Release GnuPG 2.2.23
Closed, ResolvedPublic

Description

Noteworthy changes in version 2.2.23 (2020-09-03)

  • gpg: Fix AEAD preference list overflow. [T5050, CVE-2020-25125]
  • gpg: Fix a possible segv in the key cleaning code.
  • gpgsm: Fix a minor RFC2253 parser bug. [T5037]
  • scdaemon: Fix a PIN verify failure on certain OpenPGP card implementations. Regression in 2.2.22. [T5039]
  • po: Fix bug in the Hungarian translation. Updates for the Czech, Polish, and Ukrainian translations.
werner created this task.Sep 2 2020, 4:41 PM
werner updated the task description. (Show Details)Sep 3 2020, 6:47 PM
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html.
werner set Version to GnuPG 2.2.23.
werner updated the task description. (Show Details)Sep 3 2020, 9:57 PM

Unfortunately this new release has a regression affecting users with non-ascii account names. See T5098.

The only useful workaround is to use a different user name or use set the environment variable GNUPGHOME to a directory which has only ASCII characters in its name. We are working on a solution but it turned out to be more work than originally expected. Please stay tuned.

Background: A fix for gpgtar (T4083) had an unfortunate side effect for home directories (and thus user accounts) with non-ASCII characters. This even affects simple Latin-1 (code page 850 et al) Umlauts and not just 16 bit Unicode characters. The latter have always been problematic. The fix in the works will bring nearly complete Unicode support to GnuPG/gpg4win.

A fix has been released; see T5052.