Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
Control: affects -1 src:gnupg2
Control: block 913614 by -1
When fixing #906545 (GnuPG rejects some malformed keys during import
instead of cleaning), i inadvertently introduced #913614 (GnuPG fails to
import keys when no TTY attached and --batch is not specified) into
debian stable.
This slipped through because there was no test for this particular use
case :( GnuPG upstream has stated that all automated/scripted use (the
typical situation where no TTY is present) should always specify
--batch, therefore the specific use case is considered out of scope,
despite apparently being widely used in places like docker scripts
without --batch.
The attached patch to the gnupg2 packaging in stable resolves #913614
without re-breaking #906545, and also introduces a test for the specific
use case for #913614. The test should run both at build time and with
the autopkgtest suite.
Adrian Bunk tagged #913614 as severity serious, making it RC critical.
If we want to resolve the RC bug in debian stretch, then we need to use
something like the attached debdiff as gnupg2/2.1.18-8~deb9u4.
Alternately, if this is not RC-critical, then the bug report should have
its severity reduced.
Please let me know if you want me to go ahead with the upload, or if you
would like to see anything else addressed. Apologies for the hassle.
Regards,
--dkg
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gnupg2-2.1.18/debian/changelog gnupg2-2.1.18/debian/changelog
--- gnupg2-2.1.18/debian/changelog 2018-10-05 16:43:38.000000000 -0400
+++ gnupg2-2.1.18/debian/changelog 2018-11-18 12:20:52.000000000 -0500
@@ -1,3 +1,9 @@
+gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium
+
+ * Avoid crash when importing without a TTY (closes #913614)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 18 Nov 2018 12:20:52 -0500
+
gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium
* block trivial access to scdaemon memory (Closes: #878952)
diff -Nru gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
--- gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 2018-11-16 00:45:16.000000000 -0500
@@ -0,0 +1,200 @@
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 15 Nov 2018 18:24:56 -0500
+Subject: gpg: Avoid superfluous sig check info during import.
+
+* g10/key-check.c (print_info): New.
+(key_check_all_keysigs): Print sig checking results only in debug
+mode. Prettify the stats info and suppress them in quiet mode.
+
+--
+
+This also makes usable stats by prefixing them with the key and the
+program name.
+
+GnuPG-bug-id: 3397
+Signed-off-by: Werner Koch <wk@gnupg.org>
+
+(cherry-picked/backported from upstream
+84af859e391a757877c9a1d78e35face983e6d23 by dkg)
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/keyedit.c | 133 +++++++++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 95 insertions(+), 38 deletions(-)
+
+diff --git a/g10/keyedit.c b/g10/keyedit.c
+index 3d6c5d4c4..bdeb251f9 100644
+--- a/g10/keyedit.c
++++ b/g10/keyedit.c
+@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
+ }
+
+
++/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with
++ * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it
++ * may be modified by this function. */
++static void
++print_info (int mode, const char *prefix, char *text)
++{
++ char *p;
++
++ if (!text)
++ text = "";
++ else if ((p = strchr (text,'\n')))
++ *p = 0; /* Strip LF. */
++
++ if (mode > 0)
++ log_info ("%s %s\n", prefix, text);
++ else
++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text);
++}
++
++
+
+ /* Order two signatures. The actual ordering isn't important. Our
+ goal is to ensure that identical signatures occur together. */
+@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ has_selfsig = 1;
+ }
+
+- if ((n2 && n2 != last_printed_component)
+- || (! n2 && last_printed_component != current_component))
