Page MenuHome GnuPG
Feed Advanced Search

Thu, Jun 23

werner added a comment to T6035: Portability issue: ftruncate.

ACK. P[ease add it also to 2.2.

Thu, Jun 23, 10:50 AM · Testing, gpgagent, gnupg
werner added a subtask for T6020: Make %-expandos available for --default-keyserver-url: T6040: Allow embedding preferred keyserver URL in signatures.
Thu, Jun 23, 10:47 AM · Feature Request, gnupg (gpg23), Keyserver
gniibe added a project to T6035: Portability issue: ftruncate: Testing.
Thu, Jun 23, 4:27 AM · Testing, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

Even if it is only a single case (of old version of Wine), I think that it is worth to add es_fflush when writing to file.

Thu, Jun 23, 4:05 AM · Testing, gpgagent, gnupg
Saklad5 changed the edit policy for T6020: Make %-expandos available for --default-keyserver-url.
Thu, Jun 23, 1:18 AM · Feature Request, gnupg (gpg23), Keyserver
Saklad5 changed the edit policy for T6040: Allow embedding preferred keyserver URL in signatures.
Thu, Jun 23, 1:18 AM · gnupg (gpg23), Feature Request, Keyserver

Wed, Jun 22

Saklad5 created T6040: Allow embedding preferred keyserver URL in signatures.
Wed, Jun 22, 11:23 PM · gnupg (gpg23), Feature Request, Keyserver
Saklad5 raised the priority of T6020: Make %-expandos available for --default-keyserver-url from Wishlist to Needs Triage.
Wed, Jun 22, 11:02 PM · Feature Request, gnupg (gpg23), Keyserver

Tue, Jun 21

gniibe added a comment to T6035: Portability issue: ftruncate.

Looking illumos-gate, Solaris variants have no issues.

Tue, Jun 21, 12:46 PM · Testing, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.

Tue, Jun 21, 10:35 AM · Testing, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

I created minimized test:

Tue, Jun 21, 4:38 AM · Testing, gpgagent, gnupg

Mon, Jun 20

DemiMarie abandoned D555: g10: Disallow compressed signatures and certificates.

Closing in favor of D556.

Mon, Jun 20, 6:41 PM · gnupg
DemiMarie added a revision to T5993: gpg should reject compressed packets outside of messages: D556: Disallow compressed signatures and certificates.
Mon, Jun 20, 6:32 PM · Feature Request, gnupg
werner triaged T6035: Portability issue: ftruncate as Normal priority.
Mon, Jun 20, 1:08 PM · Testing, gpgagent, gnupg
werner added a comment to T6035: Portability issue: ftruncate.

iirc, we use ftruncate for ages now. The problem with the name ftruncate is that it looks to similar to the stdio functions. But sure, things should be flushed first.

Mon, Jun 20, 12:59 PM · Testing, gpgagent, gnupg
gniibe added projects to T6035: Portability issue: ftruncate: gnupg, gpgagent.
Mon, Jun 20, 10:33 AM · Testing, gpgagent, gnupg
werner removed a reviewer for D555: g10: Disallow compressed signatures and certificates: gniibe.
Mon, Jun 20, 8:05 AM · gnupg

Sat, Jun 18

DemiMarie edited reviewers for D555: g10: Disallow compressed signatures and certificates, added: gniibe; removed: sergei, gp_ast.
Sat, Jun 18, 1:38 AM · gnupg
DemiMarie added reviewers for D555: g10: Disallow compressed signatures and certificates: sergei, gp_ast.
Sat, Jun 18, 1:35 AM · gnupg
DemiMarie removed a reviewer for D555: g10: Disallow compressed signatures and certificates: werner.
Sat, Jun 18, 1:34 AM · gnupg

Fri, Jun 17

DemiMarie updated the summary of D555: g10: Disallow compressed signatures and certificates.
Fri, Jun 17, 8:37 PM · gnupg
DemiMarie added a comment to D555: g10: Disallow compressed signatures and certificates.

Compressed packets in detached signatures and/or certificates have never been permitted by any version of the standard.

Fri, Jun 17, 8:36 PM · gnupg
DemiMarie updated subscribers of D555: g10: Disallow compressed signatures and certificates.
In D555#5569, @werner wrote:

Sorry, there is no padding packet in OpenPGP. Please do no try to push ideas from that crypto-refresh-06 thing into GnuPG. We continue to follow the last draft with consesus, which is rfc4880bis-10.

Fri, Jun 17, 8:26 PM · gnupg
DemiMarie updated the diff for D555: g10: Disallow compressed signatures and certificates.
Fri, Jun 17, 8:21 PM · gnupg

Thu, Jun 16

DemiMarie added a comment to T6031: Creating an overlong notation hits a fatal error..

{please add comments instead of adding the description - a changed description makes it hard to understand follow up comments. I will change the title, though for clarity.]

Thu, Jun 16, 7:19 PM · Bug Report, gnupg
werner resigned from D555: g10: Disallow compressed signatures and certificates.
Thu, Jun 16, 6:58 PM · gnupg
werner requested changes to D555: g10: Disallow compressed signatures and certificates.

Sorry, there is no padding packet in OpenPGP. Please do no try to push ideas from that crypto-refresh-06 thing into GnuPG. We continue to follow the last draft with consesus, which is rfc4880bis-10.

Thu, Jun 16, 6:56 PM · gnupg
werner renamed T6031: Creating an overlong notation hits a fatal error. from Creating an overlong notation crashes gpg to Creating an overlong notation hits a fatal error..
Thu, Jun 16, 6:54 PM · Bug Report, gnupg
werner triaged T6031: Creating an overlong notation hits a fatal error. as Wishlist priority.

The length limit of the signature sub packets are not reasy to pre-compute. Better to have a fatal error than a corrupt message. I am not sure whether we want to change this to a regualar error message - at that point we anyway need to stop.

Thu, Jun 16, 6:54 PM · Bug Report, gnupg
DemiMarie edited projects for D555: g10: Disallow compressed signatures and certificates, added: gnupg; removed g10.
Thu, Jun 16, 6:53 PM · gnupg
DemiMarie added a revision to T5993: gpg should reject compressed packets outside of messages: D555: g10: Disallow compressed signatures and certificates.
Thu, Jun 16, 6:53 PM · Feature Request, gnupg
DemiMarie reopened T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` as "Open".

Reopening as it appears this issue was closed based on an incorrect understanding of what it is.

Thu, Jun 16, 3:20 PM · g10, Bug Report

Tue, Jun 14

werner closed T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire as Resolved.
Tue, Jun 14, 8:05 AM · can't replicate, gnupg

Mon, Jun 13

ikloecker added a comment to T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.

The original description of the problem seems to be wrong. gpg-agent does not have a KEYPARAM command. If I understand correctly then gpg-agent sends a KEYPARAM inquiry to the client, but you are sending KEYPARAM to the server.

Mon, Jun 13, 9:05 AM · can't replicate, gnupg

Sat, Jun 11

werner added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

FWIW, on Unix is common to describe options as given on the standard shell.

Sat, Jun 11, 1:09 PM · g10, Bug Report

Fri, Jun 10

DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

The quotes are irrelevant because they are evaluated by the shell and don't make a difference here.

Fri, Jun 10, 11:59 PM · g10, Bug Report
werner added a comment to T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.

No crash here

Fri, Jun 10, 11:50 PM · can't replicate, gnupg
DemiMarie added a reviewer for D555: g10: Disallow compressed signatures and certificates: werner.
Fri, Jun 10, 9:44 PM · gnupg
DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

For clarification, the strings I have provided are raw argv elements as would be passed to execve(), with quoting already removed.

