Control: tags 992922 + patch
Control: tags 992922 + pending
Dear Daniel,
I've prepared an NMU for gpgme1.0 (versioned as 1.16.0-1.1) and
plan to upload it to sid. According to the low-threshold list,
your packages don't need to go through delayed queues, but I thought I
check back with you.
I have checked that the two cherry-picked commits from upstream fixes
the build failures on i386, and my guess the other 32bit archs will be
fixed, too.
In absence of answer I will upload 1.1 to unstable the next day.
Best regards
Norbert
--
PREINING Norbert https://www.preining.info
Fujitsu Research + IFMGA Guide + TU Wien + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
diff -Nru gpgme1.0-1.16.0/debian/changelog gpgme1.0-1.16.0/debian/changelog
--- gpgme1.0-1.16.0/debian/changelog 2021-08-24 00:07:50.000000000 +0900
+++ gpgme1.0-1.16.0/debian/changelog 2021-09-15 14:31:55.000000000 +0900
@@ -1,3 +1,13 @@
+gpgme1.0 (1.16.0-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Cherry-pick upstream fixes for test failures on 32bit archs:
+ - d/patches/upstream-e0494c54-fix-use-after-free-in-test.patch
+ - d/patches/upstream-72a2487a-expiration-date-as-unsigned.patch
+ (Closes: #992922)
+
+ -- Norbert Preining <norb...@preining.info> Wed, 15 Sep 2021 14:31:55 +0900
+
gpgme1.0 (1.16.0-1) unstable; urgency=medium
* new upstream release
diff -Nru gpgme1.0-1.16.0/debian/patches/series gpgme1.0-1.16.0/debian/patches/series
--- gpgme1.0-1.16.0/debian/patches/series 2021-08-24 00:07:50.000000000 +0900
+++ gpgme1.0-1.16.0/debian/patches/series 2021-09-15 13:51:54.000000000 +0900
@@ -1,3 +1,5 @@
0001-avoid-identifying-as-beta.patch
0004-drop-python2-support.patch
0006-Ship-python-examples-with-python3-in-shebang-line.patch
+upstream-e0494c54-fix-use-after-free-in-test.patch
+upstream-72a2487a-expiration-date-as-unsigned.patch
diff -Nru gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch
--- gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch 1970-01-01 09:00:00.000000000 +0900
+++ gpgme1.0-1.16.0/debian/patches/upstream-72a2487a-expiration-date-as-unsigned.patch 2021-09-15 14:31:22.000000000 +0900
@@ -0,0 +1,25 @@
+Make sure expiration time is interpreted as unsigned number
+
+* lang/qt/tests/t-various.cpp (testSignKeyWithExpiration): Convert
+expiration time to uint_least32_t.
+This fixes the test on 32-bit systems where time_t (the return type of
+expirationTime()) is a signed 32-bit integer type.
+
+GnuPG-bug-id: T5522
+---
+ lang/qt/tests/t-various.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: gpgme1.0-1.16.0/lang/qt/tests/t-various.cpp
+===================================================================
+--- gpgme1.0-1.16.0.orig/lang/qt/tests/t-various.cpp
++++ gpgme1.0-1.16.0/lang/qt/tests/t-various.cpp
+@@ -355,7 +355,7 @@ private Q_SLOTS:
+ target.update();
+ const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(!keySignature.neverExpires());
+- const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
++ const auto expirationDate = QDateTime::fromSecsSinceEpoch(uint_least32_t(keySignature.expirationTime())).date();
+ QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
+ }
+
diff -Nru gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch
--- gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch 1970-01-01 09:00:00.000000000 +0900
+++ gpgme1.0-1.16.0/debian/patches/upstream-e0494c54-fix-use-after-free-in-test.patch 2021-09-15 14:31:46.000000000 +0900
@@ -0,0 +1,118 @@
+core: Fix use-after-free issue in test
+
+* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
+(main): Factored out signing and verifying the result.
+Factoring the two steps of the test into different functions fixes the
+use-after-free issue that was caused by accidentaly using a variable
+of the first step in the second step.
+
+GnuPG-bug-id: T5509
+---
+ tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 37 insertions(+), 17 deletions(-)
+
+Index: gpgme1.0-1.16.0/tests/gpg/t-edit-sign.c
+===================================================================
+--- gpgme1.0-1.16.0.orig/tests/gpg/t-edit-sign.c
++++ gpgme1.0-1.16.0/tests/gpg/t-edit-sign.c
+@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *
+ }
+
+
+-int
+-main (int argc, char **argv)
++void
++sign_key (const char *key_fpr, const char *signer_fpr)
+ {
+ gpgme_ctx_t ctx;
+ gpgme_error_t err;
+ gpgme_data_t out = NULL;
+- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+ gpgme_key_t signing_key = NULL;
+- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+ gpgme_key_t key = NULL;
+- gpgme_key_t signed_key = NULL;
+- gpgme_user_id_t signed_uid = NULL;
+- gpgme_key_sig_t key_sig = NULL;
+ char *agent_info;
+- int mode;
+-
+- (void)argc;
+- (void)argv;
+-
+- init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+ err = gpgme_new (&ctx);
+ fail_if_err (err);
+
+- /* Sign the key */
+ agent_info = getenv("GPG_AGENT_INFO");
+ if (!(agent_info && strchr (agent_info, ':')))
+ gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
+@@ -159,8 +147,23 @@ main (int argc, char **argv)
+ gpgme_data_release (out);
+ gpgme_key_unref (key);
+ gpgme_key_unref (signing_key);
++ gpgme_release (ctx);
++}
++
++
++void
++verify_key_signature (const char *key_fpr, const char *signer_keyid)
++{
++ gpgme_ctx_t ctx;
++ gpgme_error_t err;
++ gpgme_key_t signed_key = NULL;
++ gpgme_user_id_t signed_uid = NULL;
++ gpgme_key_sig_t key_sig = NULL;
++ int mode;
++
++ err = gpgme_new (&ctx);
++ fail_if_err (err);
+
+- /* Verify the key signature */
+ mode = gpgme_get_keylist_mode (ctx);
+ mode |= GPGME_KEYLIST_MODE_SIGS;
+ err = gpgme_set_keylist_mode (ctx, mode);
+@@ -168,7 +171,7 @@ main (int argc, char **argv)
+ err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
+ fail_if_err (err);
+
+- signed_uid = key->uids;
++ signed_uid = signed_key->uids;
+ if (!signed_uid)
+ {
+ fprintf (stderr, "Signed key has no user IDs\n");
+@@ -180,7 +183,7 @@ main (int argc, char **argv)
+ exit (1);
+ }
+ key_sig = signed_uid->signatures->next;
+- if (strcmp ("2D727CC768697734", key_sig->keyid))
++ if (strcmp (signer_keyid, key_sig->keyid))
+ {
+ fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
+ key_sig->keyid);
+@@ -196,6 +199,23 @@ main (int argc, char **argv)
+
+ gpgme_key_unref (signed_key);
+ gpgme_release (ctx);
++}
++
++
++int
++main (int argc, char **argv)
++{
++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
++
++ (void)argc;
++ (void)argv;
++
++ init_gpgme (GPGME_PROTOCOL_OpenPGP);
++
++ sign_key (key_fpr, signer_fpr);
++ verify_key_signature (key_fpr, signer_keyid);
+
+ return 0;
+ }
