Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Jun 10 2018

werner committed rD1cbec4b8d0cb: donations: Fix a link (authored by werner).
donations: Fix a link
Jun 10 2018, 6:00 PM
werner committed rDd4b98f9c0c55: donations: Try a tag cloud list for the 2018 donors. (authored by werner).
donations: Try a tag cloud list for the 2018 donors.
Jun 10 2018, 6:00 PM
werner committed rDe0195fc71ef5: donations: Add a remark to the auto created list (authored by werner).
donations: Add a remark to the auto created list
Jun 10 2018, 5:55 PM
werner committed rD34aadf0da76b: donations: Add stats for 2017 (authored by werner).
donations: Add stats for 2017
Jun 10 2018, 5:51 PM
werner committed rD591b60c8a8fb: donations: Add monthly statistics (authored by werner).
donations: Add monthly statistics
Jun 10 2018, 5:10 PM
BenM committed rM92cd060f5e2f: script: groups.py (authored by BenM).
script: groups.py
Jun 10 2018, 5:09 PM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA7fe44d6ab9a5: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Jun 10 2018, 7:19 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAc978a943abf0: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Jun 10 2018, 5:55 AM

Jun 9 2018

BenM committed rD193c0ca9c477: bio typos (authored by BenM).
bio typos
Jun 9 2018, 6:12 PM
BenM committed rD52e91c8bf544: bio: Ben (authored by BenM).
bio: Ben
Jun 9 2018, 5:13 PM
werner committed rDbaab91c94915: web: news was missing the setup file (authored by werner).
web: news was missing the setup file
Jun 9 2018, 2:13 PM
werner committed rDc51957c87d6e: web: Add links to CVE ids. (authored by werner).
web: Add links to CVE ids.
Jun 9 2018, 12:56 PM
werner committed rDe709c9306139: web: New macro CVE and fix for latest CVE link. (authored by werner).
web: New macro CVE and fix for latest CVE link.
Jun 9 2018, 12:43 PM
werner committed rD680e8aa513ce: web: Fix URL typo and add a missing OID. (authored by werner).
web: Fix URL typo and add a missing OID.
Jun 9 2018, 11:50 AM
werner removed a project from T4012: Diagnostic is shown with the original filename not being sanitized.: backport.
Jun 9 2018, 11:46 AM · gnupg, CVE, Bug Report
werner added a project to T4012: Diagnostic is shown with the original filename not being sanitized.: backport.
Jun 9 2018, 11:46 AM · gnupg, CVE, Bug Report
werner lowered the priority of T4012: Diagnostic is shown with the original filename not being sanitized. from Unbreak Now! to High.
Jun 9 2018, 11:45 AM · gnupg, CVE, Bug Report
werner added a comment to T3844: Able to certify public keys without a certify key present when using smartcard..

So we had two releases with the fist. Can we set this bug to resolved?

Jun 9 2018, 11:35 AM · gnupg (gpg22), Bug Report
dkg created T4014: when verifying signatures, gpg and gpgv should ensure signing capabilities.
Jun 9 2018, 12:33 AM · gpgv, gnupg, Bug Report
dkg added a comment to T3894: re-evaluate default randomness choices during key generation on GNU/Linux platforms.

I've heard no critique of the logic above. could we get this fix landed? it is concretely useful for doing key generation on modern GNU/Linux systems.

Jun 9 2018, 12:03 AM · libgcrypt, gnupg

Jun 8 2018

dkg added a comment to T3844: Able to certify public keys without a certify key present when using smartcard..

fwiw, i agree that if there's any security vulnerability here, it is in the verification side, not the creation side.

Jun 8 2018, 11:58 PM · gnupg (gpg22), Bug Report
Rafixmod added a watcher for Bug Report: Rafixmod.
Jun 8 2018, 11:24 PM
werner triaged T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix as Normal priority.

I was not aware that you could do this at all. You are right in that to start supporting this we first need to update libksba.

Jun 8 2018, 10:15 PM · S/MIME, Feature Request, libksba
werner added a comment to T4012: Diagnostic is shown with the original filename not being sanitized..

Unfortunately 2.2.8 does not build with older libgpg-error versions. Commit rG18274db32b5dea7fe8db67043a787578c975de4d should fix this.

Jun 8 2018, 10:11 PM · gnupg, CVE, Bug Report
werner committed rG18274db32b5d: gpg: Allow building with older libgpg-error. (authored by werner).
gpg: Allow building with older libgpg-error.
Jun 8 2018, 10:09 PM
tookmund added a comment to T4001: Import and Export for python bindings.

Apologies for the delay, been working on GSoC stuff.
Here's what I've got as of right now:

Jun 8 2018, 6:36 PM · gpgme, patch, Python, Feature Request
mkrambach committed rMc072675f3f2d: js: change chunksize handling and decoding (authored by mkrambach).
js: change chunksize handling and decoding
Jun 8 2018, 5:58 PM
aheinecke committed rD8730e196752a: web: Fix sha1 sums for gnupg and gnupg-w32 (authored by aheinecke).
web: Fix sha1 sums for gnupg and gnupg-w32
Jun 8 2018, 4:42 PM
aheinecke committed rM8dff414e170e: cpp: Add proper gpgme_op_createkey (authored by aheinecke).
cpp: Add proper gpgme_op_createkey
Jun 8 2018, 4:22 PM
werner committed rDd1df251db10b: web: News about GnuPG 2.2.8 (authored by werner).
web: News about GnuPG 2.2.8
Jun 8 2018, 4:07 PM
werner added a comment to T4012: Diagnostic is shown with the original filename not being sanitized..

2.2.8. with a fix has been released. Announcement

Jun 8 2018, 3:54 PM · gnupg, CVE, Bug Report
aheinecke committed rM54146d90dd55: json: Return fingerprint as createkey result (authored by aheinecke).
json: Return fingerprint as createkey result
Jun 8 2018, 2:52 PM
aheinecke committed rM6c74a59e8855: json: Add op_createkey (authored by aheinecke).
json: Add op_createkey
Jun 8 2018, 1:55 PM
marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

Yep. ?

Jun 8 2018, 1:48 PM · gnupg (gpg22), Bug Report
werner committed rD093143fe54d7: swdb: Release GnuPG 2.2.8 (authored by werner).
swdb: Release GnuPG 2.2.8
Jun 8 2018, 1:06 PM
werner committed rGe9667dd20a3a: Post release updates (authored by werner).
Post release updates
Jun 8 2018, 12:58 PM
werner committed rGcd9aaa786295: Release 2.2.8 (authored by werner).
Release 2.2.8
Jun 8 2018, 12:58 PM
werner committed rG8e589300e371: po: Auto update (authored by werner).
po: Auto update
Jun 8 2018, 12:58 PM
werner committed rGea36e637224f: po: Update German translation (authored by werner).
po: Update German translation
Jun 8 2018, 12:58 PM
werner committed rG77ab99f80a5b: po: Update Russian translation. (authored by Ineiev <ineiev@gnu.org>).
po: Update Russian translation.
Jun 8 2018, 12:58 PM
gouttegd created T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix.
Jun 8 2018, 12:45 PM · S/MIME, Feature Request, libksba
werner edited projects for T4012: Diagnostic is shown with the original filename not being sanitized., added: gnupg; removed gnupg (gpg14).

[Better use the gnupg tag. Specific versions end up on the workboard and there may only be one.]

Jun 8 2018, 12:10 PM · gnupg, CVE, Bug Report
werner closed T4000: GnuPG does not check encrypted messages for well-formed composition as Resolved.
Jun 8 2018, 11:16 AM · gnupg (gpg22), Bug Report
werner edited projects for T4012: Diagnostic is shown with the original filename not being sanitized., added: CVE, gnupg (gpg14); removed gnupg (gpg22).

@dkg can you please take this up with Debian and other distros? See the commit for a brief description.

Jun 8 2018, 11:12 AM · gnupg, CVE, Bug Report
werner changed the status of T4012: Diagnostic is shown with the original filename not being sanitized. from Open to Testing.

Fixed in 1.4, 2.2 and master. New releases will be done soon. Note that there is no need for a new gpg4win release because GPGME is not affected.

Jun 8 2018, 11:09 AM · gnupg, CVE, Bug Report
werner committed rG2326851c6079: gpg: Sanitize diagnostic with the original file name. (authored by werner).
gpg: Sanitize diagnostic with the original file name.
Jun 8 2018, 11:01 AM
werner committed rG210e402acd3e: gpg: Sanitize diagnostic with the original file name. (authored by werner).
gpg: Sanitize diagnostic with the original file name.
Jun 8 2018, 10:54 AM
werner committed rG13f135c7a252: gpg: Sanitize diagnostic with the original file name. (authored by werner).
gpg: Sanitize diagnostic with the original file name.
Jun 8 2018, 10:54 AM
werner created T4012: Diagnostic is shown with the original filename not being sanitized..
Jun 8 2018, 10:52 AM · gnupg, CVE, Bug Report
aheinecke committed rMaf8510fb7f4d: json: Generalize chunking and getmore (authored by aheinecke).
json: Generalize chunking and getmore
Jun 8 2018, 10:32 AM
werner closed T3942: Can't unregister a non-existent private key as Resolved.

Okay. Thanks for looking into this.

Jun 8 2018, 10:19 AM · gnupg (gpg22), Bug Report
werner edited Description on CVE.
Jun 8 2018, 10:18 AM
werner added a project to T4011: CVE-2018-0495: CVE.
Jun 8 2018, 10:15 AM · CVE, libgcrypt
werner changed the edit policy for CVE.
Jun 8 2018, 10:15 AM
werner updated the task description for T4011: CVE-2018-0495.
Jun 8 2018, 10:12 AM · CVE, libgcrypt
DamienCassou added a comment to T3942: Can't unregister a non-existent private key.

In the meantime, I upgraded my Fedora installation so I won't be able to reproduce in the same circumstances. I suggest we close the issue for now. I will reopen if I manage to reproduce.

Jun 8 2018, 9:51 AM · gnupg (gpg22), Bug Report
werner changed the edit policy for T4011: CVE-2018-0495.
Jun 8 2018, 9:50 AM · CVE, libgcrypt
aheinecke created T4010: GnuPG: Allow key generation through the browser socket.
Jun 8 2018, 9:47 AM · gnupg, gpgagent
gniibe committed rGfed3e10121a7: g10: Change the order of handling private key for encryption. (authored by gniibe).
g10: Change the order of handling private key for encryption.
Jun 8 2018, 9:30 AM
gniibe committed rG2d6f17c776cd: g10: Defer selection of decryption key at proc_encrypted. (authored by gniibe).
g10: Defer selection of decryption key at proc_encrypted.
Jun 8 2018, 9:30 AM
werner triaged T4009: POLDI: Support for EC (nist, brainpool, at least) as Normal priority.
Jun 8 2018, 9:00 AM · poldi, Feature Request
werner lowered the priority of T3942: Can't unregister a non-existent private key from High to Normal.

I tried this with the current 2.2 branch and master and was not able to replicate it. The stubs are all deleted as expected. I also checked the commit log since 2.2.6 and didn't found anything which indicated that such a bug was fixed.

Jun 8 2018, 8:59 AM · gnupg (gpg22), Bug Report
comio created T4009: POLDI: Support for EC (nist, brainpool, at least).
Jun 8 2018, 8:52 AM · poldi, Feature Request

Jun 7 2018

aheinecke committed rDdbaa9b76509e: web: Improve former developers section (authored by aheinecke).
web: Improve former developers section
Jun 7 2018, 9:31 PM
aheinecke committed rDe11e8a5b1090: web: Try a better split between inactive ppl (authored by aheinecke).
web: Try a better split between inactive ppl
Jun 7 2018, 9:17 PM
aheinecke committed rD2c913d974767: web: Note aheineckes verein status (authored by aheinecke).
web: Note aheineckes verein status
Jun 7 2018, 9:13 PM
aheinecke committed rD85b3f34a7a32: web: Add Andre Heinecke to people (authored by aheinecke).
web: Add Andre Heinecke to people
Jun 7 2018, 9:09 PM
aheinecke committed rDd3752f2f0146: web: Mark emeritus people and sort them down (authored by aheinecke).
web: Mark emeritus people and sort them down
Jun 7 2018, 9:09 PM
werner committed rG6a87a0bd2501: gpg: Improve import's repair-key duplicate signature detection. (authored by werner).
gpg: Improve import's repair-key duplicate signature detection.
Jun 7 2018, 6:53 PM
werner committed rGcedd754fcb03: gpg: Fix import's repair-key duplicate signature detection. (authored by werner).
gpg: Fix import's repair-key duplicate signature detection.
Jun 7 2018, 6:53 PM
werner committed rG36cc730fa516: gpg: Improve verbose output during import. (authored by werner).
gpg: Improve verbose output during import.
Jun 7 2018, 6:53 PM
werner closed T3994: import-clean drops a seemingly valid subkey as Resolved.

See rG26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba for a description of the problem and its fix.
Thanks for reporting.

Jun 7 2018, 6:53 PM · gnupg (gpg22), Bug Report
werner committed rG26746fe65d14: gpg: Improve import's repair-key duplicate signature detection. (authored by werner).
gpg: Improve import's repair-key duplicate signature detection.
Jun 7 2018, 6:49 PM
werner committed rG26bce2f01d20: gpg: Fix import's repair-key duplicate signature detection. (authored by werner).
gpg: Fix import's repair-key duplicate signature detection.
Jun 7 2018, 5:32 PM
werner committed rG1bc6b5174248: gpg: Improve verbose output during import. (authored by werner).
gpg: Improve verbose output during import.
Jun 7 2018, 5:32 PM
aheinecke committed rMe48f4a18f807: json: Rework verify_result_to_json (authored by aheinecke).
json: Rework verify_result_to_json
Jun 7 2018, 4:08 PM
aheinecke committed rW5ee9218150a4: Web: Add german privacy policy (authored by aheinecke).
Web: Add german privacy policy
Jun 7 2018, 3:28 PM
aheinecke committed rM906ea48df3e1: json: Add direct way to query a config option (authored by aheinecke).
json: Add direct way to query a config option
Jun 7 2018, 11:45 AM
aheinecke committed rM7e18c7a07a1e: json: Add op_config to query gpgconf (authored by aheinecke).
json: Add op_config to query gpgconf
Jun 7 2018, 11:45 AM
BenM committed rMa3a08584d6e5: examples: python howto (authored by BenM).
examples: python howto
Jun 7 2018, 7:11 AM
BenM committed rM167847f1bcfb: python bindings: import keys (authored by BenM).
python bindings: import keys
Jun 7 2018, 1:54 AM

Jun 6 2018

werner committed rC7b6c2afd699e: ecc: Improve gcry_mpi_ec_curve_point (authored by werner).
ecc: Improve gcry_mpi_ec_curve_point
Jun 6 2018, 10:38 PM
werner committed rC6606ae44e0de: mpi: New internal function _gcry_mpi_cmpabs. (authored by werner).
mpi: New internal function _gcry_mpi_cmpabs.
Jun 6 2018, 10:38 PM
eoincreedon_gmail.com added a comment to T4003: Trusted-certs folder not being taken into account where System folders are read.

Hi Werner,
The issue is the following:
I have 2 certificates in the trusted-certificates folder that is searched by gpgsm (C:\ProgramData\Gnu\etc\gnupg\trusted-certs) which I want to trust. When dirmngr starts, it reads the Windows trusted certifcate store (certlm.msc for both system and user - I don't know the path / location of the windows certificates folder outside certlm) and builds the list of certificates to use. Once this list is read and if any duplicates are found in the trusted-certificate folder, it ignores them - they are already present.

Jun 6 2018, 7:21 PM · dirmngr, S/MIME, Bug Report
werner closed T4002: gpg-error.h uses c11 reserved word "noreturn" as Resolved.
Jun 6 2018, 6:46 PM · Bug Report
werner closed T3947: pinentry-gnome3 requires DBUS_SESSION_BUS_ADDRESS to be updated as Resolved.

Thanks. I added all standard names to that list.

Jun 6 2018, 6:39 PM · pinentry, gpgagent, Bug Report
werner committed rGc5c8fb1ec7c8: agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list. (authored by werner).
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
Jun 6 2018, 6:38 PM
werner committed rG7ffc1ac7dd95: agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list. (authored by werner).
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
Jun 6 2018, 6:38 PM
werner triaged T3949: pinentry looks for gpg-error-config and libassuan-config in ${SYSROOT}/bin but they are in ${SYSROOT}/usr/bin as Normal priority.
Jun 6 2018, 5:58 PM · Cross-Compiler, pinentry, Bug Report
werner triaged T3891: kdf-setup does not set admin and user PIN codes as Normal priority.
Jun 6 2018, 5:57 PM · Restricted Project, scd, Bug Report
werner triaged T4001: Import and Export for python bindings as Normal priority.
Jun 6 2018, 5:57 PM · gpgme, patch, Python, Feature Request
werner triaged T4003: Trusted-certs folder not being taken into account where System folders are read as Normal priority.

I do not fully understand your problem. Can you please explain it with an example and also state the full file names of the mentioned folders?

Jun 6 2018, 5:56 PM · dirmngr, S/MIME, Bug Report
werner committed rG70f26e426336: doc: Typo fixes (authored by werner).
doc: Typo fixes
Jun 6 2018, 5:34 PM
werner committed rG8c0e1fac960f: doc: Typo fixes (authored by werner).
doc: Typo fixes
Jun 6 2018, 5:34 PM
werner closed T3983: GPGME: Improve handling of MDC errors (wrong error code) as Resolved.

With recent versions of gpg you will now get Bad Data etc. This is implemented by giving an ERROR status line a higher precedence than the NO_SECKEY status.

Jun 6 2018, 4:33 PM · gpgme
werner added a comment to T3714: Failing to decrypt due to missing MDC.

BTW, you now need to use --rfc2440 to create a non-mdc message for testing.

Jun 6 2018, 4:30 PM · FAQ, kleopatra
werner committed rM2c4c5692472f: core: Return a better error code on certain decryption failures. (authored by werner).
core: Return a better error code on certain decryption failures.
Jun 6 2018, 4:29 PM
werner changed the status of T4000: GnuPG does not check encrypted messages for well-formed composition from Open to Testing.

Better?

Jun 6 2018, 3:59 PM · gnupg (gpg22), Bug Report
werner committed rG054a187f24b1: gpg: Also detect a plaintext packet before an encrypted packet. (authored by werner).
gpg: Also detect a plaintext packet before an encrypted packet.
Jun 6 2018, 3:58 PM
werner committed rG344b548dc716: gpg: Also detect a plaintext packet before an encrypted packet. (authored by werner).
gpg: Also detect a plaintext packet before an encrypted packet.
Jun 6 2018, 3:57 PM
First
Prev
Next