diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen	2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/rsa.c	2019-02-12 14:29:25.630513971 +0100
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig

Thu, Dec 2, 4:34 PM · Testing, libgcrypt, FIPS, Bug Report

aheinecke added a comment to rLIBKLEO51f2bd618677: Prevent cycles in graph of certificate issuers.

Ui, Kudos to you for seeing that possibility in Boost Graph and applying that. *Thumbs up*

Thu, Dec 2, 3:33 PM

aheinecke triaged T5715: Kleopatra: After importing a secret key and setting ownertrust in the dialog the key is not updated as Normal priority.

Thu, Dec 2, 3:32 PM · kleopatra, Restricted Project

Jakuje created T5714: tests: Do not run tests for algorithms that are not built-in.

Thu, Dec 2, 2:21 PM · libgcrypt, Bug Report

aheinecke triaged T5713: Kleopatra: PKCS#12 Import no Error on bad passphrase as Normal priority.

Thu, Dec 2, 1:52 PM · Restricted Project, kleopatra

Jakuje added a comment to T5523: jitter entropy RNG update.

I went through some more testing and noticed one missing file in the release tarball, that prevents building libgcrypt now. Should be fixed with the attached patch.

Thu, Dec 2, 12:32 PM · Testing, FIPS, libgcrypt

Jakuje added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

I did go through a bit more testing too and the selftests still initialize and use the secure memory (and the t-secmem fails in FIPS mode if we invoke selftests from constructor). Now from run_random_selftests() -> _gcry_random_selftest() -> drbg_healthcheck() -> _gcry_rngdrbg_healthcheck_one(). So this means that we either need to de-initialize secure memory after the constructor selftests or prevent its initialization as I suggested in some of the previous comments.

Thu, Dec 2, 12:29 PM · FIPS, libgcrypt, Bug Report

Yenya created T5712: Yubikey 5 NFC only recognized immediately after it is inserted.

Thu, Dec 2, 11:50 AM · Bug Report

aheinecke triaged T5711: Kleopatra: Keyserver config does not fallback to default as Normal priority.

Thu, Dec 2, 11:22 AM · Restricted Project, kleopatra

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

What would be setting those? And how do I disable it?

Thu, Dec 2, 8:00 AM · MacOS, pinentry, Bug Report

pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.

It does have them defined!

$ gpg-connect-agent "getinfo getenv COLUMNS" /bye
D 80
OK
$ gpg-connect-agent "getinfo getenv LINES" /bye
D 24
OK

What would be setting those? And how do I disable it?

Thu, Dec 2, 7:39 AM · MacOS, pinentry, Bug Report

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

A possibility is that gpg-agent which invokes pinentry happens have COLUMNS and LINES defined, then, pinentry misbehaves.

Thu, Dec 2, 6:36 AM · MacOS, pinentry, Bug Report

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

Thanks again for further information.

Thu, Dec 2, 6:10 AM · MacOS, pinentry, Bug Report

pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.

Hmm, I added that to my formula, and see ncurses 6.3 now, however the issue still occurs.

dyld[20991]: <55AFFB3D-2011-35CC-9486-B30BC1CA12F7> /opt/homebrew/Cellar/pinentry/1.2.0/bin/pinentry-curses
dyld[20991]: <AAD35EC9-FC8A-3ED4-A829-C59E710CEA8A> /opt/homebrew/Cellar/libassuan/2.5.5/lib/libassuan.0.dylib
dyld[20991]: <59683137-0511-3681-8BA6-04A78592B197> /opt/homebrew/Cellar/libgpg-error/1.43/lib/libgpg-error.0.dylib
dyld[20991]: <A9DA1A80-D101-339B-9637-85A65285E050> /opt/homebrew/Cellar/ncurses/6.3/lib/libncursesw.6.dylib
dyld[20991]: <679CDB15-D472-38E8-8840-B38874010D51> /usr/lib/libSystem.B.dylib
dyld[20991]: <BB47A721-69A7-3EEA-9D9B-82F88FFF2641> /usr/lib/system/libcache.dylib
dyld[20991]: <E6CCD148-5E91-3111-BE37-1C19402F4637> /usr/lib/system/libcommonCrypto.dylib
dyld[20991]: <92001FF7-799E-3BA8-BF46-5FA01FFB952C> /usr/lib/system/libcompiler_rt.dylib
dyld[20991]: <6BE94DC2-F363-3D76-B056-F45D4B56E152> /usr/lib/system/libcopyfile.dylib
dyld[20991]: <881973B2-0426-325F-8D1A-17D60AE0CBFA> /usr/lib/system/libcorecrypto.dylib
dyld[20991]: <9C4116F5-B8EB-3A00-B4B5-54AF6A76F66B> /usr/lib/system/libdispatch.dylib
dyld[20991]: <96ECED73-F10C-3941-91A7-00254B907499> /usr/lib/system/libdyld.dylib
dyld[20991]: <F7CDC52B-7961-3283-A30F-B06E2E6ED6AB> /usr/lib/system/libkeymgr.dylib
dyld[20991]: <8D2BECEF-1038-3F2C-B8EF-B02C03092286> /usr/lib/system/libmacho.dylib
dyld[20991]: <3D861651-91A7-3D78-B43B-ECAA41D63D9E> /usr/lib/system/libquarantine.dylib
dyld[20991]: <FA2D8F89-D9C4-316F-9FDC-BFF1A791BD4E> /usr/lib/system/libremovefile.dylib
dyld[20991]: <61963381-E322-3D0F-855D-CE1EA31FA4E1> /usr/lib/system/libsystem_asl.dylib
dyld[20991]: <770FEB1F-FE27-3670-810F-A063D281CC8D> /usr/lib/system/libsystem_blocks.dylib
dyld[20991]: <660D7866-E2A2-3651-A0A5-806E9217736B> /usr/lib/system/libsystem_c.dylib
dyld[20991]: <1F580793-A1C3-30C6-A9BC-7789C14677AE> /usr/lib/system/libsystem_collections.dylib
dyld[20991]: <8370E8A5-EADF-3A2C-9D5B-CA148723A5CA> /usr/lib/system/libsystem_configuration.dylib
dyld[20991]: <30C492F6-C9E6-3C1D-BE52-CA4F4FC824D6> /usr/lib/system/libsystem_containermanager.dylib
dyld[20991]: <F2A34B01-C264-3B7E-B3C9-1671E9E3C185> /usr/lib/system/libsystem_coreservices.dylib
dyld[20991]: <01C0D793-E5FB-3141-95D6-32A973F9FFF8> /usr/lib/system/libsystem_darwin.dylib
dyld[20991]: <AED9DAFC-7AB1-31CF-96A1-14C87B614DD3> /usr/lib/system/libsystem_dnssd.dylib
dyld[20991]: <F0456F65-B4DF-3E14-91DC-C0C2A7954233> /usr/lib/system/libsystem_featureflags.dylib
dyld[20991]: <5E36F087-5EF7-33B7-ACDA-CAE1C4A97621> /usr/lib/system/libsystem_info.dylib
dyld[20991]: <6AB180A4-1D1E-3FA1-88B7-A7866EFACFC8> /usr/lib/system/libsystem_m.dylib
dyld[20991]: <7C9F7726-62C1-3B03-8130-03E8A2A68DDF> /usr/lib/system/libsystem_malloc.dylib
dyld[20991]: <2F331637-80F6-3208-816F-618DA9081899> /usr/lib/system/libsystem_networkextension.dylib
dyld[20991]: <3701D756-7023-30C0-9A36-852971092AA9> /usr/lib/system/libsystem_notify.dylib
dyld[20991]: <4234FAEC-7D18-30E7-AEAD-E9FB6922AFE9> /usr/lib/system/libsystem_product_info_filter.dylib
dyld[20991]: <1214F568-24BF-379F-8A86-FF947EE5F18A> /usr/lib/system/libsystem_sandbox.dylib
dyld[20991]: <49553CC1-66C3-32B1-91C6-4415DE230F58> /usr/lib/system/libsystem_secinit.dylib
dyld[20991]: <17550B77-D255-389A-B779-906AF75314B6> /usr/lib/system/libsystem_kernel.dylib
dyld[20991]: <8B28F7A3-6681-3D34-92AE-3688A74F50E6> /usr/lib/system/libsystem_platform.dylib
dyld[20991]: <AA39FF66-B3F0-3777-99BC-F4A4C5CBD566> /usr/lib/system/libsystem_pthread.dylib
dyld[20991]: <73885FA5-76B6-3AA3-8D91-60B2E0078F99> /usr/lib/system/libsystem_symptoms.dylib
dyld[20991]: <362E885B-20EA-395B-BB01-6E46B864294D> /usr/lib/system/libsystem_trace.dylib
dyld[20991]: <D0A538E3-7A75-395A-993C-A3EA7947F55A> /usr/lib/system/libunwind.dylib
dyld[20991]: <A77B4CE2-0855-3C19-B4A6-47B094CF0DDA> /usr/lib/system/libxpc.dylib
dyld[20991]: <52A50407-CD9B-3A67-A0C2-2D9D6F3043BF> /usr/lib/libc++abi.dylib
dyld[20991]: <8FCA2160-F786-398A-AEAC-2B3D5BD72BB8> /usr/lib/libobjc.A.dylib
dyld[20991]: <6B0DE0DE-0EA2-3948-8B7D-8BA309414B27> /usr/lib/liboah.dylib
dyld[20991]: <20FBE382-CC21-324E-8813-C84B94CC04EF> /usr/lib/libc++.1.dylib
dyld[20991]: <A714AC09-9E2D-3608-B8C1-D6300E852308> /usr/lib/libiconv.2.dylib
dyld[20991]: <1907D41B-6D4B-3EA0-AD3B-5770431B6327> /usr/lib/libcharset.1.dylib

Thu, Dec 2, 1:32 AM · MacOS, pinentry, Bug Report

gniibe added a comment to T5512: Implement service indicators.

For the part 1, I created: T5710: FIPS: disable DSA for FIPS

Thu, Dec 2, 1:16 AM · Feature Request, FIPS, libgcrypt

gniibe updated subscribers of T5710: FIPS: disable DSA for FIPS.

This is the patch from @Jakuje

libgcrypt-fips-DSA-disable.patch1 KBDownload

Thu, Dec 2, 1:14 AM · FIPS, libgcrypt

gniibe triaged T5710: FIPS: disable DSA for FIPS as Normal priority.

Thu, Dec 2, 1:12 AM · FIPS, libgcrypt

Wed, Dec 1

jukivili committed rCd5bf106468e6: gcry_mpi_sub_ui: fix subtracting from negative value (authored by jukivili).

gcry_mpi_sub_ui: fix subtracting from negative value

Wed, Dec 1, 9:54 PM

ikloecker committed rKLEOPATRA96928c1e4501: Enable encrypt/sign button if GnuPG is compliant (authored by ikloecker).

Enable encrypt/sign button if GnuPG is compliant

Wed, Dec 1, 5:40 PM

ikloecker committed rKLEOPATRAd3b9927901f5: Set up the key cache before the system tray icon (authored by ikloecker).

Set up the key cache before the system tray icon

Wed, Dec 1, 5:18 PM

ikloecker committed rKLEOPATRA4853bdf5fd79: Update the signing actions when the keys change (authored by ikloecker).

Update the signing actions when the keys change

Wed, Dec 1, 5:18 PM

ikloecker committed rKLEOPATRA010a83a6239f: Update main UI if key cache is already initialized (authored by ikloecker).

Update main UI if key cache is already initialized

Wed, Dec 1, 5:18 PM

gHensges created T5709: Embedded images are seen as attachments after encrypting and decrypting.

Wed, Dec 1, 2:43 PM · Bug Report, gpg4win

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

So, the solution is to build pinentry with newer ncurses. As I wrote in another comment, it's adding a single line to the formula.

Wed, Dec 1, 2:41 PM · MacOS, pinentry, Bug Report

ikloecker moved T5334: Kleopatra: Add more support for WKS / WKD from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Wed, Dec 1, 2:25 PM · kleopatra, Restricted Project

ikloecker committed rLIBKLEO8dbf1f6bcb05: Check version of QGpgme instead of gpgme++ (authored by ikloecker).

Check version of QGpgme instead of gpgme++

Wed, Dec 1, 2:21 PM

aheinecke committed rKLEOPATRA7e7d6a91810f: Bump Kleopatra version to 3.1.20 (authored by aheinecke).

Bump Kleopatra version to 3.1.20

Wed, Dec 1, 2:07 PM

ikloecker changed the status of T5688: Kleopatra: Configure to hide CSR creation from Open to Testing.

Wed, Dec 1, 12:05 PM · kleopatra, Restricted Project

ikloecker added a comment to T5688: Kleopatra: Configure to hide CSR creation.

The functionality to create CSRs can be hidden with the setting

[CMS]
AllowCertificateCreation=false

Wed, Dec 1, 12:04 PM · kleopatra, Restricted Project

ikloecker added a comment to T5708: Kleopatra: Configure expiration date default in config.

The default validity period can be specified in the configuration file with

[CertificateCreationWizard]
ValidityPeriodInDays=42

Wed, Dec 1, 11:54 AM · kleopatra, g10code, Restricted Project

ikloecker changed the status of T5708: Kleopatra: Configure expiration date default in config from Open to Testing.

Wed, Dec 1, 11:50 AM · kleopatra, g10code, Restricted Project

ikloecker committed rKLEOPATRAa2919db78cc2: Allow setting default validity period for new OpenPGP keys (authored by ikloecker).

Allow setting default validity period for new OpenPGP keys

Wed, Dec 1, 11:48 AM

ikloecker committed rKLEOPATRAaea86f8a57d9: Prefill expiration date with default if expiration is enabled (authored by ikloecker).

Prefill expiration date with default if expiration is enabled

Wed, Dec 1, 11:48 AM

ikloecker moved T5708: Kleopatra: Configure expiration date default in config from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Wed, Dec 1, 11:48 AM · kleopatra, g10code, Restricted Project

aheinecke committed rOa9dac823c99e: Post release version bump (authored by aheinecke).

Post release version bump

Wed, Dec 1, 11:13 AM

aheinecke committed rOc49300e4b0ce: Auto update po files (authored by aheinecke).

Auto update po files

Wed, Dec 1, 11:13 AM

aheinecke committed rOa57f66b5d809: Update NEWS for todays release (authored by aheinecke).

Update NEWS for todays release

Wed, Dec 1, 11:13 AM

aheinecke committed rW59100cb59da4: Use link for gnupg-msi sources (authored by aheinecke).

Use link for gnupg-msi sources

Wed, Dec 1, 10:50 AM

aheinecke committed rW1622583c3444: Add clean option to download script (authored by aheinecke).

Add clean option to download script

Wed, Dec 1, 10:50 AM

aheinecke committed rW50036e879951: Update GpgOL to 2.5.1 (authored by aheinecke).

Update GpgOL to 2.5.1

Wed, Dec 1, 10:50 AM

aheinecke committed rW04ecbba4992f: Switch libpng download server (authored by aheinecke).

Switch libpng download server

Wed, Dec 1, 10:50 AM

aheinecke committed rW564071ef2758: Download the last used variant (authored by aheinecke).

Download the last used variant

Wed, Dec 1, 10:50 AM

aheinecke committed rDfab5228a0f66: swdb: Released gpgol-2.5.1 (authored by aheinecke).

swdb: Released gpgol-2.5.1

Wed, Dec 1, 9:55 AM

gniibe added a comment to T5512: Implement service indicators.

Also, applied the part 2, improving basic.c.

Wed, Dec 1, 6:46 AM · Feature Request, FIPS, libgcrypt

gniibe committed rCbff9ed54285b: tests: Fix basic.c to show useful information on error. (authored by gniibe).

tests: Fix basic.c to show useful information on error.

Wed, Dec 1, 6:45 AM

gniibe committed rCc8d2b0069e3c: tests: Improve error checking in regards to FIPS (authored by Jakuje).

tests: Improve error checking in regards to FIPS

Wed, Dec 1, 6:45 AM

gniibe committed rC23a58b779e31: Disable 3DES in FIPS mode (authored by Jakuje).

Disable 3DES in FIPS mode

Wed, Dec 1, 6:19 AM

gniibe added a comment to T5512: Implement service indicators.

Applied the part 3, the 3DES is no-FIPS patch.

Wed, Dec 1, 6:19 AM · Feature Request, FIPS, libgcrypt

Tue, Nov 30

Nicolás Alvarez <nicolas.alvarez@gmail.com> committed rKLEOPATRA196e627e841f: Enable new GitLab CI on stable branch. (authored by Nicolás Alvarez <nicolas.alvarez@gmail.com>).

Enable new GitLab CI on stable branch.

Tue, Nov 30, 7:43 PM

Nicolás Alvarez <nicolas.alvarez@gmail.com> committed rLIBKLEOc1d732834740: Enable new GitLab CI on stable branch. (authored by Nicolás Alvarez <nicolas.alvarez@gmail.com>).

Enable new GitLab CI on stable branch.

Tue, Nov 30, 7:35 PM

aheinecke added a comment to T5708: Kleopatra: Configure expiration date default in config.

Quick gen key is only used for the keygen in GpgOL and KMail. Kleopatra itself uses the old batch generate interface.

Tue, Nov 30, 2:59 PM · kleopatra, g10code, Restricted Project

gniibe moved T5512: Implement service indicators from Backlog to Next on the FIPS board.

Tue, Nov 30, 11:06 AM · Feature Request, FIPS, libgcrypt

gniibe committed rC3d38968f4b75: Implement explicit FIPS indicators for cipher modes (authored by Jakuje).

Implement explicit FIPS indicators for cipher modes

Tue, Nov 30, 11:00 AM

gniibe renamed T5706: libgcrypt: random: Remove the feature getting randomness from random daemon from libgcrypt: random: Remove access to random daemon to libgcrypt: random: Remove the feature getting randomness from random daemon.

Tue, Nov 30, 10:57 AM · libgcrypt

gniibe added a comment to T5512: Implement service indicators.

Applied the part 4, the indicator patch.

Tue, Nov 30, 10:54 AM · Feature Request, FIPS, libgcrypt

gniibe added a project to T5692: New entropy gatherer using the genentropy system call.: Testing.

Tue, Nov 30, 10:49 AM · Testing, libgcrypt, FIPS

gniibe closed T5433: libgcrypt: Do not use SHA1 by default as Wontfix.

The change for pubkey-util.c is not needed any more, because

T5665 handles new functions rejects use of SHA-1 as approved signature.
pubkey-util.c is used by gcry_pk_sign and gcry_pk_verify.

Tue, Nov 30, 10:48 AM · FIPS, libgcrypt, Bug Report

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

Thank you for the info.

Tue, Nov 30, 10:35 AM · MacOS, pinentry, Bug Report

werner added a comment to T5708: Kleopatra: Configure expiration date default in config.

--quick-gen-key supports this but there is no general option; the 2 years are hard coded.

Tue, Nov 30, 10:05 AM · kleopatra, g10code, Restricted Project

aheinecke triaged T5708: Kleopatra: Configure expiration date default in config as Normal priority.

Tue, Nov 30, 8:55 AM · kleopatra, g10code, Restricted Project

aheinecke triaged T5707: Kleopatra: Evaluate registry settings as Normal priority.

Tue, Nov 30, 8:52 AM · gpg4win, kleopatra

pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.

I ran DYLD_PRINT_LIBRARIES=1 DYLD_PRINT_LIBRARIES_POST_LAUNCH=1 DYLD_PRINT_RPATHS=1 pinentry-curses and see libncurses.5.4 (full output below).

Tue, Nov 30, 8:45 AM · MacOS, pinentry, Bug Report

gniibe triaged T5706: libgcrypt: random: Remove the feature getting randomness from random daemon as Normal priority.

Tue, Nov 30, 5:11 AM · libgcrypt

gniibe requested review of D544: Deprecation of random daemon part 1 (remove use of random daemon).

Tue, Nov 30, 5:09 AM · libgcrypt

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

Is there some other command I should run to check which curses it's using? I see there's a --debug flag but I'm not sure how to use it.

Tue, Nov 30, 3:57 AM · MacOS, pinentry, Bug Report

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

I think that either of following might be true:
(1) macOS has older ncurses (which doesn't support ioctl well, to get columns/lines info) in system
(2) macOS has BSD curses (with no suport for ioctl)

Tue, Nov 30, 3:53 AM · MacOS, pinentry, Bug Report

pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.

I installed it with brew and didn't provide any special options. This is one of the new M1 macs though, so perhaps there is some platform check deep in the install that is getting confused?

Tue, Nov 30, 3:40 AM · MacOS, pinentry, Bug Report

gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.

Thank you for the information. So, you don't have these environment variables set.

Tue, Nov 30, 2:36 AM · MacOS, pinentry, Bug Report

pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.

printenv COLUMNS LINES shows no output, however if I echo $COLUMNS $LINES I see 160 48 both before and after the password prompt.

Tue, Nov 30, 2:29 AM · MacOS, pinentry, Bug Report

gniibe added a project to T5693: GPG sign in corrupts larger terminal sizing: MacOS.

Curses application (of pinentry) get information of screen size by: