subject:"Bug#914032\: stretch\-pu\: package gnupg2\/2.1.18\-8\~deb9u4"

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-02-07 Thread Daniel Kahn Gillmor

On Wed 2019-02-06 18:31:22 +0100, Cyril Brulebois wrote:
> Adam D. Barratt  (2019-02-04):
>> Subject to a d-i ack, please go ahead; sorry for the delay.
>
> All my (d-i) local tests look good, no objections.

Thanks, Adam and KiBi.  I've just uploaded 2.1.18-8~deb9u4 with the
attached debdiff (which i believe addresses the test failure that KiBi
found), and i've pushed the corresponding signed tag to the
debian/stretch branch on https://salsa.debian.org/debian/gnupg2

Please let me know if you need anything else from me to address this.

All the best,

--dkg

diff -Nru gnupg2-2.1.18/debian/changelog gnupg2-2.1.18/debian/changelog
--- gnupg2-2.1.18/debian/changelog	2018-10-05 16:43:38.0 -0400
+++ gnupg2-2.1.18/debian/changelog	2019-02-07 15:57:27.0 -0500
@@ -1,3 +1,9 @@
+gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium
+
+  * Avoid crash when importing without a TTY (Closes: #913614)
+
+ -- Daniel Kahn Gillmor   Thu, 07 Feb 2019 15:57:27 -0500
+
 gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium
 
   * block trivial access to scdaemon memory (Closes: #878952)
diff -Nru gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
--- gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch	1969-12-31 19:00:00.0 -0500
+++ gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch	2018-11-16 00:45:16.0 -0500
@@ -0,0 +1,200 @@
+From: Werner Koch 
+Date: Thu, 15 Nov 2018 18:24:56 -0500
+Subject: gpg: Avoid superfluous sig check info during import.
+
+* g10/key-check.c (print_info): New.
+(key_check_all_keysigs): Print sig checking results only in debug
+mode.  Prettify the stats info and suppress them in quiet mode.
+
+--
+
+This also makes usable stats by prefixing them with the key and the
+program name.
+
+GnuPG-bug-id: 3397
+Signed-off-by: Werner Koch 
+
+(cherry-picked/backported from upstream
+84af859e391a757877c9a1d78e35face983e6d23 by dkg)
+
+Signed-off-by: Daniel Kahn Gillmor 
+---
+ g10/keyedit.c | 133 +-
+ 1 file changed, 95 insertions(+), 38 deletions(-)
+
+diff --git a/g10/keyedit.c b/g10/keyedit.c
+index 3d6c5d4c4..bdeb251f9 100644
+--- a/g10/keyedit.c
 b/g10/keyedit.c
+@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
+ }
+ 
+ 
++/* Print PREFIX followed by TEXT.  With mode > 0 use log_info, with
++ * mode < 0 use ttyio, else print to stdout.  If TEXT is not NULL, it
++ * may be modified by this function.  */
++static void
++print_info (int mode, const char *prefix, char *text)
++{
++  char *p;
++
++  if (!text)
++text = "";
++  else if ((p = strchr (text,'\n')))
++*p = 0; /* Strip LF.  */
++
++   if (mode > 0)
++ log_info ("%s %s\n", prefix, text);
++   else
++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text);
++}
++
++
+ 
+ /* Order two signatures.  The actual ordering isn't important.  Our
+goal is to ensure that identical signatures occur together.  */
+@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+   has_selfsig = 1;
+   }
+ 
+-if ((n2 && n2 != last_printed_component)
+-|| (! n2 && last_printed_component != current_component))
++if (DBG_PACKET
++&& ((n2 && n2 != last_printed_component)
++|| (! n2 && last_printed_component != current_component)))
+   {
+ int is_reordered = n2 && n2 != current_component;
+ if (n2)
+@@ -779,31 +800,32 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+   ;
+ else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
+   {
+-tty_printf ("uid  ");
+-tty_print_utf8_string (last_printed_component
+-   ->pkt->pkt.user_id->name,
+-   last_printed_component
+-   ->pkt->pkt.user_id->len);
++log_debug ("uid  ");
++print_utf8_buffer (log_get_stream (),
++   last_printed_component
++   ->pkt->pkt.user_id->name,
++   last_printed_component
++   ->pkt->pkt.user_id->len);
++log_flush ();
+   }
+ else if (last_printed_component->pkt->pkttype
+  == PKT_PUBLIC_KEY)
+-  tty_printf ("pub  %s",
+-  pk_keyid_str (last_printed_component
+-->pkt->pkt.public_key));
++  log_debug

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-02-07 Thread Daniel Kahn Gillmor

On Wed 2019-02-06 17:11:16 +0100, Cyril Brulebois wrote:
> Hi,
>
> Adam D. Barratt  (2019-02-04):
>> Control: tags -1 + confirmed d-i
>> 
>> On Sun, 2018-11-18 at 12:38 -0500, Daniel Kahn Gillmor wrote:
>> > When fixing #906545 (GnuPG rejects some malformed keys during import
>> > instead of cleaning), i inadvertently introduced #913614 (GnuPG fails
>> > to import keys when no TTY attached and --batch is not specified)
>> > into debian stable.
>> 
>> Subject to a d-i ack, please go ahead; sorry for the delay.
>
> FWIW that didn't build in my stretch sbuild chroot, due to test failures:
 […]
> | GPG=build/g10/gpg debian/tests/no-tty
> | gpg: keybox '/tmp/tmp.XD9JXRSdGU/pubring.kbx' created
> | gpg: key 79BE3E4300411886: 3 duplicate signatures removed
> | gpg: key 79BE3E4300411886: 3 signatures not checked due to missing keys
> | gpg: /tmp/tmp.XD9JXRSdGU/trustdb.gpg: trustdb created
> | gpg: key 79BE3E4300411886: public key "Linus Torvalds 
> " imported
> | gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
> | gpg: can't connect to the agent: No such file or directory
> | gpg: Total number processed: 1
> | gpg:   imported: 1
> | gpg: no ultimately trusted keys found
> | debian/rules:71: recipe for target 'override_dh_auto_test' failed
> | make[1]: *** [override_dh_auto_test] Error 2
> | make[1]: Leaving directory '/<>'
> | debian/rules:26: recipe for target 'build' failed
> | make: *** [build] Error 2
> | dpkg-buildpackage: error: debian/rules build gave error exit status 2

Thanks for catching this, kibi.  It looks like the added test needs to
explicitly start up a gpg-agent from the build path rather than the
system environment, so i'm fixing that test now, before uploading.

   --dkg

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-02-06 Thread Cyril Brulebois

Hi,

Adam D. Barratt  (2019-02-04):
> Subject to a d-i ack, please go ahead; sorry for the delay.

All my (d-i) local tests look good, no objections.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-02-06 Thread Cyril Brulebois

Hi,

Adam D. Barratt  (2019-02-04):
> Control: tags -1 + confirmed d-i
> 
> On Sun, 2018-11-18 at 12:38 -0500, Daniel Kahn Gillmor wrote:
> > When fixing #906545 (GnuPG rejects some malformed keys during import
> > instead of cleaning), i inadvertently introduced #913614 (GnuPG fails
> > to import keys when no TTY attached and --batch is not specified)
> > into debian stable.
> 
> Subject to a d-i ack, please go ahead; sorry for the delay.

FWIW that didn't build in my stretch sbuild chroot, due to test failures:
|debian/rules override_dh_auto_test
| make[1]: Entering directory '/<>'
| dh_auto_test --builddirectory=build
|   make -j1 check VERBOSE=1
| make[2]: Entering directory '/<>/build'
| Making check in m4
| make[3]: Entering directory '/<>/build/m4'
| make[3]: Nothing to be done for 'check'.
| make[3]: Leaving directory '/<>/build/m4'
| Making check in common
| make[3]: Entering directory '/<>/build/common'
| make  check-am
| make[4]: Entering directory '/<>/build/common'
| make  check-TESTS
| make[5]: Entering directory '/<>/build/common'
| PASS: t-stringhelp
| PASS: t-timestuff
| PASS: t-convert
| PASS: t-percent
| PASS: t-gettime
| PASS: t-sysutils
| PASS: t-sexputil
| > Known envvars: GPG_TTY(ttyname) TERM(ttytype) DISPLAY(display)
| > XAUTHORITY(xauthority) XMODIFIERS GTK_IM_MODULE DBUS_SESSION_BUS_ADDRESS
| > QT_IM_MODULE INSIDE_EMACS PINENTRY_USER_DATA(pinentry-user-data)
| PASS: t-session-env
| PASS: t-openpgp-oid
| PASS: t-ssh-utils
| PASS: t-mapstrings
| PASS: t-zb32
| PASS: t-mbox-util
| PASS: t-iobuf
| PASS: t-strlist
| PASS: t-name-value
| PASS: t-ccparray
| PASS: t-recsel
| PASS: t-exechelp
| error running '/bin/false': exit status 1
| PASS: t-exectool
| ===
| All 20 tests passed
| ===
| make[5]: Leaving directory '/<>/build/common'
| make[4]: Leaving directory '/<>/build/common'
| make[3]: Leaving directory '/<>/build/common'
| Making check in kbx
| make[3]: Entering directory '/<>/build/kbx'
| make[3]: Nothing to be done for 'check'.
| make[3]: Leaving directory '/<>/build/kbx'
| Making check in g10
| make[3]: Entering directory '/<>/build/g10'
| make  check-TESTS
| make[4]: Entering directory '/<>/build/g10'
| PASS: t-rmd160
| PASS: t-keydb
| PASS: t-keydb-get-keyblock
| PASS: t-stutter
| ==
| All 4 tests passed
| ==
| make[4]: Leaving directory '/<>/build/g10'
| make[3]: Leaving directory '/<>/build/g10'
| Making check in sm
| make[3]: Entering directory '/<>/build/sm'
| make[3]: Nothing to be done for 'check'.
| make[3]: Leaving directory '/<>/build/sm'
| Making check in agent
| make[3]: Entering directory '/<>/build/agent'
| make  check-TESTS
| make[4]: Entering directory '/<>/build/agent'
| PASS: t-protect
| =
| 1 test passed
| =
| make[4]: Leaving directory '/<>/build/agent'
| make[3]: Leaving directory '/<>/build/agent'
| Making check in scd
| make[3]: Entering directory '/<>/build/scd'
| make[3]: Nothing to be done for 'check'.
| make[3]: Leaving directory '/<>/build/scd'
| Making check in dirmngr
| make[3]: Entering directory '/<>/build/dirmngr'
| make  check-TESTS
| make[4]: Entering directory '/<>/build/dirmngr'
| PASS: t-ldap-parse-uri
| =
| 1 test passed
| =
| make[4]: Leaving directory '/<>/build/dirmngr'
| make[3]: Leaving directory '/<>/build/dirmngr'
| Making check in tools
| make[3]: Entering directory '/<>/build/tools'
| make[3]: Nothing to be done for 'check'.
| make[3]: Leaving directory '/<>/build/tools'
| Making check in po
| make[3]: Entering directory '/<>/build/po'
| make[3]: Leaving directory '/<>/build/po'
| Making check in doc
| make[3]: Entering directory '/<>/build/doc'
| make  check-am
| make[4]: Entering directory '/<>/build/doc'
| make[4]: Nothing to be done for 'check-am'.
| make[4]: Leaving directory '/<>/build/doc'
| make[3]: Leaving directory '/<>/build/doc'
| Making check in tests
| make[3]: Entering directory '/<>/build/tests'
| Making check in gpgscm
| make[4]: Entering directory '/<>/build/tests/gpgscm'
| make  check-local
| make[5]: Entering directory '/<>/build/tests/gpgscm'
| EXEEXT= GPGSCM_PATH=../../../tests/gpgscm \
|   ./gpgscm ../../../tests/gpgscm/t-child.scm
| Testing process and IPC primitives... 
| hello world. 
| All good. 
| make[5]: Leaving directory '/<>/build/tests/gpgscm'
| make[4]: Leaving directory '/<>/build/tests/gpgscm'
| Making check in openpgp
| make[4]: Entering directory '/<>/build/tests/openpgp'
| LC_ALL=C EXEEXT= 
PATH=../gpgscm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 TMP=/tmp srcdir=/<>/build/../tests/openpgp 
objdir=/<>/build 
GPGSCM_PATH=/<>/build/../tests/gpgscm:/<>/build/../tests/openpgp
 /<>/build/tests/gpgscm/gpgscm \
|   run-tests.scm  version.scm enarmor.scm mds.scm decrypt.scm 
decrypt-multifile.scm decrypt-dsa.scm decrypt-session-key.scm sigs.scm 
sigs-dsa.scm encrypt.scm encrypt-multifile.scm encrypt-dsa.scm compression.scm 
seat.scm

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-02-04 Thread Adam D. Barratt

Control: tags -1 + confirmed d-i

On Sun, 2018-11-18 at 12:38 -0500, Daniel Kahn Gillmor wrote:
> When fixing #906545 (GnuPG rejects some malformed keys during import
> instead of cleaning), i inadvertently introduced #913614 (GnuPG fails
> to import keys when no TTY attached and --batch is not specified)
> into debian stable.

Subject to a d-i ack, please go ahead; sorry for the delay.

Regards,

Adam

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2019-01-28 Thread Daniel Kahn Gillmor

On https://bugs.debian.org/914032, Daniel Kahn Gillmor wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: stretch
> Severity: normal
> Control: affects -1 src:gnupg2
> Control: block 913614 by -1
>
> When fixing #906545 (GnuPG rejects some malformed keys during import
> instead of cleaning), i inadvertently introduced #913614 (GnuPG fails to
> import keys when no TTY attached and --batch is not specified) into
> debian stable.

Many thanks to the stable release managers for their work done on
getting the latest stretch point release out.

Ping on this request for an updated gnupg2/2.1.18-8~deb9u4 to address
the regression #913614 -- maybe it can make it into the next point
release?

 --dkg

signature.asc
Description: PGP signature

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

2018-11-18 Thread Daniel Kahn Gillmor

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
Control: affects -1 src:gnupg2
Control: block 913614 by -1

When fixing #906545 (GnuPG rejects some malformed keys during import
instead of cleaning), i inadvertently introduced #913614 (GnuPG fails to
import keys when no TTY attached and --batch is not specified) into
debian stable.

This slipped through because there was no test for this particular use
case :( GnuPG upstream has stated that all automated/scripted use (the
typical situation where no TTY is present) should always specify
--batch, therefore the specific use case is considered out of scope,
despite apparently being widely used in places like docker scripts
without --batch.

The attached patch to the gnupg2 packaging in stable resolves #913614
without re-breaking #906545, and also introduces a test for the specific
use case for #913614.  The test should run both at build time and with
the autopkgtest suite.

Adrian Bunk tagged #913614 as severity serious, making it RC critical.
If we want to resolve the RC bug in debian stretch, then we need to use
something like the attached debdiff as gnupg2/2.1.18-8~deb9u4.
Alternately, if this is not RC-critical, then the bug report should have
its severity reduced.

Please let me know if you want me to go ahead with the upload, or if you
would like to see anything else addressed.  Apologies for the hassle.

Regards,

--dkg


-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru gnupg2-2.1.18/debian/changelog gnupg2-2.1.18/debian/changelog
--- gnupg2-2.1.18/debian/changelog	2018-10-05 16:43:38.0 -0400
+++ gnupg2-2.1.18/debian/changelog	2018-11-18 12:20:52.0 -0500
@@ -1,3 +1,9 @@
+gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium
+
+  * Avoid crash when importing without a TTY (closes #913614)
+
+ -- Daniel Kahn Gillmor   Sun, 18 Nov 2018 12:20:52 -0500
+
 gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium
 
   * block trivial access to scdaemon memory (Closes: #878952)
diff -Nru gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
--- gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch	1969-12-31 19:00:00.0 -0500
+++ gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch	2018-11-16 00:45:16.0 -0500
@@ -0,0 +1,200 @@
+From: Werner Koch 
+Date: Thu, 15 Nov 2018 18:24:56 -0500
+Subject: gpg: Avoid superfluous sig check info during import.
+
+* g10/key-check.c (print_info): New.
+(key_check_all_keysigs): Print sig checking results only in debug
+mode.  Prettify the stats info and suppress them in quiet mode.
+
+--
+
+This also makes usable stats by prefixing them with the key and the
+program name.
+
+GnuPG-bug-id: 3397
+Signed-off-by: Werner Koch 
+
+(cherry-picked/backported from upstream
+84af859e391a757877c9a1d78e35face983e6d23 by dkg)
+
+Signed-off-by: Daniel Kahn Gillmor 
+---
+ g10/keyedit.c | 133 +-
+ 1 file changed, 95 insertions(+), 38 deletions(-)
+
+diff --git a/g10/keyedit.c b/g10/keyedit.c
+index 3d6c5d4c4..bdeb251f9 100644
+--- a/g10/keyedit.c
 b/g10/keyedit.c
+@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
+ }
+ 
+ 
++/* Print PREFIX followed by TEXT.  With mode > 0 use log_info, with
++ * mode < 0 use ttyio, else print to stdout.  If TEXT is not NULL, it
++ * may be modified by this function.  */
++static void
++print_info (int mode, const char *prefix, char *text)
++{
++  char *p;
++
++  if (!text)
++text = "";
++  else if ((p = strchr (text,'\n')))
++*p = 0; /* Strip LF.  */
++
++   if (mode > 0)
++ log_info ("%s %s\n", prefix, text);
++   else
++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text);
++}
++
++
+ 
+ /* Order two signatures.  The actual ordering isn't important.  Our
+goal is to ensure that identical signatures occur together.  */
+@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+   has_selfsig = 1;
+   }
+ 
+-if ((n2 && n2 != last_printed_component)
+-|| (! n2 && last_printed_component != current_component))
++if (DBG_PACKET
++&& ((n2 && n2 != last_printed_component)
++|| (! n2 && last_printed_component !=

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

Bug#914032: stretch-pu: package gnupg2/2.1.18-8~deb9u4

7 matches

Site Navigation

Mail list logo

Footer information