[Pkg-utopia-maintainers] Bug#1098951: ostree: FTBFS against gpg 2.4.7-5: FAIL: tests/test-gpg-verify-result
Andreas Metzler
ametzler at bebt.de
Wed Feb 26 14:44:37 GMT 2025
Source: ostree
Version: 2025.1-1
Severity: important
Hello,
ostree throws a testsuite error against gpg 2.4.7-5:
FAIL: tests/test-gpg-verify-result 5 /gpg-verify-result/expired-key - OSTree:ERROR:tests/test-gpg-verify-result.c:288:test_expired_key: 'key_expired' should be TRUE
This did not happen against 2.4.7-4. 2.4.7-5 adds number of patches and
the triggering commit is
62d8d2f024d5e5c3289d5bf7892013dc18eac4b0 void DoS on signature verification
https://salsa.debian.org/debian/gnupg2/-/commit/62d8d2f024d5e5c3289d5bf7892013dc18eac4b0
which adds three patches from upstream STABLE-BRANCH-2-4:
+ 25d748c3dfc0102f9e54afea59ff26b3969bd8c1 gpg: Lookup key for
merging/inserting only by primary key.
+ da0164efc7f32013bc24d97b9afa9f8d67c318bb gpg: Fix a verification DoS
due to a malicious subkey in the keyring.
+ 9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f gpg: Remove a signature
check function wrapper.
Ostree's autopkgtest throws more errors, which I do not see on a local
rebuild in sid chroot.
cu Andreas
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-utopia-maintainers
mailing list