Page MenuHome GnuPG

gnupg24Project
ActivePublic

Milestones

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Things which will go into the 2.4 branch.

Recent Activity

Fri, Mar 14

werner moved T7457: gpg --full-gen-key doesn't show list of keys on card (regression) from Backlog to QA on the gnupg24 board.

Done

Fri, Mar 14, 1:20 PM · gnupg26, gnupg24, Bug Report
ikloecker reopened T7457: gpg --full-gen-key doesn't show list of keys on card (regression) as "Open".

Re-opening because I think rGaa36f6ae8bae needs to be backported to GnuPG 2.4 (see T7568). The fix for T7309 which introduced the regression has been backported to GnuPG 2.4.

Fri, Mar 14, 8:54 AM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

I've offered https://github.com/bestpractical/gnupg-interface/pull/16 to GnuPG::Interface, and am testing it out in debian unstable.

Fri, Mar 14, 12:33 AM · gnupg26, gnupg24, Bug Report

Thu, Mar 13

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

I'll work on making a patch to offer a flexible test suite.

Thu, Mar 13, 6:21 PM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Alternately, i suppose we could ask GnuPG::Interface to drop the variant parts of that test entirely. @werner, If you have a preference for what they test, it would be good to know. I suspect your opinion would carry weight with the maintainer there.

Thu, Mar 13, 6:20 PM · gnupg26, gnupg24, Bug Report
werner added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Well, we also have the gpgme test suite which tests a couple of other things and for obvious reasons we need to keep this stable. Granted, sometimes we had to change the gpgme test suite as well. My personal preference would be your second choice.

Thu, Mar 13, 5:51 PM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Thanks for the fix for the double-free on --no-sig-cache, that appears to be an issue on all released gpg versions, as i can crash them directly when i --no-sig-cache.

Thu, Mar 13, 5:04 PM · gnupg26, gnupg24, Bug Report

Wed, Mar 12

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Interestingly, from this i'm learning that the patch actually *normalizes* the output so that we see the same thing regardless of ordering. the different output based on certificate order happens only in the unpatched version.

Wed, Mar 12, 5:34 PM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Please test without the --import keys.pgp -- just import filtered.pgp or filtered2.pgp.

Wed, Mar 12, 5:18 PM · gnupg26, gnupg24, Bug Report
werner added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

I can't replicate your findings here . In a test directory w/o a gpg.conf:

Wed, Mar 12, 4:02 PM · gnupg26, gnupg24, Bug Report
werner added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Uihhh

Wed, Mar 12, 3:35 PM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

with --no-sig-cache --check-sigs i get the following error with the patch applied:

Wed, Mar 12, 2:29 PM · gnupg26, gnupg24, Bug Report
werner added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

Did you also tried with --no-sig-cache ? That could help to get a better insight into the reason for that difference.

Wed, Mar 12, 9:27 AM · gnupg26, gnupg24, Bug Report

Tue, Mar 11

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

OK, now i really don't know what the issue is on the 2.4 branch. trying to replicate it with and without this patch, the --with-colons output of --check-sigs appears to depend on the order in which the certificates were ingested.

Tue, Mar 11, 11:05 PM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

hm, digging a bit further, i think the above changes have to do with third-party signatures using SHA1, *not* with expired certifiers. in 2.4.7, i see a change from % to ! for these certifications. (2.2.x, which i know is EOL) shows the difference between ? and !. I'm trying to make a simpler replicator now.

Tue, Mar 11, 9:18 PM · gnupg26, gnupg24, Bug Report
werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys from Testing to Open.
Tue, Mar 11, 11:00 AM · gnupg26, gnupg24, Bug Report
dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

With the patch "gpg: Fix regression for the recent malicious subkey DoS fix", there is a change in how gpg --check-sigs reports certifications from expired keys.

Tue, Mar 11, 1:02 AM · gnupg26, gnupg24, Bug Report

Fri, Mar 7

dkg added a comment to T7547: signatures from revoked or expired keys show up as missing keys.

it would be great to include a test in the test suite that ensures that the --status output behaves as expected in the face of expired or revoked keys.

Fri, Mar 7, 7:58 PM · gnupg26, gnupg24, Bug Report

Thu, Mar 6

werner moved T7547: signatures from revoked or expired keys show up as missing keys from Backlog to QA on the gnupg24 board.
Thu, Mar 6, 5:58 PM · gnupg26, gnupg24, Bug Report
werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys from Open to Testing.
Thu, Mar 6, 5:58 PM · gnupg26, gnupg24, Bug Report
werner claimed T7547: signatures from revoked or expired keys show up as missing keys.
Thu, Mar 6, 2:56 PM · gnupg26, gnupg24, Bug Report
werner lowered the priority of T7547: signatures from revoked or expired keys show up as missing keys from Unbreak Now! to High.

Please use "unbreak now" only for *released* software with a criticial bug.

Thu, Mar 6, 11:23 AM · gnupg26, gnupg24, Bug Report
ikloecker moved T7547: signatures from revoked or expired keys show up as missing keys from Backlog to WIP on the gnupg26 board.
Thu, Mar 6, 9:37 AM · gnupg26, gnupg24, Bug Report
ikloecker edited projects for T7547: signatures from revoked or expired keys show up as missing keys, added: gnupg24, gnupg26; removed gnupg.
Thu, Mar 6, 9:36 AM · gnupg26, gnupg24, Bug Report

Feb 5 2025

ikloecker added a comment to T6986: Refresh/update OpenPGP keys should check WKD.

I think there's some confusion.

Feb 5 2025, 4:31 PM · gpd5x, Bug Report, Feature Request, gnupg24, kleopatra
werner changed the status of T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" from Open to Testing.
Feb 5 2025, 3:10 PM · gnupg26, gnupg24, Bug Report
werner moved T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" from Backlog to Done on the gnupg26 board.
Feb 5 2025, 11:26 AM · gnupg26, gnupg24, Bug Report
ebo renamed T6986: Refresh/update OpenPGP keys should check WKD from Refresh OpenPGP keys should check WKD to Refresh/update OpenPGP keys should check WKD.
Feb 5 2025, 10:30 AM · gpd5x, Bug Report, Feature Request, gnupg24, kleopatra
ebo added a comment to T6986: Refresh/update OpenPGP keys should check WKD.

changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.

Feb 5 2025, 10:29 AM · gpd5x, Bug Report, Feature Request, gnupg24, kleopatra
ebo updated the task description for T6986: Refresh/update OpenPGP keys should check WKD.
Feb 5 2025, 10:27 AM · gpd5x, Bug Report, Feature Request, gnupg24, kleopatra
ebo edited projects for T6986: Refresh/update OpenPGP keys should check WKD, added: gpd5x; removed Restricted Project.
Feb 5 2025, 10:11 AM · gpd5x, Bug Report, Feature Request, gnupg24, kleopatra

Feb 3 2025

werner triaged T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" as Normal priority.
Feb 3 2025, 9:06 AM · gnupg26, gnupg24, Bug Report

Jan 8 2025

werner closed T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected as Resolved.
Jan 8 2025, 2:35 PM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
werner moved T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected from Backlog to done on the gnupg24 board.
Jan 8 2025, 2:35 PM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
werner moved T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected from Backlog to Done on the gnupg26 board.
Jan 8 2025, 2:34 PM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
werner added a comment to T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected.

Got a simple fix for this which does two things:

  1. Correctly act upon an error from the backup file writing
  2. Print a warning note.
Jan 8 2025, 2:04 PM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
m.eik added a comment to T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected.

Shall we handle this with additional retry prompts, w/o a timeout? I think this makes sense because creating keys with a backup file and a passphrase is a manual task anyway.

Jan 8 2025, 12:20 PM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
werner reopened T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected as "Open".
Jan 8 2025, 11:35 AM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)
werner edited projects for T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected, added: gnupg26, gnupg24; removed gnupg.

There is a regression due to the regression fix in rGb30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7 (from Dec 24 2015) or some related commits:

Jan 8 2025, 11:35 AM · gnupg24, gnupg26, Bug Report, gpgagent, gnupg (gpg21)

Jan 6 2025

werner moved T7293: spawn API glitch from WiP to gnupg-2.2.45 on the gnupg22 board.
Jan 6 2025, 12:20 PM · gnupg22 (gnupg-2.2.45), gnupg24, gpgrt, Bug Report

Dec 5 2024

werner moved T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds from Backlog to QA on the gpd5x board.
Dec 5 2024, 4:36 PM · gnupg24, gnupg22, gpd5x, kleopatra, Bug Report

Dec 2 2024

gniibe closed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as Resolved.

Closed, since this was documentation for the workaround, four years ago.

Dec 2 2024, 9:52 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
werner added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Just a reminder: with Gnuk 1.2.15 and an ed25519 key PubkeyAuthentication unbound is required for hosts using the new feature.

Dec 2 2024, 9:35 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe closed T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , as Resolved.
Dec 2 2024, 5:49 AM · Not A Bug, gnupg24, Bug Report

Nov 29 2024

gniibe closed T7160: scd: pipe server shutdown, a subtask of T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close, as Resolved.
Nov 29 2024, 8:01 AM · gpgagent, scd, gnupg24, Bug Report
gniibe closed T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close as Resolved.

Fixed in 2.4.6.

Nov 29 2024, 7:57 AM · gpgagent, scd, gnupg24, Bug Report
gniibe closed T7044: Deadlock on Windows in sdaemon as Resolved.

I believe this was fixed by T7386. Or it is now no hard lock up by T7402.
So, let me close this ticket.
If any new symptom, please add information into T7396.

Nov 29 2024, 7:56 AM · scd, Bug Report, Windows, gnupg24

Nov 25 2024

werner changed the status of T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , from Open to Testing.
Nov 25 2024, 11:13 AM · Not A Bug, gnupg24, Bug Report
gniibe added a subtask for T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form : T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).
Nov 25 2024, 10:21 AM · Not A Bug, gnupg24, Bug Report
gniibe added a comment to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .

For this ticket, I reviewed the code around my SOS changes.
Because I'd like to focus the point of retaining binary representation when doing import->export,
I created another thicket: T7426

Nov 25 2024, 10:21 AM · Not A Bug, gnupg24, Bug Report