Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe.

At this point I have to note that I am removing the patch altogether with the upcoming upgrade of rpm to 4.17, as I'm also switching the compression format to zstd, and the patch is generally difficult to maintain and rebase. If you care about xz compression, please do work with upstream to get it merged there.

Alex

On Wed, 15 Sept 2021 at 16:59, Steve Sakoman <steve@sakoman.com> wrote:

On Wed, Sep 8, 2021 at 4:02 AM Ranjitsinh Rathod
<ranjitsinhrathod1991@gmail.com> wrote:
>
> From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
>
> Change in 2 patch as below to avoid critical issues
> 1) 0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> Handled return values of getrlimit() and lzma_cputhreads() functions
> to avoid unexpected behaviours like devide by zero and potential read
> of uninitialized variable 'virtual_memory'
> Upstream-Status: Pending [merge of multithreading patches to upstream]

This does look like a good fix. Are these changes to the patch from upstream?

Once upstream has accepted the change we should change the status from
"pending", but for now this is ok.

> 2) CVE-2021-3421.patch
> Removed RPMSIGTAG_FILESIGNATURES and RPMSIGTAG_FILESIGNATURELENGTH as
> it is not needed during backporting of original patch.
> Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21]

Removing these unused definitions doesn't really seem like a critical
issue. I'd prefer to leave the CVE patch in its original form.

Could you submit a V2 with this change?

Thanks!

Steve

> Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
> ---
> ...rict-virtual-memory-usage-if-limit-s.patch | 25 ++++++++-------
> .../rpm/files/CVE-2021-3421.patch | 32 +++----------------
> 2 files changed, 19 insertions(+), 38 deletions(-)
>
> diff --git a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> index 6454785254..dc3f74fecd 100644
> --- a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> +++ b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
> @@ -11,36 +11,39 @@ CPU thread.
> Upstream-Status: Pending [merge of multithreading patches to upstream]
>
> Signed-off-by: Peter Bergin <peter@berginkonsult.se>
> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
> ---
> - rpmio/rpmio.c | 34 ++++++++++++++++++++++++++++++++++
> - 1 file changed, 34 insertions(+)
> + rpmio/rpmio.c | 36 ++++++++++++++++++++++++++++++++++++
> + 1 file changed, 36 insertions(+)
>
> diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
> index e051c98..b3c56b6 100644
> --- a/rpmio/rpmio.c
> +++ b/rpmio/rpmio.c
> -@@ -845,6 +845,40 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
> +@@ -845,6 +845,42 @@ static LZFILE *lzopen_internal(const char *mode, int fd, int xz)
> }
> #endif
>
> -+ struct rlimit virtual_memory;
> -+ getrlimit(RLIMIT_AS, &virtual_memory);
> -+ if (virtual_memory.rlim_cur != RLIM_INFINITY) {
> ++ struct rlimit virtual_memory = {RLIM_INFINITY , RLIM_INFINITY};
> ++ int status = getrlimit(RLIMIT_AS, &virtual_memory);
> ++ if ((status != -1) && (virtual_memory.rlim_cur != RLIM_INFINITY)) {
> + const uint64_t virtual_memlimit = virtual_memory.rlim_cur;
> ++ uint32_t threads_max = lzma_cputhreads();
> + const uint64_t virtual_memlimit_per_cpu_thread =
> -+ virtual_memlimit / lzma_cputhreads();
> -+ uint64_t memory_usage_virt;
> ++ virtual_memlimit / ((threads_max == 0) ? 1 : threads_max);
> + rpmlog(RPMLOG_NOTICE, "XZ: virtual memory restricted to %lu and "
> + "per CPU thread %lu\n", virtual_memlimit, virtual_memlimit_per_cpu_thread);
> ++ uint64_t memory_usage_virt;
> + /* keep reducing the number of compression threads until memory
> + usage falls below the limit per CPU thread*/
> + while ((memory_usage_virt = lzma_stream_encoder_mt_memusage(&mt_options)) >
> + virtual_memlimit_per_cpu_thread) {
> -+ /* If number of threads goes down to zero lzma_stream_encoder will
> -+ * will return UINT64_MAX. We must check here to avoid an infinite loop.
> ++ /* If number of threads goes down to zero or in case of any other error
> ++ * lzma_stream_encoder_mt_memusage will return UINT64_MAX. We must check
> ++ * for both the cases here to avoid an infinite loop.
> + * If we get into situation that one thread requires more virtual memory
> + * than available we set one thread, print error message and try anyway. */
> -+ if (--mt_options.threads == 0) {
> ++ if ((--mt_options.threads == 0) || (memory_usage_virt == UINT64_MAX)) {
> + mt_options.threads = 1;
> + rpmlog(RPMLOG_WARNING,
> + "XZ: Could not adjust number of threads to get below "
> diff --git a/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch b/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
> index b1a05b6863..d2ad5eabac 100644
> --- a/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
> +++ b/meta/recipes-devtools/rpm/files/CVE-2021-3421.patch
> @@ -22,16 +22,16 @@ Fixes: CVE-2021-3421, CVE-2021-20271
> Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21]
> CVE: CVE-2021-3421
> Signed-off-by: Minjae Kim <flowergom@gmail.com>
> +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
> ---
> - lib/package.c | 115 ++++++++++++++++++++++++--------------------------
> - lib/rpmtag.h | 4 ++
> - 2 files changed, 58 insertions(+), 61 deletions(-)
> + lib/package.c | 113 ++++++++++++++++++++++++--------------------------
> + 1 file changed, 52 insertions(+), 61 deletions(-)
>
> diff --git a/lib/package.c b/lib/package.c
> index 081123d84e..7c26ea323f 100644
> --- a/lib/package.c
> +++ b/lib/package.c
> -@@ -20,76 +20,68 @@
> +@@ -20,76 +20,67 @@
>
> #include "debug.h"
>
> @@ -46,8 +46,6 @@ index 081123d84e..7c26ea323f 100644
> + { RPMSIGTAG_GPG, RPMTAG_SIGGPG, 0 },
> + /* { RPMSIGTAG_PGP5, RPMTAG_SIGPGP5, 0 }, */ /* long obsolete, dont use */
> + { RPMSIGTAG_PAYLOADSIZE, RPMTAG_ARCHIVESIZE, 1 },
> -+ { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0 },
> -+ { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1 },
> + { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1 },
> + { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1 },
> + { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0 },
> @@ -61,6 +59,7 @@ index 081123d84e..7c26ea323f 100644
> * Translate and merge legacy signature tags into header.
> * @param h header (dest)
> * @param sigh signature header (src)
> ++ * @return failing tag number, 0 on success
> */
> static
> -void headerMergeLegacySigs(Header h, Header sigh)
> @@ -170,27 +169,6 @@ index 081123d84e..7c26ea323f 100644
> applyRetrofits(h);
>
> /* Bump reference count for return. */
> -diff --git a/lib/rpmtag.h b/lib/rpmtag.h
> -index 8c718b31b5..d562572c6f 100644
> ---- a/lib/rpmtag.h
> -+++ b/lib/rpmtag.h
> -@@ -65,6 +65,8 @@ typedef enum rpmTag_e {
> - RPMTAG_LONGARCHIVESIZE = RPMTAG_SIG_BASE+15, /* l */
> - /* RPMTAG_SIG_BASE+16 reserved */
> - RPMTAG_SHA256HEADER = RPMTAG_SIG_BASE+17, /* s */
> -+ /* RPMTAG_SIG_BASE+18 reserved for RPMSIGTAG_FILESIGNATURES */
> -+ /* RPMTAG_SIG_BASE+19 reserved for RPMSIGTAG_FILESIGNATURELENGTH */
> -
> - RPMTAG_NAME = 1000, /* s */
> - #define RPMTAG_N RPMTAG_NAME /* s */
> -@@ -422,6 +424,8 @@ typedef enum rpmSigTag_e {
> - RPMSIGTAG_LONGSIZE = RPMTAG_LONGSIGSIZE, /*!< internal Header+Payload size (64bit) in bytes. */
> - RPMSIGTAG_LONGARCHIVESIZE = RPMTAG_LONGARCHIVESIZE, /*!< internal uncompressed payload size (64bit) in bytes. */
> - RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
> -+ RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
> -+ RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
> - } rpmSigTag;
> -
>
> --
> 2.17.1
> --
> 2.17.1
>
>
>
>