Sorry, it's my fault.
Fixed in rGac731dbbbd21: gpg: Fix allocation for EXTRAHASH..

On Windows, smartcard is also used by logon/logout and certificates handling. Those may be related.

Applied in rG32baa9acfb15: scd: Serialize READER_TABLE access for PC/SC..

Please note that we don't use lock in apdu_dev_list_start/finish any more.
Use of lock is narrowed, only within apdu_open_reader function.

Last week:

• T5416
• ... created T5428

This week:

• T5428

Make the lock holding narrower, and it allows no exposing reader_table_lock.

Exposing reader_table_lock would be better.
I found a dead-lock condition when apdu_close_reader is called during apdu_dev_list_start/finish.

I wonder if PCSC_SHARE_SHARED is related or not.

And if the coding style of hiding mutex_lock/mutex_unlock inside different functions matters, we can expose the mutex to its user.

Last commit will be:

The second commit is replacing a use case of close_pcsc_reader by clearing pcsc.rdrname and calling release_pcsc_context.
This makes the use of close_pcsc_reader to its original purpose only (== closing PC/SC reader as a method of close_reader).

OK. As I pointed out a commit having multiple things may make analysis difficult, I should have been careful.
So, let me fix the problem by multiple commits.

The problem is accesses to reader_table by
(1) scanning reader(s) to open new one
(2) closing reader

I'm testing D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname, but I'm not sure about the impact on Windows.

The commit rGbb8e3996e44f: scd: Fix problem with reader list becoming empty. removed READER_TABLE_LOCK holding between apdu_dev_list_start and apdu_dev_list_finish, that opens possible stale resource access for CCID driver: reader_table[slot].ccid.handle

Thank you for your report.

Also fixed in version 1.8: rCbd662c090bd4: ecc: Fix the previous commit.

Suppose that the data is 33-byte with the prefix 0x40 (=='@'):

@ L1234567 89abcdef ghijklmn opqrstuM

Or... we could add --disable-ccid-driver as default for macOS.

If it is built with LIBUSB enabled, please try adding the following to your scdaemon.conf:

disable-ccid

Last week:

• Gnuk RSA removal: finished in rsa-removal branch
• Update Gnuk test suite to support Ed25519/Curve25519 (and RSA removal)
• GnuPG
  • T5413
• libgcrypt:
  • Anon recipient decryption: X448 (56-byte) by Curve25519 key
  • rC060c378c050e: ecc: Check the input length for the point. and {rC3f8e3ea37}
• pinentry with Wayland: T5410

This week:

• Backport T5413 to 2.2
• Off for holidays (Mon, Tue, Wed)
• scdaemon in 2.3: T5415, T5416, and (T5409)

@colemickens We don't maintain any ccid udev rules in GnuPG. What do you refer?

Perhaps, if a distro haven't offered setting of USB, it would be better to configure GnuPG build with --disable-ccid-driver and only support scdaemon with PC/SC. GPG for Windows does so.

1. It's a breaking change for system with both of PC/SC and CCID. T4673 due to T3300
   • If you configure with no libusb, users don't need 'disable-ccid' option.
2. I don't know how "wide".
3. In Debian, it is maintained here: https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
4. Yes.

To set DISPLAY, dbus-update-activation-environment is your friend.

FYI, for me, on a machine with Debian GNU/Linux, I use Sway, it works fine with pinentry-gnome3.

Backported in rC3f48e3ea37ad: ecc: Check the input length for the point..

Update:
It looks like OpenSSH version 8 now supports ssh-agent's handling REQUEST_IDENTITIES.

Last week:

• Gnuk RSA removal part 1
• GnuPG
  • Fix for no TPM2: { rG97ba94e52b}
  • Chinese translation: D529: po: Update Simplified Chinese Translation.
    • a bit confusing message: "No terminal at all" requested
      • It may be parsed/translated: No terminal (at all requested)
• Fix leaks found by static analyzer: T5395

This week:

• Bug fixes
• Gnuk RSA Removal part 2

Thank you.
I'll report the original message problem.
Applied and pushed.

Thank you. Please confirm for one message translation. Others are all good.

If it confuses users, we can apply something like this:

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 2a5087e1f..12916a64e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -93,7 +93,9 @@ gc_error (int status, int errnum, const char *fmt, ...)
 /* Forward declaration.  */
 static void gpg_agent_runtime_change (int killflag);
 static void scdaemon_runtime_change (int killflag);
+#ifdef BUILD_WITH_TPM2D
 static void tpm2daemon_runtime_change (int killflag);
+#endif
 static void dirmngr_runtime_change (int killflag);
 static void keyboxd_runtime_change (int killflag);

Thank you for your confirmation. Closing.

Fixed in GnuPG 2.3.1, so, add the tag for GnuPG 2.2.

It's in 1.9 already.

it's in 2.3.

Applied.

This has been applied already.

I applied 1,2,3, and 5 in rKfbb1f303198b: Fixes for static analysis reports.

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

IIUC, with libgcrypt in LIBGCRYPT-1.8-BRANCH (not yet released) and libgcrypt 1.9.3, the build process works well (the problem with SIP has been handled).

Last week:
Mostly Gleaning

• libgcrypt:
  • T5375
  • T5328
  • No last period for < C99 in the header file: rC9c42db0b379c: api: Avoid use of C99 feature.
• gpg
  • T5389
• Coverity reports from @Jakuje
  • T5393
  • T5384
• autogen.sh update for pinentry and gpa: T4848
• build: T5380

This week:
Continue for bug fixing like gleaning and

• RSA removal from Gnuk master
  • key generation and testing key generation -> switch to Ed25519

Updated:

diff --git a/configure.ac b/configure.ac
index 53a343b..f496729 100644
--- a/configure.ac
+++ b/configure.ac
@@ -82,6 +82,7 @@ AC_PROG_AWK
 AC_CHECK_TOOL(AR, ar, :)
 AC_USE_SYSTEM_EXTENSIONS

Fixed in rP7f7fd8bcfd74: tty: Fix error return paths and its resource leaks.

Actually, calling do_tuch_file when some error(s) are not good.
Let me fix all the things.

Sorry, I was wrong. It seems that GNU C library has a feature to avoid bad truncation.

Thank you.
We also need to release memory for points.

mkheader has CFLAGS_FOR_BUILD since libassuan 2.5.4.
gost-s-box has so since libgcrypt 1.9.0.