Page MenuHome GnuPG
Projects Bug Report

Bug ReportBugs
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers (2)

Details

Description

Add this tag to everything you consider a bug.

Recent Activity
View All

Today

uwi created T8215: Gpg4Win 5.0.2 fails to upgrade from 5.0.1 on Windows 11.
Sat, Apr 11, 11:16 AM · Bug Report, gpg4win

Yesterday

gniibe added a comment to T8208: Missing bounds check in libgcrypt's Dilithium context handling.

The minimum fix avoids changes needed, thus, a bit confusing as a whole.
Here are better changes:

0001-cipher-dilithium-Fix-the-glue-of-libgcrypt.patch1 KBDownload

0002-cipher-dilithium-Check-the-label-length-by-caller.patch10 KBDownload

Fri, Apr 10, 11:07 AM · Security, PQC, Bug Report, libgcrypt

Thu, Apr 9

gniibe claimed T8208: Missing bounds check in libgcrypt's Dilithium context handling.

Minimum fix is:

0001-cipher-dilithium-Check-the-label-length-by-caller.patch1 KBDownload

Thu, Apr 9, 8:48 AM · Security, PQC, Bug Report, libgcrypt

Wed, Apr 8

ikloecker added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.

Well, I don't think we'll add platform-specific X11 code to pinentry-qt just to check for an invalid DISPLAY. We are using Qt so that we don't have to deal with platform-specific stuff. I have no intention to look into this and, given Wayland, investing any more time in X11 feels wasted. We might accept a patch that can be used by all GUI pinentries to check for a usable DISPLAY.

Wed, Apr 8, 6:55 PM · pinentry, Bug Report
ametzler1 added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.

"ikloecker (Ingo Klöcker)" wrote:

ikloecker added a comment.

How is "invalid DISPLAY" defined? `DISPLAY=invalid`? Anything that's not `DISPLAY=:<some number>`? Why do screen and tmux have to use an extra-wurst?

[...]

Wed, Apr 8, 6:15 PM · pinentry, Bug Report
Karl added a comment to T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver.

@werner I can confirm that we've tested the patch and it seems to fix the issue in our setup.

Wed, Apr 8, 4:36 PM · gnupg22, Keyserver, gnupg26, Bug Report

Tue, Apr 7

werner moved T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver from Backlog to WIP on the gnupg26 board.

Applied to master to be release with 2.5.19.

Tue, Apr 7, 4:46 PM · gnupg22, Keyserver, gnupg26, Bug Report
ikloecker added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.

Apparently, DISPLAY is hostname:displaynumber.screennumber where hostname and .screennumber are optional and where hostname is a hostname or maybe host/unix. Does hostname include IPv6 address literals? Anyway, I guess the only sensible heuristic is to consider any DISPLAY value that contains : as valid.

Tue, Apr 7, 3:26 PM · pinentry, Bug Report
ikloecker added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.

How is "invalid DISPLAY" defined? DISPLAY=invalid? Anything that's not DISPLAY=:<some number>? Why do screen and tmux have to use an extra-wurst?

Tue, Apr 7, 2:55 PM · pinentry, Bug Report

Mon, Apr 6

werner added a project to T8208: Missing bounds check in libgcrypt's Dilithium context handling: Security.
Mon, Apr 6, 5:13 PM · Security, PQC, Bug Report, libgcrypt
werner triaged T8208: Missing bounds check in libgcrypt's Dilithium context handling as High priority.
Mon, Apr 6, 5:09 PM · Security, PQC, Bug Report, libgcrypt

Fri, Apr 3

ametzler1 added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.
In T8156#216401, @ikloecker wrote:

I'm not sure if we should consider env DISPLAY=invalid pinentry-qt a valid test.

[...]

So, I guess, @ametzler1's suggestion to remove the check for isX11SessionType is the correct solution. DISPLAY=invalid would still not work, but I think that's acceptable.

