Page MenuHome GnuPG
Feed Advanced Search

Jan 28 2021

syscomet added a comment to T5271: libgcrypt 1.9.0 compilation fails on Ubuntu xenial.

Patch lets it build on xenial for me, thank you.

Jan 28 2021, 11:00 PM · Ubuntu, Bug Report, libgcrypt
syscomet added a comment to T5271: libgcrypt 1.9.0 compilation fails on Ubuntu xenial.

I committed the partial result docker container, so I can restart it for investigation. So:

Jan 28 2021, 7:42 PM · Ubuntu, Bug Report, libgcrypt

Jan 24 2018

syscomet added a comment to T3755: TLS hostname verification using hostname from DNS instead of supplied hostname.

Oh. T1447 only referenced SRV records, which is why the CNAME case wasn't handled. So T1447 was fixed completely but T1447 did not cover the full extent of the underlying problem.

Jan 24 2018, 4:00 AM · gnupg (gpg22), dns, dirmngr
syscomet created T3755: TLS hostname verification using hostname from DNS instead of supplied hostname in the S1 Public space.
Jan 24 2018, 3:51 AM · gnupg (gpg22), dns, dirmngr

Apr 4 2017

syscomet set Version to GnuPG 2.1.19 on T3033: bug: dirmngr latches SRV port cross-scheme.
Apr 4 2017, 1:44 AM · Testing, gnupg (gpg22), Bug Report, dirmngr
syscomet created T3033: bug: dirmngr latches SRV port cross-scheme in the S1 Public space.
Apr 4 2017, 1:44 AM · Testing, gnupg (gpg22), Bug Report, dirmngr

Jun 24 2016

syscomet added projects to T2398: finger support using SRV DNS records: dirmngr, Feature Request.
Jun 24 2016, 12:23 PM · gnupg, Feature Request, dirmngr

Feb 28 2013

syscomet added a comment to T1479: curl-shim TCP half-close causes interop issues.

Am able to reliably trigger the flaw, by using a curl-shim gpg from another
machine on the same network as the keyserver. Close network proximity without
being the exact same machine makes it much easier to trigger the race.

Feb 28 2013, 9:09 AM · Duplicate, Bug Report, gnupg
syscomet added projects to T1479: curl-shim TCP half-close causes interop issues: gnupg, Bug Report.
Feb 28 2013, 1:31 AM · Duplicate, Bug Report, gnupg
syscomet set Version to 2 on T1479: curl-shim TCP half-close causes interop issues.
Feb 28 2013, 1:31 AM · Duplicate, Bug Report, gnupg
syscomet added a project to T1478: bug-tracker @sortdir missing numbers: Bug Report.
Feb 28 2013, 1:21 AM · Bug Report

Oct 20 2012

syscomet added a comment to T1446: hkps SRV lookup discards port from SRV.

The behaviour matches that observed in released versions; I was debugging a
problem observed in the released versions, not reviewing code looking for issues.

Whether or not it's used in the current development branch, this has caused an
interoperability issue in the real world for the keyserver operators, causing a
functionality deployment to be rolled back and resulting in filtered results,
reducing the pool of available keyservers.

Since Issue1447 is a security impacting issue which will need a CVE and a security
release to fix anyway, it would really be nice to try to get the fix for client
behaviour into a version which is likely to be pushed out widely. Not critical,
security comes first, but if we can leverage the security release to improve
interop, that would be helpful.

In practice, we (the keyserver operators and pool operators) are stuck not able to
use SRV to point to non-default ports for at least a couple of years. This is
very unfortunate, given the efforts currently being made to make deployments more
robust, with TLS more widely deployed.

Oct 20 2012, 8:08 AM · Bug Report, gnupg

Oct 11 2012

syscomet added a comment to T1446: hkps SRV lookup discards port from SRV.

% git remote -v
origin git://git.gnupg.org/gnupg.git (fetch)
origin git://git.gnupg.org/gnupg.git (push)
% git status

On branch master

nothing to commit (working directory clean)
%

I did the pull on the day I filed the bug, and as of the commit stated, the
directory exists. I just did a "git pull", no change. I didn't write "git current"
in this bug.

http://www.gnupg.org/download/cvs_access.en.html still points to the repo above, so
that's what I pulled. If that's no longer correct, I can pull another repo.

But still, if you check out the revision stated, you'll see the behaviour, which is
reflected in current releases of GnuPG.

Oct 11 2012, 8:23 PM · Bug Report, gnupg

Oct 9 2012

syscomet added a comment to T1447: TLS hostname selection uses insecure SRV data.

Kristian has removed the SRV records at _pgpkey-https._tcp.hkps.sks-
keyservers.net, so the explanation in step 3 might seem to not match reality, but
that's a change, because of this Issue and Issue1446.

If you set up your own DNS pool for testing, I'm happy to send you a CSR for a new
vhost to help with debugging.

Oct 9 2012, 12:12 AM · Bug Report, gnupg

Oct 8 2012

syscomet added projects to T1447: TLS hostname selection uses insecure SRV data: gnupg, Bug Report.
Oct 8 2012, 11:06 PM · Bug Report, gnupg

Oct 7 2012

syscomet added projects to T1446: hkps SRV lookup discards port from SRV: gnupg, Bug Report.
Oct 7 2012, 4:31 AM · Bug Report, gnupg
syscomet set Version to git current on T1446: hkps SRV lookup discards port from SRV.
Oct 7 2012, 4:31 AM · Bug Report, gnupg