From 33d7a8d672c8c720947e81158de4a5a07be05b72 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Fri, 25 Nov 2016 13:12:28 +0100
Subject: gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak

Change the trust level check to allow downgrading an Untrusted
option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints
a warning instead of an error; and change the default values
for SHA1 and RIPE-MD/160 from Weak to Untrusted.
---
 methods/gpgv.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'methods')

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index a8887d703..95a86f890 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -55,9 +55,9 @@ struct Digest {
       std::string optionWeak;
       strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name);
       strprintf(optionWeak, "APT::Hashes::%s::Weak", name);
-      if (_config->FindB(optionUntrusted, state == State::Untrusted) == true)
+      if (_config->FindB(optionUntrusted, false) == true)
 	 return State::Untrusted;
-      if (_config->FindB(optionWeak, state == State::Weak) == true)
+      if (_config->FindB(optionWeak, false) == true)
 	 return State::Weak;
 
       return state;
@@ -67,8 +67,8 @@ struct Digest {
 static constexpr Digest Digests[] = {
    {Digest::State::Untrusted, "Invalid digest"},
    {Digest::State::Untrusted, "MD5"},
-   {Digest::State::Weak, "SHA1"},
-   {Digest::State::Weak, "RIPE-MD/160"},
+   {Digest::State::Untrusted, "SHA1"},
+   {Digest::State::Untrusted, "RIPE-MD/160"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
    {Digest::State::Trusted, "Reserved digest"},
-- 
cgit v1.2.3