Re: [PATCH] tests: fix compatibility with GnuPG 2.2.5

2018-06-14 Thread Jason A. Donenfeld
Merged, thanks. ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store

Re: grep -i?

2018-06-14 Thread Jason A. Donenfeld
Merged, thanks. ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store

Re: Security Vulnerability: Faulty GPG Signature Checking

2018-06-14 Thread Tobias Girstmair
Thanks for this update -- very much appreciated. :-) A few thoughts below. On Thu, Jun 14, 2018 at 05:09:35PM +0200, Jason A. Donenfeld wrote: > Our recommendations for authenticity and integrity > continue to be to enable git commit signing, which pass has built-in > support for. Maybe this

Security Vulnerability: Faulty GPG Signature Checking

2018-06-14 Thread Jason A. Donenfeld
Hey list, After discussing pass and GPG with Marcus Brinkmann at FOSDEM this year, and then witnessing the amazing bugs in Enigmail a while back, Marcus went and had a look at how our shell script is actually dealing with GPG output. He discovered (1) that our parsing of gpg command line output

Re: [PATCH] Close stdout for background task that restores clipboard

2018-06-14 Thread Jason A. Donenfeld
Merged, thanks. ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store

[ANNOUNCE] pass 1.7.2 Release

2018-06-14 Thread Jason A. Donenfeld
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi folks, Pass 1.7.2 has a number of important changes and bug fixes, including a fix for CVE-2018-12356. Everybody must update immediately. == Password Store on the Web == * Our homepage: https://www.passwordstore.org/ * Man page:

Re: Security Vulnerability: Faulty GPG Signature Checking

2018-06-14 Thread Ben Oliver
On 18-06-14 19:49:56, Tobias Girstmair wrote: Thanks for this update -- very much appreciated. :-) A few thoughts below. On Thu, Jun 14, 2018 at 05:09:35PM +0200, Jason A. Donenfeld wrote: Our recommendations for authenticity and integrity continue to be to enable git commit signing, which

Re: Security Vulnerability: Faulty GPG Signature Checking

2018-06-14 Thread Mark Gardner
On Thu, Jun 14, 2018 at 19:49:56 +0200, Tobias Girstmair wrote: > *simple* bash scripts I've found are either trivial or > {fragile,wrong,buggy,insecure}. Again, I'd support C (or anything widely > supported) for pass 2.0 Lately I have switched all my C hacking over to Golang (Go). While pass

Re: Security Vulnerability: Faulty GPG Signature Checking

2018-06-14 Thread Matthieu Weber
On Thu, 14 Jun 2018 at 05:11PM -0400, Mark Gardner wrote: > On Thu, Jun 14, 2018 at 19:49:56 +0200, Tobias Girstmair wrote: > > *simple* bash scripts I've found are either trivial or > > {fragile,wrong,buggy,insecure}. Again, I'd support C (or anything widely > > supported) for pass 2.0 > >