Your message dated Sat, 16 Feb 2019 11:36:33 +0000 with message-id <1550316993.21192.50.camel@adam-barratt.org.uk> and subject line Closing bugs for updates included in 9.8 has caused the Debian Bug report #914032, regarding stretch-pu: package gnupg2/2.1.18-8~deb9u4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 914032: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914032 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: stretch-pu: package gnupg2/2.1.18-8~deb9u4
- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Sun, 18 Nov 2018 12:38:21 -0500
- Message-id: <87r2fip9pu.fsf@fifthhorseman.net>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: stretch Severity: normal Control: affects -1 src:gnupg2 Control: block 913614 by -1 When fixing #906545 (GnuPG rejects some malformed keys during import instead of cleaning), i inadvertently introduced #913614 (GnuPG fails to import keys when no TTY attached and --batch is not specified) into debian stable. This slipped through because there was no test for this particular use case :( GnuPG upstream has stated that all automated/scripted use (the typical situation where no TTY is present) should always specify --batch, therefore the specific use case is considered out of scope, despite apparently being widely used in places like docker scripts without --batch. The attached patch to the gnupg2 packaging in stable resolves #913614 without re-breaking #906545, and also introduces a test for the specific use case for #913614. The test should run both at build time and with the autopkgtest suite. Adrian Bunk tagged #913614 as severity serious, making it RC critical. If we want to resolve the RC bug in debian stretch, then we need to use something like the attached debdiff as gnupg2/2.1.18-8~deb9u4. Alternately, if this is not RC-critical, then the bug report should have its severity reduced. Please let me know if you want me to go ahead with the upload, or if you would like to see anything else addressed. Apologies for the hassle. Regards, --dkg -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)diff -Nru gnupg2-2.1.18/debian/changelog gnupg2-2.1.18/debian/changelog --- gnupg2-2.1.18/debian/changelog 2018-10-05 16:43:38.000000000 -0400 +++ gnupg2-2.1.18/debian/changelog 2018-11-18 12:20:52.000000000 -0500 @@ -1,3 +1,9 @@ +gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium + + * Avoid crash when importing without a TTY (closes #913614) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 18 Nov 2018 12:20:52 -0500 + gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium * block trivial access to scdaemon memory (Closes: #878952) diff -Nru gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch --- gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 1969-12-31 19:00:00.000000000 -0500 +++ gnupg2-2.1.18/debian/patches/0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch 2018-11-16 00:45:16.000000000 -0500 @@ -0,0 +1,200 @@ +From: Werner Koch <wk@gnupg.org> +Date: Thu, 15 Nov 2018 18:24:56 -0500 +Subject: gpg: Avoid superfluous sig check info during import. + +* g10/key-check.c (print_info): New. +(key_check_all_keysigs): Print sig checking results only in debug +mode. Prettify the stats info and suppress them in quiet mode. + +-- + +This also makes usable stats by prefixing them with the key and the +program name. + +GnuPG-bug-id: 3397 +Signed-off-by: Werner Koch <wk@gnupg.org> + +(cherry-picked/backported from upstream +84af859e391a757877c9a1d78e35face983e6d23 by dkg) + +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/keyedit.c | 133 +++++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 95 insertions(+), 38 deletions(-) + +diff --git a/g10/keyedit.c b/g10/keyedit.c +index 3d6c5d4c4..bdeb251f9 100644 +--- a/g10/keyedit.c ++++ b/g10/keyedit.c +@@ -329,6 +329,26 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node, + } + + ++/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with ++ * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it ++ * may be modified by this function. */ ++static void ++print_info (int mode, const char *prefix, char *text) ++{ ++ char *p; ++ ++ if (!text) ++ text = ""; ++ else if ((p = strchr (text,'\n'))) ++ *p = 0; /* Strip LF. */ ++ ++ if (mode > 0) ++ log_info ("%s %s\n", prefix, text); ++ else ++ tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text); ++} ++ ++ + + /* Order two signatures. The actual ordering isn't important. Our + goal is to ensure that identical signatures occur together. */ +@@ -766,8 +786,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + has_selfsig = 1; + } + +- if ((n2 && n2 != last_printed_component) +- || (! n2 && last_printed_component != current_component)) ++ if (DBG_PACKET ++ && ((n2 && n2 != last_printed_component) ++ || (! n2 && last_printed_component != current_component))) + { + int is_reordered = n2 && n2 != current_component; + if (n2) +@@ -779,31 +800,32 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + ; + else if (last_printed_component->pkt->pkttype == PKT_USER_ID) + { +- tty_printf ("uid "); +- tty_print_utf8_string (last_printed_component +- ->pkt->pkt.user_id->name, +- last_printed_component +- ->pkt->pkt.user_id->len); ++ log_debug ("uid "); ++ print_utf8_buffer (log_get_stream (), ++ last_printed_component ++ ->pkt->pkt.user_id->name, ++ last_printed_component ++ ->pkt->pkt.user_id->len); ++ log_flush (); + } + else if (last_printed_component->pkt->pkttype + == PKT_PUBLIC_KEY) +- tty_printf ("pub %s", +- pk_keyid_str (last_printed_component +- ->pkt->pkt.public_key)); ++ log_debug ("pub %s", ++ pk_keyid_str (last_printed_component ++ ->pkt->pkt.public_key)); + else +- tty_printf ("sub %s", +- pk_keyid_str (last_printed_component +- ->pkt->pkt.public_key)); ++ log_debug ("sub %s", ++ pk_keyid_str (last_printed_component ++ ->pkt->pkt.public_key)); + + if (modified) + { + if (is_reordered) +- tty_printf (_(" (reordered signatures follow)")); +- tty_printf ("\n"); ++ log_debug ("%s\n", _(" (reordered signatures follow)")); + } + } + +- if (modified) ++ if (DBG_PACKET && modified) + print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig, + 0, only_selfsigs); + } +@@ -910,28 +932,63 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) + } + } + +- if (dups || missing_issuer || bad_signature || reordered) +- tty_printf (_("key %s:\n"), pk_keyid_str (pk)); +- +- if (dups) +- tty_printf (ngettext ("%d duplicate signature removed\n", +- "%d duplicate signatures removed\n", dups), dups); +- if (missing_issuer) +- tty_printf (ngettext ("%d signature not checked due to a missing key\n", +- "%d signatures not checked due to missing keys\n", +- missing_issuer), missing_issuer); +- if (bad_signature) +- tty_printf (ngettext ("%d bad signature\n", +- "%d bad signatures\n", +- bad_signature), bad_signature); +- if (reordered) +- tty_printf (ngettext ("%d signature reordered\n", +- "%d signatures reordered\n", +- reordered), reordered); +- +- if (only_selfsigs && (bad_signature || reordered)) +- tty_printf (_("Warning: errors found and only checked self-signatures," +- " run '%s' to check all signatures.\n"), "check"); ++ if (!opt.quiet) ++ { ++ char prefix[100]; ++ char *p; ++ int mode = 1; ++ ++ /* To avoid string changes in 2.2 we strip the LF here. */ ++ snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk)); ++ p = strrchr (prefix, '\n'); ++ if (p) ++ *p = 0; ++ ++ if (dups) ++ { ++ p = xtryasprintf ++ (ngettext ("%d duplicate signature removed\n", ++ "%d duplicate signatures removed\n", dups), dups); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (missing_issuer) ++ { ++ p = xtryasprintf ++ (ngettext ("%d signature not checked due to a missing key\n", ++ "%d signatures not checked due to missing keys\n", ++ missing_issuer), missing_issuer); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ if (bad_signature) ++ { ++ p = xtryasprintf (ngettext ("%d bad signature\n", ++ "%d bad signatures\n", ++ bad_signature), bad_signature); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (reordered) ++ { ++ p = xtryasprintf (ngettext ("%d signature reordered\n", ++ "%d signatures reordered\n", ++ reordered), reordered); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ ++ if (only_selfsigs && (bad_signature || reordered)) ++ { ++ p = xtryasprintf ++ (_("Warning: errors found and only checked self-signatures," ++ " run '%s' to check all signatures.\n"), "check"); ++ print_info (mode, prefix, p); ++ xfree (p); ++ } ++ } + + return modified; + } diff -Nru gnupg2-2.1.18/debian/patches/series gnupg2-2.1.18/debian/patches/series --- gnupg2-2.1.18/debian/patches/series 2018-10-05 16:43:38.000000000 -0400 +++ gnupg2-2.1.18/debian/patches/series 2018-11-16 00:45:16.000000000 -0500 @@ -91,3 +91,4 @@ 0091-gpg-Make-dry-run-work-for-secret-keys.patch 0092-gpg-Print-sec-sbb-with-import-option-import-show-or-.patch 0093-gpg-Check-and-fix-keys-on-import.patch +0094-gpg-Avoid-superfluous-sig-check-info-during-import.patch diff -Nru gnupg2-2.1.18/debian/rules gnupg2-2.1.18/debian/rules --- gnupg2-2.1.18/debian/rules 2018-10-02 20:58:32.000000000 -0400 +++ gnupg2-2.1.18/debian/rules 2018-11-18 09:24:58.000000000 -0500 @@ -65,3 +65,9 @@ # Make ldap a recommends rather than a hard dependency. dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* dh_shlibdeps -Ndirmngr + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + dh_auto_test --builddirectory=build + GPG=build/g10/gpg debian/tests/no-tty +endif diff -Nru gnupg2-2.1.18/debian/tests/control gnupg2-2.1.18/debian/tests/control --- gnupg2-2.1.18/debian/tests/control 2018-10-02 20:58:32.000000000 -0400 +++ gnupg2-2.1.18/debian/tests/control 2018-11-16 00:45:16.000000000 -0500 @@ -1,3 +1,7 @@ Tests: gpgv-win32 Depends: gpgv-win32, gnupg2, gpgv2 Restrictions: needs-root, allow-stderr + +Tests: no-tty +Depends: gpg +Restrictions: allow-stderr diff -Nru gnupg2-2.1.18/debian/tests/linus.key gnupg2-2.1.18/debian/tests/linus.key --- gnupg2-2.1.18/debian/tests/linus.key 1969-12-31 19:00:00.000000000 -0500 +++ gnupg2-2.1.18/debian/tests/linus.key 2018-11-16 00:45:16.000000000 -0500 @@ -0,0 +1,47 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT +UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK ++BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg +jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o +5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys +4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAGIeQQTFggAIRYhBCPJPAso +64wfaAYn4W1XDDyBEWM0BQJaNu6QAwUBeAAKCRBtVww8gRFjNBmuAQDjEE9X0jgG +PnWFDdlIfKX0+X8CA/TTYamGPy6dqS7BKwEAy9odyw6nzohBBBx86HiY7yKySXjy +7LJwgun2gtMf0giIeQQTFggAIRYhBCPJPAso64wfaAYn4W1XDDyBEWM0BQJaNvA+ +AwUBeAAKCRBtVww8gRFjNNlSAQDVCjzc/lbaWRdMx0f9HtNOXDq/4wHh10gWEaH/ +IlXhaQD+O6lRk+8Tbj/x3qeYL65z1BdP8s/SHkZ695nKKnlMdwqIowQRFgoASxYh +BOU7YErdNopTm7nrM6oU6WIA9eAGBQJZumaILRpodHRwOi8vZm94Y3BwLmR1Y2tk +bnMub3JnL3BncC1rZXktcG9saWN5LnR4dAAKCRCqFOliAPXgBllsAP9wkYbtcjsg +VVPm1dJHOp3GLupyNkvfjsuG39HxNEQ70wD/dMYqhcsDTyAdorE2c4aX6kiWDDAY +dWiidvBGO3fxSQu0JExpbnVzIFRvcnZhbGRzIDx0b3J2YWxkc0BrZXJuZWwub3Jn +PokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+PkMAQRiGBQJaHxkTAhsDBQsJCAcC +BhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMAQRiGzMcH/ieyxrsHR0ng3pi+qy1/ +sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkBDfh9vPCVzPqX7siZMJxw3+wOfjNn +GBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbvBf+xpiWOg2Myj5RYaOUBFbOEtfTP +ob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+ER5VyF1yJEpl10rDTM91NhEeV0n4w +pfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440ZSVWAnjwxhBLX2R0LUszRhU925c0v +P2l20eFncBmAT0NKpn7v9a670WHv45PluG+SKKktf6b5/BtfqpC3eV58I6FEtSVp +M1u5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf +HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28 +qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3 +hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa +p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o +R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYh5BBMWCAAhFiEEI8k8 +CyjrjB9oBifhbVcMPIERYzQFAlo27pADBQF4AAoJEG1XDDyBEWM0Ga4BAOMQT1fS +OAY+dYUN2Uh8pfT5fwID9NNhqYY/Lp2pLsErAQDL2h3LDqfOiEEEHHzoeJjvIrJJ +ePLssnCC6faC0x/SCIh5BBMWCAAhFiEEI8k8CyjrjB9oBifhbVcMPIERYzQFAlo2 +8D4DBQF4AAoJEG1XDDyBEWM02VIBANUKPNz+VtpZF0zHR/0e005cOr/jAeHXSBYR +of8iVeFpAP47qVGT7xNuP/Hep5gvrnPUF0/yz9IeRnr3mcoqeUx3CoijBBEWCgBL +FiEE5TtgSt02ilObueszqhTpYgD14AYFAlm6ZogtGmh0dHA6Ly9mb3hjcHAuZHVj +a2Rucy5vcmcvcGdwLWtleS1wb2xpY3kudHh0AAoJEKoU6WIA9eAGWWwA/3CRhu1y +OyBVU+bV0kc6ncYu6nI2S9+Oy4bf0fE0RDvTAP90xiqFywNPIB2isTZzhpfqSJYM +MBh1aKJ28EY7d/FJC4kBHwQYAQIACQUCTnkIkgIbDAAKCRB5vj5DAEEYhuobB/9F +i1GVG5qnPq14S0WKYEW3N891L37LaXmDh977r/j2dyZOoYIiV4rx6a6urhq9Ubcg +Nw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9HwUevDk2FMV1h9gkHLlqRUlTpjVdQw +TB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBYO81OXrTE/fcZEgKCeKW2xdKRiazu +6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6z2N4Sj0JBOobz4RR2JLElMEckMbd +qbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVHnhvqQqanZz1i4I5IwHJxkUsYLddg +YrylZH+MwNDlB5u3I138 +=SIhC +-----END PGP PUBLIC KEY BLOCK----- diff -Nru gnupg2-2.1.18/debian/tests/no-tty gnupg2-2.1.18/debian/tests/no-tty --- gnupg2-2.1.18/debian/tests/no-tty 1969-12-31 19:00:00.000000000 -0500 +++ gnupg2-2.1.18/debian/tests/no-tty 2018-11-16 00:45:16.000000000 -0500 @@ -0,0 +1,17 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> + +# Ensure that import works fine without a tty (see +# https://bugs.debian.org/913614) + +set -e +GPG=${GPG:-gpg} +export GNUPGHOME="$(mktemp -d)" + +cleanup() { + rm -rf "$GNUPGHOME" +} +trap cleanup EXIT + +setsid -w "$GPG" --import debian/tests/linus.keyAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 871937-done@bugs.debian.org, 878816-done@bugs.debian.org, 880622-done@bugs.debian.org, 882824-done@bugs.debian.org, 887157-done@bugs.debian.org, 887399-done@bugs.debian.org, 891569-done@bugs.debian.org, 891649-done@bugs.debian.org, 891660-done@bugs.debian.org, 892845-done@bugs.debian.org, 892853-done@bugs.debian.org, 893541-done@bugs.debian.org, 893543-done@bugs.debian.org, 893550-done@bugs.debian.org, 896811-done@bugs.debian.org, 906142-done@bugs.debian.org, 906239-done@bugs.debian.org, 906813-done@bugs.debian.org, 908957-done@bugs.debian.org, 908960-done@bugs.debian.org, 908965-done@bugs.debian.org, 909127-done@bugs.debian.org, 909131-done@bugs.debian.org, 909213-done@bugs.debian.org, 913085-done@bugs.debian.org, 913525-done@bugs.debian.org, 913529-done@bugs.debian.org, 913801-done@bugs.debian.org, 913881-done@bugs.debian.org, 913885-done@bugs.debian.org, 913942-done@bugs.debian.org, 914032-done@bugs.debian.org, 914081-done@bugs.debian.org, 914184-done@bugs.debian.org, 914265-done@bugs.debian.org, 914475-done@bugs.debian.org, 914594-done@bugs.debian.org, 914841-done@bugs.debian.org, 914961-done@bugs.debian.org, 915715-done@bugs.debian.org, 915875-done@bugs.debian.org, 916435-done@bugs.debian.org, 916627-done@bugs.debian.org, 916632-done@bugs.debian.org, 916882-done@bugs.debian.org, 916912-done@bugs.debian.org, 917560-done@bugs.debian.org, 917620-done@bugs.debian.org, 917820-done@bugs.debian.org, 917900-done@bugs.debian.org, 917911-done@bugs.debian.org, 918337-done@bugs.debian.org, 918601-done@bugs.debian.org, 918762-done@bugs.debian.org, 919106-done@bugs.debian.org, 919712-done@bugs.debian.org, 919990-done@bugs.debian.org, 920372-done@bugs.debian.org, 920379-done@bugs.debian.org, 920381-done@bugs.debian.org, 920382-done@bugs.debian.org, 920632-done@bugs.debian.org, 920804-done@bugs.debian.org, 921107-done@bugs.debian.org, 921117-done@bugs.debian.org, 921281-done@bugs.debian.org, 921475-done@bugs.debian.org, 921620-done@bugs.debian.org, 921642-done@bugs.debian.org, 921643-done@bugs.debian.org, 921743-done@bugs.debian.org, 921811-done@bugs.debian.org, 921825-done@bugs.debian.org, 921844-done@bugs.debian.org, 921857-done@bugs.debian.org, 921864-done@bugs.debian.org, 921876-done@bugs.debian.org, 921885-done@bugs.debian.org, 921893-done@bugs.debian.org, 921907-done@bugs.debian.org, 921908-done@bugs.debian.org, 921910-done@bugs.debian.org, 921911-done@bugs.debian.org, 921997-done@bugs.debian.org, 922221-done@bugs.debian.org
- Subject: Closing bugs for updates included in 9.8
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 16 Feb 2019 11:36:33 +0000
- Message-id: <1550316993.21192.50.camel@adam-barratt.org.uk>
Version: 9.8 Hi, The update referenced by each of these bugs was included in this morning's stretch point release. Regards, Adam
--- End Message ---