Mailinglist Archive: zypp-commit (223 mails)

< Previous Next >
[zypp-commit] r10498 - in /branches/SuSE-Linux-10_3-Branch/libzypp: VERSION.cmake package/libzypp.changes zypp/KeyRing.cc
  • From: mlandres@xxxxxxxxxxxxxxxx
  • Date: Fri, 04 Jul 2008 15:51:41 -0000
  • Message-id: <20080704155141.3BA5C9E03E@xxxxxxxxxxxxxxxx>
Author: mlandres
Date: Fri Jul 4 17:51:40 2008
New Revision: 10498

URL: http://svn.opensuse.org/viewcvs/zypp?rev=10498&view=rev
Log:
Also check if the fingerprint matches before importing updated keys. (bnc
#393160)

Modified:
branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake
branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes
branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc

Modified: branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake?rev=10498&r1=10497&r2=10498&view=diff
==============================================================================
--- branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake (original)
+++ branches/SuSE-Linux-10_3-Branch/libzypp/VERSION.cmake Fri Jul 4 17:51:40
2008
@@ -47,4 +47,4 @@
SET(LIBZYPP_MAJOR "3")
SET(LIBZYPP_MINOR "27")
SET(LIBZYPP_COMPATMINOR "24")
-SET(LIBZYPP_PATCH "1")
+SET(LIBZYPP_PATCH "2")

Modified: branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes?rev=10498&r1=10497&r2=10498&view=diff
==============================================================================
--- branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes (original)
+++ branches/SuSE-Linux-10_3-Branch/libzypp/package/libzypp.changes Fri Jul 4
17:51:40 2008
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Fri Jul 4 17:19:24 CEST 2008 - ma@xxxxxxx
+
+- Also check if the fingerprint matches before importing updated keys.
+ (bnc #393160)
+- version 3.27.2
+- revision 10498
+
+-------------------------------------------------------------------
Fri Jun 27 16:16:50 CEST 2008 - ma@xxxxxxx

- Invoke gpg with --homdir, otherwise command fails if executed

Modified: branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc
URL:
http://svn.opensuse.org/viewcvs/zypp/branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc?rev=10498&r1=10497&r2=10498&view=diff
==============================================================================
--- branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc (original)
+++ branches/SuSE-Linux-10_3-Branch/libzypp/zypp/KeyRing.cc Fri Jul 4 17:51:40
2008
@@ -321,7 +321,10 @@
if ( publicKeyExists( id, generalKeyRing() ) )
{
PublicKey untkey = exportKey( id, generalKeyRing() );
- if ( untkey.created() > key.created() )
+ // bnc #393160: Comment #30: Compare at least the fingerprint
+ // in case an attacker created a key the the same id.
+ if ( untkey.fingerprint() == key.fingerprint()
+ && untkey.created() > key.created() )
{
MIL << "Key " << key << " was updated. Saving new version into
trusted keyring." << endl;
importKey( untkey, true );

--
To unsubscribe, e-mail: zypp-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages