Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Wed, Feb 4

wiz added a project to T8084: ctype(3) API use: gnupg.
Wed, Feb 4, 11:18 AM · gnupg, Bug Report

Thu, Jan 29

timegrid added a comment to T6152: Allow giving context to gpg-agent.

Current state in gpg4win-5.0.0:

Thu, Jan 29, 4:09 PM · gnupg26, Feature Request, S/MIME
wiz added a comment to T6275: gnupg26: Improve gnupg_spawn_process function.

It seems this broke the self tests (and gpgme, and notmuch) on NetBSD: https://dev.gnupg.org/T8065

Thu, Jan 29, 2:09 PM · gnupg, libassuan, gpgrt

Tue, Jan 27

werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2026q1/000501.html on T7996: Release GnuPG 2.5.17 (security).
Tue, Jan 27, 5:52 PM · CVE, gnupg, Release Info
werner closed T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select? as Resolved.
Tue, Jan 27, 5:17 PM · gnupg, pinentry, Bug Report
werner changed the visibility for T7996: Release GnuPG 2.5.17 (security).
Tue, Jan 27, 5:11 PM · CVE, gnupg, Release Info
werner added a comment to T7996: Release GnuPG 2.5.17 (security).

This is a security update

Tue, Jan 27, 3:47 PM · CVE, gnupg, Release Info
werner renamed T7996: Release GnuPG 2.5.17 (security) from Release GnuPG 2.5.17 to Release GnuPG 2.5.17 (security).
Tue, Jan 27, 3:44 PM · CVE, gnupg, Release Info
ebo moved T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Done to gpd-5.0.0 on the gpd5x board.
Tue, Jan 27, 1:58 PM · gpd5x (gpd-5.0.0), gnupg, kleopatra

Sun, Jan 25

mfilippov added a comment to T8047: Support secure memory on Windows.

@werner I added an implementation https://dev.gnupg.org/D622
that matches Linux behavior and avoids the message about secure memory not being supported on Windows. The change is scoped to the pinentry tool and intentionally follows Linux behavior. Does this approach look reasonable to you?

Sun, Jan 25, 9:02 PM · Windows, gnupg, Feature Request
werner changed the status of T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from Open to Testing.
Sun, Jan 25, 5:02 PM · gnupg26, CVE, TPM, Bug Report
werner triaged T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select? as Low priority.
Sun, Jan 25, 4:38 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

I think "O" is a better key:

Sun, Jan 25, 4:37 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

We need to change the accelerator. Right now gpg-agent uses

Sun, Jan 25, 4:14 PM · gnupg, pinentry, Bug Report
ametzler1 created T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.
Sun, Jan 25, 7:47 AM · gnupg, pinentry, Bug Report

Fri, Jan 23

werner triaged T8047: Support secure memory on Windows as Low priority.

I don't think that we will implement that any time soon. Today we too often require more mlock-able memory than available and in this case Libgcrypt resorts to allocating new memory arenas which are not locked. This is not as worse as one might think: the majro advantage with secmem is that a free() on secmem allocated memory will also wipe that memory. A better solution has always been to use an encrypted swap/paging file. 25 years ago, it was not easy to configure but today there should be no problem and hopefully already the default.

Fri, Jan 23, 9:25 PM · Windows, gnupg, Feature Request
ebo removed a project from T4195: Fix time API in gpgme: Restricted Project.
Fri, Jan 23, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request
ebo added a comment to T4195: Fix time API in gpgme.

While key generation works now with an expiry date up to 2106-02-04, the representation on the command line is a bit ugly.

Fri, Jan 23, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request

Thu, Jan 22

gniibe renamed T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from Security (internal) - Stack-based buffer overflow in TPM2 `PKDECRYPT` to Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Thu, Jan 22, 12:33 AM · gnupg26, CVE, TPM, Bug Report

Wed, Jan 21

werner shifted T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from the Restricted Space space to the S1 Public space.
Wed, Jan 21, 12:40 PM · gnupg26, CVE, TPM, Bug Report

Tue, Jan 20

gniibe added a comment to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.

On 2026-01-20, I found the message to security@gnupg.org of:
Message-ID: 4e708880-04ac-45bc-8d16-6b585f2652a1n@aisle.com
in may spam folder. It has a 10MB long attachment. That might be one of reasons to be identified as a spam.

Tue, Jan 20, 6:42 AM · CVE, gnupg26, gpgagent, Bug Report
gniibe added a comment to T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.

