Bug 34458 - gnupg2 regression because of the fix for security issue CVE-2025-30258
Summary: gnupg2 regression because of the fix for security issue CVE-2025-30258
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-07-09 16:31 CEST by Nicolas Salguero
Modified: 2025-07-11 20:53 CEST (History)
4 users (show)

See Also:
Source RPM: gnupg2-2.3.8-1.3.mga9.src.rpm
CVE:
Status comment: Patch available from Ubuntu

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-07-09 16:31:40 CEST 
Ubuntu has issued an advisory on July 8:
https://ubuntu.com/security/notices/USN-7412-2
Nicolas Salguero 2025-07-09 16:32:02 CEST

Source RPM: (none) => gnupg2-2.3.8-1.3.mga9.src.rpm
Status comment: (none) => Patch available from Ubuntu

katnatek 2025-07-09 19:18:48 CEST

Assignee: bugsquad => j.alberto.vc

Comment 1 katnatek 2025-07-09 20:03:24 CEST 
RPM:

gnupg2-2.3.8-1.4.mga9

SRPM:
gnupg2-2.3.8-1.4.mga9

Assignee: j.alberto.vc => qa-bugs

katnatek 2025-07-09 20:09:25 CEST

Keywords: (none) => advisory

PC LX 2025-07-10 01:44:28 CEST

CC: (none) => mageia

Comment 2 katnatek 2025-07-10 03:28:25 CEST 
RH x86_64

I follow the steps in the bug and I can confirm the reported issue

installing gnupg2-2.3.8-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: gnupg2                ##################################################################################################
      1/1: removing gnupg2-2.3.8-1.3.mga9.x86_64
                                 ##################################################################################################

The last step

gpg --homedir "$my_fresh_keyring" --list-keys
/tmp/tmp.fOPuk35Nm8/pubring.kbx
-------------------------------
pub   brainpoolP256r1 2025-07-10 [C]
      108FB6F815C57BB6FC1A89C23E77018E926C4988
uid           [ultimate] My certifying key

pub   brainpoolP256r1 2025-07-10 [SC]
      1B1DE938135B86381E1A6707BFE4765F8B45693C
uid           [  full  ] My to-be-signed key


So I think is good as is not shown "unknown"
OK for me
Comment 3 Herman Viaene 2025-07-10 10:51:49 CEST 
MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
Ref bug 30591  for testing:
$ gpg2 --list-keys
/home/tester9/.gnupg/pubring.kbx
--------------------------------
pub   ed25519 2025-04-11 [SC] [expires: 2027-04-11]
      12E1350FA87C8E8D69ACB5BA1D01AFA901C47E49
uid           [ultimate] Tester9 <herman.viaene@hotmail.be>
sub   cv25519 2025-04-11 [E] [expires: 2027-04-11]

$ gpg2 --list-secret-keys
/home/tester9/.gnupg/pubring.kbx
--------------------------------
sec   ed25519 2025-04-11 [SC] [expires: 2027-04-11]
      12E1350FA87C8E8D69ACB5BA1D01AFA901C47E49
uid           [ultimate] Tester9 <herman.viaene@hotmail.be>
ssb   cv25519 2025-04-11 [E] [expires: 2027-04-11]

Used kleopatra to extend the certification period resulting in:
$ gpg2 --list-keys
/home/tester9/.gnupg/pubring.kbx
--------------------------------
pub   ed25519 2025-04-11 [SC] [expires: 2028-05-11]
      12E1350FA87C8E8D69ACB5BA1D01AFA901C47E49
uid           [ultimate] Tester9 <herman.viaene@hotmail.be>
sub   cv25519 2025-04-11 [E] [expires: 2028-05-11]

[tester9@mach3 ~]$ gpg2 --list-secret-keys
/home/tester9/.gnupg/pubring.kbx
--------------------------------
sec   ed25519 2025-04-11 [SC] [expires: 2028-05-11]
      12E1350FA87C8E8D69ACB5BA1D01AFA901C47E49
uid           [ultimate] Tester9 <herman.viaene@hotmail.be>
ssb   cv25519 2025-04-11 [E] [expires: 2028-05-11]

Used kleopatra further to encrypt/decrypt a txt file. Worked OK.
In view of katnatek's test above, good to go.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2025-07-10 15:40:08 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2025-07-11 20:53:30 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0206.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.