644 +--- a/build/parseChangelog.c ++++ b/build/parseChangelog.c +@@ -175,6 +175,7 @@ static int dateToTimet(const char * datestr, time_t * secs, int * date_words) + setenv("TZ", tz, 1); + free(tz); + } ++ tzset(); + + if (*secs == -1) goto exit; + +-- +2.27.0 + diff --git a/backport-Fix-memory-leak-in-pgpPrtParams-2.patch b/backport-Fix-memory-leak-in-pgpPrtParams-2.patch new file mode 100644 index 0000000..dc20dd9 --- /dev/null +++ b/backport-Fix-memory-leak-in-pgpPrtParams-2.patch @@ -0,0 +1,25 @@ +From 10ac962bf2f71af927c8eaaea427135441663497 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Thu, 17 Mar 2022 03:16:59 -0400 +Subject: [PATCH] Fix memory leak in pgpPrtParams() + +Found by leak sanitizer on a fuzzed test case. +--- + rpmio/rpmpgp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index eb5701bc7..f9e265827 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1163,6 +1163,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + rc = (digp && (p == pend) && expect == 0) ? 0 : -1; + + free(all); ++ selfsig = pgpDigParamsFree(selfsig); + if (ret && rc == 0) { + *ret = digp; + } else { +-- +2.27.0 + diff --git a/backport-Fix-return-value-checks-in-OpenSSL-code.patch b/backport-Fix-return-value-checks-in-OpenSSL-code.patch new file mode 100644 index 0000000..c794c34 --- /dev/null +++ b/backport-Fix-return-value-checks-in-OpenSSL-code.patch @@ -0,0 +1,131 @@ +From 1ddaeddffa52f02db198417ebf73cb6c5d432250 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 7 Feb 2021 16:46:31 -0500 +Subject: [PATCH] Fix return value checks in OpenSSL code + +According to `man 3ssl` the only successful return value for +EVP_PKEY_verify_init() is 1, and EVP_PKEY_CTX_set_rsa_padding() and +EVP_PKEY_CTX_set_signature_md() can both return 0 or a negative number +on failure or any positive number on success. BN_bn2binpad() returns -1 +on error, but 0 (an empty key or signature) is also not valid. +Therefore use != 1 to check the return value of EVP_PKEY_verify_init(), +<= 0 to check the return values of the other three functions mentioned +above. Also delete a bunch of cruft. +--- + rpmio/digest_openssl.c | 55 +++++++++--------------------------------- + 1 file changed, 12 insertions(+), 43 deletions(-) + +diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c +index 0cb781e57..20c272df8 100644 +--- a/rpmio/digest_openssl.c ++++ b/rpmio/digest_openssl.c +@@ -450,7 +450,7 @@ static void pgpFreeSigRSA(pgpDigAlg pgpsig) + static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, + uint8_t *hash, size_t hashlen, int hash_algo) + { +- int rc, ret; ++ int rc = 1; /* assume failure */ + EVP_PKEY_CTX *pkey_ctx = NULL; + struct pgpDigSigRSA_s *sig = pgpsig->data; + +@@ -458,53 +458,32 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, + + struct pgpDigKeyRSA_s *key = pgpkey->data; + +- if (!constructRSASigningKey(key)) { +- rc = 1; ++ if (!constructRSASigningKey(key)) + goto done; +- } + + pkey_ctx = EVP_PKEY_CTX_new(key->evp_pkey, NULL); +- if (!pkey_ctx) { +- rc = 1; ++ if (!pkey_ctx) + goto done; +- } + +- ret = EVP_PKEY_verify_init(pkey_ctx); +- if (ret < 0) { +- rc = 1; ++ if (EVP_PKEY_verify_init(pkey_ctx) != 1) + goto done; +- } + +- ret = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING); +- if (ret < 0) { +- rc = 1; ++ if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PADDING) <= 0) + goto done; +- } + +- ret = EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)); +- if (ret < 0) { +- rc = 1; ++ if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, getEVPMD(hash_algo)) <= 0) + goto done; +- } + + int pkey_len = EVP_PKEY_size(key->evp_pkey); + padded_sig = xcalloc(1, pkey_len); +- if (!BN_bn2binpad(sig->bn, padded_sig, pkey_len)) { +- rc = 1; ++ if (BN_bn2binpad(sig->bn, padded_sig, pkey_len) <= 0) + goto done; +- } + +- ret = EVP_PKEY_verify(pkey_ctx, padded_sig, pkey_len, hash, hashlen); +- if (ret == 1) ++ if (EVP_PKEY_verify(pkey_ctx, padded_sig, pkey_len, hash, hashlen) == 1) + { + /* Success */ + rc = 0; + } +- else +- { +- /* Failure */ +- rc = 1; +- } + + done: + EVP_PKEY_CTX_free(pkey_ctx); +@@ -735,32 +714,22 @@ static void pgpFreeSigDSA(pgpDigAlg pgpsig) + static int pgpVerifySigDSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, + uint8_t *hash, size_t hashlen, int hash_algo) + { +- int rc, ret; ++ int rc = 1; /* assume failure */ + struct pgpDigSigDSA_s *sig = pgpsig->data; + + struct pgpDigKeyDSA_s *key = pgpkey->data; + +- if (!constructDSASigningKey(key)) { +- rc = 1; ++ if (!constructDSASigningKey(key)) + goto done; +- } + +- if (!constructDSASignature(sig)) { +- rc = 1; ++ if (!constructDSASignature(sig)) + goto done; +- } + +- ret = DSA_do_verify(hash, hashlen, sig->dsa_sig, key->dsa_key); +- if (ret == 1) ++ if (DSA_do_verify(hash, hashlen, sig->dsa_sig, key->dsa_key) == 1) + { + /* Success */ + rc = 0; + } +- else +- { +- /* Failure */ +- rc = 1; +- } + + done: + return rc; +-- +2.27.0 + diff --git a/backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch b/backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch new file mode 100644 index 0000000..11dceb6 --- /dev/null +++ b/backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch @@ -0,0 +1,104 @@ +From a9cca032a2b7c0c6bcacc6ab4ecd25c95cc75305 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 27 Mar 2022 12:49:07 -0400 +Subject: [PATCH] Ignore subkeys that cannot be used for signing + +This ensures that a signature is only accepted if the subkey that made +it is actually allowed to sign. Test 265 verifies that RPM ignores +subkeys that cannot sign. + +A subkey is considered to be capable of signing if, and only if, its +subkey binding signature has a hashed key flags subpacket that contains +the flag 0x02. RFC4880 requires that the subkey binding signature be +v4, which this requirement enforces implicitly. RFC4880 also requires +that primary key binding signatures be present and checked. This is not +yet implemented, but may be implemented later. + +Fixes #1911. +--- + rpmio/rpmpgp.c | 48 +++++++++++++++++++++++++++++++++++++++++++++- + tests/rpmsigdig.at | 2 -- + 2 files changed, 47 insertions(+), 3 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 66837b18f..22ac9c816 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -1117,6 +1117,31 @@ static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, + return rc; + } + ++static int parseSubkeySig(const struct pgpPkt *pkt, uint8_t tag, ++ pgpDigParams *params_p) { ++ pgpDigParams params = *params_p = NULL; /* assume failure */ ++ ++ if (pkt->tag != PGPTAG_SIGNATURE) ++ goto fail; ++ ++ params = pgpDigParamsNew(tag); ++ ++ if (pgpPrtSig(tag, pkt->body, pkt->blen, params)) ++ goto fail; ++ ++ if (params->sigtype != PGPSIGTYPE_SUBKEY_BINDING && ++ params->sigtype != PGPSIGTYPE_SUBKEY_REVOKE) ++ { ++ goto fail; ++ } ++ ++ *params_p = params; ++ return 0; ++fail: ++ pgpDigParamsFree(params); ++ return -1; ++} ++ + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, + pgpDigParams * ret) + { +@@ -1238,7 +1263,28 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, + pgpDigParamsFree(digps[count]); + continue; + } +- count++; ++ ++ pgpDigParams subkey_sig = NULL; ++ if (decodePkt(p, pend - p, &pkt) || ++ parseSubkeySig(&pkt, 0, &subkey_sig)) ++ { ++ pgpDigParamsFree(digps[count]); ++ break; ++ } ++ ++ /* Is the subkey revoked or incapable of signing? */ ++ int ignore = subkey_sig->sigtype != PGPSIGTYPE_SUBKEY_BINDING || ++ !((subkey_sig->saved & PGPDIG_SIG_HAS_KEY_FLAGS) && ++ (subkey_sig->key_flags & 0x02)); ++ if (ignore) { ++ pgpDigParamsFree(digps[count]); ++ } else { ++ digps[count]->key_flags = subkey_sig->key_flags; ++ digps[count]->saved |= PGPDIG_SIG_HAS_KEY_FLAGS; ++ count++; ++ } ++ p += (pkt.body - pkt.head) + pkt.blen; ++ pgpDigParamsFree(subkey_sig); + } + } + rc = (p == pend) ? 0 : -1; +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index 5d781d89f..ab9b47393 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -247,8 +247,6 @@ UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ== + gpg(rpm.org RSA testkey ) = 4:4344591e1964c5fc-58e63918 + gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918 + gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918 +-gpg(f00650f8) = 4:185e6146f00650f8-58e63918 +-gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918 + ], + []) + AT_CLEANUP +-- +2.27.0 + diff --git a/backport-Make-rpmfiSetFX-return-code-meaningful.patch b/backport-Make-rpmfiSetFX-return-code-meaningful.patch new file mode 100644 index 0000000..2e095fb --- /dev/null +++ b/backport-Make-rpmfiSetFX-return-code-meaningful.patch @@ -0,0 +1,51 @@ +From 318efbaec80a90f1d9ac76d0cd433f6ea3c103fa Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 10 Feb 2022 10:07:06 +0200 +Subject: [PATCH] Make rpmfiSetFX() return code meaningful + +Up to now, rpmfiSetFX() has returned the previous file index on success, +and -1 on error. Which seems okay on the outset, but on a just +initialized iterator the file index is at -1 which means the returned +-1 sometimes indicates an error and sometimes success. This is so broken +that none of the callers even try to use it (grep for it). Which is +lucky in the sense that it means we can change it. + +Simply return the newly set index on success and -1 on error, it may +not be the greatest return code on earth but at least it's +non-ambiguous. +--- + lib/rpmfi.c | 2 +- + lib/rpmfi.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/rpmfi.c b/lib/rpmfi.c +index 30e073869..4965aeeeb 100644 +--- a/lib/rpmfi.c ++++ b/lib/rpmfi.c +@@ -314,9 +314,9 @@ int rpmfiSetFX(rpmfi fi, int fx) + int i = -1; + + if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) { +- i = fi->i; + fi->i = fx; + fi->j = rpmfilesDI(fi->files, fi->i); ++ i = fi->i; + } + return i; + } +diff --git a/lib/rpmfi.h b/lib/rpmfi.h +index 989582bc3..52310c6fe 100644 +--- a/lib/rpmfi.h ++++ b/lib/rpmfi.h +@@ -39,7 +39,7 @@ int rpmfiFX(rpmfi fi); + * Set current file index in file info set iterator. + * @param fi file info set iterator + * @param fx new file index +- * @return current file index ++ * @return new file index, -1 on error + */ + int rpmfiSetFX(rpmfi fi, int fx); + +-- +2.27.0 + diff --git a/backport-Parse-key-usage-flags.patch b/backport-Parse-key-usage-flags.patch new file mode 100644 index 0000000..5fc5fa7 --- /dev/null +++ b/backport-Parse-key-usage-flags.patch @@ -0,0 +1,77 @@ +From 598a771d8b4f4f480d4990ccf59b978d537201dd Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 27 Mar 2022 12:07:34 -0400 +Subject: [PATCH] Parse key usage flags + +RPM needs to know if a subkey can be used for signing. Signatures made +by a subkey that cannot be used for signing are invalid. Add a +key_flags member to pgpDigParams_s to store this information, and a +PGPDIG_SIG_HAS_KEY_FLAGS flag to indicate that it is valid. The key +usage flags are reset for every signature. Key usage flags in the +unhashed section are ignored. If there is more than one key usage flags +subpacket in the hashed section, the signature is rejected. +--- + rpmio/digest.h | 2 ++ + rpmio/rpmpgp.c | 12 +++++++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/rpmio/digest.h b/rpmio/digest.h +index ec7f3392f..6a326d20e 100644 +--- a/rpmio/digest.h ++++ b/rpmio/digest.h +@@ -27,6 +27,7 @@ struct pgpDigParams_s { + const uint8_t * data; + uint8_t tag; + ++ uint8_t key_flags; /*!< key usage flags */ + uint8_t version; /*!< version number. */ + uint32_t time; /*!< key/signature creation time. */ + uint8_t pubkey_algo; /*!< public key algorithm. */ +@@ -41,6 +42,7 @@ struct pgpDigParams_s { + #define PGPDIG_SAVED_TIME (1 << 0) + #define PGPDIG_SAVED_ID (1 << 1) + #define PGPDIG_SIG_HAS_CREATION_TIME (1 << 2) ++#define PGPDIG_SIG_HAS_KEY_FLAGS (1 << 3) + + pgpDigAlg alg; + }; +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index 9b8503e27..66837b18f 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -500,6 +500,16 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, + _digp->saved |= PGPDIG_SAVED_ID; + memcpy(_digp->signid, p+1, sizeof(_digp->signid)); + } ++ case PGPSUBTYPE_KEY_FLAGS: /* Key usage flags */ ++ /* Subpackets in the unhashed section cannot