Package: apt Version: 0.9.7.7 Severity: normal File: apt-pkg/indexcopy.cc, ftparchive/writer.cc User: ans...@debian.org Usertags: gpg-clearsign
Hi! The SigVerify::RunGPGV() function is too strict and will error out on correct Armor Header Lines (as per RFC4880), those with trailing whitespace. The function SourcesWriter::DoPackage() will not correctly strip the PGP signature from the dsc if the Armor Header Line contains trailing whitespace, it does not correctly handle OpenPGP blank lines (those with only whitespaces), or surrounding non-signed "garbage". Ansgar has been filing this kind of bugs, and pointed out to #695855, although IMO the RFC is clear enough as to be able to implement this in other places. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
