Closed Bug 1830094 Opened 1 year ago Closed 1 year ago

Cannot create OpenPGP key without expiration, always 2 years expiration are used.

Categories

(MailNews Core :: Security: OpenPGP, defect)

Thunderbird 102
defect

Tracking

(thunderbird_esr102 fixed, thunderbird113 fixed)

RESOLVED FIXED
114 Branch
Tracking Status
thunderbird_esr102 --- fixed
thunderbird113 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [TM:102.11.1])

Attachments

(1 file)

Use OpenPGP key manager to generate a new key.
Select "Key does not expire".
Generate the key.

Actual incorrect behavior:
A key is created that will expire after two years.

But can be reproduced using TB 113 beta and TB 114 nightly.

I can reproduce this bug using Thunderbird version 102.10, too :(

Version: Thunderbird 113 → Thunderbird 102

When generating the key, and a zero expiration is wanted, Thunderbird will NOT call rnp_op_generate_set_expiration.

I wonder why this was never noticed before.

Nickolay, maybe the default library behavior changed during one of the past releases?
Maybe in the past RNP considered no call to rnp_op_generate_set_expiration as a zero expiration, and now it uses a default 2 year expiration period?

Assignee: nobody → kaie
Status: NEW → ASSIGNED

Kai, yeah, the default key expiration time was changed in v0.16.1 via this PR: https://github.com/rnpgp/rnp/pull/1773/

I see you have announced it in the release noted.
https://github.com/rnpgp/rnp/releases/tag/v0.16.1

I blame myself for not noticing it.
We need to learn from this.

Going forward, whenever we will update RNP again, we must carefully study all release notes, and investigate each change for potential effects.

Regressed by: 1790116
Target Milestone: --- → 114 Branch

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/0f79964a014f
When generating a non-expiring OpenPGP key, call rnp_op_generate_set_expiration(0). r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED

Comment on attachment 9330405 [details]
Bug 1830094 - When generating a non-expiring OpenPGP key, call rnp_op_generate_set_expiration(0). r=mkmelin

[Approval Request Comment]
Regression caused by (bug #): 1790116
User impact if declined: False OpenPGP key meta information is used
Testing completed (on c-c, etc.): manually
Risk to taking this patch (and alternatives if risky): very low

Attachment #9330405 - Flags: approval-comm-esr102?
Attachment #9330405 - Flags: approval-comm-beta?

Comment on attachment 9330405 [details]
Bug 1830094 - When generating a non-expiring OpenPGP key, call rnp_op_generate_set_expiration(0). r=mkmelin

[Triage Comment]
Approved for beta

Attachment #9330405 - Flags: approval-comm-beta? → approval-comm-beta+

Probably safe but beta hasn't shipped yet, so skipping 102.11.0.

Whiteboard: [TM:102.11.1]

Comment on attachment 9330405 [details]
Bug 1830094 - When generating a non-expiring OpenPGP key, call rnp_op_generate_set_expiration(0). r=mkmelin

[Triage Comment]
Approved for esr102

Attachment #9330405 - Flags: approval-comm-esr102? → approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: