Package: apt Version: 1.2.7 Severity: important apt-get 1.2.7 segfaults on a repository with expired signing key. Reproduced on two different Debian Sid AMD64 installs.
To reproduce, put the following line in /etc/apt/sources.list: deb http://download.opensuse.org/repositories/home:/strik/Debian_8.0/ / Add this signing key via apt-key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFHUa9UBCAC+XKuxd8rN8Pr39MUFjiDY9D1zgjz+zHl1tKyowXVqE2F9iF7w 4bqdN+IwLznkGhRUgYS53oqoaX1oCAnuwL5FwmXEHGTzhlcwQ2qcRxtCJbBCMhMr 2sPK4liJEYkWEX59fGqxbakXpyNxGEUyxq2V0VAqR1qEE/fFTZwb7DcXL3zGOYg6 82P90k/+ydwOEWYuEwjVU0HwAtGa/iXGmVN9X5HFWB7i4oSvLq8DB5SMicq4NFt0 Xe5h1vu9c6L388l2ycMBeDKtriCDck7Dplmvor3rbV4dZFTBpvcLwOm0HnYg4dbV a7t8xvClK/WCjKGLqgVQpuqiVrexxIwrQFinABEBAAG0NmhvbWU6c3RyaWsgT0JT IFByb2plY3QgPGhvbWU6c3RyaWtAYnVpbGQub3BlbnN1c2Uub3JnPokBPAQTAQIA JgUCUdRr1QIbAwUJBB6wAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEFZI9oWU Gz+PkwwH/3phnSReZfKpnjszaV+j65j4FM+dukx69zZNFmR9wWpYad5QKTKGqzf2 /7k+mqygcGrZp4J87+Jon3YmfmLgGI+/wIcQCXL7ztg/Y30cQS3gWe9l4C1Q6GKQ kRjr8p/84lHJ3B1hyuBf8joz8MMg8O7hZzkvwnuAjlx/KNdXNKPA2mAWK+AFG4Nb MkxSK69hWCu37BPMvI+ROc3W9E14eKhp8VjBt8DNH32F943yIr7soiucUgpLDbJn puXK8N6EWtrN9uZrsBr2b0JibDmHi744adwdNkWj0KNTKoSq7hL6DIASxPoe1EDx P5q6VJAUKnGKMsE8lmFGOFvbYkE0jw6IRgQTEQIABgUCUdRr1QAKCRA7MBG3a51l IwwNAJ9VTERjGDH8YuodeqYz34S9VNKUowCeJMQ/SdvawBTeLuJuBPfXlt2LEGo= =HYJ/ -----END PGP PUBLIC KEY BLOCK----- Then run apt-get update: # apt-get update Ign:1 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 InRelease Hit:2 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release Get:3 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release.gpg [481 B] Reading package lists... Done E: Method gpgv has died unexpectedly! E: Sub-process gpgv received a segmentation fault. zsh: exit 100 apt-get update gpgv has segfaulted: Mar 21 18:24:27 t450s kernel: [200452.289400] gpgv[8575]: segfault at ffffffffffffffe0 ip 0000561dcf4c8021 sp 00007ffe7acd47d0 error 5 in gpgv[561dcf4c1000+a000] Downgrading to apt 1.2.6 fixes the problem: # apt-get update Ign:1 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 InRelease Get:2 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release [982 B] Get:3 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release.gpg [481 B] Ign:3 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release.gpg Hit:4 http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Packages Fetched 1463 B in 0s (2454 B/s) Reading package lists... Done W: GPG error: http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release: The following signatures were invalid: KEYEXPIRED 1441995733 W: The repository 'http://download.opensuse.org/repositories/home:/strik/Debian_8.0 Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. Let me know if you need more info. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; APT::Sandbox ""; APT::Sandbox::User "_apt"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-image-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-image-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.5\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.3\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.4\.0-trunk-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.5\.0-rc7-amd64$"; APT::VersionedKernelPackages ""; APT::VersionedKernelPackages:: "linux-image"; APT::VersionedKernelPackages:: "linux-headers"; APT::VersionedKernelPackages:: "linux-image-extra"; APT::VersionedKernelPackages:: "linux-signed-image"; APT::VersionedKernelPackages:: "kfreebsd-image"; APT::VersionedKernelPackages:: "kfreebsd-headers"; APT::VersionedKernelPackages:: "gnumach-image"; APT::VersionedKernelPackages:: ".*-modules"; APT::VersionedKernelPackages:: ".*-kernel"; APT::VersionedKernelPackages:: "linux-backports-modules-.*"; APT::VersionedKernelPackages:: "linux-tools"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "contrib/metapackages"; APT::Never-MarkAuto-Sections:: "non-free/metapackages"; APT::Never-MarkAuto-Sections:: "restricted/metapackages"; APT::Never-MarkAuto-Sections:: "universe/metapackages"; APT::Never-MarkAuto-Sections:: "multiverse/metapackages"; APT::Move-Autobit-Sections ""; APT::Move-Autobit-Sections:: "oldlibs"; APT::Move-Autobit-Sections:: "contrib/oldlibs"; APT::Move-Autobit-Sections:: "non-free/oldlibs"; APT::Move-Autobit-Sections:: "restricted/oldlibs"; APT::Move-Autobit-Sections:: "universe/oldlibs"; APT::Move-Autobit-Sections:: "multiverse/oldlibs"; APT::Update ""; APT::Update::Post-Invoke-Success ""; APT::Update::Post-Invoke-Success:: "test -x /usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i"; APT::Update::Post-Invoke ""; APT::Update::Post-Invoke:: "[ ! -x /usr/bin/debtags ] || debtags update || true"; APT::Cache-Limit "268435456"; APT::Architectures ""; APT::Architectures:: "amd64"; APT::Architectures:: "i386"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "0"; APT::Compressor::lz4 ""; APT::Compressor::lz4::Name "lz4"; APT::Compressor::lz4::Extension ".lz4"; APT::Compressor::lz4::Binary "lz4"; APT::Compressor::lz4::Cost "50"; APT::Compressor::lz4::CompressArg ""; APT::Compressor::lz4::CompressArg:: "-1"; APT::Compressor::lz4::UncompressArg ""; APT::Compressor::lz4::UncompressArg:: "-d"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "100"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-6n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "200"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "300"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-6"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "400"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-6"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::mirrors "mirrors/"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Bin::lz4 "/usr/bin/lz4"; Dir::Bin::lzma "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/apt"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::AllowInsecureRepositories "1"; Acquire::AllowDowngradeToInsecureRepositories "0"; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom/"; Acquire::IndexTargets ""; Acquire::IndexTargets::deb ""; Acquire::IndexTargets::deb::Packages ""; Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages"; Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages"; Acquire::IndexTargets::deb::Packages::ShortDescription "Packages"; Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages"; Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages"; Acquire::IndexTargets::deb::Packages::Optional "0"; Acquire::IndexTargets::deb::Translations ""; Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb-src ""; Acquire::IndexTargets::deb-src::Sources ""; Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources"; Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources"; Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources"; Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources"; Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources"; Acquire::IndexTargets::deb-src::Sources::Optional "0"; Acquire::Changelogs ""; Acquire::Changelogs::URI ""; Acquire::Changelogs::URI::Origin ""; Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";; Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog";; Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";; Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt";; Acquire::Changelogs::AlwaysOnline ""; Acquire::Changelogs::AlwaysOnline::Origin ""; Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; DPkg ""; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/sbin/apt-listbugs apt"; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/sbin/apt-listbugs ""; DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "3"; DPkg::Tools::Options::/usr/sbin/apt-listbugs::InfoFD "20"; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "if [ -x /usr/bin/rkhunter ] && grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi"; AptListbugs ""; AptListbugs::Severities "critical,grave,serious"; Unattended-Upgrade ""; Unattended-Upgrade::Origins-Pattern ""; Unattended-Upgrade::Origins-Pattern:: "origin=Debian,codename=${distro_codename},label=Debian-Security"; Binary "apt-config"; Binary::apt ""; Binary::apt::APT ""; Binary::apt::APT::Color "1"; Binary::apt::APT::Cache ""; Binary::apt::APT::Cache::Show ""; Binary::apt::APT::Cache::Show::Version "2"; Binary::apt::APT::Cache::AllVersions "0"; Binary::apt::APT::Cache::ShowVirtuals "1"; Binary::apt::APT::Cache::Search ""; Binary::apt::APT::Cache::Search::Version "2"; Binary::apt::APT::Cache::ShowDependencyType "1"; Binary::apt::APT::Cache::ShowVersion "1"; Binary::apt::APT::Get ""; Binary::apt::APT::Get::Upgrade-Allow-New "1"; Binary::apt::APT::Cmd ""; Binary::apt::APT::Cmd::Show-Update-Stats "1"; Binary::apt::APT::Keep-Downloaded-Packages "0"; Binary::apt::DPkg ""; Binary::apt::DPkg::Progress-Fancy "1"; Binary::apt::Acquire ""; Binary::apt::Acquire::AllowInsecureRepositories "0"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- /etc/apt/preferences -- Package: zsh* Pin: release a=experimental Pin-Priority: 600 Package: linux-image-*-trunk-* Pin: release a=experimental Pin-Priority: 600 Package: linux-headers-*-trunk-* Pin: release a=experimental Pin-Priority: 600 Package: linux-kbuild-* Pin: release a=experimental Pin-Priority: 600 Package: systemd Pin: origin "" Pin-Priority: -1 Package: vice Pin: origin download.opensuse.org Pin-Priority: 501 Package: *kodi* Pin: origin www.deb-multimedia.org Pin-Priority: 600 -- /etc/apt/sources.list -- deb http://download.opensuse.org/repositories/home:/strik/Debian_8.0/ / -- System Information: Debian Release: stretch/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=fi_FI (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Init: sysvinit (via /sbin/init) Versions of packages apt depends on: ii adduser 3.114 ii debian-archive-keyring 2014.3 ii gnupg 1.4.20-4 ii gnupg2 2.1.11-6 ii gpgv 1.4.20-4 ii libapt-pkg5.0 1.2.6 ii libc6 2.22-3 ii libgcc1 1:5.3.1-12 ii libstdc++6 5.3.1-12 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> pn aptitude | synaptic | wajig <none> ii dpkg-dev 1.18.4 ii python-apt 1.1.0~beta2 -- no debconf information
