diff --git a/.gitignore b/.gitignore index 41a57b5..87a2062 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,4 @@ /rpm-4.18.0-rc1.tar.bz2 /rpm-4.18.0.tar.bz2 /rpm-4.18.1.tar.bz2 +/rpm-4.18.2.tar.bz2 diff --git a/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch b/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch deleted file mode 100644 index b00d377..0000000 --- a/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch +++ /dev/null @@ -1,267 +0,0 @@ -From e75ae70ef1a152dac9a066506cafd2bbf7b2565e Mon Sep 17 00:00:00 2001 -Message-Id: -From: "Neal H. Walfield" -Date: Wed, 12 Apr 2023 17:56:19 +0200 -Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2() - -Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are -like their earlier versions, but optionally return descriptive error -messages (in the case of failure) or lints (in the case of success). -Adjust tests accordingly. - -This requires rpm-sequoia 1.4 or later. - -See https://github.com/rpm-software-management/rpm-sequoia/issues/39 -and -https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398 - -Fixes #2483. - -This is a backport of commit 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 ---- - configure.ac | 2 +- - include/rpm/rpmpgp.h | 23 +++++++++++++++++++++++ - lib/rpmvs.c | 19 ++++++++++++++++--- - rpmio/rpmkeyring.c | 7 ++++++- - rpmio/rpmpgp_internal.c | 15 +++++++++++++++ - rpmio/rpmpgp_sequoia.c | 7 +++++++ - tests/rpmi.at | 10 ++++++++-- - tests/rpmsigdig.at | 20 +++++++++++++++++--- - 9 files changed, 95 insertions(+), 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e6676c581..1d173e4e2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB) - WITH_RPM_SEQUOIA_INCLUDE= - WITH_RPM_SEQUOIA_LIB= - if test "$with_crypto" = sequoia ; then -- PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no]) -+ PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia >= 1.4.0], [have_rpm_sequoia=yes], [have_rpm_sequoia=no]) - if test "$have_rpm_sequoia" = "yes"; then - WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS" - WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS" -diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h -index a3238a643..3352129b8 100644 ---- a/include/rpm/rpmpgp.h -+++ b/include/rpm/rpmpgp.h -@@ -1013,6 +1013,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid); - int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret); - -+/** \ingroup rpmpgp -+ * Parse a OpenPGP packet(s). -+ * @param pkts OpenPGP packet(s) -+ * @param pktlen OpenPGP packet(s) length (no. of bytes) -+ * @param pkttype Expected packet type (signature/key) or 0 for any -+ * @param[out] ret signature/pubkey packet parameters on success (alloced) -+ * @param[out] lints error messages and lints -+ * @return -1 on error, 0 on success -+ */ -+int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype, -+ pgpDigParams * ret, char **lints); -+ - /** \ingroup rpmpgp - * Parse subkey parameters from OpenPGP packet(s). - * @param pkts OpenPGP packet(s) -@@ -1191,6 +1203,17 @@ const uint8_t *pgpDigParamsSignID(pgpDigParams digp); - */ - const char *pgpDigParamsUserID(pgpDigParams digp); - -+/** \ingroup rpmpgp -+ * Verify a PGP signature and return a error message or lint. -+ * @param key public key -+ * @param sig signature -+ * @param hashctx digest context -+ * @param lints error messages and lints -+ * @return RPMRC_OK on success -+ */ -+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, -+ char **lints); -+ - /** \ingroup rpmpgp - * Retrieve the object's version. - * -diff --git a/lib/rpmvs.c b/lib/rpmvs.c -index a1425ea17..9b2106927 100644 ---- a/lib/rpmvs.c -+++ b/lib/rpmvs.c -@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo, - } - - if (sinfo->type == RPMSIG_SIGNATURE_TYPE) { -- if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) { -- rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"), -- origin, td->tag); -+ char *lints = NULL; -+ int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints); -+ if (ec) { -+ if (lints) { -+ rasprintf(&sinfo->msg, -+ ("%s tag %u: invalid OpenPGP signature: %s"), -+ origin, td->tag, lints); -+ free(lints); -+ } else { -+ rasprintf(&sinfo->msg, -+ _("%s tag %u: invalid OpenPGP signature"), -+ origin, td->tag); -+ } - goto exit; -+ } else if (lints) { -+ rpmlog(RPMLOG_WARNING, "%s\n", lints); -+ free(lints); - } - sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO); - sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4); -diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c -index db72892d9..712004bc8 100644 ---- a/rpmio/rpmkeyring.c -+++ b/rpmio/rpmkeyring.c -@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx) - pgpkey = key->pgpkey; - - /* We call verify even if key not found for a signature sanity check */ -- rc = pgpVerifySignature(pgpkey, sig, ctx); -+ char *lints = NULL; -+ rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints); -+ if (lints) { -+ rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints); -+ free(lints); -+ } - } - - if (keyring) -diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c -index 0fcd220e4..a049c09b2 100644 ---- a/rpmio/rpmpgp_internal.c -+++ b/rpmio/rpmpgp_internal.c -@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - return rc; - } - -+int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, -+ pgpDigParams * ret, char **lints) -+{ -+ if (lints) -+ *lints = NULL; -+ return pgpPrtParams(pkts, pktlen, pkttype, ret); -+} -+ - int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - pgpDigParams mainkey, pgpDigParams **subkeys, - int *subkeysCount) -@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx) - pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx); - } - -+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints) -+{ -+ if (lints) -+ *lints = NULL; -+ return pgpVerifySignature(key, sig, hashctx); -+} -+ - static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) - { - const char * enc = NULL; -diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c -index e01acd0e9..2141bbf30 100644 ---- a/rpmio/rpmpgp_sequoia.c -+++ b/rpmio/rpmpgp_sequoia.c -@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp)) - W(rpmRC, pgpVerifySignature, - (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx), - (key, sig, hashctx)) -+W(rpmRC, pgpVerifySignature2, -+ (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints), -+ (key, sig, hashctx, lints)) - W(int, pgpPubkeyKeyID, - (const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid), - (pkt, pktlen, keyid)) -@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen, - W(int, pgpPrtParams, - (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret), - (pkts, pktlen, pkttype, ret)) -+W(int, pgpPrtParams2, -+ (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret, -+ char **lints), -+ (pkts, pktlen, pkttype, ret, lints)) - W(int, pgpPrtParamsSubkeys, - (const uint8_t *pkts, size_t pktlen, - pgpDigParams mainkey, pgpDigParams **subkeys, -diff --git a/tests/rpmi.at b/tests/rpmi.at -index 7c8f25eff..d67185d5b 100644 ---- a/tests/rpmi.at -+++ b/tests/rpmi.at -@@ -254,7 +254,7 @@ AT_CLEANUP - - AT_SETUP([rpm -U ]) - AT_KEYWORDS([install]) --AT_CHECK([ -+AT_CHECK_UNQUOTED([ - RPMDB_INIT - - pkg="hello-2.0-1.x86_64-signed.rpm" -@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \ - ], - [1], - [], --[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) -+[`if test x$PGP = xinternal; then -+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' -+else -+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' -+ echo ' Failed to parse Signature Packet' -+ echo ' because: Malformed packet: Subpacket extends beyond the end of the subpacket area)' -+fi` - error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed - ]) - AT_CLEANUP -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 5b1c6c4a6..e5482735a 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -539,7 +539,7 @@ AT_CLEANUP - # Test pre-built corrupted package verification (corrupted signature) - AT_SETUP([rpmkeys -Kv 1]) - AT_KEYWORDS([rpmkeys digest signature]) --AT_CHECK([ -+AT_CHECK_UNQUOTED([ - RPMDB_INIT - - pkg="hello-2.0-1.x86_64-signed.rpm" -@@ -553,14 +553,28 @@ runroot rpmkeys -Kv /tmp/${pkg} - ], - [1], - [/tmp/hello-2.0-1.x86_64-signed.rpm: -- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) -+`if test x$PGP = xinternal; then -+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' -+else -+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' -+ echo ' Failed to parse Signature Packet' -+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see .' -+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' -+fi` - Header SHA256 digest: OK - Header SHA1 digest: OK - Payload SHA256 digest: OK - V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY - MD5 digest: OK - /tmp/hello-2.0-1.x86_64-signed.rpm: -- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) -+`if test x$PGP = xinternal; then -+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' -+else -+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' -+ echo ' Failed to parse Signature Packet' -+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see .' -+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' -+fi` - Header SHA256 digest: OK - Header SHA1 digest: OK - Payload SHA256 digest: OK --- -2.40.0 - diff --git a/rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch b/rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch new file mode 100644 index 0000000..d69bf52 --- /dev/null +++ b/rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch @@ -0,0 +1,225 @@ +diff -up rpm-4.18.2/configure.ac.orig rpm-4.18.2/configure.ac +--- rpm-4.18.2/configure.ac.orig 2023-11-13 13:18:27.694107699 +0100 ++++ rpm-4.18.2/configure.ac 2023-11-13 16:18:59.917784964 +0100 +@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB) + WITH_RPM_SEQUOIA_INCLUDE= + WITH_RPM_SEQUOIA_LIB= + if test "$with_crypto" = sequoia ; then +- PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no]) ++ PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia >= 1.4.0], [have_rpm_sequoia=yes], [have_rpm_sequoia=no]) + if test "$have_rpm_sequoia" = "yes"; then + WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS" + WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS" +diff -up rpm-4.18.2/include/rpm/rpmpgp.h.orig rpm-4.18.2/include/rpm/rpmpgp.h +--- rpm-4.18.2/include/rpm/rpmpgp.h.orig 2023-11-13 13:18:27.697107681 +0100 ++++ rpm-4.18.2/include/rpm/rpmpgp.h 2023-11-13 16:18:59.918784958 +0100 +@@ -1014,6 +1014,18 @@ int pgpPrtParams(const uint8_t *pkts, si + pgpDigParams * ret); + + /** \ingroup rpmpgp ++ * Parse a OpenPGP packet(s). ++ * @param pkts OpenPGP packet(s) ++ * @param pktlen OpenPGP packet(s) length (no. of bytes) ++ * @param pkttype Expected packet type (signature/key) or 0 for any ++ * @param[out] ret signature/pubkey packet parameters on success (alloced) ++ * @param[out] lints error messages and lints ++ * @return -1 on error, 0 on success ++ */ ++int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype, ++ pgpDigParams * ret, char **lints); ++ ++/** \ingroup rpmpgp + * Parse subkey parameters from OpenPGP packet(s). + * @param pkts OpenPGP packet(s) + * @param pktlen OpenPGP packet(s) length (no. of bytes) +@@ -1192,6 +1204,17 @@ const uint8_t *pgpDigParamsSignID(pgpDig + const char *pgpDigParamsUserID(pgpDigParams digp); + + /** \ingroup rpmpgp ++ * Verify a PGP signature and return a error message or lint. ++ * @param key public key ++ * @param sig signature ++ * @param hashctx digest context ++ * @param lints error messages and lints ++ * @return RPMRC_OK on success ++ */ ++rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, ++ char **lints); ++ ++/** \ingroup rpmpgp + * Retrieve the object's version. + * + * Returns the object's version. +diff -up rpm-4.18.2/lib/rpmvs.c.orig rpm-4.18.2/lib/rpmvs.c +--- rpm-4.18.2/lib/rpmvs.c.orig 2023-11-13 13:18:27.703107645 +0100 ++++ rpm-4.18.2/lib/rpmvs.c 2023-11-13 16:18:59.918784958 +0100 +@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vf + } + + if (sinfo->type == RPMSIG_SIGNATURE_TYPE) { +- if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) { +- rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"), +- origin, td->tag); ++ char *lints = NULL; ++ int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints); ++ if (ec) { ++ if (lints) { ++ rasprintf(&sinfo->msg, ++ ("%s tag %u: invalid OpenPGP signature: %s"), ++ origin, td->tag, lints); ++ free(lints); ++ } else { ++ rasprintf(&sinfo->msg, ++ _("%s tag %u: invalid OpenPGP signature"), ++ origin, td->tag); ++ } + goto exit; ++ } else if (lints) { ++ rpmlog(RPMLOG_WARNING, "%s\n", lints); ++ free(lints); + } + sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO); + sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4); +diff -up rpm-4.18.2/rpmio/rpmkeyring.c.orig rpm-4.18.2/rpmio/rpmkeyring.c +--- rpm-4.18.2/rpmio/rpmkeyring.c.orig 2023-11-13 13:18:27.719107550 +0100 ++++ rpm-4.18.2/rpmio/rpmkeyring.c 2023-11-13 16:18:59.919784952 +0100 +@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring key + pgpkey = key->pgpkey; + + /* We call verify even if key not found for a signature sanity check */ +- rc = pgpVerifySignature(pgpkey, sig, ctx); ++ char *lints = NULL; ++ rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints); ++ if (lints) { ++ rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints); ++ free(lints); ++ } + } + + if (keyring) +diff -up rpm-4.18.2/rpmio/rpmpgp_internal.c.orig rpm-4.18.2/rpmio/rpmpgp_internal.c +--- rpm-4.18.2/rpmio/rpmpgp_internal.c.orig 2023-11-13 13:18:27.719107550 +0100 ++++ rpm-4.18.2/rpmio/rpmpgp_internal.c 2023-11-13 16:18:59.919784952 +0100 +@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, s + return rc; + } + ++int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, ++ pgpDigParams * ret, char **lints) ++{ ++ if (lints) ++ *lints = NULL; ++ return pgpPrtParams(pkts, pktlen, pkttype, ret); ++} ++ + int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, + pgpDigParams mainkey, pgpDigParams **subkeys, + int *subkeysCount) +@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CT + pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx); + } + ++rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints) ++{ ++ if (lints) ++ *lints = NULL; ++ return pgpVerifySignature(key, sig, hashctx); ++} ++ + static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen) + { + const char * enc = NULL; +diff -up rpm-4.18.2/rpmio/rpmpgp_sequoia.c.orig rpm-4.18.2/rpmio/rpmpgp_sequoia.c +--- rpm-4.18.2/rpmio/rpmpgp_sequoia.c.orig 2023-11-13 13:18:27.719107550 +0100 ++++ rpm-4.18.2/rpmio/rpmpgp_sequoia.c 2023-11-13 16:18:59.919784952 +0100 +@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (p + W(rpmRC, pgpVerifySignature, + (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx), + (key, sig, hashctx)) ++W(rpmRC, pgpVerifySignature2, ++ (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints), ++ (key, sig, hashctx, lints)) + W(int, pgpPubkeyKeyID, + (const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid), + (pkt, pktlen, keyid)) +@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen, + W(int, pgpPrtParams, + (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret), + (pkts, pktlen, pkttype, ret)) ++W(int, pgpPrtParams2, ++ (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret, ++ char **lints), ++ (pkts, pktlen, pkttype, ret, lints)) + W(int, pgpPrtParamsSubkeys, + (const uint8_t *pkts, size_t pktlen, + pgpDigParams mainkey, pgpDigParams **subkeys, +diff -up rpm-4.18.2/tests/rpmi.at.orig rpm-4.18.2/tests/rpmi.at +--- rpm-4.18.2/tests/rpmi.at.orig 2023-11-13 13:18:27.721107538 +0100 ++++ rpm-4.18.2/tests/rpmi.at 2023-11-13 16:21:40.657790792 +0100 +@@ -254,7 +254,7 @@ RPMTEST_CLEANUP + + AT_SETUP([rpm -U ]) + AT_KEYWORDS([install]) +-RPMTEST_CHECK([ ++RPMTEST_CHECK_UNQUOTED([ + RPMDB_INIT + + pkg="hello-2.0-1.x86_64-signed.rpm" +@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos - + ], + [1], + [], +-[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) ++[`if test x$PGP = xinternal; then ++ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' ++else ++ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' ++ echo ' Failed to parse Signature Packet' ++ echo ' because: Malformed packet: Subpacket extends beyond the end of the subpacket area)' ++fi` + error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed + ]) + RPMTEST_CLEANUP +diff -up rpm-4.18.2/tests/rpmsigdig.at.orig rpm-4.18.2/tests/rpmsigdig.at +--- rpm-4.18.2/tests/rpmsigdig.at.orig 2023-11-13 13:18:27.722107532 +0100 ++++ rpm-4.18.2/tests/rpmsigdig.at 2023-11-13 16:21:03.842018500 +0100 +@@ -539,7 +539,7 @@ RPMTEST_CLEANUP + # Test pre-built corrupted package verification (corrupted signature) + AT_SETUP([rpmkeys -Kv 1]) + AT_KEYWORDS([rpmkeys digest signature]) +-RPMTEST_CHECK([ ++RPMTEST_CHECK_UNQUOTED([ + RPMDB_INIT + + pkg="hello-2.0-1.x86_64-signed.rpm" +@@ -553,14 +553,28 @@ runroot rpmkeys -Kv /tmp/${pkg} + ], + [1], + [/tmp/hello-2.0-1.x86_64-signed.rpm: +- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) ++`if test x$PGP = xinternal; then ++ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' ++else ++ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' ++ echo ' Failed to parse Signature Packet' ++ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see .' ++ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' ++fi` + Header SHA256 digest: OK + Header SHA1 digest: OK + Payload SHA256 digest: OK + V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY + MD5 digest: OK + /tmp/hello-2.0-1.x86_64-signed.rpm: +- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) ++`if test x$PGP = xinternal; then ++ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' ++else ++ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' ++ echo ' Failed to parse Signature Packet' ++ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see .' ++ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' ++fi` + Header SHA256 digest: OK + Header SHA1 digest: OK + Payload SHA256 digest: OK diff --git a/rpm.spec b/rpm.spec index e650700..690e491 100644 --- a/rpm.spec +++ b/rpm.spec @@ -30,9 +30,9 @@ %define rpmhome /usr/lib/rpm -%global rpmver 4.18.1 +%global rpmver 4.18.2 #global snapver rc1 -%global baserelease 3 +%global baserelease 1 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -134,7 +134,7 @@ rpm-4.18.x-siteconfig.patch rpm-4.9.90-no-man-dirs.patch # Patches already upstream: -0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch +rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch # These are not yet upstream rpm-4.7.1-geode-i686.patch @@ -618,6 +618,9 @@ fi %doc docs/librpm/html/* %changelog +* Mon Nov 13 2023 Michal Domonkos - 4.18.2-1 +- Rebase to rpm 4.18.2 (https://rpm.org/wiki/Releases/4.18.2) + * Tue Apr 25 2023 Miro HronĨok - 4.18.1-3 - Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2 diff --git a/sources b/sources index fee455b..7992bed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c +SHA512 (rpm-4.18.2.tar.bz2) = 1544efef04190299ac988f52c4f6e58ba9ff8943fe1f3e1353fb2bf4d73248935dac65a8a73b32c5d2d96f6875ce25c5196a78ed645d9504465cf1e89e0a268a