Summary: | bug in security/pinentry-curses causes gpg2 port to be unusable | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Dan Mahoney <danm> |
Component: | Individual Port(s) | Assignee: | Michael Nottebrock <lofi> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | ||
Priority: | Normal | ||
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Dan Mahoney
2007-11-30 22:20:01 UTC
Responsible Changed From-To: freebsd-ports-bugs->lofi Over to maintainer (via the GNATS Auto Assign Tool) I currently have access to a machine on which I can reproduce this, so I will ask the gnupg developers for hints on how to debug pinentry. Still, you should be able to work around this situation. Can you please try modifying malloc.conf like so: ln -sf aj /etc/malloc.conf A build-default or a global configuration of malloc options will override the environment-specified options and the error you're getting is a non-fatal warning by default (default meaning release and stable builds) and would read "pinentry in free(): warning: page is already free", except if you'd run gpg2 as root or if your gpg2 executable were setuid (which doesn't seem to be the case, given the "using insecure memory" warnings). After some more analysis I found the bug - but it is not in pinentry-curses, it is in the ncurses library shipped with FreeBSD 6.2 and earlier. To fix the issue, you can do one of the following: - Upgrade your FreeBSD installation to a snapshot from the 6-STABLE branch later than April 7th, 2007, or - Install the devel/ncurses port (should be at version 5.6), then recompile and reinstall the pinentry-curses port. I will add a conditional dependency on the devel/ncurses port once the ports-freeze for FreeBSD 7.0 is lifted. On Sat, 1 Dec 2007, Michael Nottebrock wrote: Awesome! Will try this. Note: I'm waiting for 6.3 to be released before doing another upgrade. This may be a stupid, stupid question -- but why is there not some basic non-ncurses-requiring pinentry tool? One that just uses readline, printf, and bam, done. It's probably a better question for the gnupg developers, tho. :) -Dan > After some more analysis I found the bug - but it is not in > pinentry-curses, it is in the ncurses library shipped with FreeBSD 6.2 > and earlier. > > To fix the issue, you can do one of the following: > > - Upgrade your FreeBSD installation to a snapshot from the 6-STABLE > branch later than April 7th, 2007, or > - Install the devel/ncurses port (should be at version 5.6), then > recompile and reinstall the pinentry-curses port. > > I will add a conditional dependency on the devel/ncurses port once the > ports-freeze for FreeBSD 7.0 is lifted. > -- "Your future hasn't been written yet; no one's has. So make it a good one!" -"Doc" Emmet L. Browne, Back to the Future III --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- Dan Mahoney, System Admin schrieb: > This may be a stupid, stupid question -- but why is there not some > basic non-ncurses-requiring pinentry tool? One that just uses > readline, printf, and bam, done. > > It's probably a better question for the gnupg developers, tho. :) Indeed, but if I were to second-guess them, I would say because a curses-based pinentry (in theory) works undisruptively in/on top of other curses-based applications, like mutt, tin, pine, etc, while a readline-based utility would either garble up the display or not work at all. What I personally do not quite understand is why the basic readline interface had to be removed from the gnupg utility itself. The code did not seem particularly problematic to me and it provided a solid last resort in case of total agent/pinentry failure. Regrettably, nothing with gnupg is quite solid these days anymore, since the gpg utility, the gpg-agent daemon and the pinentry utilities all are dynamically linked to multiple libraries and that alone makes gnupg unrobust in case of bad things happening. I plan to provide an option in the ports to build statically linked pinentry executables in the future though. lofi 2007-12-24 19:43:26 UTC FreeBSD ports repository Modified files: security/libksba Makefile distinfo Log: - Clean up dependencies - Update to 1.0.4 PR: ports/118363, ports/118624 Submitted by: Philip M. Gollucci, Hirohisa Yamaguchi Revision Changes Path 1.37 +2 -6 ports/security/libksba/Makefile 1.15 +3 -3 ports/security/libksba/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State Changed From-To: open->closed Committed by lofi 2007-12-24. |