Sat, May 14
I just wrote a blog article about this problem
https://ludovicrousseau.blogspot.com/2022/05/scardlistreaders-and-non-initialized.html
Fri, May 13
Thanks for opening a ticket.
Thu, May 12
Editing a formatted password should work now as expected.
Its an issue of cursor position. If one either deletes or inputs a a character anywhere in the password string, the cursor always jumps to the end of the string.
Wed, May 11
Mon, May 2
Debian requires all builds to use software that we have local copies of in the archive, which appears to rule out the use of speedo (it fetches source over the internet during build). So i've modified debian packaging to annotate that the Windows builds need a different version of libgpg-error than that defined in configure.ac.
Sat, Apr 30
it would be useful to add a test
Thu, Apr 28
Thanks for working on this, @gniibe! Maybe it would be useful to add a test to the test suite that tries to import and use a secret key of this particular structure.
Use our build system and things work. In particular you need to use the software versions as listed at versions.gnupg.org and available via the build-auch/getswdb.sh. Even better use the speedo build system for Windows. Everything else is not a supported build configuration.
Thank you for the report.
The fix was not right, because gpg-agent side are not changed. See T5953.
Wed, Apr 27
Mon, Apr 25
Was fixed in 2.3.5
Apr 14 2022
We have not seen this problem anymore in recent versions. Thus closing.
We have a solulion for this bug. For further improvements we will use T5882.
- Fixed in 2.3
- assert replaced by a fatal error message
Apr 13 2022
Apr 7 2022
Updated the copy on our mirror as welll as the gpg4win and swdb packages files.
Apr 5 2022
The fix is from 2018 but was not picked up widely; see
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Mar 29 2022
Not applying the change to GnuPG 2.2, users can use GnuPG 2.3 for that.
Mar 24 2022
Merged into T5804.
Mar 23 2022
Thank you. Confirmed.
Mar 22 2022
Mar 21 2022
Actually this is pretty obvious; we better ignore such misbehaving servers.
No need for callbacks actually. We can do it in a simpler way. See commit rGe5ef5e3b914d5c8f0b841b078b164500ea157804
Mar 17 2022
SWDB updated - thus the latest zlib will be part of the next Windows build.
I think that the particular issue of Let's Encrypt Certificate was handled correctly already.
Mar 16 2022
I think that this commit rG8fd150b05b74: gpg: Remove all support for v3 keys and always create v4-signatures. matters.
Mar 15 2022
All 4 CVEs are findings related to standard conforming compiler optimizations which OTOH break long standing assumptions on C coding. “Let us show that our compiler produces the fastes code ever and ignore any assumptions coders had made over the last 50 year”.
Mar 9 2022
Great, thank you very much!
Thanks for notifying. Will be fixed in the next release (mid Apri).