<p>Commit <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/rpm-software-management/rpm/commit/a239ddefa90575ce80ed4436beb4005a97e32644/hovercard" href="https://github.com/rpm-software-management/rpm/commit/a239ddefa90575ce80ed4436beb4005a97e32644"><tt>a239dde</tt></a> changed rpmpkgVerifySigs()<br>
to accept fine-grained vsflags instead of query/verify style<br>
nosignature/nodigest hammers, but rpmVerifySignatures() didn't get<br>
updated accordingly. This will cause most unexpect behavior (in particular<br>
in 4.14.x), for example QUERY_DIGEST which was used for disabling all<br>
digest verification was defined as (1 << 19), which happens to be the same<br>
as RPMVSF_NORSA which is how it would now be treated. Similarly confusion<br>
with VERIFY_SCRIPT becoming RPMVSF_NODSA etc.</p>
<p>Just use the transaction verify flags instead, and mark the qva argument<br>
as unused. It's an API change but that's okay in 4.15, and it's also an<br>
explicit breakage at compile time (due to those DIGEST/SIGNATURE symbols<br>
removal). In 4.14.x this is a regression but can be fixed within the API.</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/rpm-software-management/rpm/pull/747'>https://github.com/rpm-software-management/rpm/pull/747</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>Fix rpmVerifySignatures() passing garbage as verify flags in rpm >= 4.14</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/747/files#diff-0">lib/rpmchecksig.c</a>
    (3)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/747/files#diff-1">lib/rpmcli.h</a>
    (2)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/rpm-software-management/rpm/pull/747.patch'>https://github.com/rpm-software-management/rpm/pull/747.patch</a></li>
  <li><a href='https://github.com/rpm-software-management/rpm/pull/747.diff'>https://github.com/rpm-software-management/rpm/pull/747.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/pull/747?email_source=notifications&email_token=ADLPZUZGF2YTZ52F2QQWSNTP2DEHXA5CNFSM4HXHONC2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZAW6VA">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ADLPZU2DGKVVNNUK7WDXIWLP2DEHXANCNFSM4HXHONCQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/ADLPZU6ECOB3YWB7J2BIRC3P2DEHXA5CNFSM4HXHONC2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZAW6VA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/rpm-software-management/rpm/pull/747?email_source=notifications\u0026email_token=ADLPZUZGF2YTZ52F2QQWSNTP2DEHXA5CNFSM4HXHONC2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZAW6VA",
"url": "https://github.com/rpm-software-management/rpm/pull/747?email_source=notifications\u0026email_token=ADLPZUZGF2YTZ52F2QQWSNTP2DEHXA5CNFSM4HXHONC2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZAW6VA",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>