Page MenuHome GnuPG
Create Task
Maniphest T5663

Kleopatra's "Check for updates" does not work
Closed, ResolvedPublic
Actions

Description

Gpg4win's Kleopatra does not find 3.1.16, though it is available as update.

  • Start Kleopatra
  • Select Help -> Check for updates

Observation: After the dialog "Searching for updates..." it is running for a while,
you'll get a dialog saying:
"No update found in the available version database."

But, on the command line it can be seen that a version database is available.
Thus the expected behaviour is to see that an update is there.

gpgconf --help
gpgconf (GnuPG) 2.2.32

gpgconf --query-swdb gpg4win 3.1.15
gpg4win:3.1.15:u::0:20211012T161328:20211019T090907:3.1.16:20210611T000000:0::

rem trying to force an update
>gpg-connect-agent --dirmngr "loadswdb --force" /bye
S PROGRESS tick ? 0 0
OK

C:\Users\IEUser>gpgconf --query-swdb gpg4win 3.1.16
gpg4win:3.1.16:c::0:20211012T161328:20211019T090754:3.1.16:20210611T000000:0::

Kleopatra
Version Gpg4win-3.1.15,
additionally installed https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.32_20211006.exe (to fix the problems with the Let's encrypt TLs certificate validation)

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOe8947019630c Improve extraction of actual version number of Gpg4win release
Concern RaisedrLIBKLEO3a04f6a635c9 Add helper returning the version number of the Gpg4win release
rKLEOPATRA Kleopatra
rKLEOPATRAebf19c3f859c Use the version _number_ for the check for updates

Related Objects

Event Timeline

bernhard created this task.Oct 19 2021, 11:10 AM
bernhard added a subscriber: werner.EditedOct 19 2021, 11:13 AM

@werner can you prioritize?

From my perspective it would be "high" as people may use an outdated version for longer as necessary and be missing on the improvements of a potentially newly available version which could be important for their security requirements. Of course, they still could go the website and check manually.

ikloecker added a subscriber: ikloecker.Oct 19 2021, 12:54 PM

Kleopatra runs

gpgconf --query-swdb gpg4win 3.1.15

i.e. with the current version. Here, on Linux, I get

gpg4win:3.1.15:u::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

as result. The u in field 2 indicates that an update is available. The (current) code should work as far as I could see by a quick glance.

Can you try running with QT_LOGGING_RULES="org.kde.pim.kleopatra.debug=true" to get some debug output?

bernhard updated the task description. (Show Details)Oct 19 2021, 1:06 PM
bernhard added a comment.Oct 19 2021, 1:32 PM

With the following settings done as described at
https://www.gpg4win.org/doc/en/gpg4win-compendium_29.html

set QT
QT_LOGGING_RULES="org.kde.pim.kleopatra.debug=true"

set KL
KLEOPATRA_LOGDIR=c:\users\ieuser\kleologdir
KLEOPATRA_LOGOPTIONS=all

There is the one line with the startup check and then the manually triggered check, which previously does the loadswdb --force.

org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"
[..]
org.kde.pim.kleopatra: Starting: "C:\\Program Files (x86)\\Gpg4win\\..\\GnuPG/bin/gpg-connect-agent.exe" args ("--dirmngr", "loadswdb --force", "/bye")
org.kde.pim.kleopatra: Update force exited with status: QProcess::NormalExit code: 0
org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"

(I've corrected the task description, I had copied the wrong line for gpgconf originally.)

bernhard added a comment.Oct 19 2021, 1:48 PM

Adding GPGME_DEBUG with 9 to the logs, there is not much more to see:

GPGME 20211019T134123 07DC      gpgme_op_query_swdb: enter: ctx=0x03305908 name=gpg4win, iversion=Gpg4win-3.1.15
GPGME 20211019T134123 07DC        _gpgme_io_pipe: enter: filedes=0x00a2d5d8 inherit_idx=1 (GPGME uses it for reading)
GPGME 20211019T134123 07DC        _gpgme_io_pipe: leave: read=0x0 (hdd=0x031fbde8,hd=0x00000374), write=0x1 (hdd=0x031fc388,hd=0x000006f0)
GPGME 20211019T134123 07DC        _gpgme_io_spawn: enter: path=0x031deff0 path=C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 0] = C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 1] = --query-swdb
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 2] = gpg4win
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 3] = Gpg4win-3.1.15
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 tmp_name = C:\Users\IEUser\AppData\Local\Temp\gpgme-pe3WrM
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 CreateProcess ready: hProcess=0x00000424, hThread=0x000006ec, dwProcessID=1460, dwThreadId=1672
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 process=0x00000424
GPGME 20211019T134123 07DC          _gpgme_io_close: enter: fd=0x00000001 
GPGME 20211019T134123 07DC          _gpgme_io_close: check: fd=0x00000001 hdd=0x031fc388 dupfrom=-1
GPGME 20211019T134123 07DC            gpgme:release_hddesc: enter: hdd=0x031fc388 hd=0x000006f0, sock=-1, refcount=0
GPGME 20211019T134123 07DC            gpgme:release_hddesc: leave: 
GPGME 20211019T134123 07DC          _gpgme_io_close: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 fd[0] = 0x1 -> 0x4 (stdout)
GPGME 20211019T134123 07DC        _gpgme_io_spawn: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_read: enter: fd=0x00000000 buffer=0x03180688, count=2047
GPGME 20211019T134123 07DC          gpgme:find_reader: enter: fd=0x00000000 
GPGME 20211019T134123 07DC          gpgme:find_reader: check: fd=0x00000000 fd=0 -> hdd=0x031fbde8 dupfrom=-1 creating reader
GPGME 20211019T134123 07DC            gpgme:create_reader: enter: hdd=0x031fbde8 handle=0x00000374 sock=-1 refhdd=1
GPGME 20211019T134123 07DC              gpgme:get_desired_thread_priority: call: 0=0x00000000 2 (default)
GPGME 20211019T134123 07DC            gpgme:create_reader: leave: 
GPGME 20211019T134123 07DC          gpgme:find_reader: leave: rd=0x05cad0c0 (new)
GPGME 20211019T134123 07DC        _gpgme_io_read: check: fd=0x00000000 waiting for data from thread 0x000006d0
GPGME 20211019T134123 19FC  gpgme:reader: enter: ctx->hdd=0x031fbde8 hd=0x00000374, sock=-1, thread=0x000006d0, refcount=1
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 reading 4095 bytes
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 got EOF (broken pipe)
GPGME 20211019T134123 19FC  gpgme:reader: check: ctx->hdd=0x031fbde8 waiting for close
GPGME 20211019T134123 07DC        _gpgme_io_read: check: fd=0x00000000 data from thread 0x000006d0 available
GPGME 20211019T134123 07DC        _gpgme_io_read: leave: result=0
GPGME 20211019T134123 07DC        _gpgme_io_close: enter: fd=0x00000000 
GPGME 20211019T134123 07DC        _gpgme_io_close: check: fd=0x00000000 hdd=0x031fbde8 dupfrom=-1
GPGME 20211019T134123 07DC        _gpgme_io_close: check: fd=0x00000000 destroying reader 0x05cad0c0
GPGME 20211019T134123 07DC          gpgme:destroy_reader: call: ctx=0x05cad0c0 hdd=0x031fbde8 close triggered
GPGME 20211019T134123 19FC  gpgme:reader: leave: 
GPGME 20211019T134123 07DC          gpgme:release_hddesc: enter: hdd=0x031fbde8 hd=0x00000374, sock=-1, refcount=0
GPGME 20211019T134123 07DC          gpgme:release_hddesc: leave: 
GPGME 20211019T134123 07DC        _gpgme_io_close: leave: result=0
GPGME 20211019T134123 07DC      gpgme_op_query_swdb: leave: 
GPGME 20211019T134123 07DC      gpgme_op_query_swdb_result: enter: ctx=0x03305908 
GPGME 20211019T134123 07DC      gpgme_op_query_swdb_result: leave: result=0x03207928
GPGME 20211019T134123 07DC      gpgme_release: call: ctx=0x03305908
werner triaged this task as Normal priority.Oct 19 2021, 2:59 PM

Version check is a data leak anyway and thus often disabled. Thus I don't see a risk for high value targets.

bernhard added a comment.Oct 20 2021, 10:21 AM

We should disable the menu button until it is fixed. I think it should be on the roadmap of 4.0 to have this working.

bernhard added a comment.Oct 20 2021, 10:52 AM

@ikloecker Note you can easily setup a test instance using one of Microsoft'S test VMs, see https://lists.wald.intevation.org/pipermail/gpg4win-devel/2021-October/001769.html

If you would provide me with a new binary or whatevery is needed to find out more, I can run it in that VM I have here.
Seems that neither GPGME_DEBUG nor kleodebug do really expose what kleopatra is seeing here.

Code I looked at was:
https://invent.kde.org/pim/kleopatra/-/blob/master/src/dialogs/updatenotification.cpp#L125
so there is a certain expectation that if there is no error from the gpgme call, the

ikloecker added a comment.Oct 20 2021, 11:53 AM

Well, the debug output

org.kde.pim.kleopatra: No update for: "Gpg4win-3.1.15"

and, even more clearly,

GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 0] = C:\Program Files (x86)\GnuPG\bin\gpgconf.exe
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 1] = --query-swdb
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 2] = gpg4win
GPGME 20211019T134123 07DC        _gpgme_io_spawn: check: path=0x031deff0 argv[ 3] = Gpg4win-3.1.15

reveals that Kleopatra via gpgme ran the command

gpgconf --query-swdb gpg4win Gpg4win-3.1.15

i.e. that current is "Gpg4win-3.1.15".

Running this manually I get

$ gpgconf --query-swdb gpg4win Gpg4win-3.1.15
gpgconf: error in version string 'Gpg4win-3.1.15': Invalid argument

Apparently, this error is not properly reported by GpgME::SwdbResult::query(). Even more surprisingly, GpgME::SwdbResult::query() seems to return a vector with 1 result.

Result of this analysis:

  1. Either
    1. Kleopatra's UpdateNotification makes the wrong assumption that Kleo::gpg4winVersion() returns a version number instead of Gpg4win-3.1.15. OR
    2. The release scripts put the wrong text as first line into the VERSION file (because Kleo::gpg4winVersion() returns this first line).
  2. gpgme_op_query_swdb() does not return an error in case of an invalid version string AND gpgme_op_query_swdb_result() returns a result in case of an invalid version string.
bernhard added a comment.Oct 20 2021, 12:39 PM

Well spotted @ikloecker !

bernhard added a comment.Oct 20 2021, 12:57 PM

rW4dcba538b74e2ad2d64adb4273176a4e4f85e599 changes the contents of the VERSION file as part of T5056 both on 2020-09-20.

bernhard added a comment.Oct 20 2021, 1:09 PM

When changing the filel contents of C:\Program Files (x86)\Gpg4win\VERSION from

Gpg4win-3.1.15

to

3.1.15

the update check works again.

Note that the following doesn not work:

gpg4win
3.1.15

(This is the format the gnupg\VERSION file is in.)

bernhard added a comment.Oct 20 2021, 1:17 PM

This commit changed the behaviour:
https://invent.kde.org/pim/libkleo/-/commit/bf7af017d84747d83ec16e0f8ab03b656899bfcd#c50ded182b9e04dd8e8c34c84c3bfd32ec2c5b46_149_214

ikloecker added a commit: rKLEOPATRAebf19c3f859c: Use the version _number_ for the check for updates.Oct 20 2021, 1:30 PM
ikloecker added a commit: rLIBKLEO3a04f6a635c9: Add helper returning the version number of the Gpg4win release.Oct 20 2021, 1:54 PM
ikloecker mentioned this in T5668: gpgme: gpgme_op_query_swdb() does not report error from gpgconf.Oct 20 2021, 3:42 PM
ikloecker closed this task as Resolved.Oct 20 2021, 3:48 PM
ikloecker claimed this task.
ikloecker added a project: Restricted Project.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Okay. So the product prefix has been added intentionally to the version.

ikloecker added a commit: rLIBKLEOe8947019630c: Improve extraction of actual version number of Gpg4win release.Oct 25 2021, 11:20 AM
ikloecker added a comment.Oct 25 2021, 11:38 AM

Kleopatra now also handles a version like Gpg4win-3.1.16-beta15, but gpgconf --query-swdb seems to ignore pre-release identifiers:

$ gpgconf --query-swdb gpg4win 3.1.15-beta16
gpg4win:3.1.15-beta16:u::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

$ gpgconf --query-swdb gpg4win 3.1.16-beta16
gpg4win:3.1.16-beta16:n::0:20211012T161328:20211019T103252:3.1.16:20210611T000000:0::

gpgconf suggests an update for 3.1.15-beta16, but it doesn't for 3.1.16-beta16. In fact, it claims n, i.e. "The installed version is already newer than the released version." which is clearly wrong. I have created a spin-off for this bug: T5670: gpgconf --query-swdb incorrectly handles pre-release version numbers.