ref: refs/heads/SuSE-SLE-10-SP3-Branch
commit a4447c62bfcfaa1d75bcdcb194f5e3267a5c7ff1
Author: Michael Andres
Date: Fri Jul 4 15:24:58 2008 +0000
Also check if the fingerprint matches before importing updated keys. (bnc #393160)
---
VERSION | 2 +-
package/libzypp.changes | 8 ++++++++
zypp/KeyRing.cc | 5 ++++-
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/VERSION b/VERSION
index 7858323..54324c3 100644
--- a/VERSION
+++ b/VERSION
@@ -49,5 +49,5 @@ dnl ==================================================
m4_define([LIBZYPP_MINOR], [32])
m4_define([LIBZYPP_COMPATMINOR], [15])
dnl ==================================================
-m4_define([LIBZYPP_PATCH], [1])
+m4_define([LIBZYPP_PATCH], [2])
dnl ==================================================
diff --git a/package/libzypp.changes b/package/libzypp.changes
index c679fa9..c338225 100644
--- a/package/libzypp.changes
+++ b/package/libzypp.changes
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Fri Jul 4 17:19:24 CEST 2008 - ma@suse.de
+
+- Also check if the fingerprint matches before importing updated keys.
+ (bnc #393160)
+- version 2.32.2
+- revision 10496
+
+-------------------------------------------------------------------
Fri Jun 27 16:16:50 CEST 2008 - ma@suse.de
- Invoke gpg with --homdir, otherwise command fails if executed
diff --git a/zypp/KeyRing.cc b/zypp/KeyRing.cc
index c42bb93..2a94d4e 100644
--- a/zypp/KeyRing.cc
+++ b/zypp/KeyRing.cc
@@ -311,7 +311,10 @@ namespace zypp
if ( publicKeyExists( id, generalKeyRing() ) )
{
PublicKey untkey = exportKey( id, generalKeyRing() );
- if ( untkey.created() > key.created() )
+ // bnc #393160: Comment #30: Compare at least the fingerprint
+ // in case an attacker created a key the the same id.
+ if ( untkey.fingerprint() == key.fingerprint()
+ && untkey.created() > key.created() )
{
MIL << "Key " << key << " was updated. Saving new version into trusted keyring." << endl;
importKey( untkey, true );
--
To unsubscribe, e-mail: zypp-commit+unsubscribe@opensuse.org
For additional commands, e-mail: zypp-commit+help@opensuse.org