Bug#863273: enigmail cannot certify keys with already-expired certifications

Daniel Kahn Gillmor Wed, 24 May 2017 10:03:52 -0700

Package: enigmail
Version: 2:1.9.7-2
Severity: normal
Tags: upstream patch
Control: forwarded -1 
https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2017-May/004445.html


Some people have made expiring certifications on other keys.  After
such a certification expires, they might want to re-certify with the
same key (e.g. if they've checked with the other person that they're
still using the key).

If the user tries to re-certify with enigmail, enigmail fails
obscurely ("signing failed").

The attached patch fixes the issue, and has already been adopted by
enigmail upsteam on its master branch.

    --dkg

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages enigmail depends on:
ii  gnupg                  2.1.21-2
ii  gnupg-agent            2.1.21-2
ii  gnupg2                 2.1.21-2
ii  icedove                1:45.8.0-3
ii  thunderbird [icedove]  1:45.8.0-3

Versions of packages enigmail recommends:
ii  pinentry-gnome3 [pinentry-x11]  1.0.0-2
ii  pinentry-gtk2 [pinentry-x11]    1.0.0-2
ii  pinentry-qt [pinentry-x11]      1.0.0-2

enigmail suggests no packages.

-- no debconf information

From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Mon, 15 May 2017 14:46:15 -0400
Subject: Allow re-certifying keys that have expired certifications.

Some people have made expiring certifications on other keys.  After
such a certification expires, they might want to re-certify with the
same key (e.g. if they've checked with the other person that they're
still using the key).

If this happens, enigmail fails obscurely ("signing failed").

In the log is:

2017-05-15 14:41:15.494 [DEBUG] keyManagmenent.jsm: 
GpgEditorInterface.processLine: '[GNUPG:] GET_BOOL 
sign_uid.replace_expired_okay'
2017-05-15 14:41:15.494 [ERROR] Unknown command prompt: [GNUPG:] GET_BOOL 
sign_uid.replace_expired_okay

I believe this patch should resolve the problem.
---
 package/keyEditor.jsm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/keyEditor.jsm b/package/keyEditor.jsm
index f1750ac..615fea4 100644
--- a/package/keyEditor.jsm
+++ b/package/keyEditor.jsm
@@ -616,6 +616,10 @@ function signKeyCallback(inputData, keyEdit, ret) {
   else if (keyEdit.doCheck(GET_BOOL, "sign_uid.local_promote_okay")) {
     ret.exitCode = 0;
     ret.writeTxt = "Y";
+  } 
+  else if (keyEdit.doCheck(GET_BOOL, "sign_uid.replace_expired_okay")) {
+    ret.exitCode = 0;
+    ret.writeTxt = "Y";
   }
   else if (keyEdit.doCheck(GET_LINE, "sign_uid.class")) {
     ret.exitCode = 0;

Bug#863273: enigmail cannot certify keys with already-expired certifications

Reply via email to