Source: python-debian
Version: 0.1.49ubuntu3
Severity: normal
X-Debbugs-Cc: scho...@ubuntu.com, j...@debian.org
Hi there,
When trying to verify the attached DSC, it made python-debian crash with
a decoding error. The DSC is completely valid, but the DD who signed it
was using Sequoia rather than GnuPG at the time, and for some reason the
NOTATION_DATA section of the signature contains binary data.
While not particularly friendly, it's allowed by the spec.
You can reproduce very easily:
```python
from debian.deb822 import GpgInfo
GpgInfo.from_file("autopkgtest_5.38ubuntu1.dsc")
```
That should yield the following exception:
Traceback (most recent call last):
File "<input>", line 1, in <module>
GpgInfo.from_file("autopkgtest_5.38ubuntu1.dsc")
File "/usr/lib/python3/dist-packages/debian/deb822.py", line 1404, in from_fil
e
return cls.from_sequence(target_file, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/debian/deb822.py", line 1374, in from_seq
uence
return cls.from_output(out.decode('utf-8'),
^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 374: invali
d continuation byte
Note that `dscverify` has no qualm with the signature.
`gpgv --status-fd 1` gives us the following raw data:
Cheers,
Simon
-- System Information:
Debian Release: trixie/sid
APT prefers plucky
APT policy: (500, 'plucky')
Architecture: amd64 (x86_64)
Kernel: Linux 6.11.0-9-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 3.0 (native)
Source: autopkgtest
Binary: autopkgtest
Architecture: all
Version: 5.38ubuntu1
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Uploaders: Ian Jackson <ijack...@chiark.greenend.org.uk>, Martin Pitt
<mp...@debian.org>, Antonio Terceiro <terce...@debian.org>, Paul Gevers
<elb...@debian.org>, Simon McVittie <s...@debian.org>, Paride Legovini
<par...@debian.org>,
Standards-Version: 4.6.2
Vcs-Browser: https://salsa.debian.org/ci-team/autopkgtest
Vcs-Git: https://salsa.debian.org/ci-team/autopkgtest.git
Testsuite: autopkgtest
Testsuite-Triggers: adduser, autodep8, build-essential, buildah,
ca-certificates, catatonit, debhelper, debian-archive-keyring, debootstrap,
devscripts, distro-info, dnsmasq, dnsmasq-base, docker.io, dumb-init, fakeroot,
golang-github-containernetworking-plugin-dnsname, iproute2, iptables,
libpam-cgfs, lxc, lxc-templates, lxcfs, lxd, lxd-installer, mmdebstrap, podman,
python3-distro-info, rsync, sbuild, schroot, slirp4netns, tini, uidmap,
util-linux
Build-Depends: debhelper-compat (= 13), fakeroot <!nocheck>, procps <!nocheck>,
pycodestyle | pep8 <!nocheck>, pyflakes3 <!nocheck>, python3 (>= 3.8),
python3-debian <!nocheck>, python3-docutils
Package-List:
autopkgtest deb devel optional arch=all
Checksums-Sha1:
4c0f9acec87b6c6e9d43cdf486d62a3ec69ec5b3 229420 autopkgtest_5.38ubuntu1.tar.xz
Checksums-Sha256:
dbc550a9c36e11c44c2a5317d44764ec8217b4c673676e929a6750be8ffa4010 229420
autopkgtest_5.38ubuntu1.tar.xz
Files:
eece5090a399d30148c6e7c8b64c0401 229420 autopkgtest_5.38ubuntu1.tar.xz
Original-Maintainer: Debian CI team <team...@tracker.debian.org>
-----BEGIN PGP SIGNATURE-----
wsC7BAEBCgBvBYJmsPmjCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcaIQdWc+sT5HQhi5CZcNvDhiP/z8aJPt0OzmfG2hdf
BxYhBFYa1YXu12aSG6jdltZYYYg+AU25AAAShwf+K+OmWZa+0EnvY2xFXIzafxq4
BmzD6Sk2zWrN3pxvu4Pge0iK8Z/ixTH3nlcsuSfc1x/68XX/w1cL1ft5x86oUJaT
f5vNZnXImebgX6dQJFXbje79RMIduWUwYr4Qdyn1IVP/2pjWxWp/ajjF0E8lCpgL
hAfafblvLG4uCAUc8aaBHjrJhxQYPu/qNe99GBY6HhEa5yqJOnL/fFakeFvl69eO
AhbA4uoGOogd0xR74kr3qlSbfAk7tstLdLxqVyPh4/fy3kxfyROZQ2gwtC2taCUT
J27NqZHD5Rtsh+rbs1ixdoku4X+KXYFH3/aSh6tGz1GOJaPhkH0iwEkCZHE2eg==
=t3av
-----END PGP SIGNATURE-----