be trusted */ ++ if (!hashed) ++ break; ++ /* Reject duplicate key usage flags */ ++ if (_digp->saved & PGPDIG_SIG_HAS_KEY_FLAGS) ++ return 1; ++ _digp->saved |= PGPDIG_SIG_HAS_KEY_FLAGS; ++ _digp->key_flags = plen >= 2 ? p[1] : 0; ++ break; + case PGPSUBTYPE_EXPORTABLE_CERT: + case PGPSUBTYPE_TRUST_SIG: + case PGPSUBTYPE_REGEX: +@@ -510,7 +521,6 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, + case PGPSUBTYPE_PREFER_KEYSERVER: + case PGPSUBTYPE_PRIMARY_USERID: + case PGPSUBTYPE_POLICY_URL: +- case PGPSUBTYPE_KEY_FLAGS: + case PGPSUBTYPE_SIGNER_USERID: + case PGPSUBTYPE_REVOKE_REASON: + case PGPSUBTYPE_FEATURES: +@@ -602,6 +612,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + + /* Reset the saved flags */ + _digp->saved &= PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID; ++ _digp->key_flags = 0; + + if (pgpVersion(h, hlen, &version)) + return rc; +-- +2.27.0 + diff --git a/backport-Prevent-NULL-deref-in-rpmfsGetStates.patch b/backport-Prevent-NULL-deref-in-rpmfsGetStates.patch new file mode 100644 index 0000000..ccf4944 --- /dev/null +++ b/backport-Prevent-NULL-deref-in-rpmfsGetStates.patch @@ -0,0 +1,25 @@ +From d747bf045ea20b0cb5813a83c13bdfb4ca424699 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Mon, 14 Mar 2022 14:20:56 +0100 +Subject: [PATCH] Prevent NULL deref in rpmfsGetStates() + +--- + lib/rpmfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmfs.c b/lib/rpmfs.c +index 84887a004..5f91cd28d 100644 +--- a/lib/rpmfs.c ++++ b/lib/rpmfs.c +@@ -98,7 +98,7 @@ rpmfileState rpmfsGetState(rpmfs fs, unsigned int ix) + + rpm_fstate_t * rpmfsGetStates(rpmfs fs) + { +- return fs->states; ++ return (fs != NULL) ? fs->states : NULL; + } + + rpmFileAction rpmfsGetAction(rpmfs fs, unsigned int ix) +-- +2.27.0 + diff --git a/backport-Require-creation-time-to-be-unique-and-hashed.patch b/backport-Require-creation-time-to-be-unique-and-hashed.patch new file mode 100644 index 0000000..b760814 --- /dev/null +++ b/backport-Require-creation-time-to-be-unique-and-hashed.patch @@ -0,0 +1,100 @@ +From 7e7266c9af883ce49b3516a5bd099d218e8e3fac Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour +Date: Sun, 6 Feb 2022 15:52:48 -0500 +Subject: [PATCH] Require creation time to be unique and hashed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +According to RFC 4880 §5.2.3.4 the signature creation time MUST be a +hashed subpacket. Enforce this requirement in RPM. Also set the saved +flags to PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID | +PGPDIG_SAVED_CREATION_TIME for v3 signatures, and do not overwrite an +already saved key ID with one taken from a v3 signature. +--- + rpmio/digest.h | 4 +++- + rpmio/rpmpgp.c | 29 +++++++++++++++++++---------- + 2 files changed, 22 insertions(+), 11 deletions(-) + +diff --git a/rpmio/digest.h b/rpmio/digest.h +index 3b72a2870..ec7f3392f 100644 +--- a/rpmio/digest.h ++++ b/rpmio/digest.h +@@ -36,9 +36,11 @@ struct pgpDigParams_s { + uint32_t hashlen; + uint8_t signhash16[2]; + pgpKeyID_t signid; +- uint8_t saved; ++ uint8_t saved; /*!< Various flags. `PGPDIG_SAVED_*` are never reset. ++ * `PGPDIG_SIG_HAS_*` are reset for each signature. */ + #define PGPDIG_SAVED_TIME (1 << 0) + #define PGPDIG_SAVED_ID (1 << 1) ++#define PGPDIG_SIG_HAS_CREATION_TIME (1 << 2) + + pgpDigAlg alg; + }; +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index f9e265827..02009000e 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -441,15 +441,15 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, + for (i = 1; i < plen; i++) + pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]); + break; +- case PGPSUBTYPE_SIG_CREATE_TIME: +- if (!(_digp->saved & PGPDIG_SAVED_TIME) && +- (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE)) +- { +- if (plen-1 != sizeof(_digp->time)) +- break; +- _digp->saved |= PGPDIG_SAVED_TIME; ++ case PGPSUBTYPE_SIG_CREATE_TIME: /* signature creation time */ ++ if (plen-1 != sizeof(_digp->time)) ++ break; /* other lengths not understood */ ++ if (_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME) ++ return 1; /* duplicate timestamps not allowed */ ++ if (!