++ if (DBG_PACKET
++ && ((n2 && n2 != last_printed_component)
++ || (! n2 && last_printed_component != current_component)))
+ {
+ int is_reordered = n2 && n2 != current_component;
+ if (n2)
+@@ -779,31 +800,32 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ ;
+ else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
+ {
+- tty_printf ("uid ");
+- tty_print_utf8_string (last_printed_component
+- ->pkt->pkt.user_id->name,
+- last_printed_component
+- ->pkt->pkt.user_id->len);
++ log_debug ("uid ");
++ print_utf8_buffer (log_get_stream (),
++ last_printed_component
++ ->pkt->pkt.user_id->name,
++ last_printed_component
++ ->pkt->pkt.user_id->len);
++ log_flush ();
+ }
+ else if (last_printed_component->pkt->pkttype
+ == PKT_PUBLIC_KEY)
+- tty_printf ("pub %s",
+- pk_keyid_str (last_printed_component
+- ->pkt->pkt.public_key));
++ log_debug ("pub %s",
++ pk_keyid_str (last_printed_component
++ ->pkt->pkt.public_key));
+ else
+- tty_printf ("sub %s",
+- pk_keyid_str (last_printed_component
+- ->pkt->pkt.public_key));
++ log_debug ("sub %s",
++ pk_keyid_str (last_printed_component
++ ->pkt->pkt.public_key));
+
+ if (modified)
+ {
+ if (is_reordered)
+- tty_printf (_(" (reordered signatures follow)"));
+- tty_printf ("\n");
++ log_debug ("%s\n", _(" (reordered signatures follow)"));
+ }
+ }
+
+- if (modified)
++ if (DBG_PACKET && modified)
+ print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig,
+ 0, only_selfsigs);
+ }
+@@ -910,28 +932,63 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ }
+ }
+
+- if (dups || missing_issuer || bad_signature || reordered)
+- tty_printf (_("key %s:\n"), pk_keyid_str (pk));
+-
+- if (dups)
+- tty_printf (ngettext ("%d duplicate signature removed\n",
+- "%d duplicate signatures removed\n", dups), dups);
+- if (missing_issuer)
+- tty_printf (ngettext ("%d signature not checked due to a missing key\n",
+- "%d signatures not checked due to missing keys\n",
+- missing_issuer), missing_issuer);
+- if (bad_signature)
+- tty_printf (ngettext ("%d bad signature\n",
+- "%d bad signatures\n",
+- bad_signature), bad_signature);
+- if (reordered)
+- tty_printf (ngettext ("%d signature reordered\n",
+- "%d signatures reordered\n",
+- reordered), reordered);
+-
+- if (only_selfsigs && (bad_signature || reordered))
+- tty_printf (_("Warning: errors found and only checked self-signatures,"
+- " run '%s' to check all signatures.\n"), "check");
++ if (!opt.quiet)
++ {
++ char prefix[100];
++ char *p;
++ int mode = 1;
++
++ /* To avoid string changes in 2.2 we strip the LF here. */
++ snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk));
++ p = strrchr (prefix, '\n');
++ if (p)
++ *p = 0;
++
++ if (dups)
++ {
++ p = xtryasprintf
++ (ngettext ("%d duplicate signature removed\n",
++ "%d duplicate signatures removed\n", dups), dups);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (missing_issuer)
++ {
++ p = xtryasprintf
++ (ngettext ("%d signature not checked due to a missing key\n",
++ "%d signatures not checked due to missing keys\n",
++ missing_issuer), missing_issuer);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++ if (bad_signature)
++ {
++ p = xtryasprintf (ngettext ("%d bad signature\n",
++ "%d bad signatures\n",
++ bad_signature), bad_signature);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (reordered)
++ {
++ p = xtryasprintf (ngettext ("%d signature reordered\n",
++ "%d signatures reordered\n",
++ reordered), reordered);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (only_selfsigs && (bad_signature || reordered))
++ {
++ p = xtryasprintf
++ (_("Warning: errors found and only checked self-signatures,"
++ " run '%s' to check all signatures.\n"), "check");
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++ }
+
+ return modified;
+ }
diff -Nru gnupg2-2.1.18/debian/patches/series gnupg2-2.1.18/debian/patches/series
