debian-bugs-closed  

Bug#472642: marked as done (WONTFIX: gnupg: GPG sets key expiry date in the past (Y2106 issue))

Debian Bug Tracking System
Sat, 05 Sep 2009 09:02:10 -0700

Your message dated Sat, 05 Sep 2009 15:48:29 +0000
with message-id <e1mjxv7-0007oy...@ries.debian.org>
and subject line Bug#472642: fixed in gnupg 1.4.10-1
has caused the Debian Bug report #472642,
regarding WONTFIX: gnupg: GPG sets key expiry date in the past (Y2106 issue)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
472642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472642
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gnupg
Version: 1.4.6-2
Severity: minor


When setting the expiry time to values bigger than 97 years (years
>2106), gpg creates a key with expiry date set in the past. I think it
would be ok to not allow creation of such keys rather than creating keys
expired in the momnet the're created. Or has this some sense to it, say
for testing purposes ??


Plese see the transcript of my example session:

 gpg --gen-key
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Wed 25 Mar 2009 02:30:37 PM CET
Is this correct? (y/N) n
Key is valid for? (0) 97y
Key expires at ????-??-??
Your system can't display dates beyond 2038.
However, it will be correctly handled up to 2106.
Is this correct? (y/N) n
Key is valid for? (0) 98y
Key expires at Sat 24 Jan 1970 08:02:34 AM CET
Is this correct? (y/N) n
Key is valid for? (0)
gpg: Interrupt caught ... exiting


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnupg depends on:
ii  gpgv                    1.4.6-2          GNU privacy guard -
signature veri
ii  libbz2-1.0              1.0.3-7          high-quality block-sorting
file co
ii  libc6                   2.7-4            GNU C Library: Shared libraries
ii  libldap2                2.1.30.dfsg-13.5 OpenLDAP libraries
ii  libreadline5            5.2-3            GNU readline and history
libraries
ii  libusb-0.1-4            2:0.1.12-7       userspace USB programming
library
ii  makedev                 2.3.1-84         creates device files in /dev
ii  zlib1g                  1:1.2.3.3.dfsg-6 compression library - runtime

gnupg recommends no packages.

-- debconf-show failed

-- 
Simon Kainz, BSc
Graz, University of Technology
Department Computing
Phone: 043 (0) 316 / 873 6885

--- End Message ---
--- Begin Message --- 
Source: gnupg
Source-Version: 1.4.10-1

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive:

