3.1.0 is released and this issue is to our knowledge fixed.

3.1.0 is released.

Thanks again. Good catch.
In Japanese 39 sounds like "Thank You!", that's indeed appropriate to your report. :-)

Werner it would be great if you could look into this. This is currently my most annoying 2.1. regression. Especially with auto-key-locate it is unintuitive when the Firewall question pops up and appears to come out of nowhere (e.g. adding recipients in GpgOL or in Kleopatra).

I think you are running in the infamous T3459 "As long as the decrypted content of a crypto mail is loaded a mail can't be moved" You have to unselect the mail and then move it without opening it. E.g. by right clicking it. I know this is horrible and it's a major problem but I don't see how we can fix it in our architecture. As we replace the mail content with the decrypted stuff we have to prevent "Write" Events by Outlook. For Move if you block a write event, the move fails. But we don't have any idea in our addon when a write comes from a move. I spent a lot of time on this and have not yet found a good solution. But I think the workaround is kinda ok.

The Bug is here that the Error is not shown properly. In the log:

I changed the title to express the problem.

Thanks for the script.
I confirmed that secring.gpg is not updated when importing key with updated expiration date, by GPG1.
So, for GPG2, it is expired key.

When a command is invoked from Midnight Commander, pseudo tty is used.
You can confirm that by typing tty and see the output of the command after exiting from mc and again typing tty.

I am currently considering improvement of finalizer of libgcrypt, so, this matters.
Looking code, it would be better not to allocate and free the constant,
but use compile time constant data in .text section; Something like: const unsigned char ctr_null[DBRG_CTR_NULL_LEN].

Applied to STABLE-BRANCH-1-4, too.

Good catch. Thanks. Fixed in STABLE-BRANCH-2-2.

Apparently, your /lib/x86_64-linux-gnu/libgpg-error.so.0 is not the one you installed (I mean, libgpg-error version 1.27).
You need to install your new version of libgpg-error so that it is usable.
Please check your ldconfig or LD_LIBRARY_PATH, etc.

works just fine, thx!

With the changes in 3.1.0 I think this is acceptable enough that we can move further improvements to this to a lower priority.
We only support PGP/Inline (no-mime), warn if an attachment is also added. A user could send attachments encrypted on a file basis.

All subtasks are in testing.

I've opened T3895 for a permanent decryption / permanent removal of attachments. Maybe something for 3.2.0 ;-)

So I used a debugger to see if I could garner any additional info. Here's the log:

When an attachment of a crypto mail is removed it now leads to a warning.

In my tests it does work nicely now. We detect the "Send Again" state and correctly handle it. Sign / Encrypt is preselected depending on the state of the original mail. Even works with attachments.

Never seen the crash again.

New version of GnuPG is now packaged.

Argh. I missed that. Probably because I searched for libgpg-error but I myself renamed the tag recently :-(.

Put the check in configure.

To clarify: We already use the getrandom system call if it is available. To map /dev/random to /dev/urandom you can create a file /etc/gcrypt/random.conf with this line:

The following post assumes that we want gpg --search to try to search; meaning that we don't want gpg to exit immediately because of the dead marks, without having sent a single network request to anyone.
The post is a bit long; sorry about that.