teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

b3bd2e Revert "Don't confuse OpenScanHub with false array overrun"

Authored and Committed by Michal Domonkos 4 months ago
    Revert "Don't confuse OpenScanHub with false array overrun"
    
    Yikes.  This was a rushed "fix" that caused a regression in --verify
    mode with the following error message:
    
        Header RSA signature: BAD (header tag 268: invalid OpenPGP signature)
    
    This was immediately caught by the CI (thank god we have it!).
    
    Since this patch was downstream-only (no internal OpenPGP parser in rpm
    upstream anymore), it didn't go through the usual peer review.  I should
    have asked for it in GitLab still, no matter how innocent and tiny the
    change appears to be (lesson learned).
    
    Anyway, it's probably going to be safer to just mark this finding as a
    false positive (which it really is), as opposed to touching the code.
    
    Let's revisit later, for now, just revert.
    
    This reverts commit ae9528bbef8b05883ae08ad345e4f945c04ad0ff.
    
    Related: RHEL-22607
    
        
file modified
+4 -2