Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

May 11 2023

gniibe created T6484: dll: 64-bit different name for libgcrypt, libksba, ntbtls, and gpgme.
May 11 2023, 2:22 PM
gniibe committed rGa035938216c3: common,agent,gpg,dirmngr,g13,scd,tests,tools: New spawn function. (authored by gniibe).
common,agent,gpg,dirmngr,g13,scd,tests,tools: New spawn function.
May 11 2023, 12:52 PM
gniibe committed rA9ecbd8e60c69: Deprecate ASSUAN_SYSTEM_NPTH. (authored by gniibe).
Deprecate ASSUAN_SYSTEM_NPTH.
May 11 2023, 12:11 PM
gniibe committed rA1eb66efbdd7b: Allow NULL for system_hooks. (authored by gniibe).
Allow NULL for system_hooks.
May 11 2023, 12:11 PM
gniibe committed rA620acf6fe3aa: Fix the previous commit. (authored by gniibe).
Fix the previous commit.
May 11 2023, 11:05 AM
gniibe committed rA223cc95c188a: Fix calling gpgrt_get_syscall_clamp. (authored by gniibe).
Fix calling gpgrt_get_syscall_clamp.
May 11 2023, 6:13 AM
gniibe committed rAfb5d02d76602: tests: Fix for POSIX machine. (authored by gniibe).
tests: Fix for POSIX machine.
May 11 2023, 6:09 AM

May 10 2023

gniibe committed rC33f9f0dec26d: tests: Use -no-fast-install LDFLAGS for Windows. (authored by gniibe).
tests: Use -no-fast-install LDFLAGS for Windows.
May 10 2023, 11:07 AM
gniibe committed rC501dee123efe: w32: Silence GCC warning for -Wcast-function-type. (authored by gniibe).
w32: Silence GCC warning for -Wcast-function-type.
May 10 2023, 11:07 AM
gniibe committed rA7191c125aca1: w32: Fix test header file for 64-bit Windows. (authored by gniibe).
w32: Fix test header file for 64-bit Windows.
May 10 2023, 6:57 AM
gniibe committed rAf2d829e3db02: w32: Fix pipeconnect test program for Windows. (authored by gniibe).
w32: Fix pipeconnect test program for Windows.
May 10 2023, 6:57 AM
gniibe committed rA17055e1c9953: w32: Fix the semantics of sending FD, it's Windows HANDLE. (authored by gniibe).
w32: Fix the semantics of sending FD, it's Windows HANDLE.
May 10 2023, 6:33 AM
gniibe committed rA295e33465eae: w32: Minor fixes for ifdef/endif for W32 and W64. (authored by gniibe).
w32: Minor fixes for ifdef/endif for W32 and W64.
May 10 2023, 6:33 AM

May 8 2023

gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

The change rG60963d98cfd8: gpg: Detect already compressed data also when using a pipe. for T6332 introduce IOBUF_IOCTL_PEEK.

May 8 2023, 11:10 AM · Emacs, gnupg, Bug Report
gniibe committed rA9110945ce625: Implement timeout in assuan_sock_connect_byname. (authored by gniibe).
Implement timeout in assuan_sock_connect_byname.
May 8 2023, 5:23 AM
gniibe changed the status of T3302: Allow non-blocking connect with Tor from Open to Testing.

Implemented in rA9110945ce625: Implement timeout in assuan_sock_connect_byname..

May 8 2023, 4:18 AM · libassuan
gniibe added a comment to T3302: Allow non-blocking connect with Tor.

Actually, it's not 'connect' system call, but 'CONNECT' request which matters. The use of SOCKS in libassuan is that it always connects to SOCKS server at localhost.
So, other than the special case of erroneous configuration of TOR, introducing timeout handling to the initial connection to the SOCKS server makes less sense.

May 8 2023, 4:14 AM · libassuan
gniibe added a comment to T5942: scdaemon is blocking system shutdown.

The root cause might be that the "DEVINFO --watch" command causes ...

May 8 2023, 1:55 AM · Support, scd, gpgagent

May 2 2023

gniibe added a comment to T3302: Allow non-blocking connect with Tor.

I see the point of use of int.
For backward compatibility, the semantics of 0 should remain as default timeout (let kernel decide == 120 sec, usually), -1 would be meaning immediately (only success when local).

May 2 2023, 8:00 AM · libassuan

May 1 2023

gniibe closed T6264: gpgrt-config: Support multilib MinGW-w64 as Resolved.
May 1 2023, 5:06 AM · toolchain, gpgrt
gniibe committed rG0fe99d69f0c8: dirmngr: Fix API of functions wrt their error type. (authored by gniibe).
dirmngr: Fix API of functions wrt their error type.
May 1 2023, 4:44 AM
gniibe committed rG698caf30b9f9: common: Fix parsing ECC key. (authored by gniibe).
common: Fix parsing ECC key.
May 1 2023, 4:44 AM
gniibe committed rG3cf5fc2e2f64: scd: Fix cmd_apdu on error. (authored by gniibe).
scd: Fix cmd_apdu on error.
May 1 2023, 4:44 AM
gniibe changed the status of T6476: cmd_apdu uses gpg_strerror instead of apdu_strerror from Open to Testing.

Thank you for your report. Good catch.

May 1 2023, 4:42 AM · Bug Report

Apr 29 2023

gniibe closed T6322: The warning "lower 3 bits of the secret key are not cleared" keeps showing even cv25519 key was generated by GnuPG as Resolved.

The fix is in 2.4.1.
It's not perfect fix, but it catches the problem when it's not encrypted secret key.

Apr 29 2023, 2:30 AM · gnupg24, Bug Report

Apr 28 2023

gniibe added a comment to T3302: Allow non-blocking connect with Tor.

assuan_sock_connect_byname may be extended to change the third argument (now int reserved) to unsigned int timeout.
It's a kind of API change, but ABI wise, the impact is minimum.

Apr 28 2023, 7:56 AM · libassuan

Apr 27 2023

gniibe added a comment to T4945: Windows builds use "winepath" when it is available.

I learned that Unix build environment needs Wine emulation (with winepath) for MinGW host (when uninstalled executable should run correctly).
https://www.gnu.org/software/libtool/manual/html_node/File-name-conversion.html

Apr 27 2023, 8:46 AM · gpgrt
gniibe changed the status of T6271: The old FSF address in libgcrypt source code from Open to Testing.

Fixed for libgcrypt, updating copyright notices and license files.

Apr 27 2023, 7:09 AM · Documentation, libgcrypt, Bug Report
gniibe committed rCf5284460ac4c: Update copyright notices to use URL. (authored by gniibe).
Update copyright notices to use URL.
Apr 27 2023, 7:06 AM
gniibe committed rC17a3394b47cb: Update m4 files and Makefiles. (authored by gniibe).
Update m4 files and Makefiles.
Apr 27 2023, 5:31 AM
gniibe committed rC2538430a35b0: Update license docs for FSF new address and update gcrypt.texi. (authored by gniibe).
Update license docs for FSF new address and update gcrypt.texi.
Apr 27 2023, 5:31 AM
gniibe committed rG23c56344851c: regexp: Update UnicodeData for Unicode 15.0.0. (authored by gniibe).
regexp: Update UnicodeData for Unicode 15.0.0.
Apr 27 2023, 2:12 AM

Apr 26 2023

gniibe committed rGcfb1c66ef681: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Apr 26 2023, 6:44 AM
gniibe committed rGc4a456e5ff2a: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Apr 26 2023, 6:40 AM
gniibe committed rMd44a473e2716: doc: Fix Python example code. (authored by gniibe).
doc: Fix Python example code.
Apr 26 2023, 2:18 AM
gniibe committed rS0b264b2da862: Remove a file to be generated. (authored by gniibe).
Remove a file to be generated.
Apr 26 2023, 2:12 AM
gniibe changed the status of T6466: gpgme python example code contains insecure code pattern / chmod permission race condition from Open to Testing.

@ikloecker Thanks for your comment. I put a comment in the commit.

Apr 26 2023, 1:51 AM · Python, Documentation, gpgme
gniibe committed rG0ec10fbd0d40: gpg: Fix for overridden key import. (authored by gniibe).
gpg: Fix for overridden key import.
Apr 26 2023, 1:48 AM

Apr 25 2023

gniibe added a comment to T6466: gpgme python example code contains insecure code pattern / chmod permission race condition.

So, here are fixes. I'll apply soonish.

Apr 25 2023, 7:44 AM · Python, Documentation, gpgme
gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

Sorry, the comment above is my misunderstanding.

Apr 25 2023, 6:42 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

For importing key/subkey case, it doesn't matter if the smartcard is connected or not. The data in the file will be overwritten by import.

Apr 25 2023, 6:14 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe added a comment to T6464: No error message if PIN wrong on keytocard.

I understand the issue that you don't see an important message of the error.
Possibly, for this particular case, it would be changed to tty_printf instead.

Apr 25 2023, 4:32 AM · Restricted Project

Apr 24 2023

gniibe added a comment to T6464: No error message if PIN wrong on keytocard.

What it does (in g10/card-util.c:card_store_subkey) is:

if (rc)
  log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
Apr 24 2023, 7:12 AM · Restricted Project

Apr 21 2023

gniibe committed rSfafb681eab36: doc: Building working scute.info with images. (authored by gniibe).
doc: Building working scute.info with images.
Apr 21 2023, 9:59 AM
gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

@jukivili Yes, please go ahead for both branches. Thank you.

Apr 21 2023, 5:06 AM · Debian, libgcrypt, Bug Report
gniibe committed rG762b7d07eaa8: common: Incorporate upstream changes of regexp. (authored by gniibe).
common: Incorporate upstream changes of regexp.
Apr 21 2023, 5:04 AM
gniibe committed rG464e85d43596: common: Incorporate upstream changes of regexp. (authored by gniibe).
common: Incorporate upstream changes of regexp.
Apr 21 2023, 5:04 AM
gniibe added a comment to T6455: Bug in regexp library may lead to out-of-bounds read.

I checked the upstream. For the reported issue, upstream version raises an error with REG_ERR_UNMATCHED_BRACKET.
That behavior is better (as we don't have particular reason to maintain different behavior from upstream version).
Also, I found another change from upstream for end of word check.

Apr 21 2023, 5:03 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), Bug Report

Apr 18 2023

gniibe changed the status of T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before from Open to Testing.

Pushed the change not including OK_TO_CHANGE_ERROR_BEHAVIOR part.
Note that the modification affects main key case, too.

Apr 18 2023, 2:59 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe committed rG2c1297055041: gpg: Allow overridden key import when stub exists. (authored by gniibe).
gpg: Allow overridden key import when stub exists.
Apr 18 2023, 2:57 AM

Apr 17 2023

gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

To minimize the impact of the change, I updated:

diff --git a/g10/import.c b/g10/import.c
index 1ed40a63c..345e8cc75 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2955,9 +2955,23 @@ do_transfer (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
 {
   gpg_error_t err;
   struct import_stats_s subkey_stats = {0};
+  int force = 0;
+  int already_exist = agent_probe_secret_key (ctrl, pk);
+
+#ifndef OK_TO_CHANGE_ERROR_BEHAVIOR
+  if (already_exist == 1)
+    return gpg_error (GPG_ERR_EEXIST);
+#endif
+  if (already_exist == 2)
+    {
+      if (!opt.quiet)
+        log_info (_("key %s: card reference is overridden by key material\n"),
+                  keystr_from_pk (pk));
+      force = 1;
+    }
Apr 17 2023, 4:05 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 2:50 AM · Debian, libgcrypt, Bug Report

Apr 14 2023

gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

Changes may be something like:

diff --git a/g10/import.c b/g10/import.c
index 1ed40a63c..91ff0c8ec 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2706,6 +2706,20 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
           goto leave;
         }
Apr 14 2023, 9:20 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe committed rPTHfc7ee9524991: w32: Fix npth_rwlock_destroy. (authored by gniibe).
w32: Fix npth_rwlock_destroy.
Apr 14 2023, 8:09 AM
gniibe edited projects for T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before, added: Restricted Project; removed Info Needed.
Apr 14 2023, 8:07 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe merged T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe merged task T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

Apr 13 2023

gniibe closed T5460: Migration for ABI change (newer mingw) as Resolved.
Apr 13 2023, 5:09 AM · gpg4win, Windows
gniibe added a comment to T5460: Migration for ABI change (newer mingw).

Fixed by rGfcbb849c26e9: speedo: Fix regression due to switching from gcc 8.3 to 10.2 for zlib build.

