It was in the middle of merging jitterentropy. Please see T5692 (newer jitterentropy uses pthread by default, which was disabled now).

First issue is fixed.

Rating as High because this can be used for a DoS attack on individual users.

Actually, I have already implemented 1, 2, and 3. For now, I will disallow exporting multiple groups at the same time.

Following patch should prevent assembly files being built at all with --disable-asm:

Thanks for your report.

Fixed, with using normal memory for ->mem.

->mem is just used to measure the difference of memory access.

It found that newer jitterentropy uses larger mem (128KiB), while older uses 2KiB.

@werner That is not helpful. I tried 4 or 5 different readers. And the Reiner SCT cyberjack is the one that works best out of all of them on both Windows and Linux.

Your item "2. Allow exporting multiple groups at the same time." is not really important. If you want to do that, please make sure that each group is exported to a separate file.

Please see T5696.

No autoreconf etc. Use only our method to cross build. That is $src/libgcrypt/autogen.sh --build-w32.

cross-compilation settings:

The cross-compilation settings:

{ # 2019.12.13 # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	#'repo_type' : 'archive',
	'#url' : 'https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.43.tar.bz2',
	#
	'repo_type' : 'git',
	'recursive_git' : True,
	'url' : 'git://git.gnupg.org/libgpg-error.git', # https://git.gnupg.org/ # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	##'url' : 'https://dev.gnupg.org/source/libgpg-error.git', # https://git.gnupg.org/ # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	#
	'configure_options': '--host={target_host} --prefix={target_prefix} --disable-shared --enable-static --disable-rpath --disable-doc --disable-tests --with-libiconv-prefix={target_prefix}', # --with-libintl=no --with-libpth=no',
	'custom_cflag' : ' ', # 2019.12.13 it fails to build with anything other than this, eg it crashes with -O3 and -fstack-protector-all -D_FORTIFY_SOURCE=2 
	'run_post_regexreplace' : (
		'autoreconf -fiv',
		'./autogen.sh --build-w64 ', 								 
	),
	'depends_on' : (
		'iconv', 
	),
}

Importing exported certificate group files from the file manager now also works, at least on XDG-compatible systems. I have also made sure that the application-certificate icon is used for those files in the Breeze icon theme.

Ready for testing

Here are the two test certificates mentioned in the commit log:

Pushed to master.

Pinentry: pinentry-curses (pinentry) 1.2.0
OS: macOS 12.0
Terminal: xterm-256color (via zsh in the default Terminal.app)

Additionally, poly1305-s390x.S is being compiled despite running/targeting a PC system:

We could use a new mode #define GCRY_GET_CONFIG_FIPS 1 with gcry_get_config:

What is your Pinentry version, which OS is that, and which terminal type?

With just implicit indicators, we would have to block all non-approved cipher modes and kdfs including the OCB mode and skcrypt, which would probably make gnupg2 unusable in FIPS mode, which is not our intention.

In the documentation, I found:

It would be the grey background text and no forced template, just as an input hint. And it would override the automatic detection of name / e-mail so that no wrong values are prefilled. This should help avoid unattentive users from creating a slightly wrong user id if their ad domain address does not match the e-mail.