diff options
| author |   Sam James <sam@gentoo.org> | 2022-03-07 04:16:41 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2022-03-07 04:21:00 +0000 |
| commit | 5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1 (patch) | |
| tree | f1541d56048577af3fd6512df478c90f3ad50f31 /app-crypt | |
| parent | app-containers/distrobuilder: 2.0 bump (diff) | |
| download | gentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.tar.gz gentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.tar.bz2 gentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.zip | |
app-crypt/gpgme: fix t-edit-sign test failure in 1.16.0
Fixed in 1.17.0+. It's not a bug in gpgme itself, just the test
suite, so no revbump needed. For us, only seems to have resulted
in actual failure on PPC (and ARM?).
Closes: https://bugs.gentoo.org/827898
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch | 120 | ||||
| -rw-r--r-- | app-crypt/gpgme/gpgme-1.16.0.ebuild | 3 |
2 files changed, 122 insertions, 1 deletions
diff --git a/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch b/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch new file mode 100644 index 000000000000..6a5a7c0707c4 --- /dev/null +++ b/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch @@ -0,0 +1,120 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=81a33ea5e1b86d586b956e893a5b25c4cd41c969;hp=e8e055e682f8994d62012574e1c8d862ca72a35d +https://dev.gnupg.org/T5509 +https://bugs.gentoo.org/827898 + +From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de> +Date: Sat, 26 Jun 2021 18:02:47 +0200 +Subject: [PATCH 1/1] core: Fix use-after-free issue in test + +* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New. +(main): Factored out signing and verifying the result. +-- + +Factoring the two steps of the test into different functions fixes the +use-after-free issue that was caused by accidentaly using a variable +of the first step in the second step. + +GnuPG-bug-id: 5509 +--- a/tests/gpg/t-edit-sign.c ++++ b/tests/gpg/t-edit-sign.c +@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd) + } + + +-int +-main (int argc, char **argv) ++void ++sign_key (const char *key_fpr, const char *signer_fpr) + { + gpgme_ctx_t ctx; + gpgme_error_t err; + gpgme_data_t out = NULL; +- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ + gpgme_key_t signing_key = NULL; +- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ + gpgme_key_t key = NULL; +- gpgme_key_t signed_key = NULL; +- gpgme_user_id_t signed_uid = NULL; +- gpgme_key_sig_t key_sig = NULL; + char *agent_info; +- int mode; +- +- (void)argc; +- (void)argv; +- +- init_gpgme (GPGME_PROTOCOL_OpenPGP); + + err = gpgme_new (&ctx); + fail_if_err (err); + +- /* Sign the key */ + agent_info = getenv("GPG_AGENT_INFO"); + if (!(agent_info && strchr (agent_info, ':'))) + gpgme_set_passphrase_cb (ctx, passphrase_cb, 0); +@@ -159,8 +147,23 @@ main (int argc, char **argv) + gpgme_data_release (out); + gpgme_key_unref (key); + gpgme_key_unref (signing_key); ++ gpgme_release (ctx); ++} ++ ++ ++void ++verify_key_signature (const char *key_fpr, const char *signer_keyid) ++{ ++ gpgme_ctx_t ctx; ++ gpgme_error_t err; ++ gpgme_key_t signed_key = NULL; ++ gpgme_user_id_t signed_uid = NULL; ++ gpgme_key_sig_t key_sig = NULL; ++ int mode; ++ ++ err = gpgme_new (&ctx); ++ fail_if_err (err); + +- /* Verify the key signature */ + mode = gpgme_get_keylist_mode (ctx); + mode |= GPGME_KEYLIST_MODE_SIGS; + err = gpgme_set_keylist_mode (ctx, mode); +@@ -168,7 +171,7 @@ main (int argc, char **argv) + err = gpgme_get_key (ctx, key_fpr, &signed_key, 0); + fail_if_err (err); + +- signed_uid = key->uids; ++ signed_uid = signed_key->uids; + if (!signed_uid) + { + fprintf (stderr, "Signed key has no user IDs\n"); +@@ -180,7 +183,7 @@ main (int argc, char **argv) + exit (1); + } + key_sig = signed_uid->signatures->next; +- if (strcmp ("2D727CC768697734", key_sig->keyid)) ++ if (strcmp (signer_keyid, key_sig->keyid)) + { + fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n", + key_sig->keyid); +@@ -196,6 +199,23 @@ main (int argc, char **argv) + + gpgme_key_unref (signed_key); + gpgme_release (ctx); ++} ++ ++ ++int ++main (int argc, char **argv) ++{ ++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ ++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16; ++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ ++ ++ (void)argc; ++ (void)argv; ++ ++ init_gpgme (GPGME_PROTOCOL_OpenPGP); ++ ++ sign_key (key_fpr, signer_fpr); ++ verify_key_signature (key_fpr, signer_keyid); + + return 0; + } diff --git a/app-crypt/gpgme/gpgme-1.16.0.ebuild b/app-crypt/gpgme/gpgme-1.16.0.ebuild index e728a4e493cd..39331ee0ab33 100644 --- a/app-crypt/gpgme/gpgme-1.16.0.ebuild +++ b/app-crypt/gpgme/gpgme-1.16.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -32,6 +32,7 @@ REQUIRED_USE="qt5? ( cxx ) python? ( ${PYTHON_REQUIRED_USE} )" PATCHES=( "${FILESDIR}"/${P}-glibc-2.34.patch + "${FILESDIR}"/${P}-fix-t-edit-sign-test.patch ) do_python() { |