I think I fixed this problem 4-5 years ago in RPM5 (like rpm-5.4.15? I forget).
The MD5 tag length (and RPM_BIN_TYPE in general) includes padding (if present)
to the next tag.
The bug only shows up if the next tag needs to be aligned.
The real fix wasn't hard, but was rather subtle and surprising.
The proposed fix special casing the MD5 tag is deficient because it ignores
legacy compatibility: nearly all versions of rpm this century are affected.
Mark Hatle (from Poky/Yocto) likely can supply the actual patch I checked into
RPM5. I was somewhat surprised at the time that the bug had never been reported
against RPM4 with identical code.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list