Commit Graph

1 Commits (ab2b339dd6d27c4b06001e88480eabe9a94a8e92)

Author SHA1 Message Date
Rick Elrod 9bea33ffa3
[dnf] ensure packages are gpg-verified (#71537)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago