Package: gnupg2 Version: 2.1.10-3 Severity: normal
The gnupg2/2.1.10-3 shows the following error when I try to decrypt a file: gpg: key specification 'BE0C924203F4552D' is ambiguous gpg: (check argument of option '--encrypt-to') gpg: 'BE0C924203F4552D' matches at least: gpg: EC9F905D866DBE46A896C827BE0C924203F4552D gpg: EC9F905D866DBE46A896C827BE0C924203F4552D This issue is fixed by upstream, and the attachment is the debdiff to fix this issue in Debian. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg2 depends on: ii dpkg 1.18.3 ii gnupg-agent 2.1.10-3 ii install-info 6.0.0.dfsg.1-3+b1 ii libassuan0 2.4.2-1 ii libbz2-1.0 1.0.6-8 ii libc6 2.21-4 ii libgcrypt20 1.6.4-3 ii libgpg-error0 1.20-1 ii libksba8 1.3.3-1 ii libreadline6 6.3-8+b4 ii libsqlite3-0 3.9.2-1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gnupg2 recommends: ii dirmngr 2.1.10-3 Versions of packages gnupg2 suggests: pn gnupg-doc <none> pn parcimonie <none> pn xloadimage <none> -- no debconf information -- ChangZhuo Chen (陳昌倬) <czc...@debian.org> Debian Developer (https://nm.debian.org/public/person/czchen) Key fingerprint = EC9F 905D 866D BE46 A896 C827 BE0C 9242 03F4 552D
diff -Nru gnupg2-2.1.10/debian/changelog gnupg2-2.1.10/debian/changelog --- gnupg2-2.1.10/debian/changelog 2015-12-13 05:53:41.000000000 +0800 +++ gnupg2-2.1.10/debian/changelog 2015-12-13 21:38:15.000000000 +0800 @@ -1,3 +1,11 @@ +gnupg2 (2.1.10-3.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Apply upstream patch to fix error when a key occurs multiple times in the + keyring. + + -- ChangZhuo Chen (陳昌倬) <czc...@debian.org> Sun, 13 Dec 2015 21:36:46 +0800 + gnupg2 (2.1.10-3) unstable; urgency=medium * avoid infinite loop when doing --gen-revoke by fingerprint diff -Nru gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch --- gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch 1970-01-01 08:00:00.000000000 +0800 +++ gnupg2-2.1.10/debian/patches/0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch 2015-12-13 21:34:37.000000000 +0800 @@ -0,0 +1,169 @@ +Description: Don't error out if a key occurs multiple times in the keyring. +--- +Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6dc37c5fb60acbfd5ba2ab979852383eac8944e0 +--- gnupg2-2.1.10.orig/g10/gpg.c ++++ gnupg2-2.1.10/g10/gpg.c +@@ -2116,6 +2116,8 @@ check_user_ids (strlist_t *sp, + + KEYDB_HANDLE hd = NULL; + ++ char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1]; ++ + /* A quick check to avoid allocating a new strlist if we can skip + all keys. Handles also the case of !SP. See below for details. */ + for (t = s; t && (!(t->flags & PK_LIST_CONFIG) +@@ -2135,6 +2137,9 @@ check_user_ids (strlist_t *sp, + size_t fingerprint_bin_len = sizeof (fingerprint_bin); + /* We also potentially need a ! at the end. */ + char fingerprint[2 * MAX_FINGERPRINT_LEN + 1 + 1]; ++ int added = 0; ++ int dups = 0; ++ int ambiguous = 0; + + /* If the key has been given on the command line and it has not + been given by one of the encrypt-to options, we skip the +@@ -2271,41 +2276,58 @@ check_user_ids (strlist_t *sp, + i = strlen (fingerprint); + fingerprint[i] = '!'; + fingerprint[i + 1] = '\0'; ++ ++ add_to_strlist (&s2, fingerprint); ++ added = 1; + } +- else +- { +- fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); +- assert (fingerprint_bin_len == sizeof (fingerprint_bin)); +- bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); +- } + +- add_to_strlist (&s2, fingerprint); ++ /* We need the primary key's fingerprint to detect dups so ++ always format it. */ ++ fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); ++ assert (fingerprint_bin_len == sizeof (fingerprint_bin)); ++ bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); ++ ++ if (! added) ++ add_to_strlist (&s2, fingerprint); + s2->flags = s->flags; + + release_kbnode (kb); + + /* Continue the search. */ + if (DBG_LOOKUP) +- log_debug ("%s: Check for duplicates for %s='%s'\n", ++ log_debug ("%s: Checking if %s='%s' is ambiguous or there are dups\n", + __func__, option, t->d); +- err = keydb_search (hd, &desc, 1, NULL); +- if (! err) +- /* Another result! */ ++ while (1) + { + char fingerprint_bin2[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin2_len = sizeof (fingerprint_bin2); + char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1]; + +- log_error (_("key specification '%s' is ambiguous\n"), t->d); +- if (!opt.quiet) +- log_info (_("(check argument of option '%s')\n"), option); ++ err = keydb_search (hd, &desc, 1, NULL); ++ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND ++ || gpg_err_code (err) == GPG_ERR_EOF) ++ /* Not found => not ambiguous. */ ++ break; ++ else if (err) ++ /* An error (other than "not found"). */ ++ { ++ log_error (_("error searching the keyring: %s\n"), ++ gpg_strerror (err)); ++ if (! rc) ++ rc = err; + +- if (! rc) +- rc = GPG_ERR_AMBIGUOUS_NAME; ++ break; ++ } ++ ++ /* Another result! */ + + err = keydb_get_keyblock (hd, &kb); + if (err) +- log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); ++ { ++ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); ++ if (! rc) ++ rc = err; ++ } + else + { + pk = kb->pkt->pkt.public_key; +@@ -2313,25 +2335,53 @@ check_user_ids (strlist_t *sp, + assert (fingerprint_bin2_len == sizeof (fingerprint_bin2)); + bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2); + +- /* TRANSLATORS: The %s prints a key specification which +- for example has been given at the command line. Two +- lines with fingerprints are printed after this message. */ +- log_info (_("'%s' matches at least:\n"), t->d); +- log_info (" %s\n", fingerprint); +- log_info (" %s\n", fingerprint2); ++ if (strcmp (fingerprint, fingerprint2) == 0) ++ dups ++; ++ else ++ { ++ ambiguous ++; ++ ++ if (! rc) ++ rc = GPG_ERR_AMBIGUOUS_NAME; ++ ++ if (ambiguous == 1) ++ { ++ /* TRANSLATORS: The %s prints a key ++ specification which for example has been ++ given at the command line. Lines with ++ fingerprints are printed after this ++ message. */ ++ log_error (_("key specification '%s' is ambiguous\n"), ++ t->d); ++ if (!opt.quiet) ++ log_info (_("(check argument of option '%s')\n"), ++ option); ++ ++ log_info (_("'%s' matches at least:\n"), t->d); ++ log_info (" %s\n", ++ format_hexfingerprint ++ (fingerprint, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted)); ++ } ++ ++ log_info (" %s\n", ++ format_hexfingerprint ++ (fingerprint2, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted)); ++ } + + release_kbnode (kb); + } + } +- else if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND +- || gpg_err_code (err) == GPG_ERR_EOF)) +- /* An error (other than "not found"). */ +- { +- log_error (_("error searching the keyring: %s\n"), +- gpg_strerror (err)); +- if (! rc) +- rc = err; +- } ++ ++ if (dups) ++ log_info (_("Warning: %s appears in the keyring %d times.\n"), ++ format_hexfingerprint (fingerprint, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted), ++ 1 + dups); + } + + strlist_rev (&s2); diff -Nru gnupg2-2.1.10/debian/patches/series gnupg2-2.1.10/debian/patches/series --- gnupg2-2.1.10/debian/patches/series 2015-12-13 05:53:21.000000000 +0800 +++ gnupg2-2.1.10/debian/patches/series 2015-12-13 21:33:16.000000000 +0800 @@ -5,3 +5,4 @@ 0005-include-sks-keyservers-CA-where-it-should-have-been-.patch 0006-Use-sks-keyservers-CA-by-default-for-the-hkps-pool.patch 0007-avoid-infinite-loop-when-doing-gen-revoke-by-fingerp.patch +0008-Do-not-error-out-when-a-key-occurs-multiple-times.patch
signature.asc
Description: PGP signature