Your message dated Mon, 31 Mar 2025 16:34:16 +0000
with message-id <e1tzi5y-000pxl...@fasolo.debian.org>
and subject line Bug#1101011: fixed in gnupg2 2.4.7-11
has caused the Debian Bug report #1101011,
regarding gnupg2: gpgv returns bad signature for a previously valid file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1101011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnupg2
Version: 2.2.46-2
Severity: grave
X-Debbugs-Cc: debian-wb-t...@lists.debian.org
Control: affects -1 buildd.debian.org
Control: affects -1 src:dupload
Hi,
Starting with gnupg2 version 2.2.46-2, gpgv report a bad signature with
the attached changes file with the attached pubring and the following
command:
| $ gpgv --keyring ./pubring.gpg lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| gpgv: Signature made Fri Mar 21 16:49:21 2025 CET
| gpgv: using RSA key 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
| gpgv: BAD signature from "buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org>"
With version 2.2.46-1 it outputs:
| $ gpgv --keyring ./pubring.gpg lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| gpgv: Signature made Fri Mar 21 16:49:21 2025 CET
| gpgv: using RSA key 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
| gpgv: Good signature from "buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org>"
Note that sq is able to successfully validate that file:
| $ sq verify --signer-file=./pubring.gpg --message
lwt-log_1.1.2-4+b14_riscv64-buildd.changes
| Authenticated signature made by 26F3C34BC64F1ED58095CC58B44F38757CF7C9E7
(buildd autosigning key rv-manda-03
<buildd_riscv64-rv-manda...@buildd.debian.org> (UNAUTHENTICATED))
[snip]
| 1 authenticated signature.
Note that this file has been signed by gnupg2 version 2.2.46-2.
Resigning the file doesn't help. This breaks the signature verification
done by openpgp-check (part of dupload) on the build daemons.
Regards
Aurelien
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Mar 2025 15:44:52 +0000
Source: lwt-log (1.1.2-4)
Binary: liblwt-log-ocaml liblwt-log-ocaml-dbgsym liblwt-log-ocaml-dev
Binary-Only: yes
Architecture: riscv64
Version: 1.1.2-4+b14
Distribution: sid
Urgency: low
Maintainer: riscv64 Build Daemon (rv-manda-03)
<buildd_riscv64-rv-manda...@buildd.debian.org>
Changed-By: riscv64 Build Daemon (rv-manda-03)
<buildd_riscv64-rv-manda...@buildd.debian.org>
Description:
liblwt-log-ocaml - optimised functions to read and write int16/32/64 (runtime)
liblwt-log-ocaml-dev - Lwt-friendly logging library (development)
Changes:
lwt-log (1.1.2-4+b14) sid; urgency=low, binary-only=yes
.
* Binary-only non-maintainer upload for riscv64; no source changes.
* Rebuild with new ABIs of dependencies
Checksums-Sha1:
26c7ef89281028928da3dca8b92eab91bd8c61b2 13036
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
43400189602d538112528329dd7c7680743a9e60 267872
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
f10f643c8970bc3d8fe9ac317de5e67b3f096f24 90792
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
9fe907678ffafd01e2b2a38c1cc45ac41032c7b3 7219
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
Checksums-Sha256:
d79e3b5e6bf823e6dede086d036cc07f7836122f1278b693618793b5c9076265 13036
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
86085ae9d6b76b1439d7ef0ed5e59882d9a82ed9070bf0562cf9859e22e4ea0d 267872
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
953f3300f8284b35fb992d21143dc19680ed5fdea9d0c8dbdf3fab2f7722fe31 90792
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
5ce0081e1e3bceee63235cc1ba1c11d30f01f0f84dba29f9ad672895e94f8142 7219
