Author: mlandres Date: Fri Jul 4 17:51:40 2008 New Revision: 10498 URL: http://svn.opensuse.org/viewcvs/zypp?rev=10498&view=rev Log: Also check if the fingerprint matches before importing updated keys. (bnc #393160) Modified: branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc Modified: branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake?rev=10498&r1=10497&r2=10498&view=diff ============================================================================== --- branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake (original) +++ branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake Fri Jul 4 17:51:40 2008 @@ -47,4 +47,4 @@ SET(LIBZYPP_MAJOR "3") SET(LIBZYPP_MINOR "27") SET(LIBZYPP_COMPATMINOR "24") -SET(LIBZYPP_PATCH "1") +SET(LIBZYPP_PATCH "2") Modified: branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes?rev=10498&r1=10497&r2=10498&view=diff ============================================================================== --- branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes (original) +++ branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes Fri Jul 4 17:51:40 2008 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Fri Jul 4 17:19:24 CEST 2008 - ma@suse.de + +- Also check if the fingerprint matches before importing updated keys. + (bnc #393160) +- version 3.27.2 +- revision 10498 + +------------------------------------------------------------------- Fri Jun 27 16:16:50 CEST 2008 - ma@suse.de - Invoke gpg with --homdir, otherwise command fails if executed Modified: branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc URL: http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc?rev=10498&r1=10497&r2=10498&view=diff ============================================================================== --- branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc (original) +++ branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc Fri Jul 4 17:51:40 2008 @@ -321,7 +321,10 @@ if ( publicKeyExists( id, generalKeyRing() ) ) { PublicKey untkey = exportKey( id, generalKeyRing() ); - if ( untkey.created() > key.created() ) + // bnc #393160: Comment #30: Compare at least the fingerprint + // in case an attacker created a key the the same id. + if ( untkey.fingerprint() == key.fingerprint() + && untkey.created() > key.created() ) { MIL << "Key " << key << " was updated. Saving new version into trusted keyring." << endl; importKey( untkey, true ); -- To unsubscribe, e-mail: zypp-commit+unsubscribe@opensuse.org For additional commands, e-mail: zypp-commit+help@opensuse.org