Control: tags 913614 + patch The attached patch resolves the issue, and also introduces a test to ensure that the problem is (and remains) fixed.
--dkg
>From 2e3b6845ea6c4762e86d281bcf83bf0e84315d8c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Fri, 16 Nov 2018 00:38:40 -0500 Subject: [PATCH] Avoid crash when importing without a TTY (closes #913614) We backport a fix from upstream that should probably have been included with the fix that addressed #906545, but it was not, sigh. Include a test that ensures this particular failure doesn't get reintroduced. --- ...rfluous-sig-check-info-during-import.patch | 200 ++++++++++++++++++ debian/patches/series | 1 + debian/rules | 6 + debian/tests/control | 4 + debian/tests/linus.key | 47 ++++ debian/tests/no-tty | 17 ++ 6 files changed, 275 insertions(+) create mode 100644 debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch create mode 100644 debian/tests/linus.key create mode 100755 debian/tests/no-tty diff --git a/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch b/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch new file mode 100644 index 000000000..5440278c8 --- /dev/null +++ b/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch @@ -0,0 +1,200 @@ +From: Werner Koch <w...@gnupg.org> +Date: Thu, 15 Nov 2018 18:24:56 -0500 +Subject: gpg: Avoid superfluous sig check info during import. + +* g10/key-check.c (print_info): New. +(key_check_all_keysigs): Print sig checking results only in debug +mode. Prettify the stats info and suppress them in quiet mode. + +-- + +This also makes usable stats by prefixing them with the key and the +program name. + +GnuPG-bug-id: 3397 +Signed-off-by: Werner Koch <w...@gnupg.org> + +(cherry-picked/backported from upstream +84af859e391a757877c9a1d78e35face983e6d23 by dkg) + +Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> +--- + g10/keyedit.c | 133 +++++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 95 insertions(+), 38 deletions(-) + +diff --git a/g10/keyedit.c b/g10/keyedit.c +index 3d6c5d4c4..bdeb251f9 100644 +--- a/g10/keyedit.c ++++ b/g10/keyedit.c +@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node, + } + + ++/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with ++ * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it ++ * may be modified by this function. */ ++static void ++print_info (int mode, const char *prefix, char *text) ++{ ++ char *p; ++ ++ if (!text) ++ text = ""; ++ else if ((p = strchr (text,'\n'))) ++ *p = 0; /* Strip LF. */ ++ ++ if (mode > 0) ++ log_info ("%s %s\n", prefix, text); ++ else ++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text); ++} ++ ++ + + /* Order two signatures. The actual ordering isn't important. Our + goal is to ensure that identical signatures occur together. */ +@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + has_selfsig = 1; + } + +- if ((n2 && n2 != last_printed_component) +- || (! n2 && last_printed_component != current_component)) ++ if (DBG_PACKET ++ && ((n2 && n2 != last_printed_component) ++ || (! n2 && last_printed_component != current_component))) + { + int is_reordered = n2 && n2 != current_component; + if (n2) +@@ -779,31 +800,32 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + ; + else if (last_printed_component->pkt->pkttype == PKT_USER_ID) + { +- tty_printf ("uid "); +- tty_print_utf8_string (last_printed_component +- ->pkt->pkt.user_id->name, +- last_printed_component +- ->pkt->pkt.user_id->len); ++ log_debug ("uid "); ++ print_utf8_buffer (log_get_stream (), ++ last_printed_component ++ ->pkt->pkt.user_id->name, ++ last_printed_component ++ ->pkt->pkt.user_id->len); ++ log_flush (); + } + else if (last_printed_component->pkt->pkttype + == PKT_PUBLIC_KEY) +- tty_printf ("pub %s", +- pk_keyid_str (last_printed_component +- ->pkt->pkt.public_key)); ++ log_debug ("pub %s", ++ pk_keyid_str (last_printed_component ++ ->pkt->pkt.public_key)); + else +- tty_printf ("sub %s", +- pk_keyid_str (last_printed_component +- ->pkt->pkt.public_key)); ++ log_debug ("sub %s", ++ pk_keyid_str (last_printed_component ++ ->pkt->pkt.public_key)); + + if (modified) + { + if (is_reordered) +- tty_printf (_(" (reordered signatures follow)")); +- tty_printf ("\n"); ++ log_debug ("%s\n", _(" (reordered signatures follow)")); + } + } + +- if (modified) ++ if (DBG_PACKET && modified) + print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig, + 0, only_selfsigs); + } +@@ -910,28 +932,63 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + } + } + +- if (dups || missing_issuer || bad_signature || reordered) +- tty_printf (_("key %s:\n"), pk_keyid_str (pk)); +- +- if (dups) +- tty_printf (ngettext ("%d duplicate signature removed\n", +- "%d duplicate signatures removed\n", dups), dups); +- if (missing_issuer) +- tty_printf (ngettext ("%d signature not checked due to a missing key\n", +- "%d signatures not checked due to missing keys\n", +- missing_issuer), missing_issuer); +- if (bad_signature) +- tty_printf (ngettext ("%d bad signature\n", +- "%d bad signatures\n", +- bad_signature), bad_signature); +- if (reordered) +- tty_printf (ngettext ("%d signature reordered\n", +- "%d signatures reordered\n", +- reordered), reordered); +- +- if (only_selfsigs && (bad_signature || reordered)) +- tty_printf (_("Warning: errors found and only checked self-signatures," +- " run '%s' to check all signatures.\n"), "check"); ++ if (!opt.quiet) ++ { ++ char prefix[100]; ++ char *p; ++ int mode = 1; ++ ++ /* To avoid string changes in 2.2 we strip the LF here. */ ++ snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk)); ++ p = strrchr (prefix, '\n'); ++ if (p) ++ *p = 0; ++ ++ if (dups) ++ { ++ p = xtryasprintf ++ (ngettext ("%d duplicate signature removed\n", ++ "%d duplicate signatures removed\n", dups), dups); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (missing_issuer) ++ { ++ p = xtryasprintf ++ (ngettext ("%d signature not checked due to a missing key\n", ++ "%d signatures not checked due to missing keys\n", ++ missing_issuer), missing_issuer); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ if (bad_signature) ++ { ++ p = xtryasprintf (ngettext ("%d bad signature\n", ++ "%d bad signatures\n", ++ bad_signature), bad_signature); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (reordered) ++ { ++ p = xtryasprintf (ngettext ("%d signature reordered\n", ++ "%d signatures reordered\n", ++ reordered), reordered); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (only_selfsigs && (bad_signature || reordered)) ++ { ++ p = xtryasprintf ++ (_("Warning: errors found and only checked self-signatures," ++ " run '%s' to check all signatures.\n"), "check"); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ } + + return modified; + } diff --git a/debian/patches/series b/debian/patches/series index 5e4fcc3be..cc801518b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -91,3 +91,4 @@ update-crypto-defaults/0081-gpg-default-to-AES-256.patch 0091-gpg-Make-dry-run-work-for-secret-keys.patch 0092-gpg-Print-sec-sbb-with-import-option-import-show-or-.patch 0093-gpg-Check-and-fix-keys-on-import.patch +0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch diff --git a/debian/rules b/debian/rules index 241cead53..61ba52fea 100755 --- a/debian/rules +++ b/debian/rules @@ -65,3 +65,9 @@ override_dh_shlibdeps: # Make ldap a recommends rather than a hard dependency. dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* dh_shlibdeps -Ndirmngr + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + dh_auto_test --builddirectory=build + GPG=build/g10/gpg debian/tests/no-tty +endif diff --git a/debian/tests/control b/debian/tests/control index 917882168..6a6749925 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,3 +1,7 @@ Tests: gpgv-win32 Depends: gpgv-win32, gnupg2, gpgv2 Restrictions: needs-root, allow-stderr + +Tests: no-tty +Depends: gpg +Restrictions: allow-stderr diff --git a/debian/tests/linus.key b/debian/tests/linus.key new file mode 100644 index 000000000..fdfd85ff0 --- /dev/null +++ b/debian/tests/linus.key @@ -0,0 +1,47 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT +UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK ++BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg +jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o +5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys +4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAGIeQQTFggAIRYhBCPJPAso +64wfaAYn4W1XDDyBEWM0BQJaNu6QAwUBeAAKCRBtVww8gRFjNBmuAQDjEE9X0jgG +PnWFDdlIfKX0+X8CA/TTYamGPy6dqS7BKwEAy9odyw6nzohBBBx86HiY7yKySXjy +7LJwgun2gtMf0giIeQQTFggAIRYhBCPJPAso64wfaAYn4W1XDDyBEWM0BQJaNvA+ +AwUBeAAKCRBtVww8gRFjNNlSAQDVCjzc/lbaWRdMx0f9HtNOXDq/4wHh10gWEaH/ +IlXhaQD+O6lRk+8Tbj/x3qeYL65z1BdP8s/SHkZ695nKKnlMdwqIowQRFgoASxYh +BOU7YErdNopTm7nrM6oU6WIA9eAGBQJZumaILRpodHRwOi8vZm94Y3BwLmR1Y2tk +bnMub3JnL3BncC1rZXktcG9saWN5LnR4dAAKCRCqFOliAPXgBllsAP9wkYbtcjsg +VVPm1dJHOp3GLupyNkvfjsuG39HxNEQ70wD/dMYqhcsDTyAdorE2c4aX6kiWDDAY +dWiidvBGO3fxSQu0JExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BrZXJuZWwub3Jn +PokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+PkMAQRiGBQJaHxkTAhsDBQsJCAcC +BhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMAQRiGzMcH/ieyxrsHR0ng3pi+qy1/ +sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkBDfh9vPCVzPqX7siZMJxw3+wOfjNn +GBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbvBf+xpiWOg2Myj5RYaOUBFbOEtfTP +ob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+ER5VyF1yJEpl10rDTM91NhEeV0n4w +pfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440ZSVWAnjwxhBLX2R0LUszRhU925c0v +P2l20eFncBmAT0NKpn7v9a670WHv45PluG+SKKktf6b5/BtfqpC3eV58I6FEtSVp +M1u5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf +HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28 +qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3 +hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa +p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o +R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYh5BBMWCAAhFiEEI8k8 +CyjrjB9oBifhbVcMPIERYzQFAlo27pADBQF4AAoJEG1XDDyBEWM0Ga4BAOMQT1fS +OAY+dYUN2Uh8pfT5fwID9NNhqYY/Lp2pLsErAQDL2h3LDqfOiEEEHHzoeJjvIrJJ +ePLssnCC6faC0x/SCIh5BBMWCAAhFiEEI8k8CyjrjB9oBifhbVcMPIERYzQFAlo2 +8D4DBQF4AAoJEG1XDDyBEWM02VIBANUKPNz+VtpZF0zHR/0e005cOr/jAeHXSBYR +of8iVeFpAP47qVGT7xNuP/Hep5gvrnPUF0/yz9IeRnr3mcoqeUx3CoijBBEWCgBL +FiEE5TtgSt02ilObueszqhTpYgD14AYFAlm6ZogtGmh0dHA6Ly9mb3hjcHAuZHVj +a2Rucy5vcmcvcGdwLWtleS1wb2xpY3kudHh0AAoJEKoU6WIA9eAGWWwA/3CRhu1y +OyBVU+bV0kc6ncYu6nI2S9+Oy4bf0fE0RDvTAP90xiqFywNPIB2isTZzhpfqSJYM +MBh1aKJ28EY7d/FJC4kBHwQYAQIACQUCTnkIkgIbDAAKCRB5vj5DAEEYhuobB/9F +i1GVG5qnPq14S0WKYEW3N891L37LaXmDh977r/j2dyZOoYIiV4rx6a6urhq9Ubcg +Nw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9HwUevDk2FMV1h9gkHLlqRUlTpjVdQw +TB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBYO81OXrTE/fcZEgKCeKW2xdKRiazu +6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6z2N4Sj0JBOobz4RR2JLElMEckMbd +qbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVHnhvqQqanZz1i4I5IwHJxkUsYLddg +YrylZH+MwNDlB5u3I138 +=SIhC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/tests/no-tty b/debian/tests/no-tty new file mode 100755 index 000000000..cdd485acd --- /dev/null +++ b/debian/tests/no-tty @@ -0,0 +1,17 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <d...@fifthhorseman.net> + +# Ensure that import works fine without a tty (see +# https://bugs.debian.org/913614) + +set -e +GPG=${GPG:-gpg} +export GNUPGHOME="$(mktemp -d)" + +cleanup() { + rm -rf "$GNUPGHOME" +} +trap cleanup EXIT + +setsid -w "$GPG" --import debian/tests/linus.key -- 2.19.1