Page MenuHome GnuPG
Create Task
Maniphest T5045

Release GnuPG 2.2.23
Closed, ResolvedPublic
Actions

Description

Noteworthy changes in version 2.2.23 (2020-09-03)

  • gpg: Fix AEAD preference list overflow. [T5050, CVE-2020-25125]
  • gpg: Fix a possible segv in the key cleaning code.
  • gpgsm: Fix a minor RFC2253 parser bug. [T5037]
  • scdaemon: Fix a PIN verify failure on certain OpenPGP card implementations. Regression in 2.2.22. [T5039]
  • po: Fix bug in the Hungarian translation. Updates for the Czech, Polish, and Ukrainian translations.

(prev: T5030)

Details

External Link
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
Version
GnuPG 2.2.23

Related Objects

Event Timeline

werner created this task.Sep 2 2020, 4:41 PM
werner mentioned this in T5050: AEAD preference list overflow in 2.2.Sep 3 2020, 5:20 PM
werner updated the task description. (Show Details)Sep 3 2020, 6:47 PM
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html.
werner set Version to GnuPG 2.2.23.
werner updated the task description. (Show Details)Sep 3 2020, 9:57 PM
werner closed this task as Resolved.Sep 4 2020, 5:23 PM

See
https://lists.wald.intevation.org/pipermail/gpg4win-announce/2020-September/000089.html
for the fixed Gpg4win 3.1.13

werner added a comment.Oct 28 2020, 10:19 AM

Unfortunately this new release has a regression affecting users with non-ascii account names. See T5098.

The only useful workaround is to use a different user name or use set the environment variable GNUPGHOME to a directory which has only ASCII characters in its name. We are working on a solution but it turned out to be more work than originally expected. Please stay tuned.

Background: A fix for gpgtar (T4083) had an unfortunate side effect for home directories (and thus user accounts) with non-ASCII characters. This even affects simple Latin-1 (code page 850 et al) Umlauts and not just 16 bit Unicode characters. The latter have always been problematic. The fix in the works will bring nearly complete Unicode support to GnuPG/gpg4win.

werner mentioned this in T5087: Not possible to create a new key.Oct 28 2020, 10:21 AM
werner added a comment.Nov 17 2020, 11:30 AM

A fix has been released; see T5052.

werner mentioned this in T5052: Release GnuPG 2.2.24.Jan 11 2021, 6:52 PM
werner updated the task description. (Show Details)