D366: 825_fix-in-gpgmepp.patch

Note to self.

The problem is that editinteractor in edit_interactor_callback_impl checks
status_to_error before the GpgSignKeyEditInteractor::nextState implementation
has the chance to ignore that status with needsNoResponse.

A fix in GpgMEpp could be to ignore the error if the state machine was not
started. E.g. we have not yet send any command.

Attached patch fixes the problem. But I'm not sure that this does not cause
regressions e.g. when trying to add a uid to an expired key or trying to
actually sign expired uid's. :-/

The particular problem of T2306 (aheinecke on Apr 25 2016, 06:53 PM / Roundup) has been fixed in cb4fee8.

I think that it was not always reproducible because it depends on timing (only
when it detected an error at bulk_in, the problem happened). I'm not sure if
the difference of old/new libusb mattered for this problem.

Those libraries are not GnuPG specific.

Thank You. I noticed later that, indeed, at the first instance,
there's a problem with the library, but I corrected that issue
with the other try, the one that is described at

https://bugs.gnupg.org/gnupg/file821/2016_04_gnupg_v_2_1_11_build_log.txt

---citation--start----
gcc -DHAVE_CONFIG_H -I. -I.. -I../common -
DLOCALEDIR=\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04/gnup
g/share/locale\" -
DGNUPG_BINDIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04/
gnupg/bin\"" -
DGNUPG_LIBEXECDIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016
_04/gnupg/lib\"" -
DGNUPG_LIBDIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04/
gnupg/lib64/gnupg\"" -
DGNUPG_DATADIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04
/gnupg/share/gnupg\"" -
DGNUPG_SYSCONFDIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016
_04/gnupg/etc/gnupg\"" -
DGNUPG_LOCALSTATEDIR="\"/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2
016_04/gnupg/var\"" -
I/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04/libgcrypt/includ
e -
I/home/ts2/m_local/bin_p_originaalid/GNU_Privacy_Guard/v2016_04/libksba/include
-Wall -Wno-pointer-sign -Wpointer-arith -mtune=native -ftree-vectorize -MT
libkeybox_a-keybox-util.o -MD -MP -MF .deps/libkeybox_a-keybox-util.Tpo -c -o
libkeybox_a-keybox-util.o test -f 'keybox-util.c' || echo './'keybox-util.c
In file included from keybox-defs.h:42:0,

from keybox-util.c:29:

../common/stringhelp.h: In function ‘make_filename’:
../common/stringhelp.h:55:52: error: expected declaration specifiers before â
€˜GPGRT_ATTR_SENTINEL’
char *make_filename( const char *first_part, ... ) GPGRT_ATTR_SENTINEL(0);

^

---citation--end------

Besides, given the small size of the GnuPG, shouldn't the
few GnuPG specific libraries just be subfolders of the
GnuPG project? If not in the repository, then at least
at the release tar-ball? It would avoid the
"library wrongly installed" part.

A beta version is not a released version. For example SO numbers may be
different. BTW 1.22 has been released.

libksba has not been installed properly.

For help on building libgcrypt, please ask on gcrypt-devel ML.

Your report is too sparse to help you. When writing to the ML you should
specify the used OS, any special configuration you have, and a detailed
description of what you did.

libgpg-error 1.22 is out with fix. Please test.

libgpg-error 1.2.2 is out. Please test with it.

I can make "a" problem (not sure if it is "the" problem) reproducible with the
following command (as root):

AUTHFILE="/sys/bus/usb/devices/4-1.2/authorized" ; echo 0 > "$AUTHFILE" ; sleep
1 ; echo 1 > "$AUTHFILE"

This was based on:
http://askubuntu.com/questions/645/how-do-you-reset-a-usb-device-from-the-command-line/61165#61165

where 4-1.2 is the id of my reader. The error message in scdaemon log is
slightly different but the behavior is the same. It's in an error state until I
kill it.

Just as a note, this bug is for the "MIME Aware" interface with event driven
sign / encrypt.

The downstream issue does not persist in gcc 4.9.3 but triggers for 4.8.5

Fwiw we're tracking this downstream as "dev-libs/libgcrypt-1.7.0: impossible
constraints on 'asm' operand" - https://bugs.gentoo.org/show_bug.cgi?id=580270

I'm not sure, if it is relevant, but
I tried to build the newer version, the v2.1.11, id est the "GnuPG Modern"
and it did not go so well either, despite the fact that
I custom-built the dependent libraries and put their bin folders to
PATH and lib64 folders LD_LIBRARY_PATH prior to attempting
to build the gnupg.

Thanks for the explanation, Werner.

This note might also be worth adding to the gpg-preset-passphrase manpage.

Here is the gist of the info:

i686-pc-linux-gnu
gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3

libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. \

-I../src -I../src -I/usr/local/include -g -O2 \
-fvisibility=hidden -Wall -MT rijndael-aesni.lo \
-MD -MP -MF .deps/rijndael-aesni.Tpo -c rijndael-aesni.c \
-fPIC -DPIC -o .libsrijndael-aesni.o

rijndael-aesni.c: In function '_gcry_aes_aesni_ctr_enc':
rijndael-aesni.c:817:3: error: can't find a register in class \

'GENERAL_REGS' while reloading 'asm'

rijndael-aesni.c:1117:3: error: 'asm' operand has impossible constraints
rijndael-aesni.c:817:3: error: 'asm' operand has impossible constraints

gpg1 does not known about keygrips. Instead of the keygrip, gpg1 uses the
fingerprint as cacheid for gpg-agent. The agent's command GET_PASSPHRAE, as
used by gpg1, uses a different cache mode from what gpg-preset-passphrases uses.
Thus even if you replace the keygrip with the fingerprint of the (sub)key, it
won't work.

I'll add

Note, that the tool @command{gpg-preset-passphrase}, which comes
with GnuPG-2, cannot be used to preset a passphrase for this
version of GnuPG.

to the gpg 1 man page.

Thank you. I've attached the output from 'ldd tests/fdpassing'. Not sure how to
read it.

I've attached the config.log file.

I'm reading the implementation of new libusb.
If I guess correctly, the picture of the problem would be:

• New libusb somehow caches (or uses cache of kernel's) USB device list structures.
• When the device is plugged off/on (or hardware failures), the cache should be

updated.

• GnuPG's ccid-driver possibly keeps using staled data of USB device list.

I'll check the implementation detail, and try fixing this.
I think that current ccid-driver with new libusb has an issue for memory leaks
for device list, so, it should be reviewed and modified anyway.

It would be good if we could have a reproducible scenario.

There's an issue somewhere: I built & installed libgpg-error 1.22 beta exactly
the same way as I did with 1.21. I'm not surprised by your answer: you guys have
already dismissed another perfectly valid issue report.

I already sent Justsus some code I started with to restore that feature.

Fixed in f8adf1a.

Thanks for looking into this, Justus.

While you're working on this, it might make sense to consider restoration of the
--export-options export-reset-subkey-passwd flag, which was dropped in 2.1.

This flag was used by at least one GnuPG downstream (monkeysphere); its absence
causes "monkeysphere subkey-to-ssh-agent" to fail.

In GnuPG 1.4.x and 2.0.x, the option was defined this way:

export-reset-subkey-passwd
       When  using  the  --export-secret-subkeys  command,  this
       option resets the passphrases for all exported subkeys to
       empty. This is useful when the exported subkey is  to  be
       used  on an unattended machine where a passphrase doesn't
       necessarily make sense. Defaults to no.

Related T2324.

Werner: Yes please.

Something went wrong wile you installed libgpg-error. The linker picks up
another version of the library. If you need help, please ask on gnupg-devel.
Glad, that it now works for you.

DoS via Tor - sorry.

pushed to the 1.7 branch.

I have some stashed work to fix this but it is not ready - let me know if you
want to work on it.

Thanks for the info and the patch.
I have pushed commit 4545372 to master and it will eventually go into 1.7.1.

commit d02de6c should fix that.

Use '=' for an exact match and optionally '*' for a substring match.

*See also T2070

Hi Werner,

FreeBSD 9.x uses gcc version 4.2.1 20070831 patched [FreeBSD]

See also issue20170

Thanks for the patch.
Which compiler version are you using?

Please provide more information. A kernel version is not sufficient. What
distro are you using, which compiler, etc. Sending the file config.log or a
transscript of the configure run would be helpful.

Please describe the interaction. IIUC, isn't it pinentry problem?
Did you input your PIN? For "2 - unblock PIN" operation, you need to
authenticate as admin, did you input your PIN for admin? Wasn't it a failure of
PIN input for admin or user, whatever?

libgcrypt 1.7.0 is out. Please test with it.

D365: 816_patch-cipher_crc-intel-pclmul.c

The following patch solves the problem.