Package: apt Version: 0.9.7.7 Severity: normal File: apt-pkg/indexcopy.cc, ftparchive/writer.cc User: [email protected] Usertags: gpg-clearsign
Hi! The SigVerify::RunGPGV() function is too strict and will error out on correct Armor Header Lines (as per RFC4880), those with trailing whitespace. The function SourcesWriter::DoPackage() will not correctly strip the PGP signature from the dsc if the Armor Header Line contains trailing whitespace, it does not correctly handle OpenPGP blank lines (those with only whitespaces), or surrounding non-signed "garbage". Ansgar has been filing this kind of bugs, and pointed out to #695855, although IMO the RFC is clear enough as to be able to implement this in other places. Thanks, Guillem -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

