I don't know the exact procedure by FIPS, but just setting the least significant bit in the generation (after _gcry_mpi_randomize) can reduce the probability by half.

Apr 5 2022, 1:05 PM · backport, FIPS, libgcrypt, Bug Report

• ikloecker committed rKLEOPATRA228cccad5cbd: GIT_SILENT: Make gcc happy (authored by • ikloecker).

GIT_SILENT: Make gcc happy

Apr 5 2022, 12:34 PM

• werner lowered the priority of T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high) from Unbreak Now! to High.

The fix is from 2018 but was not picked up widely; see
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

Apr 5 2022, 12:14 PM · gnupg (gpg22), CVE, gpg4win

neverpanic created T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

Apr 5 2022, 11:54 AM · backport, FIPS, libgcrypt, Bug Report

bernhard added a comment to T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high).

(Werner just told me that I was mistaken and he needs to take a look. There was a mixup because of the 2018 CVE number.)

Apr 5 2022, 11:52 AM · gnupg (gpg22), CVE, gpg4win

• werner added a comment to T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high).

Sorry, that was a misunderstanding. My fault.

Apr 5 2022, 11:43 AM · gnupg (gpg22), CVE, gpg4win

• werner reopened T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high) as "Open".

Apr 5 2022, 11:39 AM · gnupg (gpg22), CVE, gpg4win

• ikloecker moved T5916: Kleopatra: Change Add E-Mail to add name and E-Mail and remove advanced mode from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Apr 5 2022, 10:51 AM · Restricted Project, kleopatra

• ikloecker changed the status of T5859: Kleopatra: Revoke own key from Open to Testing.

Apr 5 2022, 10:50 AM · kleopatra, Restricted Project

• ikloecker moved T5859: Kleopatra: Revoke own key from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Apr 5 2022, 10:50 AM · kleopatra, Restricted Project

• ikloecker added a comment to T5859: Kleopatra: Revoke own key.

"Revoke certificate" is now available in the "Certificates" menu and the context menu in the certificate list. Don't confuse it with the "Revoke certification" entry. ;-) Maybe we should reword "Revoke certification" even if for me it says exactly what it does.

Apr 5 2022, 10:49 AM · kleopatra, Restricted Project

• ikloecker committed rKLEOPATRAbbb8e56d8f7b: Do not show success message if operation was canceled (authored by • ikloecker).

Do not show success message if operation was canceled

Apr 5 2022, 10:43 AM

• ikloecker committed rKLEOPATRAfeb5db2dba27: Allow revocation of own OpenPGP keys (authored by • ikloecker).

Allow revocation of own OpenPGP keys

Apr 5 2022, 10:43 AM

• gniibe committed rA5b77d39672ac: Fix API break. (authored by • gniibe).

Fix API break.

Apr 5 2022, 10:35 AM

Jakuje created T5918: Disable RSA PKCS #1.5 encryption in FIPS mode.

Apr 5 2022, 10:31 AM · backport, libgcrypt, FIPS, Bug Report

• gniibe committed rC5f357784662a: doc: Update yat2m from libgpg-error. (authored by • gniibe).

doc: Update yat2m from libgpg-error.

Apr 5 2022, 10:19 AM

• ikloecker committed rM102024f7e656: qt,doc: Fix typo and grammar in API documentation (authored by • ikloecker).

qt,doc: Fix typo and grammar in API documentation

Apr 5 2022, 10:18 AM

• ikloecker committed rMdb532eca8ebd: cpp: Return actual error if revocation fails (authored by • ikloecker).

cpp: Return actual error if revocation fails

Apr 5 2022, 10:18 AM

• ikloecker committed rM28cdbfdccb34: cpp: Handle canceling of an edit operation (authored by • ikloecker).

cpp: Handle canceling of an edit operation

Apr 5 2022, 10:18 AM

• ikloecker committed rM4beb6f419954: cpp: Do not export symbols of the Private class (authored by • ikloecker).

cpp: Do not export symbols of the Private class

Apr 5 2022, 10:18 AM

• ikloecker committed rMc965b45bcd91: cpp: Add internal utility function for splitting strings (authored by • ikloecker).

cpp: Add internal utility function for splitting strings

Apr 5 2022, 10:18 AM

• gniibe committed rMa36d71a8e33e: core: Don't use internal __assuan functions. (authored by • gniibe).

core: Don't use internal __assuan functions.

Apr 5 2022, 7:45 AM

• gniibe committed rM110a37540187: core: Don't keep using deprecated ath_ API. (authored by • gniibe).

core: Don't keep using deprecated ath_ API.

Apr 5 2022, 7:45 AM

• gniibe committed rA9260fb12509a: build: Remove unused putc_unlocked.c. (authored by • gniibe).

build: Remove unused putc_unlocked.c.

Apr 5 2022, 6:30 AM

• gniibe committed rA0fae5823f6e6: Take advantage of gpgrt_get_syscall_clamp function. (authored by • gniibe).

Take advantage of gpgrt_get_syscall_clamp function.

Apr 5 2022, 5:11 AM

• gniibe committed rAa43090e38843: build: Fix listing m4 files. (authored by • gniibe).

build: Fix listing m4 files.

Apr 5 2022, 5:11 AM

• gniibe added a comment to T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.

GPGME has its own system hooks to provide a (different) solution for portability (Windows and POSIX).

Apr 5 2022, 3:31 AM · Feature Request, libassuan

• gniibe triaged T5917: gpg-agent: Not writing password into file as Normal priority.

Apr 5 2022, 2:29 AM · Bug Report, gpgagent

Apr 4 2022

jukivili committed rCfe891ff4a3cd: Add SM3 ARMv8/AArch64/CE assembly implementation (authored by Tianjia Zhang <tianjia.zhang@linux.alibaba.com>).

Add SM3 ARMv8/AArch64/CE assembly implementation

Apr 4 2022, 6:12 PM

• aheinecke triaged T5916: Kleopatra: Change Add E-Mail to add name and E-Mail and remove advanced mode as Normal priority.

Apr 4 2022, 10:33 AM · Restricted Project, kleopatra

• gniibe committed rG48ee11722dd0: agent:w32: Fix for use of socket. (authored by • gniibe).

agent:w32: Fix for use of socket.

Apr 4 2022, 9:48 AM

• gniibe committed rE018ea46a30cf: w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen. (authored by • gniibe).

w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen.

Apr 4 2022, 7:36 AM

• werner closed T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine as Resolved.

In fact, decent 2.2 versions (>=2.2.21) have the ability to decrypt AEAD packets - this has been implemented exactly for the case that some things get wrong at the user site. But we can't change old versions - we are not the Sirius Computer Corporation. I close this ticket because we can can't do anything if you are not able/willing to update to the latest version of the respective branch. Sorry.

Apr 4 2022, 6:43 AM · gnupg, Support

• gniibe committed rA28a40a298661: w32: Fix assuan_socket_connect_fd to be usable. (authored by • gniibe).

w32: Fix assuan_socket_connect_fd to be usable.

Apr 4 2022, 3:03 AM

LRitzdorf added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

On at least some small terminals (like the smartphone size I mentioned in my original comment), I can confirm that this is a true loop. When originally reporting the issue, one of the things I tested was repeatedly pressing the Enter key with an empty password field. In that test, the password prompt looped for the 20 or so times I continued to press Enter.

Apr 4 2022, 12:22 AM · pinentry, Bug Report

Apr 2 2022

Carlo Vanini <silhusk@gmail.com> committed rKLEOPATRA64210c7325d1: Add helper function and test (incomplete) (authored by Carlo Vanini <silhusk@gmail.com>).

Add helper function and test (incomplete)

Apr 2 2022, 11:26 AM

TonyBarganski added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

@werner
The setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1 worked!

Apr 2 2022, 1:26 AM · gnupg, Support

Apr 1 2022

• ikloecker added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

S9, etc. are short-hand IDs, for the cipher algorithms, digest algorithms, etc. Use showpref instead of pref to get the preference list in human-readable form (AES256, SHA512, etc.) instead of in expert form (cryptic IDs).

Apr 1 2022, 5:56 PM · gnupg, Support

TonyBarganski added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

Hi @werner
I had missed your earlier post quoted below on using setperf.

Apr 1 2022, 2:27 PM · gnupg, Support

dannytsen added a comment to T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature.

Hi Jussi, yes for some reason, it went missing, I was checking performance numbers and found out the line went missing. Thanks.

Apr 1 2022, 2:08 PM · ppc, libgcrypt

• ikloecker added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

Create the keys with gpg 2.2. I'm not aware of such documentation apart from the manual page of GnuPG. And, as I tried to explain, this situation isn't really different from any other software. If you create a document with the newest version of LibreOffice then you cannot expect it to look exactly the same with an older version of LibreOffice. It's your responsibility not to use new features of the new LibreOffice if you still need to use an older version on another machine.

Apr 1 2022, 1:45 PM · gnupg, Support

TonyBarganski added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

@ikloecker Thanks for the clarification (appreciated).

Apr 1 2022, 1:03 PM · gnupg, Support

• ikloecker added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

Backward compatibility means that newer versions work with data created with older versions of a program. What you are asking for is forward compatibility, i.e. you want older versions of a program to work with data created with newer versions of a program. In the extreme that would mean that gpg must not use modern encryption algorithms because old versions of gpg cannot deal with them. It should be obvious that this doesn't make any sense.

Apr 1 2022, 12:11 PM · gnupg, Support

• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

I experimented a bit. The problem is the size of button texts of the confirmation dialog, i.e. of "Yes, protection is not needed" and "Enter new passphrase". pinentry-curses checks if 3 times the size of the longest text plus a few pixels for the frame fit into the terminal's width. There can be up to 3 buttons, but in case there are only two buttons this check is too strict.

Apr 1 2022, 12:01 PM · pinentry, Bug Report

• werner triaged T5915: Allow Registry configuration of GpgEX as Normal priority.

Apr 1 2022, 11:38 AM · Restricted Project, Feature Request, gpgex

• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

Hmm, okay. Trying the same on an 80x72 terminal I can indeed reproduce a loop. Sorry, for the noise.

Apr 1 2022, 10:53 AM · pinentry, Bug Report

• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

Just one bit of additional information: Using gpg (GnuPG) 2.3.5-beta17 on a large terminal I just tried quick generating a new key with a fresh GNUPGHOME where I only set pinentry-program /usr/bin/pinentry-curses in ${GNUPGHOME}/gpg-agent.conf.

Apr 1 2022, 10:51 AM · pinentry, Bug Report

TonyBarganski added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

@ikloecker thanks for your reply.

Apr 1 2022, 9:53 AM · gnupg, Support

bernhard renamed T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals from pinentry: pinentry-curses doesn't allow to set no password or weak passwords on small terminals to pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

Apr 1 2022, 9:30 AM · pinentry, Bug Report

bernhard added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

I don't see a point in trying to make the fancy curses pinentry work on small terminals.

Apr 1 2022, 9:29 AM · pinentry, Bug Report

jukivili added a comment to T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature.

Fixed in master. I rechecked that bulk implementation passes tests with qemu-ppc64le.

Apr 1 2022, 8:55 AM · ppc, libgcrypt

jukivili committed rC29bfb3ebbc63: hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature (authored by jukivili).

hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature

Apr 1 2022, 8:54 AM

jukivili added a comment to T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature.

Looks like that line went missing in third/final version of AES-GCM patch at https://dev.gnupg.org/T5700

Apr 1 2022, 8:51 AM · ppc, libgcrypt

Laurent Montel <montel@kde.org> committed rLIBKLEO98af5bdd4b3c: GIT_SILENT: make sure that it builds without deprecated method (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: make sure that it builds without deprecated method

Apr 1 2022, 8:40 AM

Laurent Montel <montel@kde.org> committed rKLEOPATRA285677f02644: GIT_SILENT: make sure that it builds without deprecated method (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: make sure that it builds without deprecated method

Apr 1 2022, 8:28 AM

l10n daemon script <scripty@kde.org> committed rKLEOPATRAaab897455b23: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).

SVN_SILENT made messages (.desktop file) - always resolve ours

Apr 1 2022, 5:22 AM

l10n daemon script <scripty@kde.org> committed rKLEOPATRAccf5887c7511: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).

GIT_SILENT made messages (after extraction)

Apr 1 2022, 4:36 AM

• gniibe updated the task description for T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.

Apr 1 2022, 4:12 AM · Feature Request, libassuan

• gniibe triaged T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH as Normal priority.

Apr 1 2022, 4:11 AM · Feature Request, libassuan

• gniibe committed rAa054a0a7cfb0: build: Better cross build support. (authored by • gniibe).

build: Better cross build support.

Apr 1 2022, 4:00 AM

l10n daemon script <scripty@kde.org> committed rKLEOPATRA66ebd449dc5c: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).

SVN_SILENT made messages (.desktop file) - always resolve ours

Apr 1 2022, 3:59 AM

l10n daemon script <scripty@kde.org> committed rKLEOPATRA88c354874477: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).

GIT_SILENT made messages (after extraction)

Apr 1 2022, 3:06 AM

Mar 31 2022

• werner assigned T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature to jukivili.

Mar 31 2022, 10:46 PM · ppc, libgcrypt

dannytsen added a comment to T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature.

Added the HWF_PPC_ARCH_3_10 list in ppc_features[] in src/hwf-ppc.c.

Mar 31 2022, 9:55 PM · ppc, libgcrypt

All StoriesUse ResultsEdit QueryHide Query

Apr 7 2022

Apr 6 2022

Apr 5 2022

Apr 4 2022

Apr 2 2022

Apr 1 2022

Mar 31 2022

All Stories
Use Results
Edit Query
Hide Query