[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rpm-devel
Subject:    Re: [CVS] RPM: rpm/ CHANGES rpm/lib/ transaction.c
From:       Jeff Johnson <n3npq () mac ! com>
Date:       2008-12-06 18:29:18
Message-ID: 37C9294B-A346-4907-8AB9-862411D5ACA7 () mac ! com
[Download RAW message or body]

And, a savvy guess at the forensics that might explain why

1) this flaw/patch is Mandriva peculier
2) Mandriva uses hdlist

is that the hdlist construction was b00gered up at some
point in the past. Certainly there is no pathway through
rpmbuild -> rpmfiNew() -> rpmtsRun() that results in
fi->posttransprog == NULL, which is all the patch checks for.

But the header returned from the callback == random application bubble
gum scraped from the bottom of the application's chair from a rpmlib
rpmntsRun() POV.

That is the "core problem" with modified (by genhdlist or other unknown
processes that create header-like objects) that are passed into rpmlib
without sufficient distro/repo QA on the binary format markup contained
in hdlist.

And the bleeping (*callback) is a fundamental design flaw in rpm code,
one cannot pass complicated blobs around with no sanity checks unless
one has an adequate understanding of what QA means.

hth

73 de Jeff crossing the buggy RPM vendor streams, lookout!


On Dec 6, 2008, at 1:13 PM, Jeff Johnson wrote:

> I should be careful when throwing acid around ...
>
> Like many rpm flaws, the fix is usually in a very different
> place then where the symptom is seen.
>
> In this case, the underlying flaw is an unpopulated  
> RPMTAG_POSTTRANSPROG.
> That needs to be prevented in rpmbuild, not "best effort" skipped in
> rpmtsRun().
>
> That is my definition for "right" because there are most certainly  
> other
> missing data failure symptoms if RPMTAG_POSTTRANSPROG has gone AWOL,
> not only in rpmtsRun().
>
> hth
>
> 73 de Jeff
>

["smime.p7s" (smime.p7s)]

0�	*�H��

 �0�

10	+0�	*�H��


 ��0��0� 
�r
�k� ��0
	*�H��


0|10	UDE10U
TC TrustCenter GmbH1%0#UTC TrustCenter Class 1 L1 CA1(0&UTC TrustCenter \
Class 1 L1 CA VI0 081202135405Z
091203135405Z0B10	UUS10UJeff Johnson10	*�H��

	

n3npq@mac.com0�
"0
	*�H��



�
0�

�

Ҭ��1�4�B��~�:*;�˄�r���x���%I��"���^~����2�2��Wń�9�i,���#O))~SC��	`� \
˨������ŕ1i��!�~I5S��)���R���&�Ϥ(�t���uIA��Ј�TO�b�߁���>����f���N���
*5Q�<���1��Rn&��,f�`iR
!�����S~���W���Uz��sB� \
��SN
g�>O�x��>�ɐ���{���F�Mк�

��
�0�
�0��+


��0��0Q+
0�Eh \
ttp://www.trustcenter.de/certservices/cacerts/tc_class1_L1_CA_VI.crt02+
0
�&http \
://ocsp.VI.tcclass1.trustcenter.de0U#0�N�����jk�J�ɻd�K&�0U

�00JU \
C0A0?	*�,



0200+

$http://www.trustcenter.de/guidelines0U

��0U�DL�荺e�9�=�7N�&d?�0TUM0K0I \
G E�Chttp://crl.VI.tcclass1.trustcenter.de/crl/v2/tc_class1_L1_CA_VI.crl03U%,0*+
+
+

 +

�70U0�
n3npq@mac.com0
	*�H��


��c�3�#5@+Nwc��<~3mJ \
2��݉}�ds����OM3��/���cC���åt(:�ӌ��m�x�H�#F?&N^�?��6c"��*-7lu`+x��|��W \
��ʕ��nbg���ҮV���4�H�0��0�8 
��
b��n�rd0 	*�H��


0��10	UDE10UHamburg10UHamburg1:08U
1TC TrustCenter for Security in Data Networks GmbH1"0 UTC TrustCenter Class 1 \
CA1)0'	*�H�� 
	
certificate@trustcenter.de0
080718113854Z
101231225959Z0|10	UDE10U
TC TrustCenter GmbH1%0#UTC TrustCenter Class 1 L1 CA1(0&UTC TrustCenter \
Class 1 L1 CA VI0��0 	*�H��



