Page MenuHome GnuPG

werner (Werner Koch)
EngineeringAdministrator

Projects

User Details

User Since
Mar 27 2017, 4:48 PM (426 w, 2 d)
Roles
Administrator
Availability
Busy Busy until Sep 9 2030.

Recent Activity

Yesterday

werner added a comment to T7666: Kleopatra: Rework versioning.

Yes. If gpgconf could read that version directly from kleopatra it would be even better. Bit in cases of early crashes this might be sub-optimal; thus I will tell gpgconf to get some additional version info from an installed versioninfo.txt file (which gpg4win creates). Thanks.

Wed, May 28, 7:21 PM · gpd5x, kleopatra
werner committed rGe2732b8e19f1: scd:piv: Support rsa3072 (authored by werner).
scd:piv: Support rsa3072
Wed, May 28, 11:06 AM
werner moved T7663: Certificated signed using SHA-1 isn't trusted, but needs --force-sign-key to re-sign. from Backlog to QA on the gnupg26 board.
Wed, May 28, 10:47 AM · gnupg24, gnupg26, Feature Request
werner committed rG15a71f108d9e: gpg: Allow updating a SHA-1 key certification w/o --force-sign-key. (authored by werner).
gpg: Allow updating a SHA-1 key certification w/o --force-sign-key.
Wed, May 28, 10:38 AM
werner committed rGe8eb92019fae: doc: Minor speedo build clarification (authored by werner).
doc: Minor speedo build clarification
Wed, May 28, 10:33 AM
werner committed rG018a2289ba8e: dirmngr: Don't install expired sks certificate (authored by Lucas Mulling via Gnupg-devel <gnupg-devel@gnupg.org>).
dirmngr: Don't install expired sks certificate
Wed, May 28, 10:33 AM
werner committed rEc42825f1612b: libtool: Add support for zOS (authored by werner).
libtool: Add support for zOS
Wed, May 28, 10:22 AM
werner added a comment to T7668: gnupg: regexp and build with -fsanitize=address.

Please remember to add a comment to the code describing the reason for this renaming.

Wed, May 28, 10:03 AM

Tue, May 27

werner lowered the priority of T7040: Make it possible to install GnuPG VSD and GPD in parallel from High to Normal.

For vsd on Windows this will be solved due to the use of gnupg-vsd as default homedir. We already tested this with a beta MSI installer

Tue, May 27, 4:37 PM · kleopatra, Restricted Project
werner assigned T7656: Kleopatra: Wrong update suggestion from 5.0.0 to 4.4.0 to TobiasFella.

This should compare the gpg4win version number:

Tue, May 27, 4:34 PM · Bug Report, gpd5x, kleopatra
werner triaged T7657: Kleopatra: Refresh OpenPGP Certificates doesn't respect WKD setting as High priority.
Tue, May 27, 4:30 PM · Feature Request, gpd5x, kleopatra
werner triaged T7658: Okular: Problems with smime signatures as Normal priority.
Tue, May 27, 4:30 PM · Bug Report, gpd5x, okular
werner triaged T7660: GPGME invocation by cri-o hangs on gpgme_op_verify as Normal priority.
Tue, May 27, 4:29 PM · golang, gpgme, Bug Report
werner created golang.
Tue, May 27, 4:29 PM
werner added a comment to T7166: Release Libgcrypt 1.11.1.

If you are experience problems with the test suite on NetBSD, please see T7634

Tue, May 27, 4:07 PM · Release Info, libgcrypt
werner closed T7667: gpg-agent fails to build on Cygwin. as Resolved.

Please re-open if you find other Cygwin related build problems.

Tue, May 27, 11:59 AM · Cygwin, gpgagent, Bug Report
werner committed rG1587b387c0af: agent: Allow building under Cygwin. (authored by werner).
agent: Allow building under Cygwin.
Tue, May 27, 11:12 AM
werner added a comment to T7667: gpg-agent fails to build on Cygwin..

You know that Cygwin is not supported but if that is the only place it should not arm to fix it.

Tue, May 27, 11:09 AM · Cygwin, gpgagent, Bug Report

Mon, May 26

werner closed T7662: GPG's uncompress_ecc_q_in_canon_sexp reads past a constant string into rodata as Resolved.

Fixed in all branches but there is no potential for exploiting. See also gnupg-devel@ ML.

Mon, May 26, 6:16 PM · Bug Report
werner edited projects for T7663: Certificated signed using SHA-1 isn't trusted, but needs --force-sign-key to re-sign., added: Feature Request, gnupg26, gnupg24; removed Bug Report.
Mon, May 26, 6:08 PM · gnupg24, gnupg26, Feature Request
werner triaged T7663: Certificated signed using SHA-1 isn't trusted, but needs --force-sign-key to re-sign. as Low priority.

This should do the trick (master) but have not yet tested it:

Mon, May 26, 6:07 PM · gnupg24, gnupg26, Feature Request
werner added a comment to rG0c7e7ec0c846: gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves..

The classic NIST P521 pitfall ;-)

Mon, May 26, 9:32 AM

Sat, May 24

werner committed rGf3dfbe3fcdc0: common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp. (authored by Collin Funk via Gnupg-devel <gnupg-devel@gnupg.org>).
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
Sat, May 24, 1:33 PM
werner committed rG14383ff052ff: gpgsm: Make use of the de-vs flag in the trustlist.txt. (authored by werner).
gpgsm: Make use of the de-vs flag in the trustlist.txt.
Sat, May 24, 1:33 PM
werner committed rG01cb3ba62d77: common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp. (authored by Collin Funk via Gnupg-devel <gnupg-devel@gnupg.org>).
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
Sat, May 24, 1:30 PM
werner committed rG57c1c96e7f5c: common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp. (authored by Collin Funk via Gnupg-devel <gnupg-devel@gnupg.org>).
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
Sat, May 24, 1:30 PM
werner committed rMe763305ff1ce: Fix an include guard. (authored by werner).
Fix an include guard.
Sat, May 24, 1:26 PM

Fri, May 23

werner committed rM66de35a9b117: json: Fix minor memory leak. (authored by werner).
json: Fix minor memory leak.
Fri, May 23, 3:09 PM
werner committed rMd7267db472a4: Refactor gpgme-json for future re-use. (authored by werner).
Refactor gpgme-json for future re-use.
Fri, May 23, 3:09 PM
werner closed T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" as Resolved.
Fri, May 23, 11:59 AM · gnupg26, gnupg24, Bug Report
werner closed T7428: Release GnuPG 2.4.8 as Resolved.
Fri, May 23, 11:58 AM · gnupg, Release Info

Thu, May 22

werner added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

FYI: I'd like to get a new release out after these changes.

Thu, May 22, 10:35 AM · gnupg26

Wed, May 21

werner committed rD2bc6f901a0cc: swdb: gpg4win 4.4.1 (authored by werner).
swdb: gpg4win 4.4.1
Wed, May 21, 6:19 PM

Tue, May 20

werner committed rG2bbcbbcbe8c5: doc: Add a note to READ on how to disable the systemd activation. (authored by werner).
doc: Add a note to READ on how to disable the systemd activation.
Tue, May 20, 10:19 AM

Mon, May 19

werner committed rM4a1ce4081cdc: Post release updates (authored by werner).
Post release updates
Mon, May 19, 5:11 PM
werner committed rM6403435fa187: Release 1.24.3 (authored by werner).
Release 1.24.3
Mon, May 19, 5:11 PM
werner committed rD2614e3bbb06f: swdb: gpgme 1.24.3 (authored by werner).
swdb: gpgme 1.24.3
Mon, May 19, 4:50 PM
werner closed T7659: Release GPGME 1.24.3 as Resolved.
Mon, May 19, 4:43 PM · Release Info, gpgme
werner updated the task description for T7524: Release GPGME 1.24.2.
Mon, May 19, 4:36 PM · gpgme, Release Info
werner added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

We won't apply any fixes to the cpp, QT, or Python language bindings in the 1.24 branch. The Qt branch has been factored out to the gpgmeqt project on request from the KDE folks. And yes, we should add projects (tags) for gpgmepp and gpgmeqt.

