Please do not change the priority back. That is a maintainer's task. I consider this along with adding replicas of issues to a bit rude.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 16 2019
Jul 16 2019
Please do not change the priority back without discussing this with the maintainer first. Thanks.
• werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
You are partly right. I missed that we also do clean the original keyblock while updating a key. The code is
I see. I am also mostly testing with ntbtls so I was wondering about the report. Thanks for reporting and fixing.
Laurent Montel <montel@kde.org> committed rLIBKLEOe7f5774b9873: GIT_SILENT: 19.12 is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: 19.12 is open
Current situation of *.pc: static linking is not supported (yet).
It has never supported, actually, by *-config.
While I understand incorrectness, the risk in practice is not that high. So, I put this as "normal" priority.
In the current implementation of GnuPG, multiple packets of Symmetric-Key Encrypted Session Key Packet are not handled very well.
• gniibe changed the status of T4594: dirmngr appears to unilaterally import system CAs from Open to Testing.
Pushed the change to master as well as 2.2 branch.
• gniibe committed rG58e234fbeb6c: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by • gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
• gniibe committed rG75e0ec65170b: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by • gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
gpg: Fix keyring retrieval.
gpg: Improve import slowness.
Jul 15 2019
Jul 15 2019
dkg committed rGbe99eec2b105: gpg: drop import-clean from default keyserver import options (authored by dkg).
gpg: drop import-clean from default keyserver import options
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.
johnmar raised the priority of T4530: libgcrypt: POWER SHA-2 Vector Acceleration from Normal to Needs Triage.
johnmar raised the priority of T4529: libgcrypt: POWER AES Vector Acceleration from Normal to Needs Triage.
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.
The fact that import-clean modifies already-held certifications makes me think it is inappropriate to have as the default for keyserver access (see T4628 for more details).
Due to T4628, i no longer think that import-clean is a good idea by default.
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
I am proposing to backport rG33c17a8008c3ba3bb740069f9f97c7467f156b54 and rGa7a043e82555a9da984c6fb01bfec4990d904690 to STABLE-BRANCH-2-2 as they represent a significant performance improvement in several specific use cases and appear to have no downsides.
If you're on a platform that has awk available (any GNU/Linux and macOS should provide it), you can scan for the largest OpenPGP certificate in your keyring with an awk script i posted over at https://dev.gnupg.org/T3972#127356
How to find out which keys are affected?
You need to delete the flooded keys to make things go faster.
After waiting for far over an hour, Kleopatra read the keys. Now, things go faster (also in LibreOffice), but it still takes around 30 seconds, which is quite long.
gpg4win 3.1.10 did not fix this issue for me, neither in Kleopatra nor in LibreOffice.
• gniibe committed rC0147a5e69e49: tests: t-mpi-point: Remove implementation dependent checks. (authored by • gniibe).
tests: t-mpi-point: Remove implementation dependent checks.
• werner committed rC1c2cecbb35e1: sexp: Improve argument checking of sexp parser. (authored by • werner).
sexp: Improve argument checking of sexp parser.
• gniibe committed rC8a0bde8c211c: tests: t-mpi-point: Remove implementation dependent checks. (authored by • gniibe).
tests: t-mpi-point: Remove implementation dependent checks.
• werner updated subscribers of T4620: no support for multiple (yubikey) smartcards plugged in at the same time.
The card frame works received a lot of changes in master but we won't backport it to 2.2. Sorry.
• aheinecke committed rWdc4b50559737: web: Remove legal parts of signature in announcements (authored by • aheinecke).
web: Remove legal parts of signature in announcements
• aheinecke committed rW0e41f379989e: web: Remove note about problem with 3.1.10 annoucement (authored by • aheinecke).
web: Remove note about problem with 3.1.10 annoucement
drafts,openpgp-webkey-service: Typo fix
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
@gniibe, the documentation (at least on the stable branch) says that --fast-import is just a synonym for --import. is that incorrect?
Jul 14 2019
Jul 14 2019
Maybe GnuPG could display a prompt if it detects a pubring.gpg and no pubring.kbx. Something like:
• aheinecke committed rWf88df14e2363: Add pages for the Gpg4win-3.1.10 announcement (authored by • aheinecke).
Add pages for the Gpg4win-3.1.10 announcement
swdb: Gpg4win-3.1.10
web: Update for Gpg4win-3.1.10
• aheinecke added a comment to T4622: GpgOL: Possible plain text leak when opening mails in new windows.
I also tested it with Outlook 2010 and there this did not happen. So it's probably save to assume that this was a behavioral change in some more recent Outlook Version.
Bump version to 3.1.10
Update NEWS and READMEs
Update gnupg and gpgol
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4560: GpgOL: Only quick print possible for encrypted mails, as Resolved.
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4318: GpgOl: Unable to save an encrypted message to disk [gpg4win 3.1.5], as Resolved.
