Looks good to me on gpg4win-5.0.2-beta2 @ win11:

• first manual gpg -K and gpgsm -K displays the correct output now
• the loop ran without a hang for 50 times

Looks good to me on parallel install of

1. gpg4win-5.0.2-beta2 @ win11
2. vsd-4.0.0-beta1203 @ win11

Looks good to me on gpg4win-5.0.2-beta2 @ win11:

There shouldn't be any RegCreateKey anymore for HKLM\SOFTWARE\<product name>\... or HKCU\SOFTWARE\<product name>\.... And, of course, no registry keys should be created.

Looks good to me on gpg4win-5.0.2-beta2 @ win11.
Tested import on 5 normal starts and 5 gdb starts.

Looks like the "read config from registry" patch that was upstreamed wasn't tested properly.

It seemed that the reporter (also) claimed that a git repo could be weak/vulnerable when X.509 signature is used to validate the commits.

For the record (to show we don't hide a problem), I add some information.

It should be solved by the upstream (libtool, gnulib, and possibly autoconf/automake). The solution would be refactoring AC_PROG_LD and AC_LIB_PROG_LD factoring out common things like handling use of GNU LD.

Works with Gpg4win-5.0.2-beta2

Fixed.

Here's a full log of a gdb run, which segfaults on start:

full debugview log:

Please always attach the full Debugview log. Sometimes (like here) I really want to know everything that was logged since the start.

Fixed. This regression was caused by changes made for T8056: Support config options RSAKeySizes and PGPKeyType for Kf6.

The reporter informed:
CVE-2025-69913

In T8029#212310, @werner wrote:

My actual plan is to rework the imp[ort/export of secret keys to gpg-agent. Right now gpg-agent has knowledge of OpenPGP for import/export. This is not good and the required conversion should be moved to a helper tools for easier testing and to have this out of the gpg-agent process. For Kyber we right now don't use any conversion mut store the secret keys in gpg-agent's native format. Thus the passphrase is not necessary. We need to figure out why we have this problem here.

This is not "Unbreak now" because we have not released the software yet. Unbreak now should be used for bugs in deployed software but not during development.

Note: This was fine on gpg4win-5.0.1

Regarding some broken "reg create" on some filepath: split into T8141: Kleopatra: Many wrong registry keys created in HKCU\Software\Gpg4Win

I rechecked the keyboxd locking of pubring.db. On crash via gdb the file was unlocked before, so this doesn't seem to be the problem:

Libkleo does not specify the curve in the parameter file becuase keyCurvve:isEmpty is asserted:

Works on the command line and adding a subkey later does also work.

I found that it's not that simple to accept the case of no newline at the end.
Because we need to handle the edge case where no newline occurs at the maximum buffer length, too.
It's something like the following.