Re: [Rpm-maint] [rpm-software-management/rpm] RPM v6 package format, first public draft for commenting (Discussion #2374)

re: "crypto modernization", maybe look at supporting SHA-3 checksums? -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/discussions/2374#discussioncomment-6675616 You are receiving this because you are subscribed to this thread. Message ID: __

Re: [Rpm-maint] [rpm-software-management/rpm] Stack overflow in glob() function (Issue #2605)

No; I just didn't have a 4.19 build handy (and I ~~don't~~ didn't think that any of those VLAs were touched—turns out the one in `glob` *was* in 66fa46c006bae0f28d93238b8f7f1c923645eee5). -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issue

Re: [Rpm-maint] [rpm-software-management/rpm] Stack overflow in glob() function (Issue #2605)

Is this a request to backport the glob changes to the 4.18 maintenance branch? -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2605#issuecomment-1669769590 You are receiving this because you are subscribed to this thread. Message ID: __

Re: [Rpm-maint] [rpm-software-management/rpm] Source RPMs should have ARCH set to src (Issue #2601)

> You can do many nasty things with %ifarch, e.g. not include some patch on an > architecture. (But is is probably against the packaging guidelines of any > distribution.) Exactly. You *could* do this, but it doesn't make sense. Fedora packaging guidelines strongly forbid this, and probably so

[Rpm-maint] [rpm-software-management/rpm] Rewrite --last to use sed for formatting (PR #2606)

This is the only dependency on awk in the runtime commandline part of rpm, which is bloating minimal container images a bit. We can rewrite that into a single sed statement. We love you anyway, awk. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software

Re: [Rpm-maint] [rpm-software-management/rpm] Add an experimental CMake build system (8c3fb5e)

This does not fall back to `/usr/bin/7za` and ends up pointing to a different binary (`/usr/bin/7zip`) than the original [configure.ac:75](https://github.com/rpm-software-management/rpm/blob/c10e2310e4c41a626b524ae71b3c4f87a29134b2/configure.ac#L75) if a 7zip binary is not found. This causes rpm

Re: [Rpm-maint] [rpm-software-management/rpm] Source RPMs should have ARCH set to src (Issue #2601)

> Actually, srpm are _almost_ arch-independent. I know of two issues: the ARCH > tag, and BuildRequires. But Fedora packaging guidelines actually forbid > archful BuildRequires > (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_buildrequires_and_isa, > "SRPMs need to be architecture

[Rpm-maint] [rpm-software-management/rpm] Stack overflow in glob() function (Issue #2605)

Version: 4.18 (openSUSE Tumbleweed 20230807) Given a crafted input file, rpm blows the standard stack (typically 8 MB( with lots of recursion. A VLA in the stack frame is detrimental to that as well. ``` $ gdb /usr/bin/rpm (gdb) r _buildenv … Program received signal SIGSEGV, Segmentation fault.

Re: [Rpm-maint] [rpm-software-management/rpm] Source RPMs should have ARCH set to src (Issue #2601)

You can do many nasty things with %ifarch, e.g. not include some patch on an architecture. (But is is probably against the packaging guidelines of any distribution.) -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2601#issuecomment-166

Re: [Rpm-maint] [rpm-software-management/rpm] Source RPMs should have ARCH set to src (Issue #2601)

Actually, srpm are *almost* arch-independent. I know of two issues: the ARCH tag, and BuildRequires. But Fedora packaging guidelines actually forbid archful BuildRequires (https://docs.fedoraproject.org/en-US/packaging-guidelines/#_buildrequires_and_isa, "SRPMs need to be architecture independe