Page MenuHome GnuPG
Projects gnupg

gnupgProject
ActivePublic
Watch Project

Milestones
View All

Subprojects
View All

Members

  • This project does not have any members.
  • View All

Watchers (2)

Details

Description

Bugs, feature requests, memos, and support related to GnuPG.

Note that the tags gnug24, gnupg26 etc are used to indicate that a certain task is scheduled to be fixed in that version. This tag here is used if there is no concrete version affected or a schedule has not yet been set.

Recent Activity
View All

Yesterday

werner closed T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd as Resolved.
Mon, Mar 17, 10:12 AM · gnupg, keyboxd, Bug Report
werner added a comment to T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.

FWIW: It does works when using GNUPGHOME instead.

Mon, Mar 17, 9:46 AM · gnupg, keyboxd, Bug Report
werner closed T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!" as Resolved.

This has always been the case. git blame shows for check_signatures_trust:

Mon, Mar 17, 9:39 AM · Not A Bug, gnupg

Fri, Mar 14

dkg added a comment to T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!".

This seems to be the case on 2.2.46 as well, fwiw. i don't think it's new in 2.4.7.

Fri, Mar 14, 8:07 PM · Not A Bug, gnupg
dkg created T7570: `gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!".
Fri, Mar 14, 8:04 PM · Not A Bug, gnupg
dkg added a comment to T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.

similarly, gpgconf --homedir /tmp/gg --kill all does not terminate keyboxd, despite the fact that gpgconf(1) says:

Fri, Mar 14, 7:27 PM · gnupg, keyboxd, Bug Report
dkg created T7569: `gpgconf --homedir $x --kill keyboxd` doesn't appear to terminate a running keyboxd.
Fri, Mar 14, 7:24 PM · gnupg, keyboxd, Bug Report

Thu, Mar 13

werner triaged T7560: GnuPG should learn the certificates when a new card has been seen as Normal priority.
Thu, Mar 13, 11:43 AM · scd, Feature Request, gnupg
vitusb added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Hello Eva,

Thu, Mar 13, 12:04 AM · gnupg, kleopatra, Bug Report

Wed, Mar 12

ebo added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

The beta145 Werner talks about can be found here: https://www.gpg4win.org/version5.html
It is from our master branch which is not de-vs capable at this time.

Wed, Mar 12, 5:48 PM · gnupg, kleopatra, Bug Report
vitusb added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Hello Werner,
thank you for your support ...

Wed, Mar 12, 3:36 PM · gnupg, kleopatra, Bug Report

Tue, Mar 11

werner added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

Please test using the latest gpg4win installer (beta145).

Tue, Mar 11, 5:17 PM · gnupg, kleopatra, Bug Report
werner added a comment to T7560: GnuPG should learn the certificates when a new card has been seen.

The problem is that it may take really long to read the certificates form a card and some card applications even require to give a PIN for reading the certs. A background operation may thus surprisingly lock up the box

Tue, Mar 11, 5:15 PM · scd, Feature Request, gnupg
ikloecker created T7560: GnuPG should learn the certificates when a new card has been seen.
Tue, Mar 11, 4:57 PM · scd, Feature Request, gnupg
werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Testing to Open.
Tue, Mar 11, 11:00 AM · OpenPGP, gnupg, Bug Report

Mon, Mar 10

calvin added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

This was using GCC to build, but on AIX. I believe support for dollar signs in identifiers are platform specific.

Mon, Mar 10, 12:47 PM · gpgme, gnupg, pinentry
gniibe added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

GCC allows dollars in identifier, that's the reason why we haven't encountered this issue, I suppose.

Mon, Mar 10, 10:32 AM · gpgme, gnupg, pinentry
gniibe changed the status of T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 from Open to Testing.
Mon, Mar 10, 3:50 AM · gpgme, gnupg, pinentry
gniibe triaged T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 as Normal priority.
Mon, Mar 10, 3:49 AM · gpgme, gnupg, pinentry
gniibe added a project to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2: gpgme.

Thank you for your report.

Mon, Mar 10, 3:47 AM · gpgme, gnupg, pinentry

Fri, Mar 7

dkg added a comment to T7550: master branch fails to build without `./configure --disable-ldap`.

thanks for the fix in f29c8dba743eb7574399345ce341bbfb1f8f9bee !

Fri, Mar 7, 7:40 PM · gnupg
werner closed T7530: Release GnuPG 2.5.5 as Resolved.
Fri, Mar 7, 3:37 PM · Release Info, gnupg
werner updated the task description for T7530: Release GnuPG 2.5.5.
Fri, Mar 7, 3:09 PM · Release Info, gnupg

Thu, Mar 6

werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Open to Testing.
Thu, Mar 6, 5:58 PM · OpenPGP, gnupg, Bug Report
werner added a comment to T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore.

rG25d48663f9 seems to fix this for me. However in my test cases I got a hang in dirmngr simply by running several gpgsm instances to get the details of an X.509 key. I had different logging options enabled, though.

Thu, Mar 6, 11:27 AM · gnupg, kleopatra, Bug Report
ikloecker added a comment to T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound).

I had this again yesterday. I don't think that scdaemon is involved. gpg-agent.log has this

2025-03-05 15:54:29 gpg-agent[1248] socket file removed - retrying binding
2025-03-05 15:54:29 gpg-agent[1248] Der Socket kann nicht an `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent' gebunden werden: Unknown error
2025-03-05 15:54:29 gpg-agent[1248] system error code: 0 (0x0)
2025-03-05 15:54:29 gpg-agent[1248] secmem usage: 0/32768 bytes in 0 blocks
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent' gehört
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.extra' gehört
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.browser' gehört
2025-03-05 15:55:17 gpg-agent[2088] socket file removed - retrying binding
2025-03-05 15:55:17 gpg-agent[2088] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.gpg-agent.ssh' gehört
2025-03-05 15:55:17 gpg-agent[2088] gpg-agent (GnuPG) 2.5.5-beta11 started

and scdaemon logged

2025-03-05 15:55:19 scdaemon[4100] Es wird auf Socket `C:\\Users\\g10code\\AppData\\Local\\gnupg\\S.scdaemon' gehört
2025-03-05 15:55:19 scdaemon[4100] Handhabungsroutine für fd -1 gestartet
2025-03-05 15:55:19 scdaemon[4100] DBG: chan_0x00000000000002d0 -> OK GNU Privacy Guard's Smartcard server ready, process 4100

i.e. there wasn't any scdaemon running before the second gpg-agent started successfully.

Thu, Mar 6, 9:49 AM · gnupg, kleopatra
ikloecker claimed T7547: signatures from revoked or expired keys show up as missing keys.

Thanks for the report! That's indeed a regression introduced by the changes for T7527: Keyring/keybox denial of service. Commenting/Removing line https://dev.gnupg.org/source/gnupg/browse/master/g10/getkey.c$343 seems to fix the regression, but (very likely) this would reintroduce the issues reported in T7527: Keyring/keybox denial of service.

Thu, Mar 6, 9:34 AM · gnupg26, gnupg24, Bug Report
werner triaged T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens) as Normal priority.
Thu, Mar 6, 8:57 AM · Documentation, gnupg

Wed, Mar 5

dkg added a comment to T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).

whether you use --pinentry-mode=loopback or --pinentry-mode=cancel or --pinentry-mode=error, if gpg-agent has cached the password already, the decryption will work; otherwise, it will fail with an error like that describe above.

Wed, Mar 5, 8:29 PM · Documentation, gnupg
dkg added a comment to T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).

here's an example of no prompting at all using --pinentry-mode=loopback:

Wed, Mar 5, 8:23 PM · Documentation, gnupg
dkg created T7555: gpg --batch does not block all interactivity (e.g. prompting for passwords still happens).
Wed, Mar 5, 8:22 PM · Documentation, gnupg
werner closed T7550: master branch fails to build without `./configure --disable-ldap` as Invalid.

master is development and you can't expect that it always build on all platforms.

Wed, Mar 5, 8:57 AM · gnupg
dkg added a comment to T7539: validating an OpenPGP `Signed Message` with a text-mode signature and binary-mode literal data packet.

