Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Reopened #3001. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#event-12387084215 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Reopening - we want to track this for the next 4.19.x bugfix release. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2041896059 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Thanks a lot ! -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2041469875 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Closed #3001 as completed. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#event-12384151974 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Fixed with https://github.com/rpm-software-management/rpmpgp_legacy/commit/31c2f3d017372ee11b6c7403f13889736757c046 -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031713736 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Yeah, that's also what I was going to implement. The userid seems to be optional. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031710562 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Heh, so a more careful reading of the report... the userid is *intentionally* removed here. So assuming that's a reasonable thing to do (considering where these keys are coming from), the minimal fix would probably be this instead: ``` - digps[count]->userid = xstrdup(mainkey->userid); + if (mainkey->userid) + digps[count]->userid = xstrdup(mainkey->userid); ``` There could be other places that rely on the userid being there besides this. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031708849 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Oh and, thanks @signed-log for reporting! -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031692954 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm segfaults when importing keys downloaded from keys.openpgp.org (Issue #3001)
Right, this is specific to the internal pgp parser. With rpm-sequoia I get: > $ tools/rpmkeys --dbpath /tmp/kdb --import > /tmp/2596A99EAAB33821893C0A79458CA832957F5868 error: Certificate 458CA832957F5868: Policy rejects 458CA832957F5868: No binding signature at time 2024-04-02T10:42:20Z error: /tmp/2596A99EAAB33821893C0A79458CA832957F5868: key 1 import failed. but easy enough to reproduce with the old parser. This is enough prevents the crash: ``` --- a/rpmio/rpmpgp_internal.c +++ b/rpmio/rpmpgp_internal.c @@ -1079,6 +1079,8 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); /* Copy UID from main key to subkey */ + if (!mainkey->userid) + break; digps[count]->userid = xstrdup(mainkey->userid); if (getKeyID(pkt.body, pkt.blen, digps[count]->signid)) { ``` It wont import the key, but if main userid is missing in the key then maybe it shouldn't. The internal parser is now gone from the upstream rpm repo but it's of course still there in 4.19.x. @mlschroe, do you want to have a closer look or just go with something like the above as minimal bandaid? -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/3001#issuecomment-2031682692 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint