From 33d7a8d672c8c720947e81158de4a5a07be05b72 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 25 Nov 2016 13:12:28 +0100 Subject: gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak Change the trust level check to allow downgrading an Untrusted option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints a warning instead of an error; and change the default values for SHA1 and RIPE-MD/160 from Weak to Untrusted. --- methods/gpgv.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'methods') diff --git a/methods/gpgv.cc b/methods/gpgv.cc index a8887d703..95a86f890 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -55,9 +55,9 @@ struct Digest { std::string optionWeak; strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name); strprintf(optionWeak, "APT::Hashes::%s::Weak", name); - if (_config->FindB(optionUntrusted, state == State::Untrusted) == true) + if (_config->FindB(optionUntrusted, false) == true) return State::Untrusted; - if (_config->FindB(optionWeak, state == State::Weak) == true) + if (_config->FindB(optionWeak, false) == true) return State::Weak; return state; @@ -67,8 +67,8 @@ struct Digest { static constexpr Digest Digests[] = { {Digest::State::Untrusted, "Invalid digest"}, {Digest::State::Untrusted, "MD5"}, - {Digest::State::Weak, "SHA1"}, - {Digest::State::Weak, "RIPE-MD/160"}, + {Digest::State::Untrusted, "SHA1"}, + {Digest::State::Untrusted, "RIPE-MD/160"}, {Digest::State::Trusted, "Reserved digest"}, {Digest::State::Trusted, "Reserved digest"}, {Digest::State::Trusted, "Reserved digest"}, -- cgit v1.2.3