I was wrong to fix this issue; It is specifically the issue of PKT_ENCRYPTED_AEAD packet. And we already have code to skip the data part by free_encrypted. The problem is that free_encrypted is *not* called when it was PKT_ENCRYPTED_AEAD.

Could anyone please be so kind to confirm me if when 'gpg4win-3.1.16.exe' setup completes without any error the new folders where Gpg4win and GnuPG commands can be found are prepended (so inserted at beginning) or appended (so added at the end) of already existing %PATH%) ?
I'm asking this to properly ensure that my new manually modified configuration %PATH% is indeed equivalent to an original configured one (and so far I've assumed that my manual changes should have been prepended %ProgramFiles(x86)%\Gpg4win\bin;%ProgramFiles(x86)%\GnuPG\bin;%PATH% but doing this was probably only my choice because such changes were just faster to do).

@grv87, thanks for clarification (and very interesting side thread reference you gave, indeed, also because it also gives you an idea of how system environment changes during OS startup). I precisely see your point and that's also why I said "create 2 new system variables".
I've not said this very explicitly before but for that I also meant to just create them during Gpg4win setup. When it is run, I assume we can also say that OS system environment is already in place and %PATH% should already be stable enough to consider that as a good starting point to add things. So once you can really do that (I mean add 2 new system variables), and then also ensure they're created correctly, then I can also assume that then starting to use them to update %PATH% system variable might be fine too.

@swimmerm, my 2nd comment offers some solutions for you and other users coming here with the same problem with their PATH. It should be done on user side. I don't offer to implement this in Gpg4Win installer.

@grv87 OK, many thanks indeed for confirming all this.
About your 1st comment: that's just right why I asked about it. Regarding md5sum and pinentry both must be the reason why now they decided to also add 1st path into environment while in older version wasn't there. Main issue is that because of the quite generic 'PATH env variable too big' error so far we can only assume 2047 was indeed maximum size for %PATH% Gpg4win developers have been expecting so far, while after that change from March 2012 QFE fix a definitive fix to implement in setup and rest of Gpg4win involved code will just be to enhance that maximum allowed path size to 4095 characters (BTW also checking anyway for size of %PATH% already active before setup will continue with new %PATH% changes is probably best option too).
About your 2nd & 3rd comments: thanks for those useful references. Would probably be quicker to implement, but it's still again true that maximum size expected for %PATH% will still need to increment from (likely) 2047 to 4095, plus also what you said about something "for expert users only". And even then inside README.txt (that now corresponds to %ProgramFiles(x86)%\GnuPG\README.txt or %ProgramFiles(x86)%\Gpg4win\share\gpg4win\README.en.txt or %ProgramFiles(x86)%\Gpg4win\share\gpg4win\README.it.txt) there should be at least 1 note about suggested way to do things. Problem is that because of above (March 2012) MS KB article statements '... If an existing value contains more than 2047 characters, you cannot enter additional data. However, you can delete the characters that are displayed. ...' whenever %PATH% size is over that value (always true for me even after manual %PATH% downsizing I had to do) OS UI will be of no or very little help (and by very little I intend that to overcome that OS UI limitation expert users with Admin privileges will 1st need to manually modify Path value into Registry, let's say by adding at least 1 or 2 ";" really unneeded, then just use OS UI to modify %PATH% system variable by deleting those ";" unneeded (i.e. %ProgramFiles(x86)%\Gpg4win\bin;;%ProgramFiles(x86)%\GnuPG\bin;;) and then once removed confirm with OK twice, and voilà it's done).
(P.S. BTW I just checked that so it really works fine for all applications started after that change ;-D so this might probably be best known option to document inside that README.txt.
N.B. JFYI in the past I also tried to use SETX from command line, and so I discovered that it only has a 1024 maximum characters limit after which it will just truncate any expected change that is saved anyway into selected system variable).
Otherwise, another possible approach variation but unsure if needing more coding would be to create 2 new system variables (let's say Gpg4win and GnuPG) and then add both %Gpg4win%;%GnuPG%; in front of existing %PATH% while installing, but obviously still after enhancing maximum allowed PATH size to 4095.

On the issue, I think there are several possible solutions, better than current:

1. Warn user that PATH is too big and tell him which dirs should be added manually
2. Warn user that PATH is too big but still modify it. He has to modify it with something else than UI, so it's for expert users only
3. Ask user to choose between 1 or 2

BTW, there are known solutions to manage with PATH overgrowth.

@swimmerm, look at the files installed in both dirs.
There is no gpg in %ProgramFiles(x86)%\Gpg4win\bin, it is in %ProgramFiles(x86)%\GnuPG\bin.
On the other side, md5sum and pinentry are in the first one.
So, I believe you (and I) should add both dirs to the path.

It parses wrongly. I think that we need a fix like:

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 1ee5b9a6e..7f51b263b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -725,6 +725,9 @@ proc_encrypted (CTX c, PACKET *pkt)

That looks all pretty standard. I don't know what's going on. I need to be able to replicate it here.

Hello Mr. Koch,

Somehow this looks like a bug in gettext or our usage of it. It seems as if the last characters of strings appended to translated texts are sometimes doubled as if the string was built twice, once with 1 or 2 more characters and then overwritten with a slightly shorter string. Very strange.

Sorry, I am not abale to replicate this with standard version of gpg. Hwoever, the portable version only changes the directories and nothing at the output code paths. THus I really wonder what's going on here. Note that the spaces used to indent the "mittels ..." are also missing.

Key verification: Double Number in the end of fingerprint:
The same problem, as with the portable version.

Sorry about that, I forgot to add GCC. I updated the original post with the needed information.

The keyserver network has been shutdown a couple of months ago. We can't do anything about it. The default in newer gpg versions has changed; you may put

Since the migration to a new machine with lots of config changes this spring the redirect rules for bugs.gnupg.org were not properly adjusted and when running into an error, it seems that the admin back then ignored the problem and simply removed bugs.gnupg.org from dehydrated's list of domains. Thanks again for reporting. Should now work again.

Sorry for your troubles but we need to protect against spam - a tracker flooded with spam is useless.

Sorry, I don't know which software has version 12.0.0 and which git master this is. In case this is stock libksba, please tell us at least the last commit id. Note that we in general do not support arbitrary versions from the repos but only released versions .

While I'm still waiting for anyone to possibly answer my last 'Sat, Sep 18, 6:29 PM' question I've also added there the explanation behind that question... :-)

Thank you.

Please see T5587

Tsss, requires to allow JS for Google.

LTO warnings are trashing LTO optimised binaries and that is definitelly gnupg code issiues.
Just check each two places where rowtines are defined and declared in header files.

Just FYI, see also how GnuTLS has proposed to implement the service indicator:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1465

GnuPG 2.0 reached end-of-life nearly 4 years ago. See https://gnupg.org/download/index.html#end-of-life . Same for Gpg4win. They are not maintained and its use is very risky due to unfixed bugs. Please update to a recent version.

1. >>gpg2 --version

gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3)
libgcrypt 1.6.6

Which gpg version?
Which Python library? (gnupg is pretty generic)
How does the Python library call gpg?
Are you aware that gpg uses utf8 and not Windows Unicode?

Thanks. Applied with a minor change: The string is now in a new third field.

Thanks for reporting. However, many gcc warnings produce a lot of false positives. Thus to be useful all the warnings need to be scrutinized. Let's do this for one example

OK, while I'll be awaiting for anyone to possibly answer my last T5593 'Sat, Sep 18, 6:29 PM' question, just for sake of completeness I've also been able to check that inside registry (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Gpg4win\kleopatra\Capabilities) Kleopatra icon has correct expected value so ApplicationIcon (REG_SZ) = 'C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe,0' (N.B. preceding text string into registry is obviously unquoted ). ;-D

OK, while I'll be awaiting for anyone to possibly answer my last 'Sat, Sep 18, 6:29 PM' question that I decided to re-update today, just for sake of completeness I've also been able to check more inside registry but details will only go inside T5605 since only pertinent there ;-D

Because of T3458 and other references to PATH I found in the past (see past references I added previously into this bug), could anyone please be so kind to confirm me if am I right to assume that under normal conditions (so with no PATH related errors like 'PATH env variable too big' I reported here) after proper end of 'gpg4win-3.1.16.exe' installation only following (unquoted) path string 'C:\Program Files (x86)\Gpg4win\bin;' would have been added at beginning of PATH system environment variable ?
Or if not, would new path rather have 'C:\Program Files (x86)\Gpg4win\bin;C:\Program Files (x86)\GnuPG\bin;' (always unquoted) prepended at beginning of PATH system environment variable ?
P.S. Please note that I'm only asking this to then try to properly manually set PATH system environment variable accordingly and then see if my (current) 2nd 'gpg4win-3.1.16.exe' installation can still work correctly as expected or not... ;-D

Woops, I also forgot to say that only Kleopatra icon I found on my desktop has this problem. Original folder path of Kleopatra.lnk shortcut I have on my Desktop is C:\Users\Public\Desktop.
While 'Kleopatra.lnk_' I uploaded after renaming its extension as 'lnk_' was just another copy of it I temporarily put on my own Desktop only for uploading.

I have a draft, which results in the following "API" of the name-version:

The changes do not seem to touch anything I've mentoned in (1)?

Tried and no change -- cmd window still flashes away.

Remember to always pass --batch for unattended operations.

Thanks to jaclaz@msfn.org, the workaround is to use pipe operation like:
pause|"C:\Program Files\GnuPG\bin\gpg.exe" --verify "%1"
He also confirmed that gpg.exe does interrupt batch processing, regardless what command is followed.
And I have tested in Windows 7, batch processing is not interrupted. Since this bug is WindowsXp specific, "won't fix" should be more proper.

We ran the coverity again with the new 2.3.1 release and there are couple of new stuff that I probably missed in the initial review.

Thanks. I think we are good here. If we will decide to pursuate the brainpool switch, I will open a new issue.

Two third patches are applied to master. (@werner those parts are typo fix and tests improvement, which we agreed to push.)

We can easily extend the gcry_get_config API. You can give a key or have it to return all infos. For examle
"gpgconf --show-versions" prints this about libgcrypt:

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Oh, my bad. I probably used wrong git command. Uploaded now the patches themselves:

disable-brainpool.patch is a text of list of patches.
I think the first two could be applied.
@Jakuje Could you please upload them?

gniibe: What's the state of this?

Currently I see no need to fix this for 2.2

And well, the context area of the handle is also wiped at gcry_cipher_close time. Thus any standard use of aeswrap (open,encrypt/decrypt,close) is not affected.

Good catch. Thanks. This patch should fix the leak:

@ikloecker
Thank you.
So it's a different issue.
Sorry, I was confused because after solving the gpg: can't connect to the agent I instantly got gpg: problem with the agent: End of file.

Symmetric decryption is broken in 2.3.2. See T5577: Null ptr dereference in gpg-agent (gnupg 2.3.2). Try 2.3.1.

gpg: can't connect to the agent: IPC connect call failed

This problem with portable mode in Windows can be solved by creating additional gnupg folder near bin, home, share.
I don't know why, but gpg-agent v2.3.2/2.2.30 in Windows in portable mode creates files S.gpg-agent.* in gnupg, not in home folder. And it doesn't work without gnupg folder.

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

Sorry, GnuPG proper has no context menu or any graphic user interface. You need to install Gpg4win for this. Regarding use of gpg by other programs: There has been no change - other programs need to use the status-fd/command-fd interface and that has always been defined as UTF-8 and not as any native codepage. Please ask the makers of The Bat what is going wrong there.

I have one more patch set to improve FIPS testing in test/curves.c. In the past, it was basically skipped altogether in FIPS mode. This implements more fine-grained selection of what is being tested. This is the first part.

The breakaway job notices should definitely only be emitted in verbose mode. For the other things I need to check.

Few more logs from 2.3.2 and 2.2.29 (for comparison):

I'm not sure that the portable mode is a culprit here.
Something is very wrong with gpg-agent/pinentry.
Even symmetric decryption doesn't work in 2.3.2/2.2.30: