User Details
- User Since
- Mar 27 2017, 4:48 PM (426 w, 2 d)
- Roles
- Administrator
- Availability
- Busy Busy until Sep 9 2030.
Yesterday
Yes. If gpgconf could read that version directly from kleopatra it would be even better. Bit in cases of early crashes this might be sub-optimal; thus I will tell gpgconf to get some additional version info from an installed versioninfo.txt file (which gpg4win creates). Thanks.
Please remember to add a comment to the code describing the reason for this renaming.
Tue, May 27
For vsd on Windows this will be solved due to the use of gnupg-vsd as default homedir. We already tested this with a beta MSI installer
This should compare the gpg4win version number:
Please re-open if you find other Cygwin related build problems.
You know that Cygwin is not supported but if that is the only place it should not arm to fix it.
Mon, May 26
Fixed in all branches but there is no potential for exploiting. See also gnupg-devel@ ML.
This should do the trick (master) but have not yet tested it:
The classic NIST P521 pitfall ;-)
Sat, May 24
Fri, May 23
Thu, May 22
FYI: I'd like to get a new release out after these changes.
Wed, May 21
Tue, May 20
Mon, May 19
Problem noted in T7166
Noet that one file is missing in the released tarball; when building for RISC-V please see T7647#201164
Patch applied.
Fri, May 16
(The commits had a wrong bug it in their message)
It might be useful to have samples of compressed keys:
No, we can't do much about this. It has always been easy to create compression bombs and the more relevant thing here is compressed signed or encrypted data. Or just compressed mails. The patch by @DemiMarie is way to complicated for what it wants to achieve and actually breaks existing use cases. For example Poppler uses GnuPG comment packets to lower its own attack surface by leaving all OpenPGP handling to gpg. The patch (or at least the version we noticed in Fedora and Debian) entirely breaks this use.
Thu, May 15
Also pushed to 1.11
Way too complicate and thus has a high risk of regression,
Wed, May 14
We have updated patches for long in the gpg4win repo and thus I close this bug.
Using the primary key for ssh was not intended and thus not tested. I have not yet found the time too look closer at your report. Just one remark:
Tue, May 13
Meanwhile we have some support for an empty subject but gpgsm still prints an error notice. See the T7171 for more.
Mon, May 12
Fri, May 9
I think we have another report on this in the tracker. The problem is indeed the ugly Windows time functions to print a string. Let me only remeber that untile a few years, Windows had the opinion that Germany is the the Westeuropäische Zeit, i.e. Portugal or the UK.