Re: [Rpm-maint] [rpm-software-management/rpm] Improve the OpenSSL crypto backend (#1610)

@Conan-Kudo approved this pull request. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1610#pullrequestreview-624744209___

Re: [Rpm-maint] [rpm-software-management/rpm] Improve the OpenSSL crypto backend (#1610)

> What OpenSSL versions have you tested this with? Only the one packaged in Fedora 33. I wasn’t able to reproduce the double free so that part has not been tested. That said, this change should not impose any new requirements on OpenSSL. -- You are receiving this because you are subscribed

Re: [Rpm-maint] [rpm-software-management/rpm] Improve the OpenSSL crypto backend (#1610)

What OpenSSL versions have you tested this with? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1610#issuecomment-810598087___

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

> Could someone please briefly review two patches above? Thanks. Revocation signatures are only valid if they are a valid signature of the key being revoked, and are made by either the key being revoked or a key that it has designated as valid for revocation. -- You are receiving this because

Re: [Rpm-maint] [rpm-software-management/rpm] Fix incorrect rpmarchive_writeto argument string (#1611)

I have no idea how you found this... but yes, nice catch! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] rpmio: avoid reading past the end of the mode string (#1604)

> Yeah, I guess we really don't want to read some random memory. Nice catch. Thanks! For anyone reading this later: this is not a security issue because the input is trusted. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on

Re: [Rpm-maint] [rpm-software-management/rpm] Fix incorrect rpmarchive_writeto argument string (#1611)

Merged #1611 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1611#event-4525797908___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Store an alternative package checksums in rpmdb (#1595)

Multiple checksums associated with each package would be nice. For example: * an old repo uses sha1 checksums * dnf uses sha256 checksum as an internal primary package identifier * dnf computes both checksums and stores them in rpmdb when a package gets installed/upgraded -- You are

Re: [Rpm-maint] [rpm-software-management/rpm] rpmio: avoid reading past the end of the mode string (#1604)

Merged #1604 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1604#event-4525791119___ Rpm-maint mailing list