Page MenuHome GnuPG
Feed All Stories

Dec 7 2019

Laurent Montel <montel@kde.org> committed rLIBKLEOe90512bb63a7: GIT_SILENT: use camelcase header (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: use camelcase header
Dec 7 2019, 9:59 AM

Dec 6 2019

dkg added a comment to T4766: gpgme_signature_t relies on `unsigned long` for signature creation and expiration times.

fwiw, ensuring that overflow for either field results in ULONG_MAX (rather than wrapping around) would go a long way toward this problem being something that we can reasonably put off for another 50 years.

Dec 6 2019, 10:31 PM · gpgme, Bug Report
werner committed rGd246f317c048: sm: Add special case for expired intermediate certificates. (authored by werner).
sm: Add special case for expired intermediate certificates.
Dec 6 2019, 8:31 PM
werner committed rG8a6ecc6ff52b: dirmngr: Tell gpg about WKD looks resulting from a cache. (authored by werner).
dirmngr: Tell gpg about WKD looks resulting from a cache.
Dec 6 2019, 8:31 PM
werner closed T4684: Release GnuPG 2.2.18 as Resolved.
Dec 6 2019, 8:31 PM · Release Info, gnupg (gpg22)
werner moved T4696: Fresh certificate get's pulled into certificate chain with expired root certificate from For next release to Ready for release on the gnupg (gpg22) board.
Dec 6 2019, 8:30 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a comment to T4696: Fresh certificate get's pulled into certificate chain with expired root certificate.

I found a solution for master and 2.1.19 which minimizes the risk of regressions:

Dec 6 2019, 8:29 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a comment to T4585: pinentry-tty mishandles ctrl-C.

In case you use gpgme we have a flag which can be queried to see whether a redraw is required:

Dec 6 2019, 3:34 PM · Restricted Project, Bug Report
JJworx created T4773: Option to always permanently decrypt.
Dec 6 2019, 1:21 PM · gpg4win, gpgol, Feature Request
gv added a comment to T4585: pinentry-tty mishandles ctrl-C.

@gniibe Thank you!

