rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB

Since commits [Place file signatures into the signature header where they belong][1] applied, run `rpm -Kv **.rpm' failed if signature header is larger than 64KB. Here are steps: 1) A unsigned rpm package, the size is 227560 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 2) Sign the rpm package $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm 3) The size of signed rpm is 312208 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 4) Run `rpm -Kv' failed with signature hdr data out of range $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm xz-src-5.2.5-r0.corei7_64.rpm: error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of bytes(88864) out of range >From 1) and 3), the size of signed rpm package increased 312208 - 227560 = 84648, so the check of dl_max (64KB,65536) is not enough. As [1] said: This also means the signature header can be MUCH bigger than ever before,so bump up the limit (to 64MB, arbitrary something for now) So [1] missed to multiply by 1024. [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c (From OE-Core rev: 8359bdd60afafd80d354f7f40ed648643d8db292) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-06-01 13:09:50 +00:00 · 2020-06-03 14:55:31 +08:00
parent e4faf3b3d0
commit 7adde4fa40
2 changed files with 63 additions and 0 deletions
@@ -0,0 +1,62 @@
 From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu.jia@windriver.com>
 Date: Wed, 3 Jun 2020 10:25:24 +0800
 Subject: [PATCH] Bump up the limit of signature header to 64MB
 Since commits [Place file signatures into the signature header where they
 belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
 is larger than 64KB. Here are steps:
 1) A unsigned rpm package, the size is 227560 bytes
 $ ls -al xz-src-5.2.5-r0.corei7_64.rpm
 -rw-------. 1 mockbuild 1000 227560 Jun  3 09:59
 2) Sign the rpm package
 $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
 3) The size of signed rpm is 312208 bytes
 $ ls -al xz-src-5.2.5-r0.corei7_64.rpm
 -rw-------. 1 mockbuild 1000 312208 Jun  3 09:48
 4) Run `rpm -Kv' failed with signature hdr data out of range
 $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
 xz-src-5.2.5-r0.corei7_64.rpm:
 error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
 bytes(88864) out of range
 From 1) and 3), the size of signed rpm package increased
 312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
 is not enough.
 As [1] said:
    This also means the signature header can be MUCH bigger than ever
    before,so bump up the limit (to 64MB, arbitrary something for now)
 So [1] missed to multiply by 1024.
 [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
 Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5]
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
 lib/header.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/header.c b/lib/header.c
 index 9ec7ed0..cbf6890 100644
 --- a/lib/header.c
 +++ b/lib/header.c
@@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl
     if (regionTag == RPMTAG_HEADERSIGNATURES) {
 	il_max = 32;
 -	dl_max = 64 * 1024;
 +	dl_max = 64 * 1024 * 1024;
     }
     memset(block, 0, sizeof(block));
 -- 
 2.25.4
@@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
           file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \
           file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
           file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \
           file://0001-Bump-up-the-limit-of-signature-header-to-64MB.patch \
           "
 PE = "1"