Fixed in 1.10.2.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 13 2023
Apr 13 2023
• gniibe closed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe added a comment to T6417: FIPS service indicator regarding the public key algorithm flags and objects.
Fixed in 1.10.2.
• gniibe closed T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config), a subtask of T5683: Deprecation of gpg-error-config, as Resolved.
• gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config) as Resolved.
Fixed in 1.19.0.
• gniibe closed T6273: AM_PATH_GPGME requires preceding invocation of AM_PATH_GPG_ERROR as Resolved.
Fixed in 1.19.0.
Fixed in 1.19.0.
Apr 12 2023
Apr 12 2023
This problem was introduced by commit cf10c74bd9d5aa80798f1c0e23a9126f381b26b3. Perhaps that change should be backed out in the interim so that a portable fix can be considered for the original issue?
heirecka committed rKLEOPATRAf5bd64ea2e0c: GIT_SILENT Update Appstream for new release (authored by heirecka).
GIT_SILENT Update Appstream for new release
heirecka committed rKLEOPATRA83728abb01ba: GIT_SILENT Upgrade release service version to 23.04.0. (authored by heirecka).
GIT_SILENT Upgrade release service version to 23.04.0.
heirecka committed rKLEOPATRA229886e235c0: GIT_SILENT Update Appstream for new release (authored by heirecka).
GIT_SILENT Update Appstream for new release
• werner committed rGd965ee8d65f9: gpg: Curvenames may now compared case insensitive. (authored by • werner).
gpg: Curvenames may now compared case insensitive.
Unfortunately I can't replicate that with my Yubikey on 2.4.1. Tried several variant and with and without keyboxd. My Yubikey has PIV disabled but I doubt that this is the problem.
Apr 12 2023, 5:15 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• ebo moved T5725: Kleopatra: Certificate lookup shows only one result even if there are 100s matches from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo removed a project from T5932: Kleopatra: Make fingerprint easier accessible: Restricted Project.
• ebo moved T6258: IMAP-Fix not integrated in 3.1.25-Codebase and GnuPG VS Desktop 3.1.25 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 12 2023, 4:14 PM · Restricted Project
• ebo removed a project from T6301: Kleopatra: Update Button does only check on keyserver: Restricted Project.
• ebo removed a project from T6300: Kleopatra: Add columns “origin” and “last update” to the User ID list for a certificate: Restricted Project.
• ebo removed a project from T6410: Kleopatra: trust root certificate allowed for user: Restricted Project.
• ebo moved T5441: Kleopatra: LDAP Search only shows one key from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo moved T6437: Kleopatra: sign/encrypt folder results in general error from Backlog to WiP on the gnupg24 board.
• ebo removed a project from T6328: Kleopatra: Hangs when decrypting an archive on an USB Stick: Restricted Project.
• ebo moved T6347: gpgtar needs to support a few more general command line args to be usable by gpgme from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo removed projects from T6377: Kleopatra: gpgsk file contains shadowed private key: gnupg22, Restricted Project.
• ebo moved T6437: Kleopatra: sign/encrypt folder results in general error from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 12 2023, 2:43 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:40 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:39 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:37 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Test with GnuPG 2.4.1-beta76 failed with "error getting current key info: invalid name":
Apr 12 2023, 2:35 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• aheinecke triaged T6448: NSIS: Fix g4wihelp runonce and path_add for recent NSIS Versions as High priority.
• ebo edited projects for T6093: gpg: Continues export of secret key if first passphrase dialog was canceled, added: gnupg24 (gnupg-2.4.1); removed gnupg24.
Apr 12 2023, 12:47 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), Bug Report, Restricted Project
It is a bit complicated. Let me describe the situation.
The crypto profiles have been removed in Gpg4win 4.1.1
• ebo updated the task description for T6447: Kleopatra: "imported certificates" tab inconsistencies.
Actually Linux already returns ENOSYS on older kernels where there is no getrandom libc call. Thus returning ENOSYS if we don't have the libc version of that syscall (i.e. getrandom) in FIPS mode seems to be the Right Thing to do. My whole comment was about fips mode - it does not make much sense to enable FIPS mode if the system is not appropriate for it.
I see, your issue is with the use of getrandom for FIPS. I understand now.
ENOSYS is POSIX. My point is that: getrandom was introduced in Linux kernel with flags for particular purpose (differentiate use of /dev/random and /dev/urandom), but that feature has gone.
But, for FIPS behavior, RHEL and related OS use (possibly, some would say misuse) getrandom with GRND_RANDOM. This use is RHEL specific (not for other GNU/Linux). Use of getrandom is non-POSIX.
In T6442#169419, @gniibe wrote:Returning ENOSYS is too strict, in my opinion; It doesn't work for machines other than CentOS/Fedora/RHEL.
Returning ENOSYS is too strict, in my opinion; Because the code in question doesn't work for machines other than CentOS/Fedora/RHEL. For other machines, it would be natural to just rely on getentropy (rather standard call).
Apr 11 2023
Apr 11 2023
Partly rewrote gen-html.sh
• werner committed rW0fc432694c83: Fix gen-gnupg.sh output for wixlib files. (authored by • werner).
Fix gen-gnupg.sh output for wixlib files.
Use the standard autogen.sh.
In T6445#169394, @werner wrote:Indeed, this is not implemented. AFAIK, this feature was introduced by PGP 2 to support BBS systems. I would suggest that you use binary messages and implement the chunking at the application level.
The gpgme logs show that gpgtar is called with gpgtar [...] --status-fd 1 [...] --output - [...], i.e. fd 1 is used for status output and for the result output of gpgtar. This cannot work. To me this looks like a flawed implementation of _gpgme_io_pipe() resp. new_fd() in w32-io.c which happily returns 1 as FD on the first call.
Fix gen-gnupg.sh for gpg4win
Add patch for gpgme 1.19.0
What Werner wrote was also my thought. If getrandom is mandatory for FIPS, then it must not be possible to disable it silently.
Update libgpg-error and Libgcrypt
Temporary disable the RunOnce check
What about
Indeed, this is not implemented. AFAIK, this feature was introduced by PGP 2 to support BBS systems. I would suggest that you use binary messages and implement the chunking at the application level.
• gniibe committed rCfa21ddc158b5: random: Use getrandom only when it's appropriate. (authored by • gniibe).
random: Use getrandom only when it's appropriate.
l10n daemon script <scripty@kde.org> committed rLIBKLEO7a728c3aaa6e: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA2b518662b0cd: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA8b626b1834f3: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEO7da6f92a1293: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 10 2023
Apr 10 2023
Fixed in 1.47.
• gniibe added a project to T6443: ntbtls-0.3.1 does not configure against libgpg-error-1.47: ntbtls.
• gniibe changed the status of T6444: pinentry-1.2.1 does not configure against libgpg-error-1.47 from Open to Testing.
• gniibe changed the status of T6442: libgcrypt-1.10.2: getrandom() is not available everywhere from Open to Testing.
• gniibe changed the status of T6443: ntbtls-0.3.1 does not configure against libgpg-error-1.47 from Open to Testing.
• gniibe added a comment to T6257: Without gpg-error-config installed (libgpg-error-1.46) libgcrypt-1.10.1 does not configure.
Fixed in libgcrypt 1.10.2.
@debohman Thank you!
• gniibe committed rE9c17795ec25f: gpgrt-config: Simplify to set gpgrt_libdir. (authored by • gniibe).
gpgrt-config: Simplify to set gpgrt_libdir.
I checked out the master from https://dev.gnupg.org/source/ntbtls.git and that configures and builds. So, the issue is already fixed, I just got ahead of you. Thanks!
Okay!