unread
Hi,
I just discovered two critical errors in tar's signature verification
handling that affects archives signed with an openssl signature. The
attached patch fixes these issues, and adds a test for the openssl
functionality (this slipped through the cracks somehow).
This is an important issue for anyone who wants to create true signed
archives with ext/phar, and so I hope it will make it into 5.3.0. If it
is too late, I would at least want the patch to tar.c to be in the
release notes if at all possible. The patch attached is against
PHP_5_3, and is a trivial one to merge to HEAD and pecl/phar.
Can I commit?
Thanks,
Greg