marcus (Marcus Brinkmann)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:49 PM (90 w, 1 d)
Availability
Available

Recent Activity

Wed, Dec 5

marcus created T4280: gnupg doc doesn't build due to ImageMagick default policy.
Wed, Dec 5, 3:55 PM · gnupg, Documentation, Info Needed, Bug Report
marcus added a comment to T4277: libgpg-error gpgrt_ftruncate decl breaks libgcrypt build.

Wed, Dec 5, 3:23 PM · Bug Report
marcus created T4277: libgpg-error gpgrt_ftruncate decl breaks libgcrypt build.
Wed, Dec 5, 11:17 AM · Bug Report

Jun 8 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

Yep. 👍

Jun 8 2018, 1:48 PM · gnupg (gpg22), Bug Report

Jun 2 2018

marcus reopened T4000: GnuPG does not check encrypted messages for well-formed composition as "Open".

Yeah, that's not good enough. You also need to check if literals_seen is 0 before BEGIN_DECRYPTION to catch the case where the plaintext packet comes before the encrypted packet. See https://github.com/das-labor/neopg/commit/30623bcd436a35125f21fe6f29272a5fa7212d3f

Jun 2 2018, 12:53 PM · gnupg (gpg22), Bug Report

May 30 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

The impact is low to our current understanding, that's why I didn't report it as a security vulnerability. I tried to use this for signatures, but GnuPG has more verification for signatures, so it doesn't work there as far as I can see. So that's good.
If you allow for a BADMDC, you can easily downgrade the content of an encrypted data packet from, for example, compressed to private packet type, and then you don't even need the public key, just an encrypted message. The MDC will notice this, and since Efail the clients should have strict MDC checking, so I didn't include that variation in my report.
By the way, there are other clients I didn't test which are probably affected, such as kmail, claws, gpgtools.
I only have Outlook 2007 and no funds to buy software I don't use, as I am unemployed and using up my savings. So, next time I won't be able to do the testing, sorry!

May 30 2018, 10:34 AM · gnupg (gpg22), Bug Report

May 29 2018

marcus added a comment to T4000: GnuPG does not check encrypted messages for well-formed composition.

I would also recommend that GPGME does a sanity check on the status fd output for people with new GPGME but old GnuPG binary.

May 29 2018, 1:55 PM · gnupg (gpg22), Bug Report
marcus created T4000: GnuPG does not check encrypted messages for well-formed composition.
May 29 2018, 1:34 PM · gnupg (gpg22), Bug Report

Mar 23 2018

marcus created T3862: Unsigned underflow in parse-packet::parse_key().
Mar 23 2018, 10:21 PM · Bug Report

Nov 22 2017

marcus created T3528: cpr.c do_get_from_fd memory leak.
Nov 22 2017, 6:43 PM · Bug Report

Oct 1 2017

marcus placed T3051: calendar spams exceptions when no invitees exist for recurrent events up for grabs.
Oct 1 2017, 2:07 PM · dev.gnupg.org
marcus placed T3115: Implement simple captcha up for grabs.
Oct 1 2017, 2:07 PM · dev.gnupg.org
marcus placed T3092: Encrypt emails with GnuPG in MediaWiki up for grabs.
Oct 1 2017, 2:07 PM
marcus placed T3122: Phrabicator does not grok signed mails up for grabs.
Oct 1 2017, 2:07 PM · dev.gnupg.org
marcus placed T3069: Implement gnupg commit message style up for grabs.
Oct 1 2017, 2:06 PM · g10code Sprint, dev.gnupg.org
marcus placed T3081: Write PHP parser for gnupg style commit messages. up for grabs.
Oct 1 2017, 2:06 PM · g10code Sprint, dev.gnupg.org

Sep 15 2017

marcus removed invites for E205: Weekly Standup: kai, justus, marcus.
Sep 15 2017, 11:15 AM
marcus removed invites for E2: Weekly Standup: kai, justus, neal, marcus.
Sep 15 2017, 11:14 AM · g10code
marcus changed the host of E205: Weekly Standup from marcus to wk.
Sep 15 2017, 11:07 AM
marcus removed invites for E205: Weekly Standup: neal.
Sep 15 2017, 10:56 AM

Aug 29 2017

marcus triaged T3366: Secret keys won't delete as Low priority.
Aug 29 2017, 5:17 PM · gnupg, Windows 32, gpg4win, Bug Report
marcus committed rBOOKe8e6f00ddc0b: Fix some minor problems. (authored by marcus).
Fix some minor problems.
Aug 29 2017, 5:00 PM

