I reviewed this and there are actually two changes. The first chnage
is a simple string change from

Sorry, I don't understand your problem. Please explain what you did and what the (perceived) problem is. BTW, GnuPG 2.3.4 is a very old version.

Hello,
I have a hard time to agree that is the right thing for gnupg to throw an error if it successfully imported a revocation certificate for an expired key. This is a meaningful (and not useless) change even if the key is expired.

Tested again on linux with current master (at 18081e2ecf43de2be6ad5a7ca3384e1e2b66914d) and 2.2 (at 5c0383d558cc9112c4c0984a3b2a6c98b29a92ca) - still same behavior.

You should use gpg-agent's integrated ssh-agent. It is anyway much more convenient. I'll move this task to gnupg26, though.

Backported to 2.4 to go into 2.4.6

Was fixed in master with rG374195e741cf1c52daad6c07799d308c8a9f73e3 (bug tag was missing in the commit).

Fix backported to 2.4

works for 4win-Beta-64, too but removing vsd33, as this is already in vsd32

Backported for vsd33

Indeed, gpg fixes a long standing bug in that expired trusted-keys were not correctly handled. Thus this error message

I can still reproduce case 2 with gnupg 2.4. I have to check how my local setup differs from gpg4win-Beta-64.

I have confirmed that rA69069bc63e6b fixes the build on macOS.

When checking this out with gpg4win-Beta-64 I can reproduce case 1 (and of course 3) but not case 2:

Regarding triage: This is not widely encountered and a workaround exists

Passing ticket to werner to consider backports.

Also done for gpgsm in gnupg26 (master)

Thanks. Fixed in: rEd14c69a7f256: Avoid use of 'nullptr' for an identifier.

The C comittee is getting more an more absurd by adding new keywords. Breaking software for fun and funding. Workaround should be easy: Don't use the C23 option.

I found fd resource leak in gpg-agent.

• gpg-connect-agent "scd killscd" /bye seems not release a file descriptor somewhere

For the second case, I think that gcry_kdf_defive should not be called with pw="". The result of FAILURE gpg-exit 33554433 comes from the log_error after failure of gcry_kdf_derive.

The technical background is that opening the certificate details triggers an update of the certificate and this triggers an update of the drop-down. The drop-down should still keep the currently selected certificate even if it is not offered by default.

The fix should probably be backported to gnupg 2.2 and 2.4.

I confirm the fix. Using gnupg master the unit test ran 544 times without any failures or suspiciously long run time.

Good catch, @ikloecker !
I located the bug in GnuPG, and the fix is: rG71840b57f486: common: Fix a race condition in creating socketdir.

In the second case, gpg emits a FAILURE gpg-exit 33554433 status at the end. I think this makes gpgme consider the operation failed. I think this is a bug in gpg because gpg does not emit a FAILURE status if a wrong symmetric passphrase is entered.

In the first case, gpg emits a CANCELED_BY_USER status. This makes gpgme abort the operation. We may have to wait/watch for BEGIN_DECRYPTION / END_DECRYPTION.

I found one reason for the intermittently failing concurrent initial keylisting. gpgsm sometimes uses the wrong socket file to (try to) connect to gpg-agent.

I'm still seeing the same problems both with current master and 2.2

FWIW, the cache has not been implemented in 2.4 (which will be used for the next gpg4win) and thus there is no need for a fix there.

Was fixed last Thursday with commit rG69a8aefa5bf77136b77383b94e34ba784c1cce89 for 2.2 and will soon make it to master.

I can reproduce this with gnupg 2.2.45-beta27 (STABLE-BRANCH-2-2 69a8aefa) on openSUSE Tumbleweed.

systemd based Linux?

With the change, T7169 is fixed (by side-effect).

Pushed the change: rE1860f6407f83: spawn: Add new function to modify environment.

I have reproduced this with libkleo from our gpg4win/24.05 branch and with gpg (GnuPG) 2.4.6-beta102 (HEAD of STABLE-BRANCH-2-4) and current master of gpgme and all GnuPG libraries. It took just 8 runs until a unittest failed.

gpgme logs for a failed test where the keylisting with gpgsm failed

Thanks for opening a bug report. This is better for our workflow.

But the DEVINFO --watch is required to trigger this hang? Kleopatra does not use this but we see simlar hangs from time to time in the current version.

This is also relevant for VSD 3.3. Backport is not needed, but gpg4win/VSD needs to include current gpgme.

Replacing gpgrt_spawn_actions_set_environ by gpgrt_spawn_actions_set_envchange is not good, as it's exported and already used.

This is a super old bug report, this is likely fixed with a new version of Kleopatra, so I am closing this. If this happen again in the future, feel free to reopen this bug report.

This is no longer possible. The sign/encrypt button is disabled and an info box is displayed.

No reply for a very long time, so I am closing this ticket. This is likely fixed now. Feel free to reopen if this happen again.

No reply for a very long time, let's close this.

gpg4win 4 has been released with unicode support. Closing.

works for VS-Desktop-3.2.94.2-Beta (Beta for VSD 3.2.4)

I knew that we'd need something like D604 when I saw rM409e31458227, but then I forgot about it. :/

should be fixed with D604

We won't fix that for 2.2.