GNU bug report logs - #62294
gnupg is pinned at 2.2.32 for bug that is fixed upstream

Message received at 62294-done <at> debbugs.gnu.org:

Received: (at 62294-done) by debbugs.gnu.org; 7 May 2023 15:03:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 07 11:03:49 2023
Received: from localhost ([127.0.0.1]:38151 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pvfvR-0008KP-5e
	for submit <at> debbugs.gnu.org; Sun, 07 May 2023 11:03:49 -0400
Received: from mail-qt1-f172.google.com ([209.85.160.172]:45177)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1pvfvP-0008KA-9u
 for 62294-done <at> debbugs.gnu.org; Sun, 07 May 2023 11:03:47 -0400
Received: by mail-qt1-f172.google.com with SMTP id
 d75a77b69052e-3ef3ce7085bso17202021cf.2
 for <62294-done <at> debbugs.gnu.org>; Sun, 07 May 2023 08:03:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1683471822; x=1686063822;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=oZGbpeg5qXcC+k8rLxvklE8B1L0xrK2THgTDwXjaH0c=;
 b=RRLqfp4jAvl3jMnvAZlnoz9puezWkQvfaqLR7xEbYD8PgjAaIJzB6ZPSxt3ddqA6ix
 WeZjSKgIY7c6cAivb6G/6rypVtd+BLcJkE91xdjwbZdZF2wAHf7eMNC84mavXjt/oTO4
 rSf6eZk1BRXh6NJ2L1YSRM752Wr0PaCGm3PpHebfJJz0VX+gXEGH44SZALWVWbhdw1Vl
 gn26aDkRVVGLg+9AFaaog+2A/cBOIkUdme4QxqbCYr/3StjkN+p45w/hy67Rcr/mB/nx
 JsEjxPF6DtN8Sjlq88C7VF4kIbi8AkJTX4/Srq8W/B0toh0gq4nYIxeTFqNJQdY7H6oX
 VyBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1683471822; x=1686063822;
 h=mime-version:user-agent:message-id:in-reply-to:date:references
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=oZGbpeg5qXcC+k8rLxvklE8B1L0xrK2THgTDwXjaH0c=;
 b=YqzZ422brKLyLU7HPwqRrlBzpzVSTzZIrfmE8gKPhWc+eWl4A8fMRHcrhjYMRiXn5K
 TS3pzo+fvoZ1GeAWDjn9tIDxuOSveghzaoJId1iuIY6b9nNQrCthX0chGVfepeGk1+ny
 mAoFJ4vaXP7LtTFPi0pmxiMie6fSrRyDsYe23KIOpzH7iRgbNyh7ow1c5oszJ0wmQBzA
 o+FkSkkoUKJuwYRJUTctzRGp2fMoh8iFOwht5/zGKpC+MsdoS6If6KDBNSkqLROHmK9r
 +eRon87lWaNuYEvAx5WRdJGUEyW1TGF5w4jqru22o82AWAGWFVYVN5K2st3SRMRw10ZU
 okiw==
X-Gm-Message-State: AC+VfDwgV6XSLYZlj1105n4Mo6u0Lzg+9HSZNETuMn7bl5YpMEebEQNK
 pbmpmOuFWBKRfckAI3J9Cm0=
X-Google-Smtp-Source: ACHHUZ5IFvit9K27ZhQ51CkhZO01kD+x0fEPS5X3875NxCFEYZKt26FxPlC7mNa+uDa2oVYq4qwvfg==
X-Received: by 2002:a05:622a:347:b0:3d2:7f3b:c691 with SMTP id
 r7-20020a05622a034700b003d27f3bc691mr11333956qtw.47.1683471821830; 
 Sun, 07 May 2023 08:03:41 -0700 (PDT)
Received: from hurd (dsl-10-131-119.b2b2c.ca. [72.10.131.119])
 by smtp.gmail.com with ESMTPSA id
 x5-20020a05620a14a500b0074e4b1fe0aesm1965472qkj.94.2023.05.07.08.03.41
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 07 May 2023 08:03:41 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Ethan Blanton <elb@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
References: <ZBhZLZwNF5DVW1K1@HIDDEN> <868rf8vuz4.fsf@HIDDEN>
 <ZCxPC6sPREuu1ipV@HIDDEN> <867curtuyk.fsf@HIDDEN>
 <ZCzOdruevhvh+7fw@HIDDEN> <861qkyu8m5.fsf@HIDDEN>
 <ZC7HiWzqXv2EJlIf@HIDDEN>
Date: Sun, 07 May 2023 11:03:40 -0400
In-Reply-To: <ZC7HiWzqXv2EJlIf@HIDDEN> (Ethan Blanton's message of "Thu, 6
 Apr 2023 09:22:17 -0400")
Message-ID: <87bkiw18vn.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 62294-done
Cc: Leo Famulari <leo@HIDDEN>, 62294-done <at> debbugs.gnu.org,
 Simon Tournier <zimon.toutoune@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

We're now at 2.2.39 on master.  Closing!

-- 
Thanks,
Maxim

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 6 Apr 2023 13:22:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 06 09:22:18 2023
Received: from localhost ([127.0.0.1]:53666 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pkPZB-0001Zy-OQ
	for submit <at> debbugs.gnu.org; Thu, 06 Apr 2023 09:22:17 -0400
Received: from cathode.kb8ojh.net ([162.243.72.198]:55356)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <elb@HIDDEN>) id 1pkPZ9-0001Zm-VM
 for 62294 <at> debbugs.gnu.org; Thu, 06 Apr 2023 09:22:16 -0400
Received: from anode.kb8ojh.net (pool-68-133-30-163.bflony.fios.verizon.net
 [68.133.30.163])
 by cathode.kb8ojh.net (Postfix) with ESMTPSA id 1D6484047C;
 Thu,  6 Apr 2023 13:22:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kb8ojh.net; s=cathode;
 t=1680787335; bh=CIgzHaCKaxU/+JUmfrQOnxwcM3Yrr2CS1JWxKsKDfcA=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=uAv62RQ7+FMBFMTIlfurObqthqL+y230EX5G5uwRtwfZZBroVYZtAxN0km6joSb1C
 kXdNw47iHCPZ9K4ImtHA3UKkOGJtE2hG4lPXTOAFHN+beAaCJ1ngnnNLDnIdGOs0M3
 hl+9SV63sNlgBhgICYOFHDdTPFPFqoySaUBuhFYo=
Received: by anode.kb8ojh.net (Postfix, from userid 1000)
 id 512BD418AA; Thu,  6 Apr 2023 09:22:17 -0400 (EDT)
Date: Thu, 6 Apr 2023 09:22:17 -0400
From: Ethan Blanton <elb@HIDDEN>
To: Simon Tournier <zimon.toutoune@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
Message-ID: <ZC7HiWzqXv2EJlIf@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN> <868rf8vuz4.fsf@HIDDEN>
 <ZCxPC6sPREuu1ipV@HIDDEN> <867curtuyk.fsf@HIDDEN>
 <ZCzOdruevhvh+7fw@HIDDEN> <861qkyu8m5.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
In-Reply-To: <861qkyu8m5.fsf@HIDDEN>
X-GnuPG-Fingerprint: 2A9A 7752 8B91 6586 6289  FD3D 6CA9 2AC6 A1A8 AD0E
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 62294
Cc: 62294 <at> debbugs.gnu.org, Leo Famulari <leo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Simon Tournier wrote:
> Are you proposing to update $B!G(Bgnupg$B!G(B from 2.2.32 to 2.2.33 or why not to
> 2.2.41?  And remove the graft $B!G(Bgnupg/fixed$B!G(B?

Personally, I think it should advance farther than 2.2.32, as there
are S/MIME bugs prior to 2.2.35 that prevent a variety of
commonly-issued S/MIME keys from being imported (see the link in the
original bug).  Selfishly, I have one of those keys and it's a problem
for me, but in general, it seems to include some keys issued by state
agencies in Europe, as well as private issuers in the US and possibly
other locations.

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 6 Apr 2023 08:44:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 06 04:44:07 2023
Received: from localhost ([127.0.0.1]:53349 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pkLDz-00052v-BL
	for submit <at> debbugs.gnu.org; Thu, 06 Apr 2023 04:44:07 -0400
Received: from mail-wr1-f44.google.com ([209.85.221.44]:38933)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1pkLDy-00052H-Fz
 for 62294 <at> debbugs.gnu.org; Thu, 06 Apr 2023 04:44:06 -0400
Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-2ef1e98d6bfso36911f8f.0
 for <62294 <at> debbugs.gnu.org>; Thu, 06 Apr 2023 01:44:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1680770640; x=1683362640;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=G0wFLkHj8PpRj0PvNOUbrSLOkDLqcLreXtnPQhjBI2s=;
 b=J5QyyopbtnutrE3bTZxv2yg8Ea13VIvvl8FS0loFPpf4ObeYmfyDI6J9PTaR8SxWHG
 7X0VFpMUrObGSz/kJ9f/rdHfY/o8nk692LTVGbxhZ86J7HBALrNmFVo6cNH9rlvLoPKn
 Tpl5NPrNqF0b3n1ZBFpl635tc0XVLo+tuTqilDzbvR0aS13drP1CzSP2WZeEM5zp7pfg
 LdFoC+UH34rIbRawLWiccc1BEAr79S3GWsu6X8yPGzYhnSCruwn7meGOSKnbgNefqM+Q
 3RGypoDaQrrYMwPKVDdSt3N9DfC716QYWVYfkXcdrTHhTi7uGdUGcXmGnUWDNQ/s1fMI
 aITg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1680770640; x=1683362640;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=G0wFLkHj8PpRj0PvNOUbrSLOkDLqcLreXtnPQhjBI2s=;
 b=wKmA+gF0+iAljKRJbaL5bZ2cHYbs2NVK/gG9C5Gfua//oxLnTWlikUyaeDMRjS5uCI
 gzevnJD810/eBWu/EdlhiOKroedDBPuIZatjSGVdpJCaGkfVyq4kv+aohxVn7Peb/HXC
 WMbacejXaIqxp5+bL/r2nePNKTLXahg5PSNh4RclBaJURbt+kMwqSqJyVjaZoXcdsryK
 dzFjzjbLRpBCgb9RYOFdO3DgVnnBEleZgM0hEy/a78DxSQePVzRVtHe9p7UmLzzJLW65
 ZZQ1uPSwkwKv0mouHDNrNpFZz8fnB2EpRSqCG/4/DuVqNgJ67LLucWgfb1aGsFte4EUW
 f69w==
X-Gm-Message-State: AAQBX9dgaoYp6YEKtb6x3v6FoOqCxUpDK40CE3GKkAiypcDNnwPNECaU
 8YRjqMju6DwDFzqV5MYvj38Xl2j2hBo=
X-Google-Smtp-Source: AKy350ZidAYkqMXi+zpCvh3+H/SXIC/oC1JpgFBzHPF+qmNc9RX7T+MGnGfhHWNKYpob0GtS2EkI/w==
X-Received: by 2002:a5d:4e8e:0:b0:2c7:d80:ffc4 with SMTP id
 e14-20020a5d4e8e000000b002c70d80ffc4mr3016043wru.7.1680770640341; 
 Thu, 06 Apr 2023 01:44:00 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id
 j6-20020adff006000000b002e105c017adsm1128708wro.44.2023.04.06.01.43.59
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Apr 2023 01:43:59 -0700 (PDT)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
In-Reply-To: <ZCzOdruevhvh+7fw@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN> <868rf8vuz4.fsf@HIDDEN>
 <ZCxPC6sPREuu1ipV@HIDDEN> <867curtuyk.fsf@HIDDEN>
 <ZCzOdruevhvh+7fw@HIDDEN>
Date: Wed, 05 Apr 2023 08:49:06 +0200
Message-ID: <861qkyu8m5.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 62294
Cc: Ethan Blanton <elb@HIDDEN>, 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Hi Leo,

On Tue, 04 Apr 2023 at 21:27, Leo Famulari <leo@HIDDEN> wrote:

>> So the impact is ~10% of all the packages.  From a quick look, some
>> packages are intensive to rebuild, to my knowledge.
>
> Yes, that's correct. But our build farm can easily build these packages
> quickly, if we wanted to use it for that.

Well, I do not know.  Let=E2=80=99s do it! :-)

Are you proposing to update =E2=80=99gnupg=E2=80=99 from 2.2.32 to 2.2.33 o=
r why not to
2.2.41?  And remove the graft =E2=80=99gnupg/fixed=E2=80=99?

Or are you proposing to replace the graft =E2=80=99gnupg/fixed=E2=80=99 by =
another
version than 2.2.32 as 2.2.33 or higher?


Cheers,
simon

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 5 Apr 2023 01:27:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 21:27:29 2023
Received: from localhost ([127.0.0.1]:50516 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjrvt-0007ed-Hf
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 21:27:29 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:35501)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1pjrvr-0007eO-GC
 for 62294 <at> debbugs.gnu.org; Tue, 04 Apr 2023 21:27:28 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 2B8035C025D;
 Tue,  4 Apr 2023 21:27:22 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Tue, 04 Apr 2023 21:27:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=mesmtp; t=1680658042;
 x=1680744442; bh=5lOI0S8oGSuvYaZn5MvlOVgw57BEM9PmY9FCszmXtc8=; b=
 h1WjHxXQYk/T5nmNCn4SCFjfjtxSXIcd+9ncgU+YYFP5U/QQd9t1FRc6EJmGtUzT
 +gdXLXlQeD+xgmufIEA5yODFBVQCQb4nn0aopuQi0alQJLCQVWs6CN+gOjAIdumu
 N0tw6/vx1VI+0tfNu/HVMXYauiaDSivAYlKTRR37c9c=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1680658042; x=1680744442; bh=5lOI0S8oGSuvY
 aZn5MvlOVgw57BEM9PmY9FCszmXtc8=; b=XCdsqYDFA5pjNJaqYOPYy2Lk92mTW
 NRAj4iSBJY9wWlAMo76AV8fDSLgw1xuJCGQbWegha4DJbYnnJW5HMUsRlFBkDleZ
 Rd6lvznVp1Kvoa721Mhf/+9DekZDpdxDdWp8CjLBTjU6c8ioFkWQosq63tGqgTil
 xyrF8nxlW1ZJsUkvolwaMvpAaO8SE6IUPaoHPe4PIMHaLY3VG+99SfyNMzKzLJ/y
 J7iBnvE+MIMrNQfhuNVh8SRoebFauHXe1OozB9v3h7oruVhAy51HTptA3QqBM7AW
 /+I52qMrdfJUhMoE8sZUu+S0owDC+sB9B3BdNfJ7Ku3//OuXH8iP8WrAg==
X-ME-Sender: <xms:ec4sZLp5WcL69hAes4AaIY_mj-djeVKJ_XgizxjeAyaIclZo4_vZhw>
 <xme:ec4sZFoM5O5bnhXL8-x9278dIxEaHdZPSEmc8G0cpYvsRlHUx6EJ4pfQmDHp57HRl
 nsdDjVNtlaimemCmg>
X-ME-Received: <xmr:ec4sZIN2igAYvEQfk_2-pdOjJp4gNw2NLEdUWNzjSHpTFV_ZQB_y9H_G9YORFvvORnuoRO3307lMh6KENjGRZan1>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdejtddggeegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvvefukfhfgggtuggjsehttd
 ertddttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeeiteduheefkeeufeelgeduhfejgf
 elheefleeuhfeffffgueduleehvdejleeiteenucevlhhushhtvghrufhiiigvpedtnecu
 rfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:ec4sZO6TFcFrCAea_WcCc_n4WcDt4W4bhrpWdLFyjLdB33DjzqJDAA>
 <xmx:ec4sZK6Uw5iLnxN9780l4MAs8hgPAjHjLlk92bo--wo_NumRlF1NTQ>
 <xmx:ec4sZGg-KThlimr9IloQWIBStSwK_rs3EPT6Mhz5T6OZsp5n1Ily6w>
 <xmx:es4sZATvZZkY8ui1_KtMcEYAD7ZrT8AboFpuR9vNSdg3sMYn2nzMRA>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 4 Apr 2023 21:27:21 -0400 (EDT)
Date: Tue, 4 Apr 2023 21:27:18 -0400
From: Leo Famulari <leo@HIDDEN>
To: Simon Tournier <zimon.toutoune@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
Message-ID: <ZCzOdruevhvh+7fw@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN> <868rf8vuz4.fsf@HIDDEN>
 <ZCxPC6sPREuu1ipV@HIDDEN> <867curtuyk.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <867curtuyk.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 62294
Cc: Ethan Blanton <elb@HIDDEN>, 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Tue, Apr 04, 2023 at 07:31:47PM +0200, Simon Tournier wrote:
> Maybe I am doing something wrong, I get:
> 
> --8<---------------cut here---------------start------------->8---
> $ guix refresh -l gnupg | cut -f1 -d':'
> Building the following 1491 packages would ensure 2880 dependent packages are rebuilt
> --8<---------------cut here---------------end--------------->8---
> 
> So the impact is ~10% of all the packages.  From a quick look, some
> packages are intensive to rebuild, to my knowledge.

Yes, that's correct. But our build farm can easily build these packages
quickly, if we wanted to use it for that.

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 4 Apr 2023 17:32:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 13:32:28 2023
Received: from localhost ([127.0.0.1]:50074 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjkWB-000828-QC
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 13:32:28 -0400
Received: from mail-wr1-f54.google.com ([209.85.221.54]:41290)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1pjkW9-00081u-NS
 for 62294 <at> debbugs.gnu.org; Tue, 04 Apr 2023 13:32:26 -0400
Received: by mail-wr1-f54.google.com with SMTP id
 ffacd0b85a97d-2d17b1b21f1so734711f8f.1
 for <62294 <at> debbugs.gnu.org>; Tue, 04 Apr 2023 10:32:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1680629540;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=yMDkMpPIpjXzDJv7aG9+yPAKSL4WFTJXTFy+hLnP814=;
 b=OMCkkSzDQiVGJdFte/mimP6zws/fSk/Z+8oo9A1LSlxWh7sJGEyCdAj6Njg1LdPody
 TYw2seNlBhpdISm+7bmEN4SKFBjFeje1B7va0sh8UsfahqBj3KxQAw18ps2vKFMv3mgu
 tuNVkZI1FlERbjgqlhgEdsKM5jMA7b+I9OGDYpB44SmT+hxBa8XBbg94nB+Struq7bBe
 BujyloBLdo10Yl04qEbmKFpATHy2/zWpzpDkpk6VB9HtuFpmLoghSIT7TI3C9DktqN3F
 Z//LkZr54ha7RHpPrCODhUgzrixN+9U1zcUn3ryUbE0oQnzMKATEHjPFIssIo0nW7JYc
 jdsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1680629540;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=yMDkMpPIpjXzDJv7aG9+yPAKSL4WFTJXTFy+hLnP814=;
 b=601oSoGoIOSmqE8zRmMRQ/yFO7MLBA73du25R8wtkdI967jNiRQNavZ2ic1Cw0/xpM
 w3uO/qvzZP5BJ8MrY74VjqVndWHZA9WL6E4PAqMjtB4V8TQvtwfFqqluiwCkcWFaaEx+
 fOAwgZAa6Yf3AtF4u8xJPB9dOSFStvg9uWKZjj38s0+P7oi/upd1eJP8BJYM0uetcfpu
 /6Cn427JEYVdQp/pr1fHm7m1wblIME26C47RL0rXtdCDJhecwUnCg5cLRGCLfw0Uh8Ht
 xd+Vj+UvMBUDc7iw7qZG1gRZtb60AmFzsN6uSTKr2Aeeg203ftkFIpgz2QQDrhrAbYA7
 YPew==
X-Gm-Message-State: AAQBX9eHK9eBaFpLkIw0+j+dWSJVHpHWlvkwZ7I2TDzq0jnhtOHryB63
 xxr84DH7lTxQ75IoP2AyhFHlcIzagHU=
X-Google-Smtp-Source: AKy350YCdeAOqQb9T6XWPdaFpzpIFLd/HeQxTzVbQMbNRWEL9wpIeYTmmKRFxyk+triQJlAs1fZUJA==
X-Received: by 2002:a05:600c:4f0c:b0:3ef:6257:d0e7 with SMTP id
 l12-20020a05600c4f0c00b003ef6257d0e7mr406077wmq.2.1680629539541; 
 Tue, 04 Apr 2023 10:32:19 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id
 v3-20020a1cf703000000b003ed1f6878a5sm16015920wmh.5.2023.04.04.10.32.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 Apr 2023 10:32:19 -0700 (PDT)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
In-Reply-To: <ZCxPC6sPREuu1ipV@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN> <868rf8vuz4.fsf@HIDDEN>
 <ZCxPC6sPREuu1ipV@HIDDEN>
Date: Tue, 04 Apr 2023 19:31:47 +0200
Message-ID: <867curtuyk.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 62294
Cc: Ethan Blanton <elb@HIDDEN>, 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Leo,

On Tue, 04 Apr 2023 at 12:23, Leo Famulari <leo@HIDDEN> wrote:

>> Well, graft does not seem recommended because it would update to two
>> versions.  And update the package would be a core-updates.
>> 
>> Well, maybe it could be of the current core-updates dance.  Could you
>> send a patch for core-updates?
>
> GnuPG does have a large number of dependent packages, but I'd argue
> that's either 1) a bug or 2) something we should ignore and update
> freely. It's a critical package, and did not used to have such a large
> number of dependents. It's really a problem for the distro if we don't
> allow ourselves to update packages like this freely.

Maybe I am doing something wrong, I get:

--8<---------------cut here---------------start------------->8---
$ guix refresh -l gnupg | cut -f1 -d':'
Building the following 1491 packages would ensure 2880 dependent packages are rebuilt
--8<---------------cut here---------------end--------------->8---

So the impact is ~10% of all the packages.  From a quick look, some
packages are intensive to rebuild, to my knowledge.

Are you proposing to graft?


Cheers,
simon

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 4 Apr 2023 16:33:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 12:33:47 2023
Received: from localhost ([127.0.0.1]:50051 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjjbP-0005zh-3h
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:33:47 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:36159)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1pjjbN-0005zS-Fa
 for 62294 <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:33:46 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id 7BF2D3200916;
 Tue,  4 Apr 2023 12:33:39 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Tue, 04 Apr 2023 12:33:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=mesmtp; t=1680626019;
 x=1680712419; bh=a6lI/5i7e2TSCY76qw3lEEk5iJbXD6NkdfqL/WU1ovM=; b=
 we2cKB9r7x/lyz+kRem+Nsx+gyIitz5OrpJyv+Lua1dc2N1oolsntYeSwlyg9bWz
 trnFRWsunWF53BHDJ4KCwv1aiP9sTGPsNyQu6M9+jZCNJwaRzUNCZY9KCY0y3cuS
 RSAIO7jSJAsCZSjrMFOS3AF6KZFRS5VVVJzPhab2wEg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1680626019; x=1680712419; bh=a6lI/5i7e2TSC
 Y76qw3lEEk5iJbXD6NkdfqL/WU1ovM=; b=IoxkhhP+0I3TxglqW4daZsROt08HV
 XTE3bkaJNGCF17Ahe0JTmWx7hcEQICon5FJ8IhnEWsrW3t9qPFsBE++NPcrxI+xg
 kg9o76DIbXI2zlLxDTXGt2m5l4bczRmwTpMTzeUH4fTag8U4J9Cd3uPVmhnkihvv
 ZSOq5n3oaO4B7/pb4cqLXi0p4ZWWutBs9ej8hhbLSe2mZOdxoeJomDeRYSggBz7I
 PMpTKyJ+MVav7v3ra5j4sb48SllEgTEmFEp3+NH7uLmurLaoeqR31uCFK8+k/TJa
 WGXceq2z4d4o0k65bGuvWO9EkYb6pJZ7yiyu8Q3IXE0KQtUtisEYwjwrA==
X-ME-Sender: <xms:YlEsZMWU5zr3JrvucwAHF3QGVGMJipb2hbMSMVpGdlj2iMoQox0Now>
 <xme:YlEsZAly1WeL1lwa0_c-sDLtwjmurMaw_2oj_2ZLBBgjKcsxso-WMvuWHskVvDMLX
 A5dHkt1sOnrBeqKzw>
X-ME-Received: <xmr:YlEsZAb8AeA1J6A37WFWlKb86r9n3OdHeFC-fr-o0cyx0Q0RsDTKgWN0O7u6yg-xvy_aLYeDxdRkuaX2C6Cfv4zf>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeiledguddtvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvvefukfhfgggtuggjsehttdortddttddvnecuhfhrohhmpefnvgho
 ucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrg
 htthgvrhhnpefhkefhhefhjeetleejhfegheevheeiuedtveevtedtgffhledvvdevfefg
 leelueenucffohhmrghinhepmhgrihhlqdgrrhgthhhivhgvrdgtohhmnecuvehluhhsth
 gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgr
 rhhirdhnrghmvg
X-ME-Proxy: <xmx:YlEsZLUesfczakf0Nh_LGNQBRRBHvGM2yzs5xIXWgVdWDrAiP73GuA>
 <xmx:YlEsZGl1IBmQZtX8HsNutK2DwMZpWf42ATb6X_aIfyWTJ-Y9dJ8Zhw>
 <xmx:YlEsZAfwAKhbTNtMxQ2YxiNA8UTsnuH-teW8Y6wnB89ppPM8dKG-8A>
 <xmx:Y1EsZNtT9Gp322h3a7hFSwj2nnk8c_KTsNga5KQh2XS0a6z3eZfkww>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 4 Apr 2023 12:33:38 -0400 (EDT)
Date: Tue, 4 Apr 2023 12:33:36 -0400
From: Leo Famulari <leo@HIDDEN>
To: Ethan Blanton via Bug reports for GNU Guix <bug-guix@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
Message-ID: <ZCxRYAQwvctrSofb@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZBhZLZwNF5DVW1K1@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 62294
Cc: 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Mon, Mar 20, 2023 at 09:01:33AM -0400, Ethan Blanton via Bug reports for GNU Guix wrote:
> However, the bug referenced here is fixed in upstream commit
> 4cc724639c012215f59648cbb4b7631b9d352e36, which shipped in gnupg
> 2.2.34.  Meanwhile, all gnupg releases older than 2.2.35 suffer from
> an S/MIME key-parsing bug (referenced in
> https://www.mail-archive.com/gnupg-users@HIDDEN/msg40758.html).

Does this bug have a CVE ID, or any information from upstream about
where it was fixed? It's hard to find release notes on the GnuPG
website.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 4 Apr 2023 16:33:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 12:33:56 2023
Received: from localhost ([127.0.0.1]:50055 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjjbY-000608-Dm
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:33:56 -0400
Received: from lists.gnu.org ([209.51.188.17]:39422)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1pjjbW-000601-Tp
 for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:33:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1pjjbQ-0003p8-Le
 for bug-guix@HIDDEN; Tue, 04 Apr 2023 12:33:52 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1pjjbL-0004Mw-Ec
 for bug-guix@HIDDEN; Tue, 04 Apr 2023 12:33:45 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id 7BF2D3200916;
 Tue,  4 Apr 2023 12:33:39 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Tue, 04 Apr 2023 12:33:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=mesmtp; t=1680626019;
 x=1680712419; bh=a6lI/5i7e2TSCY76qw3lEEk5iJbXD6NkdfqL/WU1ovM=; b=
 we2cKB9r7x/lyz+kRem+Nsx+gyIitz5OrpJyv+Lua1dc2N1oolsntYeSwlyg9bWz
 trnFRWsunWF53BHDJ4KCwv1aiP9sTGPsNyQu6M9+jZCNJwaRzUNCZY9KCY0y3cuS
 RSAIO7jSJAsCZSjrMFOS3AF6KZFRS5VVVJzPhab2wEg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1680626019; x=1680712419; bh=a6lI/5i7e2TSC
 Y76qw3lEEk5iJbXD6NkdfqL/WU1ovM=; b=IoxkhhP+0I3TxglqW4daZsROt08HV
 XTE3bkaJNGCF17Ahe0JTmWx7hcEQICon5FJ8IhnEWsrW3t9qPFsBE++NPcrxI+xg
 kg9o76DIbXI2zlLxDTXGt2m5l4bczRmwTpMTzeUH4fTag8U4J9Cd3uPVmhnkihvv
 ZSOq5n3oaO4B7/pb4cqLXi0p4ZWWutBs9ej8hhbLSe2mZOdxoeJomDeRYSggBz7I
 PMpTKyJ+MVav7v3ra5j4sb48SllEgTEmFEp3+NH7uLmurLaoeqR31uCFK8+k/TJa
 WGXceq2z4d4o0k65bGuvWO9EkYb6pJZ7yiyu8Q3IXE0KQtUtisEYwjwrA==
X-ME-Sender: <xms:YlEsZMWU5zr3JrvucwAHF3QGVGMJipb2hbMSMVpGdlj2iMoQox0Now>
 <xme:YlEsZAly1WeL1lwa0_c-sDLtwjmurMaw_2oj_2ZLBBgjKcsxso-WMvuWHskVvDMLX
 A5dHkt1sOnrBeqKzw>
X-ME-Received: <xmr:YlEsZAb8AeA1J6A37WFWlKb86r9n3OdHeFC-fr-o0cyx0Q0RsDTKgWN0O7u6yg-xvy_aLYeDxdRkuaX2C6Cfv4zf>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeiledguddtvdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvvefukfhfgggtuggjsehttdortddttddvnecuhfhrohhmpefnvgho
 ucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrg
 htthgvrhhnpefhkefhhefhjeetleejhfegheevheeiuedtveevtedtgffhledvvdevfefg
 leelueenucffohhmrghinhepmhgrihhlqdgrrhgthhhivhgvrdgtohhmnecuvehluhhsth
 gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgr
 rhhirdhnrghmvg
X-ME-Proxy: <xmx:YlEsZLUesfczakf0Nh_LGNQBRRBHvGM2yzs5xIXWgVdWDrAiP73GuA>
 <xmx:YlEsZGl1IBmQZtX8HsNutK2DwMZpWf42ATb6X_aIfyWTJ-Y9dJ8Zhw>
 <xmx:YlEsZAfwAKhbTNtMxQ2YxiNA8UTsnuH-teW8Y6wnB89ppPM8dKG-8A>
 <xmx:Y1EsZNtT9Gp322h3a7hFSwj2nnk8c_KTsNga5KQh2XS0a6z3eZfkww>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 4 Apr 2023 12:33:38 -0400 (EDT)
Date: Tue, 4 Apr 2023 12:33:36 -0400
From: Leo Famulari <leo@HIDDEN>
To: Ethan Blanton via Bug reports for GNU Guix <bug-guix@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
Message-ID: <ZCxRYAQwvctrSofb@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZBhZLZwNF5DVW1K1@HIDDEN>
Received-SPF: pass client-ip=64.147.123.21; envelope-from=leo@HIDDEN;
 helo=wout5-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
Cc: 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

On Mon, Mar 20, 2023 at 09:01:33AM -0400, Ethan Blanton via Bug reports for GNU Guix wrote:
> However, the bug referenced here is fixed in upstream commit
> 4cc724639c012215f59648cbb4b7631b9d352e36, which shipped in gnupg
> 2.2.34.  Meanwhile, all gnupg releases older than 2.2.35 suffer from
> an S/MIME key-parsing bug (referenced in
> https://www.mail-archive.com/gnupg-users@HIDDEN/msg40758.html).

Does this bug have a CVE ID, or any information from upstream about
where it was fixed? It's hard to find release notes on the GnuPG
website.

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 4 Apr 2023 16:23:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 12:23:52 2023
Received: from localhost ([127.0.0.1]:50037 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjjRo-0005ef-A1
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:23:52 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:39095)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1pjjRl-0005eI-GQ
 for 62294 <at> debbugs.gnu.org; Tue, 04 Apr 2023 12:23:50 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id E997E3200A18;
 Tue,  4 Apr 2023 12:23:42 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Tue, 04 Apr 2023 12:23:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=mesmtp; t=1680625422;
 x=1680711822; bh=DmzZg/uM+847ZJpLlGL9yN3OCzPULuifcrUMC+khIsQ=; b=
 l0wbUE7WGG+lVhzUHIDRDw5V1FweViRxR7gyWiOr1H28pItF/CaGMyOM514mCihc
 fDzm0fjO0hyoNIijV27GSUNBMC4ph40DcIoyZTKCk30WJeIFGN43ETw74ymQ7poV
 aYce3Ww8NVoQnzS9xvMlvXF/87sJR8/E6RZlqrqjUDQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1680625422; x=1680711822; bh=DmzZg/uM+847Z
 JpLlGL9yN3OCzPULuifcrUMC+khIsQ=; b=qtrZwGxMSBFrmaZ8c0H0tDV7Zr/8g
 hKYJhwEhFrws2SdXFacnlqquiO6ee9DoNbu4dBI2XZIm35EsvLmiWL0In15jDx6Q
 1fEmMmsYUMw41YbgM/kpcPZqkOBQahy88uN50OP8sNJn4uSFxGc+c1f5TeM6m7IW
 uPV2OHDeAdzfUbWHh/6LG5kaG3bYrGPSRI9q/DZopVJdEM36EsQL0SpSSHSBQDOj
 5cbHwi3fUsCc5vkY+w335ZG9GAZsYSCfMECZwmtdsTSrXiQ1NyfNsFoXF+V05/FZ
 SaxhqeJEifnObZWKFpHoX2W3Xg0wCBUJCHHvDuYWsOkX7R5Z3s/6T+i9w==
X-ME-Sender: <xms:DU8sZI5Gwx-zM7cgyvS9GRDZehe75giqLa8qooQDCmbU4S57ERGR7w>
 <xme:DU8sZJ66Zm460HaaiCm2j-R9meqonIQQVoQ2_DgVFq4Mtx20TjNmVETHKWIQ2wocu
 VuqmfVNIiZhXcg4WA>
X-ME-Received: <xmr:DU8sZHfBb1IBUrUgIUIu6DKlppN08H7heBizUKYXcq91FhgUkKljnCkMzFQTyzwB4KdMDT79443GELBDSYP1-VBO>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeiledguddttdcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvfevuffkfhggtggujgesth
 dtredttddtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhu
 lhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepieetudehfeekueefleegudfhje
 fgleehfeeluefhfeffgfeuudelhedvjeelieetnecuvehluhhsthgvrhfuihiivgeptden
 ucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:Dk8sZNK1_VH62jWdZ6h37WIFFtZCb-wuGMhkkCCGv6EQTPMyMEpytQ>
 <xmx:Dk8sZMLaPNCGfY-IvTKXyJavcqbdaZ9Pyw9hhwyyzdyeO2qaf1qGgA>
 <xmx:Dk8sZOwMMr5cIHUVt5dHM27vkGhPOjr_rdsVqZqdfST6Z95Y0GictQ>
 <xmx:Dk8sZGjpUvbvP05bMohfukKYP22NXTn3nMj0-O1nOCnXPD619JlR7Q>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 4 Apr 2023 12:23:41 -0400 (EDT)
Date: Tue, 4 Apr 2023 12:23:39 -0400
From: Leo Famulari <leo@HIDDEN>
To: Simon Tournier <zimon.toutoune@HIDDEN>
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
Message-ID: <ZCxPC6sPREuu1ipV@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN>
 <868rf8vuz4.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <868rf8vuz4.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 62294
Cc: Ethan Blanton <elb@HIDDEN>, 62294 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Tue, Apr 04, 2023 at 11:48:31AM +0200, Simon Tournier wrote:
> On Mon, 20 Mar 2023 at 09:01, Ethan Blanton via Bug reports for GNU Guix <bug-guix@HIDDEN> wrote:
> > I believe the pin on 2.2.32 can be lifted, but as gnupg is important
> > infrastructure I am unsure about directly submitting a patch to update
> > to a newer version.

Thanks for letting us know!

> Well, graft does not seem recommended because it would update to two
> versions.  And update the package would be a core-updates.
> 
> Well, maybe it could be of the current core-updates dance.  Could you
> send a patch for core-updates?

GnuPG does have a large number of dependent packages, but I'd argue
that's either 1) a bug or 2) something we should ignore and update
freely. It's a critical package, and did not used to have such a large
number of dependents. It's really a problem for the distro if we don't
allow ourselves to update packages like this freely.

Message received at 62294 <at> debbugs.gnu.org:

Received: (at 62294) by debbugs.gnu.org; 4 Apr 2023 11:52:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 07:52:01 2023
Received: from localhost ([127.0.0.1]:46692 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pjfCj-0000Oe-6Y
	for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 07:52:01 -0400
Received: from mail-wm1-f50.google.com ([209.85.128.50]:42788)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1pjfCg-0000Nm-Ba
 for 62294 <at> debbugs.gnu.org; Tue, 04 Apr 2023 07:51:58 -0400
Received: by mail-wm1-f50.google.com with SMTP id
 m6-20020a05600c3b0600b003ee6e324b19so19889638wms.1
 for <62294 <at> debbugs.gnu.org>; Tue, 04 Apr 2023 04:51:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1680609112;
 h=mime-version:message-id:date:references:in-reply-to:subject:to:from
 :from:to:cc:subject:date:message-id:reply-to;
 bh=rxWpnwTUJEmAXagpbmgJUEbqNp4Aj8fEC+4t3YY9AhQ=;
 b=L0tOrXX4eiteL4u2UsvwwOYfyxAbnQpgViz1ofPQ7L1H5bbSQfJsGQsqqM93v7Xj//
 g1+Nba8DI7b9UsWfcVtoJVM+3WGurM3nzjtRq2+2usAOjeuZwl/GXSxlws0g1f6pbYi6
 E4Ho0+1yrugxrDwYbGqkMvUAgOi4aUZFjD+2Nn8MR8GIcNqkcFAw2Nn/MYB3Y9mZVaFm
 Mlc0NNvYW/mOUgSKJof0Wka6HsbjxjZFgWjRgXTlRG3im/3zmLnvUe7EuRVWzjHFZKQw
 DDrIhdHy8A1Wa4W3JaN/5yTqJwq8Ozasq13j4KuyF6C2XXk8xVbQz8DWLx9uLH9TRRX0
 fb7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1680609112;
 h=mime-version:message-id:date:references:in-reply-to:subject:to:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=rxWpnwTUJEmAXagpbmgJUEbqNp4Aj8fEC+4t3YY9AhQ=;
 b=3kQRMzO+4FjcwwIt2VtkheNf3FqzTA+TVIIC1ojmcndrCqCIClKwDIKr3GJXtjaTt1
 DKtEgEMjO34l7xdy1NhhQWqsKEedIXjjWRLjt4iPvd/IH7Ho0qFuxf04Nef9KzipZspE
 /WY2AH+Ry0vumGM0i7jDM8XnBE141n2dVceR8Wr3ri+tRqZTjQjF5MHLIieHJjJ8X+0z
 85uDSUZN/vaLKFuGhC6srNNeFnENQ8nc5nlrQA8xhIzzAGQeEIlD7yLWRThhjEDWK6Ws
 JvnvWTWOC8N4Td1xuie1p1xgTFNCeIHfcZ9ApbbaUAe0p1eWd3mCq/XNhhsGbO7yLqWN
 VmBA==
X-Gm-Message-State: AAQBX9eneveZ3idyXckjdvHHhgertKMyIuPQXZcRIvWDaMmvLzcxtrpV
 Uh18w+NHn1fl5P2kCeIAKAPCEw48vBQ=
X-Google-Smtp-Source: AKy350YwUcqLnlnm1HXJhbhtSypyey3DSZEUvab2sYpdwlRUKlrRcDWXChRGL8b4nES/+aa1jDRMTg==
X-Received: by 2002:a05:600c:1c1f:b0:3f0:34c4:e76d with SMTP id
 j31-20020a05600c1c1f00b003f034c4e76dmr2173762wms.0.1680609112686; 
 Tue, 04 Apr 2023 04:51:52 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id
 y5-20020a1c4b05000000b003edd1c44b57sm14953632wma.27.2023.04.04.04.51.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 Apr 2023 04:51:52 -0700 (PDT)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ethan Blanton <elb@HIDDEN>, 62294 <at> debbugs.gnu.org
Subject: Re: bug#62294: gnupg is pinned at 2.2.32 for bug that is fixed
 upstream
In-Reply-To: <ZBhZLZwNF5DVW1K1@HIDDEN>
References: <ZBhZLZwNF5DVW1K1@HIDDEN>
Date: Tue, 04 Apr 2023 11:48:31 +0200
Message-ID: <868rf8vuz4.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 62294
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

On Mon, 20 Mar 2023 at 09:01, Ethan Blanton via Bug reports for GNU Guix <bug-guix@HIDDEN> wrote:
> I believe the pin on 2.2.32 can be lifted, but as gnupg is important
> infrastructure I am unsure about directly submitting a patch to update
> to a newer version.

Well, graft does not seem recommended because it would update to two
versions.  And update the package would be a core-updates.

Well, maybe it could be of the current core-updates dance.  Could you
send a patch for core-updates?


Cheers,
simon

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 20 Mar 2023 13:01:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 20 09:01:38 2023
Received: from localhost ([127.0.0.1]:53935 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1peF8s-0007vI-83
	for submit <at> debbugs.gnu.org; Mon, 20 Mar 2023 09:01:38 -0400
Received: from lists.gnu.org ([209.51.188.17]:41816)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <elb@HIDDEN>) id 1peF8q-0007vA-Li
 for submit <at> debbugs.gnu.org; Mon, 20 Mar 2023 09:01:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <elb@HIDDEN>) id 1peF8q-0000fL-8N
 for bug-guix@HIDDEN; Mon, 20 Mar 2023 09:01:36 -0400
Received: from cathode.kb8ojh.net ([162.243.72.198])
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <elb@HIDDEN>) id 1peF8o-0005hm-Cv
 for bug-guix@HIDDEN; Mon, 20 Mar 2023 09:01:35 -0400
Received: from anode.kb8ojh.net (pool-68-133-30-163.bflony.fios.verizon.net
 [68.133.30.163])
 by cathode.kb8ojh.net (Postfix) with ESMTPSA id A78DD40A28
 for <bug-guix@HIDDEN>; Mon, 20 Mar 2023 13:01:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kb8ojh.net; s=cathode;
 t=1679317292; bh=P0xABxPqrP0GMPBEEAxQlI6fD8l1K2oXmNgWi04vPVM=;
 h=Date:From:To:Subject:From;
 b=vnaHgsStFfbkmLOUFfaidcEOEEfn6RIK/0blym2LaGdxnHPDWgqXQi8cLZIRWtHaV
 C32/kSUBPeDsiokfP2ApZZ2+n4qnR2gbbw1+WA9LSU4+xS1uWPhju5nERU7eF/Xlwe
 zBbvTDVHoGhwZwGQoIOP1JjEZ6F3Vnk+qb3vp/OU=
Received: by anode.kb8ojh.net (Postfix, from userid 1000)
 id B4C62418AA; Mon, 20 Mar 2023 09:01:33 -0400 (EDT)
Date: Mon, 20 Mar 2023 09:01:33 -0400
From: Ethan Blanton <elb@HIDDEN>
To: bug-guix@HIDDEN
Subject: gnupg is pinned at 2.2.32 for bug that is fixed upstream
Message-ID: <ZBhZLZwNF5DVW1K1@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GnuPG-Fingerprint: 2A9A 7752 8B91 6586 6289  FD3D 6CA9 2AC6 A1A8 AD0E
Received-SPF: pass client-ip=162.243.72.198; envelope-from=elb@HIDDEN;
 helo=cathode.kb8ojh.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

It looks like the gnupg package is pinned at 2.2.32 with the following
note:

    ;; Note2: 2.2.33 currently suffers from regressions, so do not update to it
    ;; (see: https://dev.gnupg.org/T5742).

However, the bug referenced here is fixed in upstream commit
4cc724639c012215f59648cbb4b7631b9d352e36, which shipped in gnupg
2.2.34.  Meanwhile, all gnupg releases older than 2.2.35 suffer from
an S/MIME key-parsing bug (referenced in
https://www.mail-archive.com/gnupg-users@HIDDEN/msg40758.html).

I believe the pin on 2.2.32 can be lifted, but as gnupg is important
infrastructure I am unsure about directly submitting a patch to update
to a newer version.

Ethan