From: Julian Andres Klode <jak@debian.org>
Date: Tue, 15 Mar 2016 09:56:05 +0000 (+0100)
Subject: methods/gpgv: Correctly handle weak signatures with multiple keys
X-Git-Tag: 1.2.7~4
X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/08fd77e83528fd03795524adf76e359ae2b56e06

methods/gpgv: Correctly handle weak signatures with multiple keys

We added weak signatures to BadSigners, meaning that a Release file
signed by both a weak signature and a strong signature would be
rejected; preventing people from migrating from DSA to RSA keys
in a sane way.

Instead of using BadSigners, treat weak signatures like expired
keys: They are no good signatures, and they are worthless.

Gbp-Dch: ignore
---

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 06e1612e6..de9dfea1e 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -159,7 +159,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
             std::clog << "Got VALIDSIG, key ID: " << sig << std::endl;
          // Reject weak digest algorithms
          if (std::find(WeakDigests.begin(), WeakDigests.end(), tokens[7]) != WeakDigests.end())
-            BadSigners.push_back(string(sig));
+         {
+            // Treat them like an expired key: For that a message about expiry
+            // is emitted, a VALIDSIG, but no GOODSIG.
+            WorthlessSigners.push_back("WEAKDIGEST " + string(sig));
+            GoodSigners.erase(std::remove(GoodSigners.begin(), GoodSigners.end(), string(sig)));
+         }
 
          ValidSigners.push_back(string(sig));
       }