Page MenuHome GnuPG
Feed Advanced Search

Mar 13 2024

marcus added a comment to T7042: AEAD mode does not properly handle modified cipher text.

handle_plaintext gets data returned by iobuf_read, and does not check the error status of the iobuf object.

Mar 13 2024, 5:07 PM · gnupg26, Bug Report
marcus created T7042: AEAD mode does not properly handle modified cipher text.
Mar 13 2024, 3:47 PM · gnupg26, Bug Report

Nov 15 2022

marcus committed rDd9306211264d: web: Fix ytid of thenmozhi. (authored by marcus).
web: Fix ytid of thenmozhi.
Nov 15 2022, 5:11 PM
marcus committed rDb0f0d9622634: web: Simplify votd handling. (authored by marcus).
web: Simplify votd handling.
Nov 15 2022, 5:11 PM
marcus committed rD7cfa1520d7a4: web: Fix video selection. (authored by marcus).
web: Fix video selection.
Nov 15 2022, 5:11 PM
marcus committed rD556339a8fcbd: blog: proof-read latest blog entry. (authored by marcus).
blog: proof-read latest blog entry.
Nov 15 2022, 5:11 PM
marcus committed rD9b52acd75d6c: web: Update release_notes.org. (authored by marcus).
web: Update release_notes.org.
Nov 15 2022, 5:11 PM

Dec 5 2018

marcus created T4280: gnupg doc doesn't build due to ImageMagick default policy.
Dec 5 2018, 3:55 PM · gnupg, Documentation, Info Needed, Bug Report
marcus added a comment to T4277: libgpg-error gpgrt_ftruncate decl breaks libgcrypt build.

Dec 5 2018, 3:23 PM · Bug Report
marcus created T4277: libgpg-error gpgrt_ftruncate decl breaks libgcrypt build.
Dec 5 2018, 11:17 AM · Bug Report

Jun 8 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

Yep. ?

Jun 8 2018, 1:48 PM · gnupg (gpg22), Bug Report

Jun 2 2018

marcus reopened T4000: GnuPG does not check encrypted messages for well-formed composition as "Open".

Yeah, that's not good enough. You also need to check if literals_seen is 0 before BEGIN_DECRYPTION to catch the case where the plaintext packet comes before the encrypted packet. See https://github.com/das-labor/neopg/commit/30623bcd436a35125f21fe6f29272a5fa7212d3f

Jun 2 2018, 12:53 PM · gnupg (gpg22), Bug Report

May 30 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

The impact is low to our current understanding, that's why I didn't report it as a security vulnerability. I tried to use this for signatures, but GnuPG has more verification for signatures, so it doesn't work there as far as I can see. So that's good.
If you allow for a BADMDC, you can easily downgrade the content of an encrypted data packet from, for example, compressed to private packet type, and then you don't even need the public key, just an encrypted message. The MDC will notice this, and since Efail the clients should have strict MDC checking, so I didn't include that variation in my report.
By the way, there are other clients I didn't test which are probably affected, such as kmail, claws, gpgtools.
I only have Outlook 2007 and no funds to buy software I don't use, as I am unemployed and using up my savings. So, next time I won't be able to do the testing, sorry!

May 30 2018, 10:34 AM · gnupg (gpg22), Bug Report

May 29 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

I would also recommend that GPGME does a sanity check on the status fd output for people with new GPGME but old GnuPG binary.

May 29 2018, 1:55 PM · gnupg (gpg22), Bug Report
marcus created T4000: GnuPG does not check encrypted messages for well-formed composition.
May 29 2018, 1:34 PM · gnupg (gpg22), Bug Report

Mar 23 2018

marcus created T3862: Unsigned underflow in parse-packet::parse_key().
Mar 23 2018, 10:21 PM · Bug Report

Nov 22 2017

marcus created T3528: cpr.c do_get_from_fd memory leak.
Nov 22 2017, 6:43 PM · Bug Report

Oct 1 2017

marcus placed T3051: calendar spams exceptions when no invitees exist for recurrent events up for grabs.
Oct 1 2017, 2:07 PM · Too Old, dev.gnupg.org
marcus placed T3115: Implement simple captcha up for grabs.
Oct 1 2017, 2:07 PM · dev.gnupg.org
marcus placed T3092: Encrypt emails with GnuPG in MediaWiki up for grabs.
Oct 1 2017, 2:07 PM
marcus placed T3122: Phrabicator does not grok signed mails up for grabs.
Oct 1 2017, 2:07 PM · dev.gnupg.org
marcus placed T3069: Implement gnupg commit message style up for grabs.
Oct 1 2017, 2:06 PM · g10code Sprint, dev.gnupg.org
marcus placed T3081: Write PHP parser for gnupg style commit messages. up for grabs.
Oct 1 2017, 2:06 PM · g10code Sprint, dev.gnupg.org

