Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Dec 29 2025

werner updated the task description for T7999: Release GnuPG 2.5.18.
Dec 29 2025, 11:49 PM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17 (security).
Dec 29 2025, 11:47 PM · CVE, gnupg, Release Info
werner updated the task description for T7995: Release GnuPG 2.5.16.
Dec 29 2025, 11:46 PM · gnupg, Release Info
werner triaged T8000: Release GnuPG 2.6.0 as Low priority.
Dec 29 2025, 11:45 PM · Release Info, gnupg
werner triaged T7999: Release GnuPG 2.5.18 as Low priority.
Dec 29 2025, 11:45 PM · gnupg, Release Info
werner triaged T7998: Release GnuPG 2.5.19 as Low priority.
Dec 29 2025, 11:44 PM · Release Info, gnupg
werner triaged T7997: Release GnuPG 2.5.20 as Low priority.
Dec 29 2025, 11:43 PM · Release Info, gnupg
werner triaged T7996: Release GnuPG 2.5.17 (security) as Low priority.
Dec 29 2025, 11:42 PM · CVE, gnupg, Release Info
werner updated the task description for T7940: Release GnuPG 2.5.15.
Dec 29 2025, 11:40 PM · gnupg, Release Info
werner added a project to T7994: Documentation: mention `status-fd` in "Programmatic use of GnuPG": gnupg.

man gpg has a WARNING section right below the RETURN Value section. The 3rd paragraph gives hints on how to use gpg with scripts etc:

Dec 29 2025, 11:37 PM · gnupg, Documentation
werner committed rDc7510282fb20: web: Fix grammar of the download page (authored by werner).
web: Fix grammar of the download page
Dec 29 2025, 9:28 PM
werner committed rD5adae412d444: Revert "swdb: GnuPG 2.5.15" (authored by werner).
Revert "swdb: GnuPG 2.5.15"
Dec 29 2025, 9:20 PM
werner added a reverting change for rDd17448d24353: swdb: GnuPG 2.5.15: rD5adae412d444: Revert "swdb: GnuPG 2.5.15".
Dec 29 2025, 9:20 PM
werner committed rGa9da315fb8d1: Revert "misc: Validate the value on the use of strtol." (authored by werner).
Revert "misc: Validate the value on the use of strtol."
Dec 29 2025, 9:18 PM
werner added a comment to T7909: Other bugs reported by 49016 et al..

The int-truncation change breaks other things. I noticed this by chance in the interactive mode due to warning noticed. Before we ever do such things again we need to have regression tests for setting preferences. Or manually check everything. Need to do a 2.5.16 tomorrow :-(

Dec 29 2025, 9:18 PM · gnupg, g10code, Bug Report
werner committed rD597e01beeb06: web: Declare 2.5 stable and 2.4 oldstable (authored by werner).
web: Declare 2.5 stable and 2.4 oldstable
Dec 29 2025, 7:22 PM
werner updated the task description for T7940: Release GnuPG 2.5.15.
Dec 29 2025, 7:16 PM · gnupg, Release Info
werner triaged T7995: Release GnuPG 2.5.16 as Normal priority.
Dec 29 2025, 7:15 PM · gnupg, Release Info
werner changed the status of T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Dec 29 2025, 7:13 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG from Open to Testing.
Dec 29 2025, 7:13 PM · gnupg, Bug Report
werner committed rDd17448d24353: swdb: GnuPG 2.5.15 (authored by werner).
swdb: GnuPG 2.5.15
Dec 29 2025, 7:12 PM
werner committed rG26c422e5bdf6: Post release updates (authored by werner).
Post release updates
Dec 29 2025, 7:10 PM
werner committed rG7ee523ac2903: Release 2.5.15 (authored by werner).
Release 2.5.15
Dec 29 2025, 7:10 PM
werner committed rD1ccc0336513f: swdb: Fix sha-2 checksum for libgpg-error (authored by werner).
swdb: Fix sha-2 checksum for libgpg-error
Dec 29 2025, 6:58 PM
werner committed rG947ea3c411f0: gpg: Deprecate the option --not-dash-escaped. (authored by werner).
gpg: Deprecate the option --not-dash-escaped.
Dec 29 2025, 6:35 PM
werner committed rGabe9bddaa72b: gpg: Fix for a recently claimed harmless keyboxd change. (authored by werner).
gpg: Fix for a recently claimed harmless keyboxd change.
Dec 29 2025, 6:08 PM
werner committed rG4ec86dca364a: po: msgmerge (authored by werner).
po: msgmerge
Dec 29 2025, 6:08 PM
werner committed rG691fa4ecbdd6: po: Update German translation (authored by werner).
po: Update German translation
Dec 29 2025, 6:08 PM
werner triaged T7900: Cleartext Signature Forgery in GnuPG as Normal priority.
Dec 29 2025, 4:54 PM · Not A Bug, OpenBSD, gnupg
werner triaged T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Normal priority.

