rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The RPM package management system
62 Commits 11 Branches 61 Tags 8.4 MiB
Diff 100%
b3bd2e82c5
Go to file
Michal Domonkos b3bd2e82c5 Revert "Don't confuse OpenScanHub with false array overrun" 
Yikes.  This was a rushed "fix" that caused a regression in --verify
mode with the following error message:

    Header RSA signature: BAD (header tag 268: invalid OpenPGP signature)

This was immediately caught by the CI (thank god we have it!).

Since this patch was downstream-only (no internal OpenPGP parser in rpm
upstream anymore), it didn't go through the usual peer review.  I should
have asked for it in GitLab still, no matter how innocent and tiny the
change appears to be (lesson learned).

Anyway, it's probably going to be safer to just mark this finding as a
false positive (which it really is), as opposed to touching the code.

Let's revisit later, for now, just revert.

This reverts commit ae9528bbef.

Related: RHEL-22607
2024-07-12 16:50:10 +02:00
.gitignore Merged update from upstream sources 2021-03-29 06:15:18 +00:00
0001-Add-optional-callback-on-directory-changes-during-rp.patch Backport file handling code from rpm-4.19 2023-11-11 10:22:18 +01:00
0001-Add-SourceLicense-tag-to-spec-syntax.patch Add SourceLicense tag to spec syntax 2024-07-11 17:49:47 +02:00
0001-Don-t-segfault-on-missing-priority-tag.patch Don't segfault on missing priority tag 2024-06-03 11:08:44 +02:00
0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch Don't warn about missing user/group on skipped files 2023-12-13 12:24:28 +01:00
0001-Eliminate-code-duplication-from-rpmfiNext.patch Backport file handling code from rpm-4.19 2023-11-11 10:22:18 +01:00
0001-Emit-full-paths-for-file-disposition-diagnostics-on-.patch Fix issues with backported file handling 2023-12-10 21:31:56 +01:00
0001-Expose-and-document-rpmdb-verifydb-operation.patch Actually add --verifydb to the man page 2023-12-13 12:22:21 +01:00
0001-find-debuginfo.sh-decompress-DWARF-compressed-ELF-se.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch Fix description of whatconflicts in the man page 2023-11-16 10:09:54 +01:00
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch Fix OpenScanHub findings 2024-07-11 14:00:47 +02:00
0001-Fix-potential-use-of-uninitialized-pipe-array.patch Fix OpenScanHub findings 2024-07-11 14:00:47 +02:00
0001-Fix-short-circuiting-of-version-strings-in-expressio.patch Fix short circuiting of versions in expressions 2023-11-16 09:40:03 +01:00
0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch Fix issues with backported file handling 2023-12-10 21:31:56 +01:00
0001-Give-warning-on-not-supported-hash-for-RSA-keys.patch Give warning on not supported hash for RSA keys 2022-06-29 08:56:02 +02:00
0001-Issue-deprecation-warning-when-creating-BDB-database.patch Merged update from upstream sources 2020-10-30 03:09:06 +01:00
0001-Macroize-find-debuginfo-script-location.patch Followup on #2166383 2023-06-30 16:01:47 +02:00
0001-NFC-debugedit-Protect-macro-arguments-by-parentheses.patch Merged update from upstream sources 2021-01-20 13:04:28 +00:00
0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch Fix issues with backported file handling 2023-12-10 21:31:56 +01:00
0001-Print-full-path-if-file-removal-fails.patch Fix warning if file removal fails 2023-12-11 16:01:23 +01:00
0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch Backport file handling code from rpm-4.19 2023-11-11 10:22:18 +01:00
0001-Talk-about-rpmsign-in-the-rpmsign-man-page.patch Talk about rpmsign in the rpmsign(8) man page 2024-07-11 17:51:58 +02:00
0001-Use-file-state-machine-from-rpm-4.19.patch Backport file handling code from rpm-4.19 2023-11-11 10:22:18 +01:00
0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch Use unsigned integers for buildtime too for Y2K38 safety 2024-06-03 11:08:46 +02:00
0002-NFC-debugedit-Move-code-from-edit_dwarf2-to-edit_inf.patch Merged update from upstream sources 2021-01-20 13:04:28 +00:00
0003-debugedit-Fix-missing-relocation-of-.debug_types-sec.patch Merged update from upstream sources 2021-01-20 13:04:28 +00:00
0004-NFC-debugedit-Move-code-to-separate-functions.patch Merged update from upstream sources 2021-01-20 13:04:28 +00:00
0005-debugedit-Implement-DWARF-5-unit-header-and-new-form.patch Merged update from upstream sources 2021-01-20 13:04:28 +00:00
0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch Merged update from upstream sources 2021-01-22 11:06:00 +00:00
gating.yaml Add RHEL gating configuration 2021-07-22 15:48:09 +00:00
rpm-4.7.1-geode-i686.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
rpm-4.9.90-no-man-dirs.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
rpm-4.12.0-rpm2cpio-hack.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
rpm-4.14.3-rpm2archive-Don-t-print-usage.patch Fix option parsing in rpm2archive 2022-12-19 19:00:32 +01:00
rpm-4.14.3-rpm2archive-parse-popt-options.patch Fix option parsing in rpm2archive 2022-12-19 19:00:32 +01:00
rpm-4.15.x-ldflags.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
rpm-4.15.x-siteconfig.patch RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
rpm-4.16.1.3-add-fapolicyd-plugin.patch Add fapolicyd plugin 2021-07-22 16:27:19 +02:00
rpm-4.16.1.3-add-path-query-option.patch Fix minor ABI regression in rpmcli.h 2022-04-05 20:33:27 +02:00
rpm-4.16.1.3-bcond-macros.patch Add bcond macros 2022-11-07 17:30:21 +01:00
rpm-4.16.1.3-bump-rpmdb-cookie-hash-to-SHA256-for-FIPS.patch Add patches for release 10 2022-02-01 15:38:08 +01:00
rpm-4.16.1.3-caret-query2.patch Fix db queries with carets 2022-12-05 12:04:59 +01:00
rpm-4.16.1.3-caret-query.patch Fix db queries with carets 2022-12-05 12:04:59 +01:00
rpm-4.16.1.3-ELF-files-strip-when-debuginfo-disabled.patch Add patches for release 8 2021-12-10 14:51:49 +01:00
rpm-4.16.1.3-external-debugedit.patch Use external find-debug and debugedit 2023-05-03 12:51:07 +02:00
rpm-4.16.1.3-fapolicyd-make-write-nonblocking.patch Make write() nonblocking in fapolicyd plugin 2022-09-23 13:28:31 +02:00
rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Pass _find_debuginfo_vendor_opts to the find-debuginfo script. 2022-06-30 11:49:55 +01:00
rpm-4.16.1.3-fix-IMA-sig-len-assumed-const.patch Add patches for release 11 2022-02-15 10:38:13 +01:00
rpm-4.16.1.3-fix-regression-reading-rpm-v3-pkgs.patch Add patches for release 11 2022-02-15 10:38:13 +01:00
rpm-4.16.1.3-fix-spurious-transfiletriggerpostun-execution.patch Add patches for release 11 2022-02-15 10:38:13 +01:00
rpm-4.16.1.3-hashtab-use-after-free-fix.patch Fix use-after-free error in hashtab.c 2021-07-01 15:51:34 +02:00
rpm-4.16.1.3-IMA-without-xattr.patch Don't error out on IMA signatures 2023-05-03 11:13:41 +02:00
rpm-4.16.1.3-imp-covscan-fixes.patch Add forgotten sqlite patch 2021-07-01 16:21:14 +02:00
rpm-4.16.1.3-Make-rpm2cpio.sh-more-robust.patch Make rpm2cpio.sh more robust 2022-08-03 17:42:27 +02:00
rpm-4.16.1.3-rpm2archive-error-handling.patch Add --nocompression to rpm2archive 2022-12-05 14:39:09 +01:00
rpm-4.16.1.3-rpm2archive-nocompression.patch Add --nocompression to rpm2archive 2022-12-05 14:39:09 +01:00
rpm-4.16.1.3-rpmsign-support-EdDSA-sig.patch Add support for EdDSA signatures to rpmsign 2021-07-22 13:04:51 +02:00
rpm-4.16.1.3-skip-recorded-symlinks-in-setperms.patch Add patches for release 10 2022-02-01 15:38:08 +01:00
rpm-4.16.1.3-support-bdb-hash-v8.patch Add patches for release 8 2021-12-10 14:51:49 +01:00
rpm-4.16.1.3-Support-long-languages-names-for-QT.patch Support long language names for QT 2022-12-05 14:40:40 +01:00
rpm-4.16.1.3-unblock-signals-in-forked-scriptlets.patch Unblock signals in forked scriptlets 2021-08-19 16:30:08 +02:00
rpm-4.16.1.3-unbreak-checking-of-installed-rich-deps.patch Add patches for release 8 2021-12-10 14:51:49 +01:00
rpm-4.16.1.3-validate-and-require-subkey-binding-sigs.patch Add patches for release 10 2022-02-01 15:38:08 +01:00
rpm-4.18-libselinux-log.patch Handle SELinux log messages 2022-12-05 12:15:30 +01:00
rpm.spec Revert "Don't confuse OpenScanHub with false array overrun" 2024-07-12 16:50:10 +02:00
rpmdb-rebuild.service RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00
sources Merged update from upstream sources 2021-03-29 06:15:18 +00:00
STAGE2-rpm RHEL 9.0.0 Alpha bootstrap 2020-10-14 21:51:14 -07:00