[Rpm-maint] [rpm-software-management/rpm] Reject unimplemented critical PGP packets as per RFC-4880 (#1702)

Panu Matilainen notifications at github.com
Tue Jun 15 11:28:36 UTC 2021


    Reject unimplemented critical PGP packets as per RFC-4880
    
        Bit 7 of the subpacket type is the "critical" bit.  If set, it
        denotes that the subpacket is one that is critical for the evaluator
        of the signature to recognize.  If a subpacket is encountered that is
        marked critical but is unknown to the evaluating software, the
        evaluator SHOULD consider the signature to be in error.
    
    We only implement creation time and issuer keyid, everything else is
    unimplemented and should be flagged as an error if critical as per above.
    
    Initial patch by Demi Marie Obenour.

You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1702

-- Commit Summary --

  * Refactor error tracking to helper variable in PGP subtype parsing
  * Reject unimplemented critical PGP packets as per RFC-4880

-- File Changes --

    M rpmio/rpmpgp.c (16)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1702.patch
https://github.com/rpm-software-management/rpm/pull/1702.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1702
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210615/e98ceab0/attachment-0001.html>


More information about the Rpm-maint mailing list