Page MenuHome GnuPG

backportTag
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Today

gniibe added a comment to T5980: compilation error libgcrypt 1.10.1.

For the second, I wonder if newer xlclang++ compiler works with 1.9.

Tue, May 17, 4:58 AM · Testing, backport, ppc, AIX, libgcrypt, Bug Report
gniibe triaged T5980: compilation error libgcrypt 1.10.1 as Normal priority.

Thank you for the bug report.

Tue, May 17, 4:31 AM · Testing, backport, ppc, AIX, libgcrypt, Bug Report
gniibe added a project to T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s): Testing.

Possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized

Tue, May 17, 3:34 AM · Testing, backport, gnupg, scd, patch
gniibe claimed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).

The bug was there when it was initially written. It was in 2003, which introduced PC/SC in rG1bcf8ef9dea1: Cleanups, fixes and PC/SC support

Tue, May 17, 3:29 AM · Testing, backport, gnupg, scd, patch

Wed, May 11

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

The change improve error handling for possible other errors by device: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.

Wed, May 11, 4:31 AM · Testing, backport, yubikey, scd, segv, Bug Report

Tue, May 10

gniibe added a project to T5970: gcry_mpi_invm producing wrong result: Testing.

Pushed the change. Also, it's backported to 1.10 branch.

Tue, May 10, 8:59 AM · Testing, backport, libgcrypt, Bug Report
gniibe claimed T5970: gcry_mpi_invm producing wrong result.

Thanks for creating this ticket. I'll reply.

Tue, May 10, 8:44 AM · Testing, backport, libgcrypt, Bug Report
gniibe edited projects for T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys, added: Testing; removed gnupg.

Applied to 2.2 branch, too.

Tue, May 10, 7:29 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe removed a project from T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.
Tue, May 10, 3:50 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I examined all log files you gave us, and I think that scdaemon with PC/SC fails to detect the removal of the USB device.

Tue, May 10, 3:48 AM · Testing, backport, yubikey, scd, segv, Bug Report

Mon, May 9

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the linked patch, but still experience the error. Most of the times, I cannot access my yubikey at all and I am not sure what is blocking it.
I've tried to include as much debugging output as I could below. Please let me know if there is anything else I can do to debug this.

Mon, May 9, 12:54 PM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: backport.
Mon, May 9, 6:52 AM · Testing, backport, yubikey, scd, segv, Bug Report

Fri, May 6

gniibe moved T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance from Next to Done on the FIPS board.
Fri, May 6, 2:31 AM · backport, Testing, FIPS, libgcrypt
gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Next to Done on the FIPS board.
Fri, May 6, 2:31 AM · backport, Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Next to Done on the FIPS board.
Fri, May 6, 2:31 AM · backport, Testing, libgcrypt, FIPS, Bug Report

Tue, May 3

gniibe added a project to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance: backport.
Tue, May 3, 11:22 AM · backport, Testing, FIPS, libgcrypt
werner added a project to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": backport.
Tue, May 3, 11:21 AM · backport, Testing, FIPS, libgcrypt, Bug Report
werner added a project to T5918: Disable RSA PKCS #1.5 encryption in FIPS mode: backport.
Tue, May 3, 11:17 AM · backport, Testing, libgcrypt, FIPS, Bug Report

Jan 28 2022

werner closed T5800: gpgconf: Ignores keyserver option in gpgsm.conf, a subtask of T5732: Backport option reading in gpgconf to 2.2, as Resolved.
Jan 28 2022, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner closed T5732: Backport option reading in gpgconf to 2.2 as Resolved.
Jan 28 2022, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 19 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

While trying to test the X.509 directory server configuration in Kleopatra, I stumbled over difference between 2.2 and 2.3 and a possible regression in 2.2.

Jan 19 2022, 3:24 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 18 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

@werner Hmm, okay. So I have tested the wrong thing. To me /etc/gnupg/gpgconf.conf looked very much like a global config file I was supposed to test. I have looked at /etc/gnupg, found the example gpgconf.conf and played around with it. It had some effects (see above), so I assumed that it should work. Since it's obvious from my tests, that it doesn't really work as documented anymore, all corresponding code should be removed entirely (or fixed if it should be kept for backward compatibility).

Jan 18 2022, 7:07 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner added a comment to T5732: Backport option reading in gpgconf to 2.2.

ikloecker: gpgconf.conf ist not anymore used since we have the global config files.

Jan 18 2022, 6:31 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

With /etc/gnupg/gpgconf.conf

[empty lines and comment lines]
*	gpgsm	verbose				[no-change]
	gpgsm	quiet				[no-change]
	gpgsm	debug-level			[no-change]
	gpgsm	log-file			[no-change]
	gpgsm	include-certs			[no-change]
	gpgsm	compliance			[no-change]
	gpgsm	default-key			[no-change]
	gpgsm	encrypt-to			[no-change]
	gpgsm	keyserver			[no-change]
	gpgsm	disable-dirmngr			[no-change]
	gpgsm	auto-issuer-key-retrieve	[no-change]
	gpgsm	p12-charset			[no-change]
	gpgsm	disable-crl-checks		[no-change]
	gpgsm	enable-crl-checks		[no-change]
	gpgsm	disable-trusted-cert-crl-check	[no-change]
	gpgsm	enable-ocsp			[no-change]
	gpgsm	disable-policy-checks		[no-change]
	gpgsm	cipher-algo			[no-change]

all options are correctly flagged as "no change" in the output of gpgconf

Jan 18 2022, 10:52 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

More weirdness. With gpgconf (GnuPG) 2.2.34-beta23 I get:

Jan 18 2022, 10:49 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 17 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

After commenting out the options that gpgconf 2.3 complains about I get:

$ gpgconf --version
gpgconf (GnuPG) 2.3.5-beta17
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Jan 17 2022, 5:28 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

I tried to see what gpgconf from master says, but I only get

$gpgconf --list-options gpg
gpgconf: unknown option 'try-secret-key' at '/etc/gnupg/gpgconf.conf', line 95
gpgconf: unknown option 'reader-port' at '/etc/gnupg/gpgconf.conf', line 96
Jan 17 2022, 5:20 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

This also doesn't look right:

Jan 17 2022, 5:01 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

The following looks very much like a bug.

Jan 17 2022, 4:35 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

Example:
/etc/gnupg/gpg.conf:

default-key B81CE112B26A8EA8BE7B95D2E375339BF4C51840
Jan 17 2022, 4:28 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

With rG8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9 some rules for allow-mark-trusted were removed from doc/examples/gpgconf.conf, but the comments below which are supposed to explain the example rules still talk about allow-mark-trusted.

Jan 17 2022, 4:04 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Dec 30 2021

werner changed the status of T5732: Backport option reading in gpgconf to 2.2 from Open to Testing.

Backport done but diligent testing is required.

Dec 30 2021, 10:51 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Dec 14 2021

werner added a subtask for T5732: Backport option reading in gpgconf to 2.2: T5735: Kleopatra: Automatic lookup for certificates for OpenPGP card keys.
Dec 14 2021, 10:15 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Dec 13 2021

werner added a comment to T5732: Backport option reading in gpgconf to 2.2.

A clumsy workaround for the Kleo bug is to put "keyserver ldap:///" into the global gpg.conf after an ignore section containing keyserver. This will let gpgconf emit "ldap:///" unless a local gpg.conf exists.

Dec 13 2021, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner changed Due Date from Dec 31 2021, 12:00 AM to Jan 31 2022, 12:00 AM on T5732: Backport option reading in gpgconf to 2.2.
Dec 13 2021, 1:58 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner added a project to T5732: Backport option reading in gpgconf to 2.2: Restricted Project.
Dec 13 2021, 1:57 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner triaged T5732: Backport option reading in gpgconf to 2.2 as High priority.
Dec 13 2021, 1:51 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Oct 4 2021

werner added projects to T5584: gpg --list-packets lists wrong packets: gnupg (gpg22), backport.
Oct 4 2021, 10:13 AM · gnupg (gpg22), Bug Report

Aug 26 2021

werner changed the status of T5555: Cannot add existing ECDSA key as a signing subkey from Open to Testing.
Aug 26 2021, 11:54 AM · gnupg (gpg23), Bug Report
werner added a comment to T5555: Cannot add existing ECDSA key as a signing subkey.

I tried applied the bulk of the patch to 2.2 but w/o reading the key creation time from the card. We don't have the supporting code for latter in 2.2. However this does not make sense. Users should switch to 2.3 if they needs this feature.

Aug 26 2021, 11:53 AM · gnupg (gpg23), Bug Report

Aug 25 2021

werner claimed T5555: Cannot add existing ECDSA key as a signing subkey.

Will do.

Aug 25 2021, 11:56 AM · gnupg (gpg23), Bug Report

Aug 13 2021

werner changed the edit policy for backport.
Aug 13 2021, 3:52 PM

Jun 2 2021

werner closed T5195: Incorrect HWCAP2 check for AArch32 as Resolved.

Fixed for 1.8.8

Jun 2 2021, 12:56 PM · libgcrypt, backport, Bug Report

Apr 19 2021

werner edited projects for T4921: Support import of PKCS#12 encoded ECC private keys., added: gnupg (gpg22); removed gnupg (gpg23).
Apr 19 2021, 5:52 PM · gnupg (gpg22), backport, Feature Request, S/MIME

Feb 17 2021

werner closed T5282: ecc: No check for broken public key when verify signature (ECDSA, ECDSA for SM and GOST) as Resolved.

Backport was done with commit rC1d312bc65846 (for unknown reasons it did not show up in the list of bugs related to this bug; I added it by hand). Fix will go into 1.8.8.

Feb 17 2021, 8:52 AM · libgcrypt

Feb 1 2021

werner added a project to T5282: ecc: No check for broken public key when verify signature (ECDSA, ECDSA for SM and GOST): backport.

I think that a backport to 1.8. also makes sense

Feb 1 2021, 11:17 AM · libgcrypt

Jan 28 2021

gniibe closed T4614: GPG: Cancel on pinpad hangs decryption process for 20 seconds as Resolved.
Jan 28 2021, 3:00 AM · backport, Testing, scd, gnupg

Jan 18 2021

werner moved T5195: Incorrect HWCAP2 check for AArch32 from For 1.9 to For 1.8 on the libgcrypt board.
Jan 18 2021, 7:08 PM · libgcrypt, backport, Bug Report
werner added a project to T5195: Incorrect HWCAP2 check for AArch32: libgcrypt.
Jan 18 2021, 7:08 PM · libgcrypt, backport, Bug Report
werner removed a project from T5195: Incorrect HWCAP2 check for AArch32: libgcrypt.
Jan 18 2021, 7:07 PM · libgcrypt, backport, Bug Report