Page MenuHome GnuPG

gnupg24Project
ActivePublic

Milestones

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Things which will go into the 2.4 branch.

Recent Activity

Tue, Apr 9

werner triaged T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time as Normal priority.
Tue, Apr 9, 1:42 PM · yubikey, gnupg24, scd, Bug Report

Thu, Apr 4

werner moved T7072: addkey "set your own capabilities" silently sets Restricted Encryption capability from Backlog to QA on the gnupg24 board.
Thu, Apr 4, 4:51 PM · gnupg24
werner changed the status of T7072: addkey "set your own capabilities" silently sets Restricted Encryption capability from Open to Testing.
Thu, Apr 4, 4:50 PM · gnupg24
werner added a comment to T7072: addkey "set your own capabilities" silently sets Restricted Encryption capability.

Pretty obvious. RENC is an allowed usage for an RSA key and thus set in the mask. I restricted this but allowed to set it anyway when using the "=sr" shortcut (here to set as signing and R-enc). Thanks for reporting.

Thu, Apr 4, 4:40 PM · gnupg24
werner triaged T7072: addkey "set your own capabilities" silently sets Restricted Encryption capability as Normal priority.
Thu, Apr 4, 4:09 PM · gnupg24

Wed, Mar 27

ebo triaged T7063: UID origin should change if the key origin was changed by reimporting a key from WKD as Normal priority.
Wed, Mar 27, 4:23 PM · gnupg24

Tue, Mar 19

werner added a comment to T7044: Deadlock on Windows in sdaemon.

The reset was due to running gpg-connect-agent reset /bye. I am currently testing something elese will get back as soon as I can turn back to 2.4

Tue, Mar 19, 10:22 AM · Bug Report, Windows, gnupg24
gniibe added a comment to T7044: Deadlock on Windows in sdaemon.

There are two locks here; (1) rw_lock for card_top (list of cards) access and (2) individual card lock.
It looks for me that:

  • don't know how/what the thread 7208.2 does
  • the thread 7208.3: KEYINFO, then PKSIGN (gets read lock for card_top, then, individual card lock)
  • the thread 7208.4: SERIALNO --all (and wait for write lock for card_top)
Tue, Mar 19, 7:33 AM · Bug Report, Windows, gnupg24

Mon, Mar 18

werner moved T6719: Support Proxy-Authorization: Negotiate on Windows from QA to WiP on the gnupg22 board.
Mon, Mar 18, 4:22 PM · gnupg24, gnupg22, Feature Request, Restricted Project
werner moved T6719: Support Proxy-Authorization: Negotiate on Windows from WiP to QA on the gnupg22 board.
Mon, Mar 18, 4:22 PM · gnupg24, gnupg22, Feature Request, Restricted Project
werner triaged T7044: Deadlock on Windows in sdaemon as High priority.
Mon, Mar 18, 8:48 AM · Bug Report, Windows, gnupg24

Mar 7 2024

werner closed T6960: Release GnuPG 2.4.5 as Resolved.
Mar 7 2024, 3:23 PM · gnupg24, Release Info
werner triaged T7030: Release GnuPG 2.4.6 as Low priority.
Mar 7 2024, 3:09 PM · Release Info, gnupg24

Mar 6 2024

werner changed the status of T6719: Support Proxy-Authorization: Negotiate on Windows from Open to Testing.
Mar 6 2024, 11:49 AM · gnupg24, gnupg22, Feature Request, Restricted Project
werner changed the status of T7000: Take derive usage into account for pkcs#15 cards. from Open to Testing.
Mar 6 2024, 11:47 AM · gnupg24 (gnupg-2.4.5), Bug Report, scd

Mar 4 2024

Zymlex added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In case if someone finds it through a search:

Mar 4 2024, 9:51 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner moved T7025: --trusted-key and --no-options mismatch from Backlog to WiP on the gnupg22 board.
Mar 4 2024, 3:24 PM · gnupg24 (gnupg-2.4.5), Bug Report, gnupg22
werner changed the status of T7025: --trusted-key and --no-options mismatch from Open to Testing.
Mar 4 2024, 3:24 PM · gnupg24 (gnupg-2.4.5), Bug Report, gnupg22
werner moved T7025: --trusted-key and --no-options mismatch from Backlog to WiP on the gnupg24 board.

How to test:

Mar 4 2024, 3:11 PM · gnupg24 (gnupg-2.4.5), Bug Report, gnupg22
werner triaged T7025: --trusted-key and --no-options mismatch as Normal priority.
Mar 4 2024, 1:45 PM · gnupg24 (gnupg-2.4.5), Bug Report, gnupg22

Feb 28 2024

jak added a comment to T6946: gpgv: Help automatic reject too short keys.

So after taking this down to where it was only patching status.h and mainproc.c to add a write_status_output() I realized the whole issue is down to status-codes.h not being updated automatically if you apply a patch to status.h in a released version.

Feb 28 2024, 1:33 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
jak added a comment to T6946: gpgv: Help automatic reject too short keys.

Having looked at the build log again after applying the patch, I see the first test failing is

Feb 28 2024, 12:29 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
ebo removed a project from T6956: GnuPG: Allow import of gpgsk files: gnupg22.
Feb 28 2024, 11:15 AM · Feature Request, gnupg24, Restricted Project

Feb 27 2024

werner added a project to T6678: GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy: gnupg24.
Feb 27 2024, 3:55 PM · gnupg24, S/MIME, Restricted Project
werner added a project to T6677: GPGSM: Add support for cert extension 2.5.29.36 Policy Constraints: gnupg24.
Feb 27 2024, 3:54 PM · gnupg24, S/MIME, Restricted Project

Feb 21 2024

werner added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

Okay, backported to 2.2.

Feb 21 2024, 3:13 PM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report

Feb 19 2024

werner added projects to T6986: Refresh OpenPGP keys should check WKD: Feature Request, Bug Report.
Feb 19 2024, 5:03 PM · Bug Report, Feature Request, gnupg24, Restricted Project, kleopatra
werner renamed T6986: Refresh OpenPGP keys should check WKD from Kleopatra: Refresh OpenPGP keys should check WKD to Refresh OpenPGP keys should check WKD.
Feb 19 2024, 5:02 PM · Bug Report, Feature Request, gnupg24, Restricted Project, kleopatra
werner added a project to T6986: Refresh OpenPGP keys should check WKD: gnupg24.

I need to come up with a better strategy here. --refresh-keys is a very useful command and it should do what the user expects. Maybe we can adjust the behaviour iff we detect that there is an LDAP keyserver.

Feb 19 2024, 5:02 PM · Bug Report, Feature Request, gnupg24, Restricted Project, kleopatra
werner added a parent task for T7000: Take derive usage into account for pkcs#15 cards.: T7001: Support D-TRUST ECC cards.
Feb 19 2024, 1:54 PM · gnupg24 (gnupg-2.4.5), Bug Report, scd
werner moved T7000: Take derive usage into account for pkcs#15 cards. from Backlog to WiP on the gnupg24 board.
Feb 19 2024, 1:51 PM · gnupg24 (gnupg-2.4.5), Bug Report, scd
werner triaged T7000: Take derive usage into account for pkcs#15 cards. as Normal priority.
Feb 19 2024, 1:45 PM · gnupg24 (gnupg-2.4.5), Bug Report, scd
Angel added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".

Interesting. So the problem is not actually the Key-Type, but that the default key-type requires a Key-Curve parameter which has no value by default

Feb 19 2024, 2:15 AM · gnupg24, gnupg (gpg23)

Feb 16 2024

gniibe added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

I was wrong for the semantics of proxy->outtoken. It is zero when run_proxy_connect is called and enabled during the negotiation.

Feb 16 2024, 8:28 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

@hlein Thanks a lot for quick testing.

Feb 16 2024, 8:14 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
hlein added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

Thank you @gniibe! Applied the rG848546b05ab0: dirmngr: Fix the regression of use of proxy for TLS connection. changes here, and 2.4.4 works here now.

Feb 16 2024, 5:22 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

IIUC, the code for keep_alive is for negotiation of proxy. If so, something like this is the fix:

Feb 16 2024, 5:17 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe moved T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy from WiP to QA on the gnupg24 board.
Feb 16 2024, 3:51 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe reassigned T6811: gpgv: Read-only trustedkeys.kbx should not be compressed from gniibe to werner.
Feb 16 2024, 3:45 AM · gnupg24 (gnupg-2.4.5), gnupg22, gpgv, Bug Report
gniibe reassigned T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy from gniibe to werner.
Feb 16 2024, 3:44 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe added a project to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy: gnupg22.

Right. I was wrong assuming the code in 2.2 branch is stable (that is: well tested).

Feb 16 2024, 3:40 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report

Feb 15 2024

thesamesam added a comment to T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy.

Per https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9#83517, it looks like the fix might be incomplete?

Feb 15 2024, 10:43 PM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
ebo reassigned T6956: GnuPG: Allow import of gpgsk files from TobiasFella to werner.

Werner wants the import via gpg-agent

Feb 15 2024, 9:07 AM · Feature Request, gnupg24, Restricted Project
ebo moved T6425: improve pinentry behavior and texts in smart card context from Backlog to WiP on the gnupg24 board.
Feb 15 2024, 8:27 AM · gnupg24 (gnupg-2.4.5), scd, Bug Report, Restricted Project
ebo moved T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy from Backlog to WiP on the gnupg24 board.
Feb 15 2024, 8:26 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report
gniibe changed the status of T6997: gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy from Open to Testing.

Thank you for the report. There was a problem in: rG845d5e61d8e1: dirmngr: Cleanup the http module.
Pushed the fix in: rG04cbc3074aa9: dirmngr: Fix proxy with TLS.

Feb 15 2024, 7:44 AM · gnupg24 (gnupg-2.4.5), gnupg22, Bug Report

Feb 14 2024

jak added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".

It works in 2.4.4 if you add

Feb 14 2024, 10:30 AM · gnupg24, gnupg (gpg23)

Feb 13 2024

jak added a comment to T6946: gpgv: Help automatic reject too short keys.

So I cherry-picked this onto 2.4.4 and I ended up with a failing build due to failed tests (it built fine without the patch)

Feb 13 2024, 11:35 AM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 10 2024

werner changed the status of T6946: gpgv: Help automatic reject too short keys from Open to Testing.

We check the actual used signature and the corresponding (sub)key. Whether you trust this key is a different thing and we are not able to check that. Note that the same subkey may be used with different primary keys. The whole point of gpgv is to that you pass a list of trusted keys - actually this makes this new option superfluous but in gpg it makes sense. It was easy to add it to gpgv, though.

Feb 10 2024, 2:31 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv

Feb 8 2024

ikloecker added a comment to T6956: GnuPG: Allow import of gpgsk files.

Checking if the file already exists doesn't help. In fact, typically the file (containing the shadow key for the card key) will already exist. But one could check if there is already a private key with this keygrip. Then restoring could be refused, so that the worst that can happen is that the shadow key (which can be recovered from the smart card) is overwritten with a corrupt file.

Feb 8 2024, 9:42 PM · Feature Request, gnupg24, Restricted Project