- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Oct 23 2025
Looks good to me on gpg4win-5.0.0-beta395 @ win11 (gpg 2.5.13).
gpgconf does not know about the global config files. Nor does it known about things like gpg.conf-2 etc.
The changes in libkleo and kleopatra are not included in gpg4win-5.0.0-beta395. Maybe the changes in gpg make the issue less likely. This should still be tested with the complete fix.
Looks good to me on gpg4win-5.0.0-beta395 @ win11
Looks good to me on gpg4win-5.0.0-beta395 @ win11 (tested with/without keyboxd, 20 keygen rsa3072 each, with/without password)
Looks good to me on gpg4win-5.0.0-beta395 @ win11
I guess this is easy to explain:
- gpgconf/gpgme reads the LDAP server from the global config
- You add a second LDAP server (I don't think it matters if it's the same as the one from the global config or different one)
- When you save the LDAP server then gpgme/gpgconf writes both LDAP servers to the local config
- When you now read the LDAP servers you get one from the global config and two from the local config
Looks good to me on gpg4win-5.0.0-beta395 @ win11
Looks good to me on gpg4win-5.0.0-beta395 @ win11
Oct 22 2025
I'd sad we keep it as it is now (unless we see a regression). The real and only correct solution is the use of a daemon to serialize access.
Still, there is a fundamental problem with keydb locking.
- It only assures no-data-corruption.
- When a process doing write access, another process reading the resource may encounter a problem (inconsistent data read), since data could be changed while accessing.
- Currently, write access may occur with keybox compress, this means that users are not safe to invoke multiple gpg/gpgsm simultaneously (to be sure).
- It would be: only keybox compress when users explicitly ask.
- We could introduce a lock to read access... BUT naively adding a lock (both for read and write or read-multiple-write-one) results possible deadlock in gpgsm
- in gpgsm, gpgsm_walk_cert_chain and gpgsm_validate_chain access the resource of keydb in a way of:
- While it has a handle kh, by find_up routine, it may call keydb_store_cert by callback routine; The callback does write access to the resource opening another handle.
- Currently, it works because of no lock for read access and keydb_store_cert appends data at the end.
- in gpgsm, gpgsm_walk_cert_chain and gpgsm_validate_chain access the resource of keydb in a way of:
- Currently, write access may occur with keybox compress, this means that users are not safe to invoke multiple gpg/gpgsm simultaneously (to be sure).
All changes in gniibe/t7855 are pushed into master.
Oct 21 2025
Backported for VSD 3.4 since this is clearly a regression introduced with T7350 and the fix is zero risk.
Fixed. The check box has been removed from the "S/MIME Validation" tab.
Fixed and backported for VSD 3.4
That might be related to T2196 which has been hopefully fixed in 2.2.50 and also in the next 2.6. Closing this task.
That might be related to T2196 which has been hopefully fixed in 2.2.50 and also in the next 2.6. Closing this task.
Might there be a relation to T7842? But I would have thought that then all signed messages would be unaffected.