Re: [Rpm-maint] [rpm-software-management/rpm] Avoid undefined shifts (#1547)

@ffesti ping -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1547#issuecomment-874223347___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Header signatures alone are not sufficient (#1672)

@ffesti ping -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1672#issuecomment-874223443___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Check that padding is zeroed and regions are consistent (#1613)

@ffesti would you mind looking at this? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1613#issuecomment-874124913___ Rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

> But the risk is not completely eliminated, since the usage of the HSM itself > may have become compromised. An attacker may have gained access to a system > with HSM access and issued malicious signatures. If this should happen, a key > replacement is most probably warranted. Absolutely!

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

> I agree with @ffesti about key revokation being more complex than what it > seems like. When you revoke, you don't want to invalidate the signatures > created _before_ the revokation. That would require every existing package to > be re-signed with the new key, which would be very disruptive.

Re: [Rpm-maint] [rpm-software-management/rpm] Set an extremely high sqlite3 timeout (#1743)

> We must avoid the "database is locked" errors at every cost because > otherwise the rpmdb gets corrupted and system ends up in inconsistent > state. This looks to me like RPM is misusing of the SQLite API. I would expect RPM to keep an SQLite transaction open while the RPM transaction is in

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

> I don't think it makes sense to have a revoked key in the database at all, > you might as well just delete the key from the database. So we could state > that it's up to the layer above rpm that manages the keys to handle this > (libzypp does handle key updates, I don't know about dnf).

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

Revocation checking requires a proper keystore, which RPM does not have. Expiration checking “merely” requires checking the expiration date of the self-signature. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Reject bogus unhashed subpackets (#1741)

According to [RFC 4880 §5.2.3]: > There are two fields consisting of Signature subpackets. The first > field is hashed with the rest of the signature data, while the second > is unhashed. The second set of subpackets is not cryptographically > protected by the signature and should include only

Re: [Rpm-maint] [rpm-software-management/rpm] Fix out-of-tree builds (#1732)

> Can you please provide the command you used to build and may be even the > error message you got? I used a complex custom shell script; I will try to reproduce without it. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Fix out-of-tree builds (#1732)

> I don't quite get this change. Why is srcdir removed from the dependency line > but not the pandoc command? I don’t quite understand this change either. What I do know is that out of tree builds fail without it, but work with it. I suspect it has to do with how GNU make does VPATH lookups.

Re: [Rpm-maint] [rpm-software-management/rpm] fix rpmbuild failure because of wrong symlink length on some filesystems (#1740)

> But I am hesitant to merge this just to work around what looks to me like a > very obvious bug in an file system. Let's keep this open until we see where > [google/fscrypt#305](https://github.com/google/fscrypt/issues/305) is going. > But I suspect this issue is going to get fixed (hopefully)

Re: [Rpm-maint] [rpm-software-management/rpm] fix rpmbuild failure because of wrong symlink length on some filesystems (#1740)

Also note that `PATH_MAX` is not a good value for sizing stack buffers: on some systems (ex: GNU/Hurd) it is an absurdly large value. Paths should be allocated on the heap instead. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on

Re: [Rpm-maint] [rpm-software-management/rpm] Fingerprint subpacket parsing support (#1728)

@pmatilai please let me know if this needs to be split up into several PRs or is okay as is. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Exclude the xlateTags symbol from librpm's public API. (#1737)

@DemiMarie approved this pull request. Looks good! Perhaps librpm should build with `-fvisibility=hidden` in the future. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] verifySignature(): package signatures must be PGPSIGTYPE_BINARY (#1705)

> The difference between binary and text signature is how their hash is > calculated, and a correctly calculated text document signature simply does > not verify when calculated as a binary signature, which is how we treat all > signatures. So this is besides the point and doesn't accomplish

Re: [Rpm-maint] [rpm-software-management/rpm] Clean up a bounds check in the PGP code (#1726)

@DemiMarie pushed 1 commit. 9328c395fe1ba938dc62f5738acc4b62a9c3e8cf Clean up a bounds check in the PGP code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Clean up a bounds check in the PGP code (#1726)

@DemiMarie pushed 1 commit. eaa9dd496c9ae77c0e2a1773ce3d0c99d3e2a938 Clean up a bounds check in the PGP code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Reject keys that are 64KiB or longer (#1731)

