verify-signature crashes on non ascii characters

Bug #1123460 reported by Francois Trahan on 2013-02-12
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Bazaar
Medium
Reagan Sanders
bzr (Ubuntu)
Undecided
Dimitri John Ledkov
Trusty
Medium
Dimitri John Ledkov
Utopic
Undecided
Dimitri John Ledkov

Bug Description

Impact:

Bzr crashes when verifying non-ascii characters in signatures, in verbose mode.

Testcase:

bzr branch lp:~xnox/+junk/test-signatures
cd test-signatures
gpg --import key.asc
bzr verify-signatures -v

Original report:

first : on "bzr verify-signatures -v" i get :
bzr: ERROR: exceptions.TypeError: can only concatenate list (not "str") to list

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 920, in exception_to_return_code
    return the_callable(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 1131, in run_bzr
    ret = run(*run_argv)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 673, in run_argv_aliases
    return self.run(**all_cmd_args)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commands.py", line 695, in run
    return self._operation.run_simple(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/cleanup.py", line 136, in run_simple
    self.cleanups, self.func, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/cleanup.py", line 166, in _do_with_cleanups
    result = func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/commit_signature_commands.py", line 170, in run
    write(gpg_strategy.verbose_valid_message(result))
  File "/usr/lib/python2.7/dist-packages/bzrlib/commit_signature_commands.py", line 130, in write
    self.outf.write(string + "\n")
TypeError: can only concatenate list (not "str") to list

maybe a little more straight-forward; if I do "bzr qlog" then click on a revision, i get :

bzr: ERROR: exceptions.UnicodeEncodeError: 'ascii' codec can't encode character u'\xe7' in position 4: ordinal not in range(128)

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/util.py", line 908, in run_in_loading_queue
    f(*args, **kargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/uifactory.py", line 32, in decorate
    r = f(*args, **kargs)
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/revisionmessagebrowser.py", line 365, in update_selection
    revids, self.log_list.log_model.graph_viz.get_repo_revids)
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/revisionmessagebrowser.py", line 149, in set_display_revids
    pass_prev_loaded_rev=True)
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/lazycachedrevloader.py", line 53, in load_revisions
    revisions_loaded(return_revisions, False)
  File "/usr/lib/python2.7/dist-packages/bzrlib/plugins/qbzr/lib/revisionmessagebrowser.py", line 204, in revisions_loaded
    cached_revisions[revid].repository)
  File "/usr/lib/python2.7/dist-packages/bzrlib/log.py", line 346, in format_signature_validity
    return "valid signature from {0}".format(result[1])
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe7' in position 4: ordinal not in range(128)

bzr 2.5.1 on python 2.7.3 (Linux-3.2.0-38-generic-x86_64-with-
    Ubuntu-12.04-precise)
arguments: ['/usr/bin/bzr', 'qlog']
plugins: bash_completion[2.5.1], bzrtools[2.5.0], changelog_merge[2.5.1],
    explorer[1.2.2], launchpad[2.5.1], netrc_credential_store[2.5.1],
    news_merge[2.5.1], po_merge[2.5.1], qbzr[0.22.2], upload[1.1.0],
    weave_fmt[2.5.1], webdav[1.12.2]
encoding: 'utf-8', fsenc: 'UTF-8', lang: 'en_CA.UTF-8'

Sorry, my name hapens to be utf-8 !!!

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bzr 2.5.1-0ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-38.59-generic 3.2.37
Uname: Linux 3.2.0-38-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
CheckboxSubmission: 07acc21e2cd262f4bfdaa4e25a19f966
CheckboxSystem: 2a6f54df59af338184485e85cbcf0d32
Date: Tue Feb 12 15:47:08 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: bzr
UpgradeStatus: Upgraded to precise on 2012-06-05 (252 days ago)

Related branches

Update : I created a fake key without the "ç".

"verify-signatures -v" still crashes, but qbzr doesn't anymore

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bzr (Ubuntu):
status: New → Confirmed
Reagan Sanders (vexo) wrote :

patch fixing the issue with verify-signatures --verbose. We were attempting to pass an array of strings to write directly. Changed to loop through the array and write them all.

Reagan Sanders (vexo) wrote :

patch fixing the UTF issue. We were trying to stick the UTF strings from the GPG subsystem into plain ASCII format strings. Changed the format strings to be UTF as well. His test branch seems to work fine now.

The attachment "bzr_verify_signature_verbose_fix.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Reagan Sanders (vexo) on 2013-07-28
Changed in bzr:
assignee: nobody → Reagan Sanders (vexofp)
status: New → In Progress
Reagan Sanders (vexo) wrote :

A test branch with an export of the UTF-8-containing public key used to sign it included. The public key needs to be in your keyring for bzr to be able to get the pretty name and thus exercise the UTF-8 code path. Similarly, you also have to be able to verify all the signing keys in order to exercise the failing --verbose code path.

Jelmer Vernooij (jelmer) wrote :

Hi Reagan,

Thanks for suggesting a fix. Please submit the patch as a merge request against bzr's trunk.

Changed in bzr:
status: In Progress → Fix Committed
milestone: none → 2.7b1
Vincent Ladeuil (vila) on 2014-04-11
Changed in bzr:
status: Fix Committed → Fix Released
Vincent Ladeuil (vila) on 2014-04-16
Changed in bzr:
importance: Undecided → Medium
Changed in bzr (Ubuntu Trusty):
assignee: nobody → Dimitri John Ledkov (xnox)
Changed in bzr (Ubuntu Utopic):
assignee: nobody → Dimitri John Ledkov (xnox)
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.6.0+bzr6595-1ubuntu1

---------------
bzr (2.6.0+bzr6595-1ubuntu1) utopic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Drop non-main build dependencies on python-{meliae,lzma,medusa}

bzr (2.6.0+bzr6595-1) unstable; urgency=medium

  [ Jelmer Vernooij ]
  * Re-add myself to uploaders.
  * Don't pass blob to file.writelines(), but rather to file.write().
    Closes: #722091

  [ Dimitri John Ledkov ]
  * New upstream snapshot:
    - verify-signature crashes on non ascii characters (LP: #1123460)
    - verify-signature crashes when acceptable_keys is defined (LP:
    #1249732)
 -- Dimitri John Ledkov <email address hidden> Fri, 02 May 2014 14:18:01 +0100

Changed in bzr (Ubuntu Utopic):
status: Confirmed → Fix Released
Changed in bzr (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → Low
importance: Low → Medium

Hello Francois, or anyone else affected,

Accepted bzr into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/bzr/2.6.0+bzr6593-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bzr (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Sebastien Bacher (seb128) wrote :

the testcase works fine with the update, setting as verification-done

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzr - 2.6.0+bzr6593-1ubuntu1.1

---------------
bzr (2.6.0+bzr6593-1ubuntu1.1) trusty; urgency=medium

  * Fix verify-signature command crashing:
    - on non ascii characters (LP: #1123460)
    - when acceptable_keys configuration option is specified (LP: #1249732)
 -- Dimitri John Ledkov <email address hidden> Fri, 09 May 2014 03:48:24 +0100

Changed in bzr (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for bzr has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers