@johng: I understand your problems and recall that Linux systems had a hard to time to replace all bashism with standard Posix. The problems with /bin/sh on Solaris seems to be even more persistent.

This seems to be closely related to T4257 for which I have a fix under test. The problem is that we pass the fd used by the caller to create the data object to gpgsm and close that very fd. The descriptor passing involves an implicit dup so closing is in theory okay but we should not close an fd which has been set (w/o dup) by the caller.

Fixed with gpg4win 3.1.9.

Please use a private branch as usual. There has been no agreement or a discussion over this change nor do we have a DCO from him.

We also have not DCO on record for @Valodim

Please use a private branch for such patches (dkg/fix-*) as you did in the past.

Feel free to fix it but a "make -j3 distcheck" MUST work.

Unfortunately this is not the case. I had to remove the test code from t-decrypt-verify.c (7d0a979c07d2) to let "make check" work.

This is all valid Bourne shell syntax. In detail:

Release done.

Can you please explain the commit messages. It seems the message was truncated.
And a failed test is a no-go in the regression test suite. A make check fails and thus the make release (or make distcheck) won't work either.

I have a larger change for the wait code in the works. This will go into 1.14.0 but not in 1.13.1

I don't mind how we call it in Libgcrypt. For GnuPG we should use "cv448" me things.

I just assumed that is an ntbtls problem.

We need --keyserver in gpg for just one reason: backward compatibility.

I received an strace for a similar case by PM.

It might have unwanted side-effects - I am not sure. Anyway for me it works.

I had to patch strace to follow threads but not forks (P8) and then when built with support for -k I tracked it down: In the inbound handler we close the fd immediately on EOF. However the upper layers don't know about it and a select fails with EBADF. Of course we could ignore the EBADF, figure out the closed fd and restart. The problem is that another thread may have opened a new oobject and that will get the last closed fd assigned - bummer.

Nope

Something(tm) closes an arbitrary file descriptor behind our back. Not easy to track down because strace can not trace only threads - it always wants to trace all children as well - which is a bit too much and leads to other problems.

In case I not already mentioned it: There won't be any new commands to delete a key. Of course you are free to change GnuPG as you like but I won't apply them here.

The solution conflicts the the fix suggested and implemented for T4330.

Fixed similar to the suggestion but NaN and INF are detected earlier.

With the current GPGME master and the forthcoming T4551 release this has been fixed.

I see a regression with your fix. This option is even controllable with gpgconf at the basic level. It would be better to make it a dummy option.

A newline is required by the PEM standard.

Thanks for taking this one.

Just did that: slashes and dots are now mapped to hyphens. Let me know if the problem persists.

That is due to the update hook which has code like this:

Thanks, the mentioned OpenSSL option should be helpful.

Thanks for taking the time to describe this attack vector. We will need to study this closer to balance such a change with other side effects of this.

gpgscm will anyway be moved to libgpg-error and then installed as part of that package. Given that we install it for quite some time with gnupg, I won't remove it unless we can be sure that it has been installed by libgpg-error. Feel free to remove it from Debian, though,