Mon, May 19, 4:34 PM · gpgme, Bug Report
werner updated the task description for T7524: Release GPGME 1.24.2.
Mon, May 19, 4:26 PM · gpgme, Release Info
werner triaged T7659: Release GPGME 1.24.3 as Low priority.
Mon, May 19, 4:25 PM · Release Info, gpgme
werner closed T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball as Resolved.

Problem noted in T7166

Mon, May 19, 12:16 PM · riscv, libgcrypt, Bug Report
werner added a comment to T7166: Release Libgcrypt 1.11.1.

Noet that one file is missing in the released tarball; when building for RISC-V please see T7647#201164

Mon, May 19, 12:15 PM · Release Info, libgcrypt
werner added a comment to T7647: cipher/simd-common-riscv.h missing from libgcrypt 1.11.1 tarball.

Patch applied.

Mon, May 19, 12:12 PM · riscv, libgcrypt, Bug Report

Fri, May 16

werner closed T5993: gpg should reject compressed packets outside of messages as Resolved.
Fri, May 16, 2:46 PM · Feature Request, gnupg
werner added a comment to T5993: gpg should reject compressed packets outside of messages.

(The commits had a wrong bug it in their message)

Fri, May 16, 2:44 PM · Feature Request, gnupg
werner committed rG23ccad05c680: gpg: Do not allow compressed key packets on import. (authored by werner).
gpg: Do not allow compressed key packets on import.
Fri, May 16, 2:40 PM
werner committed rG8e529f922194: gpg: Do not allow compressed key packets on import. (authored by werner).
gpg: Do not allow compressed key packets on import.
Fri, May 16, 2:33 PM
werner committed rG645cf7d8fc25: Revert "w32: On socket nonce mismatch close the socket." (authored by werner).
Revert "w32: On socket nonce mismatch close the socket."
Fri, May 16, 2:33 PM
werner committed rGfcac10357e6d: gpg: Remove unused variable. (authored by werner).
gpg: Remove unused variable.
Fri, May 16, 2:33 PM
werner added a comment to T5993: gpg should reject compressed packets outside of messages.

It might be useful to have samples of compressed keys:

Fri, May 16, 2:20 PM · Feature Request, gnupg
werner committed rEcda4789a9f7d: Time for a new error code; this time GPG_ERR_UNEXPECTED_PACKET (authored by werner).
Time for a new error code; this time GPG_ERR_UNEXPECTED_PACKET
Fri, May 16, 12:48 PM
werner updated subscribers of T5993: gpg should reject compressed packets outside of messages.

No, we can't do much about this. It has always been easy to create compression bombs and the more relevant thing here is compressed signed or encrypted data. Or just compressed mails. The patch by @DemiMarie is way to complicated for what it wants to achieve and actually breaks existing use cases. For example Poppler uses GnuPG comment packets to lower its own attack surface by leaving all OpenPGP handling to gpg. The patch (or at least the version we noticed in Fedora and Debian) entirely breaks this use.

Fri, May 16, 12:04 PM · Feature Request, gnupg

Thu, May 15

werner added a comment to T7634: libgcrypt's test t-thread-local fails to link on some platforms..

Also pushed to 1.11

Thu, May 15, 9:48 PM · NetBSD, libgcrypt, Bug Report
werner committed rDba2663cda232: swdb: gpgol 2.6.1 (authored by werner).
swdb: gpgol 2.6.1
Thu, May 15, 4:08 PM
werner committed rO2ed92385c1d9: Post release updates (authored by werner).
Post release updates
Thu, May 15, 4:03 PM
werner committed rO4a9196cbb492: Release 2.6.1 (authored by werner).
Release 2.6.1
Thu, May 15, 4:03 PM
werner committed rObda9f5afc8e6: Handle non mail items in inbox events (authored by mmontkowski).
Handle non mail items in inbox events
Thu, May 15, 3:43 PM
werner added a comment to D556: Disallow compressed signatures and certificates.

Way too complicate and thus has a high risk of regression,

Thu, May 15, 11:58 AM

Wed, May 14

werner committed rW0929cd3b6783: Rename packages.common to packages.list (authored by werner).
Rename packages.common to packages.list
Wed, May 14, 4:16 PM
werner committed rW383eb8586161: Update Okular for gnupg >= 2.4 to the correct version. (authored by werner).
Update Okular for gnupg >= 2.4 to the correct version.
Wed, May 14, 4:07 PM
werner committed rWe42e2d1d6037: Merge branch 'gpg4win-5-branch' (authored by werner).
Merge branch 'gpg4win-5-branch'
Wed, May 14, 3:58 PM
werner committed rW14ee2719e291: Merge branch 'gpg4win-5-branch' (authored by werner).
Merge branch 'gpg4win-5-branch'
Wed, May 14, 3:56 PM
werner committed rDeffa3ea5e36e: Improve the make rules to upload sbdb.lst. (authored by werner).
Improve the make rules to upload sbdb.lst.
Wed, May 14, 3:35 PM
werner committed rD35d7563176ce: swdb: gnupg 2.4.8 (authored by werner).
swdb: gnupg 2.4.8
Wed, May 14, 3:33 PM
werner committed rGd48b26a2f6c7: Post release updates. (authored by werner).
Post release updates.
Wed, May 14, 3:05 PM
werner committed rG6f39568ae655: Release 2.4.8 (authored by werner).
Release 2.4.8
Wed, May 14, 3:05 PM
werner closed T6594: Okular: Proper about data customization as Resolved.

We have updated patches for long in the gpg4win repo and thus I close this bug.

Wed, May 14, 3:02 PM · Restricted Project, okular
werner added a comment to T7589: Unable to export SSH keys for ED25519 keys generate on a SmartCard.

Using the primary key for ssh was not intended and thus not tested. I have not yet found the time too look closer at your report. Just one remark:

Wed, May 14, 12:32 PM · gnupg, ssh, Bug Report
werner added a project to T7589: Unable to export SSH keys for ED25519 keys generate on a SmartCard: gnupg.
Wed, May 14, 12:07 PM · gnupg, ssh, Bug Report
werner triaged T7653: Fix gpg's passwd for Kyber with the ecc part on a card as Normal priority.
Wed, May 14, 10:05 AM · Bug Report, gnupg26

Tue, May 13

werner committed rGeb2a90d343a4: gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work. (authored by werner).
gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.
Tue, May 13, 3:44 PM
werner committed rGd5a4a2dc890e: gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work. (authored by werner).
gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.
Tue, May 13, 3:44 PM
werner added a project to T7649: gnupg: Use KEM interface for encryption/decryption: gnupg26.
Tue, May 13, 3:24 PM · gnupg26
werner closed T7171: Allow for empty Subject in X.509 as Resolved.
Tue, May 13, 3:21 PM · libksba, Bug Report, gnupg, S/MIME
werner committed rGe57a2e65d93f: gpgsm: Just print a note for an empty subject during import. (authored by werner).
gpgsm: Just print a note for an empty subject during import.
Tue, May 13, 3:19 PM
werner committed rGe7a9bd320561: gpgsm: Just print a note for an empty subject during import. (authored by werner).
gpgsm: Just print a note for an empty subject during import.
Tue, May 13, 3:17 PM
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", a subtask of T7171: Allow for empty Subject in X.509, as Resolved.
Tue, May 13, 3:00 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Resolved.

Meanwhile we have some support for an empty subject but gpgsm still prints an error notice. See the T7171 for more.