(_digp->saved & PGPDIG_SAVED_TIME)) + _digp->time = pgpGrab(p+1, sizeof(_digp->time)); +- } ++ _digp->saved |= PGPDIG_SAVED_TIME | PGPDIG_SIG_HAS_CREATION_TIME; ++ break; + case PGPSUBTYPE_SIG_EXPIRE_TIME: + case PGPSUBTYPE_KEY_EXPIRE_TIME: + pgpPrtTime(" ", p+1, plen-1); +@@ -598,6 +598,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + unsigned int plen; + int rc = 1; + ++ /* Reset the saved flags */ ++ _digp->saved &= PGPDIG_SAVED_TIME | PGPDIG_SAVED_ID; ++ + if (pgpVersion(h, hlen, &version)) + return rc; + +@@ -625,8 +628,11 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + _digp->hashlen = v->hashlen; + _digp->sigtype = v->sigtype; + _digp->hash = memcpy(xmalloc(v->hashlen), &v->sigtype, v->hashlen); +- _digp->time = pgpGrab(v->time, sizeof(v->time)); +- memcpy(_digp->signid, v->signid, sizeof(_digp->signid)); ++ if (!(_digp->saved & PGPDIG_SAVED_TIME)) ++ _digp->time = pgpGrab(v->time, sizeof(v->time)); ++ if (!(_digp->saved & PGPDIG_SAVED_ID)) ++ memcpy(_digp->signid, v->signid, sizeof(_digp->signid)); ++ _digp->saved = PGPDIG_SAVED_TIME | PGPDIG_SIG_HAS_CREATION_TIME | PGPDIG_SAVED_ID; + _digp->pubkey_algo = v->pubkey_algo; + _digp->hash_algo = v->hash_algo; + memcpy(_digp->signhash16, v->signhash16, sizeof(_digp->signhash16)); +@@ -664,6 +670,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + return 1; + p += plen; + ++ if (!(_digp->saved & PGPDIG_SIG_HAS_CREATION_TIME)) ++ return 1; /* RFC 4880 §5.2.3.4 creation time MUST be hashed */ ++ + if (pgpGet(p, 2, h + hlen, &plen)) + return 1; + p += 2; +-- +2.27.0 + diff --git a/backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch b/backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch new file mode 100644 index 0000000..28f4006 --- /dev/null +++ b/backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch @@ -0,0 +1,52 @@ +From c145a6c86a1c30808006857e34dee4d398ce57c7 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 25 Jan 2021 12:18:27 +0200 +Subject: [PATCH] Revert "Redirect macro stack backtrace printing to debug + log." + +The rationale behind the change was to suppress the excessive output +when trying to expand a recursive macro definition (RhBug:613010) but +this is not so good as it effectively suppresses *all* backtrace output, +include those requested by %trace where the other half is printed to +stderr and the other half in the debug log because of the change. + +Besides making things consistent, this also avoids deadlock on +`rpm -vv --eval '%trace'`. + +This reverts commit 7f220202f20c69d6f3fd957325cdbe692bbabedd. + +Fixes: #1418 +--- + rpmio/macro.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/rpmio/macro.c b/rpmio/macro.c +index 7993e9e5d..a342b2403 100644 +--- a/rpmio/macro.c ++++ b/rpmio/macro.c +@@ -358,7 +358,7 @@ static void + printExpansion(MacroBuf mb, const char * t, const char * te) + { + if (!(te > t)) { +- rpmlog(RPMLOG_DEBUG, _("%3d<%*s(empty)\n"), mb->depth, (2 * mb->depth + 1), ""); ++ fprintf(stderr, _("%3d<%*s(empty)\n"), mb->depth, (2 * mb->depth + 1), ""); + return; + } + +@@ -374,10 +374,10 @@ printExpansion(MacroBuf mb, const char * t, const char * te) + + } + +- rpmlog(RPMLOG_DEBUG,"%3d<%*s", mb->depth, (2 * mb->depth + 1), ""); ++ fprintf(stderr, "%3d<%*s", mb->depth, (2 * mb->depth + 1), ""); + if (te > t) +- rpmlog(RPMLOG_DEBUG, "%.*s", (int)(te - t), t); +- rpmlog(RPMLOG_DEBUG, "\n"); ++ fprintf(stderr, "%.*s", (int)(te - t), t); ++ fprintf(stderr, "\n"); + } + + #define SKIPBLANK(_s, _c) \ +-- +2.27.0 + diff --git a/backport-rpm2archive-Add-more-error-handling.patch b/backport-rpm2archive-Add-more-error-handling.patch new file mode 100644 index 0000000..63bc32b --- /dev/null +++ b/backport-rpm2archive-Add-more-error-handling.patch @@ -0,0 +1,51 @@ +From f1634250587479d664b34b6de1a6546b2c2b9de5 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Mon, 18 Jan 2021 15:02:34 +0100 +Subject: [PATCH] rpm2archive: Add more error handling + +Cleanly error out if file can't be written instead of segfaulting + +Resolves: #1091 +--- + rpm2archive.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/rpm2archive.c b/rpm2archive.c +index 646f1663d..15c5da016 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -119,9 +119,14 @@ static int process_package(rpmts ts, char * filename) + + /* create archive */ + a = archive_write_new(); +- archive_write_add_filter_gzip(a); +- archive_write_set_format_pax_restricted(a); +- ++ if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Could not create gzip output filter\n"); ++ exit(EXIT_FAILURE); ++ } ++ if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Format pax restricted is not supported\n"); ++ exit(EXIT_FAILURE); ++ } + if (!strcmp(filename, "-")) { + if (isatty(STDOUT_FILENO)) { + fprintf(stderr, "Error: refusing to output archive data to a terminal.\n"); +@@ -130,9 +135,11 @@ static int process_package(rpmts ts, char * filename) + archive_write_open_fd(a, STDOUT_FILENO); + } else { + char * outname = rstrscat(NULL, filename, ".tgz", NULL); +- archive_write_open_filename(a, outname); ++ if (archive_write_open_filename(a, outname) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Can't open output file: %s\n", outname); ++ exit(EXIT_FAILURE); ++ } + _free(outname); +- // XXX error handling + } + + entry = archive_entry_new(); +-- +2.27.0 + diff --git a/backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch b/backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch new file mode 100644 index 0000000..2c5fd99 --- /dev/null +++ b/backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch @@ -0,0 +1,49 @@ +From 98565f9ed227f5d7d8741c5b16d434e72685f0a1 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Mon, 18 Jan 2021 15:04:47 +0100 +Subject: [PATCH] rpm2archive: Use last part of URL as file name + +when getting a file from an URL. This prevents trying to write the file +at the location of the full URL which fails most of the time. + +Related: #1091 +--- + rpm2archive.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/rpm2archive.c b/rpm2archive.c +index 15c5da016..d96db006e 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -7,7 +7,7 @@ + #include + #include + #include +- ++#include + #include + + #include +@@ -134,7 +134,18 @@ static int process_package(rpmts ts, char * filename) + } + archive_write_open_fd(a, STDOUT_FILENO); + } else { +- char * outname = rstrscat(NULL, filename, ".tgz", NULL); ++ char * outname; ++ if (urlIsURL(filename)) { ++ const char * fname = strrchr(filename, '/'); ++ if (fname != NULL) { ++ fname++; ++ } else { ++ fname = filename; ++ } ++ outname = rstrscat(NULL, fname, ".tgz", NULL); ++ } else { ++ outname = rstrscat(NULL, filename, ".tgz", NULL); ++ } + if (archive_write_open_filename(a, outname) != ARCHIVE_OK) { + fprintf(stderr, "Error: Can't open output file: %s\n", outname); + exit(EXIT_FAILURE); +-- +2.27.0 + diff --git a/backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch b/backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch new file mode 100644 index 0000000..da620fc --- /dev/null +++ b/backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch @@ -0,0 +1,35 @@ +From a18a11924a715ace4b2d8e101688d164390cb188 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 1 Jul 2022 14:44:11 +0200 +Subject: [PATCH] rpm2cpio.sh: Don't drop newlines from header sizes + +This script converts binary header sizes to decimal numbers. Shell is +not that well suited for this task as it drops newlines at the end of +command substitutions. Add a . character at the end and strip it right +after that to avoid this problem. + +Resolves: rhbz#1983015 +--- + scripts/rpm2cpio.sh | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh +index c1c505fc2..f77d5f8cd 100755 +--- a/scripts/rpm2cpio.sh ++++ b/scripts/rpm2cpio.sh +@@ -27,7 +27,11 @@ calcsize() { + + i=0 + while [ $i -lt 8 ]; do +- b="$(_dd $(($offset + $i)) bs=1 count=1)" ++ # add . to not loose \n ++ # strip \0 as it gets dropped with warning otherwise ++ b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)" ++ b=${b%.