sts-sponsors team mailing list archive

Thread
Date

[Merge] ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel

To: mp+396408@xxxxxxxxxxxxxxxxxx,Dan Streetman <ddstreet@xxxxxxxxxxxxx>
From: Heitor Alves de Siqueira <halves@xxxxxxxxxxxxx>
Date: Wed, 27 Jan 2021 20:00:47 -0000
Reply-to: mp+396408@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Heitor Alves de Siqueira has proposed merging ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel.

Requested reviews:
  Dan Streetman (ddstreet)
  STS Sponsors (sts-sponsors)
Related bugs:
  Bug #1910432 in gnupg2 (Ubuntu): "dirmngr doesn't work with kernel parameter ipv6.disable=1"
  https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1910432

For more details, see:
https://code.launchpad.net/~halves/ubuntu/+source/gnupg2/+git/gnupg2/+merge/396408
-- 
Your team STS Sponsors is requested to review the proposed merge of ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel.

diff --git a/debian/changelog b/debian/changelog
index 20d6236..62bd8e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+gnupg2 (2.2.4-1ubuntu1.4) bionic; urgency=medium
+
+  * d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
+    - Fix IPv6 connectivity for dirmngr (LP: #1910432)
+  * Fix autopkgtests (LP: #1825196)
+    - add d/t/simple-tests from devel branch
+    - remove broken gpgv-win32 test from d/t/control
+
+ -- Heitor Alves de Siqueira <halves@xxxxxxxxxxxxx>  Sat, 16 Jan 2021 14:47:37 +0000
+
 gnupg2 (2.2.4-1ubuntu1.3) bionic-security; urgency=medium
 
   * SECURITY UPDATE: signature collisions via insecure SHA-1 algorithm
diff --git a/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch b/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
new file mode 100644
index 0000000..542de92
--- /dev/null
+++ b/debian/patches/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
@@ -0,0 +1,57 @@
+From ca937cf390662b830d4fc5d295e69b24b1778050 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@xxxxxxxx>
+Date: Mon, 13 Jul 2020 10:00:58 +0900
+Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
+
+* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
+
+--
+
+GnuPG-bug-id: 4977
+Signed-off-by: NIIBE Yutaka <gniibe@xxxxxxxx>
+
+Origin: backport, https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=109d16e8f644
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1910432
+---
+
+Index: gnupg2/dirmngr/http.c
+===================================================================
+--- gnupg2.orig/dirmngr/http.c
++++ gnupg2/dirmngr/http.c
+@@ -2844,6 +2844,8 @@ connect_server (const char *server, unsi
+   int hostfound = 0;
+   int anyhostaddr = 0;
+   int srv, connected;
++  int ignore_v4 = (flags & HTTP_FLAG_IGNORE_IPv4);
++  int ignore_v6 = (flags & HTTP_FLAG_IGNORE_IPv6);
+   gpg_error_t last_err = 0;
+   struct srventry *serverlist = NULL;
+
+@@ -2930,9 +2932,9 @@ connect_server (const char *server, unsi
+
+       for (ai = aibuf; ai && !connected; ai = ai->next)
+         {
+-          if (ai->family == AF_INET && (flags & HTTP_FLAG_IGNORE_IPv4))
++          if (ai->family == AF_INET && ignore_v4)
+             continue;
+-          if (ai->family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
++          if (ai->family == AF_INET6 && ignore_v6)
+             continue;
+
+           if (sock != ASSUAN_INVALID_FD)
+@@ -2940,6 +2942,15 @@ connect_server (const char *server, unsi
+           sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
+           if (sock == ASSUAN_INVALID_FD)
+             {
++              if (errno == EAFNOSUPPORT)
++                {
++                  if (ai->family == AF_INET)
++                    ignore_v4 = 1;
++                  if (ai->family == AF_INET6)
++                    ignore_v6 = 1;
++                  continue;
++                }
++
+               err = gpg_err_make (default_errsource,
+                                   gpg_err_code_from_syserror ());
+               log_error ("error creating socket: %s\n", gpg_strerror (err));
diff --git a/debian/patches/series b/debian/patches/series
index dec69a1..df5d462 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -39,3 +39,4 @@ CVE-2019-14855-1.patch
 CVE-2019-14855-2.patch
 CVE-2019-14855-3.patch
 CVE-2019-14855-4.patch
+dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch
diff --git a/debian/tests/control b/debian/tests/control
index 9178821..bf8c081 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,3 +1,3 @@
-Tests: gpgv-win32
-Depends: gpgv-win32, gnupg2, gpgv2
-Restrictions: needs-root, allow-stderr
+Tests: simple-tests
+Depends: gnupg2, gpgv2
+Restrictions: allow-stderr
diff --git a/debian/tests/gpgv-win32 b/debian/tests/gpgv-win32
old mode 100755
new mode 100644
diff --git a/debian/tests/simple-tests b/debian/tests/simple-tests
new file mode 100755
index 0000000..97d4ab4
--- /dev/null
+++ b/debian/tests/simple-tests
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+set -x
+
+DIR=$(mktemp -d)
+GPG_HOME=$DIR/gnupg
+gpg="gpg --homedir $GPG_HOME"
+
+mkdir $GPG_HOME
+chmod 700 $GPG_HOME
+
+#trap "cd $HOME && rm -rf $DIR" EXIT
+
+cd $DIR
+
+cat > key-batch << EOF
+Key-Type: default
+Subkey-Type: default
+Name-Real: test case
+Name-Email: example@xxxxxxxxxxx
+Expire-Date: 0
+%no-protection
+%commit
+EOF
+
+$gpg --batch --generate-key key-batch
+$gpg -abs < $GPG_HOME/pubring.kbx > pubring.kbx.asc
+$gpg --verify pubring.kbx.asc $GPG_HOME/pubring.kbx
+gpgv --keyring $GPG_HOME/pubring.kbx pubring.kbx.asc $GPG_HOME/pubring.kbx
+
+# Encrypt
+$gpg -e -r example@xxxxxxxxxxx < $GPG_HOME/pubring.kbx > pubring.kbx.gpg
+$gpg -d -r example@xxxxxxxxxxx < pubring.kbx.gpg > pubring.kbx.gpg.dec

Follow ups

Re: [Merge] ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel
From: Heitor Alves de Siqueira, 2021-02-03
Re: [Merge] ~halves/ubuntu/+source/gnupg2:lp1910432-bionic into ubuntu/+source/gnupg2:ubuntu/bionic-devel
From: Dan Streetman, 2021-01-27