You are right. The problem is that in a development version we use an envvar to locate the programs, so there is usually no problem because the software has already been installed and the final test doesn't catch this. We should add a version check to all components to catch such problems.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Apr 22 2021
Given that we don't yet support TPM for Windows you should go ahead and apply this patch. tpm should also be removed from the list of components.
Apr 21 2021
Apr 20 2021
Apr 19 2021
Thanks, that was right in time for this weeks 2.3.1.
aheinecke: I agree, we should not port everything back just because we could do that.
Has been released with 2.3.0 and we better open a new task if problems show up with v5 key. I am pretty sure that there will be a few v5 key problems after they get in real use.
This has been released with 2.3.0 and no relevant problems have reported in the last two weeks, thus closing.
Apr 15 2021
Thank you. Merged and pushed.
Apr 14 2021
@werner No problem. Just go ahead.
Apr 13 2021
In T5393#145158, @werner wrote:Regarding the identical branches thing: This is on purpose. The function works closely together with another one which will then BUG() out. @Jakuje: If you know some meta comment to attribute this, please let me know.
Regarding the identical branches thing: This is on purpose. The function works closely together with another one which will then BUG() out. @Jakuje: If you know some meta comment to attribute this, please let me know.
@gniibe: If you don't mind I would like to steal task this from you. I have noticed a few things which could get a little code refresh in addition to the fixes.
There is couple of issues that I did not want to propose a patch for, but might require some attention:
Error: IDENTICAL_BRANCHES (CWE-398): [#def28] [important] gnupg-2.3.0/common/tlv-builder.c:353: identical_branches: The same code is executed regardless of whether "tag < 31" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced? # 351| (void)constructed; /* Not used, but passed for uniformity of such calls. */ # 352| # 353|-> if (tag < 0x1f) # 354| { # 355| buflen++;
There are also couple of reports about the function default_homedir(), which is supposed to return const char * but in reality, it sometimes allocates memory while callers do not expect it so they do not free:
Error: RESOURCE_LEAK (CWE-772): [#def11] gnupg-2.2.27/common/homedir.c:477: alloc_fn: Storage is returned from allocation function "default_homedir". gnupg-2.2.27/common/homedir.c:477: var_assign: Assigning: "newdir" = storage returned from "default_homedir()". gnupg-2.2.27/common/homedir.c:488: noescape: Resource "newdir" is not freed or pointed-to in "make_absfilename". gnupg-2.2.27/common/homedir.c:490: leaked_storage: Returning without freeing "newdir" leaks the storage that it points to. # 488| the_gnupg_homedir = make_absfilename (newdir, NULL);; # 489| xfree (tmp); # 490|-> } # 491| # 492|
Thank you. The initial run was against olderer version of gnupg (and had one issue in g10/keyedit.c -- see the new patch with fixup). Now I ran it against the version 2.3 and there are couple of more issues to be fixed (rebased on top of already applied changes and the previous commits).
Thank you.
Thank you. Applied and pushed.
Apr 12 2021
(FYI I did not notice any other errors with 2.3 so far)
Apr 10 2021
Apr 9 2021
Apr 8 2021
Apr 7 2021
Mar 28 2021
Hey @wener.. As I mentioned in the original post, there's a default-new-key-algo setting... Is it still not possible to use specify something like "rsa4096/cert,rsa4096/encr,rsa4096/sign,rsa4096/auth"?? Would love to see some progress on this. Glad to help test.
Mar 27 2021
Mar 26 2021
Mar 23 2021
The flag value is now 144 and not 146, but that extra bit (value 2) did not make sense for the option. So I think things are okay now.
Mar 22 2021
Mar 16 2021
Given that all subtasks are at least in testing state, we can close this bug.
Mar 8 2021
and item 6. Now for more testing.
Mar 7 2021
Maybe have gpg-wks-client(or also --export-filter) print a warning if the filtered result has a key expiration different than the original key? That seems the simplest way tp approach the problem.
Mar 5 2021
Items 1 to 5 have now been resolved.
That it. Things works nicely for me. Won't be backported to 2.2 because this introduces minor changes in the behaviour.
Mar 4 2021
So we now get UTF-8 argv in all GnuPG modules. Globing has been enabled for gpg using our own globing code instead of the ASCII only "int _dowildcard = 1;" mingw way.
Feb 26 2021
The show error is due a missing translation. What happened was that the translation was marked fuzzy and this marker was removed not realizing that the string really changed. The change was "...in the GnuPG system" -> "...in the %s system" which had been done to allow for different gpg names.
Feb 25 2021
Start from scratch on a german system, even when you do a gpg --version it shows it is in german. Then import a PKCS#12 container and the dialog is in english.
A wild guess is that the different envvar systems we have in use are the culprit. It is anyway time to get this straight.
Feb 23 2021
Feb 22 2021
Note that the backlog at https://dev.gnupg.org/tag/gpg23/ has quite some items and it is not yet clear which we will implement/fix first.
Feb 11 2021
For 2.3.0 we won't be able to fix all bugs./feature requests. Instead we l will solve that in the 2.3 series.
Feb 10 2021
Works for me.
dirmngr needs to be killed for this. gpgconf --kill dirmngr.
Meanwhile we introduced the keyboxd which should solve such problems. It will be marked experimental in 2.3 but I expect that it will soon be used as the default way to store keys - at least under Windows.
Won't be done because the expectations of users are different on whether they use ssh-agent or gpg-agent. And it breaks scripts
I would not all this an accident.
We have the --unwrap option which already does this. The problem here is that an addition compression layer is not removed. Therefore I will rename this report to add a feature strip things down to a signature or literal data packet..
Eventually we will move to keyboxd which is already an experimental option in 2.3. Thus we won't do anything here.
The gpg-card is more flexible than the old gpg stuff. If there is something missing we will add it over time but it does not make sense to keep this request open.
Due to better working timeouts we have mostly soolved these problems,. Further keyservers are not anymore of great use these days.
The other patches don't make sense because of future plans for dirmngr.
Feb 8 2021
Thanks for the fix.
Feb 5 2021
pubkey_cmp should be symmetric (pubkey_cmp(A,B) == - pubkey_cmp(B,A)), but it was not.
Feb 3 2021
The problem persists when using keyboxd which returns keys in a different order.
Feb 1 2021
I'm slightly against a backport as this is a behavior change for example KMail and GpgOL which use the --sender option might get different results after this change. I don't think it would be problematic but as said I have a slight preference against backporting because changing behavior of existing calls is better something for the new major release which is in its final steps for release anyway.
In T4735#135315, @werner wrote:Shall we backport this to 2.2 which is our LTS release?