Author: mlandres Date: Fri Jul 4 18:00:20 2008 New Revision: 10499 URL: http://svn.opensuse.org/viewcvs/zypp?rev=10499&view=rev Log: Also check if the fingerprint matches before importing updated keys. (bnc #393160) Modified: branches/SuSE-Linux-10_2-Branch/libzypp/VERSION branches/SuSE-Linux-10_2-Branch/libzypp/package/libzypp.changes branches/SuSE-Linux-10_2-Branch/libzypp/zypp/KeyRing.cc Modified: branches/SuSE-Linux-10_2-Branch/libzypp/VERSION URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_2-Branch/libzypp/VERSION?rev=10499&r1=10498&r2=10499&view=diff ============================================================================== --- branches/SuSE-Linux-10_2-Branch/libzypp/VERSION (original) +++ branches/SuSE-Linux-10_2-Branch/libzypp/VERSION Fri Jul 4 18:00:20 2008 @@ -61,5 +61,5 @@ m4_define([LIBZYPP_MINOR], [17]) m4_define([LIBZYPP_COMPATMINOR], [15]) dnl ================================================== -m4_define([LIBZYPP_PATCH], [1]) +m4_define([LIBZYPP_PATCH], [2]) dnl ================================================== Modified: branches/SuSE-Linux-10_2-Branch/libzypp/package/libzypp.changes URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_2-Branch/libzypp/package/libzypp.changes?rev=10499&r1=10498&r2=10499&view=diff ============================================================================== --- branches/SuSE-Linux-10_2-Branch/libzypp/package/libzypp.changes (original) +++ branches/SuSE-Linux-10_2-Branch/libzypp/package/libzypp.changes Fri Jul 4 18:00:20 2008 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Fri Jul 4 17:19:24 CEST 2008 - ma@suse.de + +- Also check if the fingerprint matches before importing updated keys. + (bnc #393160) +- version 2.17.2 +- revision 10499 + +------------------------------------------------------------------- Fri Jun 27 16:16:50 CEST 2008 - ma@suse.de - Invoke gpg with --homdir, otherwise command fails if executed Modified: branches/SuSE-Linux-10_2-Branch/libzypp/zypp/KeyRing.cc URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_2-Branch/libzypp/zypp/KeyRing.cc?rev=10499&r1=10498&r2=10499&view=diff ============================================================================== --- branches/SuSE-Linux-10_2-Branch/libzypp/zypp/KeyRing.cc (original) +++ branches/SuSE-Linux-10_2-Branch/libzypp/zypp/KeyRing.cc Fri Jul 4 18:00:20 2008 @@ -311,7 +311,10 @@ if ( publicKeyExists( id, generalKeyRing() ) ) { PublicKey untkey = exportKey( id, generalKeyRing() ); - if ( untkey.created() > key.created() ) + // bnc #393160: Comment #30: Compare at least the fingerprint + // in case an attacker created a key the the same id. + if ( untkey.fingerprint() == key.fingerprint() + && untkey.created() > key.created() ) { MIL << "Key " << key << " was updated. Saving new version into trusted keyring." << endl; importKey( untkey, true ); -- To unsubscribe, e-mail: zypp-commit+unsubscribe@opensuse.org For additional commands, e-mail: zypp-commit+help@opensuse.org