@DemiMarie pushed 1 commit. d20389a59f1f7ffefe12eb29c9348ea52a9b8d2c Reject keys that are 64KiB or longer -- You are receiving this because you are subscribed to this thread. View it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Fix out-of-tree builds (#1732)

You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1732 -- Commit Summary -- * Fix out-of-tree builds -- File Changes -- M docs/man/Makefile.am (2) -- Patch Links --

Re: [Rpm-maint] [rpm-software-management/rpm] Clean up a bounds check in the PGP code (#1726)

@DemiMarie pushed 1 commit. 653fdfff3baf5d2fd2fda7385c99a0383d301ad4 Clean up a bounds check in the PGP code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Clean up curve ID handling (#1725)

@DemiMarie pushed 1 commit. 8bcd9fea351eac8e0fe7ec1c7bd547fa1032f512 Clean up curve ID handling -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Move MPI processing into common code (#1717)

@DemiMarie pushed 1 commit. 5c8e6d0dcbe831c5423c1d75fbb33f76d09a5be9 Move MPI processing into common code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Reject keys that are 64KiB or longer (#1731)

The definition of the fingerprint of a v4 key implicitly assumes that keys are less than 64KiB. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1731 -- Commit Summary -- * Reject keys that are 64KiB or longer -- File

Re: [Rpm-maint] [rpm-software-management/rpm] Move MPI processing into common code (#1717)

@DemiMarie pushed 1 commit. 44a9d1139faf240b62f10bedaeca4ae28356d5cc Move MPI processing into common code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP implementation improvements (#1612)

Closed #1612. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1612#event-4922905691___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP implementation improvements (#1612)

@DemiMarie pushed 5 commits. 4e13cf10f82402f68dba389d296afda55892e029 Reset the saved flags after each signature e9356104eacb8510502a71621b9a50ce6f1b17c1 Treat all signature packets the same 9d7251b8c231f2a6799c72383a2a58590a264316 Fingerprint packet parsing support

[Rpm-maint] [rpm-software-management/rpm] More const correctness (#1727)

No change in behavior You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1727 -- Commit Summary -- * More const correctness -- File Changes -- M rpmio/rpmpgp.c (5) -- Patch Links --

[Rpm-maint] [rpm-software-management/rpm] Clean up a bounds check in the PGP code (#1726)

The new code is easier to read. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1726 -- Commit Summary -- * Clean up a bounds check in the PGP code -- File Changes -- M rpmio/rpmpgp.c (2) -- Patch Links --

[Rpm-maint] [rpm-software-management/rpm] Clean up curve ID handling (#1725)

The new code is both shorter and easier to read and audit. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1725 -- Commit Summary -- * Clean up curve ID handling -- File Changes -- M rpmio/rpmpgp.c (38) -- Patch

Re: [Rpm-maint] [rpm-software-management/rpm] Move MPI processing into common code (#1717)

@DemiMarie pushed 1 commit. 7aa270f328a690430a974873f8c3aed9fc5c1c27 Move MPI processing into common code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Move MPI processing into common code (#1717)

@DemiMarie pushed 1 commit. 7caa282b6e7c63ec99d0d0d844c8b58ae4bee6fb Move MPI processing into common code -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

@DemiMarie pushed 1 commit. 40afc89e140fb87540a6ede2772137c2da1fb68b Use pgpGet() instead of manual bounds checks -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Make a bounds check easier to read (#1718)

@DemiMarie pushed 1 commit. 2786b99aa15d8de32337410bcf37c44652f89a5d Make a bounds check easier to read -- You are receiving this because you are subscribed to this thread. View it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Make a bounds check easier to read (#1718)

The undefined behavior is not an issue on modern GCC, but the new code is easier to read. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1718 -- Commit Summary -- * Make a bounds check easier to read -- File Changes --

Re: [Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

@pmatilai please let me know if you would prefer `pgpGet()` to take a different pointer type for its argument. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Move MPI processing into common code (#1717)

This is much cleaner than repeating the code three different places. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1717 -- Commit Summary -- * Move MPI processing into common code -- File Changes -- M rpmio/rpmpgp.c

[Rpm-maint] [rpm-software-management/rpm] Use a variable for h + hlen (#1715)

instead of recomputing it four places. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1715 -- Commit Summary -- * Use a variable for h + hlen -- File Changes -- M rpmio/rpmpgp.c (11) -- Patch Links --

Re: [Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

I chose to make `pgpGet()` take a `size_t *` argument, mostly for consistency with `pgpLen()`. I would be fine with a different choice, though. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

@DemiMarie pushed 1 commit. 5479157acefb0dac9c454a8986b3d85df992cdf3 Use pgpGet() instead of manual bounds checks -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

> FWIW, this is an example of a case where it's probably would've been better > to just use a single PR for these two closely related changes, because now we > just have a conflict instead. Good to know, thanks! -- You are receiving this because you are subscribed to this thread. Reply to

Re: [Rpm-maint] [rpm-software-management/rpm] Do not allow extra packets to follow a signature (#1704)

> Thanks! You’re welcome! Sorry for the poor communication earlier! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie pushed 1 commit. bee64432453138a07d4890fe495b4908d41764bf pgpGet(): check that the returned length is in bounds -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie commented on this pull request. > + * hold `nbytes + *valp` bytes. + * @param spointer to read from + * @param nbytes length of length field + * @param send pointer past end of buffer + * @param[out] *valp decoded length + * @return 0 if buffer

Re: [Rpm-maint] [rpm-software-management/rpm] Reduce undefined pointer arithmetic (#1710)

@DemiMarie pushed 1 commit. 05ac08633aeed43febacfed37839cb6127d2d1bd Reduce undefined pointer arithmetic -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Reduce undefined pointer arithmetic (#1710)

@DemiMarie commented on this pull request. > @@ -525,9 +525,9 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t > pubkey_algo, uint8_t sigtype, int i; pgpDigAlg sigalg = pgpSignatureNew(pubkey_algo); -for (i = 0; i < sigalg->mpis && p + 2 <= pend; i++) { +for (i = 0; i <

[Rpm-maint] [rpm-software-management/rpm] Use pgpGet() instead of manual bounds checks (#1711)

This avoids undefined pointer arithmetic on errors. The new code is also simpler and properly rejects indefinite-length packets. This depends on #1706, and should not be merged until #1706 is. You can view, comment on, or merge this pull request online at:

[Rpm-maint] [rpm-software-management/rpm] Reduce undefined pointer arithmetic (#1710)

This is mostly for the benefit of fuzzers and other automated tools, and for compilers other than GCC. On modern versions of GCC with -fno-strict-overflow, this is harmless. If such patches are not desired, feel free to close this PR. You can view, comment on, or merge this pull request online

[Rpm-maint] [rpm-software-management/rpm] Add CONTRIBUTING.md (#1709)

This is very much a draft and I am hoping for feedback from @pmatilai before merging. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1709 -- Commit Summary -- * Add CONTRIBUTING.md -- File Changes -- A

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie pushed 1 commit. 9cfea722bb2c232d97e99e96e37b9a1bd49cbb45 pgpGet(): check that the returned length is in bounds -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie commented on this pull request. > + * hold `nbytes + *valp` bytes. + * @param spointer to read from + * @param nbytes length of length field + * @param send pointer past end of buffer + * @param[out] *valp decoded length + * @return 0 if buffer

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie pushed 0 commits. -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/1706/files/9b3ddcddc18a8af7d6af9f27435646251b7f887e..cd21ceabd2e51dde96a4ab19687e166eb375a5a8

Re: [Rpm-maint] [rpm-software-management/rpm] Create CONTRIBUTING.md with contribution instructions (#1707)

CONTRIBUTING.md should also include whether dependent commits (where the second commit requires the first, but the first can be included without the second) should be the same or separate PRs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or

[Rpm-maint] [rpm-software-management/rpm] Create CONTRIBUTING.md with contribution instructions (#1707)

As per @pmatilai in : > It's a bit late by now, but of course it would've helped. I've said many many > times that these kind of mega PR's have close to zero chance of being > accepted because they're not

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

Closed #1677. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1677#event-4898241648___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

Closing as this PR is not reviewable. I will file separate PRs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

@DemiMarie pushed 2 commits. cd21ceabd2e51dde96a4ab19687e166eb375a5a8 pgpGet(): check that the returned length is in bounds 9b3ddcddc18a8af7d6af9f27435646251b7f887e decodePkt(): use pgpGet() instead of manual bounds checks -- You are receiving this because you are subscribed to this

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

Is it okay if an earlier commit can go in without a later commit in the same PR, or should those be separate PRs? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

This will be used to replace incorrect checks in the calling code. The new pgpGet() avoids undefined pointer arithmetic, too. One call-site of pgpGet() is broken by this change, so replace it with a direct bounds-check. You can view, comment on, or merge this pull request online at:

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

> It's a bit late by now, but of course it would've helped. I've said many many > times that these kind of mega PR's have close to zero chance of being > accepted because they're not meaningfully reviewable on GH. > > PR's can be more than one commit but the commits need to be _closely_ related

[Rpm-maint] [rpm-software-management/rpm] verifySignature(): package signatures must be PGPSIGTYPE_BINARY (#1705)

RPM packages are binary documents and must be signed as such. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1705 -- Commit Summary -- * verifySignature(): package signatures must be PGPSIGTYPE_BINARY -- File Changes --

[Rpm-maint] [rpm-software-management/rpm] Do not allow extra packets to follow a signature (#1704)

According to RFC 4880 § 11.4, a detached signature is “simply a Signature packet”. Therefore, extra packets following a detached signature are not allowed. Allowing them substantially increases RPM’s attack surface, so just reject them. You can view, comment on, or merge this pull request online

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

@pmatilai would splitting out the commits into separate PRs help? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

> > Do not allow extra packets to follow a signature > > > > It substantially increases RPM’s attack surface, and there are no > > legitimate reasons for such packets to be present. None of the packages in > > either the Fedora 25 or Fedora 32 repositories have them. > > Please point me to the

Re: [Rpm-maint] [rpm-software-management/rpm] Fixes to PGP packet length decoding detection and calculation (#1701)

> Um, signature encoding is really none of our business. And I'm not convinced > there is such a thing as "canonical form" of rpm in the first place, I'm > rather wary of the idea. The purpose of a canonical form of a package is to ensure that if a package is signed by a trusted key, any

Re: [Rpm-maint] [rpm-software-management/rpm] Fixes to PGP packet length decoding detection and calculation (#1701)

> 5-octet lower limit check dropped. > > As the old saying goes, be conservative in what you send, be liberal in what > you accept. We can't go adding artificial limits to existing standards. Agreed, unless there is a very good reason to do so. For instance, a new feature I plan on adding to

Re: [Rpm-maint] [rpm-software-management/rpm] Fixes to PGP packet length decoding detection and calculation (#1701)

Looks good, thanks! I am not sure if using a 5-octet new format packet when it is not strictly necessary is actually invalid, but I have certainly never seen such a packet in the wild. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it

Re: [Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

> > I'm concerned that re-implementing parts of rpm has the potential to double > > the surface area for bugs. I get that writing code in C is more difficult > > and error prone than other languages. > > This has generally been borne out to be true, so I generally will advocate > for people to

Re: [Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

> > I'm concerned that re-implementing parts of rpm has the potential to double > > the surface area for bugs. I get that writing code in C is more difficult > > and error prone than other languages. > > This has generally been borne out to be true, so I generally will advocate > for people to

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Offer MDBX as an alternative engine to LMDB for rpmdb (#958)

I know we disagree a lot @pmatilai, but in this case I believe your decision was absolutely correct. SQLite is *far* better tested, has more features, and will be supported through at least 2050. -- You are receiving this because you are subscribed to this thread. Reply to this email directly

Re: [Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

> As I've said before in rpm-ostree we already carry a re-implementation of > various chunks of librpm as part of the transactional/anti-hysteresis model. > The concept of carrying "pristine" RPMs has been implemented from the start > by importing RPMs into ostree commits, then using plain old

Re: [Rpm-maint] [rpm-software-management/rpm] RPM with Copy on Write (#1470)

@malmond77 can you please address the security concerns? Right now, those are a hard blocker. RPM already has unpatched 0day vulnerabilities (mostly out-of-bounds reads and integer overflows) and I am not okay with anything that adds more. -- You are receiving this because you are

[Rpm-maint] [rpm-software-management/rpm] Include a hashed notation subpacket that contains the hash of all fields not otherwise signed (#1696)

Currently, the contents of the signature header and package lead are not themselves signed. This causes a large number of problems: - It is possible to tamper with a package without invalidating the signature. - Tools such as Qubes OS’s rpmcanon, which canonicalize packages, must strip and/or

Re: [Rpm-maint] [rpm-software-management/rpm] More work on the Reference Manual (#1691)

@DemiMarie commented on this pull request. > + +Filecontexts | 1147 | string array +Fscontexts | 1148 | string array +Gif| 1012 | bin +Icon | 1043 | bin +Oldenhancesname| 1159 | string array +Oldenhancesversion | 1160 | string array

Re: [Rpm-maint] [rpm-software-management/rpm] Check that padding is zeroed and regions are consistent (#1613)

@DemiMarie pushed 2 commits. 6f8cd599a48e46be84898b30fe7a8701ac42e9d8 Check that padding is zeroed and regions are consistent e4a50359d067f7b773d2126851d1fc6c87a61670 hdrblobVerifyInfo(): reject trailing junk -- You are receiving this because you are subscribed to this thread. View it on

Re: [Rpm-maint] [rpm-software-management/rpm] More work on the Reference Manual (#1691)

@DemiMarie commented on this pull request. > - Header+payload size. +[Signatures](signatures.md) allow to verify the origin of a package. + +Dsaheader | 267 | bin | OpenPGP DSA signature of the header (if thus signed) +Longsigsize | 270 | int64|

[Rpm-maint] [rpm-software-management/rpm] Fix CVE-2021-20248 (#1692)

It is possible to cause undefined behavior (signed integer overflow) using a malformed package that has einfo.offset set to INT32_MIN in the trailer. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1692 -- Commit Summary --

Re: [Rpm-maint] [rpm-software-management/rpm] Rip out the atexit handler (#1667)

> I'm not sure we can do that, because the point of this handler is to ensure > the rpmdb is sane in those scenarios. There are two problems with this approach: 1. We need to make sure the rpmdb is reasonable even if RPM dies with SIGKILL. So the atexit handler cannot be essential for

Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP implementation improvements (#1612)

@Conan-Kudo @dmach would you mind reviewing this PR? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] OpenPGP implementation improvements (#1612)

@DemiMarie pushed 10 commits. 6af8f3905501cac42f451f7eaa436d2cfd3d69ce Remove dead code 0d51987d7af0f33670ec83cc324ed64fdda7377c A signature is not a key 12962b27bbf24a1af26e5707e37043df947db215 Reject unimplemented critical PGP packets a95800fc459cfb8a2f9a79d5e86a2ca92ed6ddb6 Reset the

Re: [Rpm-maint] [rpm-software-management/rpm] invalid signature tag Archivesize on rpm packages created by install4j (#1635)

> @DemiMarie thanks a lot for the fix. Any reasons behind why it is not yet > merged? The RPM project is bottlenecked on code reviews. #1677 and #1672 have not been reviewed either, and both fix legitimate security vulnerabilities. -- You are receiving this because you are subscribed to this

Re: [Rpm-maint] [rpm-software-management/rpm] invalid signature tag Archivesize on rpm packages created by install4j (#1635)

> @DemiMarie Thanks for the quick action. We are not direct consumers of > install4j, but we consume few packages which run through this issue. Will > have to probably wait for any install4j consumers to report it. You’re welcome @techpavan! -- You are receiving this because you are

Re: [Rpm-maint] [rpm-software-management/rpm] Allow certain tags in either header (#1680)

@DemiMarie pushed 1 commit. c1989f8f1eb7caa33f982ea2d73a9ac7d0db0c58 Allow certain tags in either header -- You are receiving this because you are subscribed to this thread. View it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Allow certain tags in either header (#1680)

This works around an install4j bug: it generated an RPMTAG_ARCHIVESIZE tag in the main header. It also fixes support for packages with file signatures generated by old versions of RPM, which included them in the main header. Including file signatures in the main header actually has advantages

Re: [Rpm-maint] [rpm-software-management/rpm] invalid signature tag Archivesize on rpm packages created by install4j (#1635)

> @pmatilai Could you please share if any ETA on the fix? If this takes longer, > we can implement workarounds to downgrade in our applications rather than > waiting for the actual fix. Please do not downgrade; this exposes you to a severe security hole (CVE-2021-20271) that allows for

