[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1025716: bullseye-pu: package mutt/2.0.5-4.1+deb11u2



Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mutt@packages.debian.org, Marc Haber <mh+debian-packages@zugschlus.de>, "Kevin J. McCarthy" <kevin@8t8.us>, Antonio Radici <antonio@debian.org>, carnil@debian.org
Control: affects -1 + src:mutt

Hi Stable release managers,

[ Reason ]
mutt in bullseye (fixed in unstable already) is affected by #1024427,
mutt segfaults in pgp_gpgme_extract_keys(). The bug #1024427 attaches
a test mailbox (originally from debian-mentors list) to verify the
fix.

[ Impact ]
mutt crash if user opens problemac mail triggering the issue.

[ Tests ]
Explicitly tested agains the testcase attached in #bug1024427.

[ Risks ]
Patches are taken from upstream, with upstream indicating to them in
https://bugs.debian.org/1024427#10

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Adds the three patches from upstream. Quoting upstream: The first is
just a cleaned up version of the patch you tested. The second fixes a
bug in the same function when used with older versions of gpgme. The
last fixes a similar potential key->uid dereference bug elsewhere in
the gpgme code.

[ Other info ]
None.

Regards,
Salvatore
diff -Nru mutt-2.0.5/debian/changelog mutt-2.0.5/debian/changelog
--- mutt-2.0.5/debian/changelog	2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/changelog	2022-12-07 22:39:58.000000000 +0100
@@ -1,3 +1,12 @@
+mutt (2.0.5-4.1+deb11u2) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix gpgme crash when listing keys in a public key block (Closes: #1024427)
+  * Fix public key block listing for old versions of gpgme
+  * Add a check for key->uids in create_recipient_set
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 07 Dec 2022 22:39:58 +0100
+
 mutt (2.0.5-4.1+deb11u1) bullseye; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mutt-2.0.5/debian/patches/series mutt-2.0.5/debian/patches/series
--- mutt-2.0.5/debian/patches/series	2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/patches/series	2022-12-07 22:39:58.000000000 +0100
@@ -15,3 +15,6 @@
 upstream/985152-body-color-slowness.patch
 upstream/Fix-seqset-iterator-when-it-ends-in-a-comma.patch
 upstream/Fix-uudecode-buffer-overflow.patch
+upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
+upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
+upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
diff -Nru mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
--- mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,30 @@
+From b254f2fb44f994c48e2491adaf03d97d3c628283 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Tue, 1 Nov 2022 20:22:06 -0700
+Subject: [PATCH] Add a check for key->uids in create_recipient_set.
+
+For gpgme < 1.11.0, it used this function to create the encryption key
+list.  The '!' was interpreted differently back then, and it
+apparently didn't check if the returned key had any uids before
+referencing it.  Add a check to prevent a segv as in the public key
+block fix.
+---
+ crypt-gpgme.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index bf120ab50fc2..fdf44af4fe3d 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -915,7 +915,7 @@ static gpgme_key_t *create_recipient_set (const char *keylist, int use_smime)
+             buf[i-1] = 0;
+ 
+             err = gpgme_get_key (context, buf, &key, 0);
+-            if (! err)
++            if (! err && key->uids)
+               key->uids->validity = GPGME_VALIDITY_FULL;
+             buf[i-1] = '!';
+           }
+-- 
+2.38.1
+
diff -Nru mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
--- mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,54 @@
+From 48b6ea32e21db8b580cd3ca8c346c3e2c22756f6 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 31 Oct 2022 15:02:57 -0700
+Subject: [PATCH] Fix gpgme crash when listing keys in a public key block.
+
+The gpgme code handling classic application/pgp assumed each key would
+have a uid.  Change it to check for a missing uid list.
+
+Also change it to list every uid (instead of only the first), and to
+put each one on a "uid" line in the output.
+
+The output is only for display, so the format change won't affect
+other parts of the code.
+
+Thanks to Mikko Lehto for the high quality bug report, detailing the
+exact place of the crash with a reproducing example and a workaround
+patch.
+---
+ crypt-gpgme.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index e74caecba34e..5c3c0fe51669 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2422,14 +2422,18 @@ static int pgp_gpgme_extract_keys (gpgme_data_t keydata, FILE** fp)
+       tt = subkey->timestamp;
+       strftime (date, sizeof (date), "%Y-%m-%d", localtime (&tt));
+ 
++      fprintf (*fp, "%s %5.5s %d/%8s %s\n",
++               more ? "sub" : "pub",
++               gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
++               shortid, date);
+       if (!more)
+-        fprintf (*fp, "%s %5.5s %d/%8s %s %s\n", more ? "sub" : "pub",
+-                 gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+-                 shortid, date, uid->uid);
+-      else
+-        fprintf (*fp, "%s %5.5s %d/%8s %s\n", more ? "sub" : "pub",
+-                 gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+-                 shortid, date);
++      {
++        while (uid)
++        {
++          fprintf (*fp, "uid %s\n", NONULL (uid->uid));
++          uid = uid->next;
++        }
++      }
+       subkey = subkey->next;
+       more = 1;
+     }
+-- 
+2.38.1
+
diff -Nru mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
--- mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,31 @@
+From f0eb3586480c301b66657c7326b6546ef086c7f4 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 31 Oct 2022 15:06:51 -0700
+Subject: [PATCH] Fix public key block listing for old versions of gpgme.
+
+Commit 382355a5 accidentally removed the data import for legacy mode,
+which would cause it to produce empty output.
+---
+ crypt-gpgme.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index 5c3c0fe51669..bf120ab50fc2 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2386,6 +2386,12 @@ static int pgp_gpgme_extract_keys (gpgme_data_t keydata, FILE** fp)
+       dprint (1, (debugfile, "Error setting GPGME context home\n"));
+       goto err_tmpdir;
+     }
++
++    if ((err = gpgme_op_import (tmpctx, keydata)) != GPG_ERR_NO_ERROR)
++    {
++      dprint (1, (debugfile, "Error importing key\n"));
++      goto err_tmpdir;
++    }
+   }
+ 
+   tmpfile = mutt_buffer_pool_get ();
+-- 
+2.38.1
+

Reply to: