Ubuntu
gnupg2 package

"gpg2 --refresh-keys" results in "rejected by import filter"

Bug #1421640 reported by Alexander Buchner on 2015-02-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnupg2 (Ubuntu)
Fix Released
Undecided
Unassigned
Utopic
Fix Released
Undecided
Marc Deslauriers
Vivid
Fix Released
Undecided
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

I am using Ubuntu 14.10 with gpg (GnuPG) 2.0.24.

There seems to be a bug when I want to refresh the keys.

:~$ gpg2 --refresh-keys
gpg: refreshing 33 keys from hkp://keys.gnupg.net
gpg: key 43A2BCD5: rejected by import filter
gpg: key A788C4D6: rejected by import filter
gpg: key EE728A71: rejected by import filter
gpg: key 04089964: rejected by import filter
gpg: key 6224791A: rejected by import filter
gpg: key F1AE330F: rejected by import filter
gpg: key 407D90F7: rejected by import filter
....

Since this problem with 2.0.24 seems to be known (http://lists.freebsd.org/pipermail/freebsd-ports/2014-June/093621.html) I think it might be a good idea to update to a more recent version.

Nosphky (philip-jackson) wrote :

Since gnupg has moved forward to the 'modern' series 2.1.* (now at 2.1.2), it would be good to have this available in Ubuntu because more and more correspondents are moving to and using ECC encryption. 2.0.* (now at 2.0.27) cannot handle this and we are being left behind.

dkg (dkg0) wrote :

This is not a good reason to move to gnupg 2.1.

It is a good reason to apply upstream git commit 044847a0e2013a2833605c1a9f80cfa6ef353309 to the gnupg2 2.0.24 package in ubuntu:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=044847a0e2013a2833605c1a9f80cfa6ef353309

Alexander Buchner (alexander-buchner) wrote :

Is there anyone who can fix this bug?

Marc Deslauriers (mdeslaur) on 2015-03-25
Changed in gnupg2 (Ubuntu Vivid):
status: New → Fix Released
Changed in gnupg2 (Ubuntu Utopic):
status: New → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnupg2 - 2.0.24-1ubuntu2.2

---------------
gnupg2 (2.0.24-1ubuntu2.2) utopic-security; urgency=medium

  * Fix screening responses from keyservers (LP: #1421640)
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:16:53 -0400

Changed in gnupg2 (Ubuntu Utopic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers