Feed All Stories

Today

gniibe added a comment to T4243: Test failure in libgcrypt-1.8.4.

Perhaps, it's better to remove -no-install flag in tests/Makefile.am, so that test programs will be wrapper script by libtool.

Mon, Dec 17, 12:43 PM · Tests, libgcrypt, Bug Report
werner reinstated E422: Weekly Standup.
Mon, Dec 17, 11:28 AM
werner reinstated E418: Weekly Standup.
Mon, Dec 17, 11:28 AM
werner reinstated E423: Weekly Standup.
Mon, Dec 17, 11:28 AM
werner cancelled E418: Weekly Standup.
Mon, Dec 17, 11:27 AM
werner set E418: Weekly Standup to repeat weekly.
Mon, Dec 17, 11:27 AM
werner created E418: Weekly Standup.
Mon, Dec 17, 11:26 AM
werner cancelled E416: Weekly Standup.
Mon, Dec 17, 11:23 AM
aheinecke assigned T3724: Gpg-Agent asks twice for passphrase for key without passphrase to werner.

Asked to raise the priority on this. The quality bar issue is T2103

Mon, Dec 17, 11:19 AM · gpgagent
aheinecke is attending E415: Weekly Standup.
Mon, Dec 17, 11:00 AM
gniibe added a comment to T4280: gnupg doc doesn't build due to ImageMagick default policy.

It seems it's Ubuntu specific: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563

Mon, Dec 17, 10:57 AM · gnupg, Documentation, Info Needed, Bug Report
werner is attending E415: Weekly Standup.
Mon, Dec 17, 10:27 AM
werner added a comment to E415: Weekly Standup.

Last week:

  • GnuPG 2.2.12 released
  • Meeting with RK for the Verein
Mon, Dec 17, 10:24 AM
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

I had to look it up in the code and man page too ;-)

Mon, Dec 17, 10:22 AM · S/MIME
shandra added a member for Windows: Angel.
Mon, Dec 17, 10:12 AM
werner added subtasks for T4294: Release Libgcrypt 1.9.0: T4293: Add dedicated X25519 function to Libcgrypt , T4068: libgcrypt 1.8.3 make check errors, T4243: Test failure in libgcrypt-1.8.4, T1303: Please support GCRYSEXP_FMT_BASE64, T4274: Fail selftests when checksum file is missing in FIPS mode only.
Mon, Dec 17, 10:11 AM · Release Info, libgcrypt
werner added a parent task for T1303: Please support GCRYSEXP_FMT_BASE64: T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:11 AM · Feature Request, libgcrypt
werner added a parent task for T4243: Test failure in libgcrypt-1.8.4: T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:11 AM · Tests, libgcrypt, Bug Report
werner added a parent task for T4068: libgcrypt 1.8.3 make check errors: T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:11 AM · Documentation, libgcrypt
werner added a parent task for T4274: Fail selftests when checksum file is missing in FIPS mode only: T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:11 AM · libgcrypt, Bug Report
werner added a parent task for T4293: Add dedicated X25519 function to Libcgrypt : T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:11 AM · libgcrypt
werner added projects to T4294: Release Libgcrypt 1.9.0: libgcrypt, Release Info.
Mon, Dec 17, 10:10 AM · Release Info, libgcrypt
werner created T4294: Release Libgcrypt 1.9.0.
Mon, Dec 17, 10:09 AM · Release Info, libgcrypt
shandra added a watcher for Windows: shandra.
Mon, Dec 17, 10:09 AM
werner renamed T4293: Add dedicated X25519 function to Libcgrypt from Add dedicated X25519 fucntion to Libcgrypt to Add dedicated X25519 function to Libcgrypt .
Mon, Dec 17, 10:07 AM · libgcrypt
werner closed T3223: gcry_mpi_ec_mul with Montgomery curves produces segfault as Resolved.

See T4293

Mon, Dec 17, 10:07 AM · libgcrypt, Bug Report
werner created T4293: Add dedicated X25519 function to Libcgrypt .
Mon, Dec 17, 10:06 AM · libgcrypt
werner closed T3731: gcry_pk_genkey() segfaults for ecdsa 384 as Resolved.

With GCRYCTL_AUTO_EXPAND_SECMEM we won't anymore run out of secure memory. This has even silent been backported to 1.8.x (using the numerical value of that constant) and is for long an option of gpg-agent. Thus closing.

Mon, Dec 17, 10:01 AM · libgcrypt, Bug Report
werner closed T3982: libgcrypt.m4 is not multilib friendly as Resolved.

Closing, given that we implemented a general solution; see the parent task.

Mon, Dec 17, 9:57 AM · libgcrypt, Bug Report
werner closed T3982: libgcrypt.m4 is not multilib friendly, a subtask of T4217: {libksba,libgcrypt,ntbtls,libassuan,npth}.m4, {libksba,libgcrypt,ntbtls,libassuan}-config script and gpg-error-config, as Resolved.
Mon, Dec 17, 9:57 AM · npth, libassuan, ntbtls, libgcrypt, libksba
werner closed T3737: libgcrypt's gcry_kdf_scrypt has incorrectly set N and P values as Invalid.

I have seen no responses on your two mails to the ML and given th athere is no concrete protocol bug, I close this issue. If you can show a concrete bug please re-open this issue again.

Mon, Dec 17, 9:55 AM · libgcrypt, Bug Report
werner added a comment to D472: Limit active connections for gpg-agent.

I don't think that this is a good solution for a problem we could solve much easier but fear to do that due to kind of crypto politics.

Mon, Dec 17, 9:49 AM
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Good to know. I thought that ocsp-signer was only used if ocsp-responder is explitly set. I've suggested the workaround in the Message Board.

Mon, Dec 17, 9:48 AM · S/MIME
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Is using

Mon, Dec 17, 9:44 AM · S/MIME
gniibe claimed T4225: Gpg4win - Yubikey failure after generating an OTP.

I think that all that we can do is to improve documentation.

Mon, Dec 17, 9:33 AM · Documentation, Bug Report
gniibe added a comment to T4243: Test failure in libgcrypt-1.8.4.

Apparently, it's an error from your installed /usr/local/opt/libgpg-error/lib/libgpg-error.0.dylib (you have some configuration to prefer this library), while your configure is for /usr/local/lib (because you specify no --prefix).

Mon, Dec 17, 9:31 AM · Tests, libgcrypt, Bug Report
gniibe edited projects for T4273: agent: Request insertion of smartcard when no card present, added: Info Needed; removed Feature Request.

Please let us know the version of GnuPG, the output of gpg --card-status when inserted, and how gpg is not working well, etc.

Mon, Dec 17, 9:22 AM · Info Needed, Windows, gpgagent
gniibe claimed T4273: agent: Request insertion of smartcard when no card present.

How scdaemon responds when there is no card available?

Mon, Dec 17, 9:09 AM · Info Needed, Windows, gpgagent
aheinecke created T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.
Mon, Dec 17, 8:44 AM · S/MIME
aheinecke closed T4291: Bug from Kleopatra as Invalid.

that error means that the message was somehow corrupted during transfer. Are you maybe using ftp in text mode on a binary message for example?
You could ask your communication partner to send you messages in text (ASCII Armor) mode which is more robust.
In Kleopatra you can change that in Settings -> Configure Kleopatra -> Crypto Operations -> Create signed or encrypted files as text files.
On the command line you need to add "--armor" option.

Mon, Dec 17, 8:37 AM · Bug Report, gpg4win
aheinecke added a comment to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows.

In Wald someone reports that this also appears to happen when decrypting. https://wald.intevation.org/forum/message.php?msg_id=6377 Probably run-threaded will help to flush this out.

Mon, Dec 17, 8:33 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win
aheinecke added a comment to T4116: Kleopatra: Hang in gpgconf_read on posix with GPGME_DEBUG=9.

Even with the logging changes this still happens. I just retested it. Can't run Kleopatra on Linux with GPGME_DEBUG=9.

Mon, Dec 17, 8:29 AM · kleopatra, gpgme
Laurent Montel <montel@kde.org> committed rKLEOPATRAe3a467d6221d: Remove QT_CHECK (authored by Laurent Montel <montel@kde.org>).
Remove QT_CHECK
Mon, Dec 17, 8:13 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRA6a4d47620211: GIT_SILENT: Increase Qt to Qt5.10.0 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Increase Qt to Qt5.10.0
Mon, Dec 17, 7:05 AM
gniibe added a comment to E415: Weekly Standup.

Last week:

Mon, Dec 17, 5:38 AM
gniibe is attending E415: Weekly Standup.
Mon, Dec 17, 5:21 AM
gniibe added a comment to T4288: Add getrandom support for the BSDs.

In FreeBSD, getrandom(3) became available, when getrandom(2) was added. <-- This is my theory.
If this is true, just use getrandom(3), not using getrandom(2) by syscall.

Mon, Dec 17, 5:20 AM · libgcrypt
gniibe added a comment to T4255: gpg-agent: "<gcrypt> Cannot allocate memory" with 10 threads decrypting OpenPGP.

It became common, because many people now use larger keys.
For RSA-4096, three simultaneous connections for decryption may cause the failure.
In the experimental patch of D472: Limit active connections for gpg-agent, I limit two connections.

Mon, Dec 17, 5:08 AM · gnupg, gpgagent
gniibe updated the diff for D472: Limit active connections for gpg-agent.

increment the counter is better done by the looping main thread.

Mon, Dec 17, 3:54 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAb2f944f32fa6: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Mon, Dec 17, 3:14 AM
gniibe added a comment to D472: Limit active connections for gpg-agent.

This is an experimental patch. So, I just reuse SIGUSR1 to wake up "select"-ing thread by kill(2).
I put limit-active-connections 2 in gpg-agent.conf for the test with run-threaded of gpgme.

Mon, Dec 17, 2:48 AM
gniibe created D472: Limit active connections for gpg-agent.
Mon, Dec 17, 2:46 AM

Yesterday

andy added a comment to T4255: gpg-agent: "<gcrypt> Cannot allocate memory" with 10 threads decrypting OpenPGP.

Agreed this looks like it should be made default behavior. This has affected many people I work with, and even with searching, this ticket never came up. I only found out about it by making a ticket myself. This issue looks like it has generated at least 3 tickets in this bug tracker, and the agent is raising memory errors during normal usage, which still smells like a bug to me.

Sun, Dec 16, 8:18 PM · gnupg, gpgagent
l10n daemon script <scripty@kde.org> committed rKLEOPATRAc78bdb11d2f0: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Sun, Dec 16, 7:36 AM
BenM committed rMfbc298dc1b0f: python: howto and examples (authored by BenM).
python: howto and examples
Sun, Dec 16, 7:16 AM
iAlpha created T4291: Bug from Kleopatra.
Sun, Dec 16, 12:46 AM · Bug Report, gpg4win

Sat, Dec 15

BenM added a comment to T3505: Port GPGME's Python bindings to Windows.

Though not directly related to our issues, this bug report on the MSYS2 site reported by their users encountering trouble with GPGME provides additional weight to irreconcilable differences between MSYS2 and GnuPG:

Sat, Dec 15, 8:18 PM · Feature Request, gpgme, Python
werner created T4290: Release GnuPG 2.1.13.
Sat, Dec 15, 4:39 PM · Release Info, gnupg (gpg22)

Fri, Dec 14

wheelerlaw edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: gnupg (gpg22); removed FAQ.
Fri, Dec 14, 7:29 PM · gnupg (gpg22), dns, dirmngr
wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.
So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.
Fri, Dec 14, 7:25 PM · gnupg (gpg22), dns, dirmngr
werner committed rDb4b0f718320c: drafts,openpgp-webkey-service: A MUST not MUST be a MUST NOT. (authored by werner).
drafts,openpgp-webkey-service: A MUST not MUST be a MUST NOT.
Fri, Dec 14, 5:42 PM
werner committed rD0eaf5090fd44: web: News about 2.2.12 (authored by werner).
web: News about 2.2.12
Fri, Dec 14, 4:05 PM
werner closed T4289: GnuPG 2.1.12 release as Resolved.
Fri, Dec 14, 4:01 PM · gnupg (gpg22), Release Info
werner closed T4289: GnuPG 2.1.12 release, a subtask of T4264: Gpg4win 3.1.6, as Resolved.
Fri, Dec 14, 4:01 PM · Release Info, gpg4win
werner committed rD2ff9531591f9: swdb: Release GnuPG 2.2.12 (authored by werner).
swdb: Release GnuPG 2.2.12
Fri, Dec 14, 3:50 PM
werner committed rG3520a7b1fcd8: Post release updates (authored by werner).
Post release updates
Fri, Dec 14, 3:46 PM
werner committed rG7d8f4ee7cf56: Release 2.2.12 (authored by werner).
Release 2.2.12
Fri, Dec 14, 3:46 PM
werner committed rG0ed37d023bae: po: Auto-update (authored by werner).
po: Auto-update
Fri, Dec 14, 3:46 PM
werner added a comment to T4159: Kleopatra fails to create new Key Pair.

The usual reasons for corruptions of binary data are FTP transfers in text mode; or opening a file with a Windows editor.

Fri, Dec 14, 2:56 PM · gnupg, Bug Report, gpg4win
werner added a comment to T4289: GnuPG 2.1.12 release.

NEWS are:

Fri, Dec 14, 1:55 PM · gnupg (gpg22), Release Info
aheinecke added a comment to T4159: Kleopatra fails to create new Key Pair.

Got another reliable report in the Wald Forum about this. https://wald.intevation.org/forum/message.php?msg_id=6371&group_id=11

Fri, Dec 14, 1:36 PM · gnupg, Bug Report, gpg4win
werner added a subtask for T4264: Gpg4win 3.1.6: T4289: GnuPG 2.1.12 release.
Fri, Dec 14, 1:30 PM · Release Info, gpg4win
werner added a parent task for T4289: GnuPG 2.1.12 release: T4264: Gpg4win 3.1.6.
Fri, Dec 14, 1:30 PM · gnupg (gpg22), Release Info
werner created T4289: GnuPG 2.1.12 release.
Fri, Dec 14, 1:29 PM · gnupg (gpg22), Release Info
aheinecke added a comment to T4118: GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling.

No I do not think so. Because that would already be currently the case. If you had a subverted Root CA of course you can attack. But we are only talking about CRL / OCSP here. A root CA that does not provide a CRL for certificate X is OK. As long as the Root CA that issued X issues a CRL for that. Well the usual CRL / OCSP denial of service is still possible but I don't see any subversion.

Fri, Dec 14, 1:28 PM · gpg4win, gpgol
werner added a comment to T4118: GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling.

Interesting idea but it does not help against attacks because all root CA are considered equal (virtually cross-signed). Thus a single not checked root CA allows to subvert all certificates.

Fri, Dec 14, 1:26 PM · gpg4win, gpgol
aheinecke added a comment to T4118: GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling.

I wonder if the best thing here might be another flag in the trustlist to disable CRL/OCSP checks for a single root certificate chain. I had such a request in the Gpg4win forums. Someone had a single unreacable CRL / OCSP and had to disable globally all checks for all other certs, too.

Fri, Dec 14, 10:52 AM · gpg4win, gpgol
werner added a project to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows: S/MIME.
Fri, Dec 14, 10:46 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win
werner committed rD18b09effc2b8: drafts,openpgp-webkey-service: Remark on 401 server responses. (authored by werner).
drafts,openpgp-webkey-service: Remark on 401 server responses.
Fri, Dec 14, 10:04 AM
werner committed rD733acdda1a44: drafts,openpgp-webkey-service: Fix flaws in the last revision. (authored by werner).
drafts,openpgp-webkey-service: Fix flaws in the last revision.
Fri, Dec 14, 10:04 AM
werner committed rG35a91f1409c3: New simplified Chinese translation (authored by Chuhao Li <lchopn@gmail.com>).
New simplified Chinese translation
Fri, Dec 14, 8:38 AM

Thu, Dec 13

BenM committed rM4308d172816f: python: examples bugfix (authored by BenM).
python: examples bugfix
Thu, Dec 13, 7:21 PM
werner committed rDa51e1d2bf99a: Add note about wildcard DNS. (authored by werner).
Add note about wildcard DNS.
Thu, Dec 13, 7:14 PM
werner created T4288: Add getrandom support for the BSDs.
Thu, Dec 13, 4:29 PM · libgcrypt
gniibe closed T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN as Resolved.
Thu, Dec 13, 3:44 PM · scd, gnupg (gpg22)
gniibe closed T3880: gpg-agent's ssh-agent does not handle flags in signing requests properly as Resolved.
Thu, Dec 13, 3:42 PM · ssh, gpgagent, Bug Report
gniibe closed T4232: gpgrt-config Gentoo/Fedora/Arch/Slackware-style multilib support as Resolved.
Thu, Dec 13, 3:38 PM · gpgrt
gniibe closed T4232: gpgrt-config Gentoo/Fedora/Arch/Slackware-style multilib support, a subtask of T4217: {libksba,libgcrypt,ntbtls,libassuan,npth}.m4, {libksba,libgcrypt,ntbtls,libassuan}-config script and gpg-error-config, as Resolved.
Thu, Dec 13, 3:38 PM · npth, libassuan, ntbtls, libgcrypt, libksba
werner committed rA1f038e94e19d: Post release updates (authored by werner).
Post release updates
Thu, Dec 13, 10:46 AM
werner committed rA86e1d17de081: Release 2.5.2 (authored by werner).
Release 2.5.2
Thu, Dec 13, 10:46 AM
kalle added a comment to T4282: info gnupg.

yes. that's why i wrote it in '['-brackets.
but usually, in info-documents a synopsis is written about it.
I think that it's not self-evident, that "you can either give a file or let the tool read from stdin or output to stdout" and therefore should be written explicitly.

Thu, Dec 13, 9:41 AM · Feature Request, Documentation
werner claimed T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix.
Thu, Dec 13, 9:38 AM · S/MIME, Feature Request, libksba
werner committed rD67dd939968ef: swdb: Release libassuan 2.5.2 (authored by werner).
swdb: Release libassuan 2.5.2
Thu, Dec 13, 9:15 AM

Wed, Dec 12

werner committed rD59a8fb52b17b: verein: Add a link to the token page. (authored by werner).
verein: Add a link to the token page.
Wed, Dec 12, 9:12 PM
werner committed rD3ab409acd60d: verein: Start a project to develop a membership gadget (authored by werner).
verein: Start a project to develop a membership gadget
Wed, Dec 12, 9:06 PM
BenM committed rM3849b60e2243: python: new example script (authored by BenM).
python: new example script
Wed, Dec 12, 6:58 PM
pmgdeb added a comment to T4274: Fail selftests when checksum file is missing in FIPS mode only.

Adding the patch here.

Wed, Dec 12, 5:30 PM · libgcrypt, Bug Report
aheinecke created T4287: GpgOL: Incompatibility with Microsoft Azure Information Protection add-in.
Wed, Dec 12, 4:08 PM · gpg4win, gpgol
BenM committed rM3ca7cf07f5d3: python: what's new summary (authored by BenM).
python: what's new summary
Wed, Dec 12, 1:20 PM
BenM committed rM64758a0dac4c: python: advanced howto example (authored by BenM).
python: advanced howto example
Wed, Dec 12, 1:07 PM