Your message dated Sat, 07 Mar 2026 21:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1128406: fixed in dpkg 1.22.22
has caused the Debian Bug report #1128406,
regarding dpkg: Undefined subroutine &Dpkg::OpenPGP::Backend::GnuPG::g_ when
verifying upstream signatures
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128406
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg
Version: 1.23.5
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
scripts/Dpkg/OpenPGP/Backend/GnuPG.pm is missing 'use Dpkg::Gettext;',
which provides the g_() function used in _file_is_keybox(). When
dpkg-source verifies upstream signatures using the GnuPG backend, it
crashes with:
```
Undefined subroutine &Dpkg::OpenPGP::Backend::GnuPG::g_ called at
/usr/share/perl5/Dpkg/OpenPGP/Backend/GnuPG.pm line 133.
```
The same bug was previously fixed for the Sequoia backend in dpkg 1.22.18
(#1099866). The fix is to add 'use Dpkg::Gettext;' to
scripts/Dpkg/OpenPGP/Backend/GnuPG.pm, matching what was done for
scripts/Dpkg/OpenPGP/Backend/Sequoia.pm.
This bug was originally found in Ubuntu while I was working on lintian
(https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2142108).
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuVOE/FJ0HcdfWSw//lAdKwFeZPsFAmmW+PgACgkQ/lAdKwFe
ZPsE/Q/8C/xMQbB88FURUmG6OTzZdduIU24v7QEVzqElTZ1IM69lbkg4wD2/sr+n
wEFXMTR7ySsYa92spVWLhDtpt8qG6O5IDyCwCTsdgDAyaGbQ0sSgw/Gl5wwhmybR
okXkRKRD3pWMAuCAQchnUu8oDxiSYOxeEw5X2ThRtyreiL66egiueIk7WNi7RLZo
GmLsgUjN8YBvpJrvgLu9smLrOL5g+//M8T2dITPjfhrWDReYlTQtlGOTknfuz4Qj
Ms9pzLmqEosafWaJIDDpzDQC9o2hz82DZnUjSvyko+rC9AOr3+KAK6QcMweAFcvo
ApUargVRjOsPtGSLwksFMfJsnLSJOjbt4gYirqAmALno8Lt2lnZT/wdjISVxM5Uf
oWR4nTzznR7QcpVYhSe/odbXAhojaBymgxUUVfHsxKtJq51AW9o0RC5p8B3TBD6R
pFx/Uv7e7CXPHWJ8MJm3mtBXI5PXrvatvcJmwiQoe68WN9i3x9G04xkpOQqteT/B
dX/0s2looADwqVzfMzS2fckQLZGc2CdF3NO2hcw//ez9ujcvb+6ETEZBKNQKD302
VY/uzZD2kfg6eWpUY/daANgX/k4tMkeyqvfICeVqgtFXpx1MursjDtRiexYdCmno
ZR0rOk9KoVMCIov67An38znYZsoFJse1EhkadqFZ/g22Ag0FPxg=
=eyRv
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.22.22
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Mar 2026 04:01:23 +0100
Source: dpkg
Architecture: source
Version: 1.22.22
Distribution: trixie
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 1111617 1122107 1128406 1129722
Changes:
dpkg (1.22.22) trixie; urgency=medium
.
[ Guillem Jover ]
* dpkg-query: Fix segfault with empty -S argument. LP: #2092676
* Perl modules:
- Dpkg::OpenPGP: Do not run verify with no keyrings. Closes: #1111617
- Dpkg::Shlibs::Objdump::Object: Add support for "Version References"
symbols. Closes: #1122107
- Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import.
Closes: #1128406
* Code internals:
- libdpkg: Terminate zstd decompression when we have no more data.
Reported by Yashashree Gund <[email protected]>. Closes: #1129722
Fixes CVE-2026-2219.
* Build system:
- Build gitlab CI images for trixie instead of sid.
Checksums-Sha1:
e0dbbfa6400dc9a838176b4e046b7a57ce844c85 3449 dpkg_1.22.22.dsc
3f562f6937e1df756e7275a303914f0efaa3c377 5746724 dpkg_1.22.22.tar.xz
7b57553adc5a5764773625b762c4fe5207ea230a 8221 dpkg_1.22.22_amd64.buildinfo
Checksums-Sha256:
fc481d9b87cd4416cd55673cc1fa716b57480a6b23253ac0d87c1abbfad4c964 3449
dpkg_1.22.22.dsc
d5ea9f132deec8030b50ab2a02ade2b49f0c7a195805a302c8301156fe833a57 5746724
dpkg_1.22.22.tar.xz
809d48dde9436bccf833ea00386a5c32cc3297262c9c51b2033c75a87bda8919 8221
dpkg_1.22.22_amd64.buildinfo
Files:
2e36fe2ec2cd2a5a374dee1cec4fe640 3449 admin required dpkg_1.22.22.dsc
87e8823109f047a499c2263f0c7ad774 5746724 admin required dpkg_1.22.22.tar.xz
14ea0bbb85f5118a7b85f49958a258ab 8221 admin required
dpkg_1.22.22_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpqkbWCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeaNKfj62cknjOWWnhDMhL/C4M3YF/ojoZrx/DPMMAG
XRYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAACwdhAA0Dr1WpgIY79jFIhxLj5jzn5/
b4AwliTWAX6hM4Hf+UV9j9qU80Wrj56ssdlnOQSzhbXqdK8ItsZzul9IvIY7b4Zc
HC2Lqtb95WSeWCJJKFJGvdMz/e8asBsxKR3/IMUjRXnc0AKYOyBLvk2U8am++6NC
PLsK/M3+hiG4JSV+bRgoNGIqVQZUzDm9eRG57+uHAFj9gKQtpDmoFvJHeTS8xkvA
IOhptaoYC4OjUfHbCvig1nDnYQJDDLFaUjJR6g7ES9xf2yS14TfQCZOKZMUqMSBo
aGQYA+JHoB5g7SdoNB/WmoMp9KMGaH5ly5+c3/K2f+7HpZRrp8VPWS6WC8/jQgjr
okMV1SaEQJauqAy5WXnE+LGB1nOZn8WK0so8k011Cy02dxUBs5P6z0sHI5GnkOOa
epFChQnV5yATjMxy2nogRxnmDGfPoELkdBWvRFz2XKggC0y2HXmtlxsvp+VKRt8a
ko1nTby5dVC5HtZkAX13BvSjgkbzbc9GDTaYZjJpxz1WR/SEWL/ZaPAOtq2XgZmk
iQfyqR45WR2qGy4ZQgvzva9wm88aKuZeE2GuTYEws6K295V0WiKQEE6xgEUJOmjY
vRWtAnhcdUNCU61Dmd++EnOmg2iZmoSXOfjpcozHuJWT7n6NbzSYJIuMATahcWhG
ZNe4Y4WLDZgy/Ewu15w=
=nuB6
-----END PGP SIGNATURE-----
pgpr5vwhzIImk.pgp
Description: PGP signature
--- End Message ---
