[packages/rpm] - up to 6.0.1 with build fixes for legacy rpmpgp

baggins baggins at pld-linux.org
Fri Dec 12 21:52:09 CET 2025 

commit 2a9aeb027a67a9ae174d036aa81f4bcfcf4c9a20
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Fri Dec 12 23:51:26 2025 +0100

    - up to 6.0.1 with build fixes for legacy rpmpgp

 rpm.spec                |  12 ++--
 rpmpgp_legacy-git.patch | 173 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 181 insertions(+), 4 deletions(-)
---
diff --git a/rpm.spec b/rpm.spec
index e0d1050..981ba04 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -33,13 +33,13 @@ Summary(pt_BR.UTF-8):	Gerenciador de pacotes RPM
 Summary(ru.UTF-8):	Менеджер пакетов от RPM
 Summary(uk.UTF-8):	Менеджер пакетів від RPM
 Name:		rpm
-Version:	6.0.0
-Release:	0.5
+Version:	6.0.1
+Release:	0.1
 Epoch:		1
 License:	GPL v2 / LGPL v2.1
 Group:		Base
 Source0:	http://ftp.rpm.org/releases/rpm-6.0.x/%{name}-%{version}.tar.bz2
-# Source0-md5:	1236be21f762cc9728462a0e910e1497
+# Source0-md5:	b71495ca9f3a611a1d5d9bf48c048fab
 Source1:	ftp://ftp.pld-linux.org/dists/th/PLD-3.0-Th-GPG-key.asc
 # Source1-md5:	23914bb49fafe7153cee87126d966461
 Source100:	https://github.com/rpm-software-management/rpmpgp_legacy/archive/1.1/rpmpgp_legacy-1.1.tar.gz
@@ -89,6 +89,7 @@ Patch30:	no-exe-for-elf-req.patch
 Patch33:	disable-sysusers.patch
 Patch34:	export-interfaces-for-poldek.patch
 Patch35:	no-enforce-signatures.patch
+Patch36:	rpmpgp_legacy-git.patch
 URL:		https://rpm.org/
 BuildRequires:	acl-devel
 %{?with_audit:BuildRequires:	audit-libs-devel}
@@ -653,7 +654,10 @@ Dokumentacja API RPM-a oraz przewodniki w formacie HTML generowane ze
 # generate Group translations to *.po
 awk -f %{SOURCE6} %{SOURCE5}
 
-%{!?with_sequoia:ln -s ../rpmpgp_legacy-1.1 rpmio/rpmpgp_legacy}
+%if %{without sequoia}
+%patch -P36 -p1
+ln -s ../rpmpgp_legacy-1.1 rpmio/rpmpgp_legacy
+%endif
 
 # rpm checks for CPU type at runtime, but it looks better
 %{__sed} -i \
diff --git a/rpmpgp_legacy-git.patch b/rpmpgp_legacy-git.patch
new file mode 100644
index 0000000..2966bff
--- /dev/null
+++ b/rpmpgp_legacy-git.patch
@@ -0,0 +1,173 @@
+diff --git a/rpmpgp_legacy-1.1/rpmpgp_internal.c b/rpmpgp_legacy-1.1/rpmpgp_internal.c
+index 7e8c6ac..c0a1cc6 100644
+--- a/rpmpgp_legacy-1.1/rpmpgp_internal.c
++++ b/rpmpgp_legacy-1.1/rpmpgp_internal.c
+@@ -9,7 +9,6 @@
+ #include <rpm/rpmstring.h>
+ #include <rpm/rpmlog.h>
+ 
+-#include "rpmpgpval.h"
+ #include "rpmpgp_internal.h"
+ 
+ #include "debug.h"
+@@ -495,6 +494,16 @@ static rpmpgpRC pgpPrtSubType(const uint8_t *h, size_t hlen, pgpDigParams _digp,
+ 	    }
+ 	    break;
+ 
++	case PGPSUBTYPE_ISSUER_FINGERPRINT:
++	    if (plen - 1 < 17)
++		break;
++	    impl = 1;
++	    if (p[1] == 4 && plen - 1 == 21 && !(_digp->saved & PGPDIG_SAVED_ID)) {
++		memcpy(_digp->signid, p + plen - sizeof(_digp->signid), sizeof(_digp->signid));
++		_digp->saved |= PGPDIG_SAVED_ID;
++	    }
++	    break;
++
+ 	case PGPSUBTYPE_KEY_FLAGS:
+ 	    if (!hashed)
+ 		break;	/* Subpackets in the unhashed section cannot be trusted */
+diff --git a/rpmpgp_legacy-1.1/rpmpgp_internal.h b/rpmpgp_legacy-1.1/rpmpgp_internal.h
+index a5ff60c..b0e0e40 100644
+--- a/rpmpgp_legacy-1.1/rpmpgp_internal.h
++++ b/rpmpgp_legacy-1.1/rpmpgp_internal.h
+@@ -163,7 +163,9 @@ rpmpgpRC pgpMergeKeys(const uint8_t *pkts1, size_t pktlen1, const uint8_t *pkts2
+ RPM_GNUC_INTERNAL
+ uint32_t pgpCurrentTime(void);
+ 
+-RPM_GNUC_INTERNAL
+ uint32_t pgpDigParamsModificationTime(pgpDigParams digp);
+ 
++int pgpDigParamsSalt(pgpDigParams digp, const uint8_t **datap, size_t *lenp);
++
++
+ #endif /* _RPMPGP_INTERNAL_H */
+diff --git a/rpmpgp_legacy-1.1/rpmpgp_internal_api.c b/rpmpgp_legacy-1.1/rpmpgp_internal_api.c
+index 8619915..bbbd664 100644
+--- a/rpmpgp_legacy-1.1/rpmpgp_internal_api.c
++++ b/rpmpgp_legacy-1.1/rpmpgp_internal_api.c
+@@ -278,3 +278,13 @@ rpmRC pgpPubkeyMerge(const uint8_t *pkts1, size_t pkts1len, const uint8_t *pkts2
+     return rc == RPMPGP_OK ? RPMRC_OK : RPMRC_FAIL;
+ }
+ 
++int pgpDigParamsSalt(pgpDigParams digp, const uint8_t **datap, size_t *lenp)
++{
++    if(!digp || !datap || !lenp)
++        return -1;
++    if (digp->tag != PGPTAG_SIGNATURE || digp->version >= 6)
++	return -1;	/* unsupported */
++    *datap = NULL;
++    *lenp = 0;
++    return 0;
++}
+diff --git a/rpmpgp_legacy-1.1/rpmpgp_internal_armor.c b/rpmpgp_legacy-1.1/rpmpgp_internal_armor.c
+index 505bb5c..8396b6c 100644
+--- a/rpmpgp_legacy-1.1/rpmpgp_internal_armor.c
++++ b/rpmpgp_legacy-1.1/rpmpgp_internal_armor.c
+@@ -9,27 +9,8 @@
+ #include <rpm/rpmlog.h>
+ #include <rpm/rpmbase64.h>
+ 
+-#include "rpmpgpval.h"
+ #include "rpmpgp_internal.h"
+ 
+-/** \ingroup rpmpgp
+- * Return value of an OpenPGP string.
+- * @param vs		table of (string,value) pairs
+- * @param s		string token to lookup
+- * @param se		end-of-string address
+- * @return		byte value
+- */
+-static inline
+-int pgpValTok(pgpValTbl vs, const char * s, const char * se)
+-{
+-    do {
+-	size_t vlen = strlen(vs->str);
+-	if (vlen <= (se-s) && rstreqn(s, vs->str, vlen))
+-	    break;
+-    } while ((++vs)->val != -1);
+-    return vs->val;
+-}
+-
+ #define CRC24_INIT	0xb704ce
+ #define CRC24_POLY	0x1864cfb
+ 
+@@ -73,7 +54,6 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
+ #define	TOKEQ(_s, _tok)	(rstreqn((_s), (_tok), sizeof(_tok)-1))
+ 
+     for (t = (char *)b; t && *t; t = te) {
+-	int rc;
+ 	if ((te = strchr(t, '\n')) == NULL)
+ 	    te = t + strlen(t);
+ 	else
+@@ -85,30 +65,29 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
+ 	    if (!TOKEQ(t, "-----BEGIN PGP "))
+ 		continue;
+ 	    t += sizeof("-----BEGIN PGP ")-1;
+-
+-	    rc = pgpValTok(pgpArmorTbl, t, te);
+-	    if (rc < 0) {
+-		ec = PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE;
+-		goto exit;
+-	    }
+-	    if (rc != PGPARMOR_PUBKEY)	/* XXX ASCII Pubkeys only, please. */
+-		continue;
+-
+-	    armortype = pgpValString(PGPVAL_ARMORBLOCK, rc);
+-	    t += strlen(armortype);
++	    if (!rstreqn(t, "PUBLIC KEY BLOCK", 16))
++		continue;	/* XXX ASCII Pubkeys only, please. */
++	    t += 16;
+ 	    if (!TOKEQ(t, "-----"))
+ 		continue;
+ 	    t += sizeof("-----")-1;
+ 	    if (*t != '\n' && *t != '\r')
+ 		continue;
+ 	    *t = '\0';
++	    armortype = "PUBLIC KEY BLOCK";
+ 	    pstate++;
+ 	    break;
+ 	case 1:
+ 	    enc = NULL;
+-	    rc = pgpValTok(pgpArmorKeyTbl, t, te);
+-	    if (rc >= 0)
++	    if ((*t >= 'a' && *t <= 'z') || (*t >= 'A' && *t <= 'Z')) {
++		/* skip all armor keys */
++		t++;
++		while ((*t >= 'a' && *t <= 'z') || (*t >= 'A' && *t <= 'Z'))
++		    t++;
++		if (*t != ':')
++		    pstate = 0;		/* syntax error */
+ 		continue;
++	    }
+ 	    if (*t != '\n' && *t != '\r') {
+ 		pstate = 0;
+ 		continue;
+@@ -204,10 +183,23 @@ pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen)
+ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
+ {
+     char *buf = NULL, *val = NULL;
+-    char *enc = rpmBase64Encode(s, ns, -1);
+-    char *crc = rpmBase64CRC(s, ns);
+-    const char *valstr = pgpValString(PGPVAL_ARMORBLOCK, atype);
+-
++    char *enc, *crc;
++    const char *valstr = NULL;
++
++    switch (atype) {
++    case PGPARMOR_PUBKEY:
++	valstr = "PUBLIC KEY BLOCK";
++	break;
++    case PGPARMOR_SIGNATURE:
++	valstr = "SIGNATURE";
++	break;
++    default:
++	break;
++    }
++    if (!valstr)
++	return NULL;	/* only public key & signature supported */
++    enc = rpmBase64Encode(s, ns, -1);
++    crc = rpmBase64CRC(s, ns);
+     if (crc != NULL && enc != NULL) {
+ 	rasprintf(&buf, "%s=%s", enc, crc);
+     }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/2a9aeb027a67a9ae174d036aa81f4bcfcf4c9a20

More information about the pld-cvs-commit mailing list