@Conan-Kudo approved this pull request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1610#pullrequestreview-624744209___
> What OpenSSL versions have you tested this with?
Only the one packaged in Fedora 33. I wasn’t able to reproduce the double free
so that part has not been tested. That said, this change should not impose any
new requirements on OpenSSL.
--
You are receiving this because you are subscribed
What OpenSSL versions have you tested this with?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1610#issuecomment-810598087___
> Could someone please briefly review two patches above? Thanks.
Revocation signatures are only valid if they are a valid signature of the key
being revoked, and are made by either the key being revoked or a key that it
has designated as valid for revocation.
--
You are receiving this because
I have no idea how you found this... but yes, nice catch!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
> Yeah, I guess we really don't want to read some random memory. Nice catch.
Thanks! For anyone reading this later: this is not a security issue because
the input is trusted.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
Merged #1611 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1611#event-4525797908___
Rpm-maint mailing list
Multiple checksums associated with each package would be nice.
For example:
* an old repo uses sha1 checksums
* dnf uses sha256 checksum as an internal primary package identifier
* dnf computes both checksums and stores them in rpmdb when a package gets
installed/upgraded
--
You are
Merged #1604 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1604#event-4525791119___
Rpm-maint mailing list