[Rpm-maint] [rpm-software-management/rpm] Disallow most control characters in at least %summary, %description and %changelog (Issue #2742)

Based on the last [EPEL meeting](https://meetbot.fedoraproject.org/fedora-meeting/2023-11-01/epel.2023-11-01-20.00.log.html), where https://pagure.io/releng/issue/11751 was raised, I would like to suggest to disallow most control characters in at least `%summary`, `%description` and

Re: [Rpm-maint] [rpm-software-management/rpm] Add LMDB backend for RPMDB to RPM (from @n3npq in #281) (#291)

Is it intended, that it's called `/data.mdb` rather `/Packages.mdb`? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Make 'rpm -V' more resistent against rpmdb manipulations (#196)

> Hmmm ... its not clear what exploit is used (from just reading the file at > the URL you gave). I think "DIZZYTACHOMETER" doesn't exploit anything itself, but is just hiding e.g. a rootkit installation by manipulating the rpmdb based on already existing write permissions gained before. I

[Rpm-maint] [rpm-software-management/rpm] Make 'rpm -V' more resistent against rpmdb manipulations (#196)

https://github.com/x0rz/EQGRP/blob/33810162273edda807363237ef7e7c5ece3e4100/Linux/doc/old/etc/user.mission.generic.COMMON.old refers to "DIZZYTACHOMETER", which is a tool to manipulate the rpmdb in order to avoid `rpm -V` reporting manipulated/changed/replaced binaries/files of installed RPM

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Offer LMDB as an alternative engine to BDB for rpmdb (#128)

At https://bugzilla.redhat.com/show_bug.cgi?id=1086784, there also was kind of discussion about that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: