Kleopatra's "Check for updates" does not work
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	bernhard
	Oct 19 2021, 11:10 AM

Description

Gpg4win's Kleopatra does not find 3.1.16, though it is available as update.

Start Kleopatra
Select Help -> Check for updates

Observation: After the dialog "Searching for updates..." it is running for a while,
you'll get a dialog saying:
"No update found in the available version database."

But, on the command line it can be seen that a version database is available.
Thus the expected behaviour is to see that an update is there.

gpgconf --help
gpgconf (GnuPG) 2.2.32

gpgconf --query-swdb gpg4win 3.1.15
gpg4win:3.1.15:u::0:20211012T161328:20211019T090907:3.1.16:20210611T000000:0::

rem trying to force an update
>gpg-connect-agent --dirmngr "loadswdb --force" /bye
S PROGRESS tick ? 0 0
OK

C:\Users\IEUser>gpgconf --query-swdb gpg4win 3.1.16
gpg4win:3.1.16:c::0:20211012T161328:20211019T090754:3.1.16:20210611T000000:0::

Kleopatra
Version Gpg4win-3.1.15,
additionally installed https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.32_20211006.exe (to fix the problems with the Let's encrypt TLs certificate validation)

Revisions and Commits

rLIBKLEO Libkleo
		rLIBKLEOe8947019630c Improve extraction of actual version number of Gpg4win release
	Concern Raised	rLIBKLEO3a04f6a635c9 Add helper returning the version number of the Gpg4win release
rKLEOPATRA Kleopatra
		rKLEOPATRAebf19c3f859c Use the version _number_ for the check for updates

Related Objects

Mentioned In: T5668: gpgme: gpgme_op_query_swdb() does not report error from gpgconf
Mentioned Here: T5670: gpgconf --query-swdb incorrectly handles pre-release version numbers
rW4dcba538b74e: Improve VERSION file
T5056: About Kleopatra showing unknown version number

Event Timeline

bernhard created this task.Oct 19 2021, 11:10 AM

@werner can you prioritize?

From my perspective it would be "high" as people may use an outdated version for longer as necessary and be missing on the improvements of a potentially newly available version which could be important for their security requirements. Of course, they still could go the website and check manually.

Kleopatra runs

gpgconf --query-swdb gpg4win 3.1.15

i.e. with the current version. Here, on Linux, I get

gpg4win:3.1.15:u::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

as result. The u in field 2 indicates that an update is available. The (current) code should work as far as I could see by a quick glance.

Can you try running with QT_LOGGING_RULES="org.kde.pim.kleopatra.debug=true" to get some debug output?

bernhard updated the task description. (Show Details)Oct 19 2021, 1:06 PM

With the following settings done as described at
https://www.gpg4win.org/doc/en/gpg4win-compendium_29.html

set QT
QT_LOGGING_RULES="org.kde.pim.kleopatra.debug=true"

set KL
KLEOPATRA_LOGDIR=c:\users\ieuser\kleologdir
KLEOPATRA_LOGOPTIONS=all

There is the one line with the startup check and then the manually triggered check, which previously does the loadswdb --force.

org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"
[..]
org.kde.pim.kleopatra: Starting: "C:\\Program Files (x86)\\Gpg4win\\..\\GnuPG/bin/gpg-connect-agent.exe" args ("--dirmngr", "loadswdb --force", "/bye")
org.kde.pim.kleopatra: Update force exited with status: QProcess::NormalExit code: 0
org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"

(I've corrected the task description, I had copied the wrong line for gpgconf originally.)

Adding GPGME_DEBUG with 9 to the logs, there is not much more to see:

GPGME 20211019T134123 07DC      gpgme_op_query_swdb: enter: ctx=0x03305908 name=gpg4win, iversion=Gpg4win-3.1.15
GPGME 20211019T134123 07DC        _gpgme_io_pipe: enter: filedes=0x00a2d5d8 inherit_idx=1 (GPGME uses it for reading)
GPGME 20211019T134123 07DC        _gpgme_io_pipe: leave: read=0x0 (hdd=0x031fbde8,hd=0x00000374), write=0x1 (hdd=0x031fc388,hd=0x000006f0)
GPGME 20211019T134123 07DC        _gpgme_io_spawn: enter: path=0x031deff0 path=C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 0] = C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 1] = --query-swdb
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 2] = gpg4win
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 3] = Gpg4win-3.1.15
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 tmp_name = C:\Users\IEUser\AppData\Local\Temp\gpgme-pe3WrM
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 CreateProcess ready: hProcess=0x00000424, hThread=0x000006ec, dwProcessID=1460, dwThreadId=1672
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 process=0x00000424
GPGME 20211019T134123 07DC          _gpgme_io_close: enter: fd=0x00000001 
GPGME 20211019T134123 07DC          _gpgme_io_close: check: fd=0x00000001 hdd=0x031fc388 dupfrom=-1
GPGME 20211019T134123 07DC            gpgme:release_hddesc: enter: hdd=0x031fc388 hd=0x000006f0, sock=-1, refcount=0
GPGME 20211019T134123 07DC            gpgme:release_hddesc: leave: 
GPGME 20211019T134123 07DC          _gpgme_io_close: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 fd[0] = 0x1 -> 0x4 (stdout)
GPGME 20211019T134123 07DC        _gpgme_io_spawn: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_read: enter: fd=0x00000000 buffer=0x03180688, count=2047
GPGME 20211019T134123 07DC          gpgme:find_reader: enter: fd=0x00000000 
GPGME 20211019T134123 07DC          gpgme:find_reader: check: fd=0x00000000 fd=0 -> hdd=0x031fbde8 dupfrom=-1 creating reader
GPGME 20211019T134123 07DC            gpgme:create_reader: enter: hdd=0x031fbde8 handle=0x00000374 sock=-1 refhdd=1
GPGME 20211019T134123 07DC              gpgme:get_desired_thread_priority: call: 0=0x00000000 2 (default)
GPGME 20211019T134123 07DC            gpgme:create_reader: leave: 
GPGME 20211019T134123 07DC          gpgme:find_reader: leave: rd=0x05cad0c0 (new)
GPGME 20211019T134123 07DC        _gpgme_io_read: check: fd=0x00000000 waiting for data from thread 0x000006d0
GPGME 20211019T134123 19FC  gpgme:reader: enter: ctx->hdd=0x031fbde8 hd=0x00000374, sock=-1, thread=0x000006d0, refcount=1
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 reading 4095 bytes
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 got EOF (broken pipe)
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 waiting for close
GPGME 20211019T134123 07DC        _gpgme_io_read: check: fd=0x00000000 data from thread 0x000006d0 available
GPGME 20211019T134123 07DC        _gpgme_io_read: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_close: enter: fd=0x00000000 
GPGME 20211019T134123 07DC        _gpgme_io_close: check: fd=0x00000000 hdd=0x031fbde8 dupfrom=-1
GPGME 20211019T134123 07DC        _gpgme_io_close: check: fd=0x00000000 destroying reader 0x05cad0c0
GPGME 20211019T134123 07DC          gpgme:destroy_reader: call: ctx=0x05cad0c0 hdd=0x031fbde8 close triggered
GPGME 20211019T134123 19FC  gpgme:reader: leave: 
GPGME 20211019T134123 07DC          gpgme:release_hddesc: enter: hdd=0x031fbde8 hd=0x00000374, sock=-1, refcount=0
GPGME 20211019T134123 07DC          gpgme:release_hddesc: leave: 
GPGME 20211019T134123 07DC        _gpgme_io_close: leave: result=0
GPGME 20211019T134123 07DC      gpgme_op_query_swdb: leave: 
GPGME 20211019T134123 07DC      gpgme_op_query_swdb_result: enter: ctx=0x03305908 
GPGME 20211019T134123 07DC      gpgme_op_query_swdb_result: leave: result=0x03207928
GPGME 20211019T134123 07DC      gpgme_release: call: ctx=0x03305908

Version check is a data leak anyway and thus often disabled. Thus I don't see a risk for high value targets.

