Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Jan 21 2026

ikloecker changed the status of T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard from Open to Testing.
In T7455#211913, @ikloecker wrote:
In T7455#211465, @timegrid wrote:

Issues found:

  • The "Finish" button in the "Sign/Encrypt" dialog turns to "Sign/Encrypt" sometimes after successful execution:

I've seen this at least once. No really related to this ticket, but I'll have a quick look.

Jan 21 2026, 1:58 PM · gpd5x, kleopatra
timegrid added a comment to T6732: Visual representation of signature is a bit ugly.

The first time Okular was included is gpg4win-4.2.0:

Jan 21 2026, 1:57 PM · gpd5x, okular
ikloecker committed rKLEOPATRAc35f48d4ad00: Don't update action button if result page is shown (authored by ikloecker).
Don't update action button if result page is shown
Jan 21 2026, 1:54 PM
tfry updated the task description for T8024: Port away from unconditional EWS API usage.
Jan 21 2026, 1:38 PM · gpd5x, gpgol2
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

See here for how it should look like:

Jan 21 2026, 1:33 PM · gpd5x, okular
tfry committed rOJ1c057e8a3f5d: cleanup (authored by tfry).
cleanup
Jan 21 2026, 1:13 PM
tfry committed rOJ36db187715dd: Work around some browsers denying any access to clipboard (authored by tfry).
Work around some browsers denying any access to clipboard
Jan 21 2026, 1:13 PM
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

Jan 21 2026, 12:46 PM · gpd5x, okular
werner shifted T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from the Restricted Space space to the S1 Public space.
Jan 21 2026, 12:40 PM · gnupg26, CVE, TPM, Bug Report
werner shifted T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM from the Restricted Space space to the S1 Public space.
Jan 21 2026, 12:23 PM · CVE, gnupg26, gpgagent, Bug Report
ikloecker claimed T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard.
In T7455#211465, @timegrid wrote:

Issues found:

  • If pgp is preselected, the "Sign..." operation will also check "Encrypt for others":
Jan 21 2026, 12:00 PM · gpd5x, kleopatra
ebo raised the priority of T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys from Normal to High.

setting to High as we need this for T7790

Jan 21 2026, 11:40 AM · Feature Request, S/MIME, OpenPGP, gnupg26
TobiasFella placed T7644: Kleopatra: 'Show Audit Log' in signature verification needs two clicks to open up for grabs.
Jan 21 2026, 11:12 AM · gpd5x (gpd-5.0.0), vsd34, Bug Report, kleopatra
TobiasFella placed T7552: Kleopatra: Add search function to "configuration overview" up for grabs.
Jan 21 2026, 11:10 AM · gpd5x (gpd-5.0.0), vsd34, kleopatra
TobiasFella placed T7581: Kleopatra: Create team key up for grabs.
Jan 21 2026, 11:10 AM · Feature Request, gpd5x, kleopatra
TobiasFella placed T7602: Kleopatra: "Add ADSK" tooltip is long and doesn't wrap up for grabs.
Jan 21 2026, 11:09 AM · gpd5x (gpd-5.0.0), vsd34, kleopatra
TobiasFella placed T7707: Kleopatra: Unformatted fingerprints up for grabs.
Jan 21 2026, 11:09 AM · gpd5x (gpd-5.0.0), vsd34, kleopatra
TobiasFella placed T7008: Kleopatra: New tabs in certficate list should use same column layout as current tab up for grabs.
Jan 21 2026, 11:08 AM · vsd34, gpd5x, kleopatra
TobiasFella closed T7429: Kleopatra: Importing certificate from Verification result dialog doesn't correctly re-verify the signature as Resolved.
Jan 21 2026, 11:06 AM · gpd5x (gpd-5.0.0), kleopatra, Bug Report
ikloecker changed the status of T8042: Kleopatra: Add expired/revoked information to ldap search results from Open to Testing.

