Your message dated Tue, 14 May 2019 06:18:31 +0000 with message-id <e1hqqlj-00054o...@fasolo.debian.org> and subject line Bug#928963: fixed in gnupg2 2.2.13-2 has caused the Debian Bug report #928963, regarding gpg-agent READKEY emits an invalid S-expression when private key file has comment (on 64-bit big-endian platforms) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928963 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gpg-agent Severity: serious Version: 2.2.12-1 Control: found -1 2.2.13-1 Control: found -1 2.2.14-1 Control: found -1 2.2.15-1 Control: affects -1 src:monkeysphere Control: tags -1 patch upstream Control: forwarded -1 https://dev.gnupg.org/T4501 On sparc64, powerpc64, and s390x (debian's three 64-bit big-endian platforms), gpg is unable to create a new OpenPGP certificate from some secret keys that it already knows about. In particular, "gpg --batch --generate" from a Key-Grip: line that refers to a key file in private-keys-v1.d/ that contains a comment sublist will fail with "Invalid S-expression" on those platforms. This is due to a buggy invocation of gcry_sexp_build_array that is only tickled when int is smaller than size_t and the platform is big-endian, which causes the comment string to be set to zero length, which itself is interpreted as an error of GPG_ERR_SEXP_ZERO_PREFIX. However, this failure causes necessary functionality for "monkeysphere-host import-key" as of monkeysphere version 0.43-3 to break on these platforms, making monkeysphere FTBFS because the failure is caught by its test suite. The attached patch resolves the issue when i test it on zelenka.debian.org (s390x), and should also work on the other two platforms. --dkgFrom e4a158faacd67e15e87183fb48e8bd0cc70f90a8 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Tue, 14 May 2019 00:05:42 -0400 Subject: [PATCH] agent: correct length for uri and comment on 64-bit big-endian platforms * agent/findkey.c (agent_public_key_from_file): pass size_t as int to gcry_sexp_build_array's %b. -- This is only a problem on big-endian systems where size_t is not the same size as an int. It was causing failures on debian's s390x, powerpc64, and sparc64 platforms. There may well be other failures with %b on those platforms in the codebase, and it probably needs an audit. Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment or a uri of reasonable length associated with it, this fix can be tested with: gpg-agent --server <<<"READKEY $KEYGRIP" On the failing platforms, the printed comment will be of length 0. Gnupg-bug-id: 4501 Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> --- agent/findkey.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/agent/findkey.c b/agent/findkey.c index 755a90be1..20c9dc56a 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1366,6 +1366,7 @@ agent_public_key_from_file (ctrl_t ctrl, gcry_sexp_t uri_sexp, comment_sexp; const char *uri, *comment; size_t uri_length, comment_length; + int uri_intlen, comment_intlen; char *format, *p; void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2 for comment + end-of-list. */ @@ -1447,14 +1448,16 @@ agent_public_key_from_file (ctrl_t ctrl, { p = stpcpy (p, "(uri %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)&uri_length; + uri_intlen = (int)uri_length; + args[argidx++] = (void *)&uri_intlen; args[argidx++] = (void *)&uri; } if (comment) { p = stpcpy (p, "(comment %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)&comment_length; + comment_intlen = (int)comment_length; + args[argidx++] = (void *)&comment_intlen; args[argidx++] = (void*)&comment; } *p++ = ')'; -- 2.20.1signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: gnupg2 Source-Version: 2.2.13-2 We believe that the bug you reported is fixed in the latest version of gnupg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated gnupg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 14 May 2019 02:08:47 -0400 Source: gnupg2 Architecture: source Version: 2.2.13-2 Distribution: unstable Urgency: medium Maintainer: Debian GnuPG Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net> Closes: 918466 918586 927431 928963 928964 Changes: gnupg2 (2.2.13-2) unstable; urgency=medium . * Correct gpg-wks-server manpage (Closes: #927431) Thanks, ju xor! * Fix handling private keys with comments (Closes: #928963, #928964) * clean up logcheck rules for gpg-agent (Closes: #918466) * Update gpg-wks-client.1 (Closes: #918586) * cherry-pick more patches from upstream STABLE-BRANCH-2-2 Checksums-Sha1: fd73cfd1c8d97262dea164e7fcb517eedf7c000b 3136 gnupg2_2.2.13-2.dsc fdf9ca3ac945bd32beaca74023b6d2a56a539285 69624 gnupg2_2.2.13-2.debian.tar.xz f59129a854c557540f9d5c21d484954d5da2a2e4 19146 gnupg2_2.2.13-2_amd64.buildinfo Checksums-Sha256: 470e4d777fa6a9823cb2008f67bff962bae38601e69d8d06f6912d268a0968fb 3136 gnupg2_2.2.13-2.dsc 2d7be1b11190c64194e07f6d797692c8052e6476abe558de2079386220387cad 69624 gnupg2_2.2.13-2.debian.tar.xz 94d88901d436ff4fa81d8c1c6034a28e5f5ee0fc284e6459e07d4bb52db3c903 19146 gnupg2_2.2.13-2_amd64.buildinfo Files: 0a8f4cc0c4c354e401c3cd72d2037678 3136 utils optional gnupg2_2.2.13-2.dsc d281a0608d9dfe2f4ae0280b84c69d2b 69624 utils optional gnupg2_2.2.13-2.debian.tar.xz a2dcea8f0e7ee2000f857fc2d8e6f717 19146 utils optional gnupg2_2.2.13-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXNpdSgAKCRB2GBllKa5f +BpKAQC07t4pHC+O5dI8zboCAPinExJYrHyuRw/+I+DNL63fiAD9G2T3XsqcrvUT zsDKJ37N5693lGBm1PYTB+0rQgsLtg8= =nHkN -----END PGP SIGNATURE-----
--- End Message ---