Control: tags 998471 + patch
Control: tags 998471 + pending
Dear maintainer,
Turns out the bug is actually that autoconf has a hardcoded list of
Python versions and 3.10 isn't in the list. When it is in the list,
there is also a bug somewhere that treats it as python 3.1.
But... Let's just avoid the hardcoded list entirely, I've prepared an
NMU to do that.
I've prepared an NMU for gpgme1.0 (versioned as 1.16.0-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Also filed as https://salsa.debian.org/debian/gpgme/-/merge_requests/3
Regards,
SR
diff -Nru gpgme1.0-1.16.0/debian/changelog gpgme1.0-1.16.0/debian/changelog
--- gpgme1.0-1.16.0/debian/changelog 2021-09-15 01:31:55.000000000 -0400
+++ gpgme1.0-1.16.0/debian/changelog 2021-11-23 21:15:08.000000000 -0400
@@ -1,3 +1,10 @@
+gpgme1.0 (1.16.0-1.2) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch: Avoid a hardcoded list of known Python versions. (Closes: #998471)
+
+ -- Stefano Rivera <stefa...@debian.org> Tue, 23 Nov 2021 21:15:08 -0400
+
gpgme1.0 (1.16.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru gpgme1.0-1.16.0/debian/patches/0004-core-Fix-use-after-free-issue-in-test.patch gpgme1.0-1.16.0/debian/patches/0004-core-Fix-use-after-free-issue-in-test.patch
--- gpgme1.0-1.16.0/debian/patches/0004-core-Fix-use-after-free-issue-in-test.patch 1969-12-31 20:00:00.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/0004-core-Fix-use-after-free-issue-in-test.patch 2021-11-23 21:15:08.000000000 -0400
@@ -0,0 +1,122 @@
+From: =?utf-8?q?Ingo_Kl=C3=B6cker?= <d...@ingo-kloecker.de>
+Date: Sat, 26 Jun 2021 18:02:47 +0200
+Subject: core: Fix use-after-free issue in test
+
+* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
+(main): Factored out signing and verifying the result.
+--
+
+Factoring the two steps of the test into different functions fixes the
+use-after-free issue that was caused by accidentaly using a variable
+of the first step in the second step.
+
+GnuPG-bug-id: 5509
+---
+ tests/gpg/t-edit-sign.c | 54 +++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 37 insertions(+), 17 deletions(-)
+
+diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c
+index 2f98362..e0494c5 100644
+--- a/tests/gpg/t-edit-sign.c
++++ b/tests/gpg/t-edit-sign.c
+@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd)
+ }
+
+
+-int
+-main (int argc, char **argv)
++void
++sign_key (const char *key_fpr, const char *signer_fpr)
+ {
+ gpgme_ctx_t ctx;
+ gpgme_error_t err;
+ gpgme_data_t out = NULL;
+- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+ gpgme_key_t signing_key = NULL;
+- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+ gpgme_key_t key = NULL;
+- gpgme_key_t signed_key = NULL;
+- gpgme_user_id_t signed_uid = NULL;
+- gpgme_key_sig_t key_sig = NULL;
+ char *agent_info;
+- int mode;
+-
+- (void)argc;
+- (void)argv;
+-
+- init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+ err = gpgme_new (&ctx);
+ fail_if_err (err);
+
+- /* Sign the key */
+ agent_info = getenv("GPG_AGENT_INFO");
+ if (!(agent_info && strchr (agent_info, ':')))
+ gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
+@@ -159,8 +147,23 @@ main (int argc, char **argv)
+ gpgme_data_release (out);
+ gpgme_key_unref (key);
+ gpgme_key_unref (signing_key);
++ gpgme_release (ctx);
++}
++
++
++void
++verify_key_signature (const char *key_fpr, const char *signer_keyid)
++{
++ gpgme_ctx_t ctx;
++ gpgme_error_t err;
++ gpgme_key_t signed_key = NULL;
++ gpgme_user_id_t signed_uid = NULL;
++ gpgme_key_sig_t key_sig = NULL;
++ int mode;
++
++ err = gpgme_new (&ctx);
++ fail_if_err (err);
+
+- /* Verify the key signature */
+ mode = gpgme_get_keylist_mode (ctx);
+ mode |= GPGME_KEYLIST_MODE_SIGS;
+ err = gpgme_set_keylist_mode (ctx, mode);
+@@ -168,7 +171,7 @@ main (int argc, char **argv)
+ err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
+ fail_if_err (err);
+
+- signed_uid = key->uids;
++ signed_uid = signed_key->uids;
+ if (!signed_uid)
+ {
+ fprintf (stderr, "Signed key has no user IDs\n");
+@@ -180,7 +183,7 @@ main (int argc, char **argv)
+ exit (1);
+ }
+ key_sig = signed_uid->signatures->next;
+- if (strcmp ("2D727CC768697734", key_sig->keyid))
++ if (strcmp (signer_keyid, key_sig->keyid))
+ {
+ fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
+ key_sig->keyid);
+@@ -196,6 +199,23 @@ main (int argc, char **argv)
+
+ gpgme_key_unref (signed_key);
+ gpgme_release (ctx);
++}
++
++
++int
++main (int argc, char **argv)
++{
++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
++
++ (void)argc;
++ (void)argv;
++
++ init_gpgme (GPGME_PROTOCOL_OpenPGP);
++
++ sign_key (key_fpr, signer_fpr);
++ verify_key_signature (key_fpr, signer_keyid);
+
+ return 0;
+ }
diff -Nru gpgme1.0-1.16.0/debian/patches/0005-Make-sure-expiration-time-is-interpreted-as-unsigned.patch gpgme1.0-1.16.0/debian/patches/0005-Make-sure-expiration-time-is-interpreted-as-unsigned.patch
--- gpgme1.0-1.16.0/debian/patches/0005-Make-sure-expiration-time-is-interpreted-as-unsigned.patch 1969-12-31 20:00:00.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/0005-Make-sure-expiration-time-is-interpreted-as-unsigned.patch 2021-11-23 21:15:08.000000000 -0400
@@ -0,0 +1,29 @@
+From: =?utf-8?q?Ingo_Kl=C3=B6cker?= <d...@ingo-kloecker.de>
+Date: Thu, 8 Jul 2021 11:54:06 +0200
+Subject: Make sure expiration time is interpreted as unsigned number
+
+* lang/qt/tests/t-various.cpp (testSignKeyWithExpiration): Convert
+expiration time to uint_least32_t.
