> @DemiMarie , I don't understand what you're trying to achieve here. I've
> explained before that we'll never accept this sort of gigantic pull-request
> touching multiple unrelated corners in one gulp, and all/most of these
> patches already exists in separate pull-requests just waiting to be
Closed #1671.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1671#event-4687203347___
Rpm-maint mailing list
Rpm-maint@lists.rpm
@DemiMarie , I don't understand what you're trying to achieve here. I've
explained before that we'll never accept this sort of gigantic pull-request
touching multiple unrelated corners in one gulp, and most of these patches
already exists in separate pull-requests just waiting to be processed.
@DemiMarie pushed 3 commits.
7faa67b49d434bc7b108258e2c554b63894ffe4e Header signatures alone are not
sufficient
dbd37e66e17f9ff20c04ad168c547c2cb21aabbc Fuzz harness for rpmReadPackageFile()
and pgpPrtParams()
4336c3d33e9cc372a1dbf110be92183718499002 Fix an undefined shift in the
expression
Through a combination of manual audits and fuzzing, I found several
vulnerabilities in RPM:
- RPM does not reject packages that have a signed header, but neither a
header+payload signature nor a payload digest. Furthermore, `rpmkeys
-K` reports `digests signatures OK` for such packages. Such