Aug 24 2017

marcus added a commit to T3018: Assuan: No obvious way to connect to gpg-agent with non-standard homedir: rM91e47d71652b: gpgconf: Add more comments..
Aug 24 2017, 3:53 PM · gpgme, Bug Report
marcus committed rM91e47d71652b: gpgconf: Add more comments. (authored by marcus).
gpgconf: Add more comments.
Aug 24 2017, 3:53 PM
marcus placed T3202: add support for illumos to our version of libtool up for grabs.
Aug 24 2017, 2:54 PM · Info Needed, gpgrt, Bug Report

Aug 23 2017

marcus abandoned D44: 706_0001-gpg-Add-encrypt-to-default-key.patch.
Aug 23 2017, 6:37 PM
marcus commandeered D44: 706_0001-gpg-Add-encrypt-to-default-key.patch.
Aug 23 2017, 6:37 PM
marcus abandoned D43: 705_0001-gpg-Allow-multiple-default-key-options.-Take-the-las.patch.
Aug 23 2017, 6:36 PM
marcus commandeered D43: 705_0001-gpg-Allow-multiple-default-key-options.-Take-the-las.patch.
Aug 23 2017, 6:36 PM
marcus abandoned D42: 134_gpg-pgp-compat.diff.
Aug 23 2017, 6:36 PM
marcus commandeered D42: 134_gpg-pgp-compat.diff.
Aug 23 2017, 6:35 PM
marcus abandoned D41: 136_pinentry-0.7.2-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D41: 136_pinentry-0.7.2-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D40: 148_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D40: 148_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D39: 149_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus commandeered D39: 149_pinentry-0.7.4-grab.patch.
Aug 23 2017, 6:35 PM
marcus abandoned D37: 115_pinentry-qt.patch.
Aug 23 2017, 6:34 PM
marcus commandeered D37: 115_pinentry-qt.patch.
Aug 23 2017, 6:34 PM
marcus abandoned D36: 114_verify-show-primary-only.patch.
Aug 23 2017, 6:33 PM
marcus commandeered D36: 114_verify-show-primary-only.patch.
Aug 23 2017, 6:33 PM
marcus abandoned D35: 113_gpg.patch.
Aug 23 2017, 6:33 PM
marcus commandeered D35: 113_gpg.patch.
Aug 23 2017, 6:33 PM
marcus abandoned D34: 111_gnupg-1.4.6-with-colons-utf8.patch.
Aug 23 2017, 6:32 PM
marcus commandeered D34: 111_gnupg-1.4.6-with-colons-utf8.patch.
Aug 23 2017, 6:32 PM
marcus abandoned D33: 110_ks-proxy-fix-14.diff.
Aug 23 2017, 6:32 PM
marcus commandeered D33: 110_ks-proxy-fix-14.diff.
Aug 23 2017, 6:32 PM
marcus abandoned D32: 99_gnupg-2.0.0-64biterror.patch.
Aug 23 2017, 6:31 PM
marcus commandeered D32: 99_gnupg-2.0.0-64biterror.patch.
Aug 23 2017, 6:31 PM
marcus abandoned D31: 100_apdu-patch-2.0.0.diff.
Aug 23 2017, 6:31 PM
marcus commandeered D31: 100_apdu-patch-2.0.0.diff.
Aug 23 2017, 6:30 PM
marcus abandoned D30: 93_keyserver.c.patch.
Aug 23 2017, 6:01 PM
marcus commandeered D30: 93_keyserver.c.patch.
Aug 23 2017, 6:01 PM
marcus abandoned D29: 90_gpgme_log_errno.patch.
Aug 23 2017, 5:59 PM
marcus commandeered D29: 90_gpgme_log_errno.patch.
Aug 23 2017, 5:59 PM
marcus abandoned D28: 86_gnupg-1.4.4.patch.
Aug 23 2017, 5:59 PM
marcus commandeered D28: 86_gnupg-1.4.4.patch.
