I found a problem of possible duplicate registration of another APP, due to no serialization for CARD access.

The resource leak was fixed in: rG40707c8bff49: agent: Fix resource leak for PRIMARY_CTX.

This has also been reported at https://bugs.kde.org/show_bug.cgi?id=477798 (although there a crash occurs). Porting the command to gpgme didn't help, but the remaining problems are in gpg and/or gpgme.

Thanks.

If 7z is used to create a tarball that tarball is then 7z compressed. At least this is how I understand the case.
When gpgtar now tries to extract the file it sees a 7z file and thus emits the octal number warnings because it assumes a tarball (after decryption by gpg).

This problem was also reported at https://bugs.kde.org/show_bug.cgi?id=479567#c1

Fixed and backported for VSD 3.3

I'm now using the name "Compliance Check" for the test if no compliance is active/has been configured. I have also checked all other usages of DeVSCompliance::name() in libkleo and kleopatra to make sure it's only used if compliance is active.

While reviewing this task I noticed that I wrote adding a -p option. This is non-sense, because -p is to preserve permissions at extract time; this is unrelated to the last modification time. Standard tar extract files and set the modification to the one given in the tarball - unless you use -m to use the current time. Thus this task is actually a bug and not a feature request. For backward compatibility this will be done only for gnupg26 for now.

This ticket is obsolete, we did some work on gpgtar since then. Should the issue still occur, please reopen or create a new ticket

I have reverted the commit mentioned by Carl and another text codec related commit for the Qt 5 builds. This will hopefully fix the broken umlauts in the progress messages.

Fixed and backported for VSD 3.3

If compliance is not active, the self-test dialog now shows the test for compliance with just "?" as the test name

Tested with Gpg4win-Beta-70: works for changing expiry date as well as key creation

This looks as if it is resolved. Should I be wrong, you can reopen it.

This seems to have been resolved in 2.4.6 by T7151 or T7160. I don't really remember the details, but at least I don't see anything blocking system shutdown now.

Looking at the Windows "Problem reports" I saw that it lists many crashes of Kleopatra since 2024-06-19. An older Kleopatra (gpg4win-4.3.2-beta15, built on 2024-04-16) does not crash on exit. The next Kleopatra (gpg4win-4.3.2-beta23, built on 2024-07-05) does crash on exit. The reports point to the libkleo DLL.

Gpg4win-Beta-70: This works now, the issue can not be reproduced any more like described

In Gpg4win-Beta-70 it looks like this (audit log is redirected):

Tested with 4win-beta-64. In the subkey tab of the details of a secret key there is now an option "Add ADSK" in the burgher menu, iff the option default-new-key-adsk is set.

Kleopatra shows this option in GnuPG System because gpgconf --list-options gpg-agent lists this option.

ALright, let's go with that latest version (rKLEOPATRAab32b52a6cf8)

High priority since it affects accessibility and was mentioned as problem in the accessibility reports.

This isn't really important at the moment.

Ctrl+A + Ctrl+C to copy to clipboard and Ctrl+V do paste isn't exactly super complicated for people who know how to use the clipboard. -> Low

Applied Tobias installation patch to gpg4win master (vsd33)

We decided that Kleopatra should behave the same way as GnuPG when the user clicks "Wrong". Kleopatra should inform the user that the certificate has been marked as not trusted because of the wrong fingerprint.

As discussed today let's use the following heuristic:

• If we find a certificate for the recipient (sub)key in the key cache (ignoring ADSK subkeys) then list this certificate as recipient.
• Else: If we find a single certificate for the recipient (sub)key in the key cache (including ADSK subkeys) then list this certificate as recipient.
• Else: In a second pass, check if any of the already known recipient certificates has a(n ADSK) subkey matching the unknown recipient (sub)key. In this case list this recipient again (so that formatRecipientsDetails doesn't assume an unknown recipient).
• Else: Count the recipient as unknown.

The option can be enabled/disabled via the GnuPG System configuration in Kleopatra (Private Keys -> Disallow clients to mark keys as "trusted"), i.e. you don't have to edit gpg-agent.conf by hand.

Close ticket. We don't need two tickets for collecting group-related tickets.