Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
This is because of the `rpmio/digest_libgcrypt.c:rpmDigestLength()` function not recognizing the `PGPHASHALGO_GOST12_256` and `PGPHASHALGO_GOST12_512` enums introduced in the [RPM 5 patch for Streebog](https://abf.io/staszhukov/rpm/blob/master/1082-add-GOST-R-34.10-2012-gcrypt-imaevm.patch). When RPM 4 reads such a package, the `RPMTAG_FILEDIGESTALGO` header falls back to `PGPHASHALGO_MD5` due to `rpmDigestLength()` returning 0. Later, when dumping file information in `lib/query.c:showQueryPackage()`, the same function is called, this time returning 16 (due to `PGPHASHALGO_MD5`). As a result, the string is formatted into a 128 bit (16 byte) hex string representation in the dump. There's not much we can do without introducing proper Streebog support, I'm afraid. All we can do is suggest that you submit a PR (possibly based on the original RPM 5 patch) if you wish to have this supported. I'm closing this issue now. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-664204486___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
Closed #959. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#event-3588768486___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
74766d3 is not really related at all. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-571924871___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
@pmatilai Hey! I thought 74766d30b95f1575df8a42d185f2643caa235a8b might have fixed it, since it sounded vaguely related! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-571551273___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
> I just tried this on rpm 4.15.1 on Fedora 31, and it seems to still be broken > in this manner? Um, sure it is. Nobody has said anything about it being fixed, so what makes you think otherwise? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-571498108___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
I just tried this on rpm 4.15.1 on Fedora 31, and it seems to still be broken in this manner? ``` $ rpm --version RPM version 4.15.1 $ rpm -qp --dump ./grep-3.3-3-rosa2019.0.i586.rpm warning: ./grep-3.3-3-rosa2019.0.i586.rpm: Header V4 DSA/SHA1 Signature, key ID c1c18146: NOKEY /bin/egrep 28 1574950717 aa4ae578ca2323caf35beab739f88ea5 0100755 root root 0 0 0 X ``` This is also present in the RPM 4.15.1 being used in ROSA 2019.1-dev: ``` [ngompa@localhost ~]$ podman run --rm -it quay.io/ngompa/rosa2019.1-rpm4 /bin/bash bash-4.4# dnf -y install wget ... bash-4.4# wget --content-disposition https://file-store.rosalinux.ru/download/948bd31596c572664b870a226f252e38707ad137 ... bash-4.4# rpm -qp --dump ./grep-3.3-3-rosa2019.0.i586.rpm /bin/egrep 28 1574950717 aa4ae578ca2323caf35beab739f88ea5 0100755 root root 0 0 0 X ... bash-4.4# rpm --version RPM version 4.15.1 bash-4.4# rpm -qi rpm Name: rpm Epoch : 2 Version : 4.15.1 Release : 0.2 DistTag : rosa2019.1 ... ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-570790643___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
This seems to be related: https://github.com/rpm-software-management/rpm/commit/74766d30b95f1575df8a42d185f2643caa235a8b -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959#issuecomment-570789766___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
Yeah there's a bug someplace or two. Starting with:
```
/* Hmm, what to do with unknown digest algorithms? */
if (algo && rpmDigestLength(*algo) != 0) {
fi->digestalgo = *algo;
}
```
...and also assuming rpmDigestLength() returns non-zero values in more places
that one.
Thanks for reporting.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/959#issuecomment-559682759___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Incorrect length of unknown filedigest algos (#959)
We have implemented Stribog 256bit filedigest algorithm in RPM 5. Let's dump hashes of files inside it using RPM which has Stribog-256 implemented: ``` [root@rosa-2019 tmp]# rpm -qp --dump grep-3.3-3-rosa2019.0.x86_64.rpm /bin/egrep 28 1574950713 aa4ae578ca2323caf35beab739f88ea577ab0119063b1aa47954cbe92b686fbc 0100755 root root 0 0 0 X ``` Now let's do the same using RPM 4 (and 5 as well) which does not know about Stribog: ``` $ rpm -qp --dump ./grep-3.3-3-rosa2019.0.i586.rpm /bin/egrep 28 1574950717 aa4ae578ca2323caf35beab739f88ea5 0100755 root root 0 0 0 X $ rpm --version RPM version 4.14.2.1 ``` The length of the hash is incorrect. ``` aa4ae578ca2323caf35beab739f88ea577ab0119063b1aa47954cbe92b686fbc aa4ae578ca2323caf35beab739f88ea5 ``` I think it is a bug, RPM should have failed to print hashes, but may be it is a feature... As I did not investigate the issue, I can't say anything about its root cause, may be the size of the hash is not stored anywhere? That RPM: https://file-store.rosalinux.ru/download/948bd31596c572664b870a226f252e38707ad137 (grep-3.3-3-rosa2019.0.i586.rpm) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/959___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