Dec 6 2019, 11:18 AM · Restricted Project, Bug Report
gniibe changed the status of T4678: libassuan.pc missing include dir directive in cflags from Open to Testing.
Dec 6 2019, 5:31 AM · Restricted Project, libassuan
gniibe added a parent task for T4772: Release libgpg-error 1.37: T4498: Asan findings in tests/t-logging.c.
Dec 6 2019, 5:28 AM · Release Info, gpgrt
gniibe added a subtask for T4498: Asan findings in tests/t-logging.c: T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:28 AM · gpgrt
gniibe changed the status of T4498: Asan findings in tests/t-logging.c from Open to Testing.
Dec 6 2019, 5:28 AM · gpgrt
gniibe changed the status of T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools from Open to Testing.
Dec 6 2019, 5:27 AM · gpgrt, Feature Request
gniibe added a subtask for T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools: T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:26 AM · gpgrt, Feature Request
gniibe added a parent task for T4772: Release libgpg-error 1.37: T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools.
Dec 6 2019, 5:26 AM · Release Info, gpgrt
gniibe added a subtask for T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r: T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:25 AM · gpgrt, Feature Request
gniibe added a subtask for T4574: Change #!/bin/sh to #!/bin/bash in libgpg-error-1.36/src/gpg-error-config-test.sh: T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:25 AM · Bug Report
gniibe added a subtask for T4459: libgpg-error build issue with gawk 5.0.0: T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:25 AM · Gentoo, gpgrt, MacOS, Bug Report
gniibe added parent tasks for T4772: Release libgpg-error 1.37: T4574: Change #!/bin/sh to #!/bin/bash in libgpg-error-1.36/src/gpg-error-config-test.sh, T4459: libgpg-error build issue with gawk 5.0.0, T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r.
Dec 6 2019, 5:25 AM · Release Info, gpgrt
gniibe added a project to T4772: Release libgpg-error 1.37: Release Info.
Dec 6 2019, 5:23 AM · Release Info, gpgrt
gniibe created T4772: Release libgpg-error 1.37.
Dec 6 2019, 5:23 AM · Release Info, gpgrt
gniibe added a subtask for T4293: Add dedicated X25519 function to Libcgrypt : T4294: Release Libgcrypt 1.9.0.
Dec 6 2019, 5:22 AM · Restricted Project, libgcrypt
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4293: Add dedicated X25519 function to Libcgrypt .
Dec 6 2019, 5:22 AM · Release Info, libgcrypt
gniibe removed a parent task for T4293: Add dedicated X25519 function to Libcgrypt : T4294: Release Libgcrypt 1.9.0.
Dec 6 2019, 5:21 AM · Restricted Project, libgcrypt
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T4293: Add dedicated X25519 function to Libcgrypt .
Dec 6 2019, 5:21 AM · Release Info, libgcrypt
gniibe added a subtask for T4293: Add dedicated X25519 function to Libcgrypt : T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 5:20 AM · Restricted Project, libgcrypt
gniibe added a parent task for T4702: Deadline for the GnuPG 2.3.0 release: T4293: Add dedicated X25519 function to Libcgrypt .
Dec 6 2019, 5:20 AM · Restricted Project, gpg4win, gnupg
gniibe added a project to T4293: Add dedicated X25519 function to Libcgrypt : Restricted Project.
Dec 6 2019, 5:20 AM · Restricted Project, libgcrypt
gniibe closed T4698: Results from clang analyzer as Resolved.
Dec 6 2019, 5:11 AM · gpgrt, Bug Report
gniibe added a parent task for T4702: Deadline for the GnuPG 2.3.0 release: T4713: Bug in get_best_pubkey_byname.
Dec 6 2019, 5:09 AM · Restricted Project, gpg4win, gnupg
gniibe added a subtask for T4713: Bug in get_best_pubkey_byname: T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 5:09 AM · Restricted Project, gnupg (gpg23)
gniibe removed a parent task for T4713: Bug in get_best_pubkey_byname: T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 5:09 AM · Restricted Project, gnupg (gpg23)
gniibe removed a subtask for T4702: Deadline for the GnuPG 2.3.0 release: T4713: Bug in get_best_pubkey_byname.
Dec 6 2019, 5:09 AM · Restricted Project, gpg4win, gnupg
gniibe added a comment to T4713: Bug in get_best_pubkey_byname.

In 2.2.18, this fix is not included. (partial fix was reverted)

Dec 6 2019, 5:05 AM · Restricted Project, gnupg (gpg23)
gniibe added a parent task for T4713: Bug in get_best_pubkey_byname: T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 5:05 AM · Restricted Project, gnupg (gpg23)
gniibe added a subtask for T4702: Deadline for the GnuPG 2.3.0 release: T4713: Bug in get_best_pubkey_byname.
Dec 6 2019, 5:05 AM · Restricted Project, gpg4win, gnupg
gniibe closed T4362: Replace the exec funtions for photoids in gpg by our standard exec functions. as Resolved.
Dec 6 2019, 3:38 AM · gnupg, Feature Request
gniibe closed T4362: Replace the exec funtions for photoids in gpg by our standard exec functions., a subtask of T4417: Work needed for gnupg 2.3, as Resolved.
Dec 6 2019, 3:38 AM · gnupg (gpg23)
gniibe added a subtask for T4362: Replace the exec funtions for photoids in gpg by our standard exec functions.: T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 3:37 AM · gnupg, Feature Request
gniibe added a parent task for T4702: Deadline for the GnuPG 2.3.0 release: T4362: Replace the exec funtions for photoids in gpg by our standard exec functions..
Dec 6 2019, 3:37 AM · Restricted Project, gpg4win, gnupg
gniibe added a subtask for T4620: no support for multiple (yubikey) smartcards plugged in at the same time: T4702: Deadline for the GnuPG 2.3.0 release.
Dec 6 2019, 3:08 AM · Restricted Project, Bug Report
gniibe added a parent task for T4702: Deadline for the GnuPG 2.3.0 release: T4620: no support for multiple (yubikey) smartcards plugged in at the same time.
Dec 6 2019, 3:08 AM · Restricted Project, gpg4win, gnupg
gniibe closed T4663: libgcrypt: fix build without threads by adding an option to disable tests as Resolved.
Dec 6 2019, 3:07 AM · libgcrypt, Bug Report
gniibe closed T4280: gnupg doc doesn't build due to ImageMagick default policy as Resolved.
Dec 6 2019, 3:04 AM · gnupg, Documentation, Info Needed, Bug Report
gniibe committed rMae4d7761a15b: gpg: Avoid error diagnostics with --override-session-key when verifying (authored by dkg).
gpg: Avoid error diagnostics with --override-session-key when verifying
Dec 6 2019, 2:44 AM
gniibe closed T3464: successful decryption with session key reports failure if public key is unknown as Resolved.

