gnupgProject
ActivePublic
Watch Project

Milestones
View All

gpg14
Milestone

Subprojects
View All

common
Project
g10
Project
gnupg22
Project
gnupg24
Project

Members

This project does not have any members.
View All

Watchers (2)

Details

Description

Bugs, feature requests, memos, and support related to GnuPG.

Note that the tags gnug24, gnupg26 etc are used to indicate that a certain task is scheduled to be fixed in that version. This tag here is used if there is no concrete version affected or a schedule has not yet been set.

Recent Activity
View All

Today

• gniibe changed the status of T7576: keyboxd: Searching <email@Example.COM> from Open to Testing.

Wed, Mar 26, 8:20 AM · gnupg, Bug Report

• gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

OK. Relying on SQLite semantics for COLLATE NOCASE would not be good.
Exactly same existing semantics (only care about ASCII uppercase characters) is good.

Wed, Mar 26, 6:26 AM · gnupg, Bug Report

Yesterday

• werner updated the task description for T7530: Release GnuPG 2.5.5.

Tue, Mar 25, 9:35 AM · Release Info, gnupg

• werner triaged T7586: Release GnuPG 2.5.6 as Normal priority.

Tue, Mar 25, 9:35 AM · gnupg, Release Info

Mon, Mar 24

• ikloecker added a comment to T7583: 2.5.5 removes sig on clean that 2.5.4 and earlier kept.

I noticed that the signing key B0D589D46708EC99 is a certify-only key. That signatures made with this key are dropped could be another regression of the fix for dkj's DoS bug.

Mon, Mar 24, 10:50 PM · gnupg, Bug Report

ametzler1 added a comment to T7583: 2.5.5 removes sig on clean that 2.5.4 and earlier kept.

Taking a bigger sample of keys from the same domain and doing the same testing shows that the signature by B0D589D46708EC99 is removed on all keys.

Mon, Mar 24, 6:32 PM · gnupg, Bug Report

• werner added a comment to T7576: keyboxd: Searching <email@Example.COM>.

You mean this would be better becuase it is not clear how we handle X.509 addrsppec (see override_mbox arg of store_into_userid)? I guess COLLATE NOCASE does it the standard way by folding all uppercase characters and not just the ASCII characters as we do in GnuPG. This would be a problem.

Mon, Mar 24, 9:45 AM · gnupg, Bug Report

Sun, Mar 23

ametzler1 renamed T7583: 2.5.5 removes sig on clean that 2.5.4 and earlier kept from 2.5.5 remves sig on clean that 2.5.4 and earlier kept to 2.5.5 removes sig on clean that 2.5.4 and earlier kept.

Sun, Mar 23, 12:49 PM · gnupg, Bug Report

ametzler1 created T7583: 2.5.5 removes sig on clean that 2.5.4 and earlier kept.

Sun, Mar 23, 12:49 PM · gnupg, Bug Report

Fri, Mar 21

• werner triaged T7577: GnuPG could not work when TCP congestion provider is set to BBR2 in Windows as Normal priority.

Indeed, GnuPG's IPC uses TCP connections from 127.0.0.1 to 127.0.0.1 taking the destination port (and a cookie) from a file. We can't change that easily to the new Unix socket implementation Windows recently introduced. I hope there is a way to exclude localhost->localhost from congestion control.

Fri, Mar 21, 8:43 PM · Support, Not A Bug, gnupg, Bug Report

• gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or

Fri, Mar 21, 8:50 AM · gnupg, Bug Report

• gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or

Fri, Mar 21, 8:36 AM · gnupg, Bug Report

• gniibe updated the task description for T7576: keyboxd: Searching <email@Example.COM>.

Fri, Mar 21, 8:27 AM · gnupg, Bug Report

• gniibe claimed T7576: keyboxd: Searching <email@Example.COM>.

Here is a possible change:

Fri, Mar 21, 8:15 AM · gnupg, Bug Report

Mon, Mar 17

• werner closed T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd as Resolved.

Mon, Mar 17, 10:12 AM · gnupg, keyboxd, Bug Report

• werner added a comment to T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.

FWIW: It does works when using GNUPGHOME instead.

Mon, Mar 17, 9:46 AM · gnupg, keyboxd, Bug Report

• werner closed T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!" as Resolved.

This has always been the case. git blame shows for check_signatures_trust:

Mon, Mar 17, 9:39 AM · Not A Bug, gnupg

Fri, Mar 14

dkg added a comment to T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!".

This seems to be the case on 2.2.46 as well, fwiw. i don't think it's new in 2.4.7.

Fri, Mar 14, 8:07 PM · Not A Bug, gnupg

dkg created T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!".

Fri, Mar 14, 8:04 PM · Not A Bug, gnupg

dkg added a comment to T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.

similarly, gpgconf --homedir /tmp/gg --kill all does not terminate keyboxd, despite the fact that gpgconf(1) says:

Fri, Mar 14, 7:27 PM · gnupg, keyboxd, Bug Report

dkg created T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.

Fri, Mar 14, 7:24 PM · gnupg, keyboxd, Bug Report

Thu, Mar 13

• werner triaged T7560: GnuPG should learn the certificates when a new card has been seen as Normal priority.

Thu, Mar 13, 11:43 AM · scd, Feature Request, gnupg

vitusb added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Hello Eva,

Thu, Mar 13, 12:04 AM · gnupg, kleopatra, Bug Report

Wed, Mar 12

• ebo added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

The beta145 Werner talks about can be found here: https://www.gpg4win.org/version5.html
It is from our master branch which is not de-vs capable at this time.

Wed, Mar 12, 5:48 PM · gnupg, kleopatra, Bug Report

vitusb added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Hello Werner,
thank you for your support ...

Wed, Mar 12, 3:36 PM · gnupg, kleopatra, Bug Report

Tue, Mar 11

• werner added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Please test using the latest gpg4win installer (beta145).

Tue, Mar 11, 5:17 PM · gnupg, kleopatra, Bug Report

• werner added a comment to T7560: GnuPG should learn the certificates when a new card has been seen.

The problem is that it may take really long to read the certificates form a card and some card applications even require to give a PIN for reading the certs. A background operation may thus surprisingly lock up the box

Tue, Mar 11, 5:15 PM · scd, Feature Request, gnupg

• ikloecker created T7560: GnuPG should learn the certificates when a new card has been seen.

Tue, Mar 11, 4:57 PM · scd, Feature Request, gnupg

• werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Testing to Open.

Tue, Mar 11, 11:00 AM · OpenPGP, gnupg, Bug Report

Mon, Mar 10

calvin added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

This was using GCC to build, but on AIX. I believe support for dollar signs in identifiers are platform specific.

Mon, Mar 10, 12:47 PM · gpgme, gnupg, pinentry

• gniibe added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

GCC allows dollars in identifier, that's the reason why we haven't encountered this issue, I suppose.

Mon, Mar 10, 10:32 AM · gpgme, gnupg, pinentry

• gniibe changed the status of T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 from Open to Testing.

Mon, Mar 10, 3:50 AM · gpgme, gnupg, pinentry

• gniibe triaged T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 as Normal priority.

Mon, Mar 10, 3:49 AM · gpgme, gnupg, pinentry

• gniibe added a project to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2: gpgme.

Thank you for your report.

Mon, Mar 10, 3:47 AM · gpgme, gnupg, pinentry

Fri, Mar 7

dkg added a comment to T7550: master branch fails to build without `./configure --disable-ldap`.

thanks for the fix in f29c8dba743eb7574399345ce341bbfb1f8f9bee !

Fri, Mar 7, 7:40 PM · gnupg

• werner closed T7530: Release GnuPG 2.5.5 as Resolved.

Fri, Mar 7, 3:37 PM · Release Info, gnupg

• werner updated the task description for T7530: Release GnuPG 2.5.5.

Fri, Mar 7, 3:09 PM · Release Info, gnupg

Thu, Mar 6

• werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Open to Testing.

Thu, Mar 6, 5:58 PM · OpenPGP, gnupg, Bug Report

• werner added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

rG25d48663f9 seems to fix this for me. However in my test cases I got a hang in dirmngr simply by running several gpgsm instances to get the details of an X.509 key. I had different logging options enabled, though.

Thu, Mar 6, 11:27 AM · gnupg, kleopatra, Bug Report

• ikloecker added a comment to T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound).

I had this again yesterday. I don't think that scdaemon is involved. gpg-agent.log has this

2025-03-05 15:54:29 gpg-agent[1248] socket file removed - retrying binding
2025-03-05 15:54:29 gpg-agent[1248] Der Socket kann nicht an `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent' gebunden werden: Unknown error
2025-03-05 15:54:29 gpg-agent[1248] system error code: 0 (0x0)
2025-03-05 15:54:29 gpg-agent[1248] secmem usage: 0/32768 bytes in 0 blocks
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent' gehÃ¶rt
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.extra' gehÃ¶rt
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.browser' gehÃ¶rt
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.ssh' gehÃ¶rt
2025-03-05 15:55:17 gpg-agent[2088] gpg-agent (GnuPG) 2.5.5-beta11 started

and scdaemon logged

2025-03-05 15:55:19 scdaemon[4100] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.scdaemon' gehÃ¶rt
2025-03-05 15:55:19 scdaemon[4100] Handhabungsroutine für fd -1 gestartet
2025-03-05 15:55:19 scdaemon[4100] DBG: chan_0x00000000000002d0 -> OK GNU Privacy Guard's Smartcard server ready, process 4100

i.e. there wasn't any scdaemon running before the second gpg-agent started successfully.

Thu, Mar 6, 9:49 AM · gnupg, kleopatra

• ikloecker claimed T7547: signatures from revoked or expired keys show up as missing keys.

Thanks for the report! That's indeed a regression introduced by the changes for T7527: Keyring/keybox denial of service. Commenting/Removing line https://dev.gnupg.org/source/gnupg/browse/master/g10/getkey.c$343 seems to fix the regression, but (very likely) this would reintroduce the issues reported in T7527: Keyring/keybox denial of service.

Thu, Mar 6, 9:34 AM · gnupg26, gnupg24, Bug Report

• werner triaged T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens) as Normal priority.

Thu, Mar 6, 8:57 AM · Documentation, gnupg

Wed, Mar 5

dkg added a comment to T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).

whether you use --pinentry-mode=loopback or --pinentry-mode=cancel or --pinentry-mode=error, if gpg-agent has cached the password already, the decryption will work; otherwise, it will fail with an error like that describe above.

Wed, Mar 5, 8:29 PM · Documentation, gnupg

dkg added a comment to T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).

here's an example of no prompting at all using --pinentry-mode=loopback:

Wed, Mar 5, 8:23 PM · Documentation, gnupg

dkg created T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).

Wed, Mar 5, 8:22 PM · Documentation, gnupg

• werner closed T7550: master branch fails to build without `./configure --disable-ldap` as Invalid.

master is development and you can't expect that it always build on all platforms.

Wed, Mar 5, 8:57 AM · gnupg

dkg added a comment to T7539: validating an OpenPGP `Signed Message` with a text-mode signature and binary-mode literal data packet.

Here is a patch against master which normalizes line-endings when verifying text signatures over binary literal data packets

0001-gpg-Verify-Text-mode-Signatures-over-binary-Literal-.patch10 KBDownload