[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1040180: bookworm-pu: package kf5-messagelib/22.12.3-2~deb12u1

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: kf5-messagelib@packages.debian.org, hefee@debian.org
Control: affects -1 + src:kf5-messagelib

[ Reason ]
KMail does can't verify signatures if they are signed with subkeys.

[ Impact ]
Users will see an invalid signature instead of a valid one.

[ Tests ]
Same package is on unstable for some days without any issue.
I also run KMail on a daily basis.

[ Risks ]
The patch is quite small and is a direct patch from upstream. It is very
unlikly that this has side effects.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in bookworm
  [*] the issue is verified as fixed in unstable

diff -Nru kf5-messagelib-22.12.3/debian/changelog kf5-messagelib-22.12.3/debian/changelog
--- kf5-messagelib-22.12.3/debian/changelog	2023-03-01 21:33:30.000000000 +0100
+++ kf5-messagelib-22.12.3/debian/changelog	2023-07-02 23:21:13.000000000 +0200
@@ -1,3 +1,15 @@
+kf5-messagelib (4:22.12.3-2~deb12u1) bookworm; urgency=medium
+
+  * Rebuilt for bookworm.
+
+ -- Sandro Knauß <hefee@debian.org>  Sun, 02 Jul 2023 23:21:13 +0200
+
+kf5-messagelib (4:22.12.3-2) unstable; urgency=medium
+
+  * Add upstream patch to search also for subkeys (Closes: #1037363).
+
+ -- Sandro Knauß <hefee@debian.org>  Tue, 27 Jun 2023 14:09:30 +0200
+
 kf5-messagelib (4:22.12.3-1) unstable; urgency=medium
 
   [ Patrick Franz ]
diff -Nru kf5-messagelib-22.12.3/debian/patches/series kf5-messagelib-22.12.3/debian/patches/series
--- kf5-messagelib-22.12.3/debian/patches/series	2022-12-20 01:37:29.000000000 +0100
+++ kf5-messagelib-22.12.3/debian/patches/series	2023-06-27 13:33:50.000000000 +0200
@@ -1 +1,2 @@
 enable_debianabimanager.diff
+upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
diff -Nru kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
--- kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch	1970-01-01 01:00:00.000000000 +0100
+++ kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch	2023-06-27 13:34:36.000000000 +0200
@@ -0,0 +1,44 @@
+From 70f39256784280d2034aa7bf1c4765f606c22d56 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
+Date: Wed, 3 May 2023 14:51:18 +0200
+Subject: Look for matching subkey if no key was found for fingerprint
+
+If the message was signed with a signing subkey instead of with the
+primary key of an OpenPGP certificate, then we won't find a key with
+findByFingerprint(). To look for a matching subkey we need to use
+findSubkeysByKeyID().
+
+FIXED-IN: 5.23.1
+BUG: 469304
+(cherry picked from commit 606ea1478d2d5b5aacdc6ef3f050655fe0352d87)
+---
+ mimetreeparser/src/messagepart.cpp | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/mimetreeparser/src/messagepart.cpp b/mimetreeparser/src/messagepart.cpp
+index f1489d5e0..3e99e71c8 100644
+--- a/mimetreeparser/src/messagepart.cpp
++++ b/mimetreeparser/src/messagepart.cpp
+@@ -848,8 +848,18 @@ void SignedMessagePart::sigStatusToMetaData()
+             // Search for the key by its fingerprint so that we can check for
+             // trust etc.
+             key = Kleo::KeyCache::instance()->findByFingerprint(signature.fingerprint());
++            if (key.isNull() && signature.fingerprint()) {
++                // try to find a subkey that was used for signing;
++                // assumes that the key ID is the last 16 characters of the fingerprint
++                const auto fpr = std::string_view{signature.fingerprint()};
++                const auto keyID = std::string{fpr, fpr.size() - 16, 16};
++                const auto subkeys = Kleo::KeyCache::instance()->findSubkeysByKeyID({keyID});
++                if (subkeys.size() > 0) {
++                    key = subkeys[0].parent();
++                }
++            }
+             if (key.isNull()) {
+-                qCDebug(MIMETREEPARSER_LOG) << "Found no Key for Fingerprint" << signature.fingerprint();
++                qCDebug(MIMETREEPARSER_LOG) << "Found no key or subkey for fingerprint" << signature.fingerprint();
+             }
+         }
+ 
+-- 
+2.40.1
+
Reply to: