Sat, Jan 22
DANE has been an experimental thing and is imho dead.
Dec 8 2021
Oct 6 2021
Thanks for the report. However, for 1.4 we will only apply important real world security patches. A brief review did not reveal any setious problems. Theoretical memory leaks will not be fixed. Note that your report also includes patches to parts of the code which are not anymore used.
Aug 27 2021
Code for avoiding the COMMON section has been there, because of RISC OS.
I think that it will be easier to enable that for all (but not for RISC OS only).
Jan 6 2021
Okay. Now since configure.ac is already touching CFLAGS, it seemed like a good place to add that additional option here. All this is guarded by a test for GCC, and since clang mimics that behaviour, it works for them as well.
Take care: gpg is also used on platforms with proprietary compilers which don't support -f options. Thus you need to limit this to gcc.
After some more checking: LLVM-11 introduced the same behaviour in that regard, but appearently not a pragma/attribute to override this: https://releases.llvm.org/11.0.0/tools/clang/docs/ReleaseNotes.html
Jan 5 2021
Jan 4 2021
Thus better add a
Sure that the FreeBSD compiler does not define it? I am pretty sure it does.
According to list of attributes in the clang 12 documention, there is no such attribute in clang. However, the clang-11 compiler (as seen in Debian) does not define __GNUC__, so the proposed patch does not affect the status when building with clang.
Jul 16 2020
Reconsidering this: Running the test suite with gpg1 is not a proper use case. gpg1 may be installed in addition to gpg but it should never be used on a build machine solely.
May 8 2020
I've just tried the test suite of GnuPG 1.4.23 on debian buster and all tests pass.
Apr 23 2020
Thanks. I tried to install the latest released version, 1.4.23, but I got the same error.
That is a very old version (2015); please retry using the latest released version 1.4.23 (from 2018).
May 5 2019
Jun 18 2018
It's in 2.2.4 and 1.4.23.
Jun 12 2018
ee1fc420fb9741b2cfaea6fa820a00be2923f514 contains a proposed fix for this.
Jun 11 2018
Jun 8 2018
@dkg can you please take this up with Debian and other distros? See the commit for a brief description.
May 2 2018
Apr 13 2018
Applied to STABLE-BRANCH-1-4, too.
Good catch. Thanks. Fixed in STABLE-BRANCH-2-2.
Feb 5 2018
FYI : when submitting a buffer composed of
- a leading 00 byte,
- the 255 bytes encrypted session key value
to HSM/PKCS11 for decyption, decrypt returns without any errors, and returned plain session key is the one expected.
Feb 3 2018
Some enlightenments here because i may have not mention some info in the first place :
Feb 2 2018
Our HSM is a certified FIPS 140-2, sec level3, hardware module, exposing a PKCS#11 v2.30 spec compliant API.
What kind of hardware token?
Feb 1 2018
Nov 21 2017
It's fixed in master.
It is good to backport this to GnuPG 2.2 and GnuPG 1.4.
Nov 1 2017
Oct 24 2017
Won't we fixed for 1.4 and 2.0 (which is too close to EOL). Has been fixed for master; see T2359.
GnuPG 1.4 is only for old features. New features are only supported by GnuPG 2.2.
Oct 22 2017
Same issue exists in 2.2:
Oct 20 2017
Won't be fixed for 1.4.
There should be a backup file in these cases.
I would suggest to close this as won't fix.
In 2.2 we implemented --import-option show-only which dies the right thing, that is to use the reguarl key-listing code. Backporting this to 1.4 does not make sense - people should move on and use gpg 2.2.