re: "crypto modernization", maybe look at supporting SHA-3 checksums?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2374#discussioncomment-6675616
You are receiving this because you are subscribed to this thread.
Message ID:
__
No; I just didn't have a 4.19 build handy (and I ~~don't~~ didn't think that
any of those VLAs were touched—turns out the one in `glob` *was* in
66fa46c006bae0f28d93238b8f7f1c923645eee5).
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issue
Is this a request to backport the glob changes to the 4.18 maintenance branch?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2605#issuecomment-1669769590
You are receiving this because you are subscribed to this thread.
Message ID: __
> You can do many nasty things with %ifarch, e.g. not include some patch on an
> architecture. (But is is probably against the packaging guidelines of any
> distribution.)
Exactly. You *could* do this, but it doesn't make sense. Fedora packaging
guidelines strongly forbid this, and probably so
This is the only dependency on awk in the runtime commandline part of rpm,
which is bloating minimal container images a bit. We can rewrite that into a
single sed statement. We love you anyway, awk.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software
This does not fall back to `/usr/bin/7za` and ends up pointing to a different
binary (`/usr/bin/7zip`) than the original
[configure.ac:75](https://github.com/rpm-software-management/rpm/blob/c10e2310e4c41a626b524ae71b3c4f87a29134b2/configure.ac#L75)
if a 7zip binary is not found. This causes rpm
> Actually, srpm are _almost_ arch-independent. I know of two issues: the ARCH
> tag, and BuildRequires. But Fedora packaging guidelines actually forbid
> archful BuildRequires
> (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_buildrequires_and_isa,
> "SRPMs need to be architecture
Version: 4.18 (openSUSE Tumbleweed 20230807)
Given a crafted input file, rpm blows the standard stack (typically 8 MB( with
lots of recursion. A VLA in the stack frame is detrimental to that as well.
```
$ gdb /usr/bin/rpm
(gdb) r _buildenv
…
Program received signal SIGSEGV, Segmentation fault.
You can do many nasty things with %ifarch, e.g. not include some patch on an
architecture. (But is is probably against the packaging guidelines of any
distribution.)
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2601#issuecomment-166
Actually, srpm are *almost* arch-independent. I know of two issues: the ARCH
tag, and BuildRequires. But Fedora packaging guidelines actually forbid archful
BuildRequires
(https://docs.fedoraproject.org/en-US/packaging-guidelines/#_buildrequires_and_isa,
"SRPMs need to be architecture independe
10 matches
Mail list logo