https://bugzilla.redhat.com/show_bug.cgi?id=2025751 David Cantrell <dcantrell@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(dcantrell@redhat. | |com) | --- Comment #7 from David Cantrell <dcantrell@xxxxxxxxxx> --- (In reply to Robbie Harwood from comment #5) > Updated spec and srpm - note new locations: > - https://rharwood.fedorapeople.org/libptytty.spec > - https://rharwood.fedorapeople.org/libptytty-2.0-1.fc36.src.rpm > > > The %{?_isa} part was missing from the Requires on the devel package. > > Fixed, thanks. np > > Upstream appears to have a .sig file, so this package could probably do the gpgverify thing. > > Thanks for helping offline with this. signify verification added. I'll add > it to rxvt-unicode during the update, and possibly send a PR to libev as > well. > > (signify doesn't seem to exist for fc34, so I've moved to doing this with a > rawhide VM.) > > Note though that all of this is still being fetched over plain HTTP because > schmorp doesn't work over HTTPS. So it's basically all moot anyway: Sounds good. And yeah, I know it's sort of moot but I do also like the idea of having our build infrastructure migrating in this direction to verify source origin because eventually upstream source locations move and whatnot. > > * libptytty.x86_64: E: missing-call-to-setgroups-before-setuid /usr/lib64/libptytty.so.0 > > Also assumed this was an rpmlint bug. Looking at it more, I think it's > complaining about actual function calls in the library, which seems like not > rpmlint's problem. > > The code in question is pttytty::drop_privileges() in proxy.C - I don't know > whether this is an actual bug, since I'm not sure where it would *get* > ancillary groups, given nothing's setuid. Or to put it differently: this > particular code is copied wholesale out of rxvt-unicode, so any issue here > is pre-existing unless there's some interaction with it being a library now > that I'm not immediately seeing. Oh, ok, I see. I thought rpmlint was reporting setuid permissions, I didn't know it was looking at symbols. Patch looks good. > > And not required, but kind of convention... Changes and README could go in %doc > > Done. Changes look good, I'll post the newly completed fedora-review that I just ran. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2025751 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