Here is a patch against master which normalizes line-endings when verifying text signatures over binary literal data packets

0001-gpg-Verify-Text-mode-Signatures-over-binary-Literal-.patch10 KBDownload

Wed, Mar 5, 6:05 AM · Not A Bug, gnupg
dkg created T7550: master branch fails to build without `./configure --disable-ldap`.
Wed, Mar 5, 2:25 AM · gnupg

Tue, Mar 4

gniibe claimed T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.
Tue, Mar 4, 11:19 AM · gpgme, gnupg, pinentry
werner added a subtask for T7527: Keyring/keybox denial of service: T7547: signatures from revoked or expired keys show up as missing keys.
Tue, Mar 4, 10:47 AM · OpenPGP, gnupg, Bug Report
werner added a parent task for T7547: signatures from revoked or expired keys show up as missing keys: T7527: Keyring/keybox denial of service.
Tue, Mar 4, 10:47 AM · gnupg26, gnupg24, Bug Report

Fri, Feb 28

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

This is also causing problems with ostree, see https://bugs.debian.org/1098951 and https://github.com/ostreedev/ostree/issues/3386

Fri, Feb 28, 8:22 PM · gnupg26, gnupg24, Bug Report
ebo edited projects for T7544: Kleopatra (gnupg, gpgsm) hang on key-creation when x.509 certs are in keystore, added: gnupg; removed gnupg22 (gnupg-2.2.46).

I remove the milestone tag, as that one means "fixed in version 2.2.46" and added the general gnupg tag

Fri, Feb 28, 2:35 PM · gnupg, kleopatra, Bug Report

Thu, Feb 27

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

The same effect seems to be happening on signatures made from expired keys.

Thu, Feb 27, 10:44 PM · gnupg26, gnupg24, Bug Report
dkg renamed T7547: signatures from revoked or expired keys show up as missing keys from signatures from revoked keys show up as missing keys to signatures from revoked or expired keys show up as missing keys.
Thu, Feb 27, 10:36 PM · gnupg26, gnupg24, Bug Report
dkg created T7547: signatures from revoked or expired keys show up as missing keys.
Thu, Feb 27, 6:54 PM · gnupg26, gnupg24, Bug Report

Tue, Feb 25

calvin updated the task description for T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.
Tue, Feb 25, 10:57 PM · gpgme, gnupg, pinentry
calvin created T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.
Tue, Feb 25, 10:56 PM · gpgme, gnupg, pinentry
werner added a comment to T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound).

Looks like scdaemon which I experienced today also but without having enabled scdaemon logging.

Tue, Feb 25, 3:48 PM · gnupg, kleopatra

Mon, Feb 24

ikloecker added a comment to T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound).

Logs of a recent hang

2025-02-19-long-startup.tar.gz19 KBDownload

Mon, Feb 24, 3:33 PM · gnupg, kleopatra
werner closed T7539: validating an OpenPGP `Signed Message` with a text-mode signature and binary-mode literal data packet as Resolved.

I don't see a bug here and any change in this domain disks a regression with existing data. BTW, the mode byte was not even part of the signed data before signature version 5.

Mon, Feb 24, 9:56 AM · Not A Bug, gnupg
werner closed T7106: Trailing newline trouble in clearsigned message generation and verification as Resolved.

My comment from a year ago still holds true; you may want to fix your testing framework and re-openig this bug iff you can show that there will be no regression with PGP 7 and later.

Mon, Feb 24, 9:51 AM · Not A Bug, gnupg

Sat, Feb 22

dkg created T7539: validating an OpenPGP `Signed Message` with a text-mode signature and binary-mode literal data packet.
Sat, Feb 22, 3:03 PM · Not A Bug, gnupg
dkg added a comment to T7527: Keyring/keybox denial of service.

Thank you @werner ! I can confirm that the patches that have landed on STABLE-BRANCH-2-4 do clear up the DoS i was seeing for signature verification.

Sat, Feb 22, 3:08 AM · OpenPGP, gnupg, Bug Report