diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-09-27 16:00:58 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-09-27 16:00:58 +0000 |
commit | c504e5d19d940926b3ddcf62c983d66f49f3cbb2 (patch) | |
tree | ec955e58bcac2cb93b9f8c10786b23f61d40cd7e /nixpkgs/pkgs/development/libraries/gpgme | |
parent | 72789cefce7b17419815f600fbd18238d89afcc9 (diff) | |
parent | 1737f98af6667560e3e4f930312f9b5002649d04 (diff) | |
download | nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.gz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.bz2 nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.lz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.xz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.zst nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.zip |
Merge commit '1737f98af6667560e3e4f930312f9b5002649d04'
Conflicts: nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/irc/weechat/scripts/default.nix nixpkgs/pkgs/development/node-packages/default.nix nixpkgs/pkgs/development/python-modules/priority/deadline.patch
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/gpgme')
3 files changed, 141 insertions, 16 deletions
diff --git a/nixpkgs/pkgs/development/libraries/gpgme/default.nix b/nixpkgs/pkgs/development/libraries/gpgme/default.nix index 9cbf5c39a7e7..c1c9460fad69 100644 --- a/nixpkgs/pkgs/development/libraries/gpgme/default.nix +++ b/nixpkgs/pkgs/development/libraries/gpgme/default.nix @@ -21,22 +21,10 @@ stdenv.mkDerivation rec { }; patches = [ - (fetchpatch { # probably included in > 1.16.0 - name = "test_t-edit-sign.diff"; # we experienced segmentation fault in this test - urls = [ - "https://files.gnupg.net/file/data/w43xz2zf73pnyqk5mm5l/PHID-FILE-hm2x5mjntsdyxrxve5tb/file" - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=patch;h=81a33ea5e1b86d586b956e893a5b25c4cd41c969" - ]; - sha256 = "1xxvv0kc9wdj5hzpddzs3cn8dhmm2cb29224a7h9vairraq5272h"; - }) - (fetchpatch { # gpg: Send --with-keygrip when listing keys - name = "c4cf527ea227edb468a84bf9b8ce996807bd6992.patch"; - urls = [ - "https://files.gnupg.net/file/data/2ufcg7ny5jdnv7hmewb4/PHID-FILE-7iwvryn2btti6txr3bsz/file" - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=patch;h=c4cf527ea227edb468a84bf9b8ce996807bd6992" - ]; - sha256 = "0y0b0lb2nq5p9kx13b59b2jaz157mvflliw1qdvg1v1hynvgb8m4"; - }) + # probably included in > 1.16.0 + ./test_t-edit-sign.diff + # https://dev.gnupg.org/rMc4cf527ea227edb468a84bf9b8ce996807bd6992 + ./fix_gpg_list_keys.diff # https://lists.gnupg.org/pipermail/gnupg-devel/2020-April/034591.html (fetchpatch { name = "0001-Fix-python-tests-on-non-Linux.patch"; diff --git a/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff new file mode 100644 index 000000000000..bd8da4edd6e0 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff @@ -0,0 +1,12 @@ +diff --git a/src/engine-gpg.c b/src/engine-gpg.c +index b51ea173..4e74665e 100644 +--- a/src/engine-gpg.c ++++ b/src/engine-gpg.c +@@ -3005,6 +3005,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, + gpg_error_t err; + + err = add_arg (gpg, "--with-colons"); ++ err = add_arg (gpg, "--with-keygrip"); + + /* Since gpg 2.1.15 fingerprints are always printed, thus there is + * no more need to explicitly request them. */ \ No newline at end of file diff --git a/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff new file mode 100644 index 000000000000..55075b9eb126 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/gpgme/test_t-edit-sign.diff @@ -0,0 +1,125 @@ +From 81a33ea5e1b86d586b956e893a5b25c4cd41c969 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de> +Date: Sat, 26 Jun 2021 18:02:47 +0200 +Subject: [PATCH] core: Fix use-after-free issue in test + +* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New. +(main): Factored out signing and verifying the result. +-- + +Factoring the two steps of the test into different functions fixes the +use-after-free issue that was caused by accidentaly using a variable +of the first step in the second step. + +GnuPG-bug-id: 5509 +--- + tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++------------- + 1 file changed, 37 insertions(+), 17 deletions(-) + +diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c +index 2f983622..e0494c54 100644 +--- a/tests/gpg/t-edit-sign.c ++++ b/tests/gpg/t-edit-sign.c +@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd) + } + + +-int +-main (int argc, char **argv) ++void ++sign_key (const char *key_fpr, const char *signer_fpr) + { + gpgme_ctx_t ctx; + gpgme_error_t err; + gpgme_data_t out = NULL; +- const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ + gpgme_key_t signing_key = NULL; +- const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ + gpgme_key_t key = NULL; +- gpgme_key_t signed_key = NULL; +- gpgme_user_id_t signed_uid = NULL; +- gpgme_key_sig_t key_sig = NULL; + char *agent_info; +- int mode; +- +- (void)argc; +- (void)argv; +- +- init_gpgme (GPGME_PROTOCOL_OpenPGP); + + err = gpgme_new (&ctx); + fail_if_err (err); + +- /* Sign the key */ + agent_info = getenv("GPG_AGENT_INFO"); + if (!(agent_info && strchr (agent_info, ':'))) + gpgme_set_passphrase_cb (ctx, passphrase_cb, 0); +@@ -159,8 +147,23 @@ main (int argc, char **argv) + gpgme_data_release (out); + gpgme_key_unref (key); + gpgme_key_unref (signing_key); ++ gpgme_release (ctx); ++} ++ ++ ++void ++verify_key_signature (const char *key_fpr, const char *signer_keyid) ++{ ++ gpgme_ctx_t ctx; ++ gpgme_error_t err; ++ gpgme_key_t signed_key = NULL; ++ gpgme_user_id_t signed_uid = NULL; ++ gpgme_key_sig_t key_sig = NULL; ++ int mode; ++ ++ err = gpgme_new (&ctx); ++ fail_if_err (err); + +- /* Verify the key signature */ + mode = gpgme_get_keylist_mode (ctx); + mode |= GPGME_KEYLIST_MODE_SIGS; + err = gpgme_set_keylist_mode (ctx, mode); +@@ -168,7 +171,7 @@ main (int argc, char **argv) + err = gpgme_get_key (ctx, key_fpr, &signed_key, 0); + fail_if_err (err); + +- signed_uid = key->uids; ++ signed_uid = signed_key->uids; + if (!signed_uid) + { + fprintf (stderr, "Signed key has no user IDs\n"); +@@ -180,7 +183,7 @@ main (int argc, char **argv) + exit (1); + } + key_sig = signed_uid->signatures->next; +- if (strcmp ("2D727CC768697734", key_sig->keyid)) ++ if (strcmp (signer_keyid, key_sig->keyid)) + { + fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n", + key_sig->keyid); +@@ -196,6 +199,23 @@ main (int argc, char **argv) + + gpgme_key_unref (signed_key); + gpgme_release (ctx); ++} ++ ++ ++int ++main (int argc, char **argv) ++{ ++ const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */ ++ const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16; ++ const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */ ++ ++ (void)argc; ++ (void)argv; ++ ++ init_gpgme (GPGME_PROTOCOL_OpenPGP); ++ ++ sign_key (key_fpr, signer_fpr); ++ verify_key_signature (key_fpr, signer_keyid); + + return 0; + } +-- +2.32.0 |