Confirmed that this issue is fixed with 2.1.8. I was able to delete the secret
key (stubs) and they were properly recreated.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Sep 29 2015
Sep 29 2015
rhertzog added a comment to T2079: gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable.
• gniibe added a comment to T2079: gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable.
Yes, I believe 2.1.8 should work well. The private key management is moved to
gpg-agent, and gpg-agent automatically create stubs.
rhertzog added a comment to T2079: gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable.
Debian Unstable is now at 2.1.8-1. I guess this version should have the fix as
well? If yes, I can retry.
• gniibe added a project to T2079: gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable: Restricted Project.
Sorry, the patch of yesterday was wrong.
Please test attached new patch of gpg-ssh-agent-20150929.diff.
Sep 28 2015
Sep 28 2015
Sep 25 2015
Sep 25 2015
Thank you, that is exactly the kind of mechanism I was looking for. I'll give it
a try to packaging over the next few days.
• aheinecke added a project to T2105: Pinentry: Configure flag to specify Qt4 or Qt5: Restricted Project.
Sep 22 2015
Sep 22 2015
• werner removed a project from T2075: gpg-agent comments in sshcontrol for do not match ssh: backport.
• werner added a project to T2075: gpg-agent comments in sshcontrol for do not match ssh: Restricted Project.
See T2106 for the SHA-256 feature.
Sep 21 2015
Sep 21 2015
0.9.6 has meanwhile been released - any news?
0.9.6 has been released - does it work?
• werner closed T2085: gpg --gen-key from gnupg-w32 2.1.7 fails on Windows > 8.1 (AESNI)) as Resolved.
• werner added a comment to T2085: gpg --gen-key from gnupg-w32 2.1.7 fails on Windows > 8.1 (AESNI)).
1.6.4 has been released
1.6.4 has been released.
to be released with 0.9.10
• werner closed T1932: GnuPG 2.1 (gpgsm):set default of 'hash-algo' from sha1 to sha256 as Resolved.
Sep 18 2015
Sep 18 2015
Thanks. I'm very happy with gnupg 2.1.
If it's Bash, it is like:
$ rm -i ~/.gnupg/private-keys-v1.d/$(gpg-connect-agent "KEYINFO --ssh-list"
/bye | awk '{print $3}').key
It has been fixed. However, because the keygrip is same (before the fix and
after the fix), ssh-add doesn't update the file.
A user needs to remove the file at first.
I'm not sure what to suggest here.
Perhaps, getting the keygrip by 'gpg-connect-agent "keyinfo --ssh-list" /bye',
and then remove the file.
then ssh-add again.
Sep 17 2015
Sep 17 2015
Sep 11 2015
Sep 11 2015
682_unnamed1 KBDownload
yes, this was fixed in 2.1.8
Sep 10 2015
Sep 10 2015
• gniibe added a comment to T1974: libgcrypt: build fails on Gentoo/FreeBSD 10.0 or later (x86-fbsd).
Fixed in 1.6.4.
• gniibe closed T1974: libgcrypt: build fails on Gentoo/FreeBSD 10.0 or later (x86-fbsd) as Resolved.
Sep 9 2015
Sep 9 2015
• werner added a project to T2073: gpg-agent crashes on winows importing a secret key: Restricted Project.
There is a bug in Libgcrypt < 1.6.4 causing a bus error in the AESNI code.
The 2.1.8 installer will come with a fixed libgcrypt.
2.0.29 has been released.
gpa 0.9.9 has been released with this fix.
Sep 7 2015
Sep 7 2015
Fixed for 1.6.4 with commit 59058aac.
Applied for 1.6.4 and master
Sep 4 2015
Sep 4 2015
• werner removed a project from T2085: gpg --gen-key from gnupg-w32 2.1.7 fails on Windows > 8.1 (AESNI)): In Progress.
• werner added a project to T2085: gpg --gen-key from gnupg-w32 2.1.7 fails on Windows > 8.1 (AESNI)): Restricted Project.
Aug 31 2015
Aug 31 2015
Aug 30 2015
Aug 30 2015
This has been implemented 2 weeks ago.
aheinecke: Did you had a chance to test this with 2.1.7 or master?
Aug 28 2015
Aug 28 2015
For gpg4win 3.0 this will be a problem again as I no longer patch it.
We have to find a solution here. I do not find it acceptable that gnupg does not
understand globs on windows.
Aug 25 2015
Aug 25 2015
• werner added a project to T2036: gpgme_set_pinentry_mode GPGME_PINENTRY_MODE_LOOPBACK doesn't work: Restricted Project.
Aug 24 2015
Aug 24 2015
neal added a project to T2038: Pinentry Failing with 'Passphrase too long (try 2 of 3)' on Fedora 22 with KDE *only* when using lengthy passphrases: Restricted Project.
Aug 13 2015
Aug 13 2015
• werner reassigned T1961: pinentry-qt4 needs -std=c++11 to compile with gcc-5.1 from • werner to • aheinecke.
Aug 12 2015
Aug 12 2015
the attached patch is a minimal patch to make older versions of pinentry-qt4
build cleanly with newer gcc.
Aug 7 2015
Aug 7 2015
• werner added a project to T2025: gpgv 2.1.x should be able to use a keybox for --keyring arguments: Restricted Project.
Aug 6 2015
Aug 6 2015
This will be fixed in the upcoming pinentry release as pinentry-qt no longer
uses std::string
• aheinecke added a project to T1961: pinentry-qt4 needs -std=c++11 to compile with gcc-5.1: Restricted Project.
Aug 4 2015
Aug 4 2015
• werner removed a project from T2031: GnuPG 2.1 Migration fails badly with (weird) PGP2 key in pubring: In Progress.
• werner added a project to T2031: GnuPG 2.1 Migration fails badly with (weird) PGP2 key in pubring: Restricted Project.
Jul 30 2015
Jul 30 2015
Thanks for testing this!
@neal. Just pulled master and gave it a try. Role is correct, events are correct,
and Orca's working as expected with that widget. Thanks much!!
Jul 29 2015
Jul 29 2015
Right. SHA-256 never worked because the CSR anyway indicated SHA-1 but signed
using SHA-256.
Note that the signing of a CSR is only there to indicate that one own the
private key. The resulting certificate may use any signing algorithm on the
discretion of the CA.
Does this mean it would also not be possible to generate a CSR with SHA256 as
hash algo with 2.0 at all? I think I've tested this some time ago and it worked
but that might have been 2.1
I'd like to see this fixed as the change was part of the NEWS for 2.0.28 and do
we really want to have a NEWS entry like "The default hash algo for a CSR is now
SHA-1 again because we failed to get SHA-256 working"? :-p
Jul 28 2015
Jul 28 2015
This was done with 26ab44b.
I'm now using pinentry-qt5 as my main pinentry but I doubt that there will be
any problems. After dropping the "Secure widgets" There were no code changes
necessary to support Qt5.
Jul 27 2015
Jul 27 2015
• werner added a project to T2043: Gpgsm stable: gen-key triggers bug with recent libgcrypt: Restricted Project.
Appears to be working. I had no reports of more problems with Exchange domain
addresses since 1.2.1
Jul 26 2015
Jul 26 2015
neal added a project to T1959: pinentry-gtk-2's secure entry is inaccessible in GNU/Linux: Restricted Project.
neal added a project to T1777: pinentry-gtk-2 refuses input when GTK_IM_MODULE=scim: Restricted Project.
I replaced our custom entry widget with the standard Gtk+ widget. This should
fix this problem. Please test and let me know either way. Thanks!
Hi, I've just replaced the use of our custom entry widget with the standard Gtk+
entry widget. This should fix the problem. Please report back whether this is
the case. Thanks.
Jul 10 2015
Jul 10 2015
Jul 2 2015
Jul 2 2015
works fine with gnupg 2.1.6 and pc/sc.
• gniibe added a project to T2004: scd: insufficient buffer error when using reader pinpad: Restricted Project.