��0�����?N��~�������ݤ㰾(��ݙ�uLα����lK�
%8H���
�������~uH@MNC�m]��9�����X�q
K1~��_���݄����V�f�k(�Ѣ�z��aW�0�0'
@�

��0�0��+


��00L+
0�@http://www.trustcenter.de/certservices/ \
cacerts/tc_class_1_ca.crt0/+
0
�#http://ocsp.tcclass1.trustcenter.de0U

�0

�0JU \
C0A0?	*�,



0200+

$http://www.trustcenter.de/guidelines0U

�
�0UN�����jk�J�ɻd�K&�0��U��0��0�� \
�� �؆;http://crl.tcclass1.trustcenter.de/crl/v2/tc_class_1_ca.crl���ldap://www.trustc \
enter.de/CN=TC%20TrustCenter%20Class%201%20CA,O=TC%20TrustCenter%20AG,ou=rootcerts,dc=trustcenter,dc=de?certificateRevocationList?base?0
 	*�H��


��n��g��,���<H[<K��B���������*8���ُ˰y���}��e�-p���T-�
���)���:m�nz��q�/��eJ̄t�Z�մ�w"D˴W\&8�
k���T.W��Ǝ|W[�3��0�(0� \

�0 	*�H��


0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing \
Authority1!0	*�H�� 
	
support@cacert.org0
070806160927Z
090805160927Z0810UCAcert WoT User10	*�H��

	

n3npq@mac.com0�
"0
	*�H��



�
0�

�

��M��Ǽ�~ar�qC�?j(������Ѝ���.=��
�ܐ[m4��7囵{������H�ǰm�g���k�׼=Fl��F�َ^ \
c9h��ٕ/,��fOcY;i�k��"X���FS	�)�����֟W�:Z���#A�q��W:�_�rIqc�&��Z���Z���A����K���BH
 �o��Y_x��(V���������!zd	AH��DJ���Ad��G�*Q��X�V�r��:�tpM

���0��0U

�00V	`�H
��B

 IGTo get your own certificate for FREE head over to \
http://www.CAcert.org0@U%907+
+
 +

�7

+

�7
	`�H
��B
02+


&0$0"+
0
�http://ocsp.cacert.org0U0�
n3npq@mac.com0
	*�H��


�
�BmC�2�G�$��+��`��?�kdC�
�o��߫'i�Ƭ��'��9\q45�9x��O��S@B=�� \
4�9�ێ�0أ�Z�-��n!�Hrλ�y)gP�mcFk����r�z��G�r1�d3�)��g�"��L�Z��\�b���k�R&h�@[������%����|�����%�@�h�t'�?�Нc�]y4�
J���


�m�
!�ϵ[�4��QB������}bK_���gD�,	��?
w�G���:U�\��X�C\!���}�i�)���7��%7����u�f�mW��]�-���x�|��̭��Q�ć�H�x�N�F%3�z3r����R��>~�c͛y��2��������GL<�n�#����K/�
  �(��_Q���7��n�fr�Ce���j��T \
q$,7��6�I��C�m�@�C�@)H���4{�\Z���X̢T@n�iQ�����jc�N��'�.i���.� +(a
=F(>��O1�B0�>

0��0|10	UDE10U
TC TrustCenter GmbH1%0#UTC TrustCenter Class 1 L1 CA1(0&UTC TrustCenter \
Class 1 L1 CA VI�r
�k� ��0	+ �
�0	*�H�� 
	1	*�H��


0	*�H��

	1
081206182919Z0#	*�H��

	1�� �J+�}1��O�nFyҫ,0��	+

�71��0��0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing \
Authority1!0	*�H�� 
	
support@cacert.org�0��*�H��

	1�� ��0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing \
Authority1!0	*�H�� 
	
support@cacert.org�0
	*�H��



�
� �y'ʘb�{�[D)r�ZN���"�Ԉ���`����5׶��K��%�쐊��������Ǽ=�B[����e*M|�X���B�2 \
u�]���h&�EwN����wPİ�a��6��� w��p1�l�ǥ}�
U�U�DeRR���U�JI=k���ϖ�kC��
�t&Ǧv�6����Z�YrR
|*�9��M��m.χ�	������r�<�w����� {'��0�	OO3���;��r


______________________________________________________________________
RPM Package Manager                                    http://rpm5.org
Developer Communication List                        rpm-devel@rpm5.org

[prev in list] [next in list] [prev in thread] [next in thread]