rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB

Since commits [Place file signatures into the signature header where they belong][1] applied, run `rpm -Kv **.rpm' failed if signature header is larger than 64KB. Here are steps: 1) A unsigned rpm package, the size is 227560 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 2) Sign the rpm package $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm 3) The size of signed rpm is 312208 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 4) Run `rpm -Kv' failed with signature hdr data out of range $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm xz-src-5.2.5-r0.corei7_64.rpm: error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of bytes(88864) out of range >From 1) and 3), the size of signed rpm package increased 312208 - 227560 = 84648, so the check of dl_max (64KB,65536) is not enough. As [1] said: This also means the signature header can be MUCH bigger than ever before,so bump up the limit (to 64MB, arbitrary something for now) So [1] missed to multiply by 1024. [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c (From OE-Core rev: 8359bdd60afafd80d354f7f40ed648643d8db292) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2020-06-03 14:55:31 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-06-04 13:27:32 +0100
commit: 7adde4fa40d7ab15398c25504a7e3bd963ed1ca0 (patch)
tree: ad9adad3b4fa8f840c78a0c9a962b7a885a90e90 /meta/recipes-devtools/rpm
parent: e4faf3b3d00ec11e39e76120617e5a782c322920 (diff)
download: poky-7adde4fa40d7ab15398c25504a7e3bd963ed1ca0.tar.gz
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch
new file mode 100644
index 0000000000..0a19c12a7a
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch
@@ -0,0 +1,62 @@
+From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 3 Jun 2020 10:25:24 +0800
+Subject: [PATCH] Bump up the limit of signature header to 64MB
+Since commits [Place file signatures into the signature header where they
+belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
+is larger than 64KB. Here are steps:
+1) A unsigned rpm package, the size is 227560 bytes
+$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
+-rw-------. 1 mockbuild 1000 227560 Jun  3 09:59
+2) Sign the rpm package
+$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
+3) The size of signed rpm is 312208 bytes
+$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
+-rw-------. 1 mockbuild 1000 312208 Jun  3 09:48
+4) Run `rpm -Kv' failed with signature hdr data out of range
+$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
+xz-src-5.2.5-r0.corei7_64.rpm:
+error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
+bytes(88864) out of range
+From 1) and 3), the size of signed rpm package increased
+312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
+is not enough.
+As [1] said:
+    This also means the signature header can be MUCH bigger than ever
+    before,so bump up the limit (to 64MB, arbitrary something for now)
+So [1] missed to multiply by 1024.
+[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ lib/header.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/header.c b/lib/header.c
+index 9ec7ed0..cbf6890 100644
+--- a/lib/header.c
+++ b/lib/header.c
+@@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl
+ 
+     if (regionTag == RPMTAG_HEADERSIGNATURES) {
+        il_max = 32;
+-       dl_max = 64 * 1024;
+       dl_max = 64 * 1024 * 1024;
+     }
+ 
+     memset(block, 0, sizeof(block));
+-- 
+2.25.4
diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
index 8add142461..cbe1acffe2 100644
--- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
@@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
           file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
           file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
           file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \
+           file://0001-Bump-up-the-limit-of-signature-header-to-64MB.patch \
           "
 PE = "1"
author	Hongxu Jia <hongxu.jia@windriver.com>	2020-06-03 14:55:31 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-06-04 13:27:32 +0100
commit	7adde4fa40d7ab15398c25504a7e3bd963ed1ca0 (patch)
tree	ad9adad3b4fa8f840c78a0c9a962b7a885a90e90 /meta/recipes-devtools/rpm
parent	e4faf3b3d00ec11e39e76120617e5a782c322920 (diff)
download	poky-7adde4fa40d7ab15398c25504a7e3bd963ed1ca0.tar.gz

diff --git a/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch new file mode 100644 index 0000000000..0a19c12a7a --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch
@@ -0,0 +1,62 @@
		1	From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001
		2	From: Hongxu Jia <hongxu.jia@windriver.com>
		3	Date: Wed, 3 Jun 2020 10:25:24 +0800
		4	Subject: [PATCH] Bump up the limit of signature header to 64MB
		5
		6	Since commits [Place file signatures into the signature header where they
		7	belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
		8	is larger than 64KB. Here are steps:
		9
		10	1) A unsigned rpm package, the size is 227560 bytes
		11	$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
		12	-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59
		13
		14	2) Sign the rpm package
		15	$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
		16
		17	3) The size of signed rpm is 312208 bytes
		18	$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
		19	-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48
		20
		21	4) Run `rpm -Kv' failed with signature hdr data out of range
		22	$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
		23	xz-src-5.2.5-r0.corei7_64.rpm:
		24	error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
		25	bytes(88864) out of range
		26
		27	From 1) and 3), the size of signed rpm package increased
		28	312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
		29	is not enough.
		30
		31	As [1] said:
		32
		33	This also means the signature header can be MUCH bigger than ever
		34	before,so bump up the limit (to 64MB, arbitrary something for now)
		35
		36	So [1] missed to multiply by 1024.
		37
		38	[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
		39
		40	Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5]
		41
		42	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
		43	---
		44	lib/header.c \| 2 +-
		45	1 file changed, 1 insertion(+), 1 deletion(-)
		46
		47	diff --git a/lib/header.c b/lib/header.c
		48	index 9ec7ed0..cbf6890 100644
		49	--- a/lib/header.c
		50	+++ b/lib/header.c
		51	@@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl
		52
		53	if (regionTag == RPMTAG_HEADERSIGNATURES) {
		54	il_max = 32;
		55	- dl_max = 64 * 1024;
		56	+ dl_max = 64 * 1024 * 1024;
		57	}
		58
		59	memset(block, 0, sizeof(block));
		60	--
		61	2.25.4
		62


diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb index 8add142461..cbe1acffe2 100644 --- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
@@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
40	file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \	40	file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
41	file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \	41	file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
42	file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \	42	file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \
		43	file://0001-Bump-up-the-limit-of-signature-header-to-64MB.patch \
43	"	44	"
44		45
45	PE = "1"	46	PE = "1"