We should disable the menu button until it is fixed. I think it should be on the roadmap of 4.0 to have this working.

@ikloecker Note you can easily setup a test instance using one of Microsoft'S test VMs, see https://lists.wald.intevation.org/pipermail/gpg4win-devel/2021-October/001769.html

If you would provide me with a new binary or whatevery is needed to find out more, I can run it in that VM I have here.
Seems that neither GPGME_DEBUG nor kleodebug do really expose what kleopatra is seeing here.

Code I looked at was:
https://invent.kde.org/pim/kleopatra/-/blob/master/src/dialogs/updatenotification.cpp#L125
so there is a certain expectation that if there is no error from the gpgme call, the

Well, the debug output

org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"

and, even more clearly,

GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 0] = C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 1] = --query-swdb
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 2] = gpg4win
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 3] = Gpg4win-3.1.15

reveals that Kleopatra via gpgme ran the command

gpgconf --query-swdb gpg4win Gpg4win-3.1.15

i.e. that current is "Gpg4win-3.1.15".

Running this manually I get

$ gpgconf --query-swdb gpg4win Gpg4win-3.1.15
gpgconf: error in version string 'Gpg4win-3.1.15': Invalid argument

Apparently, this error is not properly reported by GpgME::SwdbResult::query(). Even more surprisingly, GpgME::SwdbResult::query() seems to return a vector with 1 result.

Result of this analysis:

Either
1. Kleopatra's UpdateNotification makes the wrong assumption that Kleo::gpg4winVersion() returns a version number instead of Gpg4win-3.1.15. OR
2. The release scripts put the wrong text as first line into the VERSION file (because Kleo::gpg4winVersion() returns this first line).
gpgme_op_query_swdb() does not return an error in case of an invalid version string AND gpgme_op_query_swdb_result() returns a result in case of an invalid version string.

Well spotted @ikloecker !

rW4dcba538b74e2ad2d64adb4273176a4e4f85e599 changes the contents of the VERSION file as part of T5056 both on 2020-09-20.

When changing the filel contents of C:\Program Files (x86)\Gpg4win\VERSION from

Gpg4win-3.1.15

3.1.15

the update check works again.

Note that the following doesn not work:

gpg4win
3.1.15

(This is the format the gnupg\VERSION file is in.)

This commit changed the behaviour:
https://invent.kde.org/pim/libkleo/-/commit/bf7af017d84747d83ec16e0f8ab03b656899bfcd#c50ded182b9e04dd8e8c34c84c3bfd32ec2c5b46_149_214

ikloecker added a commit: rKLEOPATRAebf19c3f859c: Use the version _number_ for the check for updates.Oct 20 2021, 1:30 PM

ikloecker added a commit: rLIBKLEO3a04f6a635c9: Add helper returning the version number of the Gpg4win release.Oct 20 2021, 1:54 PM

ikloecker mentioned this in T5668: gpgme: gpgme_op_query_swdb() does not report error from gpgconf.Oct 20 2021, 3:42 PM

Okay. So the product prefix has been added intentionally to the version.

ikloecker added a commit: rLIBKLEOe8947019630c: Improve extraction of actual version number of Gpg4win release.Oct 25 2021, 11:20 AM

Kleopatra now also handles a version like Gpg4win-3.1.16-beta15, but gpgconf --query-swdb seems to ignore pre-release identifiers:

$ gpgconf --query-swdb gpg4win 3.1.15-beta16
gpg4win:3.1.15-beta16:u::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

$ gpgconf --query-swdb gpg4win 3.1.16-beta16
gpg4win:3.1.16-beta16:n::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

gpgconf suggests an update for 3.1.15-beta16, but it doesn't for 3.1.16-beta16. In fact, it claims n, i.e. "The installed version is already newer than the released version." which is clearly wrong. I have created a spin-off for this bug: T5670: gpgconf --query-swdb incorrectly handles pre-release version numbers.

Kleopatra's "Check for updates" does not workClosed, ResolvedPublicActions

Description

Revisions and Commits

Related Objects

Event Timeline

Kleopatra's "Check for updates" does not work
Closed, ResolvedPublic
Actions