User Details
- User Since
- May 8 2022, 2:50 AM (136 w, 6 d)
- Availability
- Available
Nov 11 2022
Sep 3 2022
Sep 2 2022
Jun 20 2022
Closing in favor of D556.
When failing due to a bad packet in a detached signature, log the
packet's type.
Jun 18 2022
Jun 17 2022
Compressed packets in detached signatures and/or certificates have never been permitted by any version of the standard.
Jun 16 2022
I will try, but it will likely be a while. In any case I believe you will need a Red Hat-family distro to trigger the bug; it happens when gpg trys to encrypt with a key that uses a public key algorithm libgcrypt does not support.
Reopening as it appears this issue was closed based on an incorrect understanding of what it is.
Reopening as gpg’s handling of the situation is very much suboptimal.
Closing as I believe this is a downstream bug.
Jun 15 2022
Jun 13 2022
Jun 10 2022
The quotes are irrelevant because they are evaluated by the shell and don't make a difference here.
Added missing context lines and replaced some tabs with spaces
For clarification, the strings I have provided are raw argv elements as would be passed to execve(), with quoting already removed.
I am using GnuPG 2.3.4 on Fedora Linux. I am referring to --list-options=show-sig-subpackets="100"a (note the quotes). The bug is that the character after the trailing close quote is ignored, rather than being treated as an invalid option and causing an error. That is, I would expect show-sig-subpackets="100"a to be parsed as show-sig-subpackets="100",a or be an error.
gpg-agent --supervised being deprecated is highly surprising, especially because it works so well with systemd.
Jun 9 2022
May 23 2022
May 22 2022
I would be okay with GnuPG ignoring such packets, but I do not want verifying a signature or importing a key to activate the decompression code and its associated attack surface.