it's not hard to fix that header to actually provide a sensible write(), avoiding the issue listed on the mailing list, where there was no return to check:
Feed All Stories
May 23 2023
May 23 2023
Angel added a comment to T6501: Check use of write in gpgme's Python bindings.
May 22 2023
May 22 2023
• werner committed rD66d4623e5861: ids: Add published draft-koch-openpgp-webkey-service-16.txt (authored by • werner).
ids: Add published draft-koch-openpgp-webkey-service-16.txt
web: Improve CSS for footnotes.
• werner committed rDe5174f234f90: ids: Prepare draft-koch-openpgp-webkey-service-16 (authored by • werner).
ids: Prepare draft-koch-openpgp-webkey-service-16
• werner added projects to T6500: Keyserver access via http-proxy isn't attempted when using standard-resolver: gnupg24, dns.
Seems it gets a record but is not able to parse it (gnupg/dirmngr/dns-stuff.c:getsrv-standard) in your setup. Not sure why it loops - need to debug it.
mgorny added a comment to T6500: Keyserver access via http-proxy isn't attempted when using standard-resolver.
Ok, it seems that my reproducer isn't correct after all. The user just confirmed that the SRV lookup succeeds on their system, so it seems GPG hits some loop repeating that for no apparent reason.
May 21 2023
May 21 2023
mlaurent committed rKLEOPATRAa45ed988e7b5: It builds against not deprecated kf6 methods (authored by mlaurent).
It builds against not deprecated kf6 methods
mlaurent committed rLIBKLEO74265c6499cb: It compiles without kf6 deprecated methods (authored by mlaurent).
It compiles without kf6 deprecated methods
l10n daemon script <scripty@kde.org> committed rKLEOPATRA74d08f603b66: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
May 20 2023
May 20 2023
mlaurent committed rKLEOPATRA3b8d978e2bd8: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
mlaurent committed rLIBKLEOf1bf8de68e3f: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
May 19 2023
May 19 2023
matthias.wolff added a comment to T6498: Release signing key trust does not work.
On the command line it works. It seem's to be a problem of Kleopatra.
Can you try on the command line, errors might be more specific there. This can be caused for example by a wrong system clock.
• aheinecke added a comment to T2820: GPGME: Allow to set the keyring for a context.
This is not really what the issue here is talking about. This issue was about "merging" multiple keyrings into a single view. If I understand you correctly you want to have matching pubrings and secret key directories for different applications. That is fully covered and what many users do by setting GNUPGHOME through the environment, the --homedir option or the windows registry.
sfought added a comment to T2820: GPGME: Allow to set the keyring for a context.
Did anything get implemented to handle this? We have a central network file share where we store our public and secret key rings. We have several different applications that access these key rings. I'm trying to convert one of them from using gpg.exe via the command line with the --keyring and --secret-keyring paramters to using gpgme, but I don't see a way to specify the keyrings. Any help would be appreciated.
Master is now preparing for 4.2.0
Update gpgol to 2.5.7
dvratil added a comment to T6496: KMail: Fix crash when switching from signed / encrypted mails before verification is done.
Absolutely, I'll prioritize looking at this.
• werner moved T6497: gpgtar does not return failure code to gpgme from Backlog to WiP on the gnupg22 board.
May 19 2023, 1:08 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.2), Bug Report, Restricted Project
• werner moved T6497: gpgtar does not return failure code to gpgme from Backlog to QA on the gnupg24 board.
May 19 2023, 1:07 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.2), Bug Report, Restricted Project
Fixed in 2.4
May 19 2023, 1:07 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.2), Bug Report, Restricted Project
May 19 2023, 12:18 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.2), Bug Report, Restricted Project
Moved this on the workboard to have a better overview.
• ebo added a comment to T6488: Kleopatra: moving decrypted Folder to USB device fails.
Before you ask: I can write on that device and it works with gpgtar on the commandline:
• aheinecke triaged T6496: KMail: Fix crash when switching from signed / encrypted mails before verification is done as High priority.
May 18 2023
May 18 2023
l10n daemon script <scripty@kde.org> committed rLIBKLEO7d42acde5532: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA8737d5f327bd: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
May 17 2023
May 17 2023
• werner added projects to T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled: pinentry, kleopatra.
I see the problem: The Qt Pinentry does not implement the BUTTON_INFO status and thus we don't get a fully canceled error back (gpg-agent maps the cancel error to fully-cancel if the close button was used). Should be easy to fix in pinentry (set pinentry->close_button in the close eventhandler).
mlaurent committed rLIBKLEObe0703e93710: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
mlaurent committed rKLEOPATRAaa7bb1fe921b: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
svuorela updated the task description for T6494: GOST Infos.
• werner moved T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled from gnupg-2.4.1 to gnupg-2.4.2 on the gnupg24 board.
• werner added a comment to T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled.
For me it works if I fully cancel (i.e. close the Window at the first prompt):
• werner changed the edit policy for T6494: GOST Infos.
Require KMime 5.23.0
• ikloecker committed rKLEOPATRA5e57bdc2c531: Require 23.04 version of kmime, don't require optional dependencies (authored by • ikloecker).
Require 23.04 version of kmime, don't require optional dependencies
• ikloecker committed rLIBKLEOb4c747564e46: Require 23.04 version of kpimtextedit (authored by • ikloecker).
Require 23.04 version of kpimtextedit
• ikloecker committed rLIBKLEO2ce0fc710b2e: Make test work with fixed sorting and test sorting (authored by • ikloecker).
Make test work with fixed sorting and test sorting
• ikloecker committed rLIBKLEOf764b2951d74: Sort locale-aware (and case insensitive) (authored by • ikloecker).
Sort locale-aware (and case insensitive)
• ikloecker committed rLIBKLEO6d9651b8497a: Split the proxy model in two models (authored by • ikloecker).
Split the proxy model in two models
Fix sorting of entries
• gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.
For (2-2), there are two use cases in GnuPG.
(A) In call-daemon.c (for SCD and TPM2D), wait_child_thread cares about daemon termination to clean up resources. In this case, it calls waitpid/WaitForSingleObject.
(B) In call-pinentry.c, watch_sock cares about dangling pinentry. When it detects client's EOF on the socket (between the client and gpg-agent), it kills pinentry process. In this case, it calls kill/TerminateProcess.
• gniibe committed rGb789ada2b07a: scd: Fix send_client_notifications for Windows. (authored by • gniibe).
scd: Fix send_client_notifications for Windows.
It seems that it's not necessary
Use KF6ColorScheme
• gniibe committed rAaf34d84651b6: doc: Update documentation for the method spawn and waitpid. (authored by • gniibe).
doc: Update documentation for the method spawn and waitpid.
w32: Use _putenv_s when available.
• gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.
Finished the step to have cleaner semantics of the implementation by: rA6350f796fdd1: w32: Cleaner semantics for PID and Process handle.
Clarified the fact (1-1).
And as a bonus, when it's "cygwin" mode, peer (client) process ID is now available.
• gniibe committed rA316fae440197: w32: File handle passing to server is now supported. (authored by • gniibe).
w32: File handle passing to server is now supported.
• gniibe committed rA5d1cdaaa03c6: Don't use ASSUAN_INVALID_PID for assuan_pid_t value. (authored by • gniibe).
Don't use ASSUAN_INVALID_PID for assuan_pid_t value.
• gniibe committed rA6350f796fdd1: w32: Cleaner semantics for PID and Process handle. (authored by • gniibe).
w32: Cleaner semantics for PID and Process handle.
Fix comments.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA47c4381789c3: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
May 16 2023
May 16 2023
GIT_SILENT: remove unused variable
mlaurent committed rKLEOPATRA1282b15780c0: GIT_SILENT: remove unused variable (authored by mlaurent).
GIT_SILENT: remove unused variable
• werner added a comment to T5576: New set of API for public key cryptography.
Just let me note that we used to have such an API : the former gcry_ac_ functions. However, it turned out that they were more complicated to use.
swdb: gpgol-2.5.7
• werner added a comment to rGd22106276947: w32: Also use _putenv_s for gnupg_unsetenv..
FWIW, we should anyway move on Widnows to the gpgrt provided setenv and getenv which are directly based on the W32API. The problem here is only that we have a lot of getenv in out code and need a wrapper. That wrapper would then also need to provide a static string as getenv does. A first step would be to wrap all getenv into gnupg-getenv calls.
Post release version bump
Auto update po files
Update NEWS for todays release
Was resolved, see T4457
• gniibe committed rGd22106276947: w32: Also use _putenv_s for gnupg_unsetenv. (authored by • gniibe).
w32: Also use _putenv_s for gnupg_unsetenv.
• ikloecker moved T5903: Kleopatra: Add refresh button in certificatedetails from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ikloecker changed the status of T6330: Kleopatra: Additional Expiry handling from Open to Testing.
The warning is now removed immediately, when the input field becomes empty.
• ikloecker committed rKLEOPATRA7439a5e0c9c6: Remove expiry message if input field is cleared (authored by • ikloecker).
Remove expiry message if input field is cleared
• ikloecker committed rKLEOPATRAd2aa4e331698: Unify behavior of completion handling (authored by • ikloecker).
Unify behavior of completion handling
• ebo triaged T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled as High priority.
• ikloecker added a comment to T6473: Kleopatra: "Change Validity" does ignore the option "Also update the validity period of the subkeys".
And when I set the validity to never expire (works) and afterwards set it to a date again, the date is now only set for the main key
Update: This is as designed, see https://dev.gnupg.org/T6473#170299 point one.
This bothers me a bit, as I find it confusing. Werner suggested for subkeys without explicit expiry date we could show in Kleopatra the expiry date of the main key in grey to make it visually obvious that a subkey will expire implicitly when the main key expires.
What do you think?
closing, as setting a password on a key without password works (at least in current gpg4win version). For improvement of the user guidance see T6436.
w32: Use _putenv_s.
• ebo added a comment to T6473: Kleopatra: "Change Validity" does ignore the option "Also update the validity period of the subkeys".
And when I set the validity to never expire (works) and afterwards set it to a date again, the date is now only set for the main key
Update: This is as designed, see https://dev.gnupg.org/T6473#170299 point one.
• gniibe renamed T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control from libassuan: Deprecate assuan_get_pid and improve use cases for process control to libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.
Fix wrong return type for functions.
• gniibe committed rT1fe9e9b5597c: build: Sync libtool from libgpg-error for 64-bit Windows. (authored by • gniibe).
build: Sync libtool from libgpg-error for 64-bit Windows.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA62683e5dbf2b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe committed rMe622e36f1f32: build: Sync to libtool from libgpg-error for 64-bit Windows. (authored by • gniibe).
build: Sync to libtool from libgpg-error for 64-bit Windows.
• gniibe committed rKa920c2ff1a72: build: Sync libtool from libgpg-error for 64-bit Windows. (authored by • gniibe).
build: Sync libtool from libgpg-error for 64-bit Windows.
• gniibe committed rC01c0185e6360: build: Sync libtool from libgpg-error for 64-bit Windows. (authored by • gniibe).
build: Sync libtool from libgpg-error for 64-bit Windows.
l10n daemon script <scripty@kde.org> committed rKLEOPATRAbf2ffe023fe1: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe changed the status of T6484: dll: 64-bit different name for libgcrypt, libksba, ntbtls, and gpgme from Open to Testing.
Pushed changes for those libraries.
• gniibe renamed T6484: dll: 64-bit different name for libgcrypt, libksba, ntbtls, and gpgme from dll: 64-bit different name for libgcrypt, libksba, and ntbtls to dll: 64-bit different name for libgcrypt, libksba, ntbtls, and gpgme.
w32: Remove support of Windows 95/98/Me.
May 15 2023
May 15 2023
GnuPG is and can't be FIPS-140-3 compliant due to the way it is implemented. We may eventually employ the new hash-and-sign API of Libgcrypt to move into this direction but that has not yet been done. However, this also requires the use of the new indicator API and the, well, a RedHat kernel.
• werner closed T6490: GPG 2.4.0 encrypting files with `--openpgp` flag does not make the encrypted file adhere to OpenPGP RFC as Resolved.
--openpgp means the current OpenPGP standard as implemented by GnuPG. This was important in the first few years of OpenPGP but not anymore today. The option --rfc4880 might be what you want. Please keep also in mind that the preference list declares what a concrete implementation supports and not necessary what's in an RFC.