diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | urpm/signature.pm | 11 |
2 files changed, 9 insertions, 4 deletions
@@ -1,4 +1,6 @@ - fix testsuite +- security: + o honor per medium "verify-rpm" option for missing signature check - unrequested package list management (for orphans) (mga#7167): o do not wrongly tell we updated the unrequested package list when we didn't (eg: when not having the proper rights such as running urpmq as !root) diff --git a/urpm/signature.pm b/urpm/signature.pm index f75b9bd6..5d723c6b 100644 --- a/urpm/signature.pm +++ b/urpm/signature.pm @@ -31,9 +31,6 @@ sub _check { if ($verif =~ /NOT OK/) { $verif =~ s/\n//g; $invalid_sources{$filepath} = N("Invalid signature (%s)", $verif); - } elsif ($verif =~ /OK \(\(none\)\)/) { - $verif =~ s/\n//g; - $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); } else { unless ($medium && urpm::media::is_valid_medium($medium) && $medium->{start} <= $id && $id <= $medium->{end}) @@ -45,7 +42,13 @@ sub _check { } } #- no medium found for this rpm ? - next if !$medium; + if (!$medium) { + if ($verif =~ /OK \(\(none\)\)/) { + $verif =~ s/\n//g; + $invalid_sources{$filepath} = N("Missing signature (%s)", $verif); + } + next; + } #- check whether verify-rpm is specifically disabled for this medium if (defined $medium->{'verify-rpm'} && !$medium->{'verify-rpm'}) { $urpm->{log}(N("NOT checking %s\n", $filepath)); |