Aug 23 2017, 5:59 PM
marcus abandoned D27: 77_gnupg.diff.
Aug 23 2017, 5:57 PM
marcus commandeered D27: 77_gnupg.diff.
Aug 23 2017, 5:56 PM
marcus abandoned D26: 75_gnupg.diff.
Aug 23 2017, 5:51 PM
marcus commandeered D26: 75_gnupg.diff.
Aug 23 2017, 5:51 PM
marcus abandoned D25: 74_libgcrypt-1.2.2-pkhash.diff.
Aug 23 2017, 5:51 PM
marcus commandeered D25: 74_libgcrypt-1.2.2-pkhash.diff.
Aug 23 2017, 5:50 PM
marcus abandoned D24: 94_fix-537.diff.
Aug 23 2017, 5:50 PM
marcus commandeered D24: 94_fix-537.diff.
Aug 23 2017, 5:50 PM
marcus abandoned D23: 67_gnupg-1.4.2-none.patch.
Aug 23 2017, 5:47 PM
marcus commandeered D23: 67_gnupg-1.4.2-none.patch.
Aug 23 2017, 5:47 PM
marcus abandoned D22: 63_gpgme.m4.diff.
Aug 23 2017, 5:47 PM
marcus commandeered D22: 63_gpgme.m4.diff.
Aug 23 2017, 5:46 PM
marcus abandoned D21: 61_1.4-200502091.patch.
Aug 23 2017, 5:45 PM
marcus commandeered D21: 61_1.4-200502091.patch.
Aug 23 2017, 5:45 PM
marcus abandoned D20: 58_libassuan-gcc4.patch.
Aug 23 2017, 5:45 PM
marcus commandeered D20: 58_libassuan-gcc4.patch.
Aug 23 2017, 5:44 PM
marcus abandoned D19: 57_gnupg-1.4.0-gcc.patch.
Aug 23 2017, 5:44 PM
marcus commandeered D19: 57_gnupg-1.4.0-gcc.patch.
Aug 23 2017, 5:44 PM
marcus abandoned D18: 44_hppa.revert.patch.
Aug 23 2017, 5:43 PM
marcus commandeered D18: 44_hppa.revert.patch.
Aug 23 2017, 5:43 PM
marcus abandoned D17: 42_rijandel.diff.
Aug 23 2017, 5:42 PM
marcus commandeered D17: 42_rijandel.diff.
Aug 23 2017, 5:42 PM
marcus abandoned D16: 43_newrijndael.diff.
Aug 23 2017, 5:42 PM
marcus commandeered D16: 43_newrijndael.diff.
Aug 23 2017, 5:41 PM
marcus abandoned D15: 41_gnupg-1.2.5rc2-po-Makefile.in.in.diff.
Aug 23 2017, 5:41 PM
marcus commandeered D15: 41_gnupg-1.2.5rc2-po-Makefile.in.in.diff.
Aug 23 2017, 5:41 PM
marcus abandoned D14: 36_x.
Aug 23 2017, 5:40 PM
marcus commandeered D14: 36_x.
Aug 23 2017, 5:40 PM
marcus abandoned D13: 35_bug291.patch.
Aug 23 2017, 5:40 PM
marcus commandeered D13: 35_bug291.patch.
Aug 23 2017, 5:39 PM
marcus abandoned D12: 33_unsetenv.patch.
Aug 23 2017, 5:39 PM
marcus commandeered D12: 33_unsetenv.patch.
Aug 23 2017, 5:38 PM
marcus abandoned D11: 29_ja.po.patch.
Aug 23 2017, 5:38 PM
marcus commandeered D11: 29_ja.po.patch.
Aug 23 2017, 5:38 PM
marcus abandoned D10: 28_pinentry-0.7.0-noqt-cxx.patch.
Aug 23 2017, 5:37 PM
marcus commandeered D10: 28_pinentry-0.7.0-noqt-cxx.patch.
Aug 23 2017, 5:37 PM
marcus abandoned D9: 27_pinentry-0.7.0-docs.patch.
Aug 23 2017, 5:37 PM
marcus commandeered D9: 27_pinentry-0.7.0-docs.patch.
Aug 23 2017, 5:37 PM
marcus abandoned D8: 22_patch.gnupg.3.
Aug 23 2017, 5:36 PM
marcus commandeered D8: 22_patch.gnupg.3.
Aug 23 2017, 5:36 PM
marcus abandoned D7: 21_patch.gnupg.2.
Aug 23 2017, 5:35 PM
marcus commandeered D7: 21_patch.gnupg.2.
Aug 23 2017, 5:35 PM
marcus abandoned D6: 20_patch.gnupg.1.
Aug 23 2017, 5:35 PM