Page MenuHome GnuPG

Release GnuPG 2.2.23
Closed, ResolvedPublic


Noteworthy changes in version 2.2.23 (2020-09-03)

  • gpg: Fix AEAD preference list overflow. [T5050, CVE-2020-25125]
  • gpg: Fix a possible segv in the key cleaning code.
  • gpgsm: Fix a minor RFC2253 parser bug. [T5037]
  • scdaemon: Fix a PIN verify failure on certain OpenPGP card implementations. Regression in 2.2.22. [T5039]
  • po: Fix bug in the Hungarian translation. Updates for the Czech, Polish, and Ukrainian translations.

(prev: T5030)

Event Timeline

werner set External Link to
werner set Version to GnuPG 2.2.23.

Unfortunately this new release has a regression affecting users with non-ascii account names. See T5098.

The only useful workaround is to use a different user name or use set the environment variable GNUPGHOME to a directory which has only ASCII characters in its name. We are working on a solution but it turned out to be more work than originally expected. Please stay tuned.

Background: A fix for gpgtar (T4083) had an unfortunate side effect for home directories (and thus user accounts) with non-ASCII characters. This even affects simple Latin-1 (code page 850 et al) Umlauts and not just 16 bit Unicode characters. The latter have always been problematic. The fix in the works will bring nearly complete Unicode support to GnuPG/gpg4win.