Mailinglist Archive: zypp-commit (223 mails)

< Previous Next >
[zypp-commit] r10496 - in /branches/SuSE-SLE-10-SP2-Branch/libzypp: VERSION package/libzypp.changes zypp/KeyRing.cc
  • From: mlandres@xxxxxxxxxxxxxxxx
  • Date: Fri, 04 Jul 2008 15:24:58 -0000
  • Message-id: <20080704152458.873BE9E032@xxxxxxxxxxxxxxxx>
Author: mlandres
Date: Fri Jul 4 17:24:58 2008
New Revision: 10496

URL: http://svn.opensuse.org/viewcvs/zypp?rev=10496&view=rev
Log:
Also check if the fingerprint matches before importing updated keys. (bnc
#393160)

Modified:
branches/SuSE-SLE-10-SP2-Branch/libzypp/VERSION
branches/SuSE-SLE-10-SP2-Branch/libzypp/package/libzypp.changes
branches/SuSE-SLE-10-SP2-Branch/libzypp/zypp/KeyRing.cc

Modified: branches/SuSE-SLE-10-SP2-Branch/libzypp/VERSION
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-SLE-10-SP2-Branch/libzypp/VERSION?rev=10496&r1=10495&r2=10496&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/libzypp/VERSION (original)
+++ branches/SuSE-SLE-10-SP2-Branch/libzypp/VERSION Fri Jul 4 17:24:58 2008
@@ -49,5 +49,5 @@
m4_define([LIBZYPP_MINOR], [32])
m4_define([LIBZYPP_COMPATMINOR], [15])
dnl ==================================================
-m4_define([LIBZYPP_PATCH], [1])
+m4_define([LIBZYPP_PATCH], [2])
dnl ==================================================

Modified: branches/SuSE-SLE-10-SP2-Branch/libzypp/package/libzypp.changes
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-SLE-10-SP2-Branch/libzypp/package/libzypp.changes?rev=10496&r1=10495&r2=10496&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/libzypp/package/libzypp.changes (original)
+++ branches/SuSE-SLE-10-SP2-Branch/libzypp/package/libzypp.changes Fri Jul 4
17:24:58 2008
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Fri Jul 4 17:19:24 CEST 2008 - ma@xxxxxxx
+
+- Also check if the fingerprint matches before importing updated keys.
+ (bnc #393160)
+- version 2.32.2
+- revision 10496
+
+-------------------------------------------------------------------
Fri Jun 27 16:16:50 CEST 2008 - ma@xxxxxxx

- Invoke gpg with --homdir, otherwise command fails if executed

Modified: branches/SuSE-SLE-10-SP2-Branch/libzypp/zypp/KeyRing.cc
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-SLE-10-SP2-Branch/libzypp/zypp/KeyRing.cc?rev=10496&r1=10495&r2=10496&view=diff
==============================================================================
--- branches/SuSE-SLE-10-SP2-Branch/libzypp/zypp/KeyRing.cc (original)
+++ branches/SuSE-SLE-10-SP2-Branch/libzypp/zypp/KeyRing.cc Fri Jul 4 17:24:58
2008
@@ -311,7 +311,10 @@
if ( publicKeyExists( id, generalKeyRing() ) )
{
PublicKey untkey = exportKey( id, generalKeyRing() );
- if ( untkey.created() > key.created() )
+ // bnc #393160: Comment #30: Compare at least the fingerprint
+ // in case an attacker created a key the the same id.
+ if ( untkey.fingerprint() == key.fingerprint()
+ && untkey.created() > key.created() )
{
MIL << "Key " << key << " was updated. Saving new version into
trusted keyring." << endl;
importKey( untkey, true );

--
To unsubscribe, e-mail: zypp-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages