Page MenuHome GnuPG
Feed All Stories

Today

gniibe committed rPa87d9e8f89f9: core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake. (authored by Jakuje).
core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake.
Wed, Apr 14, 12:37 PM
Jakuje created T5395: libksba coverity static analysis reports.
Wed, Apr 14, 10:46 AM · libksba, Bug Report
gniibe closed T5384: pinentry coverity static analysis reports as Resolved.

Applied and pushed.

Wed, Apr 14, 8:58 AM · pinentry, Bug Report
l10n daemon script <scripty@kde.org> committed rLIBKLEO1a2b5b3ff2e1: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Wed, Apr 14, 3:15 AM
gniibe added a comment to T5393: gnupg coverity static analysis reports.

@werner No problem. Just go ahead.

Wed, Apr 14, 1:45 AM · gnupg (gpg23), Bug Report

Yesterday

midipix updated midipix.
Tue, Apr 13, 9:27 PM
midipix added a comment to T5394: scute: Build failure with slibtool.

Regarding slibtool: I would actually like to have an easier to maintain tool than libtool (of which we use our own version) for GnuPG related software. However, its requirement "the compiler should support -std=c99" is currently a no-starter for libgcrypt and some other libs.

Tue, Apr 13, 9:13 PM · toolchain, Feature Request, scute
Jakuje added a comment to T5393: gnupg coverity static analysis reports.

Regarding the identical branches thing: This is on purpose. The function works closely together with another one which will then BUG() out. @Jakuje: If you know some meta comment to attribute this, please let me know.

Tue, Apr 13, 9:05 PM · gnupg (gpg23), Bug Report
werner added a comment to T5393: gnupg coverity static analysis reports.

Regarding the identical branches thing: This is on purpose. The function works closely together with another one which will then BUG() out. @Jakuje: If you know some meta comment to attribute this, please let me know.

Tue, Apr 13, 7:11 PM · gnupg (gpg23), Bug Report
werner added a comment to T5393: gnupg coverity static analysis reports.

@gniibe: If you don't mind I would like to steal task this from you. I have noticed a few things which could get a little code refresh in addition to the fixes.

Tue, Apr 13, 6:57 PM · gnupg (gpg23), Bug Report
Jakuje added a comment to T5393: gnupg coverity static analysis reports.

There is couple of issues that I did not want to propose a patch for, but might require some attention:

Error: IDENTICAL_BRANCHES (CWE-398): [#def28] [important]
gnupg-2.3.0/common/tlv-builder.c:353: identical_branches: The same code is executed regardless of whether "tag < 31" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
#  351|     (void)constructed;  /* Not used, but passed for uniformity of such calls.  */
#  352|   
#  353|->   if (tag < 0x1f)
#  354|       {
#  355|         buflen++;

There are also couple of reports about the function default_homedir(), which is supposed to return const char * but in reality, it sometimes allocates memory while callers do not expect it so they do not free:

Error: RESOURCE_LEAK (CWE-772): [#def11]
gnupg-2.2.27/common/homedir.c:477: alloc_fn: Storage is returned from allocation function "default_homedir".
gnupg-2.2.27/common/homedir.c:477: var_assign: Assigning: "newdir" = storage returned from "default_homedir()".
gnupg-2.2.27/common/homedir.c:488: noescape: Resource "newdir" is not freed or pointed-to in "make_absfilename".
gnupg-2.2.27/common/homedir.c:490: leaked_storage: Returning without freeing "newdir" leaks the storage that it points to.
#  488|     the_gnupg_homedir = make_absfilename (newdir, NULL);;
#  489|     xfree (tmp);
#  490|-> }
#  491|   
#  492|
Tue, Apr 13, 6:47 PM · gnupg (gpg23), Bug Report
werner added a comment to T4884: PKCS #15 support in gpgsm.

The PKCS#15 support has meanwhile received a major update. Thus we need to test with the other cards again. If there is something special for to do for a certain task, a new subtask should be created.

Tue, Apr 13, 6:43 PM · scd, S/MIME
werner added a subtask for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Tue, Apr 13, 6:41 PM · scd, S/MIME
werner removed a parent task for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Tue, Apr 13, 6:41 PM · scd, S/MIME
werner added a parent task for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Tue, Apr 13, 6:40 PM · scd, S/MIME
ikloecker moved T5388: Kleopatra: Search shows all results as uncertified from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Apr 13, 4:07 PM · kleopatra, Restricted Project
ikloecker changed the status of T5388: Kleopatra: Search shows all results as uncertified from Open to Testing.

Should be done

Tue, Apr 13, 4:07 PM · kleopatra, Restricted Project
ikloecker moved T5388: Kleopatra: Search shows all results as uncertified from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Apr 13, 4:05 PM · kleopatra, Restricted Project
ikloecker committed rKLEOPATRAa6e582f2f075: Only show key filters with Filtering match context in filter drop down (authored by ikloecker).
Only show key filters with Filtering match context in filter drop down
Tue, Apr 13, 3:50 PM
ikloecker committed rKLEOPATRA79288cafa208: Sort the filters in the drop down menu alphabetically (authored by ikloecker).
Sort the filters in the drop down menu alphabetically
Tue, Apr 13, 3:49 PM
Jakuje added a comment to T5393: gnupg coverity static analysis reports.

Thank you. The initial run was against olderer version of gnupg (and had one issue in g10/keyedit.c -- see the new patch with fixup). Now I ran it against the version 2.3 and there are couple of more issues to be fixed (rebased on top of already applied changes and the previous commits).

Tue, Apr 13, 3:44 PM · gnupg (gpg23), Bug Report
werner closed T5387: Accept key signatures from LDAP servers as Resolved.

Done for 2.2. and 2.3.

Tue, Apr 13, 2:56 PM · Feature Request, gnupg (gpg22)
werner committed rG1303b0ed84da: gpg: Do not use self-sigs-only for LDAP keyserver imports. (authored by werner).
gpg: Do not use self-sigs-only for LDAP keyserver imports.
Tue, Apr 13, 2:51 PM
werner committed rG6c26e593df51: gpg: Do not use self-sigs-only for LDAP keyserver imports. (authored by werner).
gpg: Do not use self-sigs-only for LDAP keyserver imports.
Tue, Apr 13, 2:47 PM
ikloecker committed rLIBKLEObd773449398e: Remove obsolete appearanceFilters (authored by ikloecker).
Remove obsolete appearanceFilters
Tue, Apr 13, 2:11 PM
ikloecker committed rLIBKLEOe72bcabff29d: Allow retrieval of match contexts from key filter model (authored by ikloecker).
Allow retrieval of match contexts from key filter model
Tue, Apr 13, 2:11 PM
ikloecker committed rLIBKLEOb7bdf555473f: Bump library version (authored by ikloecker).
Bump library version
Tue, Apr 13, 2:11 PM
ikloecker committed rLIBKLEO2cc77323cb85: Add appearance filters for expired/revoked, not VS-NfD compliant keys (authored by ikloecker).
Add appearance filters for expired/revoked, not VS-NfD compliant keys
Tue, Apr 13, 2:11 PM
ikloecker committed rLIBKLEOeed96dfb810d: Make filters for expired/revoked keys match non-validated keys (authored by ikloecker).
Make filters for expired/revoked keys match non-validated keys
Tue, Apr 13, 2:11 PM
xandox added a comment to T5380: Tools needed during a build lack of CFLAGS was passed durring configure time.

Ok.
But`CFLAGS_FOR_BUILD` not mentioned in build rule for mkheader

Tue, Apr 13, 1:15 PM · MacOS, Bug Report
ikloecker added a comment to T5217: Kleopatra: Adapt to config changes in GnuPG master.
Tue, Apr 13, 11:07 AM · Restricted Project, kleopatra
ikloecker closed T5217: Kleopatra: Adapt to config changes in GnuPG master as Resolved.

Applying changes is fixed.

Tue, Apr 13, 11:05 AM · Restricted Project, kleopatra
ikloecker committed rKLEOPATRAda6b8b9f6ac0: Read/write integer config entries depending on their signedness (authored by ikloecker).
Read/write integer config entries depending on their signedness
Tue, Apr 13, 11:03 AM
ikloecker reopened T5217: Kleopatra: Adapt to config changes in GnuPG master as "Open".

Reopening because at least a debug build of Kleopatra crashes with an assertion when applying changes.

Tue, Apr 13, 10:56 AM · Restricted Project, kleopatra
aheinecke added a comment to T4717: Kleopatra: Changing expiry does not change expiry for subkeys.

Yes I agree it makes sense to have this as an explicit setting to cover both use cases.

Tue, Apr 13, 10:23 AM · kleopatra, gpg4win
ikloecker added a comment to T4717: Kleopatra: Changing expiry does not change expiry for subkeys.

This really depends on the use case. Some people want to extend the lifetime of their whole key. Others explicitly use a long-lived primary key with short lived subkeys. A possible heuristic for the default behavior to propose to the user would be to check whether the current expiry dates of primary key and subkeys are the same or not. The user could still change this proposed default in the dialog that's anyway shown for the new expiry date.

Tue, Apr 13, 9:58 AM · kleopatra, gpg4win
aheinecke added a comment to T5336: Kleopatra: Add expiry for certifications in certify dialog.

Yes the other one was a duplicate, somehow my search didnt find this and I thought I had forgotten to open the issue.

Tue, Apr 13, 9:47 AM · kleopatra, Restricted Project
aheinecke merged T5392: Kleopatra: Expiry date for certifications into T5336: Kleopatra: Add expiry for certifications in certify dialog.
Tue, Apr 13, 9:47 AM · kleopatra, Restricted Project
aheinecke merged task T5392: Kleopatra: Expiry date for certifications into T5336: Kleopatra: Add expiry for certifications in certify dialog.
Tue, Apr 13, 9:47 AM · kleopatra, Restricted Project
werner triaged T5394: scute: Build failure with slibtool as Normal priority.
Tue, Apr 13, 8:13 AM · toolchain, Feature Request, scute
gniibe closed T3416: gpg should select available signing key on card (even with -u option) as Resolved.

Done in 2.3.0.

Tue, Apr 13, 8:07 AM · Testing, Feature Request, gnupg
gniibe closed T3416: gpg should select available signing key on card (even with -u option), a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
Tue, Apr 13, 8:07 AM · Testing, Feature Request, gnupg
gniibe closed T4695: Remove SERIALNO as an identifier to select keys, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
Tue, Apr 13, 8:06 AM · Testing, Feature Request, gnupg
gniibe closed T4695: Remove SERIALNO as an identifier to select keys as Resolved.

Done in 2.3.0.

Tue, Apr 13, 8:06 AM · Testing, Feature Request, gnupg
gniibe closed T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)) as Resolved.

Done in 2.3.

Tue, Apr 13, 8:05 AM · Testing, Feature Request, gnupg
gniibe committed rGa16f726f9404: common: Fix memory leaks. (authored by Jakuje).
common: Fix memory leaks.
Tue, Apr 13, 8:02 AM
gniibe committed rG7cbe29c4fb4f: scd: Fix memory leaks. (authored by Jakuje).
scd: Fix memory leaks.
Tue, Apr 13, 8:02 AM
gniibe committed rG51bbd99a3c9b: kbx: Fix memory leak. (authored by Jakuje).
kbx: Fix memory leak.
Tue, Apr 13, 8:02 AM
gniibe committed rG4c8be54cc430: tools: Fix memory leaks. (authored by Jakuje).
tools: Fix memory leaks.
Tue, Apr 13, 8:02 AM
gniibe added a comment to T5393: gnupg coverity static analysis reports.

Thank you.

Tue, Apr 13, 8:02 AM · gnupg (gpg23), Bug Report
gniibe claimed T5393: gnupg coverity static analysis reports.
Tue, Apr 13, 7:12 AM · gnupg (gpg23), Bug Report
gniibe closed T5389: gnupg 2.3 missing libassuan include directory in CFLAGS for several targets as Resolved.

Thank you. Applied and pushed.

Tue, Apr 13, 6:59 AM · gnupg (gpg23), Bug Report
gniibe committed rGcd66b2eb0d34: agent,kbx: Add LIBASSUAN_CLFAGS. (authored by Jakuje).
agent,kbx: Add LIBASSUAN_CLFAGS.
Tue, Apr 13, 6:58 AM
saurik added a comment to T5375: getentropy usage is forbidden by Apple, but is now being forced by libgcrypt.

I'm sorry I disappeared on this issue for two weeks; I just got reminded of it by seeing the e-mail with the status change. I've updated to the latest gcrypt (which is the commit with the patch, now pushed to the repository) and was able to upload this to Apple without it being flagged; thanks!

Tue, Apr 13, 4:49 AM · MacOS, libgcrypt
gniibe committed rC9c42db0b379c: api: Avoid use of C99 feature. (authored by gniibe).
api: Avoid use of C99 feature.
Tue, Apr 13, 4:00 AM
gniibe changed the status of T5372: assertion failure mulm_25519: different sizes in Libgrypt 1.9 from Open to Testing.
Tue, Apr 13, 3:16 AM · !assert, Bug Report, libgcrypt
gniibe changed the status of T5375: getentropy usage is forbidden by Apple, but is now being forced by libgcrypt from Open to Testing.
Tue, Apr 13, 3:16 AM · MacOS, libgcrypt
gniibe committed rC0007f889bda8: random: Fix for iOS. (authored by gniibe).
random: Fix for iOS.
Tue, Apr 13, 3:15 AM
gniibe committed rCe8b7f10be275: cipher: Hardening ElGamal by introducing exponent blinding too. (authored by gniibe).
cipher: Hardening ElGamal by introducing exponent blinding too.
Tue, Apr 13, 3:15 AM
gniibe claimed T5384: pinentry coverity static analysis reports.

Thank you. I'll take care of this.

Tue, Apr 13, 3:01 AM · pinentry, Bug Report
orbea added a comment to T5394: scute: Build failure with slibtool.

Regarding your patch, I am personally not opposed to it, but apparently Debian’s policy says the library/module should be called scute while Gentoo’s policy says it should be called libscute… What should an upstream developer do?

Tue, Apr 13, 1:49 AM · toolchain, Feature Request, scute

Mon, Apr 12

werner added a comment to T5394: scute: Build failure with slibtool.

Regarding slibtool: I would actually like to have an easier to maintain tool than libtool (of which we use our own version) for GnuPG related software. However, its requirement "the compiler should support -std=c99" is currently a no-starter for libgcrypt and some other libs.

Mon, Apr 12, 11:25 PM · toolchain, Feature Request, scute
gouttegd added a project to T5394: scute: Build failure with slibtool: scute.
Mon, Apr 12, 10:59 PM · toolchain, Feature Request, scute
gouttegd added a comment to T5394: scute: Build failure with slibtool.

The built file is called scute instead of libscute because it is considered to be a *module*, not a *library*. That’s apparently a Debian thing, see commit dc2211179ea7f63434d726eefbc425390c4c6427.

Mon, Apr 12, 10:57 PM · toolchain, Feature Request, scute
ikloecker added a comment to T5392: Kleopatra: Expiry date for certifications.

Isn't this a duplicate of T5336: Kleopatra: Add expiry for certifications in certify dialog?

Mon, Apr 12, 10:40 PM · kleopatra, Restricted Project
jukivili committed rC9bc3d8de6e2a: mpi: harden add_n_cond, sub_n_cond and abs_cond against EM leakage (authored by jukivili).
mpi: harden add_n_cond, sub_n_cond and abs_cond against EM leakage
Mon, Apr 12, 7:40 PM
jukivili committed rCc7c25b6e6e6b: mpi: harden set_cond functions against EM leakage (authored by jukivili).
mpi: harden set_cond functions against EM leakage
Mon, Apr 12, 7:40 PM
jukivili committed rC1266f5bb02b7: mpi: harden swap_cond functions against EM leakage (authored by jukivili).
mpi: harden swap_cond functions against EM leakage
Mon, Apr 12, 7:40 PM
Jakuje added a comment to T5389: gnupg 2.3 missing libassuan include directory in CFLAGS for several targets.

(FYI I did not notice any other errors with 2.3 so far)

Mon, Apr 12, 6:25 PM · gnupg (gpg23), Bug Report
orbea added a project to T5394: scute: Build failure with slibtool: patch.
Mon, Apr 12, 6:23 PM · toolchain, Feature Request, scute
ikloecker committed rLIBKLEO2b66c42015d0: Restrict the coloring of (Not) VS-NfD Compliant keys to validated keys (authored by ikloecker).
Restrict the coloring of (Not) VS-NfD Compliant keys to validated keys
Mon, Apr 12, 6:10 PM
ikloecker committed rLIBKLEO945702599996: Improve validity info of keys that have not been validated (authored by ikloecker).
Improve validity info of keys that have not been validated
Mon, Apr 12, 6:10 PM
ikloecker committed rKLEOPATRA060bcf140d5b: Save and restore layout of key list is lookup dialog (authored by ikloecker).
Save and restore layout of key list is lookup dialog
Mon, Apr 12, 6:10 PM
orbea added a comment to T5394: scute: Build failure with slibtool.

This is a patch that fixes the build, I am not sure why -module is not used when HAVE_DARWIN_SYSTEM is defined, but I preserved that behavior. If its not intentional it could be added directly to libscute_la_LDFLAGS instead.

Mon, Apr 12, 6:07 PM · toolchain, Feature Request, scute
orbea created T5394: scute: Build failure with slibtool.
Mon, Apr 12, 6:05 PM · toolchain, Feature Request, scute
Jakuje created T5393: gnupg coverity static analysis reports.
Mon, Apr 12, 5:59 PM · gnupg (gpg23), Bug Report
werner committed rGd984de172c29: gpg: Minor restructuring of a function. (authored by werner).
gpg: Minor restructuring of a function.
Mon, Apr 12, 5:50 PM
werner committed rGecb9265b8dc0: scd:p15: Match private keys with certificates also by labels. (authored by werner).
scd:p15: Match private keys with certificates also by labels.
Mon, Apr 12, 5:50 PM
werner closed T5391: Website FAQ missing charset as Wontfix.

No Apache - No Default charset per suffix. The version for browsers is the HTML version.

Mon, Apr 12, 5:43 PM · gpgweb, FAQ
aheinecke triaged T5392: Kleopatra: Expiry date for certifications as Wishlist priority.
Mon, Apr 12, 2:49 PM · kleopatra, Restricted Project
aheinecke closed T3498: GPG: Batch keygen has no default expiry date as Resolved.

This was changed in kleopatra some time ago to also generate keys with 2y expiry. So the motivation for this issue is gone.

Mon, Apr 12, 2:44 PM · gnupg
aheinecke raised the priority of T5245: Kleopatra: Add support for trust signatures / trusted introducer from Wishlist to High.

Hi Ingo, If you run out of work you can do this next. Its already something that I'm showing during product presentations and a workflow I would like to recommend.

Mon, Apr 12, 2:43 PM · kleopatra, Restricted Project
aheinecke changed the status of T4717: Kleopatra: Changing expiry does not change expiry for subkeys from Testing to Open.

I noticed when testing the surprising behavior that when I changed the expiry on the primary key (tested with a smartcard) it did not change the explriy on the subkey. I think in the past it must have been different that the subkey did not get the expiry by default.

Mon, Apr 12, 2:40 PM · kleopatra, gpg4win
aheinecke added a comment to T5388: Kleopatra: Search shows all results as uncertified.

Thanks I talked to werner and agree that this is something to work on next. As we are pushing for more LDAP servers used internally which will use the common search and not the WKD discovery mechanisms.

Mon, Apr 12, 2:37 PM · kleopatra, Restricted Project
ikloecker triaged T5388: Kleopatra: Search shows all results as uncertified as High priority.
Mon, Apr 12, 2:16 PM · kleopatra, Restricted Project
gniibe closed T4888: GpgSM: Support ECC key generation by gpgsm_genkey, a subtask of T4098: GpgSM: Add ECC support, as Resolved.
Mon, Apr 12, 12:21 PM · gnupg (gpg23), Feature Request, S/MIME
gniibe closed T4888: GpgSM: Support ECC key generation by gpgsm_genkey as Resolved.
Mon, Apr 12, 12:21 PM · Testing, Feature Request, S/MIME
ikloecker committed rLIBKLEO122281c18034: Set correct filter for encryption key selection (authored by ikloecker).
Set correct filter for encryption key selection
Mon, Apr 12, 11:41 AM
ikloecker committed rKLEOPATRA89a7fd9ddebf: Do not rely on other headers to include <memory> for us (authored by ikloecker).
Do not rely on other headers to include <memory> for us
Mon, Apr 12, 11:11 AM
werner is attending E857: Weekly Standup.
Mon, Apr 12, 8:44 AM
gniibe claimed T5380: Tools needed during a build lack of CFLAGS was passed durring configure time.
Mon, Apr 12, 7:51 AM · MacOS, Bug Report
gniibe claimed T5389: gnupg 2.3 missing libassuan include directory in CFLAGS for several targets.
Mon, Apr 12, 7:05 AM · gnupg (gpg23), Bug Report
gniibe added a comment to E857: Weekly Standup.

Topics:

  • (told by cb and others) My release key has been expired
    • I'd like to make Ed25519 release key
      • I wonder about WKD availability and a key with no email address
Mon, Apr 12, 6:26 AM
gniibe changed the status of T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection from Open to Testing.
Mon, Apr 12, 6:13 AM · Testing, MacOS, gpgrt, Cross-Compiler, libgcrypt
gniibe is attending E857: Weekly Standup.
Mon, Apr 12, 6:09 AM
gniibe closed T5381: libgpg-error coverity static analysis reports as Resolved.

Thank you for your publishing your key of CB6BE1D0D7D1594A.
I applied and pushed your changes.

Mon, Apr 12, 6:08 AM · gpgrt, Bug Report
gniibe committed rEad062b0a5b7d: build,tests: Fix leaks of memory or file pointer. (authored by Jakuje).
build,tests: Fix leaks of memory or file pointer.
Mon, Apr 12, 6:08 AM
gniibe committed rG304c2e0202dd: doc: Register DCO for Jakub Jelen. (authored by gniibe).
doc: Register DCO for Jakub Jelen.
Mon, Apr 12, 5:57 AM
Angel added a comment to T5367: PDF signed with --clearsign has image distorted..

The surprising thing is that it works at all. I wouldn't be surprised if certain would simply reject it as "not a pdf" given that the "%PDF-1.x" marker isn't at the beginning.

Mon, Apr 12, 2:40 AM · Not A Bug, FAQ
Angel created T5391: Website FAQ missing charset.
Mon, Apr 12, 2:14 AM · gpgweb, FAQ