} # strip . again ++ + [ -z "$b" ] && + b="0" || + b="$(exec printf '%u\n' "'$b")" +-- +2.27.0 + diff --git a/backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch b/backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch new file mode 100644 index 0000000..9649fcb --- /dev/null +++ b/backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch @@ -0,0 +1,27 @@ +From 8f922eb38a096640e586ba0eda96adc093b74fc4 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Wed, 3 Aug 2022 17:19:02 +0200 +Subject: [PATCH] rpm2cpio.sh: only read needed bytes of file magic + +As we look at the first 4 bytes anyway there is no reason to read more. +Reading more also hits a bug in bash on aarch64 (rhbz#2115206). +--- + scripts/rpm2cpio.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh +index 74aeed851..cea0da21b 100755 +--- a/scripts/rpm2cpio.sh ++++ b/scripts/rpm2cpio.sh +@@ -43,7 +43,7 @@ calcsize() { + offset=$(($offset + $rsize)) + } + +-case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in ++case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in + "$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb' + *) fatal "File doesn't look like rpm: $pkg" ;; + esac +-- +2.27.0 + diff --git a/backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch b/backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch new file mode 100644 index 0000000..1027784 --- /dev/null +++ b/backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch @@ -0,0 +1,35 @@ +From d499887c9261fdab4d03ea29316ea5e8fc646bd3 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 1 Jul 2022 14:49:09 +0200 +Subject: [PATCH] rpm2cpio.sh: strip null bytes with tr + +to avoid warnings +--- + scripts/rpm2cpio.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh +index f77d5f8cd..59e8bc518 100755 +--- a/scripts/rpm2cpio.sh ++++ b/scripts/rpm2cpio.sh +@@ -43,7 +43,7 @@ calcsize() { + offset=$(($offset + $rsize)) + } + +-case "$(_dd 0 bs=8 count=1)" in ++case "$(_dd 0 bs=8 count=1 | tr -d '\0')" in + "$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb' + *) fatal "File doesn't look like rpm: $pkg" ;; + esac +@@ -54,7 +54,7 @@ sigsize=$rsize + calcsize $(($offset + (8 - ($sigsize % 8)) % 8)) + hdrsize=$rsize + +-case "$(_dd $offset bs=3 count=1)" in ++case "$(_dd $offset bs=3 count=1 | tr -d '\0')" in + "$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a' + "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b' + "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37' +-- +2.27.0 + diff --git a/rpm.spec b/rpm.spec index 5b2ad65..dbc17db 100644 --- a/rpm.spec +++ b/rpm.spec @@ -1,6 +1,6 @@ Name: rpm Version: 4.15.1 -Release: 39 +Release: 40 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -106,7 +106,6 @@ Patch92: backport-Fix-memory-leak-with-multiple-lang-s-in-one-line.patch Patch93: backport-Always-free-the-arg-list-passed-to-rpmGlob.patch Patch94: backport-Fix-memory-leak-in-decodePkts.patch Patch95: backport-Fix-memory-leaks-in-Lua-rex-extension.patch - Patch96: backport-Ensure-database-creation-on-initial-installation.patch Patch97: backport-Honor-requested-file-permissions-when-creating-ndb-d.patch Patch98: backport-Fix-rpmtsInitDB-argument-confusion.patch @@ -140,27 +139,49 @@ Patch121: backport-Fix-__cplusplus-misspelled-as-_cplusplus.patch Patch122: backport-treat-0-as-valid-file-descriptor.patch Patch123: backport-Skip-recorded-symlinks-in-setperms-RhBug-1900662.patch Patch124: backport-rpmkeys-exit-non-zero-on-I-O-errors.patch +Patch125: backport-Check-that-the-CRC-length-is-correct.patch +Patch126: backport-Make-rpmfiSetFX-return-code-meaningful.patch +Patch127: backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch -Patch125: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch -Patch126: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch -Patch127: backport-Refactor-file-install-and-remove-around-a-common-str.patch -Patch128: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch -Patch129: backport-Drop-unused-filename-variable.patch -Patch130: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch -Patch131: backport-Handle-file-install-failures-more-gracefully.patch -Patch132: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch -Patch133: backport-Make-file-open-and-close-in-fsm-debuggable.patch -Patch134: backport-Streamline-consolidate-the-hardlink-handling-logic.patch -Patch135: backport-Add-diagnostics-to-archive-unpacking.patch -Patch136: backport-Add-optional-callback-on-directory-changes-during-rp.patch -Patch137: backport-0001-CVE-2021-35939-CVE-2021-35937.patch -Patch138: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch -Patch139: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch -Patch140: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch -Patch141: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch -Patch142: backport-Move-file-metadata-setting-back-to-unpack-stage.patch -Patch143: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch -Patch144: backport-0001-CVE-2021-35938.patch +Patch128: backport-Upgrade-FA_TOUCH-to-FA_CREATE-if-the-file-went-away-.patch +Patch129: backport-Clean-up-file-unpack-iteration-logic-a-bit.patch +Patch130: backport-Refactor-file-install-and-remove-around-a-common-str.patch +Patch131: backport-Refactor-fsmMkfile-to-take-advantage-of-the-new-stat.patch +Patch132: backport-Drop-unused-filename-variable.patch +Patch133: backport-Handle-hardlink-tracking-with-a-file-state-pointer.patch +Patch134: backport-Handle-file-install-failures-more-gracefully.patch +Patch135: backport-Add-hardlink-helper-to-fsm-to-make-it-debuggable.patch +Patch136: backport-Make-file-open-and-close-in-fsm-debuggable.patch +Patch137: backport-Streamline-consolidate-the-hardlink-handling-logic.patch +Patch138: backport-Add-diagnostics-to-archive-unpacking.patch +Patch139: backport-Add-optional-callback-on-directory-changes-during-rp.patch +Patch140: backport-0001-CVE-2021-35939-CVE-2021-35937.patch +Patch141: backport-Consolidate-skipped-hardlink-with-content-case-with-.patch +Patch142: backport-Fix-sanitize-the-hardlink-metadata-setting-logic.patch +Patch143: backport-Convert-the-file-creation-steps-the-at-family-of-cal.patch +Patch144: backport-Bury-rpmio-FD-use-to-fsmUnpack.patch +Patch145: backport-Move-file-metadata-setting-back-to-unpack-stage.patch +Patch146: backport-Return-descriptor-of-created-file-from-fsmMkfile.patch +Patch147: backport-0001-CVE-2021-35938.patch + +Patch148: backport-rpm2archive-Add-more-error-handling.patch +Patch149: backport-rpm2archive-Use-last-part-of-URL-as-file-name.patch +Patch150: backport-Revert-Redirect-macro-stack-backtrace-printing-to-de.patch +Patch151: backport-Conditionalize-macro-traceback-dump-on-rpm-verbosity.patch +Patch152: backport-Prevent-NULL-deref-in-rpmfsGetStates.patch +Patch153: backport-Fix-memory-leak-in-pgpPrtParams-2.patch +Patch154: backport-Fix-return-value-checks-in-OpenSSL-code.patch +Patch155: backport-Avoid-double-frees-if-EVP_PKEY_assign_RSA-fails.patch +Patch156: backport-Require-creation-time-to-be-unique-and-hashed.patch +Patch157: backport-Add-a-hashed-flag-to-pgpPrtSubtype.patch +Patch158: backport-Parse-key-usage-flags.patch +Patch159: backport-Ignore-subkeys-that-cannot-be-used-for-signing.patch +Patch160: backport-Avoid-unneded-MPI-reparsing.patch +Patch161: backport-Fix-OpenPGP-key-ID-parsing-regression.patch +Patch162: backport-Fix-changelog-parsing-affecting-caller-timezone-stat.patch +Patch163: backport-rpm2cpio.sh-Don-t-drop-newlines-from-header-sizes.patch +Patch164: backport-rpm2cpio.sh-strip-null-bytes-with-tr.patch +Patch165: backport-rpm2cpio.sh-only-read-needed-bytes-of-file-magic.patch BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel libdb-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel @@ -444,6 +465,12 @@ make check || (cat tests/rpmtests.log; exit 0) %{_mandir}/man1/gendiff.1* %changelog +* Mon Nov 07 2022 renhongxun - 4.15.1-40 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:sync patches from upstream + * Fri Nov 04 2022 renhongxun - 4.15.1-39 - Type:bugfix - ID:NA