[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gnupg-agent: "mangles passphrases" should be grave (data loss, fixed upstream)

On Tue, 07 Sep 2010 at 04:12:15 +0200, Lionel Elie Mamane wrote:
> On Mon, Apr 19, 2010 at 09:18:57AM +0000, Sascha Silbe wrote:
> > Keys created / imported / having passphrase changed with gpg-agent
> > 2.0.14 cannot be decrypted (and thus used), preventing all gpg
> > operations. This has been fixed upstream in 2.0.15:
> > Keys that are already mangled are unreadable even by 2.0.15

This seems to be a duplicate of Bug #567926. According to Werner's announcement
in <http://marc.info/?l=gnupg-users&m=126451730710129&w=2> this can affect
X.509 and SSH keys, but not OpenPGP.

The patch whose ChangeLog entry Sascha quoted seems to be identical to
encode-s2k.patch, which was applied in 2.0.14-1.1 to fix #567926, then
re-applied by the maintainer in 2.0.14-2.

Sascha, were you basing your bug report on a bug you have experienced yourself,
or just on the upstream announcement? If you have experienced the bug yourself
and know how to reproduce it, could you please try to do so with 2.0.14-2
and confirm whether it's already been fixed?

Relatedly, the BTS still thinks #567926 affects 2.0.14-2 (because the changelog
for that version neither includes the NMU entry nor re-closes the bug), but
for some reason it has archived that bug anyway. Fixing that now...


Reply to: