Well, that is a detailed bug report. Thanks.

Form my understanding this needs to be fixed urgently.

Pretty obvious. Thanks.

Hmmm

I have a warning already in my working copy.

Well, it should not happen if you always use the same key.

There is indeed a race condition between the passphrase cache and the pinentry invocation. There is even a comment on this somewhere in the code. The problem is that we would need to lock almost everything to avoid this rare condition.

Which Libgcrypt version?

I fixed the gpgrelay link.

It is useful if you often log out and in, for example using remote remote ssh session. If you don't like it, you should "gpgconf --kill gpg-agent" in your .bash_logout. ~/.xsession or whatever your system uses. Instead of --kill you can also use --reload so that the passphrase cache is flushed immediately and not only at the end of the TTL.

Thanks. Just pushed the change to master.

Let me also note that gpg-zip was not installed since 2006 due a conflict with gpg1.

gpg-zip is deprecated because we have replaced it by gpgtar. Given that you have a workaround for Debian I tend to close this bug as WONTFIX.

I think there are some races in the crl updated code but no real harm.
To improve you patch we could write a wait_for_idle function which counts the active connections and the housekeeping threads. It would also need to block new connections etc.

It does not make sense to handle this in the protocol. The client should always ask for joe@example.org and thus keep the whole thing mostly out of gpg. This requires that keys are not created with sub-addresses. However, if someone has a need for this, this strategy should work:

Also consider that it is possible to change the key usage flags. Thus it will never be clear whether one has a fixed or unfixed public key. I'd like to close this bug because it is currently also discussed in the IETF WG.

gpgme_op_decrypt_verify can always be used instead of gpgme_op_decrypt. This is an obvious requirement because the signature and the fact that there is a signature is only known after the decryption step. The newer GPGME_DECRYPT_VERIFY of the gpgme_op_decrypt_ext function is basically an alias for gpgme_op_decrypt_verify.
For both functions gpgme employs "gpg --decrypt".

The dirmngr may at any time open a file in that directory and thus there is no reliable way to remove the home directory when any gpg tool is running. Daemons need to be stopped before a directory can be deleted. So I think this is a non-issue and brought to the table only because we have that kludge of detecting a n unlinked directory on Unix. But even on Unix this is not possible to get rid of the home directory, for example if you want to umount it.

Using intptr_t works with this particular case but it does not
solve the general problem under Windows. On Windows an integer
may identify a libc file handle, a socket, and some other
objects. Despite that they are integers they are all different objects
and it is hard to distinguish them

Please provide a complete build log or at least the output of the configure run.

Sorry, it didn't made it into 2.2.11.

I guess we can close that, right?

Released: https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000432.html

• gpgsm: Fix CRL loading when intermediate certicates are not yet trusted.
• gpgsm: Fix an error message about the digest algo. [T4219]
• gpg: Fix a wrong warning due to new sign usage check introduced​ with 2.2.9. [T4014]
• gpg: Print the "data source" even for an unsuccessful keyserver query. ​
• gpg: Do not store the TOFU trust model in the trustdb. This allows to enable or disable a TOFU model without triggering a trustdb rebuild. [T4134]
• scd: Fix cases of "Bad PIN" after using "forcesig". [T4177]
• agent: Fix possible hang in the ssh handler. [T4221]
• dirmngr: Tack the unmodified mail address to a WKD request. See commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details.
• dirmngr: Tweak diagnostic about missing LDAP server file.
• dirmngr: In verbose mode print the OCSP responder id.
• dirmngr: Fix parsing of the LDAP port. [T4230]
• wks: Add option --directory/-C to the server. Always build the​ server on Unix systems.
• wks: Add option --with-colons to the client. Support sites which​ use the policy file instead of the submission-address file.
• Fix EBADF when gpg et al. are called by broken CGI scripts.
• Fix some minor memory leaks and bugs.

Looking at the GPGME code the ERROR stati don't matter because they are only used to return a better error code in case an operation failed. The specific ones are not even recognized.

No info received.

No more complaints thus time to close.

Fixed in master and 2.2.

I consider this bug to be solved.

Thanks for the report.

The T4237 fix should also fix this one.