Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)
> I'm not very fond of the idea of banning tags based on their numbers, such a
> thing might have far-fetched, unwanted consequences. At any rate, the range
> here is too wide, the signature range is from HEADER_SIGBASE to
> HEADER_TAGBASE-1.
What are these consequences?
> I think I'd rather approach this from the angle that signature or hash over
> itself cannot possibly be correct.
>
> Like maybe actually have rpm look for signatures and digests in the main
> header too, around the point where it goes fishing for payload digests from
> there. It already knows which tags are legit there ('sigh' in the rpmvfyitems
> table), so it wouldn't need to actually access the data because we can just
> flag it invalid.
What about moving the check to `rpmpkgRead`? It’s trivial there: just iterate
over all entries and return an error if there are any bad ones.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1503#issuecomment-776386340___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)
I'm not very fond of the idea of banning tags based on their numbers, such a
thing might have far-fetched, unwanted consequences. At any rate, the range
here is too wide, the signature range is from HEADER_SIGBASE to
HEADER_TAGBASE-1.
I think I'd rather approach this from the angle that signature or hash over
itself cannot possibly be correct.
Like maybe actually have rpm look for signatures and digests in the main header
too, around the point where it goes fishing for payload digests from there. It
already knows which tags are legit there ('sigh' in the rpmvfyitems table), so
it wouldn't need to actually access the data because we can just flag it
invalid.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1503#issuecomment-775903622___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make Lua a hard requirement for rpm (#1527)
Merged #1527 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1527#event-4308766395___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make Lua a hard requirement for rpm (#1527)
Okay so nobody objects, even remotely, to the actual change. Except for myself, for whom this will make bisecting old stuff somewhat more difficult, but then ability to disable Lua only helps if the thing to bisect is not Lua. There's a price to everything, shrug. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1527#issuecomment-775885801___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Make Lua a hard requirement for rpm (#1527)
Spelling fixed... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1527#issuecomment-775745577___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Translations update from Weblate (#1533)
Translations update from [Weblate](https://translate.fedoraproject.org/projects/rpm/master/) for rpm/master. Current translation status:  You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1533 -- Commit Summary -- * Translated using Weblate (Chinese (Simplified)) -- File Changes -- M po/cmn.po (12) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1533.patch https://github.com/rpm-software-management/rpm/pull/1533.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1533 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
