- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 8 2021
Thank you.
Applied both to STABLE-BRANCH-2-2 and master (changing new function name).
So, in my opinion, applying the patch for ElGamal exponent blinding is enough (for now).
For DSA, I had assumed similar attack could be effective.
CC_FOR_BUILD is used for building executables for the build machine.
CC_FOR_BUILD may be different to CC (for target).
For gpgrt_wait_processes, I modified it to skip invalid PID.
The change is: rE956c40f106ea: core: Fix gpgrt_wait_processes, by skipping invalid PID.
Apr 7 2021
Yes, will be fixed but it has no severity because the fault is actually by the caller.
Referencing external patches is not sufficient
What is vcpkg?
Sorry, I can't parse your message. Please describe the problem or feature requests. Referencing external patches is not sufficient. What is vcpkg?
Thanks. I understand that this is no big issue in the test code, but half of the code paths have proper cleaning already so fixing it once should save anyone in the future going through the same issues over and over again during our releases or anyone else who would run your code through static analyzer.
Thank you.
For get_attr_l, I pushed a fix as rE89a353f418f5: build: Fix gpgrt-config for handling 'Requires' field.
Apr 6 2021
Actually I don't care about releasing resources for regression test failures.
The other missing free is for code which is commented out (#if 0) but should eventually be fixed.
Note that rndjent.c is already build with -O0 as can be seen in example above. That warning could be silenced by surrounding pragma with #ifdef __OPTIMIZE__ (with should be supported by GCC and Clang).
FYI, I sent DCO to gnupg-devel@gnupg.org some moments ago, so I hope it arrived correctly.
with the next GnuPG version (2.2.28 and 2.3.0) you can do a read
Apr 5 2021
Apr 4 2021
This feature does not use Outlook per se.. It's a problem with Exchange really. An Exchange Add-in would be needed to solve it, an Outlook add-in such as Gpgol can't do anything about it..
Apr 2 2021
Apr 1 2021
Seems that it is not a coincidence that Wayland starts with a W like Windows. ;-)
IIUC... Could you please try this patch?
diff --git a/random/rndlinux.c b/random/rndlinux.c index a7a78906..c20c5d4c 100644 --- a/random/rndlinux.c +++ b/random/rndlinux.c @@ -35,10 +35,13 @@ #if defined(__APPLE__) && defined(__MACH__) #include <Availability.h> #ifdef __MAC_10_11 +#include <TargetConditionals.h> +#if !defined(TARGET_OS_IPHONE) || TARGET_OS_IPHONE == 0 extern int getentropy (void *buf, size_t buflen) __attribute__ ((weak_import)); #define HAVE_GETENTROPY #endif #endif +#endif #if defined(__linux__) || !defined(HAVE_GETENTROPY) #ifdef HAVE_SYSCALL # include <sys/syscall.h>
Fixed in 1.42.
Mar 31 2021
Looks good to me: "make && make check" passes.
Our tentative plan is:
This is a bit more complex for us. I have often noticed the pattern of Windows users that if something does not work as expected they click "Run as Administrator". When they do that once with our software our backend software gnupg is also started with elevated privileges, it might create lock files with elevated permissions it might create data files. For example a user then generates a new key, but already had some keys the public key will be placed in the existing keyring and the permissions will not be changed. But the new key files created will be created with elevated privileges. Then the user runs Kleopatra again as normal user and reports bugs because he cannot access his newly created key files.
Good catch, we need to update at several places.
FWIW, in GnuPG we use
It seems you still don’t get what was wrong about this issue. There is no opposition to separation of roles (which is, however, a rather complex topic that involves determining a threat model and only then defining what is right or even mentoring what one must) — this is about unconcerned communication, the very way error message is written, implying that the rest steps are widely known, could be guessed or found on your own. For example, I have 20+ years of experience as a beta tester and didn’t get what was required from me to do to make Kleopatra work again, hence the outbreak. To have an example of good communication, try Veracrypt. Bottom line: software is meant to be a solution, not just pieces of code displaying windows and messing with files.
I was wrong in my last comment. Escaping by another \ is needed.
Mar 30 2021
It should be fixed with 49ad2b0e05e3fcb8c8c2e23bb1c6063b390dee02, though I don’t have a gcc-10 to check. It does work with gcc-9.3 with -fno-common.