Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Tue, Mar 3

gniibe added a comment to T8032: libksba: Input validation for DER encoded INTEGER.

It seemed that the reporter (also) claimed that a git repo could be weak/vulnerable when X.509 signature is used to validate the commits.

Tue, Mar 3, 1:51 AM · S/MIME, libksba, Bug Report
gniibe added a comment to T8032: libksba: Input validation for DER encoded INTEGER.

For the record (to show we don't hide a problem), I add some information.

Tue, Mar 3, 1:25 AM · S/MIME, libksba, Bug Report

Feb 23 2026

werner closed T7624: libksba: __non_string for GCC 15 or later as Resolved.
Feb 23 2026, 2:51 PM · libksba, Bug Report
werner closed T8111: Assertion failure in Libksba's ocsp.c as Resolved.
Feb 23 2026, 2:50 PM · Bug Report, libksba
werner closed T8105: Memory leak in BER decoder tree expansion, a subtask of T8104: Heap oob read in libksba's parse_rdn, as Resolved.
Feb 23 2026, 2:49 PM · Bug Report, libksba
werner closed T8105: Memory leak in BER decoder tree expansion as Resolved.
Feb 23 2026, 2:49 PM · Bug Report, libksba
werner closed T8104: Heap oob read in libksba's parse_rdn as Resolved.
Feb 23 2026, 2:48 PM · Bug Report, libksba
werner renamed T7174: Release libksba 1.6.8 from Release libksba 1.7.0 to Release libksba 1.6.8.
Feb 23 2026, 2:33 PM · Release Info, libksba
werner triaged T8121: Release LibKSBA 1.6.9 as Low priority.
Feb 23 2026, 2:33 PM · libksba, Release Info

Feb 20 2026

gniibe added a comment to T8105: Memory leak in BER decoder tree expansion.

Applied the change in: rK86c6e972421a: Fix a memory leak in _ksba_ber_decoder_decode.

Feb 20 2026, 1:12 AM · Bug Report, libksba

Feb 18 2026

werner changed the status of T8111: Assertion failure in Libksba's ocsp.c from Open to Testing.
Feb 18 2026, 9:39 AM · Bug Report, libksba
werner triaged T8111: Assertion failure in Libksba's ocsp.c as Normal priority.
Feb 18 2026, 8:39 AM · Bug Report, libksba

Feb 17 2026

ikloecker added a comment to T8104: Heap oob read in libksba's parse_rdn.

Looks like this spot was missed when T5037: dn.cpp:181: suspicious loop was fixed. In libkleo's copy of the DN parser I applied the fix in 2023. Too many copies!

Feb 17 2026, 9:38 AM · Bug Report, libksba

Feb 16 2026

gniibe added a comment to T8105: Memory leak in BER decoder tree expansion.

I found a possible leak and a possible access of freed memory.

Feb 16 2026, 6:11 AM · Bug Report, libksba

Feb 13 2026

werner updated the task description for T8105: Memory leak in BER decoder tree expansion.
Feb 13 2026, 11:34 AM · Bug Report, libksba
werner triaged T8105: Memory leak in BER decoder tree expansion as Normal priority.
Feb 13 2026, 11:34 AM · Bug Report, libksba
werner triaged T8104: Heap oob read in libksba's parse_rdn as Normal priority.
Feb 13 2026, 11:32 AM · Bug Report, libksba

Jan 29 2026

timegrid removed a project from T6398: Support X.509 nameConstraints: Restricted Project.
Jan 29 2026, 3:50 PM · Feature Request, libksba
timegrid removed a project from T6545: Support CRL extension issuingDistributionPoint: Restricted Project.
Jan 29 2026, 3:23 PM · workaround, gnupg26, libksba, Feature Request

Jan 23 2026

timegrid removed a project from T6545: Support CRL extension issuingDistributionPoint: gnupg22.
Jan 23 2026, 11:49 AM · workaround, gnupg26, libksba, Feature Request

Jan 21 2026

werner closed T8032: libksba: Input validation for DER encoded INTEGER as Wontfix.
Jan 21 2026, 10:39 AM · S/MIME, libksba, Bug Report

Jan 16 2026

werner triaged T8032: libksba: Input validation for DER encoded INTEGER as Low priority.

See the gnupg-devel mailing list for more discussions. Subject: libgcrypt P256 signature malleability via weak DER enforcement"

Jan 16 2026, 11:01 AM · S/MIME, libksba, Bug Report

Jan 14 2026

werner added a comment to T8032: libksba: Input validation for DER encoded INTEGER.

Some historic integer encoding glitches from Peter Gutmann's style guide:

Jan 14 2026, 10:08 AM · S/MIME, libksba, Bug Report
gniibe added a project to T8032: libksba: Input validation for DER encoded INTEGER: S/MIME.
Jan 14 2026, 3:03 AM · S/MIME, libksba, Bug Report
gniibe created T8032: libksba: Input validation for DER encoded INTEGER.
Jan 14 2026, 3:02 AM · S/MIME, libksba, Bug Report

May 20 2025

sachint added a comment to D610: Add support for IBM z/OS.

Please review the patch and feedback.

May 20 2025, 8:30 AM · libksba
sachint requested review of D610: Add support for IBM z/OS.
May 20 2025, 8:29 AM · libksba

May 13 2025

werner closed T7171: Allow for empty Subject in X.509 as Resolved.
May 13 2025, 3:21 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", a subtask of T7171: Allow for empty Subject in X.509, as Resolved.
May 13 2025, 3:00 PM · libksba, Bug Report, gnupg, S/MIME
werner added a subtask for T7171: Allow for empty Subject in X.509: T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".
May 13 2025, 2:58 PM · libksba, Bug Report, gnupg, S/MIME

Apr 23 2025

gniibe changed the status of T7624: libksba: __non_string for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:21 AM · libksba, Bug Report
gniibe triaged T7624: libksba: __non_string for GCC 15 or later as Normal priority.
Apr 23 2025, 3:18 AM · libksba, Bug Report

Jan 17 2025

werner added a comment to T4538: Support PSS signed CRLs.
Jan 17 2025, 4:23 PM · dirmngr, S/MIME, libksba

Jan 15 2025

gniibe triaged T7486: libgcrypt: Remove WindowsCE support as Wishlist priority.
Jan 15 2025, 7:44 AM · libgcrypt

Dec 5 2024

werner added a project to T6545: Support CRL extension issuingDistributionPoint: workaround.

A workaround exists with the new option --ignore-crl-extensions.

Dec 5 2024, 10:19 AM · workaround, gnupg26, libksba, Feature Request

Oct 29 2024

werner edited projects for T6545: Support CRL extension issuingDistributionPoint, added: gnupg26; removed gnupg24.
Oct 29 2024, 1:31 PM · workaround, gnupg26, libksba, Feature Request

Jun 21 2024

werner closed T7173: Release libksba 1.6.7 as Resolved.
Jun 21 2024, 2:20 PM · Release Info, libksba
werner updated the task description for T7173: Release libksba 1.6.7.
Jun 21 2024, 2:12 PM · Release Info, libksba
werner triaged T7174: Release libksba 1.6.8 as Low priority.
Jun 21 2024, 2:11 PM · Release Info, libksba
werner closed T7009: Release Libksba 1.6.6 as Resolved.
Jun 21 2024, 2:11 PM · Release Info, libksba
werner triaged T7173: Release libksba 1.6.7 as Normal priority.
Jun 21 2024, 2:09 PM · Release Info, libksba
werner added a comment to T7023: Support SYSROOT in all Gupg related libraries.

Now also done for libksba.

Jun 21 2024, 2:07 PM · Feature Request, Cross-Compiler, gpgrt, libassuan, libksba

Jun 20 2024

werner renamed T7171: Allow for empty Subject in X.509 from Allow for empty Subject in X.508 to Allow for empty Subject in X.509.
Jun 20 2024, 3:27 PM · libksba, Bug Report, gnupg, S/MIME
werner triaged T7171: Allow for empty Subject in X.509 as Normal priority.
Jun 20 2024, 3:12 PM · libksba, Bug Report, gnupg, S/MIME

Feb 29 2024

werner triaged T7023: Support SYSROOT in all Gupg related libraries as Normal priority.
Feb 29 2024, 4:27 PM · Feature Request, Cross-Compiler, gpgrt, libassuan, libksba
gniibe closed T6992: Fix possible uninitialized err variable in libskba der builder as Resolved.

Fixed in libksba 1.6.6.

Feb 29 2024, 2:08 AM · libksba, Bug Report

Feb 23 2024

werner triaged T7009: Release Libksba 1.6.6 as Normal priority.
Feb 23 2024, 9:57 AM · Release Info, libksba

Feb 14 2024

werner added a comment to T6992: Fix possible uninitialized err variable in libskba der builder.

@Jakuje, you are right. This is a plain error and we should do a new release to avoid false errors.

Feb 14 2024, 8:54 AM · libksba, Bug Report
gniibe added a comment to T6992: Fix possible uninitialized err variable in libskba der builder.

Thank you, applied.

Feb 14 2024, 1:19 AM · libksba, Bug Report
gniibe changed the status of T6992: Fix possible uninitialized err variable in libskba der builder from Open to Testing.
Feb 14 2024, 1:19 AM · libksba, Bug Report

Feb 13 2024

gniibe claimed T6992: Fix possible uninitialized err variable in libskba der builder.
Feb 13 2024, 9:05 AM · libksba, Bug Report

Feb 12 2024

Jakuje created T6992: Fix possible uninitialized err variable in libskba der builder.
Feb 12 2024, 10:08 AM · libksba, Bug Report

Nov 16 2023

werner closed T6822: Release Libksba 1.6.5 as Resolved.
Nov 16 2023, 11:11 AM · libksba, Release Info
werner triaged T6822: Release Libksba 1.6.5 as Low priority.
Nov 16 2023, 10:59 AM · libksba, Release Info

Nov 10 2023

werner moved T6545: Support CRL extension issuingDistributionPoint from WiP to Backlog on the gnupg22 board.
Nov 10 2023, 9:08 AM · workaround, gnupg26, libksba, Feature Request

Oct 18 2023

aheinecke assigned T6545: Support CRL extension issuingDistributionPoint to werner.
Oct 18 2023, 2:44 PM · workaround, gnupg26, libksba, Feature Request

Oct 13 2023

aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

And yes in gpgsm.conf both the extensions are also marked with ignore-cert-extension.

Oct 13 2023, 10:59 AM · workaround, gnupg26, libksba, Feature Request
aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

While remembering this I added to our standard.conf (and for testing first to my local conf):

Oct 13 2023, 10:48 AM · workaround, gnupg26, libksba, Feature Request

Jun 22 2023

werner updated the task description for T6545: Support CRL extension issuingDistributionPoint.
Jun 22 2023, 11:59 AM · workaround, gnupg26, libksba, Feature Request
werner renamed T6545: Support CRL extension issuingDistributionPoint from Support CRL exension issuingDistributionPoint to Support CRL extension issuingDistributionPoint.
Jun 22 2023, 11:44 AM · workaround, gnupg26, libksba, Feature Request
werner added a comment to T6545: Support CRL extension issuingDistributionPoint.

We had one request to support this back in 2017 but it was closed because the respective CA stopped using this extension. See T2039.

Jun 22 2023, 11:44 AM · workaround, gnupg26, libksba, Feature Request

Jun 19 2023

aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

rGb1ecc8353ae3 is just what I meant, so that we can recommend such an option in the future as a workaround until a new update becomes available which supports such an extension.

Jun 19 2023, 3:21 PM · workaround, gnupg26, libksba, Feature Request
werner added a comment to T6545: Support CRL extension issuingDistributionPoint.

Nah, the description for that extension is pretty strict and I won't feel comfortable to just ignore it. BTW there is also T6398 (nameConstraints) which needs support. But for debugging a ignore extension makes sense.

Jun 19 2023, 2:10 PM · workaround, gnupg26, libksba, Feature Request
aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

For support reasons I would say that it might make sense to also ignore the extensions from "ignore-cert-extension" when checking CRLs?

Jun 19 2023, 1:54 PM · workaround, gnupg26, libksba, Feature Request
werner triaged T6545: Support CRL extension issuingDistributionPoint as Normal priority.
Jun 19 2023, 12:59 PM · workaround, gnupg26, libksba, Feature Request
werner closed T6543: Release Libksba 1.6.4 as Resolved.
Jun 19 2023, 11:47 AM · libksba, Release Info
werner triaged T6543: Release Libksba 1.6.4 as Normal priority.
Jun 19 2023, 11:24 AM · libksba, Release Info

Mar 2 2023

werner added a comment to T6398: Support X.509 nameConstraints.

(my example cert is 0x09BB0EEE)

Mar 2 2023, 3:08 PM · Feature Request, libksba
werner triaged T6398: Support X.509 nameConstraints as Normal priority.
Mar 2 2023, 3:04 PM · Feature Request, libksba

Dec 22 2022

werner added a project to T6284: Another integer overflow in Libksba: CVE.

This bug is CVE-2022-47629

Dec 22 2022, 10:48 AM · CVE, Bug Report, libksba
werner updated the task description for T6304: Release Libksba 1.6.3.
Dec 22 2022, 10:48 AM · Release Info, libksba

Dec 20 2022

werner closed T6284: Another integer overflow in Libksba as Resolved.
Dec 20 2022, 10:56 AM · CVE, Bug Report, libksba
werner closed T6304: Release Libksba 1.6.3 as Resolved.
Dec 20 2022, 10:51 AM · Release Info, libksba
werner changed the status of T6284: Another integer overflow in Libksba from Open to Testing.
Dec 20 2022, 10:50 AM · CVE, Bug Report, libksba

Dec 14 2022

werner updated the task description for T6284: Another integer overflow in Libksba.
Dec 14 2022, 12:09 PM · CVE, Bug Report, libksba

Dec 6 2022

werner closed T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix as Resolved.

I guess we can close this one.

Dec 6 2022, 2:25 PM · S/MIME, Feature Request, libksba
werner updated the task description for T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Dec 6 2022, 2:23 PM · CVE, Release Info, libksba
werner triaged T6304: Release Libksba 1.6.3 as Normal priority.
Dec 6 2022, 2:23 PM · Release Info, libksba

Nov 23 2022

werner added a comment to T6284: Another integer overflow in Libksba.

Here is the patch which will go into the next release

From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 22 Nov 2022 16:36:46 +0100
Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
Nov 23 2022, 11:17 AM · CVE, Bug Report, libksba

Nov 22 2022

werner triaged T6284: Another integer overflow in Libksba as Unbreak Now! priority.
Nov 22 2022, 4:54 PM · CVE, Bug Report, libksba

Oct 18 2022

werner closed T6230: Release Libksba 1.6.2 (CVE-2022-3515) as Resolved.
Oct 18 2022, 7:52 AM · CVE, Release Info, libksba

Oct 17 2022

werner added a comment to T6230: Release Libksba 1.6.2 (CVE-2022-3515).

Fixed Gpg4win version: https://lists.wald.intevation.org/pipermail/gpg4win-announce/2022/000098.html

Oct 17 2022, 3:03 PM · CVE, Release Info, libksba
werner set External Link to https://gnupg.org/blog/20221017-pepe-left-the-ksba.html on T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Oct 17 2022, 9:26 AM · CVE, Release Info, libksba
werner added a comment to T6230: Release Libksba 1.6.2 (CVE-2022-3515).

As usual see https://gnupg.org/download for links to the latest packages. For Gpg4win see https://gpg4win.org

Oct 17 2022, 9:25 AM · CVE, Release Info, libksba
werner reopened T6230: Release Libksba 1.6.2 (CVE-2022-3515) as "Open".
Oct 17 2022, 7:56 AM · CVE, Release Info, libksba
werner renamed T6230: Release Libksba 1.6.2 (CVE-2022-3515) from Release Libksba 1.6.2 to Release Libksba 1.6.2 (CVE-2022-3515).
Oct 17 2022, 7:56 AM · CVE, Release Info, libksba
werner updated the task description for T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Oct 17 2022, 7:46 AM · CVE, Release Info, libksba

Oct 11 2022

werner added a project to T6230: Release Libksba 1.6.2 (CVE-2022-3515): CVE.
Oct 11 2022, 10:43 AM · CVE, Release Info, libksba
gniibe closed T5892: t-cms-parser test program in libksba-1.6.0 needs to open files in binary mode for MS-Windows as Resolved.

Fixed in 1.6.1.

Oct 11 2022, 8:23 AM · libksba, Bug Report
gniibe closed T5579: libksba parallel build error (windows) as Resolved.

Fixed in 1.6.1.

Oct 11 2022, 8:21 AM · libksba, Bug Report

Oct 7 2022

werner closed T6230: Release Libksba 1.6.2 (CVE-2022-3515) as Resolved.
Oct 7 2022, 10:21 AM · CVE, Release Info, libksba
werner renamed T6210: Release LibKSBA 1.6.1 from Release Libksba 1.6.1 to Release LibKSBA 1.6.1.
Oct 7 2022, 10:05 AM · Release Info, libksba
werner created T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Oct 7 2022, 10:03 AM · CVE, Release Info, libksba

Sep 22 2022

werner removed a project from T5892: t-cms-parser test program in libksba-1.6.0 needs to open files in binary mode for MS-Windows: Restricted Project.
Sep 22 2022, 11:04 AM · libksba, Bug Report
werner removed a project from T5579: libksba parallel build error (windows): Restricted Project.
Sep 22 2022, 10:59 AM · libksba, Bug Report
werner removed a project from T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix: Restricted Project.
Sep 22 2022, 10:59 AM · S/MIME, Feature Request, libksba

Sep 18 2022

jpalus added a comment to T6210: Release LibKSBA 1.6.1.

Looks like libksba 1.6.1 is available for download at: https://gnupg.org/download/ , however tag is missing at: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=summary

Sep 18 2022, 11:17 AM · Release Info, libksba

Sep 16 2022

werner updated the task description for T5479: Release LibKSBA 1.6.0.
Sep 16 2022, 12:18 PM · Release Info, libksba
werner triaged T6210: Release LibKSBA 1.6.1 as Normal priority.
Sep 16 2022, 12:17 PM · Release Info, libksba

Jul 29 2022

aheinecke closed T4523: Gpg4win: Multiple problems reported 05-2019, a subtask of T4538: Support PSS signed CRLs, as Invalid.
Jul 29 2022, 3:15 PM · dirmngr, S/MIME, libksba
Next