No it is not related to T4030 because that has not yet been implemented. I am just upload a beta479 which should fix problem as wel as other similar problems.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jan 2 2026
Jan 2 2026
• werner closed T8007: FTP website displays 2.4 stable, a subtask of T8006: 2.4 » 2.5 stable mentions, as Resolved.
Please use the the swdb.lst which has all the version info. The website is actually build using this info. Well, except for the README file in the FTP section. I will update that too.
Update GnupG and frontend packages
new export option keep-expired?
Jan 1 2026
Jan 1 2026
• werner committed rD18a889b403c7: web: Update current version on the main page. (authored by • werner).
web: Update current version on the main page.
Thanks for reporting. Will be fixed in a few minutes.
Dec 30 2025
Dec 30 2025
scd:openpgp: register vendor 4d52
swdb: GnuPG 2.4.9
Post release updates
Release 2.4.9
po: msgmerge
What about prolonging the expired key?
• werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000500.html on T7995: Release GnuPG 2.5.16.
web: Announce 2.5.16
Also fixed in the other active branches.
• werner closed T7906: Memory Corruption in ASCII-Armor Parsing, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
• werner committed rG4ecc5122f20e: gpg: Fix possible memory corruption in the armor parser. (authored by • werner).
gpg: Fix possible memory corruption in the armor parser.
swdb: GnuPG 2.5.16
Post release updates
Release 2.5.16
Dec 29 2025
Dec 29 2025
• werner added a project to T7994: Documentation: mention `status-fd` in "Programmatic use of GnuPG": gnupg.
man gpg has a WARNING section right below the RETURN Value section. The 3rd paragraph gives hints on how to use gpg with scripts etc:
web: Fix grammar of the download page
Revert "swdb: GnuPG 2.5.15"
• werner added a reverting change for rDd17448d24353: swdb: GnuPG 2.5.15: rD5adae412d444: Revert "swdb: GnuPG 2.5.15".
• werner committed rGa9da315fb8d1: Revert "misc: Validate the value on the use of strtol." (authored by • werner).
Revert "misc: Validate the value on the use of strtol."
The int-truncation change breaks other things. I noticed this by chance in the interactive mode due to warning noticed. Before we ever do such things again we need to have regression tests for setting preferences. Or manually check everything. Need to do a 2.5.16 tomorrow :-(
• werner committed rD597e01beeb06: web: Declare 2.5 stable and 2.4 oldstable (authored by • werner).
web: Declare 2.5 stable and 2.4 oldstable
• werner changed the status of T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
• werner changed the status of T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG from Open to Testing.
swdb: GnuPG 2.5.15
Post release updates
Release 2.5.15
• werner committed rD1ccc0336513f: swdb: Fix sha-2 checksum for libgpg-error (authored by • werner).
swdb: Fix sha-2 checksum for libgpg-error
• werner committed rG947ea3c411f0: gpg: Deprecate the option --not-dash-escaped. (authored by • werner).
gpg: Deprecate the option --not-dash-escaped.
• werner committed rGabe9bddaa72b: gpg: Fix for a recently claimed harmless keyboxd change. (authored by • werner).
gpg: Fix for a recently claimed harmless keyboxd change.
po: msgmerge
po: Update German translation
• werner triaged T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Normal priority.
Note using the output of --decrypt directly on the tty is a Bad Idea(tm). You won't cat arbitrary files to your tty for the same reason.
• werner edited projects for T7902: OpenPGP Cleartext Signature Framework, added: FAQ, OpenPGP, Not A Bug; removed g10code, Bug Report.
https://gnupg.org/blog/20251226-cleartext-signatures.html explains why we have cleartext signatures and how you properly use them. The suggestion of the reporters to remove them entirely is a no-go because there are too many systems (open source or in-house) which rely on that format. If properly used (i.e. using --output to get the signed text) there is no problem. Anyway the suggestion has always been to use detached signatures using two files or PGP/MIME).
blog: Typo fixes
Dec 26 2025
Dec 26 2025
• werner renamed T7909: Other bugs reported by 49016 et al. from Bugs reported to Other bugs reported by 49016 et al..
• werner shifted T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks from the Restricted Space space to the S1 Public space.
• werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
We need to explain and debunk this attack after its publication,
• werner shifted T7905: Radix64 Line-Truncation Enabling Polyglot Attacks from the Restricted Space space to the S1 Public space.
• werner shifted T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG from the Restricted Space space to the S1 Public space.
• werner shifted T7902: OpenPGP Cleartext Signature Framework from the Restricted Space space to the S1 Public space.
• werner shifted T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG from the Restricted Space space to the S1 Public space.
Regarding the cleartext signature please see this piece: https://gnupg.org/blog/20251226-cleartext-signatures.html
• werner shifted T7900: Cleartext Signature Forgery in GnuPG from the Restricted Space space to the S1 Public space.
• werner committed rDe49f4c3c89c2: blog: Cleartext Signatures Considered Harmful (authored by • werner).
blog: Cleartext Signatures Considered Harmful
Dec 23 2025
Dec 23 2025
keyboxd: Fix database schema migration.
swdb: Update gpgex to 1.1.0
• werner committed rG267f6db56dcc: doc: Document default symmetric algo as AES-256 (authored by • werner).
doc: Document default symmetric algo as AES-256
• werner changed the status of T7983: gpg: the validity of a secret key is changed by making a certification with it from Open to Testing.
Prepare NEWS
po: Enable Georgian translation.
• werner committed rG6c1d13ac66d7: gpg: Implement skip function for keyboxd to fix a validation bug. (authored by • werner).
gpg: Implement skip function for keyboxd to fix a validation bug.
• werner committed rG01eaa386ec06: keybox: Fix the not yet used uid and pk keyblock index return values. (authored by • werner).
keybox: Fix the not yet used uid and pk keyblock index return values.
Dec 22 2025
Dec 22 2025
• werner triaged T7983: gpg: the validity of a secret key is changed by making a certification with it as High priority.
• werner moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from WIP to QA on the gpd5x board.
Fixed in gpg4win-5.0.0-beta476
Update GpgOL/Web
• werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
This has likely a similar cause as T1794
Dec 19 2025
Dec 19 2025
• werner committed rW62ff239db0ef: Allow rebuilding mingw also with older docker versions. (authored by • werner).
Allow rebuilding mingw also with older docker versions.
Merge patch-libwinpthread
Dec 18 2025
Dec 18 2025
• werner moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WIP to QA on the gnupg26 board.
• werner added a comment to T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server.
Well, I tested this again. I created a new key and saved a copy. The I updated the expiration date to 2035 and sent the key to the LDAP server. Then I deleted the updated key locally and imported the old copy. Thus I have now:
• werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
Yesterday I was able to reproduce it once. But despite more than a dozen more tries yesterday and this morning, I could not anymore replicate it. I tested on Unix and one oddity was that I forgot to kill the keyboxd for a clean new test and thus it could serve old keys despite that the pubring.db was already deleted (but the inode still open by keyboxd).
Dec 16 2025
Dec 16 2025
Post release updates
Modernize and simplify.
Remove an unused function.
Update GpgEX to 1.1.0
Dec 15 2025
Dec 15 2025
Except for GpgEX which I am currently working on.
Fix regression in NSIS 1.11
Dec 14 2025
Dec 14 2025
Dec 12 2025
Dec 12 2025
swdb: gpgrt 1.58
Update frontend packages