Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Jan 27 2026

werner committed rG11b7e4139e82: gpg: Fix possible NULL-deref with overlong signature packets. (authored by werner).
gpg: Fix possible NULL-deref with overlong signature packets.
Jan 27 2026, 6:51 PM
werner committed rG93fa34d9a346: tpm: Fix possible buffer overflow in PKDECRYPT (authored by werner).
tpm: Fix possible buffer overflow in PKDECRYPT
Jan 27 2026, 6:51 PM
werner committed rGc3e387427977: po: Update Swedish translation (authored by Daniel Nylander <github@danielnylander.se>).
po: Update Swedish translation
Jan 27 2026, 6:51 PM
werner committed rGeba28eeaa1b1: agent: Add accelerator keys for "Wrong" and "Correct". (authored by werner).
agent: Add accelerator keys for "Wrong" and "Correct".
Jan 27 2026, 6:51 PM
werner committed rG2438271ab601: agent: Fix stack buffer overflow when using gpgsm and KEM (authored by werner).
agent: Fix stack buffer overflow when using gpgsm and KEM
Jan 27 2026, 6:51 PM
bernhard added a comment to T8059: Gpg4win: Change bug report address to a Gpg4win-specific address.

This ticket is explicitly about Kleopatra included in Gpg4win.

Jan 27 2026, 6:43 PM · needs discussion, gpd5x, kleopatra, gpg4win
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2026q1/000501.html on T7996: Release GnuPG 2.5.17 (security).
Jan 27 2026, 5:52 PM · CVE, gnupg, Release Info
ikloecker added a comment to T8059: Gpg4win: Change bug report address to a Gpg4win-specific address.
In T8059#212270, @bernhard wrote:

Kleopatra is also run on GNU/Linux Distributions.

Jan 27 2026, 5:34 PM · needs discussion, gpd5x, kleopatra, gpg4win
werner committed rD400df30db64e: Security announcement (authored by werner).
Security announcement
Jan 27 2026, 5:34 PM
werner updated the task description for T8060: Release Gpg4win 5.0.1.
Jan 27 2026, 5:28 PM · gpg4win, Release Info
werner committed rDc5bbc42c40a6: swdb: GnuPg 2.5.17 and Gpg4win 5.0.1 (authored by werner).
swdb: GnuPg 2.5.17 and Gpg4win 5.0.1
Jan 27 2026, 5:26 PM
werner closed T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` as Resolved.
Jan 27 2026, 5:18 PM · gnupg26, CVE, TPM, Bug Report
werner closed T8049: Null pointer dereference with overlong signature packet as Resolved.
Jan 27 2026, 5:17 PM · segv, gnupg26, Bug Report
werner closed T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select? as Resolved.
Jan 27 2026, 5:17 PM · gnupg, pinentry, Bug Report
werner renamed T8049: Null pointer dereference with overlong signature packet from Security (internal) - Aisle Research report: Null pointer dereference with overlong signature packet to Null pointer dereference with overlong signature packet.
Jan 27 2026, 5:16 PM · segv, gnupg26, Bug Report
werner changed the visibility for T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`.
Jan 27 2026, 5:12 PM · gnupg26, CVE, TPM, Bug Report
werner closed T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM as Resolved.
Jan 27 2026, 5:12 PM · CVE, gnupg26, gpgagent, Bug Report
werner changed the visibility for T7996: Release GnuPG 2.5.17 (security).
Jan 27 2026, 5:11 PM · CVE, gnupg, Release Info
bernhard added a comment to T8059: Gpg4win: Change bug report address to a Gpg4win-specific address.

Kleopatra is also run on GNU/Linux Distributions.

Jan 27 2026, 4:20 PM · needs discussion, gpd5x, kleopatra, gpg4win
werner added a comment to T7996: Release GnuPG 2.5.17 (security).

This is a security update

Jan 27 2026, 3:47 PM · CVE, gnupg, Release Info
werner renamed T7996: Release GnuPG 2.5.17 (security) from Release GnuPG 2.5.17 to Release GnuPG 2.5.17 (security).
Jan 27 2026, 3:44 PM · CVE, gnupg, Release Info
ebo moved T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from Backlog to Done on the gnupg26 board.
Jan 27 2026, 2:34 PM · gnupg26, CVE, TPM, Bug Report
ebo edited projects for T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT`, added: gnupg26; removed gnupg.
Jan 27 2026, 2:33 PM · gnupg26, CVE, TPM, Bug Report
ebo moved T8044: gpg-agent stack buffer overflow in pkdecrypt using KEM from Backlog to Done on the gnupg26 board.
Jan 27 2026, 2:31 PM · CVE, gnupg26, gpgagent, Bug Report
ebo closed T7990: export-minimal unexpectedly omits expired key as Resolved.

Option works in Gpg4win-5.0.1 with GnuPG 2.5.17

Jan 27 2026, 2:29 PM · gnupg26, Feature Request, Gentoo
ebo moved T6623: Kleopatra hangs "Loading certificate cache" on Windows 10 from Done to gpd-5.0.0 on the gpd5x board.
Jan 27 2026, 1:59 PM · gpd5x (gpd-5.0.0), kleopatra
ebo moved T4581: Kleopatra stuck in loading the certificate cache from Done to gpd-5.0.0 on the gpd5x board.
Jan 27 2026, 1:59 PM · gpd5x (gpd-5.0.0), gpg4win, kleopatra, Bug Report
ebo moved T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Done to gpd-5.0.0 on the gpd5x board.
Jan 27 2026, 1:58 PM · gpd5x (gpd-5.0.0), gnupg, kleopatra
ebo moved T8026: Kleopatra: Export of multiple S/MIME certificates only exports one from Done to gpd-5.0.1 on the gpd5x board.
Jan 27 2026, 1:58 PM · gpd5x (gpd-5.0.1), gnupg26, Bug Report
ebo created gpd5x (gpd-5.0.1).
Jan 27 2026, 1:57 PM
ebo closed T8026: Kleopatra: Export of multiple S/MIME certificates only exports one as Resolved.
Jan 27 2026, 1:54 PM · gpd5x (gpd-5.0.1), gnupg26, Bug Report
ebo moved T8026: Kleopatra: Export of multiple S/MIME certificates only exports one from WIP to Done on the gnupg26 board.

works in Gpg4win 5.0.1 with GnuPG 2.5.17

Jan 27 2026, 1:52 PM · gpd5x (gpd-5.0.1), gnupg26, Bug Report
werner added a comment to T8028: Release Gpg4win 5.0.0.

Gpg4win 5.0.0 (2026-01-14)

Jan 27 2026, 11:45 AM · gpg4win, Release Info
werner triaged T8060: Release Gpg4win 5.0.1 as High priority.
Jan 27 2026, 11:45 AM · gpg4win, Release Info
ikloecker created T8059: Gpg4win: Change bug report address to a Gpg4win-specific address.
Jan 27 2026, 9:02 AM · needs discussion, gpd5x, kleopatra, gpg4win
tfry committed rOJ9722d1b87d4a: Cleanups (authored by tfry).
Cleanups
Jan 27 2026, 8:23 AM
tfry committed rOJ2262c655ee91: Request API permissions based on type of installation (authored by tfry).
Request API permissions based on type of installation
Jan 27 2026, 8:23 AM
l10n daemon script <scripty@kde.org> committed rMTPd1cdd6f6abf2: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 27 2026, 4:25 AM
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRAd15e118981ac: GIT_SILENT Upgrade release service version to 25.12.2. (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Upgrade release service version to 25.12.2.
Jan 27 2026, 2:00 AM
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRA52ede8008647: GIT_SILENT Update Appstream for new release (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Update Appstream for new release
Jan 27 2026, 2:00 AM
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRAb1ab409dfc5d: GIT_SILENT Update Appstream for new release (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Update Appstream for new release
Jan 27 2026, 2:00 AM

Jan 26 2026

tfry committed rOJf3021f1be3fe: Fix copy-and-update graph implementaion; add send mail implementation (authored by tfry).
Fix copy-and-update graph implementaion; add send mail implementation
Jan 26 2026, 4:39 PM
tfry committed rOJ0d5f7d38296a: Send mails via abstracted API (authored by tfry).
Send mails via abstracted API
Jan 26 2026, 4:39 PM
tfry committed rOJ6750a5550794: Implement further basic mail jobs, and start porting reencrypt code (authored by tfry).
Implement further basic mail jobs, and start porting reencrypt code
Jan 26 2026, 4:39 PM
ebo triaged T8058: Draft: Kleopatra: Upload specific variant needed for the export warning in case of uncertified certificates as Normal priority.
Jan 26 2026, 4:16 PM · gpd5x, kleopatra
ebo renamed T7496: Kleopatra: Unify the UI process for server upload (-> small string change) from Kleopatra: Unify the UI process for server upload to Kleopatra: Unify the UI process for server upload (-> small string change).
Jan 26 2026, 4:04 PM · gpd5x, kleopatra
ebo added a parent task for T6769: Kleopatra: Change warning on keyserver upload: T8057: Certificate upload related improvements.
Jan 26 2026, 2:57 PM · vsd33 (vsd-3.3.0), Restricted Project, kleopatra
ebo added a parent task for T7495: Kleopatra: Improve success message on keyserver upload: T8057: Certificate upload related improvements.
Jan 26 2026, 2:57 PM · vsd34, gpd5x (gpd-5.0.0), kleopatra
ebo added a parent task for T7496: Kleopatra: Unify the UI process for server upload (-> small string change): T8057: Certificate upload related improvements.
Jan 26 2026, 2:57 PM · gpd5x, kleopatra
ebo added a parent task for T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver: T8057: Certificate upload related improvements.
Jan 26 2026, 2:57 PM · gpd5x (gpd-5.0.2), vsd34, kleopatra
ebo added subtasks for T8057: Certificate upload related improvements: T7495: Kleopatra: Improve success message on keyserver upload, T6769: Kleopatra: Change warning on keyserver upload, T7496: Kleopatra: Unify the UI process for server upload (-> small string change), T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver.
Jan 26 2026, 2:57 PM · kleopatra
ebo triaged T8057: Certificate upload related improvements as Normal priority.
Jan 26 2026, 2:54 PM · kleopatra
ebo added a project to T7495: Kleopatra: Improve success message on keyserver upload: vsd34.
Jan 26 2026, 2:48 PM · vsd34, gpd5x (gpd-5.0.0), kleopatra
ebo closed T7579: Kleopatra: improve menu items as Resolved.
Jan 26 2026, 2:38 PM · gpd5x (gpd-5.0.0), kleopatra
ebo closed T7674: Kleopatra: Restore behavior of RSAKeySizes and PGPKeyType as Resolved.
Jan 26 2026, 2:29 PM · vsd33 (vsd-3.3.3), kleopatra
ebo triaged T8056: Support config options RSAKeySizes and PGPKeyType for Kf6 as Normal priority.
Jan 26 2026, 2:29 PM · gpd5x (gpd-5.0.2), kleopatra
ebo placed T6568: Kleopatra: make table column headings accessible up for grabs.
Jan 26 2026, 2:01 PM · gpd5x (gpd-5.0.2), vsd34, a11y, kleopatra
ebo placed T6874: Kleopatra subkey management improvements up for grabs.
Jan 26 2026, 1:59 PM · kleopatra
timegrid added a comment to T8052: GnuPG: First listing of secret keys is empty.

To reproduce the hang, a loop will suffice (usually happens within the first 15 times, once it needed 50 runs):

Jan 26 2026, 11:39 AM · gpd5x (gpd-5.0.2), gpgrt, Bug Report, gpgagent, gnupg26
timegrid removed a project from T6587: GpgME++ / QGpgME MSVC build: Restricted Project.
Jan 26 2026, 11:22 AM · gpgme
ikloecker changed the status of T6537: Make KIO::move work on Windows when moving between different partitions, a subtask of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination, from Testing to Open.
Jan 26 2026, 11:20 AM · Feature Request, gpd5x, kleopatra
ikloecker changed the status of T6537: Make KIO::move work on Windows when moving between different partitions from Testing to Open.

This is still open. It cannot be tested because Gpg4win still doesn't use KIO::move on Windows (because the above patch has not yet been merged).

Jan 26 2026, 11:20 AM · gpd5x, kleopatra
ikloecker changed the status of T6537: Make KIO::move work on Windows when moving between different partitions, a subtask of T6851: Kleopatra: Allow users to change name of decryption result if file already exists, from Testing to Open.
Jan 26 2026, 11:20 AM · vsd33 (vsd-3.3.0), kleopatra, Restricted Project
timegrid added a comment to T8053: GpgSM: `log-file` is ignored.

There's no other configuration, this happens with a clean gnupghome with one smime cert + root cert and the above gpgsm.conf (output on stdin/stderr):

Jan 26 2026, 11:18 AM · gpd5x, Bug Report, S/MIME, gnupg26
ikloecker added a comment to T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination.

I think this is still open (and requires T6537: Make KIO::move work on Windows when moving between different partitions).

Jan 26 2026, 11:15 AM · Feature Request, gpd5x, kleopatra
ikloecker added a comment to T6587: GpgME++ / QGpgME MSVC build.

This is not yet fixed. KDE still applies a patch to gpgmepp (and gpgmeqt) to ifdef a few GCCisms.

Jan 26 2026, 11:13 AM · gpgme
tfry committed rOJc96c4628b833: Implement copy-and-update mail operation using Graph API (authored by tfry).
Implement copy-and-update mail operation using Graph API
Jan 26 2026, 9:13 AM

Jan 25 2026

mfilippov added a comment to T8047: Support secure memory on Windows.

@werner I added an implementation https://dev.gnupg.org/D622
that matches Linux behavior and avoids the message about secure memory not being supported on Windows. The change is scoped to the pinentry tool and intentionally follows Linux behavior. Does this approach look reasonable to you?

Jan 25 2026, 9:02 PM · Windows, gnupg, Feature Request
werner committed rE9b7c3438a3c9: po: Update Swedish translation. (authored by Daniel Nylander <github@danielnylander.se>).
po: Update Swedish translation.
Jan 25 2026, 6:30 PM
werner added a comment to T8049: Null pointer dereference with overlong signature packet.

Reconsidering this all I don't think it makes any sense to distinguish between (-1) and GPG_ERR_INV_PACKET. We use (-1) for a too short read of the hashed or unhashed area (premature eof). INV_PACKET is for unknown versions, too much data (arbitrary limit), bad parameters, and underflow. Let's forget my previous comment and always use INV_PACKET.

Jan 25 2026, 5:23 PM · segv, gnupg26, Bug Report
werner changed the status of T8045: Stack-based buffer overflow in TPM2 `PKDECRYPT` from Open to Testing.
Jan 25 2026, 5:02 PM · gnupg26, CVE, TPM, Bug Report
werner triaged T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select? as Low priority.
Jan 25 2026, 4:38 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

I think "O" is a better key:

Jan 25 2026, 4:37 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

We need to change the accelerator. Right now gpg-agent uses

Jan 25 2026, 4:14 PM · gnupg, pinentry, Bug Report
ametzler1 created T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.
Jan 25 2026, 7:47 AM · gnupg, pinentry, Bug Report
l10n daemon script <scripty@kde.org> committed rKLEOPATRA1d48a2d22924: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 25 2026, 2:46 AM

Jan 24 2026

mlaurent committed rKLEOPATRAc99e87af987a: Add lsan CI support (authored by mlaurent).
Add lsan CI support
Jan 24 2026, 3:23 PM
mlaurent committed rMTP2a204bce0c6f: Add lsan CI support (authored by mlaurent).
Add lsan CI support
Jan 24 2026, 3:22 PM
l10n daemon script <scripty@kde.org> committed rLIBKLEObe6a850fc5d2: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 24 2026, 2:47 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA4509b2383e1e: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 24 2026, 2:47 AM

Jan 23 2026

werner triaged T8047: Support secure memory on Windows as Low priority.

I don't think that we will implement that any time soon. Today we too often require more mlock-able memory than available and in this case Libgcrypt resorts to allocating new memory arenas which are not locked. This is not as worse as one might think: the majro advantage with secmem is that a free() on secmem allocated memory will also wipe that memory. A better solution has always been to use an encrypted swap/paging file. 25 years ago, it was not easy to configure but today there should be no problem and hopefully already the default.

Jan 23 2026, 9:25 PM · Windows, gnupg, Feature Request
werner lowered the priority of T8049: Null pointer dereference with overlong signature packet from Unbreak Now! to Normal.
Jan 23 2026, 9:18 PM · segv, gnupg26, Bug Report
werner added a comment to T8053: GpgSM: `log-file` is ignored.

Please run with --debug 0 which should show you which confiration files are read in which order. Is there anything in a common.conf file? A log-file statement tehre would overwrite the command line option.

Jan 23 2026, 9:16 PM · gpd5x, Bug Report, S/MIME, gnupg26
ebo created T8054: Key expiration year during key creation only shown with 2 digits.
Jan 23 2026, 3:48 PM · gnupg26
ebo removed a project from T4195: Fix time API in gpgme: Restricted Project.
Jan 23 2026, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request
ebo added a comment to T4195: Fix time API in gpgme.

While key generation works now with an expiry date up to 2106-02-04, the representation on the command line is a bit ugly.

Jan 23 2026, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request
timegrid updated the task description for T8052: GnuPG: First listing of secret keys is empty.
Jan 23 2026, 2:43 PM · gpd5x (gpd-5.0.2), gpgrt, Bug Report, gpgagent, gnupg26
timegrid created T8053: GpgSM: `log-file` is ignored.
Jan 23 2026, 2:28 PM · gpd5x, Bug Report, S/MIME, gnupg26
timegrid added a project to T8052: GnuPG: First listing of secret keys is empty: Bug Report.
Jan 23 2026, 2:22 PM · gpd5x (gpd-5.0.2), gpgrt, Bug Report, gpgagent, gnupg26
timegrid created T8052: GnuPG: First listing of secret keys is empty.
Jan 23 2026, 2:14 PM · gpd5x (gpd-5.0.2), gpgrt, Bug Report, gpgagent, gnupg26
timegrid changed the status of T6537: Make KIO::move work on Windows when moving between different partitions, a subtask of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination, from Open to Testing.
Jan 23 2026, 11:55 AM · Feature Request, gpd5x, kleopatra
timegrid changed the status of T6537: Make KIO::move work on Windows when moving between different partitions, a subtask of T6851: Kleopatra: Allow users to change name of decryption result if file already exists, from Open to Testing.
Jan 23 2026, 11:55 AM · vsd33 (vsd-3.3.0), kleopatra, Restricted Project
timegrid changed the status of T6537: Make KIO::move work on Windows when moving between different partitions from Open to Testing.
Jan 23 2026, 11:55 AM · gpd5x, kleopatra
timegrid edited projects for T6537: Make KIO::move work on Windows when moving between different partitions, added: gpd5x; removed Restricted Project.
Jan 23 2026, 11:55 AM · gpd5x, kleopatra
timegrid changed the status of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Open to Testing.
Jan 23 2026, 11:53 AM · Feature Request, gpd5x, kleopatra
timegrid edited projects for T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination, added: gpd5x, Feature Request; removed Restricted Project.

Current state needs to be tested

Jan 23 2026, 11:53 AM · Feature Request, gpd5x, kleopatra
timegrid removed a project from T6545: Support CRL extension issuingDistributionPoint: gnupg22.
Jan 23 2026, 11:49 AM · workaround, gnupg26, libksba, Feature Request
timegrid edited projects for T6436: Double pinentry on change password, added: gpd5x; removed gnupg22, Restricted Project.
Jan 23 2026, 11:47 AM · gpd5x, gnupg26, Feature Request
timegrid placed T6582: GpgOL: set MIME Encoding hint for mime encrypted data. up for grabs.
Jan 23 2026, 11:45 AM · gpd5x, gpgol, kleopatra
timegrid edited projects for T6582: GpgOL: set MIME Encoding hint for mime encrypted data., added: gpgol, gpd5x; removed Restricted Project.
Jan 23 2026, 11:45 AM · gpd5x, gpgol, kleopatra
First
Prev
Next