+--
+
+This fixes the test on 32-bit systems where time_t (the return type of
+expirationTime()) is a signed 32-bit integer type.
+
+GnuPG-bug-id: 5522
+---
+ lang/qt/tests/t-various.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp
+index 8563b68..72a2487 100644
+--- a/lang/qt/tests/t-various.cpp
++++ b/lang/qt/tests/t-various.cpp
+@@ -355,7 +355,7 @@ private Q_SLOTS:
+ target.update();
+ const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(!keySignature.neverExpires());
+- const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
++ const auto expirationDate = QDateTime::fromSecsSinceEpoch(uint_least32_t(keySignature.expirationTime())).date();
+ QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
+ }
+
diff -Nru gpgme1.0-1.16.0/debian/patches/0006-Avoid-the-hardcoded-list-of-Python-versions.patch gpgme1.0-1.16.0/debian/patches/0006-Avoid-the-hardcoded-list-of-Python-versions.patch
--- gpgme1.0-1.16.0/debian/patches/0006-Avoid-the-hardcoded-list-of-Python-versions.patch 1969-12-31 20:00:00.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/0006-Avoid-the-hardcoded-list-of-Python-versions.patch 2021-11-23 21:15:08.000000000 -0400
@@ -0,0 +1,26 @@
+From: Stefano Rivera <stefa...@debian.org>
+Date: Tue, 23 Nov 2021 19:14:16 -0400
+Subject: Avoid the hardcoded list of Python versions
+
+Instead stick to Debian's list of supported Pythons.
+
+Bug-Debian: https://bugs.debian.org/998471
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 442bafb..deae501 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -457,6 +457,10 @@ if test "$found_py" = "1"; then
+ PYTHONS="$(echo $PYTHONS | tr '[[:space:]]' '\n' | sort | uniq | tr '\n' ' ' | sed -e 's/ $//')"
+ PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS | tr '[[:space:]]' '\n' | sort | uniq | tr '\n' ' ' | sed -e 's/ $//')"
+
++ # Debian: Avoid relying on the hard-coded list of python versions being up to date:
++ PYTHONS="$(py3versions -s | tr ' ' '\n' | sed s,^,/usr/bin/, | tr '\n' ' ')"
++ PYTHON_VERSIONS="$(py3versions -sv)"
++
+ if test "$PYTHON_VERSIONS"; then
+ enabled_languages_v=$(echo $enabled_languages | sed -Ee "s/python[[23]]?/python ($PYTHON_VERSIONS)/")
+ enabled_languages=$(echo $enabled_languages | sed -Ee "s/python[[23]]?/python/")
diff -Nru gpgme1.0-1.16.0/debian/patches/series gpgme1.0-1.16.0/debian/patches/series
--- gpgme1.0-1.16.0/debian/patches/series 2021-09-15 00:51:54.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/series 2021-11-23 21:15:08.000000000 -0400
@@ -1,5 +1,6 @@
0001-avoid-identifying-as-beta.patch
0004-drop-python2-support.patch
0006-Ship-python-examples-with-python3-in-shebang-line.patch
-upstream-e0494c54-fix-use-after-free-in-test.patch
-upstream-72a2487a-expiration-date-as-unsigned.patch
+0004-core-Fix-use-after-free-issue-in-test.patch
+0005-Make-sure-expiration-time-is-interpreted-as-unsigned.patch
+0006-Avoid-the-hardcoded-list-of-Python-versions.patch
diff -Nru gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch
--- gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch 2021-09-15 01:31:22.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch 1969-12-31 20:00:00.000000000 -0400
@@ -1,25 +0,0 @@
-Make sure expiration time is interpreted as unsigned number
-
-* lang/qt/tests/t-various.cpp (testSignKeyWithExpiration): Convert
-expiration time to uint_least32_t.