Considering the current implementation (tpm2d doesn't support keyinfo like scdaemon), it would be good to check the buffer size.
(If key information is accessible easily, we can check with a specific key.)

Tue, Jan 20, 6:06 AM · gnupg26, CVE, TPM, Bug Report
gniibe created T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Tue, Jan 20, 1:54 AM · gnupg26, CVE, TPM, Bug Report
gniibe added projects to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM: gpgagent, gnupg.
Tue, Jan 20, 1:52 AM · CVE, gnupg26, gpgagent, Bug Report

Thu, Jan 15

werner set External Link to https://gnupg.org/blog/20251226-cleartext-signatures.html on T7900: Cleartext Signature Forgery in GnuPG.
Thu, Jan 15, 4:05 PM · Not A Bug, OpenBSD, gnupg
timegrid closed T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) as Resolved.

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

  • with / without keyboxd
  • quitting kleopatra / killing all processes
Thu, Jan 15, 1:06 PM · gpd5x (gpd-5.0.0), gnupg, kleopatra
ikloecker moved T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Backlog to QA on the gpd5x board.
Thu, Jan 15, 10:31 AM · gpd5x (gpd-5.0.0), gnupg, kleopatra
ikloecker changed the status of T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Open to Testing.

I think this has been resolved in Gpg4win 5.

Thu, Jan 15, 10:31 AM · gpd5x (gpd-5.0.0), gnupg, kleopatra

Fri, Jan 9

werner closed T7994: Documentation: mention `status-fd` in "Programmatic use of GnuPG" as Resolved.

Will be in the next release.

Fri, Jan 9, 2:02 PM · gnupg, Documentation
werner removed a project from T6815: PQC encryption for GnuPG: gnupg26.

it does not make sense to have a workboard item for this parent ticket.

Fri, Jan 9, 1:40 PM · OpenPGP, PQC, gnupg
timegrid closed T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled as Resolved.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Fri, Jan 9, 1:18 PM · gnupg26, gnupg
ebo closed T7491: Confusing additional pinentry on creation of new keypair with ADSK configured as Resolved.

This does not happen any more, tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 1:09 PM · gpgagent, gnupg26, gnupg
ebo closed T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Fri, Jan 9, 12:29 PM · OpenPGP, PQC, gnupg
ebo closed T7315: Allow export and import of PQC secret keys. as Resolved.

Tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 12:29 PM · gnupg26, OpenPGP, PQC, gnupg
ebo closed T7892: keyboxd: subkey listing issue with ADSKs as Resolved.

with Gpg4win-5.0.0-beta479 the listing after creating the new key with ADSK looks ok now:

Fri, Jan 9, 11:44 AM · gnupg26, Bug Report, keyboxd, gnupg
werner closed T7805: Permission denied on batch deletion of mixed (openpgp+smime) certs as Resolved.

Given that the 2.2 fix has been tested and resolved and we don't have another ticket for 2.6, we can close this one.

Fri, Jan 9, 11:07 AM · gnupg, vsd, kleopatra
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Fri, Jan 9, 11:01 AM · Not A Bug, OpenBSD, gnupg
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1 as Resolved.

Note that for exploiting this bug a second preimage attack for SHA-1 is required. This kind of attack on SHA1 is not yet possible.

Fri, Jan 9, 11:01 AM · gnupg, Bug Report

Thu, Jan 8

werner changed the status of T7892: keyboxd: subkey listing issue with ADSKs from Open to Testing.
Thu, Jan 8, 4:13 PM · gnupg26, Bug Report, keyboxd, gnupg

Wed, Jan 7

andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

So why are there different grades of failure? Why is "invalid packet" a less scary error message than "WARNING: message was not integrity protected" when both are equally bad things?

Wed, Jan 7, 4:37 PM · Not A Bug, gnupg
werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

Right. And the MDC detects this and only if says okay you get a good decryption status back.

Wed, Jan 7, 11:57 AM · Not A Bug, gnupg
andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

This warning shall only show up if a message was really modified and not in case of

a simple truncation.

Wed, Jan 7, 10:42 AM · Not A Bug, gnupg

Jan 5 2026

werner updated the task description for T7906: Memory Corruption in ASCII-Armor Parsing.
Jan 5 2026, 4:27 PM · gnupg, Bug Report
werner changed the visibility for T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
Jan 5 2026, 11:27 AM · Not A Bug, gnupg
Next