Ubuntu
gnupg2 package

Merge ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel

  1. Git
  2. lp:~halves/ubuntu/+source/gnupg2
  3. lp1910432-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Heitor Alves de Siqueira
Status: Needs review
Proposed branch: ~halves/ubuntu/+source/gnupg2:lp1910432-bionic
Merge into: ubuntu/+source/gnupg2:ubuntu/bionic-devel
Diff against target: 144 lines (+105/-3)
5 files modified
debian/changelog (+10/-0)
debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch (+57/-0)
debian/patches/series (+1/-0)
debian/tests/control (+3/-3)
debian/tests/simple-tests (+34/-0)
Reviewer Review Type Date Requested Status
Dan Streetman (community) Approve
Support Engineering Sponsors Pending
Review via email: mp+396408@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Dan Streetman (ddstreet) wrote :

Looks like this doesn't compile; the v4_valid and v6_valid variables aren't present in the bionic code. However, it looks fairly simple to adjust for the older code; can you take a look at it?

review: Needs Fixing
Reply
Revision history for this message
Heitor Alves de Siqueira (halves) wrote :

Sigh, that's what you get when patches for all series have the same name... Apologies for the confusion Dan, it should be the right one now.

Reply
Revision history for this message
Dan Streetman (ddstreet) wrote :

one more minor comment inline below

review: Needs Fixing
Reply
Revision history for this message
Dan Streetman (ddstreet) wrote :

LGTM, uploaded, thanks!

review: Approve
Reply
Revision history for this message
Heitor Alves de Siqueira (halves) wrote :

I had a typo on the bug# for the autopkgtest fixes (1825186 vs 1825196), sorry Dan! Should be correct now, please let me know if we still need any changes.