Fri, Apr 3, 7:32 AM · pinentry, Bug Report
NfuRipHA updated the task description for T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 5:15 AM · S/MIME, Bug Report
NfuRipHA renamed T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) from gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) (macOS 15 (Darwin 25.4.0, arm64) to gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 5:02 AM · S/MIME, Bug Report
NfuRipHA edited projects for T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256), added: S/MIME; removed gpgme.
Fri, Apr 3, 5:01 AM · S/MIME, Bug Report
NfuRipHA added a project to T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256): gpgme.
Fri, Apr 3, 5:01 AM · S/MIME, Bug Report
NfuRipHA updated the task description for T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:57 AM · S/MIME, Bug Report
NfuRipHA updated the task description for T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:56 AM · S/MIME, Bug Report
NfuRipHA merged T8206: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) (macOS 15 (Darwin 25.4.0, arm64) into T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:55 AM · S/MIME, Bug Report
NfuRipHA merged task T8206: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) (macOS 15 (Darwin 25.4.0, arm64) into T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:55 AM · Bug Report
NfuRipHA added a comment to T8206: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) (macOS 15 (Darwin 25.4.0, arm64).
Fri, Apr 3, 4:55 AM · Bug Report
NfuRipHA added a comment to T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:55 AM · S/MIME, Bug Report
NfuRipHA created T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256).
Fri, Apr 3, 4:53 AM · S/MIME, Bug Report
NfuRipHA created T8206: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) (macOS 15 (Darwin 25.4.0, arm64).
Fri, Apr 3, 4:52 AM · Bug Report

Wed, Apr 1

jpalus added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

Great spotting! This was it. Quite embarrassing that I've looked at this code so many time yet it didn't cross my mind to double check arguments order.

Wed, Apr 1, 1:27 PM · gpgagent, ssh, Bug Report
gniibe triaged T8204: libgcrypt: Add optimized implementation of Kyber/Dilithium using CPU specific vector extention as Wishlist priority.
Wed, Apr 1, 7:30 AM · PQC, libgcrypt, Bug Report
gniibe created T8204: libgcrypt: Add optimized implementation of Kyber/Dilithium using CPU specific vector extention.
Wed, Apr 1, 7:30 AM · PQC, libgcrypt, Bug Report
gniibe triaged T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x as Normal priority.

@jpalus You are right.

Wed, Apr 1, 4:30 AM · gpgagent, ssh, Bug Report
gniibe added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

computed by ssh_signature_encoder_rsa, including additional 0, reach:

Wed, Apr 1, 4:16 AM · gpgagent, ssh, Bug Report

Tue, Mar 31

jpalus added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

Note that exactly same data and length computed by ssh_signature_encoder_rsa, including additional 0, reach:
https://github.com/openssh/openssh-portable/blob/V_10_2_P1/sshkey.c#L517-L537

Tue, Mar 31, 6:38 PM · gpgagent, ssh, Bug Report
werner assigned T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x to gniibe.

Let's see whether Niibe-san still remembers the T7882 case.

Tue, Mar 31, 3:23 PM · gpgagent, ssh, Bug Report
werner added a comment to T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver.

Can you please test the patch below in your environment. That would be helpful.

Tue, Mar 31, 3:18 PM · gnupg22, Keyserver, gnupg26, Bug Report
jpalus added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

Added to some debug logging and whenever login issue occurs new logic is applied:
https://github.com/gpg/gnupg/blob/bc7c91bee521e4adf3506ca32bf34177b84ce1c5/agent/command-ssh.c#L1482

Tue, Mar 31, 1:50 PM · gpgagent, ssh, Bug Report
jpalus added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

Looks like indeed related to T7882. After reverting c7e0ec12609b401ea81c4851522d86eb5ec27170 I was able to make 2000 connections without any issue. Bringing the change back and retrying issue appeared within first 300.

Tue, Mar 31, 1:21 PM · gpgagent, ssh, Bug Report
jpalus added a comment to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.

