[pkg-gnupg-maint] Bug#807819: gnupg2: Apply upstream patch to fix a key occurs multiple times in the keyring
ChangZhuo Chen (=?UTF-8?Q?=E9=99=B3=E6=98=8C=E5=80=AC?=)
czchen at debian.org
Sun Dec 13 13:44:28 UTC 2015
Package: gnupg2
Version: 2.1.10-3
Severity: normal
The gnupg2/2.1.10-3 shows the following error when I try to decrypt a
file:
gpg: key specification 'BE0C924203F4552D' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: 'BE0C924203F4552D' matches at least:
gpg: EC9F905D866DBE46A896C827BE0C924203F4552D
gpg: EC9F905D866DBE46A896C827BE0C924203F4552D
This issue is fixed by upstream, and the attachment is the debdiff to
fix this issue in Debian.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnupg2 depends on:
ii dpkg 1.18.3
ii gnupg-agent 2.1.10-3
ii install-info 6.0.0.dfsg.1-3+b1
ii libassuan0 2.4.2-1
ii libbz2-1.0 1.0.6-8
ii libc6 2.21-4
ii libgcrypt20 1.6.4-3
ii libgpg-error0 1.20-1
ii libksba8 1.3.3-1
ii libreadline6 6.3-8+b4
ii libsqlite3-0 3.9.2-1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gnupg2 recommends:
ii dirmngr 2.1.10-3
Versions of packages gnupg2 suggests:
pn gnupg-doc <none>
pn parcimonie <none>
pn xloadimage <none>
-- no debconf information
--
ChangZhuo Chen (陳昌倬) <czchen at debian.org>
Debian Developer (https://nm.debian.org/public/person/czchen)
Key fingerprint = EC9F 905D 866D BE46 A896 C827 BE0C 9242 03F4 552D
-------------- next part --------------
diff -Nru gnupg2-2.1.10/debian/changelog gnupg2-2.1.10/debian/changelog
--- gnupg2-2.1.10/debian/changelog 2015-12-13 05:53:41.000000000 +0800
+++ gnupg2-2.1.10/debian/changelog 2015-12-13 21:38:15.000000000 +0800
@@ -1,3 +1,11 @@
+gnupg2 (2.1.10-3.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply upstream patch to fix error when a key occurs multiple times in the
+ keyring.
+
+ -- ChangZhuo Chen (陳昌倬) <czchen at debian.org> Sun, 13 Dec 2015 21:36:46 +0800
+
gnupg2 (2.1.10-3) unstable; urgency=medium
* avoid infinite loop when doing --gen-revoke by fingerprint
diff -Nru gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch
--- gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch 1970-01-01 08:00:00.000000000 +0800
+++ gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch 2015-12-13 21:34:37.000000000 +0800
@@ -0,0 +1,169 @@
+Description: Don't error out if a key occurs multiple times in the keyring.
+---
+Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6dc37c5fb60acbfd5ba2ab979852383eac8944e0
+--- gnupg2-2.1.10.orig/g10/gpg.c
++++ gnupg2-2.1.10/g10/gpg.c
+@@ -2116,6 +2116,8 @@ check_user_ids (strlist_t *sp,
+
+ KEYDB_HANDLE hd = NULL;
+
++ char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1];
++
+ /* A quick check to avoid allocating a new strlist if we can skip
+ all keys. Handles also the case of !SP. See below for details. */
+ for (t = s; t && (!(t->flags & PK_LIST_CONFIG)
+@@ -2135,6 +2137,9 @@ check_user_ids (strlist_t *sp,
+ size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+ /* We also potentially need a ! at the end. */
+ char fingerprint[2 * MAX_FINGERPRINT_LEN + 1 + 1];
++ int added = 0;
++ int dups = 0;
++ int ambiguous = 0;
+
+ /* If the key has been given on the command line and it has not
+ been given by one of the encrypt-to options, we skip the
+@@ -2271,41 +2276,58 @@ check_user_ids (strlist_t *sp,
+ i = strlen (fingerprint);
+ fingerprint[i] = '!';
+ fingerprint[i + 1] = '\0';
++
++ add_to_strlist (&s2, fingerprint);
++ added = 1;
+ }
+- else
+- {
+- fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+- assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+- bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+- }
+
+- add_to_strlist (&s2, fingerprint);
++ /* We need the primary key's fingerprint to detect dups so
++ always format it. */
++ fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
++ assert (fingerprint_bin_len == sizeof (fingerprint_bin));
++ bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
++
++ if (! added)
++ add_to_strlist (&s2, fingerprint);
+ s2->flags = s->flags;
+
+ release_kbnode (kb);
+
+ /* Continue the search. */
+ if (DBG_LOOKUP)
+- log_debug ("%s: Check for duplicates for %s='%s'\n",
++ log_debug ("%s: Checking if %s='%s' is ambiguous or there are dups\n",
+ __func__, option, t->d);
+- err = keydb_search (hd, &desc, 1, NULL);
+- if (! err)
+- /* Another result! */
++ while (1)
+ {
+ char fingerprint_bin2[MAX_FINGERPRINT_LEN];
+ size_t fingerprint_bin2_len = sizeof (fingerprint_bin2);
+ char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1];
+
+- log_error (_("key specification '%s' is ambiguous\n"), t->d);
+- if (!opt.quiet)
+- log_info (_("(check argument of option '%s')\n"), option);
++ err = keydb_search (hd, &desc, 1, NULL);
++ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND
++ || gpg_err_code (err) == GPG_ERR_EOF)
++ /* Not found => not ambiguous. */
++ break;
++ else if (err)
++ /* An error (other than "not found"). */
++ {
++ log_error (_("error searching the keyring: %s\n"),
++ gpg_strerror (err));
++ if (! rc)
++ rc = err;
+
+- if (! rc)
+- rc = GPG_ERR_AMBIGUOUS_NAME;
++ break;
++ }
++
++ /* Another result! */
+
+ err = keydb_get_keyblock (hd, &kb);
+ if (err)
+- log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
++ {
++ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
++ if (! rc)
++ rc = err;
++ }
+ else
+ {
+ pk = kb->pkt->pkt.public_key;
+@@ -2313,25 +2335,53 @@ check_user_ids (strlist_t *sp,
+ assert (fingerprint_bin2_len == sizeof (fingerprint_bin2));
+ bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2);
+
+- /* TRANSLATORS: The %s prints a key specification which
+- for example has been given at the command line. Two
+- lines with fingerprints are printed after this message. */
+- log_info (_("'%s' matches at least:\n"), t->d);
+- log_info (" %s\n", fingerprint);
+- log_info (" %s\n", fingerprint2);
++ if (strcmp (fingerprint, fingerprint2) == 0)
++ dups ++;
++ else
++ {
++ ambiguous ++;
++
++ if (! rc)
++ rc = GPG_ERR_AMBIGUOUS_NAME;
++
++ if (ambiguous == 1)
++ {
++ /* TRANSLATORS: The %s prints a key
++ specification which for example has been
++ given at the command line. Lines with
++ fingerprints are printed after this
++ message. */
++ log_error (_("key specification '%s' is ambiguous\n"),
++ t->d);
++ if (!opt.quiet)
++ log_info (_("(check argument of option '%s')\n"),
++ option);
++
++ log_info (_("'%s' matches at least:\n"), t->d);
++ log_info (" %s\n",
++ format_hexfingerprint
++ (fingerprint,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted));
++ }
++
++ log_info (" %s\n",
++ format_hexfingerprint
++ (fingerprint2,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted));
++ }
+
+ release_kbnode (kb);
+ }
+ }
+- else if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND
+- || gpg_err_code (err) == GPG_ERR_EOF))
+- /* An error (other than "not found"). */
+- {
+- log_error (_("error searching the keyring: %s\n"),
+- gpg_strerror (err));
+- if (! rc)
+- rc = err;
+- }
++
++ if (dups)
++ log_info (_("Warning: %s appears in the keyring %d times.\n"),
++ format_hexfingerprint (fingerprint,
++ fingerprint_formatted,
++ sizeof fingerprint_formatted),
++ 1 + dups);
+ }
+
+ strlist_rev (&s2);
diff -Nru gnupg2-2.1.10/debian/patches/series gnupg2-2.1.10/debian/patches/series
--- gnupg2-2.1.10/debian/patches/series 2015-12-13 05:53:21.000000000 +0800
+++ gnupg2-2.1.10/debian/patches/series 2015-12-13 21:33:16.000000000 +0800
@@ -5,3 +5,4 @@
0005-include-sks-keyservers-CA-where-it-should-have-been-.patch
0006-Use-sks-keyservers-CA-by-default-for-the-hkps-pool.patch
0007-avoid-infinite-loop-when-doing-gen-revoke-by-fingerp.patch
+0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20151213/c4e8735c/attachment.sig>
More information about the pkg-gnupg-maint
mailing list