I sent a copy to gcrypt-devel@gnupg.org. Hope this is the right process. Thanks.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Today
Today
Please read doc/HACKING carefully on the process of sending DCO the right way.
Update Kleopatra to latest master
aheinecke committed rW90952e4e0b37: Update NEWS and READMEs for todays 3.x release (authored by aheinecke).
Update NEWS and READMEs for todays 3.x release
aheinecke committed rWbda6b54adc9a: Add git betaversion to VS-Desktop filenames (authored by aheinecke).
Add git betaversion to VS-Desktop filenames
Add GUIDs for kgrp reg keys
Update kleopatra, libkleo and l10n
aheinecke committed rW9ea735c2ff57: Fix make dist for non existing appimage patches (authored by aheinecke).
Fix make dist for non existing appimage patches
aheinecke committed rWdc694bf93079: Add registry entries for "kgrp" file type (authored by aheinecke).
Add registry entries for "kgrp" file type
Remove obsolete gpgol patch
Move l10n script from src to packages
Let me get back to this once more as one of the parts for RSA was initially missed:
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c --- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100 @@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
Ui, Kudos to you for seeing that possibility in Boost Graph and applying that. *Thumbs up*
aheinecke triaged T5715: Kleopatra: After importing a secret key and setting ownertrust in the dialog the key is not updated as Normal priority.
I went through some more testing and noticed one missing file in the release tarball, that prevents building libgcrypt now. Should be fixed with the attached patch.
I did go through a bit more testing too and the selftests still initialize and use the secure memory (and the t-secmem fails in FIPS mode if we invoke selftests from constructor). Now from run_random_selftests() -> _gcry_random_selftest() -> drbg_healthcheck() -> _gcry_rngdrbg_healthcheck_one(). So this means that we either need to de-initialize secure memory after the constructor selftests or prevent its initialization as I suggested in some of the previous comments.
aheinecke triaged T5711: Kleopatra: Keyserver config does not fallback to default as Normal priority.
What would be setting those? And how do I disable it?
It does have them defined!
$ gpg-connect-agent "getinfo getenv COLUMNS" /bye D 80 OK $ gpg-connect-agent "getinfo getenv LINES" /bye D 24 OK
What would be setting those? And how do I disable it?
A possibility is that gpg-agent which invokes pinentry happens have COLUMNS and LINES defined, then, pinentry misbehaves.
Thanks again for further information.
Hmm, I added that to my formula, and see ncurses 6.3 now, however the issue still occurs.
dyld[20991]: <55AFFB3D-2011-35CC-9486-B30BC1CA12F7> /opt/homebrew/Cellar/pinentry/1.2.0/bin/pinentry-curses dyld[20991]: <AAD35EC9-FC8A-3ED4-A829-C59E710CEA8A> /opt/homebrew/Cellar/libassuan/2.5.5/lib/libassuan.0.dylib dyld[20991]: <59683137-0511-3681-8BA6-04A78592B197> /opt/homebrew/Cellar/libgpg-error/1.43/lib/libgpg-error.0.dylib dyld[20991]: <A9DA1A80-D101-339B-9637-85A65285E050> /opt/homebrew/Cellar/ncurses/6.3/lib/libncursesw.6.dylib dyld[20991]: <679CDB15-D472-38E8-8840-B38874010D51> /usr/lib/libSystem.B.dylib dyld[20991]: <BB47A721-69A7-3EEA-9D9B-82F88FFF2641> /usr/lib/system/libcache.dylib dyld[20991]: <E6CCD148-5E91-3111-BE37-1C19402F4637> /usr/lib/system/libcommonCrypto.dylib dyld[20991]: <92001FF7-799E-3BA8-BF46-5FA01FFB952C> /usr/lib/system/libcompiler_rt.dylib dyld[20991]: <6BE94DC2-F363-3D76-B056-F45D4B56E152> /usr/lib/system/libcopyfile.dylib dyld[20991]: <881973B2-0426-325F-8D1A-17D60AE0CBFA> /usr/lib/system/libcorecrypto.dylib dyld[20991]: <9C4116F5-B8EB-3A00-B4B5-54AF6A76F66B> /usr/lib/system/libdispatch.dylib dyld[20991]: <96ECED73-F10C-3941-91A7-00254B907499> /usr/lib/system/libdyld.dylib dyld[20991]: <F7CDC52B-7961-3283-A30F-B06E2E6ED6AB> /usr/lib/system/libkeymgr.dylib dyld[20991]: <8D2BECEF-1038-3F2C-B8EF-B02C03092286> /usr/lib/system/libmacho.dylib dyld[20991]: <3D861651-91A7-3D78-B43B-ECAA41D63D9E> /usr/lib/system/libquarantine.dylib dyld[20991]: <FA2D8F89-D9C4-316F-9FDC-BFF1A791BD4E> /usr/lib/system/libremovefile.dylib dyld[20991]: <61963381-E322-3D0F-855D-CE1EA31FA4E1> /usr/lib/system/libsystem_asl.dylib dyld[20991]: <770FEB1F-FE27-3670-810F-A063D281CC8D> /usr/lib/system/libsystem_blocks.dylib dyld[20991]: <660D7866-E2A2-3651-A0A5-806E9217736B> /usr/lib/system/libsystem_c.dylib dyld[20991]: <1F580793-A1C3-30C6-A9BC-7789C14677AE> /usr/lib/system/libsystem_collections.dylib dyld[20991]: <8370E8A5-EADF-3A2C-9D5B-CA148723A5CA> /usr/lib/system/libsystem_configuration.dylib dyld[20991]: <30C492F6-C9E6-3C1D-BE52-CA4F4FC824D6> /usr/lib/system/libsystem_containermanager.dylib dyld[20991]: <F2A34B01-C264-3B7E-B3C9-1671E9E3C185> /usr/lib/system/libsystem_coreservices.dylib dyld[20991]: <01C0D793-E5FB-3141-95D6-32A973F9FFF8> /usr/lib/system/libsystem_darwin.dylib dyld[20991]: <AED9DAFC-7AB1-31CF-96A1-14C87B614DD3> /usr/lib/system/libsystem_dnssd.dylib dyld[20991]: <F0456F65-B4DF-3E14-91DC-C0C2A7954233> /usr/lib/system/libsystem_featureflags.dylib dyld[20991]: <5E36F087-5EF7-33B7-ACDA-CAE1C4A97621> /usr/lib/system/libsystem_info.dylib dyld[20991]: <6AB180A4-1D1E-3FA1-88B7-A7866EFACFC8> /usr/lib/system/libsystem_m.dylib dyld[20991]: <7C9F7726-62C1-3B03-8130-03E8A2A68DDF> /usr/lib/system/libsystem_malloc.dylib dyld[20991]: <2F331637-80F6-3208-816F-618DA9081899> /usr/lib/system/libsystem_networkextension.dylib dyld[20991]: <3701D756-7023-30C0-9A36-852971092AA9> /usr/lib/system/libsystem_notify.dylib dyld[20991]: <4234FAEC-7D18-30E7-AEAD-E9FB6922AFE9> /usr/lib/system/libsystem_product_info_filter.dylib dyld[20991]: <1214F568-24BF-379F-8A86-FF947EE5F18A> /usr/lib/system/libsystem_sandbox.dylib dyld[20991]: <49553CC1-66C3-32B1-91C6-4415DE230F58> /usr/lib/system/libsystem_secinit.dylib dyld[20991]: <17550B77-D255-389A-B779-906AF75314B6> /usr/lib/system/libsystem_kernel.dylib dyld[20991]: <8B28F7A3-6681-3D34-92AE-3688A74F50E6> /usr/lib/system/libsystem_platform.dylib dyld[20991]: <AA39FF66-B3F0-3777-99BC-F4A4C5CBD566> /usr/lib/system/libsystem_pthread.dylib dyld[20991]: <73885FA5-76B6-3AA3-8D91-60B2E0078F99> /usr/lib/system/libsystem_symptoms.dylib dyld[20991]: <362E885B-20EA-395B-BB01-6E46B864294D> /usr/lib/system/libsystem_trace.dylib dyld[20991]: <D0A538E3-7A75-395A-993C-A3EA7947F55A> /usr/lib/system/libunwind.dylib dyld[20991]: <A77B4CE2-0855-3C19-B4A6-47B094CF0DDA> /usr/lib/system/libxpc.dylib dyld[20991]: <52A50407-CD9B-3A67-A0C2-2D9D6F3043BF> /usr/lib/libc++abi.dylib dyld[20991]: <8FCA2160-F786-398A-AEAC-2B3D5BD72BB8> /usr/lib/libobjc.A.dylib dyld[20991]: <6B0DE0DE-0EA2-3948-8B7D-8BA309414B27> /usr/lib/liboah.dylib dyld[20991]: <20FBE382-CC21-324E-8813-C84B94CC04EF> /usr/lib/libc++.1.dylib dyld[20991]: <A714AC09-9E2D-3608-B8C1-D6300E852308> /usr/lib/libiconv.2.dylib dyld[20991]: <1907D41B-6D4B-3EA0-AD3B-5770431B6327> /usr/lib/libcharset.1.dylib
For the part 1, I created: T5710: FIPS: disable DSA for FIPS
Yesterday
Yesterday
jukivili committed rCd5bf106468e6: gcry_mpi_sub_ui: fix subtracting from negative value (authored by jukivili).
gcry_mpi_sub_ui: fix subtracting from negative value
ikloecker committed rKLEOPATRA96928c1e4501: Enable encrypt/sign button if GnuPG is compliant (authored by ikloecker).
Enable encrypt/sign button if GnuPG is compliant
ikloecker committed rKLEOPATRAd3b9927901f5: Set up the key cache before the system tray icon (authored by ikloecker).
Set up the key cache before the system tray icon
ikloecker committed rKLEOPATRA4853bdf5fd79: Update the signing actions when the keys change (authored by ikloecker).
Update the signing actions when the keys change
ikloecker committed rKLEOPATRA010a83a6239f: Update main UI if key cache is already initialized (authored by ikloecker).
Update main UI if key cache is already initialized
So, the solution is to build pinentry with newer ncurses. As I wrote in another comment, it's adding a single line to the formula.
ikloecker moved T5334: Kleopatra: Add more support for WKS / WKD from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker committed rLIBKLEO8dbf1f6bcb05: Check version of QGpgme instead of gpgme++ (authored by ikloecker).
Check version of QGpgme instead of gpgme++
aheinecke committed rKLEOPATRA7e7d6a91810f: Bump Kleopatra version to 3.1.20 (authored by aheinecke).
Bump Kleopatra version to 3.1.20
ikloecker changed the status of T5688: Kleopatra: Configure to hide CSR creation from Open to Testing.
The functionality to create CSRs can be hidden with the setting
[CMS] AllowCertificateCreation=false
The default validity period can be specified in the configuration file with
[CertificateCreationWizard] ValidityPeriodInDays=42
ikloecker changed the status of T5708: Kleopatra: Configure expiration date default in config from Open to Testing.
ikloecker committed rKLEOPATRAa2919db78cc2: Allow setting default validity period for new OpenPGP keys (authored by ikloecker).
Allow setting default validity period for new OpenPGP keys
ikloecker committed rKLEOPATRAaea86f8a57d9: Prefill expiration date with default if expiration is enabled (authored by ikloecker).
Prefill expiration date with default if expiration is enabled
ikloecker moved T5708: Kleopatra: Configure expiration date default in config from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Post release version bump
Auto update po files
Update NEWS for todays release
Use link for gnupg-msi sources
Add clean option to download script
Update GpgOL to 2.5.1
Switch libpng download server
Download the last used variant
swdb: Released gpgol-2.5.1
Also, applied the part 2, improving basic.c.
gniibe committed rCbff9ed54285b: tests: Fix basic.c to show useful information on error. (authored by gniibe).
tests: Fix basic.c to show useful information on error.
gniibe committed rCc8d2b0069e3c: tests: Improve error checking in regards to FIPS (authored by Jakuje).
tests: Improve error checking in regards to FIPS
Disable 3DES in FIPS mode
Applied the part 3, the 3DES is no-FIPS patch.
Tue, Nov 30
Tue, Nov 30
Nicolás Alvarez <nicolas.alvarez@gmail.com> committed rKLEOPATRA196e627e841f: Enable new GitLab CI on stable branch. (authored by Nicolás Alvarez <nicolas.alvarez@gmail.com>).
Enable new GitLab CI on stable branch.
Nicolás Alvarez <nicolas.alvarez@gmail.com> committed rLIBKLEOc1d732834740: Enable new GitLab CI on stable branch. (authored by Nicolás Alvarez <nicolas.alvarez@gmail.com>).
Enable new GitLab CI on stable branch.
Quick gen key is only used for the keygen in GpgOL and KMail. Kleopatra itself uses the old batch generate interface.
gniibe committed rC3d38968f4b75: Implement explicit FIPS indicators for cipher modes (authored by Jakuje).
Implement explicit FIPS indicators for cipher modes
gniibe renamed T5706: libgcrypt: random: Remove the feature getting randomness from random daemon from libgcrypt: random: Remove access to random daemon to libgcrypt: random: Remove the feature getting randomness from random daemon.
Applied the part 4, the indicator patch.
The change for pubkey-util.c is not needed any more, because
- T5665 handles new functions rejects use of SHA-1 as approved signature.
- pubkey-util.c is used by gcry_pk_sign and gcry_pk_verify.
Thank you for the info.
--quick-gen-key supports this but there is no general option; the 2 years are hard coded.
I ran DYLD_PRINT_LIBRARIES=1 DYLD_PRINT_LIBRARIES_POST_LAUNCH=1 DYLD_PRINT_RPATHS=1 pinentry-curses and see libncurses.5.4 (full output below).
gniibe triaged T5706: libgcrypt: random: Remove the feature getting randomness from random daemon as Normal priority.
Is there some other command I should run to check which curses it's using? I see there's a --debug flag but I'm not sure how to use it.
I think that either of following might be true:
(1) macOS has older ncurses (which doesn't support ioctl well, to get columns/lines info) in system
(2) macOS has BSD curses (with no suport for ioctl)
I installed it with brew and didn't provide any special options. This is one of the new M1 macs though, so perhaps there is some platform check deep in the install that is getting confused?
Thank you for the information. So, you don't have these environment variables set.
printenv COLUMNS LINES shows no output, however if I echo $COLUMNS $LINES I see 160 48 both before and after the password prompt.
Curses application (of pinentry) get information of screen size by:
- environment variables (COLUMNS, LINES)
- operating system using TIOCGSIZE or TIOCGWINSZ ioctl
- tinfo data base
l10n daemon script <scripty@kde.org> committed rKLEOPATRAb70654716cfd: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Mon, Nov 29
Mon, Nov 29
ikloecker committed rKLEOPATRAcf9b98e65f2f: Disable actions for signing clipboard content if needed keys are missing (authored by ikloecker).
Disable actions for signing clipboard content if needed keys are missing
ikloecker committed rKLEOPATRAee29e8176256: Add setting for (dis)allowing of S/MIME certificate creation (authored by ikloecker).
Add setting for (dis)allowing of S/MIME certificate creation
ikloecker committed rKLEOPATRA27c5d3113ae8: Replace "Protocols" group with "CMS" group (authored by ikloecker).
Replace "Protocols" group with "CMS" group
ikloecker committed rKLEOPATRAc36353558721: Add setting for (dis)allowing signatures with S/MIME certificates (authored by ikloecker).
Add setting for (dis)allowing signatures with S/MIME certificates
ikloecker committed rLIBKLEO91e452144045: Add helper to check if a range contains elements satisfying a predicate (authored by ikloecker).
Add helper to check if a range contains elements satisfying a predicate
Bump library version
ikloecker committed rKLEOPATRA4783266e333b: Hide DN-Attribute Order configuration if CMS is disabled (authored by ikloecker).
Hide DN-Attribute Order configuration if CMS is disabled
ikloecker committed rKLEOPATRA232817a77371: Hide CMS-specific certificate categories in settings if CMS is disabled (authored by ikloecker).
Hide CMS-specific certificate categories in settings if CMS is disabled
ikloecker committed rKLEOPATRAabb355c8d47f: Hide "Hierarchical Certificate List" option if CMS is disabled (authored by ikloecker).
Hide "Hierarchical Certificate List" option if CMS is disabled
ikloecker committed rKLEOPATRA69a9c7eda391: Replace action containers with less error-prone helper (authored by ikloecker).
Replace action containers with less error-prone helper
ikloecker committed rKLEOPATRA3766cca7fdb9: Hide DN-Attribute Order configuration if CMS is disabled (authored by ikloecker).
Hide DN-Attribute Order configuration if CMS is disabled
ikloecker committed rKLEOPATRA508170afd559: Hide X.509 directory services configuration if CMS is disabled (authored by ikloecker).
Hide X.509 directory services configuration if CMS is disabled
ikloecker committed rKLEOPATRA24c417aa6e06: Hide S/MIME Validation settings if CMS is disabled (authored by ikloecker).
Hide S/MIME Validation settings if CMS is disabled
Last week:
- gnupg
- Silence warning for GCC 11: rGa9be9f4e6e6d: gpg: Fix format_keyid.
- Applied patches from Jakub : T5393
- libgcrypt
- extend semantics of _gcry_random_close_fds
- gpgme
- 1024 fds: T2385
- libgpg-error
- T5699 for musl, also for macOS
- branch gniibe/v5/448 for GnuPG
- updated, renaming the internal functions
- openpgp-dt
- nit picking for 448 from experience of gniibe/v5/448