Page MenuHome GnuPG
People werner

werner (Werner Koch)
EngineeringAdministrator

Projects

User Details

User Since
Mar 27 2017, 4:48 PM (474 w, 2 d)
Roles
Administrator
Availability
Busy Busy until Sep 9 2030.

Recent Activity
View All

Yesterday

werner added a comment to T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys.

That is actually more complicated than I initially though. The reason is that expired is used like a trust level:

Wed, Apr 29, 4:36 PM · Feature Request, S/MIME, OpenPGP, gnupg26
werner changed the status of T8242: gpgrt: Possible stack overflow in es_printf for "%.100f" et al format specifiers. from Open to Testing.
Wed, Apr 29, 2:42 PM · Security, Bug Report, gpgrt
werner committed rEf7ded3ce666c: Fix possible stack overflow in es_printf for %.100f format. (authored by werner).
Fix possible stack overflow in es_printf for %.100f format.
Wed, Apr 29, 1:57 PM

Tue, Apr 28

werner committed rE48fae7f60439: Fix out-of-bounds read in vfnameconcat. (authored by werner).
Fix out-of-bounds read in vfnameconcat.
Tue, Apr 28, 2:22 PM
werner created T8242: gpgrt: Possible stack overflow in es_printf for "%.100f" et al format specifiers..
Tue, Apr 28, 11:08 AM · Security, Bug Report, gpgrt

Mon, Apr 27

werner committed rGf5fd1fc11008: doc: Add release dates of other branches to NEWS. (authored by werner).
doc: Add release dates of other branches to NEWS.
Mon, Apr 27, 3:29 PM
werner committed rEe1762f6de187: po: update Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: update Polish translation
Mon, Apr 27, 11:05 AM

Sun, Apr 26

werner shifted T8210: Kleopatra: LPE issue on Windows from the Restricted Space space to the S1 Public space.
Sun, Apr 26, 6:45 PM · vsd34, gpd5x, kleopatra, Security, Bug Report
werner triaged T8210: Kleopatra: LPE issue on Windows as Normal priority.
Sun, Apr 26, 6:45 PM · vsd34, gpd5x, kleopatra, Security, Bug Report
werner moved T8240: Double free in gpgsm's decrypt function. from Backlog to WiP on the gnupg22 board.
Sun, Apr 26, 6:44 PM · gnupg22, Bug Report, gnupg26
werner committed rG51aac7a5715d: gpgsm: Fix possible double free in the CMS parser. (authored by werner).
gpgsm: Fix possible double free in the CMS parser.
Sun, Apr 26, 6:43 PM
werner changed the status of T8240: Double free in gpgsm's decrypt function. from Open to Testing.
Sun, Apr 26, 6:40 PM · gnupg22, Bug Report, gnupg26
werner committed rG2ceca1f5f978: gpgsm: Fix possible double free in the CMS parser. (authored by werner).
gpgsm: Fix possible double free in the CMS parser.
Sun, Apr 26, 6:32 PM
werner renamed T8240: Double free in gpgsm's decrypt function. from Doiuble free in gpgsm's decrypt function. to Double free in gpgsm's decrypt function..
Sun, Apr 26, 6:30 PM · gnupg22, Bug Report, gnupg26
werner created T8240: Double free in gpgsm's decrypt function..
Sun, Apr 26, 6:29 PM · gnupg22, Bug Report, gnupg26

Fri, Apr 24

werner committed rD2e41b6357a3f: GnuPG 2.5.19 announcement (authored by werner).
GnuPG 2.5.19 announcement
Fri, Apr 24, 1:54 PM
werner committed rDd171b0eb221e: swdb: GnuPG 2.5.19 (authored by werner).
swdb: GnuPG 2.5.19
Fri, Apr 24, 1:30 PM
werner committed rGf1ee3c63eac7: Post release updates (authored by werner).
Post release updates
Fri, Apr 24, 1:23 PM
werner committed rGa50d684407ff: po: msgmerge (authored by werner).
po: msgmerge
Fri, Apr 24, 1:23 PM
werner committed rGb0750c06a39a: Release 2.5.19 (authored by werner).
Release 2.5.19
Fri, Apr 24, 1:23 PM
werner committed rG7938c4dca494: po: Update German translation (authored by werner).
po: Update German translation
Fri, Apr 24, 1:23 PM
werner committed rG760b1b9a09c8: indent: Re-align check_key_signature2 (authored by werner).
indent: Re-align check_key_signature2
Fri, Apr 24, 1:23 PM
werner updated the task description for T7998: Release GnuPG 2.5.19.
Fri, Apr 24, 1:21 PM · Release Info, gnupg
werner committed rEaa00ecef616a: Post release updates (authored by werner).
Post release updates
Fri, Apr 24, 11:47 AM
werner committed rEdef87da32726: Release 1.60 (authored by werner).
Release 1.60
Fri, Apr 24, 11:47 AM
werner committed rE2bcf04b1fba8: po: msgmerge (authored by werner).
po: msgmerge
Fri, Apr 24, 11:47 AM
werner committed rE5f20096431c0: po: Update German translation (authored by werner).
po: Update German translation
Fri, Apr 24, 11:47 AM
werner committed rDaeb80ba1f469: swdb: gpgrt 1.60 (authored by werner).
swdb: gpgrt 1.60
Fri, Apr 24, 11:30 AM
werner updated the task description for T8112: Release GpgRT 1.60.
Fri, Apr 24, 11:26 AM · gpgrt, Release Info
werner triaged T8239: Release GpgRT 1.61 as Low priority.
Fri, Apr 24, 11:23 AM · gpgrt, Release Info

Thu, Apr 23

werner committed rM63f18298d3f5: New decryption flag GPGME_DECRYPT_SESSION_HASH. (authored by werner).
New decryption flag GPGME_DECRYPT_SESSION_HASH.
Thu, Apr 23, 2:25 PM
werner committed rMb96968f7a967: indent: Align a debug output. (authored by werner).
indent: Align a debug output.
Thu, Apr 23, 2:25 PM
werner closed T7673: Release GPGME 2.0.0 as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner closed T7817: Release GPGME 2.0.1, a subtask of T7673: Release GPGME 2.0.0, as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner closed T7817: Release GPGME 2.0.1 as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner triaged T8237: Release GPGME 2.1.0 as Normal priority.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner committed rGecd0f7afa1cf: gpg: New options --show-session-hash and --show-only-session-hash. (authored by werner).
gpg: New options --show-session-hash and --show-only-session-hash.
Thu, Apr 23, 11:08 AM
werner committed rKc8df64fe11e8: crl: Fix minor memory leak in case of a corrupt DER structure. (authored by werner).
crl: Fix minor memory leak in case of a corrupt DER structure.
Thu, Apr 23, 10:37 AM

Wed, Apr 22

werner committed rG2ab4cba36ccd: dirmngr: New keyword "clear" for --keyserver. (authored by werner).
dirmngr: New keyword "clear" for --keyserver.
Wed, Apr 22, 1:12 PM
werner added a comment to T8208: Missing bounds check in libgcrypt's Dilithium context handling.

FWIW: There is actually a problem in the reference code: Having a
fixed size buffer inside a function and allowing the caller to provide
content at arbitrary length is bad coding style because the caller
needs to know internals of the called function (in a different source
file).

Wed, Apr 22, 10:23 AM · Security, PQC, Bug Report, libgcrypt
werner added a comment to T8211: Libgcrypt ECDH buffer overwrite with zeroes.

This is the original bug report to security at gnupg dated 2026-04-07:

Wed, Apr 22, 10:15 AM · Bug Report, Security, libgcrypt
werner shifted T8211: Libgcrypt ECDH buffer overwrite with zeroes from the Restricted Space space to the S1 Public space.
Wed, Apr 22, 10:12 AM · Bug Report, Security, libgcrypt

Tue, Apr 21

werner committed rDb800c085932e: Announce libgcrypt 1.12.2 et al. (authored by werner).
Announce libgcrypt 1.12.2 et al.
Tue, Apr 21, 2:39 PM
werner committed rCd365a4109457: Release 1.10.4 (authored by werner).
Release 1.10.4
Tue, Apr 21, 12:20 PM
werner committed rC2f98f556978c: Post release updates (authored by werner).
Post release updates
Tue, Apr 21, 12:20 PM
werner committed rC6da0152595aa: cipher:ecc: Fix decoding a point on Montgomery curve. (authored by gniibe).
cipher:ecc: Fix decoding a point on Montgomery curve.
Tue, Apr 21, 12:20 PM
werner updated the task description for T6817: Release Libgcrypt 1.10.3.
Tue, Apr 21, 12:10 PM · Release Info, libgcrypt
werner triaged T8233: Release Libgcrypt 1.10.4 as Low priority.
Tue, Apr 21, 12:08 PM · libgcrypt, Release Info
werner committed rC2b204554300d: Post release updates (authored by werner).
Post release updates
Tue, Apr 21, 12:03 PM
werner committed rC089ff0edf61b: Release 1.11.3 (authored by werner).
Release 1.11.3
Tue, Apr 21, 12:03 PM
werner committed rC7aadca8dbabe: cipher:kem:ecc: Raise an error by validating a point on curve. (authored by gniibe).
cipher:kem:ecc: Raise an error by validating a point on curve.
Tue, Apr 21, 12:03 PM
werner committed rC8b3612d62a74: cipher:ecc: Fix decoding a point on Montgomery curve. (authored by gniibe).
cipher:ecc: Fix decoding a point on Montgomery curve.
Tue, Apr 21, 12:03 PM
werner triaged T8232: Release Libgcrypt 1.11.3 as Low priority.
Tue, Apr 21, 11:41 AM · libgcrypt, Release Info

Mon, Apr 20

werner committed rG38748456f905: Post release updates (authored by werner).
Post release updates
Mon, Apr 20, 3:13 PM
werner committed rG1fc0deef15f2: Release 2.2.54 (authored by werner).
Release 2.2.54
Mon, Apr 20, 3:13 PM
werner committed rGcaae838ff5f2: po: msgmerge (authored by werner).
po: msgmerge
Mon, Apr 20, 3:13 PM
werner committed rWa7df9bb23ca3: Define make variable IS_VSD3_BUILD. (authored by werner).
Define make variable IS_VSD3_BUILD.
Mon, Apr 20, 1:56 PM
werner committed rWf2b5f22b5f66: Release vsd 3.3.7 (authored by werner).
Release vsd 3.3.7
Mon, Apr 20, 1:56 PM
werner committed rGed76d5e84c2b: dirmngr: New keyword "clear" for --keyserver. (authored by werner).
dirmngr: New keyword "clear" for --keyserver.
Mon, Apr 20, 10:10 AM

Fri, Apr 17

werner committed rWbb2bed5cc959: Change beta number (authored by werner).
Change beta number
Fri, Apr 17, 2:28 PM
werner committed rW72fdf3a85d41: Prepare for 3.3.7 (authored by werner).
Prepare for 3.3.7
Fri, Apr 17, 2:22 PM
werner triaged T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) as Wishlist priority.

gpgsm does not support OAEP. Actually it does not make much sense to use this padding scheme at all. It has not advantage over PKCS#1. Thus I change this to a feature request to allow decryption using OAEP

Fri, Apr 17, 1:38 PM · gnupg, Feature Request, S/MIME
werner committed rGcd89961c351d: Prepare NEWS. (authored by werner).
Prepare NEWS.
Fri, Apr 17, 10:40 AM
werner shifted T8159: gpgtar write outside --directory via symlink traversal from the Restricted Space space to the S1 Public space.
Fri, Apr 17, 9:47 AM · gnupg26, gpgtar, Security, Bug Report
werner committed rW6604abc8754c: Update libpng to 1.6.57 (authored by werner).
Update libpng to 1.6.57
Fri, Apr 17, 9:15 AM

Thu, Apr 16

werner moved T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver from QA to gnupg-2.2.54 on the gnupg22 board.
Thu, Apr 16, 3:14 PM · gnupg22 (gnupg-2.2.54), Keyserver, gnupg26, Bug Report
werner moved T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver from WIP to Done on the gnupg26 board.
Thu, Apr 16, 3:14 PM · gnupg22 (gnupg-2.2.54), Keyserver, gnupg26, Bug Report
werner closed T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver as Resolved.

Reporter has tested 2.5 - the code in 2.2 is identical; no need for separate testing

Thu, Apr 16, 3:13 PM · gnupg22 (gnupg-2.2.54), Keyserver, gnupg26, Bug Report
werner committed rGfa1bbe348f3d: gpg: Fix edge case in --refresh-keys (authored by werner).
gpg: Fix edge case in --refresh-keys
Thu, Apr 16, 3:12 PM
werner committed rGb1a7949c71df: agent: Rework the trustlist reading code. (authored by werner).
agent: Rework the trustlist reading code.
Thu, Apr 16, 3:08 PM
werner committed rG04eabc111385: agent: Fix a minor utf8 file name problem with trustlist.txt. (authored by werner).
agent: Fix a minor utf8 file name problem with trustlist.txt.
Thu, Apr 16, 3:08 PM
werner changed the status of T8078: GpgAgent: trustlist.txt still requires LF on the last line from Open to Testing.
Thu, Apr 16, 3:07 PM · gnupg22, Bug Report, gpgagent, gnupg26
werner committed rG9ccae1435439: agent: Rework the trustlist reading code. (authored by werner).
agent: Rework the trustlist reading code.
Thu, Apr 16, 3:05 PM
werner committed rGd5a66c7ed4a5: agent: Fix a minor utf8 file name problem with trustlist.txt. (authored by werner).
agent: Fix a minor utf8 file name problem with trustlist.txt.
Thu, Apr 16, 3:05 PM
werner moved T8078: GpgAgent: trustlist.txt still requires LF on the last line from Backlog to WIP on the gnupg26 board.

I reworked the reading using our dedicated line reading functions which is used at other places. Extra benefit is that the code now also prints a status line ERROR which gives information on the first faulty line. Thus gpg-connect-agent listtrusted /bye can be sued to quickly check for errors without configuring a log file.

Thu, Apr 16, 3:02 PM · gnupg22, Bug Report, gpgagent, gnupg26

Wed, Apr 15

werner changed the status of T8078: GpgAgent: trustlist.txt still requires LF on the last line from Testing to Open.
Wed, Apr 15, 3:05 PM · gnupg22, Bug Report, gpgagent, gnupg26
werner removed a project from T8078: GpgAgent: trustlist.txt still requires LF on the last line: gnupg24.
Wed, Apr 15, 2:56 PM · gnupg22, Bug Report, gpgagent, gnupg26
werner committed rG113dad4e5006: gpgconf,w32: Show the integrity level with -X and -V (authored by werner).
gpgconf,w32: Show the integrity level with -X and -V
Wed, Apr 15, 2:50 PM
werner added a comment to T8078: GpgAgent: trustlist.txt still requires LF on the last line.

gnupg22 received this patch meanwhile: rG7bc969d388086b4f3aeee3c5389b7baf055689d7

Wed, Apr 15, 2:46 PM · gnupg22, Bug Report, gpgagent, gnupg26
werner changed the status of T8078: GpgAgent: trustlist.txt still requires LF on the last line from Open to Testing.
Wed, Apr 15, 2:44 PM · gnupg22, Bug Report, gpgagent, gnupg26
werner changed the status of T8222: Show RSA-PSS certificates as de-vs compliant in X.509 key listings from Open to Testing.
Wed, Apr 15, 2:44 PM · gnupg22 (gnupg-2.2.54), Bug Report, S/MIME, gnupg26
werner moved T8188: gpgsm: No error/warning on verification or decryption in case of trusted but not VS-compliant certificate from WiP to QA on the gnupg22 board.
Wed, Apr 15, 2:43 PM · gnupg22 (gnupg-2.2.54), vsd33 (vsd-3.3.7), vsd, gnupg26
werner committed rW534ed7c73a48: Update Libgcrypt to 1.8.13 (authored by werner).
Update Libgcrypt to 1.8.13
Wed, Apr 15, 2:06 PM
werner committed rWe41352339151: Update libpng to 1.6.57 (authored by werner).
Update libpng to 1.6.57
Wed, Apr 15, 1:57 PM
werner committed rGf5807f41ad8c: gpgsm: Show rsaPSS certificates as de-vs compliant in listings. (authored by werner).
gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
Wed, Apr 15, 1:23 PM
werner committed rD01f1643855f3: swdb: Libgcrypt 1.8.13 and 1.12.2 (authored by werner).
swdb: Libgcrypt 1.8.13 and 1.12.2
Wed, Apr 15, 12:34 PM
werner added a project to T8188: gpgsm: No error/warning on verification or decryption in case of trusted but not VS-compliant certificate: vsd33.
Wed, Apr 15, 11:56 AM · gnupg22 (gnupg-2.2.54), vsd33 (vsd-3.3.7), vsd, gnupg26
werner awarded rKLEOPATRAbc736b099691: Make it harder to run Kleopatra as admin on Windows a Pterodactyl token.
Wed, Apr 15, 11:26 AM
werner closed T8208: Missing bounds check in libgcrypt's Dilithium context handling as Resolved.
Wed, Apr 15, 11:18 AM · Security, PQC, Bug Report, libgcrypt
werner closed T8211: Libgcrypt ECDH buffer overwrite with zeroes as Resolved.

1.8.13 (T8224) and 1.12.2 (T8114) are released

Wed, Apr 15, 11:18 AM · Bug Report, Security, libgcrypt
werner closed T8114: Release Libgcrypt 1.12.2 as Resolved.
Wed, Apr 15, 11:16 AM · libgcrypt, Release Info
werner committed rC4e5ad689d60b: Post release updates (authored by werner).
Post release updates
Wed, Apr 15, 11:14 AM
werner committed rCf95ba3c063a5: cipher:kem:ecc: Raise an error by validating a point on curve. (authored by gniibe).
cipher:kem:ecc: Raise an error by validating a point on curve.
Wed, Apr 15, 11:14 AM
werner committed rCefc346430901: Release 1.12.2 (authored by werner).
Release 1.12.2
Wed, Apr 15, 11:14 AM
werner committed rC2d3d732c9bf8: cipher:ecc: Fix decoding a point on Montgomery curve. (authored by gniibe).
cipher:ecc: Fix decoding a point on Montgomery curve.
Wed, Apr 15, 11:14 AM
werner committed rCb2a75f456546: Post release updates (authored by werner).
Post release updates
Wed, Apr 15, 11:09 AM
werner committed rC5ba63ec41a6e: cipher:ecc: Fix decoding a point on Montgomery curve. (authored by gniibe).
cipher:ecc: Fix decoding a point on Montgomery curve.
Wed, Apr 15, 11:09 AM
werner committed rC6dc21b23f8da: Release 1.8.13 (authored by werner).
Release 1.8.13
Wed, Apr 15, 11:09 AM
werner closed T7887: Release Libgcrypt 1.8.12 as Resolved.
Wed, Apr 15, 11:03 AM · libgcrypt, Release Info
werner closed T8224: Release Libgcrypt 1.8.13 as Resolved.
Wed, Apr 15, 11:03 AM · libgcrypt, Release Info