Page MenuHome GnuPG

libksbaProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Thu, Dec 5

werner added a project to T6545: Support CRL extension issuingDistributionPoint: workaround.

A workaround exists with the new option --ignore-crl-extensions.

Thu, Dec 5, 10:19 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Oct 29 2024

werner edited projects for T6545: Support CRL extension issuingDistributionPoint, added: gnupg26; removed gnupg24.
Oct 29 2024, 1:31 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Jun 21 2024

werner closed T7173: Release libksba 1.6.7 as Resolved.
Jun 21 2024, 2:20 PM · Release Info, libksba
werner updated the task description for T7173: Release libksba 1.6.7.
Jun 21 2024, 2:12 PM · Release Info, libksba
werner triaged T7174: Release libksba 1.7.0 as Low priority.
Jun 21 2024, 2:11 PM · Release Info, libksba
werner closed T7009: Release Libksba 1.6.6 as Resolved.
Jun 21 2024, 2:11 PM · Release Info, libksba
werner triaged T7173: Release libksba 1.6.7 as Normal priority.
Jun 21 2024, 2:09 PM · Release Info, libksba
werner added a comment to T7023: Support SYSROOT in all Gupg related libraries.

Now also done for libksba.

Jun 21 2024, 2:07 PM · Feature Request, Cross-Compiler, gpgrt, libassuan, libksba

Jun 20 2024

werner renamed T7171: Allow for empty Subject in X.509 from Allow for empty Subject in X.508 to Allow for empty Subject in X.509.
Jun 20 2024, 3:27 PM · libksba, Bug Report, gnupg, S/MIME
werner triaged T7171: Allow for empty Subject in X.509 as Normal priority.
Jun 20 2024, 3:12 PM · libksba, Bug Report, gnupg, S/MIME

Feb 29 2024

werner triaged T7023: Support SYSROOT in all Gupg related libraries as Normal priority.
Feb 29 2024, 4:27 PM · Feature Request, Cross-Compiler, gpgrt, libassuan, libksba
gniibe closed T6992: Fix possible uninitialized err variable in libskba der builder as Resolved.

Fixed in libksba 1.6.6.

Feb 29 2024, 2:08 AM · libksba, Bug Report

Feb 23 2024

werner triaged T7009: Release Libksba 1.6.6 as Normal priority.
Feb 23 2024, 9:57 AM · Release Info, libksba

Feb 14 2024

werner added a comment to T6992: Fix possible uninitialized err variable in libskba der builder.

@Jakuje, you are right. This is a plain error and we should do a new release to avoid false errors.

Feb 14 2024, 8:54 AM · libksba, Bug Report
gniibe added a comment to T6992: Fix possible uninitialized err variable in libskba der builder.

Thank you, applied.

Feb 14 2024, 1:19 AM · libksba, Bug Report
gniibe changed the status of T6992: Fix possible uninitialized err variable in libskba der builder from Open to Testing.
Feb 14 2024, 1:19 AM · libksba, Bug Report

Feb 13 2024

gniibe claimed T6992: Fix possible uninitialized err variable in libskba der builder.
Feb 13 2024, 9:05 AM · libksba, Bug Report

Feb 12 2024

Jakuje created T6992: Fix possible uninitialized err variable in libskba der builder.
Feb 12 2024, 10:08 AM · libksba, Bug Report

Nov 16 2023

werner closed T6822: Release Libksba 1.6.5 as Resolved.
Nov 16 2023, 11:11 AM · libksba, Release Info
werner triaged T6822: Release Libksba 1.6.5 as Low priority.
Nov 16 2023, 10:59 AM · libksba, Release Info

Nov 10 2023

werner moved T6545: Support CRL extension issuingDistributionPoint from WiP to Backlog on the gnupg22 board.
Nov 10 2023, 9:08 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Oct 18 2023

aheinecke assigned T6545: Support CRL extension issuingDistributionPoint to werner.
Oct 18 2023, 2:44 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Oct 13 2023

aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

And yes in gpgsm.conf both the extensions are also marked with ignore-cert-extension.

Oct 13 2023, 10:59 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

While remembering this I added to our standard.conf (and for testing first to my local conf):

Oct 13 2023, 10:48 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Jun 22 2023

werner updated the task description for T6545: Support CRL extension issuingDistributionPoint.
Jun 22 2023, 11:59 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
werner renamed T6545: Support CRL extension issuingDistributionPoint from Support CRL exension issuingDistributionPoint to Support CRL extension issuingDistributionPoint.
Jun 22 2023, 11:44 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
werner added a comment to T6545: Support CRL extension issuingDistributionPoint.

We had one request to support this back in 2017 but it was closed because the respective CA stopped using this extension. See T2039.

Jun 22 2023, 11:44 AM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request

Jun 19 2023

aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

rGb1ecc8353ae3 is just what I meant, so that we can recommend such an option in the future as a workaround until a new update becomes available which supports such an extension.

Jun 19 2023, 3:21 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
werner added a comment to T6545: Support CRL extension issuingDistributionPoint.

Nah, the description for that extension is pretty strict and I won't feel comfortable to just ignore it. BTW there is also T6398 (nameConstraints) which needs support. But for debugging a ignore extension makes sense.

Jun 19 2023, 2:10 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
aheinecke added a comment to T6545: Support CRL extension issuingDistributionPoint.

For support reasons I would say that it might make sense to also ignore the extensions from "ignore-cert-extension" when checking CRLs?

Jun 19 2023, 1:54 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
werner triaged T6545: Support CRL extension issuingDistributionPoint as Normal priority.
Jun 19 2023, 12:59 PM · workaround, gnupg26, Restricted Project, libksba, gnupg22, Feature Request
werner closed T6543: Release Libksba 1.6.4 as Resolved.
Jun 19 2023, 11:47 AM · libksba, Release Info
werner triaged T6543: Release Libksba 1.6.4 as Normal priority.
Jun 19 2023, 11:24 AM · libksba, Release Info

Mar 2 2023

werner added a comment to T6398: Support X.509 nameConstraints.

(my example cert is 0x09BB0EEE)

Mar 2 2023, 3:08 PM · Restricted Project, Feature Request, libksba
werner triaged T6398: Support X.509 nameConstraints as Normal priority.
Mar 2 2023, 3:04 PM · Restricted Project, Feature Request, libksba

Dec 22 2022

werner added a project to T6284: Another integer overflow in Libksba: CVE.

This bug is CVE-2022-47629

Dec 22 2022, 10:48 AM · CVE, Bug Report, libksba
werner updated the task description for T6304: Release Libksba 1.6.3.
Dec 22 2022, 10:48 AM · Release Info, libksba

Dec 20 2022

werner closed T6284: Another integer overflow in Libksba as Resolved.
Dec 20 2022, 10:56 AM · CVE, Bug Report, libksba
werner closed T6304: Release Libksba 1.6.3 as Resolved.
Dec 20 2022, 10:51 AM · Release Info, libksba
werner changed the status of T6284: Another integer overflow in Libksba from Open to Testing.
Dec 20 2022, 10:50 AM · CVE, Bug Report, libksba

Dec 14 2022

werner updated the task description for T6284: Another integer overflow in Libksba.
Dec 14 2022, 12:09 PM · CVE, Bug Report, libksba

Dec 6 2022

werner closed T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix as Resolved.

I guess we can close this one.

Dec 6 2022, 2:25 PM · S/MIME, Feature Request, libksba
werner updated the task description for T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Dec 6 2022, 2:23 PM · CVE, Release Info, libksba
werner triaged T6304: Release Libksba 1.6.3 as Normal priority.
Dec 6 2022, 2:23 PM · Release Info, libksba

Nov 23 2022

werner added a comment to T6284: Another integer overflow in Libksba.

Here is the patch which will go into the next release

From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 22 Nov 2022 16:36:46 +0100
Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
Nov 23 2022, 11:17 AM · CVE, Bug Report, libksba

Nov 22 2022

werner triaged T6284: Another integer overflow in Libksba as Unbreak Now! priority.
Nov 22 2022, 4:54 PM · CVE, Bug Report, libksba

Oct 18 2022

werner closed T6230: Release Libksba 1.6.2 (CVE-2022-3515) as Resolved.
Oct 18 2022, 7:52 AM · CVE, Release Info, libksba

Oct 17 2022

werner added a comment to T6230: Release Libksba 1.6.2 (CVE-2022-3515).

Fixed Gpg4win version: https://lists.wald.intevation.org/pipermail/gpg4win-announce/2022/000098.html

Oct 17 2022, 3:03 PM · CVE, Release Info, libksba
werner set External Link to https://gnupg.org/blog/20221017-pepe-left-the-ksba.html on T6230: Release Libksba 1.6.2 (CVE-2022-3515).
Oct 17 2022, 9:26 AM · CVE, Release Info, libksba
werner added a comment to T6230: Release Libksba 1.6.2 (CVE-2022-3515).

As usual see https://gnupg.org/download for links to the latest packages. For Gpg4win see https://gpg4win.org

Oct 17 2022, 9:25 AM · CVE, Release Info, libksba