Jun 30 2015
Jun 30 2015
• werner added a project to T2008: --list-options broken when using --with-colons: Restricted Project.
Indeed the first is a regression in 2.1. Fixed with commit 010e428.
The second is not supposed to work with --with-colons. GPGME uses
--list-options show-sig-subpackets="20,26"
instead.
Jun 29 2015
Jun 29 2015
• werner added a project to T1951: gpg-agent needs an API to verify a passphrase: Restricted Project.
Jun 25 2015
Jun 25 2015
• werner added a project to T1921: Duplicated certificates in gpgsm pubring (2.1): Restricted Project.
Jun 18 2015
Jun 18 2015
The last fix was wrong and the reaper thread closed a reader object which was
still used by another thread. Fixed with commit c971983:
I assumed that the log_fd also has a reader object but that reader object is used for stdout and needs to be closed by the consumer. The real bug with the non-released ldap_wrapper control objects was that when looping over distribution points we did not closed the used reader object before the next iteration. Now, the test case had more than one DP and thus we lost one reader object.
amd64
libgcrypt 1.6.2
libksba 1.3.4-beta1
Btw. If I roll back your commit the crashes no longer happen.
As an additional note. From checking why dirmngr takes so long in my setup I
know that I have several certificates in my keyring where the CRL is not
available. Maybe thats part of the problem.
x86 or amd64 ?
libgcrypt version?
libksba version?
Jun 17 2015
Jun 17 2015
In valgrind it did not crash. The keylisting exited normally. But showed several
errors.
Attached is the valigrind log.
641_vg.log.gz1 KBDownload
Can you start dirmngr under valgrind?
gpgconf --kill dirmngr
valgrind --log-file=vg.log dirmngr --daemon --homedir /my/gnupg/home/dir
I've compiled current master and it works for the testcase. But when I start
kleopatra and it runs the keylist/verify dirmngr now crashes.
Can be triggered with gpgme: run-keylist --validate --cms
It crashes at different points but it never gets through all my certificates.
An example of the debug output that is collected before it crashes (differs
between crashes):
2015-06-16 19:09:15 dirmngr[9303.1] no CRL available for issuer id
18F071EAAC08885C9434A7DE1DB3AFC30F27DD32
2015-06-16 19:09:15 dirmngr[9303.1] DBG: chan_1 -> INQUIRE SENDCERT
2015-06-16 19:09:15 dirmngr[9303.1] DBG: chan_1 <- [ 44 20 30 82 04 7d 30 82 03
65 a0 03 02 01 02 02 ...(982 byte(s) skipped) ]
2015-06-16 19:09:15 dirmngr[9303.1] DBG: chan_1 <- [ 44 20 14 34 6d f5 07 c2 04
86 4a ba a1 71 50 b0 ...(187 byte(s) skipped) ]
2015-06-16 19:09:15 dirmngr[9303.1] DBG: chan_1 <- END
2015-06-16 19:09:15 dirmngr[9303.1] checking distribution points
2015-06-16 19:09:15 dirmngr[9303.1] no distribution point - trying issuer name
2015-06-16 19:09:15 dirmngr[9303.1] fetching CRL from default location
2015-06-16 19:09:15 dirmngr[9303.1] ldap wrapper 10199 started (reader
0x00007f6a580337a0)
2015-06-16 19:09:15 dirmngr[9303.0] ldap wrapper 10198 ready: exitcode=1
2015-06-16 19:09:15 dirmngr[9303.0] ldap worker stati:
2015-06-16 19:09:15 dirmngr[9303.0] c=0x00007f6a58033740 pid=10199/10199
rdr=0x00007f6a580337a0 ctrl=0x00007f6a580008c0/1 la=1434474555 rdy=0
2015-06-16 19:09:15 dirmngr[9303.0] c=0x00007f6a58022520 pid=-1/10198
rdr=0x0000000000000000 ctrl=0x0000000000000000/0 la=1434474554 rdy=1
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: processing url 'ldap://'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: host
'directory.verisign.com'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: port 389
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: processing url 'ldap://'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: host
'directory.verisign.com'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: port 389
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: DN
'1.2.840.113549.1.9.1=#4865696E65636B656E40676D61696C2E636F6D,CN=Common
Name,ST=Some-State,C=DE'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: filter
'objectClass=*'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: attr
'certificateRevocationList'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: DN
'1.2.840.113549.1.9.1=#4865696E65636B656E40676D61696C2E636F6D,CN=Common
Name,ST=Some-State,C=DE'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: filter
'objectClass=*'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: attr
'certificateRevocationList'
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10198]: searching 'ldap://'
failed: No such object
2015-06-16 19:09:15 dirmngr[9303.0] ldap worker stati:
2015-06-16 19:09:15 dirmngr[9303.0] c=0x00007f6a58033740 pid=10199/10199
rdr=0x00007f6a580337a0 ctrl=0x00007f6a580008c0/1 la=1434474555 rdy=0
2015-06-16 19:09:15 dirmngr[9303.0] c=0x00007f6a58022520 pid=-1/10198
rdr=0x0000000000000000 ctrl=0x0000000000000000/0 la=1434474555 rdy=1
2015-06-16 19:09:15 dirmngr[9303.0] dirmngr_ldap[10199]: searching 'ldap://'
failed: No such object
2015-06-16 19:09:15 dirmngr[9303.0] ldap wrapper 10199 ready: exitcode=1
2015-06-16 19:09:15 dirmngr[9303.0] ldap worker stati:
2015-06-16 19:09:15 dirmngr[9303.0] c=0x00007f6a58033740 pid=-1/10199
rdr=0x0000000000000000 ctrl=0x00007f6a580008c0/1 la=1434474555 rdy=1
Backtrace for this log (also differs):
#0 0x00007f6a69109cc9 in GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f6a6910d0d8 in GI_abort () at abort.c:89
#2 0x00007f6a69146394 in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7f6a69254b28 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x00007f6a6915266e in malloc_printerr (ptr=<optimized out>,
str=0x7f6a69254cf0 "double free or corruption (fasttop)", action=1)
at malloc.c:4996
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5 0x00007f6a69d4fd2d in ?? () from /opt/gnupg/lib/libgcrypt.so.20
#6 0x0000000000428802 in ldap_wrapper (ctrl=ctrl@entry=0x7f6a580008c0,
reader=reader@entry=0x7f6a64c05cd0,
argv=argv@entry=0x7f6a64c05a80) at ldap-wrapper.c:772
#7 0x000000000042218c in run_ldap_wrapper (ctrl=ctrl@entry=0x7f6a580008c0,
multi_mode=multi_mode@entry=0, proxy=0x0,
host=<optimized out>, port=<optimized out>, user=<optimized out>, pass=0x0, dn=dn@entry=0x7f6a58001d50
"1.2.840.113549.1.9.1=#4865696E65636B656E40676D61696C2E636F6D,CN=Common
Name,ST=Some-State,C=DE",
filter=filter@entry=0x44dcc1 "objectClass=*", attr=attr@entry=0x44b50a
"certificateRevocationList", url=url@entry=0x0,
reader=reader@entry=0x7f6a64c05cd0, ignore_timeout=0) at ldap.c:191
#8 0x00000000004228ea in attr_fetch_ldap (ctrl=0x7f6a580008c0,
dn=0x7f6a58001d50
"1.2.840.113549.1.9.1=#4865696E65636B656E40676D61696C2E636F6D,CN=Common
Name,ST=Some-State,C=DE",
attr=attr@entry=0x44b50a "certificateRevocationList",
reader=reader@entry=0x7f6a64c05cd0) at ldap.c:287
#9 0x0000000000414aed in crl_fetch_default (ctrl=ctrl@entry=0x7f6a580008c0,
issuer=issuer@entry=0x7f6a58001d50
"1.2.840.113549.1.9.1=#4865696E65636B656E40676D61696C2E636F6D,CN=Common
Name,ST=Some-State,C=DE", reader=reader@entry=0x7f6a64c05cd0) at crlfetch.c:319
#10 0x000000000041439d in crl_cache_reload_crl (ctrl=ctrl@entry=0x7f6a580008c0,
cert=0x7f6a58002740) at crlcache.c:2554
#11 0x000000000040e1d5 in inquire_cert_and_load_crl (ctx=0x7f6a58000950) at
server.c:589
#12 cmd_isvalid (ctx=0x7f6a58000950, line=<optimized out>) at server.c:901
#13 0x00007f6a6a23e96a in ?? () from /opt/gnupg/lib/libassuan.so.0
#14 0x00007f6a6a23ed49 in assuan_process () from /opt/gnupg/lib/libassuan.so.0
#15 0x000000000040edc7 in start_command_handler (fd=fd@entry=1) at server.c:2243
#16 0x000000000040ada5 in start_connection_thread (arg=arg@entry=0x1) at
dirmngr.c:1937
#17 0x00007f6a69908dbc in thread_start (startup_arg=<optimized out>) at npth.c:265
#18 0x00007f6a696f1182 in start_thread (arg=0x7f6a64c06700) at pthread_create.c:312
#19 0x00007f6a691cd47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
A different backtrace:
#0 0x00007fe9e9805cc9 in GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007fe9e98090d8 in GI_abort () at abort.c:89
#2 0x00007fe9e9842394 in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7fe9e9950b28 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x00007fe9e984dac2 in malloc_printerr (ptr=<optimized out>,
str=0x7fe9e994cbfc "corrupted double-linked list", action=1)
at malloc.c:4996
#4 malloc_consolidate (av=av@entry=0x7fe9d8000020) at malloc.c:4165
#5 0x00007fe9e984edf8 in _int_malloc (av=0x7fe9d8000020, bytes=1025) at
malloc.c:3423
#6 0x00007fe9e98517b0 in GI_libc_malloc (bytes=1025) at malloc.c:2891
#7 0x00007fe9ea44ad11 in ?? () from /opt/gnupg/lib/libgcrypt.so.20
#8 0x00007fe9ea44bc19 in ?? () from /opt/gnupg/lib/libgcrypt.so.20
#9 0x00007fe9ea93b284 in init_membuf (maxlen=0, initiallen=<optimized out>,
mb=0x7fe9e53018e0, ctx=0x7fe9d8000950)
at assuan-inquire.c:64
#10 assuan_inquire (ctx=ctx@entry=0x7fe9d8000950, keyword=keyword@entry=0x44774b
"SENDCERT",
r_buffer=r_buffer@entry=0x7fe9e5301d50,
r_length=r_length@entry=0x7fe9e5301d60, maxlen=maxlen@entry=0) at
assuan-inquire.c:169
#11 0x000000000040dfca in inquire_cert_and_load_crl (ctx=0x7fe9d8000950) at
server.c:567
#12 cmd_isvalid (ctx=0x7fe9d8000950, line=<optimized out>) at server.c:901
#13 0x00007fe9ea93a96a in dispatch_command (ctx=0x7fe9d8000950, line=<optimized
out>, linelen=<optimized out>)
at assuan-handler.c:675
#14 0x00007fe9ea93ad49 in process_request (ctx=0x7fe9d8000950) at
assuan-handler.c:871
#15 assuan_process (ctx=0x7fe9d8000950) at assuan-handler.c:894
#16 0x000000000040edc7 in start_command_handler (fd=fd@entry=6) at server.c:2243
#17 0x000000000040ada5 in start_connection_thread (arg=arg@entry=0x6) at
dirmngr.c:1937
#18 0x00007fe9ea004dbc in thread_start (startup_arg=<optimized out>) at npth.c:265
#19 0x00007fe9e9ded182 in start_thread (arg=0x7fe9e5302700) at pthread_create.c:312
#20 0x00007fe9e98c947d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
• werner added a project to T2000: PGP-2 Keys are handled as if their Fingerprint is always zero: Restricted Project.
Jun 16 2015
Jun 16 2015
• werner added a project to T1978: Dirmngr ldap CRL checks prevent dirmngr from terminating: Restricted Project.