Fri, Jun 10, 10:24 AM · g10, Bug Report
DemiMarie renamed T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire from gpg-agent segfaults if it receives an invalid response to a KEYPARAMS inquire to gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.
Fri, Jun 10, 10:21 AM · can't replicate, gnupg
werner closed T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` as Wontfix.

The quotes are irrelevant because they are evaluated by the shell and don't make a difference here. A Unix shell is different than Windows cmd.exe.

Fri, Jun 10, 10:17 AM · g10, Bug Report
werner added a comment to T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.

Please provide a more verbose report.

Fri, Jun 10, 10:14 AM · can't replicate, gnupg
DemiMarie created T6024: gpg-agent segfaults if it receives an invalid response to a KEYPARAM inquire.
Fri, Jun 10, 4:14 AM · can't replicate, gnupg
DemiMarie added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

I am using GnuPG 2.3.4 on Fedora Linux. I am referring to --list-options=show-sig-subpackets="100"a (note the quotes). The bug is that the character after the trailing close quote is ignored, rather than being treated as an invalid option and causing an error. That is, I would expect show-sig-subpackets="100"a to be parsed as show-sig-subpackets="100",a or be an error.

Fri, Jun 10, 4:10 AM · g10, Bug Report

Thu, Jun 9

werner added a comment to T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.

Please explain what you mean by this. Which GnuPG version, which OS, which shell, what is the problem.

Thu, Jun 9, 2:31 PM · g10, Bug Report
werner changed the edit policy for T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.
Thu, Jun 9, 2:26 PM · g10, Bug Report
DemiMarie created T6021: GPG misparses `--list-options=show-sig-subpackets="100"a`.
Thu, Jun 9, 8:53 AM · g10, Bug Report
peterglen added a comment to T1297: [2.0.16] Makefile fails to create audit-events.h..

Added --enable-maintainer-mode to ./configure

Thu, Jun 9, 2:08 AM · Too Old, Bug Report, gnupg
Saklad5 triaged T6020: Make %-expandos available for --default-keyserver-url as Wishlist priority.
Thu, Jun 9, 12:41 AM · Feature Request, gnupg (gpg23), Keyserver

Jun 2 2022

werner triaged T6011: Windows tool to recursively encrypt all files. as Normal priority.
Jun 2 2022, 9:03 AM · Feature Request, Restricted Project, gnupg

May 27 2022

sergi added a watcher for gnupg: sergi.
May 27 2022, 10:08 PM
srgblnchtrn removed a watcher for gnupg: srgblnchtrn.
May 27 2022, 10:06 PM

May 25 2022

gniibe added a parent task for T5099: Confirmation dialog for remote access (restricted extra socket): T5702: Display prompt to user when YubiKey is waiting for touch confirmation.
May 25 2022, 1:03 PM · Feature Request, Testing, gnupg

May 23 2022

werner triaged T5993: gpg should reject compressed packets outside of messages as Low priority.
May 23 2022, 8:14 AM · Feature Request, gnupg

May 22 2022

werner closed T5994: LC_ALL=C gpg should produce ASCII-only output as Wontfix.

Sorry, no. Use cat(1) for such translations.

May 22 2022, 11:29 AM · gnupg
DemiMarie created T5994: LC_ALL=C gpg should produce ASCII-only output.
May 22 2022, 12:42 AM · gnupg

May 20 2022

gniibe added a parent task for T5099: Confirmation dialog for remote access (restricted extra socket): T5984: gpg-agent interaction improvement (smartcard improvement #3).
May 20 2022, 6:53 AM · Feature Request, Testing, gnupg

May 19 2022

gniibe added projects to T5099: Confirmation dialog for remote access (restricted extra socket): Testing, Feature Request.
May 19 2022, 7:40 AM · Feature Request, Testing, gnupg
gniibe added a comment to T5099: Confirmation dialog for remote access (restricted extra socket).

Part 2 patch is pushed, with a bit of change.
A user needs to specify "Confirm" flag in the key file.

May 19 2022, 7:40 AM · Feature Request, Testing, gnupg
gniibe added a comment to T5099: Confirmation dialog for remote access (restricted extra socket).

Part 1 patch is pushed.

May 19 2022, 7:08 AM · Feature Request, Testing, gnupg

May 18 2022

werner closed T5981: --output-type raw inconsistent output as Resolved.

That is expected. The export re-encrypts the secret parts to comply with the OpenPGP specs and this includes a salt andf IV and thus the output must be different.

May 18 2022, 8:56 AM · Support, gnupg

May 17 2022

gniibe added a project to T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s): Testing.

To detect these kinds of bugs, possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized

May 17 2022, 3:34 AM · Testing, backport, gnupg, scd, patch
gniibe claimed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).

The bug was there when it was initially written. It was in 2003, which introduced PC/SC in rG1bcf8ef9dea1: Cleanups, fixes and PC/SC support

May 17 2022, 3:29 AM · Testing, backport, gnupg, scd, patch

May 13 2022

werner closed T5598: AppImage of gpg as Resolved.

We have everything ready for a GnuPG Desktop Appimage but we first need a business case to maintain it.

May 13 2022, 4:08 PM · AppImage, gnupg, Restricted Project, Feature Request
werner renamed T5574: Doubled characters in Windows console output from GPG Portable on USB-Stick - Problems with GnuPG 2.2.30 to Doubled characters in Windows console output.
May 13 2022, 3:58 PM · gnupg, Windows, gpgrt, Bug Report
werner added projects to T3391: cannot import subkey that was once marked to be on a card: scd, gpgagent.
May 13 2022, 2:43 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report
MicroJoe added a comment to T3391: cannot import subkey that was once marked to be on a card.

TL;DR: can reproduce, needs fixing

May 13 2022, 1:42 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report

May 10 2022

gniibe removed a project from T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.
May 10 2022, 3:50 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I examined all log files you gave us, and I think that scdaemon with PC/SC fails to detect the removal of the USB device.

May 10 2022, 3:48 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe triaged T5971: Yubikey: Removal of device is not detected by PC/SC as Normal priority.
May 10 2022, 2:51 AM · Info Needed, yubikey, scd, Bug Report

May 9 2022

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the linked patch, but still experience the error. Most of the times, I cannot access my yubikey at all and I am not sure what is blocking it.
I've tried to include as much debugging output as I could below. Please let me know if there is anything else I can do to debug this.

May 9 2022, 12:54 PM · Testing, backport, yubikey, scd, segv, Bug Report
aheinecke closed T5273: Release Gpg4win 4.x.x, a subtask of T4702: Deadline for the GnuPG 2.3.0 release, as Resolved.
May 9 2022, 9:29 AM · Restricted Project, gpg4win, gnupg
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: backport.
May 9 2022, 6:52 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.

The patch rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey. fixes a particular problem of Yubikey implementation where it returns bogus octet for its data object of C1, C2, and C3.

May 9 2022, 4:53 AM · Testing, backport, yubikey, scd, segv, Bug Report

May 6 2022

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

With the patch and after starting a new gpg-agent, gpg --card-status now works immediately.
But when I re-plug the yubikey, gpg reports gpg: OpenPGP card not available: Card error until either gpg-agent is restarted, or pcscd is restarted.
pcsc-lite in debug mode reports no errors, but one log is obviously much shorter as gpg fails early (I've attached both, same pcscd and gpg-agent instance).

May 6 2022, 1:42 PM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I pushed a workaround.

May 6 2022, 11:28 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe renamed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys from scdaemon causes libc segfault and clashes with pcsc-lite despite using disable-ccid to Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
May 6 2022, 11:26 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: yubikey.
May 6 2022, 10:07 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe claimed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
May 6 2022, 8:56 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

For my environment, it is not PC/SC-specific. It also occurs when CCID driver is used.

May 6 2022, 8:42 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

For bcdDevice 5.24, I can replicate the symptom, but only once. After second invocation of gpg --card-status, it works well.

May 6 2022, 8:26 AM · Testing, backport, yubikey, scd, segv, Bug Report

May 5 2022

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the patch and can confirm that the segfault is fixed, but gpg still has severe problems communicating with the Yubikey over pcsc-lite.

May 5 2022, 12:10 PM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Ours are even newer (5.4.3). Did you the Yubico tools to switch to curve443?
In any case, is it possible that you apply my fix and test again?

May 5 2022, 10:06 AM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Your Yubikey's firmware version is 5.2.7 - let me see what versions we have in stock to test my fix.

May 5 2022, 9:51 AM · Testing, backport, yubikey, scd, segv, Bug Report

May 4 2022

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've taken the liberty to regenerate the valgrind report including libc and gnupg debugsyms. Maybe it'll help.

May 4 2022, 4:47 PM · Testing, backport, yubikey, scd, segv, Bug Report
Jakuje created T5964: gnupg should use the KDFs implemented in libgcrypt.
May 4 2022, 3:16 PM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner updated subscribers of T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I am not sure about the crash but the unknown curve is
1.3.6.1.4.1.11591.15.1.2 which seems to be a GNU OID for curve448

May 4 2022, 2:38 PM · Testing, backport, yubikey, scd, segv, Bug Report
oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

It segfaults on SERIALNO. Here's what valgrind outputs:

May 4 2022, 12:48 PM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

What I would do in this case is to stop the gnupg daemon amd anything whiuch might start them and run scdaemon under valgrind.

May 4 2022, 10:13 AM · Testing, backport, yubikey, scd, segv, Bug Report

May 2 2022

oddlama created T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
May 2 2022, 11:21 PM · Testing, backport, yubikey, scd, segv, Bug Report

Apr 28 2022

werner triaged T5575: Supplying more than one passphrase or PIN using passphrase-fd as Low priority.
Apr 28 2022, 9:12 AM · gnupg, yubikey, Feature Request
werner closed T5940: crash importing truncated subkeys as Resolved.
Apr 28 2022, 8:49 AM · Bug Report, gnupg
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.
Apr 28 2022, 4:39 AM · gnupg, Testing, gpgagent, Bug Report

Apr 25 2022

werner claimed T5940: crash importing truncated subkeys.
Apr 25 2022, 2:48 PM · Bug Report, gnupg
ikloecker closed T5943: gpg: Report details about failed symmetric decrypt with ERROR status as Resolved.

Works together with the changes for T5939: Kleopatra: Better error for wrong password in symmetric decryption. Tested with symmetric encrypted file and with symmetric+pk encrypted file.

Apr 25 2022, 12:25 PM · Testing, gnupg, gpgme, Restricted Project
werner added a project to T5943: gpg: Report details about failed symmetric decrypt with ERROR status: Testing.
Apr 25 2022, 11:44 AM · Testing, gnupg, gpgme, Restricted Project
werner edited projects for T5943: gpg: Report details about failed symmetric decrypt with ERROR status, added: gpgme, gnupg; removed gnupg (gpg23).
Apr 25 2022, 11:44 AM · Testing, gnupg, gpgme, Restricted Project

Apr 22 2022

werner triaged T5940: crash importing truncated subkeys as High priority.
Apr 22 2022, 8:32 PM · Bug Report, gnupg

Apr 14 2022

werner closed T5599: Make gpg use the helpers baked into its AppImage as Resolved.

Seems we can close this bug.

Apr 14 2022, 3:14 PM · gnupg, Restricted Project, Feature Request
werner closed T5599: Make gpg use the helpers baked into its AppImage, a subtask of T5598: AppImage of gpg, as Resolved.
Apr 14 2022, 3:14 PM · AppImage, gnupg, Restricted Project, Feature Request