On Fri, May 25, 2018 at 05:06:21PM +0300, Niko Tyni wrote:
> Control: severity -1 serious
>
> On Fri, May 25, 2018 at 11:05:58AM +0200, intrig...@debian.org wrote:
> > Package: libgnupg-interface-perl
> > Version: 0.52-9
> > Severity: important
> > X-Debbugs-Cc: d...@debian.org
>
> > ci.d.n alerted us about a regression in libgnupg-interface-perl test
> > suite since the upload of gnupg2/2.2.7-1:
>
> > Test Summary Report
> > -------------------
> > t/get_public_keys.t (Wstat: 0 Tests: 3 Failed: 1)
> > Failed test: 3
>
> This makes the package fail to build, so raising the severity.
In addition to the above, gnupg2/2.2.8-1 also introduced new failures:
t/decrypt.t ................
1..6
not ok 1
ok 2
not ok 3
ok 4
ok 5
ok 6
Failed 2/6 subtests
gpg --decrypt now exits with code 2. strace reveals
690 write(2, "WARNING: message was not integrity protected\n", 45) = 45
690 write(2, "gpg: ", 5) = 5
690 write(2, "Hint: If this message was created before the year 2003 it
is\n", 61) = 61
690 write(2, " ", 5) = 5
690 write(2, "likely that this message is legitimate. This is because
back\n", 62) = 62
690 write(2, " ", 5) = 5
690 write(2, "then integrity protection was not widely used.\n", 47) = 47
690 write(2, "gpg: Use the option '--ignore-mdc-error", 39) = 39
690 write(2, "' to decrypt anyway.\n", 21) = 21
690 write(2, "gpg: ", 5) = 5
690 write(2, "decryption forced to fail!\n", 27) = 27
so this seems to be due to
Noteworthy changes in version 2.2.8
===================================
* gpg: Decryption of messages not using the MDC mode will now lead
to a hard failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure into a
warning. Take care: Never use that option unconditionally or
without a prior warning.
--
Niko Tyni nt...@debian.org
