[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#852849: marked as done (jessie-pu: package keyringer/0.3.7-1)

Your message dated Sat, 09 Dec 2017 10:47:53 +0000
with message-id <1512816473.1994.32.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in jessie point release
has caused the Debian Bug report #852849,
regarding jessie-pu: package keyringer/0.3.7-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
852849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852849
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear release team,

Please consider the attached patch for upload to jessie.

It is a backport of my patch for bug #847963: keyringer fails to handle
OpenPGP keys which have subkeys that do not expire.

I believe this bug qualifies for a patch in stable, given its impact:
it makes keyrings that contain such a key unuseable, since keyringer
errors-out on any operation, including reading secrets from the keyring.


I also included a backport of my patch for #847964, fixing a more minor
issue which only occurs when GnuPG lists keys multiple times (for
instance when using the `keyring /usr/share/keyrings/debian-keyring.gpg`
directive).


Best,

  nicoo

- -- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEiWEbFKE2h/s1SpJPnU+IAQz+GeMFAliLrPgZHG5pY29sYXNA
YnJhdWQtc2FudG9uaS5ldQAKCRCdT4gBDP4Z45EJEADcn9Ce5evljk2piSNWfAlq
OsNyofbioUnynSxImGD/yPmwvdrT/vX0Pyu/vGP6hyu32HWs6NMic0WNnLB3d9AX
Bj7fUsnp1PbYd8AbQC1a3IWAu/pqX8FVZpgRQTQLp8RzzlTlifRxn5PcnhkJXcpJ
aXhRTnoP8POhCqsucucXyAchVyt3cN1MfsI6aPXrh3U80RfnvpOZpUWUOg+s4k8d
8V3xUuw50ajXYccEUm5lcPFO3cwEZjXBgQPb6H78ECzYibe6XY4Hn5hUwQdw9owd
bipPnWEEjWEzNiEBMf0sSyfqXfsMI/zBlaR0IX9wmPaIHPA3QdC9AS7iA/G/MvOx
L4qhosgJeVys0nTyKxwrdRkcE9peDr/M2OKhfeWy/nPqSUoBaggmKhxn0SWJOD5k
iHFSE4m2sSr7yxxmAlZDb0sKJXYdyhgn35OL8wuav/ONKpRpJ+YA1Ge22YfXDBjy
/gLs7xkxv9cUgHXDTwbrHpjnq6Btcfs93zsh/nF5tcFlR5sxm/9dL4dDgTFn/D0j
C7AcLj4g+GJJO0z3+lfQLbDiTw7nEngWleNDklbjDGYXFdM2P/+7Rhqgt287muOw
0rEd7ehwlfWjanHso7x07BDV4MCbllnGlAsVLoJJKflCxhuPD0FtarHl/GAzutPK
3DMmq/3rTXMafm9M8EUCtw==
=aoEH
-----END PGP SIGNATURE-----

diff --git c/debian/changelog w/debian/changelog
index cba6437..89fc5d4 100644
--- c/debian/changelog
+++ w/debian/changelog
@@ -1,3 +1,11 @@
+keyringer (0.3.7-1+deb8u1) jessie-proposed-updates; urgency=medium
+
+  * debian/patches backported from version 0.5.0
+    * Handle subkeys without expiration date (Closes: #847963)
+    * Handle public keys listed multiple times (Closes: #847964)
+
+ -- Nicolas Braud-Santoni <nicolas@braud-santoni.eu>  Fri, 27 Jan 2017 21:10:30 +0100
+
 keyringer (0.3.7-1) unstable; urgency=low
 
   * Added .gitignore
diff --git c/debian/patches/0001-Handle-subkeys-without-expiration-date.patch w/debian/patches/0001-Handle-subkeys-without-expiration-date.patch
new file mode 100644
index 0000000..5f62421
--- /dev/null
+++ w/debian/patches/0001-Handle-subkeys-without-expiration-date.patch
@@ -0,0 +1,61 @@
+From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Date: Fri, 27 Jan 2017 20:59:43 +0100
+Subject: Handle subkeys without expiration date
+
+Closes #847963
+
+Backported from version 0.5.0,
+commit c12b5c6c7eccb8e0922ff034bb3690774e12998c
+---
+ ChangeLog               |  5 +++++
+ lib/keyringer/functions | 14 +++++++++++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 683c853..6b92025 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2017-01-27 - 0.3.7+deb8u1 - Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
++
++	Make keyringer_check_expiration not fail on subkeys which do
++	not have an expiration date (Debian BTS #847963)
++
+ 2014-08-21 - 0.3.7 - Silvio Rhatto <rhatto@riseup.net>
+ 
+ 	Init: just set git user/mail if needed
+diff --git a/lib/keyringer/functions b/lib/keyringer/functions
+index 42c047d..074f68e 100755
+--- a/lib/keyringer/functions
++++ b/lib/keyringer/functions
+@@ -715,19 +715,27 @@ function keyringer_check_expiration {
+   fi
+ 
+   # Check the subkeys
+-  expiry=""
+-  for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do
++  local subkey=""
++  for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do
++    local expiry=$(cut -d : -f 7 <<< "$subkey")
++
++    if [[ -z "$expiry" ]]; then
++      not_expired=1
++      break
++    fi
++
+     if [[ "$seconds" -lt "$expiry" ]]; then
+       not_expired="1"
+ 
+       if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then
+         echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`"
+       fi
++      break
+     fi
+   done
+ 
+   # All subkeys are expired
+-  if [ ! -z "$expiry" ] && [ "$not_expired" != "1" ]; then
++  if [ ! -z "$subkey" ] && [ "$not_expired" != "1" ]; then
+     echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired."
+     exit 1
+   fi
diff --git c/debian/patches/0002-Handle-public-keys-listed-multiple-times.patch w/debian/patches/0002-Handle-public-keys-listed-multiple-times.patch
new file mode 100644
index 0000000..2574f30
--- /dev/null
+++ w/debian/patches/0002-Handle-public-keys-listed-multiple-times.patch
@@ -0,0 +1,39 @@
+From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+Date: Fri, 27 Jan 2017 20:59:50 +0100
+Subject: Handle public keys listed multiple times
+
+Closes #847964
+
+Backported from version 0.5.0,
+commit 21ca00d0d8d6e206cb377dc1febe8f66694142d7
+---
+ ChangeLog               | 3 +++
+ lib/keyringer/functions | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 6b92025..9ec9d7a 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,8 @@
+ 2017-01-27 - 0.3.7+deb8u1 - Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
+ 
++	Fix keyringer_check_expiration failure if a public key is
++	listed multiple times (Debian #847964)
++
+ 	Make keyringer_check_expiration not fail on subkeys which do
+ 	not have an expiration date (Debian BTS #847963)
+ 
+diff --git a/lib/keyringer/functions b/lib/keyringer/functions
+index 074f68e..a5ba7eb 100755
+--- a/lib/keyringer/functions
++++ b/lib/keyringer/functions
+@@ -696,7 +696,7 @@ function keyringer_check_expiration {
+   seconds="`date +%s`"
+ 
+   # Check the main key
+-  expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`"
++  expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`"
+ 
+   # TODO: Time to expire can be configured via repository options.
+   ahead="$((86400 * 30 + $seconds))"
diff --git c/debian/patches/series w/debian/patches/series
new file mode 100644
index 0000000..9a8cb87
--- /dev/null
+++ w/debian/patches/series
@@ -0,0 +1,2 @@
+0001-Handle-subkeys-without-expiration-date.patch
+0002-Handle-public-keys-listed-multiple-times.patch

--- End Message ---
--- Begin Message --- 
Version: 8.10

Hi,

Each of the updates referenced in these bugs was included in this
morning's jessie point release. Thanks!

Regards,

Adam

--- End Message ---
Reply to: