Package: dpkg-dev
Version: 1.16.9
Severity: important
File: /usr/bin/dpkg-source
dpkg-source --require-valid-signature -x gnupg_1.4.12-6.dsc with the attached
dsc file will process the gnupg part of the dsc. This is however not covered by
the signature.
This happens as Dpkg::Control::Hash skips until an empty line:
145 } elsif (m/^-----BEGIN PGP SIGNED MESSAGE/) {
146 $expect_pgp_sig = 1;
147 if ($$self->{'allow_pgp'}) {
148 # Skip PGP headers
149 while (<$fh>) {
150 last if m/^$/;
151 }
However one can add trailing whitespace without breaking the signature causing
the code to skip until the second section.
See also #695855.
Ansgar
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dpkg-dev depends on:
ii base-files 7.0
ii binutils 2.22-7.1
ii bzip2 1.0.6-4
ii libdpkg-perl 1.16.9
ii make 3.81-8.2
ii patch 2.6.1-3
ii xz-utils 5.1.1alpha+20120614-2
Versions of packages dpkg-dev recommends:
ii build-essential 11.5
ii clang [c-compiler] 3.1-8
ii fakeroot 1.18.4-2
ii gcc [c-compiler] 4:4.7.2-1
ii gcc-4.6 [c-compiler] 4.6.3-14
ii gcc-4.7 [c-compiler] 4.7.2-4
ii gnupg 1.4.12-6
ii gpgv 1.4.12-6
ii libalgorithm-merge-perl 0.08-2
Versions of packages dpkg-dev suggests:
ii debian-keyring 2012.11.15
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