I've already tried with verbose which gave no errors. That's why I moved to debug logging. With double verbose I don't see anything wrong either. Excerpt from log for relevant 100 connections among which 1 failed:

$ cat gpg.log | 
    sed 's/.*gpg-agent\[[0-9]*\] //'  | # remove date, time and process id                            
    grep -v 'ssh handler .* \(started\|terminated\)' | # appears to be mostly noise wit hex address
    sort|uniq -c
     80 new connection to /usr/libexec/gnupg2/scdaemon daemon established
     20 new connection to /usr/libexec/gnupg2/scdaemon daemon established (reusing)
    100 received ssh request of length 1
    100 received ssh request of length 208
    100 received ssh request of length 748
    100 sending ssh response of length 1
    100 sending ssh response of length 281
    100 sending ssh response of length 626
    100 ssh request handler for extension (27) ready
    100 ssh request handler for extension (27) started
    100 ssh request handler for request_identities (11) ready
    100 ssh request handler for request_identities (11) started
    100 ssh request handler for sign_request (13) ready
    100 ssh request handler for sign_request (13) started
    100 ssh-agent extension 'session-bind@openssh.com' not supported
    100 ssh-agent extension 'session-bind@openssh.com' received
Tue, Mar 31, 12:55 PM · gpgagent, ssh, Bug Report
werner added projects to T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x: ssh, gpgagent.

You need to get a log form gpg-agent. Put this into ~/.gnupg/gpg-agent/conf

Tue, Mar 31, 12:06 PM · gpgagent, ssh, Bug Report

Mon, Mar 30

jpalus created T8202: Intermittent ssh publickey login failure after upgrade to gnupg 2.5.x.
Mon, Mar 30, 6:56 PM · gpgagent, ssh, Bug Report
ikloecker added a comment to T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY.

As noted by @ametzler1 pinentry-qt has such a fallback. Of course, we can try to improve the heuristics pinentry-qt uses.

Mon, Mar 30, 11:14 AM · pinentry, Bug Report

Sat, Mar 28

werner triaged T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver as High priority.
Sat, Mar 28, 6:12 PM · gnupg22, Keyserver, gnupg26, Bug Report

Fri, Mar 27

Karl created T8197: "gpg --refresh-keys" aborts with "gpg: keyserver refresh failed: No data" if too many keys are missing on keyserver.
Fri, Mar 27, 4:28 PM · gnupg22, Keyserver, gnupg26, Bug Report
timegrid added a comment to T8189: GnuPG: Bad signature on import of designated revokation certificate.

Note: The invalid revocation certificate: Bad signature - rejected line is also shown on vsd 3.3.4, gpg 2.2.53 @ win10 (but revocation works).

Fri, Mar 27, 1:30 PM · Bug Report, gnupg26
timegrid updated the task description for T8190: GpgOL: Encrypt/Sign issues using S/MIME certs with invalid crlDP.
Fri, Mar 27, 1:16 PM · needs discussion, Bug Report, gpd5x, gpgol
timegrid updated the task description for T8190: GpgOL: Encrypt/Sign issues using S/MIME certs with invalid crlDP.
Fri, Mar 27, 1:14 PM · needs discussion, Bug Report, gpd5x, gpgol
ebo added a project to T8190: GpgOL: Encrypt/Sign issues using S/MIME certs with invalid crlDP: needs discussion.

feedback of @mmontkowski needed

Fri, Mar 27, 1:01 PM · needs discussion, Bug Report, gpd5x, gpgol
timegrid updated the task description for T8196: GnuPG: Designated revokation with certify-only primary keys does not work.
Fri, Mar 27, 12:11 PM · Bug Report, gnupg26
timegrid created T8196: GnuPG: Designated revokation with certify-only primary keys does not work.
Fri, Mar 27, 11:55 AM · Bug Report, gnupg26
werner claimed T8076: Kleopatra: Unable to completely delete key with secret subkeys and offline-primary key.
Fri, Mar 27, 11:07 AM · gnupg26, gpd5x, kleopatra, Bug Report
werner triaged T8048: Keyboxd: S/MIME certificate is imported on ldap search as Normal priority.
Fri, Mar 27, 10:33 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
werner triaged T8093: GPGME: inconsistent behavior on GPGME_KEYLIST_MODE_LOCATE from hkp server as Normal priority.

I think locate mode is mostly meant to be used to retrieve a single key

Fri, Mar 27, 10:33 AM · to-be-discussed, Bug Report
werner triaged T8156: pinentry qt and fltk - fallback to tty on invalid DISPLAY as Normal priority.
Fri, Mar 27, 10:29 AM · pinentry, Bug Report