Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
@teythoon commented on this pull request. > @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, > pgpSigType sigtype, case PGPSUBTYPE_REVOKE_REASON: case PGPSUBTYPE_FEATURES: case PGPSUBTYPE_EMBEDDED_SIG: + pgpPrtHex("", p+1, plen-1); + break; + case PGPSUBTYPE_NOTATION: The difference is that you made an conscious decision to ignore a subpacket like the features subpacket, whereas you did not make a conscious decision to ignore the notation with the name "something-import...@example.org". -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813#discussion_r737562867___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
@DemiMarie commented on this pull request. > @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, > pgpSigType sigtype, case PGPSUBTYPE_REVOKE_REASON: case PGPSUBTYPE_FEATURES: case PGPSUBTYPE_EMBEDDED_SIG: + pgpPrtHex("", p+1, plen-1); + break; + case PGPSUBTYPE_NOTATION: PGPSUBTYPE_NOTATION is definitely not recognized unless the notation name is recognized. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813#discussion_r737527899___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
@pmatilai commented on this pull request. > @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, > pgpSigType sigtype, case PGPSUBTYPE_REVOKE_REASON: case PGPSUBTYPE_FEATURES: case PGPSUBTYPE_EMBEDDED_SIG: + pgpPrtHex("", p+1, plen-1); + break; + case PGPSUBTYPE_NOTATION: I fail to see how notations are any different from all the other stuff in the above that we don't handle. I mean, if "recognizing" is a matter of being in a switch-case then PGPSUBTYPE_NOTATION is just as "recognized" as, say, PGPSUBTYPE_REVOKE_KEY. And if not, then most of these should be in the "not recognized" category, which is basically what my "implemented" flag did. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813#pullrequestreview-790700598___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
@teythoon pushed 1 commit. 1780fbe2286b309f8bdc24728731f2e28603 Fix handling of signature notations -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813/files/d70ee8e68871281664d8b0edfbdc511ad6947fcf..1780fbe2286b309f8bdc24728731f2e28603 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
@mlschroe commented on this pull request. > @@ -422,8 +422,6 @@ static int pgpVerifySigEDDSA(pgpDigAlg pgpkey, pgpDigAlg > pgpsig, uint8_t *hash, return rc; if (pgpkey->curve != PGPCURVE_ED25519) return rc; -if (hash_algo != PGPHASHALGO_SHA256) - return rc; I think the check was from a time where we used a different way to set up the sexp, and we just forgot to remove it. Thanks for spotting this. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813#pullrequestreview-790417240___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1813 -- Commit Summary -- * https://github.com/rpm-software-management/rpm/pull/1813/commits/5d7965a23779321ba2e8820e1859507f03e0e152;>Fix signature subpacket type handling * https://github.com/rpm-software-management/rpm/pull/1813/commits/7c261daabb14299c53e5f6ad966ece6d9e398f4a;>Fix handling of critical signature subpackets * https://github.com/rpm-software-management/rpm/pull/1813/commits/0d83d29ba824e4f2d8ef7f3073327d5f2253f7c0;>Fix hashlen overflow * https://github.com/rpm-software-management/rpm/pull/1813/commits/73a3eddbb22f559f6e1ecd85331b6f28e9045ef2;>Fix typo * https://github.com/rpm-software-management/rpm/pull/1813/commits/d70ee8e68871281664d8b0edfbdc511ad6947fcf;>Fix Ed25519 signature verification using libgcrypt -- File Changes -- M rpmio/digest.h (2) M rpmio/digest_libgcrypt.c (2) M rpmio/rpmkeyring.h (2) M rpmio/rpmpgp.c (11) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1813.patch https://github.com/rpm-software-management/rpm/pull/1813.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1813 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint