[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1025716: marked as done (bullseye-pu: package mutt/2.0.5-4.1+deb11u2)

Your message dated Sat, 17 Dec 2022 10:57:10 +0000
with message-id <03e9b90cf2f149b9e2835590c9ec0ccb048b744d.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 11.6
has caused the Debian Bug report #1025716,
regarding bullseye-pu: package mutt/2.0.5-4.1+deb11u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1025716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025716
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mutt@packages.debian.org, Marc Haber <mh+debian-packages@zugschlus.de>, "Kevin J. McCarthy" <kevin@8t8.us>, Antonio Radici <antonio@debian.org>, carnil@debian.org
Control: affects -1 + src:mutt

Hi Stable release managers,

[ Reason ]
mutt in bullseye (fixed in unstable already) is affected by #1024427,
mutt segfaults in pgp_gpgme_extract_keys(). The bug #1024427 attaches
a test mailbox (originally from debian-mentors list) to verify the
fix.

[ Impact ]
mutt crash if user opens problemac mail triggering the issue.

[ Tests ]
Explicitly tested agains the testcase attached in #bug1024427.

[ Risks ]
Patches are taken from upstream, with upstream indicating to them in
https://bugs.debian.org/1024427#10

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Adds the three patches from upstream. Quoting upstream: The first is
just a cleaned up version of the patch you tested. The second fixes a
bug in the same function when used with older versions of gpgme. The
last fixes a similar potential key->uid dereference bug elsewhere in
the gpgme code.

[ Other info ]
None.

Regards,
Salvatore

diff -Nru mutt-2.0.5/debian/changelog mutt-2.0.5/debian/changelog
--- mutt-2.0.5/debian/changelog	2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/changelog	2022-12-07 22:39:58.000000000 +0100
@@ -1,3 +1,12 @@
+mutt (2.0.5-4.1+deb11u2) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix gpgme crash when listing keys in a public key block (Closes: #1024427)
+  * Fix public key block listing for old versions of gpgme
+  * Add a check for key->uids in create_recipient_set
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 07 Dec 2022 22:39:58 +0100
+
 mutt (2.0.5-4.1+deb11u1) bullseye; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mutt-2.0.5/debian/patches/series mutt-2.0.5/debian/patches/series
--- mutt-2.0.5/debian/patches/series	2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/patches/series	2022-12-07 22:39:58.000000000 +0100
@@ -15,3 +15,6 @@
 upstream/985152-body-color-slowness.patch
 upstream/Fix-seqset-iterator-when-it-ends-in-a-comma.patch
 upstream/Fix-uudecode-buffer-overflow.patch
+upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
+upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
+upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
diff -Nru mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
--- mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,30 @@
+From b254f2fb44f994c48e2491adaf03d97d3c628283 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Tue, 1 Nov 2022 20:22:06 -0700
+Subject: [PATCH] Add a check for key->uids in create_recipient_set.
+
+For gpgme < 1.11.0, it used this function to create the encryption key
+list.  The '!' was interpreted differently back then, and it
+apparently didn't check if the returned key had any uids before
+referencing it.  Add a check to prevent a segv as in the public key
+block fix.
+---
+ crypt-gpgme.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index bf120ab50fc2..fdf44af4fe3d 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -915,7 +915,7 @@ static gpgme_key_t *create_recipient_set (const char *keylist, int use_smime)
+             buf[i-1] = 0;
+ 
+             err = gpgme_get_key (context, buf, &key, 0);
+-            if (! err)
++            if (! err && key->uids)
+               key->uids->validity = GPGME_VALIDITY_FULL;
+             buf[i-1] = '!';
+           }
+-- 
+2.38.1
+
diff -Nru mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
--- mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,54 @@
+From 48b6ea32e21db8b580cd3ca8c346c3e2c22756f6 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 31 Oct 2022 15:02:57 -0700
+Subject: [PATCH] Fix gpgme crash when listing keys in a public key block.
+
+The gpgme code handling classic application/pgp assumed each key would
+have a uid.  Change it to check for a missing uid list.
+
+Also change it to list every uid (instead of only the first), and to
+put each one on a "uid" line in the output.
+
+The output is only for display, so the format change won't affect
+other parts of the code.
+
+Thanks to Mikko Lehto for the high quality bug report, detailing the
+exact place of the crash with a reproducing example and a workaround
+patch.
+---
+ crypt-gpgme.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index e74caecba34e..5c3c0fe51669 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2422,14 +2422,18 @@ static int pgp_gpgme_extract_keys (gpgme_data_t keydata, FILE** fp)
+       tt = subkey->timestamp;
+       strftime (date, sizeof (date), "%Y-%m-%d", localtime (&tt));
+ 
++      fprintf (*fp, "%s %5.5s %d/%8s %s\n",
++               more ? "sub" : "pub",
++               gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
++               shortid, date);
+       if (!more)
+-        fprintf (*fp, "%s %5.5s %d/%8s %s %s\n", more ? "sub" : "pub",
+-                 gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+-                 shortid, date, uid->uid);
+-      else
+-        fprintf (*fp, "%s %5.5s %d/%8s %s\n", more ? "sub" : "pub",
+-                 gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+-                 shortid, date);
++      {
++        while (uid)
++        {
++          fprintf (*fp, "uid %s\n", NONULL (uid->uid));
++          uid = uid->next;
++        }
++      }
+       subkey = subkey->next;
+       more = 1;
+     }
+-- 
+2.38.1
+
diff -Nru mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
--- mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch	2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,31 @@
+From f0eb3586480c301b66657c7326b6546ef086c7f4 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 31 Oct 2022 15:06:51 -0700
+Subject: [PATCH] Fix public key block listing for old versions of gpgme.
+
+Commit 382355a5 accidentally removed the data import for legacy mode,
+which would cause it to produce empty output.
+---
+ crypt-gpgme.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index 5c3c0fe51669..bf120ab50fc2 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2386,6 +2386,12 @@ static int pgp_gpgme_extract_keys (gpgme_data_t keydata, FILE** fp)
+       dprint (1, (debugfile, "Error setting GPGME context home\n"));
+       goto err_tmpdir;
+     }
++
++    if ((err = gpgme_op_import (tmpctx, keydata)) != GPG_ERR_NO_ERROR)
++    {
++      dprint (1, (debugfile, "Error importing key\n"));
++      goto err_tmpdir;
++    }
+   }
+ 
+   tmpfile = mutt_buffer_pool_get ();
+-- 
+2.38.1
+

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.6

Hi,

Each of the updates referred to in these requests was included in this
morning's 11.6 point release.

Regards,

Adam

--- End Message ---
Reply to: