- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jun 19 2023
Jun 19 2023
swdb: libksba 1.6.4
Update libksba and libassuan
• ebo closed T5864: Kleopatra: Configure min and max values for validity in Newcertificatewizard as Resolved.
works
cklassen committed rW8134d38b0cc0: removed email address as text from support page (authored by cklassen).
removed email address as text from support page
swdb: libassuan 2.5.6
Post release updates
Release 2.5.6
cklassen committed rWa7f96bf32997: replaced image for intro and let users click on it to open it (authored by cklassen).
replaced image for intro and let users click on it to open it
l10n daemon script <scripty@kde.org> committed rLIBKLEO98f24729dded: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Here is a possible change (... to master, assuming it's good to support use case of RFC 8702):
diff --git a/cipher/keccak.c b/cipher/keccak.c index 22c40302..76e08cb5 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -1630,8 +1630,8 @@ const gcry_md_spec_t _gcry_digest_spec_sha3_512 = const gcry_md_spec_t _gcry_digest_spec_shake128 = { GCRY_MD_SHAKE128, {0, 1}, - "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0, - shake128_init, keccak_write, keccak_final, NULL, keccak_extract, + "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 32, + shake128_init, keccak_write, keccak_final, keccak_read, keccak_extract, _gcry_shake128_hash_buffers, sizeof (KECCAK_CONTEXT), run_selftests @@ -1639,8 +1639,8 @@ const gcry_md_spec_t _gcry_digest_spec_shake128 = const gcry_md_spec_t _gcry_digest_spec_shake256 = { GCRY_MD_SHAKE256, {0, 1}, - "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0, - shake256_init, keccak_write, keccak_final, NULL, keccak_extract, + "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 64, + shake256_init, keccak_write, keccak_final, keccak_read, keccak_extract, _gcry_shake256_hash_buffers, sizeof (KECCAK_CONTEXT), run_selftests
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Reading RFC 8702, I realized that it defines the hash size in the use of CMS as: SHAKE128 : 32-byte SHAKE256 : 64-byte.
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
l10n daemon script <scripty@kde.org> committed rKLEOPATRAe70262a60420: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEO8705dfbe95fe: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rKLEOPATRAe23298a0ed0e: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rKLEOPATRAf9f6c052de96: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Jun 18 2023
Jun 18 2023
l10n daemon script <scripty@kde.org> committed rLIBKLEO39cbf055b2ee: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA831152964ca8: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOa4fecee87e03: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA2f5fa85c15f6: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jun 17 2023
Jun 17 2023
mlaurent committed rKLEOPATRA940ea3986ddb: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
l10n daemon script <scripty@kde.org> committed rKLEOPATRAc7f6b2a266be: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd877b9150335: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jun 16 2023
Jun 16 2023
• werner triaged T6540: gpgsm creates invalid CSR (invalid signature) when given invalid subject name as Normal priority.
Use Kleopatra which constructs the DN for you ;-).
I tested this with OpenPGP and 2.4.3-beta19 on Windows. Worked nicely.
Jun 16 2023, 2:39 PM · gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.3), Feature Request, Restricted Project, Windows
• aheinecke committed rM5811d069d3b3: qt, cpp: Support larger size-hint on 32 bit builds (authored by • aheinecke).
qt, cpp: Support larger size-hint on 32 bit builds
• aheinecke committed rMcbcea4a09b13: cpp: Expose gpgme_data_set_flag through cpp API (authored by • aheinecke).
cpp: Expose gpgme_data_set_flag through cpp API
Fix okular patches
• werner committed rA0fc31770fa62: Flush data before clearing the confidential flag. (authored by • werner).
Flush data before clearing the confidential flag.
build: Fix listing m4 files.
build: Better cross build support.
• werner committed rA32d9abf299ec: tests: Use -no-fast-install LDFLAGS for Windows. (authored by • gniibe).
tests: Use -no-fast-install LDFLAGS for Windows.
build: Update gpg-error.m4.
• werner committed rA2283ab4c0c2d: doc: Update the description about pkg-config. (authored by • gniibe).
doc: Update the description about pkg-config.
• werner committed rA84d5349d2303: build: Update config.guess, config.sub, and config.rpath. (authored by • gniibe).
build: Update config.guess, config.sub, and config.rpath.
build: Update gpg-error.m4.
• werner committed rAc15ebc70c22f: Fix an explanation for socket on Windows. (authored by • gniibe).
Fix an explanation for socket on Windows.
Don't access NULL by wipememory.
build: Update gpg-error.m4.
Fix the previous commit.
• werner committed rA5ac7e6ba19fa: server,client: Wipe the outbound buffer when CONFIDENTIAL. (authored by • gniibe).
server,client: Wipe the outbound buffer when CONFIDENTIAL.
• werner committed rAaac300389210: client: Wipe the inbound buffer when CONFIDENTIAL. (authored by • gniibe).
client: Wipe the inbound buffer when CONFIDENTIAL.
• werner committed rA4bfcd8a0f6f3: server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL. (authored by • gniibe).
server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL.
Next release will be 3.0
• werner committed rA049b8001f163: Flush data before clearing the confidential flag. (authored by • werner).
Flush data before clearing the confidential flag.
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).
Fixed in both of master and 1.10 branch.
• gniibe committed rC70b1b036f3ee: tests: Allow KDF measurement in FIPS mode. (authored by • gniibe).
tests: Allow KDF measurement in FIPS mode.
• gniibe committed rCf4bff832c7f5: cipher:kdf: Move FIPS mode check to _gcry_kdf_derive. (authored by • gniibe).
cipher:kdf: Move FIPS mode check to _gcry_kdf_derive.
• gniibe changed the status of T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution from Open to Testing.
• gniibe claimed T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution.
For libgcrypt, initially when the code was put, it made some sense.
Now, it's useless, so, let's simply remove the message.
• gniibe committed rC6c79dcddd151: Remove out of core handler setting message in FIPS mode. (authored by • gniibe).
Remove out of core handler setting message in FIPS mode.
cipher:ecc: Implement PCT for EdDSA.
• gniibe committed rC97f4a94d5960: build: Detect broken GCC for x86/AVX512 intrinsics. (authored by • gniibe).
build: Detect broken GCC for x86/AVX512 intrinsics.
cipher:ecc: Add selftests for EdDSA.
tests: EdDSA keys work in FIPS mode
ecc: Enable Ed25519 and Ed448 in FIPS mode
l10n daemon script <scripty@kde.org> committed rKLEOPATRA349e93a64322: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jun 15 2023
Jun 15 2023
• werner moved T6477: WKD redirects and dirmngr redirect rewriting from WiP to QA on the gnupg24 board.
I have now disabled the rewriting in the 2.4 branch. Those who want to keep the old behaviour may add
• werner committed rG0a63afc79a04: dirmngr: Disable the HTTP redirect rewriting. (authored by • werner).
dirmngr: Disable the HTTP redirect rewriting.
• werner committed rGbf04b07327a5: dirmngr: New option --compatibility-flags. (authored by • werner).
dirmngr: New option --compatibility-flags.
• werner moved T6477: WKD redirects and dirmngr redirect rewriting from Backlog to WiP on the gnupg24 board.
• werner lowered the priority of T6524: Kleopatra / Gpgtar: Cancel does not kill the job from Unbreak Now! to High.
gpgsm: New option --input-size-hint.
• werner committed rG2178f35dffdc: gpg: New option --no-compress as alias for -z0. (authored by • werner).
gpg: New option --no-compress as alias for -z0.
gpgtar: New option --no-compress.
mlaurent committed rKLEOPATRA05d5f20d7629: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
• ikloecker committed rKLEOPATRA04adbffa2aee: Add missing getter for output file name (authored by • ikloecker).
Add missing getter for output file name
• ebo closed T6154: Kleopatra: Assert in CertifyCertificateCommand after setting ownertrust of key as Resolved.
could not trigger it with the described steps on windows
• ikloecker committed rKLEOPATRAa15434ddc59b: Check for existing files before starting any encryption tasks (authored by • ikloecker).
Check for existing files before starting any encryption tasks
• ikloecker committed rKLEOPATRA31f84464df70: Only ask the user for overwrite permission if file exists (authored by • ikloecker).
Only ask the user for overwrite permission if file exists
• ikloecker committed rKLEOPATRA2a304b8f5a08: Use custom label text only for progress label (authored by • ikloecker).
Use custom label text only for progress label
• ikloecker committed rKLEOPATRAd4a5f9c2512e: Let OverwritePolicy take care of asking users whether to overwrite a file (authored by • ikloecker).
Let OverwritePolicy take care of asking users whether to overwrite a file
• ikloecker committed rKLEOPATRA9c9027f85254: Fix removing of temporary files with UNC paths (authored by • ikloecker).
Fix removing of temporary files with UNC paths
core: Send a input-size-hint for gpgsm.
works for 4,1 GB, too.
(Tested with Gpg4win-4.2.0-beta346)