Merging upstream version 2.9.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-13 10:18:28 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-13 10:18:42 +0000
commit: d4be59fc2d2984b6119096cd5b32862a40e10e0d (patch)
tree: 59df10f17acde55867f1a3ee7b3d00edefc92232 /methods
parent: Releasing progress-linux version 2.7.14-0.0~progress7.99u1. (diff)
download: apt-d4be59fc2d2984b6119096cd5b32862a40e10e0d.tar.xz
apt-d4be59fc2d2984b6119096cd5b32862a40e10e0d.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index e465c35..20ef286 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -253,7 +253,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
 	 auto const asserted = atoi(tokens[1].c_str());
 	 auto const pkstr = tokens[2];
 	 if (not asserted)
-	    Signers.SoonWorthless.push_back({fpr, pkstr});
+	 {
+	    std::string reason;
+	    strprintf(reason, _("untrusted public key algorithm: %s"), pkstr.c_str());
+	    Signers.Worthless.push_back({fpr, reason});
+	    Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig)
+					      { return IsTheSameKey(fpr, goodsig); }),
+			       Signers.Good.end());
+	 }
       }
       else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
 	 PushEntryWithKeyID(Signers.Good, buffer, Debug);
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-13 10:18:28 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-13 10:18:42 +0000
commit	d4be59fc2d2984b6119096cd5b32862a40e10e0d (patch)
tree	59df10f17acde55867f1a3ee7b3d00edefc92232 /methods
parent	Releasing progress-linux version 2.7.14-0.0~progress7.99u1. (diff)
download	apt-d4be59fc2d2984b6119096cd5b32862a40e10e0d.tar.xz apt-d4be59fc2d2984b6119096cd5b32862a40e10e0d.zip