In T7627#200387, @werner wrote:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
May 19 2025
May 19 2025
• werner closed T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball as Resolved.
Problem noted in T7166
Noet that one file is missing in the released tarball; when building for RISC-V please see T7647#201164
• werner added a comment to T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball.
Patch applied.
May 16 2025
May 16 2025
(The commits had a wrong bug it in their message)
• werner committed rG23ccad05c680: gpg: Do not allow compressed key packets on import. (authored by • werner).
gpg: Do not allow compressed key packets on import.
• werner committed rG8e529f922194: gpg: Do not allow compressed key packets on import. (authored by • werner).
gpg: Do not allow compressed key packets on import.
• werner committed rG645cf7d8fc25: Revert "w32: On socket nonce mismatch close the socket." (authored by • werner).
Revert "w32: On socket nonce mismatch close the socket."
gpg: Remove unused variable.
It might be useful to have samples of compressed keys:
• werner committed rEcda4789a9f7d: Time for a new error code; this time GPG_ERR_UNEXPECTED_PACKET (authored by • werner).
Time for a new error code; this time GPG_ERR_UNEXPECTED_PACKET
No, we can't do much about this. It has always been easy to create compression bombs and the more relevant thing here is compressed signed or encrypted data. Or just compressed mails. The patch by @DemiMarie is way to complicated for what it wants to achieve and actually breaks existing use cases. For example Poppler uses GnuPG comment packets to lower its own attack surface by leaving all OpenPGP handling to gpg. The patch (or at least the version we noticed in Fedora and Debian) entirely breaks this use.
May 15 2025
May 15 2025
• werner added a comment to T7634: libgcrypt's test t-thread-local fails to link on some platforms..
Also pushed to 1.11
swdb: gpgol 2.6.1
Post release updates
Release 2.6.1
Handle non mail items in inbox events
Way too complicate and thus has a high risk of regression,
May 14 2025
May 14 2025
Rename packages.common to packages.list
• werner committed rW383eb8586161: Update Okular for gnupg >= 2.4 to the correct version. (authored by • werner).
Update Okular for gnupg >= 2.4 to the correct version.
Merge branch 'gpg4win-5-branch'
Merge branch 'gpg4win-5-branch'
• werner committed rDeffa3ea5e36e: Improve the make rules to upload sbdb.lst. (authored by • werner).
Improve the make rules to upload sbdb.lst.
swdb: gnupg 2.4.8
Post release updates.
Release 2.4.8
We have updated patches for long in the gpg4win repo and thus I close this bug.
• werner added a comment to T7589: Unable to export SSH keys for ED25519 keys generate on a SmartCard.
Using the primary key for ssh was not intended and thus not tested. I have not yet found the time too look closer at your report. Just one remark:
• werner added a project to T7589: Unable to export SSH keys for ED25519 keys generate on a SmartCard: gnupg.
May 13 2025
May 13 2025
• werner committed rGeb2a90d343a4: gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work. (authored by • werner).
gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.
• werner committed rGd5a4a2dc890e: gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work. (authored by • werner).
gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.
• werner committed rGe57a2e65d93f: gpgsm: Just print a note for an empty subject during import. (authored by • werner).
gpgsm: Just print a note for an empty subject during import.
• werner committed rGe7a9bd320561: gpgsm: Just print a note for an empty subject during import. (authored by • werner).
gpgsm: Just print a note for an empty subject during import.
• werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", a subtask of T7171: Allow for empty Subject in X.509, as Resolved.
• werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Resolved.
Meanwhile we have some support for an empty subject but gpgsm still prints an error notice. See the T7171 for more.
• werner committed rG7c2e7bcc41ad: agent: We should use a macro for the keygrip len in new code. (authored by • werner).
agent: We should use a macro for the keygrip len in new code.
May 12 2025
May 12 2025
• werner committed rC67b8da4ef627: Remove occurrences of old FSF postal address. (authored by Collin Funk via Gcrypt-devel <gcrypt-devel@gnupg.org>).
Remove occurrences of old FSF postal address.
• werner committed rC93034d649124: Fix ungrammatical use of "allow to" (authored by Paul Eggert <eggert@cs.ucla.edu>).
Fix ungrammatical use of "allow to"
• werner committed rM905bd760a99a: Add GPGME_CREATE_GROUP flag for gpgme_op_createkey and _createsubkey. (authored by • werner).
Add GPGME_CREATE_GROUP flag for gpgme_op_createkey and _createsubkey.
gpg: Fully implement the group key flag.
gpg: Fully implement the group key flag.
gpg: Fully implement the group key flag.
May 9 2025
May 9 2025
• werner committed rD7a45397df2f7: We should no use the defunc k.gnupg.net anymore. (authored by • werner).
We should no use the defunc k.gnupg.net anymore.
Update information about gnupg people.
• werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2025q2/000492.html on T7586: Release GnuPG 2.5.6.
Update distsigkey
Update distsigkey
Update distsigkey
Update the signature keys.
Announce GnuPG 2.5.6
Also update the to-be-signed DLL name.
• werner renamed T7645: Kleopatra: Encoding errors in signature verification audit log (timestamps) from Kleopatra: Encoding errors in signature verification audit log to Kleopatra: Encoding errors in signature verification audit log (timestamps).
• werner triaged T7645: Kleopatra: Encoding errors in signature verification audit log (timestamps) as Low priority.
I think we have another report on this in the tracker. The problem is indeed the ugly Windows time functions to print a string. Let me only remeber that untile a few years, Windows had the opinion that Germany is the the Westeuropäische Zeit, i.e. Portugal or the UK.
• werner added a project to T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball: riscv.
• werner added a comment to T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball.
That is quite possible because we do not have a test system for RISC-V and the make release tarbegt is not abale to verify this.
May 8 2025
May 8 2025
Fix DLL name of libpoppler.
Two patches for gpgol 2.6.0
• werner committed rW9ef029f83c22: Update to gnupg-2.5.6, Kleopatra and Okular current snapshots (authored by • werner).
Update to gnupg-2.5.6, Kleopatra and Okular current snapshots
• werner moved T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from WiP to QA on the gnupg24 board.
• werner closed T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, as Resolved.
swdb: gnupg 2.5.6
Release 2.5.6
Post release updates
• werner committed rG598296b9fc60: tests:gpgscm: Fix build error on AIX. (authored by Collin Funk via Gnupg-devel <gnupg-devel@gnupg.org>).
tests:gpgscm: Fix build error on AIX.
• werner committed rG8ba33fffe9f4: common: Add Solaris support to get_signal_name. (authored by Collin Funk via Gnupg-devel <gnupg-devel@gnupg.org>).
common: Add Solaris support to get_signal_name.
• werner committed rG1fea38669155: po: Fix misspelled italian translation for 'encrypted' (authored by Mattia Narducci via Gnupg-devel <gnupg-devel@gnupg.org>).
po: Fix misspelled italian translation for 'encrypted'
• werner added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).
I can't see any documentation that a value of 0 disables the cache. The user might have used some undefined behaviour. For example in the old code we did a housecleaning when we were idle but the new code uses a timer and another thread for flushing the cache. We could open a feature request to entire disable the cache but I bet that we will get a lot of new bug reports because users will then need to enter their passphrase too often for one operation.
May 7 2025
May 7 2025
swdb: libgcrypt 1.11.1
Update to libgcrypt 1.11.1
Update to libgcrypt 1.11.1
• werner changed the status of T7633: libgcrypt fails to build on NetBSD due to the systems bswap32 macro defintion. from Open to Testing.
• werner changed the status of T7634: libgcrypt's test t-thread-local fails to link on some platforms. from Open to Testing.
• werner added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).
Lucas Mülling commented yesterday on gnupg-devel:
May 6 2025
May 6 2025
Update NEWS
• werner committed rG9589da97e2fc: gpgsm: Always print info about certs-only message. (authored by • werner).
gpgsm: Always print info about certs-only message.
• werner committed rGe1576eee040f: scd:p15: Make signing work for Nexus cards. (authored by • werner).
scd:p15: Make signing work for Nexus cards.
Right now we have
May 5 2025
May 5 2025
• werner added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).
I doubt that this is a gpgme problem. With a gpgme log we will be able see the exact commands send to gpg and replicate this on the command line.