This was released 2019-06-15
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4569: Version 3.1.8 can not "Encrypt for others", as Resolved.
• aheinecke closed T4318: GpgOl: Unable to save an encrypted message to disk [gpg4win 3.1.5] as Resolved.
Has been released and confirmed to be working.
Fix is in, will be released with 3.1.10
• aheinecke closed T4622: GpgOL: Possible plain text leak when opening mails in new windows as Resolved.
Fix is in. Will be released with 3.1.10
swdb: gpgol-2.4.2
Auto update po files
Post release version bump
Update NEWS for todays release
• aheinecke committed rO93a90dd286f4: Add safeguard against plaintext leaks after close (authored by • aheinecke).
Add safeguard against plaintext leaks after close
• aheinecke committed rO4c3e5b54f610: Ensure passNextWrite is reset after passing it (authored by • aheinecke).
Ensure passNextWrite is reset after passing it
• aheinecke committed rOd5e60def7c12: Fix mail display when plaintext opt changes in run (authored by • aheinecke).
Fix mail display when plaintext opt changes in run
• aheinecke committed rOb194f1af15b9: Print sigsum if in debug when invalid (authored by • aheinecke).
Print sigsum if in debug when invalid
• aheinecke added a comment to T4483: GpgOL: Autosecure toggling too agressive for S/MIME users without key.
This is resolved
It turned out to be a downstream issue and the change in message class was enough from our side.
• aheinecke closed T4526: GpgOL: Forwarding a mail with attachment as crypto mail removes attachment as Resolved.
This is fixed.
This was fixed with 3.1.9
• aheinecke closed T4528: GpgOL: When forwarding a mail send might need to be pressed twice as Resolved.
This should be fixed.
• aheinecke lowered the priority of T4596: GpgOL: S/MIME Mails with invalid CRL's are not detected as signed when forwarding from Normal to Low.
Testing with the DGN certificate showed that GPGSM returns a signature verification error (invalid digest algorithm) in this case. So the signature summary is not even checked.
Jul 13 2019
Jul 13 2019
Laurent Montel <montel@kde.org> committed rKLEOPATRA4bbe96a4bce2: GIT_SILENT: Increase dependancy as discussed in release-team@ (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Increase dependancy as discussed in release-team@
Laurent Montel <montel@kde.org> committed rKLEOPATRA22a29f59c6c3: GIT_SILENT: Prepare 5.11.80 (19.08.0 beta) (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.11.80 (19.08.0 beta)
Laurent Montel <montel@kde.org> committed rLIBKLEO53ce2d4e04fa: GIT_SILENT: Prepare 5.11.80 (19.08.0 beta) (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.11.80 (19.08.0 beta)
Laurent Montel <montel@kde.org> committed rLIBKLEOc39c741b5adc: GIT_SILENT: Increase dependancy as discussed in release-team@ (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Increase dependancy as discussed in release-team@
Thanks for all the fixes! I can confirm commit dad35d65f05eb1c15589a7e4755dcae6aed2d6cf works just fine on all my machines (Linux & macOS).
Jul 12 2019
Jul 12 2019
• gniibe added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
About importing, there are two other works: repairing and trustdb update. We can figure out the difference by the --import-options of no-repair-keys and fast-import (to skip those works).
I think that both can be O(N^2) for number of signatures.
• werner added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
A linked list of 100000 items is not a usable data structure. The problem however is not the linked list but the DoS due to the number of signatures being well beyond the design limit. 1000 key signatures is already a large number and only few people have them. We need to put a limit on them.
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
with @gniibe's patches applied, i profiled the --import, since that is where the largest CPU cost remains. I tried two different times:
• werner committed rGfb1c8978f57b: scd: Remove useless GNUPG_SCD_MAIN_HEADER macro. (authored by • werner).
scd: Remove useless GNUPG_SCD_MAIN_HEADER macro.
• gniibe changed the status of T4280: gnupg doc doesn't build due to ImageMagick default policy from Open to Testing.
I disabled the dependency rules for the figures (it's only enabled for maintainers).
• gniibe committed rG58bab1a8784b: doc: Dependencies for figures are only for maintainers. (authored by • gniibe).
doc: Dependencies for figures are only for maintainers.
python: doc: Add suffix for org files.
• gniibe committed rM36428d8cf153: python: doc: Remove generated files, put rules in Makefile. (authored by • gniibe).
python: doc: Remove generated files, put rules in Makefile.
• werner added a comment to T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra.
@gniibe: We move this issue over to mail. I'll forward it to you.
• werner added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
Okay, for 100000 signature this is clearly a win if no key lookup is needed.
Laurent Montel <montel@kde.org> committed rLIBKLEO527cb53cc7f5: GIT_SILENT: Prepare 5.11.80 (19.08.0 beta) (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.11.80 (19.08.0 beta)
Fixed.