Applied and pushed.

Dec 6 2019, 2:44 AM · gpgme, Bug Report
gniibe closed T3254: Decide which password limit to use and consistently use that limitation as Resolved.

The last fix was in 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9, on 2017-07-05.
And it is included from the release of 2.1.22.

Dec 6 2019, 2:26 AM · Bug Report

Dec 5 2019

Christoph Feck <cfeck@kde.org> committed rKLEOPATRA6fdd78dc18c5: Update Appstream for new release (authored by Christoph Feck <cfeck@kde.org>).
Update Appstream for new release
Dec 5 2019, 10:28 PM
werner added a comment to T4585: pinentry-tty mishandles ctrl-C.

allow-loopback-pinentry in gpg-agent.conf is actually the default. This options advises gpg-agent to accept a request for a loopback-pinentry. If you would configure no-allow-loopback-pinentry, requests from gpg to use a loopback pinentry are rejected.

Dec 5 2019, 8:57 PM · Restricted Project, Bug Report
aheinecke added a subtask for T4637: GpgOL: Encoding problems in German: T4660: Gpg4win 3.1.11.
Dec 5 2019, 1:53 PM · Restricted Project, gpgol
aheinecke added a parent task for T4660: Gpg4win 3.1.11: T4637: GpgOL: Encoding problems in German.
Dec 5 2019, 1:53 PM · Release Info, gpg4win
aheinecke closed T3961: GpgOL: Add option to prefer S/MIME over OpenPGP in autoresolution as Resolved.

I think this is now resolved.

Dec 5 2019, 1:16 PM · S/MIME, gpgol
maiden_taiwan added a comment to T4585: pinentry-tty mishandles ctrl-C.

@gniibe - Thanks for your explanation. Is --pinentry-mode=loopback the same as specifying in ~/.gnupg/gpg-agent.conf:

Dec 5 2019, 1:01 PM · Restricted Project, Bug Report
gniibe added a subtask for T3428: pinentry-curses should be able to avoid showing *s when user enters passphrase: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · pinentry, Feature Request
gniibe added parent tasks for T4659: Release Pinentry-1.1.1: T3428: pinentry-curses should be able to avoid showing *s when user enters passphrase, T4337: pinentry-fltk: Formatstring handling, T4336: pinentry-fltk: Keyboard shortcuts are not recognized, T4263: Pinentry does not support --disable-doc configure option, T3949: pinentry looks for gpg-error-config and libassuan-config in ${SYSROOT}/bin but they are in ${SYSROOT}/usr/bin, T4598: curses: dialog broken with wide characters.
Dec 5 2019, 7:35 AM · pinentry, Release Info
gniibe added a subtask for T4336: pinentry-fltk: Keyboard shortcuts are not recognized: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · pinentry, patch, Bug Report
gniibe added a subtask for T3949: pinentry looks for gpg-error-config and libassuan-config in ${SYSROOT}/bin but they are in ${SYSROOT}/usr/bin: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · Cross-Compiler, pinentry, Bug Report
gniibe added a subtask for T4263: Pinentry does not support --disable-doc configure option: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · pinentry, Bug Report
gniibe added a subtask for T4598: curses: dialog broken with wide characters: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · pinentry
gniibe added a subtask for T4337: pinentry-fltk: Formatstring handling: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:35 AM · patch, pinentry, Bug Report
gniibe added a parent task for T4659: Release Pinentry-1.1.1: T4583: pinentry-tty should accept backspace, delete, and ctrl-U.
Dec 5 2019, 7:22 AM · pinentry, Release Info
gniibe added a subtask for T4583: pinentry-tty should accept backspace, delete, and ctrl-U: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:22 AM · pinentry, Restricted Project, Bug Report
gniibe added a subtask for T4585: pinentry-tty mishandles ctrl-C: T4659: Release Pinentry-1.1.1.
Dec 5 2019, 7:20 AM · Restricted Project, Bug Report
gniibe added a parent task for T4659: Release Pinentry-1.1.1: T4585: pinentry-tty mishandles ctrl-C.
Dec 5 2019, 7:20 AM · pinentry, Release Info
gniibe renamed T4659: Release Pinentry-1.1.1 from Release Pinentry-1.0.1 to Release Pinentry-1.1.1.
Dec 5 2019, 7:14 AM · pinentry, Release Info
gniibe added a project to T4270: pinentry-curses should ring the terminal bell: gpgagent.
Dec 5 2019, 7:09 AM · gpgagent, Feature Request, pinentry
gniibe merged T2013: pinentry-curses / pinentry-tty should emit a bell when showing a dialog into T4270: pinentry-curses should ring the terminal bell.
Dec 5 2019, 7:08 AM · gpgagent, Feature Request, pinentry
gniibe merged task T2013: pinentry-curses / pinentry-tty should emit a bell when showing a dialog into T4270: pinentry-curses should ring the terminal bell.
Dec 5 2019, 7:08 AM · pinentry, Feature Request
gniibe removed a parent task for T4404: Mangled Pinentry dialog box: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 7:00 AM · Windows, pinentry, Bug Report
gniibe removed a subtask for T4771: pinentry-tty/pinentry-curses interact a user as background process: T4404: Mangled Pinentry dialog box.
Dec 5 2019, 7:00 AM · pinentry
gniibe added subtasks for T4771: pinentry-tty/pinentry-curses interact a user as background process: T4583: pinentry-tty should accept backspace, delete, and ctrl-U, T4404: Mangled Pinentry dialog box, T3779: pinentry-curses broken when launched from tig that's launched from mc, T4585: pinentry-tty mishandles ctrl-C, T4198: Pinentry doesn't capture input correctly, crashes terminal instead, T4733: pinentry-curses reveals pin.
Dec 5 2019, 6:59 AM · pinentry
gniibe added a parent task for T4583: pinentry-tty should accept backspace, delete, and ctrl-U: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · pinentry, Restricted Project, Bug Report
gniibe added a parent task for T4585: pinentry-tty mishandles ctrl-C: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · Restricted Project, Bug Report
gniibe added a parent task for T4198: Pinentry doesn't capture input correctly, crashes terminal instead: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · pinentry, Bug Report
gniibe added a parent task for T4404: Mangled Pinentry dialog box: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · Windows, pinentry, Bug Report
gniibe added a parent task for T3779: pinentry-curses broken when launched from tig that's launched from mc: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · Documentation, pinentry, Bug Report
gniibe added a parent task for T4733: pinentry-curses reveals pin: T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:59 AM · MacOS, pinentry, Bug Report
gniibe created T4771: pinentry-tty/pinentry-curses interact a user as background process.
Dec 5 2019, 6:55 AM · pinentry
gniibe added a subtask for T4770: pinentry option no-global-grab: T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
Dec 5 2019, 6:49 AM · Documentation, pinentry
gniibe added a parent task for T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication): T4770: pinentry option no-global-grab.
Dec 5 2019, 6:49 AM · pinentry, Bug Report, gpg4win
gniibe added a parent task for T2434: pinentry-gtk-2's --no-global-grab does not work as advertised: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · Bug Report, pinentry
gniibe added subtasks for T4770: pinentry option no-global-grab: T4145: pinentry-gnome3 grabs input partially and ignores grab/no-grab option, T4587: pinentry-gnome3 grabs input (is system modal) despite`--no-global-grab` or `OPTION no-grab`, T2434: pinentry-gtk-2's --no-global-grab does not work as advertised, T4143: pinentry-fltk does not grab input when requesting pin for authentication, T4147: pinentry-efl does not grab input when requesting pin for authentication.
Dec 5 2019, 6:42 AM · Documentation, pinentry
gniibe added a parent task for T4143: pinentry-fltk does not grab input when requesting pin for authentication: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · Bug Report, pinentry
gniibe added a parent task for T4147: pinentry-efl does not grab input when requesting pin for authentication: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · Bug Report, pinentry
gniibe added a parent task for T4145: pinentry-gnome3 grabs input partially and ignores grab/no-grab option: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · Documentation, pinentry
gniibe added a parent task for T4587: pinentry-gnome3 grabs input (is system modal) despite`--no-global-grab` or `OPTION no-grab`: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · gpgagent, pinentry
gniibe created T4770: pinentry option no-global-grab.
Dec 5 2019, 6:41 AM · Documentation, pinentry
gniibe added a comment to T4256: gpg-agent: Spurious pinentries for an already unlocked key when decryption OpenPGP in 10 threads.

My analysis is that it's not a race condition but... it's about secure memory.
It is true that we have a race condition between putting an entry to cache after pinentry interaction _and_ next examining cache to invoke pinentry. But for this test case, the gpg process of unlock the key (and cache the passphrase) is finished before running the run-threaded command.

Dec 5 2019, 6:33 AM · gnupg, gpgagent
gniibe closed T3949: pinentry looks for gpg-error-config and libassuan-config in ${SYSROOT}/bin but they are in ${SYSROOT}/usr/bin as Resolved.

I believe the problem was fixed in the master of pinentry with newer gpg-error-config and libassuan-config which support cross build better.

Dec 5 2019, 3:19 AM · Cross-Compiler, pinentry, Bug Report
gniibe added a comment to T2434: pinentry-gtk-2's --no-global-grab does not work as advertised.

Confirmed that the support of --no-global-grab doesn't work well.

Dec 5 2019, 3:16 AM · Bug Report, pinentry
gniibe committed rPedbd0d61b35f: gtk: Remove support of old GTK+2 (< 2.12.0). (authored by gniibe).
gtk: Remove support of old GTK+2 (< 2.12.0).
Dec 5 2019, 2:31 AM
gniibe committed rP099b79fc2d66: build: Require newer GTK+2 (>= 2.12.0). (authored by gniibe).
build: Require newer GTK+2 (>= 2.12.0).
Dec 5 2019, 2:31 AM
gniibe closed T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry as Resolved.
Dec 5 2019, 1:57 AM · Bug Report, gpgagent
gniibe added a comment to T4585: pinentry-tty mishandles ctrl-C.

My message above is: The reported issue of ^C was fixed in pinentry-tty and GnuPG in master branch. Please test that fixes.

Dec 5 2019, 1:10 AM · Restricted Project, Bug Report
gniibe added a comment to T4585: pinentry-tty mishandles ctrl-C.

Please note that pinentry-tty/curses is a kind of emulation of CLI user interface, it's not the real one (I'm going to explain in the next paragraph).
It is, by any means, not robust, as users would expect, from the implementation's view. It only works specific simple use cases (while I do my best to stabilize it in master branch of GnuPG).

Dec 5 2019, 12:52 AM · Restricted Project, Bug Report

Dec 4 2019

werner triaged T4769: gnupg:passphrase for new key asked three times as Normal priority.

That is actually a GnuPG thing. We originally did it this way to help people remember their passphrase before they start using the key. I agree it is annoying and I would like to remove it too. At the same time we should really think about making no-passphrase the default and require it only with certain compliance settings.

Dec 4 2019, 7:54 PM · gnupg24, gpgagent, gnupg (gpg23), Bug Report, gpg4win
dkg added a comment to T4766: gpgme_signature_t relies on `unsigned long` for signature creation and expiration times.

The most plausible fix to the Y2K38 problem on 32-bit machines is to simply move to a 64-bit time_t at the same time as any other major system-wide ABI break. However, if that ABI break doesn't also change the size of long to more than 32 bits, GPGME will remain unfixed in spite of any architectural correction.

Dec 4 2019, 4:42 PM · gpgme, Bug Report
werner closed T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets) as Resolved.

Fixed for 2.2.19 and master

Dec 4 2019, 4:28 PM · gnupg (gpg22), wkd, Bug Report