Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: m...@packages.debian.org, Marc Haber
<mh+debian-packa...@zugschlus.de>, "Kevin J. McCarthy" <ke...@8t8.us>, Antonio
Radici <anto...@debian.org>, car...@debian.org
Control: affects -1 + src:mutt
Hi Stable release managers,
[ Reason ]
mutt in bullseye (fixed in unstable already) is affected by #1024427,
mutt segfaults in pgp_gpgme_extract_keys(). The bug #1024427 attaches
a test mailbox (originally from debian-mentors list) to verify the
fix.
[ Impact ]
mutt crash if user opens problemac mail triggering the issue.
[ Tests ]
Explicitly tested agains the testcase attached in #bug1024427.
[ Risks ]
Patches are taken from upstream, with upstream indicating to them in
https://bugs.debian.org/1024427#10
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Adds the three patches from upstream. Quoting upstream: The first is
just a cleaned up version of the patch you tested. The second fixes a
bug in the same function when used with older versions of gpgme. The
last fixes a similar potential key->uid dereference bug elsewhere in
the gpgme code.
[ Other info ]
None.
Regards,
Salvatore
diff -Nru mutt-2.0.5/debian/changelog mutt-2.0.5/debian/changelog
--- mutt-2.0.5/debian/changelog 2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/changelog 2022-12-07 22:39:58.000000000 +0100
@@ -1,3 +1,12 @@
+mutt (2.0.5-4.1+deb11u2) bullseye; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix gpgme crash when listing keys in a public key block (Closes: #1024427)
+ * Fix public key block listing for old versions of gpgme
+ * Add a check for key->uids in create_recipient_set
+
+ -- Salvatore Bonaccorso <car...@debian.org> Wed, 07 Dec 2022 22:39:58 +0100
+
mutt (2.0.5-4.1+deb11u1) bullseye; urgency=medium
* Non-maintainer upload.
diff -Nru mutt-2.0.5/debian/patches/series mutt-2.0.5/debian/patches/series
--- mutt-2.0.5/debian/patches/series 2022-04-23 14:44:09.000000000 +0200
+++ mutt-2.0.5/debian/patches/series 2022-12-07 22:39:58.000000000 +0100
@@ -15,3 +15,6 @@
upstream/985152-body-color-slowness.patch
upstream/Fix-seqset-iterator-when-it-ends-in-a-comma.patch
upstream/Fix-uudecode-buffer-overflow.patch
+upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
+upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
+upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
diff -Nru
mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
---
mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
1970-01-01 01:00:00.000000000 +0100
+++
mutt-2.0.5/debian/patches/upstream/Add-a-check-for-key-uids-in-create_recipient_set.patch
2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,30 @@
+From b254f2fb44f994c48e2491adaf03d97d3c628283 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <ke...@8t8.us>
+Date: Tue, 1 Nov 2022 20:22:06 -0700
+Subject: [PATCH] Add a check for key->uids in create_recipient_set.
+
+For gpgme < 1.11.0, it used this function to create the encryption key
+list. The '!' was interpreted differently back then, and it
+apparently didn't check if the returned key had any uids before
+referencing it. Add a check to prevent a segv as in the public key
+block fix.
+---
+ crypt-gpgme.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index bf120ab50fc2..fdf44af4fe3d 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -915,7 +915,7 @@ static gpgme_key_t *create_recipient_set (const char
*keylist, int use_smime)
+ buf[i-1] = 0;
+
+ err = gpgme_get_key (context, buf, &key, 0);
+- if (! err)
++ if (! err && key->uids)
+ key->uids->validity = GPGME_VALIDITY_FULL;
+ buf[i-1] = '!';
+ }
+--
+2.38.1
+
diff -Nru
mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
---
mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
1970-01-01 01:00:00.000000000 +0100
+++
mutt-2.0.5/debian/patches/upstream/Fix-gpgme-crash-when-listing-keys-in-a-public-key-bl.patch
2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,54 @@
+From 48b6ea32e21db8b580cd3ca8c346c3e2c22756f6 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <ke...@8t8.us>
+Date: Mon, 31 Oct 2022 15:02:57 -0700
+Subject: [PATCH] Fix gpgme crash when listing keys in a public key block.
+
+The gpgme code handling classic application/pgp assumed each key would
+have a uid. Change it to check for a missing uid list.
+
+Also change it to list every uid (instead of only the first), and to
+put each one on a "uid" line in the output.
+
+The output is only for display, so the format change won't affect
+other parts of the code.
+
+Thanks to Mikko Lehto for the high quality bug report, detailing the
+exact place of the crash with a reproducing example and a workaround
+patch.
+---
+ crypt-gpgme.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index e74caecba34e..5c3c0fe51669 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2422,14 +2422,18 @@ static int pgp_gpgme_extract_keys (gpgme_data_t
keydata, FILE** fp)
+ tt = subkey->timestamp;
+ strftime (date, sizeof (date), "%Y-%m-%d", localtime (&tt));
+
++ fprintf (*fp, "%s %5.5s %d/%8s %s\n",
++ more ? "sub" : "pub",
++ gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
++ shortid, date);
+ if (!more)
+- fprintf (*fp, "%s %5.5s %d/%8s %s %s\n", more ? "sub" : "pub",
+- gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+- shortid, date, uid->uid);
+- else
+- fprintf (*fp, "%s %5.5s %d/%8s %s\n", more ? "sub" : "pub",
+- gpgme_pubkey_algo_name (subkey->pubkey_algo), subkey->length,
+- shortid, date);
++ {
++ while (uid)
++ {
++ fprintf (*fp, "uid %s\n", NONULL (uid->uid));
++ uid = uid->next;
++ }
++ }
+ subkey = subkey->next;
+ more = 1;
+ }
+--
+2.38.1
+
diff -Nru
mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
---
mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
1970-01-01 01:00:00.000000000 +0100
+++
mutt-2.0.5/debian/patches/upstream/Fix-public-key-block-listing-for-old-versions-of-gpg.patch
2022-12-07 22:39:58.000000000 +0100
@@ -0,0 +1,31 @@
+From f0eb3586480c301b66657c7326b6546ef086c7f4 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <ke...@8t8.us>
+Date: Mon, 31 Oct 2022 15:06:51 -0700
+Subject: [PATCH] Fix public key block listing for old versions of gpgme.
+
+Commit 382355a5 accidentally removed the data import for legacy mode,
+which would cause it to produce empty output.
+---
+ crypt-gpgme.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/crypt-gpgme.c b/crypt-gpgme.c
+index 5c3c0fe51669..bf120ab50fc2 100644
+--- a/crypt-gpgme.c
++++ b/crypt-gpgme.c
+@@ -2386,6 +2386,12 @@ static int pgp_gpgme_extract_keys (gpgme_data_t
keydata, FILE** fp)
+ dprint (1, (debugfile, "Error setting GPGME context home\n"));
+ goto err_tmpdir;
+ }
++
++ if ((err = gpgme_op_import (tmpctx, keydata)) != GPG_ERR_NO_ERROR)
++ {
++ dprint (1, (debugfile, "Error importing key\n"));
++ goto err_tmpdir;
++ }
+ }
+
+ tmpfile = mutt_buffer_pool_get ();
+--
+2.38.1
+