Re: [Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

@DemiMarie pushed 2 commits. 8b74a3809218fe7fb807fc208a4247dc08126870 verifySignature(): package signatures must be PGPSIGTYPE_BINARY 1c9c201250cf116b37fbcaec06d420ec01d7eafb pgpGrab: assert if nbytes is too large -- You are receiving this because you are subscribed to this thread. View it

[Rpm-maint] [rpm-software-management/rpm] Security fixes for the OpenPGP parser (#1677)

See individual commit messages for details. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1677 -- Commit Summary -- * pgpLen(): validate that the buffer is large enough * Remove incorrect bounds check in pgpPrtSubType()

Re: [Rpm-maint] [rpm-software-management/rpm] Fix OpenPGP parsing bugs (#1675)

> As I've said over and over, we will never accept such a large lump of a > commit in a single go. This is all far better split up into individual > commits in #1612. Why are you filing duplicates of your own work? > > PLEASE STOP THIS. #1612 is for non-security improvements, while this is for

Re: [Rpm-maint] [rpm-software-management/rpm] Fix OpenPGP parsing bugs (#1675)

@dmach @Conan-Kudo -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1675#issuecomment-833173816___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] rpmkeys: exit non-zero on I/O errors (#1633)

@DemiMarie pushed 1 commit. d38ce7925b7df42c9ed9b9f1371a9c6511809c6c rpmkeys: exit non-zero on I/O errors -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Improve the OpenSSL crypto backend (#1610)

@DemiMarie pushed 2 commits. ddd5f3e5c1ab21cb482bb74609bf550553608318 Simplify OpenSSL crypto code 55aa16e51e53e8863c7f60a784381f1b5adf5451 Avoid double frees if EVP_PKEY_assign_RSA fails -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Check that padding is zeroed and regions are consistent (#1613)

@DemiMarie pushed 2 commits. 2551154637c22b83842be6af4cc1d3c7f36e2680 Check that padding is zeroed and regions are consistent 001488dff66e2f8aa15d903d3bfe0fd07bc9d4cc hdrblobVerifyInfo(): reject trailing junk -- You are receiving this because you are subscribed to this thread. View it on

Re: [Rpm-maint] [rpm-software-management/rpm] Avoid undefined shifts (#1547)

@DemiMarie pushed 1 commit. 828096679886cab4d428e1481a5c8f30bd23a7c1 Avoid undefined shifts -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Ban empty header tag data entries (#1589)

Closed #1589. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1589#event-4692398672___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Reject extra packets after a signature (#1627)

Closed #1627. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1627#event-4692391232___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Reject extra packets after a signature (#1627)

Closing in favor of #1675. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1627#issuecomment-833169284___ Rpm-maint mailing list

[Rpm-maint] [rpm-software-management/rpm] Fix OpenPGP parsing bugs (#1675)

- signatures of the wrong type were accepted - signatures were allowed to contain multiple packets - numerous out-of-bounds reads - undefined pointer arithmetic You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1675 -- Commit

[Rpm-maint] [rpm-software-management/rpm] Header signatures alone are not sufficient (#1672)

This fixes how RPM handles packages that contain a header signature, but neither header+payload signature nor payload digests. Such packages are obviously not properly signed, but RPM previously accepted them. This could be used to confuse both ‘rpmkeys -K’ and DNF. Both would report that the

Re: [Rpm-maint] [rpm-software-management/rpm] Multiple vulnerabilities in RPM (#1671)

> @DemiMarie , I don't understand what you're trying to achieve here. I've > explained before that we'll never accept this sort of gigantic pull-request > touching multiple unrelated corners in one gulp, and all/most of these > patches already exists in separate pull-requests just waiting to be

Re: [Rpm-maint] [rpm-software-management/rpm] Multiple vulnerabilities in RPM (#1671)

@DemiMarie pushed 3 commits. 7faa67b49d434bc7b108258e2c554b63894ffe4e Header signatures alone are not sufficient dbd37e66e17f9ff20c04ad168c547c2cb21aabbc Fuzz harness for rpmReadPackageFile() and pgpPrtParams() 4336c3d33e9cc372a1dbf110be92183718499002 Fix an undefined shift in the

<    1   2   3   4   5   >