On Wed 2019-02-06 18:31:22 +0100, Cyril Brulebois wrote:
> Adam D. Barratt <adam@adam-barratt.org.uk> (2019-02-04):
>> Subject to a d-i ack, please go ahead; sorry for the delay.
>
> All my (d-i) local tests look good, no objections.
Thanks, Adam and KiBi. I've just uploaded 2.1.18-8~deb9u4 with the
attached debdiff (which i believe addresses the test failure that KiBi
found), and i've pushed the corresponding signed tag to the
debian/stretch branch on https://salsa.debian.org/debian/gnupg2
Please let me know if you need anything else from me to address this.
All the best,
--dkg
diff -Nru gnupg2-2.1.18/debian/changelog gnupg2-2.1.18/debian/changelog
--- gnupg2-2.1.18/debian/changelog 2018-10-05 16:43:38.000000000 -0400
+++ gnupg2-2.1.18/debian/changelog 2019-02-07 15:57:27.000000000 -0500
@@ -1,3 +1,9 @@
+gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium
+
+ * Avoid crash when importing without a TTY (Closes: #913614)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 07 Feb 2019 15:57:27 -0500
+
gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium
* block trivial access to scdaemon memory (Closes: #878952)
diff -Nru gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
--- gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 2018-11-16 00:45:16.000000000 -0500
@@ -0,0 +1,200 @@
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 15 Nov 2018 18:24:56 -0500
+Subject: gpg: Avoid superfluous sig check info during import.
+
+* g10/key-check.c (print_info): New.
+(key_check_all_keysigs): Print sig checking results only in debug
+mode. Prettify the stats info and suppress them in quiet mode.
+
+--
+
+This also makes usable stats by prefixing them with the key and the
+program name.
+
+GnuPG-bug-id: 3397
+Signed-off-by: Werner Koch <wk@gnupg.org>
+
+(cherry-picked/backported from upstream
+84af859e391a757877c9a1d78e35face983e6d23 by dkg)
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/keyedit.c | 133 +++++++++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 95 insertions(+), 38 deletions(-)
+
+diff --git a/g10/keyedit.c b/g10/keyedit.c
+index 3d6c5d4c4..bdeb251f9 100644
+--- a/g10/keyedit.c
++++ b/g10/keyedit.c
+@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
+ }
+
+
++/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with
++ * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it
++ * may be modified by this function. */
++static void
++print_info (int mode, const char *prefix, char *text)
++{
++ char *p;
++
++ if (!text)
++ text = "";
++ else if ((p = strchr (text,'\n')))
++ *p = 0; /* Strip LF. */
++
++ if (mode > 0)
++ log_info ("%s %s\n", prefix, text);
++ else
++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text);
++}
++
++
+
+ /* Order two signatures. The actual ordering isn't important. Our
+ goal is to ensure that identical signatures occur together. */
+@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ has_selfsig = 1;
+ }
+
+- if ((n2 && n2 != last_printed_component)
+- || (! n2 && last_printed_component != current_component))
++ if (DBG_PACKET
++ && ((n2 && n2 != last_printed_component)
++ || (! n2 && last_printed_component != current_component)))
+ {
+ int is_reordered = n2 && n2 != current_component;
+ if (n2)
+@@ -779,31 +800,32 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ ;
+ else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
+ {
+- tty_printf ("uid ");
+- tty_print_utf8_string (last_printed_component
+- ->pkt->pkt.user_id->name,
+- last_printed_component
+- ->pkt->pkt.user_id->len);
++ log_debug ("uid ");
++ print_utf8_buffer (log_get_stream (),
++ last_printed_component
++ ->pkt->pkt.user_id->name,
++ last_printed_component
++ ->pkt->pkt.user_id->len);
++ log_flush ();
+ }
+ else if (last_printed_component->pkt->pkttype
+ == PKT_PUBLIC_KEY)
+- tty_printf ("pub %s",
+- pk_keyid_str (last_printed_component
+- ->pkt->pkt.public_key));
++ log_debug ("pub %s",
++ pk_keyid_str (last_printed_component
++ ->pkt->pkt.public_key));
+ else
+- tty_printf ("sub %s",
+- pk_keyid_str (last_printed_component
+- ->pkt->pkt.public_key));
++ log_debug ("sub %s",
++ pk_keyid_str (last_printed_component
++ ->pkt->pkt.public_key));
+
+ if (modified)
+ {
+ if (is_reordered)
+- tty_printf (_(" (reordered signatures follow)"));
+- tty_printf ("\n");
++ log_debug ("%s\n", _(" (reordered signatures follow)"));
+ }
+ }
+
+- if (modified)
++ if (DBG_PACKET && modified)
+ print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig,
+ 0, only_selfsigs);
+ }
+@@ -910,28 +932,63 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
+ }
+ }
+
+- if (dups || missing_issuer || bad_signature || reordered)
+- tty_printf (_("key %s:\n"), pk_keyid_str (pk));
+-
+- if (dups)
+- tty_printf (ngettext ("%d duplicate signature removed\n",
+- "%d duplicate signatures removed\n", dups), dups);
+- if (missing_issuer)
+- tty_printf (ngettext ("%d signature not checked due to a missing key\n",
+- "%d signatures not checked due to missing keys\n",
+- missing_issuer), missing_issuer);
+- if (bad_signature)
+- tty_printf (ngettext ("%d bad signature\n",
+- "%d bad signatures\n",
+- bad_signature), bad_signature);
+- if (reordered)
+- tty_printf (ngettext ("%d signature reordered\n",
+- "%d signatures reordered\n",
+- reordered), reordered);
+-
+- if (only_selfsigs && (bad_signature || reordered))
+- tty_printf (_("Warning: errors found and only checked self-signatures,"
+- " run '%s' to check all signatures.\n"), "check");
++ if (!opt.quiet)
++ {
++ char prefix[100];
++ char *p;
++ int mode = 1;
++
++ /* To avoid string changes in 2.2 we strip the LF here. */
++ snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk));
++ p = strrchr (prefix, '\n');
++ if (p)
++ *p = 0;
++
++ if (dups)
++ {
++ p = xtryasprintf
++ (ngettext ("%d duplicate signature removed\n",
++ "%d duplicate signatures removed\n", dups), dups);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (missing_issuer)
++ {
++ p = xtryasprintf
++ (ngettext ("%d signature not checked due to a missing key\n",
++ "%d signatures not checked due to missing keys\n",
++ missing_issuer), missing_issuer);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++ if (bad_signature)
++ {
++ p = xtryasprintf (ngettext ("%d bad signature\n",
++ "%d bad signatures\n",
++ bad_signature), bad_signature);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (reordered)
++ {
++ p = xtryasprintf (ngettext ("%d signature reordered\n",
++ "%d signatures reordered\n",
++ reordered), reordered);
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++
++ if (only_selfsigs && (bad_signature || reordered))
++ {
++ p = xtryasprintf
++ (_("Warning: errors found and only checked self-signatures,"
++ " run '%s' to check all signatures.\n"), "check");
++ print_info (mode, prefix, p);
++ xfree (p);
++ }
++ }
+
+ return modified;
+ }
diff -Nru gnupg2-2.1.18/debian/patches/series gnupg2-2.1.18/debian/patches/series
--- gnupg2-2.1.18/debian/patches/series 2018-10-05 16:43:38.000000000 -0400
+++ gnupg2-2.1.18/debian/patches/series 2018-11-16 00:45:16.000000000 -0500
@@ -91,3 +91,4 @@
0091-gpg-Make-dry-run-work-for-secret-keys.patch
0092-gpg-Print-sec-sbb-with-import-option-import-show-or-.patch
0093-gpg-Check-and-fix-keys-on-import.patch
+0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch
diff -Nru gnupg2-2.1.18/debian/rules gnupg2-2.1.18/debian/rules
--- gnupg2-2.1.18/debian/rules 2018-10-02 20:58:32.000000000 -0400
+++ gnupg2-2.1.18/debian/rules 2019-02-07 15:57:27.000000000 -0500
@@ -65,3 +65,9 @@
# Make ldap a recommends rather than a hard dependency.
dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr*
dh_shlibdeps -Ndirmngr
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ dh_auto_test --builddirectory=build
+ GPG=build/g10/gpg GPG_AGENT=build/agent/gpg-agent debian/tests/no-tty
+endif
diff -Nru gnupg2-2.1.18/debian/tests/control gnupg2-2.1.18/debian/tests/control
--- gnupg2-2.1.18/debian/tests/control 2018-10-02 20:58:32.000000000 -0400
+++ gnupg2-2.1.18/debian/tests/control 2018-11-16 00:45:16.000000000 -0500
@@ -1,3 +1,7 @@
Tests: gpgv-win32
Depends: gpgv-win32, gnupg2, gpgv2
Restrictions: needs-root, allow-stderr
+
+Tests: no-tty
+Depends: gpg
+Restrictions: allow-stderr
diff -Nru gnupg2-2.1.18/debian/tests/linus.key gnupg2-2.1.18/debian/tests/linus.key
--- gnupg2-2.1.18/debian/tests/linus.key 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/tests/linus.key 2018-11-16 00:45:16.000000000 -0500
@@ -0,0 +1,47 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT
+UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK
++BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg
+jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o
+5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys
+4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAGIeQQTFggAIRYhBCPJPAso
+64wfaAYn4W1XDDyBEWM0BQJaNu6QAwUBeAAKCRBtVww8gRFjNBmuAQDjEE9X0jgG
+PnWFDdlIfKX0+X8CA/TTYamGPy6dqS7BKwEAy9odyw6nzohBBBx86HiY7yKySXjy
+7LJwgun2gtMf0giIeQQTFggAIRYhBCPJPAso64wfaAYn4W1XDDyBEWM0BQJaNvA+
+AwUBeAAKCRBtVww8gRFjNNlSAQDVCjzc/lbaWRdMx0f9HtNOXDq/4wHh10gWEaH/
+IlXhaQD+O6lRk+8Tbj/x3qeYL65z1BdP8s/SHkZ695nKKnlMdwqIowQRFgoASxYh
+BOU7YErdNopTm7nrM6oU6WIA9eAGBQJZumaILRpodHRwOi8vZm94Y3BwLmR1Y2tk
+bnMub3JnL3BncC1rZXktcG9saWN5LnR4dAAKCRCqFOliAPXgBllsAP9wkYbtcjsg
+VVPm1dJHOp3GLupyNkvfjsuG39HxNEQ70wD/dMYqhcsDTyAdorE2c4aX6kiWDDAY
+dWiidvBGO3fxSQu0JExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BrZXJuZWwub3Jn
+PokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+PkMAQRiGBQJaHxkTAhsDBQsJCAcC
+BhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMAQRiGzMcH/ieyxrsHR0ng3pi+qy1/
+sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkBDfh9vPCVzPqX7siZMJxw3+wOfjNn
+GBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbvBf+xpiWOg2Myj5RYaOUBFbOEtfTP
+ob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+ER5VyF1yJEpl10rDTM91NhEeV0n4w
+pfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440ZSVWAnjwxhBLX2R0LUszRhU925c0v
+P2l20eFncBmAT0NKpn7v9a670WHv45PluG+SKKktf6b5/BtfqpC3eV58I6FEtSVp
+M1u5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf
+HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28
+qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3
+hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa
+p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o
+R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYh5BBMWCAAhFiEEI8k8
+CyjrjB9oBifhbVcMPIERYzQFAlo27pADBQF4AAoJEG1XDDyBEWM0Ga4BAOMQT1fS
+OAY+dYUN2Uh8pfT5fwID9NNhqYY/Lp2pLsErAQDL2h3LDqfOiEEEHHzoeJjvIrJJ
+ePLssnCC6faC0x/SCIh5BBMWCAAhFiEEI8k8CyjrjB9oBifhbVcMPIERYzQFAlo2
+8D4DBQF4AAoJEG1XDDyBEWM02VIBANUKPNz+VtpZF0zHR/0e005cOr/jAeHXSBYR
+of8iVeFpAP47qVGT7xNuP/Hep5gvrnPUF0/yz9IeRnr3mcoqeUx3CoijBBEWCgBL
+FiEE5TtgSt02ilObueszqhTpYgD14AYFAlm6ZogtGmh0dHA6Ly9mb3hjcHAuZHVj
+a2Rucy5vcmcvcGdwLWtleS1wb2xpY3kudHh0AAoJEKoU6WIA9eAGWWwA/3CRhu1y
+OyBVU+bV0kc6ncYu6nI2S9+Oy4bf0fE0RDvTAP90xiqFywNPIB2isTZzhpfqSJYM
+MBh1aKJ28EY7d/FJC4kBHwQYAQIACQUCTnkIkgIbDAAKCRB5vj5DAEEYhuobB/9F
+i1GVG5qnPq14S0WKYEW3N891L37LaXmDh977r/j2dyZOoYIiV4rx6a6urhq9Ubcg
+Nw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9HwUevDk2FMV1h9gkHLlqRUlTpjVdQw
+TB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBYO81OXrTE/fcZEgKCeKW2xdKRiazu
+6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6z2N4Sj0JBOobz4RR2JLElMEckMbd
+qbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVHnhvqQqanZz1i4I5IwHJxkUsYLddg
+YrylZH+MwNDlB5u3I138
+=SIhC
+-----END PGP PUBLIC KEY BLOCK-----
diff -Nru gnupg2-2.1.18/debian/tests/no-tty gnupg2-2.1.18/debian/tests/no-tty
--- gnupg2-2.1.18/debian/tests/no-tty 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.1.18/debian/tests/no-tty 2019-02-07 15:57:27.000000000 -0500
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Ensure that import works fine without a tty (see
+# https://bugs.debian.org/913614)
+
+set -e
+GPG=${GPG:-gpg}
+GPG_AGENT=${GPG_AGENT:-gpg-agent}
+export GNUPGHOME="$(mktemp -d)"
+
+cleanup() {
+ rm -rf "$GNUPGHOME"
+}
+trap cleanup EXIT
+
+"$GPG_AGENT" --daemon
+setsid -w "$GPG" --import debian/tests/linus.key
Attachment:
signature.asc
Description: PGP signature