Implemented and backported for VSD 3.4

Jan 21 2026, 11:02 AM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker committed rKLEOPATRA828b8e761a01: Cope with missing key filters (authored by ikloecker).
Cope with missing key filters
Jan 21 2026, 11:02 AM
ikloecker committed rKLEOPATRA81022af6abc3: Use de-vs filters for styling bad keys if GnuPG is de-vs compliant (authored by ikloecker).
Use de-vs filters for styling bad keys if GnuPG is de-vs compliant
Jan 21 2026, 11:02 AM
ikloecker committed rKLEOPATRA5117366cc0d3: Add Status column to server lookup result table (authored by ikloecker).
Add Status column to server lookup result table
Jan 21 2026, 11:02 AM
ikloecker committed rKLEOPATRA1fd58988dcec: Cope with missing key filters (authored by ikloecker).
Cope with missing key filters
Jan 21 2026, 10:55 AM
ebo moved T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard from WIP to Backlog on the gpd5x board.
Jan 21 2026, 10:44 AM · gpd5x, kleopatra
werner closed T8032: libksba: Input validation for DER encoded INTEGER as Wontfix.
Jan 21 2026, 10:39 AM · S/MIME, libksba, Bug Report
ikloecker committed rLIBKLEObb53e1f8a820: Add IDs to some key filters (authored by ikloecker).
Add IDs to some key filters
Jan 21 2026, 10:39 AM
TobiasFella placed T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard up for grabs.
Jan 21 2026, 10:38 AM · gpd5x, kleopatra
ikloecker committed rKLEOPATRA9b7fae53a02d: Use de-vs filters for styling bad keys if GnuPG is de-vs compliant (authored by ikloecker).
Use de-vs filters for styling bad keys if GnuPG is de-vs compliant
Jan 21 2026, 10:32 AM
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

The "ca" root cert is not on the ldap, if that matters

Jan 21 2026, 10:23 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
werner changed the status of T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM from Open to Testing.
Jan 21 2026, 10:20 AM · CVE, gnupg26, gpgagent, Bug Report
timegrid renamed T8048: Keyboxd: S/MIME certificate is imported on ldap search from GnuPG: S/MIME certificate is imported on ldap search to Keyboxd: S/MIME certificate is imported on ldap search.
Jan 21 2026, 10:14 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
In T8048#211860, @ikloecker wrote:

some other certificates, but I guess those are from other tests

Jan 21 2026, 10:08 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a project to T8048: Keyboxd: S/MIME certificate is imported on ldap search: Bug Report.
Jan 21 2026, 10:00 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid renamed T8048: Keyboxd: S/MIME certificate is imported on ldap search from Kleopatra: S/MIME certificate is imported on ldap search to GnuPG: S/MIME certificate is imported on ldap search.
Jan 21 2026, 10:00 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

It also happens on CLI:

Jan 21 2026, 9:59 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

With Gpg4win 5.0.0 the LISTKEYS after the server lookup lists the (ephemeral?) ca@gnupg.test certificate and (!) the bob@gnupg.test certificate (and some other certificates, but I guess those are from other tests).

Jan 21 2026, 9:52 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  1. VSD 3.3.4
Jan 21 2026, 9:45 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  1. Gpg4win 5.0.0
Jan 21 2026, 9:44 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
svuorela committed rMTP8610ae2b67e0: Fix Clang's unused-but-set-variable warnings (authored by Gleb Popov <6yearold@gmail.com>).
Fix Clang's unused-but-set-variable warnings
Jan 21 2026, 9:41 AM
svuorela committed rMTP1c670c2d1d5c: Dont error on warnings (authored by svuorela).
Dont error on warnings
Jan 21 2026, 9:38 AM
Gleb Popov <6yearold@gmail.com> committed rMTP456a09b06f78: Fix Clang's unused-but-set-variable warnings (authored by Gleb Popov <6yearold@gmail.com>).
Fix Clang's unused-but-set-variable warnings
Jan 21 2026, 9:31 AM
gniibe created T8049: Null pointer dereference with overlong signature packet.
Jan 21 2026, 7:57 AM · segv, gnupg26, Bug Report
l10n daemon script <scripty@kde.org> committed rLIBKLEO96e7cec6fc1b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 21 2026, 4:29 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEOdcddcca2d183: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 21 2026, 2:52 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd52f5b6fc1ce: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 21 2026, 2:52 AM

Jan 20 2026

ikloecker committed rKLEOPATRAbc537d79f98f: Add Status column to server lookup result table (authored by ikloecker).
Add Status column to server lookup result table
Jan 20 2026, 5:01 PM
ikloecker committed rLIBKLEOb7e0a41f9355: Add IDs to some key filters (authored by ikloecker).
Add IDs to some key filters
Jan 20 2026, 4:39 PM
timegrid moved T7429: Kleopatra: Importing certificate from Verification result dialog doesn't correctly re-verify the signature from Done to gpd-5.0.0 on the gpd5x board.
Jan 20 2026, 3:33 PM · gpd5x (gpd-5.0.0), kleopatra, Bug Report
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  • gpg4win 5.0.0 @ win11
Jan 20 2026, 2:59 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker claimed T8042: Kleopatra: Add expired/revoked information to ldap search results.
Jan 20 2026, 2:49 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

gpgme logs (also of vsd-3.3.4) will be useful.

Jan 20 2026, 2:47 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
werner claimed T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.
Jan 20 2026, 2:44 PM · CVE, gnupg26, gpgagent, Bug Report
werner added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

I have not checked but I guess that the certificate is marked as ephemeal and kleopatra either lists ephemeral certificates or the ephemeral flag got removed to to a validation process,

Jan 20 2026, 2:43 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker committed rKLEOPATRA6cea47c29afc: Ensure that disabled error labels are painted with disabled colors (authored by ikloecker).
Ensure that disabled error labels are painted with disabled colors
Jan 20 2026, 2:40 PM
ikloecker committed rLIBKLEO58b03e14cdab: Ensure that disabled error labels are painted with disabled colors (authored by ikloecker).
Ensure that disabled error labels are painted with disabled colors
Jan 20 2026, 2:39 PM
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

Note: This does not happen on vsd-3.3.4

Jan 20 2026, 2:37 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker changed the status of T7789: Kleopatra: Wrong error message when choosing an expired certificate for encryption from Open to Testing.

Fixed and backported for VSD 3.4

Jan 20 2026, 2:19 PM · vsd34, Bug Report, gpd5x, kleopatra
ikloecker committed rKLEOPATRA69b198a058e6: Show just one error message for keys that are unusable for encryption (authored by ikloecker).
Show just one error message for keys that are unusable for encryption
Jan 20 2026, 2:18 PM
ikloecker committed rKLEOPATRAd4e29e03af64: Show just one error message for keys that are unusable for encryption (authored by ikloecker).
Show just one error message for keys that are unusable for encryption
Jan 20 2026, 2:16 PM
timegrid created T8048: Keyboxd: S/MIME certificate is imported on ldap search.
Jan 20 2026, 1:56 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

None of these certificates are for qualified signatures.

Jan 20 2026, 1:27 PM · gpd5x, okular
svuorela added a comment to T6732: Visual representation of signature is a bit ugly.

Try compare with a gpg4win 3.latest.

Jan 20 2026, 1:27 PM · gpd5x, okular
werner added a comment to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.

I have this fix committed to my working directory:

Jan 20 2026, 12:54 PM · CVE, gnupg26, gpgagent, Bug Report
werner added a project to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM: CVE.

We have no CVE yet. However, CVE is also a good tag for security bugs,

Jan 20 2026, 12:18 PM · CVE, gnupg26, gpgagent, Bug Report
werner renamed T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM from Security (internal) - gpg-agent stack buffer overflow to gpg-agent stack buffer overflow in pkdecrypt using KEM.
Jan 20 2026, 12:10 PM · CVE, gnupg26, gpgagent, Bug Report
ikloecker committed rKLEOPATRA0f635a245542: Do not show (duplicate) hint for expired or revoked user IDs/keys (authored by ikloecker).
Do not show (duplicate) hint for expired or revoked user IDs/keys
Jan 20 2026, 11:28 AM
ikloecker committed rKLEOPATRA88c9adb225f4: Handle disabled keys and otherwise unusable user IDs/keys (authored by ikloecker).
Handle disabled keys and otherwise unusable user IDs/keys
Jan 20 2026, 11:28 AM
ikloecker committed rKLEOPATRA770a385c2ad1: Keep explicitly selected expired or revoked user ID (authored by ikloecker).
Keep explicitly selected expired or revoked user ID
Jan 20 2026, 11:28 AM
ikloecker committed rKLEOPATRA63169fd19a7d: Don't crash with failed assert if expired or revoked user ID is selected (authored by ikloecker).
Don't crash with failed assert if expired or revoked user ID is selected
Jan 20 2026, 11:28 AM
ikloecker committed rKLEOPATRA4e35a07e6c7c: Handle disabled keys and otherwise unusable user IDs/keys (authored by ikloecker).
Handle disabled keys and otherwise unusable user IDs/keys
Jan 20 2026, 11:13 AM
ikloecker committed rKLEOPATRAf7256f877073: Do not show (duplicate) hint for expired or revoked user IDs/keys (authored by ikloecker).
Do not show (duplicate) hint for expired or revoked user IDs/keys
Jan 20 2026, 11:13 AM
ikloecker committed rKLEOPATRA3f8735a0bb59: Keep explicitly selected expired or revoked user ID (authored by ikloecker).
Keep explicitly selected expired or revoked user ID
Jan 20 2026, 11:13 AM
tfry committed rOJ9c9eb07a51d8: Work in progress! This commit is not intended to be merged as is. (authored by tfry).
Work in progress! This commit is not intended to be merged as is.
Jan 20 2026, 9:48 AM
ebo triaged T8042: Kleopatra: Add expired/revoked information to ldap search results as Normal priority.
Jan 20 2026, 9:07 AM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
mfilippov added a comment to T8047: Support secure memory on Windows.

