Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-crypt/gpgme
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2022-03-07 04:16:41 +0000
committerSam James <sam@gentoo.org>2022-03-07 04:21:00 +0000
commit5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1 (patch)
treef1541d56048577af3fd6512df478c90f3ad50f31 /app-crypt/gpgme
parentapp-containers/distrobuilder: 2.0 bump (diff)
downloadgentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.tar.gz
gentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.tar.bz2
gentoo-5b2fdfc8096c3d8ea640e7a6f3bbdb2d5807f6f1.zip
app-crypt/gpgme: fix t-edit-sign test failure in 1.16.0
Fixed in 1.17.0+. It's not a bug in gpgme itself, just the test suite, so no revbump needed. For us, only seems to have resulted in actual failure on PPC (and ARM?). Closes: https://bugs.gentoo.org/827898 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt/gpgme')
-rw-r--r--app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch120
-rw-r--r--app-crypt/gpgme/gpgme-1.16.0.ebuild3
2 files changed, 122 insertions, 1 deletions
diff --git a/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch b/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch
new file mode 100644
index 000000000000..6a5a7c0707c4
--- /dev/null
+++ b/app-crypt/gpgme/files/gpgme-1.16.0-fix-t-edit-sign-test.patch
@@ -0,0 +1,120 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commitdiff;h=81a33ea5e1b86d586b956e893a5b25c4cd41c969;hp=e8e055e682f8994d62012574e1c8d862ca72a35d
+https://dev.gnupg.org/T5509
+https://bugs.gentoo.org/827898
+
+From: =?utf8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
+Date: Sat, 26 Jun 2021 18:02:47 +0200
+Subject: [PATCH 1/1] core: Fix use-after-free issue in test
+
+* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
+(main): Factored out signing and verifying the result.
+--
+
+Factoring the two steps of the test into different functions fixes the
+use-after-free issue that was caused by accidentaly using a variable
+of the first step in the second step.
+
+GnuPG-bug-id: 5509
+--- a/tests/gpg/t-edit-sign.c
++++ b/tests/gpg/t-edit-sign.c
+@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd)
+ }
+
+
+-int
+-main (int argc, char **argv)
++void
++sign_key (const char *key_fpr, const char *signer_fpr)
+ {
+ gpgme_ctx_t ctx;
+ gpgme_error_t err;
+ gpgme_data_t out = NULL;
+- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+ gpgme_key_t signing_key = NULL;
+- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+ gpgme_key_t key = NULL;
+- gpgme_key_t signed_key = NULL;
+- gpgme_user_id_t signed_uid = NULL;
+- gpgme_key_sig_t key_sig = NULL;
+ char *agent_info;
+- int mode;
+-
+- (void)argc;
+- (void)argv;
+-
+- init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+ err = gpgme_new (&ctx);
+ fail_if_err (err);
+
+- /* Sign the key */
+ agent_info = getenv("GPG_AGENT_INFO");
+ if (!(agent_info && strchr (agent_info, ':')))
+ gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
+@@ -159,8 +147,23 @@ main (int argc, char **argv)
+ gpgme_data_release (out);
+ gpgme_key_unref (key);
+ gpgme_key_unref (signing_key);
++ gpgme_release (ctx);
++}
++
++
++void
++verify_key_signature (const char *key_fpr, const char *signer_keyid)
++{
++ gpgme_ctx_t ctx;
++ gpgme_error_t err;
++ gpgme_key_t signed_key = NULL;
++ gpgme_user_id_t signed_uid = NULL;
++ gpgme_key_sig_t key_sig = NULL;
++ int mode;
++
++ err = gpgme_new (&ctx);
++ fail_if_err (err);
+
+- /* Verify the key signature */
+ mode = gpgme_get_keylist_mode (ctx);
+ mode |= GPGME_KEYLIST_MODE_SIGS;
+ err = gpgme_set_keylist_mode (ctx, mode);
+@@ -168,7 +171,7 @@ main (int argc, char **argv)
+ err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
+ fail_if_err (err);
+
+- signed_uid = key->uids;
++ signed_uid = signed_key->uids;
+ if (!signed_uid)
+ {
+ fprintf (stderr, "Signed key has no user IDs\n");
+@@ -180,7 +183,7 @@ main (int argc, char **argv)
+ exit (1);
+ }
+ key_sig = signed_uid->signatures->next;
+- if (strcmp ("2D727CC768697734", key_sig->keyid))
++ if (strcmp (signer_keyid, key_sig->keyid))
+ {
+ fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
+ key_sig->keyid);
+@@ -196,6 +199,23 @@ main (int argc, char **argv)
+
+ gpgme_key_unref (signed_key);
+ gpgme_release (ctx);
++}
++
++
++int
++main (int argc, char **argv)
++{
++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
++
++ (void)argc;
++ (void)argv;
++
++ init_gpgme (GPGME_PROTOCOL_OpenPGP);
++
++ sign_key (key_fpr, signer_fpr);
++ verify_key_signature (key_fpr, signer_keyid);
+
+ return 0;
+ }
diff --git a/app-crypt/gpgme/gpgme-1.16.0.ebuild b/app-crypt/gpgme/gpgme-1.16.0.ebuild
index e728a4e493cd..39331ee0ab33 100644
--- a/app-crypt/gpgme/gpgme-1.16.0.ebuild
+++ b/app-crypt/gpgme/gpgme-1.16.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -32,6 +32,7 @@ REQUIRED_USE="qt5? ( cxx ) python? ( ${PYTHON_REQUIRED_USE} )"
PATCHES=(
"${FILESDIR}"/${P}-glibc-2.34.patch
+ "${FILESDIR}"/${P}-fix-t-edit-sign-test.patch
)
do_python() {