Page MenuHome GnuPG
Projects gnupg

gnupgProject
ActivePublic
Watch Project

Milestones
View All

Subprojects
View All

Members

  • This project does not have any members.
  • View All

Watchers (3)

Details

Description

Bugs, feature requests, memos, and support related to GnuPG.

Note that the tags gnug24, gnupg26 etc are used to indicate that a certain task is scheduled to be fixed in that version. This tag here is used if there is no concrete version affected or a schedule has not yet been set.

Recent Activity
View All

Today

werner set External Link to https://gnupg.org/blog/20251226-cleartext-signatures.html on T7900: Cleartext Signature Forgery in GnuPG.
Thu, Jan 15, 4:05 PM · Not A Bug, OpenBSD, gnupg
timegrid closed T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) as Resolved.

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

  • with / without keyboxd
  • quitting kleopatra / killing all processes
Thu, Jan 15, 1:06 PM · gpd5x, gnupg, kleopatra
ikloecker moved T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Backlog to QA on the gpd5x board.
Thu, Jan 15, 10:31 AM · gpd5x, gnupg, kleopatra
ikloecker changed the status of T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Open to Testing.

I think this has been resolved in Gpg4win 5.

Thu, Jan 15, 10:31 AM · gpd5x, gnupg, kleopatra

Fri, Jan 9

werner closed T7994: Documentation: mention `status-fd` in "Programmatic use of GnuPG" as Resolved.

Will be in the next release.

Fri, Jan 9, 2:02 PM · gnupg, Documentation
werner removed a project from T6815: PQC encryption for GnuPG: gnupg26.

it does not make sense to have a workboard item for this parent ticket.

Fri, Jan 9, 1:40 PM · OpenPGP, PQC, gnupg
timegrid closed T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled as Resolved.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Fri, Jan 9, 1:18 PM · gnupg26, gnupg
ebo closed T7491: Confusing additional pinentry on creation of new keypair with ADSK configured as Resolved.

This does not happen any more, tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 1:09 PM · gpgagent, gnupg26, gnupg
ebo closed T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Fri, Jan 9, 12:29 PM · OpenPGP, PQC, gnupg
ebo closed T7315: Allow export and import of PQC secret keys. as Resolved.

Tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 12:29 PM · gnupg26, OpenPGP, PQC, gnupg
ebo closed T7892: keyboxd: subkey listing issue with ADSKs as Resolved.

with Gpg4win-5.0.0-beta479 the listing after creating the new key with ADSK looks ok now:

Fri, Jan 9, 11:44 AM · gnupg26, Bug Report, keyboxd, gnupg
werner closed T7805: Permission denied on batch deletion of mixed (openpgp+smime) certs as Resolved.

Given that the 2.2 fix has been tested and resolved and we don't have another ticket for 2.6, we can close this one.

Fri, Jan 9, 11:07 AM · gnupg, vsd, kleopatra
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Fri, Jan 9, 11:01 AM · Not A Bug, OpenBSD, gnupg
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1 as Resolved.

Note that for exploiting this bug a second preimage attack for SHA-1 is required. This kind of attack on SHA1 is not yet possible.

Fri, Jan 9, 11:01 AM · gnupg, Bug Report

Thu, Jan 8

werner changed the status of T7892: keyboxd: subkey listing issue with ADSKs from Open to Testing.
Thu, Jan 8, 4:13 PM · gnupg26, Bug Report, keyboxd, gnupg

Wed, Jan 7

andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

So why are there different grades of failure? Why is "invalid packet" a less scary error message than "WARNING: message was not integrity protected" when both are equally bad things?

Wed, Jan 7, 4:37 PM · Not A Bug, gnupg
werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

Right. And the MDC detects this and only if says okay you get a good decryption status back.

Wed, Jan 7, 11:57 AM · Not A Bug, gnupg
andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

This warning shall only show up if a message was really modified and not in case of

a simple truncation.

Wed, Jan 7, 10:42 AM · Not A Bug, gnupg

Mon, Jan 5

werner updated the task description for T7906: Memory Corruption in ASCII-Armor Parsing.
Mon, Jan 5, 4:27 PM · gnupg, Bug Report
werner changed the visibility for T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
Mon, Jan 5, 11:27 AM · Not A Bug, gnupg
werner changed the visibility for T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG.
Mon, Jan 5, 11:26 AM · gnupg, Bug Report
werner changed the visibility for T7900: Cleartext Signature Forgery in GnuPG.
Mon, Jan 5, 11:26 AM · Not A Bug, OpenBSD, gnupg

Fri, Jan 2

werner changed the status of T7900: Cleartext Signature Forgery in GnuPG from Open to Testing.

(Testing for now for better visibility. Real or Semi-real bugs with fixes are already set to Resolved)

Fri, Jan 2, 4:38 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7902: OpenPGP Cleartext Signature Framework, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Fri, Jan 2, 4:35 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7902: OpenPGP Cleartext Signature Framework from Open to Testing.
Fri, Jan 2, 4:35 PM · Not A Bug, OpenPGP, FAQ, gnupg
werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Fri, Jan 2, 4:24 PM · Not A Bug, OpenBSD, gnupg
werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Resolved.
Fri, Jan 2, 4:24 PM · Not A Bug, OpenPGP, gnupg
werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Fri, Jan 2, 4:22 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks from Open to Testing.

The described attack is not easy to understand and as of today the
gpg.fail website seems to have the same content as the draft we
received on 2025-10-23. There it states:

Fri, Jan 2, 4:22 PM · Not A Bug, gnupg

Wed, Dec 31

William closed T7941: gpg: keydb_search_first failed: SQL error as Resolved.

Fixed in 2.5.16

Wed, Dec 31, 2:19 AM · workaround, gnupg, Bug Report

Tue, Dec 30

werner updated the task description for T8001: Release GnuPG 2.4.9.
Tue, Dec 30, 1:49 PM · gnupg, Release Info
werner updated the task description for T7428: Release GnuPG 2.4.8.
Tue, Dec 30, 1:48 PM · gnupg, Release Info
werner triaged T8001: Release GnuPG 2.4.9 as Normal priority.
Tue, Dec 30, 1:48 PM · gnupg, Release Info
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000500.html on T7995: Release GnuPG 2.5.16.
Tue, Dec 30, 10:19 AM · gnupg, Release Info
werner closed T7906: Memory Corruption in ASCII-Armor Parsing as Resolved.

Also fixed in the other active branches.

Tue, Dec 30, 9:56 AM · gnupg, Bug Report
werner closed T7906: Memory Corruption in ASCII-Armor Parsing, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Tue, Dec 30, 9:56 AM · Not A Bug, OpenBSD, gnupg
werner updated the task description for T7940: Release GnuPG 2.5.15.
Tue, Dec 30, 9:18 AM · gnupg, Release Info
werner updated the task description for T7995: Release GnuPG 2.5.16.
Tue, Dec 30, 9:16 AM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17.
Tue, Dec 30, 9:15 AM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17.
Tue, Dec 30, 9:15 AM · gnupg, Release Info

Mon, Dec 29

werner updated the task description for T7998: Release GnuPG 2.5.19.
Mon, Dec 29, 11:50 PM · Release Info, gnupg
werner updated the task description for T7999: Release GnuPG 2.5.18.
Mon, Dec 29, 11:49 PM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17.
Mon, Dec 29, 11:47 PM · gnupg, Release Info
werner updated the task description for T7995: Release GnuPG 2.5.16.
Mon, Dec 29, 11:46 PM · gnupg, Release Info
werner triaged T8000: Release GnuPG 2.6.0 as Low priority.
Mon, Dec 29, 11:45 PM · Release Info, gnupg
werner triaged T7999: Release GnuPG 2.5.18 as Low priority.
Mon, Dec 29, 11:45 PM · gnupg, Release Info
werner triaged T7998: Release GnuPG 2.5.19 as Low priority.
Mon, Dec 29, 11:44 PM · Release Info, gnupg
werner triaged T7997: Release GnuPG 2.5.20 as Low priority.
Mon, Dec 29, 11:43 PM · Release Info, gnupg
werner triaged T7996: Release GnuPG 2.5.17 as Low priority.
Mon, Dec 29, 11:42 PM · gnupg, Release Info
werner updated the task description for T7940: Release GnuPG 2.5.15.
Mon, Dec 29, 11:40 PM · gnupg, Release Info