gnupg-udeb_1.4.10-1_i386.udeb
  to pool/main/g/gnupg/gnupg-udeb_1.4.10-1_i386.udeb
gnupg_1.4.10-1.diff.gz
  to pool/main/g/gnupg/gnupg_1.4.10-1.diff.gz
gnupg_1.4.10-1.dsc
  to pool/main/g/gnupg/gnupg_1.4.10-1.dsc
gnupg_1.4.10-1_i386.deb
  to pool/main/g/gnupg/gnupg_1.4.10-1_i386.deb
gnupg_1.4.10.orig.tar.gz
  to pool/main/g/gnupg/gnupg_1.4.10.orig.tar.gz
gpgv-udeb_1.4.10-1_i386.udeb
  to pool/main/g/gnupg/gpgv-udeb_1.4.10-1_i386.udeb
gpgv_1.4.10-1_i386.deb
  to pool/main/g/gnupg/gpgv_1.4.10-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 472...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 05 Sep 2009 15:43:18 +0200
Source: gnupg
Binary: gnupg gpgv gnupg-udeb gpgv-udeb
Architecture: source i386
Version: 1.4.10-1
Distribution: unstable
Urgency: low
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
Closes: 44910 89094 282061 359758 427857 472642 485458 540340 543216 543530
Changes: 
 gnupg (1.4.10-1) unstable; urgency=low
 .
   [ Daniel Leidert (dale) ]
   * New upstream release GnuPG 1.4.10.
     - Better cope with unicode characters in any output (closes: #540340).
     - Output a warning when trying to revoke a signature from a key,
       that is not signed by any of your keys (closes: #543530).
 .
   For more information please read /usr/share/doc/gnupg/changelog.gz.
 .
   * debian/control (Standards-Version): Bumped to 3.8.3.
   * debian/gnupg.bug-presubj: Added note about debian/README.BUGS.Debian.
   * debian/gnupg.docs: Added debian/README.BUGS.Debian.
   * debian/gnupg.udev: Added udev rules to support several SCM smartcard
     readers. Thanks to Michael Bienia (closes: #543216).
   * debian/rules (binary-arch): Install udev rules and bug control files.
   * debian/README.BUGS.Debian: Added. Collect information about limitations
     which have been reported to the BTS and might be in the future too. This
     will replace the open bug reports, so the bug count decreases and
     readability increases (closes: #44910, #89094, #282061, #359758, #427857,
     #472642, #485458).
   * debian/patches/24_gpgv_manpage_cleanup.dpatch: Dropped (applied upstream).
   * debian/patches/25_fr.po_fixes.dpatch: Ditto.
   * debian/patches/25_it.po_fixes.dpatch: Ditto.
 .
   [ Thijs Kinkhorst ]
   * Add misc:depends substvar to facilitate install-info transition.
Checksums-Sha1: 
 25794e5545d8e6ad3014b0b1bf4481baeddc8059 1692 gnupg_1.4.10-1.dsc
 0db579b2dc202213424f55243906b71228dd18d1 4747259 gnupg_1.4.10.orig.tar.gz
 ef48abf6f96bb2b054b92501a39ac571950b0761 22513 gnupg_1.4.10-1.diff.gz
 11d78053f6b7e6b43baa8039089b6fba2e951bd6 2007556 gnupg_1.4.10-1_i386.deb
 ca54aac670c42706ce4ff66cd2d4c72aa8ed1701 201048 gpgv_1.4.10-1_i386.deb
 b43a4d85795c200891e1043dcc42bcede883fccb 381222 gnupg-udeb_1.4.10-1_i386.udeb
 56fb93b3622868f1b54719e709b1a5e1b0248881 134058 gpgv-udeb_1.4.10-1_i386.udeb
Checksums-Sha256: 
 3a039a236ba4fcb1fea6db124112b875797f176ad26aea1957ba91644ca6b0c9 1692 
gnupg_1.4.10-1.dsc
 055e92b6735fb82a6c9f7d506cdd01ae7a733a1f3793d3694083e1f283f5e914 4747259 
gnupg_1.4.10.orig.tar.gz
 edcce30cf725a05c0a052683be9e60c8ffbeb56693113ef2c8c81a180b9bd596 22513 
gnupg_1.4.10-1.diff.gz
 46b3caab9e9913e071358a5b0378b4a02507b9ce2d8e1609ae917ece67d14112 2007556 
gnupg_1.4.10-1_i386.deb
 bbe8517be855db19e5bd5c20beca69127221984fe36757289d4c48d744b0a3eb 201048 
gpgv_1.4.10-1_i386.deb
 ad6e566ac991beb33f30e100c82e42a70ef31d8835c6d9218668d2bcc75189e6 381222 
gnupg-udeb_1.4.10-1_i386.udeb
 298489998db9ec56f0fb0fe7e18bdc2a281f3b5b2238f8d8e811d511d2628ac2 134058 
gpgv-udeb_1.4.10-1_i386.udeb
Files: 
 e454e3aa660b0a2af3c61233fa595870 1692 utils important gnupg_1.4.10-1.dsc
 991faf66d3352ac1452acc393c430b23 4747259 utils important 
gnupg_1.4.10.orig.tar.gz
 5389830f70562df21e16a3f55e0c3aab 22513 utils important gnupg_1.4.10-1.diff.gz
 5d79932a6f19d0c52f947c81fe30470e 2007556 utils important 
gnupg_1.4.10-1_i386.deb
 bfcc9b207ca40cd54f24c773a8bc3070 201048 utils important gpgv_1.4.10-1_i386.deb
 818eb2a92fcf14e24b7e20f1e40480dd 381222 debian-installer extra 
gnupg-udeb_1.4.10-1_i386.udeb
 e22406c792e3bb5b98d720b04693579b 134058 debian-installer extra 
gpgv-udeb_1.4.10-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJKonApAAoJECIIoQCMVaAc/JIH/RqFO2WNwv3xEILKa2dK7ErK
y7lu06fUmJb5/zOEAxeqvGOSHmDpDqcqsAPoxrtLjfDCNzdZwHSEy/FrYj916uMf
QfuDuWxsejIUxL6XEGGedJTreJV60aFCqxtgd6Y2Gvfd9xsVwUcwSpqTkxtiVqZc
pLmyKWpFjqv8+LxV5y1f4t5S1rll26isLxR1GKDY7lFqwzKJjby0Ecn1OcVvSAV5
STsl2ihYRwAZlBCgN6Cv1+lY52LqAb4kK7Du+p6MsTqk1tZ5X+CRcbHBV4TiMHls
U/UfHNV2R3gyllf8KVwEFTmgFrwDgQ1fj2nEI/RlWEZYNcIFelTTL7TLqS/XR3w=
=UR2k
-----END PGP SIGNATURE-----

--- End Message ---
  • Bug#472642: marked as done (WONTFIX: gnupg: GPG sets key expiry date in the past (Y2106 issue)) Debian Bug Tracking System