Reply

Unmerged commits

3ca8cc3... by Heitor Alves de Siqueira

Update debian/changelog

bace5ab... by Heitor Alves de Siqueira

LP: #1910432

248e254... by Heitor Alves de Siqueira

remove broken gpgv-win32 test

f30196c... by Heitor Alves de Siqueira

add d/t/simple-tests

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 20d6236..8d7cf34 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,13 @@
6+gnupg2 (2.2.4-1ubuntu1.4) bionic; urgency=medium
7+
8+ * d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
9+ - Fix IPv6 connectivity for dirmngr (LP: #1910432)
10+ * Fix autopkgtests (LP: #1825186)
11+ - add d/t/simple-tests from devel branch
12+ - remove broken gpgv-win32 test from d/t/control
13+
14+ -- Heitor Alves de Siqueira <halves@canonical.com> Sat, 16 Jan 2021 14:47:37 +0000
15+
16 gnupg2 (2.2.4-1ubuntu1.3) bionic-security; urgency=medium
17
18 * SECURITY UPDATE: signature collisions via insecure SHA-1 algorithm
19diff --git a/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch b/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
20new file mode 100644
21index 0000000..542de92
22--- /dev/null
23+++ b/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
24@@ -0,0 +1,57 @@
25+From ca937cf390662b830d4fc5d295e69b24b1778050 Mon Sep 17 00:00:00 2001
26+From: NIIBE Yutaka <gniibe@fsij.org>
27+Date: Mon, 13 Jul 2020 10:00:58 +0900
28+Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
29+
30+* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
31+
32+--
33+
34+GnuPG-bug-id: 4977
35+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
36+
37+Origin: backport, https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=109d16e8f644
38+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1910432
39+---
40+
41+Index: gnupg2/dirmngr/http.c
42+===================================================================
43+--- gnupg2.orig/dirmngr/http.c
44++++ gnupg2/dirmngr/http.c
45+@@ -2844,6 +2844,8 @@ connect_server (const char *server, unsi
46+ int hostfound = 0;
47+ int anyhostaddr = 0;
48+ int srv, connected;
49++ int ignore_v4 = (flags & HTTP_FLAG_IGNORE_IPv4);
50++ int ignore_v6 = (flags & HTTP_FLAG_IGNORE_IPv6);
51+ gpg_error_t last_err = 0;
52+ struct srventry *serverlist = NULL;
53+
54+@@ -2930,9 +2932,9 @@ connect_server (const char *server, unsi
55+
56+ for (ai = aibuf; ai && !connected; ai = ai->next)
57+ {
58+- if (ai->family == AF_INET && (flags & HTTP_FLAG_IGNORE_IPv4))
59++ if (ai->family == AF_INET && ignore_v4)
60+ continue;
61+- if (ai->family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
62++ if (ai->family == AF_INET6 && ignore_v6)
63+ continue;
64+
65+ if (sock != ASSUAN_INVALID_FD)
66+@@ -2940,6 +2942,15 @@ connect_server (const char *server, unsi
67+ sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
68+ if (sock == ASSUAN_INVALID_FD)
69+ {
70++ if (errno == EAFNOSUPPORT)
71++ {
72++ if (ai->family == AF_INET)
73++ ignore_v4 = 1;
74++ if (ai->family == AF_INET6)
75++ ignore_v6 = 1;
76++ continue;
77++ }
78++
79+ err = gpg_err_make (default_errsource,
80+ gpg_err_code_from_syserror ());
81+ log_error ("error creating socket: %s\n", gpg_strerror (err));
82diff --git a/debian/patches/series b/debian/patches/series
83index dec69a1..df5d462 100644
84--- a/debian/patches/series
85+++ b/debian/patches/series
86@@ -39,3 +39,4 @@ CVE-2019-14855-1.patch
87 CVE-2019-14855-2.patch
88 CVE-2019-14855-3.patch
89 CVE-2019-14855-4.patch
90+dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
91diff --git a/debian/tests/control b/debian/tests/control
92index 9178821..bf8c081 100644
93--- a/debian/tests/control
94+++ b/debian/tests/control
95@@ -1,3 +1,3 @@
96-Tests: gpgv-win32
97-Depends: gpgv-win32, gnupg2, gpgv2
98-Restrictions: needs-root, allow-stderr
99+Tests: simple-tests
100+Depends: gnupg2, gpgv2
101+Restrictions: allow-stderr
102diff --git a/debian/tests/gpgv-win32 b/debian/tests/gpgv-win32
103old mode 100755
104new mode 100644
105diff --git a/debian/tests/simple-tests b/debian/tests/simple-tests
106new file mode 100755
107index 0000000..97d4ab4
108--- /dev/null
109+++ b/debian/tests/simple-tests
110@@ -0,0 +1,34 @@
111+#!/bin/sh
112+
113+set -e
114+set -x
115+
116+DIR=$(mktemp -d)
117+GPG_HOME=$DIR/gnupg
118+gpg="gpg --homedir $GPG_HOME"
119+
120+mkdir $GPG_HOME
121+chmod 700 $GPG_HOME
122+
123+#trap "cd $HOME && rm -rf $DIR" EXIT
124+
125+cd $DIR
126+
127+cat > key-batch << EOF
128+Key-Type: default
129+Subkey-Type: default
130+Name-Real: test case
131+Name-Email: example@example.com
132+Expire-Date: 0
133+%no-protection
134+%commit
135+EOF
136+
137+$gpg --batch --generate-key key-batch
138+$gpg -abs < $GPG_HOME/pubring.kbx > pubring.kbx.asc
139+$gpg --verify pubring.kbx.asc $GPG_HOME/pubring.kbx
140+gpgv --keyring $GPG_HOME/pubring.kbx pubring.kbx.asc $GPG_HOME/pubring.kbx
141+
142+# Encrypt
143+$gpg -e -r example@example.com < $GPG_HOME/pubring.kbx > pubring.kbx.gpg
144+$gpg -d -r example@example.com < pubring.kbx.gpg > pubring.kbx.gpg.dec

Subscribers

People subscribed via source and target branches