Bug Report
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Today

grichardnewell updated the task description for T4824: Encrypted file appears to not be encrypted by recipients public key.
Sat, Jan 25, 4:11 AM · Bug Report, gpg4win
grichardnewell created T4824: Encrypted file appears to not be encrypted by recipients public key.
Sat, Jan 25, 4:03 AM · Bug Report, gpg4win

Yesterday

dkg added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

(if you don't want to publish the full strace output here because you're concerned it might leak some information about your machine or your network, but you're ok sharing it with me personally, you can send it to me privately by e-mail, encrypted to the OpenPGP certificate with fingerprint C4BC2DDB38CCE96485EBE9C2F20691179038E5C6, and sent to one of the e-mail addresses associated with that certificate. please make a note here if you do that)

Fri, Jan 24, 3:20 PM · Bug Report
dkg added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

ok, that's deeply weird. i'm assuming that this machine has IPv4 connectivity. I have no idea why dirmngr would be returning EAFNOSUPPORT in that case.

Fri, Jan 24, 3:18 PM · Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

Right after the failed connection I see:

$ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S #   0   4 d keys.openpgp.org (37.218.245.50)  (5s)
OK
Fri, Jan 24, 1:07 PM · Bug Report
bhaible added a comment to T4818: libgcrypt build failures on several platforms.

Regarding Cygwin: The sources are a bit hard to find.
https://cygwin.com/packages.html
-> https://cygwin.com/packaging/repos.html
-> https://cygwin.com/git-cygwin-packages/
-> https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/libgcrypt.git;a=summary

Fri, Jan 24, 11:33 AM · Solaris, libgcrypt, Bug Report
bhaible added a comment to T4818: libgcrypt build failures on several platforms.

Regarding GNU/kFreeBSD, my machine is using the FreeBSD 9.0 kernel, which does not yet have the security.bsd.unprivileged_mlock oid. Like what was mentioned here: https://lists.debian.org/debian-bsd/2014/08/msg00092.html

Fri, Jan 24, 11:15 AM · Solaris, libgcrypt, Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

For Cygwin, I can't find how its libgcrypt package is built.
I found this for MSYS2: https://github.com/msys2/MSYS2-packages/tree/master/libgcrypt
This for Mingw-w64: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-libgcrypt

Fri, Jan 24, 2:53 AM · Solaris, libgcrypt, Bug Report
gniibe created T4822: mlock requires privilege.
Fri, Jan 24, 2:21 AM · Solaris, libgcrypt, Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

I tested on FreeBSD. Same errors (t-secmen and t-sexp) are reproducible when we set:

Fri, Jan 24, 2:05 AM · Solaris, libgcrypt, Bug Report
dkg added commits to T4820: gpgme's json test fails with gpg 2.2.19: rMc4cf527ea227: gpg: Send --with-keygrip when listing keys, rMf2aeb2563ba2: tests/json: Bravo key does not have secret key material.
Fri, Jan 24, 12:31 AM · gpgme, Bug Report
dkg added a comment to T4820: gpgme's json test fails with gpg 2.2.19.

in particular, c4cf527ea227edb468a84bf9b8ce996807bd6992 and f2aeb2563ba2f55eea7f52041e52062fdc839a64

Fri, Jan 24, 12:25 AM · gpgme, Bug Report
dkg added a comment to T4820: gpgme's json test fails with gpg 2.2.19.

The dkg/fix-4820 branch now has these two fixes.

Fri, Jan 24, 12:23 AM · gpgme, Bug Report
gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Thanks for concrete cases. Sorry, not responding earlier. It was an experimental feature, firstly only available in Gnuk Token.

Fri, Jan 24, 12:19 AM · scd, Bug Report

Thu, Jan 23

dkg added a comment to T4820: gpgme's json test fails with gpg 2.2.19.

For easier reference or searchability, the test error looks like this:

Thu, Jan 23, 11:57 PM · gpgme, Bug Report
dkg created T4820: gpgme's json test fails with gpg 2.2.19.
Thu, Jan 23, 11:40 PM · gpgme, Bug Report
Arnaud added a comment to T3891: kdf-setup does not set admin and user PIN codes.

I implemented the script described previsouly (https://dev.gnupg.org/T3891#114950) in the smartpgp-cli utility provided in the SmartPGP repository (see commit https://github.com/ANSSI-FR/SmartPGP/commit/4be0fa442b43c2bafd5f0171417ff68fd88cbe2d).

Thu, Jan 23, 7:53 PM · scd, Bug Report
dkg added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

This appears to be a different error than above. here we see:

Thu, Jan 23, 5:50 PM · Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

With tls-debug 16:

dirmngr[9162.6] DBG: chan_6 <- END
dirmngr[9162.6] DBG: dns: libdns initialized
dirmngr[9162.6] DBG: dns: getsrv(_pgpkey-https._tcp.keys.openpgp.org) -> 0 records
dirmngr[9162.6] DBG: dns: resolve_dns_name(keys.openpgp.org): Success
dirmngr[9162.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
dirmngr[9162.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/common.c[_gnutls_x509_get_raw_field2]:1575
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/x509.c[gnutls_x509_crt_get_subject_unique_id]:3902
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/x509.c[gnutls_x509_crt_get_issuer_unique_id]:3952
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
dirmngr[9162.6] DBG: gnutls:L3: ASSERT: /var/tmp/portage/net-libs/gnutls-3.6.11.1-r1/work/gnutls-3.6.11.1/lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:990
dirmngr[9162.6] number of system provided CAs: 142
dirmngr[9162.6] DBG: gnutls:L5: REC[0x7fd5a400c360]: Allocating epoch #0
dirmngr[9162.6] DBG: gnutls:L2: added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list
dirmngr[9162.6] DBG: Using TLS library: GNUTLS 3.6.11
dirmngr[9162.6] DBG: http.c:connect_server: trying name='keys.openpgp.org' port=443
dirmngr[9162.6] DBG: dns: resolve_dns_name(keys.openpgp.org): Success
dirmngr[9162.6] error creating socket: Address family not supported by protocol
dirmngr[9162.6] error connecting to 'https://keys.openpgp.org:443': Address family not supported by protocol
dirmngr[9162.6] DBG: gnutls:L13: BUF[HSK]: Emptied buffer
dirmngr[9162.6] DBG: gnutls:L5: REC[0x7fd5a400c360]: Start of epoch cleanup
dirmngr[9162.6] DBG: gnutls:L5: REC[0x7fd5a400c360]: End of epoch cleanup
dirmngr[9162.6] DBG: gnutls:L5: REC[0x7fd5a400c360]: Epoch #0 freed
dirmngr[9162.6] marking host 'keys.openpgp.org' as dead
dirmngr[9162.6] host 'keys.openpgp.org' marked as dead
dirmngr[9162.6] command 'KS_PUT' failed: No keyserver available
dirmngr[9162.6] DBG: chan_6 -> ERR 167772346 No keyserver available <Dirmngr>
dirmngr[9162.6] DBG: chan_6 <- BYE
dirmngr[9162.6] DBG: chan_6 -> OK closing connection
dirmngr[9162.6] handler for fd 6 terminated
Thu, Jan 23, 9:35 AM · Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

Could it be that the system installed CAs are not sufficient for the TSL handshake? But then also curl should fail on that host. But curl https://keys.openpgp.org is fine.

Thu, Jan 23, 9:33 AM · Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

On Solaris, the test errors are because of:

USAGE
       Because of the impact on system resources, the use of mlock() and
       munlock() is restricted to users with the {PRIV_PROC_LOCK_MEMORY}
       privilege.
Thu, Jan 23, 3:45 AM · Solaris, libgcrypt, Bug Report
gniibe added a commit to T4818: libgcrypt build failures on several platforms: rCe0898d062878: random: Fix include of config.h..
Thu, Jan 23, 2:30 AM · Solaris, libgcrypt, Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

OK, I identified the problem on OpenIndiana. The inclusion of <unistd.h> causes inclusion of <sys/types.h> before config.h. I'm going to fix this.

Thu, Jan 23, 2:24 AM · Solaris, libgcrypt, Bug Report

Wed, Jan 22

dkg added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

this looks to me like a problem with the TLS handshake -- it looks like this is a response coming from the TLS stack -- as rfc 8446 says, alert 49 is access_denied:

Wed, Jan 22, 6:47 PM · Bug Report
szszszsz-nitrokey added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Some users of ours wanted to use KDF with their OpenPGP smart cards. Could you tell when solution to this issue could be expected?
Additionally, is there any workaround for the current state? Perhaps based on T3823, or on derived [1]? To which values the PINs had to be set?

Wed, Jan 22, 5:25 PM · scd, Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

I have added standard-resolver and debug network to the dirmngr.conf, killed the running dirmngr:

Wed, Jan 22, 7:55 AM · Bug Report

Tue, Jan 21

andrey_l added a comment to T4819: Kleopatra / Win 10 - Sign and Encrypt window doesn't show up.

I believe "geometry" field value from [SignEncryptFilesWizard] can help in debug.
But I'm not sure about posting it here: does it contain any sensitive info?

Tue, Jan 21, 1:38 PM · Bug Report, gpg4win
andrey_l added a comment to T4819: Kleopatra / Win 10 - Sign and Encrypt window doesn't show up.

Result of renaming:
It helped, but only for 1st run. Then problem occurs again.
I've tried to restart the app, but it doesn't help.

Tue, Jan 21, 1:34 PM · Bug Report, gpg4win
aheinecke triaged T4819: Kleopatra / Win 10 - Sign and Encrypt window doesn't show up as Normal priority.

Thanks for the report. I have observed that the Window is sometimes opened in the background so I accept that this is an issue for Kleopatra somehow and we need to look into it. I know that your problem is a bit different but that is related.

Tue, Jan 21, 1:22 PM · Bug Report, gpg4win
andrey_l added a comment to T4819: Kleopatra / Win 10 - Sign and Encrypt window doesn't show up.

I've downgraded to gpg4win-3.1.10 - still be reproducible...

Tue, Jan 21, 11:11 AM · Bug Report, gpg4win
andrey_l created T4819: Kleopatra / Win 10 - Sign and Encrypt window doesn't show up.
Tue, Jan 21, 11:06 AM · Bug Report, gpg4win
werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

FWIW, I found an open xterm with my query from last week:

Tue, Jan 21, 9:55 AM · Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

For GNU/Linux or GNU/kFreeBSD system, libgcrypt 1.8 with libgpg-error 1.36 has no problem in Debian build:
https://buildd.debian.org/status/package.php?p=libgcrypt20

Tue, Jan 21, 1:48 AM · Solaris, libgcrypt, Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

In solaris11openindiana-log2, we have two errors: one for ulong, and another for ushort.
I fixed the former. It is because of our mistake of using ulong before it is handled by libgcrypt/src/types.h. In the first place, it is implemented by "unsigned long", so, there is no need to use ulong here.

Tue, Jan 21, 1:41 AM · Solaris, libgcrypt, Bug Report

Mon, Jan 20

werner triaged T4818: libgcrypt build failures on several platforms as Normal priority.
Mon, Jan 20, 3:37 PM · Solaris, libgcrypt, Bug Report
werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

@Valodim: I am pretty sure that last week it resolved only to a v4 address; today (and from another network and resolver) I get the same addresses as you.

Mon, Jan 20, 3:36 PM · Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.
# host keys.openpgp.org
keys.openpgp.org has address 37.218.245.50
keys.openpgp.org has IPv6 address 2a00:c6c0:0:154:1::1
keys.openpgp.org mail is handled by 100 mail.keys.openpgp.org.
Mon, Jan 20, 1:07 PM · Bug Report
Valodim added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

that does look like your host can resolve domains for ipv6 addresses, but can't actually connect to them. what does host keys.openpgp.org say? And ip a?

Mon, Jan 20, 12:56 PM · Bug Report
gniibe claimed T4818: libgcrypt build failures on several platforms.

Thanks. I see the situation for Solaris 11 Openindiana. In master (will be 1.9.0), it has no problem.
We need to fix in 1.8. I will.

Mon, Jan 20, 11:02 AM · Solaris, libgcrypt, Bug Report
bhaible added a comment to T4818: libgcrypt build failures on several platforms.

Here are the logs. The package was configured with
CC="gcc -m64 -O2 -D_XOPEN_SOURCE=700"

Mon, Jan 20, 10:02 AM · Solaris, libgcrypt, Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.
$ ping keys.openpgp.org -c1
PING keys.openpgp.org (37.218.245.50) 56(84) bytes of data.
64 bytes from 37.218.245.50 (37.218.245.50): icmp_seq=1 ttl=48 time=24.1 ms
Mon, Jan 20, 8:35 AM · Bug Report
gniibe added a comment to T4818: libgcrypt build failures on several platforms.

Please give us log for Solaris 11 Openindiana.

Mon, Jan 20, 5:24 AM · Solaris, libgcrypt, Bug Report
gniibe added a comment to T1983: gpg2 prefers missing secret key to available key on card.

I think that this ticket and https://bugs.debian.org/346241 handle different things, although both do key selection.

Mon, Jan 20, 3:32 AM · Bug Report, gnupg
bhaible created T4818: libgcrypt build failures on several platforms.
Mon, Jan 20, 1:27 AM · Solaris, libgcrypt, Bug Report

Sun, Jan 19

Valodim added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

but keys.openpgp.org resolves only to a v4 address.

Sun, Jan 19, 11:15 PM · Bug Report

Fri, Jan 17

dkg added a comment to T1983: gpg2 prefers missing secret key to available key on card.

This is also https://bugs.debian.org/346241

Fri, Jan 17, 7:25 PM · Bug Report, gnupg
werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

ping keys.openpgp.org

Fri, Jan 17, 4:04 PM · Bug Report
mssm added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

As far as I know this is a v4 only network. I tried what you said and get this log:

2020-01-17 15:39:33 dirmngr[18656.6] DBG: chan_6 <- END
2020-01-17 15:39:33 dirmngr[18656.6] DBG: dns: libdns initialized
2020-01-17 15:39:33 dirmngr[18656.6] DBG: dns: getsrv(_pgpkey-https._tcp.keys.openpgp.org) -> 0 records
2020-01-17 15:39:33 dirmngr[18656.6] DBG: dns: resolve_dns_name(keys.openpgp.org): Success
2020-01-17 15:39:33 dirmngr[18656.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2020-01-17 15:39:33 dirmngr[18656.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2020-01-17 15:39:33 dirmngr[18656.6] number of system provided CAs: 142
2020-01-17 15:39:33 dirmngr[18656.6] DBG: dns: resolve_dns_name(keys.openpgp.org): Success
2020-01-17 15:39:33 dirmngr[18656.6] error creating socket: Address family not supported by protocol
2020-01-17 15:39:33 dirmngr[18656.6] error connecting to 'https://keys.openpgp.org:443': Address family not supported by protocol
2020-01-17 15:39:33 dirmngr[18656.6] marking host 'keys.openpgp.org' as dead
2020-01-17 15:39:33 dirmngr[18656.6] host 'keys.openpgp.org' marked as dead
2020-01-17 15:39:33 dirmngr[18656.6] command 'KS_PUT' failed: No keyserver available
2020-01-17 15:39:33 dirmngr[18656.6] DBG: chan_6 -> ERR 167772346 No keyserver available <Dirmngr>
2020-01-17 15:39:33 dirmngr[18656.6] DBG: chan_6 <- BYE
2020-01-17 15:39:33 dirmngr[18656.6] DBG: chan_6 -> OK closing connection
2020-01-17 15:39:33 dirmngr[18656.6] handler for fd 6 terminated
Fri, Jan 17, 3:41 PM · Bug Report
werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

The problem is likely that you don't have IPv4 support but keys.openpgp.org resolves only to a v4 address.
You should also use

Fri, Jan 17, 3:20 PM · Bug Report
aheinecke added a comment to T4796: GpgOL should hide "legacy display" parts when it encounters them.

An updated build is available here: https://files.gpg4win.org/Beta/gpgol/2.4.6-beta3/

Fri, Jan 17, 3:04 PM · gpgol, Bug Report, gpg4win