-This fixes the test on 32-bit systems where time_t (the return type of
-expirationTime()) is a signed 32-bit integer type.
-
-GnuPG-bug-id: T5522
----
- lang/qt/tests/t-various.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: gpgme1.0-1.16.0/lang/qt/tests/t-various.cpp
-===================================================================
---- gpgme1.0-1.16.0.orig/lang/qt/tests/t-various.cpp
-+++ gpgme1.0-1.16.0/lang/qt/tests/t-various.cpp
-@@ -355,7 +355,7 @@ private Q_SLOTS:
- target.update();
- const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
- QVERIFY(!keySignature.neverExpires());
-- const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
-+ const auto expirationDate = QDateTime::fromSecsSinceEpoch(uint_least32_t(keySignature.expirationTime())).date();
- QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
- }
-
diff -Nru gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch
--- gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch 2021-09-15 01:31:46.000000000 -0400
+++ gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch 1969-12-31 20:00:00.000000000 -0400
@@ -1,118 +0,0 @@
-core: Fix use-after-free issue in test
-
-* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
-(main): Factored out signing and verifying the result.
-Factoring the two steps of the test into different functions fixes the
-use-after-free issue that was caused by accidentaly using a variable
-of the first step in the second step.
-
-GnuPG-bug-id: T5509
----
- tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++++++----------------
- 1 file changed, 37 insertions(+), 17 deletions(-)
-
-Index: gpgme1.0-1.16.0/tests/gpg/t-edit-sign.c
-===================================================================
---- gpgme1.0-1.16.0.orig/tests/gpg/t-edit-sign.c
-+++ gpgme1.0-1.16.0/tests/gpg/t-edit-sign.c
-@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *
- }
-
-
--int
--main (int argc, char **argv)
-+void
-+sign_key (const char *key_fpr, const char *signer_fpr)
- {
- gpgme_ctx_t ctx;
- gpgme_error_t err;
- gpgme_data_t out = NULL;
-- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
- gpgme_key_t signing_key = NULL;
-- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
- gpgme_key_t key = NULL;
-- gpgme_key_t signed_key = NULL;
-- gpgme_user_id_t signed_uid = NULL;
-- gpgme_key_sig_t key_sig = NULL;
- char *agent_info;
-- int mode;
--
-- (void)argc;
-- (void)argv;
--
-- init_gpgme (GPGME_PROTOCOL_OpenPGP);
-
- err = gpgme_new (&ctx);
- fail_if_err (err);
-
-- /* Sign the key */
- agent_info = getenv("GPG_AGENT_INFO");
- if (!(agent_info && strchr (agent_info, ':')))
- gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
-@@ -159,8 +147,23 @@ main (int argc, char **argv)
- gpgme_data_release (out);
- gpgme_key_unref (key);
- gpgme_key_unref (signing_key);
-+ gpgme_release (ctx);
-+}
-+
-+
-+void
-+verify_key_signature (const char *key_fpr, const char *signer_keyid)
-+{
-+ gpgme_ctx_t ctx;
-+ gpgme_error_t err;
-+ gpgme_key_t signed_key = NULL;
-+ gpgme_user_id_t signed_uid = NULL;
-+ gpgme_key_sig_t key_sig = NULL;
-+ int mode;
-+
-+ err = gpgme_new (&ctx);
-+ fail_if_err (err);
-
-- /* Verify the key signature */
- mode = gpgme_get_keylist_mode (ctx);
- mode |= GPGME_KEYLIST_MODE_SIGS;
- err = gpgme_set_keylist_mode (ctx, mode);
-@@ -168,7 +171,7 @@ main (int argc, char **argv)
- err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
- fail_if_err (err);
-
-- signed_uid = key->uids;
-+ signed_uid = signed_key->uids;
- if (!signed_uid)
- {
- fprintf (stderr, "Signed key has no user IDs\n");
-@@ -180,7 +183,7 @@ main (int argc, char **argv)
- exit (1);
- }
- key_sig = signed_uid->signatures->next;
-- if (strcmp ("2D727CC768697734", key_sig->keyid))
-+ if (strcmp (signer_keyid, key_sig->keyid))
- {
- fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
- key_sig->keyid);
-@@ -196,6 +199,23 @@ main (int argc, char **argv)
-
- gpgme_key_unref (signed_key);
- gpgme_release (ctx);
-+}
-+
-+
-+int
-+main (int argc, char **argv)
-+{
-+ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
-+ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
-+ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
-+
-+ (void)argc;
-+ (void)argv;
-+
-+ init_gpgme (GPGME_PROTOCOL_OpenPGP);
-+
-+ sign_key (key_fpr, signer_fpr);
-+ verify_key_signature (key_fpr, signer_keyid);
-
- return 0;
- }
