Readability/style issues aside, yes we need to care about fixing segfaults as
long as the internal parser is there. Which might be a while. Thanks for
looking into this!
Here again though, it's really the subkey stuff that is even more brittle. As
the Sequoia option is now in, we could now proc
@pmatilai commented on this pull request.
> pgpDigAlg sa = sig->alg;
pgpDigAlg ka = key->alg;
- if (sa && sa->verify) {
+ if (sa && sa->verify &&
+ sig->pubkey_algo == key->pubkey_algo) {
Another broken indentation here. A (continued) conditional on the same
@pmatilai commented on this pull request.
> @@ -1150,9 +1153,13 @@ rpmRC pgpVerifySignature(pgpDigParams key,
> pgpDigParams sig, DIGEST_CTX hashctx)
* done all we can, return NOKEY to indicate "looks okay but dunno."
*/
if (key && key->alg) {
+ if (key->tag != PGPTAG_PUB
@pmatilai commented on this pull request.
> @@ -1124,6 +1124,9 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams
> sig, DIGEST_CTX hashctx)
if (sig == NULL || ctx == NULL)
goto exit;
+if (sig->tag != PGPTAG_SIGNATURE)
+ goto exit; /* not a signature */
This is
@pmatilai commented on this pull request.
> const uint8_t *pend = h + hlen;
int curve = 0;
+if (keyp->tag != PGPTAG_PUBLIC_KEY && keyp->tag != PGPTAG_PUBLIC_SUBKEY)
+ return rc; /* Not a public key */
+if (keyp->alg)
+ return rc; /* We can't handle more than one key
@pmatilai commented on this pull request.
> const uint8_t *pend = h + hlen;
int curve = 0;
+if (keyp->tag != PGPTAG_PUBLIC_KEY && keyp->tag != PGPTAG_PUBLIC_SUBKEY)
+ return rc; /* Not a public key */
This isn't in rpm style of commenting: it's stating the obvious, and code
Lua upstream does not provide a pkg-config file, but we rely on one being
present for building rpm. Apparently all relevant distros patch Lua to add that
.pc and using one when present is fine, but we should not *rely* on downstream
patches.
This is the case in both the new cmake build and auto
> It'd be nicer of course if rpm had a supported procedure to "park" databases
> for this kind of thing. --rebuilddb with some special flag maybe.
`--rebuilddb` is much heavier than just a single SQL command. Perhaps
`--parkdb`, along with a corresponding C API function?
--
Reply to this emai
Right, the autotools build didn't rely on pkg-config for libmagic, now we do,
out of sheer short-term convenience rather than being a carefully considered
decision. Buildability on RHEL 8 is not a requirement at this point, but
apparently upstream libmagic pkg-config file appeared in file >= 5.
rpmdb reproducibility is also an issue when building (EL9) containers, it would
be nice to have a park option indeed.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2219#issuecomment-1291407794
You are receiving this because you are su
Hi all, I'm trying to build this on centos 8stream.
Firstly, the deps:
```
# dnf -y install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf config-manager --set-enabled powertools
# yum install -y \
autoconf \
automake \
cmake \
bzip2 \
file-devel \
file-l
Not really, because the unwanted binaries are only half the story. Unwanted
junk ends up in the source directories too, despite best attempts to do not
litter :smile: I want to know precisely what ends up in the tarball, and "cp -a
here there" doesn't cut it.
I'm not looking for help here, usin
Merged #2243 into master.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2243#event-7663064004
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint maili
... Anyway, in the current codebase, these are indeed identical blocks so let's
proceed.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2243#issuecomment-1290463803
You are receiving this because you are subscribed to this thread.
Messa
... Looking closer at the 1998 commit, there *was* one difference:
```
[...]
appendStringBuf(spec->prep, getStringBuf(before));
[...]
```
This line was executed in between the two identical blocks. It's not there on
master nowadays, but it could've been the reason for those blocks being
separate,
This duplication dates back to a commit from 1998 where it was added as a
whole: 757e50ffc827297e36f793cf79ddc471878f6d0b
It does indeed look like an oversight in the above commit :smile:. The proposed
patch only changes the code path for `createDir` being 1 but the outcome stays
the same.
--
Closed #1895 as completed via #2215.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1895#event-7662789396
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rp
Merged #2215 into master.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2215#event-7662789171
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint maili
Works for me :+1: And now lets merge before anybody thinks about this any
further :laughing:
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2215#issuecomment-1290423879
You are receiving this because you are subscribed to this thread.
These are all horrendously outdated, the newest proper updates to these files
being from 2002-2007. Nothing has happened since, yep... Translations of these
are better handled elsewhere and by other means.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-s
@dmnks commented on this pull request.
> @@ -138,8 +138,14 @@ in the RPM sources.
## Payload
-The Payload is currently a gzipped cpio archive. The cpio
-archive type used is SVR4 with a CRC checksum.
+The Payload is currently a cpio archive, gzipped by default. The cpio archive
+type used
/retest
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2244#issuecomment-1290244847
You are receiving this because you are subscribed to this thread.
Message ID: ___
Rpm-maint mailing list
Rpm-
@ffesti commented on this pull request.
> @@ -138,8 +138,14 @@ in the RPM sources.
## Payload
-The Payload is currently a gzipped cpio archive. The cpio
-archive type used is SVR4 with a CRC checksum.
+The Payload is currently a cpio archive, gzipped by default. The cpio archive
+type use
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/2244
-- Commit Summary --
* Fix using 'rpm2archive foo.rpm' can
@dmnks pushed 2 commits.
d3ef2bbf6c5e1fd36d1826db2cfa2cfc0cb9afbc Add mode string documentation to
Fopen()/Fdopen()
127005ce1038f5d911e7fb0c8fd870a616262632 Add payload compression macro
documentation
--
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2215/files/f4ac64
Closed #2235.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2235#event-7661425873
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint mailing list
Rpm-
@pmatilai please take a look
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2240#issuecomment-1290124894
You are receiving this because you are subscribed to this thread.
Message ID: ___
Rpm-ma
27 matches
Mail list logo