I create diff with implementation via VirtualLock WinAPI: https://dev.gnupg.org/D622

Jan 20 2026, 7:25 AM · Windows, gnupg, Feature Request
mfilippov created T8047: Support secure memory on Windows.
Jan 20 2026, 7:23 AM · Windows, gnupg, Feature Request
gniibe added a comment to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.

On 2026-01-20, I found the message to security@gnupg.org of:
Message-ID: 4e708880-04ac-45bc-8d16-6b585f2652a1n@aisle.com
in may spam folder. It has a 10MB long attachment. That might be one of reasons to be identified as a spam.

Jan 20 2026, 6:42 AM · CVE, gnupg26, gpgagent, Bug Report
gniibe added a comment to T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.

Considering the current implementation (tpm2d doesn't support keyinfo like scdaemon), it would be good to check the buffer size.
(If key information is accessible easily, we can check with a specific key.)

Jan 20 2026, 6:06 AM · gnupg26, CVE, TPM, Bug Report
l10n daemon script <scripty@kde.org> committed rMTPef7e79e47a1a: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 4:51 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO7e990462d5d8: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 4:50 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA2c9ac6484830: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 4:50 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAbc2290ce8fda: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 2:58 AM
l10n daemon script <scripty@kde.org> committed rMTPceff124962d4: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 2:58 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO3a928262d4d4: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 20 2026, 2:57 AM
gniibe created T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Jan 20 2026, 1:54 AM · gnupg26, CVE, TPM, Bug Report
gniibe added projects to T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM: gpgagent, gnupg.
Jan 20 2026, 1:52 AM · CVE, gnupg26, gpgagent, Bug Report
gniibe created T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM.
Jan 20 2026, 1:52 AM · CVE, gnupg26, gpgagent, Bug Report

Jan 19 2026

mlaurent committed rMTP6ed09a37ba9e: Make it compile without warning + add clazy support (authored by mlaurent).
Make it compile without warning + add clazy support
Jan 19 2026, 7:46 PM
tfry committed rOJ8ea66991dc3f: Work in progress (authored by tfry).
Work in progress
Jan 19 2026, 5:07 PM
ikloecker added a comment to T8042: Kleopatra: Add expired/revoked information to ldap search results.

The gpgme logs show that the information for revoked keys should be there. We just need to check for it (and somehow visualize it).

pub:o:3072:1:3DA05D6B0A5998AF:1768822823:1863514800::::::::
fpr:::::::::C70F6D8F32DFE96F5C47C40B3DA05D6B0A5998AF:
uid:o::::::::search (valid) <search@gnupg.test>\r:
Jan 19 2026, 4:13 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
timegrid added a comment to T8042: Kleopatra: Add expired/revoked information to ldap search results.

gpgme.log (vsd 3.3.4):

gpgme_log.vsd334.txt141 KBDownload

Jan 19 2026, 4:02 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker renamed T8042: Kleopatra: Add expired/revoked information to ldap search results from Kleopatra: Add expired/rekoved information to ldap search results to Kleopatra: Add expired/revoked information to ldap search results.
Jan 19 2026, 3:55 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker claimed T7789: Kleopatra: Wrong error message when choosing an expired certificate for encryption.
Jan 19 2026, 3:54 PM · vsd34, Bug Report, gpd5x, kleopatra
ikloecker committed rW26fc779069cb: nsis: Read installed components from 64-bit registry (authored by ikloecker).
nsis: Read installed components from 64-bit registry
Jan 19 2026, 3:09 PM
ikloecker committed rW6e28c6c996b6: nsis: Set correct registry view after (un)installing browser integration (authored by ikloecker).
nsis: Set correct registry view after (un)installing browser integration
Jan 19 2026, 3:09 PM
ikloecker changed the status of T8039: NSIS: Preselection of installed components on reinstall only works with browser integration installed from Open to Testing.

Fixed. The problem was that the selected sections were stored in the 64-bit registry (unless browser integration was installed; see T8038), but they were read from the 32-bit registry.

Jan 19 2026, 3:05 PM · Bug Report, gpd5x, Installer
ikloecker changed the status of T8038: NSIS: Updating line omitted if browser integration is installed from Open to Testing.

Fixed.

Jan 19 2026, 3:03 PM · Bug Report, gpd5x, Installer
ikloecker triaged T8038: NSIS: Updating line omitted if browser integration is installed as Normal priority.

Let's give this Normal priority.

Jan 19 2026, 2:23 PM · Bug Report, gpd5x, Installer
ikloecker claimed T8038: NSIS: Updating line omitted if browser integration is installed.
Jan 19 2026, 2:21 PM · Bug Report, gpd5x, Installer
First
Prev
Next