Tue, May 13, 3:00 PM · gnupg26, S/MIME, Feature Request
werner added a subtask for T7171: Allow for empty Subject in X.509: T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".
Tue, May 13, 2:58 PM · libksba, Bug Report, gnupg, S/MIME
werner added a parent task for T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN": T7171: Allow for empty Subject in X.509.
Tue, May 13, 2:58 PM · gnupg26, S/MIME, Feature Request
werner committed rG7c2e7bcc41ad: agent: We should use a macro for the keygrip len in new code. (authored by werner).
agent: We should use a macro for the keygrip len in new code.
Tue, May 13, 9:55 AM

Mon, May 12

werner committed rC67b8da4ef627: Remove occurrences of old FSF postal address. (authored by Collin Funk via Gcrypt-devel <gcrypt-devel@gnupg.org>).
Remove occurrences of old FSF postal address.
Mon, May 12, 6:05 PM
werner committed rC93034d649124: Fix ungrammatical use of "allow to" (authored by Paul Eggert <eggert@cs.ucla.edu>).
Fix ungrammatical use of "allow to"
Mon, May 12, 6:05 PM
werner committed rM905bd760a99a: Add GPGME_CREATE_GROUP flag for gpgme_op_createkey and _createsubkey. (authored by werner).
Add GPGME_CREATE_GROUP flag for gpgme_op_createkey and _createsubkey.
Mon, May 12, 2:44 PM
werner committed rGedd01d8fc45e: gpg: Fully implement the group key flag. (authored by werner).
gpg: Fully implement the group key flag.
Mon, May 12, 12:01 PM
werner committed rG924f09d1f3c8: gpg: Fully implement the group key flag. (authored by werner).
gpg: Fully implement the group key flag.
Mon, May 12, 12:00 PM
werner committed rG8833a34bf087: gpg: Fully implement the group key flag. (authored by werner).
gpg: Fully implement the group key flag.
Mon, May 12, 12:00 PM

Fri, May 9

werner committed rD7a45397df2f7: We should no use the defunc k.gnupg.net anymore. (authored by werner).
We should no use the defunc k.gnupg.net anymore.
Fri, May 9, 5:43 PM
werner committed rD36945e2d5259: Update information about gnupg people. (authored by werner).
Update information about gnupg people.
Fri, May 9, 5:24 PM
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2025q2/000492.html on T7586: Release GnuPG 2.5.6.
Fri, May 9, 5:02 PM · gnupg, Release Info
werner committed rG727e125a4dc1: Update distsigkey (authored by werner).
Update distsigkey
Fri, May 9, 4:45 PM
werner committed rGb5a763fff1f9: Update distsigkey (authored by werner).
Update distsigkey
Fri, May 9, 4:45 PM
werner committed rGb361c25bcdcd: Update distsigkey (authored by werner).
Update distsigkey
Fri, May 9, 4:45 PM
werner committed rD01116327613d: Update the signature keys. (authored by werner).
Update the signature keys.
Fri, May 9, 4:44 PM
werner committed rD03bf599c03b7: Announce GnuPG 2.5.6 (authored by werner).
Announce GnuPG 2.5.6
Fri, May 9, 3:42 PM
werner committed rW40e45e38b959: Also update the to-be-signed DLL name. (authored by werner).
Also update the to-be-signed DLL name.
Fri, May 9, 10:11 AM
werner renamed T7645: Kleopatra: Encoding errors in signature verification audit log (timestamps) from Kleopatra: Encoding errors in signature verification audit log to Kleopatra: Encoding errors in signature verification audit log (timestamps).
Fri, May 9, 9:26 AM · gnupg26, gpd5x, Bug Report
werner triaged T7645: Kleopatra: Encoding errors in signature verification audit log (timestamps) as Low priority.

I think we have another report on this in the tracker. The problem is indeed the ugly Windows time functions to print a string. Let me only remeber that untile a few years, Windows had the opinion that Germany is the the Westeuropäische Zeit, i.e. Portugal or the UK.

Fri, May 9, 9:25 AM · gnupg26, gpd5x, Bug Report