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
Files:
6d610dbcb2312db94bb587449c3ca077 13036 debug optional
liblwt-log-ocaml-dbgsym_1.1.2-4+b14_riscv64.deb
316e80c7a61074be34ee8a88182a910a 267872 ocaml optional
liblwt-log-ocaml-dev_1.1.2-4+b14_riscv64.deb
f3b4dda224621f7c1644493aaa03bb4a 90792 ocaml optional
liblwt-log-ocaml_1.1.2-4+b14_riscv64.deb
bf9d0af85f635b301b319213475ef2e7 7219 ocaml optional
lwt-log_1.1.2-4+b14_riscv64-buildd.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEJvPDS8ZPHtWAlcxYtE84dXz3yecFAmfdioEACgkQtE84dXz3
yecD6BAAljL5+dX5TRPATwA2loo5c4geiNwIbm3gmX7iK4I36L/dFchOqCKqD2Sk
qjmTMNeFRjUN8YIoXuUI9isKZn03lcpdckUhiIwyuV+xjUk4xmQqYdMZKhU7CpLg
tJOEFJ2DnJsJ1r2jdv//eMGG+4r8hHoMpp6f2z/y8fI2KNa5YEAWAYw5tJOIP89a
K02/JwAmPrprb46uAYhzk3iCuXuC4sYJnmNzRLvo/29PnFh2olPar+tlb8F3BBxg
5du7PceNrplzjtyKLAws6ilMy/V28+YcTbP1serNWr/LjBiH2ErQU/3HgXKXAiz6
yVX/sXI40196tZwWguNVzUYyi2RF5xQfo1oqceGmHqAAS5tMEeh8vFWkA/7IR/zQ
8jXyrPlns/hE8t0CnZgoOWSqsC14tmn88KjcCjlgcPomaztNviajMarsWo6i7ktM
m7S0uH2cfG0QzjuQOsEMGC0f0/JTuXscUTrNoIjEoaDQPbdnIGd3JnEAmKo0bb6c
g1jLYFEpUwJ45l02aEstQ8xtG4sXTMFjwEyZF61hkEEFV5Eyxt1FJohIiLSTxxup
1WjsupZilG3KXml4qnkiUXSDKPu0PJPFsZjEipxo7ekAv5QbK+6xO9Ughx56Aboj
VW8JvTwQnnhnXeOFnunnzzoMePZJJ8L/uvr+MyRW96BgUS/s4kA=
=gweN
-----END PGP SIGNATURE-----
pubring.gpg
Description: application/pgp-keys
--- End Message ---
--- Begin Message ---
Source: gnupg2
Source-Version: 2.4.7-11
Done: Andreas Metzler <ametz...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gnupg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1101...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnupg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 Mar 2025 18:04:35 +0200
Source: gnupg2
Architecture: source
Version: 2.4.7-11
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 1100793 1101011
Changes:
gnupg2 (2.4.7-11) experimental; urgency=medium
.
* Drop duplicate systemd-user files in gnupg/examples/
* Add CVE number to 2.4.7-5 changelog entry
* Also remove duplicate dirmngr and keyboxd systemd files
* Formatting fixes for migrate-pubring-from-classic-gpg.1
(Thanks to Bjarni Ingi Gislason) Closes: #1100793
* Revert FreePG patch for CSF newline cleanup. Closes: #1101011
Checksums-Sha1:
18544bb71d4aad95efa71bad0bd45cd847aeeac7 3990 gnupg2_2.4.7-11.dsc
ada23a13f1049826511569956e8f64ffa9cd9139 103384 gnupg2_2.4.7-11.debian.tar.xz
Checksums-Sha256:
1a7eb7bd6b00076a31f9fcd74bc167213a2f19e2f01892725d2dd0add1e117d9 3990
gnupg2_2.4.7-11.dsc
e8e68fd0db0f6bef6c30f4dfd1b0c523d3eff1146b0768364b0673a6eab55373 103384
gnupg2_2.4.7-11.debian.tar.xz
Files:
2f1180056d4f58d4f3e15cad25abf17f 3990 utils optional gnupg2_2.4.7-11.dsc
a5f44e9b81ce393459f4197a62ef0618 103384 utils optional
gnupg2_2.4.7-11.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmfqv3QACgkQpU8BhUOC
FIQJlQ/+P3ZqUolwgOST6njO2SCxQQcKmdqhJPXHkt4A/qOi5LNTV9ZK9FWPxUG5
4BbvSzXxsIMtnGyAkol8lwtKv1VpMpFQ6OPCKOnJAcVB8xYyUpsBksckDUXEltWP
ZnhdMymnAnaJlx7tbglEY8ZIIYqXfNqeqp10+FWo0UnrYFeuHY+VKD9feL7j5Yni
s+5UtMRlsi8FOeA4WrSJ2rtE+mCKpJbXXmk2tCAqQs0qT9N8DMuddICZyqPzmcK8
mL4dLStDGmBtEQFDEVidvporKHaYqjXXCdscjL5qkF3ZaeH0mOGh6lBGPhMp7/CP
WdiqzbWeQ0yTxTENrqe7jBrx0WbHhz8avwA2fE0/PXiPbNc2CvNDw2S8sv6Poho7
7Myfa7TEZyXJ1KPVYNQHRhr8CCd7pIA7yHSet/sLmUTguCFSGXMKf3hZxSPuqLaK
Uh6wJAAIX9KoiVbMlp0jDQfsWZ09vOPoTgSr3VzQyC+PoJRp0X7kqlvEu+f1utE2
tTzi9BM4x4Is/X6K4EjDzjp3RCswQNPiGjz4OHAiTyqIrwsAk5zhAruvBmZ4RtZV
aJTPRutKd5jsi/A72ofMya6AvUwhdeYm9I41HmxI5Wof6hH9NqwuDkvWgAnB9UQP
2g9M3H2VWGBdzfwf8+pxMatCAE3P244F4nuyp4DnNA7SK12J6Cc=
=6/MN
-----END PGP SIGNATURE-----
pgpJXip8GTCH1.pgp
Description: PGP signature
--- End Message ---
