Page MenuHome GnuPG
People werner

werner (Werner Koch)
EngineeringAdministrator

Projects

User Details

User Since
Mar 27 2017, 4:48 PM (476 w, 10 h)
Roles
Administrator
Availability
Busy Busy until Sep 9 2030.

Recent Activity
View All

Yesterday

werner committed rG0335a9cb0491: gpgsm: Introduce system defined attribute _signingCertificateV2 (authored by werner).
gpgsm: Introduce system defined attribute _signingCertificateV2
Mon, May 11, 11:09 PM
werner committed rG2bce4a8d9343: common: Fix never used function strlist_copy. (authored by werner).
common: Fix never used function strlist_copy.
Mon, May 11, 11:08 PM
werner committed rG6d16c43c981b: gpgsm: Fix an uninitialized use of a callbback parameter. (authored by werner).
gpgsm: Fix an uninitialized use of a callbback parameter.
Mon, May 11, 11:08 PM
werner committed rMa05c27e670b7: Make GPGME_DECRYPT_SESSION_HASH also work for gnupg 2.2.55 (authored by werner).
Make GPGME_DECRYPT_SESSION_HASH also work for gnupg 2.2.55
Mon, May 11, 3:31 PM
werner committed rGfaa571fbff30: gpg: New options --show-session-hash and --show-only-session-hash. (authored by werner).
gpg: New options --show-session-hash and --show-only-session-hash.
Mon, May 11, 2:18 PM
werner committed rW6dfa77bbbad9: Remove not used file distsigkey.gpg (authored by werner).
Remove not used file distsigkey.gpg
Mon, May 11, 11:45 AM
werner triaged T8196: GnuPG: Designated revokation with certify-only primary keys does not work as Normal priority.
Mon, May 11, 10:36 AM · Bug Report, gnupg26

Thu, May 7

werner committed rGa2134cac903f: gpgsm: New server command SETATTR. (authored by werner).
gpgsm: New server command SETATTR.
Thu, May 7, 4:01 PM
werner committed rGe48b9a588d65: common: Add new function strlist_pop_try. (authored by werner).
common: Add new function strlist_pop_try.
Thu, May 7, 4:01 PM
werner added a comment to T8189: GnuPG: Bad signature on import of designated revokation certificate.

Just to clarify: The ticket is a about a bad signature diagnostic seen during import. However, the revocation works. The diagnostic is emitted by a second signature checking done to allow handling of standalone designated revocation certificates. The latter are uncommon because gpg does not create standalone revocation certificates. See also T8252 for further info.

Thu, May 7, 2:13 PM · Bug Report, gnupg26
werner changed the status of T8159: gpgtar write outside --directory via symlink traversal from Open to Testing.
Thu, May 7, 2:04 PM · gnupg26, gpgtar, Security, Bug Report
werner committed rG21a8f3642072: dirmngr: Fix uninitialized use of union dns_any in dns_rr_cmp. (authored by werner).
dirmngr: Fix uninitialized use of union dns_any in dns_rr_cmp.
Thu, May 7, 12:41 PM
werner committed rWe0bddb8250e6: Update libgpg-error and libksba (authored by werner).
Update libgpg-error and libksba
Thu, May 7, 12:02 PM
werner committed rWc43c46d72846: Update libgpg-error and libksba (authored by werner).
Update libgpg-error and libksba
Thu, May 7, 11:59 AM
werner committed rE9b108b54d122: Fix bug reference for the 1.61 release (authored by werner).
Fix bug reference for the 1.61 release
Thu, May 7, 10:46 AM
werner committed rE1c54f92359af: Post release updates (authored by werner).
Post release updates
Thu, May 7, 10:46 AM
werner committed rE687c9da501c2: Release 1.61 (authored by werner).
Release 1.61
Thu, May 7, 10:46 AM
werner committed rDf5199d2639fc: swdb: gpgrt 1.61 (authored by werner).
swdb: gpgrt 1.61
Thu, May 7, 10:31 AM
werner updated the task description for T8239: Release GpgRT 1.61.
Thu, May 7, 10:28 AM · gpgrt, Release Info
werner closed T8242: gpgrt: Possible stack overflow in es_printf for "%.100f" et al format specifiers. as Resolved.
Thu, May 7, 10:28 AM · Security, Bug Report, gpgrt
werner closed T8239: Release GpgRT 1.61 as Resolved.
Thu, May 7, 10:26 AM · gpgrt, Release Info
werner triaged T8255: Release GpgRT 1.62 as Low priority.
Thu, May 7, 10:22 AM · gpgrt, Release Info
werner committed rD41a7dd78dfef: swdb: libksba 1.7.0 (authored by werner).
swdb: libksba 1.7.0
Thu, May 7, 10:12 AM
werner committed rK3735267acf41: Post release updates (authored by werner).
Post release updates
Thu, May 7, 10:04 AM
werner committed rK941eed831904: Release 1.7.0 (authored by werner).
Release 1.7.0
Thu, May 7, 10:04 AM
werner updated the task description for T8121: Release LibKSBA 1.7.0.
Thu, May 7, 10:02 AM · libksba, Release Info
werner triaged T8253: Release LibKSBA 1.7.1 as Low priority.
Thu, May 7, 10:01 AM · Release Info, libksba
werner renamed T8121: Release LibKSBA 1.7.0 from Release LibKSBA 1.6.9 to Release LibKSBA 1.7.0.
Thu, May 7, 9:49 AM · libksba, Release Info
werner added a parent task for T8252: Use RECP_FPR subpacket for standalone designated revocations.: T8189: GnuPG: Bad signature on import of designated revokation certificate.
Thu, May 7, 9:39 AM · OpenPGP, gnupg26, Feature Request
werner added a subtask for T8189: GnuPG: Bad signature on import of designated revokation certificate: T8252: Use RECP_FPR subpacket for standalone designated revocations..
Thu, May 7, 9:39 AM · Bug Report, gnupg26
werner triaged T8252: Use RECP_FPR subpacket for standalone designated revocations. as Normal priority.
Thu, May 7, 9:34 AM · OpenPGP, gnupg26, Feature Request
werner triaged T8251: dirmngr may use an uninitalized struct in the DNS code. as Normal priority.
Thu, May 7, 9:14 AM · gnupg22, gnupg26, dns, dirmngr

Wed, May 6

werner committed rG699052a40a2f: gpgsm: The option --attribute is now working. (authored by werner).
gpgsm: The option --attribute is now working.
Wed, May 6, 4:09 PM
werner committed rK4cccd024e015: New function ksba_cms_add_attribute. (authored by werner).
New function ksba_cms_add_attribute.
Wed, May 6, 3:54 PM
werner committed rK1624246505e6: Minor debug output rework. (authored by werner).
Minor debug output rework.
Wed, May 6, 3:54 PM
werner committed rK0ef4070116d6: Various typo and comment fixes and minor test code output cleanup. (authored by werner).
Various typo and comment fixes and minor test code output cleanup.
Wed, May 6, 3:54 PM

Tue, May 5

werner committed rK2d120e345537: Fix other silent truncation of length fields. (authored by werner).
Fix other silent truncation of length fields.
Tue, May 5, 12:11 PM
werner committed rK55be6f57b636: Fix incorrect overflow guard condition in _ksba_ber_read_tl (authored by werner).
Fix incorrect overflow guard condition in _ksba_ber_read_tl
Tue, May 5, 11:51 AM
werner committed rKc44cc98460ea: Fix silent truncation of 64 bit length fields. (authored by werner).
Fix silent truncation of 64 bit length fields.
Tue, May 5, 11:51 AM
werner closed T8247: Incorrect overflow guard condition in _ksba_ber_read_tl as Resolved.
Tue, May 5, 11:50 AM · libksba, Bug Report
werner committed rGcc80ff664e2c: gpgsm: Silence a compiler warning. (authored by werner).
gpgsm: Silence a compiler warning.
Tue, May 5, 11:49 AM

Mon, May 4

werner created T8247: Incorrect overflow guard condition in _ksba_ber_read_tl.
Mon, May 4, 3:37 PM · libksba, Bug Report

Sun, May 3

werner committed rKfad201b522a0: Next version will be 1.70. (authored by werner).
Next version will be 1.70.
Sun, May 3, 5:41 PM
werner committed rK8c640493cbcf: Allow building AUTHENVELOPEDDATA. (authored by werner).
Allow building AUTHENVELOPEDDATA.
Sun, May 3, 5:41 PM
werner committed rG70fa606081e6: gpgsm: Use AES256-GCM by default in de-vs mode. (authored by werner).
gpgsm: Use AES256-GCM by default in de-vs mode.
Sun, May 3, 5:39 PM
werner committed rG1365f314f640: gpgsm: Implement GCM encryption. (authored by werner).
gpgsm: Implement GCM encryption.
Sun, May 3, 4:59 PM
werner committed rEff90817a9520: Revert "Fix possible lockup in an atexit handler" (authored by werner).
Revert "Fix possible lockup in an atexit handler"
Sun, May 3, 3:28 PM
werner committed rG60a823c97bb0: gpgsm: Fix regression in password encrypted GCM data. (authored by werner).
gpgsm: Fix regression in password encrypted GCM data.
Sun, May 3, 3:28 PM

