Bug 118363

Summary: bug in security/pinentry-curses causes gpg2 port to be unusable
Product: Ports & Packages Reporter: Dan Mahoney <danm>
Component: Individual Port(s)Assignee: Michael Nottebrock <lofi>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Dan Mahoney 2007-11-30 22:20:01 UTC 
gpg2, in its race to become more complex, now *requires* that you use the gpg-engine for everything, and the actual core 
programs have become little more than calls to the engine.  To wit, this means that any prompting for a password must be 
done via a "pinentry" program (for which there is no straight "console" port -- only a "curses" version.  To do little more 
than ask a password.

However, this utility (pinentry-curses) is broken in ports.

I do not believe this breaks anything non-pin-related (such as, say, verifying a signature), but haven't tested extensively 
since I can no longer access my keyring.

Fix: 

Michael Nottebrock suggested making a change to malloc.conf (I tried it with the environment variable, to no success), in 
this thread:

http://groups.google.com/group/lucky.freebsd.questions/browse_thread/thread/8b973b58e090817e/db8d076bf53a8ea1

No fix is known -- unsure of whether to take this to the gpg team or not.
How-To-Repeat: 
(apologies for the ugly escape codes)

Script started on Fri Nov 30 16:47:39 2007
kendif endif [prime.gushi.org]\k  [prime.gushi.org]\k  [prime.gushi.org]\k  [prime.gushi.org]\You have mail.
ktcsh [prime.gushi.org]\%exit
%gpg2 -e -c disk.sizes[21Dssh danm@oldprime[K[17Dgpg2 -e -c disk.sizes

kgpg2 disk.sizes [prime.gushi.org]\Warning: using insecure memory!
Warning: using insecure memory!
[?1049h[1;52r[m[?1h=[39;49m[39;49m[m[H[J[23;39H(0lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk(B[m[24;39H(0x(B Enter passphrase[36C(0x(B[m[25;39H(0x(B[m[53C(0x(B[m[26;39H(0x(B[m[53C(0x(B[m[27;39H(0x(B Passphrase ________________________________________ (0x(B[m[28;39H(0x(B[m[53C(0x(B[m[29;39H(0x(B[m[11C<OK>[21C<Cancel>[9C(0x(B[m[30;39H(0mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj(B[m[27;52H*[m*[m*[m*[m[52;1H[?1049l
[?1l>pinentry in free(): error: page is already free
gpg-agent[14752]: command get_passphrase failed: End of file
gpg: disk.sizes: encryption failed: Bad passphrase
ktcsh [prime.gushi.org]\%exit

kexit exit [prime.gushi.org]\ktcsh [prime.gushi.org]\exit

Script done on Fri Nov 30 16:47:47 2007

I have seen others report (on mailing lists, and such) the above modified as "chunk is already free" as opposed to "page".  
As I am a non-coder I am not sure of the difference.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-11-30 22:33:29 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->lofi

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Michael Nottebrock freebsd_committer freebsd_triage 2007-12-01 10:51:12 UTC 
I currently have access to a machine on which I can reproduce this, so I
will ask the gnupg developers for hints on how to debug pinentry.
Still, you should be able to work around this situation. Can you please
try modifying malloc.conf like so:

ln -sf aj /etc/malloc.conf

A build-default or a global configuration of malloc options will
override the environment-specified options and the error you're getting
is a non-fatal warning by default (default meaning release and stable
builds) and would read "pinentry in free(): warning: page is already
free", except if you'd run gpg2 as root or if your gpg2 executable were
setuid (which doesn't seem to be the case, given the "using insecure
memory" warnings).
Comment 3 Michael Nottebrock freebsd_committer freebsd_triage 2007-12-01 20:28:53 UTC 
After some more analysis I found the bug - but it is not in
pinentry-curses, it is in the ncurses library shipped with FreeBSD 6.2
and earlier.

To fix the issue, you can do one of the following:

- Upgrade your FreeBSD installation to a snapshot from the 6-STABLE
branch later than April 7th, 2007, or
- Install the devel/ncurses port (should be at version 5.6), then
recompile and reinstall the pinentry-curses port.

I will add a conditional dependency on the devel/ncurses port once the
ports-freeze for FreeBSD 7.0 is lifted.
Comment 4 Dan Mahoney 2007-12-01 22:20:12 UTC 
On Sat, 1 Dec 2007, Michael Nottebrock wrote:

Awesome!  Will try this.  Note: I'm waiting for 6.3 to be released before 
doing another upgrade.

This may be a stupid, stupid question -- but why is there not some basic 
non-ncurses-requiring pinentry tool?  One that just uses readline, printf, 
and bam, done.

It's probably a better question for the gnupg developers, tho.  :)

-Dan


> After some more analysis I found the bug - but it is not in
> pinentry-curses, it is in the ncurses library shipped with FreeBSD 6.2
> and earlier.
>
> To fix the issue, you can do one of the following:
>
> - Upgrade your FreeBSD installation to a snapshot from the 6-STABLE
> branch later than April 7th, 2007, or
> - Install the devel/ncurses port (should be at version 5.6), then
> recompile and reinstall the pinentry-curses port.
>
> I will add a conditional dependency on the devel/ncurses port once the
> ports-freeze for FreeBSD 7.0 is lifted.
>

--

"Your future hasn't been written yet; no one's has.  So make it a good
one!"

-"Doc" Emmet L. Browne, Back to the Future III

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------
Comment 5 Michael Nottebrock freebsd_committer freebsd_triage 2007-12-02 11:22:32 UTC 
Dan Mahoney, System Admin schrieb:
> This may be a stupid, stupid question -- but why is there not some
> basic non-ncurses-requiring pinentry tool?  One that just uses
> readline, printf, and bam, done.
>
> It's probably a better question for the gnupg developers, tho.  :)
Indeed, but if I were to second-guess them, I would say because a
curses-based pinentry (in theory) works undisruptively in/on top of
other curses-based applications, like mutt, tin, pine, etc, while a
readline-based utility would either garble up the display or not work at
all.

What I personally do not quite understand is why the basic readline
interface had to be removed from the gnupg utility itself. The code did
not seem particularly problematic to me and it provided a solid last
resort in case of total agent/pinentry failure. Regrettably, nothing
with gnupg is quite solid these days anymore, since the gpg utility, the
gpg-agent daemon and the pinentry utilities all are dynamically linked
to multiple libraries and that alone makes gnupg unrobust in case of bad
things happening. I plan to provide an option in the ports to build
statically linked pinentry executables in the future though.
Comment 6 dfilter service freebsd_committer freebsd_triage 2007-12-24 19:43:31 UTC 
lofi        2007-12-24 19:43:26 UTC

  FreeBSD ports repository

  Modified files:
    security/libksba     Makefile distinfo 
  Log:
  - Clean up dependencies
  - Update to 1.0.4
  
  PR:             ports/118363, ports/118624
  Submitted by:   Philip M. Gollucci, Hirohisa Yamaguchi
  
  Revision  Changes    Path
  1.37      +2 -6      ports/security/libksba/Makefile
  1.15      +3 -3      ports/security/libksba/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Mark Linimon freebsd_committer freebsd_triage 2008-02-29 02:08:31 UTC 
State Changed
From-To: open->closed

Committed by lofi 2007-12-24.