Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Fri, Jan 23

gniibe added a comment to T8049: Null pointer dereference with overlong signature packet.

I see your point. I am afraid adding skipme causes a larger changes.

Fri, Jan 23, 7:24 AM · segv, gnupg26, Bug Report

Thu, Jan 22

gniibe added a comment to T8049: Null pointer dereference with overlong signature packet.

Here are changes to fix the behavior:

0003-gpg-Return-an-error-when-data-is-too-long.patch1 KBDownload

0004-gpg-Skip-the-packet-on-some-errors-when-parsing-sign.patch2 KBDownload

Thu, Jan 22, 7:48 AM · segv, gnupg26, Bug Report
gniibe changed the status of T7338: Revamp the FIPS service indicator from Open to Testing.

Fixed in: rC2c1d41b5f86f: fips,cipher: Fix the regression with disabled public-key algo.

Thu, Jan 22, 5:48 AM · libgcrypt, FIPS, Feature Request
gniibe reopened T7338: Revamp the FIPS service indicator as "Open".

Re-opened because a regression is reported.

Thu, Jan 22, 5:47 AM · libgcrypt, FIPS, Feature Request
gniibe committed rC2c1d41b5f86f: fips,cipher: Fix the regression with disabled public-key algo. (authored by gniibe).
fips,cipher: Fix the regression with disabled public-key algo.
Thu, Jan 22, 5:30 AM
gniibe renamed T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from Security (internal) - Stack-based buffer overflow in TPM2 `PKDECRYPT` to Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Thu, Jan 22, 12:33 AM · gnupg26, CVE, TPM, Bug Report

Wed, Jan 21

gniibe created T8049: Null pointer dereference with overlong signature packet.
Wed, Jan 21, 7:57 AM · segv, gnupg26, Bug Report

Tue, Jan 20

gniibe added a comment to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.

On 2026-01-20, I found the message to security@gnupg.org of:
Message-ID: 4e708880-04ac-45bc-8d16-6b585f2652a1n@aisle.com
in may spam folder. It has a 10MB long attachment. That might be one of reasons to be identified as a spam.

Tue, Jan 20, 6:42 AM · CVE, gnupg26, gpgagent, Bug Report
gniibe added a comment to T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.

Considering the current implementation (tpm2d doesn't support keyinfo like scdaemon), it would be good to check the buffer size.
(If key information is accessible easily, we can check with a specific key.)

Tue, Jan 20, 6:06 AM · gnupg26, CVE, TPM, Bug Report
gniibe created T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Tue, Jan 20, 1:54 AM · gnupg26, CVE, TPM, Bug Report
gniibe added projects to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM: gpgagent, gnupg.
Tue, Jan 20, 1:52 AM · CVE, gnupg26, gpgagent, Bug Report
gniibe created T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.
Tue, Jan 20, 1:52 AM · CVE, gnupg26, gpgagent, Bug Report

Mon, Jan 19

gniibe changed the status of T7889: libgcrypt: HAVE_BROKEN_MLOCK from Open to Testing.

Backports have been done in both (1.10/1.11) branches.

Mon, Jan 19, 6:58 AM · backport, libgcrypt, Bug Report
gniibe changed the status of T7127: GPGME deprecate/remove the helper gpgme-w32spawn program, a subtask of T7125: GPGME spawn for Windows 64-bit, from Open to Testing.
Mon, Jan 19, 6:48 AM · Windows 64, gpgme
gniibe changed the status of T7127: GPGME deprecate/remove the helper gpgme-w32spawn program from Open to Testing.
Mon, Jan 19, 6:48 AM · Windows 64, gpgme
gniibe closed T7187: gpgme: Debug output for size_t and off_t, a subtask of T6634: Port GPGME to Windows 64-bit, as Resolved.
Mon, Jan 19, 6:47 AM · Windows 64, gpgme
gniibe closed T7187: gpgme: Debug output for size_t and off_t as Resolved.
Mon, Jan 19, 6:47 AM · Windows 64, gpgme

Thu, Jan 15

gniibe committed rP9e17a6fbccc9: build: Update m4 files. (authored by gniibe).
build: Update m4 files.
Thu, Jan 15, 12:41 PM
gniibe committed rPTHd4e067d96c5e: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Thu, Jan 15, 12:14 PM
gniibe committed rT7edee62fc51f: build: Update ksba.m4 from libksba. (authored by gniibe).
build: Update ksba.m4 from libksba.
Thu, Jan 15, 11:05 AM
gniibe committed rTaef8d7e3cb89: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Thu, Jan 15, 11:05 AM
gniibe committed rK63df5658b41d: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Thu, Jan 15, 9:14 AM
gniibe committed rS352b2962786f: build: Update build-aux and m4 from libgpg-error and libassuan. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error and libassuan.
Thu, Jan 15, 8:46 AM
gniibe committed rM9e4e122097b4: build: Update build-aux and m4 from libgpg-error and libassuan. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error and libassuan.
Thu, Jan 15, 6:48 AM
gniibe committed rAdcb600956c78: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Thu, Jan 15, 6:09 AM
gniibe committed rE9a68e459efdf: build: Fix typos in texinfo.tex. (authored by gniibe).
build: Fix typos in texinfo.tex.
Thu, Jan 15, 6:07 AM
gniibe committed rC85bbb3373436: build: Apply local change to texinfo.tex. (authored by gniibe).
build: Apply local change to texinfo.tex.
Thu, Jan 15, 6:06 AM

Wed, Jan 14

gniibe committed rAc08091e84da7: Fix for header files for sys/time.h and sys/select.h. (authored by gniibe).
Fix for header files for sys/time.h and sys/select.h.
Wed, Jan 14, 8:57 AM
gniibe committed rA46c3110d29ac: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Wed, Jan 14, 8:57 AM
gniibe committed rAe7d6c5697fcb: build: More m4 change. (authored by gniibe).
build: More m4 change.
Wed, Jan 14, 8:57 AM
gniibe committed rCe53ae4f14f88: build: Update build-aux and m4 from libgpg-error. (authored by gniibe).
build: Update build-aux and m4 from libgpg-error.
Wed, Jan 14, 7:19 AM
gniibe committed rEa05a50100884: m4: Fix m4 macros for strict C compiler. (authored by gniibe).
m4: Fix m4 macros for strict C compiler.
Wed, Jan 14, 7:10 AM
gniibe committed rEe0517a60eb04: build: Remove unused build-aux/libtool.patch. (authored by gniibe).
build: Remove unused build-aux/libtool.patch.
Wed, Jan 14, 6:37 AM
gniibe added a project to T8032: libksba: Input validation for DER encoded INTEGER: S/MIME.
Wed, Jan 14, 3:03 AM · S/MIME, libksba, Bug Report
gniibe created T8032: libksba: Input validation for DER encoded INTEGER.
Wed, Jan 14, 3:02 AM · S/MIME, libksba, Bug Report

Tue, Jan 13

gniibe committed rC6e77b09cff56: mpi: Use secure MPI in _gcry_mpi_assign_limb_space. (authored by gniibe).
mpi: Use secure MPI in _gcry_mpi_assign_limb_space.
Tue, Jan 13, 6:22 AM

Fri, Jan 9

gniibe committed rM9a1f409499c4: tests: It's start-stop-agent which invokes gpg-agent. (authored by gniibe).
tests: It's start-stop-agent which invokes gpg-agent.
Fri, Jan 9, 7:21 AM
gniibe committed rM64f80903ec9b: w32:spawn: Support the case without no helper. (authored by gniibe).
w32:spawn: Support the case without no helper.
Fri, Jan 9, 5:48 AM
gniibe committed rE4a1381642740: w32:tests: Fix a test failure for tilde expansion. (authored by gniibe).
w32:tests: Fix a test failure for tilde expansion.
Fri, Jan 9, 4:01 AM

Thu, Jan 8

gniibe committed rM58c57b25575c: w32: Use SetHandleInformation for _gpgme_io_pipe. (authored by gniibe).
w32: Use SetHandleInformation for _gpgme_io_pipe.
Thu, Jan 8, 9:29 AM
gniibe committed rMdd559a6b142f: w32: Fix for process handle. (authored by gniibe).
w32: Fix for process handle.
Thu, Jan 8, 9:29 AM

Wed, Jan 7

gniibe committed rE753f59cd2c7a: w32:spawn: Handle the case where ->hProcess has invalid handle. (authored by gniibe).
w32:spawn: Handle the case where ->hProcess has invalid handle.
Wed, Jan 7, 7:18 AM

Mon, Jan 5

gniibe changed the status of T7968: Fixes needed for newer GCC/Mingw from Open to Testing.
Mon, Jan 5, 9:51 AM

Dec 25 2025

gniibe committed rM538d7cd52b80: tests:gpg: Use GPGME_PINENTRY_MODE_LOOPBACK for tests. (authored by gniibe).
tests:gpg: Use GPGME_PINENTRY_MODE_LOOPBACK for tests.
Dec 25 2025, 2:36 AM

Dec 24 2025

gniibe committed rM11a8ef0e26bf: w32: Fix debug print on 64-bit machine. (authored by gniibe).
w32: Fix debug print on 64-bit machine.
Dec 24 2025, 1:52 AM

Dec 23 2025

gniibe committed rGc7472b1b9d2f: po: Update Georgian Translation. (authored by NorwayFun).
po: Update Georgian Translation.
Dec 23 2025, 9:48 AM
gniibe committed rM936015d49c38: w32: Fix spawn for 64-bit machine. (authored by gniibe).
w32: Fix spawn for 64-bit machine.
Dec 23 2025, 8:29 AM

Dec 22 2025

gniibe committed rMd242561dae26: Fix a regression wrt the auto-key-locate option. (authored by gniibe).
Fix a regression wrt the auto-key-locate option.
Dec 22 2025, 6:19 AM
gniibe committed rM5252c63ecae5: tests:w32: Use Sleep instead of _sleep. (authored by gniibe).
tests:w32: Use Sleep instead of _sleep.
Dec 22 2025, 6:19 AM

Dec 15 2025

gniibe committed rC92bbe34514ee: mpi:ec: Fix for use of ec_mulm_lli in _gcry_mpi_ec_get_affine. (authored by gniibe).
mpi:ec: Fix for use of ec_mulm_lli in _gcry_mpi_ec_get_affine.
Dec 15 2025, 7:58 AM
gniibe committed rC028926d3edb5: w32: Fix use of GetProcAddress. (authored by gniibe).
w32: Fix use of GetProcAddress.
Dec 15 2025, 7:57 AM
gniibe committed rM527c7fff9679: Fix function prototypes to match ones in libassuan. (authored by gniibe).
Fix function prototypes to match ones in libassuan.
Dec 15 2025, 7:14 AM
gniibe committed rM77b9e1de7d76: Fix build with libassuan 2. (authored by gniibe).
Fix build with libassuan 2.
Dec 15 2025, 7:14 AM

Dec 11 2025

gniibe committed rM46938bdde475: Fix portability for the use of the assuan types. (authored by gniibe).
Fix portability for the use of the assuan types.
Dec 11 2025, 7:28 AM
gniibe committed rM5fa2e405807d: w32: Add a cast for GetProcAddress, add AM_CFLAGS for w32spawn. (authored by gniibe).
w32: Add a cast for GetProcAddress, add AM_CFLAGS for w32spawn.
Dec 11 2025, 7:28 AM

Dec 8 2025

gniibe updated the task description for T7968: Fixes needed for newer GCC/Mingw.
Dec 8 2025, 1:32 AM
gniibe triaged T7968: Fixes needed for newer GCC/Mingw as Wishlist priority.
Dec 8 2025, 1:29 AM

Dec 5 2025

gniibe committed rM8b8dbd55c03a: Avoid K&R-style function definition. (authored by gniibe).
Avoid K&R-style function definition.
Dec 5 2025, 10:45 AM
gniibe committed rA515415b4e2ea: Allow assuan_new_ext call with malloc_hooks=NULL. (authored by gniibe).
Allow assuan_new_ext call with malloc_hooks=NULL.
Dec 5 2025, 7:55 AM

Dec 4 2025

gniibe added a comment to T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc.

@werner For rCd5e3cbfd , my mingw (GCC version 14) complains about the function-return-type difference of the prototype with GetProcAddress.

Dec 4 2025, 7:19 AM · libgcrypt, scute, gpgrt, Bug Report
gniibe committed rC5af59d8454ce: build: Add support for IBM z/OS, fixing -lpthread check with glibc. (authored by gniibe).
build: Add support for IBM z/OS, fixing -lpthread check with glibc.
Dec 4 2025, 6:29 AM
gniibe added a comment to T7855: keybox/keydb locking issue in 2.6 .

If we need to backport the locking fixes to 2.2, these two will be the start of changes:

0001-sm-Change-keydb-code-to-use-the-keybox-locking.patch7 KBDownload

0002-kbx-gpg-gpgsm-Introduce-keybox_compress_when_no_othe.patch7 KBDownload

Dec 4 2025, 6:22 AM · gpd5x (gpd-5.0.0), gnupg26

Dec 2 2025

gniibe committed rC550b2e2f13df: Add support for IBM z/OS. (authored by sachint).
Add support for IBM z/OS.
Dec 2 2025, 7:27 AM

Nov 28 2025

gniibe committed rSc3dc9c581631: w32: Use CSIDL_COMMON_APPDATA if available. (authored by gniibe).
w32: Use CSIDL_COMMON_APPDATA if available.
Nov 28 2025, 10:33 AM
gniibe added a comment to T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc.

Scute fixed in rSc3dc9c581631: w32: Use CSIDL_COMMON_APPDATA if available.

Nov 28 2025, 6:13 AM · libgcrypt, scute, gpgrt, Bug Report

Nov 27 2025

gniibe updated the task description for T7957: dotlock clean up for error/warning message.
Nov 27 2025, 7:20 AM · gnupg, Bug Report
gniibe updated the task description for T7957: dotlock clean up for error/warning message.
Nov 27 2025, 7:18 AM · gnupg, Bug Report
gniibe claimed T7957: dotlock clean up for error/warning message.

Here is my proposal:

0001-common-dotlock-Clean-up-for-error-info-warning-messa.patch25 KBDownload

Nov 27 2025, 7:15 AM · gnupg, Bug Report
gniibe created T7957: dotlock clean up for error/warning message.
Nov 27 2025, 7:14 AM · gnupg, Bug Report

Nov 26 2025

gniibe committed rCbdc3724d721d: cipher:kyber: Apply a change from upstream. (authored by gniibe).
cipher:kyber: Apply a change from upstream.
Nov 26 2025, 2:56 AM
gniibe closed T7056: GPGme 1.23.2 has Undefined symbols: "strcasecmp(char const*, char const*)" on Mac OS X 10.4.11, PPC Tiger as Wontfix.

Here is my analysis.

Nov 26 2025, 2:09 AM · gpgme, MacOS, Bug Report

Nov 25 2025

gniibe added a comment to T7873: Decrypt to foo.gpg.part files and rename.

The extension .part is used by Mozilla/Firefox. Curl uses .tmp. Is that OK for Windows machine to use .part?

Nov 25 2025, 5:41 AM · Feature Request, gnupg26
gniibe closed T7694: GPGME: gpgme_io_spawn issues, a subtask of T7660: GPGME invocation by cri-o hangs on gpgme_op_verify, as Resolved.
Nov 25 2025, 5:16 AM · golang, gpgme, Bug Report
gniibe closed T7694: GPGME: gpgme_io_spawn issues as Resolved.
Nov 25 2025, 5:16 AM · gpgme, Bug Report
gniibe added a comment to T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc.

I examined the code of gnupg_sysconfdir in gnupg/common/homedir.c, if we could factor out things to gpgrt, so that something like gpgrt_fconcat with GPGRT_SYSCONFDIR can be implemented.

Nov 25 2025, 3:10 AM · libgcrypt, scute, gpgrt, Bug Report
gniibe committed rG32a3e5f83bbb: common:dotlock: Escalate a warning message up to INFO from DEBUG. (authored by gniibe).
common:dotlock: Escalate a warning message up to INFO from DEBUG.
Nov 25 2025, 2:25 AM
gniibe committed rGaab29b128693: kbx:sqlite: Don't call dotlock_release. (authored by gniibe).
kbx:sqlite: Don't call dotlock_release.
Nov 25 2025, 2:25 AM
gniibe committed rGe4f20ba10a6a: commond:dotlock: Remove support of use with glib. (authored by gniibe).
commond:dotlock: Remove support of use with glib.
Nov 25 2025, 2:25 AM
gniibe committed rG68dcfec91b90: common:dotlock:w32: Minor fixes for Windows. (authored by gniibe).
common:dotlock:w32: Minor fixes for Windows.
Nov 25 2025, 2:25 AM
gniibe committed rGd4e40e2a8adc: common:dotlock: Comment fixes. (authored by gniibe).
common:dotlock: Comment fixes.
Nov 25 2025, 2:25 AM

Nov 21 2025

gniibe added a comment to T7873: Decrypt to foo.gpg.part files and rename.

When --output option is used and the user uses temporary file and is ready for checking an error, that is, it's already prepared, it's redundant and useless, indeed.

Nov 21 2025, 7:23 AM · Feature Request, gnupg26
gniibe added a comment to T7720: w32: Synchronous spawning gpg-agent/dirmngr/keyboxd.

Let me explain about the change rG57affc4e98ab.

Nov 21 2025, 6:44 AM · gnupg, Feature Request, Bug Report

Nov 20 2025

gniibe committed rG216a695ced83: agent: Use SHADOW_INFO to silence warnings. (authored by gniibe).
agent: Use SHADOW_INFO to silence warnings.
Nov 20 2025, 7:52 AM
gniibe changed the status of T7720: w32: Synchronous spawning gpg-agent/dirmngr/keyboxd, a subtask of T7716: gpgrt:w32: Synchronous spawning detached process, with standard input and standard error, from Open to Testing.
Nov 20 2025, 7:07 AM · gpgrt, Feature Request, Bug Report
gniibe changed the status of T7720: w32: Synchronous spawning gpg-agent/dirmngr/keyboxd from Open to Testing.

Applied the change to master: rG57affc4e98ab: common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process.

Nov 20 2025, 7:07 AM · gnupg, Feature Request, Bug Report
gniibe closed T7716: gpgrt:w32: Synchronous spawning detached process, with standard input and standard error as Resolved.
Nov 20 2025, 7:06 AM · gpgrt, Feature Request, Bug Report
gniibe changed the status of T7629: gcc 15 warns about -Wunterminated-string-initialization in gnupg from Open to Testing.

I applied a change with GPGRT_ATTR_NONSTRING to master, since 2.6 branch now requires newere gpgrt.
Fix is rGcad79e542d85: agent,common,dirmngr,tests: Silence warnings of a compiler.

Nov 20 2025, 7:04 AM · gnupg, Bug Report
gniibe added a comment to T7716: gpgrt:w32: Synchronous spawning detached process, with standard input and standard error.

For GnuPG, applied the change to master: rG57affc4e98ab: common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process.

Nov 20 2025, 7:00 AM · gpgrt, Feature Request, Bug Report
gniibe committed rG57affc4e98ab: common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process. (authored by gniibe).
common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process.
Nov 20 2025, 6:59 AM
gniibe changed the status of T7909: Other bugs reported by 49016 et al. from Open to Testing.

t-stringhelp change was pushed by rG8a95e963d53a: common: Fix the test of t-stringhelp.
For int-truncation, I pushed the change rGbcd87ea2b2da: misc: Validate the value on the use of strtol.

Nov 20 2025, 6:33 AM · gnupg, g10code, Bug Report
gniibe changed the status of T7909: Other bugs reported by 49016 et al., a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Nov 20 2025, 6:33 AM · Not A Bug, OpenBSD, gnupg
gniibe committed rGcad79e542d85: agent,common,dirmngr,tests: Silence warnings of a compiler. (authored by gniibe).
agent,common,dirmngr,tests: Silence warnings of a compiler.
Nov 20 2025, 6:31 AM
gniibe committed rGbcd87ea2b2da: misc: Validate the value on the use of strtol. (authored by gniibe).
misc: Validate the value on the use of strtol.
Nov 20 2025, 6:31 AM
gniibe committed rC4e65996bb870: mpi: Introduce mpi_tfr and use it for point_tfr. (authored by gniibe).
mpi: Introduce mpi_tfr and use it for point_tfr.
Nov 20 2025, 2:24 AM
gniibe committed rD6ca8a2bc9e32: Make it clear that GnuPG for RISC OS is 1.4, just like VMS version. (authored by gniibe).
Make it clear that GnuPG for RISC OS is 1.4, just like VMS version.
Nov 20 2025, 1:31 AM
gniibe committed rDb348850f25e5: Fix the birth day of libgcrypt 1.11. (authored by gniibe).
Fix the birth day of libgcrypt 1.11.
Nov 20 2025, 1:31 AM

Nov 19 2025

gniibe committed rE26d740f940b3: spawn:posix: Rename the field to ENVP to avoid a build issue. (authored by gniibe).
spawn:posix: Rename the field to ENVP to avoid a build issue.
Nov 19 2025, 6:34 AM
gniibe committed rEa9fc729253ee: argparse: Use SYSCONFDIR for /etc. (authored by gniibe).
argparse: Use SYSCONFDIR for /etc.
Nov 19 2025, 6:34 AM
gniibe changed the status of T7631: Building libassuan on AIX warns about missing function declarations. from Open to Testing.
Nov 19 2025, 6:13 AM · AIX, libassuan, Bug Report

Nov 18 2025

gniibe committed rGaa8e0cc9f331: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Nov 18 2025, 8:59 AM
Next