Thu, Apr 30

werner committed rG69c27fe37787: gpgsm: Avoid a final FAILURE status line w/o unsing --status-fd (authored by werner).
gpgsm: Avoid a final FAILURE status line w/o unsing --status-fd
Thu, Apr 30, 1:51 PM
werner committed rE50f0c56bdd36: Fix possible lockup in an atexit handler (authored by werner).
Fix possible lockup in an atexit handler
Thu, Apr 30, 1:35 PM
werner committed rGe5472f5cf8c2: gpgsm: Make --with-ephemeral work correct with the keyboxd. (authored by werner).
gpgsm: Make --with-ephemeral work correct with the keyboxd.
Thu, Apr 30, 11:49 AM
werner committed rG8a3cfb65e033: scd:sc-hsm: Avoid buffer overflow with cards providing RSA > 2k. (authored by werner).
scd:sc-hsm: Avoid buffer overflow with cards providing RSA > 2k.
Thu, Apr 30, 9:55 AM
werner committed rG86d5cfad461f: scd:sc-hsm: Change error message style (authored by werner).
scd:sc-hsm: Change error message style
Thu, Apr 30, 9:55 AM
werner changed the status of T8244: sc-hsm buffer overflow for keys > 2k, a subtask of T6097: SC-HSM 4K Compatibility, from Open to Testing.
Thu, Apr 30, 9:55 AM · Bug Report
werner changed the status of T8244: sc-hsm buffer overflow for keys > 2k from Open to Testing.
Thu, Apr 30, 9:55 AM · gnupg26, Security, scd, Bug Report
werner triaged T8244: sc-hsm buffer overflow for keys > 2k as Low priority.
Thu, Apr 30, 9:49 AM · gnupg26, Security, scd, Bug Report

Wed, Apr 29

werner added a comment to T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys.

That is actually more complicated than I initially though. The reason is that expired is used like a trust level:

Wed, Apr 29, 4:36 PM · Feature Request, S/MIME, OpenPGP, gnupg26
werner changed the status of T8242: gpgrt: Possible stack overflow in es_printf for "%.100f" et al format specifiers. from Open to Testing.
Wed, Apr 29, 2:42 PM · Security, Bug Report, gpgrt
werner committed rEf7ded3ce666c: Fix possible stack overflow in es_printf for %.100f format. (authored by werner).
Fix possible stack overflow in es_printf for %.100f format.
Wed, Apr 29, 1:57 PM

Tue, Apr 28

werner committed rE48fae7f60439: Fix out-of-bounds read in vfnameconcat. (authored by werner).
Fix out-of-bounds read in vfnameconcat.
Tue, Apr 28, 2:22 PM
werner created T8242: gpgrt: Possible stack overflow in es_printf for "%.100f" et al format specifiers..
Tue, Apr 28, 11:08 AM · Security, Bug Report, gpgrt

Mon, Apr 27

werner committed rGf5fd1fc11008: doc: Add release dates of other branches to NEWS. (authored by werner).
doc: Add release dates of other branches to NEWS.
Mon, Apr 27, 3:29 PM
werner committed rEe1762f6de187: po: update Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: update Polish translation
Mon, Apr 27, 11:05 AM

Sun, Apr 26

werner shifted T8210: Kleopatra: LPE issue on Windows from the Restricted Space space to the S1 Public space.
Sun, Apr 26, 6:45 PM · vsd34, gpd5x, kleopatra, Security, Bug Report
werner triaged T8210: Kleopatra: LPE issue on Windows as Normal priority.
Sun, Apr 26, 6:45 PM · vsd34, gpd5x, kleopatra, Security, Bug Report
werner moved T8240: Double free in gpgsm's decrypt function. from Backlog to WiP on the gnupg22 board.
Sun, Apr 26, 6:44 PM · gnupg22, Bug Report, gnupg26
werner committed rG51aac7a5715d: gpgsm: Fix possible double free in the CMS parser. (authored by werner).
gpgsm: Fix possible double free in the CMS parser.
Sun, Apr 26, 6:43 PM
werner changed the status of T8240: Double free in gpgsm's decrypt function. from Open to Testing.
Sun, Apr 26, 6:40 PM · gnupg22, Bug Report, gnupg26
werner committed rG2ceca1f5f978: gpgsm: Fix possible double free in the CMS parser. (authored by werner).
gpgsm: Fix possible double free in the CMS parser.
Sun, Apr 26, 6:32 PM
werner renamed T8240: Double free in gpgsm's decrypt function. from Doiuble free in gpgsm's decrypt function. to Double free in gpgsm's decrypt function..
Sun, Apr 26, 6:30 PM · gnupg22, Bug Report, gnupg26
werner created T8240: Double free in gpgsm's decrypt function..
Sun, Apr 26, 6:29 PM · gnupg22, Bug Report, gnupg26

Fri, Apr 24

werner committed rD2e41b6357a3f: GnuPG 2.5.19 announcement (authored by werner).
GnuPG 2.5.19 announcement
Fri, Apr 24, 1:54 PM
werner committed rDd171b0eb221e: swdb: GnuPG 2.5.19 (authored by werner).
swdb: GnuPG 2.5.19
Fri, Apr 24, 1:30 PM
werner committed rGf1ee3c63eac7: Post release updates (authored by werner).
Post release updates
Fri, Apr 24, 1:23 PM
werner committed rGa50d684407ff: po: msgmerge (authored by werner).
po: msgmerge
Fri, Apr 24, 1:23 PM
werner committed rGb0750c06a39a: Release 2.5.19 (authored by werner).
Release 2.5.19
Fri, Apr 24, 1:23 PM
werner committed rG7938c4dca494: po: Update German translation (authored by werner).
po: Update German translation
Fri, Apr 24, 1:23 PM
werner committed rG760b1b9a09c8: indent: Re-align check_key_signature2 (authored by werner).
indent: Re-align check_key_signature2
Fri, Apr 24, 1:23 PM
werner updated the task description for T7998: Release GnuPG 2.5.19.
Fri, Apr 24, 1:21 PM · Release Info, gnupg
werner committed rEaa00ecef616a: Post release updates (authored by werner).
Post release updates
Fri, Apr 24, 11:47 AM
werner committed rEdef87da32726: Release 1.60 (authored by werner).
Release 1.60
Fri, Apr 24, 11:47 AM
werner committed rE2bcf04b1fba8: po: msgmerge (authored by werner).
po: msgmerge
Fri, Apr 24, 11:47 AM
werner committed rE5f20096431c0: po: Update German translation (authored by werner).
po: Update German translation
Fri, Apr 24, 11:47 AM
werner committed rDaeb80ba1f469: swdb: gpgrt 1.60 (authored by werner).
swdb: gpgrt 1.60
Fri, Apr 24, 11:30 AM
werner updated the task description for T8112: Release GpgRT 1.60.
Fri, Apr 24, 11:26 AM · gpgrt, Release Info
werner triaged T8239: Release GpgRT 1.61 as Low priority.
Fri, Apr 24, 11:23 AM · gpgrt, Release Info

Thu, Apr 23

werner committed rM63f18298d3f5: New decryption flag GPGME_DECRYPT_SESSION_HASH. (authored by werner).
New decryption flag GPGME_DECRYPT_SESSION_HASH.
Thu, Apr 23, 2:25 PM
werner committed rMb96968f7a967: indent: Align a debug output. (authored by werner).
indent: Align a debug output.
Thu, Apr 23, 2:25 PM
werner closed T7673: Release GPGME 2.0.0 as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner closed T7817: Release GPGME 2.0.1, a subtask of T7673: Release GPGME 2.0.0, as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner closed T7817: Release GPGME 2.0.1 as Resolved.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner triaged T8237: Release GPGME 2.1.0 as Normal priority.
Thu, Apr 23, 2:20 PM · Release Info, gpgme
werner committed rGecd0f7afa1cf: gpg: New options --show-session-hash and --show-only-session-hash. (authored by werner).
gpg: New options --show-session-hash and --show-only-session-hash.
Thu, Apr 23, 11:08 AM
werner committed rKc8df64fe11e8: crl: Fix minor memory leak in case of a corrupt DER structure. (authored by werner).
crl: Fix minor memory leak in case of a corrupt DER structure.
Thu, Apr 23, 10:37 AM

Wed, Apr 22

werner committed rG2ab4cba36ccd: dirmngr: New keyword "clear" for --keyserver. (authored by werner).
dirmngr: New keyword "clear" for --keyserver.
Wed, Apr 22, 1:12 PM
werner added a comment to T8208: Missing bounds check in libgcrypt's Dilithium context handling.

FWIW: There is actually a problem in the reference code: Having a
fixed size buffer inside a function and allowing the caller to provide
content at arbitrary length is bad coding style because the caller
needs to know internals of the called function (in a different source
file).

Wed, Apr 22, 10:23 AM · Security, PQC, Bug Report, libgcrypt
werner added a comment to T8211: Libgcrypt ECDH buffer overwrite with zeroes.

This is the original bug report to security at gnupg dated 2026-04-07:

Wed, Apr 22, 10:15 AM · Bug Report, Security, libgcrypt
werner shifted T8211: Libgcrypt ECDH buffer overwrite with zeroes from the Restricted Space space to the S1 Public space.
Wed, Apr 22, 10:12 AM · Bug Report, Security, libgcrypt

Tue, Apr 21

werner committed rDb800c085932e: Announce libgcrypt 1.12.2 et al. (authored by werner).
Announce libgcrypt 1.12.2 et al.
Tue, Apr 21, 2:39 PM
werner committed rCd365a4109457: Release 1.10.4 (authored by werner).
Release 1.10.4
Tue, Apr 21, 12:20 PM