Fri, Dec 14
The usual reasons for corruptions of binary data are FTP transfers in text mode; or opening a file with a Windows editor.
Interesting idea but it does not help against attacks because all root CA are considered equal (virtually cross-signed). Thus a single not checked root CA allows to subvert all certificates.
Thu, Dec 13
Wed, Dec 12
T3530 describes the solution. In short: Put "auto-expand-secmem" into gpg-agent.conf.
The --auto-expand-secmem option is available in 2.2. and master for quite some time. It works if libgcrypt 1.8.2 or newer is used.
Not a bug :-). I should have read my own docs before starting a long debug session. The things is that the auto expanding of the secmem area is only done for xmalloc_secure and the internal MPI allocation functions. It is not dne for any memory which is allocated with xtrymalloc becuase those properly return an error to the caller. The idea is that if the caller wants to get an error back he has also the assurance that them memory is allocated in the non-swappable memory (i.e. not in the expanded parts of the secmem).
Tue, Dec 11
I can easily replicate this; it is a problem somewhere in the secure memory code of Libgcrypt.
Fix was released with 2.2.11
If you specify a pool of keyservers dirmngr selects a keyserver on its won from the pool. This is so that it can use its own heuristics to detect whether a keyserver is dead and then retry another one. Now the default is a pool and your specified keyserver.ubuntu.com is also a pool (of two servers). So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.
In your second run you added the options after the argument (4E2C6E8793298290) so they won't have an effect. Anyway, I can't see anything from the output. My way to debug that would be to run gpg under strace:
Will go into 2.1.12 to be released next week.
Mon, Dec 10
The command -e does not require any further argument. As with most Unix tools you can either give a file or let the tool read from stdin or output to stdout.
Thanks. That typo was already fixed in 2.2.7.
Fri, Dec 7
Thanks for the report.
Well, -Wno-macro-redefined should silence the warning but Iwill add an undef before our macro definition. The snprintf macro is used to make sure the libgpg-error's own printf implementation is used.
Most options are not explained with --help. Right before the examples you see
NEWS for 1.33:
Use that function as early as possible. The gpg-error tool has also be enahnced on Windows:
Regession due to my commit 10 days after the last release. Thus no need to do a release.
Sorry, I am still not able to replicate it:
Thu, Dec 6
Can you give me a reproducer on Linux. I am not able to reproduce it. What versions of gnupg and gpgme are you using (see gpa's about)
I am not sure what text you reference. Can you please explain?
ImageMagick version with that regression?