-
Notifications
You must be signed in to change notification settings - Fork 401
Permalink
Choose a base ref
{{ refName }}
default
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: rpm-software-management/dnf
base: 4.18.1
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
...
head repository: rpm-software-management/dnf
compare: 4.18.2
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
- 11 commits
- 12 files changed
- 5 contributors
Commits on Nov 14, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 3f8a560 - Browse repository at this point
Copy the full SHA 3f8a560View commit details
Commits on Nov 15, 2023
-
DNS key verification: Fix parsing an armored PGP key
A PGP armor message can contain any amount of headers. Up to Fedora 38 there was one: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.18.0-beta1 mQINBGIC2cYBEADJye1aE0AR17qwj6wsHWlCQlcihmqkL8s4gbOk1IevBbH4iXJx [...] =CHKS -----END PGP PUBLIC KEY BLOCK----- Since Fedora 39 there is none: -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy l/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ [...] =CHKS -----END PGP PUBLIC KEY BLOCK----- RpmImportedKeys._query_db_for_gpg_keys() assumed exactly one header. As a result if gpgkey_dns_verification configuration option was true, DNF reported that Fedora 39 keys was revoked because the key misextratracted from RPM database did not match a key in DNS: # dnf-3 upgrade DNSSEC extension: Testing already imported keys for their validity. DNSSEC extension: GPG Key [email protected] has been revoked and should be removed immediately This patch implements skipping all armor headers. https://bugzilla.redhat.com/show_bug.cgi?id=2249380
Configuration menu - View commit details
-
Copy full SHA for 49feb22 - Browse repository at this point
Copy the full SHA 49feb22View commit details -
DNS key verification: Fix handling keys without an e-mail address
If an PGP key is stored in an RPM database without a "packager" RPM header, or without an e-mail address there, DNS verification crashed on converting the undefined address into a DNS domain. That was the case of Fedora 13 key: # dnf-3 upgrade Traceback (most recent call last): File "/usr/bin/dnf-3", line 62, in <module> main.user_main(sys.argv[1:], exit_code=True) File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 201, in user_main errcode = main(args) ^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main return _main(base, args, cli_class, option_parser_class) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main return cli_run(cli, base) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run cli.run() File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 1040, in run self._process_demands() File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 741, in _process_demands self.base.fill_sack( File "/usr/lib/python3.12/site-packages/dnf/base.py", line 403, in fill_sack dnf.dnssec.RpmImportedKeys.check_imported_keys_validity() File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 286, in check_imported_keys_validity keys = RpmImportedKeys._query_db_for_gpg_keys() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 276, in _query_db_for_gpg_keys email = re.search('<(.*@.*)>', packager).group(1) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/re/__init__.py", line 177, in search return _compile(pattern, flags).search(string) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: expected string or bytes-like object, got 'NoneType' This patch defends the crash at two places: In _query_db_for_gpg_keys() because here we know a NEVRA of the key and can produce a meaningful message. And in _cache_miss() because we can get there independenly and called email2location() would also crash.
Configuration menu - View commit details
-
Copy full SHA for 53a5a93 - Browse repository at this point
Copy the full SHA 53a5a93View commit details -
DNS key verification: Fix caching negative responses
If a user had installed multiple keys for the same e-mail address in an RPM database, and no records for the address existed in DNS, DNF validated the first key correctly, but reported that the other key is revoked: # rpm -q gpg-pubkey --qf '%{packager} %{nevra}\n' |grep nokey nokey1 <[email protected]> gpg-pubkey-7460757e-6553a6ab nokey2 <[email protected]> gpg-pubkey-c8d04ba8-6553a6b1 # dnf-3 upgrade DNSSEC extension: Testing already imported keys for their validity. DNSSEC extension: GPG Key [email protected] has been revoked and should be removed immediately The cause was a wrong test for a cached negative reponse. This patch fixes it. https://bugzilla.redhat.com/show_bug.cgi?id=2249380
Configuration menu - View commit details
-
Copy full SHA for 5d95553 - Browse repository at this point
Copy the full SHA 5d95553View commit details -
Configuration menu - View commit details
-
Copy full SHA for c59b50e - Browse repository at this point
Copy the full SHA c59b50eView commit details -
Configuration menu - View commit details
-
Copy full SHA for bbbc19b - Browse repository at this point
Copy the full SHA bbbc19bView commit details -
Added 'send_error_messages' Boolean Option and updated man docs
Added option 'send_error_messages' Fixed Option String List Changed option to Boolean
Configuration menu - View commit details
-
Copy full SHA for d523c19 - Browse repository at this point
Copy the full SHA d523c19View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6229c1d - Browse repository at this point
Copy the full SHA 6229c1dView commit details
Commits on Nov 30, 2023
-
Configuration menu - View commit details
-
Copy full SHA for e1ddff2 - Browse repository at this point
Copy the full SHA e1ddff2View commit details -
Configuration menu - View commit details
-
Copy full SHA for cb54681 - Browse repository at this point
Copy the full SHA cb54681View commit details
Commits on Dec 8, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 1c43d09 - Browse repository at this point
Copy the full SHA 1c43d09View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 4.18.1...4.18.2