Aug 29 2017

marcus triaged T3366: Secret keys won't delete as Low priority.
Aug 29 2017, 5:17 PM · gnupg, Windows 32, gpg4win, Bug Report
marcus committed rBOOKe8e6f00ddc0b: Fix some minor problems. (authored by marcus).
Fix some minor problems.
Aug 29 2017, 5:00 PM

Aug 24 2017

marcus committed rM91e47d71652b: gpgconf: Add more comments. (authored by marcus).
gpgconf: Add more comments.
Aug 24 2017, 3:53 PM
marcus placed T3202: add support for illumos to our version of libtool up for grabs.
Aug 24 2017, 2:54 PM · Info Needed, gpgrt, Bug Report

Aug 23 2017

marcus abandoned D44: 706_0001-gpg-Add-encrypt-to-default-key.patch.
Aug 23 2017, 6:37 PM
marcus commandeered D44: 706_0001-gpg-Add-encrypt-to-default-key.patch.
Aug 23 2017, 6:37 PM
marcus abandoned D43: 705_0001-gpg-Allow-multiple-default-key-options.-Take-the-las.patch.
Aug 23 2017, 6:36 PM
marcus commandeered D43: 705_0001-gpg-Allow-multiple-default-key-options.-Take-the-las.patch.
Aug 23 2017, 6:36 PM
marcus abandoned D42: 134_gpg-pgp-compat.diff.
Aug 23 2017, 6:36 PM
marcus commandeered D42: 134_gpg-pgp-compat.diff.
Aug 23 2017, 6:35 PM
marcus abandoned D41: 136_pinentry-0.7.2-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D41: 136_pinentry-0.7.2-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D40: 148_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D40: 148_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D39: 149_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D39: 149_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D37: 115_pinentry-qt.patch.
Aug 23 2017, 6:34 PM
marcus commandeered D37: 115_pinentry-qt.patch.
Aug 23 2017, 6:34 PM
marcus abandoned D36: 114_verify-show-primary-only.patch.
Aug 23 2017, 6:33 PM
marcus commandeered D36: 114_verify-show-primary-only.patch.
Aug 23 2017, 6:33 PM
marcus abandoned D35: 113_gpg.patch.
Aug 23 2017, 6:33 PM
marcus commandeered D35: 113_gpg.patch.
Aug 23 2017, 6:33 PM
marcus abandoned D34: 111_gnupg-1.4.6-with-colons-utf8.patch.
Aug 23 2017, 6:32 PM
marcus commandeered D34: 111_gnupg-1.4.6-with-colons-utf8.patch.
Aug 23 2017, 6:32 PM
marcus abandoned D33: 110_ks-proxy-fix-14.diff.
Aug 23 2017, 6:32 PM
marcus commandeered D33: 110_ks-proxy-fix-14.diff.
Aug 23 2017, 6:32 PM
marcus abandoned D32: 99_gnupg-2.0.0-64biterror.patch.
Aug 23 2017, 6:31 PM
marcus commandeered D32: 99_gnupg-2.0.0-64biterror.patch.
Aug 23 2017, 6:31 PM
marcus abandoned D31: 100_apdu-patch-2.0.0.diff.
Aug 23 2017, 6:31 PM
marcus commandeered D31: 100_apdu-patch-2.0.0.diff.
Aug 23 2017, 6:30 PM
marcus abandoned D30: 93_keyserver.c.patch.
Aug 23 2017, 6:01 PM
marcus commandeered D30: 93_keyserver.c.patch.
Aug 23 2017, 6:01 PM
marcus abandoned D29: 90_gpgme_log_errno.patch.
Aug 23 2017, 5:59 PM
marcus commandeered D29: 90_gpgme_log_errno.patch.
Aug 23 2017, 5:59 PM
marcus abandoned D28: 86_gnupg-1.4.4.patch.
Aug 23 2017, 5:59 PM
marcus commandeered D28: 86_gnupg-1.4.4.patch.
Aug 23 2017, 5:59 PM
marcus abandoned D27: 77_gnupg.diff.
Aug 23 2017, 5:57 PM
marcus commandeered D27: 77_gnupg.diff.
Aug 23 2017, 5:56 PM
marcus abandoned D26: 75_gnupg.diff.
Aug 23 2017, 5:51 PM
marcus commandeered D26: 75_gnupg.diff.
Aug 23 2017, 5:51 PM
marcus abandoned D25: 74_libgcrypt-1.2.2-pkhash.diff.
Aug 23 2017, 5:51 PM
marcus commandeered D25: 74_libgcrypt-1.2.2-pkhash.diff.
Aug 23 2017, 5:50 PM
marcus abandoned D24: 94_fix-537.diff.
Aug 23 2017, 5:50 PM
marcus commandeered D24: 94_fix-537.diff.
Aug 23 2017, 5:50 PM
marcus abandoned D23: 67_gnupg-1.4.2-none.patch.
Aug 23 2017, 5:47 PM
marcus commandeered D23: 67_gnupg-1.4.2-none.patch.
Aug 23 2017, 5:47 PM
marcus abandoned D22: 63_gpgme.m4.diff.
Aug 23 2017, 5:47 PM
marcus commandeered D22: 63_gpgme.m4.diff.
Aug 23 2017, 5:46 PM
marcus abandoned D21: 61_1.4-200502091.patch.
Aug 23 2017, 5:45 PM
marcus commandeered D21: 61_1.4-200502091.patch.
Aug 23 2017, 5:45 PM
marcus abandoned D20: 58_libassuan-gcc4.patch.
Aug 23 2017, 5:45 PM
marcus commandeered D20: 58_libassuan-gcc4.patch.
Aug 23 2017, 5:44 PM
marcus abandoned D19: 57_gnupg-1.4.0-gcc.patch.
Aug 23 2017, 5:44 PM
marcus commandeered D19: 57_gnupg-1.4.0-gcc.patch.
Aug 23 2017, 5:44 PM
marcus abandoned D18: 44_hppa.revert.patch.
Aug 23 2017, 5:43 PM
marcus commandeered D18: 44_hppa.revert.patch.
Aug 23 2017, 5:43 PM
marcus abandoned D17: 42_rijandel.diff.
Aug 23 2017, 5:42 PM
marcus commandeered D17: 42_rijandel.diff.
Aug 23 2017, 5:42 PM
marcus abandoned D16: 43_newrijndael.diff.
Aug 23 2017, 5:42 PM
marcus commandeered D16: 43_newrijndael.diff.
Aug 23 2017, 5:41 PM
marcus abandoned D15: 41_gnupg-1.2.5rc2-po-Makefile.in.in.diff.
Aug 23 2017, 5:41 PM
marcus commandeered D15: 41_gnupg-1.2.5rc2-po-Makefile.in.in.diff.
Aug 23 2017, 5:41 PM
marcus abandoned D14: 36_x.
Aug 23 2017, 5:40 PM
marcus commandeered D14: 36_x.
Aug 23 2017, 5:40 PM
marcus abandoned D13: 35_bug291.patch.
Aug 23 2017, 5:40 PM
marcus commandeered D13: 35_bug291.patch.
Aug 23 2017, 5:39 PM
marcus abandoned D12: 33_unsetenv.patch.
Aug 23 2017, 5:39 PM
marcus commandeered D12: 33_unsetenv.patch.
Aug 23 2017, 5:38 PM
marcus abandoned D11: 29_ja.po.patch.
Aug 23 2017, 5:38 PM
marcus commandeered D11: 29_ja.po.patch.
Aug 23 2017, 5:38 PM
marcus abandoned D10: 28_pinentry-0.7.0-noqt-cxx.patch.
Aug 23 2017, 5:37 PM
marcus commandeered D10: 28_pinentry-0.7.0-noqt-cxx.patch.
Aug 23 2017, 5:37 PM
marcus abandoned D9: 27_pinentry-0.7.0-docs.patch.
Aug 23 2017, 5:37 PM
marcus commandeered D9: 27_pinentry-0.7.0-docs.patch.
Aug 23 2017, 5:37 PM
marcus abandoned D8: 22_patch.gnupg.3.
Aug 23 2017, 5:36 PM
marcus commandeered D8: 22_patch.gnupg.3.
Aug 23 2017, 5:36 PM
marcus abandoned D7: 21_patch.gnupg.2.
Aug 23 2017, 5:35 PM