Okay, forward porting that patch is the easiest solution. Actually this is not enough: Users of Libgcrypt also need to make sure that the new sysconfig dir has the right permissions. That's a part for the installer and concrete ACLs may differ.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Today
Today
• werner lowered the priority of T7828: ldapserver configuration option duplicated from Low to Wishlist.
• werner lowered the priority of T7828: ldapserver configuration option duplicated from Normal to Low.
• werner added a comment to T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc.
• werner committed rEcb7f580639cc: Dynload GetThreadUILanguage to keep support for Windows XP (authored by • werner).
Dynload GetThreadUILanguage to keep support for Windows XP
• werner added a reverting change for rEa902201d2d78: po: Update Portuguese translation: rE38dc33799f3f: Revert "po: Update Portuguese translation".
• werner committed rE38dc33799f3f: Revert "po: Update Portuguese translation" (authored by • werner).
Revert "po: Update Portuguese translation"
• werner committed rEa2a752fe21cc: po: Update Portuguese Translation. (authored by Daniel Cerqueira <dan.git@lispclub.com>).
po: Update Portuguese Translation.
• werner committed rE7f3e0c394281: Use UI language instead of locale for translations (authored by • ikloecker).
Use UI language instead of locale for translations
• werner triaged T7951: GpgOL: Lower security level displayed for pgp keys with revoked userid as Normal priority.
Good catch. My guess is that get_uid_for_sender returns the last matching UID without checking for revocations. The matching was done on the mailbox part only. For reference:
Yesterday
Yesterday
Update libassuan to 3.0.2
Install Okular and GpgOL/Web by default
• werner triaged T7947: Add feature to gpg-card to set the retry count to a different value. as Normal priority.
Yubikeys allow that. See my mail to the mailing list.
• werner added a comment to T7951: GpgOL: Lower security level displayed for pgp keys with revoked userid.
Do you mean one of the user-ids has been revoked or the one matching the mail sender?
Mon, Nov 24
Mon, Nov 24
• werner added a project to T7943: Kleopatra: OK button to set card cardholder/url needs two clicks: token.
• werner triaged T7933: Linking error with GPGMEPP on MacOS Tahoe 26.01/GCC 15.2 as Normal priority.
• werner triaged T7944: GnuPG: full-gen-key for kyber keys without passphrase will ask for passphrase twice as Low priority.
That is a feature not a bug. Make also sense if your threat model is store-trafic-no-decrypt-later. If you can get the key you will also be abale to get the cleartext. Any nobody can remember a passphrase on par with the claimed Kyber security level.
• werner committed rDebc00c5ab6e7: ids: Published draft-koch-openpgp-webkey-service-21 (authored by • werner).
ids: Published draft-koch-openpgp-webkey-service-21
Sat, Nov 22
Sat, Nov 22
Fri, Nov 21
Fri, Nov 21
msi: Don't bail out for LANG_SWEDISH.
• werner committed rW6e01f67b3efb: msi: Repeat with me: == and eq are not the same in Perl. (authored by • werner).
msi: Repeat with me: == and eq are not the same in Perl.
• werner committed rEa902201d2d78: po: Update Portuguese translation (authored by Daniel Cerqueira <dan.git@lispclub.com>).
po: Update Portuguese translation
• werner committed rG493276a202b2: po: Update Portuguese translation (authored by Daniel Cerqueira <dan.git@lispclub.com>).
po: Update Portuguese translation
Thu, Nov 20
Thu, Nov 20
Can you please schek which Sqlite version you have installed? I have not seen this on my system.
Make signing of gpgpass optional.
Update GpgOL to 2.6.9. Remove gpgpass.
Update frontend packages.
Interesting. What SQlite version are you using? To see the exact reason and you have a copy of the old pubring.db, please add
Wed, Nov 19
Wed, Nov 19
• werner changed the status of T7904: GnuPG may downgrade digest algorithm to SHA1 from Open to Testing.
swdb: GnuPG 2.5.14
• werner added projects to T7933: Linking error with GPGMEPP on MacOS Tahoe 26.01/GCC 15.2: gpgme, C++.
• werner triaged T7936: GpgOL: Add option to except internal domains from encryption as Normal priority.
• werner moved T7315: Allow export and import of PQC secret keys. from WIP to QA on the gnupg26 board.
• werner moved T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled from Backlog to QA on the gnupg26 board.
• werner moved T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. from WIP to QA on the gnupg26 board.
• werner changed the status of T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field from Open to Testing.
• werner changed the status of T7906: Memory Corruption in ASCII-Armor Parsing from Open to Testing.
• werner shifted T7906: Memory Corruption in ASCII-Armor Parsing from the Restricted Space space to the S1 Public space.
Update to GnuPG 2.5.14
Post release updates
Release 2.5.14
po: msgmerge
agent: Minor cleanup of a recent change.
• werner added a comment to T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field.
The problem is that a user may unintentionally use the suggested filename without checking that it does not harm to write to this file. It is better not to present a default name at all.
• werner committed rEf090f07f1065: build: On zOS use pkg-config to find zoslib. (authored by • werner).
build: On zOS use pkg-config to find zoslib.
• werner committed rX55a5b4e995be: po: Add Swedish translation (authored by Daniel Nylander <po@danielnylander.se>).
po: Add Swedish translation
• werner committed rO11ce4cf15e79: po: Update Swedish translation (authored by Daniel Nylander <po@danielnylander.se>).
po: Update Swedish translation
• werner added a comment to T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.
GPG output seems to depend on Regional Format.
• werner committed rEbaf43baea909: po: Update Swedish translation (authored by Daniel Nylander <po@danielnylander.se>).
po: Update Swedish translation
• werner committed rGc2329c646ced: po: Update Swedish translation (authored by Daniel Nylander <po@danielnylander.se>).
po: Update Swedish translation
With the next gpg release (2.5.14) the keyboxd has an extended fingerprint table which carries a flags column. A bit in this column can eventually be used to mark subkeys with the "R" key flag and the search funtion can be enhanced to ignore keys with that flag set. This way we can more easily lookup the actual ADSK key (with the "E" key flag) and check whether this subkey has been revoked.
• werner committed rG46f4cb66125e: kbx: A minor update of the fingerprint table. (authored by • werner).
kbx: A minor update of the fingerprint table.
Tue, Nov 18
Tue, Nov 18
gpg: New import option "force-update"
• werner committed rG0cc7759ed5a3: kbx: Fix schema of the fingerprint table. (authored by • werner).
kbx: Fix schema of the fingerprint table.
common: New function replace_substr.
• werner changed the status of T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. from Open to Testing.
• werner committed rG5bcf5f57b863: gpg: Include ADSK keys in a key listing with fingerprints. (authored by • werner).
gpg: Include ADSK keys in a key listing with fingerprints.
• werner committed rG4f19587b16b0: gpg: Cleanup of the local function key_byname. (authored by • werner).
gpg: Cleanup of the local function key_byname.
Mon, Nov 17
Mon, Nov 17
• werner committed rGdab9b08f6018: doc: One should better test-compile doc changes too (authored by • werner).
doc: One should better test-compile doc changes too
• werner committed rGb085be3a2794: doc: Replace "dual key" by "composite key". (authored by • werner).
doc: Replace "dual key" by "composite key".
• werner committed rGc254d4fbc6ac: gpg: Fix export in mode1003 when cache nonce is used. (authored by • werner).
gpg: Fix export in mode1003 when cache nonce is used.
• werner committed rG120142c3be53: gpg: Support passphrase change for composite keys. (authored by • werner).
gpg: Support passphrase change for composite keys.
At line 133 shouldn't we have used iobuf_cancel there? Would it be possible to call finish_temp_output from iobuf_close or iobuf_cancel instead?
Sun, Nov 16
Sun, Nov 16
• werner committed rG61c2d5a821b3: gpgsm: Fix output of card serial number in colon listing. (authored by • ikloecker).
gpgsm: Fix output of card serial number in colon listing.
• werner edited projects for T7914: Card s/n number missing in gpgsm, added: gnupg22; removed gnupg.
Fix applied. Thanks.
• werner committed rG0947a20c28cf: gpgsm: Fix output of card serial number in colon listing. (authored by • ikloecker).
gpgsm: Fix output of card serial number in colon listing.
• werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Handle creation date in private key files for re-use of an existing. to Handle creation date in private key files for re-use of an existing key..
• werner added a comment to T7290: Handle creation date in private key files for re-use of an existing key..
This is not a composite key specific thing despite that this is an extra challenge. The creation date is used to reconstruct a key if the public key has been lost and only the fingerprint is still available. A solution might be to test the all combinations of stored creation dates to match the fingerprint.
• werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Kyber+ECC with smartcards to Handle creation date in private key files for re-use of an existing..
• werner changed the status of T7315: Allow export and import of PQC secret keys. from Open to Testing.
• werner changed the status of T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, from Open to Testing.
• werner committed rG8ceace31cc05: doc: Explain the export format of Kyber keys. (authored by • werner).
doc: Explain the export format of Kyber keys.
• werner committed rG47bab26daf03: gpg: Allow the import of Kyber secret keys. (authored by • werner).
gpg: Allow the import of Kyber secret keys.
• werner committed rG5d855f76c8af: gpg: Change the mode1003 format for composite keys. (authored by • werner).
gpg: Change the mode1003 format for composite keys.
• werner committed rGc564a297abd3: gpg: Refactor an import function for better readability. (authored by • werner).
gpg: Refactor an import function for better readability.
Sat, Nov 15
Sat, Nov 15
Fri, Nov 14
Fri, Nov 14
• werner moved T7315: Allow export and import of PQC secret keys. from Backlog to WIP on the gnupg26 board.
• werner committed rGe5473262e884: gpg: Allow the export of Kyber secret keys. (authored by • werner).
gpg: Allow the export of Kyber secret keys.
• werner committed rGaea62817f300: agent: Support protection for Kyber keys. (authored by • werner).
agent: Support protection for Kyber keys.
• werner renamed T7315: Allow export and import of PQC secret keys. from Allow exporting of PQC keys. to Allow export and import of PQC secret keys..
• werner changed the status of T7919: gpgme: Treat empty DISPLAY variable as unset or error out from Open to Testing.
Treat empty DISPLAY envvar as unset.
• werner triaged T7919: gpgme: Treat empty DISPLAY variable as unset or error out as Normal priority.
• werner added a project to T7919: gpgme: Treat empty DISPLAY variable as unset or error out: gpgme.
I considered to make the --display argument optional but that still leads to the error. Thus better do not set or send it at all. I did this now for all gpgme engines.