Note using the output of --decrypt directly on the tty is a Bad Idea(tm). You won't cat arbitrary files to your tty for the same reason.

Dec 29 2025, 3:46 PM · Not A Bug, OpenPGP, gnupg
werner edited projects for T7902: OpenPGP Cleartext Signature Framework, added: FAQ, OpenPGP, Not A Bug; removed g10code, Bug Report.

https://gnupg.org/blog/20251226-cleartext-signatures.html explains why we have cleartext signatures and how you properly use them. The suggestion of the reporters to remove them entirely is a no-go because there are too many systems (open source or in-house) which rely on that format. If properly used (i.e. using --output to get the signed text) there is no problem. Anyway the suggestion has always been to use detached signatures using two files or PGP/MIME).

Dec 29 2025, 3:37 PM · Not A Bug, OpenPGP, FAQ, gnupg
werner committed rD46e85aa1a194: blog: Typo fixes (authored by werner).
blog: Typo fixes
Dec 29 2025, 1:29 PM

Dec 26 2025

werner renamed T7909: Other bugs reported by 49016 et al. from Bugs reported to Other bugs reported by 49016 et al..
Dec 26 2025, 3:50 PM · gnupg, g10code, Bug Report
werner shifted T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks from the Restricted Space space to the S1 Public space.
Dec 26 2025, 3:04 PM · Not A Bug, gnupg
werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

We need to explain and debunk this attack after its publication,

Dec 26 2025, 3:03 PM · Not A Bug, gnupg
werner shifted T7905: Radix64 Line-Truncation Enabling Polyglot Attacks from the Restricted Space space to the S1 Public space.
Dec 26 2025, 2:59 PM · gnupg, g10code, Bug Report
werner shifted T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG from the Restricted Space space to the S1 Public space.
Dec 26 2025, 2:57 PM · Not A Bug, OpenPGP, gnupg
werner shifted T7902: OpenPGP Cleartext Signature Framework from the Restricted Space space to the S1 Public space.
Dec 26 2025, 2:55 PM · Not A Bug, OpenPGP, FAQ, gnupg
werner shifted T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG from the Restricted Space space to the S1 Public space.
Dec 26 2025, 2:54 PM · gnupg, Bug Report
werner added a comment to T7900: Cleartext Signature Forgery in GnuPG.

Regarding the cleartext signature please see this piece: https://gnupg.org/blog/20251226-cleartext-signatures.html

Dec 26 2025, 2:53 PM · Not A Bug, OpenBSD, gnupg
werner shifted T7900: Cleartext Signature Forgery in GnuPG from the Restricted Space space to the S1 Public space.
Dec 26 2025, 2:52 PM · Not A Bug, OpenBSD, gnupg
werner committed rDe49f4c3c89c2: blog: Cleartext Signatures Considered Harmful (authored by werner).
blog: Cleartext Signatures Considered Harmful
Dec 26 2025, 1:33 PM

Dec 23 2025

werner committed rG81bb949755ce: keyboxd: Fix database schema migration. (authored by werner).
keyboxd: Fix database schema migration.
Dec 23 2025, 3:45 PM
werner committed rD2c03556ba350: swdb: Update gpgex to 1.1.0 (authored by werner).
swdb: Update gpgex to 1.1.0
Dec 23 2025, 2:00 PM
werner committed rG267f6db56dcc: doc: Document default symmetric algo as AES-256 (authored by werner).
doc: Document default symmetric algo as AES-256
Dec 23 2025, 1:21 PM
werner changed the status of T7983: gpg: the validity of a secret key is changed by making a certification with it from Open to Testing.
Dec 23 2025, 12:34 PM · gpd5x (gpd-5.0.0), keyboxd, Bug Report, gnupg26
werner committed rG5d0ba97c8125: Prepare NEWS (authored by werner).
Prepare NEWS
Dec 23 2025, 12:25 PM
werner committed rG1b3bb7dded18: po: Enable Georgian translation. (authored by werner).
po: Enable Georgian translation.
Dec 23 2025, 12:25 PM
werner committed rG6c1d13ac66d7: gpg: Implement skip function for keyboxd to fix a validation bug. (authored by werner).
gpg: Implement skip function for keyboxd to fix a validation bug.
Dec 23 2025, 12:25 PM
werner committed rG01eaa386ec06: keybox: Fix the not yet used uid and pk keyblock index return values. (authored by werner).
keybox: Fix the not yet used uid and pk keyblock index return values.
Dec 23 2025, 12:25 PM

Dec 22 2025

werner triaged T7983: gpg: the validity of a secret key is changed by making a certification with it as High priority.
Dec 22 2025, 5:29 PM · gpd5x (gpd-5.0.0), keyboxd, Bug Report, gnupg26
werner moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from WIP to QA on the gpd5x board.

Fixed in gpg4win-5.0.0-beta476

Dec 22 2025, 5:29 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
werner committed rW835e131c69be: Update GpgOL/Web (authored by werner).
Update GpgOL/Web
Dec 22 2025, 3:42 PM
werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.

This has likely a similar cause as T1794

Dec 22 2025, 3:14 PM · gpd5x (gpd-5.0.0), keyboxd, Bug Report, gnupg26

Dec 19 2025

werner committed rW62ff239db0ef: Allow rebuilding mingw also with older docker versions. (authored by werner).
Allow rebuilding mingw also with older docker versions.
Dec 19 2025, 3:51 PM
werner committed rWf46197466114: Merge patch-libwinpthread (authored by werner).
Merge patch-libwinpthread
Dec 19 2025, 12:57 PM

Dec 18 2025

werner placed T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server up for grabs.
Dec 18 2025, 12:11 PM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), gnupg26, Feature Request
werner moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WIP to QA on the gnupg26 board.
Dec 18 2025, 12:11 PM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), gnupg26, Feature Request
werner added a comment to T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server.

Well, I tested this again. I created a new key and saved a copy. The I updated the expiration date to 2035 and sent the key to the LDAP server. Then I deleted the updated key locally and imported the old copy. Thus I have now:

Dec 18 2025, 12:09 PM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), gnupg26, Feature Request
werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.

Yesterday I was able to reproduce it once. But despite more than a dozen more tries yesterday and this morning, I could not anymore replicate it. I tested on Unix and one oddity was that I forgot to kill the keyboxd for a clean new test and thus it could serve old keys despite that the pubring.db was already deleted (but the inode still open by keyboxd).

Dec 18 2025, 10:21 AM · gpd5x (gpd-5.0.0), keyboxd, Bug Report, gnupg26

Dec 16 2025

werner committed rXc27dc3e9b90a: Post release updates (authored by werner).
Post release updates
Dec 16 2025, 1:20 PM
werner committed rX9c7ec74d3f79: Modernize and simplify. (authored by werner).
Modernize and simplify.
Dec 16 2025, 1:20 PM
werner committed rX6f2920b6c5db: Remove an unused function. (authored by werner).
Remove an unused function.
Dec 16 2025, 1:20 PM
werner committed rW947f0bd8f273: Update GpgEX to 1.1.0 (authored by werner).
Update GpgEX to 1.1.0
Dec 16 2025, 11:51 AM

Dec 15 2025

werner added a comment to T7040: Make it possible to install GnuPG VSD and GPD in parallel.

Except for GpgEX which I am currently working on.

Dec 15 2025, 6:33 PM · gpd5x, kleopatra
werner committed rW665d316f4b00: Fix regression in NSIS 1.11 (authored by werner).
Fix regression in NSIS 1.11
Dec 15 2025, 2:15 PM

Dec 14 2025

werner added a project to T7975: Official GPGme interface/bindings for Nodejs (node): gpgme.
Dec 14 2025, 4:03 PM · gpgme, Feature Request

Dec 12 2025

werner committed rD3d69b6b34a08: swdb: gpgrt 1.58 (authored by werner).
swdb: gpgrt 1.58
Dec 12 2025, 4:02 PM
werner committed rW84d6b301346e: Update frontend packages (authored by werner).
Update frontend packages
Dec 12 2025, 3:53 PM
werner committed rW5c95eaaca2d6: Update gpgrt due to a syntax error (authored by werner).
Update gpgrt due to a syntax error
Dec 12 2025, 3:47 PM
werner updated the task description for T7970: Release GpgRT 1.58.
Dec 12 2025, 3:45 PM · gpgrt, Release Info
werner committed rEf7c8199fbf0f: Post release updates (authored by werner).
Post release updates
Dec 12 2025, 3:44 PM
werner committed rEe880193c55f0: Release 1.58 (authored by werner).
Release 1.58
Dec 12 2025, 3:44 PM
werner triaged T7974: Release GpgRT 1.59 as Normal priority.
Dec 12 2025, 3:42 PM · gpgrt, Release Info
werner committed rE421e101cf976: w32: Fix a syntax error in a non-DLL build (authored by werner).
w32: Fix a syntax error in a non-DLL build
Dec 12 2025, 11:34 AM
werner triaged T7969: GpgEX: Support concurrently running Kleopatras as Normal priority.
Dec 12 2025, 10:03 AM · gpd, vsd, gpgex

Dec 11 2025

werner committed rOeb3d2e36a5b6: Post release updates (authored by werner).
Post release updates
Dec 11 2025, 4:21 PM
werner committed rOabc19c6b3f23: Release 2.7.0 (authored by werner).
Release 2.7.0
Dec 11 2025, 4:21 PM
werner committed rO9c390aa17f39: Do not anymore use a Registry key to find the GnuPG installation. (authored by werner).
Do not anymore use a Registry key to find the GnuPG installation.
Dec 11 2025, 4:21 PM
werner committed rW59cfe5f72dbe: Update gpgol to 2.7.0 (authored by werner).
Update gpgol to 2.7.0
Dec 11 2025, 3:35 PM
werner committed rD3d0624efb34b: swdb: gpgol 2.7.0 (authored by werner).
swdb: gpgol 2.7.0
Dec 11 2025, 3:32 PM

Dec 10 2025

werner committed rWe48cb9b9e747: Update of libpng to 1.6.53 (authored by werner).
Update of libpng to 1.6.53
Dec 10 2025, 2:15 PM
werner committed rWea237a0ebb13: Release 3.3.4 (now really) (authored by werner).
Release 3.3.4 (now really)
Dec 10 2025, 2:13 PM
werner committed rW9a2596db526b: Release 3.3.4 (authored by werner).
Release 3.3.4
Dec 10 2025, 2:13 PM
werner committed rWb79007e0f42c: Update of libpng to 1.6.53 (authored by werner).
Update of libpng to 1.6.53
Dec 10 2025, 2:13 PM
werner committed rWf2dfb1452a0b: Update gpgrt to 1.57 (authored by werner).
Update gpgrt to 1.57
Dec 10 2025, 2:13 PM
werner committed rDefeeddd15330: swdb: gpgrt 1.57 (authored by werner).
swdb: gpgrt 1.57
Dec 10 2025, 1:56 PM
werner closed T7625: Release GpgRT 1.56 as Resolved.
Dec 10 2025, 1:45 PM · Release Info, gpgrt
werner updated the task description for T7847: Release GpgRT 1.57.
Dec 10 2025, 1:45 PM · Release Info, gpgrt
werner committed rE17f6b1693699: Post release updates (authored by werner).
Post release updates
Dec 10 2025, 1:42 PM
werner committed rE39d7b85a7d69: Release 1.57 (authored by werner).
Release 1.57
Dec 10 2025, 1:42 PM
werner triaged T7970: Release GpgRT 1.58 as Normal priority.
Dec 10 2025, 1:39 PM · gpgrt, Release Info
werner committed rG4350fc192251: Avoid the function name thread_init. (authored by werner).
Avoid the function name thread_init.
Dec 10 2025, 11:24 AM
werner closed T7958: Rename thread_init() function to thread_init_dirmngr() to avoid conflict on AIX as Resolved.
Dec 10 2025, 11:20 AM · AIX, gnupg, Bug Report
werner added a comment to T7969: GpgEX: Support concurrently running Kleopatras.

Indeed. We would need to add different entries to the context menu for each installation. Given that GpgEX needs to be replaced anyway and we will drop the need for a UI server socket (which is anyway only a trigger and no full communication).

Dec 10 2025, 11:10 AM · gpd, vsd, gpgex

Dec 9 2025

werner closed T5005: Unified single header file if it offers same API as Wontfix.
Dec 9 2025, 2:41 PM · libassuan, gpgrt
werner closed T7478: _gpg_close_all_fds hangs on nwer Linux systems in a simple chroot w/o /proc/self/fd as Resolved.
Dec 9 2025, 2:39 PM · Linux, gnupg, gpgrt, Bug Report
werner committed rE6fe7cf710254: argparse: gpgrt_fconcat to get the SYSCONFDIR. (authored by werner).
argparse: gpgrt_fconcat to get the SYSCONFDIR.
Dec 9 2025, 12:08 PM
werner committed rE34dba88757fe: New function gpgrt_fconcat. (authored by werner).
New function gpgrt_fconcat.
Dec 9 2025, 12:00 PM
werner added a comment to T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc.

gpgrt 1.57 will come with gpgrt_fconcat. This can be used to get the sysconfig in a portable way:

Dec 9 2025, 11:51 AM · libgcrypt, scute, gpgrt, Bug Report
First
Prev
Next