Apr 13 2023, 5:09 AM · gpg4win, Windows
gniibe closed T5897: Fix MinGW compilation error with 'struct _stat32' in common/sysutils.c from gnupg-2.3.4 as Resolved.
Apr 13 2023, 5:07 AM · gnupg24, toolchain, Feature Request, patch
gniibe closed T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, libgcrypt, Bug Report
gniibe closed T5973: libgcrypt: Minor test issues reported by coverity as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, patch, libgcrypt, Bug Report
gniibe closed T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd') as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, hppa, libgcrypt, Gentoo, Bug Report
gniibe closed T5980: compilation error libgcrypt 1.10.1 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, ppc, AIX, libgcrypt, Bug Report
gniibe closed T6432: libgcrypt - flag munging does not account for -Oz as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:40 AM · Bug Report
gniibe closed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:39 AM · backport, libgcrypt, Bug Report
gniibe closed T6239: gnugp 2.3.8 fails to build with --disable-ldap as Resolved.
Apr 13 2023, 3:37 AM · gnupg, Bug Report
gniibe closed T6384: libgcrypt link error if cipher chacha20 is not included as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:37 AM · patch, libgcrypt, Bug Report
gniibe closed T6417: FIPS service indicator regarding the public key algorithm flags and objects as Resolved.
Apr 13 2023, 3:33 AM · libgcrypt, FIPS
gniibe closed T6219: Ensure minimum key length for KDF in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:31 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF as Resolved.
Apr 13 2023, 3:31 AM · backport, libgcrypt, FIPS
gniibe closed T5512: Implement service indicators as Resolved.
Apr 13 2023, 3:22 AM · Feature Request, FIPS, libgcrypt
gniibe closed T6048: Test suite fixes with --enable-pubkey-ciphers=ecc as Resolved.
Apr 13 2023, 3:21 AM · FIPS, libgcrypt
gniibe closed T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, patch, libgcrypt, FIPS, Feature Request
gniibe closed T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, FIPS, libgcrypt
gniibe closed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:19 AM · backport, FIPS, libgcrypt, Bug Report
gniibe closed T6127: FIPS 140-3 final review comments as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6394: FIPS requires running PCT tests unconditionally as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6127: FIPS 140-3 final review comments.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6394: FIPS requires running PCT tests unconditionally.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6397: PCT failures inconsistency in regards to the FIPS error state as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6417: FIPS service indicator regarding the public key algorithm flags and objects.

Fixed in 1.10.2.

Apr 13 2023, 3:14 AM · libgcrypt, FIPS
gniibe closed T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:13 AM · libgcrypt, Feature Request, Ubuntu, Debian, FIPS
gniibe closed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode as Resolved.
Apr 13 2023, 3:12 AM · backport, libgcrypt, FIPS, Bug Report
gniibe closed T5970: gcry_mpi_invm producing wrong result as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:11 AM · backport, libgcrypt, Bug Report
gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config), a subtask of T5683: Deprecation of gpg-error-config, as Resolved.
Apr 13 2023, 3:10 AM · gpgrt
gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config) as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:10 AM · Python, gpgme
gniibe closed T6273: AM_PATH_GPGME requires preceding invocation of AM_PATH_GPG_ERROR as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:09 AM · gpgme, Bug Report
gniibe closed T6274: documentation needs update for replacing gpgme-config as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:08 AM · Documentation, gpgme, Bug Report

Apr 12 2023

gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

It is a bit complicated. Let me describe the situation.

Apr 12 2023, 10:41 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

ENOSYS is POSIX. My point is that: getrandom was introduced in Linux kernel with flags for particular purpose (differentiate use of /dev/random and /dev/urandom), but that feature has gone.
But, for FIPS behavior, RHEL and related OS use (possibly, some would say misuse) getrandom with GRND_RANDOM. This use is RHEL specific (not for other GNU/Linux). Use of getrandom is non-POSIX.

Apr 12 2023, 3:22 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Returning ENOSYS is too strict, in my opinion; Because the code in question doesn't work for machines other than CentOS/Fedora/RHEL. For other machines, it would be natural to just rely on getentropy (rather standard call).

Apr 12 2023, 2:27 AM · MacOS, libgcrypt, Bug Report

Apr 11 2023

gniibe committed rCfa21ddc158b5: random: Use getrandom only when it's appropriate. (authored by gniibe).
random: Use getrandom only when it's appropriate.
Apr 11 2023, 8:03 AM

Apr 10 2023

gniibe closed T6315: libgpg-error: argparse: empty header doesn't work well as Resolved.

Fixed in 1.47.

Apr 10 2023, 7:21 AM · Bug Report, gpgrt
gniibe added a project to T6443: ntbtls-0.3.1 does not configure against libgpg-error-1.47: ntbtls.
Apr 10 2023, 7:20 AM · ntbtls
gniibe changed the status of T6444: pinentry-1.2.1 does not configure against libgpg-error-1.47 from Open to Testing.
Apr 10 2023, 7:20 AM · pinentry
gniibe changed the status of T6442: libgcrypt-1.10.2: getrandom() is not available everywhere from Open to Testing.
Apr 10 2023, 7:19 AM · MacOS, libgcrypt, Bug Report
gniibe changed the status of T6443: ntbtls-0.3.1 does not configure against libgpg-error-1.47 from Open to Testing.
Apr 10 2023, 7:18 AM · ntbtls
First
Prev
Next