--- gnupg2-2.1.18/debian/patches/series 2018-10-05 16:43:38.000000000 -0400
+++ gnupg2-2.1.18/debian/patches/series 2018-11-16 00:45:16.000000000 -0500
@@ -91,3 +91,4 @@
0091-gpg-Make-dry-run-work-for-secret-keys.patch
0092-gpg-Print-sec-sbb-with-import-option-import-show-or-.patch
0093-gpg-Check-and-fix-keys-on-import.patch
+0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
diff -Nru gnupg2-2.1.18/debian/rules gnupg2-2.1.18/debian/rules
--- gnupg2-2.1.18/debian/rules 2018-10-02 20:58:32.000000000 -0400
+++ gnupg2-2.1.18/debian/rules 2018-11-18 09:24:58.000000000 -0500
@@ -65,3 +65,9 @@
# Make ldap a recommends rather than a hard dependency.
dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr*
dh_shlibdeps -Ndirmngr
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ dh_auto_test --builddirectory=build
+ GPG=build/g10/gpg debian/tests/no-tty
+endif
diff -Nru gnupg2-2.1.18/debian/tests/control gnupg2-2.1.18/debian/tests/control
--- gnupg2-2.1.18/debian/tests/control 2018-10-02 20:58:32.000000000 -0400
+++ gnupg2-2.1.18/debian/tests/control 2018-11-16 00:45:16.000000000 -0500
@@ -1,3 +1,7 @@
Tests: gpgv-win32
Depends: gpgv-win32, gnupg2, gpgv2
Restrictions: needs-root, allow-stderr
+
+Tests: no-tty
+Depends: gpg
+Restrictions: allow-stderr
diff -Nru gnupg2-2.1.18/debian/tests/linus.key gnupg2-2.1.18/debian/tests/linus.key
--- gnupg2-2.1.18/debian/tests/linus.key 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/tests/linus.key 2018-11-16 00:45:16.000000000 -0500
@@ -0,0 +1,47 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT
+UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK
++BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg
+jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o
+5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys
+4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAGIeQQTFggAIRYhBCPJPAso
+64wfaAYn4W1XDDyBEWM0BQJaNu6QAwUBeAAKCRBtVww8gRFjNBmuAQDjEE9X0jgG
+PnWFDdlIfKX0+X8CA/TTYamGPy6dqS7BKwEAy9odyw6nzohBBBx86HiY7yKySXjy
+7LJwgun2gtMf0giIeQQTFggAIRYhBCPJPAso64wfaAYn4W1XDDyBEWM0BQJaNvA+
+AwUBeAAKCRBtVww8gRFjNNlSAQDVCjzc/lbaWRdMx0f9HtNOXDq/4wHh10gWEaH/
+IlXhaQD+O6lRk+8Tbj/x3qeYL65z1BdP8s/SHkZ695nKKnlMdwqIowQRFgoASxYh
+BOU7YErdNopTm7nrM6oU6WIA9eAGBQJZumaILRpodHRwOi8vZm94Y3BwLmR1Y2tk
+bnMub3JnL3BncC1rZXktcG9saWN5LnR4dAAKCRCqFOliAPXgBllsAP9wkYbtcjsg
+VVPm1dJHOp3GLupyNkvfjsuG39HxNEQ70wD/dMYqhcsDTyAdorE2c4aX6kiWDDAY
+dWiidvBGO3fxSQu0JExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BrZXJuZWwub3Jn
+PokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+PkMAQRiGBQJaHxkTAhsDBQsJCAcC
+BhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMAQRiGzMcH/ieyxrsHR0ng3pi+qy1/
+sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkBDfh9vPCVzPqX7siZMJxw3+wOfjNn
+GBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbvBf+xpiWOg2Myj5RYaOUBFbOEtfTP
+ob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+ER5VyF1yJEpl10rDTM91NhEeV0n4w
+pfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440ZSVWAnjwxhBLX2R0LUszRhU925c0v
+P2l20eFncBmAT0NKpn7v9a670WHv45PluG+SKKktf6b5/BtfqpC3eV58I6FEtSVp
+M1u5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf
+HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28
+qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3
+hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa
+p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o
+R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYh5BBMWCAAhFiEEI8k8
+CyjrjB9oBifhbVcMPIERYzQFAlo27pADBQF4AAoJEG1XDDyBEWM0Ga4BAOMQT1fS
+OAY+dYUN2Uh8pfT5fwID9NNhqYY/Lp2pLsErAQDL2h3LDqfOiEEEHHzoeJjvIrJJ
+ePLssnCC6faC0x/SCIh5BBMWCAAhFiEEI8k8CyjrjB9oBifhbVcMPIERYzQFAlo2
+8D4DBQF4AAoJEG1XDDyBEWM02VIBANUKPNz+VtpZF0zHR/0e005cOr/jAeHXSBYR
+of8iVeFpAP47qVGT7xNuP/Hep5gvrnPUF0/yz9IeRnr3mcoqeUx3CoijBBEWCgBL
+FiEE5TtgSt02ilObueszqhTpYgD14AYFAlm6ZogtGmh0dHA6Ly9mb3hjcHAuZHVj
+a2Rucy5vcmcvcGdwLWtleS1wb2xpY3kudHh0AAoJEKoU6WIA9eAGWWwA/3CRhu1y
+OyBVU+bV0kc6ncYu6nI2S9+Oy4bf0fE0RDvTAP90xiqFywNPIB2isTZzhpfqSJYM
+MBh1aKJ28EY7d/FJC4kBHwQYAQIACQUCTnkIkgIbDAAKCRB5vj5DAEEYhuobB/9F
+i1GVG5qnPq14S0WKYEW3N891L37LaXmDh977r/j2dyZOoYIiV4rx6a6urhq9Ubcg
+Nw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9HwUevDk2FMV1h9gkHLlqRUlTpjVdQw
+TB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBYO81OXrTE/fcZEgKCeKW2xdKRiazu
+6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6z2N4Sj0JBOobz4RR2JLElMEckMbd
+qbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVHnhvqQqanZz1i4I5IwHJxkUsYLddg
+YrylZH+MwNDlB5u3I138
+=SIhC
+-----END PGP PUBLIC KEY BLOCK-----
diff -Nru gnupg2-2.1.18/debian/tests/no-tty gnupg2-2.1.18/debian/tests/no-tty
--- gnupg2-2.1.18/debian/tests/no-tty 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/tests/no-tty 2018-11-16 00:45:16.000000000 -0500
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Ensure that import works fine without a tty (see
+# https://bugs.debian.org/913614)
+
+set -e
+GPG=${GPG:-gpg}
+export GNUPGHOME="$(mktemp -d)"
+
+cleanup() {
+ rm -rf "$GNUPGHOME"
+}
+trap cleanup EXIT
+
+setsid -w "$GPG" --import debian/tests/linus.key
Attachment:
signature.asc
Description: PGP signature