summaryrefslogtreecommitdiffstats
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog32291
1 files changed, 32291 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..698cda5
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,32291 @@
+2022-10-10 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.40.
+ + commit 2e9f8a511dc01ef9ffc59c90f1cb5082e052da06
+
+
+ gpg: For de-vs use AES-128 instead of 3DES as implicit preference.
+ + commit 5df1c247be5223343668f9a56eb5f8290c954b6e
+ * g10/pkclist.c (select_algo_from_prefs): Change implicit cipher
+ algorithm.
+
+2022-10-10 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ sm: Fix reporting of bad passphrase error.
+ + commit 94092793f6a23bbd93c7a26add4d1a23a6f9acb7
+ * sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
+
+2022-10-07 Werner Koch <wk@gnupg.org>
+
+ wkd: Implement --blacklist option for gpg-wks-client.
+ + commit cd020284c9cf352e02e85c52884fc7d56b0f4ec9
+ * tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New.
+ (parse_arguments): Install blacklist.
+ (read_file): New.
+ (cmp_blacklist, add_blacklist, is_in_blacklist): New.
+ (mirror_one_key): Check list.
+ * tools/gpg-wks.h (opt): Remove field blacklist.
+
+ wkd: Restrict gpg-wks-client --mirror to the given domains.
+ + commit 88042821d81b93b793ddf67546bb6697d8a6881f
+ * tools/gpg-wks-client.c (domain_matches_mbox): New.
+ (mirror_one_key): Skip non-matching domains.
+ (command_mirror): Change args to allow for several domains.
+
+ wkd: Silence gpg-wks-client diagnostics from gpg.
+ + commit b18b9b972e2da2fd30c4bfd64c2c6b09213bd1cf
+ * tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we
+ are running in double verbose mode.
+ (decrypt_stream): Ditto
+ (encrypt_response): Ditto.
+ (mirror_one_keys_userid): Ditto.
+ * tools/wks-util.c (wks_get_key): Ditto.
+ (wks_list_key): Ditto.
+ (wks_filter_uid): Ditto.
+
+ (cherry picked from commit 4364283f757fceab454d48d461a9f88c31247a07)
+
+ wkd: New command --mirror for gpg-wks-client.
+ + commit a946343f14752ab06f1a62762e4a5a9203d38d55
+ * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
+ (opts): Add --mirror, --no-autostart, and --blacklist.
+ (parse_arguments): Parse new options.
+ (main): Implement aMirror.
+ (mirror_one_key_parm): New.
+ (mirror_one_keys_userid, mirror_one_key): New.
+ (command_mirror): New.
+
+ * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
+ * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
+ (wks_install_key_core): new.
+
+ * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
+
+ common: Protect against a theoretical integer overflow in tlv.c.
+ + commit c300253181cfc591cbcae9251eda5296ed29591b
+ * common/tlv.c (parse_ber_header): Protect agains integer overflow.
+
+ dirmngr: Support paged LDAP mode for KS_GET.
+ + commit a70a3204c24a00e688224ee24575be6e523d42ce
+ * dirmngr/ks-engine-ldap.c (PAGE_SIZE): New.
+ (struct ks_engine_ldap_local_s): Add several new fields.
+ (ks_ldap_clear_state): Release them.
+ (search_and_parse): Factored out from ks_ldap_get and extended to
+ support the paged mode.
+ (ks_ldap_get): Implement the pages mode for --first and --next.
+ * dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first
+ mode.
+ * dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS.
+
+ dirmngr: New options --first and --next for KS_GET.
+ + commit 20cb9319d998fb4eb3c096ca7d534706d4afc10a
+ * dirmngr/server.c (cmd_ks_get): Add option --first and --next.
+ (start_command_handler): Free that new ldap state.
+ * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New.
+ (ks_ldap_new_state, ks_ldap_clear_state): New.
+ (ks_ldap_free_state): New.
+ (return_one_keyblock): New. Mostly factored out from ....
+ (ks_ldap_get): here. Implement --first/--next feature.
+
+ * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to
+ ks_get_flags.
+ * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New.
+ (KS_GET_FLAG_FIRST): New.
+ (KS_GET_FLAG_NEXT): New.
+
+ * dirmngr/dirmngr.h (struct server_control_s): Add member
+ ks_get_state.
+ (struct ks_engine_ldap_local_s): New forward reference.
+
+ gpg: Show just keyserver and port with --send-keys.
+ + commit 2b2f8a1a0ca12e9903df3f20955f16e206a0c976
+ * g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
+
+ dirmngr: Minor fix for baseDN fallback.
+ + commit 4cf8dc2d968f966d99ec3db4ee40a1ff5321d5a7
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data
+ behind the EOS.
+ (interrogate_ldap_dn): Stylistic change.
+
+2022-10-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirnmgr: Fix the function prototype.
+ + commit 73cc5e073ce9e153cacdb020b15b2abc5e2cf8b2
+ * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with
+ no arguments.
+
+ dirmngr: Change interrogate_ldap_dn for better memory semantics.
+ + commit 98fbac614105b5690d57b4268c6792f4f3538bd5
+ * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found,
+ memory allocated.
+ (my_ldap_connect): Follow the change, removing needless allocation.
+
+2022-10-07 Joey Berkovitz <joeyberkovitz@gmail.com>
+
+ dirmngr: Interrogate LDAP server when base DN specified.
+ + commit 5516f92224b6baf6d100d58fc273018bdac173f8
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
+ server when basedn specified.
+
+2022-10-07 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.
+ + commit 615c9717c15a541b212117bfaa88d41ff724127a
+ * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if
+ server supports this.
+
+ dirmngr: Factor out interrogate_ldap_dn function.
+ + commit 44960e702ee3e806331ee63c373c3f7e0931364b
+ * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New.
+
+2022-09-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
+ + commit 07c6743148d4abd30fb8bf08b07eb9755fdfff2d
+ * g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
+ before emitting an ENCRYPTION_COMPLIANCE_MODE status.
+
+2022-09-28 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix lost flags during LDAP upload.
+ + commit 32ce7ac0c67489e206544dce93a2364c2f7d9410
+ * dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const.
+ Use strtokenize instead of strtok style parsing.
+
+ dirmngr: New server flag "areconly" (A-record-only)
+ + commit 6300035ba17b4115df7139926ba55556362038ed
+ * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
+ * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
+ * dirmngr/dirmngr_ldap.c: Add option --areconly
+ (connect_ldap): Implement option.
+ * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
+
+2022-09-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Don't consider unknown keys as non-compliant while decrypting.
+ + commit 05b7e4a405c84da14e5f7ee04cfd3de4b0cb8290
+ * g10/mainproc.c (proc_encrypted): Change compliance logic.
+
+2022-09-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix CRL DP error fallback to other schemes.
+ + commit 289fbc550d18a7f9b26c794a2409ba820811f6b3
+ * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop.
+ Remove the unused issuername_uri stuff.
+
+2022-09-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update gpg-error.m4.
+ + commit ed1264e74b11c4ba7d17e6209ecf55655e2a6027
+ * m4/gpg-error.m4: Update from libgpg-error.
+
+2022-09-02 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.39.
+ + commit 7c2078a680dde2eaef30a8a6dc49de4540498736
+
+
+2022-09-01 Werner Koch <wk@gnupg.org>
+
+ common: Make nvc_lookup more robust.
+ + commit 8c22b00268bf5b2374cf7af69465a902b91946aa
+ * common/name-value.c (nvc_first): Allow for NULL arg.
+ (nvc_lookup): Allow for PK being NULL.
+
+ Release 2.2.38.
+ + commit 0b786fde775588413e5c9842bca3a3d8ea06fad5
+
+
+2022-08-31 Werner Koch <wk@gnupg.org>
+
+ dirmngr: New option --debug-cache-expired-certs.
+ + commit ea34325c54a2746bdc2d667a1c98ab07b051cf75
+ * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
+ * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
+ (opts): Add option.
+ (parse_rereadable_options): Set option.
+ * dirmngr/certcache.c (put_cert): Handle the option.
+
+ common,w32: Fix an encoding problem of the printed timezone.
+ + commit 0b91fa0f13fd3644d0be137ed02e006aa05b9501
+ * common/gettime.c (w32_strftime) [W32]: New function.
+ (strftime) [W32]: New refinition macro.
+
+ gpg: Emit STATUS_FAILURE for --require-compliance errors.
+ + commit e05fb5ca3711f02eb562868dc38d30e3cccda270
+ * g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG. Print
+ compliance failure error and status for CO_DE_VS.
+ * g10/mainproc.c (proc_encrypted): Call compliance_failure in the
+ require-compliance error case.
+ * g10/encrypt.c (check_encryption_compliance): Ditto.
+
+2022-08-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add npth_unprotect/npth_protect for blocking operations.
+ + commit e1169e8f8ac75ad32fccb7743ffd06803bd50f93
+ * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
+ (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
+ blocking operations by npth_unprotect/npth_protect.
+
+ dirmngr: Reject certificate which is not valid into cache.
+ + commit 14ccabe7f82f64bbf84b8a880cd8b4a34cea9061
+ * dirmngr/certcache.c (put_cert): When PERMANENT, reject the
+ certificate which is obviously invalid.
+
+2022-08-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix assertion failure due to errors in encrypt_filter.
+ + commit aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
+ * common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error
+ return value.
+ * g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
+
+ * g10/encrypt.c (encrypt_filter): Immediately set header_okay.
+
+2022-08-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Make --require-compliance work for -se.
+ + commit f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
+ * g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
+ out to ...
+ (create_dek_with_warnings): new
+ (check_encryption_compliance): and new.
+
+ * g10/encrypt.c (encrypt_filter): Add the compliance check.
+
+2022-08-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Rename a function.
+ + commit 15cf36f6a84deb739bef9944819c5f79f8de3334
+ * g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.
+
+ gpg: Very minor cleanup in decrypt_data.
+ + commit 5b24c41ba72c2d06f6acc7c2ad51cf6f384d41d8
+ * g10/decrypt-data.c (decrypt_data): Show also the aead algo with
+ --show-session-key. Remove meanwhile superfluous NULL-ptr test.
+
+2022-08-29 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ g10/decrypt-data: disable output estream buffering to reduce overhead.
+ + commit e92812a4752e56977286f96f7b5064db1e22936d
+ * g10/decrypt-data.c (decrypt_data): Disable estream buffering for
+ output file.
+
+2022-08-24 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.37.
+ + commit 8e60f885713b833dfd8cef7f5b0272df0e48d62f
+
+
+2022-08-19 Werner Koch <wk@gnupg.org>
+
+ gpgsm: New option --compatibility-flags.
+ + commit 77b6896f7a85a4b1c9cdd731e1d68d59a0e09950
+ * sm/gpgsm.c (oCompatibilityFlags): New option.
+ (compatibility_flags): new.
+ (main): Parse and print them in verbose mode.
+ * sm/gpgsm.h (opt): Add field compat_glags.:
+ (COMPAT_ALLOW_KA_TO_ENCR): New.
+ * sm/keylist.c (print_capabilities): Take care of the new flag.
+ * sm/certlist.c (cert_usage_p): Ditto.
+
+ * common/miscellaneous.c (parse_compatibility_flags): New.
+ * common/util.h (struct compatibility_flags_s): New.
+
+2022-08-17 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Make --auto-key-import and --include-key-block visible again.
+ + commit b356eddf3d7a1ed0fae808b9277134d50f4974af
+ * tools/gpgconf-comp.c: Add options.
+
+2022-08-16 Werner Koch <wk@gnupg.org>
+
+ agent: Fix bug introduced earlier today.
+ + commit 3591112fdb013dee1a1a668c9f777d0890520311
+ * agent/findkey.c (agent_write_private_key): Fix condition.
+
+ gpg: Fix "generate" command in --card-edit.
+ + commit 914ee7247562dc8f1e4b8503b3b574a5d2749bde
+ * g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
+ testing for it.
+
+ * g10/card-util.c (current_card_status): Always try to update the
+ shadow keys.
+ * g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.
+
+ gpg: Update shadow-keys with --card-status also for non-openpgp cards.
+ + commit 2d23a72690b44528783264a93e170585a99cc774
+ * agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
+ mode.
+ * g10/call-agent.c (agent_update_shadow_keys): new.
+ * g10/card-util.c (current_card_status): Call it.
+
+ agent: Let READKEY update the display-s/n of the Token entry.
+ + commit 755920d4335730fbf25e24342dc9c8a8a772dac3
+ * agent/findkey.c (agent_write_private_key): Factor file name
+ generation out to ...
+ (fname_from_keygrip): new.
+ (write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
+ (agent_write_shadow_key): Ditto.
+
+ * agent/command.c (cmd_readkey): Update the shadow-key in card mode.
+
+ gpg: Fix --card-status to handle lowercase APPTYPEs.
+ + commit 8e393e2592646f7d2a11ec32232b8f29eacdce13
+ * g10/card-util.c (current_card_status): Use ascii_strcasecmp.
+
+2022-08-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix detecting OpenPGP card by serialno.
+ + commit 27ae89db6e6901a8fd6f1dce50a25c1a4b845086
+ * g10/card-util.c (get_info_for_key_operation): Use ->apptype to
+ determine card's APP.
+ (current_card_status): Even if its SERIALNO is not like OpenPGP card,
+ it's OpenPGP card when app says so.
+
+2022-08-16 Werner Koch <wk@gnupg.org>
+
+ common: In private key mode write "Key:" always last in name-value.
+ + commit 12ad9529782df1eecf628281b8db62cafd775c4f
+ * common/name-value.c (nvc_write): Take care of Key. Factor some code
+ out to ...
+ (write_one_entry): new.
+
+2022-08-15 Werner Koch <wk@gnupg.org>
+
+ agent: Create and use Token entries to track the display s/n.
+ + commit dc9b2426288e4eb6ab42aa7f731a35bc8d383b46
+ * agent/divert-scd.c (linefeed_to_percent0A): New.
+ (ask_for_card): Add arg grip. Read Token and Label items and use
+ them.
+ (divert_pksign, divert_pkdecrypt): Pass down grip.
+ * agent/findkey.c (write_extended_private_key): Add args serialno,
+ keyref, and dispserialno. Writen Token item.
+ (agent_write_private_key): Add args serialno, keyref, and
+ dispserialno.
+ (read_key_file): Add arg r_keymeta.
+ (agent_keymeta_from_file): New.
+ (agent_write_shadow_key): Remove leading spaces from serialno and keyid.
+ * agent/protect-tool.c (agent_write_private_key): Ditto.
+ * agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
+ agent_write_shadow_key.
+ * agent/command-ssh.c (card_key_available): Ditto.
+
+ common: New function nve_set.
+ + commit 706adf669173ec604158e4a2f4337e3da6cb1e45
+ * common/name-value.c (nve_set): New.
+ (nvc_set): Use nve_set.
+ (nvc_delete_named): New.
+ (nvc_get_string): New.
+ (nvc_get_boolean): New.
+
+2022-08-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix wrong error message for keytocard.
+ + commit f2a81e3745017072585c9999a129ee5dd0bdc6e6
+ * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
+
+2022-08-03 Werner Koch <wk@gnupg.org>
+
+ common: Silence warnings from AllowSetForegroundWindow.
+ + commit 6583abedf3f0ffe5cc8283fe683144fc1d5add40
+ * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
+ only with debug flag set.
+
+ dirmngr: Fix failed malloc error message.
+ + commit 94908857e1f54a3550a3704a5de6bd10b7902169
+ * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
+
+ gpgconf: Add config file for Windows Registry dumps.
+ + commit ebb736b2c310c8736d1165be9c8e2de413dd0ac6
+ * tools/gpgconf.c (show_registry_entries_from_file): New.
+ (show_configs): Call it.
+ * doc/examples/gpgconf.rnames: New.
+ * doc/Makefile.am (examples): Add it.
+
+2022-08-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Make symmetric + pubkey encryption de-vs compliant.
+ + commit e8011a7ceca7d5d9fd703f227e56931a7ea151d6
+ * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
+ de-vs compliant.
+
+ * g10/mainproc.c (struct symlist_item): New.
+ (struct mainproc_context): Add field symenc_list.
+ (release_list): Free that list.
+ (proc_symkey_enc): Record infos from symmetric session packet.
+ (proc_encrypted): Check symkey packet algos
+
+ gpgconf: Improve registry dumping.
+ + commit 6bc959231802d60694b7677d3537261d9cda1e1d
+ * common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
+ string.
+ (read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
+ (show_configs): Indicate whether the HKLM fallback was used.
+ * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
+ Registry key. Indicate whether the HKLM fallback was used.
+
+2022-07-28 Werner Koch <wk@gnupg.org>
+
+ gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
+ + commit 890e616593af5d1e0f2eb932768205ef90928e5e
+ * g10/pkclist.c (select_algo_from_prefs): Change implicit hash
+ algorithm.
+
+2022-07-27 Werner Koch <wk@gnupg.org>
+
+ agent: New option --no-user-trustlist and --sys-trustlist-name.
+ + commit d0bd91ba73a7e333e9b5007875c9bd475fb9581e
+ * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
+ (opts): Add new option names.
+ (parse_rereadable_options): Parse options.
+ (finalize_rereadable_options): Reset allow-mark-trusted for the new
+ option.
+ * agent/agent.h (opt): Add fields no_user_trustlist and
+ sys_trustlist_name.
+ * agent/trustlist.c (make_sys_trustlist_name): New.
+ (read_one_trustfile): Use here.
+ (read_trustfiles): Use here. Implement --no-user-trustlist. Also
+ repalce "allow_include" by "systrust" and adjust callers.
+
+2022-07-27 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ gpg: Look up user ID to revoke by UID hash.
+ + commit abe69b2094dd749fc2f285b672d30a4f1e3f12a7
+ * g10/keyedit.c (find_userid_by_namehash, find_userid): New.
+ (keyedit_quick_revuid): Use find_userid() instead of iterating over the
+ nodes of the keyblock.
+ * tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
+ user ID specified by its hash.
+
+2022-07-27 Werner Koch <wk@gnupg.org>
+
+ wkd: Bind the address to the nonce.
+ + commit 73a98c13969169fee6bf5eaa71507a409eb17caf
+ * tools/gpg-wks-server.c (make_pending_fname): New.
+ (store_key_as_pending, check_and_publish): Use here.
+ (process_new_key): Pass addrspec to store_key_as_pending.
+ (expire_one_domain): Expire also the new files.
+
+2022-07-26 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ dirmngr: Ask keyservers to provide the key fingerprints.
+ + commit 22e8dc792702cd485408b5a8212d34a3917851ca
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
+ request URL.
+
+2022-07-25 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ gpg: Request keygrip of key to add via command interface.
+ + commit ee8f1c10a7a54714fb2a9ca141d38e666b9a424d
+ * g10/keygen.c (ask_algo): Request keygrip via cpr_get.
+ * doc/help.txt (gpg.keygen.keygrip): New help text.
+
+2022-07-25 Werner Koch <wk@gnupg.org>
+
+ wkd: Fix path traversal attack on gpg-wks-server.
+ + commit c1489ca0e101a81df6f8b1ba8d8a9afd9ebc6412
+ * tools/gpg-wks-server.c (check_and_publish): Check for invalid
+ characters in sender controlled data.
+ * tools/wks-util.c (wks_fname_from_userid): Ditto.
+ (wks_compute_hu_fname): Ditto.
+ (ensure_policy_file): Ditto.
+
+2022-07-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:openpgp: Fix workaround for Yubikey heuristics.
+ + commit 8c9f879d4aa01ad96320869fb3da83a843292504
+ * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
+ of firmware 5.4, too.
+
+ scd: Fail when no good algorithm attribute.
+ + commit 225c66f13b8700d9d283367705b31070a3d38d93
+ * scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
+ (change_keyattr): Follow the change.
+ (app_select_openpgp): Handle the error of parse_algorithm_attribute.
+
+2022-07-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Don't inhibit SSH authentication for larger data if it can.
+ + commit 07e43eda8dc69cecc385a6b3723e155afbc59257
+ * scd/app-openpgp.c (do_auth): Use command chaining if available.
+
+2022-07-06 Werner Koch <wk@gnupg.org>
+
+ Release 2.3.36.
+ + commit 491645b50ec97db12520483d347291d660db209c
+
+
+2022-06-29 Werner Koch <wk@gnupg.org>
+
+ gpgconf: New short options -V and -X.
+ + commit f357a5f239919de976b86a666410f504682973e4
+ * tools/gpgconf.c: Assign short options -X and -V
+ (show_version_gnupg): Print the vsd version if available.
+
+2022-06-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Flush before calling ftruncate.
+ + commit 9e2307ddf0c2608e9cfb435f870b75cbb35791d7
+ * agent/findkey.c (write_extended_private_key): Make sure
+ it is flushed out.
+
+2022-06-21 Werner Koch <wk@gnupg.org>
+
+ sm: Update pkcs#12 module from master.
+ + commit 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
+ * sm/minip12.c: Update from master.
+ * sm/import.c (parse_p12): Pass NULL for curve.
+
+2022-06-20 Werner Koch <wk@gnupg.org>
+
+ common: Add an easy to use DER builder.
+ + commit d21ced1e3596dc9e4fa53995286b4cbbd6e94195
+ * common/tlv-builder.c: New.
+ * common/tlv.c: Remove stuff only used by GnuPG 1.
+ (put_tlv_to_membuf, get_tlv_length): Move to ...
+ * common/tlv-builder.c: here.
+ * common/tlv.h (tlv_builder_t): New.
+
+2022-06-14 Werner Koch <wk@gnupg.org>
+
+ g10: Fix garbled status messages in NOTATION_DATA.
+ + commit 7b1db7192e6e4d0cfc439b23b13831837c85bc21
+ * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
+
+2022-06-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
+ + commit aeee62593ae9147a38fd79f0782f3fa0e4ac5c4a
+ * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
+ and assuan_end_confidential, and wipe the memory after use.
+ * agent/command.c (cmd_preset_passphrase): Likewise.
+ * scd/command.c (pin_cb): Likewise.
+
+2022-06-03 Werner Koch <wk@gnupg.org>
+
+ w32: Avoid warning about not including winsock2.h after windows.h.
+ + commit dfc01118ce0707c2d920fb31f7731f3a383df761
+ * common/dynload.h: Include winsock2.h first.
+
+ w32: Allow Unicode filenames for iobuf_cancel.
+ + commit 10db566489880acd510f8e07dc52a38dd82feafe
+ * common/iobuf.c (iobuf_cancel): Use gnupg_remove
+ * common/mischelp.c (same_file_p): Allow for Unicode names.
+
+2022-06-01 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Fix accidental commit of debug code.
+ + commit e3db6c74a6305e86eaefb0ca8d49d4d9754104ff
+ * scd/app-p15.c (do_sign): Revert MSE setting.
+
+ scd: Shorten cardio debug output for all zeroes.
+ + commit 62becf599eb861936faf88b6ec5e0f7b1658b54e
+ * scd/apdu.c (all_zero_p): New.
+ (send_le): Use it.
+
+ (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
+
+2022-05-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix use of SCardListReaders for PC/SC.
+ + commit 7bc794c3113400af082b26610d9d1305826be54e
+ * scd/apdu.c (open_pcsc_reader): Initialize NREADER.
+
+2022-05-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add workaround for ECC attribute on Yubikey.
+ + commit a5217c90003c2e1b9bfb06b58ffc2d0d9164f22a
+ * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
+ octet in a key attribute.
+
+2022-05-06 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Improve the displayed S/N for Technology Nexus cards.
+ + commit 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
+ * scd/app-p15.c (any_control_or_space_mem): New.
+ (get_dispserialno): Add new code.
+
+ scd:p15: Fix the the sanity check of the displayed S/N.
+ + commit 8efe738c4a090f523461fa3055da668467715105
+ * scd/app-p15.c (any_control_or_space): Fix loop.
+
+2022-05-05 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Fix reading certificates without length info.
+ + commit 7f029eef6ce15be4167f56e7fc07755d189e5e27
+ * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
+ object has no length info. Add debug output when reading a cert.
+ (read_p15_info): No more need to disable extended mode for GeNUA cards.
+
+ scd: New debug flags "card".
+ + commit d60f930d9b000e802dc61c8e8d494a3091dc0437
+ * scd/scdaemon.c (debug_flags): Add "card".
+ * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
+
+ gpg: Minor robustness fix.
+ + commit 36a5509e11c81305c4ded93982fa594bd52555a6
+ * g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
+ failed gcry_mpi_scan.
+
+2022-05-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Add a test for Ed25519 keys for non-protected secret.
+ + commit 06e82e997a56406e04113a7f6c1d083e0cc04172
+ * tests/openpgp/issue5120.scm: New.
+
+2022-04-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Handle leading-zeros private key for Ed25519.
+ + commit 3fcef7371480cce392d690897d42955f1b19c12a
+ * g10/parse-packet.c (mpi_read_detect_0_removal): New.
+ (parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
+ to tweak the checksum.
+
+ Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
+ + commit 3192939a10df17cb9666773ed8888627f6d16b8d
+ This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.
+
+2022-04-25 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.35.
+ + commit f7bc6f50496bffc3c377cb4e3e844242a590b5e1
+
+
+ gpg: Avoid NULL ptr access due to corrupted packets.
+ + commit 86d84464ae11666b1556e876a41a65cec8daaf18
+ * g10/parse-packet.c (parse_signature): Do not create an opaque MPI
+ with NULL and length > 0
+ (parse_key): Ditto.
+
+2022-04-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Not writing password into file.
+ + commit 9c0a24b4a55edff3d54cc5e98ba8112714f583e3
+ * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
+ pattern check program.
+
+2022-04-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Emit an ERROR status as hint for a bad passphrase.
+ + commit f021ecd57624f09430731f5deee2c4d0712150c8
+ * g10/mainproc.c (proc_symkey_enc): Issue new error code.
+ (proc_encrypted): Ditto.
+
+2022-04-20 Werner Koch <wk@gnupg.org>
+
+ w32: Do no use Registry item DefaultLogFile for the main tools.
+ + commit a5faaf8bee43e1e8d99cf3c08fad8ccce047fc28
+ * g10/gpg.c (main): Set LOG_NO_REGISTRY.
+ * sm/gpgsm.c (main): Ditto.
+ * tools/gpg-connect-agent.c (main): Ditto.
+ * tools/gpgconf.c (main): Ditto.
+ (show_other_registry_entries): Print "DefaultLogFile".
+
+2022-04-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Replace an assert by a log_fatal.
+ + commit c8c71fc7161bf6b553bc5b45b2f7a06f8a1a4639
+ * g10/build-packet.c (do_signature): Use log_fatal.
+
+ scd: Minor code reorganization.
+ + commit 58532fe56c334d0edc589311e6601fb9da70d9a1
+ * scd/ccid-driver.c: Move struct defines to the top.
+ (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
+
+ scd: Fix memory leak in ccid-driver.
+ + commit c4b14be48fe9b0f52bca9840375eb0eac3cc2432
+ * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
+
+2022-04-13 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Improve the PIN prompt for Genua cards.
+ + commit e99670f944bc613d258d0810c5831a2099718d4e
+ * scd/app-p15.c (CARD_PRODUCT_GENUA): New.
+ (cardproduct2str): Add it.
+ (read_p15_info): Detect and set GENUA
+ (make_pin_prompt): Take holder string from the AODF.
+
+ scd:p15: Support for GeNUA cards.
+ + commit 44ec383cdec06ee4ac8dbe7b913990bbeeb3d3a3
+ * scd/app-p15.c (read_p15_info): Disable extended mode for Genua
+ cards.
+
+ scd:p15: Prepare AODF parsing for other authentication types.
+ + commit 29fd80581867beeec068b49e8587762394e7d4d1
+ * scd/app-p15.c (auth_type_t): New.
+ (struct aodf_object_s): Add field auth_type.
+ (read_ef_aodf): Distinguish between pin and authkey types. Include
+ the authtype in the verbose mode diags.
+
+ scd:p15: Add basic support for AET JCOP cards.
+ + commit 80cf64c65155f718ed7dcee0e6a2aedbd9a2a5b0
+ * scd/app-p15.c (CARD_TYPE_AET): New.
+ (cardtype2str): Add string.
+ (card_atr_list): Add corresponding ATR.
+ (app_local_s): New flag no_extended_mode. Turn two other flags into
+ bit flags.
+ (select_ef_by_path): Hack to handle the 3FFF thing.
+ (readcert_by_cdf): Do not use extended mode for AET.
+ (app_select_p15): Set no_extended_mode.
+ ---
+ (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
+
+2022-03-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ common,unix: Backport dotlock changes from GnuPG 2.3.
+ + commit d9a8d3353afd669252e25b56ed92f9fb7c0dcc3d
+ * common/dotlock.c (read_lockfile): Return FD in R_FD.
+ (dotlock_take_unix): Fix a race condition by new read_lockfile and
+ checking with fstat. Describe one race condition in comment.
+ (dotlock_release_unix): Follow the change of read_lockfile.
+
+2022-03-28 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Escape more characters in WKD requests.
+ + commit 3b251c8366cf7ddf5b82fc2331a8009fa1f2de23
+ * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'
+
+2022-03-22 Werner Koch <wk@gnupg.org>
+
+ gpgtar: New option --with-log.
+ + commit ce69d55f70a18cfe5cf91353efc00ab43ba8fd8b
+ * tools/gpgtar.c: New option --with-log.
+ * tools/gpgtar.h (opt): Add field with_log.
+ * tools/gpgtar-extract.c (gpgtar_extract): Move directory string
+ building up. Add option --log-file if needed.
+ * tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
+ is used outside of its scope.
+ * tools/gpgtar-list.c (gpgtar_list): Ditto.
+
+2022-03-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Make WKD_GET work even for servers not handling SRV RRs.
+ + commit 6d30fb6940d57237392f9196a4de5c7246ffefdf
+ * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures
+
+ gpgtar: Finally use a pipe for decryption.
+ + commit d431feb3077f763e37f824026988a10d87c8a5aa
+ * tools/gpgtar.h (opt): Add new flags.
+ * tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
+ --require-compliance.
+ (main): Init signals.
+ * tools/gpgtar-create.c: Add new header files.
+ (gpgtar_create): Rework to use a pipe for encryption and signing.
+ * tools/gpgtar-list.c: Add new header files.
+ (gpgtar_list): Rework to use a pipe for decryption.
+ * tools/gpgtar-extract.c: Add new header files.
+ (gpgtar_extract): Rework to use a pipe for decryption.
+
+2022-03-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Print info about the used AEAD algorithm.
+ + commit 15eda7ce783a81d2f5911028a4c8c3ce5649edca
+ * g10/misc.c (openpgp_cipher_algo_mode_name): New.
+ * g10/decrypt-data.c (decrypt_data): Use function here.
+
+ common: New function map_static_strings.
+ + commit c1453665491fb6a16883ee5e1828cfb0c28b466a
+ * common/mapstrings.c (struct intmapping_s): New.
+ (map_static_strings): New.
+ * common/stringhelp.c (do_strconcat): Rename to ...
+ (vstrconcat): this and make global.
+
+ * common/t-mapstrings.c (test_map_static_strings): New test.
+
+ gpg: Allow decryption of symencr even for non-compliant cipher.
+ + commit e081a601f7b31fa278e46de7c6834a756b63cec2
+ * g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust
+ all callers. Fail on compliance error only in --require-compliance
+ mode. Make sure to return an error if the buffer is missing; actually
+ that should be an assert.
+ * g10/mainproc.c (proc_encrypted): Delay printing of the compliance
+ mode status. Consult the compliance error now returned by
+ decrypt_data.
+
+2022-03-15 Werner Koch <wk@gnupg.org>
+
+ common: New flags for gnupg_spawn_process.
+ + commit 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
+ * common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
+ (GNUPG_SPAWN_KEEP_STDOUT): New.
+ (GNUPG_SPAWN_KEEP_STDERR): New.
+ * common/exechelp-posix.c (do_exec): Add arg flags and implement new
+ flags.
+ * common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
+
+2022-03-09 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Silence warnings from parsing the options files.
+ + commit e8b1ab1d2d22f938b3e5991343b7e089d96606a0
+ * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
+ flag for the arg parser only in --verbose mode.
+
+2022-03-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ sm: Fix parsing encrypted data.
+ + commit 0c7dffe99d3fded41df87512063515b5ca2da820
+ * sm/minip12.c (cram_octet_string): Finish when N==0.
+ (parse_bag_encrypted_data): Support constructed data with multiple
+ octet strings.
+
+2022-03-08 Werner Koch <wk@gnupg.org>
+
+ gpgsm: New option --require-compliance.
+ + commit 847d618454e6f8418b169132dbdd0307d9b4d7e0
+ * sm/gpgsm.c (oRequireCompliance): New.
+ (opts): Add --require-compliance.
+ (main): Set option.
+ * sm/gpgsm.h (opt): Add field require_compliance.
+ (gpgsm_errors_seen): Declare.
+ * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
+ * sm/encrypt.c (gpgsm_encrypt): Ditto.
+ * sm/decrypt.c (gpgsm_decrypt): Ditto.
+
+ gpg: New option --require-compliance.
+ + commit 17890d43187384d049d80af28a5baea8613ff6ea
+ * g10/options.h (opt): Add field flags.require_compliance.
+ * g10/gpg.c (oRequireCompliance): New.
+ (opts): Add --require-compliance.
+ (main): Set option.
+ * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
+ (check_sig_and_print): Ditto.
+ * g10/encrypt.c (encrypt_crypt): Ditto.
+
+ gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.
+ + commit c11292fe736db6e61fad17d74f65b0b5ad9c2808
+ * g10/Makefile.am (AM_CFLAGS): Reorder.
+
+2022-03-04 Werner Koch <wk@gnupg.org>
+
+ gpgtar,w32: Support file names longer than MAX_PATH.
+ + commit 5492079defab85b1ba2c583e32a8feb752314b2e
+ * tools/gpgtar.c: Replace assert by log_assert.
+ * tools/gpgtar-extract.c: Ditto.
+ (extract_regular): Create files with sysopen flag.
+ * tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
+
+ common,w32: Support file names longer than MAX_PATH in iobuf.
+ + commit 4122896a39b7ac5dc071bf4d2e9be0ac8a3e21d7
+ * common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
+ (any8bitchar): Remove.
+
+2022-02-24 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ g10: Avoid extra hash contexts when decrypting MDC input.
+ + commit 9116fd1e9a2da9c83f94acfe41fb6e5c6f03e8d1
+ * g10/mainproc.c (mainproc_context): New member
+ 'seen_pkt_encrypted_mdc'.
+ (release_list): Clear 'seen_pkt_encrypted_mdc'.
+ (proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
+ (have_seen_pkt_encrypted_aead): Rename to...
+ (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
+ 'seen_pkt_encrypted_mdc'.
+ (proc_plaintext): Do not enable extra hash contexts when decrypting
+ MDC input.
+
+2022-02-21 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Used extended mode already for RSA 2048.
+ + commit a2db490de5473af42d7b5a99398c48befe294394
+ * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE.
+
+2022-02-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Remove a test case with "quiet" option with gpgconf.
+ + commit f064d972e38863358a2dd53de43acd66572830c2
+ * tests/openpgp/gpgconf.scm: Remove "quiet" test.
+
+ scd: Use lock_slot for apdu_send_direct.
+ + commit 3c3765405de02b9a57fdc9a3cf901f6e3aca8586
+ * scd/apdu.c (apdu_send_direct): Use lock_slot.
+
+2022-02-09 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Do not show "quiet" as option.
+ + commit 2f2130ff24faf4507fa5949e834c155b4a8e1525
+ * tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
+
+2022-02-07 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.34.
+ + commit 04d40a680baa43f9803d0981b1da49144021d723
+
+
+ dirmngr: Changes to the linking order.
+ + commit 3c79ff34c417bfc392008eca1970b86bec54d6c3
+ * dirmngr/Makefile.am: Tweak library order.
+
+ gpgconf: Make gpgconf --launch dirmngr work again.
+ + commit 5a7ed6dd8f1b4e3c2e8f6e82700a86bd886c5f50
+ * tools/gpgconf.h (gc_component_id_t): Fix the order.
+
+ gpgconf: Print the used code pages on Windows with --show-configs.
+ + commit 32b364b99b492c580330591640cdaa7407016733
+ * tools/gpgconf.c (show_configs): Add some code
+
+ common: Fix creation of Windows socket directories.
+ + commit 7d1215cb9cba258102b91c92e6973783e8d53b07
+ * common/homedir.c (w32_try_mkdir): Remove.
+ (standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
+ (_gnupg_socketdir_internal): Ditto.
+
+2022-02-04 Werner Koch <wk@gnupg.org>
+
+ m4: Update our library m4 files from master.
+ + commit c8cd66ae7e609f221c7dad905e88a206a285ab1c
+ * m4/gpg-error.m4: Updated
+ * m4/ksba.m4: Updated
+ * m4/libassuan.m4: Updated
+ * m4/libgcrypt.m4: Updated
+ * m4/npth.m4: Updated
+ * m4/ntbtls.m4: Updated
+
+2022-02-03 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow building with non-standard ntbtls location.
+ + commit 137590fd8614a69cc60da3226cefc4495502ec26
+ * dirmngr/Makefile.am: Add missing -L and -I
+
+ dirmngr: Simplify --gpgconf-list output.
+ + commit 0b76ef48e1df4c210d57f3bf4bc1fe1fa3762408
+ * dirmngr/dirmngr.c (main): Keep only values with the default flag.
+
+ sm: New option --ignore-cert-with-oid.
+ + commit bcf446b70ca58ac1497269f047fba9ddb3d62e96
+ * sm/gpgsm.c (oIgnoreCertWithOID): New.
+ (opts): Add option.
+ (main): Store its value.
+ * sm/call-agent.c (learn_cb): Test against that list.
+
+2022-02-02 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Return the compliance_de_vs item.
+ + commit e058d15d2d56dfed2723e1a55c75e52db87b2dc2
+ * tools/gpgconf-comp.c (known_options_gpg): Add missing pseudo option.
+
+2022-02-01 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Avoid initial delay on the first keyserver access.
+ + commit dde88897e2c5851aab32370ee6c8ace150debb77
+ * dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
+ * dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
+ proxy in never-use-tor Mode.
+
+ * tools/gpgtar-create.c: Include unistd.h to avoid a warning on
+ Windows.
+
+ gpg: Set --verbose and clear --quiet in debug mode.
+ + commit d426ed66ac043e442649a8a2bc7eac6753a5bf58
+ * g10/gpg.c (set_debug): Tweak options.
+
+2022-01-28 Werner Koch <wk@gnupg.org>
+
+ ssh: Fix adding an ed25519 key with a zero length comment.
+ + commit 2331900d1cc022c04177272a51c00690229bb989
+ * agent/command-ssh.c (sexp_key_construct): Do not put an empty string
+ into an S-expression.
+ (stream_read_string): Do not not try to a read a zero length block.
+
+2022-01-27 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Tweak the use of ldapserver.
+ + commit e1fc053dc1ad260922428cf864071e829e6c30f2
+ * tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
+ invisible.
+ (known_options_dirmngr): Add "ldapserver".
+ * sm/gpgsm.c (oKeyServer_deprecated): New.
+ (opts): Assign "ldapserver" to the new option and makr it as obsolete.
+
+2022-01-26 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Some more fixes for the backported stuff.
+ + commit eefa2d19ee3f359435f0e5324cb5f10f2d8940a5
+ * agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
+ have a default. Remove runtime flag.
+ * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
+ * tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
+ (known_options_gpg_agent): Add a few missing runtime flags. Remove
+ "options". Add "check-sym-passphrase-pattern".
+ (known_options_scdaemon, known_options_gpgsm): Remove "options".
+ (dirmngr): Ditto.
+
+ * tools/gpgconf-comp.c (is_known_option): Return only options having a
+ value for name. Thus we list list options from the known_options
+ tables.
+
+ gpgconf: Fix --list-options for forced options.
+ + commit 85300587cc8a115c96e812850762090f937ade9b
+ * tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
+ by log_assert.
+ (known_options_gpg): Add "keyserver" as invisible. Remove "options".
+ (known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
+ (gc_component): Add field known_pseudo_options.
+ (struct read_line_wrapper_parm_s): New.
+ (read_line_wrapper): New.
+ (retrieve_options_from_program): Use read_line_wrapper to handle
+ pseudo options.
+ (retrieve_options_from_program): Ignore to be ignored options. Add
+ failsafe code to avoid calling percent_escape with NULL.
+
+2022-01-25 Werner Koch <wk@gnupg.org>
+
+ common: Fix returning of option attributes for options with args.
+ + commit d8e6d1e9ed7d181f546426269ab7b04e184bb9a1
+ * common/argparse.c (gnupg_argparse): Set attribute flags
+
+ scd: Also prefer Yubikeys if no reader port is given.
+ + commit 38c666ec3fdb0e3a8762889ae99faca4adb68b68
+ * scd/apdu.c (select_a_reader): Extend the white list.
+
+2022-01-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix adding the list of ultimate trusted keys.
+ + commit 4cc724639c012215f59648cbb4b7631b9d352e36
+ * g10/keygen.c (do_generate_keypair): Remove call to
+ register_trusted_keyid for updating user_utk_list.
+ * g10/trust.c (register_trusted_keyid): Remove.
+ (update_ownertrust): Add call to tdb_update_utk.
+ * g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
+ function by adding "static" qualifier.
+ Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
+ (tdb_update_utk): New.
+ * g10/trustdb.h (tdb_update_utk): New.
+
+2022-01-12 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Add command aliases -L -K -R.
+ + commit f16c535eee912224a44b5999df7915c69f2d41bc
+ * tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
+
+ common,w32: Improve HKCU->HKLM fallback.
+ + commit 96db487a4da5903b71c64edf7a0ee9c2e01a8762
+ * common/w32-reg.c (read_w32_registry_string): Add another fallback.
+
+2022-01-10 Werner Koch <wk@gnupg.org>
+
+ gpgtar: List and extract using extended headers.
+ + commit bf4cf04a54bb2aa34afdf1d3c814ca4e185bacc8
+ * tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
+ * tools/gpgtar-list.c (parse_header): Set the new type flags.
+ (parse_extended_header): New.
+ (read_header): Add arg r_extheader and parse extended header.
+ (print_header): Consult the extended header.
+ (gpgtar_list): Pass an extended header object.
+ (gpgtar_read_header): Ditto.
+ (gpgtar_print_header): Ditto.
+ * tools/gpgtar-extract.c (extract): New arg exthdr and factor name
+ checking out to ...
+ (check_suspicious_name): new.
+ (extract_regular): Add arg exthdr and consult it.
+ (extract_directory): Likewise.
+ (gpgtar_extract): Provide extheader object.
+
+ gpgtar: Create extended header for long file names.
+ + commit ec69ceab2615758e88c52a1d30c4731b3e71b105
+ * tools/gpgtar-create.c (global_header_count): new.
+ (myreadlink): New.
+ (build_header): New arg r_exthdr. Detect and store long file and link
+ names. Factor checkum computation out to ...
+ (compute_checksum): new.
+ (add_extended_header_record): New.
+ (write_extended_header): New.
+ (write_file): Write extended header.
+
+2021-12-30 Werner Koch <wk@gnupg.org>
+
+ build: Fixes recent commits to still build with gpgrt 1.27.
+ + commit c4153f7021afafe9ce4459aa08857136b394cce7
+ * agent/gpg-agent.c (main): Use gnupg_argparse.
+ * tools/gpgconf-comp.c: Use gnupg_opt_t.
+ * tools/gpgconf.c (show_version_gnupg): Use strusage.
+
+ gpgconf: Do not list ignored options and mark forced options as r/o.
+ + commit c69c51bce0f07bf1becdb944a422bdc563705dae
+ * tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
+ the no_change flag for forced options.
+ (retrieve_options_from_program): Put the attributes into the option
+ table.
+
+2021-12-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Re-group the options in the --help output.
+ + commit f7bde071ccc8583b58ddaafa42e997e9202b041f
+ * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
+ use ARGPARSE_ignore and remove the code in the option switch.
+
+ agent: Re-group the options in the --help output.
+ + commit 7e535503a9c637007a933a77e4bc674c8fb6dfea
+ * agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
+
+ gpgconf: Take care of --homedir when reading/updating options.
+ + commit 5934027115239cb7b39659f14f7a1dfecada6b76
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
+ (scdaemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): Ditto.
+ (gc_component_check_options): Pass --homedir if needed.
+ (retrieve_options_from_program): Take care of --homedir.
+
+ gpgconf: Rewrite the gpgconf-comp module.
+ + commit 7a3a1ef3707194e1086c452d005319c519905d3e
+ * tools/gpgconf.h (gc_component_t): Change type to ...
+ (gc_component_id_t): this.
+ (GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
+ directly.
+ * tools/gpgconf-comp.c: Major rework.
+
+ gpgconf: Support reading global options (part 2).
+ + commit 5f890f417f135e237074c8a454e6a73e66d7b78d
+ * tools/gpgconf-comp.c: Remove all regular option descriptions. They
+ are now read in from the component. Also remove a few meanwhile
+ obsolete options.
+ * agent/gpg-agent.c: Add option description which were only set in
+ gpgconf-comp.c.
+ * dirmngr/dirmngr.c: Ditto.
+ * scd/scdaemon.c: Ditto.
+ * sm/gpgsm.c: Ditto.
+ * g10/gpg.c: Ditto.
+
+ gpgconf: Support reading global options (part 1).
+ + commit 7397872445d6d2b8c9ef25e0108e603baa5478de
+ * tools/gpgconf.c (main): Set the config directories.
+ * tools/gpgconf-comp.c (gc_backend): Change the name of the config
+ files.
+ (struct gc_option): Add new field 'attr'.
+ (retrieve_options_from_program): Rewrite to use gpgrt_argparser.
+
+ common: New function xreallocarray.
+ + commit f0d034ebf4fc299c2a6097248f51c329e65d2976
+ * common/miscellaneous.c (gnupg_reallocarray): New.
+ (xreallocarray): New.
+
+2021-12-13 Werner Koch <wk@gnupg.org>
+
+ common,w32: Sync read_w32_registry_string with the gpgrt version.
+ + commit 1af559a9a24fd930094ab7b466ed051cdbc66f99
+ * common/w32-reg.c (get_root_key): Add short version of the root
+ classes.
+
+2021-12-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
+ + commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830
+ * g10/parse-packet.c (sos_read): Backport from 2.3.
+ (parse_key): Use sos_read for Ed25519 private key.
+
+2021-11-23 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.33.
+ + commit 457f6ac1ef6d61ffcc336683a85ffeed3114ae63
+
+
+2021-11-23 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 007fea8ce9af97f36b48253c6be764dcd35fdd9e
+
+
+2021-11-22 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --forbid-gen-key.
+ + commit 985fb25c46eafc811e7a07597591ede0cf89a921
+ * g10/gpg.c (oForbidGenKey, opts): New option.
+ (mopt): New local struct
+ (gen_key_forbidden): New.
+ (main): Set and handle the option.
+
+2021-11-19 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Include output of --list-dirs in --show-configs.
+ + commit 40d2c931652777509aba35d48b5d193a7e208780
+ * tools/gpgconf.c (list_dirs): Add arg special.
+ (show_other_registry_entries): Print the Homedir.
+ (show_configs): List directories.
+
+2021-11-18 Werner Koch <wk@gnupg.org>
+
+ gpgconf: --show-configs now prints a bunch of Registry entries.
+ + commit 7f31891ab1e51c00dd42232d3c286df519c2cdb8
+ * tools/gpgconf.c (show_other_registry_entries): New.
+ (show_configs): Call it. Minor reformatting.
+
+ gpgconf: Extend --show-config to show envvars.
+ + commit 58652f4c0b3a5e9fb6de54d802173bc52c798134
+ * tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
+ things.
+ (show_configs_one_file): New arg LISTP to be passed thru.
+ (show_configs): Show envars and regisiry values.
+
+ common,w32: New function read_w32_reg_string.
+ + commit 6c6c404883e52545ed38293384c95fdacb7227c4
+ * common/w32-reg.c (read_w32_reg_string): New.
+
+ * common/t-w32-reg.c (test_read_registry): Add another test.
+
+ gpg,gpgsm: Add option --min-rsa-length.
+ + commit 6ee01c1d26cae0415a3eec7f067cff7c324cb9c1
+ * common/compliance.c (min_compliant_rsa_length): New.
+ (gnupg_pk_is_compliant): Take in account.
+ (gnupg_pk_is_allowed): Ditto.
+ (gnupg_set_compliance_extra_info): New.
+ * g10/gpg.c (oMinRSALength): New.
+ (opts): Add --min-rsa-length.
+ (main): Set value.
+ * g10/options.h (opt): Add field min_rsa_length.
+ * sm/gpgsm.c (oMinRSALength): New.
+ (opts): Add --min-rsa-length.
+ (main): Set value.
+ * sm/gpgsm.h (opt): Add field min_rsa_length.
+
+2021-11-15 Werner Koch <wk@gnupg.org>
+
+ sm: Detect circular chains in --list-chain.
+ + commit c9343bec83e2c2a14b564b8a13998806eab1ae9f
+ * sm/keylist.c (list_cert_chain): Break loop for a too long chain.
+
+2021-11-15 NIIBE Yutaka <gniibe@fsij.org>
+ Klas Lindfors
+
+ scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
+ + commit b6b735edab036e4992872ef3d44b357fb9281ca8
+ * scd/app-openpgp.c (do_auth): Use extended Lc, when supported.
+
+2021-11-14 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ build: Fix several "include file not found" problems.
+ + commit 027e34235bc576e1523566bf98b2b795d3dc7967
+ * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
+ * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
+ NPTH_CFLAGS.
+ * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
+ gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.
+
+2021-11-14 Werner Koch <wk@gnupg.org>
+
+ agent: Print the non-option warning earlier.
+ + commit a43efc9294d158c62a3a04396fa3fe6c77090ba8
+ * agent/gpg-agent.c (main): Move detection up.
+
+2021-11-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove stale ultimately trusted keys from the trustdb.
+ + commit bc6d56282ec998e4b2d13c522316348b5058fc3f
+ * g10/tdbdump.c (export_ownertrust): Skip records marked with the
+ option --trusted-key.
+ (import_ownertrust): Clear the trusted-key flag.
+ * g10/tdbio.h (struct trust_record): Add field flags.
+ * g10/tdbio.c (tdbio_dump_record): Improve output.
+ (tdbio_read_record, tdbio_write_record): Handle flags.
+ * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
+ the flag for new --trusted-keys.
+ (tdb_update_ownertrust): Add arg as_trusted_key. Update callers.
+
+ gpgconf: New command --show-configs.
+ + commit 8fe3f57643479b8cb2e9e10fa2069c415c47d0af
+ * tools/gpgconf.c (aShowConfigs): New.
+ (opts): Add --show-configs.
+ (CUTLINE_FMT): New.
+ (show_version_gnupg): Add arg "prefix" and adjust caller.
+ (my_copy_file): New.
+ (show_configs_one_file): New.New.
+ (show_configs): New.
+ (main): Call show_configs.
+
+ agent,dirmngr: New option --steal-socket.
+ + commit 6507c6ab101e61fc5a3472497d258a0109257a47
+ * agent/gpg-agent.c (oStealSocket): New.
+ (opts): Add option.
+ (steal_socket): New file global var.
+ (main): Set option.
+ (create_server_socket): Implement option.
+
+ * dirmngr/dirmngr.c (oStealSocket): New.
+ (opts): Add option.
+ (steal_socket): New file global var.
+ (main): Set option. Add comment to eventually implement it.
+
+2021-11-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: More conservative selection of a card reader.
+ + commit 0982c6cb19da689ae84ad25b6db12bf30ac75030
+ * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list.
+
+2021-11-09 Bernhard M. Wiedemann <bwiedemann@suse.de>
+
+ wks: Do not mark key files as executable.
+ + commit 46ada6a9bd83daa9e5f064adfea1bb6ccdba5dcb
+
+
+ wks: Allow access to newly created dirs.
+ + commit f54feb44700062fd3f4ca2d5e6d4e203e74d94ea
+
+
+2021-11-02 Werner Koch <wk@gnupg.org>
+
+ common: Support MYPROC_SELF_EXE for Solaris.
+ + commit 006131f6289cd0e03a470c77795ad50a4bf9e269
+ * common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
+
+ common: Silence warning from unix_rootdir on systems w/o /proc.
+ + commit bcd8f0239dfc36f99fbbb8ee309828ccee8974c0
+ * common/homedir.c (unix_rootdir): Silence diagnostic in the common
+ case.
+ (MYPROC_SELF_EXE): Support NetBSD.
+
+2021-11-02 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ common: Respect gpgconf.ctl when looking up translations.
+ + commit 947fedf0e7d95571abd039e827c401ebc64a8abb
+ * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
+ (i18n_localegettext): Ditto.
+ * tools/gpgconf-comp.c (my_dgettext): Ditto.
+
+2021-11-02 Werner Koch <wk@gnupg.org>
+
+ common: Support gpgconf.ctl also for BSDs.
+ + commit 49d589c409cc1813a48fecaf3fb5772e6febe281
+ * common/homedir.c (MYPROC_SELF_EXE): New.
+ (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
+ fallback.
+
+ common: Add keyword sysconfdir to the optional gpgconf.ctl file.
+ + commit 3828dd7a4067db2911caebde324053b4e354a486
+ * common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
+ (gnupg_sysconfdir): Return it.
+
+ common: Support a gpgconf.ctl file under Unix.
+ + commit 82328165cf4be4771674b703c1e15178f87530e2
+ * common/homedir.c (unix_rootdir): New.
+ (gnupg_bindir): Use it.
+ (gnupg_libexecdir): Use it.
+ (gnupg_libdir): Use it.
+ (gnupg_datadir): Use it.
+ (gnupg_localedir): Use it.
+
+ common: New function substitute_envvars.
+ + commit f0162afb6b6f8ac1a993452643d8cb64fb3f2953
+ * common/stringhelp.c (substitute_envvars): New. Based on code in
+ gpg-connect-agent.
+ * common/t-stringhelp.c: Include sysutils.h.
+ (test_substitute_envvars): New.
+
+ common,w32: Do not always print "Garbled console data" warning.
+ + commit a756a61f19ce44958f93757894f65b09cebd484a
+ * common/init.c (_init_common_subsystems): Silence message.
+
+2021-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ dns: Make reading resolv.conf more robust.
+ + commit 152f0281552f6a8e4bc082f3aaeec17c84001cfe
+ * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which
+ begins with '.'.
+
+2021-10-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix printing of binary notations.
+ + commit 918e9218002b2b0d455a8df86a63c9187cf6fdf4
+ * g10/keylist.c (show_notation): Print binary notation from BDAT.
+
+ gpgconf: create local option file even if a global file exists.
+ + commit 5e3eea4b738cc3e8e257635b7cb53dcf43c07f79
+ * tools/gpgconf-comp.c (munge_config_filename): New.
+ (change_options_program): Call it.
+
+2021-10-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Select a reader for PC/SC.
+ + commit 752422a792cecf459b37f517d634bcf272292b14
+ * scd/apdu.c (select_a_reader): New.
+ (open_pcsc_reader): Use select_a_reader.
+
+2021-10-13 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --override-compliance-check.
+ + commit 773b8fbbe915449c723302f5268d7906b40d84d3
+ * g10/gpg.c (oOverrideComplianceCheck): New.
+ (opts): Add new option.
+ (main): Set option and add check for batch mode.
+ * g10/options.h (opt): Add flags.override_compliance_check.
+
+ * g10/sig-check.c (check_signature2): Factor complaince checking out
+ to ...
+ (check_key_verify_compliance): new. Turn error into a warning in
+ override mode.
+
+2021-10-06 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.32.
+ + commit 476096099db9ea3f66581fa3ca8724291e3a5c80
+
+
+2021-10-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Skip the packet when not used for AEAD.
+ + commit a17f1b607473f5aae081ffe22381dda2b54a7a6a
+ * g10/free-packet.c (free_packet): Add the case for case
+ PKT_ENCRYPTED_AEAD.
+
+2021-10-06 Werner Koch <wk@gnupg.org>
+
+ dirmngr: New option --ignore-cert.
+ + commit 323a20399d905e8ae1cc0d71846c298116460464
+ * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
+ (opt): Add field ignored_certs.
+ * dirmngr/dirmngr.c: Add option --ignore-cert
+ (parse_rereadable_options): Handle that option.
+ (parse_ocsp_signer): Rename to ...
+ (parse_fingerprint_item): this and add two args.
+ * dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
+ Change callers to handle the new error return.
+
+ dirmngr: Fix Let's Encrypt certificate chain validation.
+ + commit 341ab0123a8fa386565ecf13f6462a73a137e6a4
+ * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
+ certififcate if any.
+
+2021-09-15 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.31.
+ + commit ecf4c2f611238799a3af6369a64e418a77ab9dd6
+
+
+2021-09-14 Werner Koch <wk@gnupg.org>
+
+ scd: Remove context reference counting from pc/sc.
+ + commit 67e1834ad402e86906429ba0e2bf7ebd72de2450
+ * scd/apdu.c (pcsc): Add flag context_valid, remove count.
+ (close_pcsc_reader): Use new flag instead of looking at magic context
+ value.
+ (pcsc_init): Set new flag.
+ (open_pcsc_reader): Use new flag.
+ (apdu_init): Clear new flag.
+
+ * scd/apdu.c: Remove assert.h. Replace all assert by log_assert.
+
+2021-09-13 Werner Koch <wk@gnupg.org>
+
+ common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
+ + commit 117afec018911a3b0187f15c8559f811a72ddb79
+ * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
+ breakaway messages and turn them again into debug messages.
+
+2021-09-08 Werner Koch <wk@gnupg.org>
+
+ scd: Support PC/SC for "getinfo reader_list".
+ + commit f32994b0bf07d62bf596cc8bb6ec3c3a5f133ac4
+ * scd/apdu.c: Include membuf.h.
+ (pcsc): Add reader_list field.
+ (open_pcsc_reader): Fill that field.
+ (apdu_get_reader_list): New.
+ * scd/command.c: Remove header ccid-driver.h.
+ (pretty_assuan_send_data): New.
+ (cmd_getinfo): Print all reader names.
+
+2021-09-07 Werner Koch <wk@gnupg.org>
+
+ scd: Fix possible assertion in close_pcsc_reader.
+ + commit 192113552faa98f40cc91fe014ec55861474626c
+ * scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
+ invalid.
+ (open_pcsc_reader): Compare the context against -1 which is our
+ indicator for an invalid context.
+
+ agent: Fix segv in GET_PASSPHRASE (regression)
+ + commit 4b2cfec2dc2fd524a4fed6c17bb11e6a7baf15f2
+ * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always
+ NULL.
+
+2021-08-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix put_membuf.
+ + commit 7e431e009e479e63f0996a612e12fb9d8b209ab9
+ * common/membuf.c (put_membuf): Allow NULL for the second arg.
+
+ build: Fix removal of AC_TYPE_SIGNAL.
+ + commit 0ca84cbdf0a5a956f4de80f874f8a3b495cfab20
+ * configure.ac: AC_TYPE_SIGNAL is still needed.
+
+ common: Fix get_signal_name for GNU/Linux.
+ + commit d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d
+ * common/signal.c (get_signal_name): Use sigdescr_np if available.
+ * configure.ac: Check the function.
+
+2021-08-26 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.30.
+ + commit d583e750a668f82bdaa1d0f7c4ffc68c35ed4ca6
+
+
+2021-08-20 Werner Koch <wk@gnupg.org>
+
+ wkd: Properly unescape the user-id from a key listing.
+ + commit 2b65f4e953806977490b11cb4739c22ab94e0030
+ * tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
+
+ common: New function decode_c_string.
+ + commit 17e2ec488f662059df0fd2d3b777aa51eab5c0cc
+ * common/miscellaneous.c (decode_c_string): New.
+
+ agent: Use the sysconfdir for a pattern file.
+ + commit 5ed8e598faaffa9aec43fc70199ed7f57560c2ba
+ * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
+
+ agent: Ignore passphrase constraints for a generated passphrase.
+ + commit db5dc7a91af3774cfbce0bc533e0f0b5498402fe
+ * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
+ (MAX_GENPIN_TRIES): Remove.
+ * agent/call-pinentry.c (struct entry_parm_s):
+ (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
+ (is_generated_pin): New.
+ (inq_cb): Suppress constraints checking for a generated passphrase.
+ No more need for several tries to generate the passphrase.
+ (do_getpin): Store a generated passphrase/pin in the status field.
+ (agent_askpin): Suppress constraints checking for a generated
+ passphrase.
+ (agent_get_passphrase): Ditto.
+ * agent/command.c (cmd_get_passphrase): Ditto.
+
+ wkd: Fix client issue with leading or trailing spaces in user-ids.
+ + commit 576e429d41a144ff4f0c00e8722da2f92ae17d9a
+ * common/recsel.c (recsel_parse_expr): Add flag -t.
+ * common/stringhelp.c (strtokenize): Factor code out to
+ do_strtokenize.
+ (strtokenize_nt): New.
+ (do_strtokenize): Add arg trim to support the strtokenize_nt.
+ * common/t-stringhelp.c (test_strtokenize_nt): New test cases.
+
+ * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
+ flag -t.
+
+ gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
+ + commit 6685696adafba104072303507dedbbd45731d326
+ * g10/card-util.c (change_name): Call write_sc_op_status.
+
+2021-08-18 Werner Koch <wk@gnupg.org>
+
+ agent: Improve the GENPIN callback.
+ + commit 2e69ce878f893de0830317f94c51fdce70e1e540
+ * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ...
+ (DEFAULT_GENPIN_BITS): this and increase to 150.
+ (generate_pin): Make sure that we use at least 128 bits.
+
+ agent: Fix for zero length help string in pinentry hints.
+ + commit 4855888c0a56a50be6085476f5767d0c62722f2d
+ * agent/call-pinentry.c: Remove unused assert.h.
+ (inq_cb): Fix use use of assuan_end_confidential in case of nested
+ use.
+ (do_getpin): Ditto.
+ (setup_formatted_passphrase): Escape the help string.
+ (setup_enforced_constraints): Ignore empty help strings.
+
+ common,w32: Replace log_debug by log_info for InProcessJobs.
+ + commit ec2f1b38980a1b60624a35707ccebb05c5524d2f
+ * common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
+
+2021-08-17 Werner Koch <wk@gnupg.org>
+
+ w32: Move socketdir to LOCAL_APPDATA.
+ + commit 4dfa951a0a631d5e0e44ff5fb8fb74adb651190c
+ * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
+ instead of the constant which makes a difference on Windows.
+ (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
+ (gnupg_cachedir): Remove unsued function.
+
+ * common/sysutils.c (gnupg_rmdir): New.
+ * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
+
+ gpgconf,w32: Print more registry diagnostics with --list-dirs.
+ + commit 013f2e4672b1565002700e307d3bb95d9352c4d5
+ * tools/gpgconf.c (list_dirs): Figure out classes with the key.
+
+ agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient.
+ + commit 455ba49071dea7588c9de11785b3092e45e4560b
+ * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
+
+ agent: New option --check-sym-passphrase-pattern.
+ + commit c6a4a660fdb977713a1e6c0dd4dae97ddffbe376
+ * agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
+ (opts): Add --check-sym-passphrase-pattern.
+ (parse_rereadable_options): Set option.
+ (main): Return option info.
+ * tools/gpgconf-comp.c: Add new option.
+ * agent/agent.h (opt): Add var check_sym_passphrase_pattern.
+ (struct pin_entry_info_s): Add var constraints_flags.
+ (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
+ (CHECK_CONSTRAINTS_NEW_SYMKEY): New.
+ * agent/genkey.c (check_passphrase_pattern): Rename to ...
+ (do_check_passphrase_pattern): this to make code reading
+ easier. Handle the --check-sym-passphrase-pattern option.
+ (check_passphrase_constraints): Replace arg no_empty by a generic
+ flags arg. Also handle --check-sym-passphrase-pattern here.
+ * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
+ CHECK_CONSTRAINTS_NEW_SYMKEY flag.
+ * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
+ (struct inq_cb_parm_s): New.
+ (inq_cb): Use new struct for parameter passing. Pass flags to teh
+ constraints checking.
+ (do_getpin): Pass constraints flag down.
+ (agent_askpin): Take constraints flag from the supplied pinentry
+ struct.
+
+2021-08-17 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ agent: Add checkpin inquiry for pinentry.
+ + commit 9832566e4512ab7cb90aa0b7f769792f5c123ed4
+ * agent/call-pinentry.c: Include zb32.
+ (MAX_GENPIN_TRIES): New.
+ (DEFAULT_GENPIN_BYTES): New.
+ (generate_pin): New.
+ (setup_genpin): New.
+ (inq_quality): Rename to ...
+ (inq_cb): this. Handle checkpin inquiry.
+ (setup_enforced_constraints): New.
+ (agent_get_passphrase): Call sertup_genpin. Call
+ setup_enforced_constraints if new passphrase is requested.
+
+2021-08-16 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ agent: New option --pinentry-formatted-passphrase.
+ + commit 32fbdddf8b4729d9a54a7751c0b5e406a470657f
+ * agent/agent.h (opt): Add field pinentry_formatted_passphrase.
+ * agent/call-pinentry.c (setup_formatted_passphrase): New.
+ (agent_get_passphrase): Pass option to pinentry.
+ * agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
+ (opts): Add option.
+ (parse_rereadable_options): Set option.
+
+ common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry.
+ + commit 8fff61de9433e9293712a1dd21dfbe12f951eff9
+ * common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
+ QT_QPA_PLATFORM.
+
+2021-08-16 Werner Koch <wk@gnupg.org>
+
+ tools: Extend gpg-check-pattern.
+ + commit 5ca15e58b241901cc46fd9fad4db3bbb9e321988
+ * tools/gpg-check-pattern.c: Major rewrite.
+
+2021-07-04 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.29.
+ + commit 695a879af81e895741109874b9ac0712e1afc994
+
+
+2021-06-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Change the default keyserver.
+ + commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1
+ * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
+ keyserver.ubuntu.com.
+
+ * dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
+ * dirmngr/http.c (http_session_new): Ditto.
+
+ * dirmngr/server.c (make_keyserver_item): Use a different mapping for
+ the gnupg.net names.
+
+ gpg: Let --fetch-key return an exit code on failure.
+ + commit 5fe4b978875271fb55f1f674ab545bed2b97a7a8
+ * g10/keyserver.c (keyserver_fetch): Return an error code.
+ * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
+
+2021-06-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
+ + commit b90c55fa66db254da98958de10e1287c39a4322a
+ * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.
+
+ scd:ccid:spr532: Extend abort_cmd for initialization time.
+ + commit 8e941e19b08785e5e709943765548d4f9f9f57a3
+ * scd/ccid-driver.c (abort_cmd): Add INIT argument to support
+ synchronize until success, even ignoring timeout.
+ (bulk_in): Normal use case of abort_cmd.
+ (ccid_vendor_specific_init): Initial use case of abort_cmd.
+
+2021-06-22 Werner Koch <wk@gnupg.org>
+
+ tests: Cope with broken Libgcrypt versions.
+ + commit af2fd9f0af25e1f95d9484f7d2125cd9888aa308
+ * common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
+ errors.
+
+ w32: Add fallback in case the Windows console can't cope with Unicode.
+ + commit e94dfa21d2c17b590122d55468f68e8ab72e4193
+ * common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
+ error.
+
+2021-06-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix regression in KS_GET for mail address pattern.
+ + commit adf7bfba5ddce9faadff959369ba2271cdd36825
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern.
+ (ks_hkp_get): Allow for mail addresses.
+ -
+
+ Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail
+ address as an exact pattern (e.g. "=foo@example.org"). Since 2.2.28
+ the mail address is detected gpg gpg and we see for example
+ "<foo@example.org>". This patch fixes this to turn a mail address
+ into an exact match again.
+
+2021-06-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Error code map fix for older Yubikey.
+ + commit 01a413d5235f1bbd00f83fb86d0e183d8f0b1a57
+ * scd/iso7816.c (map_sw): Recognize 6A86.
+
+2021-06-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngir: Fix build with --disable-ldap.
+ + commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083
+ * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
+ Conditionalize.
+
+ dirmngr: Remove use of USE_LDAPWRAPPER.
+ + commit 8ee4c8d1e0d7677d4f8b9538c12b32bb6393c2c5
+ * configure.ac (USE_LDAPWRAPPER): Remove.
+ * dirmngr/Makefile.am: Use USE_LDAP instead of USE_LDAPWRAPPER.
+ * dirmngr/ldap-wrapper-ce.c: Remove.
+ * dirmngr/ldap-wrapper.h, dirmngr/ldap-wrapper.c: Remove
+ USE_LDAPWRAPPER things.
+
+2021-06-10 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.28.
+ + commit 9f6076868ecd313e832c112ea79cfcffed3dc342
+
+
+ gpg: Partial fix for Unicode problem in output files.
+ + commit 845711d1420cc01289c15ba49deb03200a5cd102
+ * g10/openfile.c (overwrite_filep): Use gnupg_access.
+
+ scd: Fix serial number detection for Yubikey 5.
+ + commit c2f02797cdefdce5afd8b29bb8e51d4515a70a96
+ * scd/app.c (app_new_register): Handle serial number correctly.
+
+2021-06-09 Werner Koch <wk@gnupg.org>
+
+ gpgtar,w32: Fix file size computation.
+ + commit 198b240b195596974e8b61e2b79fb6e8dc78f89a
+ * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
+
+ sm: New option --ldapserver as an alias for --keyserver.
+ + commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093
+ * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
+ alias.
+
+ dirmngr: Allow to pass no filter args to dirmngr_ldap.
+ + commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1
+ * dirmngr/dirmngr_ldap.c (main): Handle no args case.
+
+2021-06-08 Werner Koch <wk@gnupg.org>
+
+ w32: Change spawn functions to use Unicode version of CreateProcess.
+ + commit 7a98e45e74ec2883c24689964d6119796da0969f
+ * common/exechelp-w32.c (gnupg_spawn_process): Change to use
+ CreateProcessW.
+ (gnupg_spawn_process_fd): Ditto.
+ (gnupg_spawn_process_detached): Ditto.
+ * g10/exec.c (w32_system): Ditto.
+
+2021-06-08 Andre Heinecke <aheinecke@gnupg.org>
+
+ common,w32: Breakaway detached childs when in job.
+ + commit f20e9a464487443552b6cbdf918c6448d3cb643f
+ * common/exechelp-w32.c (gnupg_spawn_process_detached): Add
+ CREATE_BREAKAWAY_FROM_JOB creation flag if required.
+
+2021-06-08 Werner Koch <wk@gnupg.org>
+
+ w32: Always use Unicode for console input and output.
+ + commit b912f07cdf00043b97fca54e4113fab277726e03
+ * common/init.c (_init_common_subsystems) [W32]: Set the codepage to
+ UTF-8 for input and putput. Switch gettext to UTF-8.
+ * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
+
+ w32: Free memory allocated by new function w32_write_console.
+ + commit ebdb62a98a6e917bafb795b5f50483a95790e739
+ * common/ttyio.c (w32_write_console): Free buffer.
+
+ common,w32: Allow Unicode input and output with the console.
+ + commit 90aadf69f730ff1bd053abcd6cc8bc67518ecf4b
+ * common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
+ (w32_write_console): New.
+ (tty_printf, tty_fprintf) [W32]: Use new function.
+
+ common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
+ + commit 521e176a605e6b6229825761906005b05608daf5
+ * common/ttyio.c: Remove cruft like EMX and RISCOS support. Translate
+ a few strings. Re-indent.
+
+ common: Rename w32-misc.c to w32-cmdline.c.
+ + commit d7d9a5ba3cbf9cf7e22a8871474032b525825eed
+ * common/w32-misc.c: Rename to ....
+ * common/w32-cmdline.c: this.
+ * common/Makefile.am: Adjust.
+
+ common,w32: Implement globing of command line args.
+ + commit 09f49b4c9aae46c40a189b1270e215bc978dbc3c
+ * common/w32-misc.c [W32]: Include windows.h
+ (struct add_arg_s): New.
+ (add_arg): New.
+ (glob_arg): New.
+ (parse_cmdstring): Add arg argvflags and set it.
+ (w32_parse_commandline): Add arg r_itemsalloced. Add globing.
+
+ * common/init.c (prepare_w32_commandline): Mark glob created items as
+ leaked.
+
+ * common/t-w32-cmdline.c : Include windows.h
+ (test_all): Add simple glob test for Unix.
+ (main): Add manual test mode for Windows.
+
+ * common/xasprintf.c (xtryreallocarray): New.
+
+ common,w32: Refine the command line parsing for \ in quotes.
+ + commit 4d6807b215e7541fd52caf7e4adc40d77670f99f
+ * common/t-w32-cmdline.c (test_all): Add new test cases.
+ * common/w32-misc.c (strip_one_arg): Add arg endquote.
+ (parse_cmdstring): Take care of backslashes in quotes.
+
+ common: First take on handling Unicode command line args.
+ + commit 90ddd1cf13cd6bb88d5bb8c1846d7297ca8ac81c
+ * common/w32-misc.c: New.
+ * common/t-w32-cmdline.c: New.
+ * common/init.c: Include w32help.h.
+ (prepare_w32_commandline): New.
+ (_init_common_subsystems) [W32]: Call prepare_w32_commandline.
+
+ * common/Makefile.am (common_sources) [W32]: Add w32-misc.c
+ (module_tests): Add t-w32-cmdline
+ (t_w32_cmdline_LDADD): New.
+
+ gpg: Prepare for globing with UTF-8.
+ + commit 1f59c4c8e2cfa2b111f0798212546864668383f9
+ * g10/gpg.c (_dowildcard): Remove.
+ (my_strusage): Enable wildcards using our new system.
+
+ dirmngr: Rewrite the LDAP wrapper tool.
+ + commit 39815c023f0371dea01f7c51469b19c06ad18718
+ * dirmngr/ldap-misc.c: New.
+ * dirmngr/ldap-misc.h: New.
+ * dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
+ (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
+ * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
+ mode.
+ * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
+ the saqme as GPG_ERR_NO_DATA.
+ * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
+ Remove arg url. Adjust for changes in dirmngr_ldap.
+ (url_fetch_ldap): Remove args host and port. Parse the URL and use
+ these values to call run_ldap_wrapper.
+ (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
+ (rfc2254_need_escape, rfc2254_escape): New.
+ (extfilt_need_escape, extfilt_escape): New.
+ (parse_one_pattern): Rename to ...
+ (make_one_filter): this. Change for new dirmngr_ldap calling
+ convention. Make issuer DN searching partly work.
+ (escape4url, make_url): Remove.
+ (start_cert_fetch_ldap): Change for new dirmngr_ldap calling
+ convention.
+ * dirmngr/dirmngr_ldap.c: Major rewrite.
+
+ * dirmngr/t-ldap-misc.c: New.
+ * dirmngr/t-support.h (DIM, DIMof): New.
+ * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
+ (module_tests) [USE_LDAP]: Add t-ldap-misc.
+ (t_ldap_parse_uri_SOURCES): Ditto.
+ (t_ldap_misc_SOURCES): New.
+
+2021-06-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Appropriate error code for importing key with no passwd.
+ + commit 2f98d8a0f92dc991bff406e159690a111202fcb4
+ * agent/cvt-openpgp.c (convert_from_openpgp_main): Return
+ GPG_ERR_BAD_SECKEY.
+
+2021-06-04 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Remove useless code.
+ + commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
+ password_param thing because we set the password directly without an
+ intermediate var.
+
+2021-06-02 Werner Koch <wk@gnupg.org>
+
+ sm: Support AES-GCM decryption.
+ + commit b722fd755c77cbba12478f6de8913c73213d78ee
+ * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
+ supports this.
+ * sm/decrypt.c (decrypt_gcm_filter): New.
+ (gpgsm_decrypt): Use this filter if requested. Check authtag.
+ * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
+ in consumer (decrypt) de-vs mode.
+
+2021-05-28 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Make runtime changes with different homedir work.
+ + commit c8f0b02936c73b6ef3c99a1bea9ae63f74da0768
+ * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir
+ first. Remove unused variable.
+
+ dirmngr: Fix default port for our redefinition of ldaps.
+ + commit 8de9d54ac83fa20cb52b847b643311841be4d6dc
+ * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
+ Move a tmpstr out of the blocks.
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
+
+2021-05-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: _DARWIN_C_SOURCE should be 1.
+ + commit 40b2890b4349781ddb0330193aed0286b1d23dad
+ * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
+
+2021-05-26 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
+ + commit 317d5947b84ae2707e46b89fb0d8318c07174e13
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
+
+ * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
+ (parse_rereadable_options): here.
+
+ dirmngr: New option --ldapserver.
+ + commit ff17aee5d10c8c5ab902253fb4332001c3fc3701
+ * dirmngr/dirmngr.c (opts): Add option --ldapserver.
+ (ldapserver_list_needs_reset): New var.
+ (parse_rereadable_options): Implement option.
+ (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
+
+ * dirmngr/server.c (cmd_ldapserver): Add option --clear and list
+ configured servers if none are given.
+
+ dirmngr: Allow for non-URL specified ldap keyservers.
+ + commit 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
+ * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
+ (make_keyserver_item): Handle non-URL ldap specs.
+ * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
+ ldap_over_tls, and ntds.
+
+ * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
+ string. Improve error messages for the non-file case. Support flags.
+ * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
+ (ks_action_search, ks_action_get, ks_action_put): Ditto.
+ * dirmngr/ks-engine-ldap.c: Include ldapserver.h.
+ (ks_ldap_help): Handle non-URL ldap specs.
+ (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support
+ URLs and non-URL specified keyservers.
+ (ks_ldap_get): Adjust for changes in my_ldap_connect.
+ (ks_ldap_search): Ditto.
+ (ks_ldap_put): Ditto.
+
+ gpg,sm: Simplify keyserver spec parsing.
+ + commit 9f586700ec4ceac97fd47cd799878a8847342ffa
+ * common/keyserver.h: Remove.
+ * sm/gpgsm.h (struct keyserver_spec): Remove.
+ (opt): Change keyserver to a strlist_t.
+ * sm/gpgsm.c (keyserver_list_free): Remove.
+ (parse_keyserver_line): Remove.
+ (main): Store keyserver in an strlist.
+ * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
+ an ambiguity in dirmngr by adding a prefix if needed.
+
+ * g10/options.h (struct keyserver_spec): Move definition from
+ keyserver.h to here. Remove most fields.
+ * g10/keyserver.c (free_keyserver_spec): Adjust.
+ (cmp_keyserver_spec): Adjust.
+ (parse_keyserver_uri): Simplify.
+ (keyidlist): Remove fakev3 arg which does not make any sense because
+ we don't even support v3 keys.
+
+ dirmngr: Support pseudo URI scheme "opaque".
+ + commit 72124fadafde153f8ac89a70202006d831829d06
+ * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
+ * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers
+ to use the new macro for better readability.
+ (do_parse_uri): Add pseudo scheme "opaque".
+ (uri_query_value): New.
+
+2021-05-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Release memory for RDRNAME.
+ + commit 5be0d075b1ad03a46a6169bf16cd3ee6102e1358
+ * scd/apdu.c (apdu_close_reader): Free RDRNAME field.
+
+2021-05-20 Jakub Jelen <jjelen@redhat.com>
+
+ scd: avoid memory leaks.
+ + commit 678e1b20d3531e642fa8871ea56c6c7d5c208fbe
+ * scd/app-p15.c (send_certinfo): free labelbuf
+ (do_sign): goto leave instead of return
+ * scd/command.c (cmd_genkey): goto leave instead of return
+
+ common: Avoid double-free.
+ + commit 4dc4b025d6dd194a96b11ccfd64d763d2c902a91
+ * common/name-value.c (do_nvc_parse): reset to null after ownership
+ change
+
+2021-05-19 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 17b7048732e265450323cc3e01a48c9d492edf0c
+
+
+2021-05-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
+ + commit f0e538619d5079fcd87c31e853e6deb28564a321
+ * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if
+ available.
+ (ks_ldap_search): Ditto.
+ (extract_keys): Make sure to free the ldap values also in corner
+ cases.
+ (my_ldap_value_free): New.
+ (ks_ldap_get): Ditto.
+ (ks_ldap_search): Ditto.
+ (my_ldap_connect): Ditto.
+
+2021-05-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
+ + commit 7bf8530e75d05a712d00a333d59b0a8cf663b9cb
+ * g10/call-dirmngr.c (record_output): Rewrite.
+
+2021-05-18 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ scd:p15: Fix logic for appending product name to MANUFACTURER.
+ + commit aa6288140481bccc366e87fcdc6781dc82d0af31
+ * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
+ manufacturer_id does not already contain a bracket and if we have a
+ product name.
+
+2021-05-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Use a more descriptive prompt for symmetric decryption.
+ + commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b
+ * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
+ (passphrase_to_dek_ext): Remove this obsolete prototype.
+ * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
+ value.
+ (passphrase_to_dek): Add arg flags and pass it on.
+ * g10/mainproc.c (proc_symkey_enc): Use new flag.
+
+ sm: Ask for the password for password based decryption (pwri)
+ + commit 50ea1b67e8260aaebbeba0c4cd73e21443a74636
+ * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase.
+
+ * sm/export.c (export_p12): Mark string as translatable.
+ * sm/import.c (parse_p12): Ditto.
+
+ sm: Support decryption of password based encryption (pwri)
+ + commit 6f31acac767f2ec67729c0491f29061b26fe14b9
+ * sm/decrypt.c (string_from_gcry_buffer): New.
+ (pwri_parse_pbkdf2): New.
+ (pwri_decrypt): New.
+ (prepare_decryption): Support pwri.
+ (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM.
+
+ * common/sexputil.c (cipher_mode_to_string): New.
+
+ dirmngr: LDAP search by a mailbox now ignores revoked keys.
+ + commit b6f8cd7eef4b00a2c6ccaac743382f1dd83bde6a
+ * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
+ and disable keys in mail mode.
+
+2021-05-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd,pcsc: Use a single context.
+ + commit 987b8168602286d06debbbc8d4deebd35f454e29
+ * scd/apdu.c (pcsc): New variable.
+ (struct reader_table_s): Remove pcsc.context from member.
+ (pcsc_get_status, connect_pcsc_card): Use pcsc.context.
+ (close_pcsc_reader): Release pcsc.context here with reference count.
+ (apdu_open_one_reader): Move API loading to ...
+ (pcsc_init): new.
+ (apdu_open_one_reader): Remove.
+ (apdu_open_reader): Call open_pcsc_reader instead of
+ apdu_open_one_reader.
+ (open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader
+ instead of pcsc_release_context. Make reader parsing more robust.
+ (apdu_init): Initialize pcsc.count and pcsc.context.
+
+2021-05-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow ECDH with a smartcard returning just the x-coordinate.
+ + commit b203325ce112c223a5164081cecd14744a01ff69
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction
+ part out to ...
+ (extract_secret_x): new. Allow for x-only coordinate.
+ (pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi
+ to (shared,nshared). Move param check to the top. Add extra safety
+ check.
+ (pk_ecdh_decrypt): Adjust for change.
+ * g10/pkglue.c (get_data_from_sexp): New.
+ (pk_encrypt): Use it for "s" and adjusted for changed
+ pk_ecdh_encrypt_with_shared_point.
+ * g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call
+ pk_ecdh_decrypt with the frame buffer.
+
+ scd: Fix possible PC/SC removed card problem.
+ + commit 9d83bfb639680d3bc756fcfe2b7f83b18bed8dff
+ * scd/apdu.c (pcsc_cancel): New.
+ (pcsc_init): Load new function.
+ (connect_pcsc_card): Use it after a removed card error.
+
+ scd: Add string for another PC/SC error code.
+ + commit a475bb725be7e275a06e0625b0088f607f36634c
+ * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New.
+ (pcsc_error_string): Add a description for this.
+ * scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic.
+
+2021-05-04 Kirill Elagin <kirelagin@gmail.com>
+
+ scd: Fix unblock PIN by a Reset Code with KDF.
+ + commit 6c4216094ef4771d1d5011b7aee35f241e3bcc4d
+ * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
+ pin2hash_if_kdf, for user's PIN.
+
+2021-05-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix mailbox based search via AKL keyserver method.
+ + commit 22fe23f46d3179cb0a68f58bf6f722b89c0c4d9c
+ * g10/keyserver.c (keyserver_import_name): Rename to ...
+ (keyserver_import_mbox): this. And use mail search mode.
+ * g10/getkey.c (get_pubkey_byname): Change the two callers.
+
+ gpg: Auto import keys specified with --trusted-keys.
+ + commit e7251be84c797ddbc3f0a5212886761666e3aa33
+ * g10/getkey.c (get_pubkey_with_ldap_fallback): New.
+ * g10/trustdb.c (verify_own_keys): Use it.
+
+ (cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
+
+ gpg: Allow decryption w/o public key but with correct card inserted.
+ + commit e53f6037283e1a4f18b1c5d66d2678888c701cea
+ * agent/command.c (cmd_readkey): Add option --no-data and special
+ handling for $SIGNKEYID and $AUTHKEYID.
+ * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
+ output.
+ * g10/skclist.c (enum_secret_keys): Automagically get a missing public
+ key for the current card.
+
+ agent: Silence error messages for READKEY --card.
+ + commit aa612d752ebb1851f23184df084aed5314b72e3a
+ * agent/command.c (cmd_readkey): Test for shadow key before creating
+ it.
+
+ (cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a)
+
+2021-05-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow fingerprint based lookup with --locate-external-key.
+ + commit 2af217ecd7e4242be2b35bc0085eccaf13cc2027
+ * g10/keyserver.c (keyserver_import_fprint_ntds): New.
+ * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
+ fingerprint in no_local mode.
+
+ gpg: Lookup a missing public key of the current card via LDAP.
+ + commit b59af0e2a05a3714b0bcbe7e775c6ffacfbc7119
+ * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
+ key from the current card via LDAP.
+ * g10/call-dirmngr.c: Include keyserver-intetnal.h.
+ (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
+ new LDAP flag.
+ * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
+ Replace the use of the value 1 for the former quick arg.
+ (KEYSERVER_IMPORT_FLAG_LDAP): New.
+ * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
+ length.
+ * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
+ * dirmngr/server.c (cmd_ks_get): Add option --ldap.
+
+ scd: Add option --info to emit KEYPAIRINFO by readkey command.
+ + commit b8df8321e1ef38147f42af1166d2c60805f88b9c
+ * scd/command.c (do_readkey): Implement this.
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
+ parm optional. Add arg R_ALGOSTR.
+
+2021-05-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix gnupg_wait_processes, by skipping invalid PID.
+ + commit c2ba6bea4ce81a066765c285c4b7c1dc6d39f144
+ * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.
+
+2021-05-03 Werner Koch <wk@gnupg.org>
+
+ agent: Skip unknown unknown ssh curves seen on cards.
+ + commit bbf4bd3bfcb51e9d91e08ceefba3ff016bae50ff
+ * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
+ curves.
+
+2021-04-29 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Do not i18n an empty string to the PO files meta data.
+ + commit a456303ae306fbfda0cf89ff41678d50c24bf6fc
+ * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
+
+ scd: New option --pcsc-shared.
+ + commit 5eec40f3d82777b4fb807a9bf1b71422a8caa2f9
+ * scd/scdaemon.h (opt): Add field opcsc_shared.
+ * scd/scdaemon.c (opcscShared): New.
+ (opts): Add "--pcsc-shared".
+ (main): Set flag.
+ * scd/apdu.c (connect_pcsc_card): Use it.
+ (pcsc_get_status): Take flag in account.
+ * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
+ mode.
+
+ scd: Rewrite READKEY to allow for compressed points.
+ + commit 96577e2e46e4c5b66a2685cb605e07be0a6a09a5
+ * scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3.
+ * scd/command.c (cmd_readkey): Rewrite using new helper.
+
+ common: Extend the openpgp_curve_to_oid function.
+ + commit 5b8593135fa6e88ecc459444ec19b9a824f12a15
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
+ Change all callers.
+
+ common: New module to compute openpgp fingerprints.
+ + commit f3c98b8cb5adcac17043fa6066b73bd08c8ef41a
+ * common/openpgp-fpr.c: New.
+ * common/Makefile.am (common_sources): Add it.
+
+ common: New function to uncompress an ECC public key.
+ + commit c825117c5fa562fced0d3cafc22fd878cf615b42
+ * common/sexputil.c (ec2os): New.
+ (uncompress_ecc_q_in_canon_sexp): New.
+
+ * common/t-sexputil.c (fail2): new.
+ (test_ecc_uncompress): New.
+ (main): Run new test.
+
+ common: New function cmp_canon_sexp.
+ + commit 473e649ea1a69e82b7f99a17fbff4d641936c61c
+ * common/sexputil.c (cmp_canon_sexp): New.
+ (cmp_canon_sexp_def_tcmp): New.
+ * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
+
+ scd: New function send_keyinfo to assist in backporting.
+ + commit 0eed0ced9bcd3c14621076d26cf4d9f809e1873c
+ * scd/command.c (send_keyinfo): New.
+
+ scd: Minor changes to assist in backporting from 2.3.
+ + commit 3db99b8861a7544efee13be45d14bbac63c0c868
+ * scd/command.c (send_status_direct): Return an error code.
+ * scd/app-common.h (APP_LEARN_FLAG_REREAD): New.
+
+ scd: Extend an internal function to also return the algo.
+ + commit 72a7d45a230bf28e2ba7e8a57b702c98998ea0a3
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
+ r_algo. Change all callers.
+ (app_help_get_keygrip_string): Ditto.
+
+ scd: New function for iso7816 PSO_CSV.
+ + commit 91dd74f3d7e3630bb7f298fe4d392f8a6cef9acb
+ * scd/iso7816.c (iso7816_pso_csv): New.
+
+ scd: Extend iso7816_select_path.
+ + commit 855d14d390e8dd8464f2f38187dbccb19a13e815
+ * scd/iso7816.c (iso7816_select_path): Add arg top_fd.
+ * scd/app-nks.c (do_readkey): Adjust for this change
+ (select_ef_by_path: Ditto.
+
+ * common/tlv.h: Include membuf.h.
+
+ scd: Add new status codes.
+ + commit 3ce69d8387925d444d529ce0bb5beed9e880aad7
+ * scd/apdu.h (SW_SM_NOT_SUP, SW_CC_NOT_SUP, SW_FILE_STRUCT)
+ (SW_NO_CURRENT_EF): New.
+ * scd/apdu.c (apdu_strerror): Map them to strings.
+ * scd/iso7816.c (map_sw): ... and to gpg-error.
+
+ scd: Extend ISO binary and record reading functions.
+ + commit ec9e8e0d6a1fe47dbf42652c4246e1c34fdf0288
+ * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
+ change callers.
+ (iso7816_read_record): Factor all code out to ...
+ (iso7816_read_record_ext): New.
+
+2021-04-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not use self-sigs-only for LDAP keyserver imports.
+ + commit 1303b0ed84da57b48d88343ab43f83546e508aba
+ * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
+ * g10/options.h (opts): New field expl_import_self_sigs_only.
+ * g10/import.c (parse_import_options): Set it.
+ * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
+
+2021-04-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix CCID driver for SCM SPR332/SPR532.
+ + commit f8ae51977ce4079d638d1ae2f3dd1da41c02a6d7
+ * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
+ (ccid_vendor_specific_setup): Only send CLEAR_HALT.
+ (ccid_transceive_secure): Each time, use send_escape_cmd.
+
+2021-04-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix new pseudo option compliance_de_vs.
+ + commit 18551c6dc2c33f856d05053b27a1210c4c607cef
+ * g10/gpg.c (gpgconf_list): Take opt.compliance also in account.
+
+2021-04-01 Werner Koch <wk@gnupg.org>
+
+ common: Make the compliance check more robust.
+ + commit 8ef0f53cb0014026d0d58b8de2133310d96bc1e3
+ * common/compliance.c (get_compliance_cache): New.
+ (gnupg_rng_is_compliant): Use per mode cache.
+ (gnupg_gcrypt_is_compliant): Ditto.
+
+ gpgconf: Return a new pseudo option compliance_de_vs.
+ + commit 9feffc03f36499162342609897484b4b32fd53a7
+ * tools/gpgconf-comp.c (gc_options_gpg): Add "compliance_de_vs".
+ * g10/gpg.c (gpgconf_list): Return that pseudo option.
+
+2021-03-26 Werner Koch <wk@gnupg.org>
+ cbiedl@gnupg.com
+
+ gpgconf: Fix argv overflow if --homedir is used.
+ + commit a50093893cd100c74a32cbacc749aab582154625
+ * tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too
+ small array.
+
+2021-03-11 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --force-sign-key.
+ + commit 87d7b7e07565bdba9e9e8b8698f7094046d4f762
+ * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
+ (main): Set it.
+ * g10/options.h (opt): New flag flags.force_sign_key.
+ * g10/keyedit.c (sign_uids): Use new flag.
+
+2021-03-02 Werner Koch <wk@gnupg.org>
+
+ sm: Do away with the locked flag in keydb.c.
+ + commit f3e68e39da7609f594572833528a0f2b9c20bf2d
+ * sm/keydb.c (struct keydb_handle): Remove field locked.
+ (keydb_lock): Remove use of locked flag.
+ (lock_all): Ditto.
+ (unlock_all): Ditto.
+ (keydb_set_flags): Use dotlock_is_locked instead of the locked flag.
+ (keydb_insert_cert): Ditto.
+ (keydb_delete): Ditto.
+ (keydb_search): s/keydb_lock/lock_all/.
+ (keydb_set_cert_flags): Ditto.
+ (keydb_clear_some_cert_flags): Ditto.
+
+ * sm/keydb.c (maybe_create_keybox): s/access/gnupg_access/.
+
+ common: New function dotlock_is_locked.
+ + commit 67b82a9c607e1488972a85a30015f48c68245af0
+ * common/dotlock.c (dotlock_is_locked): New.
+ (dotlock_take): Set locked flag also in disabled mode. No more
+ warning if the lock has already been taken.
+ (dotlock_release): Clear locked flag also in disabled mode. No more
+ warning if the lock has not been taken.
+
+ sm: Lock kbx files also before a search.
+ + commit 677245ba0e7d6c0bc85ac998f47e3f220b736840
+ * sm/keydb.c (keydb_search): Lock files.
+
+ sm: On Windows close the kbx files at several places.
+ + commit 2b9ae79ad81a0d3eff011fabe6629e371cd7c5b4
+ * kbx/keybox-search.c (keybox_search_reset) [W32]: Always close.
+
+ * kbx/keybox-init.c (keybox_close_all_files): New.
+ * sm/keydb.c (keydb_close_all_files): New.
+ * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function.
+ (gpgsm_dirmngr_lookup): Ditto.
+ (gpgsm_dirmngr_run_command): Ditto.
+
+ sm: Remove unused function.
+ + commit c99f3599d80d351dda1400314b43ea8ccdcc7b7d
+ * sm/keydb.c (keydb_insert_cert): Remove.
+ * kbx/keybox-update.c (keybox_update_cert): Remove stub.
+
+2021-03-01 Nicolas Fella via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ gpg: Keep temp files when opening images via xdg-open.
+ + commit 0441ed6e1c1d7eac81bfbec6ce51f319d9d20eb7
+ * g10/photoid.c (get_default_photo_command): Change parameter for
+ xdg-open.
+
+2021-03-01 Werner Koch <wk@gnupg.org>
+
+ sm: Silence some other pkcs#12 import prattle.
+ + commit e5af401fc4c3294de9a4f10630b200185329230b
+ * sm/minip12.c (parse_bag_data): Print a regular log_info only in
+ verbose mode.
+
+2021-02-24 Werner Koch <wk@gnupg.org>
+
+ sm: Silence some output on --quiet.
+ + commit bcdbf0fcf3c1c210504cbed53f524704747deaaa
+ * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
+ * sm/gpgsm.c: Include minip12.h.
+ (set_debug): Call p12_set_verbosity.
+ * sm/import.c (parse_p12): Dump keygrip only in debug mode.
+ * sm/minip12.c (opt_verbose, p12_set_verbosity): New.
+ (parse_bag_encrypted_data): Print info messages only in verbose mode.
+
+2021-02-19 Werner Koch <wk@gnupg.org>
+
+ scd: Change parameters of readkey fucntion pointer.
+ + commit 41979ed7308ef3ab1c877d3f110ce9b61eb17bec
+ * scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New.
+ (struct app_ctx_s): Replace param advanced by flags in readkey.
+ Change all users.
+
+ scd: Pass ctrl parameter to more app functions.
+ + commit 669786cf646d8636de85a3cb8b3aa83ba709d207
+ * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
+ pointers for readkey, setattr, sign, auth, decipher, and check_pin.
+
+ scd: Detect Yubikey and provide nicer display-s/n.
+ + commit f8588369bcb0e66118725793b53e871ce2acb10d
+ * scd/app-common.h (struct app_ctx_s): Rename unused field
+ card_version to cardversion.
+ * scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey
+ and set cardversion.
+ (app_get_dispserialno): New.
+ * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
+
+ scd: Change the apptype from a string to an enum.
+ + commit 43b3ec5aee40172890c077485e438d2d4994d81d
+ * scd/app-common.h (cardtype_t): New.
+ (apptype_t): New.
+ (struct app_ctx_s): Change type of field apptype. Add fields
+ appversion and cardtype. Adjust all app-*.c for the new type.
+ * scd/app.c (supported_app_list): New.
+ (strapptype): New.
+ (apptype_from_name): New.
+ (app_dump_state): Use strapptype.
+ (app_write_learn_status): Ditto.
+ (app_getattr): Ditto.
+ (check_conflict): Use apptype_from_name and integer comparison.
+ * scd/app-openpgp.c: Replace app->card_version by app->appversion.
+
+ scd: Add some compatibility code for easier backporting.
+ + commit 6380126b31aacb2e8ad3aae4866d4d384186bf97
+ * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
+ (APP_READKEY_FLAG_INFO): New.
+ (APP_LEARN_FLAG_KEYPAIRINFO): New.
+ (APP_LEARN_FLAG_MULTI): New.
+ (struct app_ctx_s): New forward declaration.
+ (struct app_ctx_s): Add members prep_reselect, reselect, and
+ with_keygrip.
+ (KEYGRIP_ACTION_SEND_DATA): New.
+ (KEYGRIP_ACTION_WRITE_STATUS): New.
+ (KEYGRIP_ACTION_LOOKUP): New.
+ (APP_CARD): New macro.
+ * scd/scdaemon.h: Include app-common.h and remove from all other
+ files.
+ (app_t): Move typedef to ...
+ * scd/app-common.h: here.
+
+2021-02-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
+ + commit 55f46b33df08e8e0ea520ade5f73b321bc01d705
+ * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
+ extension.
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
+ hostname - which is NULL and thus the same if not given. Fix minor
+ error in error code handling.
+
+ dirmngr: Rewrite a weird function by straighter code.
+ + commit cdc828f6902667196eb3870f9287045afe7144d5
+ * dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp.
+
+2021-01-28 Werner Koch <wk@gnupg.org>
+
+ Include the library version in the compliance checks.
+ + commit 6e258babe7ccc52a7fb621339c2e2fc5f0f23bc9
+ * common/compliance.c (gnupg_gcrypt_is_compliant): New.
+ (gnupg_rng_is_compliant): Also check library version.
+ * g10/mainproc.c (proc_encrypted): Use new function.
+ (check_sig_and_print): Ditto.
+ * sm/decrypt.c (gpgsm_decrypt): Ditto.
+ * sm/encrypt.c (gpgsm_encrypt): Ditto.
+ * sm/verify.c (gpgsm_verify): Ditto
+
+2021-01-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix ugly error message for an unknown symkey algorithm.
+ + commit 9037be5f40da409a7734a2672e64345472f294fc
+ * g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
+ algorithm.
+
+2021-01-11 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.27.
+ + commit 0c103cde00098bdf1cec8f27e764300d192210e4
+
+
+ gpg,w32: Fix gnupg_remove.
+ + commit 3901c1a8c59a436ea4509d5aaebbecc5a0268391
+ * common/sysutils.c (map_w32_to_errno): New.
+ (gnupg_w32_set_errno): New.
+ (gnupg_remove) [w32]: Set ERRNO
+
+2021-01-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix --gpgconf-list case with no conf files at all.
+ + commit 9f37d3e6f307a9460c0a356afa1f8b991c527d6c
+ * g10/gpg.c (get_default_configname): Remove unused function.
+ (main): Provide a proper filename to gpgconf_list.
+
+2021-01-07 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Fix description of two new options.
+ + commit ff30fcd3dc78c00ed87ce6bd3414b828bdf51e84
+ * tools/gpgconf-comp.c: Fix auto-key-import and include-key-block.
+
+2020-12-30 Werner Koch <wk@gnupg.org>
+
+ wkd: Minor permission fix for created files.
+ + commit fdc54850263b2b888398f95be7816134b45a60d3
+ * tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
+ (ensure_policy_file): No need to make the policy file group writable.
+
+2020-12-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Initialize a variable even in a never used code path.
+ + commit 83e875a2d1e7560b9626266373c89e6e6eb7cb50
+ * g10/sign.c (write_signature_packets): Init ERR.
+
+2020-12-21 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.26.
+ + commit c77bb1a750f0e2d6538d23fdc0af0e3ff3d56781
+
+
+ common: Remove superfluous debug output from dotlock.c.
+ + commit 323a69ef65e0d48fb9d038ecca01a70688ad3325
+ * common/dotlock.c (dotlock_create_unix): Remove debug output.
+
+ doc: Explain LDAP keyserver parameters.
+ + commit 261fb98c6f034f3f96abee79ea73febd115420ae
+
+
+ common: Fix the "ignore" meta command in argparse.c.
+ + commit 09dc59f6d43f5e81781429913b8f377581825be0
+ * src/argparse.c (gnupg_argparse): Factor some code out to ...
+ (prepare_arg_return): new.
+ (gnupg_argparse): No missing arg error in ignore sections.
+ * common/sysutils.c: Include pwd.h.
+ (gnupg_getusername): New.
+
+2020-12-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix --trusted-key with fingerprint arg.
+ + commit 8a2e5025eb0f9537a4e776cf2886771a507121f1
+ * g10/trustdb.c (tdb_register_trusted_key): Take care of that
+ other constant.
+
+ dirmngr: Do not block threads in LDAP keyserver calls.
+ + commit 15bfd189c07ef0f1bb94db0aee9ad26441ddc494
+ * dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
+
+ dirmngr: Fix backport of the new option parser from 2.3.
+ + commit 9b886adba4f83ca462f8015060bcea8a7ceb6bb0
+ * dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
+ gpgconf-dirmngr.conf.
+
+2020-12-17 Werner Koch <wk@gnupg.org>
+
+ gpg: New AKL method "ntds"
+ + commit 559efd23e936536435a42646b62fe8c4f8585d38
+ * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
+ support for KEYDB_SEARCH_MODE_MAIL.
+ (ks_ldap_get): Add a debug.
+ * g10/options.h (AKL_NTDS): New.
+ * g10/keyserver.c (keyserver_import_ntds): New.
+ (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
+ * g10/getkey.c (parse_auto_key_locate): Support "ntds".
+ (get_pubkey_byname): Ditto.
+
+ dirmngr: Support "ldap:///" for the current AD user.
+ + commit 776bef74c778c6740a6aac8a05801a958868346d
+ * dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
+ * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
+
+ dirmngr: Allow LDAP searches via fingerprint.
+ + commit c75fd75532905a2922288e0e8ac01fcd0226fc52
+ * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
+ serverinfo and allow searching by fingerprint.
+ (ks_ldap_get, ks_ldap_search): First connect then create teh filter.
+
+ dirmngr: Store all version 2 schema attributes.
+ + commit c28cb5282b149f1e34df6f923e88e1998a60cc4a
+ * g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
+ * dirmngr/ks-engine-ldap.c (extract_attributes): Add args
+ extract-state and schemav2. Add data for the new schema version.
+ remove the legacy code to handle UIDs in the "pub" line.
+ (ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
+
+
+ This is a backport from 2.3
+
+ dirmngr: Support the new Active Directory schema.
+ + commit ac8ece92662d83b79b03a369df07362d320fd118
+ * dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
+ (my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
+ serverinfo arg. Set the new info flags.
+ (ks_ldap_get): Adjust for change.
+ (ks_ldap_search): Ditto.
+ (ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN
+ for use with NTDS (aka Active Directory).
+
+ dirmngr: Do not store the useless pgpSignerID in the LDAP.
+ + commit 0e88c73bc94fbca224f06d95bb024030bb3a73bb
+ * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
+ pgpSignerID.
+ * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
+
+ dirmngr: Fix adding keys to an LDAP server.
+ + commit e47de853820000ddf383e7b790fbc435e3378d66
+ * dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
+ addlist.
+
+2020-12-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
+ + commit 3c55e15cee4bfed6ef96fbc97a0d2f00afceebe3
+ * scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
+ call libusb_clear_halt.
+
+ scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
+ + commit 585cfca0a60bd910012a8a2218f74889840b2546
+ * scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.
+
+2020-12-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:openpgp: Fix writing ECC key to card.
+ + commit 5a03bf61304d0c2c8b4df53a1a7680cd0eb91cb1
+ * scd/app-openpgp.c (build_privkey_template): Adding another argument
+ of ecc_d_fixed_len to handle variable-size MPI.
+
+2020-12-04 Werner Koch <wk@gnupg.org>
+
+ Backport of the new option parser from 2.3.
+ + commit a028f24136a062f55408a5fec84c6d31201b2143
+ * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
+ * common/argparse.c, common/argparse.h: Rewrite.
+ * tests/gpgscm/main.c: Switch to the new option parser.
+
+ * g10/gpg.c: Switch to the new option parser and enable a global conf
+ file.
+ * g10/gpgv.c: Ditto.
+ * agent/gpg-agent.c: Ditto.
+ * agent/preset-passphrase.c: Ditto.
+ * agent/protect-tool.c: Ditto.
+ * scd/scdaemon.c: Ditto.
+ * dirmngr/dirmngr.c: Ditto.
+ * dirmngr/dirmngr_ldap.c: Ditto
+ * dirmngr/dirmngr-client.c: Ditto.
+ * kbx/kbxutil.c: Ditto.
+ * tools/gpg-card.c: Ditto.
+ * tools/gpg-check-pattern.c: Ditto.
+ * tools/gpg-connect-agent.c: Ditto.
+ * tools/gpg-pair-tool.c: Ditto.
+ * tools/gpg-wks-client.c: Ditto.
+ * tools/gpg-wks-server.c: Ditto.
+ * tools/gpgconf.c: Ditto.
+ * tools/gpgsplit.c: Ditto.
+ * tools/gpgtar.c: Ditto.
+ * g13/g13.c: Ditto.
+ * g13/g13-syshelp.c: Ditto. Do not force verbose mode.
+ * sm/gpgsm.c: Ditto. Add option --no-options.
+
+2020-12-02 Werner Koch <wk@gnupg.org>
+
+ kbx: Better error message in case of a crippled Libgcrypt.
+ + commit acafa695e1e7998b892a6a621ef06d57bbc82722
+ * kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
+
+2020-12-01 Jens Meißner <meissner@b1-systems.de>
+
+ doc: Add parameters for batch generation of ECC keys.
+ + commit a3f95a29b97d603c606936620e4638cc6db10ec9
+ * doc/gpg.texi: Add parameters for batch generation of ECC keys.
+
+2020-11-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix fallback handling to utf-8.
+ + commit 7d7a50ba7231bd4432b1254c7067a7f287890632
+ * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
+
+2020-11-23 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.25.
+ + commit 40f75823d25548abbc52dd6121963a55d99b1230
+
+
+2020-11-19 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Also print revision of libksba.
+ + commit 6594dc31f58916b6f8b31de070e85d56221e3b94
+ * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
+ string.
+ (gpgconf_versions): Print ksba revision.
+
+2020-11-19 Jakub Bogusz <qboosh@pld-linux.org>
+
+ po: Update Polish translation.
+ + commit f7cbf68fdd1e42cdbabec7e06f2149f6b3f1d1dc
+
+
+2020-11-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:openpgp: Public keys should be available for check_keyidstr.
+ + commit 84020385be19556800b22cc5b0ce098acd424298
+ * scd/app-openpgp.c (check_keyidstr): Call get_public_key.
+
+2020-11-17 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.24.
+ + commit 5751c48035764d938ae0459fcecd37194133bfb7
+
+
+2020-11-16 Werner Koch <wk@gnupg.org>
+ NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:openpgp: Allow keygrip to be used to reference a key.
+ + commit 1049f06c6d2e1a833af4c73ea67a05417bbd0967
+ * scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
+ (store_keygrip): New.
+ (read_public_key): Store the keygrip.
+ (get_public_key): Sitto.
+ (send_keypair_info): USe the stored keygrip.
+ (check_keyidstr): New. Factored out from other functions and
+ extended.
+ (do_sign): Use check_keyidstr.
+ (do_auth): Ditto.
+ (do_decipher): Ditto.
+ (do_check_pin): Ditto.
+
+2020-11-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Provide better diagnostic for replaced card keys.
+ + commit 5d98f95aa90c290a88ce97525d9f98f0aaf9e5aa
+ * agent/divert-scd.c (divert_pksign): Add arg 'grip'. Replace OPENPGP
+ key reference to keygrips.
+ (divert_pkdecrypt): Ditto.
+ * agent/protect.c (parse_shadow_info): Trim spaces.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
+ * agent/pksign.c (agent_pksign_do): Ditto.
+
+ * g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
+ id error.
+ * g10/sign.c (do_sign): Ditto.
+
+ gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
+ + commit aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
+ * g10/keydb.h (pref_hint): Change from union to struct and add field
+ 'exact'. Adjust callers.
+ * g10/pkclist.c (algo_available): Take care of the exact hint.
+ * g10/sign.c (sign_file): Fix indentation. Rework the hash from
+ recipient prefs.
+
+2020-11-12 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Yet another fix for --apply-profile.
+ + commit f400ff4e7dfb424fbfcf7dfc5f80d89757ece5ab
+ * tools/gpgconf.c (main): Use gnupg_homedir instead of
+ default_homedir. Check for existance of the directory.
+
+ scd: Skip unknown options in command SERIALNO.
+ + commit 7076f6cafbac0cfbb3ab11e0f27c5d04ca956e8f
+ * scd/command.c (cmd_serialno): Skip options.
+
+2020-11-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Support brainpool keygen with "key from card".
+ + commit 966fe1e9d98a0345da9b506ce9be0ad398f12d43
+ * g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist
+ curves.
+
+2020-11-10 Werner Koch <wk@gnupg.org>
+
+ w32: Support Unicode also for config files etc.
+ + commit 163e4ff1959788781403ddf85f808054de414fd6
+ * common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed. Use
+ new function in most places where fopen is used.
+
+ w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
+ + commit 9188a3c6b7eb871f711a0979620ca72f99522d53
+ * common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.
+
+2020-11-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Internal CCID driver: Fix a race condition on close.
+ + commit 8e206c1721564c91dd05ea46b5262670011155ab
+ * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
+ return 0 only at the initial call.
+ (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
+ the loop, to invoke scd_update_reader_status_file, which calls
+ ccid_slot_status again.
+ (ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
+ (ccid_get_atr): ... here.
+
+2020-11-09 Werner Koch <wk@gnupg.org>
+
+ card: Run factory-reset in locked stated.
+ + commit 7f765a98fd662f345baf30d93392103e5f85ace1
+ * scd/command.c (reset_notify): Add option --keep-lock.
+ (do_reset): Add arg keep_lock.
+ (cmd_lock): Send progress status.
+ * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
+ * g10/card-util.c (send_apdu): Ditto.
+ (factory_reset): Use lock commands.
+
+ gpg: Fix recent commit for weak digest algos and smartcards.
+ + commit 21d5323f5d029758fd55eae1dfdfb88b718ceada
+ * g10/sign.c (sign_file): Fix condition.
+
+ Require libksba 1.3.5.
+ + commit 549dc8cfe9a44fe7eb8a6a90662d4cbb1958a556
+ * configure.ac (NEED_KSBA_VERSION): Set to 1.3.5.
+
+ Require Libgpg-error 1.27.
+ + commit fc01ae50718b4030fbfdf3ca65ddb3e3107eacda
+ * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
+ * common/util.h: Remove compatibility macros.
+
+ Require Libgcrypt 1.8.
+ + commit 99ab3aed15c8a84347e39fbe49bd5748aeefe31a
+ * configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
+ * tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
+ for Libgcrypt < 1.8.
+ * common/compliance.c (gnupg_rng_is_compliant): Ditto.
+ * agent/pksign.c: Ditto.
+ * agent/gpg-agent.c (thread_init_once): Ditto.
+ (agent_libgcrypt_progress_cb): Ditto.
+ * agent/command.c (cmd_getinfo): Ditto.
+
+2020-11-09 Ben Kibbey <bjk@luxsci.net>
+
+ gpg: Add canceled status message.
+ + commit f05d1772c47b71cf77f79519b8edbc682002d303
+ * common/status.h (STATUS_CANCELED_BY_USER): New.
+ * g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
+ instead of STATUS_MISSING_PASSPHRASE when canceled is set.
+
+2020-11-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not print rejected digest algo notes with --quiet.
+ + commit c373735e79a1b6240e9eca972c2bbb0c9f3247c4
+ * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
+ (print_sha1_keysig_rejected_note): Ditto.
+
+2020-11-04 Werner Koch <wk@gnupg.org>
+
+ speedo,w32: Install gpg-check-pattern and example profiles.
+ + commit a4fa4b5d4ba38e51436914505af1a8f3483ed945
+ * doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
+ * doc/examples/Automatic.prf: New.
+ * doc/Makefile.am (examples): Adjust.
+ * build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3
+ example files.
+ * build-aux/speedo/w32/wixlib.wxs: Add new files.
+
+ g13: Include a now missing header file.
+ + commit d4089b04a5f15c1cc1a4809cb8f0d59fc1cdf564
+ * g13/create.c: Include sysutuls.h
+ * g13/sh-dmcrypt.c: Ditto.
+
+ gpgconf: Make sure the homedir exists for --apply-profile.
+ + commit 1fbf085bc8b4a92772d1da8bfea507f4f97434b1
+ * tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
+ standard home directory.
+
+ common: Fix duplicate implementation of try_make_homedir.
+ + commit 6fe5c8c06e8cd162913ee5b0eb741eb4beebf44a
+ * g10/openfile.c (try_make_homedir): Move core of the code to ...
+ * common/homedir.c (gnupg_maybe_make_homedir): new.
+ * sm/keydb.c (try_make_homedir): Implement using new function.
+
+ * common/homedir.c: Include i18n.h.
+ * po/POTFILES.in: Add common/homedir.c.
+
+2020-11-04 Andre Heinecke <aheinecke@gnupg.org>
+
+ w32: Add another pinentry search path.
+ + commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596
+ * common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
+
+ w32: Add windows subsystem variant of gpgconf.
+ + commit c366e04958481382c3f7b50f169120053186069b
+ * tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
+ subsystem windows.
+ * build-aux/speedo/w32/wixlib.wxs: Package it.
+
+2020-11-03 Werner Koch <wk@gnupg.org>
+
+ w32: Fix strftime problem on Windows.
+ + commit d633e92233f4a4afc82d3d9282220f303974525b
+ * common/gettime.c: Include locale.h.
+ (asctimestamp): Increase buffer. On Windows use setlocale.
+
+ gpg: Switch to AES256 for symmetric encryption in de-vs mode.
+ + commit 166e779634ea5fe2a7beeb186807e3a81128c717
+ * g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
+ mode.
+ * g10/encrypt.c (setup_symkey): Add extra compliance check.
+ (encrypt_simple): Avoid printing a second error oncplinace failure.
+
+2020-11-03 Andre Heinecke <aheinecke@gnupg.org>
+
+ po: Major update of italian translation.
+ + commit ccecdc1f34a973dcd8d00b6ee9c830e0ddc8d08b
+ * po/it.po: Update to a recent 2.2 version.
+
+2020-11-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow setting notations with the empty string as value.
+ + commit f007d79533e638e395e1a3cf99233fd900cc805c
+ * g10/misc.c (pct_expando): Catch special case of the empty string.
+ Also map a NULL to the empty string.
+ * g10/photoid.c (show_photos): Make an empty string used as command
+ fail.
+
+ gpg: Do not use weak digest algos if selected by recipient prefs.
+ + commit 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a
+ * g10/misc.c (is_weak_digest): New.
+ (print_digest_algo_note): Use it here.
+ * g10/sig-check.c (check_signature_end_simple): Use it.
+ * g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
+ the least of weak digest algorithm.
+
+2020-10-30 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ gpg: Fix iteration over signatures.
+ + commit 8a941428086bc173a65d4e8687308ca923394738
+ * g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node
+
+2020-10-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix secret key import for Ed25519.
+ + commit ba321b60bc3bfc29dfc6fa325dcabad4fac29f9c
+ * agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the
+ beginning of MPI.
+
+2020-10-28 Werner Koch <wk@gnupg.org>
+
+ gpg: New command --quick-revoke-sig.
+ + commit 7ec56b033647a1b14d56f771d51c563dbd25f1b7
+ * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
+ (opts): Add --quick-revoke-sig.
+ (main): Implement.
+ * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
+ adjust all callers.
+ (keyedit_quick_revsig): new.
+ * g10/revoke.c (get_default_sig_revocation_reason): New.
+ * g10/keylist.c (cmp_signodes): New.
+
+2020-10-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Internal CCID driver thing only for SPR532.
+ + commit 38040ffee81e3c7a6972c9eae42af44eaaeb6ce6
+ * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
+ only for SPR532, excluding other readers by SCM.
+ (ccid_slot_status): Use ccid_vendor_specific_setup.
+
+ scd: Internal CCID driver limiting only for SPR532.
+ + commit d1c9cc3ca03d2134a0feecab6db3c4af308c7fa7
+ * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
+ SPR532.
+
+2020-10-23 Werner Koch <wk@gnupg.org>
+
+ common: New functions gnupg_opendir et al.
+ + commit 5f8123df7856b724a062177026fe669ae49be263
+ * common/sysutils.h (struct gnupg_dirent_s): New.
+ * common/sysutils.c: Include dirent.h.
+ (struct gnupg_dir_s): New.
+ (gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
+ callers of opendir, readdir, and closedir to use these functions.
+
+ w32: Make gnupg_remove and gnupg_rename_file Unicode aware.
+ + commit 4252cd7b18b41a0d91076e46df9ba857e743406b
+ * common/sysutils.c (w32_rename): New.
+ (gnupg_rename_file) [W32]: Support Unicode.
+ (gnupg_remove) [W32]: Support Unicode. Drop Windows-CE support.
+
+ Replace all calls to stat by gnupg_stat.
+ + commit 157030271f2d88d0756788a60c43e455870ec124
+ * common/sysutils.c (gnupg_stat): New.
+ * common/sysutils.h: Include sys/stat.h.
+
+ Replace most calls to open by a new wrapper.
+ + commit 86e52e3c33843f67a7972181ccbf33b48a40e557
+ * common/sysutils.c (any8bitchar) [W32]: New.
+ (gnupg_open): New. Replace most calls to open by this.
+ * common/iobuf.c (any8bitchar) [W32]: New.
+ (direct_open) [W32]: Use CreateFileW if needed.
+
+2020-10-21 Werner Koch <wk@gnupg.org>
+
+ w32: Allow Unicode filenames for dotlock.
+ + commit d65ea29683eeecfcf12e74744a490e8acfc1a5cf
+ * common/dotlock.c (any8bitchar) [W32]: New.
+ (dotlock_create_w32): Use strconcat and CreateFileW.
+
+ * common/t-dotlock.c: Source include dotlock.c and modify to allow
+ manual testing on Windows.
+
+ Replace all calls to access by gnupg_access.
+ + commit dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
+ * common/sysutils.c (gnupg_access): New. Replace all calls to access
+ by this wrapper.
+ * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
+ directory name.
+ (standard_homedir): Adjust for change.
+ (w32_commondir, gnupg_cachedir): Ditto.
+
+2020-10-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add a workaround for Yubikey.
+ + commit 25bec16d0bdcb9829a7b35c403cbb778b3b0c097
+ * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
+
+ scd: Silence compiler warning.
+ + commit 0f4c956a76614bebf0f86bef79eba0e850e23df4
+ * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
+
+ scd: Report any error for LEARN command.
+ + commit 7c8823bf82daade7417aeaebc34fefe3aa7c1856
+ * scd/app-openpgp.c (do_learn_status): Report any error.
+
+ scd: Internal CCID driver: More fix for SPR532.
+ + commit 1f1b68eef72bed9bb7ac1eb8102f6f51d587dbc0
+ * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
+
+ scd: Internal CCID driver fix.
+ + commit 33a2d4bd7ffc6ad10d7ddb0f29fe4e21609806f7
+ * scd/ccid-driver.c (intr_cb): More useful debug output.
+ (ccid_slot_status): Remove redundant condition.
+
+ scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
+ + commit 48565e7a08d64e3628da8baa80541841af0a6166
+ * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
+ (ccid_vendor_specific_init): Don't call libusb_clear_halt.
+
+ scd: Internal CCID driver: Fix a failure path.
+ + commit 30693dfb6fe970dba195bf00a77d854e6fbc1ed0
+ * scd/ccid-driver.c (ccid_open_usb_reader): On error, call
+ libusb_release_interface.
+
+ scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
+ + commit 498cd38019b8122824d69fd194675ab532501423
+ * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
+
+ scd: Change handling of SPR532 card reader.
+ + commit 7db836c0e9223a4d5f30636e35e18156a97e6b91
+ * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
+ for SPR532 initialization.
+ (ccid_slot_status): Send ESCape command after GetSlotStatus.
+
+ scd: For SPR532, submit the ESCape command at initialization.
+ + commit 11d8d1e0505645f7d14bcc1c01d17a566e033705
+ * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
+ command for VENDOR_SCM.
+ (ccid_transceive_secure): Don't submit the ESC command every time.
+
+ scd: Fix CCID internal driver for interrupt transfer.
+ + commit dd7cc24d5f9274579f0966de3be7ae8b0c19bacd
+ * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
+
+ scd: Better handling of timeout and time extension.
+ + commit 186d11896ca2751eac8a7f54845ec71cc7f6fcc3
+ * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
+ (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
+ determined value. Use value from variable wait_more for bulk_in.
+ Set wait_more by the value of time extension request.
+
+ scd: Fix internal CCID driver, so that -DTEST works.
+ + commit 60af035c22b9fbdc10c8c0a69399c46908801c66
+ * scd/ccid-driver.c: Support a test program by ccid-driver.
+
+ scd: ccid-driver: Initial getting ATR more robustly.
+ + commit 165312dca90a198ebc0be4ed6b0791297c90b085
+ * scd/ccid-driver.c (send_power_off): New.
+ (do_close_reader): Use send_power_off.
+ (ccid_get_atr): Add error recovery.
+
+ scd: Clean up the structure for future fix of PC/SC.
+ + commit 1efc01ff987dde4adf6777d4df44b5a00f6f0d8d
+ * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
+ (open_ccid_reader): Follow the change.
+ (apdu_dev_list_start, apdu_dev_list_finish): Likewise.
+ (apdu_open_reader): Likewise.
+ * scd/ccid-driver.c (ccid_dev_scan): Use void *.
+ (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
+ * scd/ccid-driver.h: Change the APIs.
+
+2020-10-06 Werner Koch <wk@gnupg.org>
+
+ scd: Map some error codes from libusb to ccid-driver error codes.
+ + commit 5b985b026418213a4c75291cb041ca8aa798cec3
+ * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
+ * scd/apdu.h: New SW_HOST error codes.
+ * scd/apdu.c (host_sw_string): Print them
+ * scd/ccid-driver.c (map_libusb_error): New.
+ (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
+ * scd/iso7816.c (map_sw): Map new codes to gpg-error.
+
+2020-10-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: internal driver: Submit SET_INTERFACE control transfer.
+ + commit cccdca61a841228475da573aab8b57c659a9631a
+ * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
+ control transfer.
+
+ scd: Internal CCID driver: Clean up backport from master.
+ + commit 7b531fe5801b0ad47414c4a6ed961665ba5a2541
+ * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
+ that this is anyway an impossible case.
+
+2020-10-05 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Minor cleanup for better readability.
+ + commit ffbef54d36d4c2c150b63a57c79872d2e1f2a68e
+ * dirmngr/ldap.c (start_default_fetch_ldap): Rename to
+ start_cacert_fetch_ldap and remove arg attr. Instead use
+ "cACertificate" directly.
+ * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
+ (start_cert_fetch_ldap): Rename arg for clarity.
+
+2020-10-04 Werner Koch <wk@gnupg.org>
+
+ build: Fix SENDMAIL define for a PATH with spaces.
+ + commit 77e416741abb0a871733bd46cbc81329859de96e
+ * configure.ac: Fix use of $PATH
+
+2020-10-02 Werner Koch <wk@gnupg.org>
+
+ gpgconf,w32: Add manifest so we get the correct windows version.
+ + commit 239e60a37f63d3880d1107b6981a964f437761ae
+ * common/w32info-rc.h.in: Update copyright info.
+ * tools/gpg-connect-agent-w32info.rc: Tweak file info.
+ * tools/gpgconf-w32info.rc: New.
+ * tools/gpgconf.w32-manifest.in: New.
+ * configure.ac: Add new .in file.
+ * tools/Makefile.am (EXTRA_DIST): Add them.
+ (gpg_connect_agent_robjs, gpgconf_robjs): New.
+ (gpgconf_LDADD): Add resource file.
+ (gpg_connect_agent_LDADD): Change name of resource macro.
+
+ gpgconf: New option --show-versions.
+ + commit a298ba02ee76a9291ef5cec1a3564d8e254b9ca7
+ * tools/gpgconf.c: Include exechelp.h. New option --show-versions.
+ (get_revision_from_blurb): New.
+ (show_version_gnupg): New.
+ (show_version_libgcrypt): New.
+ (show_version_gpgrt): New.
+ (show_versions_via_dirmngr): New.
+ (show_versions): New.
+ * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
+ (get_revision_from_blurb): New.
+ (gpgconf_versions): New.
+
+2020-10-01 Andre Heinecke <aheinecke@gnupg.org>
+
+ doc: Remove enable-extended-key-format in vsnfd.
+ + commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c
+ * doc/examples/vsnfd.prf: Remove enable-extended-key-format
+
+2020-09-22 Werner Koch <wk@gnupg.org>
+
+ kbx: Add bounds check to detect corrupt keyboxes.
+ + commit be8b30f8ebf637a7e476ff8902349a56924bf20f
+ * kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes. Add support
+ for 32 byte fingerprints.
+
+2020-09-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix the use case of verify_chv2 by CHECKPIN.
+ + commit 61aea64b3c1717a7e304c82cda92e08ce5a6c533
+ * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
+ when needed.
+
+2020-09-10 Werner Koch <wk@gnupg.org>
+
+ gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
+ + commit a084924d07be16dbbbf4b34d463c67c8d4c117be
+ * dirmngr/server.c (cmd_killdirmngr): Return 0.
+ * tools/gpg-connect-agent.c (main): Catch signals.
+
+ dirmngr: Fix the pool keyserver case for a single host in the pool.
+ + commit 72e04b03b1a7aee5521156c6d549ca10a81ac529
+ * dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
+ localhost and if there is no pool.
+
+ dirmngr: Align the gnutls use of CAs with the ntbtls code.
+ + commit e4f3b74c91063d83395ba0bc37f67cb22d47ca8f
+ * dirmngr/http.c (http_session_new) <gnutls>: Use only the special
+ pool certificate for the default keyserver.
+
+ agent: Keep some permissions of private-keys-v1.d.
+ + commit 7de9ed521e516879a72ec6ff6400aed4bdce5920
+ * common/sysutils.c (modestr_to_mode): Re-implement.
+ (gnupg_chmod): Support keeping of permissions.
+
+2020-09-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Initialize a parameter to silence valgrind.
+ + commit 6ce8fdc4b2a05bb2c1cf2aa9faa76f1c7a4fdb28
+ * g10/keygen.c (read_parameter_file): Initialize nline.
+ * g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
+
+2020-09-03 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.23.
+ + commit e234d04c3c91cd4e84cb5790a131bf6a8b6733c4
+
+
+ gpg: Fix AEAD preference list overflow.
+ + commit aeb8272ca8aad403a4baac33b8d5673719cfd8f0
+ * g10/getkey.c (fixup_uidnode): Increase size of prefs array.
+
+2020-09-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix segv importing certain keys.
+ + commit 896c528ba0555443cca81b3f091f761e70c698cd
+ * g10/key-check.c (key_check_all_keysigs): Initialize issuer.
+
+2020-09-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix a regression for OpenPGP card.
+ + commit 0a9665187a7cbf68933b7162fb5f974177684a50
+ * scd/app-openpgp.c (verify_chv2): Make sure loading keys.
+
+2020-08-28 Werner Koch <wk@gnupg.org>
+
+ sm: Fix a bug in the rfc2253 parser.
+ + commit d2fe2ffd753706d07b26fbe22b17a561a2e535fc
+ * sm/certdump.c (parse_dn_part): Fix parser flaw.
+
+2020-08-27 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.22.
+ + commit f9c120a29986e82d1179b38167ef2696dd0cc10a
+
+
+ dirmngr: Print the last alert message returned by NTBTLS.
+ + commit 45499b2ca3e8f3466e725dbc381757c89a7c39bf
+ * dirmngr/http.c (send_request): Print the last TLS alert.
+
+2020-08-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add condition for VERIFY with 0x82.
+ + commit d2f1a0a791db3eb03c003365cbcd010bd8066edb
+ * scd/app-openpgp.c (verify_chv2): Check availability of keys in
+ question.
+
+2020-08-26 Werner Koch <wk@gnupg.org>
+
+ build: Silence gcc warning -Wformat-zero-length.
+ + commit 0be5decc097286e3502b6a12e019d40b8caf27b4
+ * configure.ac: Avoid useless gcc warning. We use an empty string
+ quite often, for example in log_printhex.
+
+2020-08-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Allow TERM="".
+ + commit 4c8d5eb0bdd380c412c5f5fbc2b92fe6bcea825d
+ * agent/call-pinentry.c (start_pinentry): When TERM is none,
+ don't send OPTION ttytype to pinentry.
+
+2020-08-25 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 00ac538e928076e1879366cdce0e57be41f6c8fb
+
+
+2020-08-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Set default keysize to rsa3072.
+ + commit 60f08969e13b2bb7f194eff80c3a275d444dc6b7
+ * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
+ (gen_rsa): Set fallback to 3072.
+ (get_keysize_range): Set default to 3072.
+ * doc/examples/vsnfd.prf: No more need for default-new-key-algo.
+
+ sm: Do not require a default keyring for --gpgconf-list.
+ + commit 0847133e4cafa214c8129c245194d97c1e192cd5
+ * sm/gpgsm.c (main): No default keyring for gpgconf mode.
+
+ agent: Allow using --gogconf-list even if HOME does not exist.
+ + commit adea5ba7e75261705ba6e9c2456207e9455677f3
+ * agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
+
+2020-08-23 Werner Koch <wk@gnupg.org>
+
+ gpg,gpgsm: Record the creation time of a private key.
+ + commit 5ac0cf1b8198dcaac7e7abaf05c28dd413f38cad
+ * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
+ (gpgsm_agent_import_key): Ditto.
+ * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
+ (agent_import_key): Ditto.
+ * g10/import.c (transfer_secret_keys): Pass the creation date to the
+ agent.
+ * g10/keygen.c (common_gen): Ditto.
+
+ agent: Allow to pass a timestamp to genkey and import.
+ + commit 051830d7b4862b6eca6c18c9fd53b51fa1158c34
+ * agent/command.c (cmd_genkey): Add option --timestamp.
+ (cmd_import_key): Ditto.
+ * agent/genkey.c (store_key): Add arg timestamp and change callers.
+ (agent_genkey): Ditto.
+ * agent/findkey.c (write_extended_private_key): Add args timestamp and
+ newkey to write a Created line.
+ (agent_write_private_key): Add arg timestamp.
+ (agent_write_shadow_key): Ditto.
+ * agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
+
+2020-08-22 Werner Koch <wk@gnupg.org>
+
+ agent: Default to extended key format.
+ + commit 5b927b7b27bddc8ee70176414690d8ca8d879b54
+ * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
+ (opts): Make --enable-extended-key-format a dummy option. Add
+ disable-extended-key-format.
+ (parse_rereadable_options): Implement oDisableExtendedKeyFormat.
+ * agent/protect.c (agent_protect): Be safe and set use_ocb either to
+ to 1 or 0.
+
+ gpgtar,w32: Handle Unicode file names.
+ + commit 843890663b6c68b4361ccfbeb11a50b02d5cc13f
+ * tools/gpgtar.c (oUtf8Strings): New.
+ (opts): Add option --utf8-strings.
+ (parse_arguments): Set option.
+ * tools/gpgtar.h (opt): Add field utf8strings.
+ * tools/gpgtar-create.c (name_to_utf8): New.
+ (fillup_entry_w32): Use that.
+ (scan_directory): Ditto.
+ (scan_directory) [W32]: Convert file name to utf8.
+ (gpgtar_create): Convert pattern.
+
+ common: Use gpgrt functions for mkdir and chdir if available.
+ + commit 364cef997c0ac5632152acfb7ab2330c4f289a9a
+ * common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
+ (gnupg_chdir): Divert to gpgrt_chdir
+
+ common,w32: Do not assume the ANSI codepage during string conversion.
+ + commit bef68efd8da92115142005d22e9336ff798dcf4b
+ * common/utf8conv.c (get_w32_codepage): New.
+ (wchar_to_native): Use instead oc CP_ACP.
+ (native_to_wchar): Ditto.
+
+ common: Strip trailing CR,LF from w32_strerror.
+ + commit 73b0fdabdb108880034b7730d04614d8a7cf943a
+ * common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
+ * common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
+ arg to w32_strerror.
+
+2020-08-20 Werner Koch <wk@gnupg.org>
+
+ gpgtar: Make --files-from and --null work as described.
+ + commit 1efe99f3d9e3c6d5733cf512b7e494284a445bfa
+ * tools/gpgtar-create.c (gpgtar_create): Add args files_from and
+ null_names. Improve reading from a file.
+ * tools/gpgtar.c: Make global vars static.
+ (main): Remove tests for --files-from and --null option combinations.
+ Pass option variables to gpgtar_create.
+
+ build: New configure option --disable-tests.
+ + commit 829bc3bc60da134841705f7d701b0870e1629b38
+ * configure.ac: Add option --disable-tests. Print warnings in the
+ summary.
+ (DISABLE_TESTS): New am_conditional.
+
+ gpg: Fix regression for non-default --passphrase-repeat option.
+ + commit a4d73b1c8e2a312e78831843aa04364d7d3c8e6f
+ * agent/command.c (cmd_get_passphrase): Take care of --repeat with
+ --newsymkey.
+
+2020-08-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Ignore personal_digest_prefs for ECDSA keys.
+ + commit f0f8b124f0d2332e1c0b496df5e5f9c4b3db6bc3
+ * g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
+
+2020-08-12 Werner Koch <wk@gnupg.org>
+
+ common: Pass the WAYLAND_DISPLAY envvar along.
+ + commit 3cf920a1e353ceec7a3d854d5b509be417e4c801
+ * common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
+
+2020-08-04 Werner Koch <wk@gnupg.org>
+
+ sm: Also show the SHA-256 fingerprint.
+ + commit 9c57de75cf36cfcf408eda1b59a0362a061517ce
+ * sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
+ (list_cert_raw): Print the SHA2 fingerprint.
+ (list_cert_std): Ditto.
+
+2020-07-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ w32: More adding NETLIBS.
+ + commit 8d9ce32c30db2bba5736fff5f56b7c145aaec42c
+ * common/Makefile.am (t_common_ldadd): Add $(NETLIBS).
+
+ w32: Add link to $(NETLIB) for -lws2_32.
+ + commit f95d923090e119a7a05eef13bbbc108ed98e513a
+ * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
+ * sm/Makefile.am (gpgsm_LDADD): Ditto.
+ * tools/Makefile.am (gpg_wks_client_LDADD): Ditto.
+
+2020-07-16 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not close stdout after --export-ssh-key.
+ + commit 970e43130506186c82d528d0a4fe34725e3c8e6b
+ * g10/export.c (export_ssh_key): Do not close stdout.
+
+2020-07-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ tools: Use internal regexp routines.
+ + commit b4cbb5f58a00fa5ac9f1282664c0adb7ecfa9e57
+ * tools/gpg-check-pattern.c: Use jimregexp.h.
+
+ regexp: Import change from JimTcl.
+ + commit 1d1f2aa94370dcb715f6ae02ea5e14eb7ec5fa98
+ * regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.
+
+ regexp: Fix generation of _unicode_mapping.c.
+ + commit 8904b18822fc2203ed667844cc3885dc459dbfef
+ * configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
+ * regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
+ * regexp/parse-unidata.awk: Don't use strtonum.
+
+ gpg: Add regular expression support.
+ + commit 199309190a0b9966445bc386747c433949d3b81e
+ * AUTHORS, COPYING.other: Update.
+ * Makefile.am (SUBDIRS): Add regexp sub directory.
+ * configure.ac (DISABLE_REGEX): Remove.
+ * g10/Makefile.am (needed_libs): Add libregexp.a.
+ * g10/trustdb.c: Remove DISABLE_REGEX support.
+ * regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
+ regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
+ * regexp/UnicodeData.txt: New from Unicode.
+ * regexp/Makefile.am, regexp/parse-unidata.awk: New.
+ * tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
+ * tools/Makefile.am: Remove DISABLE_REGEX support.
+
+2020-07-13 Werner Koch <wk@gnupg.org>
+
+ agent: Fix regression with --newsymkey in loopback mode.
+ + commit d9ea47f702840c87431df984b9b3f7e60c9ea815
+ * agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
+ same as with !OPT_NEWSYMKEY.
+
+2020-07-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Handle EAFNOSUPPORT at connect_server.
+ + commit ce793fc2f838a97cb1e92b3060337b8052f3dc3a
+ * dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
+
+2020-07-09 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.21.
+ + commit be6fc39ed9b4ffd56d960e20499599c851c17b44
+
+
+2020-07-08 Werner Koch <wk@gnupg.org>
+
+ Do not use the pinentry's qualitybar.
+ + commit b451c4f5ea672c9915e28d8dde30abc675060f06
+ * agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
+ * g10/call-agent.c (agent_get_passphrase): Ditto.
+ * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
+
+ gpg: Use integrated passphrase repeat entry also for -c.
+ + commit ae8b88c635424ef36f024d0016949d11187dc21e
+ * g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
+ * g10/passphrase.c (passphrase_get): Add arg newsymkey.
+ (passphrase_to_dek): Pass it on.
+
+ agent: New option --newsymkey for GET_PASSPHRASE.
+ + commit d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
+ * agent/call-pinentry.c (do_getpin): New.
+ (agent_askpin): Use do_getpin.
+ (agent_get_passphrase): Add arg pininfo. Use do_getpin.
+ * agent/genkey.c (check_passphrase_constraints): New arg no_empty.
+ * agent/command.c (reenter_passphrase_cmp_cb): New.
+ (cmd_get_passphrase): Add option --newsymkey.
+
+2020-07-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix flaw in symmetric algorithm selection in mixed mode.
+ + commit 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e
+ * g10/encrypt.c (setup_symkey): Use default_cipher_algo function
+ instead of the fallback s2k_cipher_algo. Fix error code.
+ (encrypt_simple): Use setup_symkey.
+
+2020-07-03 Werner Koch <wk@gnupg.org>
+
+ sm: Exclude rsaPSS from de-vs compliance mode.
+ + commit 4a36adaa64311a42eb78d9e52390df489454cafb
+ * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
+ * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
+ test rsaPSS. Adjust all callers.
+ * common/util.c (pubkey_algo_to_string): New.
+ (gnupg_pk_is_allowed): Ditto.
+ * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
+ (gpgsm_get_hash_algo_from_sigval): New.
+ * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
+ arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
+ * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
+ also get the algo flags. Pass algo flags along. Change some of the
+ info output to be more like current master.
+
+2020-07-02 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Silence annoying warning for missing default ldap server file.
+ + commit daca1a011b0e4ae888fd6b11253993cb3537990f
+ * dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
+ (main): Use that arg for the default file.
+
+ dirmngr: Fix case handling of "ldapi" scheme.
+ + commit 0795ab1c8f95831c15d4ae36d197805a26f8c899
+ * dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.
+
+2020-06-26 Werner Koch <wk@gnupg.org>
+
+ sm: Print the serial number of a cert also in decimal.
+ + commit ad6bf5d67f58dcdd76b621e77b81efa7b41ca885
+ * sm/certdump.c: Include membuf.h.
+ (gpgsm_print_serial_decimal): New.
+ * sm/keylist.c (list_cert_raw): Print s/n also in decimal
+ (list_cert_std): Ditto.
+
+2020-06-03 Werner Koch <wk@gnupg.org>
+
+ doc: Minor enhancement for reproducibility.
+ + commit 5ade2b68db231c78d8ecca0eb21db2153da958d2
+ * doc/Makefile.am (defsincdate): In no repo mode and with
+ SOURCE_DATE_EPOCH set, use that instead of blanking the date.
+
+ common: Add missing error code GPG_ERR_WRONG_NAME.
+ + commit 381c54179c2adefd558035f573a2029de2e1a2f7
+ * configure.ac: Require libgpg-error 1.25.
+ * common/util.h: Define some extra error codes.
+
+2020-05-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix condition for C5 data object for newer Yubikey.
+ + commit e285b1197b93e5114679b2ece9f10743abc715ef
+ * scd/app-openpgp.c (compare_fingerprint): Relax the condition.
+
+2020-05-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: dns: Fix allocation of string buffer in stack.
+ + commit ab724d3206c8d3500ab2d982c98bad93ee550e42
+ * dirmngr/dns.h (dns_strsection, dns_strclass)
+ (dns_strtype): Change APIs.
+ * dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
+ (dns_rr_print): Use __dst for dns_strclass and dns_strtype.
+ (dns_trace_dump): Likewise.
+ (dns_ai_print): Use __dst for dns_strtype.
+ (dns_strsection): Add an argument __dst for storage.
+ (dns_strclass, dns_strtype): Likewise.
+ (parse_packet): Use __dst for dns_strsection.
+ (send_query): Use __dst for dns_strtype.
+ (isection): Use __dst for dns_strsection.
+ (iclass): Use __dst for dns_strclass.
+ (itype): Use __dst for dns_strtype.
+
+2020-05-12 Werner Koch <wk@gnupg.org>
+
+ common: Change argument order of log_printhex.
+ + commit c6324ee07a9ff2a626d6dfcc094a67b62628d42e
+ * common/logging.c (log_printhex): Chnage order of args. Make it
+ printf alike. Change all callers.
+ * configure.ac: Add -Wno-format-zero-length
+
+2020-04-16 Werner Koch <wk@gnupg.org>
+
+ sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
+ + commit aec7d136e4bdfd53709dc04e3e92f4c50135d368
+ * sm/certchain.c (find_up): Disable external lookups in offline mode.
+ Always allow AKI lookup if CRLs are also enabled.
+
+ sm: Lookup missing issuers first using authorityInfoAccess.
+ + commit d57209553da7da85a369cd362aabeaef07e0bc26
+ * sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
+ adjust all callers.
+ * sm/certchain.c (oidstr_caIssuers): New.
+ (struct find_up_store_certs_s): Add additional fields.
+ (find_up_store_certs_cb): Store the fingerprint.
+ (find_up_via_auth_info_access): New.
+ (find_up): Try the AIA URI first.
+
+ dirmngr: Allow http URLs with "LOOKUP --url"
+ + commit 3b27c26241ee25cf75555e11d9bb463faac8237d
+ * dirmngr/crlfetch.c (read_cert_via_http): New.
+ (fetch_cert_by_url): Implement http scheme.
+
+ gpg: Add missing options --no-include-key-block.
+ + commit 7dbfd92b3e231cfe111c8832ff1048305c8d2d92
+ * g10/gpg.c (opts): Add it.
+
+ gpg: Make AEAD modes subject to compliance checks.
+ + commit 37b116db20080f6e1c6ca1dec79014fecf2c3248
+ * g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
+
+ gpg: Show AEAD preferences.
+ + commit ab7a0b07024c432233e691b5e4be7e32baf8d80f
+ * g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
+ * g10/keyedit.c (show_prefs): Print AEAD preferences.
+ * g10/getkey.c (fixup_uidnode): Set AEAD flags.
+ (merge_selfsigs): Ditto.
+
+ gpg: Support decryption of the new AEAD packet.
+ + commit 1dfe71c62b184c84723c5f926f2596f46ee967cf
+ * common/openpgpdefs.h (aead_algo_t): New.
+ (pkttype_t): Add PKT_ENCRYPTED_AEAD.
+ * g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
+ AEAD.
+ (aead_set_nonce_and_ad): New.
+ (aead_checktag): New.
+ (decrypt_data): Support AEAD.
+ (aead_underflow): New.
+ (aead_decode_filter): New.
+ * g10/dek.h (DEK): Add field use_aead. Turn use_mdc,
+ algo_info_printed, and symmetric into bit flags.
+ * g10/mainproc.c (struct mainproc_context): Add field
+ seen_pkt_encrypted_aead.
+ (release_list): Clear it.
+ (have_seen_pkt_encrypted_aead): New.
+ (symkey_decrypt_seskey): Support AEAD.
+ (proc_symkey_enc): Ditto.
+ (proc_encrypted): Ditto.
+ (proc_plaintext): Ditto.
+ * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
+ (openpgp_aead_test_algo): New.
+ (openpgp_aead_algo_name): New.
+ (openpgp_aead_algo_info): New.
+ * g10/packet.h (PKT_symkey_enc): Add field use_aead.
+ (PKT_user_id): Add field flags.aead
+ (PKT_public_key): Ditto.
+ (PKT_encrypted): Add fields for AEAD.
+ * g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
+ (parse_symkeyenc): Support AEAD.
+ (parse_encrypted): Ditto.
+ (dump_sig_subpkt): Dump AEAD preference packet.
+ (parse_encrypted_aead): New.
+
+2020-04-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve symmetric decryption speed by about 25%
+ + commit 144b95cc9d0f03a2fe5d91120f6b4b30f4bb8f71
+ * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer
+ filling code out to ...
+ (fill_buffer): new.
+
+ gpg: Reformat parts of decrypt-data.c.
+ + commit 2f39e00b6b7d2aa57cd268c579127947042a0fcf
+ * g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer'
+ to 'holdback' and 'defer_filled' to 'holdbacklen'. Increase size of
+ holdback to allow for future AEAD decryption. Turn 'partial' and
+ 'eof_seen' into bit fields.
+ (decrypt_data): Replace write_status_text by write_Status_printf.
+ Indent parts of the code.
+
+ sm,dirmngr: Restrict allowed parameters used with rsaPSS.
+ + commit ddc74f50d42370421b4802dc13df88f0ca2fcee5
+ * sm/certcheck.c (extract_pss_params): Check the used PSS params.
+ * dirmngr/crlcache.c (finish_sig_check): Ditto.
+ * dirmngr/validate.c (check_cert_sig): Ditto.
+
+ sm: Support rsaPSS verification also for CMS signatures.
+ + commit 24d563749f50f51841b3fd00eb615a871e45bb28
+ * sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
+ (extract_pss_params): new.
+ (gpgsm_check_cms_signature): Implement PSS.
+
+ dirmngr: Support rsaPSS also in the general validate module.
+ + commit 8bf17eb94d0d85f34477ec0c2c0514000b6aa045
+ * dirmngr/validate.c (hash_algo_from_buffer): New.
+ (uint_from_buffer): New.
+ (check_cert_sig): Support rsaPSS.
+ * sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
+ error.
+
+ sm,dirmngr: Support rsaPSS signature verification.
+ + commit 0626cc8fed340deb36f0c10e7a68afc287d0f626
+ * sm/certcheck.c (hash_algo_from_buffer): New.
+ (uint_from_buffer): New.
+ (gpgsm_check_cert_sig): Handle PSS.
+ * dirmngr/crlcache.c (hash_algo_from_buffer): New.
+ (uint_from_buffer): New.
+ (start_sig_check): Detect PSS and extract hash algo. New arg to
+ return a PSS flag.
+ (finish_sig_check): New arg use_pss. Extract PSS args and use them.
+ (crl_parse_insert): Pass use_pss flag along.
+
+ common: New function to map hash algo names.
+ + commit 4d37cc72b83f601118c2c6c79d9d96c85e250f7e
+ * common/sexputil.c (hash_algo_to_string): New.
+
+ scd:p15: Return a display S/N via Assuan.
+ + commit 39e2260d7e05ef2fd6ff94a1bc538cf0d640193c
+ * scd/app-p15.c (make_pin_prompt): Factor some code out to ...
+ (get_dispserialno): this.
+ (do_getattr): Use new fucntion for a $DISPSERIALNO.
+
+ scd:p15: Show a pretty PIN prompt.
+ + commit beaa2cbb7f039c6ebfcfff483cfe6002a858993d
+ * scd/app-p15.c (struct prkdf_object_s): New fields common_name and
+ serial_number.
+ (release_prkdflist): Free them.
+ (keygrip_from_prkdf): Parse cert and set them.
+ (any_control_or_space): New.
+ (make_pin_prompt): New.
+ (verify_pin): Construct a pretty PIN prompt.
+ (do_sign): Remove debug output.
+
+ scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
+ + commit 9e6a3290dad1b19144a2b413902e9918094a2cea
+ * scd/iso7816.c (map_sw): Detect 0x63Cn status code.
+
+ scd: Factor common PIN status check out.
+ + commit 9497d25c567d4fb8b6be603b102a149060e7aa56
+ * scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
+ (ISO7816_VERIFY_NO_PIN): New.
+ (ISO7816_VERIFY_BLOCKED): New.
+ (ISO7816_VERIFY_NULLPIN): New.
+ (ISO7816_VERIFY_NOT_NEEDED): New.
+ * scd/iso7816.c (iso7816_verify_status): New.
+ * scd/app-nks.c (get_chv_status): Use new function.
+
+ scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
+ + commit 471b06e91b6ae47e1f71cd7a698763cd9d32ff12
+ * scd/iso7816.c (iso7816_select_mf): New.
+ * scd/app-p15.c (card_product_t): New.
+ (struct app_local_s): Add field 'card_product'.
+ (read_ef_tokeninfo): Detect D-Trust card.
+ (prepare_verify_pin): Switch to D-Trust AID.
+ (do_decipher): Restore a SE for D-TRust cards. Change the padding
+ indicator to 0x81.
+
+ * common/percent.c (percent_data_escape): new. Taken from master.
+
+ scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
+ + commit 4148976841d154c94e6d1d4dcc1720908582086b
+ * scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id.
+ (do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID.
+ (send_keypairinfo): Also print usage flags.
+
+ gpg: Use the new MANUFACTURER attribute.
+ + commit 88b456bdf4e4763e8f1b718f5597d4d075d989cd
+ * g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
+ * g10/call-agent.c (agent_release_card_info): Release them.
+ (learn_status_cb): Parse MANUFACTURER attribute.
+ * g10/card-util.c (get_manufacturer): Remove.
+ (current_card_status): Use new attribute.
+
+ scd:openpgp: New attribute "MANUFACTURER".
+ + commit 431b3e68e071d2bdc22b2c845ca929182830ddbd
+ * scd/app-openpgp.c (get_manufacturer): New..
+ (do_getattr): Add new attribute "MANUFACTURER".
+ (do_learn_status): Always print it.
+
+ scd:p15: Rename some variables and functions for clarity.
+ + commit b0cb2c2ab8c71738167785564698c43b50c15fee
+ * scd/app-p15.c: Rename keyinfo to prkdf.
+
+
+ Backported from master. Removed the do_with_keygrip related parts
+ because that function is not available.
+
+ scd:p15: Cache the PIN.
+ + commit 133b6ff8cd0c938abbf55ba6dc50299240d247f6
+ * scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
+ (verify_pin): Make use of it.
+
+2020-04-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: ECDH: Accept longer padding.
+ + commit 2f08a4f25df7d1cbf037bdf0d7f5c1ef5859fa1e
+ * g10/pubkey-enc.c (get_it): Remove check which mandates shorter
+ padding.
+
+2020-04-01 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Add missing keygrip retrieval for decryption.
+ + commit b95a0bfbba75025761aa163eca74c7653d76981a
+ * scd/app-p15.c (do_decipher): Get the keygrip.
+
+ scd:p15: Support decryption with CardOS 5 cards.
+ + commit 4af38ea5e450b3eb79af98b9876b2b968110a459
+ * scd/app-p15.c (do_decipher): New.
+
+ scd:p15: Factor PIN verification out to a new function.
+ + commit ce9406ca370b482c05c859d963949ae75c99cb6f
+ * scd/app-p15.c (do_sign): Factor code out to ...
+ (prepare_verify_pin, verify_pin): new functions.
+
+ scd:p15: Support signing with CardOS 5 cards.
+ + commit e730444e7b7502b935bbe343935f68f764b95b96
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
+ r_pkey and change all callers.
+ (app_help_get_keygrip_string): Ditto.
+ * scd/app-p15.c (struct cdf_object_s): Use bit flags
+ (struct aodf_object_s): Ditto. Add field 'fid'.
+ (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
+ keynbits.
+ (parse_certid): Allow a keygrip instead of a certid aka keyref.
+ (read_ef_aodf): Store the FID.
+ (keygripstr_from_prkdf): Rename to ...
+ (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
+ Change callers to directly use the values from the object. Also store
+ the algo and length of the key ion the object.
+ (keyref_from_keyinfo): New. Factored out code.
+ (do_sign): Support SHA-256 and >2048 bit RSA keys.
+ common/scd:p15: Support signing with CardOS 5 cards.
+ * common/util.h (KEYGRIP_LEN): New.
+
+ scd:p15: Read certificates in extended mode.
+ + commit 368f006a2840cd6b37caf7b4b98a16b818ac2289
+ * scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
+ * scd/app-common.h (app_get_slot): New.
+
+ scd: Add function for binary read in extended mode.
+ + commit 64142caafe5c89ad4db36b47c2dc917a9ac66a8e
+ * scd/iso7816.c (iso7816_read_binary): Factor code out to ...
+ (iso7816_read_binary_ext): new function. Add arg extended_mode.
+
+ scd:p15: Detect CardOS 5 cards and print some basic infos.
+ + commit 60b0aa7e57e787cbeca22adf77b330f753553d87
+ * scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
+ the garbage warning for null bytes.
+ (print_tokeninfo_tokenflags): New.
+ (read_ef_tokeninfo): Print manufacturer, label, and flags.
+ (app_select_p15): No need to use the app_get_slot macro.
+ (CARD_TYPE_CARDOS_50): New const.
+ (card_atr_list): Detect CardOS 5.0
+
+2020-03-30 Werner Koch <wk@gnupg.org>
+
+ wks: Take name of sendmail from configure.
+ + commit 76d2a02dfe8f923c0d4d8ef86ca71a9ac47c243d
+ * configure.ac (NAME_OF_SENDMAIL): New ac_define.
+ * tools/send-mail.c (run_sendmail): Use it.
+
+ agent: Print an error if gpg-protect reads the extended key format.
+ + commit 011a2f5fb77c7963f25550e423160507818f7a91
+ * agent/protect-tool.c (read_key): Detect simple extended key format.
+
+ sm: Fix possible NULL deref in error messages of --gen-key.
+ + commit 2b4b0b1223aab955aafa2a150fe2dbc04c210bcd
+ * sm/certreqgen.c: Protect printing the line numbers in case of !R.
+
+2020-03-27 Werner Koch <wk@gnupg.org>
+
+ sm: Consider certificates w/o CRL DP as valid.
+ + commit 1424c12e4c7164990797a0a1daa3db6f3329aed4
+ * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
+ * common/audit.c (proc_type_verify): Print "n/a" if a cert has no
+ distribution point.
+ * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
+ * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
+ (opts): Add option --enable-issuer-based-crl-check.
+ (main): Set option.
+
+2020-03-20 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.20.
+ + commit 5094bb08edd48087a5aa89494fc361f0ce4f34aa
+ * build-aux/speedo.mk (sign-installer): Fix syntax error.
+
+2020-03-19 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Take care of --homedir when reading/updating options.
+ + commit b92860a8b9d253661de0060623e920b3f58e4443
+ * tools/gpgconf-comp.c (gc_component_check_options): Take care of
+ --homedir.
+ (retrieve_options_from_program): Ditto.
+
+2020-03-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix pinpad handling when KDF enabled.
+ + commit 133248b297a1d72897f280d8bd21081cd6ebd66c
+ * scd/app-openpgp.c (do_getattr): Send the KDF DO information.
+
+ scd: Disable pinpad if it's impossible by KDF DO.
+ + commit b27e20a95cb7af59dcaa6e59aacf52ed766be1f3
+ * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
+ (do_getattr): Set pinpad.disabled field.
+ (check_pinpad_request): Use the pinpad.disabled field.
+ (do_setattr): Update pinpad.disabled field.
+
+2020-03-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a hint for --batch mode and --delete-secret-key.
+ + commit fbe318475236166b54e19d228bf9b24e442e0fa5
+ * g10/delkey.c: Include shareddefs.h.
+ (delete_keys): Print a hint.
+
+ dirmngr: Improve finding OCSP cert.
+ + commit 25dc0e5b1eb02f79946a86c799c7720001a296bc
+ * dirmngr/certcache.c (find_cert_bysubject): Add better debug output
+ and try to locate by keyid.
+
+2020-03-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Update --trusted-key to accept fingerprint as well as long key id.
+ + commit b6d89d1944c55f302fb797cce0e007f59aabaf54
+ * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
+ as long key ID.
+ * doc/gpg.texi: document that --trusted-key can accept a fingerprint.
+
+2020-03-18 Werner Koch <wk@gnupg.org>
+ gniibe@fsij.org
+
+ gpg: Fix key expiration and usage for keys created at the Epoch.
+ + commit e77f332b01f13af606ae0158dabcd644c274e456
+ * g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
+ account.
+
+2020-03-14 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --auto-key-import.
+ + commit 95b42278cafe7520d87168fb993ba715699e6bb6
+ * g10/gpg.c (opts): New options --auto-key-import,
+ --no-auto-key-import, and --no-include-key-block.
+ (gpgconf_list): Add them.
+ * g10/options.h (opt): Add field flags.auto_key_import.
+ * g10/mainproc.c (check_sig_and_print): Use flag to enable that
+ feature.
+ * tools/gpgconf-comp.c: Give the new options a Basic config level.
+
+ gpg: Make use of the included key block in a signature.
+ + commit b42d9f540c7484e45cfc997f77e360d0f0ec4bb9
+ * g10/import.c (read_key_from_file): Rename to ...
+ (read_key_from_file_or_buffer): this and add new parameters. Adjust
+ callers.
+ (import_included_key_block): New.
+ * g10/packet.h (PKT_signature): Add field flags.key_block.
+ * g10/parse-packet.c (parse_signature): Set that flags.
+ * g10/sig-check.c (check_signature2): Add parm forced_pk and change
+ all callers.
+ * g10/mainproc.c (do_check_sig): Ditto.
+ (check_sig_and_print): Try the included key block if no key is
+ available.
+
+ gpg: New option --include-key-block.
+ + commit d79ebee64ea582da3c3be69cc23e146e2db3738b
+ * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
+ * g10/gpg.c (oIncludeKeyBlock): New.
+ (opts): New option --include-key-block.
+ (main): Implement.
+ * g10/options.h (opt): New flag include_key_block.
+ * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
+ (parse_one_sig_subpkt): Ditto.
+ (can_handle_critical): Ditto.
+ * g10/sign.c (mk_sig_subpkt_key_block): New.
+ (write_signature_packets): Call it for data signatures.
+
+ gpg: Add property "fpr" for use by --export-filter.
+ + commit 2baa00ea186359f758fea5cb61aff99b09fec821
+ * g10/export.c (push_export_filters): New.
+ (pop_export_filters): New.
+ (export_pubkey_buffer): Add args prefix and prefixlen. Adjust
+ callers.
+ * g10/import.c (impex_filter_getval): Add property "fpr".
+ * g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
+
+2020-02-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix default-key selection when card is available.
+ + commit 1cdd9e57f701f0d99d118d32adffe5216a94b0b2
+ * g10/getkey.c (get_seckey_default_or_card): Handle the case
+ when card key is not suitable for requested usage.
+
+2020-02-19 Nick Piper <nick.piper@cgi.com>
+
+ doc: Correction of typo in documentation of KEY_CONSIDERED.
+ + commit 60dbe082949b13635f3f31aa03d12aa9f671c941
+ (cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
+
+2020-02-15 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Fix import of some CR,LF ternminated certificates.
+ + commit 38f819bd6d77d068d8626bf7f5b968ff03c263af
+ * common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
+ don't just rely on the padding chars. This could happen only with
+ CR+LF termnmated PEM files. Also move the detection into the invalid
+ character detection branch for a minor parser speedup.
+
+2020-02-10 Werner Koch <wk@gnupg.org>
+
+ doc: Improve the warning section of the gpg man page.
+ + commit 146dacd3b13bf5d917978313092c022641305a27
+ * doc/gpg.texi: Update return value and warning sections.
+
+ (cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
+
+2020-02-10 Werner Koch <wk@gnupg.org>
+ Tomáš Mráz
+
+ build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
+ + commit 21d9bd8b87a9f793a106095e3838eb71825189d7
+ * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
+ here but now without the Norcroft-C. Change all other places where it
+ gets defined.
+ * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
+ extern.
+ * common/iobuf.c (iobuf_debug_mode): Define it here.
+ * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
+ all main modules of all other programs.
+
+ * g10/main.h: Put util.h before the local header files.
+
+2020-02-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Make really sure that --verify-files always returns an error.
+ + commit 49151255f3b1decf2e394a58bc0ac412bda2b214
+ * g10/verify.c (verify_files): Track the first error code.
+
+ common: Also protect log_inc_errorcount against counter overflow.
+ + commit 47f514fde6e29137d660c19e6eea0b842d2b03f5
+ * common/logging.c (log_inc_errorcount): Also protect against
+ overflow.
+ (log_error): Call log_inc_errorcount instead of directly bumping the
+ counter.
+
+2020-01-17 Werner Koch <wk@gnupg.org>
+
+ gpgconf,w32: Print a warning for a suspicious homedir.
+ + commit a265d3997a9120cb607c2d9b843bf9ee9e944378
+ * tools/gpgconf.c (list_dirs): Check whether the homedir has been
+ taken from the registry.
+
+2020-01-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: default-key: Simply don't limit by capability.
+ + commit a7840777e4277039482ce3ea3e6fc919526be2f1
+ * g10/getkey.c (parse_def_secret_key): Remove the check.
+
+2019-12-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix output of --with-secret if a pattern is given.
+ + commit def1ceccf05baf187b9313e6e37171709ab44225
+ * g10/keylist.c (list_one): Probe for a secret key in --with-secret
+ mode.
+
+2019-12-19 Andre Heinecke <aheinecke@gnupg.org>
+
+ speedo: Make signing optional for w32-release.
+ + commit a56c591f9063d895544d681e25bda2ffb22f7ca0
+ * build-aux/speedo.mk (AUTHENTICODE_sign): Check if
+ certificates are available.
+
+ speedo: Use multithreaded xz for w32 source.
+ + commit 28403cb5fe4eea2ac1ad514fdfcfa282e795c69f
+ * build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
+
+ speedo: Improve and document wixlib build.
+ + commit 4d9b262584fb15e7965d579fad9a149e26849c18
+ * Makefile.am (sign-release): Add handling for wixlib.
+ * build-aux/speedo.mk: Add help-wixlib and improve handling.
+
+2019-12-17 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo, w32: Add w32-wixlib target for MSI package.
+ + commit c461de93f44efaa6a1d9669eb9d4033943368431
+ * Makefile.am (EXTRA_DIST): Add wixlib.wxs
+ * build-aux/speedo.mk (w32-wixlib): New target.
+ (w32-release): Build wixlib if WIXPREFIX is set.
+ (help): Add documentation.
+ * build-aux/speedo/w32/wixlib.wxs
+
+2019-12-07 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.19.
+ + commit 1c841c8389fb9640762822395b988e0d1584c9ae
+
+
+ po: Make g10/call-dirmngr.c translatable.
+ + commit 03983711b3376a5dff518a99adf5fb3a5bd8be4a
+ * po/POTFILES.in: Add g10/call-dirmngr.c
+ * g10/call-dirmngr.c (create_context): Change an i18n sting for easier
+ reuse.
+
+ dirmngr: Tell gpg about WKD lookups resulting from a cache.
+ + commit 438a1ec2978c64ecfe6b5ddaa61f214c2dcae88f
+ * dirmngr/server.c (proc_wkd_get): Print new NOTE status
+ "wkd_cached_result".
+ * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
+ verbose mode.
+
+2019-12-06 Werner Koch <wk@gnupg.org>
+
+ sm: Add special case for expired intermediate certificates.
+ + commit 8c167febc0abc00be281a9dc8c2544b8d048a002
+ * sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
+ * sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
+ Also simplify by using ref-ed cert objects in place of an anyfound
+ var.
+
+2019-12-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Use AKL for angle bracketed mail address with -r.
+ + commit 78bb81e9deeca264f6a516630496470341e78fa9
+ * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
+ (get_best_pubkey_byname): Ditto.
+
+2019-11-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix double free with anonymous recipients.
+ + commit 9ac182f376abf910a7b737b0e1ebd447eaa582f1
+ * g10/pubkey-enc.c (get_session_key): Do not release SK.
+
+2019-11-25 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.18.
+ + commit 82b9e1bdbdd756290b8873b3e244dcc8d1f840fb
+
+
+ tests: Adjust for now invalid SHA-1 key signatures.
+ + commit 8e49fc7f43ecfe44dac57d97c555e2cbc7eb8e9a
+ * tests/openpgp/defs.scm (create-gpghome): Add
+ allow-weak-key-signatures.
+
+ agent: Improve --debug-pinentry diagnostics.
+ + commit 96c4943a5bd070772d8be7bb7db8548840af5f8f
+ * agent/call-pinentry.c (atfork_cb): Factor code out to ...
+ (atfork_core): new.
+
+2019-11-23 Werner Koch <wk@gnupg.org>
+
+ wkd: Let --install-key write a template policy file.
+ + commit 6e893061b54ddd38e83531f5513e3168d0002e41
+ * tools/wks-util.c (ensure_policy_file): New.
+ (wks_cmd_install_key): Call it.
+
+2019-11-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
+ + commit 3efc94f1eb17eb5c5950c2fab9f701518352ae19
+ * doc/DETAILS: Specify new status code "NOTE".
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
+ bad TLS certificate.
+ * g10/call-dirmngr.c (ks_status_cb): Detect this status.
+
+ dirmngr: Forward http redirect warnings to gpg.
+ + commit 4dd50991252409eb2023ab8ad11f36a050f421af
+ * dirmngr/http.c: Include dirmngr-status.h
+ (http_prepare_redirect): Emit WARNING status lines for redirection
+ problems.
+ * dirmngr/http.h: Include fwddecl.h.
+ (struct http_redir_info_s): Add field ctrl.
+ * dirmngr/ks-engine-hkp.c (send_request): Set it.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
+ * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
+
+ dirmngr: Factor some prototypes out to dirmngr-status.h.
+ + commit 466bdf7c07f4ebfc69d503f85b9423f2f6440682
+ * dirmngr/dirmngr-status.h: New.
+ * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
+ to that file.
+ * dirmngr/t-support.c: New.
+ * dirmngr/Makefile.am (t_common_src): Add new file.
+
+2019-11-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd,ccid: Add support of GEMPC_EZIO.
+ + commit 9b41f58c8a549055fa6bf7e21e2931b86f4da776
+ * scd/ccid-driver.h (GEMPC_EZIO): New.
+ * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.
+
+2019-11-12 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use IPv4 or IPv6 interface only if available.
+ + commit 392e068e9f143d41f6350345619543cbcd47380f
+ * dirmngr/dns-stuff.c (cached_inet_support): New variable.
+ (dns_stuff_housekeeping): New.
+ (check_inet_support): New.
+ * dirmngr/http.c (connect_server): Use only detected interfaces.
+ * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
+
+2019-11-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Forbid the creation of SHA-1 third-party key signatures.
+ + commit 754a03f5a279964af62025d11d92391e650fddb7
+ * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
+ (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change
+ callers to pass 0.
+ (complete_sig): Add arg signhints and pass on.
+ (make_keysig_packet, update_keysig_packet): Set signhints.
+
+ gpg: Add option --allow-weak-key-signatures.
+ + commit 3b1fcf65239d9c73cc54760ea52a5749e024fa76
+ * g10/gpg.c (oAllowWeakKeySignatures): New.
+ (opts): Add --allow-weak-key-signatures.
+ (main): Set it.
+ * g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
+ * g10/misc.c (print_sha1_keysig_rejected_note): New.
+ * g10/sig-check.c (check_signature_over_key_or_uid): Print note and
+ act on new option.
+
+2019-11-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a potential loss of key sigs during import with self-sigs-only.
+ + commit 2975868ede40ce8b8a0d20e7f0e4cd687772f9d0
+ * g10/import.c (import_one_real): Don't do the final clean in the
+ merge case.
+
+2019-10-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Also delete key-binding signature when deleting a subkey.
+ + commit d8052db74a0d2e6a55cf104e0ecb1868936bd09c
+ * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
+
+2019-10-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ Revert "gpg: The first key should be in candidates."
+ + commit 2906636b929f08fdf342560834d920e8e8153458
+ This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578.
+
+2019-10-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend --quick-gen-key for creating keys from a card.
+ + commit 652ca4b2bf985546baa70754f66eab3840cf2820
+ * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
+ support the special algo "card".
+ (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
+ Handle the "card" algo. Adjust callers.
+ (parse_algo_usage_expire): Add arg R_KEYGRIP.
+ (quickgen_set_para): Add arg KEYGRIP and put it into the parameter
+ list.
+ (quick_generate_keypair): Handle algo "card".
+ (generate_keypair): Also handle the keygrips as returned by
+ parse_key_parameter_string.
+ (ask_algo): Support ed25519 from a card.
+
+2019-10-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit fe02709ffd3c41fe84b90cda96edd12e6b836741
+
+
+ gpg: The first key should be in candidates.
+ + commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578
+ * g10/getkey.c (get_best_pubkey_byname): Handle the first key
+ as the initial candidate for the selection.
+
+ gpg: Fix a memory leak in get_best_pubkey_byname.
+ + commit 2924ac374eb8cbf87ed6c9fbbb72c0b8d1d37fa3
+ * g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
+
+2019-10-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
+ + commit edc36f59fcfcb4b896a53530345d586f7e5df560
+ * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
+ SHA-1 based signatures.
+
+2019-09-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Make --quiet work on --send-keys.
+ + commit de57b5bf91d64f8843a68d1950bd12aecc82f8c1
+ * g10/keyserver.c (keyserver_put): Act upon --quiet.
+
+2019-08-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Implement keybox compression run.
+ + commit b5f7ac6c368a07b3d35191bf56fdf58145c4e44b
+ * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all
+ callers to pass -1.
+ * g10/keydb.c (keydb_add_resource): Call keybox_compress.
+
+ kbx: Include deleted records into the --stats output.
+ + commit 34f55c5e348d4bf9894c24988e6856b411ba05de
+ * kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
+ account.
+
+ kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
+ + commit e854580fa562c423f3d977318b515fb4d186f99a
+ * kbx/keybox-update.c (keybox_compress): Use make_timestamp.
+
+ gpg: Allow --locate-external-key even with --no-auto-key-locate.
+ + commit df6cff8233aa281d150861a26cd262a8a15c73e7
+ * g10/getkey.c (akl_empty_or_only_local): New.
+ * g10/gpg.c (DEFAULT_AKL_LIST): New.
+ (main): Use it here.
+ (main) <aLocateExtKeys>: Set default AKL if none is set.
+
+ gpg: Silence some warning messages during -Kv.
+ + commit 589f1187137cb14da1d16be1fdaf8f1ac2c2d436
+ * g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
+ * g10/keylist.c (list_all): Set that during secret key listsings.
+ * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
+ not print info message normally emitted inh verbose mode.
+ (can_handle_critical_notation, enum_sig_subpkt): Ditto.
+ (parse_signature, parse_key, parse_attribute_subpkts): Ditto.
+
+ gpg: Do not show an informational diagnostics with quiet.
+ + commit 215858aba342e6f2b9a7c93f579638279af3a561
+ * g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
+
+ gpgconf: Suggest the use of --gpgconf-test on --launch problems.
+ + commit 7c386c5fb5aebbbb36daf61c25d20e6888123994
+ * tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
+
+2019-08-21 Werner Koch <wk@gnupg.org>
+
+ scd:nks: Extend keypairinfo with usage flags.
+ + commit 0a9053eff0406c6799ee201013194200c0ed3487
+ * scd/app-nks.c (do_learn_status_core): Return usage.
+
+ scd:openpgp: Extend keypairinfo with usage flags.
+ + commit 6f67abcc0339b42a181285b3416959c39a2d7808
+ * scd/app-openpgp.c (send_keypair_info): Return usage.
+
+ sm: Show the usage flags when generating a key from a card.
+ + commit a8aacaf2042a72760e6eaf35e65bfd6d42e642f0
+ * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
+ flags.
+ * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
+
+ (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
+
+ gpg: Allow decryption using non-OpenPGP cards.
+ + commit 9a317557c58d2bdcc504b70c366b77f4cac71df7
+ * g10/call-agent.c (struct getattr_one_parm_s): New.
+ (getattr_one_status_cb): New.
+ (agent_scd_getattr_one): New.
+ * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
+ pkcs#1.
+ * g10/getkey.c (enum_secret_keys): Move to...
+ * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards.
+
+ scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
+ + commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a
+ * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
+ * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
+ * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
+ "$SIGNKEYID".
+ * scd/app-nks.c (do_getattr): Add attributes too.
+
+ gpg: Allow direct key generation from card with --full-gen-key.
+ + commit fbed618a3699bea131ce36949387af0fa3cf13f9
+ * g10/call-agent.c (agent_scd_readkey): New.
+ * g10/keygen.c (ask_key_flags): Factor code out to ..
+ (ask_key_flags_with_mask): new.
+ (ask_algo): New mode 14.
+
+ common: Extend function pubkey_algo_string.
+ + commit 0353cb0a5edeef07330da1688b7801c073959185
+ * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
+
+ (cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)
+
+ Removed the changes in gpg-card which is not part of 2.2
+
+ gpg: New option --use-only-openpgp-card.
+ + commit c185f6dfbd1bfd809369da789239a371e9d1610e
+ * g10/gpg.c (opts): Add option.
+ (main): Set flag.
+ * g10/options.h: Add flags.use_only_openpgp_card.
+ * g10/call-agent.c (start_agent): Implement option.
+
+ gpg: Prepare card code to allow other than OpenPGP cards.
+ + commit fe5c8de862885c51d27c2dc9ea237846c5e57e8a
+ * g10/call-agent.c (start_agent): Use card app auto selection.
+ * g10/card-util.c (current_card_status): Print the Application type.
+ (card_status): Put empty line between card listings.
+
+ (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
+
+ gpg: New card function agent_scd_keypairinfo.
+ + commit 768cb6402f2941781262b9cb0a2aeecc89941f0f
+ * g10/call-agent.c (scd_keypairinfo_status_cb)
+ (agent_scd_keypairinfo): New. Taken from gpgsm.
+
+ (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
+
+ gpg: Remove two unused card related functions.
+ + commit c2f87a936afb7eba288d7e6558c24509cd6ab045
+ * g10/call-agent.c (inq_writekey_parms): Remove.
+ (agent_scd_writekey): Remove.
+ (agent_clear_pin_cache): Remove this stub.
+
+ (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
+
+ gpg: Repurpose the ISO defined DO "sex" to "salutation".
+ + commit d410b5f9309607599c9ff45061fd1f02638a9a88
+ * g10/card-util.c (current_card_status): String changes.
+ (change_sex): Description change.
+ (cmds): Add "salutation"; keep "sex" as an alias.
+
+ gpg: Remove unused arg in a card related function.
+ + commit c66a2cc8d306e7d9d0b4450311f230f182762f93
+ * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
+
+ (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
+
+2019-08-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix line break handling, finding a space.
+ + commit 6e6078c8d0d4a2947e2a34f1367e4472f6ae483b
+ * common/name-value.c (assert_raw_value): Correctly find a space.
+
+ sm: Support AES-256 key.
+ + commit a9816d5fb13edb30c5d12cf85ae3e1a114fcc2c1
+ * sm/decrypt.c (prepare_decryption): Handle a case for AES-256.
+
+ sm: Fix error checking of decryption result.
+ + commit ccf5cc8b0b6cee562f7d5598149abcde17440ed4
+ * sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition.
+
+2019-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
+ + commit 64500e7f6dd63c793734e52e270b1ea23cfd1928
+ * g10/call-agent.c (agent_pkdecrypt): accept but do not require
+ NUL-terminated data from the agent.
+ * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
+ NUL-terminated data from the agent.
+
+2019-08-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Handle CCID bwi of time extension.
+ + commit 879660bf4581d902cc1d1244091873c6c0225fa2
+ * scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
+ value as defined section 6.2.6 in CCID specification.
+
+ scd: Fix bBWI value.
+ + commit f8961a576d3b5d69bb0e600a64553659ebef8ee7
+ * scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
+ level transfer.
+ (ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
+ level transfer.
+
+ card: Fix showing KDF object attribute.
+ + commit 8e01676981206c209c0bfcb92633d9d2f06a2d90
+ * g10/call-agent.c (learn_status_cb): Parse the KDF DO.
+ * g10/card-util.c (current_card_status): Show it correctly.
+
+2019-07-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: The option --passphrase= can be empty.
+ + commit b21133ba80f21ce93d5a4afe48027172d9fc1999
+ * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
+ empty string.
+
+2019-07-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Don't add system CAs for SKS HKPS pool.
+ + commit 58e234fbeb6cc5908b69a73e50428f02e584e504
+ * dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
+ add_system_cas.
+
+ gpg: Improve import slowness.
+ + commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96
+ * g10/import.c (read_block): Avoid O(N^2) append.
+ (sec_to_pub_keyblock): Likewise.
+
+ gpg: Fix keyring retrieval.
+ + commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7
+ * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
+
+2019-07-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: fix spelling.
+ + commit d10bb027e481b518e4bf13ba72d14933d6cbb8cb
+ * doc/tools.texi: fix a handful of minor spelling errors.
+
+2019-07-09 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.17.
+ + commit 591523ec94b6279b8b39a01501d78cf980de8722
+
+
+2019-07-09 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit ad0c61972a413987d2cc8ac8deb6a646b954ae05
+
+
+2019-07-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not try the import fallback if the options are already used.
+ + commit 3c2cf5ea952015a441ee5701c41dadc63be60d87
+ * g10/import.c (import_one): Check options.
+
+ gpg: Fix regression in option "self-sigs-only".
+ + commit b6effaf4669b2c3707932e3c5f2f57df886d759e
+ * g10/import.c (read_block): Make sure KEYID is availabale also on a
+ pending packet.
+
+2019-07-05 Werner Koch <wk@gnupg.org>
+
+ gpg: With --auto-key-retrieve prefer WKD over keyservers.
+ + commit 3242837d203a7b90b92952e63ee160a5a41764c0
+ * g10/mainproc.c (check_sig_and_print): Print a hint on how to make
+ use of the preferred keyserver. Remove keyserver lookup just by the
+ keyid. Try a WKD lookup before a keyserver lookup.
+
+ wkd: Change client/server limit back to 64 KiB.
+ + commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4
+ * tools/wks-receive.c (decrypt_data): Change limit.
+
+2019-07-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: fix handling of HTTPS redirections during HKP.
+ + commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6
+ * dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
+ following a HTTP redirection.
+
+2019-07-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+ + commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6
+ * g10/gpg.c (main): Change default.
+
+ gpg: Avoid printing false AKL error message.
+ + commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf
+ * g10/getkey.c (get_pubkey_byname): Add special traeatment for default
+ and skipped-local.
+
+ gpg: New command --locate-external-key.
+ + commit 46f3283b345e1cabca4b0320cf98274ade8ec162
+ * g10/gpg.c (aLocateExtKeys): New.
+ (opts): Add --locate-external-keys.
+ (main): Implement that.
+ * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
+ (get_best_pubkey_byname): Add arg 'mode' and pass on to
+ get_pubkey_byname. Change callers.
+ * g10/keylist.c (public_key_list): Add arg 'no_local'.
+ (locate_one): Ditto. Pass on to get_best_pubkey_byname.
+
+ gpg: Make the get_pubkey_byname interface easier to understand.
+ + commit 11871433436b5b9b9aca46579dd185a9a77674cd
+ * g10/keydb.h (enum get_pubkey_modes): New.
+ * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
+ change all callers.
+
+2019-07-03 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Avoid endless loop in case of HTTP error 503.
+ + commit d2e8d71251813e61b15a07637497fabe823b822c
+ * dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
+ (handle_send_request_error): Use it for 503 and 504.
+ (ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
+ extra_tries.
+
+ dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
+ + commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9
+ * dirmngr/http.c (same_host_p): Consider certain subdomains to be the
+ same.
+
+2019-07-03 Peter Lebbing <peter@digitalbrains.com>
+
+ Mention --sender in documentation.
+ + commit 37b549dfe0acd362399debd7c93794eb75937402
+
+
+2019-07-03 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Support the new WKD draft with the openpgpkey subdomain.
+ + commit 458973f502b9a43ecf29e804a2c0c86e78f5927a
+ * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
+ method.
+
+2019-07-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Fallback to import with self-sigs-only on too large keyblocks.
+ + commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800
+ * g10/import.c (import_one): Rename to ...
+ (import_one_real): this. Do not print and update stats on keyring
+ write errors.
+ (import_one): New. Add fallback code.
+
+2019-07-01 Werner Koch <wk@gnupg.org>
+
+ gpg: New import and keyserver option "self-sigs-only"
+ + commit adb120e663fc5e78f714976c6e42ae233c1990b0
+ * g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
+ * g10/import.c (parse_import_options): Add option "self-sigs-only".
+ (read_block): Handle that option.
+
+ gpg: Make read_block in import.c more flexible.
+ + commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0
+ * g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
+
+2019-07-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ tools: gpgconf: Killing order is children-first.
+ + commit 526714806da4e50c8e683b25d76460916d58ff41
+ * tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
+
+2019-06-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ spelling: Fix "synchronize"
+ + commit 520f5d70e4128b61c30da2a463f6c34ca24b628e
+
+
+2019-06-03 Werner Koch <wk@gnupg.org>
+
+ Return better error code for some getinfo IPC commands.
+ + commit f3251023750d6bd9023dbb8373c804d7d4540a56
+ * agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
+ * g13/server.c (cmd_getinfo): Ditto.
+ * sm/server.c (cmd_getinfo): Ditto.
+
+2019-05-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc/wks.texi: fix typo.
+ + commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421
+
+
+2019-05-28 Werner Koch <wk@gnupg.org>
+
+ Release GnuPG 2.2.16.
+ + commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
+
+
+ dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
+ + commit 5281ecbe3ae8364407d9831243b81d664b040805
+ * dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
+ r_produced_at, and r_md. Get the hash algo from the signature and
+ create the context here.
+ (check_signature): Allow any hash algo. Print a diagnostic if the
+ signature does not verify.
+
+2019-05-27 Werner Koch <wk@gnupg.org>
+
+ sm: Avoid confusing diagnostic for the default key.
+ + commit 32210e855c460ed60505bf9be9adea33d05c40eb
+ * sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
+ callers.
+ (gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
+ Change all callers.
+ * sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
+ gpgsm_cert_use_sign_p
+
+ gpg: Fixed i18n markup of some strings.
+ + commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
+ * g10/tofu.c: Removed some translation markups which either make no
+ sense or are not possble.
+
+ gpg: Allow deletion of subkeys with --delete-[secret-]key.
+ + commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
+ * common/userids.c (classify_user_id): Do not set the EXACT flag in
+ the default case.
+ * g10/export.c (exact_subkey_match_p): Make static,
+ * g10/delkey.c (do_delete_key): Implement subkey only deleting.
+
+2019-05-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Stop scdaemon after reload when disable_scdaemon.
+ + commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
+ * agent/call-scd.c (agent_card_killscd): New.
+ * agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
+
+2019-05-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not bail on an invalid packet in the local keyring.
+ + commit 30f44957ccd1433846709911798af3da4e437900
+ * g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
+
+ gpg: Do not allow creation of user ids larger than our parser allows.
+ + commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
+ * g10/parse-packet.c: Move max packet lengths constants to ...
+ * g10/packet.h: ... here.
+ * g10/build-packet.c (do_user_id): Return an error if too data is too
+ large.
+ * g10/keygen.c (write_uid): Return an error for too large data.
+
+2019-05-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: For SSH key, don't put NUL-byte at the end.
+ + commit 6e39541f4f488fe59eac399bad18c465f373a784
+ * agent/command-ssh.c (ssh_key_to_protected_buffer): Update
+ the length by the second call of gcry_sexp_sprint.
+
+2019-05-20 Werner Koch <wk@gnupg.org>
+ Matheus Afonso Martins Moreira
+
+ gpg: Do not delete any keys if --dry-run is passed.
+ + commit 5c46c5f74540ad753b925b74593332ca92de47fa
+ * g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
+ Do not clear the ownertrust. Do not let the agent delete the key.
+
+2019-05-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix using --decrypt along with --use-embedded-filename.
+ + commit 1702179d91b7136661af084d7dab2e50a2857491
+ * g10/options.h (opt): Add flags.dummy_outfile.
+ * g10/decrypt.c (decrypt_message): Set this global flag instead of the
+ fucntion local flag.
+ * g10/plaintext.c (get_output_file): Ignore opt.output if that was
+ used as a dummy option aslong with --use-embedded-filename.
+
+ gpg: Improve the photo image viewer selection.
+ + commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
+ * g10/exec.c (w32_system): Add "!ShellExecute" special.
+ * g10/photoid.c (get_default_photo_command): Use the new ShellExecute
+ under Windows and fallbac to 'display' and 'xdg-open' in the Unix
+ case.
+ (show_photos): Flush stdout so that the output is shown before the
+ image pops up.
+
+2019-05-16 Werner Koch <wk@gnupg.org>
+
+ kbx: Fix an endless loop under Windows due to an incomplete fix.
+ + commit 0fff927889b075442ed7130f376118c31fda1f32
+ * kbx/keybox-search.c (keybox_search): We need to seek to the last
+ position in all cases not just when doing a NEXT.
+
+ kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
+ + commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
+ * kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
+ instead of fclose so that a close is done if the file is opened by
+ another handle.
+ * kbx/keybox-search.c (keybox_search): Remember the last offset and
+ use that in NEXT search mode if we had to re-open the file.
+
+ gpgconf: Before --launch check that the config file is fine.
+ + commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
+ * tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
+ * tools/gpgconf.c (gpgconf_failure): Call log_flush.
+
+2019-05-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: enable OpenPGP export of cleartext keys with comments.
+ + commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
+ * g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
+ sublists in private-key S-expression.
+
+2019-05-15 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Support --homedir for --launch.
+ + commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
+ gnupg_homedir already returns abd absolute name.
+ (scdaemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): Ditto.
+ (gc_component_launch): Support --homedir.
+
+2019-05-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: correct length for uri and comment on 64-bit big-endian platforms
+ + commit 110932925ba8e0169da18d7774440f8d1fd8a344
+ * agent/findkey.c (agent_public_key_from_file): pass size_t as int to
+ gcry_sexp_build_array's %b.
+
+2019-05-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not print a hint to use the deprecated --keyserver option.
+ + commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
+ * g10/keyserver.c (keyserver_search): Remove a specialized error
+ message.
+
+2019-05-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix possible null dereference.
+ + commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
+ * g10/armor.c (armor_filter): Access ->d in the internal loop.
+
+ build: Update m4/iconv.m4.
+ + commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
+ * m4/iconv.m4: Update from gettext 0.20.1.
+
+2019-05-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
+ + commit c1dc7a832921fdf5686d377f33db78707c0345e2
+ * g10/sign.c (update_keysig_packet): Convert digest algo when needed.
+
+2019-05-12 Werner Koch <wk@gnupg.org>
+
+ sm: Fix a warning in an es_fopencooie function.
+ + commit 8d0d61aca3d2713df8a33444af3658b859d72be8
+ * sm/certdump.c (format_name_writer): Take care of a flush request.
+
+2019-05-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: correct documentation for gpgconf --kill.
+ + commit be116f871dbf14dd44d3a7909c2a052f8979c480
+ * doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
+
+ (cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
+
+2019-05-09 Werner Koch <wk@gnupg.org>
+
+ build: Sign all Windows binaries.
+ + commit e6901c2bc802996c24335bcb35012ccb74b4ced0
+ * build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
+ (AUTHENTICODE_TOOL): New.
+ (AUTHENTICODE_FILES): New.
+ (installer): Sign listed files.
+ (AUTHENTICODE_SIGNHOST): New macro.
+ (sign-installer): Use that macro instead of direct use of osslsigncode.
+
+2019-05-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Use just the addrspec from the Signer's UID.
+ + commit 05204b72497db093f5d2da4a2446c0264a946296
+ * g10/parse-packet.c (parse_signature): Take only the addrspec from a
+ Signer's UID subpacket.
+
+2019-04-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese Translation.
+ + commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
+
+
+2019-04-18 Andre Heinecke <aheinecke@intevation.de>
+
+ g10: Fix double free when locating by mbox.
+ + commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
+ * g10/getkey.c (get_best_pubkey_byname): Set new.uid always
+ to NULL after use.
+
+2019-04-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix AWK portability.
+ + commit ee766b2b5d646643d66d23eae478f71c0a01a343
+ * common/Makefile.am: Use pkg_namespace.
+ * common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
+
+2019-04-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Accept also armored data from the WKD.
+ + commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
+ * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+
+ gpg: Set a limit of 5 to the number of keys imported from the WKD.
+ + commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
+ * g10/import.c (import): Limit the number of considered keys to 5.
+ (import_one): Return the first fingerprint in case of WKD.
+
+2019-04-02 Werner Koch <wk@gnupg.org>
+
+ scd: Add dummy option --application-priority.
+ + commit cb2065967465939f82cc585254cae0244ed94eac
+
+
+ dirmngr: Improve domaininfo cache update algorithm.
+ + commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
+ * dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
+ (insert_or_update): Implement new update algorithm.
+
+ dirmngr: Better error code for http status 413.
+ + commit 0a30ce036a615bc95382e0640d185b031f8c6a63
+ * dirmngr/ks-engine-hkp.c (send_request): New case for 413.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/ocsp.c (do_ocsp_request): Ditto.
+
+2019-04-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ NEWS: correct typo in header.
+ + commit 5b1b5be65f343d252c865d705d23b55982718f2d
+
+
+2019-03-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix symmetric cipher algo constant for ECDH.
+ + commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
+ * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
+ ECC strength 384, according to RFC-6637.
+
+2019-03-27 Trevor Bentley <trevor@yubico.com>
+
+ gpg: Don't use EdDSA algo ID for ECDSA curves.
+ + commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
+ * g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
+ an EdDSA curve.
+
+2019-03-26 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.15.
+ + commit dc93e57226db32d5b90884dcf768d271baa6628a
+
+
+ sm: Allow decryption even if expired other keys are configured.
+ + commit 30972d21824264aef2088d30b4f2e5ce3aca889e
+ * sm/gpgsm.c (main): Add special handling for bad keys in decrypt
+ mode.
+
+ agent: Allow other ssh fingerprint algos in KEYINFO.
+ + commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
+ * agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to
+ the standard algo.
+
+2019-03-25 Werner Koch <wk@gnupg.org>
+
+ wkd: New command --print-wkd-url for gpg-wks-client.
+ + commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
+ * tools/gpg-wks-client.c (aPrintWKDURL): New.
+ (opts): Add option.
+ (main): Implement.
+ * tools/wks-util.c (wks_cmd_print_wkd_url): New.
+
+2019-03-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: Don't use _[A-Z] which are reserved names.
+ + commit a975fd127a5d58bbbb3c585e610a54daeb423af6
+ * dirmngr/dns.c: Use the identifiers of "*_instance" instead of
+ reserved "_[A-Z]".
+
+2019-03-25 Werner Koch <wk@gnupg.org>
+
+ wkd: New command --print-wkd-hash for gpg-wks-client.
+ + commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
+ * tools/gpg-wks-client.c (aPrintWKDHash): New.
+ (opts) : Add "--print-wkd-hash".
+ (main): Implement that command.
+ (proc_userid_from_stdin): New.
+ * tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
+ (wks_cmd_print_wkd_hash): New.
+
+2019-03-25 Andre Heinecke <aheinecke@gnupg.org>
+
+ sm, w32: Translate logger and status fd to handles.
+ + commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
+ * sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
+ convert the FDs.
+
+2019-03-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: fix formatting error.
+ + commit 93782de23fe45e7f7f86140fda6de39395c3a9d8
+
+
+2019-03-19 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.14.
+ + commit 813de13e73b01409fabff9859f24c4f23b808796
+
+
+2019-03-18 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit dc00947b21dcd4417a35da711c884cef5cc9fc7d
+
+
+2019-03-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not bail out on v5 keys in the local keyring.
+ + commit de70a2f377c1647417fb8a2b6476c3744a901296
+ * g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
+ instead of invalid packet.
+ * g10/keydb.c (parse_keyblock_image): Do not map the unknown version
+ error to invalid keyring.
+ (keydb_search): Skip unknown version errors simlar to legacy keys.
+ * g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
+ versions.
+ * g10/import.c (read_block): Handle unknown version.
+
+ gpg: Allow import of PGP desktop exported secret keys.
+ + commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
+ * g10/import.c (NODE_TRANSFER_SECKEY): New.
+ (import): Add attic kludge.
+ (transfer_secret_keys): Add arg only_marked.
+ (resync_sec_with_pub_keyblock): Return removed seckeys via new arg
+ r_removedsecs.
+ (import_secret_one): New arg r_secattic. Change to take ownership of
+ arg keyblock. Implement extra secret key import logic. Factor some
+ code out to ...
+ (do_transfer): New.
+ (import_matching_seckeys): New.
+
+ gpg: Avoid importing secret keys if the keyblock is not valid.
+ + commit 43b23aa82be7e02414398af506986b812e2b9349
+ * g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
+ new field TAG.
+ * g10/kbnode.c (alloc_node): Change accordingly.
+ * g10/import.c (import_one): Add arg r_valid.
+ (sec_to_pub_keyblock): Set tags.
+ (resync_sec_with_pub_keyblock): New.
+ (import_secret_one): Change return code to gpg_error_t. Return an
+ error code if sec_to_pub_keyblock failed. Resync secret keyblock.
+
+ gpg: During secret key import print "sec" instead of "pub".
+ + commit db2d75f1ffede2ea77163b487a15e60249daffa0
+ * g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove
+ useless code for "sub" and "ssb".
+ * g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do
+ not print the first keyinfo in FROM_SK mode.
+ printing.
+
+ gpg: Simplify an interactive import status line.
+ + commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
+ * g10/cpr.c (write_status_printf): Escape CR and LF.
+ * g10/import.c (print_import_check): Simplify by using
+ write_status_printf and hexfingerprint.
+
+
+ Fixed one conlict in a comment.
+
+2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: Avoid using compound literals (8).
+ + commit ee08a15e31284d32fb59774fc15e39107a727072
+ * dirmngr/dns.h (dns_quietinit): Remove.
+ (dns_hints_i_new): Remove.
+
+ libdns: Avoid using compound literals (7).
+ + commit 4ab0fef5dc856d1f2747efab584182aa880f631c
+ * dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
+ * dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
+ automatic variable for opts.
+ * dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
+ Likewise.
+
+ libdns: Avoid using compound literals (6).
+ + commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
+ * dirmngr/dns.h (dns_rr_i_new): Remove.
+ (dns_rr_i_init): Remove unused second argument.
+ * dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
+ (parse_packet): Use automatic variable for struct dns_rr_i.
+ (dns_d_cname): No need to call dns_rr_i_init after memset 0.
+ (dns_rr_i_init): Remove unused second argument. Return nothing.
+ * dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
+ (getsrv_libdns): Follow the change of dns_rr_i_init.
+
+ (cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
+
+ libdns: Avoid using compound literals (5).
+ + commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
+ * dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
+ Call dns_rr_grep with NULL.
+ * dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
+
+ libdns: Avoid using compound literals (4).
+ + commit 229302aecf8deea0349e79ca0cc05f32665391b7
+ * dirmngr/dns.h (dns_d_new*): Remove.
+ * dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
+ variable.
+ (parse_domain): Likewise.
+
+ (cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
+
+ libdns: Avoid using compound literals (3).
+ + commit f0de4fc990767ae5d120a523be51616b0f35f4f6
+ * dirmngr/dns.h (dns_p_new): Remove.
+ * dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
+ variable.
+ (dns_hints_query, dns_res_glue, parse_packet, query_hosts)
+ (send_query, show_hints, echo_port): Likewise.
+
+ libdns: Avoid using compound literals (2).
+ + commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
+ * dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
+ (dns_strclass1, dns_strclass3): Remove.
+ (dns_strtype1, dns_strtype3): Remove.
+ (dns_strsection, dns_strclass, dns_strtype): Directly use the
+ function.
+ * dirmngr/dns.c (dns_strsection): Use automatic variable.
+ (dns_strclass, dns_strtype): Likewise.
+
+ (cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
+
+ libdns: Avoid using compound literals.
+ + commit 1318d1e2d50989c66f496ede906a846859f0cf9f
+ * dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
+ variables.
+ (dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
+
+2019-03-07 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add CSRF protection exception for protonmail.
+ + commit 557c721e787e7e6d311ccb48d8aa677123061cf5
+ * dirmngr/http.c (same_host_p): Add exception table.
+
+ gpgtar: Make option -C work for archive creation.
+ + commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
+ * tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
+
+ gpgtar: Improve error messages.
+ + commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
+ * tools/gpgtar.h (struct tarinfo_s): New.
+ * tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
+ global vars more to the top.
+ (set_cmd): Rename 'cmd' to 'c'.
+ * tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
+ messages.
+ (read_header): Add arg 'info' and update counter.
+ (skip_data): Ditto.
+ (gpgtar_list): Pass info object to read functions.
+ (gpgtar_read_header): Add arg 'info'.
+ * tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
+ (extract_regular): Add arg 'info' and update counter.
+
+ gpg: Make invalid primary key algos obvious in key listings.
+ + commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
+ * g10/keylist.c (print_key_line): Print a warning for invalid algos.
+
+ sm: Print Yubikey attestation extensions with --dump-cert.
+ + commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
+ * sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
+ (OID_FLAG_HEX): New.
+ (print_hex_extn): New.
+ (list_cert_raw): Make use of that flag.
+
+ (cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
+
+2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Add "disable-scdaemon" in gpg-agent.conf.
+ + commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
+ * tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
+ "scdaemon-program".
+ * tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
+ * tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
+
+2019-03-07 Werner Koch <wk@gnupg.org>
+
+ scd: Fix flushing of CA-FPR data objects.
+ + commit e7eafe10197557ce874db2f049d683f90f26e0bc
+ * scd/app-openpgp.c (do_setattr): Add new table item to flush a
+ different tag.
+
+2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
+ + commit 77a285a0a94994ee9b42289897f9bf3075c7192d
+ * agent/command.c (cmd_clear_passphrase): Add support for SSH.
+
+2019-03-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpgv: Improve documentation for keyring choices.
+ + commit a7b2a87f940dba078867c44f1f50d46211d51719
+ * doc/gpgv.texi: Improve documentation for keyring choices
+
+2019-02-28 Werner Koch <wk@gnupg.org>
+
+ sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
+ + commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
+ * sm/keylist.c (print_compliance_flags): Also check the digest_algo.
+ Add new arg 'cert'.
+
+2019-02-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpgsm: default to 3072-bit keys.
+ + commit 121286d9d1506dbaad9ba33bae2e459814fe5849
+ * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
+ default to 3072 bits.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
+ 3072 bits.
+ * sm/certreqgen.c (proc_parameters): update default to 3072 bits.
+ * sm/gpgsm.c (main): print correct default_pubkey_algo.
+
+2019-02-26 Werner Koch <wk@gnupg.org>
+
+ conf: New option --show-socket.
+ + commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
+ * tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
+ * tools/gpgconf.h: here.
+ * tools/gpgconf.c (oShowSocket): New.
+ (opts): Add new option.
+ (main): Implement new option.
+
+2019-02-25 Werner Koch <wk@gnupg.org>
+
+ scd: Don't let the "undefined" app cause a conflict error.
+ + commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
+ * scd/app.c (check_conflict): Ignore "undefined".
+
+ (cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
+
+ sm: Fix certificate creation with key on card.
+ + commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
+ * sm/certreqgen.c (create_request): Fix for certmode.
+
+ agent: Fix for suggested Libgcrypt use.
+ + commit 0a95b153811f36739d1b20f23920bad0bb07c68b
+ * agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
+
+2019-02-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpgscm: Build well even if NDEBUG defined.
+ + commit 8161afb9dddaba839be92fbe9d85c05235eda825
+ * gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
+ [!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
+
+2019-02-19 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix comparison.
+ + commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
+ * g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
+ not one or fewer.
+
+2019-02-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix cancellation handling for scdaemon.
+ + commit 005e951714ff62087b8c8802e05d14b7998826f3
+ * agent/call-scd.c (cancel_inquire): Remove.
+ (agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
+ (agent_card_scd): Don't call cancel_inquire.
+
+ scd: Distinguish cancel by user and protocol error.
+ + commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
+ * scd/apdu.h (SW_HOST_CANCELLED): New.
+ * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
+ (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
+ * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
+ SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+
+ common: Fix gnupg_wait_processes.
+ + commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
+ * common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+ even if we already see an error.
+
+2019-02-14 Ingvar Hagelund <ingvar@redpill-linpro.com>
+
+ po: Correct a simple typo in the Norwegian translation.
+ + commit a09bba976d2f5694011a9291189a70a0f3c4caae
+
+
+2019-02-12 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.13.
+ + commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f
+
+
+2019-02-11 Werner Koch <wk@gnupg.org>
+
+ sm: In --gen-key with "key from card" show also the algorithm.
+ + commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
+
+ common: Provide function to get public key algo names in our format.
+ + commit d29d73264f607642281fb701a17015306c8fc4d7
+ * common/sexputil.c (pubkey_algo_string): New.
+
+ common: New functions get_option_value and ascii_strupr.
+ + commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
+ * common/server-help.c (get_option_value): New.
+ * common/stringhelp.c (ascii_strupr): New.
+
+ scd: Make app_genkey and supporting ISO function more flexible.
+ + commit 14816c798099925e47908e7ce415412d72fbe28e
+ * scd/app.c (app_genkey): Add arg keytype.
+ * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
+ * scd/command.c (cmd_genkey): Adjust for change.
+ * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
+ args p1 and p2.
+ (iso7816_read_public_key): Adjust for this.
+ (iso7816_generate_keypair): Add new args p1 and p2.
+ * scd/app-openpgp.c (do_genkey): Adjust for changes.
+
+ scd: Fix parameter name of app_change_key.
+ + commit c075274aac0ffd388df638548b75a7d90e7e929d
+ * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
+ * scd/app.c (app_change_pin): Rename arg reset_mode to flags and
+ change from int to unsigned int.
+
+ scd: Allow standard keyref scheme for app-openpgp.
+ + commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
+ * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
+ "OPENPGP."
+
+ gpg: Emit an ERROR status if no key was found with --list-keys.
+ + commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
+ * g10/keylist.c (list_one): Emit status line.
+
+2019-02-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1
+
+
+ agent: Clear bogus pinentry cache, when it causes an error.
+ + commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
+ * agent/agent.h (PINENTRY_STATUS_*): Expose to public.
+ (struct pin_entry_info_s): Add status.
+ * agent/call-pinentry.c (agent_askpin): Clearing the ->status
+ before the loop, let the assuan_transact set ->status. When
+ failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
+ soon.
+ * agent/findkey.c (unprotect): Clear the pinentry cache,
+ when it causes an error.
+
+ dirmngr: Fix initialization of assuan's nPth hook.
+ + commit 7f4c3eb0a039621c564b6095ab5f810524843157
+ * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
+ (thread_init): ... here.
+
+2019-01-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow generating Ed25519 key from an existing key.
+ + commit 31d2a1eecaee766919b18bc42b918d9168f601f8
+ * g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
+
+2019-01-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Implement searching keys via keygrip.
+ + commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
+ * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
+ * kbx/keybox-openpgp.c (struct keyparm_s): New.
+ (keygrip_from_keyparm): New.
+ (parse_key): Compute keygrip.
+ * kbx/keybox-search.c (blob_openpgp_has_grip): New.
+ (has_keygrip): Call it.
+
+ common: Provide some convenient OpenPGP related constants.
+ + commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
+ * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
+ (OPENPGP_MAX_NSKEY): New.
+ (OPENPGP_MAX_NSIG): New.
+ (OPENPGP_MAX_NENC): New.
+ * g10/packet.h: Define PUBKEY_MAX using the new consts.
+
+ (cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
+
+ common: New helper functions for OpenPGP curve OIDs.
+ + commit dddbb26155f292fde2909ecc84b62b693b6dea49
+ * common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
+ to ...
+ (openpgp_oidbuf_to_str): new.
+ (openpgp_oidbuf_is_ed25519): New.
+ (openpgp_oidbuf_is_cv25519): New.
+
+2019-01-22 Werner Koch <wk@gnupg.org>
+
+ scd: Add option --clear to PASSWD.
+ + commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
+ * scd/command.c (cmd_passwd): Add option --clear.
+ (send_status_printf): New.
+ * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
+ * scd/app-nks.c (do_change_pin): Return an error if that option is
+ used.
+ * scd/app-openpgp.c (do_change_pin): Ditto.
+
+ scd: One new and one improved 7816 function.
+ + commit 9309175de8c76de44021c25c7885355ff1a9b67b
+ * scd/apdu.c (apdu_send_direct): New arg R_SW.
+ * scd/command.c (cmd_apdu): Ditto.
+ * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
+ (iso7816_general_authenticate): New.
+ * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
+ arg.
+
+ ssh: Simplify the curve name lookup.
+ + commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
+ * agent/command-ssh.c (struct ssh_key_type_spec): Add field
+ alt_curve_name.
+ (ssh_key_types): Add some alternate curve names.
+ (ssh_identifier_from_curve_name): Lookup also bey alternative names
+ and return the canonical name.
+ (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
+ instead of the explicit mapping.
+ (ssh_receive_key): Likewise. Use ssh_identifier_from_curve_name to
+ validate the curve name. Remove the reverse mapping because since
+ GnuPG-2.2 Libgcrypt 1.7 is required.
+ (ssh_handler_request_identities): Log an error message.
+
+ gpg: Stop early when trying to create a primary Elgamal key.
+ + commit f5d3b982e44c5cfc60e9936020102a598b635187
+ * g10/misc.c (openpgp_pk_test_algo2): Add extra check.
+
+2019-01-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for USB INTERRUPT transfer.
+ + commit 9dc76d599cd4c86d3c187d078daad1144a92564c
+ * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
+ just handle this event as failure.
+
+2018-12-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix message for ACK button.
+ + commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
+ * agent/divert-scd.c (getpin_cb): Display correct message.
+
+2018-12-18 Werner Koch <wk@gnupg.org>
+
+ Silence compiler warnings new with gcc 8.
+ + commit 21fc089148678f59edb02e0e16bed65b709fb972
+ * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
+ * tests/gpgscm/scheme.c: Include gpgrt.h.
+ (Eval_Cycle): Ignore -Wimplicit-fallthrough.
+
+ wks: Do not use compression for the encrypted data.
+ + commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
+ * tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
+ * tools/gpg-wks-server.c (encrypt_stream): Ditto.
+
+2018-12-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit ae9159e0685098ee97d6f526666524423f4a0fff
+
+
+ scd: Support "acknowledge button" feature.
+ + commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
+ * scd/apdu.c (set_prompt_cb): New member function.
+ (set_prompt_cb_ccid_reader): New function.
+ (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
+ (apdu_set_prompt_cb): New.
+ * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
+ * ccid-driver.c (ccid_set_prompt_cb): New.
+ (bulk_in): Call ->prompt_cb when timer extension.
+ * scd/command.c (popup_prompt): New.
+
+ agent: Support --ack option for POPUPPINPADPROMPT.
+ + commit e6be36ee8854dc343a5e0f914991da3da360b513
+ * agent/divert-scd.c (getpin_cb): Support --ack option.
+
+2018-12-14 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.12.
+ + commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a
+
+
+2018-12-11 Werner Koch <wk@gnupg.org>
+
+ agent: Make the S2K calibration time runtime configurable.
+ + commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
+ * agent/protect.c (s2k_calibration_time): New file global var.
+ (calibrate_s2k_count): Use it here.
+ (get_calibrated_s2k_count): Replace function static var by ...
+ (s2k_calibrated_count): new file global var.
+ (set_s2k_calibration_time): New function.
+ * agent/gpg-agent.c (oS2KCalibration): New const.
+ (opts): New option --s2k-calibration.
+ (parse_rereadable_options): Parse that option.
+
+2018-12-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: compile-time configuration of s2k calibration.
+ + commit 0cf0f3aaf835d29848f1485df357606254ba6fad
+ * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
+ AGENT_S2K_CALIBRATION (measured in milliseconds)
+ * agent/protect.c (calibrate_s2k_count): Calibrate based on
+ AGENT_S2K_CALIBRATION.
+
+ (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
+
+2018-12-11 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Retry another server from the pool on 502, 503, 504.
+ + commit e5abdb6da7fa7cd4d146c7285b160277511bc230
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
+ http_status and handle it.
+ (ks_hkp_search): Get http_status froms end_request and pass on to
+ handle_send_request_error.
+ (ks_hkp_get): Ditto.
+ (ks_hkp_put): Ditto.
+
+ dirmngr: New function http_status2string.
+ + commit b9d71ea64a694582739c18cfef9621b36d5371e9
+ * dirmngr/http.c (http_status2string): New.
+
+ gpg: In search-keys return "Not found" instead of "No Data".
+ + commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
+ * g10/keyserver.c (keyserver_search): Check for NO_DATA.
+
+2018-12-11 Tomi Leppänen <tomi.leppanen@jolla.com>
+
+ tools: Use POSIX compatible arguments for find.
+ + commit dfcc5e6d3ec91f547feb78e442946e729b49878c
+ * tools/addgnupghome (filelist): Remove bashism.
+
+2018-12-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Make "learn" report about KDF data object.
+ + commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
+ * scd/app-openpgp.c (do_learn_status): Report KDF attr.
+ * g10/card-util.c (current_card_status): Output KDF for with_colons.
+
+ card: Display if KDF is enabled or not.
+ + commit 751ff784e5316470f266750d299ae857ad7840d8
+ * g10/call-agent.h (kdf_do_enabled): New field.
+ * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
+ * g10/card-util.c (current_card_status): Inform the availability.
+
+ g10: Fix memory leak for --card-status.
+ + commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
+ * g10/card-util.c (card_status): Release memory of serial number.
+
+2018-12-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix print_pubkey_info new line output.
+ + commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
+ * g10/keylist.c (print_pubkey_info): Reverse the condition.
+
+2018-12-05 Werner Koch <wk@gnupg.org>
+
+ gpg: New list-option "show-only-fpr-mbox".
+ + commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
+ * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
+ * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
+ * g10/keylist.c (list_keyblock_simple): New.
+ (list_keyblock): Call it.
+ (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
+ mode.
+
+ wks: Fix filter expression syntax flaw.
+ + commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
+ * tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
+ expression needs a space before the value.
+ (install_key_from_spec_file): Replace es_getline by es_read_line and
+ remove debug output.
+
+ wks: Allow reading of --install-key arguments from stdin.
+ + commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
+ * tools/wks-util.c (install_key_from_spec_file): New.
+ (wks_cmd_install_key): Call it.
+ * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
+ * tools/gpg-wks-server.c (main): Ditto.
+
+ (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
+
+ wks: Create sub-directories.
+ + commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
+ * tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
+ if needed.
+
+ (cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
+
+ wks: Add new commands --install-key and --remove-key to the client.
+ + commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
+ * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
+ (opts): Add "--install-key", "--remove-key" and "-C".
+ (parse_arguments): Parse them.
+ (main): Check that the given directory exists. Implement the new
+ commands.
+
+ wks: Move a few server functions to wks-util.
+ + commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
+ * tools/gpg-wks-server.c (write_to_file): Move to ...
+ * tools/wks-util.c: here.
+ * tools/gpg-wks-server.c (compute_hu_fname): Move to ...
+ * tools/wks-util.c (wks_compute_hu_fname): here.
+ * tools/gpg-wks-server.c (fname_from_userid): Move to ...
+ * tools/wks-util.c (wks_fname_from_userid): here.
+ * tools/gpg-wks-server.c (command_install_key): Move to ...
+ * tools/wks-util.c (wks_cmd_install_key): here and change caller.
+ * tools/gpg-wks-server.c (command_remove_key): Move to ...
+ * tools/wks-util.c (wks_cmd_remove_key): here and change callers.
+
+ (cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
+
+2018-12-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ g10/mainproc: disable hash contexts when --skip-verify is used.
+ + commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
+ * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
+ opt.skip_verify is set.
+
+ common/iobuf: fix memory wiping in iobuf_copy.
+ + commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
+ * common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
+ first sizeof(char*) bytes.
+
+ common: Use platform memory zeroing function for wipememory.
+ + commit 21fdef6963539680a16b68b7536378bdaa8dea85
+ * common/mischelp.h (wipememory): Replace macro with function
+ prototype.
+ (wipememory2): Remove.
+ * common/mischelp.c (wipememory): New.
+ * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
+ remove duplicated checks.
+
+2018-12-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve error message about failed keygrip computation.
+ + commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
+ * g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
+
+ (cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
+
+2018-11-23 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Avoid possible CSRF attacks via http redirects.
+ + commit 4a4bb874f63741026bd26264c43bb32b1099f060
+ * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
+ (http_redir_info_t): New.
+ * dirmngr/http.c (do_parse_uri): Set new fields.
+ (same_host_p): New.
+ (http_prepare_redirect): New.
+ * dirmngr/t-http-basic.c: New test.
+ * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
+ instead of the open code.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+
+2018-11-12 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Add FLUSHCRLs command.
+ + commit 00321a025f90990a71b60b4689ede1f38fbde347
+ Summary:
+ * dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
+ * dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
+ (register_commands): Add FLUSHCRLS.
+
+2018-11-06 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.11.
+ + commit cb46b787571ef149856be03b8c3481bb79871698
+
+
+2018-11-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix print_keygrip for smartcard.
+ + commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
+ * g10/card-util.c (print_keygrip): Use tty_fprintf.
+
+2018-11-05 Werner Koch <wk@gnupg.org>
+
+ wks: New option --with-colons for gpg-wks-client.
+ + commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
+ * tools/gpg-wks.h (opt): Add field with_colons.
+ * tools/gpg-wks-client.c (oWithColons): New const.
+ (opts, parse_arguments): Add option --with-colons.
+ (main): Change aSupported to take several domains in --with-colons
+ mode.
+ (command_send): Factor policy getting code out to ...
+ (get_policy_and_sa): New function.
+ (command_supported): Make use of new function.
+
+ speedo: Remove obsolete configure option of gpgme.
+ + commit 593895a5e495c4647efa7db164356f3cae3d5759
+ * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
+ --disable-w32-qt option.
+
+ dirmngr: In verbose mode print the OCSP responder id.
+ + commit 50756927ce6247abc2fadefbc76c58b75c8a7586
+ * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
+
+ (cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
+
+ tools: Replace duplicated code in mime-maker.
+ + commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
+ * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
+ mime-maker.c.
+ (rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
+ (rfc822_capitalize_header_name): New. Copied from mime-maker.c.
+ (capitalize_header_name): Remove. Replace calls by new func.
+ (my_toupper, my_strcasecmp): New.
+ * tools/mime-maker.c: Include rfc822parse.h.
+ (HEADER_NAME_CHARS, capitalize_header_name): Remove.
+ (add_header): Replace check and capitalization by new functions.
+
+ gpg: Don't take the a TOFU trust model from the trustdb,
+ + commit 82cd7556fdce989aaacf91e0d369a62e4652f224
+ * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
+ (create_version_record): Don't init as TOFU.
+ (tdbio_db_matches_options): Don't indicate a change in case TOFU is
+ stored in an old trustdb file.
+
+ dirmngr: Emit SOURCE status also on NO_DATA.
+ + commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
+ NO DATA error.
+ (ks_hkp_get): Ditto.
+ * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
+ also on error.
+ (gpg_dirmngr_ks_get): Ditto.
+
+ dirmngr: Fix LDAP port parsing.
+ + commit 5ab58d3001b0342aecaf691b1af70b1f76426f55
+ * dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
+ segv for a missing slash after the host name.
+
+2018-10-26 Werner Koch <wk@gnupg.org>
+
+ build: By default build wks-tools on all Unix platforms.
+ + commit 8a33d5c9c699d2145d39b362d580df67571c5f36
+ (cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)
+
+ wkd: Add option --directory to the server.
+ + commit 839426104a0c829f0182b22048fdc51cf295beb7
+ * tools/gpg-wks-server.c (opts): Add '--directory',
+ (main): Explain how to set correct permissions.
+ (command_list_domains): Create an empty policy file and remove the
+ warning for an empty policy file.
+
+2018-10-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
+ + commit 26ebb15bec897a105b248680c1ddf1806592b1eb
+ * dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
+ out of scope and cleanup the entire pgpKeySize block.
+
+2018-10-24 Werner Koch <wk@gnupg.org>
+
+ agent: Fix possible uninitalized use of CTX in simple_pwquery.
+ + commit e53253485cd7ceb7012505a629d2cd997167ccab
+ * common/simple-pwquery.c (agent_open): Clear CTX even on early error.
+
+ agent: Fix possible release of unitialize var in a genkey error case.
+ + commit 62c75271173f83c5770576aae7b84f55a9ccbc16
+ * agent/command.c (cmd_genkey): Initialize 'value'.
+
+ ssh: Fix possible infinite loop in case of an read error.
+ + commit 147e59b7815daafb32b570a96f1d1925d0f37008
+ * agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
+ than EOF.
+
+ tools: Fix FILE memory leak in gpg-connect-agent.
+ + commit f1561e5196e54f11b18050eeaeda50e786d188c2
+ * tools/gpg-connect-agent.c (do_open): dup the fileno and close the
+ stream.
+
+ (cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)
+
+ sm: Use the correct string in an error message.
+ + commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7
+ * sm/gpgsm.c (main): Fix error message.
+
+2018-10-24 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Only print info for no ldapserver file.
+ + commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430
+ * dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
+ for ENOENT.
+
+2018-10-23 Andre Heinecke <aheinecke@intevation.de>
+
+ sm: Fix dirmngr loadcrl for intermediate certs.
+ + commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
+ * sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
+ (inq_certificate): Distinguish unsupported inquiry error.
+
+2018-10-22 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Prepare for updated WKD specs with ?l= param.
+ + commit a2bd4a64e5b057f291a60a9499f881dd47745e2f
+ * dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
+ request.
+
+ gpg: Fix extra check for sign usage of a data signature.
+ + commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
+ * g10/sig-check.c (check_signature_end_simple):
+
+2018-10-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix signing authentication status.
+ + commit 7e2b0488d13561be2b754e28801de654747a8dcc
+ * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
+
+2018-10-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix gnupg_reopen_std.
+ + commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8
+ * common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
+
+2018-09-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Use iobuf_get_noeof to avoid undefined behaviors.
+ + commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7
+ * common/iobuf.c (block_filter): Use iobuf_get_noeof.
+
+ agent: Fix error code check from npth_mutex_init.
+ + commit 213379debe5591dad6339aa95aa7282e0de620f9
+ * agent/call-pinentry.c (initialize_module_call_pinentry): It's an
+ error when npth_mutex_init returns non-zero.
+
+2018-09-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak.
+ + commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7
+ * g10/import.c (read_block): Call free_packet to skip the packet.
+
+2018-09-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix use of strncpy, which is actually good to use memcpy.
+ + commit f0fdee2e24a25f57a84e1684984ce3921d923e0a
+ * common/ssh-utils.c (get_fingerprint): Use memcpy.
+ * g10/build-packet.c (string_to_notation): Use memcpy.
+
+2018-08-30 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.10.
+ + commit 24697074f44c18eeeedbc1e09d35f56504c57a1f
+
+
+2018-08-30 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 2f5ba3a6c19b7a514488be01b7683287d74545d3
+
+
+2018-08-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Explain error message in key generation with --batch.
+ + commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70
+ * g10/keygen.c (generate_keypair): Show more info.
+
+ gpg: Remove unused function get_pubkeys.
+ + commit 719fc941b6eceb75c2326335d9d73011823ff3f9
+ * g10/getkey.c (get_pubkeys): Remove.
+ (pubkey_free): Remove and use code directly ...
+ (pubkeys_free): ... here.
+
+ (cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
+
+ gpg: New option --known-notation.
+ + commit a59a9962f48f828ea7d22362dfa6d82841551110
+ * g10/gpg.c (oKnownNotation): New const.
+ (opts): Add option --known-notation.
+ (main): Set option.
+ * g10/parse-packet.c (known_notations_list): New local var.
+ (register_known_notation): New.
+ (can_handle_critical_notation): Rewrite to handle the new feature.
+ Also print the name of unknown notations in verbose mode.
+
+2018-08-28 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16
+
+
+2018-08-28 Werner Koch <wk@gnupg.org>
+
+ assuan: Fix exponential decay for first second.
+ + commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a
+ * common/asshelp.c (wait_for_sock): Round SECSLEFT.
+ * dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
+ mode.
+ * common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
+
+2018-08-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ assuan: Use exponential decay for first 1s of spinlock.
+ + commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead
+ * common/asshelp.c (wait_for_sock): instead of checking the socket
+ every second, we check 10 times in the first second (with exponential
+ decay).
+
+ assuan: Reorganize waiting for socket.
+ + commit a22a55b994e06dd06157fbdabf5a402d8daf69c2
+ * common/asshelp.c (wait_for_sock): New function, collecting
+ codepaths from...
+ (start_new_gpg_agent) here and...
+ (start_new_dirmngr) here.
+
+2018-08-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Refresh expired keys originating from the WKD.
+ + commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f
+ * g10/getkey.c (getkey_ctx_s): New field found_via_akl.
+ (get_pubkey_byname): Set it.
+ (only_expired_enc_subkeys): New.
+ (get_best_pubkey_byname): Add support to refresh expired keys from the
+ WKD.
+
+ gpg: Remove unused arg from a function.
+ + commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9
+ * g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
+ Change both callers.
+
+ (cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
+
+2018-08-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix undefined behavior when EOF in parsing packet for S2K.
+ + commit 822c633845066756b6442ca67b93b4b5c4316ca0
+ * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
+ (parse_key): Likewise.
+
+2018-07-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Set a limit for a WKD import of 256 KiB.
+ + commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
+ * g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
+ (gpg_dirmngr_wkd_get): Use it.
+
+ dirmngr: Validate SRV records in WKD queries.
+ + commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
+ * dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
+ to mitigate rogue DNS servers.
+
+ common: New function to validate domain names.
+ + commit 4f59187a17f16d559e37a375501a0add1ca7eee8
+ * common/mbox-util.c (is_valid_domain_name): New.
+ * common/t-mbox-util.c (run_dns_test): New test.
+
+ (cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
+
+2018-07-29 Jiří Keresteš <jiri.kerestes@trustica.cz>
+
+ scd: Add support for Trustica Cryptoucan.
+ + commit d43248af9242d30e95f58285e4f2a2e927aae937
+ (cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
+
+2018-07-12 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.9.
+ + commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45
+
+
+2018-07-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove multiple subkey bindings during export-clean.
+ + commit 61562fe00027a4263f53661ad279072bd0b0133e
+ * g10/key-clean.c (clean_one_subkey_dupsigs): New.
+ (clean_all_subkeys): Call it.
+
+ gpg: Let export-clean remove expired subkeys.
+ + commit 8055f186a32e628028de897b7ee4705cd8e999b7
+ * g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
+ (KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
+ * g10/key-clean.c (clean_one_subkey): New.
+ (clean_all_subkeys): Add arg CLEAN_LEVEL.
+ * g10/import.c (import_one): Call clean_all_subkeys with
+ KEY_CLEAN_NONE.
+ * g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
+ the export clean options.
+
+ gpg: Split key cleaning function for clarity.
+ + commit 046276db3a04f1907ddcf77c3771832613918226
+ * g10/key-clean.c (clean_key): Rename to clean_all_uids and split
+ subkey cleaning into ...
+ (clean_all_subkeys): new. Call that always after the former clean_key
+ invocations.
+
+ gpg: Move key cleaning functions to a separate file.
+ + commit 40bf383f72b5629de739e30c9c35bbcb628273e8
+ * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
+ (clean_uid_from_key, clean_one_uid, clean_key): Move to ...
+ * g10/key-clean.c: new file.
+ * g10/key-clean.h: New.
+ * g10/Makefile.am (gpg_sources): Add new files.
+ * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
+ new header.
+ * g10/trustdb.h (struct key_item, is_in_klist): Move to ...
+ * g10/keydb.h: here.
+
+2018-07-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow decryption using several passphrases in may cases.
+ + commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
+ * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
+ (proc_symkey_enc): Clear passpharse on error from above function.
+
+2018-07-05 Werner Koch <wk@gnupg.org>
+
+ po: Add flag options for xgettext.
+ + commit 833738a316977ee774399bd658d535216dff22e9
+ * po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
+
+ gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
+ + commit 221af19351addcdc28a1cd533c8628cfa3841671
+ * g10/getkey.c (get_pubkey_for_sig): New.
+ (get_pubkeyblock_for_sig): New.
+ * g10/mainproc.c (issuer_fpr_raw): Give global scope.
+ (check_sig_and_print): Use get_pubkeyblock_for_sig.
+ * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
+ * g10/sig-check.c (check_signature2): Ditto.
+ (check_signature_over_key_or_uid): Ditto.
+
+2018-07-04 Andre Heinecke <aheinecke@intevation.de>
+
+ po: Fix bug in german translation.
+ + commit 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c
+ * po/de.po (decryption forced to fail!): Fix translation.
+
+2018-07-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Ignore too large user ids during import.
+ + commit cb6b925f94b42c91fe8a7ed8bb22d98984538efc
+ * g10/import.c (read_block): Add special treatment for bad user ids
+ and comment packets.
+
+ gpg: Extra check for sign usage when verifying a data signature.
+ + commit ef50fdf82a459894ed3da7b9be83f89658f1eaba
+ * g10/sig-check.c (check_signature_end_simple): Check sign usage.
+
+2018-07-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Print revocation reason for "rev" records.
+ + commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5
+ * g10/main.h: Add prototype.
+ * g10/keylist.c (list_keyblock_print): Print revocation info.
+ (list_keyblock_colon): Ditto.
+
+ * g10/test-stubs.c (get_revocation_reason): New stub.
+ * g10/gpgv.c (get_revocation_reason): New stub.
+
+ gpg: Print revocation reason for "rvs" records.
+ + commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2
+ * g10/import.c (get_revocation_reason): New.
+ (list_standalone_revocation): Extend function.
+
+ gpg: Let --show-keys print revocation certificates.
+ + commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7
+ * g10/import.c (list_standalone_revocation): New.
+ (import_revoke_cert): Call new function.
+
+2018-07-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak for PKT_signature.
+ + commit 2809be1f97a447171a9e8b40079851740b15341a
+ * g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
+ * g10/gpgcompose.c (signature): Likewise.
+ * g10/sign.c (write_signature_packets): Likewise.
+
+2018-07-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: For SOCKS connection, just fails.
+ + commit cca92ca5348999a3564dd54d7b0a103cc9e7640c
+ * dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
+ iterate to other server, but return the error immediately.
+
+2018-06-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: Let kernel to decide the local port.
+ + commit 72a35ffee022f1bf180d02250c5be6a4edb599e7
+ * dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
+ (dns_socket): Don't select ephemeral port in user space.
+
+2018-06-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: Fix for non-FQDN hostname.
+ + commit 87d0ecf8a1b80139a6cab2a79f1ca6e287207999
+ * dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
+ hostname.
+
+ libdns: Fix connect and try next nameserver when ECONNREFUSED.
+ + commit 699fe4b36f62b0f4d4e21a85ee7c9ae13377d6cb
+ * dirmngr/dns.c (dns_so_check): When EINVAL, release the association
+ by connect with AF_UNSPEC and try again. Also try again for
+ ECONNREFUSED.
+ (dns_res_exec): Try next nameserver when ECONNREFUSED.
+
+ libdns: Clear struct sockaddr_storage by zero.
+ + commit 0c05b08e8b5c1f120fe5f3ed5c061f034f7496a0
+ * dirmngr/dns.c (dns_resconf_pton): Clear SS.
+ (dns_resconf_setiface): Clear ->IFACE.
+ (dns_hints_root, send_query): Clear SS.
+
+ libdns: Sync to upstream.
+ + commit 20c289606f89803929948ddd18910acff2acc9eb
+ * dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.
+
+ dirmngr: Fix recursive resolver mode.
+ + commit 13320db678675246f4bb5a3fb6ece143f37c34a4
+ * dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
+
+2018-06-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not import revocations with --show-keys.
+ + commit e8f439e0547463c24f3c10008fee73e6c4259f52
+ * g10/import.c (import_revoke_cert): Add arg 'options'. Take care of
+ IMPORT_DRY_RUN.
+
+2018-06-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Add new usage option for drop-subkey filters.
+ + commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947
+ * g10/import.c (impex_filter_getval): Add new "usage" property for
+ drop-subkey filter.
+
+2018-06-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Set some list options with --show-keys.
+ + commit cbb84b3361263504dcb958208bc20177cb97cebd
+ * g10/gpg.c (main): Set some list options.
+
+2018-06-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow building with older libgpg-error.
+ + commit 18274db32b5dea7fe8db67043a787578c975de4d
+ * g10/mainproc.c (proc_encrypted): Use constant from logging.h
+
+ Release 2.2.8.
+ + commit cd9aaa7862955846f8adf819cd89d0db33e9c08c
+
+
+2018-06-08 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 77ab99f80a5b0fbc60e05230185a54cd200d5e65
+
+
+2018-06-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Sanitize diagnostic with the original file name.
+ + commit 210e402acd3e284b32db1901e43bf1470e659e49
+ * g10/mainproc.c (proc_plaintext): Sanitize verbose output.
+
+2018-06-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve import's repair-key duplicate signature detection.
+ + commit 6a87a0bd2501d82f4a6263608e4856e841305caf
+ * g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
+ (remove_duplicate_sigs): new.
+ (key_check_all_keysigs): Call remove_duplicate_sigs again after
+ reordering.
+
+ gpg: Fix import's repair-key duplicate signature detection.
+ + commit cedd754fcb03f6dad6e462efc3d347bcef4ec83a
+ * g10/packet.h (PKG_siganture): Add field 'help_counter'.
+ * g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
+ (key_check_all_keysigs): De-duplicate on a per-block base.
+
+ gpg: Improve verbose output during import.
+ + commit 36cc730fa516b3a197f3bb1eb6f3881dd128fbb7
+ * g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
+ keyid.
+ (delete_inv_parts): Ditto.
+
+ (cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
+
+2018-06-06 Werner Koch <wk@gnupg.org>
+
+ agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
+ + commit c5c8fb1ec7c8690495de6189ec2c3a322db4e881
+ * agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
+ with the standard list.
+
+ gpg: Also detect a plaintext packet before an encrypted packet.
+ + commit 054a187f24b19313cec59414fa924640e1b8c79c
+ * g10/mainproc.c (proc_encrypted): Print warning and later force an
+ error.
+
+ gpg: New command --show-keys.
+ + commit dc87a3341f28ddac1113e90a3861d062be2610e2
+ * g10/gpg.c (aShowKeys): New const.
+ (opts): New command --show-keys.
+ (main): Implement command.
+ * g10/import.c (import_keys_internal): Don't print stats in show-only
+ mode.
+ (import_one): Be silent in show-only mode.
+
+2018-05-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a hint on how to decrypt a non-mdc message anyway.
+ + commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de
+ * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
+ MDC. Also print a dedicated status error code
+
+ (cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
+
+ gpg: Detect multiple literal plaintext packets more reliable.
+ + commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295
+ * g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
+
+ gpg: Remove MDC options.
+ + commit 866667765f38bf65b612191209d0f0a87fb16393
+ * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
+ and --no-disable-mdc into NOPs.
+ * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
+ * g10/cipher.c (write_header): Include extra hint and make
+ translatable.
+ * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
+
+ gpg: Hard fail on a missing MDC even for legacy algorithms.
+ + commit 3db1b48a2da42942cb5a57281441167901bdcdc8
+ * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
+ * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
+ allow testing with the current files.
+
+ gpg: Turn --no-mdc-warn into a NOP.
+ + commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941
+ * g10/gpg.c (oNoMDCWarn): Remove.
+ (opts): Make --no-mdc-warn a NOP.
+ (main): Don't set var.
+ * g10/options.h (struct opt): Remove 'no_mdc_var'.
+ * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
+ * g10/mainproc.c (proc_encrypted): Ditto.
+
+2018-05-07 Ineiev <ineiev@gnu.org>
+
+ doc: Update description of displayed trust values.
+ + commit ed12a1dabaf928e8620fc26ca426c935e1a8a880
+ * doc/trust-values.texi: New file.
+ * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
+ * doc/gnupg.texi (Trust Values): New chapter.
+ * doc/gpg.texi (OpenPGP Key Management): Update the description
+ of how trust values are displayed, replace table with a reference
+ to Trust Values.
+ * doc/gpg.texi (GPG Examples): Add @mansect trust values.
+
+2018-05-02 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.7.
+ + commit d31d149196832ed6b8849017d8bcd0852c6ca96c
+
+
+ gpg: Fix minor memory leak in the compress filter.
+ + commit d26363e4f1933781c86cbe87077fbf1b9a2b64d8
+ * g10/compress.c (push_compress_filter2): Return an error if no filter
+ was pushed.
+ (push_compress_filter): Ditto.
+ (handle_compressed): Free CFX if no filter was pushed.
+ * g10/import.c (read_block): Ditto.
+
+ gpg: Fix "Too many open files" when using --multifile.
+ + commit f7f3043653abe699602f910ddd09c1405675c7f6
+ * common/miscellaneous.c (is_file_compressed): Don't cache the file.
+
+ dirmngr: Implement timeout for dirmngr_ldap under Windows.
+ + commit 007dde93cc3971cb51d08e8c082e172506ae7f80
+ * dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
+ (set_timeout): Implement for W32.
+
+ build: New configure option to help with nPth debugging.
+ + commit ddfd39e91a532fd31cd0c20c5d4cf9643acc58bd
+ * configure.ac: Add option --enable-npth-debug
+
+2018-05-02 Andre Heinecke <aheinecke@intevation.de>
+
+ common,w32: Hide spawned processes by default.
+ + commit 3bd793256e2e4be52075d50ccf2df70c4a2e1a0f
+ * common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
+ instead of SW_MINIMIZE.
+
+2018-04-30 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Sleep in the ldap wrapper thread.
+ + commit a598bbeeafa30f7854230eed212b76d5c5c77f86
+ * dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
+ (ldap_reaper_thread): Protect all list modification with a mutex. Use
+ a condition var to wake up the reaper thread.
+
+2018-04-27 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use the LDAP wrapper process also for Windows.
+ + commit f9fbfc64e402bd41815a68426f55565fa6d5c726
+ * dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
+ portability.
+ * configure.ac: Always use the ldap wrapper.
+
+ dirmngr: Silence log output from dirmngr_ldap.
+ + commit d22506a343cec61b7d1a48c970b63a8458b267ab
+ * dirmngr/dirmngr_ldap.c: Remove assert.h.
+ (main): Replace assert by log_assert.
+ * dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
+ verbose options to dirmngr_ldap.
+ (start_cert_fetch_ldap): Ditto.
+
+2018-04-26 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Lower the dead host resurrection time to 1.5h.
+ + commit 5789afc840cf79ba2a8cebd9d772ef9c3868c5e9
+ * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
+ (INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
+ for development.
+
+ dirmngr: Fix handling of CNAMEed keyserver pools.
+ + commit cc66108253c58583d6bad3d1e2da2b004701d0f0
+ * dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
+ * dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
+
+2018-04-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add the used TLS library to the debug output.
+ + commit bb8894760fe87cf46a42599f11eab7e7c7a8eb71
+ * dirmngr/http.c (send_request): Print the used TLS library in debug
+ mode.
+
+ dirmngr: Allow redirection from https to http for CRLs.
+ + commit 1de4462974113ac18cf98f903e97cd1127fa842f
+ * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
+ (KS_HTTP_FETCH_TRUST_CFG): Ditto.
+ (KS_HTTP_FETCH_NO_CRL): Ditto.
+ (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
+ and extra_http_trust_flags by a new flags arg. Allow redirectiong
+ from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
+ * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
+ * dirmngr/ks-action.c (ks_action_get): Ditto.
+ (ks_action_fetch): Ditto.
+ * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
+
+ dirmngr: Implement CRL fetching via https.
+ + commit 705d8e9cf0d109005b3441766270c0e584f7847d
+ * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
+ * dirmngr/http.c (http_register_cfg_ca): New.
+ (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
+ * dirmngr/certcache.c (load_certs_from_dir): Call new function.
+ (cert_cache_deinit): Ditto.
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
+ 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to
+ provide the default value.
+ * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
+ ks_http_fetch.
+
+2018-04-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix printing the keygrip with --card-status.
+ + commit 71903eee89496e3f1d0a24536bced6ff16df6783
+ * g10/card-util.c (current_card_status): Keygrip for Auth is 3.
+
+2018-04-24 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fallback to CRL if no default OCSP responder is configured.
+ + commit 460e3812be711bd18195053d74aa736215f21eee
+ * dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
+ OCSP checkibng. Fallback to CRL if no default OCSP responder has been
+ configured.
+ * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.
+
+2018-04-20 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: More binary I/O on Windows for CRLs.
+ + commit 64c1fddb253061a9773c6c4ed2a9c5a54702d21b
+ * dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
+ file in binary mode.
+
+ doc: Remove unneccesary empty flags in vsndf.prf.
+ + commit a44ed3d9a1ad5bd96694f10ea5523c517982017e
+ * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.
+
+2018-04-16 emma peel <emma.peel@aktivix.org>
+
+ po: more updates to Spanish translation.
+ + commit acd6d5ff7436bb7fba171ced3294046a14fb777d
+
+
+ po: correct attribution for Spanish translation.
+ + commit 21b2e88a7e6c3d7313773c9ffb3e0d1fb2af45df
+
+
+ po: correct label tags in Polish translation.
+ + commit a5290dace7f85d66272af3e14f9f2bc43d2a4af8
+
+
+ po: correct label tags in Finnish translation.
+ + commit e12475429578add12a53fb2232cb45dc9e2aae1b
+
+
+2018-04-15 Werner Koch <wk@gnupg.org>
+
+ build: New target "release" to automate the release process.
+ + commit 3b1ee413a65bf566aa8e5f29a5a2cd5a94e66faa
+ * Makefile.am (RELEASE_ARCHIVE_DIR): New.
+ (RELEASE_SIGNING_KEY): New.
+ (AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
+ (RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
+ (release, sign-release): New.
+
+2018-04-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak in check_sig_and_print.
+ + commit f747b8f0734338baa1e608b193b213aca2c577e8
+ * g10/mainproc.c (check_sig_and_print): Free the public key.
+
+ g10: Push compress filter only if compressed.
+ + commit c31abf84659dbda5503dd9f3aa3449520bcd1b84
+ * g10/compress.c (handle_compressed): Fix memory leak.
+
+2018-04-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend the "sig" record in --list-mode.
+ + commit 69c3e7acb744e1e5606a4d946e3b948704cfbbae
+ * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
+ callers.
+ (get_user_id): Add arg R_NOUID. Change call callers.
+ * g10/mainproc.c (issuer_fpr_string): Make global.
+ * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
+ also in --list-mode. Print the "issuer fpr" field also if there is an
+ issuer fingerprint subpacket.
+
+ gpg: Extend the ERRSIG status line with a fingerprint.
+ + commit 23a714598c247d78cfda46a6dc338b17e17cc194
+ * g10/mainproc.c (issuer_fpr_raw): New.
+ (issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
+ (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
+ Use write_status_printf. Extend ERRSIG status.
+
+ gpg: Relax printing of STATUS_FAILURE.
+ + commit e2bd152a928d79ddfb95fd2f7911c80a1a8d5a21
+ * g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
+ return code and not on the presence of any call to log_error.
+
+ agent,dirmngr: Add "getenv" to the getinfo command.
+ + commit bbb5bfacc0d1f179cfec94fd32fee01a09df0f1d
+ * agent/command.c (cmd_getinfo): Add sub-command getenv.
+ * dirmngr/server.c (cmd_getinfo): Ditto.
+
+2018-04-12 Andre Heinecke <aheinecke@intevation.de>
+
+ build: Update getswdb version check to 2.2.
+ + commit 327fece0aed2c9974659c72304f9fd1f461d460c
+ * build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
+ longer exists.
+
+2018-04-11 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --no-symkey-cache.
+ + commit 789d240cb40ab36406a7c57ad49897e0bafbb41e
+ * g10/gpg.c (oNoSymkeyCache): New.
+ (opts): Add that option.
+ (main): Set var.
+ * g10/options.h (struct opt): New field no_symkey_cache.
+ * g10/passphrase.c (passphrase_to_dek): Implement that feature.
+
+2018-04-10 Werner Koch <wk@gnupg.org>
+
+ agent: Improve the unknown ssh flag detection.
+ + commit 9f69dbeb902ac447adbc92937cd451c4e909f234
+ * agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
+ of flags.
+
+2018-04-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: unknown flags on ssh signing requests cause an error.
+ + commit 381c46818ffa4605d0ca39818fe317de445eb6de
+ * agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
+ during an signature request that we do not know how to apply, return
+ GPG_ERR_UNKNOWN_OPTION.
+
+ agent: change documentation reference for ssh-agent protocol.
+ + commit 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8
+ * agent/command-ssh.c: repoint documentation reference.
+
+2018-04-09 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.6.
+ + commit 6fbe2ddbaf5123ae444c95fdf8da67840f794c76
+
+
+ gpg,w32: Fix empty homedir when only a drive letter is used.
+ + commit 6da7aa1e7c80d214bd9dccb21744919ae191f2c8
+ * common/homedir.c (copy_dir_with_fixup): New.
+ (default_homedir): Use here.
+ (gnupg_set_homedir): And here .
+
+ doc: Document --key-edit:change-usage.
+ + commit a4e26f2ee852003707857ab0635b783acb89a2f8
+ * g10/keyedit.c (menu_changeusage): Make strings translatable.
+
+2018-04-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Check that a key may do certifications.
+ + commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214
+ * g10/sig-check.c (check_signature_end_simple): Check key usage for
+ certifications.
+ (check_signature_over_key_or_uid): Request usage certification.
+
+ gpg: Emit FAILURE stati now in almost all cases.
+ + commit 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
+ * g10/cpr.c (write_status_failure): Make it print only once.
+ * g10/gpg.c (wrong_args): Bump error counter.
+ (g10_exit): Print a FAILURE status if we ever did a log_error etc.
+ (main): Use log_error instead of log_fatal at one place. Print a
+ FAILURE status for a bad option. Ditto for certain exit points so
+ that we can see different error locations.
+
+ gpg: Re-indent sig-check.c and use signature class macros.
+ + commit 5ba74a134db431530884f03eea5410a68dbfe0f5
+ * g10/keydb.h (IS_BACK_SIG): New.
+ * g10/sig-check.c: Re-indent and use macros.
+
+2018-04-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support SSH signature flags.
+ + commit 80b775bdbb852aa4a80292c9357e5b1876110c00
+ * agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
+ (SSH_AGENT_RSA_SHA2_512): New.
+ (ssh_handler_sign_request): Override SPEC when FLAGS
+ is specified.
+
+2018-04-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Let card-edit/key-attr show message when change.
+ + commit 870527df0dd704c994928348c8c2910030776680
+ * g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
+ (ask_card_keyattr): Show message when change, also for ECC.
+
+2018-04-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix no gpg-agent upon removal of GNUPGHOME.
+ + commit 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73
+ * tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
+ teadown-fn.
+ * tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
+ * tests/openpgp/decrypt-session-key.scm: Likewise.
+ * tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
+ * tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
+ (setup-environment-no-atexit): New.
+ (start-agent): Support no use of atexit.
+ * tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
+ * tests/migrations/common.scm (untar-armored): Follow the change
+ of with-ephemeral-home-directory.
+
+2018-04-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Writing KDF resets auth state.
+ + commit cb1731c23cddfa524d3f51cfd82029bff853a073
+ * scd/app-openpgp.c (do_setattr): Clear auth state.
+
+2018-04-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix filtering by PK->REQ_USAGE.
+ + commit a17d2d1f690ebe5d005b4589a5fe378b6487c657
+ * g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.
+
+2018-03-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix card-edit/kdf-setup for single salt.
+ + commit 130ad98240c066383fa0a99bcf5e0ec72bc0dff9
+ * g10/card-util.c (gen_kdf_data): Use SALT_USER.
+
+ g10,scd: Support single salt for KDF data object.
+ + commit 0c097575a9cd923f648fb5bb695893d46400c3ad
+ * g10/card-util.c (gen_kdf_data): Support single salt.
+ (kdf_setup): Can have argument for single salt.
+ * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
+
+ g10: Add "key-attr" command for --card-edit.
+ + commit 820380335a20391e0998fb1ba32ebfb9accedc5b
+ * g10/card-util.c (key_attr): New explicit command.
+ (generate_card_keys, card_generate_subkey): Don't ask key attr change.
+ (card_edit): Add for cmdKEYATTR.
+
+ scd: Support changing key attribute back to RSA.
+ + commit 29692718768c28c524be6306081ab1852e75fe07
+ * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
+
+2018-03-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Support key attribute change at --card-edit/generate.
+ + commit a1515b3bbc10a210040dda3b482bcdb933fa8d7c
+ * g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
+ number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
+ (ask_card_keyattr): Support ECC, as well as RSA.
+ (do_change_keyattr): Support ECC dropping magical number 25519.
+ * g10/keygen.c (ask_curve): Allow call from outside, adding last arg
+ of CURRENT.
+ (generate_keypair): Follow the change of ask_curve.
+ (generate_subkeypair): Likewise.
+
+ g10: check_pin_for_key_operation should be just before genkey.
+ + commit 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f
+ * g10/card-util.c (generate_card_keys): Check PIN later.
+ (card_generate_subkey): Likewise.
+
+2018-03-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Change ask_curve so that it can be used outside.
+ + commit e610d51f0de11154050915b951bcc5c53c940f5e
+ * g10/call-agent.h (struct key_attr): New.
+ * g10/keygen.c (ask_curve): Return const char *. No allocation.
+ (quick_generate_keypair): Follow the change.
+ (generate_keypair, generate_subkeypair): Likewise.
+ (parse_algo_usage_expire): Return const char *.
+
+2018-03-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent,scd: Use pointer to represent HANDLE.
+ + commit 96918346beeca7a46de9f03f19502373994c21bc
+ * agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
+ * scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.
+
+2018-03-27 Werner Koch <wk@gnupg.org>
+
+ agent: Make the request origin a part of the cache items.
+ + commit 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e
+ * agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
+ callers to pass it.
+ (agent_get_cache): Ditto.
+
+ * agent/cache.c (struct cache_items_s): Add field 'restricted'.
+ (housekeeping): Adjust debug output.
+ (agent_flush_cache): Ditto.
+ (agent_put_cache): Ditto. Take RESTRICTED into account.
+ (agent_get_cache): Ditto.
+
+2018-03-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Auto-fix a broken trustdb with just the version record.
+ + commit eb68c2d3d1b03a18cd24406fa46d4c30cb13d9f7
+ * g10/tdbio.c (get_trusthashrec): Create hashtable on error.
+
+ gpg: Pass CTRL arg to get_trusthashrec.
+ + commit a750ebebf35a392f1c72d6aee5618df0d9f25ff7
+ * g10/tdbio.c (get_trusthashrec): Add arg CTRL.
+ (tdbio_search_trust_byfpr): Ditto.
+ (tdbio_search_trust_bypk): Ditto.
+
+ gpg: Return better error codes in case of a too short trustdb.
+ + commit 403aa70c52e56614d65490dea9344113f9cf3d29
+ * g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
+ (tdbio_new_recnum): Never return on error.
+ (lookup_hashtable): Print a more descriptive error in case of !TABLE.
+
+ gpg: Fix trustdb updates without lock held.
+ + commit 456a3a8e93ea14f821e0e98fb515f284ece98685
+ * g10/tdbio.c (is_locked): Turn into a counter.
+ (take_write_lock, release_write_lock): Implement recursive locks.
+
+ gpg: Disable unused code parts in tdbio.c.
+ + commit 5f00531463ebc0e606c502696962426007545bb7
+ * g10/tdbio.c (in_transaction): Comment this var.
+ (put_record_into_cache): Comment the transaction code.
+ (tdbio_sync): Ditto
+
+2018-03-23 Werner Koch <wk@gnupg.org>
+
+ sm: Add OPTION request-origin.
+ + commit 137644c9cb58deaaba6850f2763d9c5f9241cb0b
+ * sm/server.c: Include shareddefs.h.
+ (option_handler): Add option.
+
+ gpg,sm: New option --request-origin.
+ + commit 2cd35df5db3c4dfe37616dcfb1fcc644959449ef
+ * g10/gpg.c (oRequestOrigin): New const.
+ (opts): New option --request-origin.
+ (main): Parse that option.
+ * g10/options.h (struct opt): Add field request_origin.
+ * g10/call-agent.c (start_agent): Send option to the agent.
+ * sm/gpgsm.c (oRequestOrigin): New const.
+ (opts): New option --request-origin.
+ (main): Parse that option.
+ * sm/gpgsm.h (struct opt): Add field request_origin.
+ * sm/call-agent.c (start_agent): Send option to the agent.
+
+ agent: New OPTION pretend-request-origin.
+ + commit 05c55ee260edc07cd19da56dfd00347bfe3f529c
+ * common/shareddefs.h (request_origin_t): New.
+ * common/agent-opt.c (parse_request_origin): New.
+ (str_request_origin): New.
+ * agent/command.c (option_handler): Implement new option.
+
+2018-03-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Fix the manual source field.
+ + commit 5400a5bb77bddcb14c94d9405312d6181322b090
+
+
+2018-03-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Implement --dry-run for --passwd.
+ + commit 165bc38cefbc03515403b60b704cabf4dc0b71f4
+ * g10/keyedit.c (change_passphrase): Take care of --dry-run.
+
+2018-03-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support KDF DO setup.
+ + commit 0152ba7c987443d641ce1091c79f90ef2cc46498
+ * g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
+ * g10/card-util.c (gen_kdf_data, kdf_setup): New.
+ (card_edit): New admin command cmdKDFSETUP to call kdf_setup.
+ * scd/app-openpgp.c (do_getattr): Emit KDF capability.
+
+2018-03-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix out-of-bound read in subpacket enumeration.
+ + commit 983f7b2acbd1e7580652bbeb0c3d64f9dd19d9e4
+ * g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
+ the type octet. Print diagnostic.
+
+2018-03-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: signal mask should be set just after npth_init.
+ + commit 11bbd99477ef5ba5b7db0c17607b10af03c68afb
+ * scd/scdaemon.c (setup_signal_mask): New.
+ (main): Call setup_signal_mask.
+ (handle_connections): Remove signal mask setup.
+
+2018-03-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Better user interaction for factory-reset.
+ + commit 2c85e202bc30231b9555100dec0c490c60d7b88c
+ * g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
+ Connect the card again at the last step.
+
+2018-03-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix suspend/resume handling for CCID driver.
+ + commit fd23a0524d8060ed12d87c679b7823686614aaee
+ * scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
+ to see if it's suspend/resume.
+
+2018-03-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: After fatal error, shutdown a reader.
+ + commit c84bae69e9e02923f7180e09d161cb0b13257436
+ * scd/apdu.c (pcsc_send_apdu): Notify main loop after
+ fatal errors.
+
+ scd: Fix for GNU/Linux suspend/resume.
+ + commit 71e5282c25ba812c7091e587edd721839bc4c2ac
+ * configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
+ * scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
+
+2018-03-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix typo in previous commit.
+ + commit 655f0b9ad0138e6f960bf4befaf0eea569256614
+
+
+2018-03-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: More fix with PC/SC for Windows.
+ + commit 1e27c0e04cd3280d498dc8b72d2e410f6287f656
+ * scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
+ Add debug log.
+
+2018-03-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix status check when using PC/SC.
+ + commit f8b8b6aac2ca1cb34d7a346aee1d874e7650557b
+ * scd/apdu.c (struct reader_table_s): Add field of current_state.
+ (new_reader_slot): Initialize current_state.
+ (pcsc_get_status): Keep the status in READER_TABLE array.
+ Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
+ * scd/scdaemon.c (handle_connections): Silence a warning.
+
+2018-03-06 Werner Koch <wk@gnupg.org>
+
+ agent: Also evict cached items via a timer.
+ + commit f060cb5c63923d6caec784f65f3bb0aadf52f795
+ * agent/cache.c (agent_cache_housekeeping): New func.
+ * agent/gpg-agent.c (handle_tick): Call it.
+
+2018-03-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Print the keygrip with --card-status.
+ + commit fd595c9d3642dba437fbe0f6e25d7aaaae095f94
+ * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
+ grp3.
+ * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
+ (learn_status_cb): Parse KEYPARIINFO int the grpX fields.
+ * g10/card-util.c (print_keygrip): New.
+ (current_card_status): Print "grp:" records or with --with-keygrip a
+ human readable keygrip.
+
+2018-02-28 Andre Heinecke <aheinecke@intevation.de>
+
+ gpgconf, w32: Allow UNC paths.
+ + commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
+ * tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
+
+2018-02-22 Michał Górny <mgorny@gentoo.org>
+
+ dirmngr: Handle failures related to missing IPv6 gracefully.
+ + commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
+ error codes.
+
+2018-02-22 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.5.
+ + commit 9581a65ccc10daededc05c55391a04022f794a4a
+
+
+ gpg: Don't let gpg return failure on an invalid packet in a keyblock.
+ + commit b375d50ee4ce52c9b0f0855ec155be027642fb05
+ * g10/keydb.c (parse_keyblock_image): Use log_info instead of
+ log_error for skipped packets.
+ * g10/keyring.c (keyring_get_keyblock): Ditto.
+
+2018-02-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Select a secret key by checking availability under gpg-agent.
+ + commit 88e766d3915c2919e9968148ebb30463d4a673e4
+ * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
+ by agent_probe_secret_key.
+ (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
+
+2018-02-20 Werner Koch <wk@gnupg.org>
+
+ wks: Add special mode to --install-key.
+ + commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b
+ * tools/gpg-wks-client.c (get_key_status_parm_s)
+ (get_key_status_cb, get_key): Move to ...
+ * tools/wks-util.c: ...here.
+ (get_key): Rename to wks_get_key.
+ * tools/gpg-wks-server.c: Include userids.h.
+ (command_install_key): Allow use of a fingerprint.
+
+ wks: Implement server command --install-key.
+ + commit ee474856ec16ff11d922d8503fb3ede77129c4aa
+ * tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
+ * tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
+ (write_to_file): New.
+ (check_and_publish): Factor some code out to ...
+ (compute_hu_fname): ... new.
+ (command_install_key): Implement.
+
+ wks: Support alternative submission address.
+ + commit 1877603761911ea5b1c15f4aef11a2cf86a8682c
+ * tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
+ * tools/wks-util.c (wks_parse_policy): Parse that field.
+ (wks_free_policy): New.
+ * tools/gpg-wks-client.c (command_send): Also try to take the
+ submission-address from the policy file. Free POLICY.
+ * tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
+ (command_list_domains): Free POLICY.
+
+2018-02-15 Werner Koch <wk@gnupg.org>
+
+ kbx: Fix detection of corrupted keyblocks on 32 bit systems.
+ + commit 5e3679ae395e7a7e44f218f07bbe487429f1b279
+ * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
+ checking.
+ (blob_cmp_fpr_part): Ditto.
+ (blob_cmp_name): Ditto.
+ (blob_cmp_mail): Ditto.
+ (blob_x509_has_grip): Ditto.
+ (keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
+ (keybox_get_cert): Ditto.
+
+2018-02-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix reversed messages for --only-sign-text-ids.
+ + commit ca138d5bf36accde2fd755249b470a8dc8743c95
+ * g10/keyedit.c (keyedit_menu): Fix messages.
+
+2018-02-14 Katsuhiro Ueno <uenobk@gmail.com>
+
+ agent: Avoid appending a '\0' byte to the response of READKEY.
+ + commit df97fe24807826ddc2af0e45e416fb81c5666f88
+ * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
+ without an extra '\0' byte.
+
+2018-02-14 Werner Koch <wk@gnupg.org>
+
+ sm: Fix minor memory leak in --export-p12.
+ + commit 80719612b7e92aff5887f2a68d550a24f350722c
+ * sm/export.c (gpgsm_p12_export): Free KEYGRIP.
+
+2018-02-14 Katsuhiro Ueno <uenobk@gmail.com>
+
+ sm: Fix a wrong key parameter in an exported private key file.
+ + commit 29aac7798085ee38da5107698618890ae7593c96
+ * sm/export.c (sexp_to_kparms): Fix the computation of array[6],
+ which must be 'd mod (q-1)' but was 'p mod (q-1)'.
+
+2018-02-14 Werner Koch <wk@gnupg.org>
+
+ common: Use new function to print status strings.
+ + commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac
+ * common/asshelp2.c (vprint_assuan_status_strings): New.
+ (print_assuan_status_strings): New.
+ * agent/command.c (agent_write_status): Replace by call to new
+ function.
+ * dirmngr/server.c (dirmngr_status): Ditto.
+ * g13/server.c (g13_status): Ditto.
+ * g13/sh-cmd.c (g13_status): Ditto.
+ * sm/server.c (gpgsm_status2): Ditto.
+ * scd/command.c (send_status_info): Bump up N.
+
+2018-02-13 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
+
+ scd: Improve KDF-DO support.
+ + commit 25f3b69129015c54392636818c8846e236f5cb2c
+ * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
+
+2018-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix handling for Data Object with no data.
+ + commit 0a3bec2c2525935362f87dce93d7df2c8d498498
+ * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
+ with no data.
+
+2018-02-09 Andre Heinecke <aheinecke@intevation.de>
+
+ doc: Add compliance de-vs to gpgsm in vsnfd.prf.
+ + commit e0658b19d93b38ed9ebd07734c4678acdde1607d
+ * doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
+
+2018-02-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Use pipe to kick the loop on NetBSD.
+ + commit 015fe1c47b91da340e9df6bed908e0747ae8c60b
+ * configure.ac (HAVE_PSELECT_NO_EINTR): New.
+ * scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
+ (handle_connections): Use pipe.
+
+2018-01-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix for NetBSD with __func__.
+ + commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
+ * tests/asschk.c: Don't define __func__ if available.
+
+2018-01-27 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Improve assuan error comment for cmd keyserver.
+ + commit f8e868d9dfb6fc1390e421e7993a1d076309ed83
+ * dirmngr/server.c: Add error comment in case --resolve fails in
+ ensure_keyserver.
+
+2018-01-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix last commit.
+ + commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
+ * configure.ac: Check ucred.h as well as sys/ucred.h.
+ * agent/command-ssh.c: Add inclusion of ucred.h.
+
+ agent: More fix for get_client_pid for portability.
+ + commit 08e686a6a6d5bcb5410228b388745d09686b260c
+ * configure.ac: Check sys/ucred.h instead of ucred.h.
+ * agent/command-ssh.c: Include sys/ucred.h.
+
+2018-01-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support KDF Data Object of OpenPGPcard V3.3.
+ + commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2
+ * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
+ (pin2hash_if_kdf): New.
+ (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf.
+ (verify_chv2, do_sign): Follow the change of verify_a_chv.
+ (verify_chv3, do_change_pin): Use pin2hash_if_kdf.
+
+2018-01-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix the use of future-default with --quick-add-key.
+ + commit e1e35db510c9222e7a7dc208c2e49df556954170
+ * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
+ (parse_key_parameter_string): Add arg suggested_use and implement
+ fallback. Change callers to pass 0 for new arg.
+ (parse_algo_usage_expire): Pass the parsed USAGESTR to
+ parse_key_parameter_string so that it can use it in case a subkey is
+ to be created.
+
+2018-01-09 Andre Heinecke <aheinecke@intevation.de>
+
+ doc: Note pinentry-mode for passphrase opts.
+ + commit 6fb5713f4a6976900cc70c140e61043b6ef688d1
+ * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
+ Note that pinentry-mode needs to be loopback.
+
+2018-01-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Print all keys with --decrypt --list-only.
+ + commit 339b3301ee8410fe3bbdebb66a6e83801d79d40d
+ * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
+ list-only and put the key into PKENC_LIST.
+ (print_pkenc_list): Take care of the new error code.
+
+2018-01-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow "futuredefault" as alias for "future-default".
+ + commit 4d3c500f4793eb263940ff5ef87ec4ead63c9b4b
+ * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
+ use case-insensitive matching
+ (quick_generate_keypair): Ditto.
+ (parse_algo_usage_expire): Ditto.
+
+2017-12-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
+ + commit 412bb7a801f242d47a82712080cce6ddbb843166
+ * g10/keygen.c (gen_ecc): Map curve names.
+
+2017-12-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for inactive card at start by internal CCID driver.
+ + commit 4f88b0f56134af2ce56d434b7acd47fcf9b6f7cf
+ * scd/ccid-driver.c (do_close_reader): Set NULL on close.
+ (bulk_in): Move DEBUGOUT and check by EP_INTR.
+ (ccid_get_atr): Clear powered_off flag after initial status check.
+
+2017-12-22 Werner Koch <wk@gnupg.org>
+
+ kbx: Simplify by removing custom memory functions.
+ + commit f3ba66781a07af2e32f5887e6e15acdd4822a431
+ * kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
+ (_keybox_malloc, _keybox_calloc, keybox_realloc)
+ (_keybox_free): Remove.
+ (keybox_file_rename): Remove. Was not used.
+ * sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
+ * kbx/kbxutil.c (main): Ditto.
+ * kbx/keybox-defs.h: Remove all separate includes. Include util.h.
+ remove convenience macros.
+ * common/logging.h (return_if_fail): New. Originally from
+ keybox-defs.h but now using log_debug.
+ (return_null_if_fail): Ditto.
+ (return_val_if_fail): Ditto.
+ (never_reached): Ditto.
+
+2017-12-20 Werner Koch <wk@gnupg.org>
+
+ common: Use larger buffer for homedir in case of 64 bit UIDs.
+ + commit 290348e349e8d56a856f187a08e913f2ed525b3c
+ * common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
+ bytes for "/gnupg".
+
+ Release 2.2.4.
+ + commit 558b17593ae97b8a07d06bf0d6af1a626b304501
+
+
+2017-12-19 Petr Pisar <petr.pisar@atlas.cz>
+
+ po: Update Czech translation.
+ + commit 43aaf60449036e870cc25b77fbb7312cf3fb534c
+
+
+2017-12-19 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit c7b8ec6c8e57797f0b77dbf7fca85fb600323328
+
+
+2017-12-19 Werner Koch <wk@gnupg.org>
+
+ wks: New server options --check, --with-dir, with-file.
+ + commit 7449063b1af2eef73d621a69cdb2fb713ab1ae6c
+ * tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
+ (opts): New options --check, --with-dir, and --with-file.
+ (main): Call command_check_key.
+ (command_list_domains): Implement option --with-dir.
+ (fname_from_userid): New.
+ (command_check_key): New.
+ (command_remove_key): Implement existsing command.
+ (command_revoke_key): Call command_remove_key as a simple
+ implementation.
+
+2017-12-18 Werner Koch <wk@gnupg.org>
+
+ conf: New option --status-fd.
+ + commit 482e000b8a7e336f342a7fac3b7379257e944b6e
+ * tools/gpgconf.c (oStatusFD): New const.
+ (opts): New option --status-fd.
+ (statusfp): New var.
+ (set_status_fd): New.
+ (gpgconf_write_status): New.
+ (gpgconf_failure): New.
+ (main): Set status fd and replace exit by gpgconf_failure.
+ * tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
+ (gc_process_gpgconf_conf): Print a few warning status messages.
+
+ gpgconf: Show --compliance in expert mode.
+ + commit d74c40cef0a97cd98aa05f13b1541a94eda502a6
+ * tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
+ (gc_options_gpgsm): Ditto.
+
+ sm: Allow explicit setting of the default --compliance=gnupg.
+ + commit 8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9
+ * sm/gpgsm.c (main): Allow setting of the default compliance.
+ * tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
+
+2017-12-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
+ * po/ja.po: Fix message with no "%s".
+
+2017-12-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a warning for too much data encrypted with 3DES et al.
+ + commit 416cf9e9be5d2daf0ef629208031989699b3653f
+ * g10/filter.h (cipher_filter_context_t): Remove unused filed
+ 'create_mdc'. Turn field 'header' into a bit field. Add new fields
+ 'short_blklen_warn' and 'short_blklen_count'.
+ * g10/cipher.c (write_header): Print a warning if MDC is not used.
+ (cipher_filter): Print a warning for long messages encrypted with a
+ short block length algorithm.
+
+ gpg: Simplify cipher:write_header.
+ + commit b5333e13cbc9db354ed90762190bf70605a02d1f
+ * g10/cipher.c (write_header): Use write_status_printf.
+
+ gpg: Simplify default_recipient().
+ + commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d
+ * g10/pkclist.c (default_recipient): Use hexfingerprint.
+
+ gpg: Return an error from hexfingerprint on malloc error.
+ + commit cd26c5482b10bee7658959ae913f2ddb83190587
+ * g10/keyid.c (hexfingerprint): Return NULL on malloc failure. Chnage
+ all callers.
+
+ gpg: Remove some xmallocs.
+ + commit 29119a6492eda5dd7920e45e7f2faa043d436591
+ * g10/getkey.c (get_pubkeys): Do not use xmalloc.
+
+2017-12-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: default-preference-list: prefer SHA512.
+ + commit 8ede3ae29a39641a2f98ad9a4cf61ea99085a892
+ * g10/keygen.c (keygen_set_std_prefs): when producing default internal
+ personal-digest-preferences, keep the same order. When publishing
+ external preferences, state preference for SHA512 first.
+
+2017-12-12 Werner Koch <wk@gnupg.org>
+
+ Change backlog from 5 to 64 and provide option --listen-backlog.
+ + commit c81a447190d2763ac4c64b2e74e22e824da8aba3
+ * agent/gpg-agent.c (oListenBacklog): New const.
+ (opts): New option --listen-backlog.
+ (listen_backlog): New var.
+ (main): Parse new options.
+ (create_server_socket): Use var instead of 5.
+ * dirmngr/dirmngr.c: Likewise.
+ * scd/scdaemon.c: Likewise.
+
+ build: New configure option --enable-run-gnupg-user-socket.
+ + commit 17efcd2a2acdc3b7f00711272aa51e5be2476921
+ * configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
+ * common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
+
+2017-12-11 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Check for WKD support at session end.
+ + commit 20b52be9ca29b0bc843fc68a279cb72728ede72f
+ * dirmngr/domaininfo.c (insert_or_update): Copy the name.
+ * dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
+ * dirmngr/server.c (set_error): Protect CTX.
+ (dirmngr_status): Protect against missing ASSUAN_CTX.
+ (dirmngr_status_help): Ditto.
+ (dirmngr_status_printf): Ditto.
+ (cmd_wkd_get): Factor code out to ...
+ (proc_wkd_get): new func. Support silent operation with no CTX.
+ (task_check_wkd_support): New.
+
+ dirmngr: Add a background task framework.
+ + commit f2997adee0455c8c0fa391a853ec1b0c9fc43342
+ * dirmngr/workqueue.c: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
+ * dirmngr/server.c (server_local_s): New field session_id.
+ (cmd_wkd_get): Add a task.
+ (task_check_wkd_support): New stub function.
+ (cmd_getinfo): New sub-commands "session_id" and "workqueue".
+ (start_command_handler): Add arg session_id and store it in
+ SERVER_LOCAL.
+ (dirmngr_status_helpf): New.
+ * dirmngr/dirmngr.h (wqtask_t): New type.
+ * dirmngr/dirmngr.c (main): Pass 0 as session_id to
+ start_command_handler.
+ (start_connection_thread): Introduce a session_id and pass it to
+ start_command_handler. Run post session tasks.
+ (housekeeping_thread): Run global workqueue tasks.
+
+ dirmngr: Limit the number of cached domains for WKD.
+ + commit 7a663c296e687f12ccd9a21d414de780feb4dfcf
+ * dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
+ (insert_or_update): Limit the length of a bucket chain.
+ (domaininfo_print_stats): Print just one summary line.
+
+ (cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d)
+
+ dirmngr: Keep track of domains used for WKD queries.
+ + commit 6c1dcd79cf0977844179d9a7b189c10af5e42a7e
+ * dirmngr/domaininfo.c: New file.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
+ * dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
+ known and tell domaininfo about the results.
+
+2017-12-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix description of shadow format.
+ + commit 5c121d44443b0a96ec6ea82b90717e3dbafd2cc5
+ * agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.
+
+2017-12-07 Werner Koch <wk@gnupg.org>
+
+ build: Do not define logging.h constants for libgpg-error dev versions.
+ + commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10
+ * common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
+ constants.
+
+2017-12-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Change intialization of assuan socket system hooks.
+ + commit b9677ba16f6b386896781a751e4b2fc839e3ec81
+ * agent/gpg-agent.c (initialize_modules): Add hook again.
+ (main): Remove setting of the system houk but add scoket system hook
+ setting after assuan initialization.
+
+2017-12-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Set assuan system hooks before call of assuan_sock_init.
+ + commit 1524ba9656f0205d8c6ef504f773b832a7a12ab9
+ * agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
+ (main): ... here, just before assuan_sock_init.
+
+2017-12-04 NIIBE Yutaka <gniibe@fsij.org>
+ Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ g10: Fix regexp sanitization.
+ + commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
+ * g10/trustdb.c (sanitize_regexp): Only escape operators.
+
+2017-11-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not read from uninitialized memory with --list-packets.
+ + commit 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c
+ * g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
+
+2017-11-24 Werner Koch <wk@gnupg.org>
+
+ agent: New option --auto-expand-secmem.
+ + commit 18af15249de5f826c3fa8d1d40e876734adcd0cf
+ * agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
+ (opts): New option --auto-expand-secmem.
+ (main): Implement that option.
+
+2017-11-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leaking for long inputs via --command-fd.
+ + commit ea28ea18f3ee6c9f5e69986f39848398b58e242e
+ * g10/cpr.c (do_get_from_fd): Free the old buffer.
+
+2017-11-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Enable card removal check after select_application.
+ + commit 0bb7fd0cab2d53cd0d44b21301b23edfe817e66b
+ * scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
+ * scd/app.c (select_application): Always kick the loop if new APP.
+ * scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
+ (ccid_slot_status): Setup interrupt transfer when !ON_WIRE.
+
+2017-11-20 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.3.
+ + commit 97f4feaaca8da4dcf1ca09a2016693155016f06b
+
+
+ build: Use -Werror only for the check.
+ + commit 04d9833e71cc9d0c087faec091c29b0b6cf69488
+ * configure.ac: Do not add -Werror to mycflags.
+
+ gpg-agent: Avoid getting stuck in shutdown pending state.
+ + commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d
+ * agent/gpg-agent.c (handle_connections): Always check inotify fds.
+
+2017-11-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Use clock or clock_gettime for calibration.
+ + commit 760aa8aadafb747f33a1461ab0c2570b5ae43716
+ * agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
+
+ build: Check -Wlogical-op flag availability with -Werror.
+ + commit 3ecd1a41be7c880976987d13e88342c98f37e064
+ * configure.ac: Use -Werror.
+
+ build: BSD make support for yat2m.
+ + commit e1984969cac06a88c7e6f5e49e5c3104d10a847d
+ * configure.ac (YAT2M): Only define when found.
+ * doc/Makefile.am: Portability fix.
+
+2017-11-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix double free of a hash context in the error case.
+ + commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf
+ * dirmngr/crlcache.c: Clearly document that this fucntions takes
+ ownership of MD.
+ (abort_sig_check): Allow NULL for MD.
+ (crl_parse_insert): Immediately set MD to NULL. Remove check for md
+ before a calling abort_sig_check.
+
+2017-11-15 Andre Heinecke <aheinecke@intevation.de>
+
+ w32: Fix default registry path.
+ + commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
+ * configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
+
+ gpgtar: Prefer --set-filename over implicit name.
+ + commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
+ * tools/gpgtar-extract.c: Prefer opt.filename over filename
+ for the directory prefix.
+
+2017-11-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Print AKL info only in verbose mode.
+ + commit b062ea5bc25157c942047b3fe7f5182a06106340
+ * g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
+
+2017-11-14 Andre Heinecke <aheinecke@intevation.de>
+
+ sm, w32: Fix initial keybox creation.
+ + commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
+ * sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
+
+2017-11-07 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.2.
+ + commit 5bd515005032f9340bd73e4346bbd0aef8518074
+
+
+ dirmngr: Reduce default LDAP timeout to 15 seconds.
+ + commit 30f21f8b0fa6844a9bba3f24dc41b3ac32170109
+ * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
+ * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
+
+ (cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
+
+ speedo: Include software versions in the W32 README.
+ + commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
+ (cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)
+
+2017-11-07 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c
+
+
+2017-11-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a
+
+
+2017-11-06 Werner Koch <wk@gnupg.org>
+
+ agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
+ + commit 3607ab2cf382296cb398a92d5ec792239960bf7b
+ * agent/command.c (cmd_getinfo): New sub-commands.
+ * agent/protect.c (get_standard_s2k_count): Factor some code out to ...
+ (get_calibrated_s2k_count): new.
+ (get_standard_s2k_time): New.
+
+ (cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
+
+ agent: New option --s2k-count.
+ + commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
+ * agent/agent.h (opt): New field 's2k_count'.
+ * agent/gpg-agent.c (oS2KCount): New enum value.
+ (opts): New option --s2k-count.
+ (parse_rereadable_options): Set opt.s2k_count.
+
+2017-11-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
+ + commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb
+ * g10/keygen.c (pSUBKEYGRIP): New.
+ (read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
+ (do_generate_keypair): Support pSUBKEYGRIP.
+
+ g10: Simplify "factory-reset" procedure.
+ + commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d
+ * g10/card-util.c (factory_reset): Simplify.
+
+2017-11-02 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 6070f5a61d4d17ff437c69e1b708d49d107c22dc
+
+
+2017-11-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Introduce magic value 25519 to switch a card to ECC.
+ + commit acb300543422c660c87ac2f0211a42f792a65cc4
+ * g10/card-util.c (ask_card_keyattr): Handle special value 25519.
+ (do_change_keyattr): Allow changing to cv25519/ed25519.
+ (generate_card_keys): Ditto.
+ (card_generate_subkey): Ditto.
+
+ gpg: Rename two card related functions in card-util.
+ + commit de3a740c2e1156e58d2f94faa85c051740c8988e
+ * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
+ (do_change_rsa_keysize): Rename to do_change_keyattr.
+
+2017-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
+ + commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
+ * agent/learncard.c (agent_handle_learn): Find SERIALNO.
+
+2017-11-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Accept the Z-suffix for yymmddThhmmssZ format.
+ + commit 0e5bd473a07f188615c4fce26b73bb452d689d68
+ * common/gettime.c (isotime_p): Accept the Z suffix.
+
+2017-10-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Clean up pinentry access locking.
+ + commit 3924e1442c6625a2b57573a1a634a5ec56b09a29
+ * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
+ * agent/call-pinentry.c (entry_owner): Remove.
+ (agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
+ (unlock_pinentry): Add CTRL to arguments to access thread private.
+ Check and decrement PINENTRY_ACTIVE for recursive use.
+ (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
+ (agent_askpin): Follow the change of unlock_pinentry API.
+ (agent_get_passphrase, agent_get_confirmation): Likewise.
+ (agent_show_message, agent_popup_message_start): Likewise.
+ (agent_popup_message_stop, agent_clear_passphrase): Likewise.
+
+ agent: Allow recursive use of pinentry.
+ + commit 4738256f2e0d22302377c9ec7b2ae3999338e6c6
+ * agent/agent.h (struct server_control_s): Add pinentry_level.
+ * agent/call-pinentry.c (agent_popup_message_stop): Not clear
+ ENTRY_CTX here.
+ (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here.
+ (start_pinentry): Allow recursive use.
+
+2017-10-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent, tests: Support --disable-scdaemon build case.
+ + commit 05cb87276c21c3a47226c75026fa46a955553dd9
+ * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
+ * tests/openpgp/defs.scm (create-gpghome): Likewise.
+ * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
+
+ Fix comment of configure.
+ + commit b13972dfbf7224478652038725ab0d2cb41b7303
+ * configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
+
+2017-10-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid superfluous sig check info during import.
+ + commit 84af859e391a757877c9a1d78e35face983e6d23
+ * g10/key-check.c (print_info): New.
+ (key_check_all_keysigs): Print sig checking results only in debug
+ mode. Prettify the stats info and suppress them in quiet mode.
+
+ build: New configure option --enable-werror.
+ + commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97
+ * configure.ac: Implement that option.
+
+ build: Do not mess with CFLAGS in configure.
+ + commit e417aaf69817fcb4a73c38077853dc940a2deabc
+ * configure.ac: Do not mess with the user provided CFLAGS.
+
+2017-10-24 Rainer Perske <rainer.perske@uni-muenster.de>
+
+ sm: Do not expect X.509 keyids to be unique.
+ + commit 1067403c8a7fb51decf30059e46901b5ee9f5b37
+ * sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
+ * sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
+ (run_command_inq_cb): Ditto.
+ * sm/gpgsm.c (main): Pass false.
+ * sm/server.c (cmd_passwd): Pass false.
+
+2017-10-24 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Ignore non-installed components with --apply-profile.
+ + commit 6e808ae4700dc5e95bf4cc2d5c063df582c234d0
+ * tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
+ only_installed.
+ (gc_component_retrieve_options): Use this if we want to process all
+ components.
+
+ gpg: Improve the "secret key available" notice in keyedit.c.
+ + commit 560d85ecff4246133d185dc29395f07c918b5556
+ * g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
+ (cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
+ (keyedit_menu): Check whether only subkeys are available and take care
+ of that in the command check and in the HELP listing. Also print a
+ different notice if only subkeys are available.
+
+ gpg: Remove unused flags from keyedit.c.
+ + commit 016538d82867c40a21bc7cbf44ec386f4699077f
+ * g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
+ (cmds): Remove them.
+
+2017-10-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix creating on-disk subkey with on-card primary key.
+ + commit 44fb3fbc85b32552c91f32f099b6b246c12ce0cc
+ * g10/keygen.c (generate_subkeypair): Ignore error code issued for
+ trying to verify a card based key.
+
+ gpg: Print sec/sbb with --import-option import-show or show-only.
+ + commit 2c7dccca9b617780a3ea760adf460bb3b77f90f3
+ * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
+
+ gpg: Make --dry-run and show-only work for secret keys.
+ + commit 68c8619114fd5f24cb6bfb9e0f25c428a8805323
+ * g10/import.c (import_secret_one): Check for dry-run before
+ transferring keys.
+
+2017-10-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ dirmngr: Do not follow https-to-http redirects.
+ + commit 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
+ a https URI to a http URI.
+
+2017-10-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix find_and_check_key for multiple keyrings.
+ + commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb
+ * g10/pkclist.c (find_and_check_key): Call get_validity on a specific
+ keyblock.
+
+2017-10-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Keep a lock during the read-update/insert cycle in import.
+ + commit 7c73db3d31c6457dfbdc82a8dc89951c023f0603
+ * g10/keydb.c (keydb_handle): New field 'keep_lock'.
+ (keydb_release): Clear that flag.
+ (keydb_lock): New function.
+ (unlock_all): Skip if KEEP_LOCK is set.
+ * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
+ requested.
+
+ gpg: Improve keydb handling in the main import function.
+ + commit 8448347b5bdee56e6f9938a93ea92fe4d3c8800c
+ * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
+ (get_keyblock_byfprint_fast): .. new function.
+ * g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
+ (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
+ handle. Remove the now surplus keyblock fetch in the merge branch.
+
+ gpg: Simplify keydb handling of the main import function.
+ + commit 752cae6dd2ee8982a34c796a3f168ae538f7938c
+ * g10/import.c (import_keys_internal): Return gpg_error_t instead of
+ int. Change var names.
+ (import_keys_es_stream): Ditto.
+ (import_one): Ditto. Use a single keydb_new and simplify the use of
+ of keydb_release.
+
+ sm: Fix colon listing of fields > 12 in crt records.
+ + commit 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0
+ * sm/keylist.c (print_capabilities): Move colon printing ...
+ (list_cert_colon): to here.
+
+2017-09-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Workaround for junk after --trusted-key.
+ + commit b509d81cab030cca6abf0d878e1fc884eda344e6
+ * g10/trust.c (register_trusted_key): Cut off everthing starting as a
+ hash sign.
+
+2017-09-19 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.1.
+ + commit 355ca9e9498740fb6294eec451507b4891ae01ec
+
+
+2017-09-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use system certs if --hkp-cacert is not used.
+ + commit df692a6167be5486f9a29da003a00292fd895176
+ * dirmngr/certcache.c (any_cert_of_class): New var.
+ (put_cert): Set it.
+ (cert_cache_deinit): Clear it.
+ (cert_cache_any_in_class): New func.
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
+ override empty list of HKP certs.
+
+ wks: Create a new user id if provider wants mailbox-only.
+ + commit 50c8b6c88f5d9f4b6c4e9c03aee31fe29afa94b8
+ * tools/gpg-wks-client.c (get_key): Add arg 'exact'.
+ (add_user_id): New.
+ (command_send): Create new user id.
+
+ wks: Send only the newest UID to the server.
+ + commit 7f7f5d06fa5aa3a3c5ab8d2e59ee76207bfdeaa0
+ * tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
+ (wks_filter_uid): New.
+ (wks_list_key): Allow FPR to be NULL. Return an error if no
+ fingerprint was found.
+ * tools/gpg-wks-server.c (process_new_key)
+ (check_and_publish): Remove now useless extra check for FPR.
+ * tools/gpg-wks-client.c (command_check): Ditto.
+ (command_send): Filter out the newest uid.
+
+ wks: Print the UID creation time with gpg-wks-client --check.
+ + commit a0035986a8615df056182bb9af775b8b7b22003d
+ * tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
+ * tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
+ (wks_list_key): Pass timestamp to append_to_uidinfo_list.
+ * tools/gpg-wks-client.c (command_check): Print UID creation time.
+
+ wks: Use dedicated type to convey user ids.
+ + commit 4e0696de897cac6a34d55a69d8889faf26f1a923
+ * tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
+ * tools/wks-util.c (append_to_uidinfo_list): New.
+ (free_uidinfo_list): New.
+ (wks_list_key): Change arg r_mboxes to uidinfo_list_t. Use
+ append_to_uidinfo_list.
+ * tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
+ uidinfo_list_t.
+ (process_new_key): Ditto.
+ (check_and_publish): Ditto.
+ (command_receive_cb): Replace free_strlist by free_uidinfo_list.
+ * tools/gpg-wks-client.c (command_check): Replace strlist_t by
+ uidinfo_list_t. Also print user id in verbose mode.
+
+2017-09-13 Werner Koch <wk@gnupg.org>
+
+ gpgv: Initialize compliance checker.
+ + commit 006ca124ed95845d43af8c14d7ab2bc085b47b4c
+ * g10/gpgv.c (main): Call gnupg_initialize_compliance.
+
+2017-09-12 Werner Koch <wk@gnupg.org>
+
+ wks: Add hack for the broken posteo system.
+ + commit a821b4f5567d02c3329c2b94a73dcbe12e6699a2
+ * tools/gpg-wks-client.c (command_send): Additional hack for posteo.
+ Check the protocol-version flag.
+
+ wks: Add new policy flag protocol-version.
+ + commit 332c9eaa2a3c7cae90b389cdaa2c149c5595fb4d
+ * tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
+ * tools/wks-util.c (wks_parse_policy): Add new policy flag.
+
+ gpg: Fix "Fix key generation with only an email part".
+ + commit 8b5a2474f21dd4f1aa2a283e2f57d75e42742af5
+ * g10/keygen.c (proc_parameter_file): Don't check the result of
+ stpcpy.
+
+ wks: Use unencrypted draft-1 mode for posteo.de.
+ + commit c65a7bba7331975d20910f90cf648b6ecc5410f0
+ * tools/gpg-wks-client.c (command_send): Allow sending in draft-1
+ mode.
+
+ tools: New function mime_maker_add_body_data.
+ + commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
+ * tools/mime-maker.c (mime_maker_add_body_data): New.
+
+2017-09-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix a test which specifies expiration date.
+ + commit a172759b5088ae086c0caa2e7d4d0ea346b28a90
+ * tests/openpgp/quick-key-manipulation.scm: Fix expiration time
+ comparison.
+
+ scd: Fix for large ECC keys.
+ + commit 827abe01a72a50eab1cdcde78985b42a4a8480fb
+ * scd/app-openpgp.c (do_decipher): Support larger length.
+
+2017-09-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix key generation with only an email part.
+ + commit 7089dcc54099a4909ce7d386c07ab87e1398e2eb
+ * g10/keygen.c (proc_parameter_file): Special case the email only
+ case.
+
+2017-08-28 Werner Koch <wk@gnupg.org>
+
+ Release 2.2.0.
+ + commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc
+
+
+2017-08-27 Werner Koch <wk@gnupg.org>
+ Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
+
+ scd: Convey the correct length for Le.
+ + commit 45d5f5800afe6613f338a26f361cb5e03e861129
+ * scd/app-openpgp.c (determine_rsa_response): Round bits up.
+
+2017-08-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leak while running --check-trustdb.
+ + commit 13821e15fb9bdddfce79d88731c0f151724b2371
+ * g10/trustdb.c (update_min_ownertrust): Free PK.
+
+ gpg: Fix memory leak in sig-check.
+ + commit b065a696344eac3007dbd5642143ecaaeebab43a
+ * g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
+ condition. Actually free when SIGNER was allocated by us.
+
+ build: Remove obsolete option from autogen.rc.
+ + commit 02a5df614a369519ad7781f95dc977e24a0d4277
+ * autogen.rc: Remove --enable-gpg2-is-gpg.
+
+2017-08-23 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
+ + commit 565e486b8028f9e3cc51ebc5202666b598042175
+ * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
+ (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
+ * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make
+ "auto-key-retrieve" an expert option.
+
+ tests: Do not run trust-pgp-4.scm.
+ + commit b917cb66b79597520788cd9264889942247a3377
+ * tests/openpgp/Makefile.am (XTESTS): Remove test.
+ (EXTRA_DIST): Add test file.
+
+ build: Change SWDB tag "gnupg21" to "gnupg22".
+ + commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137
+ * configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22".
+ * tools/gpgconf.c (query_swdb): Use it.
+ * build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
+ * Makefile.am (distcheck-hook): Ditto.
+
+2017-08-23 Åka Sikrom <a4@hush.com>
+
+ po: Update Norwegian translation.
+ + commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051
+
+
+2017-08-23 Andre Heinecke <aheinecke@intevation.de>
+
+ agent: Fix string translation for Windows.
+ + commit 6158811304937b592601ef30c29c5a5cdbaa88ea
+ * agent/agent.h (L_): Define agent_Lunderscore when simple
+ gettext is used.
+
+2017-08-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit e6fa6b0ce823effd721c807b2b292287af91c642
+
+
+2017-08-21 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ tests: Add tests for the PGP trust model.
+ + commit c23a69970ba38edae9d3b2603825d18fbb732423
+ * tests/openpgp/trust-pgp-1.scm: New file.
+ * tests/openpgp/trust-pgp-2.scm: New file.
+ * tests/openpgp/trust-pgp-3.scm: New file.
+ * tests/openpgp/trust-pgp-4.scm: New file.
+ * tests/openpgp/trust-pgp/common.scm: New file.
+ * tests/openpgp/trust-pgp/scenario1.asc: New file.
+ * tests/openpgp/trust-pgp/scenario2.asc: New file.
+ * tests/openpgp/trust-pgp/scenario3.asc: New file.
+ * tests/openpgp/trust-pgp/scenario4.asc: New file.
+ * tests/openpgp/trust-pgp/alice.sec.asc: New file.
+ * tests/openpgp/trust-pgp/bobby.sec.asc: New file.
+ * tests/openpgp/trust-pgp/carol.sec.asc: New file.
+ * tests/openpgp/trust-pgp/david.sec.asc: New file.
+ * tests/openpgp/trust-pgp/frank.sec.asc: New file.
+ * tests/openpgp/trust-pgp/grace.sec.asc: New file.
+ * tests/openpgp/trust-pgp/heidi.sec.asc: New file.
+ * tests/openpgp/Makefile.am (XTESTS): Add new tests.
+ (TEST_FILES): Add new files.
+ (EXTRA_DIST): Add new common file.
+
+ tests: Move some functions into a common module.
+ + commit cbe54b28bf3610204e12c50c0606df37337a1156
+ * tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
+ module.
+ (checktrust): Likewise.
+ * tests/openpgp/defs.scm (gettrust): New function.
+ (checktrust): Likewise.
+
+ gpgconf: Make WoT settings configurable by gpgconf.
+ + commit 0161225457e0609509d0d5f4b80a60a1071b4b48
+ * tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
+ completes-needed, and marginals-needed options.
+ * g10/gpg.c (gpgconf_list): Likewise.
+
+2017-08-21 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix -Wimplicit-fallthrough warnings.
+ + commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa
+ * tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
+ is at the front.
+ (Eval_Cycle): Improve fallthrough annotations.
+
+2017-08-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: default to --no-auto-key-retrieve.
+ + commit e6f84116abca2ed49bf14b2e28c3c811a3717227
+ * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
+ default keyserver options.
+ * doc/gpg.texi: document this change.
+
+2017-08-10 Justus Winter <justus@g10code.com>
+
+ tests: Improve documentation.
+ + commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb
+ * tests/openpgp/README: Add quickstart instructions, how to use
+ shell.scm, remove no longer used MKDATA.
+
+2017-08-09 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Write status error on error of --quick-revoke-uid.
+ + commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485
+ * g10/keyedit.c (keyedit_quick_revuid): Write status error on error.
+
+2017-08-09 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.23.
+ + commit e8ffa9a6ca5d76660b67207cd1157068e48483de
+
+
+ po: Update German translation.
+ + commit 2059dbf201963c6f229698ae80c6c774b1f686c8
+
+
+2017-08-08 Werner Koch <wk@gnupg.org>
+
+ build: New configure option --enable-all-tests.
+ + commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18
+ * configure.ac: New option --enable-all-tests.
+ * tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
+ * tests/openpgp/all-tests.scm (all-tests): Use that var instead
+ of *maintainer-mode*.
+ * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
+
+ gpgscm: Make the test summary stand out.
+ + commit 0bd19dae1161a71053d794e4f75e66f70445f9f0
+ * tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
+
+ sm: Always print the keygrip in colon mode.
+ + commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b
+ * sm/keylist.c (list_cert_colon): Always print the keygrip as
+ described in the manual.
+
+2017-08-08 Justus Winter <justus@g10code.com>
+
+ gpg: Add option '--disable-dirmngr'.
+ + commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d
+ * doc/gpg.texi: Document new option.
+ * g10/call-dirmngr.c (create_context): Fail if option is given.
+ * g10/gpg.c (cmd_and_opt_values): New value.
+ (opts): New option.
+ (gpgconf_list): Add new option.
+ (main): Handle new option.
+ * g10/options.h (struct opt): New field 'disable_dirmngr'.
+ * tools/gpgconf-comp.c (gc_options_gpg): New option.
+
+2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ systemd-user: Drop redundant After=*.socket.
+ + commit 81074c3b0211854a2dc94600dc892224201536f5
+ * doc/examples/systemd-user/*.service: Drop redundant After=*.socket
+ directive.
+
+ systemd-user: Drop RefuseManualStart=true.
+ + commit 407da18254dfebcacfaee16952ef0b617b1626ea
+ * doc/examples/systemd-user/*.service: drop RefuseManualStart=true
+
+2017-08-07 Justus Winter <justus@g10code.com>
+
+ tests: Do not run all tests unless in maintainer mode.
+ + commit b0112dbca91e720a4ff622ad0e88d99eba56203a
+ * configure.ac: Leak the maintainer mode flag into 'config.h'.
+ * tests/gpgscm/ffi.c: Pass it into the scheme environment.
+ * tests/openpgp/all-tests.scm: Only run tests against non-default
+ configurations (keyring, extended-key-format) in maintainer mode.
+
+2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Fix spelling.
+ + commit a611cba142470c52f3303c512f77ae7d195cc41f
+ * doc/gpg.texi: s/occured/occurred/
+
+ Simple typo fix.
+ + commit f011d8763a009612c858a287cf7cc6a1f1a6d32a
+ * agent/gpg-agent.c: Correct spelling in comment.
+
+2017-08-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Install gpg by default under the name gpg.
+ + commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
+ * configure.ac: Remove option --enable-gpg2-is-gpg. Add option
+ --enable-gpg-is-gpg2.
+ * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
+ --enable-gpg2-is-gpg.
+
+ gpg: gpgconf needs to support the now default --auto-key-retrieve.
+ + commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682
+ * tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".
+
+2017-08-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leak in parse_auto_key_locate.
+ + commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d
+ * g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.
+
+ tests: Adjust tests for changed --auto-key-locate default.
+ + commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90
+ * tests/openpgp/defs.scm (create-gpghome): Disable new defaults.
+
+ gpg: Make --no-auto-key-retrieve gpgconf-igurable.
+ + commit 9bb13a0e819334681caca38c9074bd7bfc04e45e
+ * g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
+ auto-key-retrieve.
+ * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
+ no-auto-key-retrieve and chnage level from invisible to advanced.
+
+ gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
+ + commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3
+ * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
+ keyserver options. Set the default for --auto-key-locate to
+ "local,wkd". Reset that default iff --auto-key-locate has been given
+ in the option file or in the commandline.
+ * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
+
+ agent: Make --no-grab the default.
+ + commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
+ * agent/gpg-agent.c (oGrab): New const.
+ (opts): New option --grab. Remove description for --no-grab.
+ (parse_rereadable_options): Make --no-grab the default.
+ (finalize_rereadable_options): Allow --grab to override --no-grab.
+ (main) <gpgconflist>: Add "grab".
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
+
+ gpg: Avoid double fingerprint printing with import-show.
+ + commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056
+ * g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
+ options.
+
+ gpg: New import option show-only.
+ + commit d9fabcc1989d7235ea0294874803295a30f8711b
+ * g10/options.h (IMPORT_DRY_RUN): New.
+ * g10/import.c (parse_import_options): Add "show-only".
+ (import_one): use that as alternative to opt.dry_run.
+
+2017-08-03 Werner Koch <wk@gnupg.org>
+
+ wks: Allow gpg-wks-client --supported with just the domain name.
+ + commit 6cba56d436b56ea5e60042144a8a75a2e80007c8
+ * tools/gpg-wks-client.c (command_supported): Hack for missing local
+ part.
+
+2017-08-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Always save standard revocation certificate in file.
+ + commit dcfb01959802b27869528dda1d9a4f5e79574bb5
+ * g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
+ temporarily to create certificate in right place.
+
+2017-08-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ Revert "g10: Always save standard revocation certificate in file."
+ + commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b
+ This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
+
+ g10: Always save standard revocation certificate in file.
+ + commit ebc65ff459e6c228fb7406e375819a9fe5637abe
+ * g10/main.h (open_outfile): New parameter NO_OUTFILE.
+ * g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given,
+ never use opt.outfile.
+ * g10/revoke.c (create_revocation): If FILENAME is true, also set
+ NO_OUTFILE to true (for standard revocation certificates).
+ * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
+ g10/sign.c: Adjust all other callers.
+
+ artwork: Add icons.
+ + commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53
+ * artwork/icons/index.css: New file.
+ * artwork/icons/index.html: New file.
+ * artwork/icons/lock-12.png: New file.
+ * artwork/icons/lock-128.png: New file.
+ * artwork/icons/lock-16.png: New file.
+ * artwork/icons/lock-24.png: New file.
+ * artwork/icons/lock-256.png: New file.
+ * artwork/icons/lock-32.png: New file.
+ * artwork/icons/lock-48.png: New file.
+ * artwork/icons/lock-64.png: New file.
+ * artwork/icons/lock-wing-12.png: New file.
+ * artwork/icons/lock-wing-128.png: New file.
+ * artwork/icons/lock-wing-16.png: New file.
+ * artwork/icons/lock-wing-24.png: New file.
+ * artwork/icons/lock-wing-256.png: New file.
+ * artwork/icons/lock-wing-32.png: New file.
+ * artwork/icons/lock-wing-48.png: New file.
+ * artwork/icons/lock-wing-64.png: New file.
+ * artwork/icons/lock-wing.svg: New file.
+ * artwork/icons/lock.svg: New file.
+ * artwork/icons/wing-12.png: New file.
+ * artwork/icons/wing-128.png: New file.
+ * artwork/icons/wing-16.png: New file.
+ * artwork/icons/wing-24.png: New file.
+ * artwork/icons/wing-256.png: New file.
+ * artwork/icons/wing-32.png: New file.
+ * artwork/icons/wing-48.png: New file.
+ * artwork/icons/wing-64.png: New file.
+ * artwork/icons/wing.svg: New file.
+
+2017-08-01 Werner Koch <wk@gnupg.org>
+
+ gpg,sm: Error out on compliance mismatch while decrypting.
+ + commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
+ * g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
+ allowed in the current compliance mode.
+ * sm/decrypt.c (gpgsm_decrypt): Ditto.
+
+2017-08-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ Simple typo fix.
+ + commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb
+ * tools/rfc822parse.c: Fix.
+
+ po: Update Japanese translation.
+ + commit 02b571947b9442604faa7509478cd8577c2c0b9c
+
+
+2017-07-31 Werner Koch <wk@gnupg.org>
+
+ dirmngr,w32: Fix http connection timeout problem.
+ + commit 482fd5758c1b7e1b33c4cb50656e586a3ae16815
+ * dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
+
+ Explain the "server is older than xxx warning".
+ + commit 4ad5bc1b6d72483123963c894ee1412b2ceb99b4
+ * g10/call-agent.c (warn_version_mismatch): Print a note on how to
+ restart the servers.
+ * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
+ * sm/call-agent.c (warn_version_mismatch): Ditto.
+ * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
+
+2017-07-28 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.22.
+ + commit 7d335ff496b129ee6f33c4ca25bd7a6631a4b590
+
+
+ po: Update German translation.
+ + commit 339f672dad94b4e0000fd2d3a1f272a4861c91c3
+
+
+ agent: Make --ssh-fingerprint-digest re-readable.
+ + commit 6c9899bede6ecb2ccf7336d12724090f36a6aa3d
+ * agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
+ (parse_rereadable_options): here.
+ (opts): Change its description.
+ (main) <aGPGConfList>: Include this option.
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
+ level.
+
+ gpg,sm: String changes for compliance diagnostics.
+ + commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d
+
+
+ agent: For OCB key files return Bad Passprase instead of Checksum Error.
+ + commit 5cf95157c5db88dd599ac4d48f619782179b1438
+ * agent/protect.c (do_decryption): Map error checksum to bad
+ passpharse protection
+
+ * agent/call-pinentry.c (unlock_pinentry): Don't munge the error
+ source for corrupted protection.
+
+ gpg: Minor rework for better readibility of get_best_pubkey_byname.
+ + commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1
+ * g10/getkey.c (get_best_pubkey_byname): Change return type to
+ gpg_error_t. Use var name err instead of rc. Move a
+ gpg_error_from_syserror closer to the call.
+
+ gpg: Fix segv in get_best_pubkey_byname.
+ + commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c
+ * g10/getkey.c (get_best_pubkey_byname): Init NEW.
+
+ agent: Minor cleanup (mostly for documentation).
+ + commit 5516ef47a22dfdf9cdf56107f34d2bda9e46deec
+ * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
+ * agent/findkey.c (read_key_file): Ditto. Change return type to
+ gpg_error_t. On es_fessk failure return a correct error code.
+ (agent_key_from_file): Change var name 'rc' to 'err'.
+ * agent/pksign.c (agent_pksign_do): Ditto. Change return type to
+ gpg_error_t. Return a valid erro code on malloc failure.
+ (agent_pksign): Ditto. Change return type to gpg_error_t. replace
+ xmalloc by xtrymalloc.
+ * agent/protect.c (calculate_mic): Change return type to gpg_error_t.
+ (do_decryption): Ditto. Do not init RC.
+ (merge_lists): Change return type to gpg_error_t.
+ (agent_unprotect): Ditto.
+ (agent_get_shadow_info): Ditto.
+
+2017-07-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Tweak compliance checking for verification.
+ + commit 6502bb0d2af5784918ebb74242fff6f0a72844bf
+ * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
+ verification.
+ * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
+ * g10/sig-check.c (check_signature2): Use log_error instead of
+ log_info.
+
+ gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
+ + commit 1bd22a85b4f06324037b3500d2fa8af62733c926
+ * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
+ * sm/encrypt.c (gpgsm_encrypt): Ditto.
+
+ gpg,sm: Fix compliance checking for decryption.
+ + commit a0d0cbee7654ad7582400efaa92d493cd8e669e9
+ * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
+ signing check. We don't support Elgamal signing at all.
+ (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
+ Check the curvenames for ECDH.
+ * g10/pubkey-enc.c (get_session_key): Print only a warning if the key
+ is not compliant.
+ * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
+ so that we have only one translation.
+
+ gpg: Avoid output to the tty during import.
+ + commit fcb62fe20f45290bf95703ec3bf4d0b361fa4339
+ * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
+ output calls to use it.
+ * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
+ output calls to use it.
+ (keyedit_menu): Adjust for changes.
+ * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
+ * g10/import.c (import_one): Call key_check_all_keysigs with output to
+ the log stream.
+
+2017-07-26 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Make sure exactly one fingerprint is output with --quick-gen-key.
+ + commit 94eea0ed2c8b47cb0fe02b22cbe668705a5fe0d0
+ * g10/keygen.c (do_generate_keypair): Only set fpr in
+ list_keyblock_direct invocation if neither --fingerprint nor
+ --with-fingerprints are given.
+
+2017-07-26 Werner Koch <wk@gnupg.org>
+
+ doc: Add man pages form gpg-wks-server and gpg-wks-client.
+ + commit be636c3cfca178927b09ef4154c3e555d6f5b1c4
+ * doc/wks.texi: New.
+ * doc/gnupg.texi: Include wks.texi.
+ * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
+ (myman_pages): Add new man pages.
+
+ wks: Fix program names in the usage diagnostics.
+ + commit c76398da5b15df2086f68bc26b7fde75219976c7
+ * tools/gpg-wks-client.c (my_strusage): Add case 12.
+ * tools/gpg-wks-server.c (my_strusage): Add case 12:
+
+2017-07-26 Andre Heinecke <aheinecke@intevation.de>
+
+ doc: Update vsnfd profile example.
+ + commit 4f569c69075fddbaea588544a6625c28cb4cb8f4
+ * doc/examples/vsnfd.prf: Use rsa3072
+
+2017-07-26 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Do not use a blocking connect in Tor mode.
+ + commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7
+ * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
+ (send_request): Ditto.
+
+ dirmngr: Auto-enable Tor on startup or reload.
+ + commit fd68bdb61ec4f8441da6d3023a8da4315df54cec
+ * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
+
+ agent,dirmngr: Check for homedir removal also using stat(2).
+ + commit d50c2eff8d6931586c527edb3dea98dbc6facdec
+ * agent/gpg-agent.c (have_homedir_inotify): New var.
+ (reliable_homedir_inotify): New var.
+ (main): Set reliable_homedir_inotify.
+ (handle_tick): Call stat on the homedir.
+ (handle_connections): Mark availibility of the inotify watch.
+ * dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
+ (TIMERTICK_INTERVAL_SHUTDOWN): New.
+ (handle_connections): Depend tick interval on the shutdown state.
+
+ agent: Lengthen timertick interval on Unix to 4 seconds.
+ + commit f4ec7697a9c2d7587794d3bd75efbb0b51d6562f
+ * agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
+ Unix.
+
+2017-07-25 Werner Koch <wk@gnupg.org>
+
+ common: Strip trailing slashes from the homedir.
+ + commit 24c7aa0d58e3768690dd8ebef0e8e01af7e80f83
+ * common/homedir.c (default_homedir): Strip trailing slashes.
+ (gnupg_set_homedir): Ditto.
+
+ w32: Also change the directory on daemon startup.
+ + commit 0ef50340ef68b2541d9a1aafa71f5400aef4dc7e
+ * agent/gpg-agent.c (main): Always to the chdir.
+ * dirmngr/dirmngr.c (main): Ditto.
+ * scd/scdaemon.c (main): Ditto.
+
+ common: New functions gnupg_daemon_rootdir and gnupg_chdir.
+ + commit 226f143ca01cf335c7c4e3e94c96fb9d271eccc9
+ * common/sysutils.c (gnupg_chdir): New.
+ * common/homedir.c (gnupg_daemon_rootdir): New.
+ * agent/gpg-agent.c (main): Use these functions instead chdir("/").
+ * dirmngr/dirmngr.c (main): Ditto.
+ * scd/scdaemon.c (main): Ditto.
+
+ gpg: Update key origin info during import merge.
+ + commit 166d0d7a2439f30c0a250faadc16ce3453447d71
+ * g10/import.c (update_key_origin): New.
+ (merge_blocks): Add arg curtime.
+ (import_one): Pass curtime to merge_blocks. Call update_key_origin.
+
+ gpg: Store key origin for new userids during import merge.
+ + commit 84c993d9325fc000acac7950b2dfeefa5976df3b
+ * g10/import.c (apply_meta_data): Rename to ...
+ (insert_key_origin): this. Factor code out to ...
+ (insert_key_origin_pk, insert_key_origin_uid): new funcs.
+ (import_one): Move insert_key_origin behind clean_key.
+ (merge_blocks): Add args options, origin, and url.
+ (append_uid): Rename to ...
+ (append_new_uid): this. Add args options, curtime, origin, and url.
+ Call insert_key_origin_uid for new UIDs.
+
+2017-07-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Add annotation for fallthrough.
+ + commit d40b4a41a8d60292fd4b5b951a19883e31090179
+ * dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.
+
+2017-07-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend --key-origin to take an optional URL arg.
+ + commit 87b5421ca84bbea68217c9ed771ee8c0a98a4d0c
+ * g10/getkey.c (parse_key_origin): Parse appended URL.
+ * g10/options.h (struct opt): Add field 'key_origin_url'.
+ * g10/gpg.c (main) <aImport>: Pass that option to import_keys.
+ * g10/import.c (apply_meta_data): Extend for file and url.
+ * g10/keyserver.c (keyserver_fetch): Pass the url to
+ import_keys_es_stream.
+
+ gpg: Store key origin info for new keys from a keyserver.
+ + commit 2ca0381d077d766593db26f4215b8eddee8d7963
+ * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
+ done by fingerprint.
+ * g10/import.c (apply_meta_data): Implement that.
+
+ gpg: Store key origin info for new DANE and WKD retrieved keys.
+ + commit e7068bf92ec5ca5d440346d43a382c1f625b924d
+ * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'.
+ Implement WKD and DANE key origin.
+ (import_keys_internal): Add arg 'url' and change all callers.
+ (import_keys_es_stream): Ditto.
+ (import): Ditto.
+ (import_one): Ditto.
+ * g10/keylist.c (list_keyblock_print): Fix update URL printing.
+ * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
+ the SOURCE. Pass ks_status_cb to assuan_transact.
+ * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
+ the import function.
+
+ gpg: Filter keys received via DANE.
+ + commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8
+ * g10/keyserver.c (keyserver_import_cert): Use an import filter in
+ DANE mode.
+
+ dirmngr: Print a SOURCE status for WKD requests.
+ + commit e97548223948222a5c22acdf3775c7f93c1e17a9
+ * dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
+
+ dirmngr: New function dirmngr_status_printf.
+ + commit 9b88cfa0962f28894658cff8777fe7a217c6f700
+ * dirmngr/server.c (dirmngr_status_printf): New.
+
+2017-07-24 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
+ + commit 872137b5921dd297e7d2c1def6e3868b7595feb5
+ * call-agent.h (agent_import_key): Add keyid parameters.
+ * call-agent.c (agent_import_key): Set keyid parameters.
+ * import.c (transfer_secret_keys): Pass keyid parameters.
+
+ w32: Change directory on daemon startup.
+ + commit 78ebc62604d77600b9865950610717d28c6027a2
+ * agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
+ (main) [HAVE_W32_SYSTEM]: Change working directory to \.
+ * dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
+ (main) [HAVE_W32_SYSTEM]: Change working directory to \.
+ * scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
+ (main) [HAVE_W32_SYSTEM]: Change working directory to \.
+
+ g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
+ + commit d8e46f10698da0bee4cd58d95f1f9832bdda0c5f
+ * call-agent.h (agent_export_key): Add keyid parameters.
+ * call-agent.c (agent_export_key): Set keyid parameters.
+ * export.c (receive_seckey_from_agent): Pass keyid parameters.
+
+2017-07-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Use unsigned int for fields.
+ + commit 45e40487fb7bb51228c96c8966e38c643a9b9ba5
+ * scd/app-openpgp.c (data_objects): Use unsigned ints.
+
+ dirmngr: More minor fix.
+ + commit ade4b2744c848e07b87afa4f186256c2a2ef1d13
+ * dirmngr/http.c (send_request): Care the case of !USE_TLS.
+
+ dirmngr: More minor fixes.
+ + commit 789401e9557db13422f47a8c09e693f3cee0132b
+ * dirmngr/http.c (http_verify_server_credentials): Duplicated const.
+ * dirmngr/ldap.c (parse_one_pattern): Add comment.
+
+ dirmngr: Minor fix for Windows.
+ + commit 274602820cfbb15c7cdb4525acd9793bdb472e78
+ * dirmngr/http.c (connect_with_timeout): Use FD2INT.
+
+ agent: Minor fix for Windows.
+ + commit 328fca187253c069e3630bd387a71f6d16e9820a
+ * agent/command-ssh.c (serve_mmapped_ssh_request): Add const
+ qualifier.
+
+2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Avoid caching passphrase for failed symmetric encryption.
+ + commit e4c720fa3b31ebd3e9d764c6eab02729cf06124c
+ * g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
+ assume the symmetric passphrase was wrong and invalidate the cache.
+
+2017-07-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend --quick-set-expire to allow subkey expiration setting.
+ + commit b55b72bb815ad5870456b89c3a011fa00991b4a8
+ * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
+ (menu_expire): Rename arg force_mainkey to unattended and allow
+ unattended changing of subkey expiration.
+ * g10/gpg.c (main): Extend --quick-set-expire.
+
+ gpg: Fix possible double free of the card serialno.
+ + commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60
+ * g10/free-packet.c (copy_public_key): Copy fields serialno and
+ updateurl.
+
+ gpg: Use macros to check the signature class.
+ + commit 5818ff0ae314af08548fcc23df2b807736144a00
+ * g10/import.c: Use the extistin macros for better readability.
+
+2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Clean keyblock on initial commit.
+ + commit 609bbdf3614fbadeba7a6cbdfdf5004b23516a64
+ * g10/import.c (import_one): If option import-clean is set,
+ also clean on initial import, not only for merge.
+
+2017-07-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix SEGV in CCID driver.
+ + commit d8a55da715ce8447b0686f321fa43d00be34a467
+ * scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
+ (bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.
+
+ g10: Don't limit at the frontend side for card capability.
+ + commit a76b6cf9709c0a2a89fa2887075491b80f3d9608
+ * g10/card-util.c (MAX_GET_DATA_FROM_FILE): New.
+ (get_data_from_file): Use MAX_GET_DATA_FROM_FILE.
+ (change_url, change_login, change_private_do): Don't limit.
+
+ scd: Add debug message for v3 card.
+ + commit 892e86b0dc69193ddff018bf9b3938509dd72cb3
+ * scd/app-openpgp.c (show_caps): Output more messages.
+
+2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ doc: Clarify wording of export-attributes.
+ + commit cea4313644b531ef87b8c8e4bfddde4388cbbe0d
+ * doc/gpg.texi: Clarify wording of export-attributes.
+
+2017-07-20 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --with-key-origin.
+ + commit 165cdd8121bbf80bfe2da071539d3578630f198f
+ * g10/getkey.c (parse_key_origin): Factor list out as ...
+ (key_origin_list): new struct.
+ (key_origin_string): New.
+ * g10/gpg.c (oWithKeyOrigin): New const.
+ (opts): New option --with-key-origin.
+ (main): Implement option.
+ * g10/options.h (struct opt): New flag with_key_origin.
+ * g10/keylist.c (list_keyblock_print): Print key origin info.
+ (list_keyblock_colon): Ditto.
+
+ common: New function print_utf9_string.
+ + commit bddc2e04f1ddc18be20efc0f0508be401b345f42
+ * common/miscellaneous.c (print_utf8_string): New.
+
+ gpg: Make function mk_datestr public.
+ + commit 3ee314dde16d1d69ddf840cdb8b5aa186c592262
+ * g10/keydb.h (MK_DATESTR_SIZE): New.
+ * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use
+ snprintf. Change arg atime to u32.
+ (datestr_from_pk): Simplify.
+ (datestr_from_sig): Ditto.
+ (expirestr_from_pk): Ditto.
+ (expirestr_from_sig): Ditto.
+ (revokestr_from_pk): Ditto.
+
+2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ g10: Return proper error when gpg-agent fails to start during probe.
+ + commit 9998b162b47931fb8a8ed961d53418d505358888
+ * g10/getkey.c (lookup): Return immediately on any other error than
+ GPG_ERR_NO_SECKEY from agent_probe_any_secret_key.
+
+2017-07-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support longer data length for special DOs for v3 card.
+ + commit 69614d55018ddb8678d8904a52e648931f480d72
+ * scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
+ "URL", "Private DO N" can be longer size >= 256.
+ (struct app_local_s): Define bits for v3 card.
+ (get_cached_data): Use extcap.max_special_do for special DOs.
+ (app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
+
+ common: logstream fix.
+ + commit 84146b3ec44943f06c66a603de19094b930ad446
+ * common/logging.c (set_file_fd): Don't close es_stderr.
+
+ dnsmngr: Fix use of CPP.
+ + commit cc12cf386b620e658fa93a0bd40477bc16d85d98
+ * dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
+ (DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
+ to be expanded for expression evaluation.
+
+2017-07-19 Justus Winter <justus@g10code.com>
+
+ dirmngr: Forbid redirects from .onion to clearnet URIs.
+ + commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87
+ * dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
+ to clearnet URIs.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
+
+2017-07-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
+ + commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
+ * g10/mainproc.c (check_sig_and_print): Track key server request via
+ fingerprint.
+
+2017-07-19 Justus Winter <justus@g10code.com>
+
+ dirmngr: Implement TLS over http proxies.
+ + commit da91d2106a17c796ddb066a34db92d33b21c81f7
+ * dirmngr/http.c (send_request): If a http proxy is to be used, and we
+ want to use TLS, try to use the CONNECT method to get a connection to
+ the target server.
+
+ dirmngr: Log http response in debug mode.
+ + commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6
+ * dirmngr/http.c (parse_response): Log http response in debug mode.
+
+ dirmngr: Amend TLS handling.
+ + commit 1ba220e68149fdb197accf4a15b0a11126c8b431
+ * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
+ write cookie, not from the URI.
+
+ dirmngr: Fix connecting to http proxies.
+ + commit 46a4a0c0e77e19f9589088bb87357c33142c3f04
+ * dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
+ the target host to connect to the http proxy.
+
+ dirmngr: Fix handling of proxy URIs.
+ + commit 73d4781e4595634548269bafe46aeb7674c5b219
+ * dirmngr/http.c (send_request): We do not support socks4.
+
+2017-07-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpgconf: Make vars read-only explicitly.
+ + commit 99791184ac4c7486ccdefc150b9921cd923428b9
+ * tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag)
+ (gc_component): Add const qualifier.
+
+ Fix usage of ARGPARSE_OPTS.
+ + commit fa63db89f9581186ed758c502d4e69914b774157
+ * agent/gpg-agent.c, agent/preset-passphrase.c,
+ dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
+ tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
+ tools/symcryptrun.c: Use ARGPARSE_end.
+
+2017-07-18 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ common: Allow abbreviations of standard options.
+ + commit f17862d47d184d7f6ef883778cf63801365599a0
+ * argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
+ ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
+ macros.
+ (ARGPARSE_end): Add some placeholders for standard options.
+ * argparse.c (arg_parse): Fill in missing standard options so
+ default machinery works. Check for standard options in new way.
+ Do not write out standard options for --dump-options.
+
+2017-07-18 Justus Winter <justus@g10code.com>
+
+ gpgscm,w32: Fix testing for absolute paths.
+ + commit 2e1342b78b020f5b28359b08a4f63cf11479602f
+ * tests/gpgscm/main.c (path_absolute_p): New function.
+ (load): Use new function.
+
+ dirmngr: Honor http keyserver URLs.
+ + commit b231959728a0056094134e0fca8cc916c24ef37e
+ * dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
+ * dirmngr/http.h (struct parsed_uri_s): New field 'original'.
+ * dirmngr/ks-action.c (ks_action_get): Properly handle http and https
+ URLs.
+
+ dirmngr: Fix memory leak.
+ + commit ebb35ed7110d1a29061dfb4ccb9038645b20d7f4
+ * dirmngr/http.c (parse_uri): Properly free partial results.
+
+ dirmngr: Fix memory leak.
+ + commit 3d670fa973a03ea88b5f9459b3222a951136dd7a
+ * dirmngr/http.c (http_release_parsed_uri): Free 'params'.
+
+2017-07-17 Werner Koch <wk@gnupg.org>
+
+ gpg,sm: Check compliance of the RNG.
+ + commit a149afe338d61d86985c533cde5e7dbcd31e8698
+ * common/compliance.c (gnupg_rng_is_compliant): New.
+ * g10/call-agent.c (start_agent) [W32]: Check rng compliance.
+ * sm/call-agent.c (start_agent) [W32]: Ditto.
+ * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
+ compliant.
+ * sm/encrypt.c (gpgsm_encrypt): Ditto.
+ * g10/sign.c (do_sign): Ditto.
+ * sm/sign.c (gpgsm_sign): Ditto.
+
+ agent: New GETINFO sub-command jent_active.
+ + commit bbbd0db34b4e387f8dc089fb7d69fdcf2ed91a01
+ * agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
+
+ common: New function split_fields_colon.
+ + commit 849467870ee1c10e0a7b1e89cfc9e8214e4963fe
+ * common/stringhelp.c (split_fields_colon): New.
+ * common/t-stringhelp.c (test_split_fields_colon): New test.
+ (main): Call that test.
+
+2017-07-14 Justus Winter <justus@g10code.com>
+
+ tests: Improve 'shell.scm' script.
+ + commit 58eafd11ed5501c0b72fcb553eb3e097ad29b3c6
+ * tests/openpgp/defs.scm (create-file): Unlink file first.
+ * tests/openpgp/shell.scm: Ask whether to import legacy test keys or
+ not, and whether to drop 'batch' from the configuration. Add paths to
+ all the programs to 'PATH'.
+
+ gpgscm: Library improvements.
+ + commit b4d25082fd4502ec01d511c22fecd60d513b81f4
+ * tests/gpgscm/repl.scm (prompt-yes-no?): New function.
+ * tests/gpgscm/tests.scm (pathsep-split): Likewise.
+ (pathsep-join): Likewise.
+ (with-path): Use the new function.
+
+ gpgscm: Fail early if the test setup fails.
+ + commit 7a6e6ad2880bbff54a75ff608d0ec97d6c405733
+ * tests/gpgscm/tests.scm (make-environment-cache): Check status code
+ of setup script.
+
+ gpg: Fix importing keys.
+ + commit 956da89193370d5aa970cff5b77f605534481a02
+ * g10/import.c (import_one): Fix error handling.
+
+2017-07-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Pass key origin values to import functions.
+ + commit 330212efb927c119bb5135856f8582c0e4e2e6b7
+ * g10/import.c (import_keys_stream): Remove this unused function.
+ (import_keys_internal): Add arg origin.
+ (import_keys): Ditto.
+ (import_keys_es_stream): Ditto.
+ (import): Ditto.
+ (import_one): Ditto.
+ (apply_meta_data): New stub.
+ (import_secret_one): Pass 0 for ORIGIN.
+ * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN.
+ (keyserver_fetch): Add arg origin.
+ (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN.
+ (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN.
+ * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and
+ keyserver_fetch.
+ * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN.
+
+ gpg: New option --key-origin.
+ + commit fa1155e89ebb4b16ee95549b8ab72672df3a0c54
+ * g10/keydb.h (KEYORG_): Rename to KEYORG_.
+ * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust
+ users.
+ (PKT_public_key): Ditto.
+ (PKT_ring_trust): Ditto.
+ * g10/options.h (struct opt): Add field key_origin.
+ * g10/getkey.c (parse_key_origin): New.
+ * g10/gpg.c (oKeyOrigin): New.
+ (opts): Add "keys-origin".
+ (main): Set option.
+
+2017-07-13 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ doc: Document gnupg version requirement for gpg-preset-passphrase.
+ + commit 877a321d011deb3e8501aa9cc5e9f9cd0b19dddf
+
+
+2017-07-13 Justus Winter <justus@g10code.com>
+
+ gpgscm: Make loading of modules less verbose.
+ + commit f78fe1a4ec9d343199e1f424dd09e2937c913412
+ * tests/gpgscm/main.c (load): Increase logging threshold.
+
+ gpgscm: Make it impossible to catch '*interpreter-exit*'.
+ + commit bce02a8b0f0e51775a4ee5536ccf35efc1f15ca6
+ * tests/gpgscm/init.scm (throw'): Make it impossible to catch
+ '*interpreter-exit*'. This fixes 'exit' (and with it 'fail') inside
+ 'catch' statements.
+
+2017-07-10 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ tofu: Compare squares instead of square roots.
+ + commit d24594976686983c7186cbe4e78153888a13b6e4
+ * g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
+ sqrtu32.c.
+ * g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
+ * g10/tofu.c: Compare squares instead of square roots.
+
+ speedo: Provide a vagrantfile to test speedo in an isolated VM.
+ + commit 1455b406e63dd262938e49da5f83c05c17c60a8d
+ * build-aux/Vagrantfile: New file.
+
+2017-07-06 Neal H. Walfield <neal@g10code.com>
+
+ doc: Improve TOFU documentation.
+ + commit 243b2a570c30586e19b8c88e43b282d62d8eb77c
+ * doc/gpg.texi: Improve TOFU documentation.
+
+2017-07-05 Werner Koch <wk@gnupg.org>
+
+ agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
+ + commit 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9
+ * agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
+ passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
+ * agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
+ passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
+
+ doc: Update yat2m to take care of SOURCE_DATE_EPOCH.
+ + commit 139de02b93773615bdd95e04a7f0c1ad73b4f6fb
+ * doc/yat2m.c (main): Set a default for OPT_DATE.
+
+ doc: Prefer an installed version of yat2m.
+ + commit f6faa058749846de18cb34f1cc79867bb0029922
+ * configure.ac (YAT2M): Check for tool.
+ * doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
+
+2017-07-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ doc: Document obsolete option in gpgsm. Closes T2231.
+ + commit 7fb724c61655c6f75c61572d65a46e21ae112574
+ * doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.
+
+2017-06-28 Werner Koch <wk@gnupg.org>
+
+ agent: Fix option --debug-wait.
+ + commit ecd6c0160f49ae83001dfd150df6b1238fc479d5
+ * agent/gpg-agent.c (opts): Typo fix.
+
+2017-06-26 Justus Winter <justus@g10code.com>
+
+ agent: Support unprotected ssh keys.
+ + commit 273964798592cd479c111f47e8ce46d5b1999d6a
+ * agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
+ passphrase is supplied, do not protect the key.
+
+ tests: Improve test.
+ + commit b49b1a87ac2695e3892fb001878da59fbc92fa37
+ * tests/openpgp/ssh-export.scm: Split output at any whitespace.
+
+2017-06-23 Werner Koch <wk@gnupg.org>
+
+ agent: Shutdown on removal of the home directory.
+ + commit 1ead1ca818bddabc3bca22c195be667993eb3e2e
+ * common/sysutils.c (gnupg_inotify_watch_delete_self): New.
+ * agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
+ sock_inotify_fd.
+ (handle_connections): Add home_inotify_fd to watch the home directory.
+
+ build: Add missing LIBASSUAN_CFLAGS to dirmngr/.
+ + commit 815ecdf08a4285c75892cf9ab72feb13f3bcf590
+ * dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
+ (t_ldap_parse_uri_CFLAGS): Ditto.
+ (t_dns_stuff_CFLAGS): Ditto.
+
+ gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
+ + commit f31dc2540acf7cd7f09fd94658e815822222bfcb
+ * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
+ * g10/encrypt.c (encrypt_crypt): Emit new status code.
+ * sm/encrypt.c (gpgsm_encrypt): Ditto.
+
+2017-06-21 Justus Winter <justus@g10code.com>
+
+ gpg: Close cached keydb handle in gpgv.
+ + commit a68a98233ab83f0c7b90e6e588b882085fe59d91
+ * g10/gpgv.c (main): Close cached handle.
+
+ tests: Add test for gpgv.
+ + commit 62274d3c309d8948405c2f966bef507638b4d5c6
+ * tests/openpgp/Makefile.am (XTESTS): Add the new test.
+ * tests/openpgp/gpgv.scm: New file.
+ * tests/openpgp/signed-messages.scm: Likewise.
+ * tests/openpgp/verify.scm: Move the signed messages to the new file
+ and load it.
+
+ gpg: Fix printing keyserver URLs and notation data.
+ + commit 890a3a70f2e1340d90c7f499358467979b182719
+ * g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'.
+ (show_notation): Likewise.
+
+2017-06-20 Justus Winter <justus@g10code.com>
+
+ dirmngr: Properly handle SRV records.
+ + commit 48aae8167dcae80d43b08167a88d9eb170781a04
+ * dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
+ (struct hostinfo_s): New flags indicating whether we already did a
+ A lookup, or a SRV lookup per protocol. Turn 'port' into an array.
+ (create_new_hostinfo): Initialize new fields.
+ (add_host): Update the port for the given protocol.
+ (map_host): Simplify hosttable lookup misses. Check the SRV records
+ for both protocols on demand, do the A lookup just once. Return the
+ correct port.
+
+ dirmngr: Refactor variable-sized array code.
+ + commit fc4834d213af031b456c49c1ba5b5ef8873d1f18
+ * dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
+ size fields.
+ (MAX_POOL_SIZE): New macro.
+ (create_new_hostinfo): Initialize new fields.
+ (host_in_pool_p): Adapt.
+ (select_random_host): Likewise.
+ (add_host): Likewise. Move the resizing logic here.
+ (hostinfo_sort_pool): New function.
+ (map_host): Simplify. Move the resizing logic away from here.
+ (ks_hkp_mark_host): Adapt.
+ (ks_hkp_print_hosttable): Likewise.
+
+ gpg: Fix error handling.
+ + commit badc1cdae52bd434e5fac2e4275575afeccc2837
+ * g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
+
+2017-06-19 Werner Koch <wk@gnupg.org>
+
+ gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
+ + commit 3621dbe52584bc8b417f61b5370ebaa5598db956
+ * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
+ check. Explicitly check for allowed ECC algos.
+ (gnupg_pk_is_allowed): Swap P and Q for DSA check.
+ * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
+ assert by debug message.
+
+2017-06-19 Justus Winter <justus@g10code.com>
+
+ gpgscm: Limit the number of parallel jobs.
+ + commit 61ef43546ba9f0209692a1569d2f033436566a02
+ * ffi.c (do_wait_processes): Suppress the timeout error.
+ * tests.scm (semaphore): New definition.
+ (test-pool): Only run a bounded number of tests in parallel.
+ (test::started?): New function.
+ (run-tests-parallel): Do not report results, do not start the tests.
+ (run-tests-sequential): Adapt.
+ (run-tests): Parse the number of parallel jobs.
+
+ gpgscm: Improve option parsing.
+ + commit e555e7ed7de20fbbb1e3b005c32e292f29cc4a58
+ * tests/gpgscm/tests.scm (flag): Accept arguments of the form
+ '--foo=bar'.
+
+ gpgscm: Improve error handling of foreign functions.
+ + commit 6639aedaee051e8104d7f63b9a5812abf79440ed
+ * tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
+ message.
+
+ gpgscm: Improve error reporting.
+ + commit 4c8be58fd46bb16332e84ab8ce978087dc5c68a3
+ * tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
+ * tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
+ error messages.
+
+ tests: Run the OpenPGP tests using the new extended key format.
+ + commit b766d3d1034e6068a91755ada68f7f7dbe2943b6
+ * tests/openpgp/all-tests.scm: Generalize a bit, and also add a
+ variant that uses the new extended key format.
+ * tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
+ new extended key format.
+
+2017-06-19 Werner Koch <wk@gnupg.org>
+
+ Change license of some files to LGPLv2.1.
+ + commit 3419a339d9c4e800bf30e9021e05982d8c1021c1
+ * COPYING.LIB: Rename to COPYING.LGPL3.
+ * COPYING.LGPL21: New.
+ * COPYING.GPL2: New.
+ * Makefile.am: Distribute them.
+ * AUTHORS: Update license pointers. Add BSI as copyright holder.
+ * common/compliance.c, common/compliance.h: Add BSI copyright notice.
+ Break overlong lines.
+ * dirmngr/loadswdb.c: Add BSI copyright notices.
+ * dirmngr/server.c: Ditto.
+ * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI
+ copyright notice.
+ * tools/call-dirmngr.h: Ditto.
+ * tools/gpg-wks-client.c: Ditto.
+ * tools/gpg-wks-server.c: Ditto.
+ * tools/gpg-wks.h: Ditto.
+ * tools/mime-maker.c: Ditto.
+ * tools/mime-maker.h: Ditto.
+ * tools/mime-parser.c: Ditto.
+ * tools/mime-parser.h: Ditto.
+ * tools/send-mail.c: Ditto.
+ * tools/send-mail.h: Ditto.
+ * tools/wks-receive.c: Ditto.
+ * tools/wks-util.c: Ditto.
+ * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
+
+2017-06-19 Justus Winter <justus@g10code.com>
+
+ gpg: Disable compliance module for other GnuPG components.
+ + commit 6e23416fe61d4130918f2d1bf6e1f98d102c4610
+ * common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
+ false if the module is not initialized.
+ (gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
+ not initialized.
+ (gnupg_status_compliance_flag): Do not assert that the module is
+ initialized.
+ (gnupg_parse_compliance_option): Likewise.
+ (gnupg_compliance_option_string): Likewise.
+
+2017-06-14 Justus Winter <justus@g10code.com>
+
+ gpg: Check and fix keys on import.
+ + commit 9b12b45aa5e67d4d422bf75a3879df1d52dbe67f
+ * doc/gpg.texi: Document the new import option.
+ * g10/gpg.c (main): Make the new option default to yes.
+ * g10/import.c (parse_import_options): Parse the new option.
+ (import_one): Act on the new option.
+ * g10/options.h (IMPORT_REPAIR_KEYS): New macro.
+
+ gpg: Refactor key checking and fixing.
+ + commit 404fa8211b6188a0abe83ef43a4b44d528c0b035
+ * g10/Makefile.am (gpg_sources): Add new files.
+ * g10/gpgcompose.c (keyedit_print_one_sig): New stub.
+ * g10/keyedit.c (sig_comparison): Move to new module.
+ (check_all_keysigs): Likewise.
+ (fix_keyblock): Adapt callsite.
+ (keyedit_menu): Likewise.
+ * g10/key-check.c: New file.
+ * g10/key-check.h: Likewise.
+
+2017-06-13 Justus Winter <justus@g10code.com>
+
+ gpg: Refactor keyedit module.
+ + commit 8095d16b3ef6b5f01ec351824855708149f1c1c3
+ * g10/Makefile.am (gpg_SOURCES): Add new file.
+ * g10/keyedit.c (NODFLG_*): Move flags to the new header file.
+ (print_one_sig): Export symbol and rename accordingly.
+ (print_and_check_one_sig): Adapt accordingly.
+ (check_all_keysigs): Likewise.
+ * g10/keyedit.h: New file.
+ * g10/main.h: Drop declarations, include new header.
+
+ dirmngr: Implement querying nameservers over IPv6.
+ + commit 15d2a009931f44a60b9df6325f837add208459d6
+ * dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
+ mismatch.
+ (enum dns_res_state): New states for querying over IPv6.
+ (dns_res_exec): Implement the new states by copying and modifying the
+ IPv4 variants. Branch to their respective counterparts if the current
+ list of resolvers using the current address family is exhausted.
+
+2017-06-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Disable keydb handle caching only for W32.
+ + commit e80925171ddb20c7e76c1db88c15ce2d9b09db86
+ * g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
+
+ common: Fix -Wswitch warning.
+ + commit 7c91b48f0e80266cf7491c2bb7d8aabc12362643
+ * common/compliance.c (gnupg_digest_is_allowed): Don't include
+ GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
+
+2017-06-11 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Send gpgcompose --help output to stdout, not stderr.
+ + commit 7aeac20f12ed257d3d159b304afeeac7f406c9d2
+ * g10/gpgcompose.c (show_help): Send gpgcompose --help output to
+ stdout, not stderr.
+
+ gpg: Improve some output of gpgcompose.
+ + commit cb0484e0762a1ce05d00d949f4b70162e2f7b82c
+
+
+ gpg: Support 'gpgcompose --encrypted-pop --help'
+ + commit 4ddf4e114c8df06d89144e857b7601de0b7e5a7c
+ * g10/gpgcompose.c (encrypted_pop_options): New variable.
+ (encrypted_pop): Support the --help option.
+
+ gpg: Remove dead code.
+ + commit 8a9066865688cf17594b2bdde4b260b0ef36d68e
+ * g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
+ PKT_ENCRYPTED_MDC.
+ (encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
+
+2017-06-08 Marcus Brinkmann <mb@g10code.com>
+
+ artwork: Add new banner.
+ + commit bc5503b2bf273b51d5dc59617e596f1cfb742fbc
+ * artwork/banner/banner-full.png: New file.
+ * artwork/banner/banner-rectangle.png: New file.
+ * artwork/banner/banner.svg: New file.
+ * artwork/banner/Bungee-Regular.ttf: New file.
+ * artwork/banner/Raleway-license.txt: New file.
+ * artwork/banner/banner-half.png: New file.
+ * artwork/banner/banner-skyscraper.png: New file.
+ * artwork/banner/Bungee-license.txt: New file.
+ * artwork/banner/Raleway-ExtraBold.ttf: New file.
+ * artwork/banner/Raleway-SemiBold.ttf: New file.
+
+2017-06-08 Justus Winter <justus@g10code.com>
+
+ common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
+ + commit a64a55e10420cf11e00062b590dffe5d0c3e8192
+ * common/compliance.c (gnupg_pk_is_allowed): New function.
+ (gnupg_cipher_is_allowed): Likewise.
+ (gnupg_digest_is_allowed): Likewise.
+ * common/compliance.h (enum pk_use_case): New definition.
+ (gnupg_pk_is_allowed): New prototype.
+ (gnupg_cipher_is_allowed): Likewise.
+ (gnupg_digest_is_allowed): Likewise.
+ * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
+ the new predicates.
+ * g10/encrypt.c (encrypt_crypt): Likewise.
+ * g10/gpg.c (main): Likewise.
+ * g10/pubkey-enc.c (get_session_key): Likewise.
+ * g10/sig-check.c (check_signature2): Likewise.
+ * g10/sign.c (do_sign): Likewise.
+ * sm/decrypt.c (gpgsm_decrypt): Likewise.
+ * sm/encrypt.c (gpgsm_encrypt): Likewise.
+ * sm/gpgsm.c (main): Likewise.
+ * sm/sign.c (gpgsm_sign): Likewise.
+ * sm/verify.c (gpgsm_verify): Likewise.
+
+ gpg: Fix computation of compliance with CO_DE_VS.
+ + commit b03fab09e188f7bb10237d4f20455e4026737e4e
+ * g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
+ compliance with CO_DE_VS.
+
+2017-06-08 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
+ + commit 9b43220b8ad1a5c1cd51de3bbfff7ccbcc3fa877
+ * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
+ enums.
+ (opts): New options --connect-timeout and --connect-quick-timeout.
+ (DEFAULT_CONNECT_TIMEOUT): New.
+ (DEFAULT_CONNECT_QUICK_TIMEOUT): New.
+ (parse_rereadable_options): Handle new options.
+ (post_option_parsing): New. Use instead of direct calls to
+ set_debug() and set_tor_mode ().
+ (main): Setup default timeouts.
+ (dirmngr_init_default_ctrl): Set standard connect timeout.
+ * dirmngr/dirmngr.h (opt): New fields connect_timeout and
+ connect_quick_timeout.
+ (server_control_s): New field timeout.
+ * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
+ http_raw_connect.
+ * dirmngr/ks-engine-hkp.c (send_request): Call
+ http_session_set_timeout.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
+ (cmd_ks_fetch): Implement --quick option.
+
+ dirmngr: Allow a timeout for HTTP and other TCP connects.
+ + commit 5b9025cfa1f9b1c67ddf2f6bf87d863e780cf157
+ * dirmngr/http.c: Include fcntl.h.
+ (http_session_s): Add field 'connect_timeout'.
+ (http_session_new): Clear that.
+ (http_session_set_timeout): New function.
+ (my_wsagetlasterror) [W32]: New.
+ (connect_with_timeout): New function.
+ (connect_server): Add arg 'timeout' and call connect_with_timeout.
+ (send_request): Add arg 'timeout' and pass it to connect_server.
+ (http_raw_connect): Add arg 'timeout'.
+ (http_open): Pass TIMEOUT from the session to connect_server.
+
+ gpg: Avoid failure exit when scdaemon is disabled but not needed.
+ + commit 17e5afd80f247c356f03c71e8b61da424ffedabb
+ * g10/call-agent.c (warn_version_mismatch): Use log_info if error is
+ "not supported".
+
+2017-06-07 Justus Winter <justus@g10code.com>
+
+ common: Add cipher mode to compliance predicate.
+ + commit e051e396156211449568afa0ca7505dc13eaa3b4
+ * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
+ * common/compliance.h (gnupg_cipher_is_compliant): Likewise.
+ * g10/mainproc.c (proc_encrypted): Adapt callsite.
+ * sm/decrypt.c (gpgsm_decrypt): Likewise.
+
+ common,gpg,sm: Initialize compliance module.
+ + commit 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb
+ * common/compliance.c (gnupg_initialize_compliance): New function.
+ * common/compliance.h (gnupg_initialize_compliance): New prototype.
+ * g10/gpg.c (main): Use the new function.
+ * sm/gpgsm.c (main): Likewise.
+
+ common,gpg: Move the compliance option printer.
+ + commit f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc
+ * common/compliance.c (gnupg_compliance_option_string): New function.
+ * common/compliance.h (gnupg_compliance_option_string): New prototype.
+ * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
+ * g10/gpg.c (main): Likewise.
+ * g10/keyedit.c (keyedit_menu): Likewise.
+ * g10/pkclist.c (build_pk_list): Likewise.
+ * g10/main.h (compliance_option_string): Remove prototype.
+ * g10/misc.c (compliance_option_string): Remove function.
+
+ common,gpg,sm: Move the compliance option parser.
+ + commit 842d233d408457cfa9a8473a6748472956f44e84
+ * common/compliance.c (gnupg_parse_compliance_option): New function.
+ * common/compliance.h (struct gnupg_compliance_option): New type.
+ (gnupg_parse_compliance_option): New prototype.
+ * g10/gpg.c (parse_compliance_option): Remove function.
+ (compliance_options): New variable.
+ (main): Adapt callsite.
+ * sm/gpgsm.c (main): Use the new common function.
+ * sm/gpgsm.h (opt): New field 'compliance'.
+
+ gpg: Improve compliance with CO_DE_VS.
+ + commit 027ce4ba37be1d052bca2f6109fe810ef57f4038
+ * g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
+ forbids the use of encryption without integrity protection.
+
+2017-06-07 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo: Fix a minor memleak in the installer.
+ + commit 13dc75a4e7cc2959003c08940fc53c6ece7b77e4
+ * build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on
+ early return.
+
+2017-06-06 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo: Fix source tar call ambiguity.
+ + commit 96acbdd7265f504d06783adfd6322a6675c41c0a
+ * build-aux/speedo.mk (dist-source): Expand exclude-vc to
+ exclude-vcs.
+
+2017-06-01 Justus Winter <justus@g10code.com>
+
+ gpg: Report compliance with CO_DE_VS.
+ + commit be8ca8852629786266db4d3d69b2c2fb03bd6365
+ * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
+ parameters.
+ (gnupg_cipher_is_compliant): New function.
+ (gnupg_digest_is_compliant): Likewise.
+ * common/compliance.h (gnupg_cipher_is_compliant): New prototype.
+ (gnupg_digest_is_compliant): Likewise.
+ * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
+ (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
+ * doc/DETAILS: Document the new status lines.
+ * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
+ and report that using the new status line.
+ (check_sig_and_print): Likewise.
+ * sm/decrypt.c (gpgsm_decrypt): Likewise.
+ * sm/verify.c (gpgsm_verify): Likewise.
+
+ common: Improve checking for compliance with CO_DE_VS.
+ + commit 3b70f62423041e614332b90d782576ee6868a030
+ * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
+ sizes are compliant.
+
+ gpg,common: Move the compliance framework.
+ + commit 8a012280e0f0a462c094d106355aa436fceb1b76
+ * common/Makefile.am (common_sources): Add new files.
+ * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here,
+ and tweak it to not rely on types private to gpg.
+ * common/compliance.h: New file. Move the compliance enum here.
+ * g10/keylist.c (print_compliance_flags): Adapt callsite.
+ * g10/main.h (gnupg_pk_is_compliant): Remove prototype.
+ * g10/misc.c (gnupg_pk_is_compliant): Remove function.
+ * g10/options.h (opt): Use the new compliance enum.
+ * sm/keylist.c (print_compliance_flags): Use the common functions.
+
+2017-05-31 Justus Winter <justus@g10code.com>
+
+ gpg: Fix compliance computation.
+ + commit 02af509dfc2b893720aa0c7b380fd7736b2bafd0
+ * g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
+ RFC2440 which is actually a predicate.
+
+ sm: Simplify code.
+ + commit f9cb15b385f64f7c9403670f03632f81a874f213
+ * sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
+ interface.
+
+ doc: Improve documentation.
+ + commit 485b5a6e6dfe7aa545afa926e060d516ae911e42
+ * doc/gpgsm.texi: Mention that '--with-key-data' implies
+ '--with-colons'.
+
+2017-05-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix error from do_encryption.
+ + commit c03e0eb01dc4632432d0472a6f8051142082bea4
+ * agent/protect.c (do_encryption): Don't mask failure of OUTBUF
+ allocation.
+
+ scd: Fix error code on failure at usb_init.
+ + commit 8defb21d34410d000c8b776e0e3a1edd04762638
+ * scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
+
+ scd: Handle a failure of libusb_init.
+ + commit 5c33649782bf255af5a55f16eac5e85f059b00bf
+ * scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
+ failure.
+
+2017-05-30 Andre Heinecke <aheinecke@intevation.de>
+
+ gpg: Disable keydb handle caching.
+ + commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29
+ * g10/getkey.c (getkey_end): Disable caching of the open keydb
+ handle.
+
+2017-05-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix memory leaks.
+ + commit 996544626ea416c173a940db47f47f9e5cbd844c
+ * agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
+ * agent/gpg-agent.c (create_server_socket): Free UNADDR.
+
+2017-05-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: This towel should better detect a changed resolv.conf.
+ + commit de3a0988ef9addccd6b5c7950fb8797afbc3978d
+ * dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
+ issue.
+
+ dirmngr: Re-init libdns resolver on towel change of resolv.conf.
+ + commit b5f356e9fba2d99909f8f54d7b7e6836bed87b68
+ * dirmngr/dns-stuff.c: Include sys/stat.h.
+ (RESOLV_CONF_NAME): New macro to replace a string.
+ (resolv_conf_changed_p): New.
+ (libdns_init): Call new function
+ (libdns_res_open): Ditto.
+
+2017-05-24 Justus Winter <justus@g10code.com>
+
+ agent: Make digest algorithms for ssh fingerprints configurable.
+ + commit 525f2c482abb6bc2002eb878b03558fb43e6b004
+ * agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
+ * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
+ option for strings used to communicate with the user.
+ * agent/findkey.c (agent_modify_description): Likewise.
+ * agent/gpg-agent.c (cmd_and_opt_values): New value.
+ (opts): New option '--ssh-fingerprint-digest'.
+ (parse_rereadable_options): Set the default to MD5 for now.
+ (main): Handle the new option.
+ * doc/gpg-agent.texi: Document the new option.
+
+ agent: Write both ssh fingerprints to 'sshcontrol' file.
+ + commit a5f046d99a084b6a95268f03c1b588e8b78083cb
+ * agent/command-ssh.c (add_control_entry): Hand in the key, write both
+ the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
+ when adding ssh keys.
+ (ssh_identity_register): Adapt callsite.
+
+ common: Correctly render SHA256-based ssh fingerprints.
+ + commit 3a07a69dfc87b4fff610740d3dde8e23f0d2f8bc
+ * common/ssh-utils.c (dummy_realloc): New function.
+ (dummy_free): Likewise.
+ (get_fingerprint): Prepend the fingerprint with the name of the digest
+ algorithm. Correctly render SHA256-based ssh fingerprints.
+ * common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
+ (main): Add an option to dump the keys to gather fingerprints, also
+ print the SHA256 fingerprint for keys given as arguments, and check
+ the SHA256 fingerprints of the test keys.
+
+ common: Support different digest algorithms for ssh fingerprints.
+ + commit 3ac1a9d3a018816233a855faff059b4e0657a0f1
+ * common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
+ (ssh_get_fingerprint{,_string}): Likewise.
+ * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
+ * common/t-ssh-utils.c (main): Adapt accordingly.
+ * agent/command-ssh.c (agent_raw_key_from_file): Likewise.
+ (ssh_identity_register): Likewise.
+ * agent/command.c (do_one_keyinfo): Likewise.
+ * agent/findkey.c (modify_description): Likewise.
+
+2017-05-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Add const qualifier for read-only table.
+ + commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21
+ * agent/call-pinentry.c (start_pinentry): Add const to tbl.
+ * agent/command-ssh.c (request_specs): Add const.
+ (ssh_key_types): Likewise.
+ (request_spec_lookup): Add const to the return value and SPEC.
+ (ssh_request_process): Likewise.
+ * agent/protect.c (protect_info): Add const.
+ (agent_unprotect): Add const to algotable.
+
+ g10: Fix default-key selection for signing, possibly by card.
+ + commit fbb2259d22e6c6eadc2af722bdc52922da348677
+ * g10/call-agent.c (warn_version_mismatch): Revert.
+ (start_agent): Suppress version mismatch if relevant.
+ * g10/getkey.c (get_seckey_default_or_card): New.
+ * g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
+
+2017-05-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: Fix spellings.
+ + commit 3713f67026467f63f80649c92ac4cc7973589855
+
+
+ docs: Point to https://dev.gnupg.org/ .
+ + commit 705da1eb23aef92c42d6d657b20a0984b104f72f
+ Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
+ the project has transitioned to a better workflow for supporting
+ contributions, we should ensure that our documentation points to the
+ right place.
+
+2017-05-17 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix checking for opcode arguments.
+ + commit aae50e0b6a61549e226e0c7785260ad517f0ffff
+ * tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching
+ an instruction.
+
+ tests: Fix agent teardown in release builds.
+ + commit 0e1729bb993648deca84a2664ae78edc848d7003
+ * tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
+ will properly use the '--build-prefix' argument to make gpgconf use
+ tools from the build directory.
+
+2017-05-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix gpgcompose.c.
+ + commit ae95a7f5335e605fcd71fbe4a18ed384c88d590a
+ * g10/gpgcompose.c (show_help): Check return value.
+
+ g10: Suppress error for card availability check.
+ + commit a8dd96826f8484c0ae93c954035b95c2a75c80f2
+ * g10/call-agent.c (start_agent): Add semantics for card; Suppress
+ error for card check.
+ (warn_version_mismatch): Ignore an error for scdaemon.
+ (agent_scd_serialno): Call start_agent with
+ FLAG_FOR_CARD_SUPPRESS_ERRORS.
+
+2017-05-16 Justus Winter <justus@g10code.com>
+
+ tests: Configure the environments to use scdaemon from build tree.
+ + commit 386a7bbb245dd3ab7c4156a554adbe75d82bdf49
+ * tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
+ when writing a 'gpg-agent.conf'.
+ * tests/gpgsm/gpgsm-defs.scm: Likewise.
+ * tests/openpgp/defs.scm: Likewise.
+
+2017-05-15 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.21.
+ + commit 9574820329128f0ea8a98f9bfc0e77c73c3e0ec0
+
+
+ po: Update German translation.
+ + commit 4bd079dbdb44067688377156413dd32a82a89d22
+
+
+ gpg: Do not mark ", " translatable.
+ + commit 2d381b0f0ba97657e9fb2971eca6648bb77dd2cc
+ * g10/tofu.c (ask_about_binding): Remove useless translation markers.
+
+2017-05-15 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr,w32: Fix ldap crl read on windows.
+ + commit abe3a9043f86b48b92ddcec47197e032e35a6f4f
+ Summary:
+ * dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
+ (buffer_get_data): Use seperate read pos.
+
+2017-05-15 Werner Koch <wk@gnupg.org>
+
+ common: Let format_text return an error.
+ + commit 00b7767bc6fe309aa20375c859ebf708cfc7b9ea
+ * common/stringhelp.c (format_text): Return NULL on error.
+ * common/t-stringhelp.c (test_format_text): Adjust for change.
+ * g10/gpgcompose.c (show_help): Abort on out of core.
+ * g10/tofu.c (ask_about_binding): Abort on format_text error.
+ (show_statistics): Ditto.
+ (show_warning): Ditto.
+
+2017-05-11 Justus Winter <justus@g10code.com>
+
+ tests: Also run all OpenPGP tests using keyrings.
+ + commit bc01d62dc5d520e138499df5d80fb50f9e87e3e8
+ * tests/openpgp/all-tests.scm: Run each test twice, once with public
+ keys stored in a keybox, once with a keyring.
+ * tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
+ make GnuPG use that instead of creating a keybox if '--use-keyring' is
+ given.
+ * tests/openpgp/setup.scm: Fix flag handling and usage.
+
+ tests: Make it possible to run all tests using our infrastructure.
+ + commit f4365790daa1d1400c7f0fe73ac9a6d25f0c6d0a
+ * Makefile.am (TESTS_ENVIRONMENT): New variable.
+ (check-all): New phony target to run all tests.
+ * tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
+ whether the GPGME test suite is available instead of exiting the
+ process.
+ * tests/gpgscm/init.scm (export): New macro.
+ * tests/gpgscm/tests.scm (run-tests): New function.
+ (load-tests): Likewise.
+ * tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
+ of tests to 'all-tests.scm'.
+ * tests/gpgsm/run-tests.scm: Likewise.
+ * tests/migrations/run-tests.scm: Likewise.
+ * tests/openpgp/run-tests.scm: Likewise.
+ * tests/gpgme/Makefile.am: To select the tests to run, use the
+ variable 'TESTS'. This harmonizes the interface with the automake
+ test suite.
+ * tests/gpgsm/Makefile.am: Likewise.
+ * tests/migrations/Makefile.am: Likewise.
+ * tests/openpgp/Makefile.am: Likewise.
+ * tests/openpgp/README: Likewise.
+ * agent/all-tests.scm: New file.
+ * common/all-tests.scm: Likewise.
+ * g10/all-tests.scm: Likewise.
+ * g13/all-tests.scm: Likewise.
+ * tests/gpgme/all-tests.scm: Likewise.
+ * tests/gpgsm/all-tests.scm: Likewise.
+ * tests/migrations/all-tests.scm: Likewise.
+ * tests/openpgp/all-tests.scm: Likewise.
+ * tests/run-tests.scm: Likewise.
+
+ tests: Move the makefile parser.
+ + commit 78d6a25a2db22ad2ae30d57ca980c0400cfef726
+ * tests/gpgme/gpgme-defs.scm (parse-makefile, parse-makefile-expand):
+ Move...
+ * tests/gpgscm/makefile.scm: ... here.
+ * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
+
+ gpgscm: Make it possible to set the logfile name.
+ + commit 29ef34cc4cb23e7b743dbf4cc8e5761f06076b9a
+ * tests/gpgscm/tests.scm (test): Only set the default log filename
+ when it has not been set before.
+
+2017-05-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10, sm, dirmngr, common: Add comment for fall through.
+ + commit 0ce94a9698104d9bfc73d5a37478189564c96eb4
+ * common/b64dec.c (b64dec_proc): Comment to clarify.
+ * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
+ * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
+ * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
+ * g10/armor.c (unarmor_pump): Likewise.
+ * g10/gpg.c (main): Likewise.
+ * g10/import.c (read_block): Likewise.
+ * g10/keygen.c (make_backsig): Likewise.
+ * g10/pkclist.c (check_signatures_trust): Likewise.
+ * sm/gpgsm.c (main): Likewise.
+
+ g10: Stop compiler warning for t-stutter.
+ + commit 98b759119c81c5b39f34f8a9a7b6a57e91ad6470
+ * g10/t-stutter.c (do_test): Refer current_test_group_failed.
+
+2017-05-08 Justus Winter <justus@g10code.com>
+
+ gpg: Properly account for ring trust packets.
+ + commit 22739433e98be80e46fe7d01d52a9627c1aebaae
+ * g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
+ instead of counting ourself.
+ * g10/packet.h (struct parse_packet_ctx_s): New field
+ 'n_parsed_packets'.
+ (init_parse_packet): Initialize new field.
+ * g10/parse-packet.c (parse): Count packets.
+
+2017-05-04 Justus Winter <justus@g10code.com>
+
+ tests: Support tests that are expected to fail.
+ + commit d6b46462f8c5c705ffb7cf8af03465a926aa11d3
+ * tests/gpgscm/tests.scm (test-pool): Rework reporting. Filter using
+ the computed test status instead of the return value. Also print the
+ new categories 'failed expectedly' and 'passed unexpectedly'.
+ (test): If a test ends with a bang (!), it is expected to fail. Adapt
+ status, status-string, and xml accordingly.
+
+ tests: Add function to dump packets.
+ + commit eab0138e3179f247180a639a91570e5ee2c6ad0e
+ * tests/openpgp/defs.scm (gpg-dump-packets): New function.
+
+2017-05-03 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo,w32: Fix silent user mode installation.
+ + commit d378cc34a8d3d5053cf0c5ac7aa731c1bcefee22
+ * build-aux/speedo/w32/inst.nsi (AddToPath): Move account
+ check here.
+ (PrintNonAdminWarning): Remove is_user_install variable.
+
+2017-05-03 Justus Winter <justus@g10code.com>
+
+ gpgscm: Create and re-use frame objects.
+ + commit 8a168a6d4052ec31fed77c79bb96ffdd32bf9646
+ * tests/gpgscm/scheme-private.h (struct scheme): New field
+ 'frame_freelist'.
+ * tests/gpgscm/scheme.c (enum scheme_types): New type 'T_FRAME'.
+ (type_to_string): Handle new type.
+ (settype): New macro.
+ (gc_disable): Make sure there is at least one frame in the free list.
+ (mark): Handle frame objects.
+ (finalize_cell): Likewise.
+ (dump_stack_initialize): Initialize free list.
+ (dump_stack_free): Simplify.
+ (frame_length): New variable.
+ (dump_stack_make_frame): New function.
+ (frame_slots): Likewise.
+ (frame_payload): New macro.
+ (dump_stack_allocate_frame): New function.
+ (dump_stack_deallocate_frame): Likewise.
+ (dump_stack_preallocate_frame): Likewise.
+ (_s_return): Unpack frame object and deallocate it.
+ (s_save): Wrap state in an frame object.
+ (dump_stack_mark): Mark the free list.
+
+ gpgscm: Merge opexe_0.
+ + commit 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d
+ * tests/gpgscm/scheme-private.h (struct scheme): Remove field 'op'.
+ * tests/gpgscm/scheme.c (opexe_0): Inline into 'Eval_Cycle'.
+ (_Error_1): Return the opcode to evaluate next.
+ (Error_1): Do not return, but set the opcode and goto dispatch.
+ (Error_0): Likewise.
+ (s_goto): Likewise.
+ (s_return): Likewise.
+ (s_return_enable_gc): Likewise.
+ (s_thread_to): Remove superfluous cast.
+ (_s_return): Return the opcode to evaluate next.
+ (scheme_init_custom_alloc): Adapt to removal of field 'op'.
+
+2017-05-03 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo,w32: Allow installation as normal user.
+ + commit cacfd4bce94704b531f68ee76fb40789e44fde67
+ * build-aux/speedo/w32/g4wihelp.c (ENV_HK_USER, ENV_REG_USER):
+ New defines.
+ (path_add): Handle is_user_install variable. Don't abort
+ if Path reg key does not exist. Fix crash if Path reg key
+ does not contain a semicolon.
+ (path_remove): Handle is_user_install variable. Fix crash
+ if Path reg key does not exist.
+ * build-aux/speedo/w32/inst.nsi: Remove obsolete HAVE_STARTMENU
+ this was double guarded with WITH_GUI. Add Multiuser plugin and
+ defines for this. Use SHCTX instead of HKLM / HKCU.
+ (PrintNonAdminWarning): Only Warn and don't abort.
+
+2017-05-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ g10: Remove skeleton options files.
+ + commit 201f86803017c1db373023f7b506d4a0dc644bbc
+ * build-aux/speed/w32/inst.nsi: stop installing skeleton files.
+ * doc/gpg.texi: stop documenting skeleton files.
+ * g10/Makefile.am: stop installing skeleton files.
+ * g10/openfile.c (copy_options_file): Remove.
+ (try_make_homedir): do not call copy_options_file.
+
+2017-04-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: For signing, prefer available card key when no -u option.
+ + commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
+ * g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
+ Then, use the card key if any.
+
+2017-04-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Minor clean up.
+ + commit 2262a80c5f44433a08bc0e21b77d9efe51596f21
+ * g10/main.h (complete_sig): Remove declaration.
+ * g10/sign.c (complete_sig): Make it static.
+
+2017-04-25 NIIBE Yutaka <gniibe@fsij.org>
+ Tomas Mraz
+
+ dirmngr: Fix aliasing problem in dns.c.
+ + commit 247932f367f856e7ce91528e14f0aaf838150857
+ * dirmngr/dns.c (dns_ai_setent): Care about aliasing.
+
+2017-04-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Remove *.conf.tmpl from Makefile.
+ + commit 7851d73fd7f424f9a649690e1cb3055feb792c51
+ * tests/openpgp/Makefile.am (TEST_FILES): Remove gpg.conf.tmpl
+ and gpg-agent.conf.tmpl.
+
+ g10: invalidate the fd cache for keyring.
+ + commit 116cfd60779fbb3540da629db54dc2e148f4a3a2
+ * g10/keyring.c (keyring_search_reset): Don't keep the FD cache.
+
+2017-04-24 Andre Heinecke <aheinecke@intevation.de>
+
+ w32: Enable wildcard expansion with mingw-w64.
+ + commit 2e71bf30f038ca0e142acbb6f650ce029105f8a2
+ * g10/gpg.c: Define _dowildcard = -1;
+
+2017-04-24 Justus Winter <justus@g10code.com>
+
+ tests: Fix Python detection.
+ + commit ef1922b3b19df0aa7f8c15d503c603f76fc13f82
+ * tests/gpgme/gpgme-defs.scm (python): Fix Python detection.
+
+ gpgscm: Refactor cell finalization.
+ + commit d2f6798621d751cd6ae6f091c4a2af4569c5b8aa
+ * tests/gpgscm/scheme.c (finalize_cell): Use switch, return whether
+ the cell may be freed.
+ (gc): Update callsite.
+
+ gpgscm: Tweak error message display.
+ + commit 78547bfe8a885579438a17abadca02b62cce2844
+ * tests/gpgscm/init.scm (throw'): If the first argument to the error
+ is a string, display it as such.
+
+ tests: Deduplicate and simplify code.
+ + commit 06a177ceea529269a7404740c60416bd6a4567b1
+ * tests/gpgme/gpgme-defs.scm (create-file): Move...
+ * tests/gpgsm/gpgsm-defs.scm (create-file): ... likewise...
+ * tests/openpgp/defs.scm (create-file): Here.
+ (create-gpghome): Use 'create-file'.
+ * tests/openpgp/gpg-agent.conf.tmpl: Delete file.
+ * tests/openpgp/gpg.conf.tmpl: Likewise.
+
+ gpgscm: Fix test.
+ + commit 9ae63b9caefdf3e925c5928667fcd9227132d27f
+ * tests/gpgscm/t-child.scm: Use 'string-length' on the string.
+
+ gpgscm: Improve syntax checking.
+ + commit 4aab0e6ac7f2887a6f38f0cb95365dd7c30b4b18
+ * tests/gpgscm/scheme.c (opexe_0): Make sure closure arguments are
+ symbols.
+
+ gpgscm: Emit JUnit-style XML reports.
+ + commit ee715201ae784e840b6136393289e6dbd6f4c540
+ * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
+ * tests/gpgscm/lib.scm (string-translate): New function.
+ * tests/gpgscm/main.c (main): Load new file.
+ * tests/gpgscm/tests.scm (dirname): New function.
+ (test-pool): Record execution times, emit XML report.
+ (test): Record execution times, record log file name, emit XML report.
+ (run-tests-parallel): Write XML report.
+ (run-tests-sequential): Likewise.
+ * tests/gpgscm/xml.scm: New file.
+ * tests/gpgme/Makefile.am (CLEANFILES): Add 'report.xml'.
+ * tests/gpgsm/Makefile.am: Likewise.
+ * tests/migrations/Makefile.am: Likewise.
+ * tests/openpgp/Makefile.am: Likewise.
+
+ gpgscm: Make logging less verbose and more useful.
+ + commit 679920781a25ae5c0e49d4bd78e6926fd661778f
+ * tests/gpgscm/tests.scm (call-with-io): When being verbose, include
+ the pid in the output, and avoid duplicating the command arguments.
+
+ gpgscm: Make test framework less functional.
+ + commit a71f4142e13e2cc26ef0cd62f56a1ccb7ce678ee
+ * tests/gpgscm/tests.scm (test-pool, tests): Previously, these methods
+ updated objects by creating new updated copies of the object being
+ manipulated. This made the code awkward without any benefit,
+ therefore I change it to just update the object.
+
+ gpgscm: Move 'trace' and 'stringify'.
+ + commit f03d6897be904da58cad76b4bd07729922b47616
+ * tests/gpgscm/tests.scm (trace, stringify): Move...
+ * tests/gpgscm/lib.scm: ... here.
+
+ gpgscm: Avoid fruitless garbage collection cycles.
+ + commit 245860ecaf8b9e82ca577385abd453ac92ffcd26
+ * tests/gpgscm/scheme-private.h (CELL_MINRECOVER): New macro.
+ * tests/gpgscm/scheme.c (_get_cell): Move the heuristic to get more
+ cells...
+ (gc): ... here where every caller benefits from the optimization.
+
+2017-04-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ g13: Fix for Solaris.
+ + commit 10519270d36586c536bfb6c4cda8ac17c01f4976
+ * configure.ac: Check sys/mkdev.h.
+ * g13/sh-dmcrypt.c: Include sys/mkdev.h.
+
+2017-04-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix final close of LISTEN_FD.
+ + commit 4b2581dc0ea1d03e70023bb0748aa0c21c0a2173
+ * dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD.
+
+ dirmngr: Fix API difference for Windows.
+ + commit 0d0a7efa8fa0accc1da851917376e2328ef33c96
+ * dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
+ (http_wait_response): Use FD2INT to get unsigned integer fd.
+ (read_server, write_server): Likewise.
+ (simple_cookie_read, simple_cookie_write): Use assuan_fd_t.
+
+2017-04-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: More minor change.
+ + commit 9296aed4bd2ad09d23339e658264e557c5312585
+ * agent/command.c (cmd_pksign): Remove redundant assignment.
+
+ agent: Minor cleanup.
+ + commit 45c52cca1401b930878a8f901b63cfbb22e9e327
+ * agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR.
+ * agent/command.c (cmd_genkey, cmd_import_key): Clean up.
+
+ tests: Minor memory fix.
+ + commit b9440aa3693a4bb91e1ba8ff09e2d93ff22dd70a
+ * tests/openpgp/fake-pinentry.c (get_passphrase): Free the memory.
+
+ g10: Fix parse_ring_trust.
+ + commit 256e861bce3dc9aba8fab4df47a40cae3bede175
+ * g10/parse-packet.c (parse_ring_trust): Fix condition.
+
+ g10: Minor fixes.
+ + commit 0dec0cc281dfa26db89f8cc5ee002dea5c2b2e81
+ * g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
+ (do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
+ * g10/getkey.c (get_best_pubkey_byname): Add non-null check.
+ * g10/tofu.c (tofu_set_policy): ERR initialize to 0.
+
+ g10: Fix import/export filter property match.
+ + commit af5f8ecf51f5e1f33e832d4946d02313b78a0536
+ * g10/import.c (impex_filter_getval): Fix to "else if".
+
+2017-04-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Clean up error initialize/return.
+ + commit 36c4e540f1a4992675ee6e0acca1231325457079
+ * agent/call-pinentry.c (start_pinentry): Return RC.
+ * agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
+ * agent/findkey.c (try_unprotect_cb): Return ERR.
+ (unprotect): Don't set RC.
+ * agent/gpg-agent.c (handle_connections): Don't set fd.
+
+ dirmngr: More fix for test program.
+ + commit adb77d095b3958482863a17c83746f33945638dc
+ * dirmngr/t-http.c (main): Care about no TLS.
+
+ dirmngr: More fix for Windows.
+ + commit 4771bad610eb59e701fe8e53468e2af22d45eeb0
+ * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
+ valid with HTTP_USE_NTBTLS.
+ (_my_socket_new): Simply cast to int since it's for debug.
+ (_my_socket_ref, _my_socket_unref): Likewise.
+
+2017-04-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix http.c for sockaddr_storage.
+ + commit 86dcb03134fd4957d51ebaa06b7991239f9ee56a
+ dirmngr/http.c (use_socks): Use sockaddr_storage.
+ (my_sock_new_for_addr, connect_server): Likewise.
+
+ dirmngr: Fix alignment of ADDR.
+ + commit 892b33bb2c57785927ea6652091191da2deed464
+ * dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage
+ for size and alignment.
+ * dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change.
+ (resolve_dns_name): Use struct sockaddr_storage.
+ (resolve_addr_standard, resolve_dns_addr): Likewise.
+ (resolve_dns_addr): Likewise.
+
+ dirmngr: Fix thread key type.
+ + commit 37018adce6ea4920b34d59afcfe4f55f716b3086
+ * dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t.
+
+ common, g10: Fix enumeration types.
+ + commit 74258278efacd7069e8c1df8ff6fc3f4675d713e
+ * common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
+ (DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
+ * g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
+ (map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
+ (openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
+ (pubkey_get_npkey): Add default handling.
+
+ dirmngr: More fix for Windows.
+ + commit 5af104b541ed430a54eb0163a1d29e1d043f9377
+ * dirmngr/dns.c (socket_fd_t, STDCALL): New.
+ (dns_te_initname): Use.
+
+2017-04-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix type of sock.
+ + commit 6755b3b505f79a5a233b18e85f57a0d3a455e664
+ * dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.
+
+ tools: Fix condition for gpg-connect-agent.
+ + commit f52f6af834cc488d11612e349e4af023d69a45f4
+ * tools/gpg-connect-agent.c (start_agent): Add paren.
+
+ dirmngr: Fix possible null reference.
+ + commit 7ae1857c90ab43ad9e31f0fb6dbd37f25cc37278
+ * dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL.
+
+ common: Simplify format_text.
+ + commit 7b4edf14bb16fbe786e55b829a208960396ce8df
+ * common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
+ * common/stringhelp.h: Change the API with no IN_PLACE.
+ * common/t-stringhelp.c (test_format_text): Follow the change.
+ * g10/gpgcompose.c (show_help): Likewise.
+ * g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
+ (show_statistics, show_warning): Likewise.
+
+ gpgscm: Fix test program.
+ + commit 7f9032d4a8ce53ce1a972bd3c1f8d20b3776756b
+ * tests/gpgscm/t-child.c (main): Fix for setmode.
+
+ dirmngr: Fix plus1_ns.
+ + commit 60d9a9e6b4ae3af029596d14732c02f49203326d
+ * dirmngr/dns.c (plus1_ns): Fix the initial implementation.
+
+ scd: Handle unexpected suspend/resume by CCID driver.
+ + commit f053f99ed0b0c6de7b7c4a07cbd7f7d213ddf0db
+ * scd/ccid-driver.c (bulk_in): Handle unexpected failure.
+
+ dirmngr: Fix dns-stuff.c in another way.
+ + commit bd0c94939faf8ccfc117fb595e9bc0105edcafa4
+ * dirmngr/dns-stuff.c (T_CERT): Define our own.
+
+ Revert "dirmngr: Fix dns-stuff.c."
+ + commit 0b904ddea8bddaa2fd7893a9dce1df1cb5e36b00
+ This reverts commit 1538523156be568046f632d1775eae30ea8bd556.
+
+ dirmngr: Fix dns-stuff.c.
+ + commit 1538523156be568046f632d1775eae30ea8bd556
+ * dirmngr/dns-stuff.c: Don't include arpa/nameser.h.
+
+ agent: Simplify stream_read_cstring.
+ + commit c64763c3a74ecc61c2f6c5edb679a2a3879d79e7
+ * agent/command-ssh.c (stream_read_cstring): Just call
+ stream_read_string.
+
+ dirmngr: Use a function to increment network short.
+ + commit 64904ce627b6b0661acf15b5b70103c4842bb0f3
+ * dirmngr/dns.c (plus1_ns): New.
+ (dns_p_push): Use it.
+
+ g10: Minor clean up for export.c.
+ + commit 05218829589f6d4b09933fa19f568c2019367d5c
+ * g10/export.c (export_ssh_key): Check IDENTIFIER for error.
+ Release base64 thing on error of get_membuf.
+
+2017-04-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ g13: Include sys/sysmacros.h if available.
+ + commit c3cc9551dcc89cc25c0a0ec16d8eb12c1c221638
+ * configure.ac: Add test for sys/sysmacros.h.
+ * g13/sh-dmcrypt.c: Include sys/sysmacros.h.
+
+2017-04-11 Justus Winter <justus@g10code.com>
+
+ tests: Fix distcheck.
+ + commit 00be2a92625e832e8dd621f2a8f72b124c6d50ca
+ * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'gnupg.scm'.
+
+ tests: Avoid relying on implicit gpg commands.
+ + commit cde626e7f7349a73d58ec3236ab3b43dec852bb5
+ * tests/openpgp/armdetach.scm: Always use an explicit command instead
+ of relying on gpg to guess what we want.
+ * tests/openpgp/armdetachm.scm: Likewise.
+ * tests/openpgp/armencrypt.scm: Likewise.
+ * tests/openpgp/armencryptp.scm: Likewise.
+ * tests/openpgp/armor.scm: Likewise.
+ * tests/openpgp/armsignencrypt.scm: Likewise.
+ * tests/openpgp/armsigs.scm: Likewise.
+ * tests/openpgp/clearsig.scm: Likewise.
+ * tests/openpgp/compression.scm: Likewise.
+ * tests/openpgp/conventional-mdc.scm: Likewise.
+ * tests/openpgp/conventional.scm: Likewise.
+ * tests/openpgp/decrypt-dsa.scm: Likewise.
+ * tests/openpgp/decrypt.scm: Likewise.
+ * tests/openpgp/detach.scm: Likewise.
+ * tests/openpgp/detachm.scm: Likewise.
+ * tests/openpgp/ecc.scm: Likewise.
+ * tests/openpgp/encrypt-dsa.scm: Likewise.
+ * tests/openpgp/encrypt-multifile.scm: Likewise.
+ * tests/openpgp/encrypt.scm: Likewise.
+ * tests/openpgp/encryptp.scm: Likewise.
+ * tests/openpgp/seat.scm: Likewise.
+ * tests/openpgp/signencrypt-dsa.scm: Likewise.
+ * tests/openpgp/signencrypt.scm: Likewise.
+ * tests/openpgp/sigs-dsa.scm: Likewise.
+ * tests/openpgp/sigs.scm: Likewise.
+
+ tests: Make tests more robust.
+ + commit 1b28d9dbe0260b2a4645c4b5caae11d9f375c942
+ * tests/openpgp/defs.scm (have-opt-always-trust): Execute in empty
+ ephemeral home directory. This prevents gpg from picking up the
+ configuration from the current gnupghome (if any).
+ * tests/migrations/common.scm (untar-armored): Likewise.
+
+ tests: Move common functionality.
+ + commit ccd2187212c12b84c86a10fd4417a16536243179
+ * tests/openpgp/defs.scm (with-home-directory,
+ with-ephemeral-home-directory): Move...
+ * tests/gpgscm/gnupg.scm: ... to this new file.
+ * tests/gpgscm/main.c (main): Load the new file.
+
+2017-04-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix build for Windows.
+ + commit 3133402241167ccad70fa888a47ffcbe04e7b4c5
+ * dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use
+ gpgrt_ssize_t.
+
+ g10,tools: Fix bzlib.h include order.
+ + commit 03d77b60befa4e2f8437a80ac429cca3e54688f8
+ * g10/compress-bz2.c: Include bzlib.h after gcrypt.h.
+ * tools/gpgsplit.c: Likewise.
+
+ g10: Minor clean up for TOFU.
+ + commit f079822b2ce06c18b7ea45efed2d29b54e38f04d
+ * g10/tofu.c (ask_about_binding): Fix for qualifier.
+
+ common: Portability fix for logging.c.
+ + commit 456c5cdb2d72bba77e2a30c8fdb1c1cebbe9b1d2
+ * common/logging.c (S_IRGRP, S_IWGRP, S_IROTH, S_IWOTH): Avoid
+ duplicated definition.
+
+ tools: Portability fix for gpgparsemail.
+ + commit a1446163d584cdc3003c7d5b5fc6d74737c1732d
+ * tools/rfc822parse.c (my_stpcpy): Rename from stpcpy.
+
+2017-04-10 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix opcode dispatch.
+ + commit 1b6adab41d386b587f65e5c6f14a63859ac1226b
+ * tests/gpgscm/scheme.c (opexe_0): Consider 'op', not 'sc->op'. The
+ former is the opcode we are currently executing.
+
+ gpgscm: Mmap script files.
+ + commit c7f0d90592fd0348a3818ac897f91e6859584146
+ * tests/gpgscm/main.c (load): Try to mmap the script.
+ * tests/gpgscm/scheme.c (scheme_load_memory): New function, a
+ generalization of 'scheme_load_string'.
+ * tests/gpgscm/scheme.h (scheme_load_memory): New prototype.
+
+ gpgscm: Refactor checking for opcode arguments.
+ + commit f3d1f6867792deeb9a2a63744ee9b076c41c58f3
+ * tests/gpgscm/scheme.c (op_code_info): Fix type, add forward
+ declaration.
+ (check_arguments): New function.
+ (Eval_cycle): Use the new function.
+
+ gpgscm: Improve syntax dispatch.
+ + commit b628e62b5b9f7ed5cbb1bfe34727b5ee8129f7d4
+ * tests/gpgscm/scheme.c (assign_syntax): Add opcode parameter, store
+ opcode in the tag.
+ (syntaxnum): Add sc parameter, retrieve opcode from tag.
+ (opexe_0): Adapt callsite.
+ (scheme_init_custom_alloc): Likewise.
+
+ gpgscm: Make tags mandatory.
+ + commit a1ad5d6a30cf72d9b7e7bb449985dc69d5e01c4b
+ * tests/gpgscm/opdefines.h: Make tags mandatory.
+ * tests/gpgscm/scheme.c: Likewise.
+ * tests/gpgscm/scheme.h: Likewise.
+
+ gpgscm: Add and use opcode for reversing a list in place.
+ + commit e1bb9326dc381ae2711a81ab621e21a66388bcbd
+ * tests/gpgscm/lib.scm (string-split-pln): Use 'reverse!'.
+ (string-rtrim): Likewise.
+ * tests/gpgscm/opdefines.h (reverse!): New opcode.
+ * tests/gpgscm/scheme.c (opexe_0): Handle new opcode.
+
+ gpgscm: Deduplicate code.
+ + commit 3e91019a92b9bb3bb5a8cd62336b4cf65964e45b
+ * tests/gpgscm/scheme.c (oblist_add_by_name): Deduplicate.
+ (new_slot_spec_in_env): Likewise.
+
+ gpgscm: Move dispatch table into rodata.
+ + commit 7dff6248bddd5583988ac562318cf0d76a409d0e
+ * tests/gpgscm/opdefines.h: Use 0 instead of NULL.
+ * tests/gpgscm/scheme.c (op_code_info): Use char arrays instead of
+ pointers, make arity parameters smaller.
+ (INF_ARG): Adapt.
+ (_OP_DEF): Likewise.
+ (dispatch_table): Likewise.
+ (procname): Likewise.
+ (Eval_cycle): Likewise.
+ (scheme_init_custom_alloc): Likewise.
+
+ gpgscm: Use more threaded code.
+ + commit 6f217d116d1a12c6093bb253dbfa349bc81bc90b
+ * tests/gpgscm/scheme.c (opexe_0): Use 's_thread_to' instead of
+ 's_goto' wherever possible.
+
+ gpgscm: Remove now obsolete dispatcher function from the opcodes.
+ + commit e7ed9822e20ee4bbb4cdd9eca8121b4ade87e5ce
+ * tests/gpgscm/opdefines.h: Remove now obsolete dispatcher function
+ from the opcodes.
+ * tests/gpgscm/scheme-private.h (_OP_DEF): Adapt.
+ * tests/gpgscm/scheme.c (dispatch_func): Remove type declaration.
+ (op_code_info): Remove 'func'.
+ (_OP_DEF): Adapt.
+ (Eval_Cycle): Always call 'opexe_0'.
+
+ gpgscm: Merge 'opexe_6'.
+ + commit ddf444828b9b3f75d964473a2c0e77f75f094cf4
+ * tests/gpgscm/scheme.c (opexe_6): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+ gpgscm: Merge 'opexe_5'.
+ + commit 1379df44537b67b7c2fbc0fb5bc6f7945a5d7ebb
+ * tests/gpgscm/scheme.c (opexe_5): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+ gpgscm: Merge 'opexe_4'.
+ + commit 4f835104b9475e7d585d859b85e7d0d4cfe9aab3
+ * tests/gpgscm/scheme.c (opexe_4): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+ gpgscm: Merge 'opexe_3'.
+ + commit d591ab65d37ee467ca91ad851ab236f2985c1ee2
+ * tests/gpgscm/scheme.c (opexe_3): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+ gpgscm: Merge 'opexe_2'.
+ + commit 6cad38228f6ebfdc8e52960223b492597aff26a0
+ * tests/gpgscm/scheme.c (opexe_2): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+ gpgscm: Merge 'opexe_1'.
+ + commit 154af876f05b773bf3a860fcb4cc41066da27beb
+ * tests/gpgscm/scheme.c (opexe_1): Merge into 'opexe_0'.
+ * tests/gpgscm/opdefines.h: Adapt.
+
+2017-04-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Use "ll" length specifier when time_t is larger.
+ + commit 170660ed11b56145dea4865e751ae5aff1681fe2
+ * agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.
+
+ scd: Relax a condition for p15 driver.
+ + commit 7501f2e9c4e6fd94a191b381d52ec2fe1d103e29
+ * scd/app-p15.c (read_ef_aodf): Fix.
+
+ scd: Relax a condition for p15 driver.
+ + commit 3c1ad96f1ce838daf2d861b33e6611f6d3043d25
+ * scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition.
+
+ scd: Remove "special transport" support.
+ + commit 34199ef677bb40eadf0da696a111f7036bc3187e
+ * scd/ccid-driver.c (transports, my_sleep, prepare_special_transport)
+ (writen): Remove.
+ (ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB.
+ (ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd)
+ (ccid_poll, ccid_transceive): Likewise.
+
+2017-04-07 Justus Winter <justus@g10code.com>
+
+ gpgscm: Allocate small integers in the rodata section.
+ + commit 8640fa880d7050917f4729f2c0cb506e165ee446
+ * tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file.
+ * tests/gpgscm/scheme-private.h (struct cell): Move number to the top
+ of the union so that we can initialize it.
+ (struct scheme): Remove 'integer_segment'.
+ * tests/gpgscm/scheme.c (initialize_small_integers): Remove function.
+ (small_integers): New variable.
+ (MAX_SMALL_INTEGER): Compute.
+ (mk_small_integer): Adapt.
+ (mark): Avoid marking objects already marked. This allows us to run
+ the algorithm over objects in the rodata section if they are already
+ marked.
+ (scheme_init_custom_alloc): Remove initialization.
+ (scheme_deinit): Remove deallocation.
+ * tests/gpgscm/small-integers.h: New file.
+
+ gpgscm: Make global data constant when possible.
+ + commit c9c3fe883271868d3b2dd287d295cf6a8f8ffc05
+ * tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const.
+ * tests/gpgscm/scheme.c (num_zero): Statically initialize and turn
+ into constant.
+ (num_one): Likewise.
+ (charnames): Change type so that it can be stored in rodata.
+ (is_ascii_name): Adapt slightly.
+ (assign_proc): Make argument const char *.
+ (op_code_info): Make some fields const char *.
+ (tests): Make const.
+ (dispatch_table): Make const. At least it can be made read-only after
+ relocation.
+ (Eval_Cycle): Adapt slightly.
+ (vtbl): Make const.
+
+ gpgscm: Remove arbitrary limit on number of cell segments.
+ + commit 56638c28adc1bbe9fc052b92549a50935c0fe99c
+ * tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size
+ arrays for cell segments, replace them with a pointer to the new
+ 'struct cell_segment' instead.
+ * tests/gpgscm/scheme.c (struct cell_segment): New definition.
+ (_alloc_cellseg): Allocate the header within the segment, return a
+ pointer to the header.
+ (_dealloc_cellseg): New function.
+ (alloc_cellseg): Insert the segments into a list.
+ (_get_cell): Allocate a new segment if less than a quarter of
+ CELL_SIGSIZE is recovered during garbage collection.
+ (initialize_small_integers): Adapt callsite.
+ (gc): Walk the list of segments.
+ (scheme_init_custom_alloc): Remove initialization of removed field.
+ (scheme_deinit): Adapt deallocation.
+
+ gpgscm: Fix compact vector encoding.
+ + commit bf8b5e9042b3d86d419b2ac1987a9298c9d21500
+ * tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for
+ '_flags'. This way, '_flags' has the size of a machine word.
+
+2017-04-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix printing of offline taken subkey.
+ + commit 547bc01d57528ecc27b3b5e16797967a7f88fecf
+ * g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
+
+2017-04-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Internal CCID reader cleanup.
+ + commit cc420d34880e2a050b39f969873974cfc35fa5c3
+ * scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
+ from scan_or_find_usb_device.
+ (scan_devices): Likewise. Remove support of special transport types.
+ (ccid_get_reader_list): Simplify.
+ (abort_cmd): Fix error return.
+ (send_escape_cmd): Fix for RESULTLEN == NULL.
+ (ccid_transceive_secure): Remove unnecessary var updates.
+
+ scd: Don't keep CCID reader open when card is not available.
+ + commit 3c93595d701c59cbc9b67a7fd0bcde7ee0fada1a
+ * scd/apdu.c (open_ccid_reader): Fail if no ATR.
+
+ agent: Serialize access to passphrase cache.
+ + commit ebe12be034f052cdec871f0d8ad1bfab85d7b943
+ * agent/cache.c (encryption_lock): Remove.
+ (cache_lock): New. Now, we have coarse grain lock to serialize
+ entire cache access.
+ (initialize_module_cache): Use CACHE_LOCK.
+ (init_encryption, new_data): Remove ENCRYPTION_LOCK.
+ (agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.
+
+2017-04-06 Justus Winter <justus@g10code.com>
+
+ gpgscm: Avoid mutating integer.
+ + commit f1dc34f502a68673e7a29f3fcf57b8dc6a4fac89
+ * tests/gpgscm/scheme.c (opexe_5): Do not modify the integer in-place
+ while printing an vector. Integer objects may be shared, so they must
+ not be mutated.
+
+ gpgscm: Initialize unused slots in vectors.
+ + commit b83903f59ec5d49ac579f263da70ebc8dc3645b5
+ * tests/gpgscm/scheme.c (get_vector_object): Initialize unused slots
+ at the end of vectors.
+
+ tests: Fix distcheck.
+ + commit 23f00f109ddba595db4f73a6182750177c7dd75d
+ * tests/Makefile.am (SUBDIRS): Add 'pkits' again. Simply dropping it
+ makes 'make distcheck' unhappy.
+ * tests/pkits/Makefile.am (TESTS): Remove all tests.
+
+ tests: Disable 'pkits' test suite.
+ + commit af1c1a57e46a00a32d83c1a58c5f3ef6f4a1c1d1
+ * tests/Makefile.am (SUBDIRS): Drop 'pkits'.
+ * tests/pkits/common.sh: Fix locating 'PKITS_data.tar.bz2'.
+ * tests/pkits/inittests: Likewise.
+
+ tests: Make test more robust.
+ + commit 94645311f8a3e9ae33643512f87fbef41bf0556f
+ * tests/openpgp/4gb-packet.scm: Skip if we do not have BZIP2.
+ * tests/openpgp/defs.scm (have-compression-algo?): New function.
+
+2017-04-05 Justus Winter <justus@g10code.com>
+
+ tests: Fix setup of ephemeral home directories.
+ + commit 01e84d429aeeb1450012ff0576a6a24de50693c6
+ * tests/openpgp/defs.scm (with-ephemeral-home-directory): Set
+ GNUPGHOME and cwd to the ephemeral directory before calling the setup
+ function.
+
+2017-04-04 Justus Winter <justus@g10code.com>
+
+ tests: Fix setup of ephemeral home directories.
+ + commit 32b75fb7743f35936d7014fce33c90ba97dfa374
+ * tests/openpgp/defs.scm (with-ephemeral-home-directory): Create
+ configuration files when we enter the context.
+ * tests/openpgp/setup.scm: Do not use an ephemeral home directory.
+ Tests should always use the cwd.
+ * tests/gpgsm/setup.scm: Likewise.
+ * tests/gpgsm/export.scm: Add explicit constructor function.
+ * tests/openpgp/decrypt-session-key.scm: Likewise.
+ * tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
+
+ gpgscm: Fix copying values.
+ + commit 6261611d3786f19fd84ccc79f45a89cadac518e8
+ * tests/gpgscm/scheme.c (copy_value): New function.
+ (mk_tagged_value): Use new function.
+ (opexe_4): Likewise for OP_SAVE_FORCED.
+
+ gpgscm: Simplify get-output-string operation.
+ + commit a80d4a9b50ad47eae1f8c740dd73804311e38783
+ * tests/gpgscm/scheme.c (opexe_4): Simplify 'get-output-string'.
+
+ gpgscm: Simplify substring operation.
+ + commit d858096c99705ccf2e115475f81c4cf88edbeebf
+ * tests/gpgscm/scheme.c (opexe_2): Simplify 'substring'.
+
+2017-04-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Minor fix for get_client_pid.
+ + commit 5744d2038bd17b8b1be4e73d0ad3bc41772efe96
+ * agent/command-ssh.c (get_client_pid): Use 0 to initialize.
+
+2017-04-03 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.20.
+ + commit e7eb9b12deaf7ebe26967bfb56e980b7efeebdc3
+
+
+ dirmngr: New option --disable-ipv6.
+ + commit 3533b854408fa93734742b2ee12b62aa0d55ff28
+ * dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
+ * dirmngr/dirmngr.c (oDisableIPv6): New const.
+ (opts): New option --disable-ipv6.
+ (parse_rereadable_options): Set that option.
+ * dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
+ (set_dns_disable_ipv6): New.
+ (resolve_name_standard): Make use of it.
+ * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
+ OPT.DISABLE_IPV6.
+ * dirmngr/ks-engine-hkp.c (map_host): Ditto.
+ (send_request): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/ocsp.c (do_ocsp_request): Ditto.
+
+ dirmngr,w32: Silence the 'certificate already cached' message.
+ + commit fce36d7ec87be14b874813db277781c87a64ea87
+ * dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
+ message.
+
+ dirmngr: Handle EIO which is sometimes returned by cookie functions.
+ + commit cc32ddbcba8c53d3e2cad952d72f62dc73911042
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
+
+ dirmngr: Always print a warning for a missing /etc/hosts.
+ + commit 35c843c815306f36d1efbc52f5e2f6bac3f67aec
+ * dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
+ missing /etc/hosts.
+
+ dirmngr: Do not assume that /etc/hosts exists.
+ + commit 5d873f288e86edfb684f4dd57ac36466b06494a4
+ * dirmngr/dns-stuff.c (libdns_init): Do not bail out.
+
+ po: Update the German translation.
+ + commit c7be01dae914c183dd99bd531a388c794d858c61
+
+
+ gpgconf: Add --enable-extended-key-format for the agent.
+ + commit d23052b04ebb0ac731aa351650c4084f080c640b
+ * tools/gpgconf-conf.c: Add option.
+ * agent/gpg-agent.c (main) <aGPGConfList>: Add option.
+
+2017-04-03 Justus Winter <justus@g10code.com>
+
+ gpgscm: Slightly improve the procedure dispatch.
+ + commit 90932bdad607d06f4f040e3457caddba79ba8b7e
+ * tests/gpgscm/scheme.c (procnum): Procedures always have an integer
+ number, so we can safely use the cheaper 'ivalue_unchecked'.
+
+2017-04-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Handle critical marked 'Reason for Revocation'.
+ + commit 3f6d949011f485613bb4bd3e06a2643be79cce40
+ * g10/parse-packet.c (can_handle_critical): Add
+ SIGSUBPKT_REVOC_REASON.
+
+2017-04-02 Werner Koch <wk@gnupg.org>
+
+ agent: Use OCB for key protection with --enable-extended-key-format.
+ + commit d24375271b97e45deaeb1ef0a8434c64066ba2e8
+ * agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
+ (agent_protect): Make the default protection mode depend on the extend
+ key format option.
+
+2017-04-01 Werner Koch <wk@gnupg.org>
+
+ kbx: Unify blob reading functions.
+ + commit 0039d7107bcdfce6f3b02b46ff0495cfba07882a
+ * kbx/keybox-file.c (_keybox_read_blob): Remove.
+ (_keybox_read_blob2): Rename to ....
+ (_keybox_read_blob): this. Make arg options. Change all callers.
+ * kbx/keybox-search.c (keybox_search): Factor fopen call out to ...
+ (open_file): new.
+ (keybox_seek): Als use open_file.
+
+2017-03-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid multiple open calls to the keybox file.
+ + commit 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
+ * g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
+ * g10/gpg.h: here.
+ (struct server_control_s): Add field 'cached_getkey_kdb'.
+ * g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
+ * g10/getkey.c (getkey_end): Cache keydb handle.
+ (get_pubkey): Use cached keydb handle.
+ * kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
+ closing the file.
+
+ gpg: Pass CTRL also to getkey_end.
+ + commit aca5f494a88776d4974bfa9b0b65cb60c1b42040
+ * g10/getkey.c (getkey_end): Add arg CTRL. Change all callers.
+
+ gpg: Print more stats for the keydb and the signature cache.
+ + commit 3a10de3bfd785aefb0150e82b6dbbc7cb9f208c8
+ * g10/sig-check.c (sig_check_dump_stats): New.
+ (cache_stats): New struct.
+ (check_key_signature2): Update stats.
+ * g10/gpg.c (g10_exit): Call new function.
+ * g10/keydb.c (kid_not_found_cache_count): Replace by ...
+ (kid_not_found_stats): ... new struct. Change users.
+ (keydb_stats): New struct. Update the counters.
+ (keydb_dump_stats): Print all stats.
+
+ gpg: Assert that an opaque parameter is really what we expect.
+ + commit 52ba5e67cad4311d0ddbc4f2979e20afd0161d1f
+ * g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
+ (server_control_s): Add field 'magic'.
+ * g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
+ * g10/import.c (impex_filter_getval): Assert MAGIC.
+
+2017-03-30 Justus Winter <justus@g10code.com>
+
+ gpg: Consistent use of preprocessor conditionals.
+ + commit 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf
+ * g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
+ DEBUG_PARSE_PACKET. This fixes the build with '#define
+ DEBUG_PARSE_PACKET 0'.
+
+ common: Avoid undefined behavior.
+ + commit 214fa9012296d796b78f1a3106d656639cf50aef
+ * common/iobuf.c (iobuf_read_line): Do not consider 'length' if
+ 'buffer' is NULL.
+
+2017-03-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove the use of the signature information from a KBX.
+ + commit a6142dbdbc5783043deb847dc64998c421860941
+ * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
+ (keyblock_cache_clear): Adjust for that removal.
+ (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature
+ cache setting; this is now done in the parser.
+ (keydb_get_keyblock): Do not set SIGSTATUS.
+ (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change
+ caller.
+ * kbx/keybox-blob.c: Explain that the signature information is not
+ anymore used.
+ (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
+ callers.
+ * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
+ and change callers.
+ * kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
+
+ gpg: Fix actual leak and possible leaks in the packet parser.
+ + commit 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971
+ * g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
+ pointer to its struct.
+ (init_parse_packet): Adjust for LAST_PKT not being a pointer.
+ * g10/parse-packet.c (parse): Ditto. Free the last packet before
+ storing a new one in case of a deep link.
+ (parse_ring_trust): Adjust for LAST_PKT not being a pointer.
+ * g10/free-packet.c (free_packet): Ditto.
+ * g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
+
+ gpg: Fix export porting of zero length user ID packets.
+ + commit 64665404e43051fa50ee030766347e24b7d1e4d5
+ * g10/build-packet.c (do_user_id): Avoid indeterminate length header.
+
+ gpg: Revamp reading and writing of ring trust packets.
+ + commit a8895c99a7d0750132477d80cd66caaf3a709113
+ * g10/parse-packet.c (parse_trust): Rename to ...
+ (parse_ring_trust): this. Change args and implement new ring trust
+ packet format.
+ (parse): Add special ring trust packet handling.
+ * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
+ KEYSRC.
+ (PKT_public_key): Ditto.
+ (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
+ (PKT_ring_trust): New.
+ (struct packet_struct): Remove member RING_TRUST.
+ (strcu parse_packet_ctx_s): Add field SKIP_META.
+ (init_parse_packet): Init SKIPT_META.
+ * g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
+ (free_user_id): Ditto.
+ * g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
+ lines.
+ * g10/build-packet.c (build_packet_and_meta): New.
+ (do_ring_trust): New.
+ * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
+ in backup mode.
+ (do_export_one_keyblock): Ditto.
+ * g10/import.c (read_block): Add arg WITH_META. Skip ring trust
+ packets if that ism not set.
+ (import): Call read_block WITH_META in restore mode.
+ * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
+ (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
+ yet used, though.
+ * g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
+ (build_keyblock_image): Ditto. Use build_packet_and_meta.
+ * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
+ ring trust packets.
+ (write_keyblock): Use build_packet_and_meta. Remove special treatment
+ of ring trust packets and initialization of the signature caches.
+
+2017-03-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend free_packet to handle a packet parser context.
+ + commit afa86809087909a8ba2f9356588bf90cc923529c
+ * g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
+ FREE_LAST_PKT.
+ (init_parse_packet): Clear them.
+ (deinit_parse_packet): New macro. Change all users if
+ init_parse_packet to also call this macro.
+ * g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
+ packet copies in the context. Change all callers.
+ * g10/parse-packet.c (parse): Store certain packets in the parse
+ context.
+
+ gpg: Change parse_packet to take a context.
+ + commit 0526c99164d3531b5ec763ffc672407eb24b2296
+ * g10/packet.h (struct parse_packet_ctx_s): New.
+ (parse_packet_ctx_t): New type.
+ (init_parse_packet): New macro.
+ * g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
+ a parse context. Change all callers to provide a context instead of
+ directly supplying the input stream.
+ (search_packet, dbg_search_packet): Ditto.
+ (copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
+ (copy_some_packets, dbg_copy_some_packets): Ditto.
+ (skip_some_packets, dbg_skip_some_packets): Ditto.
+
+ gpg: Export ring trust packets in backup mode.
+ + commit f5b565a5b8de3f2a3d98bc1a655e18333aee223b
+ * g10/export.c (write_keyblock_to_output): Export ring trust packets.
+
+2017-03-28 Justus Winter <justus@g10code.com>
+
+ tests,w32: Fix importing the extra key for GPGME's keylist test.
+ + commit b20780658ebb1e1245db18c04db3e815399cf706
+ * tests/gpgme/wrap.scm: Qualify the tests name with the extension for
+ executables (if any).
+
+2017-03-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Prepare for listing last_update and key origin data.
+ + commit 4af389c9721fa534ed06a64b80705b631575c775
+ * g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.
+
+2017-03-28 Justus Winter <justus@g10code.com>
+
+ tests: Fix distcheck.
+ + commit 5128cd74c029d57491a79ca9e918c81facdf1b76
+ * tests/openpgp/Makefile.am (sample_msgs): Add all missing sample
+ messages.
+
+ tests: Add test for '--decrypt --unwrap'.
+ + commit 211d71f19c24da94f4c58014606125c1a29d86a2
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/decrypt-unwrap-verify.scm: New file.
+
+ g10: Fix memory leak.
+ + commit 6d3edfd972c1114f43f6b35773dc25e0256f48f4
+ * g10/decrypt-data.c (decrypt_data): Free 'filename'.
+
+2017-03-27 Justus Winter <justus@g10code.com>
+
+ common: Fix connecting to the agent.
+ + commit caf00915532e6e8e509738962964edcd14fb0654
+ * common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
+
+2017-03-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Support specifying SERIALNO for --card-status.
+ + commit c1e6302b347caf852a056b9c721469ccb51f44da
+ * g10/gpg.c (main): Allow an argument for --card-status.
+ * g10/card-util.c (current_card_status): Rename from card_status.
+ (card_status): New, which supports multiple cards.
+ (get_one_name): Use current_card_status.
+
+ scd: Change the order of applications when accessed.
+ + commit d58275703f035e8cfd58cd1c2d0d5ac7dc59e110
+ * scd/app.c (select_application): Move the app to top.
+
+ scd: Fix timeout handling for key generation.
+ + commit 0848cfcce738150b53bfb65b78efc1e6dc9f3d26
+ * scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
+ (CCID_CMD_TIMEOUT_LONGER): New.
+ (ccid_transceive): Add kludge for key generation.
+
+2017-03-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve check for already compressed packets.
+ + commit 0b3770c421a35b64823a805fa8d49ddd5c653d50
+ * common/miscellaneous.c (is_openpgp_compressed_packet): New.
+ (is_file_compressed): Rerad 2 more bytes and call new function.
+
+ agent: New option --enable-extended-key-format.
+ + commit 2c237c13628a88ba23742da34ea18d3e205d7c53
+ * agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
+ (opts): New option --enable-extended-key-format.
+ (parse_rereadable_options): Set option
+ * agent/findkey.c (write_extended_private_key): Add arg 'update'.
+ (agent_write_private_key): Implement new option.
+
+ agent: New option --stub-only for DELETE_KEY.
+ + commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7
+ * agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
+ * agent/command.c (cmd_delete_key): Add option --stub-only.
+
+2017-03-23 Werner Koch <wk@gnupg.org>
+
+ common: Implicitly do a gpgconf --create-socketdir.
+ + commit 26086b362ff47d21b1abefaf674a6464bf0a8921
+ * common/homedir.c (_gnupg_socketdir_internal): Create the
+ sub-directory.
+
+ tests: Use gpgconf to stop the agent.
+ + commit 2c9d9ac55ea455a5ec26428989dced0311ed46cc
+ * tests/openpgp/defs.scm (stop-agent): Swap order of actions. Kill
+ all daemons using gpgconf.
+ * tools/gpgconf.c (main) <aRemoveSocketDir>: Try to remove known
+ socketfails on rmdir failure. Do no fail for ENONET.
+
+2017-03-23 Justus Winter <justus@g10code.com>
+
+ gpgscm: Make test cleanup more robust.
+ + commit 178b6314ab2d2268873067314744c8af74dc331e
+ * tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that
+ cleans up at interpreter shutdown.
+ (run-tests-parallel): Use the new function.
+ (run-tests-sequential): Likewise.
+ (make-environment-cache): Execute setup with an temporary working
+ directory.
+
+2017-03-21 Justus Winter <justus@g10code.com>
+
+ tests: Test '--quick-set-primary-uid'.
+ + commit fde885bbc47a4bf14a8570ac62e68adc8cf47a6e
+ * tests/openpgp/quick-key-manipulation.scm: Test
+ '--quick-set-primary-uid'.
+
+ tests,w32: Use GetTempPath to get the path for temporary files.
+ + commit d17840c3f40111beaf97d96ad3ca52047976e221
+ * tests/gpgscm/ffi.c (do_get_temp_path): New function.
+ (ffi_init): Make function available.
+ * tests/gpgscm/tests.scm (mkdtemp): Use the new function.
+
+2017-03-21 Werner Koch <wk@gnupg.org>
+
+ gpg: New command --quick-set-primary-uid.
+ + commit 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4
+ * g10/gpg.c (aQuickSetPrimaryUid): New const.
+ (opts): New command --quick-set-primary-uid.
+ (main): Implement it.
+ * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
+ (quick_find_keyblock): new func.
+ (keyedit_quick_revuid): Use quick_find_keyblock.
+ (keyedit_quick_set_primary): New.
+
+2017-03-21 Justus Winter <justus@g10code.com>
+
+ dirmngr: Fix error handling.
+ + commit 483c1288a8f86dc6bf93d0d3f2865ecc246aecba
+ * dirmngr/dns-stuff.c (libdns_init): Convert error before printing it.
+
+ dirmngr: Load the hosts file into libdns.
+ + commit 88f1505f0613894d5544290a170119eb538921e5
+ * dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
+ libdns.
+
+ tests: Create temporary directories in '/tmp'.
+ + commit 06f1f163e96f1039304fd3cf565cf9de1ca45849
+ * tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in
+ '/tmp' on UNIX, or in '%Temp' on Windows.
+ * tests/migrations/common.scm (run-test): Turn error into a warning.
+ * tests/openpgp/defs.scm (start-agent): Likewise.
+
+2017-03-20 Justus Winter <justus@g10code.com>
+
+ tests: Remove debugging remnants.
+ + commit ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2
+ * tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's.
+
+ tests: Fail if we cannot create the socket directory.
+ + commit d75d20909d9f60d33ffd210def92278c0f383aad
+ * tests/migrations/common.scm (run-test): Turn warning into an error.
+ * tests/openpgp/defs.scm (start-agent): Likewise.
+
+2017-03-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Add new field no 18 to the colon listing.
+ + commit fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e
+ * g10/misc.c (gnupg_pk_is_compliant): New.
+ * g10/keylist.c (print_compliance_flags): New.
+ (list_keyblock_colon): Call it here.
+ * sm/keylist.c (print_compliance_flags): New.
+ (list_cert_colon): Call it here.
+
+ gpg: Remove unused stuff.
+ + commit e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6
+ * g10/OPTIONS: Remove.
+ * g10/options.h (struct opt): Remove 'shm_coprocess'.
+
+2017-03-17 Neal H. Walfield <neal@g10code.com>
+
+ tests: Add test for issue 2959.
+ + commit fb9d68d636490ca88925051f48b08963c324aed1
+ * tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask.
+
+ gpg: Make sure the conflict set includes the current key.
+ + commit b1106b4d640325c60a7212a4a44e4f67c0e3312d
+ * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
+ get_policy. If POLICY is 'auto' and the default policy is 'ask', make
+ sure CONFLICT_SET includes the current key.
+
+2017-03-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Ignore warning alerts in the GNUTLS handshake.
+ + commit 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e
+ * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
+ alerts.
+
+2017-03-17 Justus Winter <justus@g10code.com>
+
+ gpgscm: Simplify hash tables.
+ + commit 6a3f857224eab108ae38e6259194b01b0ffdad8b
+ * tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a
+ slot. Simplify accordingly.
+ (oblist_find_by_name): Always return the slot.
+ (vector_elem_slot): New function.
+ (new_slot_spec_in_env): We now always get a slot. Remove parameter
+ 'env'. Simplify accordingly.
+ (find_slot_spec_in_env): Always return a slot.
+ (new_slot_in_env): Adapt callsite.
+ (opexe_0): Likewise.
+ (opexe_1): Likewise.
+ (scheme_define): Likewise.
+
+ gpgscm: Remove framework for immediate values.
+ + commit 38c955599f7c6c20faeec57d8e1df7d2c0eeba18
+ * tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro.
+ (is_immediate): Likewise.
+ (set_immediate): Likewise.
+ (clr_immediate): Likewise.
+ (enum scheme_types): Set the LSB in every value.
+ (fill_vector): Adapt.
+ (vector_elem): Likewise.
+ (set_vector_elem): Likewise.
+ (mark): Likewise.
+ (gc): Test for the LSB to tell typeflags apart from pointers stored in
+ the same memory location.
+
+2017-03-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent,g10: Remove redundant SERIALNO request.
+ + commit 8c8ce8711d9c938fcb982b0341e6b052742cb887
+ * agent/learncard.c (agent_handle_learn): Don't call
+ agent_card_serialno. Get the serialno in status response.
+ * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
+ (agent_scd_serialno): New.
+ (card_cardlist_cb, agent_scd_cardlist): New.
+
+2017-03-15 Justus Winter <justus@g10code.com>
+
+ tests: Fix using tools from the build directory.
+ + commit a98459d3f4ec3d196fb0adb0e90dadf40abc8c81
+ * tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix
+ to gpgconf here...
+ (gpg-components): ... instead of only here.
+
+ tests: Dump the tools that the tests are going to use.
+ + commit c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba
+ * tests/openpgp/setup.scm: Dump the tools that the tests are going to
+ use. This will help us diagnose problems with the tests picking the
+ wrong paths in the future.
+
+ build: Remove '--disable-tools' configuration option.
+ + commit 6993e42088c191f18468317ba2b5b8fbc8c3edff
+ * Makefile.am (SUBDIRS): Unconditionally include 'tools'.
+ * configure.ac: Remove '--disable-tools' configuration option.
+
+2017-03-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix check of serialno.
+ + commit 61785b679c542bbd789395fa632eb8b5133b01ad
+ * g10/card-util.c (card_status): Fix.
+
+ g10: Remove unused function.
+ + commit ed3248219e921ee24f6f1b2985abb7e0945d70e9
+ * g10/call-agent.c (select_openpgp): Remove.
+
+ tests: Fix running python condition.
+ + commit a672ddec03f96475866d712b28be18b3fab43aef
+ * tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python.
+
+2017-03-14 Justus Winter <justus@g10code.com>
+
+ tests: Skip Python tests if the bindings are not built.
+ + commit d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3
+ * tests/gpgme/wrap.scm (python): Move variable...
+ * tests/gpgme/gpgme-defs.scm (python): ... here.
+ (run-python-tests?): New function.
+ * tests/gpgme/run-tests.scm: Only run Python tests if the bindings can
+ be located in GPGME's build directory.
+
+2017-03-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Flush stdout before printing stats with --check-sigs.
+ + commit 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8
+ * g10/keylist.c (print_signature_stats): Flush stdout.
+ (list_keyblock_colon): Use es_flush instead of fflush.
+
+2017-03-09 Justus Winter <justus@g10code.com>
+
+ tests: Run the tests for the Python bindings of GPGME.
+ + commit 046a15a88c83b40a753b4ad7ecc1456efa5b527f
+ * tests/gpgme/gpgme-defs.scm (create-file): Write lines.
+ (create-gpgmehome): Extend function to create the right environment
+ for the Python tests.
+ * tests/gpgme/run-tests.scm: Make an environment cache for the Python
+ tests and enable them.
+ * tests/gpgme/wrap.scm: Do not hardcode the path of the Python
+ interpreter.
+
+ tests: Rework environment setup.
+ + commit cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d
+ * tests/gpgscm/tests.scm (test::scm): Add a setup argument.
+ (test::binary): Likewise.
+ (run-tests-parallel): Remove setup parameter.
+ (run-tests-sequential): Likewise.
+ (make-environment-cache): New function that handles the cache
+ protocol.
+ * tests/gpgme/run-tests.scm: Adapt accordingly.
+ * tests/gpgsm/run-tests.scm: Likewise.
+ * tests/migrations/run-tests.scm: Likewise.
+ * tests/openpgp/run-tests.scm: Likewise.
+
+2017-03-08 Werner Koch <wk@gnupg.org>
+
+ wks: Put stdout into binary mode for Windows at another place.
+ + commit ed5575ec550ff16b0b901a23c6aa3eb3d47b0575
+ * tools/wks-util.c (wks_send_mime): Set stdout to binary.
+
+ wks: Put stdout into binary mode for Windows.
+ + commit 5c83759364272b19ceafbef46d057f0430a12698
+ * tools/send-mail.c (send_mail_to_file): Call es_set_binary.
+
+2017-03-08 Justus Winter <justus@g10code.com>
+
+ build: Use macOS' compatibility macros to enable all features.
+ + commit dd60e868d2bf649a33dc96e207ffd3b8ae4d35af
+ * configure.ac: On macOS, use the compatibility macros to expose every
+ feature of the libc. This is the equivalent of _GNU_SOURCE on GNU
+ libc.
+
+ g10: Move more flags into the flag bitfield.
+ + commit 2649fdfff5d9e227025956e015b67502fd4962c4
+ * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
+ 'is_expired' into the flags bitfield, and drop the prefix.
+ * g10/call-dirmngr.c: Adapt accordingly.
+ * g10/export.c: Likewise.
+ * g10/getkey.c: Likewise.
+ * g10/import.c: Likewise.
+ * g10/kbnode.c: Likewise.
+ * g10/keyedit.c: Likewise.
+ * g10/keylist.c: Likewise.
+ * g10/keyserver.c: Likewise.
+ * g10/mainproc.c: Likewise.
+ * g10/pkclist.c: Likewise.
+ * g10/pubkey-enc.c: Likewise.
+ * g10/tofu.c: Likewise.
+ * g10/trust.c: Likewise.
+ * g10/trustdb.c: Likewise.
+
+2017-03-08 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Do not put a keyserver into a new dirmngr.conf.
+ + commit 8f028642239fa992c6c059e3c1b4421a1813c827
+ * g10/dirmngr-conf.skel: Do not define keyservers.
+
+ doc: Add a note to the trust model direct.
+ + commit f0257b4a86b73f5b956028e68590b6d2a23ea4da
+ * doc/gpg.texi (GPG Configuration Options): Add note. Chnage Index
+ from trust-mode:foo to trust-model:foo.
+
+2017-03-07 Justus Winter <justus@g10code.com>
+
+ Revert "build: Improve CFLAGS handling."
+ + commit b71384c8054ce2f245ccfae02b8ee81e1adfc512
+ This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4.
+
+ build: Improve CFLAGS handling.
+ + commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4
+ * configure.ac: Strip any flags matching '-Werror' from CFLAGS before
+ running the tests, and add them back later on.
+
+2017-03-07 Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
+
+ gpgscm: Use system strlwr if available.
+ + commit c22a2a89d3bd3d08b3abb8e4e33df32b480338ec
+ * tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
+ not defined in config.h.
+ * tests/gpgscm/scheme-config.h: Remove hack.
+
+2017-03-07 Justus Winter <justus@g10code.com>
+
+ gpg: Do not allow the user to revoke the last valid UID.
+ + commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1
+ * g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
+ make sure that we do not revoke the last valid UID.
+ (menu_revuid): Make sure that we do not revoke the last valid UID.
+ * tests/openpgp/quick-key-manipulation.scm: Demonstrate that
+ '--quick-revoke-uid' can not be used to revoke the last valid UID.
+
+2017-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ tools: Removal of -Icommon.
+ + commit 80fb1a8a05b2194af16027555b09bbd5d48ec9ac
+ * tools/gpg-wks-server.c: Follow the change.
+
+ More change for common.
+ + commit d6c7bf1f8ab8899faba2fb81a35b096921c38f3c
+ * g10, scd, test, tools: Follow the change of removal of -Icommon.
+
+ Remove -I option to common.
+ + commit 70aca95d6816082b289fceca8eabfcf718a6b701
+ * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
+ * g10/Makefile.am (AM_CPPFLAGS): Ditto.
+ * g13/Makefile.am (AM_CPPFLAGS): Ditto.
+ * kbx/Makefile.am (AM_CPPFLAGS): Ditto.
+ * scd/Makefile.am (AM_CPPFLAGS): Ditto.
+ * sm/Makefile.am (AM_CPPFLAGS): Ditto.
+ * tools/Makefile.am (AM_CPPFLAGS): Ditto.
+ * Throughout: Follow the change.
+
+2017-03-07 Justus Winter <justus@g10code.com>
+
+ tests: Avoid overflowing signed 32 bit time_t.
+ + commit de3838372ae3cdecbd83eea2c53c8e2656d93052
+ * tests/openpgp/quick-key-manipulation.scm: Use expiration times in
+ the year 2038 instead of 2105 to avoid overflowing 32 bit time_t.
+ time_t is used internally to parse the expiraton time from the iso
+ timestamp.
+
+2017-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Resolve conflict of util.h.
+ + commit 176e07ce10d892fa7c7b96725b38b2fec9a1f916
+ * agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
+ * agent/call-pinentry.c, agent/call-scd.c: Follow the change.
+ * agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
+ * agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
+ * agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
+ * agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
+ * agent/w32main.c: Ditto.
+
+ agent: Add include files.
+ + commit bf03925751abb739f2fd9d631694d3dd33decf92
+ * agent/command-ssh.c: Add sys/socket.h and sys/un.h.
+
+ agent: Fix get_client_pid for portability.
+ + commit f7f806afa5083617f4aba02fc3b285b06a7d73d4
+ * configure.ac: Simply check getpeerucred and ucred.h, and structure
+ members.
+ * agent/command-ssh.c: Include ucred.h.
+ (get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
+ structure for OpenBSD.
+ [LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
+ [LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
+ [HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.
+
+ common: Fix warning for portability.
+ + commit b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5
+ * common/localename.c (do_nl_locale_name): We don't use CATEGORY.
+
+ tools: More portable for openpty use.
+ + commit ce37ada87139ef418401f9f35439007a8c04a856
+ * configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h.
+ * tools/symcryptrun.c: Include those headers.
+
+ scd: Close THE_EVENT handle.
+ + commit cc933a96f8e83bc66fb69ed33d9593acdd60c929
+ * scd/scdaemon.c (handle_connections): Close the handle.
+
+2017-03-06 Justus Winter <justus@g10code.com>
+
+ tests: Harmonize temporary and socket directory handling.
+ + commit 7e19786a5ddef637d1d9d21593fecf5a36b6f372
+ * tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the
+ environment variable 'TMP', make sure to always return an absolute
+ path.
+ * tests/gpgme/Makefile.am (TMP): Drop variable.
+ (TESTS_ENVIRONMENT): Drop 'TMP'.
+ * tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent. Do
+ not create private key store, the agent does that for us.
+ * tests/gpgsm/Makefile.am (TMP): Drop variable.
+ (TESTS_ENVIRONMENT): Drop 'TMP'.
+ * tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent. Do
+ not create private key store, the agent does that for us.
+ * tests/migrations/Makefile.am (TMP): Drop variable.
+ (TESTS_ENVIRONMENT): Drop 'TMP'.
+ * tests/migrations/common.scm (gpgconf): New variable.
+ (run-test): Create and remove socket directory.
+ * tests/migrations/extended-pkf.scm (src-tarball): Remove variable.
+ (setup): Remove function.
+ (trigger-migration): Likewise.
+ Use 'run-test' to execute the test.
+ * tests/migrations/from-classic.scm (src-tarball): Remove variable.
+ (setup): Remove function.
+ Use 'run-test' to execute the tests.
+ * tests/openpgp/Makefile.am (TMP): Drop variable.
+ (TESTS_ENVIRONMENT): Drop 'TMP'.
+ * tests/openpgp/README: Do not mention 'TMP'.
+ * tests/openpgp/defs.scm (with-home-directory): New macro.
+ (create-legacy-gpghome): Do not create private key store, the agent
+ does that for us.
+ (start-agent): Make sure to terminate the right agent with 'atexit'.
+
+ gpgscm: Fix creation of temporary directories.
+ + commit 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea
+ * tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the
+ template.
+
+2017-03-06 Werner Koch <wk@gnupg.org>
+
+ wks: Set published keys world-readable.
+ + commit e3589110e01dc6ad04463351ec2ce17201556d09
+ * tools/gpg-wks-server.c (check_and_publish): Set the permissions.
+
+ gpg: Fix attempt to double free an UID structure.
+ + commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f
+ * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
+
+2017-03-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix compiler warnings for app-openpgp.c.
+ + commit e6ca015ae182a6dbb0466441efc17c99683e9375
+ * scd/app-openpgp.c (retrieve_key_material): Remove touching I.
+ (do_change_pin): Make sure going to leave if PINVALUE == 0.
+ (rsa_writekey): Emit simpler log.
+
+ scd: More cleanup of old code.
+ + commit 9bf39ed75ddbd35908bcd0996f55325ff801619a
+ * scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
+ * scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
+ (read_ef_aodf): Likewise.
+ (read_ef_cdf): Change the control to parse_error.
+ * scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
+ (read_ef_prkd): Remove assign to S.
+ (read_ef_prkd): Check if PRKDF is not null.
+ (read_ef_cd): Likewise for CDF.
+
+ scd: Clean up old code.
+ + commit cb6337329d3c858c695a7e56e2fc31d9d50ca3fe
+ * scd/apdu.c (CT_init, CT_data, CT_close): Remove.
+ (ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader)
+ (ct_get_status, ct_send_apdu, open_ct_reader): Remove.
+ (new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling.
+ (writen, readn): Remove.
+ (pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader)
+ (reset_pcsc_reader, open_pcsc_reader): Only DIRECT version.
+ (apdu_open_one_reader): Remove CT_api handling.
+ (apdu_get_status_internal, send_le): Fix to stop warnings.
+
+ scd: Fix API of select_file/_path.
+ + commit 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c
+ * scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove
+ unused arguments.
+ * scd/app-dinsig.c (do_readcert): Follow the change.
+ * scd/app-help.c (app_help_read_length_of_cert): Likewise.
+ * scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey)
+ (switch_application): Likewise.
+ * scd/app-p15.c (select_and_read_binary, select_ef_by_path)
+ (micardo_mse, app_select_p15): Likewise.
+ * scd/app.c (app_new_register): Likewise.
+
+ agent: For SSH, robustly handling scdaemon's errors.
+ + commit 4ce4f2f683a17be3ddb93729f3f25014a97934ad
+ * agent/command-ssh.c (card_key_list): Return 0 when
+ agent_card_serialno returns an error.
+ (ssh_handler_request_identities): Handle errors for card listing
+ and proceed to other cases.
+
+2017-03-03 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix commit de6d8313.
+ + commit 67c203b6bf8d6dd489ceef3391f609986e7b7a49
+ * dirmngr/http-common.c (get_default_keyserver): Fix assert.
+
+2017-03-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix scd_kick_the_loop.
+ + commit f9acc7d18bb90f47dafe7e32ae92f567756d6b12
+ * scd/scdaemon.c (notify_fd): Remove.
+ (the_event) [W32]: New.
+ (main_thread_pid) [!W32]: New.
+ (handle_signal): Handle SIGCONT.
+ (scd_kick_the_loop): Use signal on UNIX and event on Windows.
+ (handle_connections): Likewise.
+
+2017-03-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix possible segv when attribute packets are filtered.
+ + commit 5f6f3f5cae8a95ed469129f9677782c17951dab3
+ * g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as
+ PKT_USER_ID
+ (apply_drop_sig_filter): Ditto.
+
+ gpg: Add new variables to the import and export filters.
+ + commit 1813f3be23bdab5a42070424c47cb8daa9d9e6b7
+ * g10/import.c (impex_filter_getval): Add new variables "expired",
+ "revoked", and "disabled".
+
+2017-03-02 Werner Koch <wk@gnupg.org>
+
+ tools: Fix compile error with older gcc versions.
+ + commit b1f48da02b474e985161aa2778d7b602a13c4292
+ * tools/mime-parser.h: Include rfc822parse.h.
+ (struct rfc822parse_context): Remove duplicate definition.
+
+ dirmngr: Rearrange files to fix de6d831.
+ + commit 1890896fe698c55d15160a53aa6c5c22dc424031
+ * dirmngr/http-common.c: New.
+ * dirmngr/http-common.h: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
+ (t_http_SOURCES): Add them.
+ (t_ldap_parse_uri_SOURCES): Add them.
+ * dirmngr/misc.c (get_default_keyserver): Move to ...
+ * dirmngr/http-common.c: here.
+ * dirmngr/http.c: Include http-common.h instead of misc.h.
+ * dirmngr/http-ntbtls.c: Ditto.
+
+ dirmngr: Let --gpgconf-list return the default keyserver.
+ + commit de6d8313f6df32aaa151bee74e1db269ac1e0fed
+ * dirmngr/misc.c (get_default_keyserver): New.
+ * dirmngr/http.c: Include misc.h
+ (http_session_new): Use get_default_keyserver instead of hardwired
+ "hkps.pool.sks-keyservers.net".
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
+ * dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.
+
+2017-03-02 Justus Winter <justus@g10code.com>
+
+ gpg: Always initialize the trust db when generating keys.
+ + commit 0c4d0620d327e8a2069532a5519afefe867a47d6
+ * g10/gpg.c (main): Always initialize the trust db when generating
+ keys.
+ * g10/keygen.c (do_generate_keypair): We can now assume that there is
+ a trust db.
+
+ gpg: Fix (quick) key generation with --always-trust.
+ + commit 4735ab96aa5577d40ba7b3f72d863057198cc6a7
+ * g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
+ do have a trust database.
+ * g10/trustdb.c (have_trustdb): New function.
+ * g10/trustdb.h (have_trustdb): New prototype.
+ * tests/openpgp/quick-key-manipulation.scm: Remove workaround.
+
+2017-03-02 Werner Koch <wk@gnupg.org>
+
+ agent: Improve error message for the KEYTOCARD command.
+ + commit d6f0f368763006abf08818bfefcd32ecedb5c20a
+ * agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify
+ timestamp checking and do an early test with an appropriate error
+ message.
+
+2017-03-02 Justus Winter <justus@g10code.com>
+
+ g10: Signal an error when trying to revoke non-existant UID.
+ + commit 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0
+ * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to
+ revoke non-existant UID.
+ * tests/openpgp/quick-key-manipulation.scm: Test that.
+
+ tests: Log information about ssh, add comments to test.
+ + commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0
+ * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and
+ log the binary and version used in the test.
+ (ssh-supports?): Document how we test what algorithms are supported by
+ ssh, and log ssh-keygen's replies.
+
+ common,tools: Always escape newlines when escaping data.
+ + commit e064c75b08a523f738108428fe0c417a46e66238
+ * common/stringhelp.c (do_percent_escape): Always escape newlines.
+ * tools/gpgconf-comp.c (gc_percent_escape): Likewise.
+
+2017-03-01 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.19.
+ + commit 4a28c212b35739ce951bd41cfc6ef1a215846b2e
+
+
+ build: Add kludge for "make distcheck" in a release build.
+ + commit 246b27921b5dc34f367d879402725784aaee2494
+ * configure.ac: New option --enable-gnupg-builddir-envvar.
+ (ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
+ * common/homedir.c (gnupg_set_builddir_from_env): Consider
+ ENABLE_GNUPG_BUILDDIR_ENVVAR.
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
+ (AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option
+ --enable-gnupg-builddir-envvar.
+
+2017-03-01 Yuri Chornoivan <yurchor@ukr.net>
+
+ po: Update Ukrainian translation.
+ + commit c7f2a59833728e99e00449da2ddb10cf66693e7e
+
+
+2017-03-01 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 280c724fe26bfd861ac74abc71e221795d8947f0
+
+
+2017-03-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Make --export-options work with --export-secret-keys.
+ + commit 891ab23411b7f20ef37d8bde81d9857b083235df
+ * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
+ do_export.
+ (export_secsubkeys): Ditto.
+ * g10/gpg.c (main): Pass opt.export_options to export_seckeys and
+ export_secsubkeys
+
+ gpg: Allow creating keys using an existing ECC key.
+ + commit 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed
+ * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
+ Change to return the algo id. Reimplement using get_pk_algo_from_key.
+ * g10/keygen.c (check_keygrip): Adjust for change.
+ * sm/certreqgen-ui.c (check_keygrip): Ditto.
+
+2017-02-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not require a trustdb for decryption.
+ + commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea
+ * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
+ Change to return an error code. Change all callers to to pass False
+ for NO_CREATE.
+ (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
+ for a non-existing trustdb. Change all callers to to pass False for
+ NO_CREATE.
+ (tdb_get_min_ownertrust): Ditto.
+ * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
+ init_trustdb for a quick check.
+ (get_ownertrust_info): Add arg NO_CREATE.
+ (get_ownertrust_string): Ditto.
+ * g10/gpgv.c (get_ownertrust_info): Adjust stub.
+ * g10/test-stubs.c (get_ownertrust_info): Ditto.
+ * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
+ set.
+ * g10/pubkey-enc.c (get_it): Ditto.
+
+2017-02-28 Justus Winter <justus@g10code.com>
+
+ gpgscm: Improve parsing.
+ + commit e4583ae14e52482ab390c102d071755f91ab211d
+ * tests/gpgscm/scheme.c (port_increment_current_line): Avoid creating
+ the same integer if the delta is zero. This happens a lot during
+ parsing, and puts pressure on the memory allocator.
+
+ gpgscm: Fix calculating the line number.
+ + commit 058c97f9fc485405246b1adfcc905c1891550652
+ * tests/gpgscm/scheme.c (opexe_5): Only increment the line number on
+ newlines.
+
+ gpg,tools: Make auto-key-retrieve configurable via gpgconf.
+ + commit d379a0174cca595204b32da9a66c513a1304e6d0
+ * g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'.
+ * tools/gpgconf-comp.c (gc_options_gpg): Likewise.
+
+ tests: Improve support for gpgconf.
+ + commit 41900175cf046dd9abe3d7a6805f6a403d68df15
+ * tests/openpgp/defs.scm: Improve high-level inteface to gpgconf.
+ * tests/openpgp/gpgconf.scm: Adapt.
+ * tests/openpgp/tofu.scm: Use it to select the trust model.
+
+ gpg,tools: Make trust-model configurable via gpgconf.
+ + commit ebeccd73eb85f9027f0985d77dfe901266c6ddef
+ * g10/gpg.c (gpgconf_list): Add 'trust-model'.
+ * tools/gpgconf-comp.c (gc_options_gpg): Likewise.
+
+ gpgscm: Track source locations in every kind of ports.
+ + commit 7cc57e2c63d0fa97569736419db5c76117e7685b
+ * tests/gpgscm/scheme-private.h (struct port): Move location
+ information out of the union.
+ * tests/gpgscm/scheme.c (mark): All ports need marking now.
+ (gc): Likewise all ports on the load stack.
+ (port_clear_location): Adapt accordingly. Also, add an empty function
+ for !SHOW_ERROR_LINE.
+ (port_increment_current_line): Likewise.
+ (port_reset_current_line): Drop function in favor of...
+ (port_init_location): ... this new function.
+ (file_push): Simplify.
+ (file_pop): Likewise.
+ (port_rep_from_filename): Likewise.
+ (port_rep_from_file): Likewise.
+ (port_rep_from_string): Also initialize the location.
+ (port_rep_from_scratch): Likewise.
+ (port_close): Simplify and generalize.
+ (skipspace): Likewise.
+ (token): Likewise.
+ (_Error_1): Generalize.
+ (opexe_5): Likewise.
+ (scheme_deinit): Simplify and generalize.
+ (scheme_load_named_file): Likewise.
+ (scheme_load_string): Also initialize the location.
+
+2017-02-28 Werner Koch <wk@gnupg.org>
+
+ gpgv,w32: Fix --status-fd.
+ + commit 8a67dc4c4324b617b5a3fea51c59c674488544d6
+ * g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd.
+
+ w32: Make pipes really pollable.
+ + commit 1192449207f41b26be8950b04df84a52c8a2a886
+ * common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle
+ to print the fd for the command line.
+ * common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so
+ that the streams are actually pollable.
+
+2017-02-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: Avoid warnings during non-ntbtls build.
+ + commit f5782e11a560fd590221042391254c810a42e45f
+ * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not
+ using ntbtls.
+
+ trustdb: Respect --quiet during --import-ownertrust.
+ + commit ddf01a67d6388d988f1db50a06facb21c14d9426
+ * g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send
+ log_info messages.
+
+2017-02-26 Manish Goregaokar <manish@mozilla.com>
+
+ g10: fix typo.
+ + commit 64ec21bebd3f136722e608649906b59c6add6947
+ I already have copyright assignment with the FSF for GDB. I don't
+ think I'll need to do the DCO thing.
+
+2017-02-24 Werner Koch <wk@gnupg.org>
+
+ gpgv: New options --log-file and --debug.
+ + commit 7af5d61c6e210210c777be9e6e87720dd4a055d9
+ * g10/gpgv.c (oLoggerFile, oDebug): New consts.
+ (opts): Add options --log-file and --debug.
+ (main): Implement options.
+
+2017-02-24 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo,w32: Fix gpg-wks-client installation.
+ + commit 49b4a676148523b51beca3ae929e9d78ed7ba110
+ * build-aux/speedo/w32/inst.nsi: gpg-wks-client is an exe.
+
+2017-02-23 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add new debug flag "extprog"
+ + commit 22b69b9edfdf6e6172239cbd1075ffe29077d339
+ * dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
+ * dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
+ (handle_connections): Use a macro instead of -1 for an invalid socket.
+ * dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.
+
+ wks: Make sure that the draft 2 request is correctly detected.
+ + commit d30e17ac62dea8913b7f353971d546b6b1a09bd5
+ * tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
+ * tools/wks-receive.c (new_part): Move test wks draft version to ...
+ (t2body): new callback.
+ (wks_receive): Register this callback.
+ * tools/gpg-wks-server.c (send_confirmation_request): Emit draft
+ version header.
+ (send_congratulation_message): Ditto.
+ * tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
+ (decrypt_stream_status_cb): Check DECRYTPION_KEY status.
+ (decrypt_stream): Get infor from new callback.
+ (process_confirmation_request): New arg 'mainfpr'. Check that it
+ matches the decryption key.
+ (read_confirmation_request): Check that the decryption key has been
+ generated by us.
+ (command_send): Use macro from draft version header.
+ (send_confirmation_response): Emit draft version header.
+
+ wks: New callback for the mime parser.
+ + commit a2090250829fe8989be2afc8cf41ba2a022072fc
+ * tools/mime-parser.c (mime_parser_context_s): New field 't2body'.
+ (parse_message_cb): Call that callback.
+ (mime_parser_set_t2body): New.
+
+ gpg: Emit new status DECRYPTION_KEY.
+ + commit effa80e0b5fd8cf9e31a984afe391c2406edee8b
+ * common/status.h (STATUS_DECRYPTION_KEY): New.
+ * g10/pubkey-enc.c (get_it): Emit that status.
+
+ dirmngr,w32: Make https with ntbtls work.
+ + commit a42bf00b4edce789999aa3bdfce235cf726463ae
+ * dirmngr/http.c (simple_cookie_functions): New.
+ (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
+ (cookie_read): Factor some code out to ...
+ (read_server): new.
+ (simple_cookie_read, simple_cookie_write) [W32]: New.
+
+2017-02-22 Werner Koch <wk@gnupg.org>
+
+ scd,agent: Improve the OpenPGP PIN prompt texts.
+ + commit f98c8cb013033c08e98ebedcc0e084fbd2a85b0c
+ * scd/app-openpgp.c (get_prompt_info): Change texts.
+ * agent/call-pinentry.c (struct entry_features): New.
+ (getinfo_features_cb): New.
+ (start_pinentry): Set new fucntion as status callback.
+ (build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
+ one.
+
+2017-02-22 Andre Heinecke <aheinecke@intevation.de>
+
+ scd: Nitpicks on the improved card prompts.
+ + commit 143ca039e1e81140ae520cc1025f8e25c01acc80
+ * src/app-openpgp.c (get_prompt_info): Change wording and order
+ slightly.
+
+2017-02-22 Werner Koch <wk@gnupg.org>
+
+ scd: Improve the prompts for OpenPGP cards.
+ + commit e3944f34e3220f96fb1be449eb6f3d7360bc2d0b
+ * scd/app-openpgp.c (get_disp_name): New.
+ (get_disp_serialno): New.
+ (get_prompt_info): New.
+ (build_enter_admin_pin_prompt): Rework the prompt texts. Factor some
+ code out to ...
+ (get_remaining_tries): New.
+ (verify_a_chv): Print a remaining counter also for the standard PIN.
+ Rework the prompt texts.
+
+ * agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
+ no.
+
+ agent: Prepend the description to a PIN prompt.
+ + commit 6488ffb767733a2cf92ca5ba3e61fc0c53e0f673
+ * agent/divert-scd.c (has_percent0A_suffix): New.
+ (getpin_cb): Prepend DESC_TEXT to the prompt.
+ * agent/findkey.c (modify_description): Rename to ...
+ (agent_modify_description): this. MAke global. Add kludge to remove
+ empty parentheses from the end.
+ (agent_key_from_file, agent_delete_key): Adjust for above change.
+ * agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
+ diverting to a card.
+
+ agent: Prepare to pass an additional parameter to the getpin callback.
+ + commit 78d875a0f83bc046279b951aea76cd74f3c44fd8
+ * agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
+ (inq_needpin_parm_s): new struct. Add new field 'getpin_cb_desc'.
+ Change users to set all fields.
+ (inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
+ (agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
+ take an additional arg 'desc_text'.
+ (agent_card_pkdecrypt): Ditto.
+ (agent_card_writekey): Change arg 'getpin_cb' to take an additional
+ arg 'desc_text'.
+ (agent_card_scd): Ditto.
+ * agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
+ (divert_pksign): Add new arg 'desc_text' and pass is to
+ agent_card_pksign.
+ (divert_pkdecrypt): Add new arg 'desc_text' and pass is to
+ agent_card_pkdecrypt.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
+ divert_pkdecrypt.
+ * agent/pksign.c (agent_pksign_do): Pass DESC_TEXT to
+ divert_pksign.
+
+2017-02-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: No spelling fix for test text.
+ + commit ef424353f342f80ca6d18ede8b63c1b02215d105
+ * tests/openpgp/verify.scm (msg_ed25519_rshort): Revert the spelling
+ fix.
+
+2017-02-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add special treatment for the standard hkps pool to ntbtls.
+ + commit 831d014550863026dfefa774c961a21bd20c1e48
+ * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
+ (VALIDATE_FLAG_EXTRATRUST): Remove
+ (VALIDATE_FLAG_TRUST_SYSTEM): New.
+ (VALIDATE_FLAG_TRUST_CONFIG): New.
+ (VALIDATE_FLAG_TRUST_HKP): New.
+ (VALIDATE_FLAG_TRUST_HKPSPOOL): New.
+ (VALIDATE_FLAG_MASK_TRUST): New.
+ * dirmngr/validate.c (check_header_constants): New.
+ (validate_cert_chain): Call new function. Simplify call to
+ is_trusted_cert.
+ * dirmngr/crlcache.c (crl_parse_insert): Pass
+ VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
+ * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
+ VALIDATE_FLAG_TRUST_CONFIG.
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
+ context. Set trustclass flags using the new VALIDATE_FLAG_TRUST
+ values.
+
+ * dirmngr/certcache.c (cert_cache_init): Load the standard pool
+ certificate prior to the --hkp-cacerts.
+
+ dirmngr: Load --hkp-cacert values into the certificate cache.
+ + commit d1625a9a82b1e5d96bbbf2132c49c53108565ae1
+ * dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
+ (parse_rereadable_options): Store filenames from --hkp-cacert in the
+ new var.
+ (main, dirmngr_sighup_action): Pass that var to cert_cache_init.
+ * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
+ those certs.
+ (load_certs_from_file): Use autodetect so that PEM and DER encodings
+ are possible.
+
+ dirmngr: Load "sks-keyservers.netCA.pem" into the cache.
+ + commit 9741aa24d9056b56cd5366ff5379bd8a3e6118df
+ * dirmngr/certcache.c (load_certs_from_file): Always build this
+ function. Add args 'trustclasses' and 'no_error'. Pass TRUSTCLASSES
+ to put_cert.
+ (load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to
+ load_certs_from_file.
+ (cert_cache_init): Try to load "sks-keyservers.netCA.pem". Don't make
+ function fail in an out-of-core condition.
+
+ dirmngr: Implement trust classes for the cert cache.
+ + commit 50b9828eacc39c1ca75cb8313db896e4bdc8b270
+ * dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New.
+ (CERTTRUST_CLASS_CONFIG): New.
+ (CERTTRUST_CLASS_HKP): New.
+ (CERTTRUST_CLASS_HKPSPOOL): New.
+ * dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ...
+ (MAX_NONPERM_CACHED_CERTS): this.
+ (total_extra_certificates): Rename to ...
+ (total_nonperm_certificates): this.
+ (total_config_certificates): Remove.
+ (total_trusted_certificates): Remove.
+ (total_system_trusted_certificates): Remove.
+ (cert_item_s): Remove field 'flags'. Add fields 'permanent' and
+ 'trustclasses'.
+ (clean_cache_slot): Clear new fields.
+ (put_cert): Change for new cert_item_t structure.
+ (load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass'
+ (load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert.
+ (load_certs_from_w32_store): Ditto.
+ (cert_cache_init): Ditto.
+ (cert_cache_print_stats): Rewrite.
+ (is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'.
+ Chnage the test.
+ * dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to
+ is_trusted_cert.
+ (validate_cert_chain): Pass CERTTRUST_CLASS_ values to
+ is_trusted_cert.
+
+ dirmngr: New Assuan option "http-crl".
+ + commit 493c142e582ff5ef1b5fdfcb9653715ef43e83e9
+ * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
+ * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
+ * dirmngr/server.c (option_handler): New option "http-crl"
+ * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
+ * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
+ * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+
+ * dirmngr/t-http.c (main): New option --no-crl.
+
+ dirmngr: Add a magic field to the http structs.
+ + commit 39c745038181edd097e188434b3f9c971ed3987f
+ * dirmngr/http.c (HTTP_SESSION_MAGIC): New.
+ (http_session_s): New field 'magic'.
+ (HTTP_CONTEXT_MAGIC): New.
+ (http_context_s): New field 'magic'.
+ (my_ntbtls_verify_cb): Assert MAGIC.
+ (fp_onclose_notification): Ditto.
+ (session_unref): Ditto. Reset MAGIC.
+ (http_session_new): Set MAGIC.
+ (http_open): Ditto.
+ (http_raw_connect): Ditto.
+ (http_close): Assert MAGIC. Reset MAGIC.
+
+ * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
+
+2017-02-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Support primary key generation by keygrip.
+ + commit 3fc69224b7b22ad1df1395ebcb21549384839cd1
+ * g10/keygen.c (para_name): Add pKEYGRIP.
+ (generate_keypair): Use pKEYGRIP for key generation.
+ (do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.
+
+2017-02-20 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Setup a log handler for ntbtls.
+ + commit a022baa4a487eec769411255a64088450c4c8a49
+ * dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New.
+ (main) [HTTP_USE_NTBTLS]: Register log handler.
+
+ common: New function log_logv_with_prefix.
+ + commit 3e9512e557d95c7dc36835365b127b25f6a5cdd9
+ * common/logging.c (do_logv): Add arg 'prefmt' and print it. Chnage
+ call callers to pass NULL.
+ (log_logv_with_prefix): New.
+
+ dirmngr.c: Make http.c build without any TLS support.
+ + commit e174893262d8de0f52faa8abe4fc0402719a35d8
+ * dirmngr/http.c (http_session_new): Remove used of tls_prority.
+
+ dirmngr: Make t-http.c work again with gnutls - second try.
+ + commit 81ea24b8637ac08e44e9e44816689413c2ae7e08
+ * dirmngr/t-http.c: Always include ksba.h.
+
+ dirmngr: Make t-http.c work again with gnutls.
+ + commit f923873863fd863d71349f20f5568f80aecc020b
+ * dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags
+ and libs.
+
+2017-02-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: First take on ntbtls cert verification.
+ + commit 64fffd0ce2a4fd9cba152cf07497b585410cc652
+ * dirmngr/http-ntbtls.c: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
+ * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
+ (server_conrol_s): Add field 'magic',
+ * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
+ (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
+ * dirmngr/http.c (my_ntbtls_verify_cb): New.
+ (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
+ (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call
+ the verify callback after the handshake.
+ * dirmngr/ks-engine-hkp.c (send_request): Pass
+ gnupg_http_tls_verify_cb to http_session_new.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+
+ * dirmngr/t-http.c (my_http_tls_verify_cb): New.
+ (main): Rename option --gnutls-debug to --tls-debug.
+ (main) [HTTP_USE_NTBTLS]: Create a session.
+
+2017-02-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add per-session verify callback to http.c.
+ + commit a74902cccde539ee2bd216caec0da6eb54b67c1b
+ * dirmngr/http.h (http_verify_cb_t): New type.
+ * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
+ verify_cb_value.
+ (http_session_new): Remove arg tls_priority. Add args verify_cb and
+ verify-cb_value. Store them in the session object.
+ (send_request): Use per-session verify callback.
+ (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
+ GPG_ERR_NOT_IMPLEMENTED.
+ * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
+ http_session_new.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/t-http.c (main): Ditto.
+
+ * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.
+
+2017-02-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Strip the default https port from the Host: header.
+ + commit cd32ebd152a522e362469ab969d91f8d49f28a60
+ * dirmngr/http.c (send_request): Strip the default https port.
+
+ dirmngr: Add option --no-crl to the VALIDATE cmd.
+ + commit f07811ee2c0a8044551e2ec063eda61cff7f6e39
+ * dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
+ (VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
+ (VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
+ (VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
+ (VALIDATE_FLAG_NOCRLCHECK): New constants.
+ * dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
+ 'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge.
+ * dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
+ the validate_cert_chain call.
+ * dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl.
+
+ dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
+ + commit 070211eb990f5ea41271eba432b6a6b485cef7c7
+ * dirmngr/certcache.h (certlist_s, certlist_t): New.
+ * dirmngr/certcache.c (read_certlist_from_stream): New.
+ (release_certlist): New.
+ * dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
+ (cmd_validate): Add options --tls and --systrust. Implement them
+ using a kludge for now.
+ * dirmngr/validate.c (validate_cert_chain): Support systrust
+ checking. Add kludge to disable the CRL checking for tls mode.
+
+ dirmngr: Remove use of hardcoded numbers in validate.
+ + commit ed99af030d19305dd7cd41c41ac581306cb91fd5
+ * dirmngr/validate.c (enum cert_usage_modes): New.
+ (cert_usage_p): Change type of arg MODE. Use enums instead of
+ hardwired values. Use a switch instead of tricky bit tests.
+ (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
+
+ * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
+ (cert_use_cert_p): Rename to check_cert_use_cert.
+ (cert_use_ocsp_p): Rename to check_cert_use_ocsp.
+ (cert_use_crl_p): Rename to check_cert_use_crl.
+
+ * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
+ (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
+
+2017-02-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: No cards is not an error.
+ + commit dea4b3c742acbd195d6ab12b279b4dda315f2582
+ * agent/command-ssh.c (card_key_list): Care the case of no cards.
+
+ agent: Send back all public keys for available cards.
+ + commit 3f4f64b6ac0d7160fd9e1301f95820894b219c3f
+ * agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
+ * agent/command-ssh.c (card_key_list): New.
+ (ssh_handler_request_identities): Call card_key_list and loop for the
+ list to send public keys for all available cards.
+
+2017-02-17 Justus Winter <justus@g10code.com>
+
+ gpgscm: Guard use of tagged expressions.
+ + commit aab6ba0bb60528b9e816e430be51170cf39611b0
+ * tests/gpgscm/init.scm (vm-history-print): Check that the tag added
+ to expressions when parsing source files matches the expected format.
+ * tests/gpgscm/lib.scm (assert): Likewise.
+
+2017-02-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix RESET command handling (more).
+ + commit 99d4dfe83661d05ef3a20ed04e6cec5647536738
+ * scd/app-common.h (struct app_ctx_s): Add reset_requested.
+ * scd/app.c (app_reset): Locking APP, set reset_requested.
+ (deallocate_app): Release the lock.
+ (release_application): Add LOCKED_ALREADY argument.
+ (scd_update_reader_status_file): Hold the lock when accessing APP.
+ When reset_requested is set, close the reader and deallocate APP.
+ * scd/command.c (open_card_with_request, cmd_restart): Follow the
+ change of release_application.
+ (send_client_notifications): Here it calls release_application holding
+ the lock.
+
+2017-02-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr,w32: Load all system provided certificates.
+ + commit 7006352da773d82c47797bbf11e570ecafac6501
+ * dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
+ (CERTENUMCERTIFICATESINSTORE) [W32]: New type.
+ (CERTCLOSESTORE) [W32]: New type.
+ (load_certs_from_file) [W32]: Do not build.
+ (load_certs_from_w32_store) [W32]: New.
+ (load_certs_from_system) [W32]: Call new function.
+
+ dirmngr: Load all system provided certificates.
+ + commit 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855
+ * configure.ac: Add option --default-trust-store.
+ (DEFAULT_TRUST_STORE_FILE): New ac_define.
+ * dirmngr/certcache.c: Include ksba-io-support.h.
+ (total_trusted_certificates, total_system_trusted_certificates): New.
+ (put_cert): Manage the new counters.
+ (cert_cache_deinit): Reset them.
+ (cert_cache_print_stats): Print them.
+ (is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass
+ false.
+ (load_certs_from_file): New.
+ (load_certs_from_system): New.
+ (cert_cache_init): Load system certificates.
+
+ common: Rename remaining symbols in ksba-io-support.
+ + commit e1dfd862367cf91b66abe86bd73664409354bb14
+ * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ...
+ (gnupg_ksba_reader_eof_seen): this. Change all callers.
+ (gpgsm_destroy_reader): Rename to ...
+ (gnupg_ksba_destroy_reader): this. Change all callers.
+ (gpgsm_finish_writer): Rename to ...
+ (gnupg_ksba_finish_writer): this. Change all callers.
+ (gpgsm_destroy_writer): Rename to ...
+ (gnupg_ksba_destroy_writer): this. Change all callers.
+ * common/ksba-io-support.c (struct base64_context_s): Rename to ...
+ (gnupg_ksba_io_s): this.
+ * common/ksba-io-support.h (base64_context_s): Ditto.
+ (Base64Context): Rename this typedef to ...
+ (gnupg_ksba_io_t): this. Change all users.
+
+ common: Remove gpgsm dependencies from ksba-io-support.
+ + commit 28c31524be84f20b34573c78bd3a94a81e4b1d61
+ * common/ksba-io-support.c: Include ksba-io-support.h instead of
+ ../sm/gpgsm.h. Include util.h.
+ (writer_cb_parm_s): Remove const from 'pem_name'.
+ (gpgsm_destroy_writer): Free 'pem_name'.
+ (gpgsm_create_reader): Rename to ...
+ (gnupg_ksba_create_reader): this. Replace args CTRL and
+ ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate
+ FLAGS. Change all callers to pass the FLAGS.
+ (gpgsm_create_writer): Rename to ...
+ (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS.
+ Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change
+ all callers to pass the FLAGS and PEM_NAME.
+
+ common: Change license of ksba-io-support.c.
+ + commit 919e76b407ac557b0f518ec03f3cc59e9e5740c9
+ * common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+.
+
+ sm,common: Move ksba reader and writer support to common/.
+ + commit 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80
+ * sm/base64.c: Rename to ...
+ * common/ksba-io-support.c: this.
+ * common/ksba-io-support.h: New.
+ * common/Makefile.am (common_sources): Add new files.
+ * sm/Makefile.am (gpgsm_SOURCES): Remove base64.c
+
+ dirmngr: Prepare certcache for forthcoming changes.
+ + commit 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b
+ * dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
+ 'flags.config'. Add 'flags.systrust'.
+ (total_loaded_certificates): Rename to total_config_certificates.
+ (put_cert): Rename args for clarity. Set SYSTRUST flag.
+ (load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
+ flag.
+
+ dirmngr: Replace stpcpy chains by strconcat.
+ + commit aef60abe6a1772e18634984a94bd70f57d57ccdd
+ * dirmngr/certcache.c (find_cert_bysn): Use strconcat.
+ (find_cert_bysubject): Ditto.
+ * dirmngr/http.c (store_header): Ditto.
+ * dirmngr/ldap.c (make_url): Ditto.
+ * dirmngr/server.c (get_cert_local_ski): Ditto.
+ (do_get_cert_local): Use xstrconcat.
+
+2017-02-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Minor fixes to silence compiler warnings.
+ + commit 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d
+ * scd/app.c (app_reset): Initialize ERR.
+ * scd/scdaemon.c (scd_kick_the_loop, handle_connections): Catch the
+ return value.
+
+2017-02-15 Werner Koch <wk@gnupg.org>
+
+ libdns: Workaround for bracketed numerical addresses.
+ + commit a3509e12b6626a585ce7da6ceed8cfddcba2460f
+ * dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
+ incompatibility between the glibc resolver and libdns.
+
+ dirmngr: Do PTR lookups only for 'keyserver --hosttable'.
+ + commit a75325faf163275674a91971e75f1018035ca348
+ * dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
+ v5addr and add fields iporname and iporname_valid.
+ (create_new_hostinfo): Clear them.
+ (add_host): Remove the code to set the v4addr and v6addr fields.
+ (ks_hkp_print_hosttable): Remove printing of the fields. Compute the
+ iporname field and display it.
+ (ks_hkp_reload): Force re-computing of the iporname field in
+ ks_hkp_print_hosttable.
+
+ dirmngr: Avoid PTR lookup for hosts in a pool.
+ + commit da2ba20868093e3054d18adc2b1bc56cb23e4ba7
+ * dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts
+ in a pool.
+
+2017-02-15 Justus Winter <justus@g10code.com>
+
+ tests,build: Fix distcheck.
+ + commit 2f7b6cb279ea0ee27364fbb2b12df47e76166a39
+ * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'time.scm'.
+
+ tests: Test and document other ways to create keys.
+ + commit 90d383f1eb07fc823518dea10eb15ca390f5cf8e
+ * doc/gpg.texi: Clarify usage and expiration arguments for key
+ generation.
+ * tests/openpgp/quick-key-manipulation.scm: Test all variants.
+
+ tests: Check expiration times of created keys.
+ + commit 127e1e532da4083ccd3c307555b6177fab16f408
+ * tests/gpgscm/ffi.c (do_get_time): New function.
+ (ffi_init): Expose new function.
+ * tests/gpgscm/ffi.scm (get-time): Document new function.
+ * tests/gpgscm/time.scm: New file.
+ * tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
+ check the expiration times of created keys.
+ * tests/openpgp/tofu.scm: Use the new module.
+
+2017-02-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix RESET command handling.
+ + commit e2792813a55e091c51be7b1b089a71beb6466f1d
+ * scd/app.c (release_application_internal): Remove.
+ (release_application): Merge release_application_internal.
+ (app_reset): Kick the loop and let close the reader. Sleep is
+ required here to wait closing.
+ (scd_update_reader_status_file): When APP is no use, close it.
+
+2017-02-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Make --export-ssh-key work for the primary key.
+ + commit b456e5be91dc064fc9509ea86edab113721ed299
+ * g10/export.c (export_ssh_key): Also check the primary key.
+
+2017-02-13 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.
+ + commit dee026d761ae3d7594c3dbc5b3fa842df53cc189
+ * dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
+ missing nsswitch.conf. Make sure that tehre is a DNS entry.
+
+ gpgconf: No ENOENT warning with --change-options et al.
+ + commit 30dac0486b6357e84fbe79c612eea940b654e4d1
+ * tools/gpgconf-comp.c (retrieve_options_from_program): Check ERRNO
+ before printing a warning.
+
+ gpg: Print a warning if no command has been given.
+ + commit 810adfd47801fc01e45fb71af9f05c91f7890cdb
+ * g10/gpg.c (main): Print in the default case.
+
+2017-02-13 Justus Winter <justus@g10code.com>
+
+ g13: Fix build on macOS.
+ + commit f8ce31a7bf1ee85e5010b628a66e6f69486e5213
+ * g13/Makefile.am (t_common_ldadd): Add iconv.
+
+2017-02-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix use case of PC/SC.
+ + commit da4c132cca2c6df81243c9660b7348268a848f88
+ * scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
+ When CCID driver fails to open, try PC/SC if APP is nothing.
+ * scd/app.c (select_application): Supply arg if APP is nothing.
+
+2017-02-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leak in the error case of signature creation.
+ + commit 5996c7bf99f3a681393fd9589276399ebc956cff
+ * g10/sign.c (write_signature_packets): Free SIG. Also replace
+ xcalloc by xtrycalloc.
+
+2017-02-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ common: Avoid warning about implicit declaration of gnupg_fd_valid.
+ + commit 8810314e377a9cb6612150a57cf99260ed0bb9f6
+ * common/logging.c: Add #include "sysutils.h".
+
+2017-02-08 Justus Winter <justus@g10code.com>
+
+ gpg,common: Make sure that all fd given are valid.
+ + commit 6823ed46584e753de3aba48a00ab738ab009a860
+ * common/sysutils.c (gnupg_fd_valid): New function.
+ * common/sysutils.h (gnupg_fd_valid): New declaration.
+ * common/logging.c (log_set_file): Use the new function.
+ * g10/cpr.c (set_status_fd): Likewise.
+ * g10/gpg.c (main): Likewise.
+ * g10/keylist.c (read_sessionkey_from_fd): Likewise.
+ * g10/passphrase.c (set_attrib_fd): Likewise.
+ * tests/openpgp/Makefile.am (XTESTS): Add the new test.
+ * tests/openpgp/issue2941.scm: New file.
+
+2017-02-07 Justus Winter <justus@g10code.com>
+
+ tests: Skip key types not supported by OpenSSH.
+ + commit 56aa85f88f6b35fb03a2dc1a95882d49a74290e3
+ * tests/openpgp/ssh-import.scm (path): New variable.
+ (ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise.
+
+2017-02-07 Werner Koch <wk@gnupg.org>
+
+ wks: Add WKS-Phase headers to the server messages.
+ + commit b30ac663cec82c89ca9a3e87e65b36d2552f1533
+ * tools/gpg-wks-server.c (send_confirmation_request): Add custom
+ header.
+ (send_congratulation_message): Ditto.
+
+2017-02-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ po: Manual updates of nl translation.
+ + commit aa3f08794bfc809821e2fc30a09a5ae23925c645
+ * po/nl.po: Apply several minor manual cleanups to nl.po that were
+ previously applied to all the other localizations.
+
+ po: Copied missing nl.po translation from the 2.0 branch.
+ + commit 8a9d4b55b09d04482b46055f0a60f01b86738df3
+ * po/nl.po: Copy from 2.0 branch.
+
+ gpg: Fix aliases --list-key, --list-sig, and --check-sig.
+ + commit f31120a5aa40b6e4e89d41d1d5d34e0f7da173b4
+ * g10/gpg.c (opts): Define commands with ARGPARSE_c
+ instead of ARGPARSE_s_n.
+
+2017-02-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: Clarify abbreviation of --help.
+ + commit f2b276dffbe2435b17abf2b3c51684d3636f3f11
+ * doc/gpg.texi: clarify abbreviation of --help.
+
+2017-02-03 Werner Koch <wk@gnupg.org>
+
+ agent: Tell pinentry the hostname the agent is running on.
+ + commit 042fe711c76f6377cedb8f83a73ba386cee34bb7
+ * agent/call-pinentry.c [!W32]: Incluse utsname.h
+ (start_pinentry): Pass nodename to OPTION/owner.
+
+ agent: Tell the Pinentry the client's pid.
+ + commit 309f464a5952c7d7504b875bf4853914b1242346
+ * configure.ac: Check for SO_PEERCRED et al.
+ * agent/agent.h (server_control_s): Add field 'client_pid'.
+ * agent/command.c (start_command_handler): Set CLIENT_PID.
+ * agent/command-ssh.c (get_client_pid): New.
+ (start_command_handler_ssh): Set CLIENT_PID.
+ * agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.
+
+ gpg: More diagnostics for a launched pinentry.
+ + commit 7052a0d77cf8f3a445b252a809d29be445788625
+ * agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
+ * g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
+ that we do not change the code when adding new fields to
+ PINENTRY_LAUNCHED.
+
+2017-02-02 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Don't assume that strtoul interprets "" as 0.
+ + commit 407f5f9baea5591f148974240a87dfb43e5efef3
+ * g10/tofu.c (show_statistics): If there are not records, return 0
+ instead of NULL.
+
+ tests: Improve description of test.
+ + commit 64be8e1e8607944687f3ae45ec64aa30bf4fdf6f
+ * tests/openpgp/issue2929.scm: Improve description of test.
+
+ Revert "Revert "tests: Add test demonstrating issue2929.""
+ + commit e596b21f4b78dd27489e677699cc4ba648051b3f
+ This reverts commit 59048b0f1aa77313573a1004cd3a9f02692a7521.
+
+ gpg: Ensure TOFU bindings associated with UTKs are registered as usual.
+ + commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b
+ * g10/tofu.c (get_trust): Call get_policy before short-circuiting the
+ policy lookup for ultimately trusted keys to make sure the binding is
+ added to the bindings table, if necessary.
+
+ gpg: If there is a TOFU conflict, elide the too few message warning.
+ + commit a08c781739e7561093f32b732c4991f2bd817ec2
+ * g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
+ print out a warning about too few messages.
+
+ gpg: Only print out TOFU statistics for conflicts in interactive mode.
+ + commit 027b81b35fe36692005b8dba22d9eb2db05e8c80
+ * g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
+ they are not NULL, return the policy and conflict set (if there is
+ one), respectively. Update callers. If MAY_ASK is FALSE, don't print
+ out the statistics.
+ (tofu_register_encryption): If there is a conflict and we haven't yet
+ printed the statistics about the conflicting bindings, do so now.
+ (tofu_get_validity): Likewise.
+
+ gpg: Add newline to output.
+ + commit 74268180e5a3acc827f3a369f1fe5971f3bbe285
+ * g10/tofu.c (ask_about_binding): Add newline to output.
+
+ gpg: Remove period at end of warning.
+ + commit 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47
+ * g10/tofu.c (tofu_register_encryption): Remove period at end of
+ warning.
+
+2017-02-01 Werner Koch <wk@gnupg.org>
+
+ dirmngr: New option --no-use-tor and internal changes.
+ + commit 7440119e729d3fdedda8a9b44b70f8959beea8d7
+ * dirmngr/dns-stuff.c (disable_dns_tormode): New.
+ * dirmngr/dirmngr.c (oNoUseTor): New const.
+ (opts): New option --no-use-tor.
+ (tor_mode): New var.
+ (parse_rereadable_options): Change to use TOR_MODE.
+ (dirmngr_use_tor): New.
+ (set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
+ * dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
+ references by a call to dirmngr_use_tor().
+ * dirmngr/server.c (cmd_getinfo): Distinguish between default and
+ enforced TOR_MODE.
+
+2017-02-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix regression tracking the connection count.
+ + commit 8ddc9268f6aedef0e178b174b89245c33d8189dd
+ * scd/scdaemon.c (get_active_connection_count): New.
+ (start_connection_thread): Bump ACTIVE_CONNECTIONS up and down.
+ * scd/command.c (cmd_getinfo): Add subcommand "connections".
+
+2017-01-31 Justus Winter <justus@g10code.com>
+
+ gpgscm: Tune the hash tables.
+ + commit 2e78aa6ff770849415f8eb71ca70c8886e9564c8
+ * tests/gpgscm/scheme.c (oblist_initial_value): Increase the size of
+ the hash table based on the number of symbols used after initializing
+ the interpreter.
+ (new_frame_in_env): Increase the size of the hash table based on the
+ number of variables in the global environement.
+
+ gpgscm: Optimize environment lookups and insertions.
+ + commit b85d509a8f5c2e6200b8051ca1593c019abce90b
+ * tests/gpgscm/scheme.c (pointercmp): New function.
+ (new_slot_spec_in_env): Add and use slot for insertions.
+ (find_slot_spec_in_env): New variant of 'find_slot_in_env' that
+ returns the slot on failures.
+ (find_slot_in_env): Express using the new function.
+ (new_slot_in_env): Update callsite.
+ (opexe_0): Optimize lookup-or-insert.
+ (opexe_1): Likewise.
+ (scheme_define): Likewise.
+
+ gpgscm: Fix build with list environments.
+ + commit 874424ee3cc795eae9972b6259a2cc4dcdbb868e
+ * tests/gpgscm/scheme.c (new_slot_spec_in_env): Provide preallocation
+ inforomation if USE_ALIST_ENV.
+
+ gpgscm: Optimize symbol lookups and insertions.
+ + commit cea6d114b60deaecfbc2eb1aedbdfb7e6700922f
+ * tests/gpgscm/scheme.c (oblist_find_by_name): Keep the list of
+ symbols sorted, return the slot where a new symbol must be inserted on
+ lookup failures.
+ (oblist_add_by_name): Add the new symbol at the given slot.
+ (mk_symbol): Adjust callsite.
+ (gensym): Likewise.
+ (assign_syntax): Likewise.
+
+ gpgscm: Fix build with object list.
+ + commit 8f0ecb16cbb3798ad18be5f05b826db2aa1aaa00
+ * tests/gpgscm/scheme.c (oblist_add_by_name): Provide preallocation
+ information if USE_OBJECT_LIST.
+
+ gpgscm: Remove unused functions.
+ + commit 2076cdaf6b93bc73223819895cc7a67323d8cee7
+ * tests/gpgscm/scheme.c (check_cell_alloced): Remove function.
+ (check_range_alloced): Likewise.
+
+2017-01-31 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Require --allow-version-check even if --use-tor is used.
+ + commit b0e8376e19072ec3c590273c69ab3e8e5edfdaca
+ * dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
+ option is set.
+
+2017-01-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Remove --debug-disable-ticker option.
+ + commit e17fa5c75d76af4d4684ee810cb446ecd5110560
+ * scd/scdaemon.c (ticker_disabled): Remove.
+ (handle_tick, need_tick): Remove.
+ (handle_connections): Don't check ticker_disabled.
+
+ scd: Fix SERIALNO for multiple devices.
+ + commit f08d37af049bf1718b301644020658dd2bb07638
+ * scd/app.c (select_application): Fix the logic if periodical check is
+ needed. If it is needed for newly found device(s), kick the loop.
+ (scd_update_reader_status_file): Return value if select(2) should be
+ called with timeout.
+ * scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for
+ token with no interrupt transfer for now.
+ * scd/command.c (open_card_with_request): Fix scan by SERIALNO.
+ * scd/scdaemon.c (update_usb): Remove.
+ (handle_connections): Evaluate need_tick after handle_tick.
+
+2017-01-30 Justus Winter <justus@g10code.com>
+
+ gpgscm: Use a compact vector representation.
+ + commit 49e2ae65e892f93be7f87cfaae3392b50a99e4b1
+ * tests/gpgscm/scheme-private.h (struct cell): Add a compact vector
+ representation.
+ * tests/gpgscm/scheme.c (vector_length): Use new representation.
+ (vector_size): New macro.
+ (get_vector_object): Use the new representation.
+ (fill_vector): Likewise.
+ (vector_elem): Likewise.
+ (set_vector_elem): Likewise.
+ (mark): Likewise.
+ (gc): Likewise. Be careful not to confuse immediate values for type
+ flags.
+ (finalize_cell): Vectors now require finalization.
+
+ gpgscm: Provide framework for immediate values.
+ + commit e343984fc50e87830905614dc87f83f810551ad1
+ * tests/gpgscm/scheme.c (IMMEDIATE_TAG): New macro.
+ ({is,set,clr}_immediate): Likewise.
+ (enum scheme_types): Make type tags disjoint from immediate values.
+ (TYPE_BITS): We need one more bit now.
+ (ADJ,T_MASKTYPE): Compute values.
+
+ gpgscm: Fix setting the line of the first gc reservation.
+ + commit d27a4435bd8c0f0971d51ddf454422fc77d48271
+ * tests/gpgscm/scheme.c (_gc_disable): Negate guard.
+
+ gpgscm: Introduce macro for the vector length.
+ + commit 489edf84c9a9c2122cef1b4e678154521525b54a
+ * tests/gpgscm/scheme.c (vector_length): New macro.
+ (get_vector_object): Use the new macro.
+ (oblist_add_by_name): Likewise.
+ (oblist_find_by_name): Likewise.
+ (oblist_all_symbols): Likewise.
+ (mk_vector): Likewise.
+ (mark): Likewise.
+ (new_slot_spec_in_env): Likewise.
+ (find_slot_spec_in_env): Likewise.
+ (opexe_2): Likewise.
+ (opexe_5): Likewise.
+
+ Revert "tests: Add test demonstrating issue2929."
+ + commit 59048b0f1aa77313573a1004cd3a9f02692a7521
+ This reverts commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072.
+
+2017-01-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix GetSlotStatus.
+ + commit 2a025039c1817c7f75c35a898884849a8e5dc926
+ * scd/apdu.c (get_status_reader): Add ON_WIRE arg, here.
+ (ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped)
+ (pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise.
+ (reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the
+ change.
+ (apdu_get_status_internal): It's lower-level driver which judge
+ it's not needed. Otherwise, it can't detect the removal.
+ * scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check,
+ we can skip sending GetSlotStatus packet on wire, when no need.
+
+ scd: Don't send GET_STATUS packet if not needed.
+ + commit 7c8eee4d396a751d41fd1ee1e1b87b851fca172a
+ * scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg.
+ (apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled.
+ (apdu_get_status): For periodical check, call apdu_get_status_internal
+ with ON_WIRE disabled.
+
+ scd: Fix cancel INTERRUPT transfer.
+ + commit 216afba0d99582d0fbae1d6e925f4ddb349d9de3
+ * scd/ccid-driver.c (do_close_reader): Don't lock events, but check the
+ return value of libusb_cancel_transfer.
+
+2017-01-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: More changes on watching removal of card/reader.
+ + commit f3d9b2582bcaa1936b4fed5ec42a889b02df2f42
+ * scd/app-common.h (struct app_ctx_s): Rename field to
+ periodical_check_needed.
+ * scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb.
+ Don't use libusb_get_pollfds any more.
+ (scd_kick_the_loop): New.
+ (need_tick): Follow the rename.
+ (handle_connections): No libusb event handling here.
+ * scd/app.c (app_new_register): Follow the change of rename.
+ (select_application, scd_update_reader_status_file): Likewise.
+ * scd/ccid-driver.c (ccid_usb_thread_is_alive): New.
+ (intr_cb): Call scd_kick_the_loop.
+ (ccid_usb_thread): New. Thread to invoke INTERRUPT callback.
+ (ccid_open_usb_reader): Add thread invocation.
+ (ccid_require_get_status): Remove
+ LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP.
+ (do_close_reader): Carefully handle handle->transfer.
+ (get_escaped_usb_string): Insert npth_unprotect/npth_protect.
+ (do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status)
+ (ccid_transceive, ccid_transceive_secure): Likewise.
+
+ scd: Fix release of transfer object.
+ + commit f92fe33f11c44f14fd31682259fcd231e8fa9e75
+ * scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED.
+ (do_close_reader): When callback is active, call
+ libusb_cancel_transfer and wait callback is fired off.
+
+ scd: Improve watching USB device removal.
+ + commit 25cc8575da9a9b8bf60c64c8059cb5f73cc52e1d
+ * scd/apdu.c(struct reader_table_s): Add require_get_status.
+ (apdu_connect): Change return value meaning. Call apdu_reset here.
+ * scd/app.c (app_new_register): Add require_get_status.
+ (select_application): Use the return value of apdu_connect.
+ (scd_update_reader_status_file): Call update_fdset_for_usb with
+ checking all_have_intr_endp.
+ (app_list_start, app_list_finish): Remove.
+ * scd/ccid-driver.c (struct ccid_driver_s): Add transfer.
+ (intr_cb): Don't call libusb_transfer in this callback.
+ (ccid_require_get_status): New.
+ (do_close_reader): Call libusb_transfer here.
+ * scd/scdaemon.c (update_fdset_for_usb): Remove the first argument.
+
+ scd: Wake up the select when new USB scan.
+ + commit 031e3fa7b9a6770a4de1a184555250feeba0d26f
+ * scd/scdaemon.c (update_fdset_for_usb): Wake up the select(2).
+ (handle_connections): Use a kind of "self-pipe" technique.
+
+2017-01-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Only submit apdu_get_status when needed.
+ + commit 881dcdfd84ebad36bff20c895e629025bed9d94e
+ * scd/apdu.c (apdu_dev_list_finish): Return Boolean value if
+ all device support INTERRUPT transfer.
+ * scd/ccid-driver.c (ccid_dev_scan_finish): Likewise.
+ * scd/app.c (app_new_register): Fix initial value of card_status.
+ (select_application): Call update_fdset_for_usb.
+ (scd_update_reader_status_file): Ditto.
+ * scd/scdaemon.c (update_fdset_for_usb, need_tick): New.
+ (handle_connections): Call handle_tick when select returns.
+ Let select watch USB file descriptors, too.
+ Call libusb_handle_events_timeout_completed for INTERRUPT transfer.
+
+ scd: Fix APP reference counting.
+ + commit 9b06633c811e8815c07d744f20b45405cb082367
+ * scd/app.c (scd_update_reader_status_file): Don't call another
+ release_application_internal.
+ * scd/command.c (open_card_with_request): Don't require APPTYPE !=
+ NULL.
+
+ scd: Add INTERRUPT endp support to CCID driver.
+ + commit bb5ceb78c333129a44c0144f2cf49b17ede898f1
+ * scd/app.c (scd_update_reader_status_file): Fix releas of APP.
+ * scd/ccid-driver.c (struct ccid_driver_s): Add INTR_BUF.
+ (intr_cb, ccid_setup_intr): New.
+ (ccid_open_usb_reader): Call ccid_setup_intr.
+ (ccid_slot_status): Return CCID_DRIVER_ERR_NO_READER when removed.
+
+2017-01-25 Justus Winter <justus@g10code.com>
+
+ gpg: Fix searching for mail addresses in keyrings.
+ + commit 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40
+ * g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
+ in keyrings when the UID is a plain addr-spec.
+
+ tests,w32: Fix GPGME tests requiring a pinentry.
+ + commit 02a39f0d1ed717f6fc33392e6ce4ab421c3bcbba
+ * tests/gpgme/gpgme-defs.scm: Use our fake pinentry, and configure it
+ to supply the correct passphrase.
+
+ tests,w32: Fix gpgsm signature verification test.
+ + commit 7d5a0ed792133d875fcedb6e23a9a3682f1a23f9
+ * tests/gpgsm/verify.scm: Use 'call-with-binary-output-file' to avoid
+ automatic line-ending conversion.
+
+ agent: Fix double free.
+ + commit e175152ef7515921635bf1e00383e812668d13fc
+ * agent/cache.c (agent_store_cache_hit): Make sure the update is
+ atomic.
+
+ tests: Skip GPGME tests that are not built.
+ + commit 5f2da5d439debf44615a97de788d8f720b517972
+ * tests/gpgme/wrap.scm: Skip tests that are not built.
+
+ tests,w32: Fix locating GPGME's tests on Windows.
+ + commit 6ecd8b3e71632bbcca524ad735c83bdc2a4c4a4a
+ * tests/gpgme/run-tests.scm: Qualify the test with the executable
+ extension.
+
+2017-01-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a warning on Tor problems.
+ + commit 770b75a746836773909af25ccb9b480e61cea677
+ * dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
+ (map_host): Call that to print a warning.
+ (handle_send_request_error): Ditto and avoid marking the host dead.
+ Also print a tor_config_problem warning. Add arg CTRL; adjust callers
+ to pass that new arg.
+ * g10/call-dirmngr.c (ks_status_cb): Detect and print the new
+ warnings.
+
+ dirmngr: Simplify error returning inside http.c.
+ + commit 51e5a5e5a46279809848b4ab4419f35045336010
+ * dirmngr/http.c (connect_server): Change to return an gpg_error_t
+ and to store socket at the passed address.
+ (http_raw_connect, send_request): Adjust accordingly.
+
+ dirmngr: New option --disable-ipv4.
+ + commit 72736af86a501592d974d46ff754a63959e183bd
+ * dirmngr/dirmngr.c (oDisableIPv4): New const.
+ (opts): New option --disable-ipv4.
+ (parse_rereadable_options): Set that option.
+ * dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
+ * dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
+ (set_dns_disable_ipv4): New.
+ (resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
+ set.
+ * dirmngr/ks-engine-hkp.c (map_host): Ditto.
+ (send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
+ * dirmngr/crlfetch.c (crl_fetch): Ditto.
+ * dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/ocsp.c (do_ocsp_request): Ditto.
+
+2017-01-24 Justus Winter <justus@g10code.com>
+
+ tools: Use platform abstraction for I/O.
+ + commit 73d6572bd0f260c5aa1e191a1ba4859ec6fa262c
+ * tools/gpg-connect-agent.c (main): Use a gpgrt_stream_t for
+ 'script_fp'. Adapt accordingly.
+
+ tools: Use platform abstraction for I/O.
+ + commit 77b8aff4e1bb641f497e63230a5006ab70e6c3a8
+ * tools/gpgconf-comp.c (retrieve_options_from_file): Use a
+ gpgrt_stream_t for 'list_file'. Adapt accordingly.
+ (copy_file): Likewise for 'src' and 'dst'.
+ (change_options_file): Likewise for 'src_file' and 'dest_file'.
+ (change_options_program): Likewise for 'src_file' and 'dest_file'.
+ (gc_process_gpgconf_conf): Likewise for 'config'.
+
+ tools: Use platform abstraction for renaming files.
+ + commit bfd75e9492fc4edd86f4049a62304943a7b2a29a
+ * tools/gpgconf-comp.c (gc_component_change_options): Use
+ 'gnupg_rename_file'. Also, block signals across all renames in an
+ attempt to make the whole process atomic.
+
+ tools: Add comments explaining the functions parameters.
+ + commit 82e309ad06884e54693f4856412984331febdda0
+ * tools/gpgconf-comp.c (change_options_file): Add comments explaining
+ the functions parameters.
+ (change_options_program): Likewise.
+
+ tools: Improve error handling.
+ + commit b0348fdb26637b0bcbd68a96c1746a1613b309af
+ * tools/gpgconf-comp.c (gp_component_change_options): Improve error
+ handling when reading from stdin.
+
+ tools: Fix memory leak.
+ + commit 5b28f025085b386e0ec49535d4cd3f875a414eb0
+ * tools/gpgconf-comp.c (change_options_file): Fix leak.
+
+ tests: Add test demonstrating issue2929.
+ + commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/issue2929.scm: New file.
+
+ tests: Enable gpgconf test.
+ + commit 628ff843466b42309f850b8d65b13cf5f586b81f
+ * tests/openpgp/Makefile.am (XTESTS): Re-add gpgconf.scm.
+
+2017-01-23 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.18.
+ + commit f8289b1d28f501d2f37bf9ccb5e42f7fb27b4688
+
+
+ build: Change make distcheck configure and temp. remove gpgconf.scm.
+ + commit 25e029823813e190a18b601af60efcb1fb3b84af
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Also test gpgtar and
+ wks-tools. Disable ntbtls.
+ * tests/openpgp/Makefile.am (XTESTS): Temporary remove gpgconf.scm.
+
+ Fix format string errors and some missing error case initialization.
+ + commit af5979a42b9468ffe0f3ac6de5a77d982c5cf8a0
+ * common/logging.c (do_logv): Remove extra parentheses in comparison.
+
+ * dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
+ dns_res_close is given a defined value in the error case.
+
+ * dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
+ format string char.
+
+ * dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
+ * dirmngr/ks-engine-http.c (ks_http_help): Ditto.
+ * dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
+ * dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.
+
+ * scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
+ char.
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
+ error case.
+ (scdaemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): Ditto.
+
+ * tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.
+
+ dirmngr: On SIGHUP mark all keyservers alive.
+ + commit 3ca3da8fc4ef802b8cceec5fde398a07b4888848
+ * dirmngr/ks-engine-hkp.c (ks_hkp_reload): New.
+ * dirmngr/dirmngr.c (dirmngr_sighup_action): Call it.
+
+2017-01-23 Gaetan Bisson <bisson@archlinux.org>
+
+ libdns: Hack to skip negation term.
+ + commit d4c0187dd93163f12e9f953366adef81ecf526a6
+ * dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
+ nsswitch.conf parser.
+
+2017-01-23 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Print debug message only with --debug.
+ + commit 9ae0b81e4ff08712da642456d0164f81924a91e4
+ * dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug
+ is set.
+
+2017-01-23 Phil Pennock <gnupg-devel@spodhuis.org>
+
+ dirmngr: Handle missing nsswitch.conf.
+ + commit 88ade475c56ac3712d6bd6d41ae38e1421dcb320
+ * dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.
+
+2017-01-23 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ gpg: Fix misleading log message when checking regexp.
+ + commit a85731ada2d361eacddc5ae92f80d34792dd4b5e
+ * src/trustdb.c (check_regexp): Correctly print whether the
+ regexp matched or not.
+
+2017-01-23 Werner Koch <wk@gnupg.org>
+
+ gpg: New export and import options "backup" and "restore".
+ + commit 953d4ec6afd1b42feb7465ee57e48d72f033019a
+ * g10/export.c (parse_export_options): Add "backup" and its alias
+ "export-backup".
+ (do_export_one_keyblock): Export ring trust packets in backup mode.
+ * g10/import.c (parse_import_options): Add "restore" and its alias
+ "import-restore".
+ (read_block): Import ring trust packets.
+
+2017-01-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix INTERRUPT transfer.
+ + commit 21c9ebb908c2ad2e322e7a13e59e5880494c4d67
+ * scd/ccid-driver.c (find_endpoint): Don't return Bulk endpoint as
+ Interrupt endpoint.
+ (ccid_poll): Call libusb_interrupt_transfer.
+
+2017-01-19 Werner Koch <wk@gnupg.org>
+
+ build: Print a commit id in the generated ChangeLog.
+ + commit e926f30a1cda75f6334b79c303b5134f0441a3dc
+ * build-aux/gitlog-to-changelog: Print an extra line with the commit
+ id.
+
+ common: Fix buffer copy code again.
+ + commit e031b3c16cfec583c4322c84d299b355f0849c77
+ * common/exectool.c (my_error_from_errno): Remove.
+ (copy_buffer_do_copy): Do without var RC.
+ (copy_buffer_flush): Ditto. Use ERRNO instead of es_write return
+ code.
+ (gnupg_exec_tool): Correctly return errors from es_read.
+
+2017-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ gpg: Allow to freeze faked system time.
+ + commit 3daeef702b2e6a42f0f396b828f86ffc3f33fc88
+ * g10/gpg.c (main): If the parameter for --faked-system-time
+ ends with a '!', freeze time at the specified point.
+ * common/gettime.c (gnupg_set_time): Allow to freeze the time
+ at an arbitrary time instead of only the current time.
+ * doc/gpg.texi: Update documentation for --faked-system-time.
+
+2017-01-19 Werner Koch <wk@gnupg.org>
+
+ common: Clarify use of vars in buffer copy code.
+ + commit 55c9212a2338bf0b07c8cf3a69bcedaa28d48d43
+ * common/exectool.c (my_error_from_errno): New.
+ (copy_buffer_do_copy): Use separate vars for errno values and
+ gpg-error values for clarity. s/assert/log_assert/.
+ (copy_buffer_flush): Ditto.
+ (gnupg_exec_tool_stream): Use gpg_err_code when testing.
+
+2017-01-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Add setup of CA for NTBTLS.
+ + commit 367349b4dcc97718f8ae1163d1389d2a46fc3453
+ * dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
+ ntbtls_set_ca_chain.
+
+2017-01-18 Justus Winter <justus@g10code.com>
+
+ common: Fix flushing copy buffers.
+ + commit 34fa2d79a07a079be472c3ff486debfdac8c6070
+ * common/exectool.c (copy_buffer_flush): Write and flush the data, but
+ do not hide EAGAIN from the caller.
+ (gnupg_exec_tool_stream): Retry on EAGAIN.
+
+2017-01-18 Werner Koch <wk@gnupg.org>
+
+ agent: Reduce sleep time in the progress callback.
+ + commit 3d356d165aed7d76a3ea811b1d24ed0a05ac90d4
+ * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
+ from 100ms to 1ms or use gpgrt_yield when build against a recent
+ libgpg-error.
+
+ gpgconf: Allow "all" for --launch, --kill, and --reload.
+ + commit 2312248b2e3adffa52d8a3ac4f24fe2c88f0f569
+ * tools/gpgconf-comp.c (gc_component_launch): Allow -1 for COMPONENT.
+ (gc_component_kill): Ditto.
+ (gc_component_reload): For robustness change the condition to < 0.
+ * tools/gpgconf.c (main) <aLaunch, aKill, aReload>: Support argument
+ "all".
+
+ gpg: Remove unused definitions.
+ + commit 701f54eccf3da3319dd6d74f46b852c64d90bc52
+ * g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
+ (keyblock_pos_struct, KBPOS): Remove struct and type.
+
+2017-01-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Cleanup SERIALNO protocol.
+ + commit 79cea89774e6327b6785e22b7057f9e3e188ac2b
+ * scd/app.c (app_get_serial_and_stamp): Remove.
+ (app_get_serialno): New.
+ (app_write_learn_status): Use send_status_direct.
+ (app_getattr): Use app_get_serialno for SERIALNO and
+ send with send_status_direct.
+ * scd/app-openpgp.c (do_getattr): Likewise.
+ * scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
+ (cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
+
+ scd: Add "card_list" sub command for GETINFO.
+ + commit 8b1f24a29ebc7651437c01990215a55b1136dae0
+ * scd/app.c (app_send_card_list): New.
+ * scd/command.c (cmd_getinfo): Fix "status" sub command.
+ Add "card_list" sub command.
+
+2017-01-17 Werner Koch <wk@gnupg.org>
+
+ build: Handle packages with dashes in --find-version.
+ + commit a09f258b1412209763222e2e81bab79663e4d685
+ * autogen.sh (--find-version): Improve version extraction.
+ * (--help): Extend.
+
+ gpg: Clean bogus subkey binding when cleaning a key.
+ + commit 356323768a1a29138581d0aceed0336ab8be0d5c
+ * g10/trust.c (clean_key): Also clean bogus subkey bindings.
+
+ gpg: Sync print of additional sig data in --edit-key.
+ + commit 766c25018b288a7185c6da6adac0dec01a64e94a
+ * g10/keylist.c (show_policy_url): Implement MODE -1.
+ (show_keyserver_url): Ditto.
+ (show_notation): Ditto.
+ * g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
+ notation data to the tty.
+
+ common: Remove unused function tty_print_string.
+ + commit bae42e543799a428e59bad870aed9719dd6e6e45
+ * common/ttyio.c (tty_print_string): Rename to ...
+ (do_print_string): this. Make local. Simplify FP case by using
+ print_utf8_buffer. Change caller.
+
+ gpg: Prepare some key cleaning function for use with secret key packets.
+ + commit adbfbf608e75cdd72ae7b3a538b91bc0e236a18f
+ * g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
+ (clean_sigs_from_uid): Ditto.
+ (clean_uid_from_key): Ditto.
+ (clean_one_uid): Ditto.
+ (clean_key): Ditto.
+
+2017-01-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Implement hkps lookups using literal addresses.
+ + commit e6aebfe3d0f16c483296fd125b66a44017fe15f4
+ * dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
+ reverse lookup.
+
+ dirmngr: Allow reverse DNS lookups in Tor-mode.
+ + commit 9850124c7bdf0a0e7c1866abc85f3437257d7095
+ * dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
+ (resolve_addr_libdns): New.
+ (resolve_dns_addr): Divert to resolve_dns_addr.
+
+ dirmngr: Avoid network queries for literal IP addresses.
+ + commit daae97bc14742c75408c4eb05808a2102cfe2bcf
+ * dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
+ for literal IP addresses.
+ (resolve_name_standard): Ditto.
+
+ dirmngr: Fix URL creation for literal IPv6 addresses in HKP.
+ + commit 82646bbf1a5a7d745da81b239a12667a51703dc1
+ * dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
+ the address family.
+ * dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
+ R_HTTPHOST because that is its purpose. Note that the former
+ behaviour of storing a NULL to indicate that it is not a pool has not
+ been used.
+ (make_host_part): Ditto.
+ (make_host_part): Make sure that literal v6 addresses are correclty
+ marked in the constructed URL.
+
+2017-01-16 Justus Winter <justus@g10code.com>
+
+ tests: Improve GPGHOME handling.
+ + commit 8b1611a9605b636db3e07a9d81016a11b318724c
+ * tests/openpgp/defs.scm (GPGHOME): New variable.
+ * tests/openpgp/ssh-import.scm: Remove redundant code, use 'path-join'.
+ * tests/openpgp/tofu.scm: Likewise.
+
+2017-01-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Ask specific SERIALNO for pksign/pkdecrypt.
+ + commit 0801f49b0dc7102943f0e9fa51061f50f5708ca6
+ * agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
+ * agent/command-ssh.c (card_key_available): Follow the change.
+ * agent/learncard.c (agent_handle_learn): Likewise.
+ * agent/divert-scd.c (ask_for_card): Use DEMAND argument.
+
+ scd: Add --demand option for SERIALNO.
+ + commit 2e6f1c99d4f66a23a752092397e20a84964edf48
+ * scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
+ arguments. Return matched APP with a serial number when specified.
+ * scd/command.c (open_card): Modify for the implicit open only.
+ (open_card_with_request): New for explicit open and support match with a
+ serial number.
+ (cmd_serialno): Support --demand option.
+ (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
+ (cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
+ (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
+ the change of open_card.
+
+2017-01-12 Werner Koch <wk@gnupg.org>
+
+ build: Make autogen.sh more POSIX friendly (next try)
+ + commit 3db76c9277d918dec9721a6439f4db3b3c06aba3
+ * autogen.sh: Fix dd count to 5.
+
+ gpg: Rename a var to avoid a shadowing warning.
+ + commit c99a09f111c5980ae034faaea61a00d9ad60463c
+ * g10/keygen.c (keygen_set_std_prefs): Rename variable.
+
+ tests: Fix t-gettime for a time_t of 64 and a long of 32 bit.
+ + commit 5c0777e1ca02ff1767755c417b64d6f78e02f475
+ * configure.ac (AC_CHECK_HEADERS): Add stdint.h.
+ * common/t-gettime.c: Include stdint.h.
+ (UINTMAX_C): Define replacement.
+ (test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
+
+ build: Make autogen.sh more POSIX friendly.
+ + commit 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
+ * autogen.sh: Replace non POSIX "cp -a" and "head -c".
+
+ libdns: Silence -Wstrict-prototypes on some function ptrs.
+ + commit 97372b39cd9b4c84a083eadbf072fff77799617f
+ * dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
+
+ libdns: Provide replacement for EPROTO.
+ + commit 0fadff9cdde47e42f7e428bc903b3626c67ba9c0
+ * dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
+
+2017-01-11 Werner Koch <wk@gnupg.org>
+
+ dirmngr: After a connection failure log a hint if Tor is not running.
+ + commit 20dfcfe08c618d23134d5d6efef7676b090f30d3
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
+ Tor is running.
+
+ dirmngr: Mark hosts dead on ENETDOWN.
+ + commit 76fb2febde10da8237bbe7613830b51af2a45139
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
+ ENETDOWN.
+
+ dirmngr: Fix Tor access for v6 addresses.
+ + commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f
+ * dirmngr/http.c (use_socks): New.
+ (my_sock_new_for_addr): New.
+ (connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
+
+ dirmngr: Remove warnings about unused global variables.
+ + commit 915864e7f0315b0c96315d0bcd48b1b93592353a
+ * dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
+ * dirmngr/ocsp.c (oidstr_certHash): Comment.
+
+ dirmngr: Implement debug option "network" for http.
+ + commit da894c48ec3393e7c815f575daa5a52ab37cc102
+ * dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
+
+ dirmngr: Add debug code to http.c.
+ + commit 02ab4b0085f8b4cdfe163d25ddd0fc80753d7f4a
+ * dirmngr/http.c (opt_verbose, opt_debug): New vars.
+ (http_set_verbose): New function.
+ (_my_socket_new): Add debug output.
+ (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
+ OPT_DEBUG has ben set to 2 in a debugger.
+ (http_session_new, http_session_ref): Ditto.
+ (send_request, http_start_data): Print debug output for the request.
+ (parse_response): Change to use log_debug_string for the response.
+
+ common: New function log_debug_with_string.
+ + commit 088d71d3671e74eb088386026f0e439a7e3b5543
+ * common/logging.c (do_logv): Factor some code out to ...
+ (print_prefix): new.
+ (log_logv): Add arg EXTRASTRING and print it. Change all callers to
+ pass NULL for it.
+ (log_debug_with_string): New. Uses EXTRASTRING.
+
+2017-01-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ common: Avoid unnecessary ambiguity in argparse.
+ + commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f
+ * common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
+
+2017-01-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"
+ + commit a20a450ac4ef10847fd59a5fd3acbbd2bfcaa6a2
+ * doc/examples/systemd-user/*.service: Add ExecReload directives to
+ indicate the canonical way to reload the services.
+
+ GnuPG recommends reloading the agent and dirmngr with "gpgconf
+ --reload". if anyone is running them as systemd user services, they
+ might ask them to reload in the systemd way, so teach systemd the
+ right thing to do.
+
+2017-01-10 Justus Winter <justus@g10code.com>
+
+ tests: Improve gpgconf test.
+ + commit 88e42ef08d65d4d1bc29c6cea48df19ca0d5e2bd
+ * tests/openpgp/defs.scm (valgrind): New variable.
+ (gpg-config): Fix clearing an option.
+ * tests/openpgp/gpgconf.scm: Also toggle 'quiet'.
+
+ tools: Fix memory leaks and improve error handling.
+ + commit 1f5caf90bfaaaf7b9d8c06c12087aeeae3748032
+ * tools/gpgconf-comp.c (gc_option_free): New function.
+ (gc_components_free): Likewise.
+ (gc_components_init): Likewise.
+ (retrieve_options_from_program): Use 'xfree', fix memory leak.
+ (change_options_program): Improve error handling.
+ (gc_component_change_options): Fix memory leaks.
+ * tools/gpgconf.c (main): Initialize components.
+ * tools/gpgconf.h (gc_components_init): New prototype.
+
+ tests: Add test for gpgconf.
+ + commit c8cfc62125aceee0ca48aab5c8a9fea1ec1ef652
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/defs.scm (percent-encode): New function.
+ (gpg-conf): Generalize so that we can feed stdin.
+ (gpg-config): New function.
+ * tests/openpgp/gpgconf.scm: New file.
+
+ common: Fix fallback code.
+ + commit bfd6a490129ffc7c7ac8776bf5a5da3b1ddf6d42
+ * common/logging.c (_log_assert): Fix the variant for compilers that
+ do not support __FUNCTION__.
+ * common/logging.h (_log_assert): Likewise.
+
+2017-01-09 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
+ + commit 0cc975d8a1cd54115938202432e43263b8893ea4
+ * dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
+ (make_host_part): Rewrite.
+
+ dirmngr: Do not use a SRV record for HKP if a port was specified.
+ + commit c2cbe2f87c480c62239dc4c2cbb352acd98cd267
+ * dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
+ * dirmngr/http.c (do_parse_uri): That it.
+ * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
+ (make_host_part): Ditto.
+ (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
+ (ks_hkp_search): Ditto.
+ (ks_hkp_get): Ditto.
+ (ks_hkp_put): Ditto.
+
+2017-01-08 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Implement experimental SRV record lookup for WKD.
+ + commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10
+ * dirmngr/server.c (cmd_wkd_get): Support SRV records.
+
+ dirmngr: Improve debug output for TLS.
+ + commit 714faea4fa7f30d42e9986358214a99aa8fa57b3
+ * dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
+
+ dirmngr: Change internal SRV lookup API.
+ + commit 16078f3deea5b82ea26e2f01dbd3ef3a5ce25410
+ * dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
+ * dirmngr/http.c (connect_server): Simplify SRV lookup.
+ * dirmngr/ks-engine-hkp.c (map_host): Ditto.
+ * dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
+
+ dirmngr: Strip root zone suffix from libdns SRV results.
+ + commit 9fa94aa10778bbd680315e93b23175423e338c40
+ * dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
+ target.
+
+2017-01-06 Werner Koch <wk@gnupg.org>
+
+ agent,w32: Fix annoying output to DebugView.
+ + commit 8d774904c8066d8c0f19cfffe2d568979bb8c470
+ * agent/gpg-agent.c (startup_fd_list): Do not define for W32.
+ (main) [W32]: Do not call get_all_open_fds.
+
+2017-01-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for --disable-ccid for scdaemon.
+ + commit 858e14cd794e2a6125d51e652a754bbe26def997
+ * scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
+ with no table.
+ (apdu_open_reader): Only increment when it's zero.
+
+ scd: Fix for --disable-ccid-driver.
+ + commit 62268a2732dddca7a05ca4cf45d0e4338c7dc3c4
+ * scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
+ [HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.
+
+ scd: Support multiple readers by CCID driver.
+ + commit 8a41e73c31adb86d4a7dca4da695e5ad1347811f
+ * scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
+ (close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
+ (apdu_close_reader): ... by this function now.
+ (apdu_prepare_exit): Likewise.
+ (open_ccid_reader): Open with dev_list.
+ (apdu_dev_list_start, apdu_dev_list_finish): New.
+ (apdu_open_one_reader): New.
+ (apdu_open_reader): Support multiple readers.
+ * scd/app.c (select_application): With SCAN, opening all readers
+ available, and register as new APP.
+ (app_write_learn_status): app->ref_count == 0 is valid for APP which is
+ not yet used.
+ (app_list_start, app_list_finish): New.
+ * scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
+ Add BAI.
+ (parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
+ (ccid_dev_scan, ccid_dev_scan_finish): New.
+ (ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
+ (ccid_open_reader): Support multiple readers.
+ (ccid_set_progress_cb, ccid_close_reader): No RID any more.
+
+2017-01-05 Werner Koch <wk@gnupg.org>
+
+ Silence two -Wlogical-op warnings.
+ + commit 6170eb809033c9d144abf3b1f31f8b936878cdd4
+ * common/tlv.c (parse_ber_header): Avoid compiler warning about a
+ duplicate condition.
+ * tools/gpgtar-create.c (pattern_valid_p): Likewise.
+
+2017-01-05 Justus Winter <justus@g10code.com>
+
+ tests: New test for --{show,override}-session-key.
+ + commit 168c8c9d79a817c1f08a9ef976dab377f8c4c69e
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/decrypt-session-key.scm: New file.
+
+ tests: Fix macro.
+ + commit 4ded213698123a425393b89a800fda2a4ec5229d
+ * tests/openpgp/defs.scm (with-ephemeral-home-directory): Make
+ hygienic, use define-macro, do not change to the ephemeral home
+ directory.
+ * tests/gpgsm/setup.scm: Change to the ephemeral home directory.
+ * tests/openpgp/setup.scm: Likewise.
+
+2017-01-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ g10: avoid warning when --disable-tofu.
+ + commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd
+ If configured with --disable-tofu, we see compiler warnings about an
+ unused variable. This should remove those warnings.
+
+2017-01-04 Justus Winter <justus@g10code.com>
+
+ tests,w32: Fix locating the components.
+ + commit 28e149609da44fab600f6a11b385d1c8ca8e7eb9
+ * tests/openpgp/defs.scm (percent-decode): New function.
+ (bin-prefix): New variable.
+ (installed?): Likewise.
+ (tool-hardcoded): Use the new variables.
+ (gpg-conf): Use the new function to decode the values.
+ (gpg-components): Do not use '--build-prefix' when 'installed?'.
+
+2017-01-03 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
+ + commit 969512401603639e4467ede7d892f1b02582c2c9
+ * dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
+ (reload_dns_stuff): Reset tor port.
+ * dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
+ (main): Remove warning that Tor mode may not fully work.
+ * dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
+ initialization.
+ * dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
+ checking for enable_dns_tormode.
+
+ dirmngr: New debug message on correctly initialized libdns.
+ + commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d
+ * dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
+ success.
+
+2017-01-02 Justus Winter <justus@g10code.com>
+
+ common: Turn assertions into expressions.
+ + commit a1e0d4a1e75fc6e6c3392a4e1d1d27005b38d6cc
+ * common/logging.h (log_assert): Turn this into an expression so it
+ can be used in expressions.
+
+ tests: Fix faked time in the TOFU test.
+ + commit 6d065198337b5242889723481bfa9ce81aa108bb
+ * tests/openpgp/tofu.scm (GPG): Fix time delta.
+
+2017-01-02 Werner Koch <wk@gnupg.org>
+
+ g13: Improve printing of debug infos.
+ + commit 5b6ebfb9244602d9de31d61c7eceb0c45ac8aa49
+ * g13/g13tuple.c (all_printable): Make it work.
+
+ Replace use of variable-length-arrays.
+ + commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1
+ * common/t-iobuf.c (main): Replace variable-length-array.
+ * g10/gpgcompose.c (mksubpkt_callback): Ditto.
+ (encrypted): Ditto.
+ * g10/t-stutter.c (log_hexdump): Ditto.
+ (oracle_test): Ditto.
+ * g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t.
+ * scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
+ Check for zero length OID_LEN.
+
+2017-01-02 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fail if too many arguments are given.
+ + commit b0e14bd6ff8401b12b2b39f75aef94d3ad28017f
+ * tests/gpgscm/scheme.c (opexe_0): Enable check.
+ * tests/gpgscm/tests.scm (test::report): Remove superfluous argument.
+
+ gpgscm: Add 'finally', rework all macros.
+ + commit b79274a3b7e58f88e9a8c1dc1fb24dd3e983543c
+ * tests/gpgscm/init.scm (finally): New macro.
+ * tests/gpgscm/tests.scm (letfd): Rewrite.
+ (with-working-directory): Likewise.
+ (with-temporary-working-directory): Likewise.
+ (lettmp): Likewise.
+
+ gpgscm: Use boxed values for source locations.
+ + commit e8b843508dac96e9d0a3140954dd5a3618669cec
+ * tests/gpgscm/scheme-private.h (struct port): Use boxed values for
+ filename and current line. This allows us to use the same Scheme
+ object for labeling all expressions in a file.
+ * tests/gpgscm/scheme.c (file_push): Use boxed type for filename.
+ (mark): Mark location objects of port objects.
+ (gc): Mark location objects in the load stack.
+ (port_clear_location): New function.
+ (port_reset_current_line): Likewise.
+ (port_increment_current_line): Likewise.
+ (file_pop): Adapt accordingly.
+ (port_rep_from_filename): Likewise.
+ (port_rep_from_file): Likewise.
+ (port_close): Likewise.
+ (skipspace): Likewise.
+ (token): Likewise.
+ (_Error_1): Likewise.
+ (opexe_0): Likewise.
+ (opexe_5): Likewise.
+ (scheme_deinit): Likewise.
+ (scheme_load_file): Likewise.
+ (scheme_load_named_file): Likewise.
+
+2017-01-02 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Strip root zone suffix from libdns cname results.
+ + commit b200e636ab20d2aa93d9f71f3789db5a04af0a56
+ * dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
+ (get_dns_cname_libdns): Ditto.
+
+2016-12-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix select_application.
+ + commit 337690441fcb19343fe56b139f5649bed7d25c83
+ * scd/app.c (select_application): Fix the condition for open.
+
+ scd: Fix card removal monitor.
+ + commit f300e12a793d59deb1a369713384eaabfa39b3e6
+ * scd/app.c (app_reset): Call send_client_notification with REMOVAL.
+ (scd_update_reader_status_file): Likewise.
+ * scd/command.c (send_client_notifications): Distinguish removal.
+
+2016-12-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Improve internal CCID driver.
+ + commit cdc8d0bd933b958db878861587322bc541b580b3
+ * scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
+ configuration but use active configuration. Support alt_setting.
+ (scan_or_find_devices): Support alt_setting.
+ (ccid_open_reader): Support alt_setting.
+
+ scd: Fix a race condition for new_reader_slot.
+ + commit c48cf7e32ffa02ebdf00265543344c611bef0431
+ * scd/apdu.c (reader_table_lock, apdu_init): New.
+ (new_reader_slot): Serialize by reader_table_lock.
+ * scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
+ usage.
+ (initialize_module_command): Call apdu_init.
+ * scd/scdaemon.c (main): Handle error for initialize_module_command.
+
+2016-12-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: APP centric approach for device management.
+ + commit 4cc9fc5eb9bd91d943c185d59da4a2b4cb885ee6
+ * scd/app.c (lock_app): Rename from lock_reader and use internal field
+ of APP.
+ (unlock_app): Likewise.
+ (app_dump_state): Use APP.
+ (application_notify_card_reset): Remove.
+ (check_conflict): Change API for APP, instead of SLOT.
+ (check_application_conflict): Likewise.
+ (release_application_internal): New.
+ (app_reset): New.
+ (app_new_register): New.
+ (select_application): Change API for APP, instead of SLOT.
+ (deallocate_app, release_application): Modify for manage link.
+ (report_change): New.
+ (scd_update_reader_status_file): Moved from command.c and
+ use APP list, instead of VREADER.
+ (initialize_module_command): Moved from command.c.
+
+ * scd/command.c (TEST_CARD_REMOVAL): Remove.
+ (IS_LOCKED): Simplify.
+ (vreader_table): Remove.
+ (vreader_slot, update_card_removed): Remove.
+ (do_reset): Call app_reset.
+ (get_current_reader): Remove.
+ (open_card): Add SCAN arg.
+ (cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
+ No do_reset, since it is done in lower layer.
+ Add clearing card_removed flag.
+ (cmd_disconnect): Call apdu_disconnect.
+ (send_client_notifications): Modify for APP.
+ (update_reader_status_file): Remove.
+
+ scd: Simplify monitoring card removal.
+ + commit f9882d8336feea96e3b5e250e9093f8cca01e08b
+ * scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
+ status, and change_counter field.
+ (new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
+ (connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
+ (open_ccid_reader, apdu_reset): Follow the change.
+ (ct_dump_reader_status): Remove.
+ (apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
+ (apdu_connect): Follow the change.
+ * scd/command.c (struct vreader_s): Remove reset_failed, any, and
+ changed field.
+ (cmd_getinfo, update_reader_status_file): Follow the change.
+
+2016-12-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Improve internal CCID driver.
+ + commit c7ec9c42246033e14ebad679d11f3b1fbeed23b7
+ * scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
+ Support device with multiple CCID interfaces. Fix the case with
+ READERNO. Support partial string match of "reader-port" like PC/SC
+ driver.
+
+2016-12-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix for --disable-libdns usage.
+ + commit d26c51825e2255fe58305cbc1cd74fa43f80d93e
+ * dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
+ (reload_dns_stuff): Conditionalize with USE_LIBDNS.
+ (get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.
+
+2016-12-22 Neal H. Walfield <neal@g10code.com>
+
+ tools: Show a clearer error message if a server doesn't support WKS.
+ + commit 1909e994cb87d6c6866a465f0c20a456d4df46cc
+ * tools/gpg-wks-client.c (command_send): If we fail to lookup the
+ submission address, print a better error message. If it is because
+ the corresponding file doesn't exist, provide the hint that the server
+ probably doesn't support WKS.
+
+2016-12-22 Werner Koch <wk@gnupg.org>
+
+ wks: Let the client ignore missing policy flags.
+ + commit e917dfcd973a3ebbf5eb584e819ffa89f932bfef
+ * tools/gpg-wks-client.c (command_send): Ignore missing policy flags.
+
+2016-12-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Clean up internal API for APP.
+ + commit 8431f5a7e88e1f42d75c4a4b61f4aa9b35457204
+ * scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
+ app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
+ the second argument.
+ * scd/app.c: Supply CTRL to lock_reader calls.
+ * scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
+ cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
+ change.
+
+2016-12-21 Justus Winter <justus@g10code.com>
+
+ gpgscm: Guard use of union member.
+ + commit 6e96cdd41a0e55b672309431062f37c4a4a9f485
+ * tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
+ before accessing filename. Fixes a crash on 32-bit architectures.
+
+2016-12-20 Werner Koch <wk@gnupg.org>
+
+ tests: Avoid skipping exectool tests.
+ + commit 6204f8104fea42d706a68e77e2dc0bca4704bddc
+ * common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
+ (test_executing_false): Try also /usr/bin/false.
+
+2016-12-20 Justus Winter <justus@g10code.com>
+
+ tests: Add test suite for gpgsm.
+ + commit 36c14139285982def6ad942d4b2d8bef7ed4ea76
+ * configure.ac (AC_CONFIG_FILES): Add new file.
+ * tests/Makefile.am (SUBDIRS): Add new directory.
+ * tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file.
+ * tests/gpgsm/Makefile.am: Likewise.
+ * tests/gpgsm/cert_dfn_pca01.der: Likewise.
+ * tests/gpgsm/cert_dfn_pca15.der: Likewise.
+ * tests/gpgsm/cert_g10code_test1.der: Likewise.
+ * tests/gpgsm/decrypt.scm: Likewise.
+ * tests/gpgsm/encrypt.scm: Likewise.
+ * tests/gpgsm/export.scm: Likewise.
+ * tests/gpgsm/gpgsm-defs.scm: Likewise.
+ * tests/gpgsm/import.scm: Likewise.
+ * tests/gpgsm/plain-1.cms.asc: Likewise.
+ * tests/gpgsm/plain-2.cms.asc: Likewise.
+ * tests/gpgsm/plain-3.cms.asc: Likewise.
+ * tests/gpgsm/plain-large.cms.asc: Likewise.
+ * tests/gpgsm/run-tests.scm: Likewise.
+ * tests/gpgsm/setup.scm: Likewise.
+ * tests/gpgsm/shell.scm: Likewise.
+ * tests/gpgsm/sign.scm: Likewise.
+ * tests/gpgsm/verify.scm: Likewise.
+
+ tests: Add macro managing ephemeral home directories.
+ + commit c067a012c764218b94ce8de2914615a895a75f3e
+ * tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro.
+ * tests/openpgp/setup.scm: Use the new macro.
+
+ tests: Move argument parser.
+ + commit a30c0a6972cabde3858108e9020e900696094843
+ * tests/gpgme/gpgme-defs.scm (flag): Move...
+ * tests/gpgscm/tests.scm: ... over here.
+
+ tests: Add missing encrypted sample, cleanup samples handling.
+ + commit e2ed3c1597daf3188ddce049cc3c50113d56f1b9
+ * tests/openpgp/Makefile.am (TEST_FILES): Add new file.
+ * tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
+ (all-files): New variable.
+ (create-sample-files): New function.
+ (create-legacy-gpghome): Use new function.
+ * tests/openpgp/plain-large.asc: New file.
+
+2016-12-20 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.17.
+ + commit ade32464a25fdb35cc0f39e46d303ceba68ea8f6
+
+
+ sm: Remove wrong example from gpgsm --help.
+ + commit 13465e708bb67e816e4fb3a37c117ad91dc6383f
+ * sm/gpgsm.c (opts): Remove group 303.
+
+ dirmngr: New option --resolver-timeout.
+ + commit 81c012787fabf734d9c952c6f18ecac21929d4d8
+ * dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
+ (opt_timeout): New var.
+ (set_dns_timeout): New.
+ (libdns_res_open): Set the default timeout.
+ (libdns_res_wait): Use configurable timeout.
+ (resolve_name_libdns): Ditto.
+
+ * dirmngr/dirmngr.c (oResolverTimeout): New const.
+ (opts): New option --resolver-timeout.
+ (parse_rereadable_options): Set that option.
+ (main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
+ * tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
+ and --nameserver.
+
+ * dirmngr/http.c (connect_server): Fix yesterday introduced bug in
+ error diagnostic.
+
+2016-12-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix problems with the getsrv function.
+ + commit af8b68fae39b1378c769e0de6ba6437ea1aac7e3
+ * dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
+ (set_dns_verbose): New func.
+ (libdns_switch_port_p): Add debug output.
+ (resolve_dns_name): Ditto.
+ (get_dns_cert): Ditto.
+ (get_dns_cname): Ditto.
+ (getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
+ (getsrv): Rename to ...
+ ((get_dns_srv): this. Add arg R_COUNT and return an error. Add debug
+ output.
+ * dirmngr/http.c: Adjust for chnaged getsrv().
+ * dirmngr/ks-engine-hkp.c (map_host): Ditto.
+ * dirmngr/t-dns-stuff.c (main): Ditto. Call set_dns_verbose.
+ * dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
+
+ build: Add target to sign the windows installer.
+ + commit 284ec54495dddc9eb0232e959cf994234097578a
+ * build-aux/speedo.mk (w32-sign-installer): New.
+ (AUTHENTICODE_KEY): New.
+ (installer-from-source): Use cp instead of mv. Factor code out to ...
+ (MKSWDB_commands): new macro.
+ (sign-installer): New.
+
+2016-12-19 Justus Winter <justus@g10code.com>
+
+ tests: Use the common test framework for the migration tests.
+ + commit 65a0d6a24e6299682793f213a9d2bae17c5b12d9
+ * tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
+ (TESTS_ENVIRONMENT): Populate.
+ (TESTS): Rename to 'XTESTS'.
+ (xcheck): New target.
+ (EXTRA_DIST): Add new files.
+ (CLEANFILES): Remove log files.
+ * tests/migrations/common.scm: Honor 'verbose', fix paths.
+ * tests/migrations/run-tests.scm: New file.
+ * tests/migrations/setup.scm: Likewise.
+
+ tests: Use sequential test runner if only one test is given.
+ + commit 0bf16d702665a269ce5ef724c927fbbd8f7f1ce9
+ * tests/openpgp/run-tests.scm: Use sequential test runner if only one
+ test is given.
+
+2016-12-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr,w32: Hack around a select problem.
+ + commit d51499fdc522a696f23c6776c3ab248742f4e06a
+ * dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
+ (dns_poll): Return an error instead of hitting an assertion failure.
+
+2016-12-19 Neal H. Walfield <neal@g10code.com>
+
+ test: Extend TOFU tests to also check the days with signatures.
+ + commit aec89a7297bae30f79a63fdc830530e82bab6170
+ * tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
+ (faketime): New function.
+ (days->seconds): Likewise.
+ (GPG): Use faketime.
+ (check-counts): Also check the number of expected days with signatures
+ and encryptions. Update callers. Extend tests.
+
+2016-12-19 Justus Winter <justus@g10code.com>
+
+ tests: New test for --delete-[secret-]keys.
+ + commit a1afc450e182af02ad5e6f6ba79e9dc4332ca2bc
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/defs.scm (keys): New variable.
+ (have-public-key?): New function.
+ (have-secret-key?): Likewise.
+ (have-secret-key-file?): Likewise.
+ * tests/openpgp/delete-keys.scm: New file.
+ * tests/openpgp/quick-key-manipulation.scm: Move the accessors to
+ 'defs.scm'.
+
+ gpgscm: Change associativity of ::.
+ + commit a45dc0849da0d944ec8c759bc8e3e733b1eb0079
+ * tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
+ infix-operator. This makes it possible to naturally express accessing
+ nested structures (e.g. a::b::c).
+
+ gpgscm: Display location when assertions fail.
+ + commit 3949cbd1128585c9b810713aeffaa1455fb5aed9
+ * tests/gpgscm/lib.scm (assert): Use location information if
+ available.
+
+ gpgscm: Make exception handling more robust.
+ + commit df00745d6eed7034b218a0c482a46d975425798a
+ * tests/gpgscm/init.scm (throw'): Check that args is a list.
+
+2016-12-19 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo,w32: Use nsExec::ExecToLog to avoid popups.
+ + commit 026bbf0d5ee4510967e5f1dd3db2dee4687b0612
+ * build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
+ ExecWait.
+
+2016-12-19 Werner Koch <wk@gnupg.org>
+
+ Remove unused debug flags and add "dns" and "network".
+ + commit e384405b6e251629fb36bcbba4f5f9ac15a39d10
+ * g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
+ * g10/gpg.c (debug_flags): Remove "cardio".
+ * agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
+ * agent/gpg-agent.c (debug_flags): Remove "command".
+ * scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
+ * scd/scdaemon.c (debug_flags): Remove "command".
+ * dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
+ (DBG_NETWORK_VALUE, DNG_NETWORK): New.
+ * dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
+
+2016-12-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix setup of libdns for W32.
+ + commit e77b924fec1082faae48cdd2ff8474874a22bdf7
+ * configure.ac (DNSLIB) {W32]: Add -liphlpapi.
+ * dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
+ WIN32_LEAN_AND_MEAN.
+ (libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
+ * dirmngr/t-dns-stuff.c (init_sockets): New.
+ (main): Call it.
+
+2016-12-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Auto-switch from Tor port to Torbrowser port.
+ + commit 024dbd7162fc1a7694176ebad3c21ee3ea67c024
+ * dirmngr/dns-stuff.c (libdns_tor_port): New var.
+ (set_dns_nameserver): Clear that var.
+ (libdns_init): Init var to the default port.
+ (libdns_switch_port_p): New func.
+ (resolve_dns_name): Use function to switch the port
+ (get_dns_cert): Ditto.
+ (getsrv): Ditto.
+ (get_dns_cname): Ditto.
+
+ dirmngr: Use one context for all libdns queries.
+ + commit c4e8a3194d6b92f596a6483e486c645de7d2ddd1
+ * dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
+ (enable_recursive_resolver): Set var.
+ (set_dns_nameserver): Ditto.
+ (libdns_init): Avoid double initialization.
+ (libdns_deinit): New.
+ (reload_dns_stuff): New.
+ (libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
+ * dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
+ memory.
+ * dirmngr/dirmngr.c (cleanup): Ditto.
+ (dirmngr_sighup_action): Call reload_dns_stuff to set
+ LIBDNS_REINIT_PENDING.
+
+ dirmngr: Pass Tor credentials to libdns.
+ + commit ddb48086833f8b86f0f0d69b21a23f245090ea7a
+ * dirmngr/dns-stuff.c (tor_credentials): Replace by ...
+ (tor_socks_user, tor_socks_password): new vars.
+ (enable_dns_tormode): Set these new vars.
+ (libdns_res_open): Tell libdns the socks credentials.
+
+ dirmngr: Factor common libdns code out.
+ + commit 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec
+ * dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init
+ and dns-res_open by a call to this func.
+ (libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls.
+ (libdns_res_wait): New function.
+ (resolve_name_libdns): Replace loop by libdns_res_wait.
+ (get_dns_cert_libdns): Ditto.
+ (getsrv_libdns): Ditto.
+
+ gpg,sm: A few more option for --gpgconf-list.
+ + commit 48671f295ff233765689b6a73021f83ab845a28f
+ * g10/gpg.c (gpgconf_list): Add --compliance and
+ --default-new-key-algo.
+ (parse_compliance_option):
+ * sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.
+
+ gpgconf: New command --apply-profile.
+ + commit 76cd64a5baf6057b199c01f7999b327f1f4a87bc
+ * tools/gpgconf.c (aApplyProfile): New.
+ (opts): New command --apply-profile.
+ (main): Implement that command.
+ * tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
+ (change_options_program): Ditto.
+ (change_one_value): Ditto.
+ (gc_component_change_options): Ditto.
+ (gc_apply_profile): New.
+
+ gpgconf: Fix --apply-defaults.
+ + commit 6ca3c28da46873416822bf6ab7893db6c56a49d6
+ * tools/gpgconf-comp.c: Skip pinentry also in process_all mode.
+
+2016-12-16 Justus Winter <justus@g10code.com>
+
+ doc: Mention extra information in pinentry status lines.
+ + commit 12a5265afa7f87ad92fb571e0882e57b07a3c267
+ * doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
+ information.
+
+ sm: Fix agent communication.
+ + commit 3c7d6a1769ed6cc90d86247a814a0dce341512a3
+ * sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle
+ to the callback.
+ (gpgsm_scd_pksign): Likewise.
+ (gpgsm_agent_reaedkey): Likewise.
+
+2016-12-16 Neal H. Walfield <neal@g10code.com>
+
+ doc: Fix manual.
+ + commit a165fa09be4bfbeb97ebe25d551a9045255e5028
+ * doc/gpg.texi: Remove comment about options being parsed in-order.
+ They aren't.
+
+ g10: Use total days, not total messages to compute TOFU validity.
+ + commit 4a2c210b75d4266e289712e73a42c286aabb07f0
+ * g10/tofu.c (write_stats_status): Use the number of days with
+ signatures / encryptions to compute the validity, not the total number
+ of signatures / encryptions.
+ (BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
+ (FULL_TRUST_THRESHOLD): Likewise.
+
+ g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
+ + commit 94f6b9010d2e80a75ccbb21426faf0b30195f1ab
+ * doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
+ line.
+ * g10/tofu.c (write_stats_status): Take additional parameters
+ signature_days and encryption_days. Update callers. Include them in
+ the tfs record and TOFU status lines.
+ (show_statistics): Compute the number of days on which we saw a
+ message signed by FINGERPRINT, and the number of days on which we
+ encrypted a message to it.
+
+2016-12-16 Justus Winter <justus@g10code.com>
+
+ doc: Improve section on unattended key generation.
+ + commit ca02a8b78fca8815388a859962584d75169ae3ee
+ * doc/gpg.texi: Improve the subsection on unattended key generation by
+ suggesting the quick key manipulation interface as an alternative, and
+ by suggesting alternatives to '%pubring' and '%secring'. Simplify
+ examples accordingly.
+
+ doc: Add documentation for programmatic use of GnuPG.
+ + commit 116a78eb869c4c589228bd0d6deff7c7a9f92dfb
+ * doc/gpg.texi: New subsections on programmatic use of GnuPG,
+ ephemeral home directories, and the quick key manipulation interface.
+
+2016-12-16 Neal H. Walfield <neal@g10code.com>
+
+ g10: On a TOFU conflict, write the conflicting keys to the status fd.
+ + commit fea9da4a8afab6f3a49cdbbcc4a7a21f27a6d3e8
+ * g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
+ their statistics on the status fd.
+ (get_trust): Likewise, if we don't call ask_about_binding.
+ (show_statistics): Have the caller pass the policy as returned by
+ get_policy. Add argument only_status_fd and don't emit any output on
+ stdout if it is set. Update callers.
+
+ g10: Add missing space.
+ + commit 6caa2d0ba2bfc0ae93878738b0169483f6b6b462
+ * g10/tofu.c (tofu_register_encryption): Add missing space.
+
+2016-12-15 Justus Winter <justus@g10code.com>
+
+ g10: Avoid translating simple error messages.
+ + commit 6b16b02109f4bb5b934e456667ff4c0ba7bc85fd
+ * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
+
+ g10: Rework the --quick-* interface.
+ + commit 41ad04d403de05abe54280d2a84aa51a603194e4
+ * g10/gpg.c (opts): Rename options.
+ (main): Update errors.
+ * doc/gpg.texi: Update accordingly.
+
+ g10: Rename 'card-edit' to 'edit-card'.
+ + commit 6e4396723e9e5865015ebf7033628fa3919cf7d1
+ * g10/gpg.c (opts): Rename option.
+ * g10/call-agent.c (agent_scd_learn): Update comment.
+ * doc/gpg.texi: Update accordingly.
+
+ g10: Spell out --desig-revoke.
+ + commit 3c691097ca144e9a1d4c9185636c59a848bec85c
+ * g10/gpg.c (opts): Rename option.
+ * doc/gpg.texi: Update accordingly.
+
+ g10: Shorten unreasonably long option.
+ + commit c252627c6fd93bc305c5a5a2f013c3de2d45c6b0
+ * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
+ 'generate-revocation'.
+ * doc/gpg.texi: Update accordingly.
+ * po: Update translations.
+
+ doc: Add aliases of all changed options.
+ + commit bc6b76ef26f31c54ae1c29c761b8ecc437fcf565
+ * doc/gpg.texi: Add the old version of every option that was updated
+ with the last change set.
+ * doc/gpgsm.texi: Likewise.
+
+2016-12-15 Werner Koch <wk@gnupg.org>
+
+ dirmngr: First patch to re-enable Tor support.
+ + commit 2d1760ffe2ff46b77bd0f38db8b781d9564ae999
+ * dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
+ constants.
+ (libdns_init): Start adding tor support.
+ (resolve_name_libdns): Pass socks hosts to dns_res_open.
+ (get_dns_cert_libdns): Ditto.
+ (getsrv_libdns): Ditto.
+ (get_dns_cname_libdns): Ditto.
+
+2016-12-15 Justus Winter <justus@g10code.com>
+
+ build: Fix distcheck.
+ + commit 0e2055c7d30d987a7a74923a7080b80cce470601
+ * tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs.
+
+2016-12-14 Justus Winter <justus@g10code.com>
+
+ tests: Reuse GPGME's tests.
+ + commit 948cca9c99e701a1668bb5fd6e25f07e35381b4d
+ * configure.ac (AC_CONFIG_FILES): Add new Makefile.
+ * tests/Makefile.am (SUBDIRS): Add new directory.
+ * tests/gpgme/Makefile.am: New file.
+ * tests/gpgme/gpgme-defs.scm: Likewise.
+ * tests/gpgme/run-tests.scm: Likewise.
+ * tests/gpgme/setup.scm: Likewise.
+ * tests/gpgme/wrap.scm: Likewise.
+
+ common: Support locating components in the build tree.
+ + commit ca1e9749bfb069d90aa44efbf6f3d611b6104c1b
+ * common/homedir.c (gnupg_build_directory): New variable.
+ (gnupg_module_name_called): Likewise.
+ (gnupg_set_builddir): New function.
+ (gnupg_set_builddir_from_env): Likewise.
+ (gnupg_module_name): Support locating components in the build tree.
+ * common/util.h (gnupg_set_builddir): New prototype.
+ * tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
+ (tool): Rename to 'tool-hardcoded.
+ (gpg-conf): New function, with accessors for the results.
+ (gpg-components): New variable.
+ (tool): New function.
+ * tools/gpgconf.c (enum cmd_and_opt_values): New key.
+ (opts): New option '--build-prefix'.
+ (main): Handle new option.
+
+ tests: Rework check for trust models.
+ + commit 55dc81125abc43cd3cc8db951fc3b8a81767942d
+ * tests/openpgp/defs.scm (gpg-has-option?): New function.
+ (have-opt-always-trust): Use a simpler test for that option. This way
+ that is less distracting when we run the tests with verbose=3.
+
+2016-12-14 Werner Koch <wk@gnupg.org>
+
+ dirmngr: New configure option --disable-libdns.
+ + commit d34a2bb410c7c770d26430d69ff77bd83fc407f1
+ * configure.ac: Add option --disable-libdns
+ (USE_LIBDNS): New ac_subst and am_conditional.
+ (USE_C99_CFLAGS): Set only if libdns is used.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
+ (dirmngr_SOURCES) [USE_LIBDNS0: here.
+ (t_common_src): Ditto.
+ * dirmngr/dirmngr.c (oRecursiveResolver): New constant.
+ (opts): New option "--recursive-resolver".
+ (parse_rereadable_options): Set option.
+ * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
+ * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
+ new variables.
+ * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
+ Also build and call dnslib functions only if USE_DNSLIB is defined.
+ (recursive_resolver): New var.
+ (enable_recursive_resolver): New func.
+ (recursive_resolver_p): New func.
+
+ dirmngr: Implement CERT record lookup via libdns.
+ + commit 3c2a7918eac024b5e1258ea9b272b4e8a1f1af43
+ * dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
+ (get_dns_cert_standard): Fix URL malloc checking.
+
+ dirmngr: Implement CNAME and SRV record lookup via libdns.
+ + commit 4c13e4e3debe0e55e86ae29c095f2d86eb0a6f11
+ * dirmngr/dns-stuff.c (dns_free): New macro.
+ (libdns): Move var to the top.
+ (libdns_error_to_gpg_error): Map error codes to the new gpg-error
+ codes.
+ (resolve_name_libdns): Restructure code.
+ (getsrv_libdns): New.
+ (get_dns_cname_libdns): New.
+
+ dirmngr: Fix bugs in the standard resolver code.
+ + commit 4a030f682ef48542ed324b28207f2c2b4847dbef
+ * dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
+ source.
+ (get_h_errno_as_gpg_error): New.
+ (get_dns_cert_libdns): Fix error code.
+ (getsrv_libdns): Add arg R_COUNT and return an error code.
+ (getsrv_standard): Ditto. Fix handling of res_query errors and
+ provide the correct size for the return buffer.
+ (getsrv): Adjust for changed worker functions.
+ (get_dns_cname_standard): Fix handling of res_query errors and provide
+ the correct size for the return buffer.
+
+ dirmngr: Require a c99 compiler.
+ + commit 392966aed9b2a5e1456c671e5d13b561a27e4bb2
+ * configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for
+ gcc.
+ * dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
+ (t_http_CFLAGS): Ditto.
+ (t_ldap_parse_uri_CFLAGS): Ditto.
+ (t_dns_stuff_CFLAGS): Ditto.
+
+ doc: Add license notes for libdns.
+ + commit d84f5a88233c073a82fd47728574b001343784ee
+ * COPYING.other: New.
+ * Makefile.am (EXTRA_DIST): Add it.
+ * AUTHORS: Add info on libdns.
+ * build-aux/speedo/w32/pkg-copyright.txt: Add license terms.
+
+ common: Add replacements for error codes from gpg-error 1.26.
+ + commit aae68a3ccd3d9870162b3ffd49eae08d5bf1b1e1
+
+
+2016-12-14 Justus Winter <justus@g10code.com>
+
+ dirmngr: New libdns snapshot.
+ + commit f8ab2c4c70ad15c4b2e45492606fb94ddaccdac7
+
+
+ dirmngr: Add basic libdns support.
+ + commit f6acd0426453d3a18536ca69d63baa0d971082ef
+ * dirmngr/dns.c: New file.
+ * dirmngr/dns.h: New file.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
+ * dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
+ (libdns): New global var for the libdns state.
+ (libdns_error_to_gpg_error): New.
+ (libdns_init): New.
+ (resolve_name_libdns): New.
+ (get_dns_cert_libdns): New stub.
+ (getsrv_libdns): New stub.
+ (get_dns_cname_libdns): New stub.
+
+ dirmngr,build: Remove support for ADNS.
+ + commit 2e734a3ce159de8fb60df2bd5d454f98ca710717
+ * autogen.rc: Remove '--with-adns' argument.
+ * configure.ac: Remove check for ADNS.
+ * dirmngr/dns-stuff.c: Remove all code that uses ADNS.
+ * dirmngr/server.c (cmd_getinfo): Update status line.
+ * doc/dirmngr.texi: Do not mention ADNS.
+
+2016-12-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Improve ntbtls support.
+ + commit 57aa42ce9b28bc17ac24491d595766fbf80762af
+ * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
+ (send_request): Call ntbtls_set_transport.
+ (cookie_read, cookie_write): Implement.
+ (cookie_close): Add initial implementation for ntbtls.
+
+2016-12-13 Justus Winter <justus@g10code.com>
+
+ g10,sm: Spell out --passwd.
+ + commit c1c35fb887061de05661f3411eda97546e1a52d7
+ * g10/gpg.c (opts): Spell out option.
+ * sm/gpgsm.c (opts): Likewise.
+ * doc/gpg.texi: Update accordingly.
+ * doc/gpgsm.texi: Likewise.
+
+ g10: Spell out --gen-revoke.
+ + commit ec1bd3ae685e95563e38077ab3c1655fd55dea07
+ * g10/gpg.c (opts): Spell out option.
+ * doc/gpg.texi: Update accordingly.
+ * po: Update translations.
+
+ g10: Spell out --full-gen-key.
+ + commit 09163a6390bd9713f3a7946de739765b30ef6f64
+ * g10/gpg.c (opts): Spell out option.
+ (main): Likewise.
+ * g10/keygen.c (generate_keypair): Likewise.
+ * doc/gpg.texi: Update accordingly.
+
+ g10,sm: Spell out --gen-key.
+ + commit 892c827e72b1396e3b58e2f8869cc48328a2b59c
+ * g10/gpg.c (opts): Spell out option.
+ * sm/gpgsm.c (opts): Likewise.
+ * doc/gpg.texi: Update accordingly.
+
+ g10,sm: Spell out --check-sigs.
+ + commit 9147737f1c6894f38b855f3cf38cd33122a1ae2a
+ * g10/gpg.c (opts): Spell out option.
+ * sm/gpgsm.c (opts): Likewise.
+ * doc/gpg.texi: Update accordingly.
+
+ g10,sm: Spell out --list-sigs.
+ + commit a6d6e4afe488bc05ee730e85da6a9505c6cd245a
+ * g10/gpg.c (opts): Spell out option.
+ * sm/gpgsm.c (opts): Likewise.
+ * doc/gpg.texi: Update accordingly.
+
+ g10: Hyphenate --clearsign.
+ + commit 04754ce3a704b1e6d38cb9a28dacf2821dc3f15f
+ * g10/gpg.c (opts): Hyphenate option.
+ * doc/gpg.texi: Update accordingly.
+ * po: Update translations.
+ * tests/openpgp: Update tests.
+
+ g10: Spell out --recv-keys.
+ + commit ca598152345b40f3a236227dfc63ae04ddf777d7
+ * g10/gpg.c (opts): Spell out option.
+ * doc/gpg.texi: Update accordingly.
+
+ g10: Create expiring keys in quick key generation mode.
+ + commit dd3dde07a9a46130ac01d849f8edf0566e44f11f
+ * doc/gpg.texi: Document that fact.
+ * g10/keygen.c (quick_generate_keypair): Use a default value.
+ * tests/openpgp/quick-key-manipulation.scm: Test that fact.
+
+ gpgscm: Print failed and skipped tests.
+ + commit 429891a704057437517cb0b45d11392b40fa1ee8
+ * tests/gpgscm/tests.scm (test-pool::report): Print failed and skipped
+ tests at the end.
+
+ gpgscm: Generalize the test runner.
+ + commit d43dabf4607d3bcfc217eb9aea34d093f5aa698f
+ * tests/gpgscm/tests.scm (test::scm) Add explicit name argument.
+ (test::binary): Likewise. Also, add missing unquote.
+ * tests/openpgp/run-tests.scm: Adapt accordingly.
+
+ gpgscm: Move the test runner to the Scheme library.
+ + commit 1a176b92a8aad42056ed2c4e1f49a5feb40770cf
+ * tests/openpgp/run-tests.scm: Move most of the code...
+ * tests/gpgscm/tests.scm: ... here.
+
+ tests: Refactor test runner.
+ + commit fe36e63763c9c595bb057ac50160d2aff7c7a63f
+ * tests/openpgp/run-tests.scm (locate-test): New function.
+ (test): Factor-out the code starting the child process.
+ (test::binary): New function.
+
+ gpgscm: Improve library functions.
+ + commit e3876f16eb237bdeb9f79aca2e7db5e9e2d86686
+ * tests/gpgscm/tests.scm (absolute-path?): New function.
+ (canonical-path): Use the new function.
+ * tests/gpgscm/lib.scm (string-split-pln): New function.
+ (string-indexp, string-splitp): Likewise.
+ (string-splitn): Express using the above function.
+ (string-ltrim, string-rtrim): Fix corner case.
+ (list->string-reversed): New function.
+ (read-line): Fix performance.
+
+2016-12-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leak in ecc key generation.
+ + commit 98433c70431dfbde99b0e89416856d1eef9ebc88
+ * g10/keygen.c (ecckey_from_sexp): Release curve.
+
+ gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
+ + commit f1304ee9b21e6ceac6c13d04ceddd23fadb5c7f1
+ * g10/keygen.c (get_default_pubkey_algo): New.
+ (parse_key_parameter_string): Use it.
+ * g10/gpg.c (gpgconf_list): Take value from new function.
+
+ gpg: Fix algo string parsing of --quick-addkey.
+ + commit 522e6f798db9f3f3a9e0123fdc389a86ac69dedf
+ * g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
+ (parse_key_parameter_part): Use default key size if only "rsa", "dsa",
+ or "elg" is given.
+
+2016-12-09 Justus Winter <justus@g10code.com>
+
+ g10: Create keys that expire in simple key generation mode.
+ + commit d568a1561642ed9b7b7b6282b86c56786d10a956
+ * g10/keygen.c (default_expiration_interval): New variable.
+ (generate_keypair): Use the new default.
+
+ tests: Add a test for '--quick-addkey'.
+ + commit b778d8deedf344c8116362633925b8153c7f1bf1
+ * tests/openpgp/quick-key-manipulation.scm: Test '--quick-addkey'.
+
+ tests: New test using all available compression algorithms.
+ + commit 59f1562c25119a4fe27411e6350f2149d6147148
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/compression.scm: New file.
+ * tests/openpgp/defs.scm (all-compression-algos): New variable.
+
+ g10: List compression algorithms using human-readable names.
+ + commit c8100fc0faadf8ba35e4df32b4760cc975e3a83d
+ * g10/gpg.c (list_config): List all enabled compression algorithms
+ under the key 'compressname'.
+
+ g10: Fix memory leak.
+ + commit 3de9bad359e28ced4a2539e411d222ffd82a4a62
+ * g10/sign.c (do_sign): Release old signature data.
+
+2016-12-08 Werner Koch <wk@gnupg.org>
+
+ common: Skip the Byte Order Mark in conf files.
+ + commit 5c7d58222834793629a30248e72b6ea96e832dc4
+ * common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM.
+
+ Fix 2 compiler warnings.
+ + commit cb4c7abb774e2d95806d8b0ec6ea5cd130c1b5b8
+ * dirmngr/loadswdb.c: Set ERR on malloc failure.
+ * g10/passphrase.c (passphrase_to_dek): Initialize all fields of
+ HELP_S2K.
+
+ wks: New option --status-fd for gpg-wks-client.
+ + commit 4a04277ad112e0966296133795f93cf6a3daa48e
+ * tools/wks-util.c: Include status.h.
+ (statusfp): New global var.
+ (wks_set_status_fd): New func.
+ (wks_write_status): New func.
+ * tools/gpg-wks-client.c: Include status.h.
+ (oStatusFD): New constant.
+ (opts): New option --status-fd.
+ (parse_arguments): Handle that option.
+ (main): Return STATUS_SUCCESS or STATUS_FAILURE.
+
+2016-12-08 Justus Winter <justus@g10code.com>
+
+ gpgscm: Better error reporting.
+ + commit e7429b1ced0c69fa7901f888f8dc25f00fc346a4
+ * tests/gpgscm/ffi.scm: Move the customized exception handling and
+ atexit logic...
+ * tests/gpgscm/init.scm: ... here.
+ (throw): Record the current history.
+ (throw'): New function that is history-aware.
+ (rethrow): New function.
+ (*error-hook*): Use the new throw'.
+ * tests/gpgscm/main.c (load): Fix error handling.
+ (main): Save and use the 'sc->retcode' as exit code.
+ * tests/gpgscm/repl.scm (repl): Print call history.
+ * tests/gpgscm/scheme.c (_Error_1): Make a snapshot of the history,
+ use it to provide a accurate location of the expression causing the
+ error at runtime, and hand the history trace to the '*error-hook*'.
+ (opexe_5): Tag all lists at parse time with the current location.
+ * tests/gpgscm/tests.scm: Update calls to 'throw', use 'rethrow'.
+
+ gpgscm: Keep a history of calls for error messages.
+ + commit 404e8a4136bbbab39df7dd5119841e131998cc15
+ * tests/gpgscm/init.scm (vm-history-print): New function.
+ * tests/gpgscm/opdefines.h: New opcodes 'CALLSTACK_POP', 'APPLY_CODE',
+ and 'VM_HISTORY'.
+ * tests/gpgscm/scheme-private.h (struct history): New definition.
+ (struct scheme): New field 'history'.
+ * tests/gpgscm/scheme.c (gc): Mark objects in the history.
+ (history_free): New function.
+ (history_init): Likewise.
+ (history_mark): Likewise.
+ (add_mod): New macro.
+ (sub_mod): Likewise.
+ (tailstack_clear): New function.
+ (callstack_pop): Likewise.
+ (callstack_push): Likewise.
+ (tailstack_push): Likewise.
+ (tailstack_flatten): Likewise.
+ (callstack_flatten): Likewise.
+ (history_flatten): Likewise.
+ (opexe_0): New variable 'callsite', keep track of the expression if it
+ is a call, implement the new opcodes, record function applications in
+ the history.
+ (opexe_6): Implement new opcode.
+ (scheme_init_custom_alloc): Initialize history.
+ (scheme_deinit): Free history.
+ * tests/gpgscm/scheme.h (USE_HISTORY): New macro.
+
+ gpgscm: Add flag TAIL_CONTEXT.
+ + commit 01256694f006405c54bc2adef63ef0c8f07da9ee
+ * tests/gpgscm/scheme.c (S_FLAG_TAIL_CONTEXT): New macro. This flag
+ indicates that the interpreter is evaluating an expression in a tail
+ context (see R5RS, section 3.5).
+ (opexe_0): Clear and set the flag according to the rules layed out in
+ R5RS, section 3.5.
+ (opexe_1): Likewise.
+
+ gpgscm: Add flags to the interpreter.
+ + commit a4a69163d9d7e4d9f3339eb5cda0afb947180b26
+ * tests/gpgscm/scheme-private.h (struct scheme): Add field 'flags'.
+ * tests/gpgscm/scheme.c (S_OP_MASK): New macro.
+ (S_FLAG_MASK, s_set_flag, s_clear_flag, s_get_flag): Likewise.
+ (_s_return): Unpack the encoded opcode and flags.
+ (s_save): Encode the flags along with the opcode. Use normal
+ integers to encode the result.
+ (scheme_init_custom_alloc): Initialize 'op' and 'flags'.
+
+ gpgscm: Implement tags.
+ + commit fcf5aea44627def43425d03881e20902e7c0331e
+ * tests/gpgscm/opdefines.h: Add opcodes to create and retrieve tags.
+ * tests/gpgscm/scheme.c (T_TAGGED): New macro.
+ (mk_tagged_value): New function.
+ (has_tag): Likewise.
+ (get_tag): Likewise.
+ (mark): Mark tag.
+ (opexe_4): Implement new opcodes.
+ * tests/gpgscm/scheme.h (USE_TAGS): New macro.
+
+2016-12-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix the fix out-of-bounds access.
+ + commit a75790b74095828f967c012eff7033f570d93077
+ * g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
+
+ wks: New option --check for gpg-wks-client.
+ + commit d8c5e8ccfdb53cc327f7520fc7badc31d0c9c666
+ * tools/call-dirmngr.c (wkd_get_key): New.
+ * tools/gpg-wks-client.c (aCheck): New constant.
+ (opts): New option "--check".
+ (main): Call command_check.
+ (command_check): New.
+
+ tools: Move a function from gpg-wks-server to wks-util.c.
+ + commit c3138decd77d788906885b638b344d0d1faf32c0
+ * tools/gpg-wks-server.c (list_key_status_cb): Remove.
+ (list_key): Move to ...
+ * tools/wks-util.c (wks_list_key): here and rename. Add new args
+ R_FPR and R_MBOXES and remove the CTX.
+ (list_key_status_cb): New.
+ * tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h.
+ * tools/gpg-wks-server.c (process_new_key): Replace list_key by
+ wks_list_key.
+ (check_and_publish): Ditto.
+
+2016-12-08 Justus Winter <justus@g10code.com>
+
+ gpgscm: Generalize 'for-each-p'.
+ + commit a2bedc8ac6fcdcd1de0a9fa3d540006481387dff
+ * tests/gpgscm/tests.scm (for-each-p): Generalize to N lists like
+ for-each.
+ (for-each-p'): Likewise.
+
+ g10: Fix out-of-bounds access.
+ + commit 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a
+ * g10/tofu.c (build_conflict_set): Use 'char'.
+
+2016-12-08 Werner Koch <wk@gnupg.org>
+
+ tools: Fix use of uninitialized var in mime-maker.
+ + commit dd03667ab1062bba3b9413c3f8007d63302d1b31
+ * tools/mime-maker.c (ensure_part): Make sure to set R_PARENT on
+ error.
+ (add_missing_headers): Ensure that ERR is set on success.
+
+ * tools/wks-util.c (wks_parse_policy): Fix indentation.
+
+ tools: Fix memleak in gpgconf.
+ + commit b265969154741bf9f93167699fe7ddda1d485265
+ * tools/gpgconf.c (main): Free SOCKETDIR.
+
+ gpg: Fix portability problem.
+ + commit c3008bffac68b6f31e9ae9bad837cdce5de7c0db
+ * g10/tofu.c (build_conflict_set): Replace variable dynamic array.
+
+2016-12-07 Justus Winter <justus@g10code.com>
+
+ tests: Add test for '--quick-set-expire'.
+ + commit dec2ae31a46a0f41886c7ad228865cc573f2dea9
+ * tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-expire'.
+
+ tests: Improve quick key manipulation test.
+ + commit 92df40a3a2ae471fbba00d6d7040230404931fd4
+ * tests/openpgp/quick-key-manipulation.scm: Do not update the trust
+ database, rather be more specific when filtering the user ids.
+
+2016-12-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: Respect --enable-large-secmem.
+ + commit 8636ad5023a1bdc527add40a5508f8c5b7c35221
+ * agent/gpg-agent.c (main): Initialize secmem to the configured buffer
+ size.
+
+2016-12-06 Justus Winter <justus@g10code.com>
+
+ tests: Add test importing a revocation certificate.
+ + commit e352ead43fbb0180e1f1c71bf1a000d1954eb777
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/import-revocation-certificate.scm: New file.
+ * tests/openpgp/samplemsgs/revoke-2D727CC768697734.asc: Likewise.
+
+ tests: Rename 'error' to 'fail'.
+ + commit 5b5d881f47c82f320abf440c20b7a1bac078a987
+ * tests/gpgscm/tests.scm (error): Rename to 'fail'. 'error' is a
+ primitive function (an opcode) of the TinySCHEME vm, and 'error' is
+ also defined by R6RS. Better avoid redefining that. Fix all call
+ sites.
+ * tests/openpgp/4gb-packet.scm: Adapt.
+ * tests/openpgp/decrypt-multifile.scm: Likewise.
+ * tests/openpgp/ecc.scm: Likewise.
+ * tests/openpgp/export.scm: Likewise.
+ * tests/openpgp/gpgtar.scm: Likewise.
+ * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
+ * tests/openpgp/import.scm: Likewise.
+ * tests/openpgp/issue2015.scm: Likewise.
+ * tests/openpgp/issue2346.scm: Likewise.
+ * tests/openpgp/issue2419.scm: Likewise.
+ * tests/openpgp/key-selection.scm: Likewise.
+ * tests/openpgp/mds.scm: Likewise.
+ * tests/openpgp/multisig.scm: Likewise.
+ * tests/openpgp/setup.scm: Likewise.
+ * tests/openpgp/signencrypt.scm: Likewise.
+ * tests/openpgp/ssh-import.scm: Likewise.
+ * tests/openpgp/tofu.scm: Likewise.
+ * tests/openpgp/verify.scm: Likewise.
+
+ tests: Remove debugging display.
+ + commit 89ac071eb4c7539e98c7dc17e11f57c620b54e90
+ * tests/openpgp/tofu.scm: Remove debugging display.
+
+2016-12-06 Neal H. Walfield <neal@g10code.com>
+
+ tests: Update distributed files.
+ + commit 87972fdef2cd853fb97624d0765686674a19e3c4
+ * tests/openpgp/Makefile.am (TEST_FILES): Remove tofu-keys.asc,
+ tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and
+ tofu-EE37CF96-1.txt. Add tofu/conflicting/1C005AF3.gpg,
+ tofu/conflicting/1C005AF3-secret.gpg, tofu/conflicting/1C005AF3-1.txt,
+ tofu/conflicting/1C005AF3-2.txt, tofu/conflicting/1C005AF3-3.txt,
+ tofu/conflicting/1C005AF3-4.txt, tofu/conflicting/1C005AF3-5.txt,
+ tofu/conflicting/B662E42F.gpg, tofu/conflicting/B662E42F-secret.gpg,
+ tofu/conflicting/B662E42F-1.txt, tofu/conflicting/B662E42F-2.txt,
+ tofu/conflicting/B662E42F-3.txt, tofu/conflicting/B662E42F-4.txt,
+ tofu/conflicting/B662E42F-5.txt, tofu/conflicting/BE04EB2B.gpg,
+ tofu/conflicting/BE04EB2B-secret.gpg, tofu/conflicting/BE04EB2B-1.txt,
+ tofu/conflicting/BE04EB2B-2.txt, tofu/conflicting/BE04EB2B-3.txt,
+ tofu/conflicting/BE04EB2B-4.txt, tofu/conflicting/BE04EB2B-5.txt and
+ tofu/conflicting/README.
+
+ doc: Improve the text in the gpg manual.
+ + commit 7572d270fcda1614648c6f08d711d5096ffebbe6
+ * doc/gpg.texi: Improve the text.
+
+ g10: Avoid a memory leak.
+ + commit 6102099985c1b82b6c0bba0464c1f913cc673e96
+ * g10/gpg.c (main): Free KB when we're done with it.
+
+ tests: Change (interactive-shell) to start an interactive shell.
+ + commit db6d8cfdc118131f497596ef1ffc121949377754
+ * tests/gpgscm/tests.scm (interactive-shell): Start an interactive
+ shell.
+
+ tests: Check the signature count in the TOFU TFS record.
+ + commit 17c717d7c92d9a52101fea7e396fc133322a8786
+ * tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
+ record.
+
+ tests: Replace data used by the TOFU conflict test.
+ + commit d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a
+ * tests/openpgp/tofu-2183839A-1.txt: Remove file.
+ * tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
+ * tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
+ * tests/openpgp/tofu-keys-secret.asc: Remove file.
+ * tests/openpgp/tofu-keys.asc: Remove file.
+ * tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
+ * tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
+ * tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
+ * tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
+ * tests/openpgp/tofu/conflicting/README: New file.
+ * tests/openpgp/tofu.scm: Update accordingly.
+
+ g10: Remove dead code.
+ + commit bd9ebe1404c1395edd0e029023a9e780c90f6d73
+ * g10/tofu.c (tofu_set_policy_by_keyid): Remove function.
+
+2016-12-05 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --quick-set-expire.
+ + commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d
+ * g10/gpg.c (aQuickSetExpire): New.
+ (opts): New option --quick-set-expire.
+ (main): Implement option.
+ * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
+ NEWEXPIRATION. Change semantics of the return value. Change caller.
+ (keyedit_quick_set_expire): New.
+
+2016-12-05 Justus Winter <justus@g10code.com>
+
+ tests: New test for '--enarmor' and '--dearmor'.
+ + commit fae4d06b0ccaa9803e0c0da56c327b0bcfffcac5
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/enarmor.scm: New file.
+
+2016-12-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix error code arg in ERRSIG status line.
+ + commit ef10c348bffc7dad19e1832bebc453755d209420
+ * g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
+ error code in ERRSIG.
+
+2016-12-02 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --default-new-key-algo.
+ + commit ce29272e24e7b718b8fca9b84bc728e65f3dea24
+ * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
+ R_ALGO and change all callers.
+ * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
+ * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
+ * g10/gpg.c (oDefaultNewKeyAlgo): New enum.
+ (opts): New option "--default-new-key-algo".
+ (main): Set the option.
+ * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
+ them by ...
+ (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
+ (get_keysize_range): Remove arg R_DEF and return that value instead.
+ Change all callers.
+ (gen_rsa): Use get_keysize_range instead of the removed
+ DEFAULT_STD_KEYSIZE.
+ (parse_key_parameter_part): New function.
+ (parse_key_parameter_string): New function.
+ (quick_generate_keypair): Refactor using parse_key_parameter_string.
+ (generate_keypair): Ditto.
+ (parse_algo_usage_expire): Ditto.
+
+2016-12-02 Neal H. Walfield <neal@g10code.com>
+
+ g10: Improve debugging output.
+ + commit cd532bb7b866e104304e2443cc942799c385daa5
+ * g10/tofu.c (string_to_long): Improve debugging output.
+ (string_to_ulong): Likewise.
+
+2016-12-01 Neal H. Walfield <neal@g10code.com>
+
+ g10: In the TOFU module, make strings easier to translate.
+ + commit bd1a1d8582abcfd7f29812942fa70f88d0aec7cf
+ * g10/tofu.c: Remove dead code.
+ (time_ago_str): Simplify implementation since we only want the most
+ significant unit.
+ (format_conflict_msg_part1): Use ngettext.
+ (ask_about_binding): Likewise and only emit full sentences.
+ (show_statistics): Likewise.
+
+2016-12-01 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add option --standard-resolver.
+ + commit 304566d3327ef0a85188cce3109d46d5ff47177a
+ * dirmngr/dirmngr.c (oStandardResolver): New constant.
+ (opts): New option --standard-resolver.
+ (parse_rereadable_options): Set option.
+ * dirmngr/dns-stuff.c: Refactor all code to support the new option.
+ (standard_resolver): New var.
+ (enable_standard_resolver, standard_resolver_p): New func.
+ * dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
+ conditional.
+ * dirmngr/ks-engine-hkp.c (map_host): Ditto.
+ * dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
+ * configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define
+ USE_ADNS in the adns checking code. Remove options --disable-dns-srv
+ and --disable-dns-cert. Always look for the system resolver. Print
+ warning if no system resolver was found.
+ (USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
+ (HAVE_SYSTEM_RESOLVER): New ac_define.
+ (USE_DNS_SRV): Remove am_conditional; not used anyway.
+
+ gpg: Let only Dirmngr decide whether CERT is supported.
+ + commit 86efc3ee53abaf1e22b53c1b360c51829e476115
+ * g10/getkey.c (parse_auto_key_locate): Do not build parts depending
+ on USE_DNS_CERT.
+
+2016-12-01 Justus Winter <justus@g10code.com>
+
+ tests,build: Fix distcheck.
+ + commit fbdfe6a514a95fb46f2b811a13709024e2baf252
+ * tests/openpgp/Makefile.am (sample_msgs): Add messages required for
+ the new test 'verify-multifile.scm'.
+
+ tests: Add test for '--verify --multifile'.
+ + commit 12af8e84a32df728462da09a00a8bec24a487720
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/verify-multifile.scm: New file.
+
+2016-11-30 Justus Winter <justus@g10code.com>
+
+ tests: Add test for '--encrypt --multifile'.
+ + commit 3c0569e99498c7470ebdb639b4c5ae829af92761
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/encrypt-multifile.scm: New file.
+
+2016-11-29 Werner Koch <wk@gnupg.org>
+
+ agent,dirmngr: Tiny restructuring.
+ + commit aa6ab9e0bc67fe9ce5601047e84ea4a875e8eb64
+ * agent/gpg-agent.c (handle_connections): Add a comment.
+ * dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
+ socket to ...
+ (handle_connections): here. Add a comment why we keep the
+ listening socket open during a shutdown.
+
+ agent,dirmngr: Handle corner case in shutdown mode.
+ + commit 854adc8ae19749e44cb79dfa0c5401f48012b13a
+ * agent/gpg-agent.c (handle_connections): Keep on selecting on the
+ inotify fd even when a shutdown is pending.
+ * dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
+ use of the HAVE_INOTIFY_INIT cpp conditional.
+
+ gpgsm: Allow decryption with a card returning a PKCS#1 stripped key.
+ + commit 8489b12211098ad58c008cfb74b5cb91849cf68d
+ * sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
+
+ agent,w32: Initialize nPth in server mode.
+ + commit 81d6e98cdf4caa3aa92398fc3b8bed397b40f58d
+ * agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
+ mode.
+
+ gpg: Make --decrypt with output '-&nnnn' work.
+ + commit a5910e00ace882b8a17169faf4607163ab454af9
+ * g10/plaintext.c (get_output_file): Check and open special filename
+ before falling back to stdout.
+
+ gpg,sm: Merge the two versions of check_special_filename.
+ + commit 60b4982836a00ef6b2a97d16f735b3f6b74dce62
+ * sm/gpgsm.c (check_special_filename): Move to ..
+ * common/sysutils.c (check_special_filename): here. Add arg
+ NOTRANSLATE.
+ (allow_special_filenames): New local var.
+ (enable_special_filenames): New public functions.
+ * sm/gpgsm.c (allow_special_filenames): Remove var.
+ (main): Call enable_special_filenames instead of setting the var.
+ (open_read, open_es_fread, open_es_fwrite): Call
+ check_special_filename with 0 for NOTRANSLATE.
+ * common/iobuf.c (special_names_enabled): Remove var.
+ (iobuf_enable_special_filenames): Remove func.
+ (check_special_filename): Remove func.
+ (iobuf_is_pipe_filename): Call new version of the function with
+ NOTRANSLATE set.
+ (do_open): Ditto.
+ * g10/gpg.c (main): Call enable_special_filenames instead of
+ iobuf_enable_special_filenames.
+ * g10/gpgv.c (main): Ditto.
+
+2016-11-29 Justus Winter <justus@g10code.com>
+
+ g10: Fix memory leak.
+ + commit 52385a2ba1bf7e53f500ffde5fd34f28e69cf76b
+ * g10/decrypt.c (decrypt_messages): Properly decrease the reference
+ count of the armor filters after pushing them.
+
+ tools,build: Build WKS tools against libintl.
+ + commit 9fb5e9c14557f7567cbc7c50b9881b7d7bfa2f12
+ * tools/Makefile.am (gpg_wks_server_LDADD): Link against libintl.
+ (gpg_wks_client_LDADD): Likewise.
+
+2016-11-29 Neal H. Walfield <neal@g10code.com>
+
+ Improve some comments.
+ + commit 522f74f7e377135cf098b6b0b9b35284c1dfc963
+
+
+ g10: Extend TOFU_STATS to always show the validity.
+ + commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63
+ * doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
+ a new field called VALIDITY.
+ * g10/tofu.c (write_stats_status): Update output accordingly.
+
+2016-11-29 Justus Winter <justus@g10code.com>
+
+ tests: Add test for '--decrypt --multifile'.
+ + commit bde4fddadc75ad6071e3fc6c0980905de14c03cb
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/decrypt-multifile.scm: New file.
+
+ gpgscm: Avoid truncating pointers.
+ + commit e062bc4da8062b822ee85096d9adfcbca8dcb56a
+ * tests/gpgscm/scheme.c (_alloc_cellseg): Avoid truncating pointers on
+ systems where sizeof(unsigned long) < sizeof(void *).
+
+2016-11-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: Lazily launch ldap reaper thread.
+ + commit f6728d13e8e544dbd4b9351ed981613e5504293f
+ * dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
+ Before we need it.
+ * dirmngr/ldap-wrapper.c (ldap_wrapper): Call
+ ldap_wrapper_launch_thread() just in time (before any attempt to use
+ an ldap subprocess).
+
+2016-11-29 Werner Koch <wk@gnupg.org>
+
+ build: Remove more keywords from the generated ChangeLog.
+ + commit ecc126a7cef371e3b88e65715ba37fb77e92ea0f
+ * build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword
+ removal.
+
+2016-11-28 Justus Winter <justus@g10code.com>
+
+ tests: Add test for the ssh key export.
+ + commit 47b8b9e2ce5af7fba117ae0b00e10bec414dcfb0
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ (sample_keys): Add new files.
+ * tests/openpgp/samplekeys/authenticate-only.pub.asc: New file.
+ * tests/openpgp/samplekeys/authenticate-only.sec.asc: Likewise.
+ * tests/openpgp/ssh-export.scm: Likewise.
+
+ g10: Fix iteration over getkey results.
+ + commit 4db9a425644dccaf81b51ebc97b32a9cc21941a4
+ * g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
+ our caller requested the key. Fixes a crash in 'lookup'.
+
+ tests: Rename ssh test.
+ + commit cc1d21342659a7def5d662d0547579f9e0d3b109
+ * tests/openpgp/ssh.scm: Rename to 'ssh-import.scm'.
+ * tests/openpgp/Makefile (XTESTS): Likewise.
+
+2016-11-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support OpenPGP card V3 for RSA.
+ + commit b89e63e5c326af71470124b410e6429cbd2b5c43
+ * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
+ max_rsp_data fields as Extended Capabilities bits are different.
+ (get_cached_data) Use extcap.max_certlen_3.
+ (get_one_do): Don't use exmode=1.
+ (determine_rsa_response): New.
+ (get_public_key, do_genkey): Call determine_rsa_response.
+ (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
+ (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
+ (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
+ (show_caps): Remove max_cmd_data and max_rsp_data.
+ (app_select_openpgp): Likewise.
+
+2016-11-23 Justus Winter <justus@g10code.com>
+
+ gpgscm: Make 'reverse' compatible with 'reverse_in_place'.
+ + commit 005d326d19ba28005182205f25edc4f7499ec0b5
+ * tests/gpgscm/scheme.c (reverse): Update prototype, add terminator
+ argument.
+ (opexe_4): Update callsite.
+
+ gpgscm: Clean sweeped cells.
+ + commit 3fb9954c43425775a517060959dad01fa00238f7
+ * tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells.
+
+ gpgscm: Fix initialization of 'sink'.
+ + commit 7856e3efaad7614979bc0b91379a0a4dcbc739d5
+ * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize
+ cdr.
+
+2016-11-23 Neal H. Walfield <neal@g10code.com>
+
+ g10: Avoid gratuitously loading a keyblock when it is already available.
+ + commit 03a65a53231cc3132a50a1871e81a512c44da169
+ * g10/trust.c (get_validity): Add new, optional parameter KB. Only
+ load the keyblock if KB is NULL. Update callers.
+ (get_validity): Likewise.
+ * g10/trustdb.c (tdb_get_validity_core): Likewise.
+
+2016-11-22 Neal H. Walfield <neal@g10code.com>
+
+ g10: Use es_fopen instead of open.
+ + commit bfeafe2d3f9bbaa7f11f3ad870a446141c038b0d
+ * g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
+ (busy_handler): Replace use of open with es_fopen.
+
+ g10: If the set of UTKs changes, invalidate any changed policies.
+ + commit 44c17bcb003a3330f595a6ab144e8439b7b630cb
+ * g10/trustdb.c (tdb_utks): New function.
+ * g10/tofu.c (check_utks): New function.
+ (initdb): Call it.
+ * tests/openpgp/tofu.scm: Modify test to check the effective policy of
+ keys whose effective policy changes when we change the set of UTKs.
+
+2016-11-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix receive buffer size.
+ + commit 5c2db9dedfe9dbb14ffec24751ca23a69cead94e
+ * scd/apdu.c (send_le): Fix the size, adding two for status
+ bytes to Le.
+
+2016-11-22 Justus Winter <justus@g10code.com>
+
+ gpgscm: Refactor.
+ + commit a3b258d1d15953816e0567511ecc527a4ccdd626
+ * tests/gpgscm/scheme.c (opexe_0): Reduce code duplication.
+
+ gpgscm: Fix property lists.
+ + commit d8df80427238cdbb9ae0f6dae8bc7e9c24f6e265
+ * tests/gpgscm/opdefines.h (put, get): Check arguments. Also rename
+ to 'set-symbol-property' and 'symbol-property', the names used by
+ Guile, because put and get are too unspecific.
+ * tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
+ (get_property): New function.
+ (set_property): Likewise.
+ (opexe_4): Use the new functions.
+
+ gpgscm: Fix installation of error handler.
+ + commit 7b4e2ea274ace22245264f1759279390d0300a62
+ * tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the
+ interpreter will use our function.
+
+ gpgscm: Use a static pool of cells for small integers.
+ + commit 66834eb838a8892d088f6b7332084a64d9f15008
+ * tests/gpgscm/scheme-private.h (struct scheme): New fields for the
+ static integer cells.
+ * tests/gpgscm/scheme.c (_alloc_cellseg): New function.
+ (alloc_cellseg): Use the new function.
+ (MAX_SMALL_INTEGER): New macro.
+ (initialize_small_integers): New function.
+ (mk_small_integer): Likewise.
+ (mk_integer): Return a small integer if possible.
+ (_s_return): Do not free 'op' if it is a small integer.
+ (s_save): Use a small integer to box the opcode.
+ (scheme_init_custom_alloc): Initialize small integers.
+ (scheme_deinit): Free chunk of small integers.
+ * tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.
+
+ tests: Delay querying the avaliable algorithms.
+ + commit 893a3f7fb46021961914a8acdf1292a80e3eba93
+ * tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos'
+ into promises.
+ * tests/openpgp/conventional-mdc.scm: Force the promises.
+ * tests/openpgp/conventional.scm: Likewise.
+ * tests/openpgp/encrypt-dsa.scm: Likewise.
+ * tests/openpgp/encrypt.scm: Likewise.
+ * tests/openpgp/gpgtar.scm: Likewise.
+ * tests/openpgp/sigs.scm: Likewise.
+
+ g10: Fix memory leak.
+ + commit 6ce14a805f1da687dfb8535db57730d5c7403db7
+ * g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
+ to 'hexfingerprint'.
+
+2016-11-21 Neal H. Walfield <neal@g10code.com>
+
+ g10: Cache the effective policy. Recompute it when required.
+ + commit 037f9de09298a31026ea2ab5fbd4a599b11cc34f
+ * g10/tofu.c (initdb): Add column effective_policy to the bindings
+ table.
+ (record_binding): New parameters effective_policy and set_conflict.
+ Save the effective policy. If SET_CONFLICT is set, then set conflict
+ according to CONFLICT. Otherwise, preserve the current value of
+ conflict. Update callers.
+ (get_trust): Don't compute the effective policy here...
+ (get_policy): ... do it here, if it was not cached. Take new
+ parameters, PK, the public key, and NOW, the time that the operation
+ started. Update callers.
+ (show_statistics): New parameter PK. Pass it to get_policy. Update
+ callers.
+ (tofu_notice_key_changed): New function.
+ * g10/gpgv.c (tofu_notice_key_changed): New stub.
+ * g10/import.c (import_revoke_cert): Take additional argument CTRL.
+ Pass it to keydb_update_keyblock.
+ * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
+ Update callers.
+ [USE_TOFU]: Call tofu_notice_key_changed.
+ * g10/test-stubs.c (tofu_notice_key_changed): New stub.
+ * tests/openpgp/tofu.scm: Assume that manually setting a binding's
+ policy to auto does not cause the tofu engine to forget about any
+ conflict.
+
+ g10: Correctly parameterize ngettext.
+ + commit 182efc5b5d20ac0d43501a22f349a23dc06a27a4
+ * g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.
+
+ g10: Don't use the same variable for multiple SQL compiled statements.
+ + commit 7142b293c870d73ce0146bfb90e6a556e0079650
+ * g10/tofu.c (struct tofu_dbs_s): Remove unused field
+ record_binding_update2. Replace register_insert with
+ register_signature and register_encryption.
+ (tofu_register_signature): Don't use dbs->s.register_insert, but
+ dbs->s.register_signature.
+ (tofu_register_encryption): Don't use dbs->s.register_insert, but
+ dbs->s.register_encryption.
+
+ g10: Add a convenience function for checking if a key is a primary key.
+ + commit 91a0483c5db8ee4510981448a705981ee1cce199
+ * g10/keydb.h (pk_is_primary): New function.
+ * g10/tofu.c (get_trust): Use it.
+ (tofu_register_signature): Likewise.
+ (tofu_register_encryption): Likewise.
+ (tofu_set_policy): Likewise.
+ (tofu_get_policy): Likewise.
+
+2016-11-21 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: Ship example gpg-agent-browser.socket in examples/systemd-user/.
+ + commit 0540cfbee455b197edd89b602a4b47ebf0be8588
+ * doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
+ systemd user service example files.
+
+2016-11-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix npth + daemon mode problem.
+ + commit 9a707a223a3d45ccf245dee7989ca144e4e6bb49
+ * agent/gpg-agent.c (main): Remove duplicated initialization in daemon
+ mode.
+
+2016-11-18 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.16.
+ + commit 0a641ad25d8c3b91dc32bb9f3f1ae49ae539a4f7
+
+
+2016-11-18 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 11aaa9c6d4ed3e47de45b4aee925ab1065120988
+
+
+2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix flags to open for lock of ToFU.
+ + commit 1c0b140cccfb884c6d07785c3284b9df06dccd3c
+ * g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
+
+2016-11-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use a longer timer tick interval.
+ + commit 833eef974ad4721b9b3e247bae9c890476a936ce
+ * dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
+ we did for WindowsCE.
+
+2016-11-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: More w32 system daemon cleanup.
+ + commit b3a917201207898059c048dd101344765201b03c
+ * dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
+ shutdown_pending; no longer needed.
+
+2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix creating a lock for ToFU.
+ + commit b2e1b17efa952afcf7aeec8b15e9d0088dba587a
+ * g10/tofu.c (busy_handler): Add third argument which is mandatory for
+ O_CREATE flag.
+
+ scd: Don't limit to ST-2xxx for PC/SC.
+ + commit b6066ab18a67195817babaf9eccf896c2b3c7b0e
+ * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
+
+2016-11-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: Use a default keyserver if none is explicitly set.
+ + commit 8fb482252436b3b4b0b33663d95d1d17188ad1d9
+ * configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
+ * dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
+ * doc/dirmngr.texi: Document this behavior.
+
+ dirmngr: Add system CAs if no hkp-cacert is given.
+ + commit 7c1613d41566f7d8db116790087de323621205fe
+ * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
+ the HKPS pool, and they have not specified any hkp-cacert, then we
+ should default to the system CAs, rather than nothing.
+ * doc/dirmngr.texi: Document choice of CAs.
+
+ dirmngr: Register hkp-cacert even if the file doesn't exist yet.
+ + commit c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c
+ * dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
+ an argument for hkp-cacert into an absolute filename, terminate
+ completely.
+ * dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
+ immediately accessible, but register it anyway.
+
+2016-11-17 Justus Winter <justus@g10code.com>
+
+ gpgscm: Re-enable the garbage collector in case of errors.
+ + commit 4f189325a409bb08f7a8eabfac3f4579288cf5c5
+ * tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.
+
+ gpgscm: Fix string.
+ + commit fc53a4d06eaf891143ab4efec9caffe31ebc2bc0
+ * tests/gpgscm/scheme.c (type_to_string): Fix string.
+
+2016-11-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Auto-sownload the swdb.lst.
+ + commit bd91f92ace09263e3a91177f2a1644379baeb08a
+ * dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
+ * dirmngr/dirmngr.c (oAllowVersionCheck): New.
+ (opts): Add --allow-version-check.
+ (network_activity_seen): New variable.
+ (parse_rereadable_options): Set opt.allow_version_check.
+ (main) <aGPGConfList>: Do not anymore set the no change flag for
+ Windows. Add allow-version-check.
+ (netactivity_action): Set network_activity_seen.
+ (housekeeping_thread): Call dirmngr_load_swdb.
+ * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
+ Make "use-tor" available at Basic level.
+
+ dirmngr: Improve downloading of swdb.lst.
+ + commit c45ca316a54665915ae08399484db271566db7c0
+ * dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
+ timestamp.
+ (dirmngr_load_swdb): Avoid unnecessary disk or network access witout
+ FORCE. Do not update swdb.lst if it did not change.
+
+ gpgconf: Change the displayed names of the components.
+ + commit d8da5bc50b856db3445435780311c9f8e52a5144
+
+
+2016-11-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add command to only load the swdb.
+ + commit 52c10a280af6ce06eb1732ff35b095f2b8d24b9f
+ * dirmngr/loadswdb.c: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
+ * dirmngr/server.c: Remove includes cpparray.h and exectool.h.
+ (cmd_loadswdb): New.
+ (parse_version_number,parse_version_string): Remove.
+ (my_mktmpdir, cmp_version): Remove.
+ (fetch_into_tmpdir): Remove.
+ (struct verify_swdb_parm_s): Remove.
+ (verify_swdb_status_cb): Remove.
+ (cmd_versioncheck): Remove.
+ (register_commands): Register LOADSWDB. Remove VERSIONCHECK.
+
+ scd,dirmngr: Keep the standard fds when daemonizing.
+ + commit 4839e6d002a8ad1f7d3260792c3c9641e258f342
+ * dirmngr/dirmngr.c (main): Before calling setsid do not close the
+ standard fds but connect them to /dev/null.
+ * scd/scdaemon.c (main): Ditto. Noet that the old test for a log
+ stream was even reverted.
+
+ common: Rename keybox_file_rename to gnupg_rename_file.
+ + commit c4506a3f15bba5d257cb4c6738800c5e00ecc9a2
+ * kbx/keybox-util.c (keybox_file_rename): Rename to ...
+ * common/sysutils.c (gnupg_rename_file): this. Change all callers.
+
+ wks: Always build gpg-wks-client.
+ + commit c564790df723beef031d83802bd7830737bd330a
+ * tools/Makefile.am (gpg_wks_client): Remove macro.
+ (libexec_PROGRAMS): Add gpg-wks-client.
+
+ gpg: New option --override-session-key-fd.
+ + commit 43bfaf2c5417ede621c0a07721952ea549a7a139
+ * g10/gpg.c (oOverrideSessionKeyFD): New.
+ (opts): Add option --override-session-key-fd.
+ (main): Handle that option.
+ (read_sessionkey_from_fd): New.
+
+2016-11-15 Werner Koch <wk@gnupg.org>
+
+ gpgv: New option --enable-special-filenames.
+ + commit 500e594c2da530e69a63fc1a40d173458682fa0e
+ * g10/gpgv.c (oEnableSpecialFilenames): New.
+ (opts): Add option --enable-special-filenames.
+ (main): Implement that option.
+
+ gpg: Add new compliance mode "de-vs".
+ + commit b47603a0ac24902c5bb000f8ef27cfb99aceeb81
+ * g10/options.h (CO_DE_VS): New.
+ (GNUPG): Also allow CO_DE_VS.
+ * g10/gpg.c (oDE_VS): New.
+ (parse_compliance_option): Add "de-vs".
+ (set_compliance_option): Set "de-vs".
+ * g10/misc.c (compliance_option_string): Return a description string.
+ (compliance_failure): Ditto.
+ * g10/keygen.c (ask_algo): Take care of CO_DE_VS.
+ (get_keysize_range): Ditto.
+ (ask_curve): Add new field to CURVES and trun flags into bit flags.
+ Allow only Brainpool curves in CO_DE_VS mode.
+
+ gpg: Use usual free semantics for packet structure free functions.
+ + commit 8ea3b4c4102dc67ed83d4419b7171e422fc01047
+ * g10/free-packet.c (free_attributes): Turn function into a nop for a
+ NULL arg.
+ (free_user_id): Ditto.
+ (free_compressed): Ditto.
+ (free_encrypted): Ditto.
+ (free_plaintext): Ditto.
+ (release_public_key_parts): Avoid extra check for NULL.
+ * g10/getkey.c (get_best_pubkey_byname): Ditto.
+
+2016-11-15 Justus Winter <justus@g10code.com>
+
+ g10: Optimize key iteration.
+ + commit 12834e84aca9d74800245f0f2f2e6b5123e76173
+ * g10/getkey.c (get_best_pubkey_byname): Use the node returned by
+ 'getkey_next' instead of doing another lookup.
+
+ g10: Fix memory leak.
+ + commit d20107f6da094edd782947abb357abae5129a12c
+ * g10/getkey.c (finish_lookup): Clarify that we do not return a
+ reference.
+ (lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
+ Check arguments. Actually release the node if it is not returned.
+
+ g10: Fix iteration over getkey results.
+ + commit 1d03cc77e1706f7da653153ad4b58c61e4fd2573
+ * g10/getkey.c (getkey_next): Fix invocation of 'lookup'. If we want
+ to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.
+
+ g10: Fix use-after-free.
+ + commit bd60742925414e0ef2a497df827c1913ea211a44
+ * g10/getkey.c (pubkey_cmp): Make a copy of the user id.
+ (get_best_pubkey_byname): Free the user ids.
+
+2016-11-15 Werner Koch <wk@gnupg.org>
+
+ sm: New stub option --compliance.
+ + commit 26c7c1d72c5f2acb3edb58d610c09a635c87bdbf
+ * sm/gpgsm.c (oCompliance): New.
+ (opts): Add "--compliance".
+ (main): Implement as stub.
+
+2016-11-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak.
+ + commit 1f7639ebbe58af1b581b0be7809da9ee55482992
+ * g10/keyedit.c (menu_adduid): Don't copy 'sig'.
+
+2016-11-15 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --compliance.
+ + commit f86b1a15ad4bb7bcc1e9f7d209aabcb23641f7df
+ * g10/gpg.c (oCompliance): New.
+ (opts): Add "--compliance".
+ (parse_tofu_policy): Use a generic description string for "help".
+ (parse_compliance_option): New.
+ (main): Add option oCompliance. Factor out code for compliance
+ setting to ...
+ (set_compliance_option): new.
+
+2016-11-15 Justus Winter <justus@g10code.com>
+
+ g10: Fix memory leak.
+ + commit 809d67e74014cb563efd965744fd11f87bbae743
+ * g10/keyedit.c (menu_adduid): Deallocate 'sig'.
+
+ gpgscm: Mark cells requiring finalization.
+ + commit 64a58e23c38db8658423bbe26fcd650330e24a88
+ * tests/gpgscm/scheme.c (T_FINALIZE): New macro.
+ (mk_port): Use the new macro.
+ (mk_foreign_object): Likewise.
+ (mk_counted_string): Likewise.
+ (mk_empty_string): Likewise.
+ (gc): Only call 'finalize_cell' for cells with the new flag.
+
+ gpgscm: Recover more cells.
+ + commit 93cc322ac06d3045a24aece90091f7f80f3dacb8
+ * tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
+ opcode.
+
+2016-11-14 Justus Winter <justus@g10code.com>
+
+ g10: Fix memory leak.
+ + commit 2cd281c4def1ea881b92b9aba18c1892f89c1870
+ * g10/mainproc.c (check_sig_and_print): Free 'pk'.
+
+ gpgscm: Avoid cell allocation overhead.
+ + commit 83c184a66b73f312425b01008f0495610e5329a4
+ * tests/gpgscm/scheme-private.h (struct scheme): New fields
+ 'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
+ * tests/gpgscm/scheme.c (GC_ENABLED): New macro.
+ (USE_GC_LOCKING): Likewise.
+ (gc_reservations): Likewise.
+ (gc_reservation_failure): New function.
+ (_gc_disable): Likewise.
+ (gc_disable): New macro.
+ (gc_enable): Likewise.
+ (gc_enabled): Likewise.
+ (gc_consume): Likewise.
+ (get_cell_x): Consume reserved cell if garbage collection is disabled.
+ (_get_cell): Assert that gc is enabled.
+ (get_cell): Only record cell in the list of recently allocated cells
+ if gc is enabled.
+ (get_vector_object): Likewise.
+ (gc): Assert that gc is enabled.
+ (s_return): Add comment, adjust call to '_s_return'.
+ (s_return_enable_gc): New macro.
+ (_s_return): Add flag 'enable_gc' and re-enable gc if set.
+ (oblist_add_by_name): Use the new facilities to protect the
+ allocations.
+ (new_frame_in_env): Likewise.
+ (new_slot_spec_in_env): Likewise.
+ (s_save): Likewise.
+ (opexe_0): Likewise.
+ (opexe_1): Likewise.
+ (opexe_2): Likewise.
+ (opexe_5): Likewise.
+ (opexe_6): Likewise.
+ (scheme_init_custom_alloc): Initialize the new fields.
+
+2016-11-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix status info encoding.
+ + commit 4ee4d0b02172cf56d9582bb99e32a65c75315b25
+ * scd/command.c (send_status_info): Do percent plus encoding correctly.
+
+2016-11-12 Werner Koch <wk@gnupg.org>
+
+ agent: Improve concurrency when Libgcrypt 1.8 is used.
+ + commit 6bf698197222bf6081c249c815aebb075e8ec820
+ * agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
+ system call clamp.
+ (agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
+ enough.
+
+2016-11-11 Werner Koch <wk@gnupg.org>
+
+ agent: Kludge to mitigate blocking calls in Libgcrypt.
+ + commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97
+ * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
+ "need_entropy".
+
+ dirmngr: Prepare to trigger jobs by network activity.
+ + commit 7b04a43c05834b937b32a596f1941e9728add5fa
+ * dirmngr/http.c (netactivity_cb): New.
+ (http_register_netactivity_cb): New.
+ (notify_netactivity): New.
+ (connect_server): Call that function.
+ * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
+ (netactivity_action): New stub handler.
+
+2016-11-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: Clean up comments.
+ + commit e51912f467fda963c7abcfcd4082d6eb084ba5be
+ * agent/agent.h: Clean up comments.
+
+2016-11-10 Werner Koch <wk@gnupg.org>
+
+ gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
+ + commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1
+ * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
+ file-global. Write a STATUS_ERROR.
+ (maybe_create_keyring_or_box): Check for non-accessible but existant
+ file.
+ (keydb_search): Write a STATUS_ERROR if no keyring has been registered
+ but continue to return NOT_FOUND.
+ * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
+ and make file-global. Write a STATUS_ERROR.
+ (keydb_search): Write a STATUS_ERROR if no keyring has been registered
+ but continue to return NOT_FOUND. Also add new arg CTRL and change
+ all callers to pass it down.
+
+ sm: Remove unused arg SECRET from keydb functions.
+ + commit c8044c6e335f044d7386b9e8869bc4a0d3adff70
+ * sm/keydb.c (struct resource_item): Remove field 'secret'.
+ (keydb_add_resource): Remove arg 'secret' and change all callers.
+ (keydb_new): Ditto.
+
+2016-11-10 Justus Winter <justus@g10code.com>
+
+ gpgscm: Recover cells from the list of recently allocated cells.
+ + commit ee08677d63a900cea85228024861a4f5c5a87c69
+ * tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells.
+
+ gpgscm: Recover cells used to maintain interpreter state.
+ + commit e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5
+ * tests/gpgscm/scheme.c (free_cell): New function.
+ (free_cons): Likewise.
+ (_s_return): Use the new function to recover cells used to save the
+ state of the interpreter in 's_save'. This reduces the need to do a
+ garbage collection considerably.
+
+ gpgscm: Reduce opcode dispatch overhead.
+ + commit d3a98ff5bc972a4c9b01b9e5338a4a59b5b4ac48
+ * tests/gpgscm/scheme.c (s_thread_to): New macro.
+ (CASE): Likewise.
+ (opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace
+ 's_goto' with 's_thread_to' where applicable.
+
+ gpgscm: Make the compile-hook configurable.
+ + commit 568cfcde45a0d6c456d8f8be1ea0e408416badad
+ * tests/gpgscm/scheme-private.h (struct scheme): Make field
+ 'COMPILE_HOOK' optional.
+ * tests/gpgscm/scheme.c (opexe_0): Fix guard.
+ (scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'.
+ * tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default.
+
+ gpgscm: Drop obsolete commented-out code.
+ + commit 9ee184bc0afaea06785d836ed175b851b9ae532f
+ * tests/gpgscm/scheme.c (opexe_5): Drop obsolete code.
+
+ gpgscm: Remove dubious stack implementation.
+ + commit d7c5799c282a03dcce0e3d327075233353cb76cc
+ * tests/gpgscm/scheme-private.h (struct scheme): Remove related fields.
+ * tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code.
+ * tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro.
+
+2016-11-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve error message for --quick-gen-key.
+ + commit 088d955bd8a6ec8bbf76c8a4c01eb08499d1d9fa
+ * g10/keygen.c (parse_algo_usage_expire): Use a different error
+ message for an unknown algorithm name.
+
+ dirmngr: Improve concurrency in the non-adns case.
+ + commit c7ea98cd3d44abf00e32c081e5049ad1d0b1f12c
+ * dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
+ (resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
+ (getsrv) [!USE_ADNS]: Call res_query outside of nPth.
+
+2016-11-08 Justus Winter <justus@g10code.com>
+
+ tests: Fix environment setup.
+ + commit 1062953d5132af674aacfc6372e3e9f066c5d145
+ * tests/openpgp/defs.scm (setup-legacy-environment): Do not call
+ 'setup-environment' because that will start the agent, and hence
+ register the atexit function twice.
+
+ Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337
+
+ tests: Log and display output from tests when run in parallel.
+ + commit 2a7615c48ed79e6b28710cc293ce30c812b2e5b0
+ * tests/openpgp/run-tests.scm (test): Add field 'logfd'.
+ (test::new, test::set-*): Adapt accordingly.
+ (test::set-logfd): New function.
+ (test::open-log-file): Likewise.
+ (test::run-sync): Use the new function.
+ (test::run-async): Likewise.
+ (test::report): Replay the log.
+ (run-tests-parallel): Reverse the results to restore the original
+ order.
+
+ tests: Simplify test.
+ + commit 4dd4801bfa4c3f7ba279b3d171a8ed299dbffaaa
+ * tests/openpgp/issue2417.scm: Simplify.
+
+ gpgscm: Expose seek and associated constants.
+ + commit 591d61d80f4f81176f7e236df794922df9e001a1
+ * tests/gpgscm/ffi.c (do_seek): New function.
+ (ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'.
+ * tests/gpgscm/lib.scm: Document the new function.
+
+ gpgscm: Fix error message.
+ + commit d4454837cd60981c2863955b11c9e1cc8f9e3833
+ * tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
+ messages.
+
+ tests,w32: Make cleanup more robust.
+ + commit dd13b2a561e31045fd3d3576bab99543cd4eb6cc
+ * tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
+ removing the working directory. On Windows this can fail if there is
+ still a process using one of the files there.
+ (run-tests-sequential): Likewise.
+
+ common,w32: Simplify locking.
+ + commit 7cbb0803847b8db618d39ff50ae6015e409ab1ae
+ * common/asshelp.c (lock_spawning): Use the same code on Windows that
+ we use on all other platforms.
+ (unlock_spawning): Likewise.
+
+2016-11-07 Justus Winter <justus@g10code.com>
+
+ tests: Write a log file for each test.
+ + commit 26df829fa22f027ca4a5eaf155cdaa2123afbdd5
+ * tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
+ * tests/openpgp/run-tests.scm (test::run-sync): Write logs.
+
+ gpgscm: Generalize splice to write to multiple sinks.
+ + commit abe0cc7a21d2b0b5c77cc525b999d1ede2d29185
+ * tests/gpgscm/ffi.c (ordinal_suffix): New function.
+ (do_splice): Generalize splice to write to multiple sinks.
+ * tests/gpgscm/lib.scm (splice): Document this fact.
+
+ gpgscm: Drop 'len' argument from splice.
+ + commit 4d98a72b88cf167295e1ecd6125b9c7a11b6239f
+ * tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
+ * tests/gpgscm/lib.scm (splice): Document foreign function.
+
+ tests: Move environment creation and teardown into each test.
+ + commit a55393cb5f4b331cb3a715c7d9a8b91f7606f337
+ * tests/gpgscm/tests.scm (log): New function.
+ * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
+ startup and teardown scripts.
+ (run-tests-sequential): Likewise.
+ * tests/openpgp/setup.scm: Move all functions...
+ * tests/openpgp/defs.scm: ... here and make them less verbose.
+ (setup-environment): New function.
+ (setup-legacy-environment): Likewise.
+ (start-agent): Make less verbose, run 'stop-agent' at interpreter
+ exit.
+ (stop-agent): Make less verbose.
+ * tests/openpgp/finish.scm: Drop file.
+ * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
+ * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
+ 'setup-legacy-environment' as appropriate.
+ * tests/openpgp/armdetach.scm: Likewise.
+ * tests/openpgp/armdetachm.scm: Likewise.
+ * tests/openpgp/armencrypt.scm: Likewise.
+ * tests/openpgp/armencryptp.scm: Likewise.
+ * tests/openpgp/armor.scm: Likewise.
+ * tests/openpgp/armsignencrypt.scm: Likewise.
+ * tests/openpgp/armsigs.scm: Likewise.
+ * tests/openpgp/clearsig.scm: Likewise.
+ * tests/openpgp/conventional-mdc.scm: Likewise.
+ * tests/openpgp/conventional.scm: Likewise.
+ * tests/openpgp/decrypt-dsa.scm: Likewise.
+ * tests/openpgp/decrypt.scm: Likewise.
+ * tests/openpgp/default-key.scm: Likewise.
+ * tests/openpgp/detach.scm: Likewise.
+ * tests/openpgp/detachm.scm: Likewise.
+ * tests/openpgp/ecc.scm: Likewise.
+ * tests/openpgp/encrypt-dsa.scm: Likewise.
+ * tests/openpgp/encrypt.scm: Likewise.
+ * tests/openpgp/encryptp.scm: Likewise.
+ * tests/openpgp/export.scm: Likewise.
+ * tests/openpgp/finish.scm: Likewise.
+ * tests/openpgp/genkey1024.scm: Likewise.
+ * tests/openpgp/gpgtar.scm: Likewise.
+ * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
+ * tests/openpgp/import.scm: Likewise.
+ * tests/openpgp/issue2015.scm: Likewise.
+ * tests/openpgp/issue2417.scm: Likewise.
+ * tests/openpgp/issue2419.scm: Likewise.
+ * tests/openpgp/key-selection.scm: Likewise.
+ * tests/openpgp/mds.scm: Likewise.
+ * tests/openpgp/multisig.scm: Likewise.
+ * tests/openpgp/quick-key-manipulation.scm: Likewise.
+ * tests/openpgp/seat.scm: Likewise.
+ * tests/openpgp/shell.scm: Likewise.
+ * tests/openpgp/signencrypt-dsa.scm: Likewise.
+ * tests/openpgp/signencrypt.scm: Likewise.
+ * tests/openpgp/sigs-dsa.scm: Likewise.
+ * tests/openpgp/sigs.scm: Likewise.
+ * tests/openpgp/ssh.scm: Likewise.
+ * tests/openpgp/tofu.scm: Likewise.
+ * tests/openpgp/use-exact-key.scm: Likewise.
+ * tests/openpgp/verify.scm: Likewise.
+ * tests/openpgp/version.scm: Likewise.
+ * tests/openpgp/issue2346.scm: Likewise and simplify.
+
+ tests: Do not allow tests to be run in a shared environment.
+ + commit ac078469cbafe85cf771fca84f376740850d10b0
+ * tests/openpgp/README: Update.
+ * tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
+ function.
+ (run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
+ (run-tests-sequential-shared): Drop function.
+ (run-tests-sequential-isolated): Rename to 'run-tests-sequential'.
+
+ tests: Fix build.
+ + commit 37751d2b194bc33539f5b9ea0e02e9f209d2bcf6
+ * tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.
+
+ Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
+
+2016-11-07 Werner Koch <wk@gnupg.org>
+
+ wks: Encrypt all client mails also the target key,
+ + commit 56e1864aa337f36317534db521fd4434d70e0784
+ * tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
+ (send_confirmation_response): Ditto.
+ (process_confirmation_request): Parse out fingerprint and pass
+ send_confirmation_response.
+
+2016-11-07 Justus Winter <justus@g10code.com>
+
+ tests,tools: Reimplement 'mk-tdata' in Scheme.
+ + commit 70215ff470c82d144e872057dfa5a478cc9195f2
+ * tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
+ * tests/openpgp/setup.scm (make-test-data): New function.
+ * tests/openpgp/verify.scm: Avoid 'mk-tdata'.
+ * tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
+ * tools/mk-tdata.c: Drop file.
+
+ gpgscm,w32: Provide schemish file handling for binary files.
+ + commit 413cc50345557e0a516f33b98e8aab19bbc8b4fe
+ * tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
+ (call-with-binary-output-file): Likewise.
+
+ gpgscm: Add support for pseudo-random numbers.
+ + commit 6e677f9b55fdb610e93134042ee41ee5c641cbdf
+ * tests/gpgscm/ffi.c (do_getpid): New function.
+ (do_srandom): Likewise.
+ (random_scaled): Likewise.
+ (do_random): Likewise.
+ (do_make_random_string): Likewise.
+ (ffi_init): Expose the new functions.
+ * tests/gpgscm/lib.scm: Document the new functions.
+
+ g10: Fix crash.
+ + commit 5840353d8bbcd9e75374f3bdb2547ffa7bbea897
+ * g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
+ not return a getkey context, then it can return at most one key,
+ therefore there is nothing to rank. Also, always initialize '*retctx'
+ to be on the safe side.
+
+ Fixes: ab89164be02012f1bf159c971853b8610e966301
+
+2016-11-04 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix printing strings containing zero bytes.
+ + commit 1f45878a72f23d4bae08d73b614096b485f35274
+ * tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
+ strings. Scheme strings can contain zero bytes.
+
+ gpgscm: Implement 'atexit'.
+ + commit 43f8006f5c75e3d15fe200e2fa41587a73bfb07b
+ * tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
+ terminating the interpreter.
+ (*atexit-handlers*): New variable.
+ (*run-atexit-handlers*): New function.
+ (atexit): Likewise.
+ * tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
+ interpreter shutdown.
+
+2016-11-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix length error for READKEY.
+ + commit cd00b07ec26c3408e6aee66957b08c6fd319b700
+ * scd/app-openpgp.c (do_readkey): Decrement the length.
+
+ scd: Add --advanced option for READKEY.
+ + commit f9da935c3eb302e75a80def51128fb6f669661d7
+ * scd/command.c (cmd_readkey) : Support ADVANCED arg.
+ * scd/app.c (app_readcert): Add ADVANCED arg.
+ * scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
+ * scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
+
+2016-11-03 Werner Koch <wk@gnupg.org>
+
+ agent: Extend the PINENTRY_LAUNCHED inquiry and status.
+ + commit c1ea0b577a468030d2b006317ba27fc1746c4b14
+ * agent/call-pinentry.c (start_pinentry): Get flavor and version and
+ pass it to agent_inq_pinentry_launched.
+ * agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
+ * g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
+
+2016-11-03 Justus Winter <justus@g10code.com>
+
+ g10: Improve and unify key selection for -r and --locate-keys.
+ + commit ab89164be02012f1bf159c971853b8610e966301
+ * g10/getkey.c (struct pubkey_cmp_cookie): New type.
+ (key_is_ok, uid_is_ok, subkey_is_ok): New functions.
+ (pubkey_cmp): Likewise.
+ (get_best_pubkey_byname): Likewise.
+ * g10/keydb.h (get_best_pubkey_byname): New prototype.
+ * g10/keylist.c (locate_one): Use the new function.
+ * g10/pkclist.c (find_and_check_key): Likewise.
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ (TEST_FILES): Add new files.
+ * tests/openpgp/key-selection.scm: New file.
+ * tests/openpgp/key-selection/0.asc: Likewise.
+ * tests/openpgp/key-selection/1.asc: Likewise.
+ * tests/openpgp/key-selection/2.asc: Likewise.
+ * tests/openpgp/key-selection/3.asc: Likewise.
+ * tests/openpgp/key-selection/4.asc: Likewise.
+
+ gpgscm,tests: Add new functions to the test environment.
+ + commit 1ec07cbc209f247fd85704f5701564e31aa56d0b
+ * tests/gpgscm/lib.scm (first, last, powerset): New functions.
+ * tests/gpgscm/tests.scm (interactive-shell): New function.
+ * tests/openpgp/Makefile.am (EXTRA_DIST): Add new file.
+ * tests/openpgp/README: Document 'interactive-shell'.
+ * tests/openpgp/shell.scm: New file.
+
+2016-11-03 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Add a new field to the --query-swdb output.
+ + commit d10b67b9bc32e8feff1be86e6646fc23e58fe45d
+ * tools/gpgconf.c (query_swdb): Insert new field with the installed
+ version. Check that the supplied version does not contain a colon.
+
+2016-11-02 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Add command --query-swdb.
+ + commit 0ed6a6df5aa421a9c5cdb1e63867f0deee79af9e
+ * tools/gpgconf.c (aQuerySWDB): New.
+ (opts): Add --query-swdb.
+ (valid_swdb_name_p): New.
+ (query_swdb): New.
+ (main): Implement command --query-swdb.
+
+ common: Improve compare_string_versions.
+ + commit 488b183811fc25c1ae49b4730491accf1adf518e
+ * common/stringhelp.c: Include limits.h.
+ (compare_version_strings): Change semantics to behave like strcmp.
+ Include the patch lebel in the comparison. Allow checking a single
+ version string.
+ * common/t-stringhelp.c (test_compare_version_strings): Adjust test
+ vectors and a few new vectors.
+ * g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
+ * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
+ * sm/call-agent.c (warn_version_mismatch): Ditto.
+ * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
+
+2016-11-02 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix inclusion of readline header.
+ + commit 60ad1a7f37ffc10e601e69a3e2d2bb14af510257
+ * tests/gpgscm/ffi.c: Define magic macro to prevent the completion
+ function from redefined.
+
+2016-11-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ build: Fix misspelled dirmngr.
+ + commit 5e693ddfbe44d149ce0d9393d699c613ad5ea706
+
+
+ Spelling: correct spelling of "passphrase".
+ + commit 68b59bbc42ba9ec69496758743924d54a95742f0
+ There were several different variant spellings of "passphrase". This
+ should fix them all for all English text.
+
+ I did notice that po/it.po contains multiple instances of
+ "passhprase", which also looks suspect to me, but i do not know
+ Italian, so i did not try to correct it.
+
+2016-11-02 Justus Winter <justus@g10code.com>
+
+ g10,w32: Fix build on Windows.
+ + commit 5d4f1408d0dd055d412ae44bb4a0f28f74617f05
+ * g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.
+
+2016-10-31 Werner Koch <wk@gnupg.org>
+
+ common: New function gnupg_usleep.
+ + commit ad491ceec6145b3781a05dc7b4a36052abeeb4b4
+ * configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
+ * common/sysutils.c: Always include time.h.
+ (gnupg_usleep): New.
+
+2016-10-31 Andre Heinecke <aheinecke@intevation.de>
+
+ w32: Fix PKG_CONFIG_LIBDIR in --build-w32.
+ + commit 3b6b8fe32af7568ff51066d4c2e3679df6dea86f
+ * autogen.sh: Point pkg-config to the right location.
+
+2016-10-31 Neal H. Walfield <neal@g10code.com>
+
+ g10: Avoid gratuitious SQLite aborts and starving writers.
+ + commit 7a634e48b13c5d5d295b8fed9b429e1b2109a333
+ * g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
+ (tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
+ (begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
+ changed since we took the lock. Don't use gpgrt_yield to yield, but
+ sleep for 100ms. After taking the batch lock, update
+ DBS->WANT_LOCK_FILE_CTIME. Also take the batch lock the first time we
+ take the real lock. When taking the real lock, use immediate not
+ deferred mode to avoid gratuitious aborts.
+ (end_transaction): When dropping the outermost real lock, drop the
+ batch lock.
+ (busy_handler): New function.
+ (opendbs): Set the busy handler to it when opening the DB. Initialize
+ CTRL->TOFU.DBS->WANT_LOCK_FILE.
+ (tofu_closedbs): Free DBS->WANT_LOCK_FILE.
+
+2016-10-30 Neal H. Walfield <neal@g10code.com>
+
+ g10: Avoid reading in keys when possible.
+ + commit eec365a02bd35d2d5c9e4d2c8d18bcd9180cf859
+ * g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
+ element, don't bother to check for cross sigs. Add parameter PK.
+ Update callers.
+
+ g10: Fix bit setting.
+ + commit 614ca00676bb8ca12b5107fec0e4ef8818445254
+ * g10/tofu.c (build_conflict_set): Fix bit setting.
+
+2016-10-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Enable the Issuer Fingerprint from rfc4880bis.
+ + commit b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc
+ * g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
+ Issuer Fingerprint sub-packet.
+ * g10/mainproc.c (check_sig_and_print): Always consider that
+ sub-packet.
+
+2016-10-27 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix signature checking.
+ + commit 5a1f6a0062488aaf345b1c73ba98a540e673d619
+ * dirmngr/server.c: Include cpparray.h.
+ (verify_swdb_parm_s): New.
+ (verify_swdb_status_cb): New.
+ (cmd_versioncheck): Use gpgv to correclty verify the signature.
+ Rename some variable to comply with GNU standards.
+
+ gpg: Verify multiple detached signatures with different hash algos.
+ + commit 8fced66be35db5ac2a6bfdb9bccb2c0e582d8256
+ * g10/mainproc.c (proc_tree): Loose check. Enable all algos.
+
+ common: Add GNUPG_MODULE_NAME_GPGV.
+ + commit ece9ade4b44fb3d5d120cfd32b23632e5efd2134
+ * common/util.h (GNUPG_MODULE_NAME_GPGV): New.
+ * common/homedir.c (gnupg_module_name): Implement.
+
+2016-10-27 Justus Winter <justus@g10code.com>
+
+ g10: Fix iteration over getkey results.
+ + commit 8ea72a776a88f3c851e812d258355be80caa1bc1
+ * g10/getkey.c (getkey_next): Return the public key in PK even if
+ RET_KEYBLOCK is NULL.
+
+ g10: Assert preconditions.
+ + commit 66a0091d74768ab3a4a5342d3645e1834c59045a
+ * g10/getkey.c (get_pubkey_byname): Assert preconditions.
+
+2016-10-27 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Do not implement --supervised in Windows.
+ + commit cf20b23c146c9e499263654644035796475de097
+ * dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
+ (main) [W32]: Ditto.
+
+ common: Remove debug output from gnupg_get_socket_name.
+ + commit a9c8b5fbe7ae241bf45bdee15884abc7891aedf9
+ * common/sysutils.c (gnupg_get_socket_name): Remove debug message and
+ use my_error_from_syserror.
+
+2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: ADNS error handling fix.
+ + commit 45dfc02b47f798f5a3b9973ca6a9f5a907d7e665
+ * dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
+ Use gpg_error and gpg_err_code_from_errno to compose the error value.
+
+2016-10-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
+ + commit a15ed5a1fd5307b3ec1822daf3b138b187db0b5e
+ * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
+ (gpg_dirmngr_wkd_get): Ditto.
+ * g10/keyserver.c (keyserver_get): Add arg 'quick'.
+ (keyserver_get_chunk): Add arg 'quick'.
+ (keyserver_import_fprint): Ditto. Change callers to pass 0 for it.
+ (keyserver_import_keyid): Ditto.
+ (keyserver_import_wkd): Ditto.
+ * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
+ QUICK set.
+
+2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix gnupg_inotify_has_name, differently.
+ + commit 8b3d0d1a36cab83dafb98ccb7895144edb95e298
+ * common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
+ warning.
+
+ dirmngr: More ADNS error fix.
+ + commit 6f1d8123d61b3efac94b4c61ee75bd947790ba42
+ * dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
+ value.
+
+ dirmngr: Fix error return for ADNS.
+ + commit 8a9341b42cd1891090d45cc068bff84b2b3edb50
+ * dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.
+
+ g10: Fix ECDH, clarifying the format.
+ + commit ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
+ it's short. Clarify the format. Handle other prefixes correctly.
+
+ scd: Add 0x41 prefix for x-coordinate only result.
+ + commit 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443
+ * scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
+ prefix 0x41.
+
+2016-10-27 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
+
+ g10: ECDH shared point format.
+ + commit b648f28f9f8b889f1217a649ded1d45f261bb2bf
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
+ ECDH shared point format.
+
+2016-10-27 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: Implement --supervised command (for systemd, etc).
+ + commit 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9
+ * dirmngr/dirmngr.c (main): Add new --supervised command, which is a
+ mode designed for running under a process supervision system like
+ systemd or runit.
+ * doc/dirmngr.texi: document --supervised option.
+
+ agent,common: move get_socket_name() into common.
+ + commit 6316b28e896957adb76a61a41d2e1c2a08d9f716
+ * agent/gpg-agent.c (get_socket_name): move to ...
+ * common/sysutils.c (gnupg_get_socket_name): ... here.
+
+ dirmngr: report actual socket name.
+ + commit 6bb6ac56cca8135666387a0b9d88dd6b50311418
+ * dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
+ to report known socket name.
+ * dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
+ to report correct socket name.
+
+2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix gnupg_inotify_has_name.
+ + commit bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5
+ * common/sysutils.c (gnupg_inotify_has_name): Take care of the
+ alignment.
+
+ dirmngr: Fix help string and argument.
+ + commit 96414baf36b8e6385b71847c789d489ebe176a93
+ * dirmngr/server.c (hlp_versioncheck): Add a newline.
+ (cmd_versioncheck): Fix argument.
+
+2016-10-26 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix hang due to deferred thread initialization.
+ + commit d1ccab5176d7719328b287544b54b85e0277b146
+ * dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
+ thread_init.
+
+ agent: Avoid double error message.
+ + commit b77f95a4a675fd20f6eeb611f4e7b519eceb4ad3
+ * agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
+ Remove unneeded diagnostic.
+
+ common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
+ + commit ece13f177d948013b6f3df926406c0cd947abc25
+ * common/sysutils.c (gnupg_inotify_watch_socket): Return
+ GPG_ERR_INV_VALUE for a missing socket name and set proper error
+ source.
+
+ tests: Improve portability of fake-pinentry.
+ + commit 21b318452abbfe21c45c2a67dae0e3a81cff1090
+ * tests/openpgp/fake-pinentry.c: Make all functions static.
+ (get_passphrase): s/unlink/remove/ because that is standard C.
+ (spacep): Rename to whitespace and change all callers.
+ (main): Move macro out of if-then chain.
+
+2016-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: --supervised mode improvements.
+ + commit 27f6d5b9f4b6057ddeb9ace87a1e7e61ebac63e6
+ * agent/gpg-agent.c (map_supervised_socket): if the agent is running
+ in --supervised mode and is not actually given LISTEN_FDNAMES
+ directives, require at least fd 3 to be open for listening.
+
+ common: avoid segfault.
+ + commit 3b5f5e0eb02ecbdcf59722755f22a9d2f88de6e6
+ * common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
+ socket_name is NULL, rather than segfaulting
+
+2016-10-25 Justus Winter <justus@g10code.com>
+
+ agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
+ + commit 852b8f0b89d447536dfdf6cd4ea91615c75491ce
+ * agent/call-pinentry.c (start_pinentry): Also send the user data
+ using an Assuan 'OPTION' command.
+ * tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
+ passphrase file.
+ (spacep): Include newline characters.
+ (rstrip): New function.
+ (main): Handle Windows line endings. Handle the userdata option, and
+ restart with the new options.
+
+ tests: Do not autostart gpg-agents on teardown.
+ + commit f88f11a25665dca7490a09088aa24edf396e4c40
+ * tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling
+ gpg-connect-agent.
+
+2016-10-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.
+ + commit b120f358c25cc846ca9d841d47e71ca1a7fe02e4
+ * dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
+ (cmp_version): Extend to handle the MICRO part.
+ (confucius_mktmpdir): Rename to my_mktmpdir.
+ (my_mktmpdir): xstrconcat does not fail; use strconcat.
+ (fetch_into_tmpdir): Improve error checking.
+
+ common: Use strconcat in gnupg_setenv.
+ + commit 7983f8758703071710c11bf2a255efcd71836b65
+ * common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
+ strconcat. Indent cpp conditionals.
+ (gnupg_unsetenv): Indent cpp conditionals.
+
+2016-10-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Replace two sprintf calls.
+ + commit 9d6146d6f9870fbfcec15cdc4becaf094d5a90e0
+ * g10/keygen.c (print_status_key_created): Use snprintf for now.
+ (ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
+
+ agent: Minor cleanup for recent change in findkey.c.
+ + commit 8c40b3b98d3ddeda79fde981e6539c5b3b09d9a2
+ * agent/findkey.c (agent_write_private_key): Avoid label name error.
+
+ agent: Slightly change structure of cmd_readkey.
+ + commit fdb653a33ea1a24d1159880624dbbcc0867865b5
+ * agent/command.c (cmd_readkey): Avoid a leave label in the middle of
+ the code. Remove the special return.
+
+2016-10-24 Kai Michaelis <kai@gnupg.org>
+
+ dirmngr: Fix segfault in VERSIONCHECK.
+ + commit 5e7dfd979d2d91800d90c3ce9a66755df3217682
+ * dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes
+ when called without program version.
+
+2016-10-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Use canonical curve name of libgcrypt.
+ + commit b1828c17fc475def1ee9e06f083f513f568c241b
+ * scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
+ (ecdh_params): New.
+ (ecc_read_pubkey): Use ecdh_params. Use curve name.
+ (ecc_writekey): Likewise.
+ (ecc_curve): Rename from ecc_oid.
+ (parse_algorithm_attribute): Use ecc_curve.
+ * g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
+ intern the curve name string.
+ * g10/card-util.c (card_status): Conver curve name to alias for print.
+
+ common: Fix openpgp_is_curve_supported.
+ + commit 945e7ab0ddedf5f58afd97d81e101939de5b5d89
+ * common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
+ canonical name of the curve and alias.
+
+ g10: Fix card keygen for decryption.
+ + commit acef0951646b47c87ccc1c616f0105a068e7ed86
+ * g10/keygen.c (do_generate_keypair): Fix arguments.
+
+2016-10-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: More card key generation change.
+ + commit 987bbb2276aeb6bee2793e8406e223717b605009
+ * g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
+ Don't get ALGO by KEY-ATTR by this function. It's caller to provide
+ ALGO. Don't do that by both of caller and callee.
+ (generate_keypair): Only put paramerters needed. Use parameters
+ for ALGO to call gen_card_key.
+ (generate_card_subkeypair): Get ALGO and call gen_card_key with it.
+
+2016-10-21 Andre Heinecke <aheinecke@intevation.de>
+
+ g10: Write first keybox record in binary mode.
+ + commit f7e50634be71ce3028726f23edf14454109a04a8
+ * g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.
+
+2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10,scd: Fix ECC keygen.
+ + commit d2653b1a6db90aed073194a51fd61023d69773ec
+ * g10/keygen.c (generate_keypair): For card key generation, fill
+ parameters by KEY-ATTR.
+
+ * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
+ after its reference by OIDBUF is finished.
+ (ecc_writekey): Likewise.
+
+ scd: Fix segfault changing key attr.
+ + commit 693e657ff04756737dce025203c0deba480ea8de
+ * asc/app-openpgp.c (change_keyattr_from_string): Release after
+ allocated.
+
+2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
+ Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
+
+ g10: Don't ask keysize for for non-RSA card.
+ + commit dafce6f698bec6e9d4c0125b90754d0687294e86
+ * g10/card-util.c (card_status): Bug fix for keyno.
+ (ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
+ (generate_card_keys): Only ask keysize when RSA.
+ (card_generate_subkey): Likewise.
+
+ g10: Support ECC for gen_card_key.
+ + commit 161cb22f13bcd8cbdb08558d9926b2168a8297ac
+ * g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
+ (do_generate_keypair, generate_card_subkeypair): Follow the change.
+
+2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix use cases of snprintf.
+ + commit 6e85ac77af594035137950d801d8a1bacce548a3
+ * agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
+ build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
+ dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
+ g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
+ sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
+
+ agent: Fix saving with FORCE=1.
+ + commit 1ffd475f99eaff4e40950eda88702f8db9288eb5
+ * agent/findkey.c (agent_write_private_key): Recover from an error of
+ GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
+
+2016-10-20 Justus Winter <justus@g10code.com>
+
+ tests: Simplify test.
+ + commit 71158d8d5f823888abc8588caa6497860ce59c06
+ * tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
+ home directory, just make the uids unique.
+
+ tests: Flush stdout in the fake pinentry.
+ + commit ca9597f080f70a8435daaeb5449bef0462a1402a
+ * tests/openpgp/fake-pinentry.c (reply): Flush stdout.
+
+ common,w32: Fix setting environment variables on Windows.
+ + commit 8c7c4faf3de28ca70a60e6b15f51c1b206e0ddd9
+ * common/sysutils.c (gnupg_setenv): Also update the environment block
+ maintained by the C runtime.
+ (gnupg_unsetenv): Likewise.
+ * tests/gpgscm/ffi.c (do_setenv): Fix error handling.
+
+ tests,w32: Cope with Windows line endings.
+ + commit bf37916a23bd0929fc4a5f28c9a41f43c5a473f6
+ * tests/openpgp/issue2015.scm: Rstrip line before comparison.
+
+ tests: Create and remove socket directories.
+ + commit 2d794779e0fd9d9a1efc98e7bd77a296a25f4293
+ * tests/openpgp/defs.scm (start-agent): Move function here and create
+ the socket directory prior to starting the agent.
+ (stop-agent): Move function here and remove the socket directory.
+ * tests/openpgp/finish.scm: Adapt.
+ * tests/openpgp/setup.scm: Likewise.
+
+2016-10-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent, g10: Fix keygen.
+ + commit 9a34e2142b426b98c73fd888102ea1596bbce62a
+ * agent/command.c (cmd_readkey): Get length after card_readkey.
+ * g10/keygen.c (gen_card_key): Fix off-by-one error.
+
+ scd: GENKEY updates the public key in APP.
+ + commit b680f79cc112c4831293e259d7db2921bcd783a4
+ * scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
+ (read_public_key): New.
+ (get_public_key, do_genkey): Use read_public_key.
+
+ g10: smartcard keygen change.
+ + commit 980c037bedb968ddf155dd334c0a70b918a17759
+ * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
+ (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
+ (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out
+ argument.
+ (agent_readkey): Use READKEY --card instead of SCD READKEY.
+ * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
+ to retrieve public key information from card and let the agent make
+ a file for private key with shadow info.
+
+ agent: Add --card option for READKEY.
+ + commit 82cbab906a3e72a98fdc16096f2f0451465969a2
+ * agent/findkey.c (agent_write_shadow_key): New.
+ * agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
+ * agent/learncard.c (agent_handle_learn): Likewise.
+ * agent/command.c (cmd_readkey): Add --card option.
+
+2016-10-19 Kai Michaelis <kai@gnupg.org>
+
+ dirmngr: improve VERSIONCHECK.
+ + commit 72a99f582dad4cb4c3b05b97c7ebb8d537f10b79
+ Replace strtok_r() and code formatting. Use code from libgpg-error for
+ version comparison.
+
+2016-10-18 Justus Winter <justus@g10code.com>
+
+ common: Fix copying data to estreams.
+ + commit 8dce5ee55a0268d196023224dcf3020306922490
+ * common/exectool.c (copy_buffer_do_copy): Correctly account for
+ partially written data in the event of errors.
+
+ common,w32: Communicate with child in non-blocking mode.
+ + commit 05a1e412332dd980353a4e3e59bc75ba40bae7fc
+ * common/exechelp-w32.c (gnupg_spawn_process): Open streams in
+ non-blocking mode if requested.
+
+ common,w32: Extend gnupg_create_inbound_pipe et al.
+ + commit f2d39a6d051413289c717b9cd2dc387a270b8e7c
+ * common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
+ create a stream if reqested.
+ (gnupg_create_inbound_pipe): Use the extended function to open the
+ stream if requested.
+ (gnupg_create_outbound_pipe): Likewise.
+ (gnupg_create_pipe): Update call site.
+
+ common,w32: Make use of default_errsource in exechelp.
+ + commit 727ca74bb942464217e678012cccbfc347ae08a5
+ * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
+ Use them instead of gpg_error and gpg_error_from_syserror.
+
+2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
+ Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
+
+ scd: Support ECC key generation.
+ + commit 34439da2d62b964a914ace66bae7e38f619582a4
+ * scd/app-openpgp.c (get_public_key): Fix a message.
+ (change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
+ (do_genkey): Add ECC support.
+
+2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: minor cleanup to merge other works.
+ + commit f1845f25dbea79c191427710fa56ed01e63a045b
+ * scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
+ (iso7816_generate_keypair, iso7816_read_public_key): Likewise.
+ * scd/app-openpgp.c (get_public_key): Follow the change.
+ (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT.
+
+2016-10-17 Justus Winter <justus@g10code.com>
+
+ gpgscm: Initialize nesting stack.
+ + commit c2e713d9e25ef8b61e8eeb3c01ee1e31cb70b794
+ * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting
+ stack.
+
+2016-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: Document how to manually shut down gpg-agent.
+ + commit 869c06efa791bbc8330becdb3f13f7cf9506257e
+ * doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
+ agent termination.
+
+ This was requested in a side-comment in https://bugs.debian.org/840669
+
+ doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
+ + commit c53ce53ab1fa6a328c368f2a15e3ccd803f03ee2
+ * doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
+ hard-coding "gpg2".
+
+2016-10-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix keytocard for ECC.
+ + commit 25428be52168fa9c581b7f11c95a5c63b25343b7
+ * scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
+ than 128 when it comes with public key for curve of larger field.
+
+ gpgconf: Fix for --homedir.
+ + commit 70a8584ec4389209762eb65bb77f20f7881577be
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change,
+ scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
+ arguments by --homedir when it's not default.
+
+2016-10-16 Werner Koch <wk@gnupg.org>
+
+ agent: Use straightforward names for the default socket names.
+ + commit 0b0f9a3788cb5d3c26cec16cd24acc973069d280
+ * configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
+ (GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
+
+2016-10-15 Werner Koch <wk@gnupg.org>
+
+ agent: Move inotify code to common and improve it.
+ + commit 2f7d4c38c9e7bcc14e6e0bf219d688c40a4afecb
+ * common/sysutils.c: Include sys/inotify.h.
+ (my_error_from_syserror, my_error): New.
+ (gnupg_inotify_watch_socket): New.
+ (gnupg_inotify_has_name): New.
+ * agent/gpg-agent.c: Do not include sys/inotify.h.
+ (my_inotify_is_name): Remove.
+ (handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
+ the new functions.
+
+2016-10-14 Kai Michaelis <kai@gnupg.org>
+
+ dirmngr: use gnupg_mkdtemp instead of mkstemp.
+ + commit c318561ef4c97f0c2767aef377531d58174060a1
+ MinGW on debian does not support mkstemp.
+
+ dirmngr: add VERSIONCHECK command.
+ + commit f99c5fa1c970dc1122ac62371eb8d758f380ed57
+ Given an application name and version VERSIONCHECK fetches the software
+ version list from version.gnupg.org, verifies the signature and returns
+ whenever the given version is older (UPDATE), current (CURRENT) or newer
+ (ROLLBACK).
+
+2016-10-13 Neal H. Walfield <neal@g10code.com>
+
+ tests: Use shorter filenames.
+ + commit 0c56ad5a8d89d69a9ed00571720b3b105f955214
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from
+ this...
+ * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from
+ this...
+ * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this.
+ * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly.
+
+ g10: Be more careful when checking if a binding is signed by a UTK.
+ + commit 95d0f3e5eebd85dcf226dca14891a1215bfe93ae
+ * g10/tofu.c (signed_by_utk): When checking if a key is signed by an
+ ultimately trusted key, only consider the signatures on the specified
+ user id.
+ * tests/openpgp/tofu.scm: Add test for the above.
+
+ tests: Add test data to TEST_FILES.
+ + commit d2d936fbe86d61b89cead95df633b2b575690e05
+ * tests/openpgp/Makefile.am (TEST_FILES): Add new test data.
+
+ g10: Be more careful when checking cross signatures.
+ + commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c
+ * g10/tofu.c (cross_sigs): When checking cross signatures, only
+ consider the signatures on the specified user id.
+ * tests/openpgp/tofu.scm: Add test for the above.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
+ New file.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/
+ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
+ * tests/openpgp/tofu/cross-sigs/README: New file.
+
+ g10: Still check if the key is an UTK or cross signed in batch mode.
+ + commit e09166c77273f459c8f87cab9224f85808af2cba
+ * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
+ bail immediately. Instead, check if the key in question is an
+ ultimately trusted key or cross signed.
+
+ g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
+ + commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74
+ * g10/tofu.c (get_policy): If an sqlite operation fails, map the error
+ code to GPG_ERR_GENERAL.
+ (ask_about_binding): Likewise.
+ (build_conflict_set): Likewise.
+ (get_trust): Likewise.
+ (show_statistics): Likewise.
+ (tofu_register_signature): Likewise.
+ (tofu_register_encryption): Likewise.
+
+ tests: Remove support for deprecated functionality.
+ + commit 2282c3b761413dfa894300e70084bbd58908c0b1
+ * tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated.
+
+2016-10-12 Neal H. Walfield <neal@g10code.com>
+
+ g10: When changing a TOFU binding's policy, update the conflict info.
+ + commit 3ad17e72fa81d18c95732ddcd4def244f52bb5b1
+ * g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
+ Set the binding's conflict accordingly. Update callers.
+
+ g10: Make a singular string singular.
+ + commit ca84f65c7cf2c6a08a01018519965a82e6c52cac
+ * g10/tofu.c (ask_about_binding): Make the singular string singular.
+
+ g10: Correctly determine whether a binding has a conflict.
+ + commit 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a
+ * g10/tofu.c (build_conflict_set): A binding has a conflict is
+ conflict is *not* NULL, not if it is NULL.
+
+ g10: Fix a column's type in TOFU DB.
+ + commit 78eda335fd1c29038b74b9cc912b6a4515fccd9f
+ * g10/tofu.c (initdb): Change policy from a boolean to an integer.
+
+2016-10-07 Justus Winter <justus@g10code.com>
+
+ tests: Rework test environment setup.
+ + commit cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26
+ * tests/openpgp/setup.scm: Import one keyring at a time. This works
+ around a yet to be investigated hang on Windows. It is also much
+ prettier.
+
+ tests: Improve handling of Windows newlines.
+ + commit 1f76f8d8bc65fad98927c977baf4d5e36dafe52b
+ * tests/gpgscm/lib.scm (string-split-newlines): New function.
+ * tests/openpgp/default-key.scm: Use new function.
+ * tests/openpgp/defs.scm: Likewise.
+ * tests/openpgp/export.scm: Likewise.
+ * tests/openpgp/import.scm: Likewise.
+
+ gpgscm: Improve test of low-level functions.
+ + commit 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b
+ * tests/gpgscm/t-child.c: Print large amounts of data.
+ * tests/gpgscm/t-child.scm: Test that this works.
+
+ gpgscm: Improve path handling.
+ + commit dff266059813d22d1e2ba7e77279999cd41ceb75
+ * tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'.
+ * tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with
+ drive letter on Windows. Use 'path-join'.
+ (path-expand): Use 'path-join'.
+
+ tools: Fix error handling.
+ + commit 5afbfdfd59540cb882d891ff1f4afa73fe48f99a
+ * tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
+ tarball failed.
+
+2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix get_socket_name.
+ + commit fb3b3e1e7a4219f61a834fd07809898918611c2f
+ * agent/gpg-agent.c (get_socket_name): Fix the size of copying.
+
+2016-10-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Put extra parens around bit tests.
+ + commit 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2
+ * g10/options.h (DBG_MPI): New.
+ * g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
+ * g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
+
+2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent, dirmngr, scd: Fix init_common_subsystems.
+ + commit fc0b392e766af8127094e8b529d25abb84ad1d65
+ * common/init.c (_init_common_subsystems): Don't call
+ gpgrt_set_syscall_clamp in this function.
+ * agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
+ gpgrt_set_syscall_clamp after npth_init.
+
+2016-10-06 Justus Winter <justus@g10code.com>
+
+ common: Avoid pointer arithmetic on string literals.
+ + commit 4aadc751f201f8f97c9c1f454e3a29803cce3edb
+ * common/gettime.c (rfctimestamp): Use indexing instead.
+ * common/signal.c (got_fatal_signal): Likewise.
+
+ g10: Fix singular term.
+ + commit b0d2526bc4e5c663eeffe04500420c70cee98712
+ * g10/tofu.c (ask_about_binding): Fix singular message.
+
+ g10: Use appropriate variant of 'abs'.
+ + commit 73000d1ce0317210f5a9e5262404cc90258041ff
+ * g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.
+
+ sm: Remove statement without effect.
+ + commit 2d446759bd43ae38fbce9a18c955285ca535bc08
+ * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
+ effect.
+
+ g10: Fix testing for debug flag.
+ + commit 6b626824c8e30b41c47724b5ccbf761937499512
+ * g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
+ flag.
+
+ tools: Improve error handling.
+ + commit 32f81f56a8be6d13dea0a64d24f52343c7e72c84
+ * tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.
+
+ gpgscm: Update callsite of 'gnupg_spawn_process'.
+ + commit 07cfb3b27a77491eae818d57f6eb660e75fa013f
+ * tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to
+ 'gnupg_spawn_process'.
+
+2016-10-05 Werner Koch <wk@gnupg.org>
+
+ wks: Send key encrypted as required by draft -02.
+ + commit 8ce800d21919eaaba7ed4f04f712292be310fd66
+ * tools/gpg-wks-client.c (get_key): Encrypt.
+ (encrypt_response): Take care of --fake-submission-addr.
+
+ wks: Add option --fake-submission-addr to gpg-wks-client.
+ + commit e514a5b725f0c997cef4362808b2778a3faa9cf8
+ * tools/gpg-wks-client.c (oFakeSubmissionAddr): New.
+ (opts): Add option --fake-submission-addr.
+ (fake_submission_addr): New variable.
+ (parse_arguments): Set it.
+ (command_send): Use --fake-submission-addr.
+
+ agent: Another minor fix to map_supervised_sockets.
+ + commit 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1
+ * agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
+ Provide correct fd in the second error case.
+
+ agent: Fix npth + supervised mode problem.
+ + commit f57dc2b1e6f28d164f882373535dbcb0d632ca17
+ * agent/gpg-agent.c (main): Initialize modules in supervised mode.
+
+2016-10-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: Fix error handling in map_supervised_sockets.
+ + commit a2127c71dbf87c1710b43d91a733dd4c9b2953bc
+ * agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
+ close on error is fd, not i.
+
+2016-10-04 Werner Koch <wk@gnupg.org>
+
+ agent: Streamline the supervised mode code.
+ + commit 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa
+ * agent/gpg-agent.c (get_socket_path): Rename to ...
+ (get_socket_name): this. This is to comply with the GNU coding guide.
+ Use xtrymalloc instead of malloc. Do not build for W32.
+ (map_supervised_sockets): Use strtokenize and set the the socket names
+ here.
+ (main): Adjust for above change. Do not close the socket.
+
+ agent: Adjust cleanup for supervised mode. Fix for W32.
+ + commit afcfae7959f39e7d85309b9496e1f1cf9acd5cc2
+ * agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
+ (is_supervised): Move from main() to global.
+ (inhibit_socket_removal): New.
+ (cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
+ (check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
+ seting the socket names to empty.
+
+ agent: Adjust supervised mode for the new default socket names.
+ + commit dc059af1ff007842e2633e686c87d05daf1d45e3
+ * agent/gpg-agent.c (main): In supervised mode do not provide default
+ socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and
+ agent_exit.
+
+2016-10-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: Implement --supervised command (for systemd, etc).
+ + commit 9f92b62a51d2d60f038fdbe01602865c5933fa95
+ * agent/gpg-agent.c (get_socket_path): New function for POSIX systems
+ to return the path for a provided unix-domain socket.
+ (map_supervised_sockets): New function to inspect $LISTEN_FDS and
+ $LISTEN_FDNAMES and map them to the specific functionality offered by
+ the agent.
+ (main): Add --supervised command. When used, listen on already-open
+ file descriptors instead of opening our own.
+ * doc/gpg-agent.texi: Document --supervised option.
+
+2016-10-04 Justus Winter <justus@g10code.com>
+
+ build,w32: Unconditionally build tests.
+ + commit 4a232d23a8f51bebf9ee382e480248b4bde30f28
+ * configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
+ variables. They are misleadingly named, as they inhibit building the
+ tests. There is no reason not to build the tests even when
+ cross-compiling, as they are only run if one does 'make check'.
+ * Makefile: Adapt accordingly.
+ * tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on
+ Windows as it uses non-portable functions.
+
+ tests,w32: Do not expose 'glob' to gpgscm.
+ + commit 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b
+ * tests/gpgscm/ffi.c (do_glob): Remove function.
+ (ffi_init): Likewise.
+
+ tests,w32: Avoid using 'glob'.
+ + commit 949e70115eb2c04bd09da6477f6c433e6fd9a366
+ * tests/openpgp/setup.scm: Avoid 'glob' which is not available on
+ mingw.
+
+ tools: Ignore existing directories in gpgtar.
+ + commit fbc83c0cdd390473c044953fb774571ffc636c6d
+ * tools/gpgtar-extract.c (extract_directory): Ignore existing
+ directories now that we have '--directory'.
+
+2016-10-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent, dirmngr, scd: npth_init must be after fork.
+ + commit eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d
+ * agent/gpg-agent.c (thread_init_once, initialize_modules): New.
+ (main): Make sure no daemonizing-fork call after npth_init, and no npth
+ calls before npth_init, with care of npth calls by assuan hooks.
+ * dirmngr/dirmngr.c (thread_init): New.
+ (main): Make sure npth_init must not be called before daemonizing fork.
+ * scd/scdaemon.c (main): Likewise.
+
+2016-09-30 Werner Koch <wk@gnupg.org>
+
+ agent: Remove the warning for the GKR hijacking.
+ + commit a43739a2456a38c01704d8a52dca441055e29bc6
+ * g10/call-agent.c (check_hijacking): Remove.
+ (start_agent): Remove call.
+
+ agent: Create the extra sockets in the standard socket dir.
+ + commit 80cc16e0728256f6b07a12980e1f3512cf2324fa
+ * agent/gpg-agent.c (main): Take the socketdir in account for the
+ default sockets.
+ * tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
+ "agent-browser-socket".
+
+ agent: Kludge to allow disabling of the extra sockets.
+ + commit 95cf7afff074613825f4442fa131145a2c0d3cf7
+ * agent/gpg-agent.c (main): Check for special socket names.
+
+ wks: Avoid long trustdb checks.
+ + commit de67055aff916455cec89fab1d95177d3b383008
+ * tools/wks-receive.c (verify_signature): Use --always-trust.
+
+2016-09-30 Justus Winter <justus@g10code.com>
+
+ build: Fix build against libiconv.
+ + commit 6054e8aaecbd355bb7559697eecaadf2225189b8
+ * agent/Makefile.am: Add INCICONV and LIBICONV.
+ * common/Makefile.am: Likewise.
+ * tools/Makefile.am: Likewise.
+
+ agent: Enable restricted, browser, and ssh socket by default.
+ + commit e11686f973b35869d7b299ce4726003ac22e2e3a
+ * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
+ 'browser-socket', enable ssh socket by default, but do not emit the
+ 'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
+ * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
+ * doc/gpg-agent.texi: Update documentation.
+
+ w32: Fix STARTTLS on LDAP connections.
+ + commit 8d37018050373a47566bf8ea0d894da20ed292c7
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
+ <winldap.h>.
+
+2016-09-29 Werner Koch <wk@gnupg.org>
+
+ wks: Partly implement draft-koch-openpgp-webkey-service-02.
+ + commit 33800280da55a859e08dfa57f29144c89dd1bead
+ * tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
+ * tools/wks-receive.c: Include rfc822parse.h.
+ (struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
+ MULTIPART_MIXED_SEEN.
+ (decrypt_data): Add --no-options.
+ (verify_signature): Ditto.
+ (new_part): Check for Wks-Draft-Version header. Take care of text
+ parts.
+ (wks_receive): Set Parser and pass a flag value to RESULT_CB.
+ * tools/gpg-wks-client.c (read_confirmation_request): New.
+ (main) <aRead>: Call read_confirmation_request instead of
+ process_confirmation_request.
+ (command_receive_cb): Ditto. Add arg FLAGS..
+ (decrypt_stream_status_cb, decrypt_stream): New.
+ (command_send): Set header Wks-Draft-Version.
+ * tools/gpg-wks-server.c (struct server_ctx_s): Add field
+ DRAFT_VERSION_2.
+ (sign_stream_status_cb, sign_stream): New.
+ (command_receive_cb): Set draft flag.
+ (send_confirmation_request): Rework to implement protocol draft
+ version 2.
+
+ * tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
+ (DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain
+ opt.debug where useful.
+ * tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
+ * tools/gpg-wks-server.c (debug_flags): Ditto.
+
+ tools: Convey signeddata also to the part_data callback in mime-parser.
+ + commit c738f92c195d91662ddc7848cc3c92c7f091f1f8
+ * tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
+ (process_part_data): new.
+ ((mime_parser_parse): Also call process_part_data for signed data.
+
+ tools: Allow retrieval of signed data from mime-maker.
+ + commit f776757ea94542e2f425840dddaf3e65b0ff7757
+ * tools/mime-maker.c (find_part): New.
+ (mime_maker_get_part): New.
+
+ tools: Change mime-maker to write out CR,LF.
+ + commit 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5
+ * tools/mime-maker.c (struct part_s): Add field PARTID.
+ (struct mime_maker_context_s): Add field PARTID_COUNTER.
+ (dump_parts): Print part ids.
+ (mime_maker_add_header): Assign PARTID.
+ (mime_maker_add_container): Ditto.
+ (mime_maker_get_partid): New.
+ (write_ct_with_boundary): Remove.
+ (add_header): Strip trailing white spaces.
+ (write_header): Remove trailing spaces trimming. Add arg BOUNDARY.
+ Handle emdedded LFs.
+ (write_gap, write_boundary, write_body): New.
+ (write_tree): Use new functions.
+
+ tools: Simplify the mime-maker container creation.
+ + commit 95d60c6ce9e8a7a7741553af957978c1f91547c5
+ * tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
+ (release_parts): Ditto.
+ (dump_parts): Print a body line only if tehre is a body.
+ (mime_maker_add_header): Check for body or container.
+ (mime_maker_add_container): Remove arg MEDIATYPE. Change all callers.
+ (mime_maker_end_container): New.
+
+ tools: Give mime parser callbacks access to the rfc822 parser.
+ + commit 4ac138c84d0f344ca9442f90c96f0e1f76062a4a
+ * tools/mime-parser.c (mime_parser_context_s): Add field MSG.
+ (parse_message_cb): Set it.
+ (mime_parser_rfc822parser): New.
+ * tools/mime-parser.h: Declare rfc822parse_t for the new prototype.
+
+2016-09-29 Justus Winter <justus@g10code.com>
+
+ dirmngr: Fix STARTTLS on LDAP connections.
+ + commit 9e6f8a55ed04f876635792125858ee76a948802a
+ * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
+
+2016-09-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve WKD by importing only the requested UID.
+ + commit cbf2ac66692daa7a324108724698d60d6c7e473f
+ * g10/keyserver.c: Include mbox-util.h.
+ (keyserver_import_wkd): Do not use the global import options but
+ employ an import filter.
+
+ gpg: Reject import if an import filter removed all user ids.
+ + commit 80393661bdfa7ae0288644513575e8a5d708b084
+ * g10/import.c (any_uid_left): New.
+ (import_one): Check that a UID is left.
+
+ gpg: Make import filter data object more flexible.
+ + commit c9237bf2ba2c49588576dcece756ebf5fe89aada
+ * g10/main.h (import_filter_t): New.
+ * g10/import.c (struct import_filter_s): Declare struct.
+ (import_keep_uid, import_drop_sig): Replace by ...
+ (import_filter): new. Adjust all users.
+ (cleanup_import_globals): Move code to ...
+ (release_import_filter): new.
+ (save_and_clear_import_filter): New.
+ (restore_import_filter): New.
+
+ gpg: Make sure that internal key import is done with a binary stream.
+ + commit 829949f3823c2306022928ce782f9c9d9c5f1cc8
+ * g10/import.c (import_keys_internal): Open stream in binary mode.
+
+2016-09-27 Justus Winter <justus@g10code.com>
+
+ build: Do not link gpg-connect-agent against npth.
+ + commit 20a16833ee2bb05f735377f705899302bcf2b4d3
+ * tools/Makefile.am: Do not link gpg-connect-agent against npth.
+
+ build: Fix check for resolver library on macOS.
+ + commit 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36
+ * configure.ac: Check for the mangled name of 'dn_skipname' first.
+
+ common: Correctly handle modules relying on npth.
+ + commit 2b23a321ac0b07beeac1dfa8d71f223e66c49b71
+ * common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
+ (with_npth_sources): New variable.
+ (libcommonpth_a_SOURCES): Use the new variable.
+
+2016-09-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent, sm: Set CTX after start_agent.
+ + commit 4e4843e735f32b5e79a51d8062da55bfaab6ad77
+ * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
+ * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
+ (gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
+ (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
+ (gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
+ (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
+ (gpgsm_agent_export_key): Likewise.
+
+ dirmngr: Removal of no-libgcrypt.o.
+ + commit 836b72363168cbb0051fc2356f61788468db211c
+ * dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
+
+ agent: Allow only specific digest size for ECDSA.
+ + commit 98bc6f480ac973dccce90378dc021a2e24e58704
+ * agent/pksign.c (do_encode_dsa): Fix validation of digest size.
+
+2016-09-22 Neal H. Walfield <neal@g10code.com>
+
+ g10: When adding a user id, make sure the keyblock has been prepared.
+ + commit df5353b95eefc13135e7df50a7c197f270d6080d
+ * g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
+ KEYBLOCK before adding the user id.
+ * tests/openpgp/quick-key-manipulation.scm: Make sure that the key
+ capabilities don't change when adding a user id.
+ (key-data): New function.
+
+2016-09-20 Justus Winter <justus@g10code.com>
+
+ tests: Add documentation, make interactive debugging possible.
+ + commit 7e0379a75475abfd15e0623913795779ff0f40d7
+ * tests/openpgp/README: Add documentation about debugging and
+ interfacing with GnuPG.
+ * tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the
+ child so that we can use a repl in the tests.
+
+ tests: Port the quick key manipulation test to Scheme.
+ + commit 6c4c0e3ac2aeafba7a2b7c2dd92a18be8aec92b1
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/quick-key-manipulation.scm: New file.
+
+ tests: Remove list of tests from the test runner.
+ + commit 49fae88fd170f2bdc12a1794a2637260e3c73a73
+ * tests/openpgp/run-tests.scm: Drop hardcoded list.
+
+ tests: Reduce runtime of excessive test.
+ + commit 988a04b98d42ff9cc9e62007ebcc0e4c03f4047d
+ * tests/openpgp/conventional-mdc.scm: Use only two plaintexts when
+ iterating over all cipher algorithms.
+
+ dirmngr: Fix type.
+ + commit 285d193f1e1464495bce57bd0f323468515b4513
+ * dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.
+
+2016-09-20 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Open file CRL's in binary mode.
+ + commit 4644c27514f34f5efc555d43672a25088a611a72
+ * dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
+
+2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ doc: Fix a xref usage.
+ + commit b9b4ff857034df51e055ceddce567ca97e94e075
+
+
+2016-09-20 Ineiev <ineiev@gnu.org>
+
+ doc: Do not end section names with "."
+ + commit 8078d8246fa38c3e478fc9a542117468780ace00
+
+
+2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ doc: minor fix for @xref.
+ + commit 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212
+ * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref.
+
+2016-09-20 Justus Winter <justus@g10code.com>
+
+ doc: Implement simple '@ref'erences.
+ + commit 91d5e6f805aaf24a3f1f03a95998f757dce04cb2
+ * doc/yat2m.c (proc_texi_cmd): Handle '@ref'.
+
+2016-09-20 Ineiev <ineiev@gnu.org>
+
+ doc: Fix full stops.
+ + commit 0eaab1af48f600b636183321e4a4e9c6bc361610
+ * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
+ doc/tools.texi: Fix.
+
+ doc: Fix spacings.
+ + commit 32bcf8b73ede9c8f1469821a54dedc6be75241d2
+ * doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi,
+ doc/gpg.texi, doc/tools.texi: Fix.
+
+ doc: Improve markup.
+ + commit 377624207e9b2895ce00dfc4d1163d72f349841f
+ * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
+ doc/specify-user-id.texi, doc/tools.texi: Fix.
+
+ doc: Replace rfc0123 with RFC-0123.
+ + commit 9d2b7bff12b268638465da222ca7cc9042bba072
+ * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
+
+ doc: Add missing description of datafile.
+ + commit 789916281c25e737d8fb44add5ca61f8fd25de2f
+ * doc/gpg.texi: Fix.
+
+ doc: Replace UTF8 with UTF-8.
+ + commit 00d6d8bc8772e48b6f200d359e11eb93ab65f51f
+ * doc/gpg.texi: Fix.
+
+ doc: Fix mistakes.
+ + commit f25e04005af5831053ba194a09e3afa48d1e162b
+ * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/howto-create-a-server-cert.texi,
+ doc/scdaemon.texi, doc/tools.texi: Fix.
+
+ doc: Eliminate inconsistent UK English.
+ + commit 825c1dfb3ee4c1704f42eaf064161b9731c20134
+ * doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi,
+ doc/tools.texi: Fix.
+
+ doc: Use the right reference commands.
+ + commit f32689f833838a742243e94c900e98f5b59a5811
+ * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/tools.texi: Fix.
+
+ doc: Fix "Not(e) that you can(not) abbreviate".
+ + commit 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9
+ * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/scdaemon.texi, doc/tools.texi: Fix.
+
+ doc: Fix typos.
+ + commit fa346508fe323e61cf157ee30c13301e1d2117c0
+ * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
+ * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
+ * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
+ * doc/specify-user-id.texi, doc/tools.texi: Fix.
+
+ doc: Fix Martin Hellman's name.
+ + commit 858af2b3473e436af53470d53cdac334edce9f09
+ * doc/contrib.texi: Fix.
+
+2016-09-19 Justus Winter <justus@g10code.com>
+
+ tests: Refine the repl function.
+ + commit 884e78efe1f3ba50513bf81c8b4804d22b25eac4
+ * tests/gpgscm/repl.scm (repl): Add an argument 'environment'.
+ (interactive-repl): Add an optional argument 'environment'.
+
+ tests: Implement interpreter shutdown using exceptions.
+ + commit 9a0659a65c52378de1c4736a0eddf8518eb20948
+ * tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'.
+ * tests/gpgscm/ffi.scm (*interpreter-exit*): New variable.
+ (throw): New function.
+ (exit): New function.
+
+ tests: Correctly handle exceptions in resource handling macros.
+ + commit 58007e52593e6b0f838de2e464ceeacf22757018
+ * tests/gpgscm/tests.scm (letfd): Correctly release resources when an
+ exception is thrown.
+ (with-working-directory): Likewise.
+ (with-temporary-working-directory): Likewise.
+ (lettmp): Likewise.
+
+ tests: Refine exception handling.
+ + commit ab483eff9a8254adf127cdee178e14ba74f0a2b3
+ * tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in
+ the error handler, update and fix comment.
+ (*error-hook*): Revert to original definition.
+ * tests/gpgscm/tests.scm (tr:do): Adapt accordingly.
+ * tests/openpgp/issue2419.scm: Likewise.
+
+ tests: Use descriptive temporary file names.
+ + commit 83a406b38a21d0eeb4963db824a27783c212d2fb
+ * tests/gpgscm/ffi.c (do_get_isotime): New function.
+ (ffi_init): Add parameter 'scriptname', bind new function and
+ scriptname.
+ * tests/gpgscm/ffi.h (ffi_init): Update prototype.
+ * tests/gpgscm/main.c (main): Hand in the script name.
+ * tests/gpgscm/tests.scm (mkdtemp): Use current time and script name
+ for the names of temporary directories.
+
+2016-09-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix regression in fingerprint printing.
+ + commit 998643666c016dbacf10f813c22efc97deadec65
+ * g10/keylist.c (list_keyblock_print): Do not depend calling
+ print_fingerprint on opt.keyid_format.
+
+ dirmngr: Silence diagnostics about starting housekeeping.
+ + commit 5bf1facc973eb6e0bfab0f8f17129534dec56e04
+ * dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
+ verbose mode.
+
+2016-09-19 Justus Winter <justus@g10code.com>
+
+ g10: Fix memory leak.
+ + commit 086d219d96caa3501048aff82a282481e07c195b
+ * g10/tofu.c (build_conflict_set): Free 'kb_all'.
+
+2016-09-19 Werner Koch <wk@gnupg.org>
+
+ doc: Update license information.
+ + commit 3899041cd2877ce9584c7bd149f232f35a07c399
+ * tests/fake-pinentries/COPYING: Rename to ...
+ * COPYING.CC0: this. Add a note on the scope of this license.
+ * COPYING.LIB: Add a note on the scope of this license.
+ * AUTHORS (License): Mention CC) license.
+
+ gpgscm: Fix gcrypt version check.
+ + commit 47baeac50ccaaf06dc8b0cebece50f47754de6ca
+ * tests/gpgscm/main.c (main): Check against required and not installed
+ version.
+
+ gpg: Avoid malloc failure due to no key signatures.
+ + commit 18bbefa27f9e47e1062ee4d7af09487632795ba7
+ * g10/keyedit.c (check_all_keysigs): Check early for no key
+ signatures. Use xtrycalloc.
+
+2016-09-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix comment and format.
+ + commit 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e
+ * agent/protect-tool.c (main): Fix comment.
+ * doc/DETAILS (colon listings): Fix list.
+ * tests/openpgp/multisig.test: Fix comment.
+
+2016-09-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Fix more spelling.
+ + commit 0d67241e317b172a258a910c02d90639e2b08fce
+ * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
+ agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
+ common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
+ doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
+ doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
+ doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
+ g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
+ g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
+ sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
+ tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
+ tests/openpgp/multisig.test, tests/openpgp/verify.scm,
+ tests/pkits/README, tools/applygnupgdefaults,
+ tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
+ minor spelling cleanup.
+
+ move some file encodings to UTF-8.
+ + commit 215180d1ce6c93e2b4969d746c83ac4c055d25ef
+ * dirmgnr/cdblib.c: comment used unnecesary hyphenation
+ * dirmngr/crlcache.h: comment was iso-8859-1
+ * doc/contrib.text: list contributors using UTF-8 (now we can
+ acknowledge many more people using their preferred orthography)
+
+ At least one other files remains in a non-UTF-8 encoding, which i'm
+ not sure what to do with:
+
+ - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
+ it that way?
+
+2016-09-16 Neal H. Walfield <neal@g10code.com>
+
+ g10: On failure, propagate the return code.
+ + commit 6e930f0e4077bc7aa3d28b1ba649a82d62427d87
+ * g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.
+
+ g10: Don't ignore failure. On failure, rollback.
+ + commit 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca
+ * g10/tofu.c (tofu_set_policy): If record_binding fails, fail. If the
+ function fails, rollback the transaction.
+
+ g10: Load the key block if the supplied user id list is NULL.
+ + commit c2e563421e4fd4f0910642aa7b171bcf0b374b01
+ * g10/tofu.c (tofu_register_encryption): Load the key block if
+ USER_ID_LIST is NULL.
+
+ g10: Use the accessor functions for accessing and comparing key ids.
+ + commit af196342bf44ce6dc42111d37539dec7ee3b3d82
+ * g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
+ (tofu_register_signature): Likewise.
+ (tofu_register_encryption): Likewise.
+ (tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.
+
+2016-09-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ po: convert localizations to UTF-8.
+ + commit 4ab8107063b641ed74fc4c9bf98304bcea573178
+ * po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8
+
+ This was an automated conversion process, using:
+
+ for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
+ cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
+ iconv -f $cs -t UTF-8 < $x >$x.tmp
+ sed "s/$cs/UTF-8/" < $x.tmp > $x
+ rm -f $x.tmp
+ done
+
+2016-09-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add support of ECC pubkey attribute.
+ + commit dd06d33655bc872a6310edac8e448419479d3312
+ * scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
+ (send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
+ (parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
+ (build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
+ Support offering public key when ECC_FLAG_PUBKEY sets.
+ (ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
+ (parse_algorithm_attribute): Parse pubkey-required byte.
+
+2016-09-15 Justus Winter <justus@g10code.com>
+
+ g10: Add missing header.
+ + commit c0e620cee86b5dacc941964bd187bba0dfa90eea
+ * g10/trustdb.c: Include 'mbox-util.h'.
+
+2016-09-15 Neal H. Walfield <neal@g10code.com>
+
+ g10: Only consider bindings matching the signer's user id.
+ + commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
+ * g10/trustdb.c (tdb_get_validity_core): If the signer's user id
+ subpacket is present, only consider matching user ids.
+
+ g10: Don't include the signature when printing a binding's validity.
+ + commit dcc64663051f8af82abc11e2699649c3b35936db
+ * g10/mainproc.c (check_sig_and_print): When printing information
+ about a binding don't include the current signature.
+
+2016-09-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ tests/fake-pinentries: fake pinentries for downstream developers.
+ + commit 3248182d1b5a03098ee797c980fa0f0ec06e716f
+ * tests/fake-pinentries/README.txt and
+ tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
+ domain (CC0) files to encourage better test suite practices from
+ downstream developers.
+ * tests/fake-pinentries/COPYING (new): a copy of
+ https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
+
+ spelling: conenction should be connection.
+ + commit 167273ee9d3c04f29835aa2d12fde52eebf61efb
+ * dirmngr/server.c, sm/server.c: s/conenction/connection/
+
+ spelling: correct achived to achieved.
+ + commit 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b
+
+
+2016-09-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests/gpgscm: Fix use of pointer.
+ + commit 68eb5fbd37c31ed7c0c916656131eea7bb58d13d
+ * tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
+ alloc_seg.
+ * tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use
+ (void *) for coercion of address calculation.
+
+2016-09-14 Neal H. Walfield <neal@g10code.com>
+
+ g10: Fix whitespace.
+ + commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89
+ * g10/tofu.c (show_statistics): Fix whitespace.
+
+ g10: Correctly compute the euclidean distance.
+ + commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f
+ * g10/tofu.c (write_stats_status): Correctly compute the euclidean
+ distance.
+ (show_statistics): Likewise.
+
+ g10: Change the default TOFU policy for UTKs to good.
+ + commit ca91caabb5798f67c69ee96657c7cb402e7db0df
+ * g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
+ good.
+
+ g10: Add missing static qualifier.
+ + commit 9d62b79e62ef2690e6522fe1621140fbfc10695c
+ * g10/tofu.c (cross_sigs): Add missing static qualifier.
+
+ g10: Default to the "good" TOFU policy for keys signed by a UTK.
+ + commit 8df8aa13c795e400324a782fbaea578c8f2a1398
+ * g10/tofu.c (signed_by_utk): New function.
+ (get_trust): If a key is signed by an ultimately trusted key, then
+ set any bindings to good.
+
+2016-09-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Emit a new error status line in --quick-adduid.
+ + commit f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232
+ * g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
+ user id.
+
+ gpg: Allow use of "default" algo for--quick-addkey.
+ + commit 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb
+ * g10/keygen.c (quick_generate_keypair): Write a status error.
+ (parse_algo_usage_expire): Set a default curve.
+
+2016-09-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve usability of --quick-gen-key.
+ + commit 30a011cfd6ec172cc460e59f0904a26fe2d68632
+ * g10/keygen.c (FUTURE_STD_): New constants.
+ (parse_expire_string): Handle special keywords.
+ (parse_algo_usage_expire): Allow "future-default". Simplify call to
+ parse_expire_string.
+ (quick_generate_keypair): Always allow an expiration date. Replace
+ former "test-default" by "future-default".
+
+2016-09-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid mixing up status and colon line output.
+ + commit 31fc420727f45dd081f8ad5d056da6675dad29f2
+ * g10/keylist.c (list_keyblock_colon): Avoid calling functions which
+ trigger a status line output before having printed a LF.
+
+2016-09-12 Justus Winter <justus@g10code.com>
+
+ tests: Simplify tofu test.
+ + commit aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49
+ * tests/openpgp/tofu.scm: Simplify now that we only have one db
+ format.
+
+2016-09-10 Ben Kibbey <bjk@luxsci.net>
+
+ Portability build fix.
+ + commit eddcba038025cdbd58aaf67cafd6d83f0ea042d5
+ * kbx/Makefile.am: Add NETLIBS.
+ * dirmngr/Makefile.am: Ditto for dirmngr_ldap.
+
+ Fix symbol conflict.
+ + commit 937ec53eff290c3d916faebc23218c9272671c02
+ * g10/gpgcompose.c: Rename struct siginfo to signinfo.
+
+2016-09-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: print fingerprint regardless of keyid-format.
+ + commit d757009a24eb856770fc3a3729e2f21f54d2a618
+ * g10/keylist.c (print_fingerprint): use compact format independent of
+ keyid-format; (print_key_line): always print the fingerprint
+
+2016-09-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove option --yes from gpgv.
+ + commit 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a
+ * g10/gpgv.c (opts): Remove --yes.
+ (main): Always set opt.ANSWER_YES.
+
+ gpg: Add options --output and --yes to gpgv.
+ + commit a8363b7d0bcc77b55226d5fe8f972214c968ddc3
+ * g10/gpgv.c (oOutput, oAnswerYes): New.
+ (opts): Add --output and --yes.
+ (main): Implement options.
+
+ gpg: Make --output work with --verify.
+ + commit bbe940c095f2bca7a1ca5f8e68ca1af98350a885
+ * g10/mainproc.c (proc_plaintext): Handle opt.output.
+
+2016-09-07 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Terminate on deletion of the socket file (Linux only).
+ + commit 6308c300196ae85fd82ed383217219e0206640a4
+ * dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
+ (oDisableCheckOwnSocket): New.
+ (opts): Add --disable-check-own-socket.
+ (disable_check_own_socket): New var.
+ (parse_rereadable_options): Set that var.
+ (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
+ (handle_connections) [HAVE_INOTIFY_INIT]: New.
+
+2016-09-07 Neal H. Walfield <neal@g10code.com>
+
+ g10: Use the time a signature was seen, not the embedded time, for stats
+ + commit bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825
+ * g10/tofu.c (ask_about_binding): Use the time that a signature was
+ seen, not allegedly generated, when generating statistics.
+
+ tests: Don't use --tofu-db-format.
+ + commit a937eef2d4e80cd43095802176d3db5e7fd94008
+ * tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
+ deprecated.
+
+ g10: Check for a new binding a bit later.
+ + commit ee06b3f7889bd99c28ac68f4781bda77d67eed00
+ * g10/tofu.c (build_conflict_set): Check for the current key after
+ looking for conflicts and removing any '!'.
+
+ g10: Change TOFU code to respect --faked-system-time.
+ + commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910
+ * g10/tofu.c (record_binding): New parameter now. Update callers.
+ Don't use SQLite's strftime('%s','now') to get the current time, use
+ NOW.
+ (ask_about_binding): Likewise.
+ (get_trust): New parameter now. Update callers.
+ (show_statistics): Likewise.
+ (tofu_register_signature): Don't use SQLite's strftime('%s','now') to
+ get the current time, use gnupg_get_time().
+ (tofu_register_encryption): Likewise.
+
+ g10: Use the correct conversion function.
+ + commit 56c18408d4955713d9c4e634367c7912d6564651
+ * g10/tofu.c (show_statistics): Use string_to_ulong, not
+ string_to_long.
+
+2016-09-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix format string issues in tofu.
+ + commit 97a67d42dc946b2d6ed81723d86e37002b5931b3
+ * g10/tofu.c (write_stats_status): Use ulong for MESSSAGES. Fix
+ format strings. Simplify by using the new write_status_printf.
+
+2016-09-06 Neal H. Walfield <neal@g10code.com>
+
+ g10: Make sure some functions are passed a primary key.
+ + commit 13ddc17ddb266d74033d5739fec932034fa85c72
+ * g10/tofu.c (get_trust): Make sure the caller provides a primary key.
+ (tofu_register_signature): Likewise.
+
+ g10: Tweak TOFU's verbosity.
+ + commit ee19eacd1d688d3a98cd66e5ef2f42079eb829f1
+ * g10/tofu.c (time_ago_str): Only show the most significant unit.
+ * g10/tofu.c (show_statistics): Tweak the output.
+
+ g10: Only show the TOFU warning once per key.
+ + commit 67cef405cbfad2e53fc388dd6591ee4f7cb0d973
+ * g10/tofu.c (show_statistics): Return whether to call show_warning.
+ Move the warning from here...
+ (show_warning): ... to this new function.
+ (tofu_get_validity): If show_statistics returns a non-zero value, call
+ show_warning.
+
+ g10: Record and show statistics for encrypted messages when using TOFU.
+ + commit 875ac9216f1383851a82bd240cadb17c7112f6a8
+ * g10/tofu.c: Include "sqrtu32.h".
+ (struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
+ get_trust_gather_signature_stats. Add new field
+ get_trust_gather_encryption_stats.
+ (initdb): Create the encryptions table.
+ (ask_about_binding): Show the encryption statistics too.
+ (tofu_register): Rename from this...
+ (tofu_register_signature): ... to this and update callers.
+ (tofu_register_encryption): New function.
+ (write_stats_status): Add parameters encryption_count,
+ encryption_first_done and encryption_most_recent. Update callers.
+ Compute the trust using the euclidean distance of the signature and
+ signature count. Compare with twice the threshold. Include
+ encryption count information in the TFS and TOFU_STATS lines.
+ (show_statistics): Also get information about the encrypted messages.
+ * g10/trustdb.c (tdb_get_validity_core): Use it.
+
+ g10: Simplify the binding statistics shown for a TOFU conflict.
+ + commit a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626
+ * g10/tofu.c (ask_about_binding): Simplify binding statistics.
+
+2016-09-06 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix detection of unbalanced parenthesis.
+ + commit f2249b737055f84842778285bbeff5e61fa55225
+ * tests/gpgscm/main.c (load): Print error message.
+ * tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
+ loading files.
+
+ tests: Fix test.
+ + commit 213b3cf465fb091dc0a205d1a08b88b950ffb85f
+ * tests/openpgp/multisig.scm: Add missing parenthesis.
+
+2016-09-06 Werner Koch <wk@gnupg.org>
+
+ agent: Terminate on deletion of the socket file (Linux only).
+ + commit 650356148af43ea619bec12e599a4981b147d5f8
+ * configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
+ * agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
+ (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
+ (handle_connections) [HAVE_INOTIFY_INIT]: New.
+
+2016-09-05 Justus Winter <justus@g10code.com>
+
+ tests: Speed up the test suite.
+ + commit 46c4333c372f0e1ad2aadc411490c2a330b4c5a6
+ * tests/openpgp/run-tests.scm (test::run-sync): Pass additional
+ arguments to the test.
+ (test::run-sync-quiet): Likewise.
+ (test::run-async): Likewise.
+ (run-tests-{parallel,sequential}-isolated): Create a tarball of the
+ gnupghome, then extract it for each test.
+ * tests/openpgp/setup.scm: Refactor into functions, add an interface
+ to tar-up the created environment, and untar it multiple times.
+
+ common: Restore a simpler variant of 'gnupg_wait_process'.
+ + commit c97bde2dfeab23a84b4788d998934ac49ff5b797
+ * common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
+ 5ba4f604.
+
+ common: Fix error handling.
+ + commit 845e2cc201d6a2cdb151e39e29516d26cb49311c
+ * common/exechelp-posix.c (store_result): Use xtrymalloc.
+ (gnupg_wait_processes): Likewise, and check result.
+
+2016-09-05 Neal H. Walfield <neal@g10code.com>
+
+ g10: Don't add user attributes to the TOFU DB.
+ + commit 9082bde01cc18e32504ce39d55ea6dd3c05dddec
+ * g10/trustdb.c (tdb_get_validity_core): Skip user attributes.
+
+2016-09-05 Werner Koch <wk@gnupg.org>
+
+ agent: Silence --debug IPC output for connections from self.
+ + commit 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699
+ * agent/command.c (server_local_s): Add fields 'greeting_seen' and
+ 'connect_from_self'.
+ (io_monitor): Do not log connections from self.
+ (start_command_handler): Set flag 'connect_from_self'.
+ * agent/gpg-agent.c (check_own_socket_thread): Disable logging.
+ (do_start_connection_thread): Do not log conection start and
+ termination if IPC debugging is enabled.
+
+ agent: Small improvement of the server's local state.
+ + commit 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204
+ * agent/command.c (sserver_local_s): Change flags to use only one bit.
+ (option_handler): Make an atoi return 1 or 0.
+
+2016-09-05 Neal H. Walfield <neal@g10code.com>
+
+ g10: Refactor cross sig check code.
+ + commit 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de
+ * g10/tofu.c (BINDING_NEW): New enum value.
+ (BINDING_CONFLICT): Likewise.
+ (BINDING_EXPIRED): Likewise.
+ (BINDING_REVOKED): Likewise.
+ (ask_about_binding): Move cross sig check from here...
+ (get_trust): ... and the conflict set building from here...
+ (build_conflict_set): ... to this new function.
+ (format_conflict_msg_part1): Replace parameter conflict with
+ conflict_set. Drop parameter fingerprint. Update callers.
+ (ask_about_binding): Drop unused parameter conflict and redundant
+ parameter bindings_with_this_email_count. Rename parameter
+ bindings_with_this_email to conflict_set. Update callers.
+
+2016-09-05 Justus Winter <justus@g10code.com>
+
+ tests: Update README.
+ + commit 65a7563edbbab8f93fe901f932065687508788de
+ * tests/openpgp/README: Update.
+
+ tests: Pass flags to test driver.
+ + commit 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b
+ * tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.
+
+ common: Improve waiting for processes on POSIX.
+ + commit e33111fcdac08ed2ddfbdf59b1f790569b42f695
+ * common/exechelp-posix.c (struct terminated_child): New definition.
+ (terminated_children): New variable.
+ (store_result): New function.
+ (get_result): Likewise.
+ (gnupg_wait_process): Store results that were not requested and
+ consider previously stored results.
+
+ waitpid(2) may return information about terminated children that we
+ did not yet request, and there is no portable way to wait for a
+ specific set of children. As a workaround, we store the results of
+ children for later use.
+
+2016-09-05 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Exclude D lines from the IPC debug output.
+ + commit de623474db3ba402c9bbd872ab6f932f46cbdde9
+ * dirmngr/dirmngr.h: Include asshelp.h.
+ * dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
+ (data_line_write): Implement logging inhibit.
+ (data_line_cookie_close): Print non-logged D lines.
+ (cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
+ (dirmngr_assuan_log_monitor): New.
+ * dirmngr/dirmngr.c (main): Register monitor function.
+
+ common: Add an assuan logging monitor.
+ + commit 0ac671f8a2b65a4b339f615c6420287a549779fa
+ * common/asshelp.c (my_log_monitor): New var.
+ (my_libassuan_log_handler): Run that monitor.
+ (setup_libassuan_logging): Add arg to set a log monitor and change all
+ callers.
+
+ gpg: New export filter drop-subkey.
+ + commit 0a4a03e5310946b0866a0f6a34031eda7a240162
+ * g10/import.c (impex_filter_getval): Add properties for key packets.
+ * g10/export.c (export_drop_subkey): New var.
+ (cleanup_export_globals): Release that var.
+ (parse_and_set_export_filter): Add filter "drop-subkey".
+ (apply_drop_subkey_filter): New.
+ (do_export_stream): Run that filter.
+
+ common: Add string operator gt,ge,le,lt to recsel.
+ + commit 959cd8903fd012e63dbb156db56708dd3934b5df
+ * common/recsel.c (recsel_parse_expr): Add them.
+ (recsel_dump): Print them.
+ (recsel_select): Evaluate them.
+
+ gpg: Use a common filter_getval for import and export.
+ + commit c8e0d37f4152d1341ef562a190fce93a0386a759
+ * g10/import.c (filter_getval): Rename to ...
+ (impex_filter_getval): this. Make global.
+ (apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
+ * g10/export.c (filter_getval): Remove.
+ (apply_drop_sig_filter): Use impex_filter_getval.
+
+2016-09-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix an action after card removal.
+ + commit f9e49c80e706a27d5e30d4b3237ff26367a67130
+ * scd/command.c (update_card_removed): Call apdu_close_reader here.
+
+2016-09-02 Werner Koch <wk@gnupg.org>
+
+ wks: Add framework for policy flags.
+ + commit 46362cbc0e2260e989820795a6e4245c72335172
+ * tools/call-dirmngr.c (wkd_get_policy_flags): New.
+ * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
+ * tools/wks-util.c (wks_parse_policy): New.
+ * tools/gpg-wks-client.c (command_send): Get the policy flags to show
+ a new info line.
+ * tools/gpg-wks-server.c (get_policy_flags): New.
+ (process_new_key): get policy flag and add a stub for "auth-submit".
+ (command_list_domains): Check policy flags.
+
+ dirmngr: Add --policy-flags option to WKD_GET.
+ + commit 505ee45106d6aa2902bbdd6326f8eb7527c273c4
+ * dirmngr/server.c (cmd_wkd_get): Add new option.
+
+ common: Check read errors in name-value.c.
+ + commit fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a
+ * common/name-value.c: Check for read errors.
+
+2016-09-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Release the card reader after card removal.
+ + commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
+ * scd/command.c (update_reader_status_file): Call apdu_close_reader.
+
+ scd: Clean up unused shutdown method.
+ + commit d1ae7103352fbda2a05f098379cd3043a0ab5566
+ * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
+ (reset_ccid_reader): Don't set shutdown_reader.
+ * scd/ccid-driver.c (ccid_shutdown_reader): Remove.
+
+ agent: invoke scdaemon with --homedir.
+ + commit 8b6c0bae33bdc36892f4595806665ce61f77dfd2
+ * agent/call-scd.c (start_scd): Supply --homedir option when it's not
+ default homedir.
+
+ po: Update Japanese translation.
+ + commit afdfc954b35370fbf03aaf8dc0e496410923aa4e
+
+
+2016-09-01 Neal H. Walfield <neal@g10code.com>
+
+ g10: End transaction earlier.
+ + commit 85fad6c34c08b2850580e0644faba62d3a501b84
+ * g10/tofu.c (ask_about_binding): End the transaction earlier.
+
+ g10: Don't consider cross-signed keys to be in conflict.
+ + commit b410a3cb7683fc7c2a253e23130c44df42a6203c
+ * g10/tofu.c (cross_sigs): New function.
+ (ask_about_binding): If apparently conflicting keys are cross signed,
+ then don't mark them as conflicting.
+
+2016-09-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid homedir creation by --list-config.
+ + commit 38d369de13acb95208a0ed8d1cf82ac19173688f
+ * g10/gpg.c (main): Do not register a key for the list config
+ commands.
+
+ gpg: Simplify code to print VALIDSIG.
+ + commit fde9fa81d3d3b25a929b532cc1960d9d9f454a0c
+ * g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
+ write_status_printf.
+
+ gpg: Add new function write_status_printf.
+ + commit 6bdadae00512b4907826f6754cdb220d06e1ac6d
+ * g10/cpr.c (write_status_printf): New.
+
+ gpg: Fix printing of pubkey algo in --verbose signature verify.
+ + commit 37e3c897252babc203447be9d2f286a4507875ad
+ * g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
+ change the semantics. Also clear the other R_ args on function entry,
+ use gpg_error() and change retturn type to gpg_error_t.
+ * g10/mainproc.c (do_check_sig): Add arg R_PK.
+ (list_node): Pass NULL for new arg.
+ (check_sig_and_print): Rework to make use of the returned PK.
+
+2016-09-01 Neal H. Walfield <neal@g10code.com>
+
+ g10: When asking about a TOFU binding conflict, default to unknown.
+ + commit 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412
+ * g10/tofu.c (ask_about_binding): Default to unknown.
+
+ g10: Add support for TRUST_NEVER.
+ + commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb
+ * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
+ returned by the TOFU trust model.
+ (do_we_trust_pre): Print a different message if TRUSTLEVEL is
+ TRUST_NEVER.
+ (check_signatures_trust): Improve comment.
+
+ g10: Improve text.
+ + commit 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3
+ * g10/tofu.c (show_statistics): Improve the text (key and user id, not
+ just key).
+
+ g10: Remove unused parameter.
+ + commit 00c2850393ecc320f591f511c3534286964780c2
+ * g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
+ Update callers.
+
+2016-09-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Copy the correct digest for use by TOFU.
+ + commit 3e67b50490aef087b5769bb35145d23f6657780f
+ * g10/mainproc.c (do_check_sig): Use the current digest algo.
+
+2016-09-01 Neal H. Walfield <neal@g10code.com>
+
+ g10: Be careful to not be in a transaction during long operations.
+ + commit 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a
+ * g10/tofu.c (begin_transaction): New parameter only_batch. If set,
+ only start a batch transaction if there is none and one has been
+ requested. Update callers.
+ (tofu_suspend_batch_transaction): New function.
+ (tofu_resume_batch_transaction): Likewise.
+ (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update
+ callers. Gather statistics within a transaction. Suspend any batch
+ transaction when getting user input.
+ (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers.
+ Enclose in a transaction.
+ (tofu_get_validity): Use a batch transaction, not a normal
+ transaction.
+
+2016-09-01 Werner Koch <wk@gnupg.org>
+
+ tests: Run test requiring the network only in maintainer-mode.
+ + commit babeb6f8a9b1f8341652145bad58be6cd49e0712
+ * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
+ (module_tests): Move t-dns-test to ...
+ (module_net_tests): here.
+
+2016-08-31 Werner Koch <wk@gnupg.org>
+
+ wks: Send a final message to the user.
+ + commit 04c042f3f2a631bc6e772c33f8da5e7aa7b1902a
+ * tools/gpg-wks-server.c (send_congratulation_message): New.
+ (check_and_publish): Call it.
+
+ wks: Relax permission check for the top directory.
+ + commit e4eac16330449f3893c11820c15e07d58fb807ff
+ * tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.
+
+2016-08-31 Neal H. Walfield <neal@g10code.com>
+
+ g10: On a TOFU conflict, show whether the uids are expired or revoked.
+ + commit edfb6934caf16c6afcfd82d684d8ae9c79674d10
+ * g10/tofu.c (struct signature_stats): Add fields is_expired and
+ is_revoked.
+ (signature_stats_prepend): Clear *stats when allocating it.
+ (ask_about_binding): Also show whether the user ids are expired or
+ revoked.
+
+ doc: Add a help text for tofu.conflict.
+ + commit b69b2cb082e39a7eb56082fa80219f6f14fbd2b4
+ * doc/help.txt (.gpg.tofu.conflict): New help text.
+
+ g10: Always trust ultimately trusted keys.
+ + commit 28c235ae757e9036b0b96efc28931fa5cc74f7ee
+ * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
+ trusted keys.
+
+ g10: Fix error detection.
+ + commit 5b48960a8a2555db7bf992261de9e922838c9913
+ * g10/tofu.c: first_seen == 0 is not an error.
+
+ g10: Update a key's TOFU policy in a transaction.
+ + commit e4d5e3cb0d10e8f77c7100d42cfdb32051de1c18
+ * g10/tofu.c (tofu_set_policy): Do the update in a transaction.
+ * g10/gpg.c (main): Do a TOFU policy update in a batch transaction.
+
+ g10: Fix the show old policy functionality when changing a TOFU policy.
+ + commit 247eef005cf4c34e9a82227e4ab7823e04911be4
+ * g10/tofu.c (record_binding): Fix the show old policy functionality.
+
+ g10: Drop unused argument.
+ + commit 70df5a8fd781d8774d835384ca28c4d8518bb9d0
+ * g10/tofu.c (begin_transaction): Remove unused option only_batch.
+
+ gpg: Move state local to tofu.c to a private structure.
+ + commit 268f6b7a3403d036882b4af384ba7ab2f8c8355f
+ * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
+ and batch_update_started from here...
+ * g10/tofu.c (struct tofu_dbs_s): ... to here.
+
+ gpg: Avoid name spaces clash with future sqlite versions (2).
+ + commit b8184d2d74e5ddd5eb68836b53fe5568110e14dd
+ * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
+ GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
+ to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
+ SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.
+
+2016-08-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix regression in gpgv's printing of the keyid.
+ + commit 76304a971fe507ea659b952932ea899463ab7166
+ * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
+
+2016-08-30 Neal H. Walfield <neal@g10code.com>
+
+ g10: Improve TOFU batch update code.
+ + commit 371ae66e9d5c7524431773c4a479fcae1ea3b652
+ * g10/gpg.h (tofu): Rename field batch_update_ref to
+ batch_updated_wanted.
+ * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
+ in_batch_transaction.
+ (begin_transaction): Only end an extant batch transaction if we are
+ not in a normal transaction. When ending a batch transaction, really
+ end it. Update ctrl->tofu.batch_update_started when starting a batch
+ transaction.
+ (end_transaction): Only release a batch transaction if ONLY_BATCH is
+ true. When releasing a batch transaction, assert that there is no
+ open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is
+ true.
+ (tofu_begin_batch_update): Don't update
+ ctrl->tofu.batch_update_started.
+ (opendbs): Call end_transaction unconditionally.
+
+ g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
+ + commit d0451440c036106895a291f9ca1c53c2d5159f8f
+ * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
+ user ids, change TOFU to return TRUST_NEVER.
+
+ g10: Change tofu_register & tofu_get_validity to process multiple uids.
+ + commit 6052c147091935fc0321ba24f4a44146df70ef01
+ * g10/tofu.c (tofu_register): Take a list of user ids, not a single
+ user id. Only register the bindings, don't compute the trust. Thus,
+ change return type to an int and remove the may_ask parameter. Update
+ callers.
+ (tofu_get_validity): Take a list of user ids, not a single user id.
+ Update callers. Observe signatures made by expired user ids, but
+ don't include them in the trust calculation.
+
+ g10: Support nested transactions on the TOFU DB.
+ + commit 33e97813d72996d22a295773c64261f5588ce9dd
+ * g10/gpg.h (struct server_control_s): New field in_transaction.
+ * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
+ savepoint_inner_commit.
+ (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the
+ savepoint according to the nesting level.
+ (end_transaction): Name the savepoint according to the nesting level.
+ Decrement CTRL->TOFU.IN_TRANSACTION.
+ (rollback_transaction): Likewise. Only ever rollback a non-batch
+ transaction.
+ (opendbs): Assert that there are no outstanding transactions.
+
+ g10: Print the info text in more situations.
+ + commit 4c2abb221b29c9e8e0876fe986472b562ee1c99f
+ * g10/tofu.c (ask_about_binding): Print the info text when the policy
+ is ask and there are multiple bindings with the email address.
+
+ g10: Print the formatted text.
+ + commit 0858f141a8b8d0c098a0c6097176b7225c4a9db8
+ * g10/tofu.c (ask_about_binding): Print the formatted text, not the
+ unformatted text.
+
+ g10: When showing a user id's trust, pass the current signature.
+ + commit 8dda861ad80228da76cd5c97467008c87b8b6eee
+ * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
+ get_validity.
+
+2016-08-29 Werner Koch <wk@gnupg.org>
+
+ w32: Fix build regression due to 2aa0701.
+ + commit 8b3e691ffbaaa218d309d5aaf8f37532308558ff
+ * common/logging.c (fun_writer): Always declare 'name_for_err'.
+
+ gpgconf: Print the plain socket directory with --list-dirs.
+ + commit 8e3fa5a4b205c534de2142e5d071712f957cf06a
+ * tools/gpgconf.c (list_dirs): Add plain socketdir out.
+
+ common: Add a default socket name feature.
+ + commit 2aa0701013f703ad93e17da3345c493c08aa04ee
+ * common/logging.c (log_set_socket_dir_cb): New.
+ (socket_dir_cb): New.
+ (set_file_fd): Allow "socket://".
+ (fun_writer): Implement default socket name.
+ * common/init.c (_init_common_subsystems): Register default socket.
+
+ gpg: Make decryption of -R work w/o --try-secret-key or --default-key.
+ + commit bdbd03608b6f508ac4732f9986a046de8a85a311
+ * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
+ cases not just when --try-all-secrets is used.
+
+2016-08-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix false negatives in Ed25519 signature verification.
+ + commit 0a5a854510fda6e6990938a3fca424df868fe676
+ * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
+ * tests/openpgp/verify.scm (msg_ed25519_rshort): New
+ (msg_ed25519_sshort): New.
+ ("Checking that a valid Ed25519 signature is verified as such"): New.
+
+ common: Rename an odd named function.
+ + commit 74a082bc10960b2d65d4d1e31152f988a40a2225
+ * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
+ (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change
+ callers.
+
+ gpg: New option --with-tofu-info.
+ + commit 19d12be3cea5b4ee8153287a2f2442913a5e07a1
+ * g10/gpg.c (oWithTofuInfo): New.
+ (opts): Add --with-tofu-info.
+ (main): Set opt.with_tofu_info.
+ * g10/options.h (struct opt): Add field WITH_TOFU_INFO.
+ * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
+ special mode if not NULL. Change all callers.
+ (tofu_write_tfs_record): New.
+ * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
+ part of the "uid" record. Print a new "tfs" record if the new option
+ is set.
+ * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
+
+2016-08-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Change TOFU_STATS to return timestamps.
+ + commit 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2
+ * g10/tofu.c (write_stats_status): Add arg FP to print a colon
+ formated line. Adjust for changed TOFU_STATS interface.
+ (show_statistics): Let the query return timestamps and use
+ gnupg_get-time to compute the "time ago" values.
+
+ common: Guarantee that gnupg_get_time does not return an error.
+ + commit 5eb2682686b32bd82096924eeabd0c5bd347adfd
+ * common/gettime.c (gnupg_get_time): Abor if time() failed.
+ (gnupg_get_isotime): Remove now useless check.
+ (make_timestamp): Remove check becuase we already checked this modulo
+ the faked time thing.
+
+ wks: Add command --supported to gpg-wks-client.
+ + commit 460568d341851ac79dd100e00e4eafcac1318148
+ * tools/gpg-wks-client.c (aSupported): New.
+ (opts): Add --supported.
+ (parse_arguments): Ditto.
+ (main): Call command_supported.
+ (command_supported): New.
+
+2016-08-22 Werner Koch <wk@gnupg.org>
+
+ wks: Install gpg-wks-client under libexec.
+ + commit c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b
+ * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ...
+ (libexec_PROGRAMS): ...here.
+
+ common: Remove unused vars in simple-pwquery.
+ + commit 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9
+ * common/simple-pwquery.c (agent_send_option): Remove unused vars.
+ (simple_query): Ditto.
+ (agent_open): Ditto. Return RC on error.
+ (simple_pwquery): Remove unused vars. Remove shadowing of 'p'.
+
+2016-08-18 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.15.
+ + commit 6bee88dd067e03e7767ceacf6a849d9ba38cc11d
+
+
+ po: Update German translation.
+ + commit 0a32153316855224acda268edb60b80d4e64b12f
+
+
+2016-08-18 Åka Sikrom <a4@hush.com>
+
+ po: Update Norwegian translation.
+ + commit ec88d7c8a9af864fad8ab5e0b9c4eb90ddcdd630
+
+
+2016-08-18 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 6f6bfbf175653faa5cf560a7174e81a599247e80
+
+
+2016-08-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Add import filter "drop-sig".
+ + commit 1b55e864421f88b8c8088639682767076abbeab0
+ * g10/import.c (import_drop_sig): New variable.
+ (cleanup_import_globals): Release that.
+ (parse_and_set_import_filter): Add filter "drop-sig".
+ (filter_getval): Implement properties for drop-sig.
+ (apply_drop_sig_filter): New.
+ (import_one): Apply that filter.
+
+ dirmngr: Remove all system daemon features.
+ + commit d83ba4897bf217d1045c58d1b99e52bd31c58812
+ * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
+ 'system_daemon'.
+ * common/homedir.c (dirmngr_sys_socket_name): Remove.
+ (dirmngr_user_socket_name): Rename to ...
+ (dirmngr_socket_name): this. Change call callers.
+ * common/asshelp.c (start_new_dirmngr): Remove the system socket
+ feature.
+ * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
+ * sm/server.c (gpgsm_server): Adjust for removed system socket feature.
+ * dirmngr/server.c (cmd_getinfo): Ditto.
+ (cmd_killdirmngr): Remove check for system daemon.
+ (cmd_reloaddirmngr): Ditto.
+ * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
+ (aService): Remove.
+ (opts): Remove --service.
+ (w32_service_control): Remove.
+ (real_main, call_real_main) [W32]: Remove wrapper.
+ (main): Remove Windows system service feature. Remove system dameon
+ feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
+ * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
+ system dameon case.
+ * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
+ * dirmngr/ocsp.c (validate_responder_cert): Do not call
+ validate_cert_chain which was used only in system daemon mode.
+ * dirmngr/validate.c (validate_cert_chain): Always use the code.
+
+ gpg: New option --sender.
+ + commit de6e3217cde81df370926571e0fd65e468619803
+ * g10/options.h (struct opt): Add field 'sender_list'.
+ * g10/gpg.c: Include mbox-util.h.
+ (oSender): New.
+ (opts): Add option "--sender".
+ (main): Parse option.
+
+2016-08-16 Werner Koch <wk@gnupg.org>
+
+ agent: Allow import of overly large keys.
+ + commit b5d63e81d5c472647decc7687cef91fee0378eb8
+ * agent/command.c (MAXLEN_KEYDATA): Double the size.
+
+2016-08-14 Werner Koch <wk@gnupg.org>
+
+ g13: Allow the use of a g13tab label for --mount.
+ + commit f02ceb6c6e94c6fbfaeeafe728397be38107de4d
+ * g13/mount.c (g13_mount_container): Do not run the first access check
+ if syshelp is required.
+
+ g13: Implement --umount for dm-crypt.
+ + commit b781113cf1391926dedf8dc943624d3bb9726318
+ * g13/g13.c (main): Implement command --umount.
+ * g13/mount.c (g13_umount_container): use the syshelper if needed.
+ * g13/backend.c (be_umount_container): New.
+ * g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
+ * g13/call-syshelp.c (call_syshelp_run_umount): New.
+ * g13/sh-cmd.c (cmd_umount): New.
+ (register_commands): Register UMOUNT.
+ * g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.
+
+2016-08-13 Werner Koch <wk@gnupg.org>
+
+ g13: Fix double free bug.
+ + commit c9a0bccc77c93c08d6980a1718dfaf238a559eb9
+ * g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.
+
+ g13: Consider g13tab for a mount command.
+ + commit 700920640211168ae1c97d0adef74ba8615d90bb
+ * g13/sh-cmd.c (cmd_getkeyblob): New.
+ (register_commands): Register it.
+ * g13/call-syshelp.c (getkeyblob_data_cb): New.
+ (call_syshelp_get_keyblob): New.
+ * g13/mount.c: Include callsyshelp.h.
+ (g13_mount_container): Ask syshelp whether the filename is managed by
+ g13tab. Call syshelp to get the encrypted keyblob in this case.
+
+ g13: Move some function around.
+ + commit 37e932658cbd873ac96ff7e2067a97dffc2e0507
+ * g13/keyblob.c (g13_keyblob_decrypt): Move to ...
+ * g13/server.c: to here.
+ * g13/suspend.c, g13/mount.c: Include server.h.
+ * g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
+
+ g13: New command --find-device.
+ + commit b57f55321295846d47144bd6b39fbbcac0127421
+ * common/status.h (STATUS_BLOCKDEV: New.
+ * g13/call-syshelp.c: Include "call-syshelp.h".
+ (finddevice_status_cb, call_syshelp_find_device): New.
+ * g13/g13.c (aFindDevice): New.
+ (opts): Add "--find-device".
+ (main): Implement --find-device.
+ * g13/sh-cmd.c (cmd_finddevice): New.
+ (register_commands): Register new command.
+
+2016-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Avoid leading ": " in the log output when there are no prefixes.
+ + commit 3a75ff65fba24ea2d024bd8fef633ab7d8f7d520
+ * common/logging.c (do_logv): When no prefixes have been requested,
+ omit the ": " separator, since there is nothing on the left-hand
+ side of it.
+
+ Call log_set_prefix() with human-readable labels.
+ + commit 61c2a1fa6d6cb345f9d81f4bdd3f8f8ddac1ea3e
+ * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
+ * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
+ * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
+ * tests/gpgscm/main.c, tools/gpg-check-pattern.c
+ * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
+ * tools/symcryptrun.c: Invoke log_set_prefix() with
+ human-readable labels.
+
+2016-08-11 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --input-size-hint.
+ + commit 70b5d7c43a57a44dad60c2c700a263610748d8f4
+ * g10/options.h: Include stdint.h.
+ (struct opt): Add field 'input_size_hint'.
+ * g10/gpg.c (oInputSizeHint): New.
+ (opts): Add --input-size-hint.
+ (main): Set opt.input_size_hint.
+ * g10/progress.c (write_status_progress): Use the hint.
+
+ common: New function string_to_u64.
+ + commit 0698324cde3e0cef7eeb6cfd1640c5eefdf13698
+ * common/stringhelp.c (string_to_u64): New.
+ * dirmngr/http.c (longcounter_t): Remove.
+ (struct cookie_s): Change content_length to uint64_t.
+ (parse_response): Use string_to_u64.
+
+2016-08-11 Justus Winter <justus@g10code.com>
+
+ common: Remove compatibility code.
+ + commit 72fa314b71e4ce8780f59b16d32cabf5d4bd5451
+ * common/Makefile.am: Drop deleted files.
+ * common/w32-afunix.c: Delete file.
+ * common/w32-afunix.h: Likewise.
+
+ common: Rework the simple password query module.
+ + commit 14479e2515439c73e385f37e8c2b3fc517b038b9
+ * common/simple-pwquery.c (writen, readline): Drop.
+ (agent_send_option, agent_send_all_options, agent_open): Just use
+ libassuan.
+ (simple_pw_set_socket): Simplify.
+ (default_inq_cb): New function.
+ (simple_pwquery, simple_query): Just use libassuan.
+ * agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan.
+ * tools/Makefile.am (symcryptrun_LDADD): Likewise.
+
+ common: Remove simple password query error codes.
+ + commit 9e6503b7ce019aa417099ded1dda87b68c33f912
+ * common/simple-pwquery.h: Remove mapping function. Move all
+ definitions of status codes...
+ * common/simple-pwquery.c: ... here, and define them to meaningful gpg
+ error values.
+ * agent/preset-passphrase.c (preset_passphrase): Use error code as-is.
+ (forget_passphrase): Likewise.
+ * tools/symcryptrun.c (confucius_get_pass): Likewise.
+
+2016-08-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Print the signer's UID during verification.
+ + commit ed5c1b0b8a4790c4fb36a3129387f7c2ef5db302
+ * g10/parse-packet.c (parse_signature): Sanitize the value stored in
+ SIGNERS_UID.
+ * g10/mainproc.c (issuer_fpr_string): New.
+ (check_sig_and_print): Print the signers' UID. Print the issuer
+ fingerprint in --rfc4880bis mode.
+
+ common: New function try_make_printable_string.
+ + commit f2ea7e539c9a22081e3159dcbca84f57f30724ca
+ * common/stringhelp.c (sanitize_buffer): Remove. Move code to ...
+ * common/miscellaneous.c (try_make_printable_string): new.
+ (make_printable_string): Call try_make_printable_string.
+
+2016-08-10 Justus Winter <justus@g10code.com>
+
+ tests: Fix distcheck.
+ + commit a6acf1f6b39c5a607f61f643a5d21309ba58685d
+ * tests/openpgp/issue2417.scm: Copy configuration.
+
+2016-08-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove tofu database format "split".
+ + commit 5b59999ce0dd1650ebe47a74a30ded6af00eeed3
+ * g10/options.h (struct opt): Remove field tofu_db_format.
+ * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
+ tofu.batch_update_started.
+ * g10/gpg.c (parse_tofu_db_format): Remove.
+ (main): Make option --tofu-db-format obsolete.
+ * g10/tofu.c: Major rework. Remove the pretty complicated and slower
+ split format and with that all the caching. Use the dbs struct
+ directly. Move global vars for batch update into CTRL. Change
+ calling conventions of some function to take CTRL or DBS pointers
+ instead of the former low-level database pointer.
+
+2016-08-10 Justus Winter <justus@g10code.com>
+
+ g10: Fix opening of trust database.
+ + commit a27410a251cd25ca96cd6743969c4db0a0fd553f
+ * g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for
+ the file size, but handled the case of a zero-sized file incorrectly
+ by returning success. Fix this by initializing the database in that
+ case.
+ * tests/openpgp/Makefile.am (XTESTS): Add new test.
+ * tests/openpgp/issue2417.scm: New file.
+
+ tests: Fix distcheck.
+ + commit 194b1e979c7c547afd0dfea5b2496bdfa34b20f1
+ * tests/openpgp/Makefile.am (EXTRA_DIST): Explicitly add setup and
+ teardown scripts now that they no longer are included in the list of
+ tests.
+
+ tests: Improve temporary directory handling.
+ + commit d9240a3a4688c263632b4168ae2e04363bc91a3a
+ * tests/gpgscm/ffi.c (ffi_init): Rename 'mkdtemp'.
+ * tests/gpgscm/tests.scm (mkdtemp): New function that uses a sensible
+ location and template if no arguments are given.
+ (with-temporary-working-directory): Simplify accordingly.
+ (make-temporary-file): Likewise.
+ * tests/openpgp/run-tests.scm (run-tests-parallel-isolated): Likewise.
+ (run-tests-sequential-isolated): Likewise.
+
+ gpgscm: Make the name of foreign functions more unique.
+ + commit efe973dab7f69e2b1309446b2fbcd47ce0305399
+ * tests/gpgscm/ffi-private.h (ffi_define_function_name): Add another
+ underscore.
+
+ tests: Run each test in a clean environment.
+ + commit e13f1ea8fff3964dc3008432f5c0f26aaa2eaa35
+ * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Drop obsolete
+ variables, add 'srcdir', use absolute paths.
+ (TESTS): Rename to 'XTESTS' to avoid emitting the automake test
+ runner. Drop 'setup.scm' and 'finish.scm'.
+ (xcheck): New target that runs 'run-tests.scm', our Scheme test suite
+ runner. It will run each test in a clean environment, isolated from
+ the other tests.
+ (EXTRA_DIST): Adapt accordingly.
+ * tests/openpgp/README: Likewise.
+
+ tests: Make ssh test more robust.
+ + commit b2b21580b68f3a9069562f99675b389a0d044713
+ * tests/openpgp/ssh.scm: Drop the 'MD5:' which was not printed by
+ previous ssh versions.
+
+2016-08-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: SSH support fix.
+ + commit f14795d57f6c81709e9225dd3c5dfd3495cf1b2b
+ * agent/command-ssh.c (ssh_handler_request_identities): Keep error
+ message same.
+
+2016-08-09 Werner Koch <wk@gnupg.org>
+
+ agent: Fix regression in recent ssh changes.
+ + commit e630f904993725c54ec63be00369589b7b7234d2
+ * agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
+
+ gpg: Extend the PROGRESS line to give the used unit.
+ + commit 16feb1e0ea9b5d3966f22f4ae047335b9d1b60e1
+ * g10/progress.c (write_status_progress): Print the units parameter.
+
+2016-08-09 Ben Kibbey <bjk@luxsci.net>
+
+ Cleanup initialization of libgcrypt.
+ + commit 49829c29e541546084950b8a153067db371d101a
+ * common/init.c (init_common_subsystems): Initialize libgcrypt.
+ * dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
+
+2016-08-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: SSH support improvement.
+ + commit ebf24e3b29766595204355d82f435a3e675bfbbc
+ * agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
+ error, not giving up to handle the request itself.
+ * agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.
+
+2016-08-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Cleanup of dek_to_passphrase function (part 2).
+ + commit 491d6fdabb3d95905cd96d905e1f965ce8ff07e1
+ * g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg
+ MODE to NOCACHE.
+ (passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg
+ MODE into CREATE and NOCACHE. Change all callers and adjust stubs.
+ (passphrase_clear_cache): Remove args KEYID and ALGO. They are not
+ used. Change caller.
+
+ gpg: Cleanup of dek_to_passphrase function (part 1).
+ + commit 5b614973fe2d4b5ef402a3057c31c3ef3042a483
+ * g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
+ CUSTPROMPT. Merge into the passphrase_to_dek wrapper.
+ (passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
+
+2016-08-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: More clean up of SSH support.
+ + commit 591a8373a5d9567db9b1a1a48205e8a206c7b669
+ * common/util.h (get_pk_algo_from_key): New.
+ * common/sexputil.c (get_pk_algo_from_key): The implementation.
+ * agent/gpg-agent.c: Remove include of openpgpdefs.h.
+ * agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
+ (ssh_key_types): Update with GCRY_PK_*.
+ (make_cstring, sexp_extract_identifier): Remove.
+ (sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
+ (ssh_key_to_blob): Use cadr to get value list.
+ (ssh_key_type_lookup): Lookup with integer ALGO.
+ (ssh_receive_key): Follow the change of ssh_key_type_lookup.
+ (ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
+
+ tests: Add openpgp/gpgv-forged-keyring.scm.
+ + commit 7dcad0d3503ac0d75e09efb16246dd78518986fc
+ * tests/openpgp/gpgv-forged-keyring.scm: New.
+ * tests/openpgp/forged-keyring.gpg: New.
+ * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
+ * tests/openpgp/defs.scm (tools): Add GPGV.
+ (GPGV): New.
+
+2016-08-06 Werner Koch <wk@gnupg.org>
+
+ agent: Fix long standing regression tracking the connection count.
+ + commit 40d16029ed8b334c371fa7f24ac762d47302826e
+ * agent/gpg-agent.c (get_agent_active_connection_count): New.
+ (do_start_connection_thread, start_connection_thread_ssh): Bump
+ ACTIVE_CONNECTIONS up and down.
+ * agent/command.c (cmd_getinfo): Add subcommand "connections".
+
+2016-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Clean up SSH support.
+ + commit 894789c3299dc47a8c1ccaaa7070382f0fae0262
+ * agent/command-ssh.c (file_to_buffer): Remove.
+ (ssh_handler_request_identities): Use agent_public_key_from_file.
+
+2016-08-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Avoid publishing the GnuPG version by default.
+ + commit c9387e41db7520d176edd3d6613b85875bdeb32c
+ * g10/gpg.c (main): initialize opt.emit_version to 0
+ * doc/gpg.texi: document different default for --emit-version
+
+2016-08-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Make sure that keygrips are printed for each subkey.
+ + commit c8cc804f56bfefba46641f2c7078fcd67b494bae
+ * g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of
+ an error.
+
+ gpg: Always print the fingerprint in colons mode.
+ + commit 54a1ed20e203dcafeacbe21eb147efa08255dbf5
+ * g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print
+ fingerprint records. For secret keys always print keygrip records.
+
+ tests: Use gpgconf to set the ssh socket envvar.
+ + commit 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c
+ * tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf.
+
+ gpgconf: Add limited support for -0.
+ + commit db6f3eb926619dfe6ed2a9be197c51f9a1b6198c
+ * tools/gpgconf.h (opt): Add field 'null'.
+ * tools/gpgconf.c: Add option --null/-0.
+ (list_dirs): Use it here.
+
+2016-08-04 Justus Winter <justus@g10code.com>
+
+ tests: Update list of tests in Scheme test runner.
+ + commit 05cb30052cdf1d308ff7da901cfa5a809cd49479
+ * tests/openpgp/run-tests.scm: Add missing tests.
+
+ tests: Fix path to fake-pinentry.
+ + commit 3566544d04a4b81e5dd8a2883304673b2cc2f108
+ * tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry.
+
+2016-08-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 89234f7f3643bad2daddc94569f1d651ec5c835e
+
+
+ po: update Japanese translation.
+ + commit 573e0f36190346e0263bea3ae12a389f4f598d55
+
+
+ g10: Fix checking key for signature validation.
+ + commit 6f284e6ed63f514b15fe610f490ffcefc87a2164
+ * g10/sig-check.c (check_signature2): Not only subkey, but also primary
+ key should have flags.valid=1.
+
+2016-08-03 Justus Winter <justus@g10code.com>
+
+ kbx: Add missing header file.
+ + commit e3358b246d9380008a4ba7c8f2fe03659901adaf
+ * kbx/keybox-update.c: Add missing header file.
+
+2016-08-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ More cleanup of "allow to".
+ + commit dc107b78509807db375d3a382eb3376cd2183357
+ * README, agent/command.c, agent/keyformat.txt, common/i18n.c,
+ common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
+ dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
+ doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
+ doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
+ g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
+ m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
+ po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
+ po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
+ po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
+ po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
+ scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
+ sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
+ with clearer text.
+
+ In standard English, the normal construction is "${XXX} allows ${YYY}
+ to" -- that is, the subject (${XXX}) of the sentence is allowing the
+ object (${YYY}) to do something. When the object is missing, the
+ phrasing sounds awkward, even if the object is implied by context.
+ There's almost always a better construction that isn't as awkward.
+
+ These changes should make the language a bit clearer.
+
+ dirmngr: Emit correct spelling of "superseded".
+ + commit 436b28c23194fa77919967338d5a61a82d242153
+ * dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly.
+ * dirmngr/ocsp.c (ocsp_invalid): Likewise.
+
+ This might break some tools which parse the existing output and expect
+ misspellings, but i'm not sure there are many such tools, and we
+ should use standardized orthography going forward.
+
+ Fix spelling and grammar.
+ + commit cd45cf782b91ff0f6b023913963e5258ffcbf464
+ * agent/learncard.c: s/coccured/occurred/
+ * doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
+ s/reponses/responses/i
+ * doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
+ to" to more conventional english usage.
+ * doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
+ tests/openpgp/armor.test: s/occured/occurred/
+ * tools/gpgsplit.c: s/calcualting/calculating/
+ * sm/server.c: s/formated/formatted/
+
+2016-08-03 Werner Koch <wk@gnupg.org>
+
+ gpg,gpgsm: Block signals during keyring/keybox update.
+ + commit 48a2c93a1886589d1a0e2a4a2173e0e81311200b
+ * kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS.
+ * kbx/keybox-update.c (rename_tmp_file): Block all signals when doing
+ a double rename.
+ * g10/keyring.c (rename_tmp_file): Block all signals during the double
+ rename.
+
+ common: New file utilproto.c.
+ + commit 3a2421c94015432caa49e166bc5bf5c4f80ab7c7
+ * common/util.h: Factor prototypes from signal.c out to ...
+ * common/utilproto.h: new.
+ * common/Makefile.am (common_sources): Add new file.
+
+2016-08-01 Justus Winter <justus@g10code.com>
+
+ gpgsm: Fix machine-readable key listing.
+ + commit 40365b28c3fdf087fd58401f5a6f42f9d7d29d20
+ * sm/keylist.c (list_cert_colon): Drop superfluous colon.
+
+ tests: Distribute standalone test runner.
+ + commit c971ff0823d9a649b32fd9f169a12abc3095246e
+ * tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file
+ 'run-tests.scm'.
+
+2016-07-28 Justus Winter <justus@g10code.com>
+
+ tests: Fix distcheck.
+ + commit 9e799b0e4f131126b80a5d3272c36d52b8ba1720
+ * tests/openpgp/Makefile.am (sample_msgs): New variable.
+ (EXTRA_DIST): Also ship the sample msgs.
+
+2016-07-27 Fredrik Fornwall <fredrik@fornwall.net>
+
+ build: Fix check for Android.
+ + commit 583a464c62ce8f7d70f5fdab2c7ea73ec3348d69
+ * configure.ac: Match other Android targets as well.
+
+2016-07-26 Justus Winter <justus@g10code.com>
+
+ common: Fix iobuf_peek corner case.
+ + commit b2572b0c386fd12ac6581fcce72f8d48cbfd27c7
+ Previously, iobuf_peek on a file smaller than 'buflen' would hang.
+
+ * common/iobuf.c (underflow): Generalize by adding a target parameter.
+ (iobuf_peek): Use this to prevent looping here.
+ * tests/openpgp/Makefile.am (TESTS): Add new test.
+ * tests/openpgp/setup.scm (dearmor): Move function...
+ * tests/openpgp/defs.scm (dearmor): ... here.
+ * tests/openpgp/issue2419.scm: New file.
+ * tests/openpgp/samplemsgs/issue2419.asc: Likewise.
+
+ gpgscm: Do not shadow common function name in catch macro.
+ + commit 046338b8494c036a5e717130d3eadce0291126fc
+ * tests/gpgscm/init.scm (catch): Do not shadow 'exit'.
+
+ tests: Fix distcheck.
+ + commit 66c0dab3c722c2766828515120775b106286334e
+ * tests/openpgp/Makefile.am (samplekeys): Add missing key.
+
+ gpgscm: Make the verbose setting more useful.
+ + commit f17aecbcd98103fcd2ece537be96930f354de656
+ * tests/gpgscm/ffi.c (do_get_verbose): New function.
+ (do_set_verbose): Likewise.
+ (ffi_init): Turn *verbose* into a function, add *set-verbose!*.
+ * tests/gpgscm/tests.scm (call): Adapt accordingly.
+ (call-with-io): Dump output if *verbose* is high.
+ (pipe-do): Adapt accordingly.
+ * tests/openpgp/defs.scm: Set verbosity according to environment.
+ * tests/openpgp/run-tests.scm (test): Adapt accordingly.
+
+ common: Avoid excessive stack use.
+ + commit b3610badf691178bbbf0831af9aa6b6658c1948a
+ * common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
+ (gnupg_exec_tool_stream): Allocate copy buffers from the heap.
+
+ common: Rework resource cleanup when handling errors.
+ + commit 35132a8b119dbc3393ceb0d0874917905d1a6354
+ * common/exectool.c (gnupg_exec_tool_stream): Rework error handling.
+
+ common: Add unit test for exectool.
+ + commit fe40e9c53dc0710ff73e72d05ba8040874465b55
+ * common/Makefile.am: Build new test.
+ * common/t-exectool.c: New file.
+
+2016-07-25 Justus Winter <justus@g10code.com>
+
+ g10: Fix key import statistics.
+ + commit 4ba11251aff578394000bf480f47160f0879c763
+ 'transfer_secret_keys' collects statistics on a subkey-basis, while
+ the other code does not. This leads to inflated numbers when
+ importing secret keys. E.g. 'count' is incremented by the main
+ parsing loop in 'import', and again in 'transfer_secret_keys', leading
+ to a total of 3 if one key with two secret subkeys is imported.
+
+ * g10/import.c (import_secret_one): Adjust to the fact that
+ 'transfer_secret_keys' collects subkey statistics.
+ * tests/openpgp/Makefile.am (TESTS): Add new test.
+ * tests/openpgp/issue2346.scm: New file.
+ * tests/openpgp/samplekeys/issue2346.gpg: Likewise.
+
+2016-07-22 Justus Winter <justus@g10code.com>
+
+ gpgscm: Make function more general.
+ + commit 9ee23a715d5dad6bf568a2deb1c55bf15601cf51
+ * tests/gpgscm/tests.scm (in-srcdir): Accept more path fragments.
+
+ g10: Properly ignore legacy keys in the keyring cache.
+ + commit d9839c9d303a01dc1032a6de311e034fe14e81da
+ * g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys
+ in the keyring cache.
+ * tests/migrations/Makefile.am (TESTS): Add new test.
+ * tests/migrations/common.scm (GPG-no-batch): New variable.
+ (run-test): New function.
+ * tests/migrations/issue2276.scm: New file.
+ * tests/migrations/issue2276.tar.asc: Likewise.
+
+2016-07-21 Justus Winter <justus@g10code.com>
+
+ g10: Fix error handling.
+ + commit 45bb9a2a46e11bc13c6b39e7b4748b7de199018e
+ * g10/tofu.c (show_statistics): Fix error handling, 0 is a valid
+ duration.
+
+ g10: Drop superfluous begin transaction.
+ + commit 8a6f8e1e397a2d676b211f2dbc6df4a80b67442d
+ * g10/tofu.c (record_binding): We only need a transaction for the
+ split format.
+
+ gpgscm: Make assert macro more accurate.
+ + commit 699c6c9f4b44441ab3db7f942df5b81f4cd88b06
+ * tests/gpgscm/lib.scm (assert): Print the representation of the
+ failed expression.
+
+ gpgscm: Make error message more useful.
+ + commit 7207b2fe45bcf884e029366a2677a570234bed2e
+ * tests/gpgscm/scheme.c (opexe_0): Include names of missing function
+ parameters in the error message.
+
+ g10: Fix crash.
+ + commit 1af2fd44f0a66fd0d94c224319db0b128d42a288
+ * g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
+ cache limit. Previously, this would crash if db_cache_count == count.
+
+2016-07-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix card removal/reset on multiple contexts.
+ + commit 1598a4476466822e7e9c757ac471089d3db4b545
+ * scd/app.c (application_notify_card_reset): Add message for debug.
+ *scd/command.c (update_card_removed): Call release_application and set
+ SLOT -1 here.
+ (struct server_local_s): Remove app_ctx_marked_for_release.
+ (do_reset): Don't mark release but call release_application here.
+ (open_card): Remove app_ctx_marked_for_release handling.
+ (update_reader_status_file): Don't set SLOT here, so that it can be
+ released the APP by application_notify_card_reset in
+ update_card_removed.
+
+2016-07-19 Justus Winter <justus@g10code.com>
+
+ agent: Add known keys to sshcontrol.
+ + commit 270f7f7b8b235cc93516566702e2a1d256605cca
+ * agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
+ even if it is already in the private key store.
+ * tests/openpgp/ssh.scm: Test this.
+
+ tests: Add test for ssh support.
+ + commit d7a405de8325aa945ab791dcd3bc48272af33b86
+ * tests/gpgscm/tests.scm (path-expand): New function.
+ * tests/openpgp/Makefile.am (TESTS): Add new test.
+ (sample_keys): Add new keys.
+ (CLEANFILES): Clean ssh socket and control file.
+ * tests/openpgp/fake-pinentry.c (main): Add a default passphrase.
+ * tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support.
+ * tests/openpgp/samplekeys/ssh-dsa.key: New file.
+ * tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise.
+ * tests/openpgp/samplekeys/ssh-ed25519.key: Likewise.
+ * tests/openpgp/samplekeys/ssh-rsa.key: Likewise.
+ * tests/openpgp/ssh.scm: Likewise.
+
+2016-07-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix race conditions for release_application.
+ + commit 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3
+ * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
+ release_application.
+
+2016-07-18 Justus Winter <justus@g10code.com>
+
+ agent: Fix passphrase cache lookups.
+ + commit f474249366e8e143c8e6eb7f7b1a74056e46fa1f
+ CACHE_MODE_ANY is supposed to match any cache mode except
+ CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.
+
+ * agent/cache.c (cache_mode_equal): New function.
+ (agent_set_cache): Use the new function to compare cache modes.
+ (agent_get_cache): Likewise.
+ * tests/openpgp/Makefile.am (TESTS): Add new test.
+ * tests/openpgp/issue2015.scm: New file.
+
+2016-07-15 Justus Winter <justus@g10code.com>
+
+ build: Always build gpgtar.
+ + commit 7f4dd24b880323a5b772719dafae829c288303a8
+ We use gpgtar to unpack test data, hence we always build it. If the
+ user opts out, we simply don't install it.
+
+ * configure.ac: Add comment.
+ * tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is
+ built.
+ * tools/Makefile.am: Always build gpgtar, but do not install it if the
+ user used '--disable-gpgtar'.
+
+2016-07-15 Werner Koch <wk@gnupg.org>
+
+ wks: Publish as binary file.
+ + commit b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a
+ * tools/gpg-wks-server.c (copy_key_as_binary): New.
+ (check_and_publish): Use new function instead of rename.
+
+2016-07-15 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix linking.
+ + commit c49c43d7e4229fd9f1bc55e17fa32fdc334dbef6
+ * tests/gpgscm/Makefile.am: Add -lintl.
+
+ g10: Fix building without trust models.
+ + commit d21efa398874be4a15e8283c5fc382fb90f562fd
+ * g10/pkclist.c (write_trust_status): Fall back to the previous
+ behavior.
+
+ tests: Check for gpgtar.
+ + commit 12a887050a560c4cacaf95e4cdb0cc42d8b87aa1
+ * tests/migrations/extended-pkf.scm: Skip test if gpgtar is not built.
+ * tests/migrations/from-classic.scm: Likewise.
+ * tests/openpgp/gpgtar.scm: Fix check for gpgtar.
+
+2016-07-14 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.14.
+ + commit 09c448202ffb4c26d7ec2028351a78e2d3680396
+
+
+ po: Update the German translation.
+ + commit 23c2491f94b94fa231bde8187eb958432555eff1
+
+
+2016-07-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ dirmngr: fix handling of HTTP redirections.
+ + commit 60428c24fb29cb633c9392abb777bc4da88dbfba
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session
+ when following a HTTP redirection.
+
+2016-07-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove options --print-dane-records and --print-pka-records.
+ + commit 1e9bc66a9a60de668890452d504eea3c3c614f7e
+ * g10/gpg.c (main): Remove options but print a dedicated warning.
+ * g10/options.h (struct opt): Remove fields 'print_dane_records' and
+ 'print_pka_records'.
+ * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
+ (list_keyblock_pka): Remove.
+
+2016-07-14 Åka Sikrom <a4@hush.com>
+
+ po: Complete update of the Norwegian translation.
+ + commit d6d7e4d218a1e2e2a88bc893b00967b032d194f8
+
+
+2016-07-14 Yuri Chornoivan <yurchor@ukr.net>
+
+ Update Ukrainian translation.
+ + commit 9427288ebb32141c196996315f93535fd7744901
+
+
+2016-07-14 Ineiev <ineiev@gnu.org>
+
+ Update Russian translation.
+ + commit 39c88870359bc75e9f72e08a7466fcff01bdc655
+
+
+2016-07-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix regression since 2.1 in --search-key with a fingerprint.
+ + commit 0342369ce001b9dba04dc79e7a4eb66fbda278e7
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
+
+ gpgscm: Use kludge to avoid improper use of ffi_schemify_name.
+ + commit fb14bf0a95e361b0991067e3aea2902d54be811d
+ * tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of
+ strdup for now.
+
+ build: Require latest released libraries.
+ + commit c98995efefbdebea8f53d54ba2df4217dfd31ad4
+ * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
+ (do_encryption): Always support OCB.
+ (do_decryption): Ditto.
+ (agent_unprotect): Ditto.
+ * dirmngr/server.c (is_tor_running): Unconditionally build this.
+
+2016-07-13 Werner Koch <wk@gnupg.org>
+
+ build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
+ + commit 66b634f27f10e4c0cb21c3f201998497d0bb24ca
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+ gpg: Fix regression due to the new --mimemode options.
+ + commit 3b8ed7650d2d63b01ec80ecf9e493b80e3ac7ef8
+ * g10/gpg.c (opts): Re-add oTextmodeShort.
+
+2016-07-13 Daiki Ueno <ueno@gnu.org>
+
+ gpg: Make --try-all-secrets work for hidden recipients.
+ + commit 82b90eee100cf1c9680517059b2d35e295dd992a
+ * g10/getkey.c (enum_secret_keys): Really enumerate all secret
+ keys if --try-all-secrets is specified.
+
+2016-07-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not print a the short keyid if the high word is zero.
+ + commit 7b96a8d736934e65bb2adbc17059f84dfeaf95fb
+ * g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.
+
+ gpg: New option --mimemode.
+ + commit e148c3caa90fbadba32bdbfea9513392e3aea598
+ * g10/gpg.c (oMimemode): New.
+ (opts): Add --mimemode.
+ (main): Use --mimemode only in rfc4880bis compliance mode.
+ * g10/options.h (struct opt): Add field "mimemode".
+ * g10/build-packet.c (do_plaintext): Allow for mode 'm'.
+ * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
+ * g10/plaintext.c (handle_plaintext): Handle 'm' mode.
+ * g10/sign.c (write_plaintext_packet): Handle 'm' mode.
+ (sign_file, sign_symencrypt_file): Use 'm' if requested.
+
+ wks: Use correct key for the confirmation.
+ + commit 95810929f75bd718dbdf2cd1c0181137a45e2456
+ * tools/gpg-wks-client.c (send_confirmation_response): Actually
+ encrypt to the recipient.
+
+ wks: New server command --list-domains.
+ + commit 44ecc33b4a7147d9c112a72f55a42b65cef4fe67
+ * tools/gpg-wks-server.c (aListDomains): New.
+ (opts): Add --list-domains.
+ (parse_arguments): Implement.
+ (main): Ditto. Use only one final diagnostic message.
+ (command_list_domains): New.
+ (check_and_publish): Remove directory creation.
+ (get_domain_list): New.
+ (expire_pending_confirmations): Rewrite using a list of directories.
+ (command_cron): Get domain list and pass to
+ expire_pending_confirmations.
+
+2016-07-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix envvars for UPDATESTARTUPTTY.
+ + commit 7be218177701af316db75057c99ca674d53cf585
+ agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
+ to get the list.
+
+2016-07-12 Werner Koch <wk@gnupg.org>
+
+ g13: Fix memleak.
+ + commit acb27915f8646a875b6bb507ff46cd1bc330c02b
+ * g13/g13tuple.c (create_tupledesc): Init refcount to 1.
+
+ wks: Add --cron command to gpg-wks-server.
+ + commit 38eb5f81d223616e3ee34bdfb41c387ce4e7df22
+ * tools/gpg-wks-server.c (PENDING_TTL): New.
+ (expire_one_domain, expire_pending_confirmations): New.
+ (command_cron): New.
+ (main): Implement --cron.
+
+ wks: Try to send an encrypted confirmation back.
+ + commit 5de41c4ecef32add89044b8a550a47cce8c6d61e
+ * tools/gpg-wks-client.c (encrypt_response_status_cb): New.
+ (encrypt_response): New.
+ (send_confirmation_response): Encrypt the response.
+
+ * tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
+ BODY and BODYENC.
+
+ wks: Also create DANE record.
+ + commit d3837e0435921bfa5587a50738f5924a5fdf976a
+ * tools/gpg-wks-server.c (copy_key_as_dane): New.
+ (check_and_publish): Also publish as DANE record.
+
+ gpg: Extend import-option import-export to print PKA or DANE.
+ + commit 9b075575cdc5851b019aed5ca5d5e18416beec8e
+ * g10/export.c (do_export_stream): Move PKA and DANE printing helper
+ code to ...
+ (print_pka_or_dane_records): this fucntion.
+ (write_keyblock_to_output): Add arg OPTIOSN and call
+ print_pka_or_dane_records if requested.
+
+ gpg: Move a function from import.c to export.c.
+ + commit 0f5b105d96780a29cc58893285e6c38482e0cc2d
+ * g10/import.c (write_keyblock_to_output): Move to ...
+ * g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR.
+ Also make sure never to export ring trust packets.
+
+2016-07-11 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Enhance --list-dirs.
+ + commit 7732b332886792b2bbf47ecf7430e953f1c55a2c
+ * tools/gpgconf.c (main) <aListDir>: Factor code out to ...
+ (list_dirs): new. Rewrite to use a table. Allow selection of a
+ items. Add "agent-ssh-socket".
+
+2016-07-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpgv: Tweak default options for extra security.
+ + commit e32c575e0f3704e7563048eea6d26844bdfc494b
+ * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
+ cached status. Similarly, set opt.flags.require_cross_cert for backsig
+ validation for subkey signature.
+
+2016-07-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Add export options "export-pka" and "export-dane".
+ + commit cbe467e794f3be81b8da2bcb1732b5514b13b71d
+ * g10/options.h (EXPORT_PKA_FORMAT): New.
+ * g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
+ * g10/export.c: Include zb32.h.
+ (parse_export_options): Add options "export-pka" and "export-dane".
+ (do_export): Do not armor if either of these option is set.
+ (print_pka_or_dane_records): New.
+ (do_export_stream): Implement new options.
+
+ gpg: Split a too large export function.
+ + commit b05878f32aa507aa9087d7c992b630840b5ad71c
+ * g10/export.c (do_export_stream): Factor some code out to ...
+ (do_export_one_keyblock): new.
+
+2016-07-07 Justus Winter <justus@g10code.com>
+
+ gpgscm: Capture output of spawned processes.
+ + commit 2f61aa0ff11b194d20307751ab686c87cd47dd56
+ * tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
+ return stdout if the child exited successfully, or include stderr in
+ the error.
+ * tests/openpgp/version.scm: Demonstrate this by checking the stdout.
+
+2016-07-06 Werner Koch <wk@gnupg.org>
+
+ doc: Escape file names in generated macros.
+ + commit 511c2522b95333226a5e45e538fed29dd44c9be3
+ * doc/mkdefsinc.c (print_filename): New.
+ (main): Use it here.
+
+ wks: Let the server take the encrytion key from the file.
+ + commit e5896da666551da5322b2ae5458d429b9e60241e
+ * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
+ 'keyfile'.
+ (store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
+ (send_confirmation_request): Add arg 'keyfile'.
+ (process_new_key): Pass on the name of the keyfile.
+
+ gpg: New options --recipient-file and --hidden-recipient-file.
+ + commit a479804c86bc24bfab101f39464db3ecfbaedf6d
+ * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
+ (opts): Add options --recipient-file and --hidden-recipient-file.
+ (main): Implement them. Also remove duplicate code from similar
+ options.
+ * g10/keydb.h (PK_LIST_FROM_FILE): New.
+ (PK_LIST_SHIFT): Bump up.
+ * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
+ (find_and_check_key): Add and implement arg FROM_FILE.
+ (build_pk_list): Pass new value for new arg.
+ * g10/getkey.c (get_pubkey_fromfile): New.
+ * g10/gpgv.c (read_key_from_file): New stub.
+ * g10/test-stubs.c (read_key_from_file): New stub.
+ * g10/server.c (cmd_recipient): Add flag --file.
+ * g10/import.c (read_key_from_file): New.
+
+ * tests/openpgp/defs.scm (key-file1): New.
+ (key-file2): New.
+ * tests/openpgp/setup.scm: Add their private keys and import the
+ key-file1.
+ * tests/openpgp/encrypt.scm: Add new test.
+
+ gpg: New option --no-keyring.
+ + commit 073be51a866cb5600479c504a44ae5ac94a449a2
+ * g10/gpg.c (oNoKeyring): New.
+ (opts): Add "--no-keyring".
+ (main): Do not register any keyring if the option is used.
+
+ gpg: Document use of node flags in import.c and remove unused args.
+ + commit fdfde91595109e51a5b8fafd292244ad41dfb83d
+ * g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1.
+ (NODE_BAD_SELFSIG): New. Use instead of 2.
+ (NODE_DELETION_MARK): New. Use instead of 4.
+ (NODE_FLAG_A): New. Use to mark new nodes in merge_blocks.
+ (chk_self_sigs): Remove unused args FNAME and PK.
+ (import_one): Adjust call. Simplify error return because
+ chk_self_sigs does not return an error code.
+ (append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
+ args FNAME and KEYID.
+ (merge_blocks, import_one, import_secret_one)
+ (import_revoke_cert): Remove unused arg FNAME.
+
+ gpg: Get rid of an unused arg in a function in getkey.c.
+ + commit 7e0c48eb6f18a80142ca2a0f76fe8d270a4e5b33
+ * g10/getkey.c (pk_from_block): Remove unused arg CTX. Change all
+ callers.
+
+ gpg: Change calling convention for a function in getkey.c.
+ + commit 9385dfeb9dd6d83608a10c7896c341f585a25a2b
+ * g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE
+ and WANT_EXACT.
+ (finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here...
+ (lookup): and not here.
+
+2016-07-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix possible out-of-bounds read in is_armored.
+ + commit 5d1a9c4dc823b418db6c4686da55ee3abdf023b0
+ * g10/armor.c (check_input): Call is_armored only if LEN >= 2.
+ (unarmor_pump): Use a 2 byte buffer for is_armored.
+
+2016-07-05 Justus Winter <justus@g10code.com>
+
+ tests: Honor environment variable 'TMP'.
+ + commit 8270580a5a70874beeffcdd16221937db4bcdc93
+ This fixes problems with long socket names, e.g. when doing distcheck.
+
+ * tests/gpgscm/tests.scm (path-join): New function.
+ (with-temporary-working-directory): Honor 'TMP'.
+ (make-temporary-file): Likewise.
+ * tests/migrations/Makefile.am (TMP): Default to '/tmp'.
+ (TESTS_ENVIRONMENT): Set 'TMP'.
+ * tests/openpgp/Makefile.am (TMP): Default to '/tmp'.
+ (TESTS_ENVIRONMENT): Set 'TMP'.
+
+ gpgscm: Improve robustness and compatibility.
+ + commit f26fe4f73e8430d93c03d95a8a24fdabd078bb20
+ * tests/gpgscm/ffi.c (do_getenv): Avoid gccism.
+ (do_mkdtemp): Handle errors.
+
+ tests/migrations: Fix distcheck.
+ + commit b70d08827ddb56423ad610b4ebaaaf9cc763512f
+ * tests/migrations/Makefile.am (TESTS): Rename test.
+ (TEST_FILES): Update list.
+ (EXTRA_DIST): Add common.scm.
+ * tests/migrations/common.scm (GPGTAR): New variable.
+ (dearmor): Rename and untar archive.
+ * tests/migrations/extended-private-key-format.scm: Rename.
+ (setup): Update.
+ * tests/migrations/extended-pkf.tar.asc: New file.
+ * tests/migrations/extended-private-key-format.gpghome: Delete.
+ * tests/migrations/from-classic.gpghome: Likewise.
+ * tests/migrations/from-classic.scm (setup): Update.
+ * tests/migrations/from-classic.tar.asc: New file.
+
+ tools/gpgtar: Provide --create and --extract.
+ + commit 0b8a3358798b7028be872a923da2e275da67d592
+ * tools/gpgtar.c (cmd_and_opt_values): New values.
+ (opts): New actions.
+ (parse_arguments): Handle new actions.
+ * tests/openpgp/gpgtar.scm: Test new interface.
+
+ g10: Fix out-of-bounds read.
+ + commit a6b87981f7ddef42b25703723162c647e312b125
+ * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.
+
+2016-07-04 Werner Koch <wk@gnupg.org>
+
+ wks: Add command --read to gpg-wks-client.
+ + commit 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c
+ * tools/gpg-wks-client.c (aRead): New.
+ (opts): Add command "--read".
+ (main): Implement that.
+
+ tests: Add a gettime test for sizeof (time_t) > 4.
+ + commit 27d158ead4a2b9c52269ef28d050a49c786c7d13
+ * common/t-gettime.c (test_isotime2epoch): Add 4 more tests.
+
+2016-07-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid spurious failures on keyblocks with no or only deleted nodes.
+ + commit 9177a897732b3cebf3f15c97c1f613f71b6318fe
+ * g10/import.c (write_keyblock_to_output): Clear ERR on success.
+
+ wks: Let the client only export the requested UID.
+ + commit 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7
+ * tools/gpg-wks-client.c (get_key): Export only the requested uid.
+
+ tools: Call sendmail directly from the wks tools.
+ + commit 7705f310f1406fe49b45e16c371b09863313f24f
+ * tools/send-mail.c, tools/send-mail.h: New.
+ * tools/wks-util.c: New.
+ * tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
+ (gpg_wks_client_SOURCES): Ditto.
+ * tools/gpg-wks.h (opt): Add fields use_sendmail and output.
+ * tools/gpg-wks-client.c: Add options --send and --output. Rename
+ command --send to --create.
+ (command_send, send_confirmation_response): Output via wks_send_mime.
+ * tools/gpg-wks-server.c: Add options --send and --output.
+ (send_confirmation_request): Output via wks_send_mime.
+ (check_and_publish): Add hack for name-value bug.
+
+2016-07-02 Werner Koch <wk@gnupg.org>
+
+ tools: Add options to gpg-wks-server.
+ + commit c619035d9cd0c9cef62facf5365321289051f9a0
+ * tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
+ * tools/gpg-wks-server.c (oFrom, oHeader): New.
+ (parse_arguments): Set them and check args.
+ (get_submission_address): New.
+ (send_confirmation_request): Set correct From address. Add extra
+ headers.
+ (process_new_key): Return an error code.
+
+ tools: Extend mime-maker.c:mime_maker_add_header.
+ + commit 0e36a1d1fb79c2b75c081616eed00075190b38aa
+ * tools/mime-maker.c (add_header): Check header name and allow
+ name-value syntax.
+ (mime_maker_add_header): Add mode for a syntax check.
+
+ doc: Describe filter expressions.
+ + commit 442efa9b3ff211c692b6967a944b3d9371ad1bb7
+ * doc/gpg.texi: Remove some superfluous .E.
+ (FILTER EXPRESSIONS): New.
+
+ yat2m: Fix table formatting.
+ + commit aae3cdb61555db4efb26f522030c8303a731d4a9
+ * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the
+ end of a level 0 table.
+
+2016-07-01 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --export-filter.
+ + commit 7bfc86c938d11c14ea78b196c82ceba2a2f5317d
+ * g10/gpg.c (oExportFilter): New.
+ (opts): Add --export-filter.
+ (main): Handle option.
+ * g10/export.c: Include recsel.h, init.h, and mbox-util.h.
+ (export_keep_uid): New global var.
+ (cleanup_export_globals): New.
+ (parse_and_set_export_filter): New.
+ (filter_getval): New.
+ (apply_keep_uid_filter): New.
+ (do_export_stream): Apply filter if set.
+
+ gpg: New option --import-filter.
+ + commit 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854
+ * g10/gpg.c (oImportFilter): New.
+ (opts): Add --import-filter.
+ (main): Handle option.
+ * g10/import.c: Include recsel.h, init.h, and mbox-util.h.
+ (import_keep_uid): New global var.
+ (cleanup_import_globals): New.
+ (parse_and_set_import_filter): New.
+ (filter_getval): New.
+ (apply_keep_uid_filter): New.
+ (import_one): Apply filter if set.
+
+ gpg: Allow to cache the mbox in a user id struct.
+ + commit f015552374d69e28292a12f2b91ab34d65c9b457
+ * g10/packet.h (PKT_user_id): Add field 'mbox'.
+ * g10/free-packet.c (free_user_id): Free that.
+
+ gpg: Make sure a user ID packet has always a terminating Nul in memory.
+ + commit d8bce478be3ae9e401841a77d189ef3c81ccb757
+ * g10/keygen.c (write_uid): Avoid overflow.
+
+ common: Add function to select records etc.
+ + commit 681c6ef757a73fc1a63a552186e038db179494aa
+ * common/recsel.c, common/recsel.h: New.
+ * common/t-recsel.c: New.
+
+ common: Smart up register_mem_cleanup_func.
+ + commit 6446a6b3dfd3b2e68b4285870f902ed1f86b0866
+ * common/init.c (register_mem_cleanup_func): Avoid double registration.
+
+2016-07-01 Justus Winter <justus@g10code.com>
+
+ common: Annotate semi-static allocation.
+ + commit 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87
+ * common/argparse.c (optfile_parse): Allow string arguments to leak.
+
+ g10: Fix memory leak.
+ + commit 78aeb236fe4ff3a6d51b3095148e7086f2a6e9a8
+ * g10/keyserver.c (parse_keyserver_uri): Free URI.
+
+ tools/gpgtar: Annotate semi-static allocation.
+ + commit cff63da930b6b3f0253668911e0931713b2b584a
+ * tools/gpgtar.c (shell_parse_argv): Annotate argument vector as
+ leaked.
+
+ g10: Fix memory leak.
+ + commit c454922ffa71929c810c6ff048d902498575302f
+ * g10/import.c (transfer_secret_keys): Release curve from the previous
+ iteration.
+
+ g10: Fix build with disabled kbnode cache.
+ + commit ff77b92aae9c8e20cbc7fa7c294adcc6a8c2f614
+ * g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode
+ cache.
+
+ g10: Fix memory leak.
+ + commit 44d4c695722d96b3bbef16f2843f62413b9670cd
+ * g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak.
+
+ g10: Fix memory leak.
+ + commit 5fafd18d474da7b763f5b82c73b6ca4288e136d7
+ * g10/keygen.c (keygen_set_std_prefs): Fix memory leak.
+
+ Fix trivial memory leaks in tests.
+ + commit 6bfbc368f90b274192d3751274816091675f5109
+ * dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result.
+ * g10/t-stutter.c (main): Free file name.
+
+2016-06-30 Justus Winter <justus@g10code.com>
+
+ tools: Fix trivial memory leak.
+ + commit 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff
+ * tools/gpg-connect-agent.c (main): Fix trivial memory leak.
+
+ g10: Fix memory leak.
+ + commit 401db0eebbcd28dca8f4059706bfbd18d8cc7528
+ * g10/export.c (do_export_stream): Free secret parameters.
+
+ g10: Fix memory leak.
+ + commit eb4cdbefb05795b77a8a72189eff246b84442caf
+ * g10/keygen.c (read_parameter_file): Free 'line'.
+
+ g10: Fix memory leak.
+ + commit 1de362af9094e0a1a0be60f77fbea7c5190a4dcc
+ * g10/sign.c (mk_notation_policy_etc): Free 'mbox'.
+
+ common: Fix memory leak.
+ + commit 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819
+ * g10/textfilter.c (copy_clearsig_text): Free buffer.
+
+ common: Fix memory leak.
+ + commit d2d19063d3adf29340aeb39f14e1b1e9aacf41e7
+ * common/iobuf.c (iobuf_set_partial_body_length_mode): Only create
+ context if necessary.
+
+ common: Fix memory leak.
+ + commit 9037c23979866e6e085b3e32f973bcba590a2635
+ * common/simple-pwquery.c (agent_open): Free socket path.
+
+ g10: Fix keybox-related memory leaks.
+ + commit 29beea6462cca32d3278b0f7f9364ff4342327b8
+ * g10/keydb.c (keydb_release): Clear keyblock cache.
+ (keydb_get_keyblock): Revert previous change.
+ * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free
+ fixups after applying them.
+ (_keybox_release_blob): Free buffer. Currently, the buffer has been
+ extracted before the keybox is released, but this is the right thing
+ to do here.
+
+ g10: Fix memory leak.
+ + commit 5869f518cbd8b41b4c9880fc593216b9efeea430
+ * g10/compress.c (release_context): Free buffers.
+
+ g10: Fix memory leak.
+ + commit 84f262102be19334534cccc66ed7eceea2714527
+ * g10/sign.c (write_plaintext_packet): Free packet.
+
+ g10: Fix memory leak.
+ + commit abae8a9dc8a00cf46291ccb40644b3a7aa477307
+ * g10/mainproc.c (release_list): Do not exit early if list is NULL,
+ there are other resources that must be released.
+
+ gpgscm: Fix reallocating string ports.
+ + commit 5003caa8fdc80afd5748835c06621014f83e6ec4
+ * tests/gpgscm/scheme.c (realloc_port_string): Use memcpy because
+ Scheme strings may contain 0s.
+
+ gpgscm: Free memory backing string ports.
+ + commit 599ad21104e622acbd1230d90d6a23abf9145499
+ * tests/gpgscm/scheme.c (finalize_cell): Free memory backing string
+ ports.
+
+ gpgscm: Use the allocator from libgcrypt.
+ + commit d4ede89981c769b0626ab2b37615da1d12a3b078
+ * tests/gpgscm/main.c (main): Use the allocator from libgcrypt.
+
+ w32: Fix build.
+ + commit dbcb342eaf1738798a5378d9ecd83c7946140d54
+ * g10/keyedit.c (keyedit_quick_revuid): Fix call to
+ 'check_trustdb_stale'.
+
+2016-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ g10: Implement gpg --quick-revuid.
+ + commit 55d112eeb0743e90be46d15dbae67368ee7d4b50
+ * g10/revoke.c (get_default_uid_revocation_reason): New.
+ * g10/keyedit.c (menu_revuid): Break out creation of uid revocation
+ into new function core_revuid.
+ * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
+ uid, invokes core_revuid.
+ * g10/gpg.c (main): Handle --quick-revuid argument.
+ * doc/gpg.texi: Document --quick-revuid.
+
+2016-06-29 Werner Koch <wk@gnupg.org>
+
+ tools: Add gpg-wks-client and gpg-wks-server.
+ + commit 5d6c83deaa11327366b0038928200b9f9f85b426
+ * configure.ac: Add option --enable-wks-tools
+ * tools/gpg-wks-client.c: New.
+ * tools/gpg-wks-server.c: New.
+ * tools/gpg-wks.h: new.
+ * tools/wks-receive.c: New.
+ * tools/call-dirmngr.c, tools/call-dirmngr.h: New.
+
+ build: Improve GNUPG_BUILD_PROGRAM macro.
+ + commit d8ee0d79a702c92a257884bab86183d32d16ff0e
+ * acinclude.m4 (GNUPG_BUILD_PROGRAM): Allow for dash in options.
+
+ tools: Add modules for MIME parsing and creating.
+ + commit c334fa8df0e3901857e1a277d3277a873ae4af74
+ * tools/mime-maker.c: New.
+ * tools/mime-maker.h: New.
+ * tools/mime-parser.c: New.
+ * tools/mime-parser.h: New.
+
+2016-06-28 Justus Winter <justus@g10code.com>
+
+ gpgscm: Fix memory leaks.
+ + commit 9c67958c4737b34c60ef2076f57234eec155eb36
+ * tests/gpgscm/ffi-private.h (ffi_schemify_name): Fix prototype.
+ (ffi_define_function_name): Free schemified name.
+ (ffi_define_function): Likewise.
+ (ffi_define_constant): Likewise.
+ (ffi_define_variable_pointer): Likewise.
+ * tests/gpgscm/ffi.c (do_wait_processes): Free arrays.
+ (ffi_schemify_name): Fix type.
+ * tests/gpgscm/main.c (main): Free 'sc'.
+
+ gpgscm: Free file names.
+ + commit 6cb2be91a7cc8a9b8ec42f3956adbb19347318e3
+ * tests/gpgscm/scheme.c (scheme_load_named_file): Free file name.
+
+ gpgscm: Fix buffer overflow.
+ + commit 56cebdc30c10eaec179a6911e308074264d876ae
+ * tests/gpgscm/scheme.c (store_string): Avoid writing past allocated
+ buffer.
+
+ g10: Fix memory leaks.
+ + commit c57501cc5fa84dbaf560c0fc18853c9540e918af
+ * g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'.
+ * g10/t-keydb-get-keyblock.c: Fix trivial memory leaks.
+ * g10/t-keydb.c: Likewise.
+
+ common: Fix memory leaks.
+ + commit c14ef10fc347d966a1efcb5c2000cbf3aaafa905
+ * common/ccparray.c (ccparray_put): Free old array.
+ * common/stringhelp.c (do_make_filename): Free 'home'.
+ * common/t-convert.c: Fix trivial memory leaks.
+ * common/t-iobuf.c: Likewise.
+ * common/t-mbox-util.c: Likewise.
+ * common/t-name-value.c: Likewise.
+ * common/t-stringhelp.c: Likewise.
+ * common/t-strlist.c: Likewise.
+
+2016-06-28 Werner Koch <wk@gnupg.org>
+
+ dirmngr: add option to retrieve extra WKS info.
+ + commit b1e8e0d4b945e077966fb98175191aed056bd957
+ * dirmngr/server.c (cmd_wkd_get): Add option --submission-address.
+
+ gpg: Add hack to --quick-gen-key to create Curve25519 keys.
+ + commit 20ca075d9605e27e25a780bcc465c7371400ca61
+ * g10/keygen.c (quick_generate_keypair): Add special algo string
+ "test-default".
+
+ common: New function rfctimestamp.
+ + commit 1ddf5b846fc058171af5f2784dad866b73eb0205
+ * common/gettime.c (rfctimestamp): New.
+
+ common: Add missing header file for clarity.
+ + commit 781e614e3b4586da27e54caca39b6a7ed42fc7c7
+ * common/zb32.c: Include zb32.h.
+
+2016-06-28 Justus Winter <justus@g10code.com>
+
+ tools/gpgtar: Fix handling of '-'.
+ + commit 4819f687c48c7972c39ae29c7af1e891a4d57360
+ * tools/gpgtar-extract.c (gpgtar_extract): Use stdin if file is '-'.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+
+ common: Close input stream.
+ + commit d36f664bfdc39c05927cb6e14fe1b3ecb7b64bfa
+ * common/exechelp-posix.c (gnupg_spawn_process): Also close the input
+ stream in the child.
+
+ common: Fix copying data from the spawned child.
+ + commit 8f79c31b4d465eeaf81c8046c35bb8c34512dd8d
+ Fixes intermittent gpgtar failures.
+
+ * common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'.
+ (gnupg_exec_tool_stream): Loop until all data is copied.
+
+2016-06-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix --list-packets.
+ + commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a
+ * g10/gpg.c (main): Call set_packet_list_mode after assignment of
+ opt.list_packets.
+ * g10/mainproc.c (do_proc_packets): Don't stop processing with
+ --list-packets as the comment says.
+ * g10/options.h (list_packets): Fix the comment.
+ * g10/parse-packet.c: Fix the condition for opt.list_packets.
+
+2016-06-25 Werner Koch <wk@gnupg.org>
+
+ build: Add aclocal macro from pkg-config.
+ + commit b6872353bae778d11730f5d0afd2192750777647
+ * m4/pkg.m4: New.
+
+ yat2m: Silence lint warnings and fix a printf format bug.
+ + commit 22b9bea1c3d0e944aa539a87d79e47d92ca5309f
+ * doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New.
+ (die, err, inf, xmalloc, xcalloc): New prototypes with attributes.
+ (get_section_buffer): Take care of !N_SECTIONS.
+ (proc_texi_cmd): Cast precision format arg.
+ (proc_texi_buffer): Do not set IN_CMD when not used afterwards.
+
+2016-06-24 Werner Koch <wk@gnupg.org>
+
+ gpg: New import option "import-export".
+ + commit 7bca3be65e510eda40572327b87922834ebe07eb
+ * g10/import.c (parse_import_options): Add option "import-export".
+ (write_keyblock_to_output): New.
+ (import_one): Implement option.
+
+2016-06-23 Werner Koch <wk@gnupg.org>
+
+ gpg: New import option "import-show".
+ + commit 1e5959ec059ba41f4de1e2f953300bc040efc16f
+ * g10/options.h (IMPORT_SHOW): New.
+ * g10/import.c (parse_import_options): Add "import-show".
+ (import_one): Implement that.
+
+ gpg: Do not print the validity after key generation.
+ + commit 09c6f7135150efbbeb459d4ae0189a81e9d180f8
+ * g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
+ (list_keyblock_print): Take care of it.
+ (list_keyblock_direct): Add arg NO_VALIDITY.
+ * g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
+ validity.
+
+ common: Fix possible small memory leak in b64dec.c.
+ + commit c229ba4d8b9b16052ee0b9573bed7905be602cdf
+ * common/b64dec.c (b64dec_finish): Always release TITLE.
+
+2016-06-23 Justus Winter <justus@g10code.com>
+
+ tests/openpgp: Fake the system time for the tofu test.
+ + commit e584d6468a2e72cd01e55f46104f9f96b56c0b66
+ The keys in the tofu test are set to expire on 2016-09-17. Fake the
+ system time for this test.
+
+ This commit includes changes to the old test as well, for those who
+ need to backport it.
+
+ * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines.
+ * tests/openpgp/tofu.scm: Fake system time.
+ * tests/openpgp/tofu.test: Likewise.
+
+ gpgscm: Handle exceptions in the transformation monad.
+ + commit 145910afc077e7a5df6cc8b10e180dfa6ce38cc3
+ * tests/gpgscm/tests.scm (pipe:do): Raise errors.
+ (tr:spawn): Catch and return errors.
+ (tr:call-with-content): Likewise.
+ (tr:{open,write-to,pipe-do,assert-identity,assert-weak-identity}):
+ Adapt.
+
+ tests/openpgp: Improve tests.
+ + commit 1e822654c1dcfc23a9ef689f4e18c0ebba18baca
+ * tests/openpgp/multisig.scm: Simplify test.
+ * tests/openpgp/setup.scm (dearmor): Use pipe.
+
+ gpgscm: Add types for special objects.
+ + commit 332fa86982dc811640ac8643332d8375816e5b81
+ * tests/gpgscm/scheme.c (enum scheme_types): Add types for boolean,
+ nil, eof, and the sink object.
+ (type_to_string): Handle new types.
+ (scheme_init_custom_alloc): Give special objects a type.
+
+ gpgscm: Fix Scheme initialization.
+ + commit e6e56adf208f194ecafda29bb1c1c06655348432
+ This potentially causes a crash if the garbage collector marks an eof
+ object.
+
+ * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize
+ 'EOF_OBJ'.
+
+2016-06-23 Werner Koch <wk@gnupg.org>
+
+ common: Add dedicated private key functions to name-value.c.
+ + commit 3ead21da80da4570e77036cc05303914c9b1f364
+ * common/name-value.c (struct name_value_container): Add field
+ 'private_key_mode'.
+ (my_error): New. Use instead of gpg_error.
+ (nvc_new_private_key): New.
+ (nve_release): Add arg 'private_key_mode'.
+ (nvc_release): Call nve_release with private_key_mode flag.
+ (nvc_delete): Ditto.
+ (_nvc_add): Do no special case "Key:" in non-private_key_mode.
+ (nvc_get_private_key): Return error in non-private_key_mode.
+ (nvc_set_private_key): Ditto.
+ (nvc_parse): Factor all code out to ...
+ (do_nvc_parse): new. Add arg 'for_private_key'.
+ (nvc_parse_private_key): New.
+ * agent/findkey.c (write_extended_private_key): Replace nvc_parse by
+ nvc_parse_private_key.
+ (read_key_file): Ditto.
+
+ * common/t-name-value.c (private_key_mode): New variable.
+ (my_nvc_new): New. Replace all callers.
+ (test_key_extraction): Take mode in account.
+ (run_tests): Ditto.
+ (run_modification_tests): Ditto.
+ (parse): Ditto.
+ (main): Add option --parse and rename --parse to --parse-key.
+
+ common: Rename external symbols in name-value.c.
+ + commit d74d23d860c1e5039bd595c31c846782c5cb8025
+ * common/name-value.c, common/name-value.h: Rename symbol prefixes
+ from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers.
+
+ common: Rename private-keys.c to name-value.c.
+ + commit b841a883a2a66807aa427e65d49067584bedfbe2
+ * common/private-keys.c: Rename to name-value.c.
+ * common/private-keys.h: Rename to name-value.h. Chage all users.
+ * common/t-private-keys.c: Rename to t-name-value.c.
+ * common/Makefile.am: Adjust accordingly.
+
+ common: Add PGP armor decoding to b64dec.
+ + commit 3694579bc4eef27ed53e1845bf03be38c299ce76
+ * common/b64dec.c (decoder_states): Add new states.
+ (b64dec_proc): Handle PGP armored format.
+
+2016-06-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix regression of card-edit/fetch.
+ + commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2
+ * g10/card-util.c (fetch_url): Call keyserver_fetch instead of
+ keyserver_import_fprint.
+
+2016-06-21 Justus Winter <justus@g10code.com>
+
+ tests/migrations: Convert to Scheme and re-enable.
+ + commit f548383d9af912bf93217068cc8aa99a9a6eda93
+ * configure.ac: Re-enable.
+ * tests/Makefile.am: Likewise.
+ * tests/migrations/Makefile.am (TESTS): Use Scheme tests.
+ * tests/migrations/common.scm: New file.
+ * tests/migrations/extended-private-key-format.scm: Likewise.
+ * tests/migrations/from-classic.scm: Likewise.
+ * tests/migrations/extended-private-key-format.test: Drop file.
+ * tests/migrations/from-classic.test: Drop file.
+
+ gpgscm: Add more file handling functions.
+ + commit c5e0ca5a59ebd91b67944ca125cc8cd73a9d243e
+ * tests/gpgscm/ffi.c (do_glob): New function.
+ (ffi_init): Define new function.
+ * tests/gpgscm/tests.scm (basename-suffix): New function.x
+
+ tests/openpgp: Port the remaining tests to Scheme.
+ + commit 0340fcdac864109e3dd6edee759efc96e4d3f84e
+ * tests/openpgp/Makefile.am (TESTS): Add new tests.
+ * tests/openpgp/defs.scm (gpg-with-colons): New function.
+ (get-config): Use new function.
+ * tests/openpgp/export.scm: New file.
+ * tests/openpgp/tofu.scm: Likewise.
+
+ gpgscm: Improve test framework.
+ + commit 65081c31e7536d8fb5effcc2c9aeeffc120c9a69
+ * tests/gpgscm/lib.scm (echo): Move...
+ * tests/gpgscm/tests.scm (echo): ... here.
+ (info, error, skip): And use echo here.
+ (file-exists?): New function.
+ (tr:spawn): Check that source exists and if the sink has been created.
+ (tr:call-with-content): Hand in optional arguments.
+
+ gpgscm: Use native string searching functions.
+ + commit 5fbbc4b334a73150e709a4802cac99abd8ada61d
+ * tests/gpgscm/ffi-private.h: Handle character arguments.
+ * tests/gpgscm/ffi.c (do_string_index): New function.
+ (do_string_rindex): Likewise.
+ (do_string_contains): Likewise.
+ (ffi_init): Define new functions.
+ * tests/gpgscm/ffi.scm (ffi-define): New macro.
+ * tests/gpgscm/lib.scm (string-index): Use native function,
+ demonstrate behavior.
+ (string-rindex): Likewise.
+ (string-contains?): Likewise.
+ Demonstrate behavior of various other functions.
+ (read-all): Rework so that it can handle large files.
+
+ gpgscm: Improve error reporting.
+ + commit d99949fc8cf541018267964629992d55c97ca9ab
+ * tests/gpgscm/scheme.c (type_to_string): New function.
+ (Eval_Cycle): Include actual type in error message.
+
+ gpgscm: Make memory allocation failures fatal.
+ + commit 616582071a2c76c4fb529d4da549aa95ee5d78d6
+ * tests/gpgscm/scheme.c (Eval_Cycle): Exit if we run out of memory.
+
+2016-06-21 Werner Koch <wk@gnupg.org>
+
+ sm: Do not install cacert and other root certificates.
+ + commit c19b2061274cd50838e62a2acbdc7e7d24888e7e
+ * doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and
+ com-certs.pem to ...
+ (EXTRA_DIST): here.
+
+2016-06-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Add experimental support for an issuer fpr.
+ + commit 955baf04364721457cd99aad21942523cd50498c
+ * common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
+ * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
+ insert the issuer fpr if needed.
+ * g10/sign.c (write_signature_packets): Pass signing key.
+ (make_keysig_packet): Ditto.
+ (update_keysig_packet): Ditto.
+ * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
+ (parse_one_sig_subpkt): Detect issuer fpr.
+ (can_handle_critical): Add issuer fpr.
+ * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
+ * g10/gpgv.c (keyserver_import_fprint): New stub.
+ * g10/test-stubs.c (keyserver_import_fprint): New stub.
+
+ gpg: New option --rfc4880bis.
+ + commit ee2d9061d7abc36b857165a8395203a97380baa2
+ * g10/options.h (struct opt): Add field flags.rfc4880bis.
+ * g10/gpg.c (oRFC4880bis): new.
+ (opts): add --rfc4880bis.
+ (main): Implement that and print a warning.
+
+2016-06-19 Niibe Yutaka <gniibe@fsij.org>
+
+ scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
+ + commit 971064f8b7ad676326b2a468f688037a303717df
+ * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.
+
+2016-06-17 Werner Koch <wk@gnupg.org>
+
+ tests: Make make distcheck work again.
+ + commit ce1689ea0720552ac900d7b2c4139caf24452018
+ * Makefile.am (tests): Remove test code which would led to doubling
+ calls to for e.g. "make distclean".
+ * tests/Makefile.am: Typo fixes.
+ * tests/gpgscm/Makefile.am (EXTRA_DIST): Fix name of License file.
+ Add repl.scm.
+ (check): Replace by check-local because check is a standard automake
+ target.
+ * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Replace gmake0sim by
+ automake generated macro.
+ (EXTRA_DIST): Add defs.scm
+
+ gpgscm: Silence compiler warnings.
+ + commit dfe5282e5859409849a17d68b2b3a046370f65bd
+ * tests/gpgscm/scheme.c (mk_integer): Rename arg NUM to N.
+ (fill_vector): Ditto.
+ (mark): Rename var NUM to N.
+ (set_slot_in_env): Mark SC as unused.
+ (is_any): Mark P as unused.
+
+ Add license notices for TinySCHEME.
+ + commit dc1db12d2c4f9f12bc3f7de37f76293b316c3f35
+ * tests/gpgscm/COPYING: Rename to ...
+ * tests/gpgscm/LICENSE.TinySCHEME: this.
+ * AUTHORS: Add a note about TinySCHEME.
+ * build-aux/speedo/w32/pkg-copyright.txt: Add TinySCHEME notice.
+
+2016-06-17 Justus Winter <justus@g10code.com>
+
+ tests/openpgp: Reimplement tests in Scheme.
+ + commit 9609cb20e4caee739b9fc4fd36797029d2970041
+ * Makefile.am: Build the test infrastructure on Windows.
+ * tests/openpgp/Makefile.am (required_pgms): Add gpgscm.
+ (TESTS_ENVIRONMENT): Make sure gpgscm and the libraries are found.
+ (TESTS): Replace tests with the new Scheme implementations.
+ * tests/openpgp/4gb-packet.scm: New file.
+ * tests/openpgp/README: Likewise.
+ * tests/openpgp/armdetach.scm: Likewise.
+ * tests/openpgp/armdetachm.scm: Likewise.
+ * tests/openpgp/armencrypt.scm: Likewise.
+ * tests/openpgp/armencryptp.scm: Likewise.
+ * tests/openpgp/armor.scm: Likewise.
+ * tests/openpgp/armsignencrypt.scm: Likewise.
+ * tests/openpgp/armsigs.scm: Likewise.
+ * tests/openpgp/clearsig.scm: Likewise.
+ * tests/openpgp/conventional-mdc.scm: Likewise.
+ * tests/openpgp/conventional.scm: Likewise.
+ * tests/openpgp/decrypt-dsa.scm: Likewise.
+ * tests/openpgp/decrypt.scm: Likewise.
+ * tests/openpgp/default-key.scm: Likewise.
+ * tests/openpgp/defs.scm: Likewise.
+ * tests/openpgp/detach.scm: Likewise.
+ * tests/openpgp/detachm.scm: Likewise.
+ * tests/openpgp/ecc.scm: Likewise.
+ * tests/openpgp/encrypt-dsa.scm: Likewise.
+ * tests/openpgp/encrypt.scm: Likewise.
+ * tests/openpgp/encryptp.scm: Likewise.
+ * tests/openpgp/finish.scm: Likewise.
+ * tests/openpgp/genkey1024.scm: Likewise.
+ * tests/openpgp/gpgtar.scm: Likewise.
+ * tests/openpgp/import.scm: Likewise.
+ * tests/openpgp/mds.scm: Likewise.
+ * tests/openpgp/multisig.scm: Likewise.
+ * tests/openpgp/run-tests.scm: Likewise.
+ * tests/openpgp/seat.scm: Likewise.
+ * tests/openpgp/setup.scm: Likewise.
+ * tests/openpgp/signencrypt-dsa.scm: Likewise.
+ * tests/openpgp/signencrypt.scm: Likewise.
+ * tests/openpgp/sigs-dsa.scm: Likewise.
+ * tests/openpgp/sigs.scm: Likewise.
+ * tests/openpgp/use-exact-key.scm: Likewise.
+ * tests/openpgp/verify.scm: Likewise.
+ * tests/openpgp/version.scm: Likewise.
+
+ tests/gpgscm: Add a TinySCHEME-based test driver.
+ + commit d2ce3f9eee34e380536049c0c9d26ed66273f094
+ * configure.ac: Add new component.
+ * tests/Makefile.am: Likewise.
+ * tests/gpgscm/Makefile.am: New file.
+ * tests/gpgscm/ffi-private.h: Likewise.
+ * tests/gpgscm/ffi.c: Likewise.
+ * tests/gpgscm/ffi.h: Likewise.
+ * tests/gpgscm/ffi.scm: Likewise.
+ * tests/gpgscm/lib.scm: Likewise.
+ * tests/gpgscm/main.c: Likewise.
+ * tests/gpgscm/private.h: Likewise.
+ * tests/gpgscm/repl.scm: Likewise.
+ * tests/gpgscm/scheme-config.h: Likewise.
+ * tests/gpgscm/t-child.c: Likewise.
+ * tests/gpgscm/t-child.scm: Likewise.
+ * tests/gpgscm/tests.scm: Likewise.
+
+ tests/gpgscm: Foreign objects support for TinySCHEME.
+ + commit 56c36f2932fe2baf8e46efdea4315cf33f3c0338
+ * tests/gpgscm/scheme-private.h (struct cell): Add 'foreign_object'.
+ (is_foreign_object): New prototype.
+ (get_foreign_object_{vtable,data}): Likewise.
+ * tests/gpgscm/scheme.c (enum scheme_types): New type.
+ (is_foreign_object): New function.
+ (get_foreign_object_{vtable,data}): Likewise.
+ (mk_foreign_object): Likewise.
+ (finalize_cell): Free foreign objects.
+ (atom2str): Pretty-print foreign objects.
+ (vtbl): Add new functions.
+ * tests/gpgscm/scheme.h (struct foreign_object_vtable): New type.
+ (mk_foreign_object): New prototype.
+ (struct scheme_interface): Add new functions.
+
+ Patch from Thomas Munro,
+ https://sourceforge.net/p/tinyscheme/patches/13/
+
+ tests/gpgscm: Dynamically allocate string buffer.
+ + commit 8e5ad9aabdd57457f76078924d33acb94b75a877
+ * tests/gpgscm/scheme-config.h (strbuff{,_size}): Make buffer dynamic.
+ * tests/gpgscm/scheme.c (expand_strbuff): New function.
+ (putcharacter): Adapt length test.
+ (readstrexp): Expand buffer if necessary.
+ (scheme_init_custom_alloc): Initialize buffer.
+ (scheme_deinit): Free buffer.
+
+ Patch from Thomas Munro,
+ https://sourceforge.net/p/tinyscheme/patches/11/
+
+ tests/gpgscm: Make exception value available.
+ + commit 3b100da9ada9171d873a796eaf3351d4fceed394
+ * tests/gpgscm/init.scm (throw): Hand exception value to the handler.
+ (catch): And bind it to *error*.
+
+ tests/gpgscm: Add package macro.
+ + commit 2907381f4a7b422823b2304ebe550acbb2f66480
+ * tests/gpgscm/init.scm: Add package macro from manual.
+
+ tests/gpgscm: Expose function to open streams as Scheme ports.
+ + commit 55275b8e2b43a3420d85a1a931e02febaa1113e7
+ * tests/gpgscm/scheme.c (vtbl): Add 'port_from_file' to the vtable.
+ * tests/gpgscm/scheme.h (struct scheme_interface): New field
+ 'mk_port_from_file'.
+
+ tests/gpgscm: Nicer error message.
+ + commit 13bba1357478815a85f5c0db3607ebb6cd574f56
+ * tests/gpgscm/scheme.c (opexe_0): Include the value that we tried to
+ evaluate as function-like in the error message.
+
+ tests/gpgscm: Fix error hook.
+ + commit e02c1ccae13e4eb55afef8de4f29022c709404eb
+ * tests/gpgscm/init.scm (*error-hook*): Fix error hook so that the
+ whole error message is displayed.
+
+ tests/gpgscm: Handle unhandled enumeration values.
+ + commit 133f25703a47e9bbc28c4532934f405ecdeb2de0
+ * tests/gpgscm/scheme.c (opexe_{3,4}): Handle unhandled enumeration
+ values in the opcode dispatching code.
+
+ tests/gpgscm: Verbatim import of latest TinySCHEME.
+ + commit cb989504cdd4f0ff902d31af871dc3ee0d9419ac
+ Revision 110 from svn://svn.code.sf.net/p/tinyscheme/code/trunk
+
+ * tests/gpgscm/COPYING: New file.
+ * tests/gpgscm/Manual.txt: Likewise.
+ * tests/gpgscm/init.scm: Likewise.
+ * tests/gpgscm/opdefines.h: Likewise.
+ * tests/gpgscm/scheme-private.h: Likewise.
+ * tests/gpgscm/scheme.c: Likewise.
+ * tests/gpgscm/scheme.h: Likewise.
+
+2016-06-17 Werner Koch <wk@gnupg.org>
+
+ scd: Make option --homedir work.
+ + commit 4e41745b3ea3bb8ffc50af6bafeb1de9c928812f
+ * scd/scdaemon.c (opts): Add --homedir.
+
+2016-06-16 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.13.
+ + commit b3df4e2ac6aa9b4154e923f71b4221533043e5ac
+
+
+2016-06-16 Yuri Chornoivan <yurchor@ukr.net>
+
+ po: Update Ukrainian translation.
+ + commit d4ce1b04431cf02ebc1bdc7150ad587d599f2a95
+
+
+2016-06-16 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 2273e4f999325cdc9d275507cd07c7e95d62a377
+
+
+2016-06-16 Werner Koch <wk@gnupg.org>
+
+ po: Update German translation.
+ + commit 69f1b0b041c251abb66f000db173a602693bb18f
+
+
+ Add missing files so that make distcheck works again,
+ + commit 4d7d292cd5b616b209dfd4302a1deffe11b7be0e
+ * tests/openpgp/Makefile.am (CLEANFILES): Add created file
+ "passphrases".
+ * tools/Makefile.am (EXTRA_DIST): Add no-libgcrypt.c.
+
+ tools: Fix typo in function name of symcryptrun.
+ + commit e44dd878df58dab27c9cd411d80c4c81501e649a
+ * tools/symcryptrun.c (main): Fix typo.
+
+2016-06-15 Niibe Yutaka <gniibe@fsij.org>
+
+ g10: Fix another race condition for trustdb access.
+ + commit 35a3ce2acf78a95fecbccfd8db0560cca24232df
+ * g10/tdbio.c (create_version_record): Call create_hashtable to always
+ make hashtable, together with the version record.
+ (get_trusthashrec): Remove call to create_hashtable.
+
+2016-06-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Print the subkey's curve and not the primary key curve.
+ + commit b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba
+ * g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve.
+
+ ldap: Improve info output for v3 fallback.
+ + commit b7e3dfcf139284d30921cf44e7bab43d4244cc37
+ * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an
+ unprotected section. Replace log_debug by log_info in verbose mode.
+
+2016-06-14 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Try ldap protocol V3 as fallback.
+ + commit f989b6ee0db96c36f13f093cbbcfd1d5b472d03c
+ * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case
+ default Protocol gives error.
+
+ dirmngr: Print ldap error if bind fails.
+ + commit 5faddcb2927a997e05fb34eb270982096d1fe3a4
+ * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind
+ return.
+
+2016-06-14 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Allow ciphers AES192 and SERPENT256.
+ + commit 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68
+ * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256.
+
+ doc: Add files and envvars to a new index.
+ + commit 2423238ee4c8a8c531dfe9e45c95f2760b638faa
+ * doc/gnupg.texi: Define new index "ef".
+ (Environment Index): New.
+
+ gpg: Avoid endless loop in a tofu error case.
+ + commit f980cd2e0e4694a38038f518f290017087d4ce33
+ * g10/tofu.c (get_trust): Do not jump to out.
+
+ gpg: Split tofu's get_trust function into several smaller ones.
+ + commit 1affdf1efc42ed22dc023c92ca5134d5bcbf2686
+ * g10/tofu.c (get_trust): Factor code out to ...
+ (format_conflict_msg_part1): new and to ...
+ (ask_about_binding): new.
+
+2016-06-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Un-deprecate option --auto-key-retrieve.
+ + commit 9e126af215143fddbdc3949681abb9ffdb9153bb
+ * g10/gpg.c (main): Remove deprecation warning.
+
+ gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
+ + commit 61e7fd68c05ed185728e9da45f7a44a2323065ad
+ * g10/gpg.c (oDisableSignerUID): New.
+ (opts): New option '--disable-signer-uid'.
+ (main): Set option.
+ * g10/options.h (opt): Add field flags.disable_signer_uid.
+ * g10/sign.c: Include mbox-util.h.
+ (mk_notation_policy_etc): Embed the signer's uid.
+ * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
+ retrieval if --disable-signer-uid is used.
+
+ gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
+ + commit 08c82b1b55d28ffd09b859205b7686bcefae5011
+ * g10/packet.h (PKT_signature): Add field 'signers_uid'.
+ * g10/parse-packet.c (parse_signature): Set this field.
+ * g10/free-packet.c (free_seckey_enc): Free field.
+ (copy_signature): Copy field.
+ * g10/mainproc.c (akl_has_wkd_method): New.
+ (check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
+ locate a missing key via the signature's Signer's User ID sub-packet.
+ Do this right before trying a keyserver lookup.
+
+2016-06-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove C-99ism, re-indent, and simplify one function.
+ + commit 334e993a71d3abb7d30cb5ee05d578cecf0c3f67
+ * g10/call-agent.c (struct keyinfo_data): Rename to
+ keyinfo_data_parm_s.
+ (agent_get_keyinfo): Replace C-99 style init.
+ (keyinfo_status_cb): Use new fucntion split_fields.
+ * g10/export.c (match_curve_skey_pk): Add missings returns error
+ cases.
+ (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
+
+ common: New function split_fields.
+ + commit 5ba99d9302cd86aee99958b71075d5288bb430aa
+ * common/stringhelp.c (split_fields): New.
+ * common/t-stringhelp.c: Include assert.h.
+ (test_split_fields): New.
+ (main): Call test.
+
+2016-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ g10: Export cleartext keys as cleartext.
+ + commit c41c46fa84cabbed74a13ded51fc3a817a919367
+ * g10/export.c (do_export_stream): If a key is stored by the agent in
+ cleartext, then try to export it as cleartext.
+ * tests/openpgp/export.test: For secret keys that are stored in
+ cleartext, test should try to export without pinentry interaction.
+
+ g10: Allow receiving cleartext secret keys from agent.
+ + commit a3cb72af79ee645eda212f31ab0b266f2c3d9f29
+ * g10/export.c (match_curve_skey_pk): New function, testing whether an
+ OpenPGP public key and an S-expression use the same curve.
+ * g10/export.c (cleartext_secret_key_to_openpgp): New function,
+ filling in the secret key parameters of a PKT_public_key object from
+ a corresponding cleartext S-expression.
+ * g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
+ parameter, enabling retrieval of the secret key, unlocked.
+ * g10/export.c (do_export_stream): Send cleartext as 0, keeping current
+ behavior.
+ * g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
+ that smartcard backups are all passphrase-locked.
+
+ g10: Add openpgp_protected flag to agent secret key export functions.
+ + commit 7de74320767d15d915942a98ff47c00175a078ed
+ * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
+ openpgp_protected flag.
+ * g10/export.c (receive_seckey_from_agent): Request openpgp_protected
+ secret keys from agent.
+ * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
+ brief description of the effect of --openpgp.
+
+ g10: report whether key in agent is passphrase-protected or not.
+ + commit 00f30cc01c79bbdff5cdc3be795f009f15d3845e
+ * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
+ r_cleartext parameter to report whether a key is stored without
+ passphrase protection.
+ * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
+ match new API.
+ * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
+ g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
+ need to know whether agent is passphrase-protected.
+
+2016-06-08 Werner Koch <wk@gnupg.org>
+
+ Explicitly restrict socket permissions.
+ + commit 8127043d549a5843ea1ba2dc6da4906fc2258d53
+ * agent/gpg-agent.c (create_server_socket): Call chmod before listen.
+ * scd/scdaemon.c (create_server_socket): Ditto.
+ * dirmngr/dirmngr.c (main): Ditto.
+
+ w32: Fix recent build regression.
+ + commit 6790115fd9059e066b4e6feb6b1e3876a1c1d522
+ * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
+ for NAME.
+ * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir.
+
+ * agent/gpg-agent.c (remove_socket): Remove unused var P.
+ * scd/scdaemon.c (cleanup): Ditto.
+
+ gpgconf: New commands --create-socketdir and --remove-socketdir.
+ + commit cf4910419e09daf414f76ca2c8ab685c3d488ec1
+ * tools/gpgconf.c: Include unistd.h.
+ (aCreateSocketDir, aRemoveSocketDir): New.
+ (opts): Add --create-socketdir and --remove-socketdir.
+ (main): Implement them.
+
+ Implement /run/user/UID/gnupg based sockets.
+ + commit aab8a0b05292b0d06e3001a0b289224cb7156dbd
+ * common/homedir.c: Include sys/stat.h and zb32.h.
+ (w32_portable_app, w32_bin_is_bin): Change type from int to byte.
+ (non_default_homedir): New.
+ (is_gnupg_default_homedir): New.
+ (default_homedir): Set non_default_homedir.
+ (gnupg_set_homedir): Set non_default_homedir and make
+ the_gnupg_homedir and absolute directory name.
+ (gnupg_homedir): Return an absolute directory name.
+ (_gnupg_socketdir_internal): New.
+ (gnupg_socketdir): Implement /run/user/ based sockets.
+ * tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
+ make_filename by xstrdup.
+ * tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
+
+ gpgconf: Add option --homedir.
+ + commit def512eb67c8a380f3b873cee0f156deef0b6dda
+ * tools/gpgconf.c (opts): Add --homedir.
+ (main): Set homedir.
+
+ Do not use no-libgcrypt dummy for tools.
+ + commit 173fa97102fec68670a46ae1b460231e2a183c81
+ * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c.
+ (gpgconf_LDADD): Add LIBGCRYPT_LIBS.
+ (gpg_connect_agent_LDADD): Ditto.
+ (gpgtar_LDADD): Ditto.
+ * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto.
+ (t_common_ldadd): Ditto. Remove no-libgcrypt.o.
+
+ Do not try to remove the enclosing directory of sockets.
+ + commit 0faf8951544f43790c412777a926c969540174bd
+ * agent/gpg-agent.c (remove_socket): Do not remove the enclosing
+ directory.
+ * scd/scdaemon.c (cleanup): Ditto.
+
+2016-06-07 Werner Koch <wk@gnupg.org>
+
+ common: New function gnupg_socketdir.
+ + commit 36550dde998fa1d497098050ca2d4e1a952ed6b6
+ * common/homedir.c (gnupg_socketdir): New.
+ * agent/gpg-agent.c (create_socket_name): Use new function instead of
+ gnupg_homedir.
+ (check_own_socket): Ditto.
+ (check_for_running_agent): Ditto.
+ * agent/preset-passphrase.c (main): Ditto.
+ * common/asshelp.c (start_new_gpg_agent): Ditto.
+ * scd/scdaemon.c (create_socket_name): Ditto.
+ * tools/gpgconf.c (main): Ditto.
+ * tools/symcryptrun.c (main): Ditto.
+
+ common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
+ + commit fb88f37c40dc156fa0b5bfba4ac85f1e553fd7e9
+ * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
+ favor of gnupg_homedir (). Change all callers.
+ (start_new_dirmngr): Ditto.
+ * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
+ 'homedir'.
+
+ Replace use of opt.homedir by accessor functions.
+ + commit 22a7ef01aa2c0eb77bcc40174d09104acc35cab1
+ * common/homedir.c (the_gnupg_homedir): New var.
+ (gnupg_set_homedir): New.
+ (gnupg_homedir): New.
+ * g10/options.h (struct opt): Remove 'homedir' and replace all users
+ by the new accessor functions.
+ * g13/g13-common.h (struct opt): Ditto.
+ * scd/scdaemon.h (struct opt): Ditto.
+ * sm/gpgsm.h (struct opt): Ditto.
+ * dirmngr/dirmngr.h (struct opt): Ditto.
+ * agent/preset-passphrase.c (opt_homedir): Ditto.
+ * agent/protect-tool.c (opt_homedir): Ditto.
+
+2016-06-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 650abbab716750d6087a457a25fa2efaaa3567cd
+
+
+ gpg: Fix command line parsing of --quick-addkey and --quick-gen-key.
+ + commit abeeb84a94be815a16e678b319cb5c8bffde2811
+ * g10/gpg.c (main): Compose a block by curly braces.
+
+2016-06-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Use --keyid-format=none by default.
+ + commit 7257ea2d450238afa4d162fab8001f74782fe43f
+ * g10/gpg.c (main): Init keyid_format to KF_NONE.
+ * g10/keyid.c (format_keyid): Ditto.
+ (keystrlen): Ditto.
+
+ gpg: Add option --with-subkey-fingerprint.
+ + commit 1d1cb86694fb2223de1da0b3bfffb5c62f505847
+ * g10/gpg.c (oWithSubkeyFingerprint): New.
+ (opts): Add --with-subkey-fingerprint[s].
+ (main): Set that option.
+ * g10/options.h (struct opt): Add 'with_subkey_fingerprint'.
+ * g10/keylist.c (list_keyblock_print): Print subkey fingerprint.
+ (print_fingerprint): Tweak printing to use compact format if
+ desirable.
+
+ gpg: Implement --keyid-format=none.
+ + commit b047388d57443f584f1c1d6333aac5218b685042
+ * g10/gpg.c (main): Add option "none" to --keyid-format.
+ * g10/options.h (KF_NONE): New.
+ * g10/keyid.c (format_keyid): Implement that.
+ (keystr): Use format "long" is KF_NONE is in use.
+ (keystr_with_sub): Ditto.
+ * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
+ Factor some code out to ...
+ (print_key_line): new.
+ (print_fingerprint): Add mode 20.
+ * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
+ flags.primary in the PK. Fix putting a " revoked..." string into the
+ colons format.
+ * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
+ slightly changes the putput format.
+ * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
+ also put "expires: " into the output.
+
+2016-06-04 Werner Koch <wk@gnupg.org>
+
+ w32: Require --enable-build-timestamp for the BUILD_HOSTNAME.
+ + commit 79b7a8a9e0d41b743ceaee20dc47294359fe0d44
+ * configure.ac (BUILD_HOSTNAME): Set to "<anon>" bey default.
+ * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add
+ --enable-build-timestamp.
+
+2016-06-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Add the fingerprint to KEY_CREATED for subkeys.
+ + commit 8d976a6b07c5a356631791b46b590328c1451f31
+ * g10/keygen.c (print_status_key_created): Make more robust by
+ allowing a NULL for PK.
+ (generate_subkeypair): Use print_status_key_created.
+ (generate_card_subkeypair): Ditto.
+
+ gpg: Try to use the passphrase from the primary for --quick-addkey.
+ + commit 1b460f049e5c1c102d8b55ad28781688252c5a6b
+ * agent/command.c (cmd_genkey): Add option --passwd-nonce.
+ (cmd_passwd): Return a PASSWD_NONCE in verify mode.
+ * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
+ not send a RESET if given.
+ (agent_passwd): Add arg 'verify'.
+ * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
+ (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
+ (generate_subkeypair): Use sepeare hexgrip var for the to be created
+ for hexgrip feature. Verify primary key first. Make use of the
+ passwd nonce. Allow for a static passphrase.
+
+ gpg: Extend the --quick-gen-key command.
+ + commit 01285f909e43e8d6a48fbcc77bb5af53d567d8a2
+ * g10/keygen.c (quickgen_set_para): Add arg 'use'.
+ (quick_generate_keypair): Add args 'algostr', 'usagestr', and
+ 'expirestr'. Implement primary only key mode.
+ (parse_algo_usage_expire): Set NBITS for the default algo.
+ * g10/gpg.c (main): Extend --quick-gen-key command.
+
+ gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
+ + commit dcc4cd83821667be22e502af86139bb4bd41bdf7
+ * g10/keygen.c (parse_usagestr): Allow "cert".
+ (generate_subkeypair): Factor expire parsing out to ...
+ (parse_subkey_algostr_usagestr): here. Rename to ...
+ (parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for
+ primary key and check that it is not set for subkeys.
+
+ gpg: New command --quick-addkey.
+ + commit 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb
+ * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
+ (ask_keysize): Factor code out to ...
+ (get_keysize_range, fixup_keysize): new.
+ (parse_parameter_usage): Factor parsing out to ...
+ (parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
+ (parse_subkey_algostr_usagestr): New.
+ (generate_subkeypair): Add new args. Implement unattended mode.
+
+ * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
+ (find_by_primary_fpr): new.
+ (keyedit_quick_addkey): New.
+ * g10/gpg.c (aQuickAddKey): New.
+ (opts): Add --quick-addkey.
+ (main): Implement.
+
+ gpg: Do not abort on certain invalid packets.
+ + commit d837f6b0eadb14ea08c1c6030b4d6adaaee8778e
+ * g10/build-packet.c (write_fake_data): Check for non-opaque data.
+ * g10/seskey.c (do_encode_md): Return NULL instead of abort.
+
+ common: New function openpgp_is_curve_supported.
+ + commit 072acb69be55e366e2da921e3953404765fa3928
+ * common/openpgp-oid.c: Include openpgpdefs.h.
+ (oidtable): Add field pubkey_algo.
+ (openpgp_is_curve_supported): New.
+
+2016-06-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Allow User ID length >= 256.
+ + commit db1ecc8212defdd183abbb6b1407fcc8d2dc9552
+ * build-packet.c (do_user_id): Call write_header2 with HDRLEN not set.
+
+2016-05-31 Werner Koch <wk@gnupg.org>
+
+ gpg: New status code NOTATION_FLAGS.
+ + commit 67a4bc8d536f6997f14daff4c039abd48a172100
+ * common/status.h (STATUS_NOTATION_FLAGS: New.
+ * g10/packet.h (struct notation): Add flags.human.
+ (notation_t): New typedef.
+ * g10/build-packet.c (sig_to_notation): Set flags.human.
+ * g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
+
+2016-05-28 Werner Koch <wk@gnupg.org>
+
+ common: Add a status callback to gnupg_exec_tool_stream.
+ + commit 239a4d53916b47b5b0f0167a9b2c7a8915bb9c52
+ * common/exectool.h (exec_tool_status_cb_t): New.
+ * common/exectool.c: Include missing exectool.h.
+ (read_and_log_buffer_t): Replace array by pointer.
+ (gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'.
+ Change all callers to pass NULL for them. Malloc buffer for
+ FDERRSTATE.
+ (read_and_log_stderr): Implement status_fd feature.
+
+2016-05-27 Werner Koch <wk@gnupg.org>
+
+ common: Allow a second input stream for gnupg_exec_tool_stream.
+ + commit 44a32455c8e41400ea96db4507c8a42bdb65b3b6
+ * common/exechelp-posix.c (do_exec): Add arg 'except' and pass to
+ close_all_fds.
+ (gnupg_spawn_process): Add arg 'except'. Change callers to pass NULL
+ for it.
+ * common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'.
+ * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
+ * common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK.
+ (gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass
+ NULL for it. Allow NULL for OUTPUT.
+
+ common: Simplify the fd closing patch 512c56a.
+ + commit e6d9a2d07ed7aeac3944d8a7d1317c4a117356b4
+ * common/exechelp-posix.c (get_max_fds): Use /proc/self.
+
+ common: Speedup closing fds before an exec.
+ + commit 512c56af43027149e8beacf259746b8d7bf9b1a2
+ * common/exechelp-posix.c [__linux__]: Include dirent.h.
+ (get_max_fds) [__linux__]: Return the actual used highest fd.
+
+ tools: Improve debug output of rfc822parse.
+ + commit ad75ca9c963bebbe02aae8d73e199a705764ae82
+ * tools/rfc822parse.c (show_event): Add missing events.
+
+ build: Remove obsolete tests for funopen and fopencookie.
+ + commit d755bcb89dbeaf6c7c1eca73ccabdf89b536c535
+ * configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
+
+ common: Extend gnupg_create_inbound_pipe et al.
+ + commit 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
+ * common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
+ and 'nonblock'.
+ (gnupg_create_outbound_pipe): Ditto.
+ * common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
+ functional args 'r_fp' and 'nonblock'.
+ (gnupg_create_outbound_pipe): Ditto.
+ * common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
+ (gnupg_create_outbound_pipe): Ditto.
+
+ common: Make use of default_errsource in exechelp.
+ + commit 96c7901ec1c79be732570811223d3ea54875abfe
+ * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
+ Use them instead of gpg_error and gpg_error_from_syserror.
+ (create_pipe_and_estream): Remove arg ERRSOURCE and fix use of
+ OUTBOUND which has a wrong name. Adjust callers.
+ (gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of
+ DEFAULT_ERRSOURCE.
+ * common/exechelp-w32.c (gnupg_spawn_process): Ditto.
+ * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
+ * common/exectool.c (gnupg_exec_tool_stream): Do not pass
+ GPG_ERROR_FROM_SYSERROR.
+ * tools/gpgconf-comp.c (gc_component_check_options): Ditto.
+ (retrieve_options_from_program): Ditto.
+
+ gpg: Keep current and total of PROGESS status lines small enough.
+ + commit 6c957c3d880c069bb843cc58fdcebb9fc344727e
+ * g10/progress.c (progress_filter): Factor status wrote out to...
+ (write_status_progress): New. Scale values down.
+
+2016-05-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ configure: Detection of libusb on FreeBSD.
+ + commit b3e043ba905fdf2efcdadbd7022ac53f4408b748
+ * configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB.
+
+2016-05-25 Werner Koch <wk@gnupg.org>
+
+ build: Switch to new URL for swdb.lst.
+ + commit 74028096e06d2904f77b74b373750264e5b7b1ea
+
+
+2016-05-24 Werner Koch <wk@gnupg.org>
+
+ gpgtar: Simplify code by using ccparray.
+ + commit 91bc7833836f19256d56984c94cacf44853ff5c8
+ * tools/gpgtar-create.c (gpgtar_create): Use ccparray functions.
+ * tools/gpgtar-extract.c (gpgtar_extract): Ditto.
+ * tools/gpgtar-list.c (gpgtar_list): Ditto.
+
+ common: Add simple dynamic array function.
+ + commit 2421f7f7ed74ed20372efd63a2efd58d3b55005c
+ * common/ccparray.c: New.
+ * common/ccparray.h: New.
+ * common/t-ccparray.c: New.
+ * common/Makefile.am (common_sources): Add files.
+ (module_tests): Add test file.
+ (t_ccparray_LDADD): New.
+
+2016-05-23 Justus Winter <justus@g10code.com>
+
+ tests: Test the pinentry interactions when exporting keys.
+ + commit b9d1e099c3ec3163c86afe627ecbe028db1facf6
+ * tests/openpgp/export.test: Test pinentry interactions.
+
+ tests: Add support for a passphrase queue to fake pinentry.
+ + commit 4994153924e0948a657edddaef54a39a6001beff
+ * tests/openpgp/fake-pinentry.c (get_passphrase): New function.
+ (main): Add option --passphrasefile and read passphrases from it.
+
+ tests: Add logging to fake pinentry.
+ + commit 41b10c66ec1dd33633386f4fc8013ddeab7737ca
+ * tests/openpgp/fake-pinentry.c (log_stream): New variable.
+ (reply): New function.
+ (spacep,skip_options,option_value): Copy from common.
+ (main): Parse arguments, add --logfile option, write logfile.
+
+ tests: Add export test.
+ + commit a54e89a58576108fcae10ceeb4fc65822aecc170
+ * tests/openpgp/Makefile.am (TESTS): Add new file.
+ * tests/openpgp/export.test: New file.
+
+2016-05-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Speed up key listing in Tofu mode.
+ + commit 78bb08425af5b1edb7f3ef0119013529b3a9e4ba
+ * g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra
+ lookup of the public key by fingerrpint.
+ (tofu_register): Pass PK to get_trust.
+ (tofu_get_validity): Ditto.
+
+ *g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
+
+ gpg: Avoid name spaces clash with future sqlite versions.
+ + commit b1ba460d8f3358342c2ee2927114d36e767a439f
+ * g10/sqlite.c: Rename to gpgsql.c. Change function prefixes to
+ gpgsql_.
+ * g10/sqlite.h: Rename to gpgsql.h.
+ * g10/tofu.c: Adjust for changes.
+
+ gpg: Explicitly close a combined Tofu DB.
+ + commit 006a6126131ffd59d9a47889ac031f932ecc5d0b
+ * g10/tofu.c (tofu_closedbs): Close combined DB.
+
+ gpg: Store the Tofu meta handle for databases in CTRL.
+ + commit 754b1c463034a634a678d8efc76c27fd46aad9b9
+ * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
+ (struct server_control_s): Add field tofu.dbs.
+ * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by
+ by tofu_dbs_t.
+ (opendbs): Add arg CTRL. Cache the DBS in CTRL.
+ (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL.
+ (tofu_register): Add arg CTRL. Change all callers. Do not call
+ closedbs.
+ (tofu_get_validity): Ditto.
+ (tofu_set_policy): Ditto.
+ (tofu_get_policy): Ditto.
+ (tofu_set_policy_by_keyid): Add arg CTRL.
+ * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.
+
+ gpg: Pass CTRL object down to the trust functions.
+ + commit 027c4e55522b8e18711a3331932a9869ab89ca26
+
+
+ gpg: Fix the TOFU_STATS_LONG status.
+ + commit fd973ee1c18aa8fe764e09ba4dff589309b2d78d
+ * g10/tofu.c (show_statistics): Print TOFU STATS with formatting
+ characters.
+
+2016-05-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Print "[ never ]" instead of err for validity.
+ + commit 437c97ab6a34ff1936001dd05209193b4466a81d
+ * g10/trust.c (uid_trust_string_fixed): Handle NEVER.
+
+2016-05-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Adjust the WKD lookup to specs version -01.
+ + commit cf97769906337d65289ad58225a5ecc53c715550
+ * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
+ domain part.
+
+2016-05-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Emit new status line KEY_CONSIDERED.
+ + commit ff71521d9698c7c5df94831a1398e948213af433
+ * common/status.h (STATUS_KEY_CONSIDERED): New.
+ * g10/getkey.c: Include status.h.
+ (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
+ (finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
+ set flag. Check a requested usage before checking for expiraion or
+ revocation.
+ (print_status_key_considered): New.
+ (lookup): Print new status.
+
+2016-05-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix signature checking.
+ + commit 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb
+ * g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+ walk_kbnode.
+
+2016-05-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow unattended deletion of secret keys.
+ + commit ac9ff644b12c4dfa55d466af8ae6af54d1646893
+ * agent/command.c (cmd_delete_key): Make the --force option depend on
+ --disallow-loopback-passphrase.
+ * g10/call-agent.c (agent_delete_key): Add arg FORCE.
+ * g10/delkey.c (do_delete_key): Pass opt.answer_yes to
+ agent_delete_key.
+
+2016-05-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix buglet in the check_all_keysigs function.
+ + commit 693838f0125d5d0c963fa3771b1bd117702af697
+ * g10/keyedit.c (sig_comparison): Actually compare the pubkey
+ algorithms.
+
+ gpg: Request a "save" after cmd "check" fixed something.
+ + commit d33b35f7481caa0dcb25f9fa7d6c5bb27895297a
+ * g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
+
+2016-05-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit ff870d59f067d3c5415e231c02a50d5dceac7e48
+
+
+2016-05-04 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.12.
+ + commit 00df5b1236cac5c7a48638a4613278c5aab486f8
+
+
+ speedo,w32: Remove the installation directory page.
+ + commit fb1e9df48465c2f77a65dddd257572fdc79d9450
+ * build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove.
+
+ gpg: Fix const char pointer mismatch with gettext.
+ + commit 920b1421b35d1404b8360bd8feac0be659840543
+ * g10/tofu.c (get_trust): Use const char *.
+
+ speedo: Build sqlite with static-libgcc.
+ + commit edce430b039b313cc2d79402a7bd21347490c3be
+ * build-aux/speedo/patches/sqlite.patch: New.
+ * Makefile.am (EXTRA_DIST): Add file.
+
+ speedo: Also try patch files w/o version number.
+ + commit 9ea258fa5b45bb5454ee3f5906df5d5eebdec0dd
+ * build-aux/speedo.mk (SPKG_template): Try such a patch file.
+
+2016-05-04 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo,w32: Install sqlite.
+ + commit 2b78223d7587c68e2e27a3d7b365219228da7947
+ * build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New.
+
+ speedo,w32: Fix uninstallation.
+ + commit 5ec76fd0c300b52366cf8d1407fe1c8de3a8a9d4
+ * build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and
+ dirmngr-conf.skel
+
+ speedo,w32: Install localisation.
+ + commit 3f58fc64666101e160e9b13fedb6cdaebeb91a7a
+ * build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n.
+ (-un.libgpg-error, -un.gnupg): Uninstall l10n files.
+
+2016-05-04 Werner Koch <wk@gnupg.org>
+
+ tests: Disable the migrations tests.
+ + commit d696eb396a9c88319358da4333feb653994d5408
+ * tests/Makefile.am (SUBDIRS): Remove migrations.
+ * configure.ac (AC_CONFIG_FILES): Remove migrations Makefile.
+
+2016-05-04 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 4fd13ab78dd228d8ff85659cddc2076af8728ebe
+
+
+2016-05-04 Werner Koch <wk@gnupg.org>
+
+ po: Update German translation.
+ + commit 75f31cdd42eed3555952ac478055d52af841f702
+
+
+ Some minor string changes and fixed a printf format.
+ + commit d00625dae60f26617d2e1bd4f22c6b35a4e92c91
+ * g10/build-packet.c (notation_value_to_human_readable_string): Use
+ %zu for size_t.
+
+ build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
+ + commit 04cc7c3786d91881f83a72799dab058476602a31
+ * build-aux/config.guess: Update.
+ * build-aux/config.sub: Update.
+
+ agent: Make --allow-loopback-pinentry the default.
+ + commit 3ef0938cfd8637e9801369f142eb8dd564f2ca61
+ * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
+ (opts): Add --no-allow-loopback-pinentry. Hide
+ description of --allow-loopback-pinentry.
+ (parse_rereadable_options): Set opt.allow_loopback_pinentry by
+ default.
+ (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
+ in the gpgconf list.
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
+
+2016-05-03 Werner Koch <wk@gnupg.org>
+
+ common: Print https URLs in help messages.
+ + commit 9e28617e260261de3972c20698b5a01561330e1c
+ * common/argparse.c (strusage): Print https URLS.
+
+ tests: Silence output of some tests.
+ + commit 33aacc3d4bbd6a82d7e7ceca058970879741b7da
+ * common/t-exechelp.c (print_open_fds): Silence non-verbose output.
+ (test_close_all_fds): Ditto.
+ * common/t-session-env.c (show_stdnames): Indent output.
+ * g10/test.c (TEST): Silence non-verbose okay output.
+ (exit_tests): Ditto.
+ * tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
+ * tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
+ * tests/openpgp/mds.test: Indent MD5 notice.
+ * tests/openpgp/version.test: Indent --version output.
+
+ gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
+ + commit 83865be35cff5355a5c4575cc3b50609819b0baa
+ * g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
+ (FULL_TRUST_THRESHOLD): New.
+ (write_stats_status): New.
+ (show_statistics): Call new function. Print TOFU_STATS_LONG.
+
+2016-05-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Extend TRUST_foo status lines with the trust model.
+ + commit ae1889320b822d48f7118a29391605e9ac992701
+ * g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
+ * g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg
+ "model" and change callers to call with OPT.TRUST_MODEL.
+ * g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
+ * g10/pkclist.c (write_trust_status): New.
+ (check_signatures_trust): Call new function.
+
+ gpg: Improve line wrapping for a tofu message.
+ + commit 5cef6118580fe658a27d32e85696d88775ad417a
+ * g10/tofu.c (time_ago_str): Mark non-breakable spaces.
+ (show_statistics): Remove marks.
+
+ gpg: Re-format some tofu messages.
+ + commit d73e83c3b678add11a5754e199e528aeb39ec8ce
+ * common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
+ (STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
+ * g10/tofu.c (NO_WARNING_THRESHOLD): New.
+ (record_binding, tofu_register): Take care of --dry-run.
+ (show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
+ Fix the ngettext/strcmp thing. Use log_string instead of log_info.
+ Use NO_WARNING_THRESHOLD constant.
+ (get_trust): Use format_text and print a compact fingerprint.
+
+2016-05-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: More fix of error return path.
+ + commit 6677d8b61446eb5760a30a2488c992d6e895a9ed
+ * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
+ apdu_connect.
+
+2016-04-29 Werner Koch <wk@gnupg.org>
+
+ common: Extend log_string to indent lines.
+ + commit 35f4b6aafdf1889ed1ae569af5852f47738fe993
+ * common/logging.c (do_logv): Add indentation when called via
+ log_string.
+
+ gpg: Factor some code code out of tofu.c.
+ + commit dcad99c98616a6031ddfde313c920339e4012378
+ * g10/tofu.c (string_to_long): New.
+ (string_to_ulong): New.
+ (get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
+ (get_single_long_cb): Ditto.
+ (signature_stats_collect_cb): Ditto.
+ (get_policy): Ditto.
+ (show_statistics): Ditto. Uese es_free instead of free.
+
+ gpg: Remove all assert.h and s/assert/log_assert/.
+ + commit 64bfeafa52a5ed3fa82bdc0ce7ef0edddeef188c
+
+
+ common: Improve log_assert.
+ + commit 9740dff9f4d18ba764dc7173d4902e94e3f0c2e8
+ * common/logging.c (bug_at): Do not i18n the string.
+ (_log_assert): New.
+ * common/logging.h (log_assert): Use new function and pass line
+ information.
+
+2016-04-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix error return path.
+ + commit cb4fee8bb645745ff199f7428e19226d5bc63dab
+ * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
+ Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.
+
+2016-04-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix memory leaks.
+ + commit 508b0deb70d39d388149be9a63fab24cc956a239
+ * scd/ccid-driver.c (scan_or_find_usb_device): Return on
+ LIBUSB_ERROR_NO_MEM. Free CONFIG before return except on error.
+ (scan_or_find_devices): Free device list.
+
+2016-04-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
+ + commit 87de9e19edf0311ca0342e15ef44ebe40e32861e
+ * g10/getkey.c (parse_auto_key_locate): Add method "wkd".
+ (get_pubkey_byname): Implement that method. Also rename a variable.
+ * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
+ * g10/keyserver.c (keyserver_import_wkd): New.
+ * g10/test-stubs.c (keyserver_import_wkd): Add stub.
+ * g10/gpgv.c (keyserver_import_wkd): Ditto.
+ * g10/options.h (opt): Add field 'with_wkd_hash'.
+ (AKL_WKD): New.
+
+ * g10/gpg.c (oWithWKDHash): New.
+ (opts): Add option --with-wkd-hash.
+ (main): Set that option.
+ * g10/keylist.c (list_keyblock_print): Implement that option.
+
+ dirmngr: Add experimental command WKD_GET.
+ + commit c83c6f212e9bc98a9ea8dd8102bc16edd1a03050
+ * dirmngr/server.c (cmd_wkd_get): New.
+ (register_commands): Add command WKD_GET.
+
+ dirmngr: Use system provided root CAs with KS_FETCH.
+ + commit c3aeda82b8d00b87a5af72b4075c487c10dfdf6b
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
+
+2016-04-26 Werner Koch <wk@gnupg.org>
+
+ http: Allow to request system defined CAs for TLS.
+ + commit fd765df6a7883c3d841abeb657330a1aab4b7756
+ * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
+ * dirmngr/http.c (http_session_new): Add arg "flags".
+ * dirmngr/ks-engine-hkp.c (send_request): Use new flag
+ HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/t-http.c (main): Ditto.
+
+2016-04-25 Werner Koch <wk@gnupg.org>
+
+ common: Minor fixes for the new private-keys.c.
+ + commit b7fa4960c292ef1a290d32b7f46bb741bbfc0923
+ * common/private-keys.c (my_error_from_syserror): New. Use it in
+ place of gpg_error_from_syserror.
+ (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
+ (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
+
+ (_pkc_add): Add braces around if-statement.
+
+ common: Use new function to print a failure of xtrymalloc.
+ + commit 8776abbe02935e720018f3ef6ffd48f21435ff8b
+ * common/miscellaneous.c (xoutofcore): New.
+ * common/strlist.c (append_to_strlist): Use instead of abort.
+ (append_to_strlist_try): Use xtrymalloc instead of xmalloc.
+
+2016-04-21 Justus Winter <justus@g10code.com>
+
+ common: Add support for the new extended private key format.
+ + commit 12af2630cf4d1a39179179925fac8f2cce7504ff
+ * agent/findkey.c (write_extended_private_key): New function.
+ (agent_write_private_key): Detect if an existing file is in extended
+ format and update the key within if it is.
+ (read_key_file): Handle the new format.
+ * agent/keyformat.txt: Document the new format.
+ * common/Makefile.am: Add the new files.
+ * common/private-keys.c: New file.
+ * common/private-keys.h: Likewise.
+ * common/t-private-keys.c: Likewise.
+ * common/util.h (alphap, alnump): New macros.
+ * tests/migrations: Add test demonstrating that we can cope with the
+ new format.
+
+ common: Add 'free_strlist_wipe' which wipes memory.
+ + commit c6d1f2f08c68efe7e80887219064a8ce6365128f
+ * common/strlist.c (free_strlist_wipe): New function.
+ * common/strlist.h (free_strlist_wipe): New prototype.
+
+ common: Add 'append_to_strlist_try' which can fail.
+ + commit 95303ee11df12f284e98d02dba993eda9e425383
+ * common/strlist.c (append_to_strlist): Use the new function.
+ (append_to_strlist_try): New function.
+ * common/strlist.h (append_to_strlist_try): New prototype.
+
+ agent: Convert key format document to org.
+ + commit 342cc488890241b41e49f50886617115342721d6
+ * agent/keyformat.txt: Convert to org mode.
+
+ tests: Make migration test more robust and silent.
+ + commit 0c35e09278514f1e3377a4b0a9b1f44dd39b1bf4
+ * tests/migrations/from-classic.test: Fix in-tree build, silence test.
+
+2016-04-21 Werner Koch <wk@gnupg.org>
+
+ w32: Use --enable-gpg2-is-gpg by default.
+ + commit d81de224ecd542922dda649a492dd9550509d7bc
+ * autogen.rc: Add option also for plain Windows.
+
+ w32: Replace libiconv DLL by iconv feature of libgpg-error.
+ + commit bd4d65615b3a5360d455b99e77bd113ad90f1539
+ * configure.ac: Do nor require libiconv for W32.
+ * common/utf8conv.c [W32]: Do not incluce iconv.h. Request
+ libgpg-error iconv macros.
+ (jnlib_iconv): Use ICONV_CONST macro.
+ * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
+ * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
+
+2016-04-20 Justus Winter <justus@g10code.com>
+
+ agent: Sanitize permissions of the private key directory.
+ + commit f8adf1a3234655877a4f985d627d98567507002c
+ * agent/gpg-agent.c (create_private_keys_directory): Set permissions.
+ * common/sysutils.c (modestr_to_mode): New function.
+ (gnupg_mkdir): Use new function.
+ (gnupg_chmod): New function.
+ * common/sysutils.h (gnupg_chmod): New prototype.
+ * tests/migrations/from-classic.test: Test migration with existing
+ directory.
+
+ tests: Test the migration from a classic GnuPG home directory.
+ + commit defbc70b4a16264e067daf76678ecfb9d030dee4
+ * configure.ac: Add new directory.
+ * tests/Makefile.am (SUBDIRS): Likewise.
+ * tests/migrations/Makefile.am: New file.
+ * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise.
+ * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise.
+ * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise.
+ * tests/migrations/from-classic.test: Likewise.
+
+2016-04-20 Werner Koch <wk@gnupg.org>
+
+ speedo: Use swdb.lst to define the SQLite version.
+ + commit 2385b9f1ddc4938e45c01a12a804f4b77d253305
+ * build-aux/speedo.mk: Change sqlite to use our mirror and the
+ swdb.lst file.
+ * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
+ gpg.
+
+2016-04-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve UID selction of --quick-sign-key.
+ + commit d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec
+ * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
+ error for non-found userids.
+
+ gpg: Avoid debug like output at start of --edit-key.
+ + commit 085b19fc9aa7f2f9b82a97824b117e71390964ec
+ * g10/keyedit.c (check_all_keysigs): Print info only after something
+ has been modified.
+
+2016-04-15 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Fix https never reported in general help.
+ + commit 6272f24312f2efe8707a7712858c85cd5a42e6fa
+ * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https
+ when supported and no uri provided.
+
+ dirmngr: Fix https incorrectly reported in help.
+ + commit a0642856b25622c81d3464979c47ff2a30af58fa
+ * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
+ is supported.
+
+2016-04-14 Werner Koch <wk@gnupg.org>
+
+ agent: Fix regression due to recent commit 4159567.
+ + commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2
+ * agent/protect.c (do_encryption): Fix CBC hashing.
+
+ agent: Allow gpg-protect-tool to handle openpgp-native protection.
+ + commit 6df75ec70afeb1a5ad9a00557e1245e1514c37b5
+ * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
+ agent_unprotect.
+ (main): Allocate a simple CTRL object and pass it to
+ read_and_unprotect.
+ (convert_from_openpgp_native): Remove stub.
+ (agent_key_available, agent_get_cache): New stubs.
+ (agent_askpin): New emulation for the one in call-pinentry.c.
+ (agent_write_private_key): New to dump key.
+ * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
+
+ tests: Set fake-pinentry's stdout and stdin to _IOLBF.
+ + commit 94504b3d5af126abb591dedda1ca0f0970822f55
+ * tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase
+ at startup. Increase buffer.
+
+2016-04-12 Werner Koch <wk@gnupg.org>
+
+ agent: Implement new protection mode openpgp-s2k3-ocb-aes.
+ + commit 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
+ * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
+ to pass -1 for default.
+ * agent/protect-tool.c: New option --debug-use-ocb.
+ (oDebugUseOCB): New.
+ (opt_debug_use_ocb): New.
+ (main): Set option.
+ (read_and_protect): Implement option.
+
+ * agent/protect.c (OCB_MODE_SUPPORTED): New macro.
+ (PROT_DEFAULT_TO_OCB): New macro.
+ (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
+ and timestamp_exp_len. Implement OCB.
+ (agent_protect): Change to support OCB.
+ (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
+ Implement OCB.
+ (merge_lists): Allow NULL for sha1hash.
+ (agent_unprotect): Change to support OCB.
+ (agent_private_key_type): Remove debug output.
+
+ indent: Help Emacs not to get confused by conditional compilation.
+ + commit 7faf131c8b8710419df3dc13a1228d1977c55f53
+ * agent/protect.c (calibrate_get_time) [W32]: Use separate function
+ calls for W32 and W32CE.
+
+2016-04-07 Justus Winter <justus@g10code.com>
+
+ g10: Fix exporting secret keys of certain sizes.
+ + commit 02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8
+ * g10/build-packet.c (do_key): Do not use the header length specified
+ by the public key packet from the keyring, but let 'write_header2'
+ compute the required length.
+
+2016-04-06 Justus Winter <justus@g10code.com>
+
+ Revert "g10: Support armored keyrings in gpgv."
+ + commit 76ca869197e304daa5a8dd96ea43113ec7b28354
+ This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
+
+2016-04-05 Justus Winter <justus@g10code.com>
+
+ dirmngr: Autodetect PEM format in dirmngr-client.
+ + commit 9354293b8c9f234939bc04182f15e2fe512e914e
+ * dirmngr/dirmngr-client.c (init_asctobin): New function.
+ (main): Move the initialization code to the new function.
+ (read_pem_certificate): Initialize base64 table.
+ (read_certificate): Try to decode certificates given in files as PEM
+ first.
+
+2016-04-05 Werner Koch <wk@gnupg.org>
+
+ build: Fix for: Build gpgcompose only in maintainer mode.
+ + commit f45ed07a0fffa3adbc75b9d5726108a066927599
+ * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
+
+ doc: Install gpg and gpgv man pages under the correct name.
+ + commit 4dc4fb1c14b3096bb1cdc5923c0d1eb419036805
+ * doc/mkdefsinc.c (main): Add double include guard. Set variable
+ gpgtwohack. Define macros gpgname and gpgvname.
+ * doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var
+ gpgtwohack to prepare the man pages. Use @gpgname everywhere.
+ * doc/gpgv.texi: Likewise.
+ * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
+ them depending on USE_GPG2_HACK.
+
+ build: Build gpgcompose only in maintainer mode.
+ + commit 4b5341dc333983a15f649601fdddc42ba9161433
+ * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
+ mode.
+
+ gpg: Replace use of "gpg2" by GPG_NAME.
+ + commit 7b58a1118d98543ed6854447d7b403877638ba54
+
+
+2016-04-04 Werner Koch <wk@gnupg.org>
+
+ Now build "gpg" binary but install as "gpg2"
+ + commit 96bcd4220f1f1313afe12097d8dc62342ac8de0d
+ * configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
+ * common/homedir.c (gnupg_module_name): Replace use of macro
+ NAME_OF_INSTALLED_GPG.
+ * g10/keygen.c (generate_keypair): Ditto.
+ * g10/Makefile.am (bin_PROGRAMS): Remove.
+ (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
+ (gpg2_hack_list): New.
+ (use_gpg2_hack): New.
+ (gpg2_SOURCES): Rename to gpg_SOURCES.
+ (gpgv2_SOURCES): Rename to gpgv_SOURCES.
+ (gpg2_LDADD): Rename to gpg_LDADD.
+ (gpgv2_LDADD): Rename to gpgv_LDADD.
+ (gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
+ (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
+ (install-exec-hook): Remove WinCE specific rules and add new rules.
+ (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
+ * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
+ * tests/openpgp/defs.inc: Ditto.
+ * tests/openpgp/gpgtar.test: Ditto.
+ * tests/openpgp/mkdemodirs: Ditto.
+ * tests/openpgp/signdemokey: Ditto.
+
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
+ --enable-mailto, add --enable-gpg2-is-gpg.
+
+ tests: Add missing file.
+ + commit c6ed863491ec3a1e0fcf9cbe2c93c87468306c29
+ * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
+
+2016-04-04 Justus Winter <justus@g10code.com>
+
+ g10: Support armored keyrings in gpgv.
+ + commit abb352de51bc964c06007fce43ed6f6caea87c15
+ * doc/gpgv.texi: Document the feature.
+ * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
+ * g10/dearmor.c (dearmor_file): Add sink argument.
+ * g10/gpg.c (main): Adapt accordingly.
+ * g10/gpgv.c (make_temp_dir): New function.
+ (main): De-armor keyrings.
+ * g10/main.h (dearmor_file): Adapt prototype.
+
+ tests: Fix default key test.
+ + commit dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c
+ * tests/openpgp/default-key.test: Avoid using the option
+ '--trust-model' unconditionally.
+
+2016-04-01 Justus Winter <justus@g10code.com>
+
+ build: Check for conflicting trust model options.
+ + commit 6060ea898fda499211c9d5030fff41d58f899fb0
+ * configure.ac: Disable TOFU if configured without trust models, and
+ check for conflicting options.
+
+ g10: Remove option --always-trust if compiled without trust models.
+ + commit b74185b6eaeaae4754726ff203e11977777f568c
+ * g10/gpg.c (opts): Remove option --always-trust if compiled without
+ trust models.
+
+2016-03-31 Justus Winter <justus@g10code.com>
+
+ speedo,w32: Build libsqlite3.
+ + commit e7171f559590422cc52dbcb8d78d94569b31012f
+ * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
+ (libsqlite3_ver): New variable.
+ (speedo_pkg_libsqlite3_tar): Likewise.
+
+ g10: Use gpg-error abstraction of sched_yield.
+ + commit 8be9dab2dd2f83ca922c01542c63b404e34bdfd9
+ * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.
+
+2016-03-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix NULL-segv for missing tofu DB.
+ + commit e2c5781788f765815532410a77077ddbb72513e9
+ * g10/tofu.c (opendb): Guard call to timeout function.
+
+2016-03-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve message when asking for key capabilities.
+ + commit fc30c079a348436868968850dabf653b91f82419
+ * g10/keygen.c (ask_key_flags): Improve message.
+
+ gpg: Remove the extra prompt for Curve25519.
+ + commit 7f919063d3e426104fe58ae779a9a066140014c1
+ * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
+ (ask_curve): Use a fixed table of curve names and reserve a slot for
+ Curve448. Simplify CurveNNNN/EdNNNN switching.
+ (ask_curve): Remove the Curve25519 is non-standard prompt.
+
+2016-03-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Silence trustdb computation with --quiet.
+ + commit af9a4afbf0b518c8acff98e50135b2beb6c722c3
+ * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
+ mode.
+
+2016-03-17 Werner Koch <wk@gnupg.org>
+
+ sm: Always create a keybox header when creating a new keybox.
+ + commit 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c
+ * sm/keydb.c (maybe_create_keybox): Create the header blob.
+
+2016-03-17 Neal H. Walfield <neal@g10code.com>
+
+ doc: Improve documentation of --enable-large-rsa.
+ + commit 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e
+ * doc/gpg.texi (--enable-large-rsa): Improve text.
+
+2016-03-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: allow removal of the shadowed key.
+ + commit 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60
+ * agent/findkey.c (agent_delete_key): Remove the key when asked.
+
+2016-03-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Add const qualifier.
+ + commit b752d2c93778e6a1c1de3eddf8fc725b0ddd354e
+ * g10/gpgcompose.c (show_help): Those are strings not to be modified.
+
+2016-03-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not rely on a certain evaluation order.
+ + commit 60b34f96f4f390670462d719c0d797e622cee4d4
+ * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
+ before derefing IS_SELFSIG.
+
+2016-03-14 Werner Koch <wk@gnupg.org>
+
+ scd: Add manufacturer id 0x000a.
+ + commit 834b84c0ee4990393daa5e44afbab5b0aaed0758
+ * g10/card-util.c (get_manufacturer): Add it.
+
+2016-03-10 Kevin J. McCarthy <kevin@8t8.us>
+
+ g10: Silence message if --quiet is given.
+ + commit 4f578cb2fc192f44070bb0d18dffaa3863ed0d92
+ * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
+ given.
+
+2016-03-08 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Add a new test.
+ + commit b17577eac6b7599a4bab6fd3ecb04715aa01367c
+ * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
+ (module_tests): Add t-stutter.
+ (t_stutter_SOURCES): New variable.
+ (t_stutter_LDADD): New variable.
+
+2016-03-07 Justus Winter <justus@g10code.com>
+
+ sm: Implement pinentry loopback and reading passphrases from fd.
+ + commit eea139c56ef55081d8cd8df2a35ce507386e0f17
+ * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
+ * sm/Makefile.am (gpgsm_SOURCES): Add new files
+ * sm/call-agent.c (struct default_inq_parm_s): New definition.
+ (start_agent): Pass in the pinentry mode.
+ (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
+ Adapt all call sites to the new callback cookie.
+ * sm/gpgsm.c (cmd_and_opt_values): Add new values.
+ (opts): Add new options.
+ (main): Handle new options.
+ * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
+ * sm/passphrase.c: New file.
+ * sm/passphrase.h: Likewise.
+
+ sm: Remove unused argument '--fixed-passphrase'.
+ + commit 53ed98eda77ff2dcf390cebd0cec9f2665661863
+ * doc/gpgsm.texi: Drop description.
+ * sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
+ (opts): Drop argument.
+ (main): Drop argument handling.
+ * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
+
+ kbx: Avoid undefined behavior.
+ + commit a68ca5a90457ac97eee4efd7fdea596d27c54697
+ * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before
+ shifting.
+
+2016-03-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Bug fix for a device with multiple interfaces.
+ + commit 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5
+ * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when
+ accessing interface information.
+
+2016-03-04 Justus Winter <justus@g10code.com>
+
+ build: Make libusb a hard requirement if the ccid driver is requested.
+ + commit e997552161b2dd8aabf350adee14e208e1545aef
+ * configure.ac: Print an error message and die if the internal ccid
+ driver is requested but no suitable libusb is found.
+
+ g10: Drop superfluous declaration.
+ + commit 1e4b7823008daea1a22a6f0f9b379fdec37a4cd4
+ * g10/main.h (disable_core_dumps): Drop declaration.
+
+ g10: Guard code against errors.
+ + commit 40f6529ceeea806fc011135a9fa3a3590a9534ac
+ * g10/keygen.c (do_generate_keypair): Check for errors, in which case
+ 'pri_psk' is NULL.
+
+2016-03-03 Justus Winter <justus@g10code.com>
+
+ dirmngr: Add more missing CFLAGS.
+ + commit 9f0ba5089e664447c36cee3d9249f95e4ea39957
+ * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
+ 'GCRYPT_CFLAGS'.
+ (t_dns_stuff_CFLAGS): Likewise.
+
+ tests/openpgp: Skip gpgtar test if it has not been built.
+ + commit a883d4c0f8125e809c144ec69e76c9f522102d8f
+ * tests/openpgp/gpgtar.test: Check if executable exists.
+
+2016-03-02 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Add new program gpgcompose.
+ + commit d040628ddf2c09ddc9581ff365680a568ad24278
+ * g10/packet.h: Include "util.h".
+ * g10/encrypt.c (encrypt_seskey): Don't mark as static.
+ * g10/gpgcompose.c: New file.
+ * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
+ (gpg2_SOURCES): Split everything but gpg.c into...
+ (gpg_sources): ... this new variable.
+ (gpgcompose_SOURCES): New variable.
+ (gpgcompose_LDADD): Likewise.
+ (gpgcompose_LDFLAGS): Likewise.
+
+ gpg: More robustly detect valid non-armored OpenPGP messages.
+ + commit 605276ef8cd449bfd574ae6c498fa5d7d265c5c7
+ * g10/armor.c (is_armored): More robustly detect valid non-armored
+ OpenPGP messages.
+
+ common: Provide a function for mapping packet types to strings.
+ + commit 24e0f1d56e6f56e7fb52b5c6bdb100131e12dfe3
+ * common/openpgpdefs.h (pkttype_str): New function.
+
+ gpg: Rename pop_filter to iobuf_pop_filter and export it.
+ + commit 1463f9b9624fae97cc89df3aa4546655ee893f7c
+ * common/iobuf.c (pop_filter): Rename from this...
+ (iobuf_pop_filter): ... to this. Don't mark it as static.
+
+ gpg: Split write_pubkey_enc_from_list.
+ + commit 7eac4942b537c4b3710d34e6adb9c5d36338f38b
+ * g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
+ function out into...
+ (write_pubkey_enc): ... this new function.
+
+ gpg: Allow the caller to write the contents of a plaintext packet.
+ + commit 2fdb950471bd36f046672254ff26ca94797cc9f1
+ * g10/build-packet.c (do_plaintext): Change the semantics such that if
+ PT->BUF is NULL, it is the caller's responsibility to write the
+ content (and disable partial body length mode, if appropriate).
+
+ gpg: Add a new function for creating binary notations.
+ + commit 1a624586149f9e34206e5d5e1ba0b7d2b7004c80
+ * g10/build-packet.c (blob_to_notation): New function.
+
+ gpg: Refactor the printing of binary notations.
+ + commit fd2d00ccf558b1ac1184967d8702ef01cd60bf60
+ * g10/build-packet.c (sig_to_notation): Break printing of binary
+ notations into...
+ (notation_value_to_human_readable_string): ... this new function.
+ Provide a small preview of the binary data substituting non-printable
+ characters with '?'.
+
+2016-03-02 Uldis Anšmits <uldis.ansmits@tieto.com>
+
+ tests/openpgp: Make tests more portable.
+ + commit 1cdb744d91ab33563fc0b3156fb05694caa55278
+ * tests/openpgp/default-key.test: Avoid 'grep -q'.
+ * tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'.
+ * tests/openpgp/use-exact-key.test: Avoid 'grep -q'.
+
+2016-03-02 Justus Winter <justus@g10code.com>
+
+ common: Consolidate Assuan server argument handling.
+ + commit e77c85577d1bdd77ad3b81907145fd68f2653c01
+ * common/Makefile.am (common_sources): Add new files.
+ * common/server-help.c: New file.
+ * common/server-help.h: Likewise.
+ * agent/command.c: Drop argument handling primitives in favor of using
+ the consolidated ones.
+ * dirmngr/server.c: Likewise.
+ * g10/server.c: Likewise.
+ * g13/server.c: Likewise.
+ * scd/command.c: Likewise.
+ * sm/server.c: Likewise.
+
+2016-03-01 Justus Winter <justus@g10code.com>
+
+ dirmngr: Add missing CFLAGS.
+ + commit 9a1778abcae0a7afe33be8e02b6d9a909463cd54
+ * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
+ 'GPG_ERROR_CFLAGS'.
+ (t_dns_stuff_CFLAGS): Likewise.
+
+ tools: Drop superfluous include.
+ + commit 3a1d142f9b71721a631cf2037665e9def60aa384
+ * tools/gpgtar.c: Do not include unused 'npth.h'.
+
+2016-02-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Prettify a 2 octet hex output.
+ + commit 2de0d41219a522e01f050d475b3ddecb9173fc7d
+ * g10/sig-check.c (check_key_signature2): Wrap line and use %02x.
+
+2016-02-25 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Show debugging info if a sig with an unsupported sig class is used.
+ + commit 87515e39295e4b7eaec1641c38e1ac32e8d39a91
+ * g10/sig-check.c (check_key_signature2): If SIG->CLASS is
+ unsupported, show some debugging information. Don't use BUG to fail.
+ Just return GPG_ERR_BAD_SIGNATURE.
+
+ gpg: More carefully encode a packet's length.
+ + commit 960f5e26f2cda3ac6e6b30548fa808a690c39ffc
+ * g10/build-packet.c (write_header2): Make sure the length bits are
+ cleared. Fail if HDRLEN is set and the specified length can't be
+ encoded in the available space.
+
+ gpg: Avoid directly twiddling bits.
+ + commit 105a5629c7e938ec7b3c9c338ebe7bdfee4cfdad
+ * g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
+ packet's format.
+ (write_header2): Likewise.
+
+ gpg: Add some asserts.
+ + commit c9636a1acc952eb8e1355089bc2e229dece98165
+ * g10/build-packet.c (ctb_new_format_p): New function.
+ (ctb_pkttype): New function.
+ (do_user_id): Add some asserts.
+ (do_key): Likewise.
+ (do_symkey_enc): Likewise.
+ (do_pubkey_enc): Likewise.
+ (do_plaintext): Likewise.
+ (do_encrypted): Likewise.
+ (do_encrypted_mdc): Likewise.
+ (do_compressed): Likewise.
+ (do_signature): Likewise.
+ (do_signature): Likewise.
+ (write_header2): Likewise.
+
+ gpg: Avoid an unnecessary copy.
+ + commit 512bc72e1f8544341529174142273d857f45540c
+ * g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
+ the data: the size of the packet is fixed.
+
+2016-02-23 Neal H. Walfield <neal@g10code.com>
+
+ common: Reduce buffer size.
+ + commit 75861b663bbb37214143c2ff7b1b4d1d10ba2657
+ * common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB.
+
+ common: Improve a function's documentation and comments.
+ + commit 14d27b2cadf9b0bb413f2b8bad2d81c1d370c2e7
+ * common/iobuf.c (iobuf_set_partial_body_length_mode): Fix
+ documentation and comment. Add an assert.
+
+ common: Add log_assert.
+ + commit f57a91afb69c58f9d8d9632801650f28c7dc1e0d
+ * common/logging.h (log_assert): New macro.
+
+ gpg: Use higher-level functions.
+ + commit 33ac735a781325c4d47cdf6216813866ab93562e
+ * g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
+ iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
+ iobuf_write in a loop. Move the memory wiping from here...
+ * common/iobuf.c (iobuf_copy): ... to here.
+
+ common: Check for an error before reading.
+ + commit 8066f8a3470f9d2f3682a28641a7b09eca29a105
+ * common/iobuf.c (iobuf_copy): If DEST has a pending error, don't
+ start copying.
+
+ common: More accurately name function.
+ + commit 903466e124841cb29f518afa6b7706d490737ac3
+ * common/iobuf.c (iobuf_set_partial_block_mode): Rename from this...
+ (iobuf_set_partial_body_length_mode): ... to this. Update callers.
+
+2016-02-23 Werner Koch <wk@gnupg.org>
+
+ g13: Add commands --suspend and --remove.
+ + commit f7968db30b0e0ccae038e354568accb0a05d877c
+ * g13/g13.c (aSuspend, aResume): New.
+ (opts): Add commands --suspend and --resume.
+ (main): Implement dummy command aUmount. Implement commands aResume
+ and aSuspend.
+ * g13/sh-cmd.c (cmd_suspend): New.
+ (cmd_resume): New.
+ (register_commands): Add commands RESUME and SUSPEND.
+ * g13/server.c (cmd_suspend): New.
+ (cmd_resume): New.
+ (register_commands): Add commands RESUME and SUSPEND.
+ * g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
+ (be_dmcrypt_resume_container): New.
+ * g13/backend.c (be_suspend_container): New.
+ (be_resume_container): New.
+ * g13/suspend.c, g13/suspend.h: New.
+ * g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
+ (decrypt_keyblob, g13_is_container): Move to ...
+ * g13/keyblob.c: new file.
+ (keyblob_read): Rename to g13_keyblob_read and make global.
+ (keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
+ * g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
+ (sh_dmcrypt_suspend_container): New.
+ (sh_dmcrypt_resume_container): New.
+ * g13/call-syshelp.c (call_syshelp_run_suspend): New.
+ (call_syshelp_run_resume): New.
+
+ g13: Run mount after dmsetup.
+ + commit f26867928c451443769fecc41c3283e077e8c49f
+ * g13/g13-syshelp.c (main): Reject userids with a slash.
+ * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
+ mountpoint is known.
+
+2016-02-23 Justus Winter <justus@g10code.com>
+
+ tests/openpgp: Qualify executables with extension.
+ + commit ede0061febe5b2edde6a1a79d599e3c7c0faed5a
+ * tests/openpgp/Makefile.am (required_pgms): Qualify executables with
+ '$EXEEXT'.
+
+ tests/openpgp: Reimplement 'pinentry.sh' in c.
+ + commit 01dcc2cf2f2f00235ffa7d0718ecb468370980cc
+ * tests/openpgp/Makefile.am: Build new program.
+ * tests/openpgp/defs.inc: Use the new program.
+ * tests/openpgp/fake-pinentry.c: New file.
+
+ tests/openpgp: Avoid dependency on source files.
+ + commit 785a7f463ec4e937304ce1263c5e6a46e8079137
+ * tests/openpgp/plain-largeo.asc: New file.
+ * tests/openpgp/version.test: Dearmor the new file instead of relying
+ on the source being present.
+
+ tests/openpgp: Fix file removal.
+ + commit 629284120ff359b98a178b6cddf0e005e5f4db1a
+ * tests/openpgp/version.test: Fix file removal.
+
+ common/exechelp: Provide a way to wait for multiple processes.
+ + commit 5ba4f6047b84e4cfdb3e6bc88e574ca7a455da81
+ * common/exechelp-posix.c (gnupg_wait_process): Generalize to
+ 'gnupg_wait_processes'.
+ * common/exechelp-w32.c (gnupg_wait_process): Likewise.
+ * common/exechelp-w32ce.c (gnupg_wait_process): New function stub.
+ * common/exechelp.h (gnupg_wait_process): New prototype.
+
+ common/exechelp: Add general pipe function.
+ + commit 9f4a8d4ea173b4b4cb4d4f06b4004d43e2f4b97a
+ * common/exechelp-posix.c (gnupg_create_pipe): New function.
+ * common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros.
+ (create_inheritable_pipe): Generalize so that both ends can be
+ inherited.
+ (do_create_pipe): Rename argument accordingly.
+ (gnupg_create_{in,out}bound_pipe): Use new flags.
+ (gnupg_create_pipe): New function.
+ (gnupg_spawn_process): Use new flags.
+ * common/exechelp-w32ce.c (gnupg_create_pipe): New stub.
+ * common/exechelp.h (gnupg_create_pipe): New prototype.
+
+ common/exechelp: Mute the Windows version.
+ + commit 54acc87c1e0b100accbfd02cfce59a897f2f0ce1
+ * common/exechelp-w32.c (gnupg_wait_process): Do not print an error if
+ the exit code can be returned. This makes the Windows version behave
+ like the POSIX version.
+
+ common/exechelp: Avoid magic numbers.
+ + commit 709e2a7e9a3197e8ded4be0b05c138e8d5adbca6
+ * common/exechelp-w32.c (do_create_pipe): Use symbolic names.
+
+ common/exechelp: Disable debugging by default.
+ + commit 5d8f7b16c8490d6951772fa98c1f075a952cc571
+ * common/exechelp-w32.c (DEBUG_W32_SPAWN): Set to 0.
+
+ common/exechelp: Fix handle leak.
+ + commit dd670366d7aedb07e9420d1f8575197acfae1914
+ * common/exechelp-w32.c (gnupg_spawn_process_detached): Close process
+ handle.
+
+ common/exechelp: Fix opening the 'nul' device.
+ + commit 8857590006266da200427f2d4f9e8c27fbc89ed9
+ * common/exechelp-w32.c (gnupg_spawn_process): Fix opening the 'nul'
+ device.
+
+ common/exechelp: Fix error handling.
+ + commit f5a4b6a3a39a2b78d33769184d6133d5e256e02c
+ * common/exechelp-w32.c (gnupg_spawn_process): Close the right handle.
+
+ common/exechelp: Fix pipe creation.
+ + commit b0125ae9850973b89010517b1dbce04125a51d51
+ * common/exechelp-w32.c (gnupg_spawn_process): Fix the creation of the
+ input pipe.
+
+ tools/mk-tdata: Fix data generation on Windows.
+ + commit 661ba477e01b796db161fa612b46c353393c6b10
+ * tools/mk-tdata.c (main): Set stdout to binary mode to avoid newline
+ conversion.
+
+2016-02-19 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Systematically detect and fix signatures that are out of order.
+ + commit 2d1d795481bc011447284f8ce0a3ae96a08daf17
+ * g10/keyedit.c (sig_comparison): New function.
+ (fix_key_signature_order): Merge functionality into...
+ (check_all_keysigs): ... this function. Rewrite to eliminate
+ duplicates and use a systematic approach to detecting and moving
+ signatures that are out of order instead of a heuristic.
+ (fix_keyblock): Don't call fix_key_signature_order. Call
+ check_all_keysigs instead after collapsing the uids.
+
+ gpg: Split check_key_signature2.
+ + commit 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
+ * g10/sig-check.c (hash_uid_node): Rename from this...
+ (hash_uid_packet): ... to this. Take a PKT_user_id instead of a
+ KBNODE.
+ (check_key_signature2): Split the basic signature checking
+ functionality into...
+ (check_signature_over_key_or_uid): ... this new function.
+
+ gpg: Split print_and_check_one_sig.
+ + commit 5fbd80579aea0f75ca1d2700515c5b8747a75c7d
+ * g10/keyedit.c (print_and_check_one_sig): Split the print
+ functionality into...
+ (print_one_sig): ... this new function.
+
+ gpg: Split the function check_signature_end.
+ + commit ac5aea95455372145f3f06df2b4c1584d759d660
+ * g10/sig-check.c (check_signature_end): Break the basic signature
+ check into...
+ (check_signature_end_simple): ... this new function.
+
+ gpg: Use format_keyid rather than manually formatting the keyid.
+ + commit 10671c3a4c18ea26035a5819a9f2b8fd6c7e41ea
+ * g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
+ manually formatting the keyid.
+ * g10/keygen.c (card_write_key_to_backup_file): Likewise.
+
+ gpg: Initialize the primary key when generating a key.
+ + commit bf9d1248c80205795e26156f67aff0b3f796cfce
+ * g10/keygen.c (do_generate_keypair): Initialize
+ pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.
+
+ gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
+ + commit c45633a571bf663bc7f3610fc481acded6acfc19
+ * g10/keydb.h (keyid_cmp): New function.
+ * g10/keyid.c (pk_keyid): New function.
+ (pk_main_keyid): New function.
+ (keyid_copy): New function.
+ (pk_keyid_str): New function.
+ * g10/packet.h (PKT_public_key): Update comments for main_keyid and
+ keyid.
+
+2016-02-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpgparsemail: Allow weirdly-mixed pkcs7 signatures.
+ + commit 7e7f35a2d7d40267a4dd30791df77420efeebfa7
+ * tools/gpgparsemail.c: Add and check info->signing_protocol_2.
+
+ gpg: Clean up dangling agent_open and agent_closed declarations.
+ + commit 813df2fe6656e55bea4d0be07cc964a140218412
+ * g10/keydb.h: Remove agent_open, agent_close declarations/
+ * g10/migrate.c: #include <unistd.h> for access()
+
+2016-02-16 Werner Koch <wk@gnupg.org>
+
+ w32: Make scdaemon build again due to libusb problem.
+ + commit e1ceff16765b0342531709cf97d03ef0158c29d5
+ * configure.ac: Add hack to disable libusb for Windows. Also use
+ $host instead of $target in the switch
+ --
+
+ The new test for libusb does not support cross-compiling. As a quick
+ workaround we disable libusb for Windows because we can't use it anyway.
+
+ w32: Do not error out if gpgconf is not installed.
+ + commit 44b02e1beb4f38f26551d932827d5317fddd27c2
+ * common/homedir.c (check_portable_app): Remove error message.
+
+2016-02-16 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Make ASCII armor decoding more robust to encoding errors.
+ + commit 2f02ed75a9671a7aae36968d5a1618f71b491325
+ * g10/armor.c (radix64_read): If the = is followed by the string "3D",
+ check if the following four characters are valid radix 64 and are
+ followed by a new line. If so, warn and ignore the '3D'.
+
+2016-02-16 Werner Koch <wk@gnupg.org>
+
+ doc: Add a gnupg-module-overview picture.
+ + commit a1c11283af759c1045a8bb75815db325f415ded4
+ * doc/gnupg-module-overview.svg: New.
+ * doc/debugging.texi (Component interaction): New.
+ * doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
+ gnupg-module-overview.svg. Remove two eps files.
+ (BUILT_SOURCES): Add gnupg-module-overview.pdf and .png. Remove
+ gnupg-card-architecture.epsl
+ (gnupg_TEXINFOS): Add gnupg-module-overview.svg
+ (gnupg.dvi): New.
+ (DISTCLEANFILES): Remove build eps files.
+
+2016-02-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ common, g10: Fix indentation to silence GCC-6.
+ + commit ea9cfcfbf76de232221f31787c53d5f46361a9f0
+ * common/iobuf.c (iobuf_ioctl): Fix.
+ * g10/encrypt.c (encrypt_filter): Likewise.
+ * g10/keyring.c (prepare_search): Likewise.
+
+ dirmngr: fix for memory alignment.
+ + commit 6fbe12a51e8fe2649ffe5a8a02aa93026a8f02cd
+ * dirmngr/dns-stuff.c (get_dns_cert): Cast through void *.
+ (getsrv, get_dns_cname): Make sure it's aligned for HEADER.
+
+2016-02-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Add hidden key-edit subcommand "change-usage".
+ + commit 9b28b82e7c40d1eacc446d5932cd613c56378ed8
+ * g10/keyedit.c (cmdCHANGEUSAGE): New.
+ (cmds): Add command "change-usage".
+ (keyedit_menu): Handle that command.
+ (menu_changeusage): New.
+ * g10/keygen.c (keygen_add_key_flags): New.
+ (ask_key_flags): Add optional arg current.
+
+2016-02-14 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Improve API documentation.
+ + commit 9663b088480cef6734a3c5892d5ddbbd60ecc1a4
+ * g10/seskey.c (make_session_key): Improve documentation.
+ (encode_session_key): Improve documentation.
+ * g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
+ * g10/dek.h (DEK): Improve documenation.
+
+ gpg: Fix calc_header_length when LEN is 0 and improve documentation.
+ + commit 5cdde08ea869ef02111f618ad782d392a296eb7f
+ * g10/build-packet.c (calc_header_length): Return the correct haeder
+ size when LEN is 0. Fix documentation.
+
+ gpg: Fix format_keyid when dynamically allocating the buffer.
+ + commit c0268c449d0f3d23be5ec7b92fe92e7e078166cf
+ * g10/keyid.c (format_keyid): Return a char *, not a const char *. If
+ BUFFER is NULL, then set LEN to the static buffer's size.
+
+ common: Fix comment.
+ + commit ad43dc6cfc2b610a4e34fe55811bd937f9c3238b
+ * common/iobuf.c (iobuf_flush_temp): Fix comment.
+
+2016-02-13 Werner Koch <wk@gnupg.org>
+
+ g13: Require a confirmation before g13 is used for DM-Crypt.
+ + commit 86f3bb144ad75461eb9b7ac1e59046ac75efccac
+ * g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
+ * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
+ (sh_dmcrypt_mount_container): Call it.
+
+ g13: Second chunk of code to support dm-crypt.
+ + commit b0e6ab1109d05fc664f46e17d721fe9b01d38115
+ * g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
+ * g13/Makefile.am (g13_SOURCES): Add them.
+ * g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
+ (no_such_backend): Rename to _no_such_backend and provide replacement
+ macro.
+ (be_is_supported_conttype): Support DM-Crypt.
+ (be_take_lock_for_create): Call set_segvice for DM-Crypt.
+ (be_create_new_keys): Make it a dummy for DM-Crypt.
+ (be_create_container): Call be_dmcrypt_create_container.
+ (be_mount_container): call be_dmcrypt_mount_container.
+ * g13/g13-syshelp.c (main): Enable verbose mode.
+ * g13/g13tuple.c (get_tupledesc_data): New.
+ * g13/g13tuple.h (unref_tupledesc): New.
+ * g13/g13.h (server_control_): Add field "recipients".
+ * g13/g13.c (main): Fix setting of recipients via cmdline.
+ (g13_deinit_default_ctrl): Release recipients list.
+ (g13_request_shutdown): New. Replace all direct update of
+ shutdown_pending by calls this function.
+ * g13/server.c (server_local_s): Remove field recipients which is now
+ part of CTRL.
+ (reset_notify, cmd_recipient, cmd_create): Adjust for this change.
+ * g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
+ (g13_create_container): Support DM-Crypt.
+ * g13/mount.c (parse_header): Allow for meta data copies.
+ (g13_mount_container): Support DM-Crypt.
+ * g13/sh-cmd.c (cmd_create): Make it work.
+ (cmd_mount): New.
+ * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
+ (sh_dmcrypt_mount_container): New.
+
+ g13: Improve dump_keyblob.
+ + commit 13f745b50dc7031755faadb2d3476a6b6aafc739
+ * g13/g13tuple.c: Include keyblob.h.
+ (find_tuple_uint): Factor code out to ...
+ (convert_uint): new.
+ (all_printable): New.
+ * g13/mount.c (dump_keyblob: Move and rename to ...
+ * g13/g13tuple.c (dump_tupledesc): here. Revamp and pretyy print uint
+ values.
+
+ g13: Define 3 new tags.
+ + commit 59fc3507d18072833559f227ecab8aa00cad9466
+ * g13/keyblob.h (KEYBLOB_TAG_CONT_NSEC): New.
+ (KEYBLOB_TAG_ENC_NSEC): New.
+ (KEYBLOB_TAG_ENC_OFF): New.
+
+ g13: Rename utils.c to g13tuple.c.
+ + commit 82d12156ef5f948d44934ed44d79d24cc9e94366
+ * g13/utils.c: Rename to g13tuple.c.
+ * g13/utils.h: Rename to g13tuple.h. Change all users.
+ * g13/Makefile.am: Adjust accordingly
+
+ g13: Add functions to handle uint in a keyblob.
+ + commit 4f152f3276b6d40d2568a27e74903dd18b41d752
+ * g13/utils.c (append_tuple_uint): New.
+ (find_tuple_uint): New.
+ * g13/t-utils.c: New.
+ * g13/Makefile.am (noinst_PROGRAMS, TESTS): New.
+ (module_tests, t_common_ldadd): New.
+ (t_utils_SOURCES, t_utils_LDADD): New.
+
+ g13: Re-factor high level create code.
+ + commit dc1dbc43a6bfb2f3e6a1cc2ca089e0318b3af0ed
+ * g13/create.c (g13_create_container): Factor some code out to ...
+ * g13/backend.c (be_take_lock_for_create): new.
+
+ g13: Return an error for non-existing device.
+ + commit 3087197008d2b12bf9f0d7d1f2aca500db816e7c
+ * g13/sh-cmd.c (cmd_device): Set ERR.
+
+ g13: Fix releasing of a syshelp context.
+ + commit 6390beca54f55e8d36ff767b99ae9ff68b15f10e
+ * g13/call-syshelp.c (call_syshelp_release): Allow a NULL arg.
+
+ g13: Switch over to common/exectool.c.
+ + commit c5d7045dafcfb569c11c90c04ea7a75328c80084
+ * g13/sh-exectool.c: Remove. It has been replaced by common/exectool.c.
+ * g13/Makefile.am (g13_syshelp_SOURCES): Remove sh-exectool.c
+ * g13/sh-blockdev.c: Include exectool.h. Change sh_exec_tool to
+ gnupg_exec-tool.
+ * g13/sh-dmcrypt.c: Ditto.
+
+ common: Make gnupg_exec_tool conform to spec.
+ + commit d19d6e1856c9a1acbf48e8b2e39b3d9171aa9f7f
+ * common/exectool.c (gnupg_exec_tool): Allocate extra byte. Allow
+ zero length read. Append hidden byte. Release memory on error.
+
+ g13: First chunk of code to support dm-crypt.
+ + commit 81494fd30d3815502247a721f50d9eadf86a73fa
+ * g13/call-syshelp.c, g13/call-syshelp.h: New.
+ * g13/g13-syshelp.c, g13/g13-syshelp.h: New.
+ * g13/sh-cmd.c: New.
+ * g13/sh-blockdev.c: New.
+ * g13/sh-exectool.c: New.
+ * g13/sh-dmcrypt.c: New.
+ * g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c
+ (g13_syshelp_SOURCES): New.
+ (g13_syshelp_LDADD): New.
+
+ * g13/g13.c (opts): Add option --type.
+ (g13_deinit_default_ctrl): New.
+ (main): Implement that option. Call g13_deinit_default_ctrl.
+ * g13/g13.h (struct call_syshelp_s): New declaration.
+ (server_control_s): Add field syshelp_local.
+ * g13/keyblob.h (KEYBLOB_TAG_CREATED): New.
+ (KEYBLOB_TAG_ALGOSTR): New.
+ (KEYBLOB_TAG_HDRCOPY): New.
+ * g13/backend.c (be_parse_conttype_name): New.
+ (be_get_detached_name): Add CONTTYPE_DM_CRYPT.
+
+ tests: Remove some harmless warnings in regression tests.
+ + commit d711f5c7697cd4bc5dc6d9fd01706cabc771dad2
+ * tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket.
+
+2016-02-12 Neal H. Walfield <neal@g10code.com>
+
+ common: Change simple_query to ignore status messages.
+ + commit acac103ba5772ae738ce5409d17feab80596cde6
+ * common/simple-pwquery.c (simple_query): Ignore status messages.
+
+2016-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Make sure to have the directory for trustdb.
+ + commit d9f9b3be036747c9f55060aed47896f951bfb853
+ * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
+ the directory and create it if none before calling take_write_lock.
+
+2016-02-02 Neal H. Walfield <neal@g10code.com>
+
+ doc: Note that rngd can also be used to quickly generate insecure keys.
+ + commit 75311cfe18071b94c66121a9785b133b6df345a3
+ * doc/gpg-agent.texi (Agent Options): Add comment to the description
+ of --debug-quick-random that rngd can also be used to quickly generate
+ key.
+
+2016-01-27 Werner Koch <wk@gnupg.org>
+
+ scd: Fix size_t/int mismatch in libusb.
+ + commit 3d952a2fe5da9d84c20d3debdcc1e425b08781c6
+ * scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to
+ int.
+
+ scd: Fix detection of libusb.
+ + commit 1b90b52a56b4f808ad29a7ef79aeafc03c7424b4
+ * configure.ac (HAVE_LIBUSB): Clear if no header file was found.
+ (LIBUSB_LIBS): Ditto.
+
+ dirmngr: Build fix for FreeBSD (EAI macros)
+ + commit 4d67144142f04184b835e50314eb21b882b9e00a
+ * dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
+ EAI_ADDRFAMILY only if defined.
+
+2016-01-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Migrate to new API of libusb 1.0.
+ + commit d0d97089706286fafd3c8ff56f3b5bf7ac07c6e0
+ * configure.ac (LIBUSB_CPPFLAGS): New.
+ * scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
+ * scd/ccid-driver.c: Use libusb 1.0 API.
+
+2016-01-26 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.11.
+ + commit e9e5e83ec14459c2fc9060c54fc8e7381b541acd
+
+
+2016-01-26 Andre Heinecke <aheinecke@intevation.de>
+
+ gpgtar,w32: Fix gpgtar 8 bit encoding handling on W32.
+ + commit 3e50236d4ecc3601b2641bf4273a0ff64bb5fdc4
+ * common/utf8conv.c (wchar_to_utf8): Factor code out to ...
+ (wchar_to_cp): new.
+ (utf8_to_wchar): Factor code out to ...
+ (cp_to_wchar): new.
+ (wchar_to_native): New.
+ (native_to_wchar): New.
+ * tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar.
+ (scan_directory): Use wchar_to_native.
+
+2016-01-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix segfault on unsupported curve.
+ + commit b8bb16c6c08d3c2947f1ff67419b36eb203c5c1a
+ * g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
+
+ sm: small fix for GCC 6.
+ + commit d33a34004bef028068538f099c32a0e292a004c3
+ * sm/export.c (insert_duptable): Use unsigned 0.
+
+2016-01-25 Werner Koch <wk@gnupg.org>
+ Daiki Ueno <ueno@gnu.org>
+
+ gpg: Print PROGRESS status lines during key generation.
+ + commit fbe1cf67aadc5a33cf815ddbcfc9669e43caa123
+ * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using
+ has_leading_keyword. Handle PROGRESS lines.
+
+2016-01-25 Werner Koch <wk@gnupg.org>
+
+ agent: Send PROGRESS status lines to the client.
+ + commit ee87c653bf4b495714e8e6b024d0a8ace3a33452
+ * agent/gpg-agent.c (struct progress_dispatch_s): New.
+ (progress_dispatch_list): New.
+ (main): Register libgcrypt pogress handler.
+ (agent_libgcrypt_progress_cb): New.
+ (agent_set_progress_cb): New.
+ (unregister_progress_cb): New.
+ (agent_deinit_default_ctrl): Call unregister.
+ * agent/command.c (progress_cb): New.
+ (start_command_handler): Register progress callback.
+
+ speedo: Allow use of SHA-256 checksums.
+ + commit 039a55716b8abd22ce23a96dce34cf2dc4be1862
+ * build-aux/getswdb.sh: Add option --find-sha256sum.
+ * build-aux/speedo.mk (libgpg_error_sha2): New var. Also for all
+ other packages.
+ (SHA2SUM): New.
+ (SETVARS, SETVARS_W64): Prefer sha256sum over sha1sum.
+ (installer-from-source): Create swdb fragment.
+
+2016-01-22 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Indicate that serial numbers are hexadecimal.
+ + commit 12c665b36cdc4b7189549698fc4cc1b3523b18f5
+ * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all
+ callers.
+ * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N.
+
+ dirmngr: Provide the keyserver pool name even if there is no CNAME.
+ + commit 77bceb2902dd489443073d91836ea54376c60bf6
+ * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname.
+
+2016-01-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ wk@gnupg.org
+
+ dirmngr: Use sks-keyservers CA by default for the hkps pool.
+ + commit afb8696126ff0babaab23e884ff5da008281e3b7
+ * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
+ * dirmngr/http.c (http_session_new): Add optional arg
+ intended_hostname and set a default cert.
+ * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
+ http_session_new.
+
+2016-01-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow new user ids with only the mail address.
+ + commit fc0c71dfe5ea8f1c683101948c23f5d2064ee4cd
+ * g10/keygen.c (ask_user_id): Allow empty name.
+
+2016-01-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve header text of the auto-created revocations.
+ + commit bb99b40bd1e624f58ca806ca16dc73d4d594a30a
+ * g10/revoke.c (gen_standard_revoke): Improve header text for the
+ file. Add info output.
+
+ gpg: Make --auto-key-retrieve work with dirmngr configured server.
+ + commit 09117e769a093467cb47154f36d7dda613313e33
+ * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
+ * g10/keyserver.c (keyserver_any_configured): New.
+ (keyserver_put): Remove arg keyserver because this will always receive
+ opt.keyserver which is anyway used when connecting dirmngr. Do not
+ check opt.keyserver.
+ (keyserver_import_cert): Replace opt.keyserver by
+ keyserver_any_configured.
+ * g10/mainproc.c (check_sig_and_print): Ditto.
+ * g10/import.c (revocation_present): Ditto.
+ * g10/getkey.c (get_pubkey_byname): Ditto.
+ * g10/gpgv.c (keyserver_any_configured): Add stub.
+ * g10/test-stubs.c (keyserver_any_configured): Add stub.
+
+2016-01-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Silence message about ignoring revoked user ids.
+ + commit bdb61351776c038d668310d9b5e5c32588ef6519
+ * g10/trustdb.c (tdb_get_validity_core): Print message only in debug
+ mode.
+
+ agent: New option --pinentry-timeout.
+ + commit 499743387f4d07847a2842358bc54f9237e0c2a7
+ * agent/gpg-agent.c (oPinentryTimeout): New.
+ (opts): Add new option.
+ (parse_rereadable_options): PArse that option.
+ (main): Tell gpgconf about this option.
+ * agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
+
+2016-01-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Streamline use of error messages in tofu.c.
+ + commit cfa41890bb5ff306c07dad295136601fe47566a7
+ * g10/tofu.c: Make use of print_further_info to reduce the number of
+ different error messages to be translated. Also streamline some
+ messages.
+
+ common: Add substitute code for libgpg-error < 1.22.
+ + commit 8b7f64f9dfc80b2a0ad235996b47369c2ba9b48f
+ * common/util.h (GPG_ERR_DB_CORRUPTED): New.
+
+ gpg: Add function print_further_info.
+ + commit d96e76d15f61812b950b64a60bc47117785a9dac
+ * g10/misc.c (print_further_info): New.
+
+2016-01-18 Werner Koch <wk@gnupg.org>
+
+ g10: Improve strings printed by tofu.c.
+ + commit 79778a8dd5f61a6b7abeeb44b75d82932db788b7
+ * g10/tofu.c: Include ttyio.h. Change many strings to help
+ translating. Make use of ngettext wehere needed.
+ (CONTROL_L): New.
+ (TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
+ (time_ago_unit): Remove.
+ (get_trust): Use tty_prints and cpr_get only for the actual prompt.
+ Add Ctrl-L hack.
+ (show_statistics): Use two English strings for singular and plural.
+
+ * po/POTFILES.in: Add tofu.c.
+
+ gpg: Use "days" in "...newer than..." diagnostics.
+ + commit 9309bda9581715d304305c8c5116f2cbb31aec77
+ * g10/sig-check.c (check_signature_metadata_validity): Use days if
+ useful.
+
+ Use ngettext for some strings.
+ + commit 437965e5622612941ed0fa55584811c65069242e
+ * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
+ some diagnostics.
+ (do_genkey): Ditto.
+ * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
+ * g10/keylist.c (print_signature_stats): Ditto.
+ * g10/keyserver.c (keyserver_refresh): Ditto.
+ * g10/sig-check.c (check_signature_metadata_validity): Ditto.
+ * g10/sign.c (do_sign): Ditto.
+ * g10/trustdb.c (reset_trust_records): Ditto.
+ (validate_keys): Use a table like diagnostic output.
+
+2016-01-15 Werner Koch <wk@gnupg.org>
+
+ kbx,w32: Use shorter retry intervals for keybox_file_rename.
+ + commit 3cccd5a83b96e4558642dcdf5d974f64ebdb9817
+ * kbx/keybox-util.c (keybox_file_rename): Restart retry intervals
+ after 800ms.
+
+2016-01-14 Werner Koch <wk@gnupg.org>
+
+ w32: Fix deadlock introduced by keybox_file_rename.
+ + commit 663c5d129a8f400cc6eb8ab7b91772d6e578152d
+ * g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
+ locking.
+ * kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
+ locking.
+
+ gpg: Detect race between pubring.gpg and pubring.kbx use.
+ + commit 3b1248e007a6bf830a3230ee2d9cc548205ec31a
+ * g10/keydb.c (maybe_create_keyring_or_box): Detect race condition.
+
+ kbx: New function keybox_file_rename to replace rename.
+ + commit 8241ed59d05e06252647b26477ed5c2f84895a26
+ * kbx/keybox-util.c: Include windows.h.
+ (keybox_file_rename): New.
+ * kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by
+ keybox_file_rename.
+ * g10/keyring.c (rename_tmp_file): Ditto.
+
+ kbx: Add function keybox_tmp_names to avoid code duplication.
+ + commit f5cceef115f0307664956d01c48b1b397fdad4b3
+ * kbx/keybox-update.c (create_tmp_file): Move some code to...
+ * kbx/keybox-util.c (keybox_tmp_names): new.
+ * g10/keyring.c: Include keybox.h.
+ (create_tmp_file): Replace parts by keybox_tmp_names.
+
+ gpg: Make --list-options show-usage the default.
+ + commit 360534bde770f4845669de223154216d249b954b
+ * g10/gpg.c (main): Add LIST_SHOW_USAGE.
+
+2016-01-13 Werner Koch <wk@gnupg.org>
+
+ kbx: Change return type of search functions to gpg_error_t.
+ + commit c7ca0f73dbe7c080b79f93f90f00ba2396fc4bd0
+ * kbx/keybox-search.c (keybox_search_reset): Change return type to
+ gpg_error_t.
+ (keybox_search): Ditto. Also handle GPG_ERR_EOF.
+ * sm/keydb.c (keydb_search_reset): Ditto.
+
+ gpg: Improve error code from lock_all.
+ + commit 9b6c91469a804c60289a2ed21334dfd856c294bb
+ * g10/keydb.c (lock_all): Do not clobber RC during failur cleanup.
+
+ kbx: Improve and fix keybox_lock.
+ + commit 8f1368d5e3f7654ad9cb100053535f728dff2344
+ * kbx/keybox-init.c (keybox_lock): Make sure ERR is initialized. Get
+ error codes from dotlock functions.
+
+ common: Make sure dotlock functions set a proper ERRNO.
+ + commit 4aceebf36f103eb380e21d12a1f08b7d6ea7cc8e
+ * common/dotlock.c (map_w32_to_errno): New.
+ (read_lockfile): Return a proper ERRNO.
+ (dotlock_create_unix): Do not let log functions clobber ERRNO.
+ (dotlock_take_unix): Ditto.
+ (dotlock_release_unix): Ditto.
+ (dotlock_create_w32): Set proper ERRNO.
+ (dotlock_take_w32): Ditto.
+ (dotlock_release_w32): Ditto.
+
+ kbx: Implement keybox_lock for use by gpg.
+ + commit 160862978628b07ed5150ec2c8abad6af1656bc3
+ * kbx/keybox-defs.h: Include dotlock.h and logging.h.
+ (CONST_KB_NAME): Remove. Replace usage by KB_NAME.
+ (struct keybox_name): Add field "lockhd".
+ * kbx/keybox-init.c (keybox_register_file): Init LOCKHD.
+ (keybox_lock): Chnage to return gpg_error_t. Implement locking.
+
+ gpg: Make sure to mark a duplicate registered keybox as primary.
+ + commit 9dc355ad3ae0026ab04c424dc984d748b8fad393
+ * kbx/keybox-init.c (keybox_register_file): Change interface to return
+ the token even if the file has already been registered.
+ * g10/keydb.c (primary_keyring): Rename to primary_keydb.
+ (maybe_create_keyring_or_box): Change return type to gpg_error_t.
+ (keydb_add_resource): Ditto. s/rc/err/.
+ (keydb_add_resource): Mark an already registered as primary.
+ * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
+ (keydb_add_resource): Ditto. s/rc/err/.
+ (keydb_add_resource): Adjust for changed keybox_register_file.
+
+2016-01-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix to support git worktree.
+ + commit 96237b9a63a50aed1884cb06f84279b977d6a8fa
+ * autogen.sh, Makefile.am, doc/Makefile.am: Use -e for testing .git.
+
+2016-01-12 Werner Koch <wk@gnupg.org>
+
+ ssh: Accept OpenSSH *cert-v01 key variants.
+ + commit e2f984b4afffaa89bdeba2f5d447b5681237177e
+ * agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
+ (ssh_key_types): Add OpenSSH cert types.
+ (stream_read_string): Allow a dummy read.
+ (ssh_receive_mpint_list): Pass SPEC by reference.
+ (ssh_receive_mpint_list): New arg CERT and use it.
+ (ssh_receive_key): Read certificate into an estream object and modify
+ parser to make use of that object.
+
+2016-01-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix iobuf API of filter function for alignment.
+ + commit 4b4639b0b04dc82c550fa711dd7193e13fc4a428
+ * common/iobuf.h: Fix comment.
+
+ common: Fix iobuf API of filter function for alignment.
+ + commit 3f52c7da3940ec06572270d511000dc7fe9c27d2
+ * common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics.
+ * common/iobuf.c (iobuf_desc): Add the second argument DESC.
+ (print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl)
+ (iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls
+ of iobuf_desc.
+ (file_filter, file_es_filter, sock_filter, block_filter): Fill the
+ description.
+ * common/t-iobuf.c (every_other_filter, double_filter): Likewise.
+ * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
+ g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c,
+ g10/textfilter.c: Likewise.
+
+2016-01-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
+ + commit b280aa6423c9492e8c5a9afa57339d06d957996d
+ * g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
+
+2016-01-09 Werner Koch <wk@gnupg.org>
+
+ tools: Remove gpgkey2ssh.
+ + commit eb9c021631174fde4c1c444bbc533a7a46d570cd
+ * tools/gpgkey2ssh.c: Remove.
+ * tools/Makefile.am (bin_PROGRAMS): Ditto.
+
+2016-01-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Support ECDSA keys with --export-ssh-key.
+ + commit b2da3951a395366bf1644bc4c4eb42d657effe17
+ * g10/export.c (key_to_sshblob): Add hack for ECDSA.
+
+ gpg: New command --export-ssh-key.
+ + commit 4970868d8d84d3a64b067e5aafc9f097621758d3
+ * g10/export.c: Include membuf.h and host2net.h.
+ (key_to_sshblob): New.
+ (export_ssh_key): New.
+ * g10/gpg.c (aExportSshKey): New.
+ (opts): Add command.
+ (main): Implement that command.
+
+ gpg: Add an exact search flag to the PK struct.
+ + commit 34bca9cd4b8517795833cb754b0d5b1dd33b08ed
+ * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
+ (finish_lookup): Set exact flag.
+ * g10/packet.h (PKT_public_key): Add field flags.exact.
+
+ Print warnings if old daemon versions are used.
+ + commit 2aa42baaf3dd7c3ae613ae0c61760a17c8adfcd0
+ * common/status.h (STATUS_WARNING): New.
+ * g10/call-agent.c (warn_version_mismatch): New.
+ (start_agent): Call warn function.
+ * g10/call-dirmngr.c: Include status.h.
+ (warn_version_mismatch): New.
+ (create_context): Call warn function.
+ * sm/call-agent.c (warn_version_mismatch): New.
+ (start_agent): Call warn function.
+ (gpgsm_agent_learn): Call warn function.
+ * sm/call-dirmngr.c (warn_version_mismatch): New.
+ (prepare_dirmngr): Call warn function.
+
+ common: New function compare_version_strings.
+ + commit 4d7ac43ff71fdadfd2e04621f74840a82fbe788a
+ * common/stringhelp.c (parse_version_number): New.
+ (parse_version_string): New.
+ (compare_version_strings): New.
+ * common/t-stringhelp.c (test_compare_version_strings): New.
+ (main): Call test. Return ERRCOUNT instead of 0.
+
+ common: New function get_assuan_server_version.
+ + commit 496643291e1e346434e9c98405c5a370957eb7d3
+ * common/asshelp.c: Include membuf.h.
+ (get_assuan_server_version): New.
+ * g10/call-agent.c (agent_get_version): Use new function.
+
+ common: New put_membuf_cb to replace static membuf_data_cb.
+ + commit 833ba5faa1340aff80a205acbb701d4ae1d594d0
+ * common/membuf.c (put_membuf_cb): New.
+ * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use
+ put_membuf_cb.
+ * common/get-passphrase.c (membuf_data_cb): Ditto.
+ * g10/call-agent.c (membuf_data_cb): Ditto.
+ * sm/call-agent.c (membuf_data_cb): Ditto.
+
+2016-01-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Return an error code from keygrip_from_pk.
+ + commit 8fd406c317ad7c2e375ae4f7d20656dadf6d7fcc
+ * g10/keyid.c (keygrip_from_pk): Return an error code.
+
+ gpg: Avoid warnings about possible NULL deref.
+ + commit 8a56a38387c10c02ba0790c655dd5c1d08e4a724
+ * g10/getkey.c (cache_public_key): Protect deref of CE which actually
+ can't happen.
+ * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
+ * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
+ DB.
+ * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
+ ERR.
+
+ gpg: Fix warnings about useless assignments.
+ + commit 008aa6e6d4b213c3a0d15509eb46cf168b6f2c94
+ * g10/armor.c (parse_hash_header): Remove duplicate var assignment.
+ * g10/getkey.c (cache_user_id): Ditto.
+ * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory
+ leak.
+
+ * g10/keygen.c (proc_parameter_file): Remove useless assignment or
+ pointer increment.
+ (generate_keypair): Ditto.
+ * g10/getkey.c (finish_lookup, lookup): Ditto.
+ * g10/card-util.c (change_pin): Ditto.
+ * g10/gpg.c (main) <aVerify>: Ditto.
+ * g10/import.c (import): Ditto.
+ (print_import_check): Ditto
+ * g10/keyring.c (do_copy): Ditto.
+ * g10/tdbio.c (tdbio_read_record): Ditto.
+ * g10/trustdb.c (tdb_update_ownertrust): Ditto.
+ (update_validity): Ditto.
+
+ * g10/server.c (cmd_passwd): Remove useless call to skip_options.
+
+ sm: Avoid warnings about useless assignments.
+ + commit 126aebbb82667d160c8c4435898efeb3b43c4ec8
+ * sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR.
+ (unhexify_fpr): Remove useless computation on N.
+ * sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove
+ useless setting of RC.
+ * sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC.
+ * sm/gpgsm.c (build_list): Replace final stpcpy by strcpy.
+ * sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC.
+ * sm/server.c (cmd_getauditlog): Comment unused skip_options.
+
+ kbx: Avoid warnings about useless assignments.
+ + commit 0de7d61437bd0bfbe645d5eed7a62df03129fb32
+ * kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE
+ and the last increment of P.
+
+ gpg: Fix DNS cert lookup returning an URL.
+ + commit a41638acf4808caa619f4f3f4c0dcd12be00d6f8
+ * g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
+ param. The old code was entirely buggy (c+p error).
+
+2016-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
+ + commit 2c3e67430d9b523c85c81ae562223fd51e3608cc
+ * g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
+ default to KF_SHORT.
+ (format_keyid): Default to KF_SHORT, not KF_0xLONG.
+
+2016-01-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Silence some regression tests.
+ + commit c7389ae90fa4a70766400cc241ff6a45aa750324
+ * g10/test.c (TEST): Print diagnostics only in verbose mode.
+
+ gpg: Avoid using an uninitialized SALT on premature EOF.
+ + commit 85cc7449fb00ac85b0c2eecd22bd38b23f33edf5
+ * g10/parse-packet.c (parse_key): Check for premature end of salt.
+
+ gpg: Silence warnings found by static analyzer.
+ + commit 09accc0e3d74e6289bed40b5bfc6479981cabfe4
+ * g10/keyedit.c (change_passphrase): Remove useless init of ANY.
+ (keyedit_quick_adduid): Remove useless setting of ERR.
+ * g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
+ it has been checked before the loop.
+ (parse_plaintext): Remove useless init of PKTLEN.
+
+ kbx: Avoid faulty fclose in an error case.
+ + commit db82b6131d437bf6ba34db0e08b7dfa9edb11e45
+ * kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized
+ file pointer after a failure to create a temp file.
+ * kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of
+ PKTLEN.
+
+ dirmngr: Silence one regression test.
+ + commit 6deafb92abe100ff67e3a0a230a39e8c0ad41900
+ * dirmngr/t-dns-stuff.c (main): Do not print info during standard
+ "make check".
+
+ common: Avoid warnings about useless assignments.
+ + commit e64317c15e9960f3173d374e589f7c3565a4ad08
+ * common/b64enc.c (b64enc_finish): Remove var assignment which is not
+ used later.
+ * common/iobuf.c (file_filter): Ditto.
+ * common/tlv.c (do_find_tlv): Ditto.
+ * common/userids.c (classify_user_id): Ditto.
+
+ tests: Use info and error instead of a plain echo.
+ + commit 1fbfa1bf0a6ad0dc7ed67d12252643c2c6c7370a
+ * tests/openpgp/4gb-packet.test: Use error and info.
+
+ common: Do not deref vars in tests after a fail().
+ + commit 0a00115ee2049ab2357b7a14a51c7da185ffcabd
+ * common/t-convert.c (test_bin2hex): Turn if conditions into if-else
+ chains to avoid accessing unchecked data.
+ (test_bin2hexcolon): Ditto.
+ * common/t-mapstrings.c (test_map_static_macro_string): Ditto.
+ * common/t-stringhelp.c (test_percent_escape): Ditto.
+ (test_make_filename_try): Ditto.
+ (test_make_absfilename_try): Ditto.
+ * common/t-timestuff.c (test_timegm): Ditto.
+
+2016-01-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Align notes about minimal keysize with actual checks.
+ + commit e70f7a54f29d727def2cfe9ea5ab9d461b4ce842
+ * g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
+ export mode. Improve readability.
+
+2016-01-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix RSA verification for card.
+ + commit ff3b607fc879b70665c187500022cc63e2a0cd86
+ * agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
+ of shadowed key.
+
+2016-01-04 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix double free.
+ + commit 575c15a090913d86cf8d75b2bc4471e371f234b9
+ * g10/getkey.c (get_pubkeys): Fix double free.
+
+2015-12-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: IMPORT_KEY with --force option fix.
+ + commit 79b51bb8727bd3485229ac8ff5987558156d5d83
+ * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
+ to check existing key.
+ (convert_from_openpgp): Ditto.
+ (convert_from_openpgp_native): Call convert_from_openpgp_main with
+ dontcare_exist=0.
+ * agent/command.c (cmd_import_key): Call with dontcare_exist=force.
+
+ g10: Use --force when importing key for bkuptocard.
+ + commit 5ca57f1a697e875bae5a5c73f1a580c42ca75343
+ * g10/call-agent.c (agent_import_key): Add an argument FORCE.
+ * g10/import.c (transfer_secret_keys): Likewise.
+ (import_secret_one): Call transfer_secret_keys with FORCE=0.
+ * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
+
+ g10: Remove subcommand checkbkupkey for --key-edit.
+ + commit 44aee35e69540510617aea4b886ef845590960fe
+ * g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
+
+ g10: Allow relative path for specifying the file for bkuptocard.
+ + commit ee433d2b00c93b5a4e4ed54b9fb5806361df1b71
+ * g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
+ Also support tilda expansion.
+
+ g10: fix regression of bkuptocard subcommand in --edit-key.
+ + commit 40959add1ba0efc1f4aa87fa075fa42423eff73c
+ * g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
+ * g10/import.c (transfer_secret_keys): Make it global function.
+ Allow stats==NULL.
+
+ agent: Support --force option for IMPORT_KEY.
+ + commit e684c634df814b12d399dcdc375c35d3e9a137af
+ * agent/command.c (cmd_keywrap_key): New option --force.
+
+2015-12-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Rename struct pubkey to pukey_s and add pubkey_t.
+ + commit a9cbdcfd9c364557787f4a173cc59f14c067946e
+ * g10/keydb.h (struct pubkey): Rename to pubkey_s.
+ (pubkey_t): New. Change all struct pubkey_s to use this type.
+ * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
+
+ gpg: Simplify status message code from commit b30c15bf.
+ + commit 363ed2e892adc97fae97111bb56b64f9f809e8d5
+ * g10/keygen.c (card_write_key_to_backup_file): Simplify by using
+ hexfingerprint.
+
+ gpg: Add standard free() semantic to pubkey_free.
+ + commit 04c9cddda95f2a8ca5c0cf10bb3dd6accf56cf45
+ * g10/getkey.c (pubkey_free): Check for NULL arg.
+
+ gpg: Fix use of assert from commit dc417bf0.
+ + commit ef7b7e91600f35b4d682a6267001a8d30f0fa49f
+ * g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use
+ %zu for size_t.
+
+ gpg: Do not translate debug output.
+ + commit b0c9867fb74d5a00335e6606d5bdcc5342ce26cd
+ * g10/getkey.c (parse_def_secret_key): Do not make strings passed to
+ log_debug translatable.
+
+2015-12-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix commit b30c15bf (again).
+ + commit aecf1a3c57ca8bf8050a3743b62fe142ccf9eb22
+ * g10/keygen.c (do_generate_keypair): Clear the variable S.
+
+2015-12-22 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix type.
+ + commit 5c759924fb92b6de7ab3baed7871e5114ebd2505
+ * g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.
+
+ gpg: Fix error message.
+ + commit 4654384fe7a4dcee113dacf27c398b13dea5d0be
+ * g10/getkey.c (parse_def_secret_key): Fix error message.
+
+ gpg: Don't check for ambiguous keys.
+ + commit 7195b94345b0bb937477dc47fc5ec27fb108a099
+ * g10/gpg.c (struct result): Move from here...
+ * g10/keydb.h (struct pubkey): ... to here. Update users.
+ * g10/gpg.c (check_user_ids): Move from here...
+ * g10/getkey.c (get_pubkeys): ... to here. Update users. Use
+ get_pubkey_byname to look up the keys (this also prunes invalid keys).
+ (pubkey_free): New function.
+ (pubkeys_free): New function.
+ * g10/gpg.c (main): Don't check for ambiguous key specifications.
+
+ gpg: Lazily evaluate --default-key.
+ + commit dc52995d85048ed12ae8b9f330e9ca41a4030aae
+ * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
+ add --default-key's value to REMUSR here...
+ * g10/pkclist.c (build_pk_list): ... do it here.
+ * tests/openpgp/Makefile.am (TESTS): Add default-key.test.
+ * tests/openpgp/default-key.test: New file.
+
+ gpg: Remove unused parameter.
+ + commit ffe0b7a6dd6bfaec62f81f511b3caf08978bb269
+ * g10/pkclist.c (build_pk_list): Remove parameter use, which is always
+ called set to PUBKEY_USAGE_ENC. Update callers.
+
+ gpg: Improve check for ambiguous keys.
+ + commit 4103850c2e51274984f69443dee34295cbb8c282
+ * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
+ encryption-only keys when a signing key is needed and vice-versa.
+
+ gpg: Fix TOCTTOU when updating keyblocks.
+ + commit dc417bf0c555a7416d0aedde6645fd1087660f92
+ * g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
+ current offset. After taking the lock, extract the fingerprint from
+ the keyblock, find it and then replace it.
+
+ Only add the user supplied CFLAGS after running any autoconf tests.
+ + commit 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8
+ * configure.ac: Only add the user supplied CFLAGS after running any
+ autoconf tests.
+
+ gpg: Suppress a warning.
+ + commit 1cceba163b17b5e9fd7c89e5b40e3d7e1cffc885
+ * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
+ avoid a warning when ADNS is not available.
+
+ gpg: Remove dead code.
+ + commit 4143cc1c3783c54a6f733f08a4739e4e5fb0c8b3
+ * kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields
+ offset and n_packets.
+
+ gpg: Display the key that is invalid, not the search description.
+ + commit 7fe4be0416cdc9269011bc4213b8a22d6ced295c
+ * g10/getkey.c (parse_def_secret_key): Display the key that is
+ invalid, not the search description.
+
+ gpg: Mark more options as coming from the config file (when this holds)
+ + commit 478ca6c75bbf529f95974224dfb7d71bd5860a96
+ * g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
+ taken from the config file, note this.
+
+ gpg: Use enums instead of defines.
+ + commit ee8a8ec1cf4605e5af427f9c8b01b3609c82cbe7
+ * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
+ (PK_LIST_HIDDEN): Likewise.
+ (PK_LIST_CONFIG): Likewise.
+ (PK_LIST_SHIFT): Likewise.n
+
+2015-12-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit d8392299f311f8cfcf8bc02679dd3ae7ef8cc6d7
+
+
+ g10: clean up of headers for card.
+ + commit ab9a9bce77d014159c68460f5a7c263fb72f3c1c
+ * g10/main.h (save_unprotected_key_to_card): Remove.
+ * g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
+
+2015-12-21 Werner Koch <wk@gnupg.org>
+
+ common: New file fwddecl.h.
+ + commit 98f9e14323bf806f674b3cc259e19ef6219b4378
+ * common/util.h (server_control_s, ctrl_t): Move to ...
+ * common/fwddecl.h: New file.
+ * common/call-gpg.h: Replace typedef by fwddecl.h. Change include
+ protection macro name.
+ * common/Makefile.am (common_sources): Add fwddecl.h.
+
+2015-12-18 Werner Koch <wk@gnupg.org>
+
+ build: Add required macro for pkg-config.
+ + commit af142854a73567836a0ca44ad62900469c23d531
+ * configure.ac (PKG_PROG_PKG_CONFIG): New.
+
+2015-12-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Remove deprecated internal functions.
+ + commit 72eaff1aa610f3c89a755f212760157e1932d847
+ * g10/keygen.c (do_ask_passphrase, generate_raw_key)
+ (gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
+
+ g10: Fix a regression for generating card key with backup.
+ + commit b30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7
+ * g10/main.h (receive_seckey_from_agent): Declare.
+ * g10/keygen.c (card_write_key_to_backup_file): New.
+ (card_store_key_with_backup): New.
+ (do_generate_keypair): Create a key on host for encryption key when
+ backup is requested. Then, call card_store_key_with_backup.
+
+2015-12-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: factor out a function for secret key retrieval.
+ + commit e644aa7f5943174e3f7ba9408af71531fd125a0b
+ * g10/export.c (receive_seckey_from_agent): New.
+ (do_export_stream): Use it.
+
+2015-12-16 Neal H. Walfield <neal@g10code.com>
+
+ gpg: When checking for ambiguous keys, ignore invalid keys.
+ + commit fc010b6c7fe14e609734e448775fa384421bdef1
+ * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
+ disabled, revoked and expired keys (if appropriate for the provided
+ option).
+
+2015-12-15 Werner Koch <wk@gnupg.org>
+
+ common: Use default_errsource for call-gpg and exectool.
+ + commit 4ffe44c5874ed655d82adfa7a85439fab91cde03
+ * common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
+ Use these wrappers.
+ * common/exectool.c (my_error_from_syserror): New. Use these
+ wrappers.
+
+ gpg: Reduce number of strings to translate.
+ + commit 345ec7323d643528d2f904765708b5ecfe51f57b
+ * g10/getkey.c (parse_def_secret_key): Do not make debug messages
+ translatable. Make use of print_reported_error.
+
+ gpg: New function to printed a detailed error code.
+ + commit 2ea1aebc924c3f0b2269f83cb1b80c75d9fa069c
+ * g10/misc.c (print_reported_error): New.
+
+2015-12-15 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Improve the keyblock cache's transparency.
+ + commit f369efd6712148dc7ed40dba6d1ff5b0e169431a
+ * kbx/keybox-search.c (keybox_seek): New function.
+ * g10/keydb.c (keydb_search): When reading from the cache, seek to
+ just after the cached record.
+
+ gpg: Improve the keyblock cache's transparency.
+ + commit 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41
+ * kbx/keybox-search.c (keybox_offset): New function.
+ * g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
+ (keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
+ HD->KEYBLOCK_CACHE.OFFSET.
+ (keydb_search): Don't use the cached result if it comes before the
+ current file position. When caching an entry, also record the
+ position at which it was found.
+
+ gpg: Use more descriptive names.
+ + commit 0ea186db645da2b51a7e71f46793d447f2de5e3d
+ * g10/keyring.c (KR_NAME): Rename this...
+ (KR_RESOURCE): ... to this. Update users.
+ (struct keyring_name): Rename this...
+ (struct keyring_resource): ... to this. Update users.
+ (struct off_item): Rename this...
+ (struct key_present): ... to this. Update users.
+ (OffsetHashTable): Rename this...
+ (key_present_hash_t): ... to this. Update users.
+ (kr_offtbl): Rename this...
+ (key_present_hash): ... to this. Update users.
+ (kr_offtbl_ready): Rename this...
+ (key_present_hash_ready): ... to this. Update users.
+ (KEY_PRESENT_HASH_BUCKETS): New define. Replace use of literals
+ with this.
+ (new_offset_item): Rename this...
+ (key_present_value_new): ... to this. Update users.
+ (release_offset_items): Drop dead code.
+ (new_offset_hash_table): Rename this...
+ (key_present_hash_new): ... to this. Update users.
+ (release_offset_hash_table): Drop dead code.
+ (lookup_offset_hash_table): Rename this...
+ (key_present_hash_lookup): ... to this. Update users.
+ (update_offset_hash_table): Rename this...
+ (key_present_hash_update): ... to this. Drop unused parameter off.
+ Update users.
+ (update_offset_hash_table_from_kb): Rename this...
+ (key_present_hash_update_from_kb): ... to this. Drop unused parameter
+ off. Update users.
+
+2015-12-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ sm: Handle gcry_pk_encrypt return value.
+ + commit 4ee881bff4c8fdfa4b3b7a4b7afab611471e97f1
+ * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.
+
+2015-12-14 Werner Koch <wk@gnupg.org>
+
+ common: Change license of isascii.c to all-premissive,
+ + commit 7baca033070e7811f75e2021100adf8e6a48907f
+ * common/isascii.c: Change.
+
+ common: Change license of some modules to LGPLv3+/GPLv2+.
+ + commit 7d129a7391115ff1d6a3541078a37a630ab7819f
+ * common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
+ * common/status.h: Ditto.
+ * common/yesno.c: Ditto.
+ * common/common-defs.h: Ditto.
+ * common/gettime.h: Ditto.
+ * common/keyserver.h: Ditto.
+
+ common: Change license for exectool to LGPLv3+/GPLv2+.
+ + commit 467e18b74b4790dcbdf3c816206d2fbaf170a12a
+ * common/exectool.c, common/exectool.h: Change license.
+
+ common: Rename sh-exectool to exectool.
+ + commit d80e1bc430bf64debdb6b08f0b7e5c42836781fa
+ * common/sh-exectool.c: Rename to exectool.c.
+ * common/sh-exectool.h: Rename to exectool.h.
+ * common/Makefile.am (common_sources): Adjust for rename.
+ * common/exectool.c (sh_exec_tool_stream): Rename to
+ gnupg_exec-tool-stream.
+ (sh_exec_tool): Rename to gnupg_exec_tool.
+ * tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
+ * tools/gpgtar-extract.c: Adjust for changes.
+ * tools/gpgtar-list.c: Adjust for changes.
+
+2015-12-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ gpg: Print ownertrust in TOFU+PGP trust model.
+ + commit f5aa51aaacfe13ab9528aa9b88d8ce8eb61362fc
+ * g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
+
+2015-12-14 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix --default-key checks.
+ + commit e573e6188dada4d70f6897aa2fda3c3af8c50441
+ * g10/getkey.c (parse_def_secret_key): Don't just check if a secret
+ key is available for the public key, also consider subkeys. Also
+ check that the key has the signing capability, is not revoked, is not
+ expired and is not disabled. Print a warning if there was a least one
+ value passed to --default-key and all were ignored.
+
+2015-12-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix regression for generating RSA keys on card.
+ + commit d40975cbe8ff86fcc4a1b4963fdffc66ddee85ce
+ * scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
+ computation.
+
+2015-12-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Use a regular type instead of a void* for import stats.
+ + commit 4d3395ef1fcde0b8c454c09956863959d590ede6
+ * g10/import.c (struct stats_s): Rename to import_stats_s. Change all
+ users.
+ * g10/main.h (import_stats_t): New. Change fucntions to use this
+ instead of a void pointer.
+
+ Remove replacements for libgpg-error < 1.21.
+ + commit f0ae40b0c901e5f5c04c6ed5b2ab96ab7340b2bd
+ * common/util.h: Remove replacement macros for libgpg-error<1.21.
+ * common/types.h: Ditto.
+ * common/mischelp.h: Ditto.
+ * common/t-mapstrings.c: Include t-support.h before stringhelp.h
+ * common/t-stringhelp.c: Ditto.
+ * common/t-support.h: Always include gpg-error.h.
+ * kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
+ comes first.
+
+2015-12-11 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix buffer overflow.
+ + commit 1605e34fc365edd473aac15c9b4e5aadc1d95cf5
+ * g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
+
+2015-12-11 Justus Winter <justus@g10code.com>
+
+ agent: Improve error handling.
+ + commit 25f0f053cd306200a6211b5cf397838a59835ee7
+ * agent/pksign.c (agent_pksign_do): Improve error handling.
+
+ Fix required libgpg-error version.
+ + commit d6e01493cad6ff32f356185c7a2d2b5c2b86a937
+ * configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the
+ poll interface.
+
+2015-12-11 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Don't error out if a key occurs multiple times in the keyring.
+ + commit 6dc37c5fb60acbfd5ba2ab979852383eac8944e0
+ * g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
+ times in the keyring. Instead, print a warning. When printing out
+ fingerprint prints, use format_hexfingerprint to format them.
+
+2015-12-10 Daniel Hoffend <dh@dotlan.net>
+
+ scd: Fix removal of unplugged usb readers on Windows.
+ + commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f
+ * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
+ PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
+
+2015-12-07 Justus Winter <justus@g10code.com>
+
+ tests: Add some more gpgtar tests.
+ + commit 1c8eae95a8b3b89bc0f49cb5f4938101634583dc
+ * tests/openpgp/gpgtar.test: Add more tests.
+
+ dirmngr: Initialize http status code.
+ + commit 71726b627dcff015dc12568021b31d8ccede788a
+ * dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
+ it is unused if LDAP is used to search for keys.
+
+2015-12-04 Daiki Ueno <ueno@gnu.org>
+
+ gpg: Write ERROR status on delete-key cancellation.
+ + commit b5cd68852d0e3485c9e13a8ddb70f05f36a65cb9
+ * g10/delkey.c (do_delete_key): Write ERROR status code with the error
+ location "delete_key.secret", when the user cancelled the operation on
+ Pinentry.
+
+2015-12-04 Justus Winter <justus@g10code.com>
+
+ dirmngr: Stricter handling of http error codes.
+ + commit 6d64ef869dfbcb7aaa802b80ed648393147e40d8
+ * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
+ responded with a '404 Not Found'.
+ * dirmngr/ks-engine-hkp.c (send_request): Return http status code.
+ (ks_hkp_search): Likewise.
+ (ks_hkp_{get,put}): Adapt call to 'send_request'.
+ * dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
+
+ dirmngr: Really search all keyservers for patterns.
+ + commit 6ac57a482f7ae02db1bee4e4b861288fc6905adc
+ * dirmngr/ks-action.c (ks_action_search): Search all configured
+ keyservers for the given patterns.
+
+ dirmngr: Handle http status '501 Not Implemented'.
+ + commit a8308ba5231682ce7c7d591a17e7e940fbd63189
+ * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return
+ GPG_ERR_NOT_IMPLEMENTED.
+
+ tools/gpgtar: Implement symmetric encryption.
+ + commit 582e684a48eb4f3716cecf7dc73eb93046efcfad
+ * tests/openpgp/gpgtar.test: Add test case.
+ * tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
+ gpg.
+ * tools/gpgtar.c (parse_arguments): We do handle the argument now.
+
+ tools/gpgtar: Implement signing.
+ + commit 45c814f348c89acd8d21d0607ffcf68e5c5c399e
+ * tests/openpgp/gpgtar.test: Test signing.
+ * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
+ appropriate gpg arguments to implement signing and selecting the local
+ user.
+ * tools/gpgtar.c (parse_options): We do handle '--local-user' now.
+ (main): Handle signing, encrypting, and doing both when creating an
+ archive.
+ * tools/gpgtar.h (gpgtar_create): Update prototype.
+
+ tools/gpgtar: Use the new exectool helper.
+ + commit 0c0dafd8e89bb702e856c661c1561e10cdcaf37f
+ * tools/Makefile.am: gpgtar now requires neither npth nor libassuan.
+ * tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool'
+ helper.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+ * tools/gpgtar.c (main): Set default gpg program. Drop the
+ initialization of npth and libassuan.
+
+ common: Add a stream interface to 'sh-exectool'.
+ + commit a81aca6e1c2a4529d416d1989f15d7338d2ee81e
+ * common/sh-exectool.c (struct copy_buffer): Add infrastructure for
+ copying between streams.
+ (copy_buffer_{init,shred,do_copy,flush}): New functions.
+ (sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
+ (nop_free): New function.
+ (sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
+ * common/sh-exectool.h (sh_exec_tool_stream): New prototype.
+
+ common: Add header file and build the new code.
+ + commit d955cb5e0700c6d2b6b26cb210b5a176d22d4235
+ * common/Makefile.am (common_sources): Add new files.
+ * common/sh-exectool.h: New file.
+
+2015-12-04 Werner Koch <wk@gnupg.org>
+
+ common: Add code to execute a helper.
+ + commit 2ae07f826aa551db8adf714158fce962790a6b54
+ * common/sh-exectool.c: New file.
+
+ Release 2.1.10.
+ + commit 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233
+
+
+2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Japanese translation.
+ + commit 762fcc027b0b4cc88c1f633804de619273d6a8b9
+
+
+2015-12-04 Werner Koch <wk@gnupg.org>
+
+ speedo,w32: Improve installer.
+ + commit 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc
+ * build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and
+ distsigkey.gpg.
+ (un.gnupglast): Stop dirmngr.
+
+ gpg: Do not pre-check keys given on the command line.
+ + commit 28311d1fa56bfbd801103a8475597459132874f4
+ * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
+ (PK_LIST_SHIFT): New.
+ * g10/pkclist.c (build_pk_list): Use them here.
+ * g10/gpg.c (check_user_ids, main): Ditto.
+
+ * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
+ (check_user_ids): Skip check for command line specified options.
+
+ dirmngr: Add command to print the resolver version.
+ + commit 4ff2cae7dee36ffee854c5f05c3e8ee9eb0308dd
+ * dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
+
+ gpg: Allow "help" as value for --tofu-policy.
+ + commit 59f6192cb766612ad215bc6a3af13d5b137139e4
+ * g10/gpg.c (parse_tofu_policy): Add keyword "help".
+ (parse_tofu_db_format): Ditto.
+
+ Do not translate messages printed with log_debug.
+ + commit 218a52787a87be6b7481a39f87d212d6ef594e97
+ * common/asshelp.c (start_new_gpg_agent): Do not i18n string.
+ (start_new_dirmngr): Ditto.
+ * g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
+ enabled.
+
+2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for removing the prefix.
+ + commit f03976f1101f539a2782cd9e87d640fc32a022db
+ * scd/app-openopg.c (do_decipher): Fix the condition.
+
+ scd: Simplify saving application context.
+ + commit 9639af5f16a7ed908cbce2415330b9fcd88edc90
+ * scd/app.c (lock_table): Remove LAST_APP field.
+ (lock_reader, app_dump_state, application_notify_card_reset)
+ (release_application): Follow the change.
+ (check_conflict): New.
+ (check_application_conflict): Lock the slot and call check_conflict.
+ (select_application): Call check_conflict and not use LAST_APP.
+
+ scd: More fix for Curve25519 prefix handling.
+ + commit f747adfa21551e083bc947540c64c94a96dcc059
+ * scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
+ Also fix xfree bug introduced.
+
+2015-12-03 Werner Koch <wk@gnupg.org>
+
+ scd: Another fix for Curve25519 prefix handling.
+ + commit e28f2e7a2f265af8bbdb4979e9679b4396dccdd5
+ * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
+ INDATA.
+ (do_decipher): Fix integer arithmetic in void pointer.
+ (do_decipher): Add missing memcpy.
+
+ build: Avoid dependecy problems in "make distcheck".
+ + commit 0f61599ed0bd1cc6842067d040bb58ec0a451715
+ * doc/Makefile.am (gnupg.texi): Depend on defs.inc.
+
+ build: Change how caller provided CFLAGS are used by configure.
+ + commit 4e9957250eee3521dc979912a4818e58ffddc5b8
+ * configure.ac: Append instead of prepend caller provided CFLAGS.
+
+ gpg: Add variant of 'key "%s" not found: %s' error message.
+ + commit 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827
+ * g10/gpg.c (check_user_ids): Change error message.
+ * g10/delkey.c (do_delete_key): Ditto.
+
+ gpg: Make keyidlist more robust in case of errors.
+ + commit 50a568e7380752454c029eac2b57d8803b1cb287
+ * g10/keyserver.c (keyidlist): Clear *KLIST on error.
+
+ gpg: Take care of keydb_new returning NULL.
+ + commit a28ac99efead8be73ea1704abe1611ccc4811c54
+ * g10/keydb.c (keydb_new): Print an error message if needed. Also use
+ xtrycalloc because we return an error anyway.
+ * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
+ * g10/export.c (do_export_stream): Ditto.
+ * g10/getkey.c (get_pubkey): Ditto.
+ (get_pubkey_fast): Ditto.
+ (get_pubkeyblock): Ditto.
+ (get_seckey): Ditto.
+ (key_byname): Ditto.
+ (get_pubkey_byfprint): Ditto.
+ (get_pubkey_byfprint_fast): Ditto.
+ (parse_def_secret_key): Ditto.
+ (have_secret_key_with_kid): Ditto.
+ * g10/import.c (import_one): Ditto.
+ (import_revoke_cert): Ditto.
+ * g10/keyedit.c (keyedit_quick_adduid): Ditto.
+ * g10/keygen.c (quick_generate_keypair): Ditto.
+ (do_generate_keypair): Ditto.
+ * g10/trustdb.c (validate_keys): Ditto.
+ * g10/keyserver.c (keyidlist): Ditto.
+ * g10/revoke.c (gen_desig_revoke): Ditto.
+ (gen_revoke): Ditto.
+ * g10/gpg.c (check_user_ids): Ditto.
+ (main): Do not print an error message for keydb_new error.
+ * g10/keylist.c (list_all): Use actual error code returned by
+ keydb_new.
+
+ * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
+ * g10/t-keydb.c (do_test): Ditto.
+
+ * g10/keyring.c (keyring_new): Actually return an error so that the
+ existing keydb_new error checking makes sense for a keyring resource.
+ (keyring_rebuild_cache): Take care of keyring_new returning an error.
+
+ gpg: Change some error messages.
+ + commit 9fcc047d921bde95b6807325b7fd2b697e89907f
+ * g10/getkey.c (parse_def_secret_key): Change error message. Replace
+ log_debug by log_info.
+ * g10/gpg.c (check_user_ids): Make function static. Change error
+ messages.
+ (main): Change error messages.
+ * g10/revoke.c (gen_revoke): Ditto.
+
+2015-12-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix "Conflicting usage" bug.
+ + commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3
+ * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
+ got an error from apdu_disconnect.
+ * scd/app-common.h (no_reuse): Remove.
+ * scd/app.c (application_notify_card_reset): Deallocate APP here.
+ (select_application, release_application): Don't use NO_REUSE.
+
+ scd: Fix for Curve25519 prefix handling.
+ + commit 11b2691eddc42e91651e4f95dd2731255a3e9211
+ * scd/app-openpgp.c (do_decipher): More condition for AES decipher.
+ Handle the prefix in cipher text. Always add the prefix in result.
+
+2015-12-03 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Use the matching key if the search description is exact.
+ + commit cedbd4709eed6fead9d1b271f96860c00547c77c
+ * g10/gpg.c (check_user_ids): If the search description is for an
+ exact match (a keyid or fingerprint that ends in '!'), then use the
+ matching key, not the primary key.
+ * tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
+ (priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
+ privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
+ privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
+ privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
+ privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
+ (sample_keys): Add
+ samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
+ * tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
+ New file.
+ * tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
+ New file.
+ * tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
+ New file.
+ * tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
+ New file.
+ * tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
+ New file.
+ * tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
+ New file.
+ * tests/openpgp/use-exact-key.test: New file.
+ * tests/openpgp/version.test: Install the new private keys.
+
+2015-12-02 Werner Koch <wk@gnupg.org>
+
+ build: Require at least Libassuan 2.4.1.
+ + commit 69db3285e4612ad24462149a4d64cc32c090a491
+ * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
+ * agent/gpg-agent.c (create_server_socket): Remove check for
+ libassuan >= 2.3.0 and >= 2.1.4.
+ (main): Remove check for libassuan >= 2.1.4.
+ * scd/scdaemon.c (create_server_socket): Remove check for
+ libassuan >= 2.1.4.
+ * dirmngr/dirmngr.c (set_tor_mode): Remove check for
+ libassuan >= 2.3.0.
+ * dirmngr/http.c (http_raw_connect, send_request): Remove checks for
+ libassuan >= 2.3.0.
+
+2015-12-02 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Improve documentation.
+ + commit 28195f8d27aa0fc9daf5b74fb24de87c36e04739
+ * g10/tofu.c (initdb): Improve documentation.
+
+ gpg: Fix type mismatch resulting in a buffer overflow.
+ + commit c73d75103cbd34975e2bd28e9924caee05eaf829
+ * g10/tofu.c (record_binding): Change policy_old's type from an enum
+ tofu_policy to a long: this variable is passed by reference and a long
+ is expected.
+
+2015-12-02 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Switch to an onion address if Tor is running.
+ + commit 28e2513721ff0cec920564d4087f3600cce8672e
+ * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
+ * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
+ --keyserver options.
+ * dirmngr/server.c (server_local_s): Add field 'tor_state'.
+ (release_uri_item_list): New.
+ (release_ctrl_keyservers): Use it.
+ (start_command_handler): Release list of keyservers.
+ (is_tor_running): New.
+ (cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
+ (ensure_keyserver): Rewrite.
+ * g10/dirmngr-conf.skel: Add two keyserver options.
+
+ http: Enhance parser to detect .onion addresses.
+ + commit 17ac843871d5f350f26edff0187f94ced923f534
+ * dirmngr/http.h (parsed_uri_s): Add flag 'onion'.
+ * dirmngr/http.c (do_parse_uri): Set that flag.
+ * dirmngr/t-http.c (main): Print flags.
+
+2015-12-02 Neal H. Walfield <neal@g10code.com>
+
+ common,gpg: Fix processing of search descriptions ending in '!'.
+ + commit 10cca02c4c70eee993d4df0a1d20ae841992efe9
+ * g10/gpg.c (check_user_ids): If the search description describes a
+ keyid or fingerprint and ends in a '!', include the '!' in the
+ rewritten description.
+ * common/userids.c (classify_user_id): Accept keyids and fingerprints
+ ending in '!'.
+
+2015-12-01 Justus Winter <justus@g10code.com>
+
+ dirmngr: Improve error handling.
+ + commit 9c34711539fc2c34aea8da0fd49ae6aa28991518
+ * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
+ checking for errors, but silently ignore errors when looking up SRV
+ records.
+
+2015-12-01 Werner Koch <wk@gnupg.org>
+
+ build: Let configure show the the status of Tor support.
+ + commit 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d
+ * configure.ac (show_tor_support): New
+
+2015-11-30 Werner Koch <wk@gnupg.org>
+
+ doc: Make make distcheck work again.
+ + commit 4ecb5db804003c10c57bdc0dc7f1d9649c5ba6f8
+ * doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1
+
+ yat2m: Add keyword @url.
+ + commit b4756a54a55fcd51717c149e19191a2eeaa6a919
+ * doc/yat2m.c (proc_texi_cmd): Add keyword @url.
+
+ doc: Build man pages with the same date as the info files.
+ + commit 081c902f16a2f251df4593f090b3978dfa473a26
+ * doc/Makefile.am (yat2m-stamp): Use option --date.
+
+ yat2m: New option --date.
+ + commit 75eb071354d1f862bac09c56c8ab81dae8883270
+ * doc/yat2m.c (opt_date): new.
+ (isodatestring): Use it if set.
+ (main): New option --date.
+
+2015-11-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid extra translation strings.
+ + commit 686f31c3d5aee0d2825265869ae92ca95cdcabae
+ * g10/keyedit.c (menu_expire): Use only one prompt.
+
+ kbx: Include gpg-error prior to mischelp.h.
+ + commit 436a154ea85e4dffbde7c3b316fbfca1b066aa2a
+ * kbx/keybox-init.c: Change order of includes.
+
+ gpg,w32: Fix a format string error.
+ + commit 7c856f99144b84ac30e0c9a192f09dc36d93190a
+ * g10/keyring.c (keyring_search): Fix format string for off_t.
+
+ Silence compiler warnings related to not using assuan_fd_t.
+ + commit 501436ab0f9d8e7d56b2f5e344006be5f5a3c653
+ * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
+ declaration was already fixed by a previous change.
+ * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
+
+ Avoid incompatible pointer assignment warnings on Windows.
+ + commit 64e87083394d38998feab359caac917bcc6139d3
+ * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
+ * dirmngr/server.c (data_line_cookie_write): Ditto.
+ * sm/certdump.c (format_name_writer): Ditto.
+ * sm/server.c (data_line_cookie_write): Ditto.
+ * dirmngr/http.c (cookie_read, cookie_write): Ditto.
+
+ dirmngr: Avoid a declarations after statements.
+ + commit 100f34e869df899a695f5e5ef1b8e092baf91751
+ * tools/gpgtar.c (parse_arguments): Use a block for a local varibale
+ definition.
+
+ dirmngr: Avoid casting away a const from an char**.
+ + commit 6501741d2c1beb8060198a39a1aa950cb11b386f
+ * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from
+ global variables.
+
+ dirmngr: Allow testing for a running Tor via "getinfo tor".
+ + commit da5a232199ef93be219e933a7eaf4ccfc6d24d61
+ * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not
+ running.
+
+2015-11-26 Werner Koch <wk@gnupg.org>
+
+ g13: Fix commit 1a045b13.
+ + commit 82f6abb4807c89388052ab442368d9e09fb84aea
+ * g13/g13.c (main): Use existsing function.
+
+ common: Fix off-by-one access in the new format_text.
+ + commit 61941a984964308b09c7fc1b3438fb99d0b3c917
+ * common/stringhelp.c (format_text): Use existsing fucntion to trim
+ trailing spaces. Fix off-by-one access.
+
+ dirmngr: Improve output of "getinfo tor".
+ + commit d226e67856e7197c581dcd2cef0f1e687bee0ac9
+ * dirmngr/server.c (cmd_getinfo): Print a message along with OK.
+
+ dirmngr: Let Libassuan employ nPth wrappers for connect.
+ + commit f95cff1cc9e7a4d9f6b7c45188ec47e70f9874dc
+ * dirmngr/http.c (my_unprotect, my_protect): Remove.
+ (connect_server): Do not use these wrappers.
+
+2015-11-26 Justus Winter <justus@g10code.com>
+
+ tools/gpgtar: Add '--dry-run'.
+ + commit 676b2d7081291f7e47a66755ab07af259fea130b
+ * tools/gpgtar-extract.c (extract_{regular,directory}): Honor
+ '--dry-run'.
+ * tools/gpgtar.c (enum cmd_and_opt_values): New value.
+ (opts): Add '--dry-run'.
+ (parse_arguments): Handle '--dry-run'.
+ * tools/gpgtar.h (opt): Add field 'dry_run'.
+
+ tools/gpgtar: Handle '--gpg-args'.
+ + commit 69a8440f44fa025e33a4cc32d17695c9ac385043
+ * tools/gpgtar-create.c (gpgtar_create): Use given arguments.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+ * tools/gpgtar.c (enum cmd_and_opt_values): New value.
+ (opts): Add 'gpg-args'.
+ (parse_arguments): Handle arguments.
+ * tools/gpgtar.h (opt): Add field 'gpg_arguments'.
+ * tests/openpgp/gpgtar.test: Simplify accordingly.
+
+ common: Make the GPG arguments configurable in call-gpg.
+ + commit 1a045b1324efabe7423a8d00245f01718ed72556
+ * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'.
+ (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise.
+ (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise.
+ * common/call-gpg.h: Adapt prototypes.
+ * g13/create.c (encrypt_keyblob): Adapt callsite.
+ * g13/g13-common.h (opt): Add field 'gpg_arguments'.
+ * g13/g13.c (main): Construct default arguments.
+ * g13/mount.c (decrypt_keyblob): Adapt callsite.
+ * tools/gpgtar-create.c (gpgtar_create): Likewise.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+
+ tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip.
+ + commit 2eb3248058330dd5c37560d9887db5b5266c54fe
+ * tools/gpgtar.c (enum cmd_and_opt_values): New value.
+ (opts): Add new group for tar options, rearrange a little, add
+ '--tar-args'.
+ (tar_opts): New variable.
+ (shell_parse_stringlist): New function.
+ (shell_parse_argv): Likewise.
+ (parse_arguments): Add option argument, handle '--tar-args'.
+ (main): Fix invokation of 'parse_arguments'.
+ * tests/openpgp/gpgtar.test: Simplify decryption.
+
+ tools/gpgtar: Rework argument parsing.
+ + commit 35c0c8b211bc891335e822379b33ea34fbc1f84f
+ * tools/gpgtar.c (main): Move argument parsing into its own function.
+
+2015-11-25 Justus Winter <justus@g10code.com>
+
+ tests: Add tests for gpgtar and gpg-zip.
+ + commit 556e8c44267fe3b829ca06286e9b5637ca1a6a73
+ * tests/openpgp/Makefile.am (TESTS): Add new file.
+ * tests/openpgp/gpgtar.test: New file.
+
+ tools/gpgtar: Handle '--directory' argument.
+ + commit 127aba9a4d6c1aabb4a18a74b16d3bddc6eb5c54
+ * tools/gpgtar-extract.c (gpgtar_extract): Only generate a directory
+ name if none is given via arguments.
+ * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
+ (opts): Add argument.
+ (main): Parse argument.
+ * tools/gpgtar.h (opt): New field 'directory'.
+
+ tools/gpgtar: Handle '--gpg' argument.
+ + commit 89e104eb38c3a6896892ff09db11cb1bae2bb0d3
+ * tools/gpgtar-create.c (gpgtar_create): Use given gpg program.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+ * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
+ (opts): Add argument.
+ (main): Handle argument.
+ * tools/gpgtar.h (opt): Add field 'gpg_program'.
+
+ tools/gpgtar: Improve error handling.
+ + commit f76fb047c15914ba44dc9423d235484758bcd721
+ * tools/gpgtar-create.c (gpgtar_create): Return an error code, fix
+ error handling.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
+ * tools/gpgtar-list.c (read_header): Return an error code.
+ (gpgtar_list): Return an error code, fix error handling.
+ (gpgtar_read_header): Return an error code.
+ * tools/gpgtar.c: Add missing include.
+ (main): Print an generic error message if a command failed and no
+ error has been printed yet.
+ * tools/gpgtar.h (gpgtar_{create,extract,list,read_header}): Fix the
+ prototypes accordingly.
+
+ tools: Add encryption and decryption support to gpgtar.
+ + commit 40dbee86f3043aff8a8c2055521e270318e33068
+ * tools/Makefile.am: Amend CFLAGS and LDADD.
+ * tools/gpgtar-create.c (gpgtar_create): Add encrypt flag and encrypt
+ stream if requested.
+ * tools/gpgtar-extract.c (gpgtar_extract): Likewise for decryption.
+ * tools/gpgtar-list.c (gpgtar_list): Likewise.
+ * tools/gpgtar.c (main): Initialize npth and assuan. Parse recipient
+ and local user, and note which flags are currently ignored. Adapt
+ calls to gpgtar_list and friends.
+ (tar_and_encrypt): Drop stub function and prototype.
+ (decrypt_and_untar): Likewise.
+ (decrypt_and_list): Likewise.
+ * tools/gpgtar.h (gpgtar_{create,extract,list}): Add encryption or
+ decryption argument.
+
+ common: Add stream interface to call-pgp.
+ + commit 03bf88f32c8d203d5b3bfbbc48cc45e6c08cc187
+ * common/call-gpg.c (struct writer_thread_parms): Add field 'stream'.
+ (writer_thread_main): Support reading from a stream.
+ (start_writer): Add stream argument.
+ (struct reader_thread_parms): Add field 'stream'.
+ (reader_thread_main): Support writing to a stream.
+ (start_reader): Add stream argument.
+ (_gpg_encrypt): Add stream api.
+ (gpg_encrypt_blob): Adapt accordingly.
+ (gpg_encrypt_stream): New function.
+ (_gpg_decrypt): Add stream api.
+ (gpg_decrypt_blob): Adapt accordingly.
+ (gpg_decrypt_stream): New function.
+ * common/call-gpg.h (gpg_encrypt_stream): New prototype.
+ (gpg_decrypt_stream): Likewise.
+
+ common: Refactor the call-gpg code.
+ + commit cb18d802308bde4e28219417bb4d107a4c0001b4
+ * common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code
+ into two new functions, _gpg_encrypt and _gpg_decrypt.
+
+ g13: Move 'call-gpg.c' to common.
+ + commit ba1a5cc17d43d9cba32447876f06a8ab8f97e5ae
+ * common/Makefile.am (common_sources): Add files.
+ * g13/call-gpg.c: Move to 'common' and adapt slightly. Add a
+ parameter to let callees override the gpg program to execute.
+ * g13/call-gpg.h: Likewise.
+ * g13/Makefile.am (g13_SOURCES): Drop files.
+ * g13/create.c (encrypt_keyblob): Hand in the gpg program to execute.
+ * g13/mount.c (decrypt_keyblob): Likewise.
+
+2015-11-24 Neal H. Walfield <neal@g10code.com>
+
+ gpg: When comparing keyids, use the keyid, not the fingerprint's suffix.
+ + commit e9c16fee2576c772de9d4fb5d53fee28e4b84202
+ * g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
+ inline tests. Don't compare P to the suffix of the fingerprint. If P
+ appears to be a keyid, do an exact compare against the keyid. If it
+ appears to be a fingerprint, do an exact compare against the
+ fingerprint.
+
+2015-11-23 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Reflow long texts.
+ + commit 19362a8dd7ee986c082a5afc5a446f939991ec0f
+ * common/stringhelp.c (format_text): New function.
+ * common/t-stringhelp.c (stresc): New function.
+ (test_format_text): New function. Test format_text.
+ * g10/tofu.c (get_trust): Use format_text to reflow long texts.
+ (show_statistics): Likewise.
+
+ common: Extend utf8_charcount to include the string's length.
+ + commit 5b84b0d660c8329e184d98682665aaea7e1703d2
+ * common/stringhelp.c (utf8_charcount): Take additional parameter,
+ len. Process at most LEN bytes.
+
+2015-11-23 Justus Winter <justus@g10code.com>
+
+ dirmngr: Fix http lookups when libadns is used.
+ + commit b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3
+ * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
+
+ dirmngr: Fix SRV record lookups when using the system resolver.
+ + commit 946faaff04f3340ed6db9e89c5036dc5f9beca6a
+ * dirmngr/dns-stuff.c (getsrv): Fix error handling.
+
+ dirmngr: Honor ports specified in SRV records.
+ + commit 73c1a86ad937d7be027eece991c69aaeb6a1f092
+ * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
+ (create_new_hostinfo): Initialize 'port'.
+ (add_host): Add host parameter and update the hosttable entry.
+ (map_host): Return port if known, adjust calls to 'add_host'.
+ (make_host_part): Let 'map_host' specify the port if known.
+
+ dirmngr: Support hkp server pools using SRV records.
+ + commit c9f5aa15793b3c05c1b92af401b23ab34d3e6196
+ * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
+
+ dirmngr: Refactor 'map_host'.
+ + commit 3f52f6bcacfe3877d30a21464e93e9240bc75085
+ * dirmngr/ks-engine-hkp.c (add_host): New function.
+ (map_host): Use the new function.
+
+ dirmngr: Fix pool detection.
+ + commit 23ea641ba2a063cc99c82869061703d48bc674b2
+ * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
+
+ dirmngr: Refactor 'map_host'.
+ + commit 2b43a0515868b8720009e48d7a1f32d571767f14
+ * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
+ (map_host): Use the new function.
+
+ dirmngr: Start dirmngr on demand.
+ + commit a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584
+ * common/asshelp.h: Include 'util.h'.
+ * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
+ to the dirmngr.
+ (start_dirmngr): Drop now unused declaration and function.
+
+2015-11-23 Neal H. Walfield <neal@g10code.com>
+
+ gpg: If sqlite is not available, don't build things depending on it.
+ + commit 770c06ed4e6c1097d6e305a0a9427c3c783b787c
+ * configure.ac: Define the automake conditional SQLITE3.
+ * tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
+ to...
+ (sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
+ defined, then clear this variable.
+
+ gpg: Allow updating the expiration time of multiple subkeys at once.
+ + commit b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1
+ * g10/keyedit.c (menu_expire): Allow updating the expiration time of
+ multiple subkeys at once.
+
+ gpg: Don't crash if key is not passed an argument.
+ + commit 19f099463c82c119288a05eaefc42bf09d617377
+ * g10/keyedit.c (menu_select_key): Don't crash if P is NULL.
+
+2015-11-20 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fail if the search description passed to --gen-revoke is ambiguous.
+ + commit 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e
+ * g10/revoke.c (gen_revoke): Error out if the search description is
+ ambiguous.
+
+ gpg: Refactor print_seckey_info.
+ + commit f8a65ac96b27a0963892892ce6e93b37b8df1ad7
+ * g10/keylist.c (print_seckey_info): Break formatting functionality
+ into...
+ (format_seckey_info): ... this new function.
+
+ gpg: Improve an error message.
+ + commit 46e128d44a0456dc603bc9e25a4c5d8da903b078
+ * g10/revoke.c (gen_revoke): Provide a more descriptive error message
+ if searching for a key fails.
+
+2015-11-19 Justus Winter <justus@g10code.com>
+
+ dirmngr: Improve error handling.
+ + commit 6b14df5525777ee0330a34a7b335359f562616a4
+ * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break.
+
+ dirmngr: Fix memory leak.
+ + commit b223cde311e4e02f7983e33fe3d7214287dfb678
+ * dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
+ arguments.
+
+ agent: Improve error handling.
+ + commit a1650b1edf80c2526c0576547b3a574e8d30f1fa
+ * agent/trustlist.c (istrusted_internal): Initialize 'err'.
+
+ common: Avoid undefined behavior.
+ + commit eb957ffc4797fb019c505510295af244baf5be38
+ * common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter'
+ will make use of it.
+
+ g10: Avoid undefined behavior.
+ + commit 52f7f195b119dc01bdf3ae200fdc8e04a0bb9bcb
+ * g10/trust.c (clean_one_uid): Avoid a computation involving an
+ uninitialized value.
+
+ scd: Improve error handling.
+ + commit 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d
+ * scd/app-openpgp.c (get_public_key): Improve error handling.
+
+2015-11-18 Justus Winter <justus@g10code.com>
+
+ dirmngr: Gracefully handle premature termination of TLS streams.
+ + commit eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e
+ * dirmngr/http.c (close_tls_session): New function.
+ (session_unref): Use the new function to close the TLS stream.
+ (cookie_read): If the stream terminated prematurely, close it and
+ return a short read.
+
+2015-11-17 Neal H. Walfield <neal@g10code.com>
+ Michael Mönch <michael.moench@marktjagd.de>
+
+ tools: Fix option parsing for gpg-zip.
+ + commit 84ebf15b06e435453b2f58775f97a3a1c61a7e55
+ * tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
+ Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar.
+
+2015-11-17 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Allow selecting subkeys using a keyid.
+ + commit 0b86c7463c8c057496b38e06c00f0ae4288dad49
+ * g10/keyedit.c (menu_select_key): Take an additional argument, p.
+ Update callers. If P is a hex string, then assume that P is a key id
+ or fingerprint and select subkeys with matching key ids or
+ fingerprints.
+ * doc/gpg.texi: Update documentation for the key subcommand.
+
+2015-11-17 Justus Winter <justus@g10code.com>
+
+ dirmngr: Fix specifying keyservers by IP address.
+ + commit 1e3dbb15affd6d75a477aa17715d8e5470988c08
+ * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
+ entry instead of creating another one.
+
+2015-11-17 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Change keydb_search to not return legacy keys.
+ + commit 58e4a492e2c8e908d16135486ed601f602f1e38d
+ * g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
+ If set, skip any legacy keys. Update callers.
+ * g10/keydb.c (keydb_search): Skip any legacy keys.
+ (keydb_search_first): Don't skip legacy keys. Treat them
+ as an error.
+ (keydb_search_next): Likewise.
+ (keydb_search_fpr): Likewise.
+ * g10/export.c (do_export_stream): Likewise.
+ * g10/getkey.c (lookup): Likewise.
+ (have_secret_key_with_kid): Likewise.
+ * g10/keylist.c (list_all): Likewise.
+ (keyring_rebuild_cache): Likewise.
+ * g10/keyserver.c (keyidlist): Likewise.
+ * g10/trustdb.c (validate_key_list): Likewise.
+
+ gpg: Correctly handle an error.
+ + commit 848726f5c02faddb0b0fd24ce1a66893f5325675
+ * g10/keyring.c (keyring_search): If a compare function returns an
+ error, treat it as an error.
+
+ gpg: Correctly handle keyblocks followed by legacy keys.
+ + commit ad9befab12376b3a49cde410996ac9f0013d0871
+ * g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
+ packet after already having some non-legacy packets, then treat the
+ legacy packet as a keyblock boundary, not as part of the keyblock.
+ * g10/t-keydb-get-keyblock.c: New file.
+ * g10/t-keydb-get-keyblock.gpg: New file.
+ * g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
+ (module_tests): Add t-keydb-get-keyblock.
+ (t_keydb_get_keyblock_SOURCES): New variable.
+ (t_keydb_get_keyblock_LDADD): Likewise.
+
+ gpg: Make debugging search descriptors easier.
+ + commit 11ec4785df1646643966d872b1b53ef675092c98
+ * g10/keydb.c (dump_search_desc): Rename from this...
+ (keydb_search_desc_dump): ... to this. Only process a single search
+ descriptor. Improve output. Don't mark as static. Update callers.
+
+ gpg: Add function format_keyid.
+ + commit a052c30d31c0f6b532fea081f4a9bee083f5440f
+ * g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
+ * g10/keyid.c (format_keyid): New function.
+ (keystr): Use it.
+
+ gpg: Use a more appropriate error code.
+ + commit eae982ed6d69644258afe9c4ad1be553853d8403
+ * g10/gpg.c (check_user_ids): Return a more appropriate error code if
+ a user id is ambiguous.
+
+2015-11-17 Justus Winter <justus@g10code.com>
+
+ Fix typos found using codespell.
+ + commit a9e0905342e847e8961ec4fe9b3aaedf05e33423
+ * agent/cache.c: Fix typos.
+ * agent/call-pinentry.c: Likewise.
+ * agent/call-scd.c: Likewise.
+ * agent/command-ssh.c: Likewise.
+ * agent/command.c: Likewise.
+ * agent/divert-scd.c: Likewise.
+ * agent/findkey.c: Likewise.
+ * agent/gpg-agent.c: Likewise.
+ * agent/w32main.c: Likewise.
+ * common/argparse.c: Likewise.
+ * common/audit.c: Likewise.
+ * common/audit.h: Likewise.
+ * common/convert.c: Likewise.
+ * common/dotlock.c: Likewise.
+ * common/exechelp-posix.c: Likewise.
+ * common/exechelp-w32.c: Likewise.
+ * common/exechelp-w32ce.c: Likewise.
+ * common/exechelp.h: Likewise.
+ * common/helpfile.c: Likewise.
+ * common/i18n.h: Likewise.
+ * common/iobuf.c: Likewise.
+ * common/iobuf.h: Likewise.
+ * common/localename.c: Likewise.
+ * common/logging.c: Likewise.
+ * common/openpgp-oid.c: Likewise.
+ * common/session-env.c: Likewise.
+ * common/sexputil.c: Likewise.
+ * common/sysutils.c: Likewise.
+ * common/t-sexputil.c: Likewise.
+ * common/ttyio.c: Likewise.
+ * common/util.h: Likewise.
+ * dirmngr/cdblib.c: Likewise.
+ * dirmngr/certcache.c: Likewise.
+ * dirmngr/crlcache.c: Likewise.
+ * dirmngr/dirmngr-client.c: Likewise.
+ * dirmngr/dirmngr.c: Likewise.
+ * dirmngr/dirmngr_ldap.c: Likewise.
+ * dirmngr/dns-stuff.c: Likewise.
+ * dirmngr/http.c: Likewise.
+ * dirmngr/ks-engine-hkp.c: Likewise.
+ * dirmngr/ks-engine-ldap.c: Likewise.
+ * dirmngr/ldap-wrapper.c: Likewise.
+ * dirmngr/ldap.c: Likewise.
+ * dirmngr/misc.c: Likewise.
+ * dirmngr/ocsp.c: Likewise.
+ * dirmngr/validate.c: Likewise.
+ * g10/encrypt.c: Likewise.
+ * g10/getkey.c: Likewise.
+ * g10/gpg.c: Likewise.
+ * g10/gpgv.c: Likewise.
+ * g10/import.c: Likewise.
+ * g10/keydb.c: Likewise.
+ * g10/keydb.h: Likewise.
+ * g10/keygen.c: Likewise.
+ * g10/keyid.c: Likewise.
+ * g10/keylist.c: Likewise.
+ * g10/keyring.c: Likewise.
+ * g10/mainproc.c: Likewise.
+ * g10/misc.c: Likewise.
+ * g10/options.h: Likewise.
+ * g10/packet.h: Likewise.
+ * g10/parse-packet.c: Likewise.
+ * g10/pkclist.c: Likewise.
+ * g10/pkglue.c: Likewise.
+ * g10/plaintext.c: Likewise.
+ * g10/server.c: Likewise.
+ * g10/sig-check.c: Likewise.
+ * g10/sqlite.c: Likewise.
+ * g10/tdbio.c: Likewise.
+ * g10/test-stubs.c: Likewise.
+ * g10/tofu.c: Likewise.
+ * g10/trust.c: Likewise.
+ * g10/trustdb.c: Likewise.
+ * g13/create.c: Likewise.
+ * g13/mountinfo.c: Likewise.
+ * kbx/keybox-blob.c: Likewise.
+ * kbx/keybox-file.c: Likewise.
+ * kbx/keybox-init.c: Likewise.
+ * kbx/keybox-search-desc.h: Likewise.
+ * kbx/keybox-search.c: Likewise.
+ * kbx/keybox-update.c: Likewise.
+ * scd/apdu.c: Likewise.
+ * scd/app-openpgp.c: Likewise.
+ * scd/app-p15.c: Likewise.
+ * scd/app.c: Likewise.
+ * scd/ccid-driver.c: Likewise.
+ * scd/command.c: Likewise.
+ * scd/iso7816.c: Likewise.
+ * sm/base64.c: Likewise.
+ * sm/call-agent.c: Likewise.
+ * sm/call-dirmngr.c: Likewise.
+ * sm/certchain.c: Likewise.
+ * sm/gpgsm.c: Likewise.
+ * sm/import.c: Likewise.
+ * sm/keydb.c: Likewise.
+ * sm/minip12.c: Likewise.
+ * sm/qualified.c: Likewise.
+ * sm/server.c: Likewise.
+ * tools/gpg-check-pattern.c: Likewise.
+ * tools/gpgconf-comp.c: Likewise.
+ * tools/gpgkey2ssh.c: Likewise.
+ * tools/gpgparsemail.c: Likewise.
+ * tools/gpgtar.c: Likewise.
+ * tools/rfc822parse.c: Likewise.
+ * tools/symcryptrun.c: Likewise.
+
+2015-11-16 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix error checking and improve error reporting.
+ + commit 8e2bea22b0927f4f95a248cc7517f407a705d8a8
+ * g10/gpg.c (check_user_ids): Differentiate between a second result
+ and an error. If the key specification is ambiguous or an error
+ occurs, set RC appropriately.
+
+2015-11-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Use only one fingerprint formatting function.
+ + commit 3689c2105aab6a4304e9464c5b20207d69b9a133
+ * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
+ * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
+ Change all callers.
+ (format_hexfingerprint): New.
+ * g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
+ * g10/tofu.c (fingerprint_format): Remove. Replace calls by
+ format_hexfingerprint.
+
+2015-11-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Simplify the tofu interface by using the public key packet.
+ + commit e7d7160ab7cd4e6b460bfe36fd3a7275adadb4e2
+ * g10/tofu.c (fingerprint_str): Remove.
+ (tofu_register): Take a public key instead of a fingerprint as arg.
+ Use hexfingerprint() to get a fpr from the PK.
+ (tofu_get_validity): Ditto.
+ (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
+ * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
+ instead of the fingerprint to the tofu functions.
+
+ gpg: Make trusted-key override for Tofu robust against swapped tofu.db.
+ + commit 7de8376430625c1f6f3a58ae16276deca8ff6a82
+ * g10/tofu.c (get_trust): For the UTK check lookup the key by
+ fingerprint.
+
+ gpg: Fix regression in --locate-keys (in 2.1.9).
+ + commit 7e59fb21f728b5f54468cd35b1415a2f86003d4f
+ * g10/getkey.c (getkey_ctx_s): Add field "extra_list".
+ (get_pubkey_byname): Store strings in the context.
+ (getkey_end): Free EXTRA_LIST.
+
+2015-11-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a new EXPORTED status line.
+ + commit 2038adf16d0e7eeb614043aae17b16a867de6b70
+ * common/status.h (STATUS_EXPORTED): New.
+ * g10/export.c (print_status_exported): New.
+ (do_export_stream): Call that function.
+
+ gpg: Print export statistics to the status-fd.
+ + commit e3c48335f9c5081c6080bceafa7a04140403427a
+ * common/status.h (STATUS_EXPORT_RES): New.
+ * g10/main.h (export_stats_t): New.
+ * g10/export.c (export_stats_s): New.
+ (export_new_stats, export_release_stats): New.
+ (export_print_stats): New.
+ (export_pubkeys, export_seckeys, export_secsubkeys)
+ (export_pubkey_buffer, do_export): Add arg "stats".
+ (do_export_stream): Add arg stats and update it.
+ * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
+ pass, and print a stats object to the export function calls.
+
+ * g10/export.c (export_pubkeys_stream): Remove unused function.
+
+ dirmngr: Do not block during ADNS calls.
+ + commit a3b26d6c0839ec18d1dc226bb537d5067c86d574
+ * dirmngr/dns-stuff.c: Include npth.h
+ (my_unprotect, my_protect): New wrapper.
+ (resolve_name_adns): Put unprotect/protect around adns calls.
+ (get_dns_cert): Ditto.
+ (getsrv): Ditto.
+ (get_dns_cname): Ditto.
+
+ dirmngr: New option --nameserver.
+ + commit a2cc1d57552ccac7b2f9a0c6423b171b2a168b2a
+ * dirmngr/dirmngr.c (oNameServer): New.
+ (opts): Add --nameserver.
+ (parse_rereadable_options): Act upon oNameServer.
+ * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
+ (tor_nameserver): New.
+ (set_dns_nameserver): New.
+ (my_adns_init): Make name server configurable.
+
+2015-11-11 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix cache consistency problem.
+ + commit 7546e818791988c00b8635dab5b899265d8d9f42
+ g10/keyring.c (keyring_search): Only mark the cache as completely
+ filled if we start the scan from the beginning of the keyring.
+
+2015-11-10 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Default to the the PGP trust model.
+ + commit 67c701d1e53f56305e3b8771c683c45bb9672305
+ * g10/trustdb.c (init_trustdb): If we can't read the trust model from
+ the trust DB, default to TM_PGP, not TM_TOFU_PGP.
+
+ gpg: Default to the flat TOFU DB format.
+ + commit 951f277b6bf8178560105538d38e2a07a96865bd
+ * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
+ is no TOFU DB, default to the flat format.
+
+2015-11-09 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Change to new ADNS Tor mode init scheme.
+ + commit 288c9919dc45496b2380eeac487a8539692d6842
+ * dirmngr/dns-stuff.c (tor_credentials): New.
+ (enable_dns_tormode): Add arg new_circuit and update tor_credentials.
+ (my_adns_init): Rework to set Tor mode using a config file options and
+ always use credentials.
+ * dirmngr/server.c (cmd_dns_cert): Improve error message.
+ * dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
+
+ dirmngr: Improve detection of ADNS.
+ + commit f92e95175e90120362a7d6376fb32307e11267b5
+ * configure.ac (HAVE_ADNS_FREE): New ac_define.
+
+2015-11-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add reder information to --card-status.
+ + commit bce0e3f71df0709a7d323a688ddf2690c1727a6c
+ * g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
+ g10/card-util.c (card_status): Add READER.
+ * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
+ (apdu_get_reader_name): New.
+ * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
+ * scd/command.c (cmd_learn): Return READER information.
+
+2015-11-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid new strings.
+ + commit 2242658efe0c975a46c3316bc9171ddbce085e2c
+ * g10/decrypt-data.c (decrypt_data): Use already translated strings.
+
+ common: Fix commit f99830b.
+ + commit 20125333e7b822e8c70ac8cef986649f0654eb56
+ * common/userids.c (classify_user_id): Avoid underflow. Use spacep to
+ also trim tabs.
+
+2015-11-06 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix formatting string.
+ + commit 28e198201e580b39bceb9c151df07fc0e936a91d
+ * g10/decrypt-data.c (decrypt_data): Fix formatting string.
+
+ gpg: Add new option --only-sign-text-ids.
+ + commit a74aeb5dae1f673fcd98b39a6a0496f3c622709a
+ * g10/options.h (opt): Add field only_sign_text_ids.
+ * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
+ (opts): Handle oOnlySignTextIDs.
+ (main): Likewise.
+ * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
+ select non-text based IDs automatically.
+ (keyedit_menu): Adapt the prompt asking to sign all user ids according
+ to OPT.ONLY_SIGN_TEXT_IDS.
+ * doc/gpg.texi: Document the new option --only-sign-text-ids.
+
+ common: When classifying keyids and fingerprints, reject trailing junk.
+ + commit f99830b72812395da5451152bdd2f2d90a7cb7fb
+ * common/userids.c (classify_user_id): Trim any trailing whitespace.
+ Before assuming that a hexstring corresponds to a key id or
+ fingerprint, make sure that it is NUL terminated.
+
+ gpg: Check for ambiguous or non-matching key specs.
+ + commit e8c53fca954d33366e3494a6d4eecc3868282bcc
+ * g10/gpg.c (check_user_ids): New function.
+ (main): Check that any user id specifications passed to --local-user
+ and --remote-user correspond to exactly 1 user. Check that any user
+ id specifications passed to --default-key correspond to at most 1
+ user. Warn if any user id specifications passed to --local-user or
+ --default-user are possible ambiguous (are not specified by long keyid
+ or fingerprint).
+ * g10/getkey.c (parse_def_secret_key): Don't warn about possible
+ ambiguous key descriptions here.
+
+ common: Add new function strlist_rev.
+ + commit f38bac8883ea2e9ed8e2836f97a953efb85e774c
+ * common/strlist.c (strlist_rev): New function.
+ * common/t-strlist.c: New file.
+ * common/Makefile.am (common_sources): Add strlist.c and strlist.h.
+ (module_tests): Add t-strlist.
+ (t_strlist_LDADD): New variable.
+
+ common: Include required, but not included headers in t-support.h.
+ + commit 23e163473f050d1f2c08f589beb9dab283b7d624
+ * common/t-support.h: Include <stdlib.h> and <stdio.h>.
+
+2015-11-05 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Indicate which characters are invalid.
+ + commit a958ffd148a46f3757d1c309bb13555638044640
+ * g10/keygen.c (ask_user_id): Indicate which characters are invalid.
+
+ gpg: Add support for unwrapping the outer level of encryption.
+ + commit ec409e62aea6cc829299be794f9d035d033cb51b
+ * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
+ copy the data to the output file instead of continuing to process it.
+ * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
+ (opts): Handle oUnwrap.
+ (main): Likewise.
+ * g10/options.h (opt): Add field unwrap_encryption.
+ * g10/plaintext.c (handle_plaintext): Break the output file selection
+ functionality into ...
+ (get_output_file): ... this new function.
+
+ common: Add a function for copying data from one iobuf to another.
+ + commit fd4b9e232805b2e30b29903568c95cc0aad8bbec
+ * common/iobuf.c (iobuf_copy): New function.
+
+ doc: Note that gpgkey2ssh is deprecated.
+ + commit 2b0e0a53b4db8c44e299f57a9f4f9fc1b825e707
+ * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated.
+
+ tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.
+ + commit cd2d685230ecafb7df504ef2b16cf1ec9a014300
+ * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most
+ gratuitous asserts with error messages. Invoke gpg2, not gpg.
+
+2015-11-05 Neal H. Walfield <neal@g10code.com>
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: Add documentation for gpgkey2ssh.
+ + commit 2b27acc3435e73fad7460b551a36b4064cdd58be
+ * doc/tools.texi: Add documentation for gpgkey2ssh.
+
+2015-11-04 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Print a better error message for --multifile --sign --encrypt.
+ + commit 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e
+ * g10/gpg.c (main): Print a better error message for --multifile
+ --sign --encrypt.
+
+ gpg: Add --encrypt-to-default-key.
+ + commit de9b2340153d70b083494d1a277a384dcf43bff0
+ * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
+ export the function.
+ * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
+ (opts): Handle oEncryptToDefaultKey.
+ (main): Likewise.
+ * g10/options.h (opt): Add field encrypt_to_default_key.
+
+ gpg: Allow multiple --default-key options. Take the last available key.
+ + commit e16d7168c54e5f7bc2f0037806ee4f730930eaf0
+ * g10/getkey.c (parse_def_secret_key): New function.
+ (get_seckey_default): Add parameter ctrl. Update callers. Use
+ parse_def_secret_key to get the default secret key, if any.
+ (getkey_byname): Likewise.
+ (enum_secret_keys): Likewise.
+ * g10/options.h (opt): Change def_secret_key's type from a char * to a
+ strlist_t.
+ * g10/gpg.c (main): When processing --default-key, add the key to
+ OPT.DEF_SECRET_KEY.
+ * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers.
+ * g10/mainproc.c (proc_pubkey_enc): Likewise.
+ (do_proc_packets): Likewise.
+ * g10/pkclist.c (default_recipient): Likewise.
+ * g10/pubkey-enc.c (get_session_key): Likewise.
+ * g10/sign.c (clearsign_file): Likewise.
+ (sign_symencrypt_file): Likewise.
+ * g10/skclist.c (build_sk_list): Likewise.
+ * g10/test-stubs.c (get_session_key): Likewise.
+
+2015-11-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix error handling with libusb-compat library.
+ + commit 1e94a672efb8bf66f416bc63bf6670e509a21fe5
+ * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.
+
+ scd: fix change_keyattr.
+ + commit c5a9fedba66361ddd9f596528882750068543298
+ * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.
+
+2015-11-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Change out of core error message.
+ + commit 44ad9f29d43f40bbc1840454880f4af3df1c5295
+ * g10/tofu.c (fingerprint_str): Die with the error code returned by
+ the failed function.
+ (time_ago_str): Ditto. Do not make a comma translatable.
+ (fingerprint_format): Use "%zu" for a size_t.
+
+ gpg: Make translation easier.
+ + commit 62b8cd5495dcac9a0f8a3d88c7bd4cd80997fd3f
+ * g10/import.c (import_secret_one): Split info string for easier
+ translation.
+
+2015-11-03 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Also show when the most recently signed message was observed.
+ + commit 621afac37e5555fd68054531e611ead444b62928
+ * g10/tofu.c (show_statistics): Also show when the most recently
+ signed message was observed.
+
+ gpg: Split a utility function out of a large function.
+ + commit 36326112290b6eef47c9dada30dddbdf408680e4
+ * g10/tofu.c (show_statistics): Break the time delta to string code
+ into...
+ (time_ago_str): ... this new function.
+
+ gpg: Fix message formatting.
+ + commit c8ef9f9a64d13ea8b9b4ade62525243abe2976ba
+ * g10/tofu.c (get_trust): Fix message formatting.
+
+ gpg: Don't store formatting fingerprints in the TOFU DB.
+ + commit 8ae3946d28c43e30ef692ba6cf1a7fa4ed65ecc5
+ * g10/tofu.c (fingerprint_pp): Split this function into...
+ (fingerprint_str): ... this function...
+ (fingerprint_format): ... and this function.
+ (record_binding): Store the unformatted fingerprint in the DB. Only
+ use the formatting fingerprint when displaying a message to the user.
+ (get_trust): Likewise.
+ (show_statistics): Likewise.
+ (tofu_register): Likewise.
+ (tofu_get_validity): Likewise.
+ (tofu_set_policy): Likewise.
+ (tofu_get_policy): Likewise.
+
+2015-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: notify a user when importing stub is skipped.
+ + commit 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4
+ * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
+ when stub_key_skipped.
+ (import_secret_one): Notify a user, suggesting --card-status.
+
+2015-10-31 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Consider newlines to be whitespace in an SQL statement.
+ + commit 18cd09246f5dcddcafb8662afd84fa046e36de3f
+ * g10/sqlite.c (sqlite3_stepx): When making sure that there is no
+ second SQL statement, ignore newlines.
+
+2015-10-30 Werner Koch <wk@gnupg.org>
+
+ common: Improve t-zb32 to be used for manual encoding.
+ + commit d89a9fca46d9bba497dde0793b57217c800b0e8d
+ * common/t-support.h (no_exit_on_fail, errcount): New.
+ (fail): Bump errcount.
+ * common/t-zb32.c (main): Add options to allow manual use.
+
+ common: Add separate header for zb32.c.
+ + commit 5aadb4b62d26e1bfb40a1ce444a81c2a5a56159c
+ * common/util.h (zb32_encode): Move prototype to ...
+ * common/zb32.h: new. Include this for all callers of zb32_encode.
+
+2015-10-29 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Display the correct error message.
+ + commit 641df615da4937b0073c420a0503c5810c237972
+ * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
+ RC does not contain the error code. Save the error code in rc2 and
+ use that.
+
+ gpg: Eliminate a memory leak.
+ + commit d68bdc553a206e54234d5d53ad35c4ba34133118
+ * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
+ failure.
+
+ gpg: Remove unused prototype.
+ + commit ef052591ba51ee16bafc3c5b79d837ed8f01b520
+ g10/keyring.h (keyring_locate_writable): Remove unused prototype.
+
+ gpg: Eliminate a memory leak.
+ + commit 89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e
+ * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.
+
+ gpg: Fix keyring support.
+ + commit 99c84b49b787dab8da26cf61eed24dd4a2b77fd9
+ * g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
+ if it is actually prepared, which it only is if the resource is a
+ keybox.
+
+ gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
+ + commit 421827424fe87855307fe3e803b42ffa02738600
+ * g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
+ (sqlite3_stepx_callback): New declaration.
+ (sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
+ which passes an additional parameter, the sqlite3_stmt *. Update
+ users.
+
+ gpg: Move sqlite helper functions into their own file.
+ + commit 351f4213e192aa11500c0c590d11183edbe326c5
+ * g10/tofu.c (sqlite3_exec_printf): Move from here...
+ * g10/sqlite.c (sqlite3_exec_printf): ... to this new file. Don't
+ mark as static.
+ * g10/tofu.c (sqlite3_stepx): Move from here...
+ * g10/sqlite.c (sqlite3_stepx): ... to this new file. Don't
+ mark as static.
+ * g10/tofu.c (enum sqlite_arg_type): Move from here...
+ * g10/sqlite.h (enum sqlite_arg_type): ... to this new file.
+
+2015-10-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ doc: Don't install gpg-zip.1.
+ + commit d25e29ad9374da1c11ccfc38f392dbab2d707042
+ * doc/Makefile.am (myman_pages): Remove gpg-zip.1.
+ (DISTCLEANFILES): Add gpg-zip.1.
+
+2015-10-28 Werner Koch <wk@gnupg.org>
+
+ sm: Allow combination of usage flags --gen-key.
+ + commit 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8
+ * sm/certreqgen.c (create_request): Re-implement building of the
+ key-usage extension.
+
+2015-10-28 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ doc: Document some changed default options.
+ + commit e095a3fcf2ccc6cc4e258111dc395558069a1164
+ * doc/gpg.texi: Update the description of some options which are
+ now enabled by default.
+
+2015-10-28 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix NULL-deref while loading a CRL.
+ + commit fa15a71daff8414bf4112bc2826dc495ff2fb01f
+ * dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
+ failure.
+
+ dirmngr: Minor cleanup of the SRV RR code.
+ + commit 949a5cfdabcafab93c1ac092c0459b59318805b9
+ * dirmngr/dns-stuff.c: Include unistd.h.
+ (getsrv): Run srand only once.
+ * dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
+ and change output format.
+
+ dirmngr: Add a getaddrinfo wrapper backend using ADNS.
+ + commit e026efb4363bc6e3c41ed533daf06f103ebd2e32
+ * dirmngr/dns-stuff.c: Replace all use of default_errsource.
+ (my_adns_init): Move to top.
+ (resolve_name_adns): New.
+ (resolve_dns_name) [USE_ADNS]: Divert to new func.
+
+2015-10-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not call an extra get_validity if no-show-uid-validity is used.
+ + commit a6c2c098435a703ca02abf651ff4fa45e5a4db9a
+ * g10/mainproc.c (check_sig_and_print): Do not call the informational
+ get_validity if we are not going to use it.
+
+2015-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Ensure all weak digest rejection notices are shown.
+ + commit 91015d021b3dcbe21ad0e580a4f34c523abf9e72
+ * g10/main.h: Add rejection_shown flag to each weakhash struct
+ * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
+ treat MD5 separately; (print_digest_rejected_note): Use
+ weakhash.rejection_shown instead of static shown.
+ * g10/options.h (opt): Change from additional_weak_digests to
+ weak_digests.
+ * g10/sig-check.c: Do not treat MD5 separately.
+ * g10/gpg.c (main): Explicitly set MD5 as weak.
+ * g10/gpgv.c (main): Explicitly set MD5 as weak.
+
+2015-10-26 Werner Koch <wk@gnupg.org>
+
+ w32: Make it build again if Tofu support is not available.
+ + commit 0d37a40fc34519e93af3ceffff2cd726d29576d3
+ * g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
+ functions.
+
+ dirmngr: Support Tor hidden services.
+ + commit 4524a2a3714f263d56bb7db349c169b456994fd9
+ * dirmngr/dns-stuff.c (is_onion_address): New.
+ * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
+ (map_host): Special case onion addresses.
+ (ks_hkp_print_hosttable): Print an 'O' for an onion address.
+ * dirmngr/http.c (connect_server): Special case onion addresses.
+
+ dirmngr,w32: Remove gethostbyname hack and make it build again.
+ + commit 7735bbe539af35ce16e270946d5ae798c5989d6e
+ * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
+ we require getaddrinfo anyway.
+ * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
+ (map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
+
+2015-10-26 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Make sure we only have a single SQL statement.
+ + commit c18fb0d99b633bb267dead6e7c46229f4b780bc3
+ * g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
+ statement.
+
+ gpg: When the TOFU DB is in batch mode, periodically drop the locks.
+ + commit 5b0ed7674dc718ee98e0c80aa93ce014f2b51411
+ * g10/tofu.c: Include <sched.h>.
+ (batch_update_started): New variable.
+ (begin_transaction): If we've been in batch mode for a while, then
+ commit any extant batch transactions.
+ (tofu_begin_batch_update): If we are not in batch mode, initialize
+ batch_update_started.
+
+2015-10-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add workaround for broken getaddrinfo.
+ + commit 5e7ac031f513ad3b60e4f092fa72b3bec0676515
+ * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
+ first resolving the CNAME.
+ (get_dns_cname): New.
+
+ * dirmngr/t-dns-stuff.c (main): Add option --cname.
+
+ dirmngr: Better handle systems without IPv6 or IPv4.
+ + commit 0e3c9f184a5fb3e41277700d690febc2eee9600a
+ * dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.
+
+ dirmngr: Replace use of getnameinfo by resolve_dns_addr.
+ + commit 927f34603d942868af6a7bd0f347681bbad76a94
+ * dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
+ (map_host): Use resolve_dns_addr.
+
+ dirmngr: Implement a getnameinfo wrapper.
+ + commit 816505958ac4308ee0dfe787d1b706982428b6cc
+ * dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
+ (DNS_WITHBRACKET): New.
+ * dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
+ (map_eai_to_gpg_error): new.
+ (resolve_addr_standard): New.
+ (resolve_dns_addr): New.
+
+ * dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
+ * dirmngr/dns-stuff.c (is_ip_address): here. Add support for non
+ bracketed v6 addresses.
+
+ * dirmngr/t-dns-stuff.c: Remove header netdb.h.
+ (main): Add option --bracket. Use resolve_dns_name instead of
+ getnameinfo.
+
+2015-10-23 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Provide an interface to patch TOFU updates.
+ + commit 7f65e84ac035e8f7a25639a6b09eb6000115e337
+ * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
+ Rename end_transaction to savepoint_batch_commit. Update users.
+ Remove field rollback. Add fields savepoint_inner and
+ savepoint_inner_commit. Add field batch_update.
+ (dump_cache): New function.
+ (batch_update): New variable.
+ (begin_transaction). New function.
+ (end_transaction): New function.
+ (rollback_transaction): New function.
+ (tofu_begin_batch_update): New function.
+ (tofu_end_batch_update): New function.
+ (closedb): End any pending batch transaction.
+ (closedbs): Assert that none of the DBs have a started batch
+ transaction if we not in batch mode.
+ (record_binding): Use the begin_transaction, end_transaction and
+ rollback_transaction functions instead of including the SQL inline.
+ Also start a batch mode transaction if we are using the flat format.
+ (tofu_register): Use the begin_transaction, end_transaction and
+ rollback_transaction functions instead of including the SQL inline.
+ * g10/gpgv.c (tofu_begin_batch_update): New function.
+ (tofu_end_batch_update): New function.
+ * g10/test-stubs.c (tofu_begin_batch_update): New function.
+ (tofu_end_batch_update): New function.
+
+ gpg: Cache prepared SQL queries and open DB connections.
+ + commit 297cf8660ce346638e42934d84d746768f8bb10a
+ * g10/tofu.c: Include <stdarg.h>.
+ (prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
+ (queries) [DEBUG_TOFU_CACHE]: New variable.
+ (struct db): Add fields prevp, begin_transaction, end_transaction,
+ rollback, record_binding_get_old_policy, record_binding_update,
+ record_binding_update2, get_policy_select_policy_and_conflict,
+ get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
+ get_trust_gather_other_keys, register_already_seen, and
+ register_insert.
+ [DEBUG_TOFU_CACHE]: Add field hits.
+ (STRINGIFY): New macro.
+ (STRINGIFY2): New macro.
+ (enum sqlite_arg_type): New enum.
+ (sqlite3_stepx): New function.
+ (combined_db): Remove variable.
+ (opendb): Don't cache the combined db.
+ (struct dbs): New struct. Update users to use this as the head of the
+ local DB list rather than overloading struct db.
+ (unlink_db): New function.
+ (link_db): New function.
+ (db_cache): New variable.
+ (db_cache_count): New variable.
+ (DB_CACHE_ENTRIES): Define.
+ (getdb): If the dbs specific cache doesn't include the DB, look at
+ DB_CACHE. Only if that also doesn't include the DB open the
+ corresponding DB.
+ (closedb): New function.
+ (opendbs): Don't open the combined DB. Just return an initialized
+ struct dbs.
+ (closedbs): Don't close the dbs specific dbs. Attach them to the
+ front of DB_CACHE. If DB_CACHE contains more than DB_CACHE_ENTRIES,
+ close enough dbs from the end of the DB_CACHE list such that DB_CACHE
+ only contains DB_CACHE_ENTRIES. Don't directly close the dbs, instead
+ use the new closedb function.
+ [DEBUG_TOFU_CACHE]: Print out some statistics.
+ (record_binding): Use sqlite3_stepx instead of sqlite3_exec or
+ sqlite3_exec_printf.
+ (get_policy): Likewise.
+ (get_trust): Likewise.
+ (tofu_register): Likewise.
+
+ gpg: Return the DBs meta-handle rather than the sqlite3 handle.
+ + commit cd879d4bd69a578be5a1ff96497f8c1181885563
+ * g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
+ Update users.
+
+ gpg: Use the proper type.
+ + commit 3c4c89cc35280164b509977c5288b0a06d6f530e
+ * g10/options.h: Include "tofu.h".
+ (opt.tofu_default_policy): Change type to enum tofu_policy.
+ * g10/gpgv.c (enum tofu_policy): Don't redeclare.
+ * g10/test-stubs.c (enum tofu_policy): Likewise.
+
+2015-10-22 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Implement Tor mode for SRV RRs.
+ + commit 8b06d7f41aec6cb993445935dba7c60e033d026a
+ * dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
+ (my_adns_init): new.
+ (getsrv)[USE_ADNS]: Use my_adns_init.
+ (getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
+
+ * dirmngr/t-dns-stuff.c: Add option --use-tor.
+
+ dirmngr: Do not use MAXDNAME.
+ + commit e03a4a94bb67d4a6c958b37671f83456e203f325
+ * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
+ * dirmngr/dns-stuff.h (MAXDNAME): Remove.
+ (struct srventry): Use a fixed value instead of MAXDNAME.
+ * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
+ Malloc a helper array.
+
+ Move SRV RR code from common/ to dirmngr/.
+ + commit 41bb01ae792af78edd28bf1b735cacc0b3ac428a
+ * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file.
+ * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file.
+ * common/Makefile.am (common_sources): Remove srv.c and srv.h.
+ * g10/keyserver.c: Do not include srv.h. The code using it is anyway
+ disabled.
+ * dirmngr/http.c: Remove header srv.h and stubs.
+ * dirmngr/t-dns-stuff.c: Add option --srv.
+
+2015-10-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Use the new DNS wrapper for the HTTP module.
+ + commit 1e34007c972c1d7730cfcacd88f6bbebba7dec1d
+ * dirmngr/t-http.c (main): Init assuan sockets.
+ * dirmngr/http.c: Include dns-stuff.h.
+ (connect_server)[!HAVE_GETADDRINFO]: Remove all code.
+ (connect_server): Change to use resolve_dns_name.
+
+ dirmngr: Allow use of http.c if USE_NPTH is not defined.
+ + commit b6af3377e14fad35b9c6041b11888cabce6e8a56
+ * dirmngr/http.c (send_request): Always set the gnutls pull/push
+ functions.
+ (my_npth_read): Rename to ...
+ (my_gnutls_read) .. this. Use system read if !USE_NPTH.
+ (my_npth_write): Rename to ...
+ (my_gnutls_write) .. this. Use system write if !USE_NPTH.
+
+ dirmngr: Check that getaddrinfo is available.
+ + commit 6fafda979df8e7e117f8e6929bcce89513a6e746
+ * dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
+ (t_ldap_parse_uri_SOURCES): Ditto.
+ * dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
+ available.
+
+ dirmngr: Use the new DNS wrapper for the HKP engine.
+ + commit afbe87fa2d259b665b2d67a038a8535cfcfee094
+ * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
+ dns_addrinfo_t.
+ (map_host): Replace getaddrinfo by resolve_dns_name.
+
+ dirmngr: Implement a getaddrinfo wrapper.
+ + commit 8bccbf477878fd99baa96e11db9db99aaf1e8d91
+ * dirmngr/dns-stuff.h: Include some header files.
+ (dns_addinfo_t, dns_addrinfo_s): New.
+ * dirmngr/dns-stuff.c: Always include DNS related headers.
+ (free_dns_addrinfo): New.
+ (resolve_name_standard): New.
+ (resolve_dns_name): New.
+
+ * dirmngr/t-dns-stuff.c: Include netdb.h.
+ (main): Keep old default mode with no args but else print outout of
+ resolve_dns_name. Revamp option parser.
+
+ common: Add more replacement error codes.
+ + commit ffe60eb3d2b8f7d6c506804ce4645d695c91f237
+ * common/util.h (GPG_ERR_SERVER_FAILED): New.
+ (GPG_ERR_NO_KEY): New.
+ (GPG_ERR_NO_NAME): New.
+
+2015-10-21 Neal H. Walfield <neal@g10code.com>
+
+ gpg: If the saved trust model is unknown, default to tofu+pgp.
+ + commit 9afeb4cca10c3632495fe71b23df99a4878bd3a5
+ * g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
+ default to tofu+pgp instead of pgp.
+
+ gpg: Don't accidentally free UTK_LIST.
+ + commit 8c3b7915d675ca5346c17244654d5c6ab583ac44
+ * g10/trustdb.c (validate_keys): Don't free UTK_LIST.
+
+ gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
+ + commit cbaca254ac818c49c18d4480d3c7bd246cc57ae8
+ * g10/trustdb.c (validate_one_keyblock): When checking trust regular
+ expressions, treat the tofu+pgp trust model the same as the pgp trust
+ model.
+
+ gpg: If a key is ultimate trusted, return that in the tofu model.
+ + commit df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c
+ * g10/tofu.c (get_trust): If the policy is auto or none, check if the
+ key is ultimately trusted. If so, return that.
+ (tofu_register): If the key is ultimately trusted, don't show any
+ statistics.
+ (tofu_get_validity): Likewise.
+
+ gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
+ + commit d05ff81732e20e6f9d6d7a6281a96a312b001abb
+ * g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
+ possibly saved trust models. Also register the ultimately trusted
+ keys if the trust model is tofu or tofu+pgp.
+ (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
+ (update_trustdb): Likewise.
+ (tdb_check_trustdb_stale): Likewise.
+ (validate_keys): If the trust model is TOFU, just write out the
+ ultimately trusted keys.
+
+ gpg: Factor out code into a standalone function.
+ + commit 243f90afba87e99ca42e2451ac5cc59d00a044ac
+ * g10/trustdb.c (tdb_keyid_is_utk): New function.
+ (add_utk): Use it.
+
+ dirmngr: Allow building with libassuan < 2.3.
+ + commit a79045e38d239a7f6e787cf7c1132772c737cc0e
+ * dirmngr/http.c (send_request): Use newer assuan function only if
+ available.
+
+2015-10-21 Neal H. Walfield <neal@g10code.com>
+ Andre Heinecke <aheinecke@intevation.de>
+
+ gpg: Make the tofu DB check and initialization atomic.
+ + commit 85bd7d9491f8cc13c2b03f19b4f70ea13b45c704
+ * g10/tofu.c (initdb): Make the version check and the database
+ initialization atomic.
+
+2015-10-21 Werner Koch <wk@gnupg.org>
+
+ build: Make --disable-g13 the default.
+ + commit 485e0a221deb5c68f29b6a7a110b349dbe41c027
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13. Remove
+ --enable-gpgtar because that is enabled anyway.
+ * configure.ac: Do not build g13 by default.
+
+ dirmngr: Rename file dns-cert.c.
+ + commit 5055b617a94587580bc16a56bb82333077b05693
+ * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
+ * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
+ includers.
+ * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
+ * dirmngr/Makefile.am: Adjust.
+
+ common: Add status code for use by g13.
+ + commit 42571a38344e39f747315f754700a8181b8744fe
+ * common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.
+
+2015-10-20 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Prefer ADNS over system resolver.
+ + commit 58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9
+ * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
+ (USE_DNS_CERT): Prefer ADNS over the system resolver.
+ * dirmngr/dns-cert.c (tor_mode): New global var.
+ (enable_dns_tormode): New func.
+ (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
+ * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
+
+ w32: Allow building again.
+ + commit c83b627174f46e841f1ccc018322fe499969c267
+ * dirmngr/http.c (connect_server): Fix called function name.
+
+ build: Allow building without SQLlite support.
+ + commit 734c61dc9d4915605816803182c9adcc1594e008
+ * configure.ac: Add option --dsiable-tofu and --disable-sqlite.
+ (NEED_SQLITE_VERSION): New var.
+ (USE_TOFU): New ac_define and am_conditional.
+ * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
+ pkg-config find the correct .pc file.
+
+ * g10/Makefile.am (tofu_source): New. Build only if enabled.
+ * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
+ (parse_tofu_policy)[!USE_TOFU]: Disable all.
+ (parse_tofu_db_format)[!USE_TOFU]: Disable all.
+ (main) <aTOFUPolicy>[!USE_TOFU]: Skip.
+ * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
+ call tofu functions.
+ * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
+ * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
+ processing.
+
+2015-10-20 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Don't die immediately if the TOFU DB is locked.
+ + commit 26d457c218c2e93b2e2cf316f0c1074c70894d0f
+ * g10/tofu.c (opendb): Don't die immediately if the DB is locked.
+
+ gpg: Improve output.
+ + commit bc9ff6c85e2d89be4ee873b8a72a214759a66157
+ * g10/tofu.c (get_trust): Also show the binding when indicating a
+ conflict occurred.
+
+ gpg: Synchronize translation template.
+ + commit 251c070f91e2c65baa3f1195f14a176440a8aafa
+ * g10/tofu.c (show_statistics): Synchronize translation template.
+
+ gpg: When showing conflicts, also show bindings with no recorded sigs.
+ + commit d3eca517745a862432fcfeaa729e5333b15ffa6a
+ * g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
+ NULL, then both time_ago and count should be 0.
+ (get_trust): Reverse the direction of the join so that we also get
+ statistics about bindings without any signatures.
+
+ gpg: Improve text.
+ + commit 445f94bc81b20959a667a4ad80ea6c73059540bf
+ * g10/tofu.c (show_statistics): Improve text.
+
+ gpg: Use the right variable to display the information.
+ + commit 4957e3236796979b58f35628351505ea5f4e936a
+ * g10/tofu.c (get_trust): Use the right variable to display the
+ conflicting key.
+
+ gpg: Make failing to create a directory a soft error.
+ + commit eb8a0b051faa03584b3820200e10301936e82f51
+ * g10/tofu.c (getdb): Don't exit if we can't create the directory.
+ Just return an error.
+
+ common: Make sure tilde expansion works for the mkdir functions.
+ + commit c3bb9fccb7963a0918b9ec6a4f10d568fac7c125
+ * common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
+ first directory component as well.
+
+ gpg: Remove unused prototype digest_algo_from_sig.
+ + commit d1a0b520b15bb941cdbf66c2e832c617af778ac8
+ * g10/packet.h (digest_algo_from_sig): Remove prototype without a
+ corresponding implementation.
+
+2015-10-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow building with libassuan < 2.3.
+ + commit 4e42ad300b3de9fab25095a9e82431b1ea2740e7
+ * dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
+ available.
+ * dirmngr/http.c (http_raw_connect): Ditto.
+
+2015-10-19 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix --desig-revoke.
+ + commit c37621166e9cc2a818de73bc99287a393dbb5744
+ * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
+ Check that the secret key is available. If not, display an error
+ message.
+
+ gpg: Improve function documentation and some comments.
+ + commit a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d
+ * g10/main.h: Improve function documentation.
+ * g10/packet.h.h: Improve function documentation.
+ * g10/sig-check.c: Improve function documentation and some comments.
+
+ gpg: Improve and regularize naming of signature checking functions.
+ + commit 0433e667029508d6933e8798d3d95bcdde70a7aa
+ * g10/packet.h (signature_check): Rename from this...
+ (check_signature): ... to this. Update users.
+ (signature_check2): Rename from this...
+ (check_signature2): ... to this. Update users.
+ * g10/sig-check.c (do_check): Rename from this...
+ (check_signature_end): ... to this. Update users.
+ (do_check_messages): Rename from this...
+ (check_signature_metadata_validity): ... to this. Update users.
+
+ gpg: Mark local function as static.
+ + commit 547a1b3fb881bb8581d03dbf4eacf49163eaa4b5
+ * g10/tdbio.c (put_record_into_cache): Mark as static.
+
+2015-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Print warning when rejecting weak digests.
+ + commit b98939812abf6c643c752ce7c325f98039a1a9e2
+ * g10/misc.c (print_md5_rejected_note): Rename to ..
+ (print_digest_rejected_note): this. Parameterize function to take an
+ enum gcry_md_algos.
+ * g10/sig-check.c: Use print_digest_rejected_note() when rejecting
+ signatures.
+
+ gpg: Add option --weak-digest to gpg and gpgv.
+ + commit 76afaed65e3b0ddfa4923cb577ada43217dd4b18
+ * g10/options.h: Add additional_weak_digests linked list to opts.
+ * g10/main.h: Declare weakhash linked list struct and
+ additional_weak_digest() function to insert newly-declared weak
+ digests into opts.
+ * g10/misc.c: (additional_weak_digest): New function.
+ (print_digest_algo_note): Check for deprecated digests; use proper
+ gcry_md_algos type.
+ * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
+ * g10/gpg.c: Add --weak-digest option to gpg.
+ * doc/gpg.texi: Document gpg --weak-digest option.
+ * g10/gpgv.c: Add --weak-digest option to gpgv.
+ * doc/gpgv.texi: Document gpgv --weak-digest option.
+
+2015-10-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Make --use-tor work - still leaks DNS.
+ + commit 6983fd131f648ba4acd57b266de9868911874d14
+ * dirmngr/dirmngr.c (set_tor_mode): New.
+ (main, reread_configuration): Call it.
+ * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
+ mode is enabled if the FORCE_TOR flag is given.
+
+ dirmngr: Use Assuan socket wrappers for http.c.
+ + commit 8c609eaf35b547f02979ef0b206520dd0853b294
+ * dirmngr/http.c: Include assuan.h. Changed all code taking a socket
+ descriptor from int to assuan_fd_t.
+ (my_unprotect, my_protect): New.
+ (my_connect): Remove.
+ (_my_socket_new, _my_socket_unref): use assuan_sock_close.
+ (connect_server): Use assuan_sock_connect, assuan_sock_new, and
+ assuan_sock_close.
+ * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
+
+2015-10-19 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix formatting.
+ + commit 253afa244487dd8129816615ac2865c9fe812aaf
+ * g10/tofu.c (get_trust): Fix formatting.
+
+ gpg: Don't forget to free some memory.
+ + commit e56a116f9a1171ccf8b3293887a217953a46fc20
+ * g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.
+
+ gpg: If a conflict occurs in batch mode, record that.
+ + commit 55d88454652543c98d74376977d855e394df6c92
+ * g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
+ set conflict to the key. When prompting the user, don't show the
+ conflicting key if the conflicting key is the current key.
+
+2015-10-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Silence two more warnings.
+ + commit c2c400714854d5a127a6966200d345d0d6cfc7d4
+ * g10/trustdb.c (tdb_get_validity_core): Silence a warning.
+ * g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
+ so that it is not uninitialized in case of an early error.
+
+ gpg: Fix harmless compiler warnings.
+ + commit 558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd
+ * g10/tofu.h (_tofu_GET_POLICY_ERROR): New. This avoids warnings
+ about undefined enum values in a switch.
+ * g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
+ * g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
+ (opendbs): Avoid compiler warning (use braces).
+ (GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
+ (get_policy): Remove assert.
+ (GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
+ (show_statistics): Undef MIN_SECS et al. after use.
+
+ common: Avoid warning about const char ** assignment.
+ + commit e64c805b0c270d859ddf2c35d573110cf25e8d48
+ * common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item. Return
+ an error on malloc failure.
+ (gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
+
+ Move http module from common/ to dirmngr/.
+ + commit 5aa1b392b1bf6fcf4cd380862c5affac39a4f34d
+ * common/http.c: Move to ../dirmngr/.
+ * common/http.h: Move to ../dirmngr/.
+ * common/t-http.c: Move to ../dirmngr/.
+ * common/tls-ca.pem: Move to ../dirmngr/.
+ * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
+ Remove http.c related stuff.
+ * po/POTFILES.in: Move http.c to dirmngr/.
+ * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
+ (module_maint_tests): New.
+ (noinst_PROGRAMS): Add module_maint_tests.
+ (dirmngr_SOURCES): Add http.c and http.h.
+ (dirmngr_LDADD): Remove libcommontlsnpth.
+ (t_common_ldadd): Ditto.
+ (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
+ (t_ldap_parse_uri_SOURCES): Add http.c.
+ (t_ldap_parse_uri_CFLAGS): Build without npth.
+ ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
+ * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
+
+2015-10-18 Neal H. Walfield <neal@g10code.com>
+
+ g10: Fix assert.
+ + commit 128a456e775edf393d47e40bb9ae8b62434e2978
+ * g10/tofu.c (get_trust): Fix assert.
+
+ g10: Add TOFU support.
+ + commit f77913e0ff7be4cd9c6337a70ac715e6f4a43572
+ * configure.ac: Check for sqlite3.
+ (SQLITE3_CFLAGS): AC_SUBST it.
+ (SQLITE3_LIBS): Likewise.
+ * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
+ (gpg2_SOURCES): Add tofu.h and tofu.c.
+ (gpg2_LDADD): Add $(SQLITE3_LIBS).
+ * g10/tofu.c: New file.
+ * g10/tofu.h: New file.
+ * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
+ (tofu_db_format): Define.
+ * g10/packet.h (PKT_signature): Add fields digest and digest_len.
+ * g10/gpg.c: Include "tofu.h".
+ (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
+ oTOFUDBFormat.
+ (opts): Add them.
+ (parse_trust_model): Recognize the tofu and tofu+pgp trust models.
+ (parse_tofu_policy): New function.
+ (parse_tofu_db_format): New function.
+ (main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
+ Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
+ * g10/mainproc.c (do_check_sig): If the signature is good, copy the
+ hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
+ * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
+ callers.
+ (tdb_get_validity_core): Add arguments sig and may_ask. Update
+ callers.
+ * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
+ to tdb_get_validity_core.
+ * g10/trustdb.c: Include "tofu.h".
+ (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
+ (tdb_get_validity_core): Add arguments sig and may_ask. If
+ OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
+ level. Combine it with the computed PGP trust level, if appropriate.
+ * g10/keyedit.c: Include "tofu.h".
+ (show_key_with_all_names_colon): If the trust mode is tofu or
+ tofu+pgp, then show the trust policy.
+ * g10/keylist.c: Include "tofu.h".
+ (public_key_list): Also show the PGP stats if the trust model is
+ TM_TOFU_PGP.
+ (list_keyblock_colon): If the trust mode is tofu or
+ tofu+pgp, then show the trust policy.
+ * g10/pkclist.c: Include "tofu.h".
+ * g10/gpgv.c (get_validity): Add arguments sig and may_ask.
+ (enum tofu_policy): Define.
+ (tofu_get_policy): New stub.
+ (tofu_policy_str): Likewise.
+ * g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
+ (enum tofu_policy): Define.
+ (tofu_get_policy): New stub.
+ (tofu_policy_str): Likewise.
+ * doc/DETAILS: Describe the TOFU Policy field.
+ * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
+ --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
+ * tests/openpgp/Makefile.am (TESTS): Add tofu.test.
+ (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
+ tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
+ (CLEANFILES): Add tofu.db.
+ (clean-local): Add tofu.d.
+ * tests/openpgp/tofu.test: New file.
+ * tests/openpgp/tofu-2183839A-1.txt: New file.
+ * tests/openpgp/tofu-BC15C85A-1.txt: New file.
+ * tests/openpgp/tofu-EE37CF96-1.txt: New file.
+ * tests/openpgp/tofu-keys.asc: New file.
+ * tests/openpgp/tofu-keys-secret.asc: New file.
+
+2015-10-16 Neal H. Walfield <neal@g10code.com>
+
+ common: Prefix the mkdir functions with gnupg_. Make args const.
+ + commit 93e855553eba03f5c31682e0aaf39f18f29860b7
+ * common/mkdir_p.h (mkdir_p): Rename from this...
+ (gnupg_mkdir_p): ... to this. Change directory_component's type from
+ char * to const char *.
+ (amkdir_p): Rename from this...
+ (gnupg_amkdir_p): ... to this. Change directory_component's type from
+ char * to const char *.
+ * common/mkdir_p.c (mkdir_p): Rename from this...
+ (gnupg_mkdir_p): ... to this. Change directory_component's type from
+ char * to const char *.
+ (amkdir_p): Rename from this...
+ (gnupg_amkdir_p): ... to this. Change directory_component's type from
+ char * to const char *.
+
+2015-10-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
+ + commit 3de5ef759895837fe499cff7fb1fa7798e6d5754
+ * dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
+ * kbx/keybox-update.c (keybox_set_flags): Call
+ gpg_err_code_from_syserror.
+
+2015-10-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 0b4ebc398cc8aad3f25f84034cd6b129e55f1368
+
+
+2015-10-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Try hard to use MDC also for sign+symenc.
+ + commit 4584125802be11833a5b289e864b45eedc2b45fd
+ * g10/encrypt.c (use_mdc): Make it a global func.
+ * g10/sign.c (sign_symencrypt_file): Use that function to decide
+ whether to use an MDC.
+ * tests/openpgp/conventional-mdc.test: Add a simple test case.
+
+2015-10-09 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.9.
+ + commit 086b8738f71ba26d36287db81f6d78116053ba66
+
+
+2015-10-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: simplify agent_get_passphrase.
+ + commit 5a12c45666cd16bc750d7f0e63620c295feb77ea
+ * agent/call-pinentry.c (agent_get_passphrase): Simplify.
+
+ agent: fix agent_askpin.
+ + commit 818fa4f71e1056831b35d0f8aff715c0e1d537e6
+ * agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
+
+ agent: Fix function return type for check_cb and agent_askpin.
+ + commit f70f6695368444d8058305ab696e5e5a1bace18c
+ * agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
+ (start_pinentry, setup_qualitybar): Likewise.
+ (agent_askpin): Fix return value check of check_cb.
+ * agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
+ (ssh_identity_register): Fix return value check of agent_askpin.
+ * agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
+ * agent/findkey.c (try_unprotect_cb): Likewise.
+ * agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
+ (agent_ask_new_passphrase): Fix return value check of agent_askpin.
+
+2015-10-08 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Default to http protocol for http-proxy.
+ + commit ea079d283de6bf4ac70d7530fac70938e7c5e8f5
+ * common/http.c (send_request): Fix handling for hostname:port string.
+
+2015-10-08 Werner Koch <wk@gnupg.org>
+
+ common: Allow building of mkdir_p.c for Windows.
+ + commit 4c298525903f844eee95ecbcdc45f5ac034fa148
+ * common/mkdir_p.c: Change license and comment debug statements.
+ (amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
+ build an error code. Change return value to gpg_error_t.
+ (amkdir_p): Use gnupg_mkdir.
+
+ * common/membuf.c: Include util.h first to avoid redefined macro
+ warnings.
+
+ gpg: Add option --print-dane-records.
+ + commit d7b8e76f9930750d669405dee3108c9bc8e87b91
+ * g10/options.h (opt): Add field "print_dane_records".
+ * g10/gpg.c (oPrintDANERecords): new.
+ (opts): Add --print-dane-records.
+ (main): Set that option.
+ * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
+ (do_export_stream): Add EXPORT_DANE_FORMAT handling.
+ * g10/keylist.c (list_keyblock_pka): Implement DANE record printing.
+
+ * g10/gpgv.c (export_pubkey_buffer): New stub.
+ * g10/test-stubs.c (export_pubkey_buffer): New stub.
+
+ gpg: Pass CTRL parameter to all key listing functions.
+ + commit b6d621583fc9cbda6f9376a24f2f4cf11499a4fd
+ * g10/keylist.c (public_key_list): Add arg CTRL.
+ (secret_key_list): Ditto.
+ (list_all, list_one): Ditto.
+ (locate_one): Ditto.
+ (list_keyblock_pka): Ditto.
+ (list_keyblock): Ditto.
+ (list_keyblock_direct): Ditto.
+ * g10/keygen.c (proc_parameter_file): Add arg CTRL.
+ (read_parameter_file): Ditto.
+ (quick_generate_keypair): Ditto.
+ (do_generate_keypair): Ditto.
+ (generate_keypair): Pass arg CTRL.
+ * g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
+
+2015-10-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove unfinished experimental code to export as S-expressions.
+ + commit a400958323d93036dca9c63135b167012ea64f8b
+ * g10/options.h (EXPORT_SEXP_FORMAT): Remove.
+ (EXPORT_DANE_FORMAT): New.
+ * g10/export.c (parse_export_options): Remove "export-sexp-format".
+ (export_seckeys): Adjust for removed option.
+ (export_secsubkeys): Ditto.
+ (do_export): Prepare for DANE format.
+ (build_sexp, build_sexp_seckey): Remove.
+ (do_export_stream): Remove use of removed functions.
+
+2015-10-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Add new --auto-key-locate mechanism "dane".
+ + commit 9ac31f91b10059474da1c9580fb99e94278d4c11
+ * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
+ * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
+ * g10/options.h (AKL_DANE): New.
+ * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
+ (parse_auto_key_locate): Ditto.
+
+ dirmngr: Addlow fetching keys using OpenPGP DANE.
+ + commit 264a81d82737369ee8beef771cf2bd2cd874320a
+ * dirmngr/server.c (cmd_dns_cert): Add option --dane.
+
+ dirmngr: Improve DNS code to retrieve arbitrary records.
+ + commit 211b8084ee4391baec35e8c5bd75a9ecbcb889a7
+ * dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
+ resource records.
+ * dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
+ (DNS_CERTTYPE_RR61): New.
+
+ dirmngr: Change DNS code to make additions easier.
+ + commit 6cf80dc77ec5df3722924301ff4be2475966937b
+ * dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
+ adding more resource types.
+
+ dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
+ + commit 7faf45effcd47d2d04d35090a1e01a1dbb99ec70
+ * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
+ (cmd_reloaddirmngr): Use check_owner_permission.
+
+ dirmngr: Do tilde expansion for --hkp-cacert.
+ + commit 9db6547a00cded92c00c8f8382b1b605be1027d2
+ * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
+ check for cert file existance in option --hkp-cacert.
+
+ gpg: Fail decryption for AES etc message w/o MDC.
+ + commit 625e292108cc0fd9077769587a8c22abe7805e33
+ * g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
+
+2015-10-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix verification of signature for smartcard.
+ + commit 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24
+ * agent/pksign.c (agent_pksign_do): Use public key smartcard.
+
+ agent: Fix non-allocation for pinentry_loopback.
+ + commit ce2a84b58833fd308d5fe11756721f39c953280a
+ * agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
+ be allocated by pinentry_loopback.
+
+2015-10-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Install a dirmngr.conf file.
+ + commit f3959f14b6c496c726bbca5230becb7b6844a234
+ * g10/dirmngr-conf.skel: New.
+ * g10/Makefile.am (EXTRA_DIST): Add file.
+ (install-data-local, uninstall-local): Install that file.
+ * g10/openfile.c (copy_options_file): Add arg "name", return a value,
+ simplify with xstrconcat, and factor warning message out to:
+ (try_make_homedir): here. Also install dirmngr.conf.
+ * g10/options.skel: Remove --keyserver entry.
+
+ gpg: Deprecate the --keyserver option.
+ + commit ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac
+ * g10/keyserver.c (keyserver_refresh): Change return type to
+ gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the
+ keyserver to use.
+ (keyserver_search): Do not print the "no keyserver" error
+ message. The same error is anyway returned from dirmngr.
+ * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
+ (ks_status_cb): Handle other status keywords.
+ (gpg_dirmngr_ks_list): New.
+ * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
+ (gc_options_dirmngr): Add "Keyserver" group and "keyserver".
+
+ dirmngr: Add option --keyserver.
+ + commit a48e6de603c3a312f02b1b5fdb813032eeae9074
+ * dirmngr/dirmngr.c (oKeyServer): New.
+ (opts): Add "keyserver".
+ (parse_rereadable_options): Parse that options
+ (main): Add option to the gpgconf list.
+ * dirmngr/dirmngr.h (opt): Add field "keyserver".
+ * dirmngr/server.c (ensure_keyserver): New.
+ (make_keyserver_item): New. Factored out from
+ (cmd_keyserver): here. Call ensure_keyserver.
+ (cmd_ks_search): Call ensure_keyserver.
+ (cmd_ks_get): Ditto.
+ (cmd_ks_fetch): Ditto.
+ (cmd_ks_put): Ditto.
+
+ dirmngr: Make clear that --use-tor is not yet ready for use.
+ + commit 438730323a5d9bbf8dd5cd60d479b6c03f8721d0
+ * dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
+ given.
+ * tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.
+
+ gpgconf: Change displayed name of Dirmngr to "Key Acquirer".
+ + commit c6400c1aa82239f1c154ca27596600cae964515d
+ * tools/gpgconf-comp.c (gc_component): Change printed name.
+
+2015-10-02 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix use-after-free due to a realloc shrinking.
+ + commit 75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b
+ * dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
+ after realloc.
+
+ agent: Fix alignment problem with the second passphrase struct.
+ + commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad
+ * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
+ PI2. Check return value of the malloc function.
+ * agent/command-ssh.c (ssh_identity_register): Use a separate malloc
+ for PI2. Wipe PI2.
+
+2015-10-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a practical hang after use of --faked-system-time.
+ + commit 2acceba5cc299796c7b5b1851a9baeb75d9f32a1
+ * g10/sign.c (update_keysig_packet): Bail out if we would need to long
+ for a new timestamp.
+
+ gpg: Print more info with "check selfsig".
+ + commit 2c60663a72f090573c4869e305b098b4b1fb23bd
+ * g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
+ packets.
+
+ gpg: Add debug helper to --edit-keys's check sub-command.
+ + commit 13a3f65968f4a8205ca664cc46b1a53de4dc489b
+ * g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
+ print an asterisk for the chosen selfsig.
+ (check_all_keysigs): Add arg "only_selfsig"
+ (keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
+
+2015-10-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix strsplit.
+ + commit a9895a5a72a851c5fcc70f16d5f8f588cc885751
+ * common/stringhelp.c (strsplit): Fix arguments order.
+
+2015-09-30 Neal H. Walfield <neal@g10code.com>
+
+ common: Add mkdir_p.
+ + commit c8584a1e559bc720412e1a2fc546a54ff4517205
+ * common/mkdir_p.c: New file.
+ * common/mkdir_p.h: New file.
+ * common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.
+
+ common: Remove unused files.
+ + commit 5576146ede40b42bc632fd9697dd429a4d1409cf
+ * common/xmalloc.c: Remove file.
+ * common/xmalloc.h: Remove file.
+
+ common: Include <gpg-error.h>.
+ + commit 270d3f55f9193ebda5e1b642d58daf905019914d
+ * common/logging.h: Include <gpg-error.h>.
+
+2015-09-29 Neal H. Walfield <neal@g10code.com>
+
+ g10: Remove unused struct cmp_help_context_s.
+ + commit 8ab63e4b5018044ecfb0b9910412487066886826
+ * g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.
+
+ g10: Avoid an unnecessary copy.
+ + commit 12443eafa6e19b94a8b554126423e2a5ccc2dd7e
+ * g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
+ Instead, directly use the provided storage. If none is provided
+ allocate some.
+
+2015-09-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ ssh: Fix fingerprint computation for EdDSA key.
+ + commit 5c067d54d349fdfb3243634789c8841515d2c28f
+ * common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
+ * common/t-ssh-utils.c (sample_keys): Add a new key.
+
+ agent: RSA signature verification by gpg-agent.
+ + commit cfbe6ba9cf1414e9aa4977e2bbaecaa43154b2ae
+ * g10/sign.c (do_sign): Let verify signature by gpg-agent.
+ * agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.
+
+2015-09-28 Werner Koch <wk@gnupg.org>
+
+ common: Provide two new error code replacements.
+ + commit f1effdc5ecd0cc52a28db7ae28a5c28f33486542
+ * common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.
+
+ common: Change calling convention for gnupg_spawn_process.
+ + commit 83811e3f1f0c615b2b63bafdb49a35a0fc198088
+ * common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
+ (GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
+ numbers.
+ * common/exechelp.h (gnupg_spawn_process): Change function to not take
+ an optional stream for stdin but to return one.
+ * common/exechelp-posix.c (gnupg_spawn_process): Implement change.
+ (create_pipe_and_estream): Add args outbound and nonblock.
+ * common/exechelp-w32.c (gnupg_spawn_process): Implement change.
+
+2015-09-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Handle error correctly.
+ + commit 6bb7206e357acfd7276a8f1334c0f0c9cc6ed100
+ * scd/apdu.c (apdu_connect): Initialize variables and check an error
+ of apdu_get_status_internal.
+
+2015-09-22 Werner Koch <wk@gnupg.org>
+
+ ssh: Add 256, 384 and 521 bit test keys for the fingerprint.
+ + commit 12ff806d1b63d08cb43d131065d51353495d9346
+ * common/t-ssh-utils.c (sample_keys): Add 3 new keys.
+
+ ssh: Fix fingerprint computation for 384 bit ECDSA keys.
+ + commit 2167951b275bae51cf669c02547e2e7ea8fbe2ee
+ * common/ssh-utils.c (get_fingerprint): Fix hashed string.
+
+2015-09-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix importing ECC key.
+ + commit 1542dc604b9c3e6a6a99750c48f7800e72584a89
+ * agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
+ parameters are stored as opaque.
+ (apply_protection): ARRAY members are all normal, non-opaque MPI.
+ (extract_private_key): Get public key as normal, non-opaque MPI.
+ Remove support of ECC key with '(flags param)'.
+ Remove support of "ecdsa" and "ecdh" keys of our experiment.
+
+ scd: Fix KEYTOCARD handling for ECC key.
+ + commit 708b7eccdef8d274bd5578b9a5fd908e9685c795
+ * scd/app-openpgp.c (ecc_writekey): Only public key can be native
+ format.
+
+2015-09-19 Neal H. Walfield <neal@g10code.com>
+
+ common: Add new function strlist_length.
+ + commit 8499c4f84a664bedbdf5a5689cb02420909f1968
+ * common/strlist.c (strlist_length): New function.
+
+2015-09-18 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Change displayed name of Dirmngr to "Network Manager".
+ + commit 819bba75aaed11ecef2e274add173718358212b9
+ * tools/gpgconf-comp.c (gc_component): Change printed name.
+
+ dirmngr: Add option --use-tor as a stub.
+ + commit c091816b4a90d7eea6f8601ec1522a0a006794e8
+ * dirmngr/dirmngr.h (opt): Add field "use_tor".
+ * dirmngr/dirmngr.c (oUseTor): New.
+ (opts): Add --use-tor.
+ (parse_rereadable_options): Set option.
+ (main): Tell gpgconf about that option.
+
+ * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
+ return an error if LDAP is used in TOR mode.
+ (ca_cert_fetch): Return an error in TOR mode.
+ (start_cert_fetch): Ditto.
+ * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
+ http module.
+ * dirmngr/ks-engine-hkp.c (send_request): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
+ (ks_ldap_search): Ditto.
+ (ks_ldap_put): Ditto.
+ * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
+ http module.
+
+ * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
+ (cmd_dns_cert): Return an error in TOR mode.
+ (cmd_getinfo): Add subcommand "tor"
+ * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
+
+ gpg: Report a conflict between honor-keyserver-url and TOR.
+ + commit d5a3142b8f2e5603357182f34f0b081b47eda23c
+ * g10/call-dirmngr.c (create_context): Send option and print a verbose
+ error.
+
+ http: Add flag to force use of TOR (part 1)
+ + commit b4bc1c8b10c7a794fa108678b80f76366a65c47d
+ * common/http.h (HTTP_FLAG_FORCE_TOR): New.
+ * common/http.c (http_raw_connect, send_request): Detect flag and
+ return an error for now.
+
+2015-09-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit f986b23e13eaa2d7705733b4bf6b5210311f181a
+
+
+ scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
+ + commit 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
+ * scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
+ (ccid_transceive_apdu_level, ccid_transceive): Use.
+
+2015-09-16 Werner Koch <wk@gnupg.org>
+
+ agent: New option --pinentry-invisible-char.
+ + commit 93d257c81952cbb08a744a9cea6749639aa32cd7
+ * agent/gpg-agent.c (oPinentryInvisibleChar): New.
+ (opts): Add option.
+ (parse_rereadable_options): Set option.
+ * agent/agent.h (opt): Add field pinentry_invisible_char.
+ * agent/call-pinentry.c (start_pinentry): Pass option to pinentry.
+
+ g13: Move some code to a separate module.
+ + commit 9e65bbd255c43f0e59f35b0003052234d69042be
+ * g13/g13-common.c, g13/g13-common.h: New.
+ * g13/Makefile.am (g13_SOURCES): Add new files.
+ * g13/g13.c (g13_errors_seen): Move to g13-common.c.
+ (cmdline_conttype): New.
+ (main): Use g13_init_signals and g13_install_emergency_cleanup.
+ (emergency_cleanup, g13_exit): Move to g13-common.c.
+ * g13/g13.h: Move OPT and some other code to g13-common.h.
+
+ gpg: Fix skip function dummy parameter.
+ + commit 8eb3a1797a1e7cb59a8342a8aa917756fe67949f
+ * g10/trustdb.c (search_skipfnc): Fix dummy argument
+
+ gpg: Change last commit to avoid extra translations.
+ + commit f71ed902def81f9408d9094289d8a97abaa0f609
+ * g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
+ mode.
+
+2015-09-16 Neal H. Walfield <neal@g10code.com>
+
+ g10: Improve error message.
+ + commit 172af881a1cfe82dfec1c43102d6c464e67ef230
+ * g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
+ must be selected, indicate what command to use to do this.
+
+ g10: Be more careful when merging self-signed data.
+ + commit 6845737736d3264d7ee8b7364d908951010084c9
+ * g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
+ data belonging to the public key when we encounter an attribute packet
+ or a subkey packet, not just a user id packet. When looking for
+ self-signed data belonging to a user id packet, stop when we see a
+ user attribute packet.
+
+ g10: Simplify some complicated boolean expressions.
+ + commit c31e089129c0102c1710522d71fbe1880e84d68e
+ * g10/getkey.c (finish_lookup): Simplify logic.
+
+ g10: Also mark revoked and expired keys as unusable.
+ + commit 77c2ad4a817c129b899708399ed2078a52b452b8
+ * g10/getkey.c (skip_unusable): Also mark the key as unusable if it
+ has been revoked or has expired.
+
+ g10: Release resources when returning an error in get_seckey.
+ + commit 1b601de06a57c78537a336093d2531d8c58bc0d2
+ * g10/getkey.c (get_seckey): If the key doesn't have a secret key,
+ release *PK.
+
+ g10: Improve documentation and comments for getkey.c.
+ + commit cab581c486e1987445092b1afdf2cba1f62d017d
+ * g10/getkey.c: Improve documentation and comments for most
+ functions. Move documentation for public functions from here...
+ * g10/keydb.h: ... to here.
+
+ g10: Remove unused function have_any_secret_key.
+ + commit 7333e704efde6923d4b914b37e9a92c4a5bab156
+ * g10/getkey.c (have_any_secret_key): Remove function.
+
+ g10: Bring cache semantics closer to non-cache semantics.
+ + commit 5e233e12f55be00f5659c63bc32fbdca2ec93136
+ * g10/getkey.c (get_pubkey_fast): When reading from the cache, only
+ consider primary keys.
+
+ g10: Break out of the loop earlier.
+ + commit 3940f10af7915b080bf4ed25ceb7e20b52e3cd3e
+ * g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
+ key or subkey, stop searching.
+
+ g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
+ + commit 50affffe93a07643f2610c7a5f3d6f61988855e8
+ * g10/getkey.c (lookup): Also don't skip legacy keys if the search
+ mode is KEYDB_SEARCH_MODE_NEXT.
+
+ g10: Remove unused function get_seckeyblock_byfprint.
+ + commit efbaa8f891812e13ae9e689299aa2cd51781ccb3
+ * g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
+ * g10/getkey.c (get_seckeyblock_byfprint): Remove function.
+
+ g10: Remove unused function get_seckey_byfprint.
+ + commit e2b300801ed7143fa924df5442ec2b61079c0bbb
+ * g10/keydb.h (get_seckey_byfprint): Remove prototype.
+ * g10/getkey.c (get_seckey_byfprint): Remove function.
+
+ g10: Simplify get_seckey_byname: it was never called with NAME not NULL.
+ + commit 80dbf8006ffe52e77930b0a6dca9d8caba8c3fd5
+ * g10/keydb.h (get_seckey_byname): Rename from this...
+ (get_seckey_default): ... to this. Drop the parameter name. Update
+ users.
+ * g10/getkey.c (get_seckey_byname): Rename from this...
+ (get_seckey_default): ... to this. Drop the parameter name. Drop the
+ code which assumed that NAME is not NULL.
+
+ g10: Eliminate the redundant function get_keyblock_byfprint.
+ + commit dc69804ab0576fbc87297215d63b37a680d74d4d
+ * g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
+ of this function with get_pubkey_byfprint.
+ * g10/getkey.c (get_pubkey_byname): Remove function.
+
+ g10: Simplify semantics of get_pubkey_byname.
+ + commit 911fcca36d61afd061e9e6dc0584bb069353db89
+ * g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
+ the keyblock in R_KEYBLOCK independent of whether PK is set or not.
+
+ g10: Eliminate the redundant function get_pubkey_byname.
+ + commit b4672e4d48fb1e1e4d17551c4c828763d1dfbb57
+ * g10/getkey.c (get_pubkey_byname): Remove function.
+ (lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.
+
+ g10: Eliminate the redundant function get_pubkey_end.
+ + commit 65e58ae6748c280c8633d2ca5f227ebe1220805d
+ * g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of
+ function with getkey_end.
+ * g10/getkey.c (get_pubkey_byname): Remove function.
+
+ g10: Eliminate the redundant function get_pubkey_next.
+ + commit be6743b2e19241f66148bf89c3442d8e2ebcd63e
+ * g10/keydb.h (get_pubkey_next): Remove prototype.
+ * g10/getkey.c (get_pubkey_next): Remove function.
+ * g10/keylist.c (locate_one): Use getkey_next instead of
+ get_pubkey_next.
+
+ kbx: Change skipfnc's prototype so that we can provide all information.
+ + commit 9acbeac23668a1d0dabca27d7825430d76e095c2
+ * kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
+ third parameter to be the index of the user id packet in the keyblock
+ rather than the packet itself. Update users.
+
+ g10: Remove unused prototype (get_pubkey_byfpr).
+ + commit 83e17ab1b4cf4420f2abaf9e1f4017a9473fb281
+ * g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.
+
+ g10: Remove unused function (get_pubkey_bynames).
+ + commit b06f96ba4f57f55194efcd37a0e3a2aa5450b974
+ * g10/keydb.h (get_pubkey_bynames): Remove prototype.
+ * g10/getkey.c (get_pubkey_bynames): Remove function.
+
+ g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
+ + commit d47e84946ee010917cfc3501062721b74afbb771
+ * g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
+ (lookup): Add argument ret_found_key. If not NULL, set it to the
+ found key. Update callers.
+ (pk_from_block): Add argument found_key. Use it instead of
+ CTX->FOUND_KEY. Update callers.
+ (finish_lookup): Return a KBNODE (the found key) instead of an int.
+ Don't set CTX->FOUND_KEY. Return the found key instead.
+
+ g10: Remove unused field struct getkey_ctx_s.kbpos.
+ + commit c110e186e07fb1035dc757d322274f939df1c86d
+ * g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
+ (getkey_end): Don't clear CTX->KBPOS.
+
+ g10: Simplify code: remove field struct getkey_ctx_s.keyblock.
+ + commit 3798f73c07f33576bd02ba4a3256c626bd80752f
+ * g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
+ (finish_lookup): Add parameter keyblock. Update caller to pass this.
+ (lookup): Add new local variable keyblock. Use this instead of
+ ctx->keyblock for referencing the keyblock.
+
+2015-09-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix registering SSH Key of Ed25519.
+ + commit 7d5999f0964c9412c0e18eb1adefdb729be68cd4
+ * agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.
+
+2015-09-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit faee25e670cfeb0d0166d7c59cc6a0b3842ee34d
+
+
+2015-09-10 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.8.
+ + commit 311816f6cf9d411dba060603e3c5d01c72824645
+
+
+ tests: Silence the 5gb-packet test.
+ + commit 7a0c3cc760367024305d23e2124ea4cbc7e802df
+ * tests/openpgp/4gb-packet.test: Send output to /dev/null.
+
+ g10: Fix make distcheck problem.
+ + commit e92a8ab021672b19e5cd397fa555fcc8a3401e8b
+ * g10/test.c: Include string.h.
+ (prepend_srcdir): New. Taken from Libgcrypt.
+ (test_free): New.
+ * g10/t-keydb.c (do_test): Malloc the filename.
+ * g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
+ (EXTRA_DIST): Add t-keydb-keyring.kbx.
+
+ g10: Improve portability of the new test driver.
+ + commit fbf24cd09abcdc3dec21db4114ab2db99ce21e4c
+ * g10/test.c: Include stdio.h and stdlib.h.
+ (verbose): New.
+ (print_results): Rename to exit_tests.
+ (main): Remove atexit and call exit_tests. Set verbose.
+ (ASSERT, ABORT): Call exit_tests instead of exit.
+
+2015-09-09 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow sending much larger keyblocks.
+ + commit 19545e3a2d2990cba6d62f98cdb1f665b38ba4f1
+ * dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
+ (MAX_KEYBLOCK_LENGTH): Increase to 20M.
+
+2015-09-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Force key attribute change for writekey.
+ + commit f10b427d0e2be333776fee2df8150145da36e587
+ * scd/app-openpgp.c (change_rsa_keyattr): New.
+ (change_keyattr_from_string): Use change_rsa_keyattr.
+ (rsa_writekey): Call change_rsa_keyattr when different size.
+ (ecc_writekey): Try to change key attribute.
+
+ scd: KEYNO cleanup.
+ + commit fd689e85423d0d80d725f0315c52d94f0e9766f8
+ * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
+ (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
+ (compare_fingerprint, check_against_given_fingerprint): KEYNO starts
+ from 0.
+
+2015-09-02 Neal H. Walfield <neal@g10code.com>
+
+ g10: Remove unused field req_algo.
+ + commit bd0c902f1de46eda03a065da41487e7e01ab4c50
+ * g10/packet.h (PKT_public_key): Remove unused field req_algo. Remove
+ users.
+ * g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
+ Remove users.
+
+ g10: Use a symbolic constant instead of a literal.
+ + commit 1f03d4cd940fed26fc3ffa1742728d68c55ee5d1
+ * g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
+ (new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
+ (release_key_hash_table): Likewise.
+ (test_key_hash_table): Likewise.
+ (add_key_hash_table): Likewise.
+
+ g10: Add test for keydb as well as new testing infrastructure.
+ + commit ee7ec1256b24dc340656c331ef92fc59cad817b6
+ * g10/Makefile.am (EXTRA_DIST): Add test.c.
+ (AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
+ (module_tests): Add t-keydb.
+ (t_keydb_SOURCES): New variable.
+ (t_keydb_LDADD): Likewise.
+ * g10/t-keydb.c: New file.
+ * g10/t-keydb-keyring.kbx: New file.
+ * g10/test-stubs.c: New file.
+ * g10/test.c: New file.
+
+ g10: Make the keyblock cache per-handle rather than global.
+ + commit 60bc518645d3acfd4dcb79e61a2be6ce001e93aa
+ * g10/keydb.c (keyblock_cache): Don't declare this variable. Instead...
+ (struct keyblock_cache): ... turn its type into this first class
+ object...
+ (struct keydb_handle): ... and instantiate it once per database
+ handle. Update all users.
+ (keydb_rebuild_caches): Don't invalidate the keyblock cache.
+
+ g10: If iobuf_seek fails when reading from the cache, do a hard read.
+ + commit f076fa190e09eab5c586650d81e241e0bb85ce25
+ * g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
+ reading from the cache, then simply clear the cache and try reading
+ from the database.
+
+ iobuf: Reduce verbosity of test.
+ + commit 219de84df9a8408fffedbb2600f5eb4c441950b6
+ * common/t-iobuf.c (main): Reduce verbosity.
+
+ iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
+ + commit f2d75ac7dc58f5ea59b231be6b83fea939b43ab8
+ * common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
+ * common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
+ IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer. Assert that LENGTH ==
+ A->D.SIZE.
+ (iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
+ filter an IOBUF_INPUT filter and set its buffer size to
+ IOBUF_BUFFER_SIZE.
+ (underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
+ remove already read data.
+ (iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
+ data.
+ (iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
+ (pop_filter): Allow USE == IOBUF_INPUT_TEMP.
+ (iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
+ (iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
+ (iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
+ (iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
+ (iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.
+
+ iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
+ + commit 5ff5e72b9c275fbd978136b1028bbf251af26e57
+ * common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
+ IOBUF_OUTPUT_TEMP. Update users.
+
+ iobuf: Use a first-class enum.
+ + commit 24259d856b6cbdd679035512a8fb7c042de8f02e
+ * common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
+ (struct iobuf_struct): Change the field use's type to it.
+
+ iobuf: Fix test.
+ + commit 8522cdc2264804d0677b7c0a447a0b45cf4195e3
+ * common/t-iobuf.c (content_filter): If there is nothing to read,
+ don't forget to set *LEN to 0.
+ (main): Fix checks.
+
+2015-09-01 Werner Koch <wk@gnupg.org>
+
+ agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
+ + commit 9ba4ccdaf5e128fbea51ff142c63d4b359c7264d
+ * agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.
+
+ gpg: Remove option --no-sig-create-check.
+ + commit f9c83d84e7d33df76898975f5ac852efa9c4882a
+ * g10/gpg.c (opts): Remove --no-sig-create-check.
+ * g10/options.h (struct opt): Remove field no_sig_create_check.
+ * g10/sign.c (do_sign): Always check unless it is RSA and we are using
+ Libgcrypt 1.7.
+
+ common: Assume an utf-8 locale on iconv errors.
+ + commit 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
+ * common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.
+
+ common: Fix regression in building argpase.c standalone.
+ + commit bc23e69b70191f887dcb937007833d0187af181f
+ * common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.
+
+2015-08-31 Neal H. Walfield <neal@g10code.com>
+
+ g10: Don't leak memory if we fail to initialize a new database handle.
+ + commit 04a6b903d0354be2c69c7f2c98987de17d68416e
+ * g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
+ correctly release all resources.
+
+ g10: Improve interface documentation of the keydb API.
+ + commit 360b699e9b4b8f99bd790b3cd158cd6f0fd7c131
+ * g10/keydb.c: Improve code comments and documentation of internal
+ interfaces. Improve documentation of public APIs and move that to...
+ * g10/keydb.h: ... this file.
+
+ g10: Don't cache search results if the search didn't scan the whole DB.
+ + commit efd1ead9e779eb3bd37384258e08ad921a934612
+ * g10/keydb.c (struct keydb_handle): Add new field is_reset.
+ (keydb_new): Initialize hd->is_reset to 1.
+ (keydb_locate_writable): Set hd->is_reset to 1.
+ (keydb_search): Set hd->is_reset to 0. Don't cache a key not found if
+ the search started from the beginning of the database.
+
+ g10: Have keydb_search_first call keydb_search_reset before searching.
+ + commit 11d8ffc939a4d20cfb0082b2d966b1e1a7d61f8d
+ * g10/keydb.c (keydb_search_first): Reset the handle before starting
+ the search.
+
+ g10: Remove unused parameter.
+ + commit 0377db4b3581561b1ffc5bb7c3b4d698e8993b3a
+ * g10/keydb.h (keydb_locate_writable): Remove unused parameter
+ reserved. Update users.
+
+2015-08-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix SSH public key for EdDSA.
+ + commit 135b1e32f01beaceba8a4ecc774e23b56aca1d24
+ * agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.
+
+2015-08-26 Neal H. Walfield <neal@g10code.com>
+
+ g10: Simplify cache. Only include data that is actually used.
+ + commit fad91071cadff43d77ce2e524dfb03999ba6678e
+ * g10/keydb.c (struct kid_list_s): Rename from this...
+ (struct kid_not_found_cache_bucket): ... to this. Update users.
+ Remove field state.
+ (kid_list_t): Remove type.
+ (KID_NOT_FOUND_CACHE_BUCKETS): Define. Use this instead of a literal.
+ (kid_found_table): Rename from this...
+ (kid_not_found_cache_bucket): ... to this. Update users.
+ (kid_found_table_count): Rename from this...
+ (kid_not_found_cache_count): ... to this. Update users.
+ (kid_not_found_p): Only return whether a key with the specified key id
+ is definitely not in the database.
+ (kid_not_found_insert): Remove parameter found. Update callers.
+ (keydb_search): Only insert a key id in the not found cache if it is
+ not found. Rename local variable once_found to already_in_cache.
+
+2015-08-25 Werner Koch <wk@gnupg.org>
+
+ Add configure option --enable-build-timestamp.
+ + commit 9d07f6930aaa40dce92104e8c99241713d92eed2
+ * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
+
+ gpg: Emit ERROR status for key signing failures.
+ + commit 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7
+ * g10/keyedit.c (sign_uids): Write an ERROR status for a signing
+ failure.
+ (menu_adduid, menu_addrevoker, menu_revsig): Ditto.
+ (menu_revuid, menu_revkey, menu_revsubkey): Ditto.
+
+ gpg: Print a new FAILURE status after most commands.
+ + commit 9cdff09743c473a12359bfdb914578ede0e4e3e2
+ * common/status.h (STATUS_FAILURE): New.
+ * g10/cpr.c (write_status_failure): New.
+ * g10/gpg.c (main): Call write_status_failure for all commands which
+ print an error message here.
+ * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
+ set the pinentry mode.
+
+2015-08-24 Neal H. Walfield <neal@g10code.com>
+
+ agent: Raise the maximum password length. Don't hard code it.
+ + commit 348a6ebb63523305ce9f47d0f3e8a9086c338fed
+ * agent/agent.h (MAX_PASSPHRASE_LEN): Define.
+ * agent/command-ssh.c (ssh_identity_register): Use it instead of a
+ hard-coded literal.
+ * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
+ * agent/findkey.c (unprotect): Likewise.
+ * agent/genkey.c (agent_ask_new_passphrase): Likewise.
+
+2015-08-24 Werner Koch <wk@gnupg.org>
+
+ sm: Support secret key export via the Assuan interface.
+ + commit 3cf02192a890d04f8f558cb72d46f9bd7a378322
+ * sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.
+
+2015-08-23 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow sending of Zack's key.
+ + commit 84f4c8811fc5bdd78693c4dc289389a8337cc257
+ * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.
+
+ gpg: Fix regression in packet parser from Aug 19.
+ + commit 88317ae8c829bfeb1689415efbd32b7a232d7bd0
+ * g10/parse-packet.c (parse): Use an int to compare to -1. Use
+ buf32_to_ulong.
+
+ gpg: Show not found keys with --locate-key --verbose.
+ + commit 00def10d365a88ce2d034ea9a5d6be4b03285fa4
+ * g10/keylist.c (locate_one): Print a diagnostic for a not-found key.
+
+2015-08-21 Neal H. Walfield <neal@g10code.com>
+
+ common: Don't incorrectly reject 4 GB - 1 sized packets.
+ + commit 09f2a7bca624d0492e1d7ab29ce19542249c13ff
+ * g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
+ Add the constraint that the type must be 63.
+ * kbx/keybox-openpgp.c (next_packet): Likewise.
+ * tests/openpgp/4gb-packet.asc: New file.
+ * tests/openpgp/4gb-packet.test: New file.
+ * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
+ (TEST_FILES): Add 4gb-packet.asc.
+
+ common: Don't assume on-disk layout matches in-memory layout.
+ + commit 4f37820334fadd8c5036ea6c42f3dc242665c4a9
+ * g10/packet.h (PKT_signature): Change revkey's type from a struct
+ revocation_key ** to a struct revocation_key *. Update users.
+
+ common: Don't incorrectly copy packets with partial lengths.
+ + commit b3226cadf9bbef4a367072396e5b0abf37afff2d
+ * g10/parse-packet.c (parse): We don't handle copying packets with a
+ partial body length to an output stream. If this occurs, log an error
+ and abort.
+
+ common: Check parameters more rigorously.
+ + commit 0143d5c1ca4d12ac252c14f01931f48131591065
+ * g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
+ NULL.
+ (copy_all_packets): Likewise.
+
+ common: Don't continuing processing on error.
+ + commit 48e792cc951a9d00fad0691ef7411c9e22cf675a
+ * g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
+ an error.
+ (parse_packet): Likewise.
+ (dbg_search_packet): Likewise.
+ (search_packet): Likewise.
+
+ common: Better respect the packet's length when reading it.
+ + commit 73af66a0aada8f30d8f400fdc4f69e233fb53089
+ * g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
+ underflow. Be more careful that a read doesn't read more data than
+ PKTLEN says is available.
+
+2015-08-20 Werner Koch <wk@gnupg.org>
+
+ po: Add lost translation of validity strings.
+ + commit 0d5a4138f27187e7828ef8216758edc9b48b2c64
+ * po/POTFILES.in (trust.c): Add missing file.
+ * po/de.po: Changed German validity strings.
+ * doc/help.de.txt: Ditto.
+
+2015-08-20 Neal H. Walfield <neal@g10code.com>
+
+ g10/parse-packet.c:parse: Try harder to not ignore an EOF.
+ + commit 0add91ae1ca3718e8140af09294c595f47c958d3
+ * g10/parse-packet.c (parse): Be more robust: make sure to process any
+ EOF.
+
+ g10/parse-packet.c: Replace literal with symbolic expression.
+ + commit 24a72dffa75a04611c98343140c4eb0fbfe2a59f
+ * g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
+ buffer's size.
+
+ Add documentation for g10/parse-packet.c.
+ + commit 026feff4a8e3090fb152af72c73aaa80c78e4551
+ * g10/packet.h: Add documentation for functions defined in
+ parse-packet.c.
+ * g10/parse-packet.c: Improve comments for many functions.
+
+ g10/packet.h: Remove unused argument from enum_sig_subpkt.
+ + commit c46e8bfe9a1ae3f1e5327d0451cffd6e4567b449
+ * g10/packet.h (enum_sig_subpkt): Remove argument RET_N. Update
+ callers.
+ * g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.
+
+ g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
+ + commit c271feb53664dbf2b4ccbae90a31b8e726481e2d
+ * g10/parse-packet.c (mpi_read): Improve documentation. Correctly
+ handle an EOF. On overflow, correctly return the number of bytes read
+ from the pipeline.
+
+ common/iobuf.c: Make control flow more obvious.
+ + commit 49f922286fa8adb2d2ca730eb7bbe67e684b20de
+ * common/iobuf.c (iobuf_read): Make control flow more obvious.
+ (iobuf_get_filelength): Likewise.
+ (iobuf_get_fd): Likewise.
+ (iobuf_seek): Likewise.
+
+ common/iobuf.c: Add some sanity checks to catch programmer bugs.
+ + commit c5da750cf3d53277fe6d86776bfe0d2304b05151
+ * common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
+ (iobuf_readbyte): Check that A is an input filter. Check that the
+ amount of read data is at most the amount of buffered data.
+ (iobuf_read): Check that A is an input filter.
+ (iobuf_writebyte): Check that A is not an input filter.
+ (iobuf_writestr): Check that A is not an input filter.
+ (iobuf_flush_temp): Check that A is not an input filter.
+
+ common/iobuf.c:iobuf_write_temp: Elide redundant code.
+ + commit e291b631c3b1aedf529078190cd51e2acfcd1d92
+ * common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp.
+ Use it directly.
+
+ common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte
+ + commit a6d4bca3b576c3c5dba1aa6e8c1039089e14147b
+ * common/iobuf.c (iobuf_write): Don't write a byte at a time. Use
+ iobuf_write.
+
+ common/iobuf: Improve documentation and code comments.
+ + commit 1bfd1e43246c16e20f819bf5381ca21abde54458
+ common/iobuf.h: Improve documentation and code comments.
+ common/iobuf.c: Likewise.
+
+ common/iobuf.c: Adjust buffer size of filters in front of temp filters.
+ + commit 0d40c4e83f6fbfea2f494f1f88412d3132ff98bd
+ * common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
+ filter, use IOBUF_BUFFER_SIZE for the new filter.
+
+ common/iobuf.c: Buffered data should not be processed by new filters.
+ + commit 827cc922d84d8113d4f13ebbed1314e03da5f7d2
+ * common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
+ temp pipeline, the new filter shouldn't assume ownership of the old
+ head's internal buffer: the data was written before the filter was
+ added.
+ * common/t-iobuf.c (double_filter): New function.
+ (main): Add test cases for the above bug.
+
+ common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
+ + commit 616181f3c757160af8539869a6d929faca4962c4
+ * common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
+ pipeline and copy the data from the last (not the first) filter's
+ internal buffer.
+
+ common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
+ + commit 15ae99f887f4694de8468625d455d487d283f719
+ * common/iobuf.c (do_open): New function, which is a generalization of
+ iobuf_open, iobuf_Create, iobuf_openrw.
+ (iobuf_open): Call do_open.
+ (iobuf_create): Likewise.
+ (iobuf_openrw): Likewise.
+
+ common/iobuf.h: Remove iobuf_open_fd_or_name.
+ + commit 8402815d8e0e04a44362968f88b3d484d2395402
+ * common/iobuf.h (iobuf_open_fd_or_name): Remove prototype. Replace
+ use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
+ * common/iobuf.c (iobuf_open): Remove function.
+
+ common/iobuf.c: Rename iobuf_flush and make it a static function.
+ + commit 6d49a2b6691f2dd0d8ac34a15f18cc2a0c3ba5d3
+ * common/iobuf.h (iobuf_flush): Remove prototype.
+ * common/iobuf.c (filter_flush): New static prototype.
+ (iobuf_flush): Rename...
+ (filter_flush): ... to this. Make static. Simplify code. Update
+ callers.
+
+ common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
+ + commit 1f94646a86348128f585301fcd605e5e703fd77d
+ * common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
+ freeing a filter fails. This needs to a memory leak. Instead, keep
+ freeing and return the error code of the first filter that fails.
+
+ common/iobuf.c: Improve iobuf_peek.
+ + commit a250f73783c06d7789ac65a395d9247f4ab44c26
+ * common/iobuf.c (underflow): Take additional parameter
+ clear_pending_eof. If not set, don't clear a pending eof when
+ returning EOF. Update callers.
+ (iobuf_peek): Fill the internal buffer, if needed, to be able to
+ better satisfy any request.
+
+ common/iobuf.c: When requested, fill the buffer even if it is not empty.
+ + commit c7ad36eb0d7f872fc15e793aa1d0b6b89bc471d6
+ * common/iobuf.c (underflow): Don't require that the buffer be empty.
+ When called, fill any available space.
+
+ common/t-iobuf.c: Add a test case for multiple EOFs.
+ + commit e76c75d8726558dc9084710253f0f6780e06fad3
+ common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
+ pipeline.
+
+ common/iobuf.c: Better respect boundary conditions in iobuf_read_line.
+ + commit 4e32c602f5c40cca5f8f40e642ccb10d3f8c5614
+ * common/iobuf.c (iobuf_read_line): Be more careful with boundary
+ conditions.
+ * common/iobuf.h: Include <gpg-error.h>.
+ * common/t-iobuf.c: New file.
+ * common/Makefile.am (module_tests): Add t-iobuf.
+ (t_mbox_util_LDADD): New variable.
+
+ common/iobuf.c: Fix filter type for iobuf_temp_with_content.
+ + commit fa9fda23c2c8cf6982b7263f6882ed8687d98c16
+ * common/iobuf.c (iobuf_temp_with_content): Set the filter type to
+ IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
+ write into a dynamic buffer.
+
+ common/iobuf.h: Remove unimplemented prototypes.
+ + commit 75fd86bbd175e085a93c1ad62f50ae936494b307
+ * common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
+ (iobuf_clear_eof): Likewise.
+ (iobuf_append): Likewise.
+
+ common/iobuf.c: Refactor code to not need the desc field.
+ + commit 679acc671e621847f50d6b4dca10a22c62500b9a
+ * common/iobuf.h (struct iobuf_struct): Remove field desc.
+ * common/iobuf.c (iobuf_desc): New function. When a filter's
+ description is needed, use this instead of the filter's desc field.
+
+ common/iobuf.h: Clarify semantics of nofast. Simplify implementation.
+ + commit 12fc56bcb51d984a6e86fc1eb7952f9976c67043
+ * common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
+ Simplify use of nofast to implement just these semantics.
+
+ common/iobuf.c: Remove dead code (directfp).
+ + commit e8c0b6abf88309c23a70df0abbd38d42fa22a786
+ * common/iobuf.h (struct iobuf_struct): Remove field directfp. Remove
+ all uses of it.
+
+ common/iobuf.c: Remove dead code (opaque).
+ + commit f05d60b3813a97e316a067680d7598b74621a522
+ * common/iobuf.h (struct iobuf_struct): Remove field opaque. Remove
+ all uses of it.
+
+ common/iobuf.h: Replace further use of literals with symbolic constants.
+ + commit c06eabac8e85f7f79414363836f093415e8da62e
+ * common/iobuf.c: Move BLOCK_FILTER_INPUT,
+ BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
+ * common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
+ and IOBUF_TEMP, respectively. Where appropriate, use these macros
+ instead of a literal.
+
+2015-08-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid linking to Libksba.
+ + commit 91357b7722f2bf0d3765ec72855bdc96732df9d6
+ * kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
+ * sm/Makefile.am (AM_CPPFLAGS): Define it here.
+ (common_libs): Change to libkeybox509.a
+ * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
+ (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
+ * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
+ (libkeybox509_a_SOURCES): New.
+ (libkeybox_a_CFLAGS): New.
+ (libkeybox509_a_CFLAGS): New.
+ (kbxutil_CFLAGS): New.
+ * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
+ as unused.
+
+2015-08-16 Ben Kibbey <bjk@luxsci.net>
+
+ Fix pinentry loopback and passphrase contraints.
+ + commit bba74cdd95ea98b5a7c3a12823b229341e91504e
+ * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
+ pinentry loopback mode.
+ * agent/genkey.c (check_passphrase_constraints): Immediately return when
+ pinentry mode is loopback.
+
+ Fix sending INQUIRE_MAXLEN for symmetric data.
+ + commit 93f5295df512269dd8fecbd649b11cbacf78e864
+ * g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
+
+2015-08-15 Ben Kibbey <bjk@luxsci.net>
+
+ Inform a user about inquire length limit.
+ + commit f126ca61565922b3b938c3486614b9bd7e6e454c
+ * common/status.h (INQUIRE_MAXLEN): New.
+ * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
+ client when inquiring a passphrase over pinentry-loopback.
+
+ Allow --gen-key to inquire a passphrase.
+ + commit 233b5fedabd80a34452e748132e65b5944310428
+ * g10/gpg.c (main): test for --command-fd during --gen-key parse.
+
+ When --command-fd is set then imply --batch to let gpg inquire a
+ passphrase rather than requiring a pinentry.
+
+2015-08-11 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.7.
+ + commit b5e081973b56b21214fc0c65ba9015dd026328b4
+
+
+2015-08-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: fix ECC key handling.
+ + commit 8704c70108218a60f8fb2ee0e558ca8ed125600d
+ * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
+ (convert_transfer_key): CURVE is the name of curve.
+
+2015-08-08 Neal H. Walfield <neal@g10code.com>
+
+ common/iobuf.c: Replace use of literals with symbolic constants.
+ + commit c80643c5ecbee89f343ef087313870cee1334fe4
+ * common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use
+ this instead of a literal.
+ (BLOCK_FILTER_OUTPUT): Likewise.
+ (BLOCK_FILTER_TEMP): Likewise.
+
+2015-08-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow gpgv to work with a trustedkeys.kbx file.
+ + commit 5b7a80b1ab91d2f199065e5dd14e85f42918975d
+ * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
+ * g10/keydb.c (keydb_add_resource): Take care of new flag.
+ * g10/gpgv.c (main): Use new flag.
+
+ agent: Add option --force to the DELETE_KEY command.
+ + commit a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd
+ * agent/findkey.c (agent_delete_key): Add arg "force".
+ * agent/command.c (cmd_delete_key): Add option --force.
+
+ common: Change alias for Curve25519 to "cv25519".
+ + commit 9f31ab3d216ed74d6f392a62e3f95e0591174119
+ * common/openpgp-oid.c (oidtable): Change alias.
+
+2015-08-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove duplicated printing of the curve name in "sub" lines.
+ + commit fb754dc6170d12edf3d35c48340b8d7b1ded20f7
+ * g10/keylist.c (list_keyblock_print): Do not print extra curve name.
+
+ gpg: Add commands "fpr *" and "grip" to --edit-key.
+ + commit fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9
+ * g10/keyedit.c (cmdGRIP): New.
+ (cmds): Add command "grip".
+ (keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
+ (keyedit_menu) <cmdGRIP>: Print keygrip.
+ (show_key_and_fingerprint): Add arg "with_subkeys".
+ (show_key_and_grip): New.
+ * g10/keylist.c (print_fingerprint): Add mode 4.
+
+ gpg: Adjust UID line indentation for common key algos.
+ + commit 969542c8c2f48a60c1d68b7bf70b0c00374bacba
+ * g10/keylist.c (list_keyblock_print): Change UID line indentation
+ * g10/mainproc.c (list_node): Ditto.
+
+2015-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ Curve25519 support.
+ + commit e5891a82c39997b65ce9ff90eb6120db7bedd399
+ * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
+ (convert_secret_key, convert_transfer_key): Ditto.
+ * common/openpgp-oid.c (oidtable): Add Curve25519.
+ (oid_crv25519, openpgp_oid_is_crv25519): New.
+ * common/util.h (openpgp_oid_is_crv25519): New.
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
+ with Montgomery curve which uses x-only coordinate.
+ * g10/keygen.c (gen_ecc): Handle Curve25519.
+ (ask_curve): Change the API and second arg is to return subkey algo.
+ (generate_keypair, generate_subkeypair): Follow chage of ask_curve.
+ * g10/keyid.c (keygrip_from_pk): Handle Curve25519.
+ * g10/pkglue.c (pk_encrypt): Handle Curve25519.
+ * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
+ * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
+ (send_key_attr): Work with general ECC, Ed25519, and Curve25519.
+ (get_public_key): Likewise.
+ (ecc_writekey): Handle flag_djb_tweak.
+
+ common: extend API of openpgp_oid_to_curve for canonical name.
+ + commit a6e40530898622fbc5d76557a7da5e69368ecaa4
+ * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
+ * common/util.h: Update.
+ * g10/import.c (transfer_secret_keys): Follow the change.
+ * g10/keyid.c (pubkey_string): Likewise.
+ * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
+ * parse-packet.c (parse_key): Likewise.
+ * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
+
+2015-08-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix ecc_oid.
+ + commit d088d2c81690a89051349ddc8a82fe222625f4e0
+ * scd/app-openpgp.c (ecc_oid): Call with OIDBUF.
+
+ scd: Fix ECC support.
+ + commit 0751571cac0f5aef2862c34a184f7f09ad9cb203
+ * scd/app-openpgp.c (send_key_attr): Send KEYNO.
+ (get_public_key): Fix SEXP composing.
+ (ecc_writekey): Fix OID length calculation.
+ (ecc_oid): Prepend the length before query.
+ (parse_algorithm_attribute): Handle the case the curve is not available.
+
+2015-08-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix duplicate key import due to legacy key in keyring.
+ + commit 4a326d7c9a3b09efcccf4de00d6c003829ad89e8
+ * g10/keydb.c (keydb_search_fpr): Skip legacy keys.
+
+ gpg: Properly handle legacy keys while looking for a secret key.
+ + commit f05a63b10428df2878b1bb6fde57a2fc2aa99105
+ * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
+
+2015-07-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix endless loop for expired keys given by fpr.
+ + commit 328a6b6459a5ce4a70b374262f221ada20c40878
+ * g10/getkey.c (lookup): Disable keydb caching when continuing a
+ search.
+
+2015-07-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not return "Legacy Key" from lookup if a key is expired.
+ + commit 23d8609f4b5ec3432323a676fd7ef225c0ef71a1
+ * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
+
+ gpg: Indicate secret keys and cards in a key-edit listing.
+ + commit 8b2b988309cbc5af339beb0a55ff71d7464eb646
+ * g10/keyedit.c (sign_uids): Add arg "ctrl".
+ (show_key_with_all_names_colon): Ditto.
+ (show_key_with_all_names): Ditto.
+
+ * g10/keyedit.c (show_key_with_all_names): Print key record
+ indicators by checking with gpg-agent.
+ (show_key_with_all_names): Ditto. May now also print sec/sbb.
+
+2015-07-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove the edit-key toggle command.
+ + commit 7ef09afd1a6a37c7f22e7c3d898f0c917b08f940
+ * g10/keyedit.c (cmds): Remove helptext from "toggle".
+ (keyedit_menu): Remove "toggle" var and remove the sub/pub check
+ against toggle.
+
+ common,w32: Avoid unused var warning about msgcache.
+ + commit 4bc75337f31374b7424d7bdebf839dd91ec80c0a
+ * common/i18n.c (USE_MSGCACHE): New.
+ (msgcache) [!USE_MSGCACHE]: Do not define.
+ (i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.
+
+ w32: Try more places to find an installed Pinentry.
+ + commit 18f1e627c697d75175b79fe095305fa775f20841
+ * common/homedir.c (get_default_pinentry_name): Re-implement to
+ support several choices for Windows.
+
+2015-07-26 Werner Koch <wk@gnupg.org>
+
+ scd: Fix size_t/unsigned int mismatch.
+ + commit 55e64f47a52d76e097a01eb4044a88a4e10d6a87
+ * scd/app-openpgp.c (ecc_writekey): Use extra var n.
+
+ Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
+ + commit d382242fb6789973ce8d246ec154a4a1468c24c0
+ * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
+ libgpg-error < 1.20.
+ * common/mischelp.h: Ditto.
+ * common/types.h: Ditto.
+
+2015-07-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: support any curves defined by libgcrypt.
+ + commit ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9
+ * g10/call-agent.h (struct agent_card_info_s): Add curve field.
+ * g10/call-agent.c (learn_status_cb): Use curve name.
+ * g10/card-util.c (card_status): Show pubkey name.
+ * scd/app-openpgp.c (struct app_local_s): Record OID and flags.
+ (store_fpr): Use ALGO instead of key type.
+ (send_key_attr): Use curve name instead of OID.
+ (get_public_key): Clean up by OID to curve name.
+ (ecc_writekey): Support any curves in libgcrypt.
+ (do_genkey, do_auth, ): Follow the change.
+ (ecc_oid): New.
+ (parse_algorithm_attribute): Show OID here.
+
+2015-07-23 Peter Wu <peter@lekensteyn.nl>
+
+ build: ignore scissor line for the commit-msg hook.
+ + commit d24165bce2823c2f5dcb39b7b84c9aa00802a8ee
+ * build-aux/git-hooks/commit-msg: Stop processing more lines when the
+ scissor line is encountered.
+
+2015-07-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Format change to specify "rsa2048" for KEY-ATTR.
+ + commit dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789
+ * g10/card-util.c (do_change_keysize): Put "rsa".
+ * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
+ Change the command format.
+ (rsa_writekey): Check key type.
+ (do_writekey): Remove "ecdh" and "ecdsa" support which was available
+ in experimental libgcrypt before 1.6.0.
+
+2015-07-22 Werner Koch <wk@gnupg.org>
+
+ Avoid a leading double slash in make_filename.
+ + commit 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0
+ * common/stringhelp.c (do_make_filename): Special case leading '/'.
+
+2015-07-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: change_keyattr_from_string for ECC.
+ + commit 9901be395684dd1b35d83685a719291347684ab1
+ * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
+ Support ECC.
+ (rsa_writekey): Don't change key attribute.
+
+2015-07-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Use openpgpdefs.h for constants.
+ + commit f5d356fb5bbbd0e05a753612455253e4bc335266
+ * scd/app-openpgp.c: Include openpgpdefs.h.
+
+2015-07-16 Neal H. Walfield <neal@g10code.com>
+
+ Don't segfault if the first 'auto-key-locate' option is 'clear'.
+ + commit f2ee673c99825d5189631031ddec2dbf54dbd482
+ * g10/getkey.c (free_akl): If AKL is NULL, just return.
+
+2015-07-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support non-NLS build.
+ + commit b3286af36d452fc801be573a057b0838d53a2edd
+ * agent/agent.h: Use ENABLE_NLS and define L_() macro.
+
+2015-07-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Remove unused files.
+ + commit 67b2dc7636e47baefd5aafe0eb45b4730f974481
+ * scd/Makefile.am (sc_copykeys_*): Remove.
+ * scd/sc-copykeys.c: Remove.
+ * scd/pcsc-wrapper.c: Remove.
+ * scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.
+
+2015-07-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Use canonical name for curve.
+ + commit 5b46726931049e060d8fbfa879db7907078a9aed
+ * g10/import.c (transfer_secret_keys): Use canonical name.
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
+ * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
+ * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
+ * g10/parse-packet.c (parse_key): Ditto.
+
+2015-07-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ drop long-deprecated gpgsm-gencert.sh.
+ + commit 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc
+ * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is
+ fully replaced by gpgsm --gen-key
+ * doc/tools.texi: remove gpgsm-gencert.sh documentation
+ * .gitignore: no longer ignore gpgsm-gencert.sh manpage
+ * doc/Makefile.am: quit making the manpage
+ * tools/Makefile.am: quit distributing the script
+ * doc/howto-create-a-server-cert.texi: overhaul documentation to use
+ gpgsm --gen-key and tweak explanations
+
+2015-07-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737
+
+
+ scd: Support AES decryption for OpenPGPcard v3.0.
+ + commit 45c49a0030c7a01ec011ce810ddb3aaef734e9bf
+ * scd/app-openpgp.c (do_decipher): Support AES decryption.
+
+2015-07-01 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.6.
+ + commit a499eeb6a6545d87ac9f1b64e32017bfdb4f67e6
+
+
+2015-07-01 Daiki Ueno <ueno@gnu.org>
+
+ agent: Unset INSIDE_EMACS on gpg-agent startup.
+ + commit f1490a3a0ecf4a5a03373c9563f7709630232ee3
+ * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.
+
+2015-07-01 Werner Koch <wk@gnupg.org>
+
+ common: Implement i18n_localegettext.
+ + commit a65447f0d64d0c53ddbdcfc988f26ecc9a8a6f08
+ * common/i18n.c (msg_cache_s, msg_cache_head_s): New.
+ (msgcache): New.
+ (i18n_localegettext): Implement locale dependent lookup.
+
+2015-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
+ + commit 816824953c91959c23a57c047bdba6a902ffdde6
+ * common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
+
+2015-06-30 Werner Koch <wk@gnupg.org>
+
+ Flag the L_() function with attribute format_arg.
+ + commit 232af382e563fcbe15589a3ccae7d6908a17c44d
+ * agent/agent.h (LunderscorePROTO): New.
+ * common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
+ * common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
+ i18n_localegettext. Expand LunderscorePROTO.
+ * agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
+ again to keep the old translations.
+
+ agent: Use different translation func for Pinentry strings.
+ + commit e76d4c05b24211f3981ab69cddb3fccc17d21e0e
+ * po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
+ * common/i18n.c (i18n_localegettext): New stub.
+ * common/i18n.h: Expand the LunderscoreIMPL macro.
+ * agent/agent.h (L_): New.
+ (LunderscoreIMPL): New.
+ * agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
+ caller.
+ * agent/findkey.c (try_unprotect_cb): Add local var ctrl.
+ * agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
+ by xtrystrdup to avoid gcc warning. Unfortinately this changes the
+ string.
+ (agent_ask_new_passphrase): Cleanup the use of initial_errtext.
+
+ gpg: Make show-sig-subpackets work again.
+ + commit 010e4281c3e15e2f86589dd1da419531ead519ef
+ * g10/gpg.c (parse_list_options): Fix offset for subpackets.
+
+2015-06-29 Werner Koch <wk@gnupg.org>
+
+ agent: Prepare for Libassuan with Cygwin support.
+ + commit b6076579311029aa76c00377d9a804b1578bf58f
+ * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call
+ assuan_sock_set_flag if Assuan version is recent enough.
+ (main): Create ssh server socket with Cygwin flag set.
+
+2015-06-29 Neal H. Walfield <neal@gnu.org>
+
+ Show passphrase constraints errors as password prompt errors.
+ + commit 2778c6f8f40d73272075ce04c07097f65c94054e
+ * agent/agent.h (check_passphrase_constraints): Add parameter
+ failed_constraint and remove parameter silent. Update callers.
+ * agent/genkey.c (check_passphrase_constraints): Add parameter
+ failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
+ is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
+ error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
+ or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
+ SILENT was set.
+ (agent_ask_new_passphrase): Change initial_errtext's type from a const
+ char * to a char *. Pass it to check_passphrase_constraints. If it
+ contains malloc's memory, free it.
+
+2015-06-29 Neal H. Walfield <neal@g10code.com>
+
+ Improve documentation for default-cache-ttl and default-cache-ttl-ssh.
+ + commit 0416aed4abf6cea94458d2e38eb4a5e6bfea2d8b
+ * doc/gpg-agent.texi (Agent Options): Improve documentation for
+ default-cache-ttl and default-cache-ttl-ssh.
+
+ Don't raise max-cache-ttl to default-cache-ttl.
+ + commit 60cf69ff9d61a2cd37fc4468f232fd41aa70a651
+ * agent/gpg-agent.c (finalize_rereadable_options): Don't raise
+ max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh
+ and default-cache-ttl-ssh.
+
+ Improve the description of old packets with an indeterminate length.
+ + commit 68c217f457a772984d0afbdd341f18de7c867505
+ * g10/parse-packet.c (parse): Make the description more accurate when
+ listing packets: old format packets don't support partial lengths,
+ only indeterminate lengths (RFC 4880, Section 4.2).
+
+2015-06-29 Werner Koch <wk@gnupg.org>
+
+ agent: Add --verify to the PASSWD command.
+ + commit 9bca96dbc5c32bdd00196462fde8c9ab94aeb28d
+ * agent/command.c (cmd_passwd): Add option --verify.
+
+ agent,w32: Do not create a useless socket with --enable-putty-support.
+ + commit 7a387331645736eaeaaef57770beef5fa741bc22
+ * agent/agent.h (opt): Remove field ssh_support.
+ * agent/gpg-agent.c (ssh_support): New. Replace all opt.ssh_support
+ by this.
+ (main): Do not set ssh_support along with setting putty_support.
+
+ gpgsm: Add command option "offline".
+ + commit 2c9c46e2a2b8f9a1bdc1ef46a135b5fc7d1a8073
+ * sm/server.c (option_handler): Add "offline".
+ (cmd_getinfo): Ditto.
+ * sm/certchain.c (is_cert_still_valid):
+ (do_validate_chain):
+ * sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
+ of --disable-dirmngr.
+ * sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
+ ctrl->offline.
+
+2015-06-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support button flag and AES key data for OpenPGPcard v3.0.
+ + commit d2fdf2e1b6cd447bb1c36df0ac7d8e669802fa22
+ * scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
+ Support button and symmetric decryption.
+ (do_setattr): Support setting AESKEY.
+
+2015-06-25 Andre Heinecke <aheinecke@intevation.de>
+
+ sm: Fix cert storage for ephemeral certs.
+ + commit 5e1a844ae9b6730b4b8a2c9178ea9bc121560c28
+ * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
+ existing certs if store should not be ephemeral.
+
+2015-06-23 Werner Koch <wk@gnupg.org>
+
+ Allow use of debug flag names for all tools.
+ + commit 54a0ed3d9b10a3c6dfb3d6a4d20b693a3183f8f6
+ * g13/g13.c: Make use of debug_parse_flag.
+ * scd/scdaemon.c: Ditto.
+ * sm/gpgsm.c: Ditto
+ * agent/gpg-agent.c: Ditto. But do not terminate on "help"
+ * dirmngr/dirmngr.c: Ditto.
+
+ common: Improve fucntion parse_debug_flag.
+ + commit 8195e55d0c134a45f7c9bd95c8b5741781841c18
+ * common/miscellaneous.c (parse_debug_flag): Add hack not to call
+ exit. Add "none" and "all" flags.
+
+2015-06-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: pinpad workaround for PC/SC implementations.
+ + commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5
+ * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
+ for TPDU card reader.
+
+2015-06-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow debug flag names for --debug.
+ + commit 4698e5b203bd983503b5fd784fcd09dd3bc3a15e
+ * g10/gpg.c (opts): Change arg for oDebug to a string.
+ (debug_flags): New; factored out from set_debug.
+ (set_debug): Remove "--debug-level help". Use parse_debug_flag to
+ print the used flags.
+ (main): Use parse_debug_flag for oDebug.
+
+ common: Add function parse_debug_flag.
+ + commit 22147952b744958ec46d356e942540356ff7d93e
+ * common/miscellaneous.c (parse_debug_flag): New.
+ * common/util.h (struct debug_flags_s): New.
+
+ common: Add function strtokenize.
+ + commit d37f47081d41584efc0c397432811f9cfa5d5867
+ * common/stringhelp.c: Include assert.h.
+ (strtokenize): New.
+ * common/t-stringhelp.c (test_strtokenize): New.
+
+ gpg: Fix regression due to recent commit 6500f33.
+ + commit e0873a3372800d51c90ca656450f937dbae9c169
+ * g10/keydb.c (kid_list_s): Keep a state in the table.
+ (kid_not_found_table): Rename to kid_found_table.
+ (n_kid_not_found_table): Rename to kid_found_table_count.
+ (kid_not_found_p): Return found state.
+ (kid_not_found_insert): Add arg found.
+ (keydb_search): Store found state in the table.
+
+2015-06-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix Cherry ST-2000 support for pinpad input.
+ + commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe
+ * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
+ * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
+ template of APDU.
+
+2015-06-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Print number of good signatures with --check-sigs.
+ + commit 0948c4f217308ffa0ec61ce189d387fd61b02bbd
+ * g10/keylist.c (keylist_context): Add field good_sigs.
+ (list_keyblock_print): Updated good_sigs.
+ (print_signature_stats): Print number of good signatures and use
+ log_info instead of tty_printf.
+
+ gpg: Improve speed of --check-sigs and --lish-sigs.
+ + commit 6500f338a35f4148606480c79f3a0c1b0d15f13a
+ * g10/keydb.c (kid_list_t): New.
+ (kid_not_found_table, n_kid_not_found_table): New.
+ (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
+ (keydb_insert_keyblock): Flush the new cache.
+ (keydb_delete_keyblock): Ditto.
+ (keydb_update_keyblock): Ditto.
+ (keydb_search): Use the new cache.
+ (keydb_dump_stats): New.
+ * g10/gpg.c (g10_exit): Dump keydb stats.
+
+2015-06-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Add more log_clock calls to keydb.c.
+ + commit 53e9b86085ac70ede8a0b1de9018ccbfe55b0932
+ * g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
+
+ gpg: Print available debug flags using "--debug-level help".
+ + commit 663a31f1ea2fc5a43c822e916cf20fece5243851
+ * g10/gpg.c (set_debug): Add "help" option and use a table for the
+ flags.
+
+ gpg: Fix export problem in case an old keyring has PGP-2 keys.
+ + commit c5604eeee4b64a44a1ca1d517ace14fc1cbda298
+ * g10/export.c (do_export_stream): Skip legacy keys.
+
+2015-06-18 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix the cleanup zombies fix (685b782).
+ + commit c97198371b7307e64afdd323231977b2247f64ec
+ * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
+ stdout reader after EOF from read_log_data.
+ * dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
+ the next iteration.
+
+2015-06-17 Werner Koch <wk@gnupg.org>
+
+ agent: Print a warning for obsolete options.
+ + commit 010d26a85bfe15c4aa12eefeab851dbde0609c26
+ * g10/misc.c (obsolete_scdaemon_option): Move to
+ * common/miscellaneous.c (obsolete_option): ... here.
+ * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
+ options.
+
+2015-06-16 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Cleanup zombies and fix hang on shutdown.
+ + commit 685b782a18adb90bbf78956682e4e7f89fed678c
+ * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
+ into the loop. Check the queue also on timeout. Close log_fd and
+ reader context on EOF or error.
+
+ dirmngr: Avoid accessing uninitialized memory in log callback.
+ + commit 82c72e2db7bc5b633768d59822f2e2a353fa6e32
+ * dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
+ use.
+ (start_connection_thread): Ditto.
+ (handle_connections): Ditto.
+
+2015-06-16 Neal H. Walfield <neal@g10code.com>
+
+ Don't prompt for the password multiple times in pinentry loopback mode.
+ + commit eac081ba1278855fa223b031b527498fec558bc7
+ * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
+ clear OPT.PASSPHRASE_REPEAT.
+
+2015-06-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese Translation.
+ + commit 15540f6233bd041b06708862a6d9535cbcabe330
+
+
+2015-06-15 Werner Koch <wk@gnupg.org>
+
+ doc: Add defs.inc to BUILT_SOURCES.
+ + commit ef273a9afc7840b75cfb9b8af78d117b7d672c6a
+
+
+2015-06-11 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.5.
+ + commit 9b7bdfae82f74a147a5dbf0fac0f78cde77a207b
+
+
+ agent: Fix --extra-socket on Windows.
+ + commit 985918aab025cf0ac9db411b88a47c4b985e5e95
+ * agent/gpg-agent.c (start_connection_thread): Rename to ...
+ (do_start_connection_thread): this. Factor nonce checking out to ...
+ (start_connection_thread_std): this,
+ (start_connection_thread_extra): this,
+ (start_connection_thread_browser): and this.
+
+ agent: Add experimental option --browser-socket.
+ + commit 008435b95cbca19adc217178dc9d793eca584345
+ * agent/agent.h (opt): Add field "browser_socket".
+ * agent/command.c (cmd_setkeydesc): Use a different message for
+ restricted==2.
+ * agent/gpg-agent.c (oBrowserSocket): New.
+ (opts): Add --browser-socket.
+ (socket_name_browser, redir_socket_name_browser): New.
+ (socket_nonce_browser): New.
+ (cleanup): Cleanup browser socket.
+ (main): Implement option.
+ (start_connection_thread_browser): New.
+ (handle_connections): Add arg listen_fd_browser and use it.
+
+2015-06-10 Daiki Ueno <ueno@gnu.org>
+
+ agent: Add option --allow-emacs-pinentry.
+ + commit 691dae270b3b741178912599724d69adabdb48b9
+ * agent/agent.h (opt): Add field allow_emacs_pinentry.
+ * agent/call-pinentry.c (start_pinentry): Act upon new var.
+ * agent/gpg-agent.c (oAllowEmacsPinentry): New.
+ (opts): Add option --allow-emacs-pinentry.
+ (parse_rereadable_options): Set this option.
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
+
+2015-06-09 Werner Koch <wk@gnupg.org>
+
+ doc: Do not used fixed file names in the manuals.
+ + commit 25331bba5554a39d226d32433add7784b2e170b8
+ * doc/mkdefsinc.c: New.
+ * doc/Makefile.am: Include cmacros.am.
+ (EXTRA_DIST): Add mkdefsinc.c defsincdate.
+ (BUILT_SOURCES): Add defsincdate
+ (CLEANFILES): Add mkdefsinc and defs.inc.
+ (mkdefsinc): New rule.
+ (yat2m-stamp): Depend on defs.inc.
+ ($(myman_pages) gnupg.7): Ditto.
+ (gnupg.texi): Remove rule to touch itself.
+ (dist-hook): New.
+ (defsincdate): New.
+ (defs.inc): New.
+ * doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc.
+ Also include defs.inc in all files used to build man files. Change
+ fixed directory names to those from defs.inc.
+
+ dirmngr: Avoid crash due to an empty crls.d/DIR.txt.
+ + commit 255dadd76d5a2101d2c5450741326b67253fa9ea
+ * dirmngr/crlcache.c (check_dir_version): Avoid segv.
+
+2015-06-08 Werner Koch <wk@gnupg.org>
+
+ doc: Change the manual source to be only for GnuPG 2.1.
+ + commit abbefdd04d7ee30218506caeae1fd858569c9f0a
+
+
+ Convey envvar INSIDE_EMACS to the pinentry.
+ + commit c672572bd50966187cc823585efed673b66ff942
+ * common/session-env.c (stdenvnames): Add it.
+
+ agent: Add command "getinfo std_env_names".
+ + commit 8425db6a26bf66dad16dfbc26be9af7d272f31d3
+ * agent/command.c (cmd_getinfo): Add new sub-command.
+
+2015-06-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: do_decipher change for OpenPGPcard v3.0.
+ + commit cf508a1f7f4c8926dc554be68a2d46f5ce272ac0
+ * scd/app-openpgp.c (do_decipher): Add a header for ECDH.
+
+2015-06-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c.
+ + commit a4a15195c2a3729025a3ba3439ac8860083fceeb
+ * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
+ * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
+ * g10/trustdb.c (read_trust_record): Ditto.
+ (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
+ (tdb_update_ownertrust, update_min_ownertrust): Ditto.
+ (tdb_clear_ownertrusts, update_validity): Ditto.
+ (tdb_cache_disabled_value): Ditto.
+
+ gpg: Cleanup error code path in case of a bad trustdb.
+ + commit f170240ef735edc481f60e51527cbb5ee1acfd55
+ * g10/tdbio.c (tdbio_read_record): Fix returning of the error.
+
+ gpg: Fix output in case of a corrupted trustdb.
+ + commit bf06d04f53296f4b4b73b9360cf1571559bb2295
+ * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
+ es_stdout.
+ * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
+ list_trustdb only in verbose > 1 mode and let it dump to stderr.
+
+2015-05-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix key template of ECC.
+ + commit e5c69e87beebe99d362ac721ce4ea6b057a30a99
+ * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.
+
+2015-05-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix a race condition initially creating trustdb.
+ + commit fe5c6edaed78839303d67e01e141cfc6b5de9aec
+ * g10/tdbio.c (take_write_lock, release_write_lock): New.
+ (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
+ new lock functions.
+ (tdbio_set_dbname): Fix the race.
+ (open_db): Don't call dotlock_create.
+
+2015-05-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Remove g10/signal.c.
+ + commit 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb
+ * g10/signal.c: Remove.
+ * g10/main.h: Remove old function API.
+ * g10/tdbio.c: Use new API, even in the dead code.
+
+2015-05-20 Werner Koch <wk@gnupg.org>
+
+ agent: Cleanup caching code for command GET_PASSPHRASE.
+ + commit 23d2ef83cda644c6a83499f9327350d3371e8a17
+ * agent/command.c (cmd_get_passphrase): Read from the user cache.
+
+2015-05-19 Neal H. Walfield <neal@g10code.com>
+
+ agent: When the password cache is cleared, also clear the ext. cache.
+ + commit 3a9305439b75ccd4446378d4fd87da087fd9c892
+ * agent/agent.h (agent_clear_passphrase): New declaration.
+ * agent/call-pinentry.c (agent_clear_passphrase): New function.
+ * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
+
+ agent: Modify agent_clear_passphrase to support an ext. password cache.
+ + commit e201c20f25e7bed29088186c5f717d43047a0f4b
+ * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
+ cache_mode. Update callers.
+ * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
+ and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key,
+ then send SETKEYINFO to the pinentry.
+
+2015-05-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: detects public key encryption packet error properly.
+ + commit c771963140cad7c1c25349bcde27e427effc0058
+ g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
+ encryption.
+
+2015-05-15 Werner Koch <wk@gnupg.org>
+
+ build: Make --disable-gpgsm work.
+ + commit 43ea8f5d884dd108bb27d8e1610fa28802295a06
+ * Makefile.am: Always build kbx/
+ * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
+
+2015-05-12 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.4.
+ + commit a67ead6525d7597a9e0b152c5971f6290f7912f3
+
+
+ speedo: Add make option SELFCHECK=0 to build a new release.
+ + commit 21b0701e2e044894c53ff59d22c5c6a172780c25
+ * build-aux/getswdb.sh: Add option --skip-selfcheck.
+ * build-aux/speedo.mk: Add option SELFCHECK.
+
+2015-05-11 Werner Koch <wk@gnupg.org>
+
+ common: Cope with AIX problem on number of open files.
+ + commit 987532b038a2d9b9e76c0de425ee036ca2bffa1b
+ * common/exechelp-posix.c: Limit returned value for too hight values.
+
+ gpg-connect-agent: Fix quoting of internal percent+ function.
+ + commit 26e2eb98d3d8405b335b43c8e86deacf622cd957
+ * tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
+ escape '+'.
+
+ agent: Add option --no-allow-external-cache.
+ + commit d7293cb317acc40cc9e5189cef33fe9d8b47e62a
+ * agent/agent.h (opt): Add field allow_external_cache.
+ * agent/call-pinentry.c (start_pinentry): Act upon new var.
+ * agent/gpg-agent.c (oNoAllowExternalCache): New.
+ (opts): Add option --no-allow-external-cache.
+ (parse_rereadable_options): Set this option.
+
+ agent: Add strings for use by future Pinentry versions.
+ + commit 02d5e1205489aa5027a87a64552eaf15984dc22d
+ * agent/call-pinentry.c (start_pinentry): Add more strings.
+
+ agent: Add option --debug-pinentry.
+ + commit 14232c3870c5ef5d2fa15e8ed3f302b1ba29d25c
+ * agent/gpg-agent.c (oDebugPinentry): New.
+ (opts): Add --debug-pinentry.
+ (parse_rereadable_options): Set that option.
+ * agent/call-pinentry.c (start_pinentry): Pass option to
+ assuan_set_flag.
+
+2015-05-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid cluttering stdout with trustdb info in verbose mode.
+ + commit b03a2647299a6c8764a2574590cbaccdff9e497d
+ * g10/trustdb.c (validate_keys): Call dump_key_array only in debug
+ mode.
+
+ gpg: Fix wrong output in list mode.
+ + commit 7039f87375b3c89d6e63837b811ed2be71c8d9db
+ * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
+ LISTFP.
+
+ gpg: New command --quick-adduid.
+ + commit 64e809b791645f343feb69112baba8e2700e454b
+ * g10/keygen.c (ask_user_id): Factor some code out to ...
+ (uid_already_in_keyblock): new.
+ (generate_user_id): Add arg UIDSTR. Fix leaked P.
+ * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller.
+ (keyedit_quick_adduid): New.
+ * g10/gpg.c (aQuickAddUid): New.
+ (opts): Add command --quick-adduid.
+ (main): Implement that.
+
+ gpg: Add push/pop found state feature to keydb.
+ + commit 3c439c0447f8a7468a61bbdc4c9a101ef2451dcb
+ * g10/keydb.c (keydb_handle): Add field saved_found.
+ (keydb_new): Init new field.
+ (keydb_push_found_state, keydb_pop_found_state): New.
+ * g10/keyring.c (kyring_handle): Add field saved_found.
+ (keyring_push_found_state, keyring_pop_found_state): New.
+
+ gpg: Minor code merging in keyedit.
+ + commit b772e459fa91cdc7facd95227ebc0faba20a7003
+ * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
+ (fix_keyblock): New. Call fix_key_signature_order and other fix
+ functions.
+ (keyedit_menu): Factor code out to new fix_keyblock.
+ (keyedit_quick_sign): Ditto. Check for primary fpr before calling
+ fix_keyblock.
+
+2015-05-07 Werner Koch <wk@gnupg.org>
+
+ agent: Minor change for 56b5c9f.
+ + commit 436f2060721e997479a9dd5be8dfc73627dd49c9
+ * agent/call-pinentry.c (agent_askpin): Move option setting to ...
+ (start_pinentry): here. Fix error code check.
+
+2015-05-07 Kristian Fiskerstrand <kf@sumptuouscapital.com>
+
+ dirmngr: Fix segfault in ldap engine.
+ + commit d0d4984cfec54dee727b9e9d33d09e33c6f2e182
+ (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
+ initialized
+
+2015-05-07 Neal H. Walfield <neal@g10code.com>
+
+ agent: Improve support for externally cached passwords.
+ + commit 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6
+ * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
+ constant.
+ (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
+ provided.
+ (agent_askpin): Pass "OPTION allow-external-password-cache" to the
+ pinentry. Always pass SETKEYINFO to the pinentry. If there is no
+ stable identifier, then use "--clear". If the password is incorrect
+ and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
+ then decrement PININFO->FAILED_TRIES.
+
+ agent: Or in the value; don't overwrite the variable.
+ + commit 74944330ba7229ed0cbe23cc0f573962a444bd07
+ * agent/call-pinentry.c (pinentry_status_cb): Or in
+ PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.
+
+ agent: Avoid magic numbers. Use more accurate names.
+ + commit d3b5cad2346bd5747789dc62d7804fa5c15f4f3b
+ * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
+ (PINENTRY_STATUS_PIN_REPEATED): Likewise.
+ (close_button_status_cb): Rename from this...
+ (pinentry_status_cb): ... to this. Use the constants.
+ (agent_askpin): Rename local variable from close_button to
+ pinentry_status. Use symbolic constants rather than magic numbers.
+
+2015-05-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve 'General key info' line of --card-status.
+ + commit 874ef16e70ab750db7b153f17a7e859a0db6a2f1
+ * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".
+
+ * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
+ * g10/keyid.c (keyid_from_fingerprint): Adjust for change.
+ * g10/revoke.c (gen_desig_revoke): Adjust for change.
+ * g10/card-util.c (card_status): Simplify by using new arg. Align
+ card-no string.
+
+ * g10/card-util.c (card_status): Remove not used GnuPG-1 code.
+
+ gpg: Fix regression not displaying the card serial number.
+ + commit 173b26c8f83a3c623165a96c315bf9ed4b90edcc
+ * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
+
+2015-05-06 Werner Koch <wk@gnupg.org>
+
+ speedo,w32: Install a native pinentry.
+ + commit 154abaf3c97dae43ba972e4482680a287f3e5c39
+ * build-aux/speedo.mk: Always build pinentry for w32.
+ (speedo_pkg_pinentry_configure): Adjust to modern pinentry.
+ * build-aux/speedo/w32/inst.nsi: Install native pinentry under the
+ name pinentry-basic.exe.
+
+2015-05-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: fix cmp_public_key.
+ + commit f77fd572db658959fa40aa8c181be919e688b707
+ * g10/free-packet.c (cmp_public_keys): Compare opaque
+ data at the first entry of the array when it's unknown algo.
+
+2015-04-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: PC/SC reader selection by partial string match.
+ + commit 01a2a61bc4b34817c4216888265f65d59a33dad3
+ * scd/apdu.c (open_pcsc_reader_direct): Partial string match.
+
+2015-04-24 Werner Koch <wk@gnupg.org>
+
+ common: Remove JNLIB from boiler plate (jnlib merge).
+ + commit 172b6193488f433a206fd88f85d8c4a5d1eb7fdf
+ * common/README.jnlib: Remove.
+
+ common: Rename log and gcc attribute macros (jnlib merge).
+ + commit 26d7e0d7accf269c15fb4bc23e5e80580bfb7fe3
+ * common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
+ * common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
+
+ common: Remove two JNLIB_ macros (jnlib merge).
+ + commit 575230d91bba95697518da418ea0e8712f889a0f
+ * configure.ac: Merge seperate jnlib checks.
+ (HAVE_JNLIB_LOGGING): Remove.
+ * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
+ Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests.
+
+ common: Remove libjnlib-config.h (jnlib merge).
+ + commit 17bcd087082d01c48c60ff20d7f9a40f34c6969f
+ * common/libjnlib-config.h: Remove.
+ * common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed
+ header.
+ (getpid) [HAVE_W32CE_SYSTEM]: New. From removed header.
+ * common/argparse.c: Include util.h and common-defs.h. Replace
+ jnlib_ macro names for non-GNUPG builds by x* names.
+ * common/dotlock.c: Ditto.
+ * common/logging.c: Include util.h and common-defs.h. Replace jnlib_
+ symbol names by x* names.
+ * common/strlist.c: Ditto.
+ * common/utf8conv.c: Ditto.
+ * common/w32-reg.c: Ditto.
+ * common/mischelp.c: Ditto. Also remove _jnlib_free.
+ * common/stringhelp.c: Ditto.
+ (JNLIB_LOG_WITH_PREFIX): Do not depend on this macro.
+ * common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this
+ macro.
+
+2015-04-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Move all DNS access to Dirmngr.
+ + commit 154f3ed2bf64de801ae0f9796338a2767ec6357b
+ * common/dns-cert.h: Move to ../dirmngr/.
+ * common/dns-cert.c: Move to ../dirmngr/. Change args to return the
+ key as a buffer.
+ * common/t-dns-cert.c: Move to ../dirmngr/.
+ * common/pka.c, common/pka.h, common/t-pka.c: Remove.
+
+ * dirmngr/server.c (data_line_cookie_write): Factor code out to
+ data_line_write and make it a wrapper for that.
+ (data_line_write): New.
+ (cmd_dns_cert): New.
+ (register_commands): Register new command.
+
+ * g10/Makefile.am (LDADD): Remove DNSLIBS.
+ * g10/call-dirmngr.c (dns_cert_parm_s): New.
+ (dns_cert_data_cb, dns_cert_status_cb): New.
+ (gpg_dirmngr_dns_cert): New.
+ (gpg_dirmngr_get_pka): New.
+ * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
+ * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
+ gpg_dirmngr_dns_cert.
+ (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
+ * g10/mainproc.c: Include call-dirmngr.h.
+ (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
+ gpg_dirmngr_get_pka.
+
+ common: Minor change of hex2str to allow for embedded nul.
+ + commit ce11cc39ea7e011040debc9339a2310a714efe7e
+ * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT.
+
+2015-04-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: removal of t-support.c from t_jnlib_src.
+ + commit a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab
+ * common/Makefile.am (t_jnlib_src): Remove t-support.c.
+
+2015-04-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Make keyserver-option http_proxy work.
+ + commit c4d98734c5df39f57a71f0ec1c0c80e82ff08508
+ * g10/options.h (opt): Add field keyserver_options.http_proxy.
+ * g10/keyserver.c (warn_kshelper_option): Add arg noisy.
+ (parse_keyserver_options): Parse into new http_proxy field.
+ * g10/call-dirmngr.c (create_context): Send the http-proxy option.
+
+ common: Make proper use of http proxy parameter.
+ + commit 54e55149f2af96eff08bfd6f70ef13d007fb58c7
+ * common/http.c (is_hostname_port): New.
+ (send_request): Fix proxy name parsing.
+
+ dirmngr: Add http proxy support for keyservers.
+ + commit a0dead5edce07838cf5ff3ec7205a3bff2a6ef70
+ * dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
+ * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
+ from OPT.
+ (dirmngr_deinit_default_ctrl): New.
+ (main): Call dirmngr_deinit_default_ctrl.
+ * dirmngr/server.c (start_command_handler): Ditto.
+ (option_handler): Add option "http-proxy".
+ * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
+ * dirmngr/ocsp.c (do_ocsp_request): Ditto.
+ * dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+
+ gpg: Do not use honor-keyserver-url sub-option by default.
+ + commit 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc
+
+
+ gpg: Make preferred keyservers work.
+ + commit ae0d65f86413a82a40cf68e08aaeca405eee8c78
+ * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
+ (create_context): Move keyserver setting to ...
+ (open_context): here.
+ (clear_context_flags): New.
+ (gpg_dirmngr_ks_get): Add arg override_keyserver.
+ * g10/keyserver.c (keyserver_refresh): Improve diagnostics.
+ (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get.
+
+ gpg: Update sub-options of --keyserver-options.
+ + commit da1990bac71f6447d8ebd169c3b3b186e9f287d9
+ * g10/options.h (KEYSERVER_HTTP_PROXY): New.
+ (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
+ (KEYSERVER_TIMEOUT): New.
+ * common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
+ * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
+ and "keep-temp-files". Add "http-proxy" and "timeout".
+ (parse_keyserver_options): Remove 1.2 compatibility option
+ "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files"
+ code.
+
+2015-04-14 Werner Koch <wk@gnupg.org>
+
+ agent: Send the new SETKEYINFO command to the Pinentry.
+ + commit 2180845959839705200e3172dbafc94b70b9007f
+ * agent/call-pinentry.c (agent_askpin): Add args keyinfo and
+ cache_mode. Change all callers to pass (NULL,0) for them. Send
+ SETKEYINFO command.
+ * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
+ the new args.
+
+2015-04-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: better handling of extended APDU.
+ + commit 971d558e862db878a7310e06ed7116dbe36886ab
+ * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
+ * scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
+ * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard.
+ (struct ccid_driver_s): New field of max_ccid_msglen.
+ Remove ifsd field.
+ (parse_ccid_descriptor): Initialize max_ccid_msglen.
+ (ccid_transceive_apdu_level): Implement sending extended APDU in
+ chain of CCID message.
+
+2015-04-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix NULL-segv due to invalid imported data.
+ + commit 25fce93ba19d997e234a674d5cc98df82c5b5496
+ * g10/free-packet.c (my_mpi_copy): New.
+ (copy_public_key, copy_signature): Use instead of mpi_copy.
+
+2015-04-13 Neal H. Walfield <neal@g10code.com>
+
+ dirmngr: If LDAP is not enable, don't build the LDAP bits.
+ + commit 5cde5bf37339cdeb0bd0a33d39477382eafebede
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Only include
+ ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
+ is TRUE.
+ (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
+ * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
+ TRUE.
+ (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
+ TRUE.
+ (ks_action_search): Likewise.
+ (ks_action_get): Likewise.
+ (ks_action_put): Likewise.
+ * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
+ TRUE.
+ (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
+ TRUE.
+
+2015-04-13 Werner Koch <wk@gnupg.org>
+
+ common: Do without nested fucntions to support non-gcc.
+ + commit 454f60399c7318fffd3de2afadd58c7a490178bd
+ * common/t-stringhelp.c (test_strsplit): Remove nested function.
+
+2015-04-11 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.3.
+ + commit b1e1959d59a12b53c016ca9c95aee3a62c0bfc00
+
+
+2015-04-11 Yuri Chornoivan <yurchor@ukr.net>
+
+ po: Update Ukrainian translation.
+ + commit 896f438967b66b4836419aa737c706ced6b6454a
+
+
+2015-04-11 Ineiev <ineiev@gnu.org>
+
+ po: Update and review Russian translation.
+ + commit b69d7064f30c38ffe18e71de6a0fc14b5da0452f
+
+
+2015-04-10 Werner Koch <wk@gnupg.org>
+
+ dirmngr,w32: Make it build for Windows.
+ + commit c8bb5000d4c86a055348dc08352f573c599743a7
+ * dirmngr/Makefile.am (t_common_ldadd): Add missing libs.
+
+ Remove obsolete directories from AM_CPPFLAGS.
+ + commit 67158ff155ef52fd54a6bbe680551c0e12b31e69
+
+
+ dirmngr,w32: Replace functions not available under Windows.
+ + commit 0fb224c2c5e0c6770d4a6044d62d84f6bbc1b26b
+ * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and
+ gmtime_r.
+
+ common: Add new function gnupg_gmtime.
+ + commit 5d60c7f7e05a06e46e23bafe61cef09ad32aa998
+ * common/gettime.c (gnupg_gmtime): New.
+ (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning
+ an error.
+
+ common: Add new function isodate_human_to_tm.
+ + commit f6670100b7a15b2071c2e4062f5c5a678f2a30f6
+ * common/gettime.c (isotime_human_p): Add arg date_only.
+ (isodate_human_to_tm): New.
+ * common/t-gettime.c (test_isodate_human_to_tm): New.
+ (main): Call new test.
+
+ dirmngr,w32: Avoid name clash with existing function.
+ + commit 6ad95fe6f1f130c8f6d139a9bd57fc4a0d38292b
+ * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect.
+
+ gpgparsemail: Fix last commit (3f2bdac)
+ + commit 9433661419043431a6cfc7d84c8450e0b2f6c353
+ * tools/rfc822parse.c (parse_field): Replace break by goto.
+
+2015-04-09 Werner Koch <wk@gnupg.org>
+
+ gpgparsemail: Fix case of zero length continuation lines.
+ + commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f
+ * tools/rfc822parse.c (parse_field): Loop after continuation line.
+
+2015-04-08 Werner Koch <wk@gnupg.org>
+
+ sm: Fix certificate lookup in dirmngr cache.
+ + commit 6619ead2cfd2abcb95b66dc70622fdeef624fb8a
+ * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
+
+2015-04-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Print the user id in --fast-list-mode.
+ + commit c2383407bba5eefea486464a31e02846124c9da5
+ * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
+
+ gpg: Prepare to pass additional context to the list functions.
+ + commit 67a58118ab6171c0cf28b65a39973062690d1313
+ * g10/keylist.c (struct sig_stats): Rename to keylist_context and add
+ field check_sigs.
+ (keylist_context_release): New.
+ (list_all): Set listctx.check_sigs and call release func.
+ (list_one): Ditto.
+ (locate_one): Ditto.
+ (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by
+ listctx.
+ (list_keyblock): Ditto. Make static.
+ (list_keyblock_direct): New.
+ * g10/keygen.c (do_generate_keypair): Replace list_keyblock by
+ list_keyblock_direct.
+
+ gpg: Merge duplicated code for get_user_id et al.
+ + commit f577d5c1a747d673fa1d5c012ce3e3b78b699c6a
+ * g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
+ (get_user_id_string_native): Add new args.
+ (get_long_user_id_string, get_user_id): Rewrite using
+ get_user_id_string.
+
+ gpg: Add new option --debug-iolbf.
+ + commit c581ed717ad2cc4be90c46253baa44a0d3ba5b80
+ * g10/gpg.c (oDebugIOLBF): new.
+ (opts): Add --debug-iolbf.
+ (main): Set option.
+
+ Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
+ + commit 24a75201da6be72edf85b96dbc0c01c747d02c6a
+ * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
+
+ Fix use of DBG_CACHE and DBG_LOOKUP.
+ + commit 2f099eb62ac6491675bbcccaca4e076b2d8e7ea0
+ * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
+ * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
+ * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
+
+ gpg: Rename a debug macro.
+ + commit 4de8a58e44262a25564e2acef8c8865d1755982e
+ * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
+ (DBG_CIPHER): Rename to DBG_CRYPTO.
+
+2015-04-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix DoS while parsing mangled secret key packets.
+ + commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a
+ * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
+ et al.
+
+2015-04-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix keytocard.
+ + commit f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0
+ g10/call-agent.h (agent_scd_learn): Add FORCE option.
+ g10/call-agent.c (agent_scd_learn): Implement FORCE option.
+ g10/keygen.c (gen_card_key): Follow the change of option.
+ g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
+ g10/keyedit.c (keyedit_menu): Update private key storage by
+ agent_scd_learn.
+
+ agent: Add --force option for LEARN.
+ + commit 4ffadb74b3ada8a5d69ef8d87f4326df9bd97e97
+ * agent/command.c (cmd_learn): Handle --force option.
+ (cmd_keytocard): Don't update key storage file.
+ * agent/agent.h (agent_handle_learn): Add FORCE.
+ * agent/learncard.c (agent_handle_learn): Implement FORCE to update
+ key stroage file.
+
+2015-03-31 Neal H. Walfield <neal@g10code.com>
+
+ dirmngr: Don't use alloca.
+ + commit d0ff2ee04187fbedacbe4d3884ee75d957a0b8c6
+ * dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
+ xmalloc and xfree.
+
+ dirmngr: Simplify truncation of long strings in debug code.
+ + commit 802eec0ca49b92104c92f18c9a6a04c34de74168
+ * dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
+ strings.
+
+ dirmngr: Use a better error code.
+ + commit 7f6d7948c1e56e09c1bdaa5143e1b5558c4376dd
+ * dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
+ GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
+
+ dirmngr: Better encapsulate the keyservers variable.
+ + commit 348c520040a31f5c322183c0654a34978e2baf6f
+ * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
+ from here...
+ * dirmngr/server.c (struct server_local_s): ... to here. Update
+ users.
+ * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
+ (ks_action_search): Likewise.
+ (ks_action_get): Likewise.
+ (ks_action_put): Likewise.
+ * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
+ Use it instead of ctrl->keyservers.
+ (ks_action_search): Likewise.
+ (ks_action_get): Likewise.
+ (ks_action_put): Likewise.
+
+2015-03-28 Neal H. Walfield <neal@g10code.de>
+
+ gpg: Only use the last specified keyserver.
+ + commit f26ba14028d34845ae10aae552b90681907e377d
+ * g10/gpg.c (main): Only use the last specified keyserver.
+
+2015-03-25 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix resource leaks and check rare errors.
+ + commit bec10ae4b5a870303c800cdf3cd906044613fc2d
+ * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
+ leak.
+ (ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
+ required.
+ (modlist_dump): Check error from es_fopenmem.
+ (uncescape): s/int/size_t/. Use existing macros.
+ (extract_attributes): Use existing trim function.
+ (ks_ldap_put): Do not segv on error from modlist_dump.
+
+ dirmngr: Minor cleanups.
+ + commit 6c701af121782c2feb4ee51e559a7420df00471f
+ * dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
+ (ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
+ (tm2ldaptime): Use snprintf.
+ (ldap_connect): Get error code prior to log_error and and use modern
+ function. Use xfree, xtrustrdup etc.
+ (modlist_lookup): Use GNUPG_GCC_A_USED.
+ (modlist_free): Use xfree.
+
+ common: Add macro GNUPG_GCC_A_USED.
+ + commit 99ef9cd7f589b51921bfbe8d52735c104ef260e3
+ * common/util.h (GNUPG_GCC_A_USED): New.
+
+ sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
+ + commit 1e4d8ddbe3ad7ee8f1c1d1798694d91f792776c0
+ * sm/certreqgen.c (create_request): Change default hash algo.
+ * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo.
+
+2015-03-24 Werner Koch <wk@gnupg.org>
+
+ gpg,w32: Handle forward slash in --keyring option.
+ + commit bdd22e3a0846d38a0b6cdb822476ad2f15d03455
+ * g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
+
+2015-03-23 Neal H. Walfield <neal@g10code.de>
+
+ Improve documentation for ks_hkp_get.
+ + commit 7a56b6b3aa8b7a07bd80a3fcd5114bd1af359fa3
+ * dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation.
+
+ Improve documenation of http_parse_uri.
+ + commit 00a16cf49336ee0b4ce21eb05a79db955af053e0
+ * common/http.c (http_parse_uri): Improve documentation.
+
+ Add support to talking to LDAP key servers.
+ + commit 51341badb623927f2a358588c725a356fc77dbe7
+ * g10/call-dirmngr.c (record_output): New function.
+ (ks_put_inq_cb): Use it here to generate a --with-colons like output
+ instead of a custom format.
+ * dirmngr/ks-action.c: Include "ldap-parse-uri.h".
+ (ks_action_help): If the provided URI is an LDAP URI, then use
+ ldap_parse_uri to parse. Call ks_ldap_help.
+ (ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
+ (ks_action_get): Likewise.
+ (ks_action_put): Likewise. Also, change data from a 'const void *' to
+ a 'void *' and add info and infolen parameters. Add note that
+ function may modify DATA.
+ * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
+ * dirmngr/server.c: Include "ldap-parse-uri.h".
+ (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
+ ldap_parse_uri.
+ (hlp_ks_put): Improve documentation.
+ (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve
+ documentation.
+ * dirmngr/ks-engine.h (ks_ldap_help): New declaration.
+ (ks_ldap_search): Likewise.
+ (ks_ldap_get): Likewise.
+ (ks_ldap_put): Likewise.
+ * dirmngr/ks-engine-ldap.c: New file.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
+ ldap-parse-uri.c and ldap-parse-uri.h.
+ (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).
+
+ Import _gpgme_parse_timestamp from gpgme as parse_timestamp.
+ + commit 81e83060856f02f6cfc7b48f8032e0cf14fc6c68
+ * common/gettime.h (parse_timestamp): New declaration.
+ * common/gettime.c (_win32_timegm): New function imported from
+ gpgme/src/conversion.c:_gpgme_timegm.
+ (parse_timestamp): New function imported from
+ gpgme/src/conversion.c:_gpgme_parse_timestamp.
+
+ Move copy_stream function to misc.c.
+ + commit 9e79a15f74c428624b0049a3f6a077c1bc7c731d
+ * dirmngr/ks-action.c (copy_stream): Move function from here...
+ * dirmngr/misc.c (copy_stream): ... to here and drop the static
+ qualifier.
+ * dirmngr/misc.h (copy_stream): Add declaration.
+
+ Move armor_data to misc.c.
+ + commit 63552852bf191985b4b55aa524bc397c5b1d1515
+ * dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
+ * dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
+ * dirmngr/misc.h: New declaration.
+
+ Add new LDAP utility functions.
+ + commit 1a75b7c39f0a84f518711438565645a34fb2673f
+ * dirmngr/Makefile.am (module_tests): New variable.
+ (noinst_PROGRAMS): New primary. Set it to $(module_tests).
+ (TESTS): New variable. Set it to $(module_tests).
+ (t_common_src): New variable.
+ (t_common_ldadd): Likewise.
+ (t_ldap_parse_uri_SOURCES): New primary.
+ (t_ldap_parse_uri_LDADD): Likewise.
+ * dirmngr/ldap-parse-uri.c: New file.
+ * dirmngr/ldap-parse-uri.h: Likewise.
+ * dirmngr/t-ldap-parse-uri.c: Likewise.
+ * dirmngr/t-support.h: Likewise.
+
+ Add new function uri_query_lookup.
+ + commit e23b3ba5ffd3134a72da176a039e4d6c4f3ff595
+ * common/http.h (uri_query_lookup): New declaration.
+ * common/http.c (uri_query_lookup): The corresponding implementation.
+
+ Add new function strlist_find.
+ + commit 79907ad256f5b84f36cbebdc92e5a05d9e266557
+ * common/strlist.h (strlist_find): New declaration.
+ * common/strlist.c (strlist_find): New function.
+
+ common: Add new helper function, strsplit.
+ + commit b18ffcb81a3839dbf09603d70ebb8b80f65892d3
+ * common/stringhelp.h (strsplit): New declaration.
+ * common/stringhelp.c (strsplit): New function.
+ * common/t-stringhelp.c (test_strsplit): New function.
+ (main): Call it here.
+
+2015-03-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Consider a mailbox only userid in mail search mode.
+ + commit bebab54027d8c63574a2680c60481cfe9b88c240
+ * kbx/keybox-search.c: Include mbox-util.h.
+ (blob_cmp_mail): Improve OpenPGP uid parsing.
+
+ common: Add function is_valid_mailbox_mem.
+ + commit a0eb2e4e8cef9ca6a5dfbae6440fa6cd583d0805
+ * common/mbox-util.c (mem_count_chr): New.
+ (my_memstr): New.
+ (has_invalid_email_chars): Change args to work on a buffer.
+ (is_valid_mailbox_mem): New.
+ (is_valid_mailbox): Rewrite to use is_valid_mailbox_mem.
+
+ gpg: Find keys using mail addresses with garbage after the '>'
+ + commit 783a4a98378fa1aa222d5cb7427dd37151feb08b
+ * kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'.
+
+ common: Fix syntax error when building with gnutls.
+ + commit 5136e39c6466de90697153ea253c4b540c1f7d1a
+ * common/http.c (send_request): Add missing comma.
+
+2015-03-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Emit status line NEWSIG before signature verification starts.
+ + commit e7ddaad0fd2c8774a1d3367adfaa68014eaf65de
+ * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
+
+ agent: Compute correct MPI length header for protected ECC keys.
+ + commit cf83ff01fce3ddcbde6d97dffa0db6f277588e25
+ * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
+ opaque MPIs to comply with the OpenPGP spec.
+
+ hkps: Fix host name verification when using pools.
+ + commit dc10d466bff53821f23d2cb4814c259d40c5d9c5
+ * common/http.c (send_request): Set the requested for SNI.
+ * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
+ the selecting a host.
+
+ Define replacement error codes from libgpg-error 1.19.
+ + commit 28bb3ab686c1c994f67a92b6846b3726c58a0bc3
+ * common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19.
+
+2015-03-17 Andre Heinecke <aheinecke@intevation.de>
+
+ gpgtar: Fix extracting files with !(size % 512)
+ + commit 6cbbb0bec98e1acefc4c7163cc41a507469db920
+ * tools/gpgtar-extract.c (extract_regular): Handle size multiples
+ of RECORDSIZE.
+
+2015-03-17 Werner Koch <wk@gnupg.org>
+
+ common: Add feature to ease using argparse's usage().
+ + commit 9078b75a73600fc6b7b5502ceee8de032bb9c446
+ * common/argparse.c (show_help): Take care of flag value
+ (usage): Ditto.
+
+ common: Allow standalone build of argparse.c.
+ + commit eb5f2c0af6691229300ac120ee44815cb27ed38e
+ * common/argparse.h: Remove types.h - not required.
+ * common/argparse.c: Change to allow standalone use.
+
+2015-03-16 Werner Koch <wk@gnupg.org>
+
+ gpg: Create all MPIs with RFC-4880 correct length headers.
+ + commit ab17f7b6c392782718f57eaea94fc18a0ff49389
+ * g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
+
+ gpg: Allow printing of MPI values in --list-mode.
+ + commit bcc8250bc5b9a357c6d1444f03e334edec573ede
+ * g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
+ * g10/misc.c (mpi_print): Do not print an extra leading zero.
+
+ gpg: Fix broken write of opaque MPI length header.
+ + commit 8bc1debfefb7cd4b0be724317793d59dea37d677
+ * g10/build-packet.c (gpg_mpi_write): Use a char array for the length.
+
+2015-03-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix possible dead code elimination.
+ + commit 1a9f13bc663daa75c5009f6a0bf7d7483f12cce0
+ * g10/encrypt.c: Change condition for detecting a real file.
+
+ g13: Fix pointer wrap check.
+ + commit 4bc3a2e954afc2ba7dbe79ba5f740184b7d4cd73
+ * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
+ doing an overflow check.
+
+ agent: Remove useless conditions in command.c.
+ + commit 3a35c9740ab792068ec4b3732ecfaa17bf4fc7f0
+ * agent/command.c (cmd_setkeydesc): Remove NULL check.
+ (cmd_get_passphrase): Ditto.
+ (cmd_clear_passphrase): Ditto.
+ (cmd_get_confirmation): Ditto.
+ (cmd_getval): Ditto.
+ (cmd_putval): Ditto.
+
+ agent: Fix length test in sshcontrol parser.
+ + commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37
+ * agent/command-ssh.c (ssh_search_control_file): Check S before
+ upcasing it.
+
+ agent: Remove useless conditions.
+ + commit 95415bdec77a608e6052ba3e2a5d857a8e8f7689
+ * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
+ * agent/command-ssh.c (ssh_identity_register): Ditto.
+
+ gpg: Remove useless condition.
+ + commit c59b410cf1d5676de7061e5a183c01227aa8e760
+ * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
+ (list_keyblock_print): Likewise.
+
+ scd: Fix possible NULL deref in apdu.c.
+ + commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa
+ * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
+ (control_pcsc_wrapped): Ditto.
+
+ common: Make openpgp_oid_to_str more robust.
+ + commit 35db798c2df7f31b52a9dd9d55ea60ae1f325be9
+ * common/openpgp-oid.c (openpgp_oid_to_str): Take care of
+ gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF.
+
+2015-03-11 Werner Koch <wk@gnupg.org>
+
+ agent: Improve error reporting from Pinentry.
+ + commit efde50f92af241d8357db83e280a6ece62f6397f
+ * agent/call-pinentry.c (unlock_pinentry): Add error logging. Map
+ error source of uncommon errors to Pinentry.
+
+2015-03-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Change --print-pka-records into an option.
+ + commit 7b5b52f3268b093eebbac3f199fb69bf246d9cd1
+ * g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
+ use it as a command.
+ * g10/keylist.c (list_keyblock): List PKA rceords also for secret
+ keys.
+
+ gpg: Add --list-gcrypt-config and "curve" item for --list-config.
+ + commit 14af2be022ccaf826db048fc16959d0222ff1134
+ * common/openpgp-oid.c (curve_supported_p): New.
+ (openpgp_enum_curves): New.
+ * common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
+ (main): Add option --verbose.
+ * g10/gpg.c (opts): Add --list-gcrypt-config.
+ (list_config): Add items "curve" and "curveoid". Remove unused code.
+
+2015-03-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: fix for 64-bit arch.
+ + commit bb5a1b7c738d74d5b46340ec7b50000a2d343ca9
+ * agent/pksign.c (agent_pksign_do): Use int.
+ * scd/app-openpgp.c (get_public_key): Likewise.
+
+2015-03-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: avoid chatter about trustdb when --quiet.
+ + commit 82146af85b65498a69b28913593dc1ffeb6b6fed
+ * g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
+ opt.quiet
+
+2015-02-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Lowercase mailbox for PKA lookups.
+ + commit c071be698efadef1ad01fd3d329d1b486a372927
+ * common/stringhelp.c (ascii_strlwr): New.
+ * common/mbox-util.c (mailbox_from_userid): Downcase result.
+
+ gpg: Fix memory leak due to PKA lookup.
+ + commit 91baea2dcde6c1e5ca9e8fa7020d9ab4551d1bca
+ * g10/keyserver.c (keyserver_import_pka): Move the xfree.
+
+2015-02-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Switch to a hash and CERT record based PKA system.
+ + commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b
+ * common/dns-cert.c (get_dns_cert): Make r_key optional.
+ * common/pka.c: Rewrite for the new hash based lookup.
+ * common/t-pka.c: New.
+ * configure.ac: Remove option --disable-dns-pka.
+ (USE_DNS_PKA): Remove ac_define.
+ * g10/getkey.c (parse_auto_key_locate): Always include PKA.
+
+ common: Allow requesting a specific certtype with get_dns_cert()
+ + commit af60152a4632ef26ca950a424429b15b6c69038d
+ * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all
+ callers.
+ (CERTTYPE_): Move constants to ...
+ * common/dns-cert.h: here as DNS_CERTTYPE_.
+
+ Move new mailbox.c source file to common/.
+ + commit 9913253610bac69e9503800e85696491e018e327
+ * g10/mailbox.c: Move to ...
+ * common/mbox-util.c: new file.
+ * common/mbox-util.h: New. Include where needed.
+ * g10/t-mailbox.c: Move to ...
+ * common/t-mbox-util.c: new file.
+
+2015-02-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Add command --print-pka-records.
+ + commit e2d93402801a2cb822c723e891fd98233fdb3fd5
+ * g10/gpg.c (main): Add command --print-pka-records.
+ * g10/options.h (struct opt): Add field "print_pka_records".
+ * g10/keylist.c (list_keyblock_pka): New.
+ (list_keyblock): Call it if new option is set.
+ (print_fingerprint): Add mode 10.
+
+ gpg: Add function to extract the mailbox.
+ + commit 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9
+ * g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
+ (is_valid_user_id): Move to ...
+ * g10/mailbox.c: new file.
+ (string_has_ctrl_or_space, has_dotdot_after_at): New.
+ (has_invalid_email_chars): New.
+
+ * g10/t-mailbox.c: New.
+ * g10/Makefile.am (module_tests): Add t-mailbox.
+ (t_mailbox_SOURCES, t_mailbox_LDADD): New.
+
+2015-02-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Add option to print fingerprints in ICAO spelling.
+ + commit ae09515b9d3aae653b62a32ea5b4a9b9e557fc52
+ * g10/gpg.c: Add option --with-icao-spelling.
+ * g10/options.h (struct opt): Add with_icao_spelling.
+ * g10/keylist.c (print_icao_hexdigit): New.
+ (print_fingerprint): Print ICAO spelling.
+
+ gpg: Skip legacy keys while searching keyrings.
+ + commit a8116aacd91b7e775762a62c268fab6cc3c77438
+ * g10/getkey.c (search_modes_are_fingerprint): New.
+ (lookup): Skip over legacy keys.
+
+ common: Fix regression due to commit 2183683b.
+ + commit d9f6eea6115df7959564123eb99d633ce5bba42e
+ * common/dns-cert.c (get_dns_cert): Remove cruft.
+
+2015-02-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Replace remaining uses of stdio by estream.
+ + commit d2a70fd8348d6c11d1960caf2afe0701833dad6a
+ * g10/sign.c (sign_file): Use log_printf instead of stderr.
+ * g10/tdbdump.c (export_ownertrust): Use estream fucntions.
+ (import_ownertrust): Ditto.
+ * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t.
+
+ gpg: Fix segv due to NULL value stored as opaque MPI.
+ + commit 76c8122adfed0f0f443cce7bda702ba2b39661b3
+ * g10/build-packet.c (gpg_mpi_write): Check for NULL return from
+ gcry_mpi_get_opaque.
+ (gpg_mpi_write_nohdr, do_key): Ditto.
+ * g10/keyid.c (hash_public_key): Ditto.
+
+2015-02-12 Werner Koch <wk@gnupg.org>
+
+ scd: Fix regression in 2.1.2 (due to commit 2183683)
+ + commit 07a71da479daaac43b8c5b1034a1e66f96bdbc48
+ * scd/apdu.c (pcsc_vendor_specific_init): Replace use of
+ bufNN_to_uint by direct code.
+
+2015-02-12 Andre Heinecke <aheinecke@intevation.de>
+
+ dirmngr: Initialize cache from sysconfig dir.
+ + commit 070d7bf940efa60db2b0734273b9b3736d18338a
+ * dirmngr/certcache.c (cert_cache_init): Load certificates
+ from sysconfig dir instead of the homeidr.
+ * dirmngr/dirmngr.c (main): Removed parsing of obsolete
+ homedir_data option.
+ * dirmngr/dirmngr.h (opt): Removed homedir_data.
+ * doc/dirmngr.texi: Update and clarify certs directory doc.
+
+2015-02-11 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.2.
+ + commit fc17562cc4f8d531ae7f0887cf2a96dcc224b021
+
+
+ dirmngr: Avoid warning about unused function.
+ + commit 8219c87c301ec669f07528e8d8108655f7b705be
+ * dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used.
+
+ build: Update standard build-aux files.
+ + commit 81e93e251e52e427a29556de75640c7933bb5aad
+
+
+ Use inline functions to convert buffer data to scalars.
+ + commit 2183683bd633818dd031b090b5530951de76f392
+ * common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
+ (buf16_to_ushort, buf16_to_u16): New.
+ (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
+
+2015-02-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Prevent an invalid memory read using a garbled keyring.
+ + commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
+ * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
+ types.
+ * g10/keydb.c (parse_keyblock_image): Ditto.
+
+ gpg: Fix a NULL-deref in export due to invalid packet lengths.
+ + commit 0835d2f44ef62eab51fce6a927908f544e01cf8f
+ * g10/build-packet.c (write_fake_data): Take care of a NULL stored as
+ opaque MPI.
+
+ gpg: Fix a NULL-deref due to empty ring trust packets.
+ + commit 39978487863066e59bb657f5fe4e8baab510da7e
+ * g10/parse-packet.c (parse_trust): Always allocate a packet.
+
+2015-02-04 Werner Koch <wk@gnupg.org>
+
+ gpg-agent: Use "pinentry-basic" as fallback.
+ + commit 0de5c6a9a783ed9dc69cecbf34eadcaace4be243
+ * common/homedir.c (get_default_pinentry_name): New.
+ (gnupg_module_name): Use that for the default pinentry.
+ (gnupg_module_name_flush_some): New.
+ * agent/gpg-agent.c (agent_sighup_action): Flush some module names.
+ * agent/call-pinentry.c (start_pinentry): Do not modify
+ opt.pinentry_program.
+
+ w32: Add manifest to gpg.
+ + commit 05428d12561bc7eb872a81444918dfe706477a41
+ * g10/gpg.w32-manifest.in: New.
+ * g10/gpg-w32info.rc: Add manifest.
+ * g10/Makefile.am (EXTRA_DIST): Add manifest.
+ (gpg-w32info.o): Depend on manifest.
+ * configure.ac (BUILD_VERSION): New.
+ (AC_CONFIG_FILES): Add manifest.
+
+2015-02-03 Werner Koch <wk@gnupg.org>
+
+ Update copyright years.
+ + commit 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad
+ * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG
+ Project".
+
+2015-02-02 Werner Koch <wk@gnupg.org>
+
+ w32: Change default Windows install dir and add bin to PATH.
+ + commit 8872657b2a52dd9698224b80e5672e23c5405eda
+ * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is
+ now build by default without any GUI stuff.
+ * build-aux/speedo/w32/inst.nsi: Change standard installation
+ directory.
+ (AddToPath, un.RemoveFromPath): New.
+ (gnupginst): Add bin directory to the PATH.
+
+2015-02-01 Werner Koch <wk@gnupg.org>
+
+ w32: Allow for Unicocde installation directory.
+ + commit 616633b7713081ecc39419494879947cc7f163d0
+ * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
+ WinCE.
+
+2015-01-30 Joshua Rogers <git@internot.info>
+
+ kbx: Fix resource leak.
+ + commit 7db6c82cec49b7c56c403a8ea98364086baf75f3
+ * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error
+ return, 'fp' and 'newfp' was never closed.
+
+2015-01-29 Werner Koch <wk@gnupg.org>
+
+ agent: Fix use of imported but unprotected openpgp keys.
+ + commit 6ab0fac575a8b04152a199cb300a08436b096753
+ * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
+ * agent/command.c (do_one_keyinfo): Implement it.
+ * agent/findkey.c (agent_key_from_file): Ditto.
+ (agent_key_info_from_file): Ditto.
+ (agent_delete_key): Ditto.
+ * agent/protect.c (agent_private_key_type): Add detection for openpgp
+ "none" method.
+
+2015-01-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese Translation.
+ + commit 6c368533f5211bed62e8638f522cef65c7ba4b87
+
+
+2015-01-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Limit the size of key packets to a sensible value.
+ + commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64
+ * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
+ (MAX_UID_PACKET_LENGTH): New.
+ (MAX_COMMENT_PACKET_LENGTH): New.
+ (MAX_ATTR_PACKET_LENGTH): New.
+ (parse_key): Limit the size of a key packet to 256k.
+ (parse_user_id): Use macro for the packet size limit.
+ (parse_attribute): Ditto.
+ (parse_comment): Ditto.
+
+ gpg: Fix buffering problem in --list-config.
+ + commit d8eea25b8b7becbfa3f059be6f5966a2f1aa7112
+ * g10/gpg.c (list_config): Replace print_sanitized_string2 by
+ es_write_sanitized.
+
+ * common/stringhelp.c (print_sanitized_buffer2): Remove.
+ (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
+ (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
+ (print_sanitized_string): Remove.
+
+ * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
+ (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
+
+ Add a hook to be called right after main.
+ + commit 0c2bfd9d5a49a6134188f8f7820f6ccdebd9f181
+ * common/init.c (early_system_init): New stub function.
+
+ gpg: Allow predefined names as answer to the keygen.algo prompt.
+ + commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7
+ * g10/keygen.c (ask_algo): Add list of strings.
+
+ agent: Add some extra robustness to extract_private_key.
+ + commit 795965437732e50f6216d7f5db0e6174e90548a9
+ * agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
+ Make sure that R_FLAGS and R_CURVE are set to NULL.
+
+2015-01-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix varargs call for 64-bit arch on ECC keys.
+ + commit f6d3c6e5263d84b94ebe13df9ff39b02109a2acb
+ * scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
+ arguments.
+ (rsa_writekey): Follow the change.
+ (do_genkey): Likewise.
+ (ecc_writekey): Likewise. Cast to size_t.
+
+2015-01-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix segv introduced to commit 4d7c9b0.
+ + commit 6eebc56687935f3e993eac374b9f4cc5ad3bcf2b
+ * g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.
+
+2015-01-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix agent_public_key_from_file for ECC.
+ + commit 9453d645d4a489f038829c80343c124fff62d635
+ * agent/cvt-openpgp.c (extract_private_key): New.
+ (convert_to_openpgp): Use extract_private_key.
+ * agent/findkey.c (agent_public_key_from_file): Use
+ extract_private_key.
+
+2015-01-26 Werner Koch <wk@gnupg.org>
+
+ sm: Simplify fix ed8383c6.
+ + commit 6c87d1ce66d8e93e6c0f16c06116e9179f6158ba
+ * sm/minip12.c (p12_build): Release PWBUF only at the end.
+
+2015-01-25 Joshua Rogers <git@internot.info>
+
+ ccid: Remove incorrect expression leading to errors.
+ + commit 274d7b17a90908a90ba6ad295c08a79b287fc231
+ * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
+
+2015-01-23 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Fix validity check for UINT32 values.
+ + commit 3f6abb57a7b5e54b593c5775c8f7a07d61119705
+ * tools/gpgconf-comp.c (option_check_validity): Enable check for
+ UINT32.
+
+2015-01-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve skipping of PGP-2 keys.
+ + commit 09e8f35d3808d6e49f891360c341aae3869e8650
+ * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
+ keys.
+ * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
+ (prepare_search): Ditto.
+ (keyring_rebuild_cache): Skip legacy keys.
+ * g10/keyserver.c (keyidlist): Ditto.
+ * g10/trustdb.c (validate_key_list): Ditto.
+
+ gpg: Add dedicated error code for PGP-2 keys.
+ + commit 6f3d11d8837b00e3a1c4fa881066855c0321d6b2
+ * g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
+ keys.
+ * g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
+ * g10/getkey.c (lookup): Silence error message for PGP-2 keys.
+
+ * common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
+ libgpg-error.
+
+ gpg: Replace remaining old error code macros by GPG_ERR_.
+ + commit 11142e0ad7bc9a9e3c3dccf958d8dbd3312cb993
+ * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
+ gpg_strerror.
+ (G10ERR_): Remove all macros and change all occurrences by their
+ GPG_ERR_ counterparts.
+
+ gpg: Remove an unused variable.
+ + commit a23c30fb59c0a216763a7972028995d3be42a844
+ * g10/getkey.c (getkey_ctx_s): Remove last_rc.
+
+2015-01-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix TLS build problems.
+ + commit 091c35ec726a4fa4691c2665b13adee6a34b5b66
+ * dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
+
+ gpg: Support --passphrase with --quick-gen-key.
+ + commit 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456
+ * g10/keygen.c: Include shareddefs.h.
+ (quick_generate_keypair): Support static passphrase.
+ (get_parameter_passphrase): New.
+ (do_generate_keypair): Use it.
+
+ gpg: Re-enable the "Passphrase" parameter for batch key generation.
+ + commit aa99ebde778b7b563f35025f1b48954757f840be
+ * agent/command.c (cmd_genkey): Add option --inq-passwd.
+ * agent/genkey.c (agent_genkey): Add new arg override_passphrase.
+ * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
+ (agent_genkey): Add arg optional arg "passphrase".
+ * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
+ (gen_rsa, do_create): Add arg "passphrase" and pass it through.
+ (do_generate_keypair): Make use of pPASSPHRASE.
+ (release_parameter_list): Wipe out a passphrase parameter.
+
+2015-01-19 Werner Koch <wk@gnupg.org>
+
+ kbx: Minor cleanup for the previous fix.
+ + commit 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5
+ * kbx/keybox-search.c (blob_get_keyid): Rename to
+ blob_get_first_keyid. Check number of keys and remove blob type check.
+
+2015-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ kbx: Call skipfnc callback to filter out keys.
+ + commit c5956592c171e6fe988e74161aa99636b7f12e4b
+ * kbx/keybox-search.c (blob_get_keyid): New.
+ (keybox-search): Call skipfnc callback function.
+
+2015-01-13 Andreas Schwier <andreas.schwier@cardcontact.de>
+
+ scd: Allow for certificates > 1024 with PC/SC.
+ + commit 16a1330fa16f6b23e2661c0175c431ab40da45ff
+ * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
+ allow for larger certificates.
+
+2015-01-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: Fix error code path of map_host.
+ + commit 657a26f3af1b3f817d6cde2d091273d332571247
+ * dirmngr/ks-engine-hkp.c (map_host): Fix error return.
+
+2015-01-08 Joshua Rogers <git@internot.info>
+
+ scd: fix get_public_key for OpenPGPcard v1.0.
+ + commit 100b322f5da3066bab5a2b0eb234c631c581c0e4
+ * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
+
+2015-01-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ dirmngr: fix LDAP query PATTERNS limit check.
+ + commit 22b15fccffe613f455f9748c048c8e451724a842
+ * dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.
+
+ scd: fix merge failure.
+ + commit 602f17b5a775f02e0e33a54d3155929dc00e4f53
+ * scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
+ merge.
+
+2015-01-05 Werner Koch <wk@gnupg.org>
+
+ sm,g13: Init local vars to avoid compiler warnings.
+ + commit 9bf40849a9f86204e113712c4cc285f1ac16127a
+ * sm/misc.c (transform_sigval): Init RSA_S_LEN.
+ * g13/mount.c (read_keyblob): Init HEADERLEN.
+
+ gpg: Remove unused args from a function.
+ + commit 616e511f278bf9af04dc66bbb8b05b37bf541f37
+ * g10/keyserver.c (parse_keyserver_uri): Remove args configname and
+ configlineno. Change all callers.
+
+ gpg: Clear a possible rest of the KDF secret buffer.
+ + commit 56e688823345bbcfef220b13eb418854f8798b16
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
+
+ build: Require automake 1.14.
+ + commit 445bb17d5fe6b53db078082fb033dbc67eea8307
+ * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
+
+2015-01-04 Werner Koch <wk@gnupg.org>
+
+ agent: Make --allow-loopback-pinentry gpgconf changeable.
+ + commit ac2cb47fc5c0be539aaa07fd141acdbc0934800f
+
+
+2014-12-22 Joshua Rogers <git@internot.info>
+
+ tools: Free variable before return.
+ + commit cf88337f8a4f8c98aca4b1da5921d18567b4f474
+ * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
+ upon error.
+
+2014-12-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ sm: Avoid double-free on iconv failure.
+ + commit ed8383c618e124cfa708c9ee87563fcdf2f4649c
+ * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
+ double-free of pwbuf.
+
+ scd: Avoid double-free on error condition in scd.
+ + commit b0b3803e8c2959dd67ca96debc54b5c6464f0d41
+ * scd/command.c (cmd_readkey): avoid double-free of cert
+
+ avoid future chance of using uninitialized memory.
+ + commit 367b073ab5f439ccf0750461d10c69f36998bd62
+ * common/iobuf.c: (iobuf_open): initialize len
+
+ avoid double-close in unusual dotlock situations.
+ + commit 628b111fa679612e23c0d46505b1ecbbf091897d
+ * common/dotlock.c: (dotlock_create_unix) avoid double-close()
+ in unusual situations.
+
+ gpgkey2ssh: clean up varargs.
+ + commit 351bca9047d748c3c4f7e9a3cdc476af127b1da3
+ * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
+
+2014-12-22 Werner Koch <wk@gnupg.org>
+
+ doc: Fix memory leak in yat2m.
+ + commit 6056d2467310260ddc0db2fe65b737ace6febcaa
+ * doc/yat2m.c (write_th): Free NAME.
+
+ dirmngr: Fix memory leak.
+ + commit 5a556e4e88bcbc926c0922070acaf5f7b25d18fb
+ * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.
+
+ * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
+
+ dirmngr: Remove un-needed check.
+ + commit 0d5cb55402c44fb5f731ecf85705f845f3091aa7
+ * dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
+
+ dirmngr,gpgsm: Return NULL on fail.
+ + commit abd5f6752d693b7f313c19604f0723ecec4d39a6
+ * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
+ * sm/gpgsm.c (parse_keyserver_line): Ditto.
+
+2014-12-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: ECDH Support.
+ + commit bdc8efbdd124d836c36cf482216e375421f72891
+ * agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
+ * scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
+ (send_key_attr): Support ECDH. Fix EdDSA algorithm value.
+ (retrieve_key_material): Initialize fields.
+ (get_public_key, ecc_writekey, do_writekey): Support ECDH.
+ (ecdh_writekey): Remove.
+ (do_decipher): Support ECDH.
+ (parse_algorithm_attribute): Support ECDH. Fix EdDSA.
+
+2014-12-19 Werner Koch <wk@gnupg.org>
+
+ agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
+ + commit 76140141699b545f7a988bf5fc101063917e8ce3
+ * agent/gpg-agent.c (finalize_rereadable_options): New.
+ (main, reread_configuration): Call it.
+
+ agent: Keep the session environment for restricted connections.
+ + commit 14601eacb51f6c8a60d3d57aee1be11debd94c68
+ * agent/command-ssh.c (setup_ssh_env): Move code to ...
+ * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
+ calllers.
+ * agent/command.c (start_command_handler): Call that fucntion for
+ restricted connections.
+
+ agent: Fix string prepended to remotely initiated prompts.
+ + commit aad8963f7b9d13b319abd413db8f42ec467db913
+ * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
+ translatable.
+
+2014-12-18 Werner Koch <wk@gnupg.org>
+
+ build: Remove option to build without agent.
+ + commit abec64f3cb04e49ca48cc476a5830a920e2ebf8f
+ * configure.ac (build-agent): Set to yes.
+
+2014-12-17 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Exit with failure if --launch fails.
+ + commit 5cb6df8996623c00eaa2a39e3037101585442f7e
+ * tools/gpgconf-comp.c (gc_component_launch): Return an error code.
+ * tools/gpgconf.c (main): Exit if launch failed.
+
+2014-12-16 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.1.
+ + commit 08c00cd4fe432d6852ad1d5c34a234c56aa3617c
+
+
+ po: Update the German translation.
+ + commit 4ba740bd4734c43e7876f6f6380cc5963789d510
+
+
+2014-12-16 Petr Pisar <petr.pisar@atlas.cz>
+
+ po: Update Czech translation.
+ + commit 30560491fe42562f4bbdb17d3213f7210f549a0f
+
+
+2014-12-16 Werner Koch <wk@gnupg.org>
+
+ gpg: Show private DO information in the card status.
+ + commit ce9212924039fba4e479760bba86c61b0d91c469
+ * g10/call-agent.c (agent_release_card_info): Free private_do.
+ (learn_status_cb): Parse PRIVATE-DO-n stati.
+
+2014-12-16 Ineiev <ineiev@gnu.org>
+
+ po: Update Russian translation.
+ + commit 5ab5b3fa6921f08dd0a498fe0381735e803d01e3
+
+
+2014-12-16 Jedi <jedi@jedi.org>
+
+ po: Update zh_TW translation.
+ + commit 668dc6b32cb97608ef65b85d917c86f5aec896ce
+
+
+2014-12-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Add sub-command "factory-reset" to --card-edit.
+ + commit dd65e21cb4934b40e6f2f7a8095f39fd6d9971bc
+ * common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
+ * scd/iso7816.c (map_sw): Add this error code.
+ * scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
+ * scd/app.c (select_application): Allow a return value of
+ GPG_ERR_OBJ_TERM_STATE.
+ * scd/scdaemon.c (set_debug): Print the DBG_READER value.
+ * g10/call-agent.c (start_agent): Print a status line for the
+ termination state.
+ (agent_scd_learn): Make arg "info" optional.
+ (agent_scd_apdu): New.
+ * g10/card-util.c (send_apdu): New.
+ (factory_reset): New.
+ (card_edit): Add command factory-reset.
+
+ gpg: Fix regression in notation data regression.
+ + commit fc9a35d2dec2f838abac831fd88dca494773e082
+ * g10/misc.c (pct_expando): Reorder conditions for clarity.
+ * g10/sign.c (write_signature_packets): Fix notation data creation.
+
+ gpg: Avoid extra LF in notaion data listing.
+ + commit b4e402cb5c6d7fc507e8d5131969145b49640e50
+ * g10/keylist.c (show_notation): Use log_printf.
+
+2014-12-12 Werner Koch <wk@gnupg.org>
+
+ scd: Fix possibly inhibited checkpin of the admin pin.
+ + commit 68b4e7c9e4de0dc3580ca5af3cfd0f20a2691b5e
+ * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
+ buffer.
+
+ gpg: Let --card--status create a shadow key (card key stub).
+ + commit f3f9f9b2844c35f7942ee904d5222523615cdad4
+ * agent/command.c (cmd_learn): Add option --sendinfo.
+ * agent/learncard.c (agent_handle_learn): Add arg "send" andsend
+ certifciate only if that is set.
+ * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO
+ optional.
+ (agent_learn): Remove.
+ * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
+
+ gpg: Fix possible read of unallocated memory.
+ + commit 193815030d20716d9a97850013ac3cc8749022c9
+ * g10/parse-packet.c (can_handle_critical): Check content length
+ before calling can_handle_critical_notation.
+
+2014-12-11 Werner Koch <wk@gnupg.org>
+
+ build: Replace deprecated autconf macro.
+ + commit 1d8ebe4d54eef37da65e7bd5d7386bc04f344447
+ * m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
+ * m4/po.m4: Ditto.
+
+2014-12-08 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Improve dead host detection.
+ + commit e8c0ed779579293b3f4592d9337bc15ee0fc3fdd
+ * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
+ also for 2 other error messages.
+
+ http: Improve diagnostic messages.
+ + commit 6d5f12834124ba5ee0e54261531abf95c36c116c
+ * common/http.c (send_request): Print TLS alert info
+ (connect_server): Detect bogus DNS entry.
+
+ gpg: Obsolete some keyserver helper options.
+ + commit 5bf93f4ea7a11381dd256b5fd4e5913366828265
+ * g10/options.h (opt): Remove keyserver_options.other.
+ * g10/gpg.c (main): Obsolete option --honor-http-proxt.
+ * g10/keyserver.c (add_canonical_option): Replace by ...
+ (warn_kshelper_option): New.
+ (parse_keyserver_uri): Obsolete "x-broken-http".
+
+ dirmngr: Return a proper error for all dead hosts.
+ + commit b72ece6d74d3e385e818ead748eba0cb111b95b3
+ * dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
+ Return an error code for all dead hosts.
+ (make_host_part): Change to return an gpg_error_t. Change all
+ callers.
+
+ gpg: Write a status line for a failed --send-keys.
+ + commit 66ab8f807c96b778f2a2c82b58d3e15ac295e1b2
+ * g10/keyserver.c (keyserver_put): Write an status error.
+
+2014-12-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for EdDSA.
+ + commit c50c11d5751f46ddb38244a5a07d8274e1e10922
+ * scd/app-openpgp.c (get_algo_byte): It catches 22.
+ (store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
+
+2014-12-05 Andre Heinecke <aheinecke@intevation.de>
+
+ Document no-allow-mark-trusted option.
+ + commit f4ed04fca8885301b567ec004ffff0d6e24f4611
+ doc: Document no-allow-mark-trusted for gpg-agent
+
+ * doc/gpg-agent.texi: Change allow-mark-trusted doc to
+ no-allow-mark-trusted.
+
+ --
+ Since rev. 78a56b14 allow-mark-trusted is the default option
+ and was replaced by no-allow-mark-trusted to disable the
+ interactive prompt.
+
+2014-12-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for NIST P-256.
+ + commit 8720125f5a283ede34e52c2493b8a9b0226ae62c
+ * g10/card-util.c (card_store_subkey): Error check.
+ * scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
+ (do_writekey): Error check.
+
+2014-12-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Allow import of large keys.
+ + commit 63e7891f0f9f0228d93c6cd979fbf2797da2b67d
+ * g10/import.c (import): Skip too large keys.
+ * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
+
+2014-12-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
+ + commit 17b4662984b4669d8dcbbd6705ccfbe6c263319c
+ * g10/gpg.c (opts): Remove them.
+ * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
+
+2014-12-02 Werner Koch <wk@gnupg.org>
+
+ agent: Replace some sprintf.
+ + commit fabcf1440a6900b9471f11e4f2a015e9f2d1a74c
+ * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
+ * agent/command-ssh.c (ssh_identity_register): Ditto.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
+ put_membuf_printf.
+
+2014-12-01 Werner Koch <wk@gnupg.org>
+
+ tools: Improve watchgnupg portability.
+ + commit 0367a4b8cfbf1f197e093ca2b83b27e0a409c3c7
+ * configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
+ * tools/watchgnupg.c: Include it.
+
+ gpg: Fix export bug using exact search with only one key in the keybox.
+ + commit f1c3eb4b16ca43b5d3712a3b54c22d17ce85af47
+ * g10/export.c (do_export_stream): Disable caching.
+ * g10/keyserver.c (keyidlist): Ditto.
+
+ scd: Implement socket redirection.
+ + commit 2f90b7c21b2f84ca2bf5f4555da9233e84606b4e
+ * scd/scdaemon.c (ENAMETOOLONG): New.
+ (redir_socket_name): New.
+ (cleanup): Take care of a redirected socket.
+ (main): Pass redir_socket_name to create_server_socket.
+ (create_socket_name): Remove superfluous length check.
+ (create_server_socket): Add arg r_redir_name and implement
+ redirection. Replace assert for older Assuan by an error message.
+
+ dirmngr: Implement socket redirection.
+ + commit eede0e59bf6281777da7391752ae4191f3e51204
+ * dirmngr/dirmngr.c (ENAMETOOLONG): new.
+ (redir_socket_name): New.
+ (main): Add Assuan socket redirection.
+ (cleanup): Adjust cleanup for redirection.
+
+2014-11-28 Werner Koch <wk@gnupg.org>
+
+ agent: Implement socket redirection.
+ + commit e1f515b19c7f63b6d0b0253319b9fc41dabed657
+ * agent/gpg-agent.c (ENAMETOOLONG): New.
+ (redir_socket_name, redir_socket_name_extra)
+ (redir_socket_name_ssh): New.
+ (remove_socket): Take care of the redir names.
+ (main): Pass the redir names to create_server_socket.
+ (create_socket_name): Remove length check - that is anyway done later.
+ (create_server_socket): Add arg r_redir_name and implement redirection
+ if Libassuan is at least 2.14.
+
+ gpg: Change another BUG() call to a regular error message.
+ + commit e59b1cc7471dd161a627b290c645ef7bd0d9d42c
+ * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.
+
+ Add option --no-autostart.
+ + commit 7aee3579be6e24a1aa280e75615fc3a11ceef960
+ * g10/gpg.c: Add option --no-autostart.
+ * sm/gpgsm.c: Ditto.
+ * g10/options.h (opt): Add field autostart.
+ * sm/gpgsm.h (opt): Ditto.
+ * g10/call-agent.c (start_agent): Print note if agent was not
+ autostarted.
+ * sm/call-agent.c (start_agent): Ditto.
+ * g10/call-dirmngr.c (create_context): Likewise.
+ * sm/call-dirmngr.c (start_dirmngr_ext): Ditto.
+
+2014-11-27 Мирослав Николић <wk@gnupg.org>
+
+ gpg-agent: Add restricted connection feature.
+ + commit f173cdcdfbfd083b035516a406c2c754f38a0ace
+ * agent/agent.h (opt): Add field extra_socket.
+ (server_control_s): Add field restricted.
+ * agent/command.c: Check restricted flag on many commands.
+ * agent/gpg-agent.c (oExtraSocket): New.
+ (opts): Add option --extra-socket.
+ (socket_name_extra): New.
+ (cleanup): Cleanup that socket name.
+ (main): Implement oExtraSocket.
+ (create_socket_name): Add arg homedir and change all callers.
+ (create_server_socket): Rename arg is_ssh to primary and change
+ callers.
+ (start_connection_thread): Take ctrl as arg.
+ (start_connection_thread_std): New.
+ (start_connection_thread_extra): New.
+ (handle_connections): Add arg listen_fd_extra and replace the
+ connection starting code by parameterized loop.
+ * common/asshelp.c (start_new_gpg_agent): Detect the use of the
+ restricted mode and don't fail on sending the pinentry environment.
+
+ * common/util.h (GPG_ERR_FORBIDDEN): New.
+
+ agent: Make auditing of the option list easier.
+ + commit ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff
+ * agent/gpg-agent.c (opts): Use ARGPARSE_ macros.
+
+2014-11-26 Kristian Fiskerstrand <kf@sumptuouscapital.com>
+
+ dirmngr: Only report hkps scheme when available.
+ + commit 68a7ccc0c870cce6ab9fefb1aa6fd100e1de129b
+ * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
+
+2014-11-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Change a bug() call to a regular error message.
+ + commit 1c2140346d6ef9c35e303099d2d15be57869b4d5
+ * g10/decrypt-data.c (decrypt_data): Return an error code instead of
+ calling BUG().
+
+2014-11-25 Werner Koch <wk@gnupg.org>
+
+ Fix buffer overflow in openpgp_oid_to_str.
+ + commit 8445ef24fc31e1fe0291e17f90f9f06b536e34da
+ * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
+
+ * common/t-openpgp-oid.c (BADOID): New.
+ (test_openpgp_oid_to_str): Add test cases.
+
+2014-11-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix use of uninit.value in listing sig subpkts.
+ + commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8
+ * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
+ sanitized.
+
+ gpg: Fix off-by-one read in the attribute subpacket parser.
+ + commit 0988764397f99db4efef1eabcdb8072d6159af76
+ * g10/parse-packet.c (parse_attribute_subpkts): Check that the
+ attribute packet is large enough for the subpacket type.
+
+ gpg: Fix batch generation of ECC keys.
+ + commit b716e6a69919b89c7887d6c7c9b97e58d18fdf95
+ * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
+ directly.
+
+2014-11-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}
+ + commit eed16ccebf8fd1fdf9709affbd5c831f6957b8ae
+ * common/argparse.c (initialize): Use correct value.
+
+ gpg: Refer to --throw-keyids instead of --throw-keyid.
+ + commit a3cf781e3bc144aff60e007b9ba59bff7b1b2c9e
+ * g10/encrypt.c: adjust error message
+
+2014-11-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Track number of skipped v3 keys on import.
+ + commit 44c9cc18968b3e1d7568ec41ebf28a07285c61bb
+ * g10/import.c (stats_s): Add field v3keys.
+ (import): Update this field.
+ (import_print_stats): Print v3 key count.
+ (read_block): Skip v3 keys and return a count for them.
+
+ gpg: Fix regression in parse_key.
+ + commit 94a54425144e412bc83e44b7c6323282f49f650f
+ * g10/parse-packet.c (parse): Better return just the gpg_err_code.
+ (parse_key): Return the error code.
+
+ speedo: Add simple logos to the installer.
+ + commit 9a85b91e925ac0798d56820353bf5858b212277f
+ * build-aux/speedo/w32/README.txt: Include GnuPG Readme.
+ * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
+ * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
+ * build-aux/speedo/w32/inst.nsi: Add logos.
+ * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
+
+2014-11-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix hash detection for ECDSA.
+ + commit f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd
+ * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
+
+ Fix linker problem on OS X.
+ + commit cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0
+ * common/init.c (default_errsource): Move to the .data segmemt.
+
+2014-11-19 Werner Koch <wk@gnupg.org>
+
+ gpg-connect-agent: Add convenience option --uiserver.
+ + commit 164a6a9dd4af26668dd0d01061688bf1ceff44bf
+
+
+ Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.
+ + commit 0e7dd40342bd56810c27db1c38c1928f56f43bfd
+ * common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change
+ all callers to use 1 for it.
+ (start_new_dirmngr): Ditto.
+ * tools/gpg-connect-agent.c: Add option --no-autostart.
+ (main): Default autostart to 1.
+ (start_agent): Implement no-autostart.
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
+ (scdaemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): New.
+
+ po: Copied missing translations from the 2.0 branch.
+ + commit 329ece46bf83871f01eb833d5ebec6da36bfcce0
+ * po/LINGUAS: Add new translations.
+
+2014-11-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a NULL-deref for invalid input data.
+ + commit 32e85668b82f6fbcb824eea9548970804fb41d9e
+ * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
+ entry.
+
+2014-11-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Make the use of "--verify FILE" for detached sigs harder.
+ + commit 69384568f66a48eff3968bb1714aa13925580e9f
+ * g10/openfile.c (open_sigfile): Factor some code out to ...
+ (get_matching_datafile): new function.
+ * g10/plaintext.c (hash_datafiles): Do not try to find matching file
+ in batch mode.
+ * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
+ matching data file is not used by a standard signatures.
+
+ gpg: Fix a missing LF in debug output.
+ + commit 22748338da9a78d20aefe3656ba40b0f9d34a681
+ * g10/kbnode.c (dump_kbnode): Print a LF.
+
+ gpg: Remove PGP-2 related cruft.
+ + commit e30cb8f61792e3808f7c8f343fc8545e6c81fe74
+ * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
+ header.
+ (fake_packet): Remove pgp-2 workaround for white space stripping.
+ * g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
+ * g10/options.h (opt): Remove field pgp2_workarounds.
+ * g10/gpg.c (main): Do not set this field.
+ * g10/gpgv.c (main): Ditto.
+ * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
+ algo. Using MD5 here is useless.
+ (proc_plaintext): Remove PGP-2 related woraround
+ (proc_tree): Remove another workaround but keep the one for PGP-5.
+
+2014-11-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve perceived speed of secret key listings.
+ + commit 81e177be10273885573f5d1fd88a1ee23479f4ab
+ * g10/keylist.c (list_keyblock): Flush stdout for secret keys.
+
+ gpg: Fix regression in --refresh-keys.
+ + commit eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b
+ * g10/keyserver.c (keyserver_get): Factor all code out to ...
+ (keyserver_get_chunk): new. Extimate line length.
+ (keyserver_get): Split up requests into chunks.
+
+ gpg: Add import options "keep-ownertrust".
+ + commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39
+ * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
+ * g10/import.c (parse_import_options): Add "keep-ownertrust".
+ (import_one): Act upon new option.
+
+2014-11-11 Werner Koch <wk@gnupg.org>
+
+ Remove use of gnulib (part 2)
+ + commit b8cdfac353ad96d4ef025c066c16dbde34805661
+ * configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
+ (gl_EARLY): Remove.
+ * common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
+ * common/sysutils.c (gnupg_mkdtemp): New. Based on code from
+ glibc-2.6.
+ (gnupg_setenv): Rewrite.
+ (gnupg_unsetenv): Rewrite.
+ * g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
+ * g13/be-encfs.c: Ditto.
+ * g13/mount.c: Ditto.
+ * tools/symcryptrun.c (confucius_mktmpdir): Ditto.
+
+ Remove use of gnulib (part 1)
+ + commit 1adf719b2d8e2d5b912bf6655731e7e586402654
+ * gl/: Remove entire tree.
+ * configure.ac: Remove gnulib tests and the gl/ Makefile.
+ (setenv): Add to AC_CHECK_FUNCS.
+ * autogen.rc (extra_aclocal_flags): Set to empty.
+ * Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
+ (SUBDIRS): Remove gl/.
+ * agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
+ * common/Makefile.am (t_common_ldadd): Ditto.
+ * dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
+ (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
+ * g10/Makefile.am (needed_libs): Ditto.
+ * g13/Makefile.am (g13_LDADD): Ditto.
+ * kbx/Makefile.am (kbxutil_LDADD): Ditto.
+ ($(PROGRAMS)): Ditto.
+ * scd/Makefile.am (scdaemon_LDADD): Ditto.
+ * sm/Makefile.am (common_libs): Ditto.
+ * tools/Makefile.am (common_libs, commonpth_libs): Ditto.
+
+ * agent/gpg-agent.c: Remove "mkdtemp.h"
+ * g10/exec.c: Ditto.
+ * scd/scdaemon.c: Ditto.
+ * tools/symcryptrun.c: Ditto.
+ * common/sysutils.c: Remove "setenv.h"
+
+ * common/t-timestuff.c: Use putenv if setenv is not available.
+
+2014-11-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove warning message for non-implemented search modes.
+ + commit 7362c8c6e60939588e817384ae2e29195cb3f518
+ * kbx/keybox-search.c (keybox_search): Silently ignore.
+ * doc/specify-user-id.texi: Docuement '@", '+', and '.' search
+ prefixes.
+
+ w32: Fix http access module.
+ + commit f0f5cb6b3e525f696b8820c517190e1d84f3b885
+ * common/http.c (write_server) [W32]: Rework to use send() instead of
+ write even when build with npth.
+ (cookie_read) [W32]: Rework to use recv() instead of read even when
+ build with npth.
+
+ build: Add method to use a custom swdb.lst and use adns with Windows.
+ + commit c7c79e31937e2d2fdb4042641786c229e31fbfae
+ * build-aux/getswdb.sh: Add option --skip-verify.
+ * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version
+ from swdb and build for Windows with adns.
+
+ build: Improve test for ADNS.
+ + commit f7e1be24c8fcf588d4e48aa53a85b22bd035e3b0
+ * configure.ac <adns>: Use adns_free as probe function for libadns.
+ (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
+ (ADNSLIBS): Do not ac_subst - it is only used within configure.
+
+2014-11-05 Werner Koch <wk@gnupg.org>
+
+ speedo: Append the date to the Windows installer.
+ + commit 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d
+ * build-aux/speedo.mk (BUILD_DATESTR): New.
+ (dist-source, installer): Use it.
+
+ Release 2.1.0.
+ + commit e22b459b910762f77245283746de34c67ebc72da
+
+
+ Avoid sign extension when shifting the MSB.
+ + commit 91b826a38880fd8a989318585eb502582636ddd8
+ * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
+ shifting.
+ * g10/build-packet.c (delete_sig_subpkt): Ditto.
+
+2014-11-04 Werner Koch <wk@gnupg.org>
+
+ Remove all expired common CA certificates.
+ + commit 46fa1e0fe9f7407f12aa854e5cdb54624af3e89b
+ * doc/com-certs.pem: Remove certifciates.
+
+2014-11-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
+ + commit f8c993fbe28bf02f1d7aadec823a9dfc935398fa
+ * agent/command.c (cmd_export_key): Actually implement the cache_nonce
+ feature.
+ * g10/export.c (do_export_stream): Make use of a cache_nonce.
+
+ gpg: Fix endless loop in keylisting with fingerprint.
+ + commit d95f05c314adfecbe0af9073f964030010442f9b
+ * g10/getkey.c (getkey_next): Disable cache.
+
+ gpg: Minor cleanup for key listing related code.
+ + commit 440e8f517008107a9fe1b72cb659b97b7d840de6
+ * g10/getkey.c (get_pubkey_next): Divert to getkey_next.
+ (get_pubkey_end): Move code to getkey_end.
+ * g10/keydb.c (keydb_search_reset): Add a debug statement.
+ (dump_search_desc): Add arg HD and print the handle.
+
+ gpg: Do not show an useless passphrase prompt in batch mode.
+ + commit a929f36693567e57eca89fb48f23cada8ce7291a
+ * g10/keygen.c: Remove unused PASSPHRASE related code.
+ (proc_parameter_file): Remove useless asking for a passphrase in batch
+ mode.
+
+2014-10-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
+ + commit f4df71aa2d544ec46a2ded3055ffb21b9842129e
+ * g10/gpg.c (main): Remove check.
+
+ kbx: Let keydb_search skip unwanted blobs.
+ + commit 935edf88ab29b2f63afc2a0e3af1b33c92033ab7
+ * kbx/keybox.h (keybox_blobtype_t): New.
+ * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
+ * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
+ non-matching blobs.
+ * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
+ * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
+
+ gpg: Fix --rebuild-keydb-caches.
+ + commit 28ae8ad70b3b802e67344468a4765eee6e291c68
+ * g10/parse-packet.c (parse_key): Store even unsupported packet
+ versions.
+ * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
+ versions less than 4.
+
+ gpg: Fix testing for secret key availability.
+ + commit 433208a5536608c2b40525eebadbbdeb7780d7f2
+ * g10/getkey.c (have_secret_key_with_kid): Do not change the search
+ mode.
+
+ build: Avoid distributing backup files etc.
+ + commit b47fe2b14e2a610706bdeff9dbd9a5f7bd6f6b3a
+ * Makefile.am (EXTRA_DIST): Do not include directories.
+
+2014-10-30 Werner Koch <wk@gnupg.org>
+
+ tests: Speed up the genkey1024.test by using not so strong random.
+ + commit 9546aa3cc87fc83a40768a12fbbceb19496ce129
+ * agent/gpg-agent.c (oDebugQuickRandom): New.
+ (opts): New option --debug-quick-random.
+ (main): Use new option.
+ * common/asshelp.c (start_new_gpg_agent): Add hack to pass an
+ additional argument for the agent name.
+ * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
+ starting parameters.
+ * tests/openpgp/version.test: Ditto.
+
+2014-10-29 Werner Koch <wk@gnupg.org>
+
+ common: Check option arguments for a valid range.
+ + commit 0d73a242cb53522669cf712b5ece7d1ed05d003a
+ * common/argparse.h (ARGPARSE_INVALID_ARG): New.
+ * common/argparse.c: Include limits h and errno.h.
+ (initialize): Add error strings for new error constant.
+ (set_opt_arg): Add range checking.
+
+ Fix stdint.h problem for Apple.
+ + commit f5592fcff308007322a201c970a6d5e8763c9fe3
+ * gl/stdint_.h [__APPLE__]: Include hack.
+
+2014-10-27 Werner Koch <wk@gnupg.org>
+
+ speedo: Fixes for native build.
+ + commit 158fe900183daf745821dea7a70cf1c673cd8de0
+ * build-aux/speedo.mk (TARGETOS): Init with empty string.
+ (speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
+ (INST_VERSION, INST_PROD_VERSION): Create only for w32.
+
+2014-10-24 Werner Koch <wk@gnupg.org>
+
+ agent: Support pinentries with integrated repeat passphrase feature.
+ + commit c9aadcb3a248632c07391ff3d829bece9320a901
+ * agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
+ with_repeat.
+ * agent/call-pinentry.c (close_button_status_cb): Rewrite and check
+ for PIN_REPEAT. Change users to check only the relevant bit.
+ (agent_askpin): Support repeat logic of new Pinentries.
+
+ * agent/command-ssh.c (ssh_identity_register): Use the new repeat
+ feature.
+ * agent/genkey.c (agent_ask_new_passphrase): Ditto.
+
+2014-10-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Silence "packet with obsolete versoin" warnings.
+ + commit 472a4a0d82add2d17154fa38e0074eaea56c28c1
+ * g10/parse-packet.c (parse_key): Print warning only in very verbose
+ mode.
+
+ gpg: Make card key generation work again.
+ + commit 1b8decc4767f0c55867327bdf3113204efcd19a7
+ * g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
+ (agent_learn): New.
+ * g10/keygen.c (gen_card_key): Call new agent-learn.
+
+2014-10-17 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Allow building without LDAP support.
+ + commit 6d9491842d5da597980eaa59e1e3e2137965fe09
+ * configure.ac: Add option --disable-ldap.
+ (USE_LDAP): New ac_define and am_conditional.
+ * dirmngr/Makefile.am: Take care of USE_LDAP.
+ * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
+ and do not call any ldap function.
+ * dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
+ * dirmngr/crlfetch.c (!USE_LDAP): Ditto.
+
+ w32: Set SYSROOT to help finding config scripts.
+ + commit a13705f4c18db56765f4af31376e81241dbabebe
+ * autogen.sh <build-w32>: Set SYSROOT.
+
+ gpg: Remove all support for v3 keys and always create v4-signatures.
+ + commit 8fd150b05b744fe9465057c12529d5e6b6b02785
+ * g10/build-packet.c (do_key): Remove support for building v3 keys.
+ * g10/parse-packet.c (read_protected_v3_mpi): Remove.
+ (parse_key): Remove support for v3-keys. Add dedicated warnings for
+ v3-key packets.
+ * g10/keyid.c (hash_public_key): Remove v3-key support.
+ (keyid_from_pk): Ditto.
+ (fingerprint_from_pk): Ditto.
+
+ * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
+ * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
+ oForceV4Certs, oNoForceV4Certs.
+ (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
+ --no-force-v4-certs int dummy options.
+ (main): Remove setting of the force_v3_sigs force_v4_certs flags.
+ * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
+ * g10/sign.c (hash_uid): Remove support for v3-signatures
+ (hash_sigversion_to_magic): Ditto.
+ (only_old_style): Remove this v3-key function.
+ (write_signature_packets): Remove support for creating v3-signatures.
+ (sign_file): Ditto.
+ (sign_symencrypt_file): Ditto.
+ (clearsign_file): Ditto. Remove code to emit no Hash armor line if
+ only v3-keys are used.
+ (make_keysig_packet): Remove arg SIGVERSION and force using
+ v4-signatures. Change all callers to not pass a value for this arg.
+ Remove all v3-key related code.
+ (update_keysig_packet): Remove v3-signature support.
+ * g10/keyedit.c (sign_uids): Always create v4-signatures.
+
+ * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
+ change caller.
+
+2014-10-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove extra RSA import status line.
+ + commit fab89f159bcb36ea7285af661d5756eefa981822
+ * g10/import.c (stats_s): Remove field "imported_rsa".
+ (import_print_stats): Do not print separate value for RSA.
+ (import_one): Remove the RSA counter.
+
+ gpg: Fix informative printing of user ids.
+ + commit 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0
+ * g10/getkey.c (keyid_list): Add field "fpr".
+ (cache_user_id): Store fpr and check for dups only by fpr.
+ (get_pubkey_byfpr): New.
+ (get_user_id_string): Make static and use xasprintf.
+ (get_long_user_id_string): Use xasprintf.
+ (get_user_id_byfpr): New.
+ (get_user_id_byfpr_native): New.
+ * g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
+ * g10/import.c (import_one): Use get_user_id_byfpr_native.
+
+ gpg: Allow importing keys with duplicated long key ids.
+ + commit c60814a5ce13932d933b363abc0c60c12783ae2f
+ * g10/keydb.c (keydb_handle): Add field no_caching.
+ (keyblock_cache): Repalce field kid by fpr.
+ (keydb_disable_caching): New.
+ (keydb_search): Use the fingerprint as cache index.
+
+ * g10/import.c (import_one): Use the fingerprint and not the kid to
+ lookup the key. Call keydb_disable_caching beofre re-searching for
+ update.
+
+ * tests/openpgp/import.test: Add a test case.
+
+ tests: Speed up conventional encryption tests for gpg.
+ + commit 2543f0ab9c7b4247347688863f898667bae31984
+ * tests/openpgp/conventional-mdc.test: Add an s2k-count option.
+ * tests/openpgp/conventional.test: Ditto.
+
+2014-10-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Minor change for better readability.
+ + commit 2d68dc437e7de92619abe3a019b0a7606487b6bf
+ * g10/build-packet.c (write_version): Remove.
+ (do_pubkey_enc, do_onepass_sig): Write version directly.
+
+2014-10-10 Werner Koch <wk@gnupg.org>
+
+ doc: Fix a man page rendering problem.
+ + commit 5b5e5a6027ae1743719e112aa4e9055f1b8133a7
+ * doc/gpg-agent.texi (Agent Configuration): Fix rendering of the
+ sshcontrol example.
+
+2014-10-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Add build and runtime support for larger RSA keys.
+ + commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af
+ * configure.ac: Added --enable-large-secmem option.
+ * g10/options.h: Add opt.flags.large_rsa.
+ * g10/gpg.c: Contingent on configure option: adjust secmem size,
+ add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
+ * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
+ * doc/gpg.texi: Document --enable-large-rsa.
+
+2014-10-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Skip overlong keys and a print a warning.
+ + commit 2ca90f78cee91c43b8d538d1cb92728f8e1452d5
+ * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
+ long blobs.
+ * sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
+ * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
+ (keydb_search_reset): Reset that field.
+ (keydb_search): Update that field.
+ (keydb_get_skipped_counter): New.
+ * g10/keylist.c (list_all): Print count of skipped keys.
+
+ gpg: Sync keylist output and warning messages.
+ + commit 60e21d8b85888b8c9ea15c70268f98d780fdf5fb
+ * g10/keylist.c (list_all): Flush stdout before logging.
+ * g10/misc.c (print_pubkey_algo_note): Ditto.
+ (print_cipher_algo_note): Ditto.
+ (print_digest_algo_note): Ditto.
+ (print_md5_rejected_note): Ditto.
+
+ kbx: Fix handling of overlong keys.
+ + commit b6507bb80e4e4aa5c85a918fdcf5c28cccb75081
+ * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB.
+ (_keybox_read_blob2): Skip too long record records.
+ (_keybox_write_blob): Do not accept too long record.
+ * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs.
+ (_keybox_dump_file): Print new counter.
+ (_keybox_dump_file): Skip too long records.
+ ----
+
+ To test this feature you may set the limit back to 1MiB and use key
+ F7F0E70F307D56ED which is in my local copy close to 2MiB. Without
+ this patch it was possible to import the key but access to that key
+ and all keys stored after it was not possible.
+
+ gpg: Take care to use pubring.kbx if it has ever been used.
+ + commit ec332d58efc50f6508b87fc9f51db68c39cee044
+ * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
+ * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
+ flag.
+ * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
+ and set header flag.
+ * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
+ and add arg for_openpgp.
+ (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
+ former keybox_new.
+ * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
+ openpgp header flags.
+
+ * g10/keydb.c (rt_from_file): New. Factored out and extended from
+ keydb_add_resource.
+ (keydb_add_resource): Switch to the kbx file if it has the openpgp
+ flag set.
+
+ * kbx/keybox-dump.c (dump_header_blob): Print header flags.
+
+2014-10-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Avoid unnecessary library linkage.
+ + commit 27fe067efea883629354450a042ad09e47d90ff8
+ * dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
+ * g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
+ need $(LIBASSUAN_LIBS)
+ * sm/Makefile.am: gpgsm does not need $(ZLIBS)
+ * tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
+
+2014-10-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid error exit if keygrip computations fails in a key listing.
+ + commit 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97
+ * g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error.
+
+2014-10-03 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.0-beta864.
+ + commit 0943c7cc23371943e9670a2f35c318d847cbac6a
+
+
+ gpg: Allow creating a cert-only primary key.
+ + commit bc8583f247898a1fa45f6de834d34b335ab1952c
+ * g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
+
+ build: Add configure options --disable-{ntb,gnu}tls.
+ + commit 6522a68d8d11e15ee77102e6830f251c2d9f440d
+ * configure.ac: Add --disable-ntbtls and --disable-gnutls.
+
+2014-10-03 Andre Heinecke <aheinecke@intevation.de>
+
+ gpg: Check gpg-agent version before 2.1 migration.
+ + commit a6fcdbc9e0fc0e45a3badc23813e689e83059b61
+ * g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
+ * g10/migrate.c (migrate_secring): Abort migration if
+ agent_get_version returns not at least 2.1.0
+
+2014-10-03 Werner Koch <wk@gnupg.org>
+
+ po: Update German translation.
+ + commit b15d5d42adf31c0797797ebe19c471ab6f52c668
+
+
+ Remove support for the GPG_AGENT_INFO envvar.
+ + commit 9c380384dafb213334f8834178c5ceb0bf33db6e
+ * agent/agent.h (opt): Remove field use_standard_socket.
+ * agent/command.c (cmd_killagent): Always allow killing.
+ * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
+ --write-env-file into dummy options. Always return true for
+ --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
+ setting or set that envvar.
+ (create_socket_name): Simplify by removing non standard socket
+ support.
+ (check_for_running_agent): Ditto.
+ * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
+ * common/simple-pwquery.c (agent_open): Ditto.
+ * configure.ac (GPG_AGENT_INFO_NAME): Remove.
+ * g10/server.c (gpg_server): Do not print the AgentInfo comment.
+ * g13/server.c (g13_server): Ditto.
+ * sm/server.c (gpgsm_server): Ditto.
+ * tools/gpgconf.c (main): Simplify by removing non standard socket
+ support.
+
+2014-10-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix regression removing SHA256.
+ + commit 688a903b4b3ad348c0d09e9d3fab8a12f4f94311
+ * g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
+
+ First changes for future use of NTBTLS.
+ + commit f2361e6d582d4343d71d294ed1da654afe7750ee
+ * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
+ (HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
+ * m4/ntbtls.m4: New.
+ * m4/Makefile.am (EXTRA_DIST): Add new file.
+ * common/http.c: Add conditionals to eventually use NTBTLS.
+
+ build: Update m4 scripts.
+ + commit 6bc0cd6202033be113999dbf27be4014bdf2c784
+ * m4/gpg-error.m4: Update from Libgpg-error git master.
+ * m4/libgcrypt.m4: Update from Libgcrypt git master.
+ * configure.ac: Declare SYSROOT a precious variable. Add extra error
+ message for library configuration mismatches.
+
+2014-09-29 Werner Koch <wk@gnupg.org>
+
+ doc: Remove GnuPG-1 related parts from gpg.texi.
+ + commit edd191e5b006dc6ace1d41672e7201cbe58c41c9
+ * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
+ * doc/gpg.texi: Remove gpg1 related texts.
+
+2014-09-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Default to SHA-256 for all signature types on RSA keys.
+ + commit d33246700578cddd1cb8ed8164cfbba50aba4ef3
+ * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
+ strict RFC or PGP modes.
+ * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
+ RSA key signatures.
+ * configure.ac: Do not allow to disable sha256.
+
+ gpg: Simplify command --gen-key and add --full-gen-key.
+ + commit f3625bb018fa8d5bc754f982996f8788386f0a9d
+ * g10/gpg.c (aFullKeygen): New.
+ (opts): Add command --full-key-gen.
+ (main): Implement it.
+ * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
+ the value is identical.
+ (DEFAULT_STD_CURVE): New.
+ (DEFAULT_STD_SUBALGO): New.
+ (DEFAULT_STD_SUBKEYSIZE): New.
+ (DEFAULT_STD_SUBCURVE): New.
+ (quick_generate_keypair): Use new macros here.
+ (generate_keypair): Add arg "full" and fix call callers. Do not ask
+ for keysize in non-full node.
+ (ask_user_id): Add arg "full" and simplify for non-full mode.
+
+2014-09-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Add shortcut for setting key capabilities.
+ + commit 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec
+ * g10/keygen.c (ask_key_flags): Add shortcut '='.
+ * doc/help.txt (gpg.keygen.flags): New.
+
+2014-09-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not always print dashes in obsolete_option.
+ + commit 20c6da50d4f6264d26d113d7de606971f719a0ca
+ * g10/gpg.c (main): Pass option names to obsolete_option without
+ double dash.
+ * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
+ dash only for command line options.
+
+2014-09-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
+ + commit 371c2b14b0347209efd23b4e54e1981a12d7aeab
+ * g10/gpg.c: Add config options that should belong in scdaemon.conf
+ * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.
+
+2014-09-22 Werner Koch <wk@gnupg.org>
+
+ speedo: Check that wget and gpgv are installed.
+ + commit 59b6f6f16e095162358ac2001aeb2c058de2fd1e
+ * build-aux/getswdb.sh: Check for required tools.
+
+ speedo: Autodetect sha1sum tools.
+ + commit 2427bc5bc76b00cfe790e1f370113f5b4199e8fa
+ * build-aux/getswdb.sh: Add option --find-sha1sum.
+ * build-aux/speedo.mk (check-tools): New phony target. Not yet used.
+ (SHA1SUM): New var. Use it instead of sha1sum.
+
+ gpg: Create default keyring with .kbx suffix.
+ + commit bc2f5c1d1afbe8ba413e594639fd05f19df32f75
+ * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
+ (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
+ and check and create .kbx.
+
+2014-09-20 Werner Koch <wk@gnupg.org>
+
+ gpg: --delete-secret-key - check that a secret key exists.
+ + commit 1d33d03f0bb576601f5eef1a548cbc519f251b17
+ * g10/delkey.c (do_delete_key): Check availibility of a secret key.
+
+ gpg: Make algorithm selection prompt for ECC more clear.
+ + commit cf648fc5c8cb20bfea4fd303631ba311bbaf3659
+ * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
+
+2014-09-18 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.0-beta834.
+ + commit 93f158df381af86036332c4314c2d4a64eab3e62
+
+
+ speedo: Distribute needed files.
+ + commit 72a16d80d4505aa0ff509aae41f848bbe42ed129
+ * Makefile.am (EXTRA_DIST): Add speedo stuff.
+
+ build: Enable gpgtar by default.
+ + commit 345a8374f31e637a99e6438e527670cf6845ca05
+
+
+ common: Do not build maintainer modules in non-maintainer mode.
+ + commit 927db789c19cbe5656ff980841ee37dd3a8989e7
+ * common/Makefile.am (module_maint_tests): Use only in maintainer
+ mode.
+ (t_common_cflags): New.
+
+ common: Remove superfluous statements.
+ + commit cad181b5ece3ab6910575c82c731ce2b47271a09
+ * common/exechelp-posix.c: Remove weak pragmas.
+ * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
+ const.
+
+ g13: Avoid segv after pipe creation failure.
+ + commit 6e7bcabd781a3ca9ad7dd90d962fb2a239feab4a
+ * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
+ early error.
+ (gpg_decrypt_blob): Ditto.
+
+ scd: Fix int/short mismatch in format string of app-p15.c.
+ + commit b17e8bbf20239e840763f98d3e62f16efdc82ba3
+ * scd/app-p15.c (parse_certid): Use snprintf and cast value.
+ (send_certinfo): Ditto.
+ (send_keypairinfo): Ditto.
+ (do_getattr): Ditto.
+
+ agent: Init a local variable in the error case.
+ + commit f82a6e0f08725008c5bbf702a5f4c175ea09f01c
+ * agent/pksign.c (do_encode_md): Init HASH on error.
+
+ agent: Remove left over debug output.
+ + commit 4f35ef499ac913036b7b69296a62afe8159b90b8
+ * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
+ output.
+
+ agent: Silence compiler warning for a debug message.
+ + commit ba6f8b3d9ec83b35c4f3839853567491fee2f99c
+ * agent/call-pinentry.c (agent_query_dump_state): Use %p for
+ POPUP_TID.
+
+ sm: Silence compiler warnings.
+ + commit 34b2e8c7dcb0edb28f99edbd788d73491334e3c0
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
+ * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
+ warning.
+
+ gpg: Silence a compiler warning.
+ + commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4
+ * g10/parse-packet.c (enum_sig_subpkt): Replace hack.
+
+ gpg: Replace a hash algo test function.
+ + commit 327134934d79d141d92170ad3b4a6ef3cb718ee0
+ * g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
+
+ speedo: Various fixes.
+ + commit 2f065d7ab6c514013eb8504281f50284764c26ec
+ * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor
+ other fixes.
+
+2014-09-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Print a warning if the subkey expiration may not be what you want.
+ + commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d
+ * g10/keyedit.c (subkey_expire_warning): New.
+ (keyedit_menu): Call it when needed.
+
+ gpg: Improve passphrase caching.
+ + commit 457bce5cd39146df047e4740162125c32c738789
+ * agent/cache.c (last_stored_cache_key): New.
+ (agent_get_cache): Allow NULL for KEY.
+ (agent_store_cache_hit): New.
+ * agent/findkey.c (unprotect): Call new function and try to use the
+ last stored key.
+
+ * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
+ make_keysig_packet.
+ (gen_standard_revoke): Add arg CACHE_NONCE and pass to
+ create_revocation.
+ * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
+ cache nonce.
+
+2014-09-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Use algorithm id 22 for EdDSA.
+ + commit 83c2d2396cc9fa6bdd887a560830fc0f48b01b08
+ * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
+ * g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
+
+2014-09-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Stop early on bogus old style comment packets.
+ + commit 3d250d21d36e8a0935b645f1ed5134ef9083530e
+ * g10/parse-packet.c (parse_key): Take care of too short packets for
+ old style commet packets.
+
+2014-09-10 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Support https for KS_FETCH.
+ + commit 84419f42da0fd436a9e0e669730157e74ce38b77
+ * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
+ * dirmngr/misc.c (cert_log_cb): here.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
+ and https.
+
+ dirmngr: Fix the ks_fetch command for the http scheme.
+ + commit 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b
+ * common/http.c (http_session_ref): Allow for NULL arg.
+
+2014-09-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix memory leak in ECC encryption.
+ + commit 98f65291d7abecc1e4d618125f33b6ce759e0892
+ * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
+ handling.
+
+2014-09-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix export of NIST ECC keys.
+ + commit bf2fc12b83b45953f7afa403b8d91c36d0b50ec9
+ * common/openpgp-oid.c (struct oidtable): New.
+ (openpgp_curve_to_oid): Rewrite and allow OID as input.
+ (openpgp_oid_to_curve): Make use of the new table.
+
+ agent: Fix import of OpenPGP EdDSA keys.
+ + commit afe85582ddc2ebc285728bf6417f8929fd0b3281
+ * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
+ (convert_secret_key): Ditto.
+ (convert_transfer_key): Ditto.
+ (apply_protection): Handle opaque MPIs.
+
+ (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
+ unpacking an opaque mpi.
+
+2014-09-01 Kyle Butt <kylebutt@gmail.com>
+
+ gpg: Fix export of ecc secret keys by adjusting check ordering.
+ + commit 4054d86abcb7ad953ed9e988b1765cb9266faefd
+ * g10/export.c (transfer_format_to_openpgp): Move the check against
+ PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
+ parameters.
+
+2014-09-01 Werner Koch <wk@gnupg.org>
+
+ agent: Allow key unprotection using AES-256.
+ + commit c913e09ebdbb1a1e9838a0a5897448841f5e9bc3
+ * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
+ clarity.
+ (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe
+ them instead of the hardwired values.
+ (agent_unprotect): Change to use a table of protection algorithms.
+ Add AES-256 variant.
+
+2014-08-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not show "MD5" and triplicated "RSA" in --version.
+ + commit be98b5960ebd48929c399b0b91c95bfc0cb9749b
+ * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
+ (build_list_md_test_algo): Ignore MD5.
+
+ gpg: Do not show "MD5" and triplicated "RSA" in --version.
+ + commit 40ad42dbe3c67d8103aedb6b584f4bedc5f93307
+ * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
+ (build_list_md_test_algo): Ignore MD5.
+
+2014-08-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove CAST5 from the default prefs and order SHA-1 last.
+ + commit 15cfd9a3bcdd561091a28c8f989c616b87348463
+ * g10/keygen.c (keygen_set_std_prefs): Update prefs.
+
+ Switch to the libgpg-error provided estream.
+ + commit 519305feb888b529c005b40445d041a088a2f8fc
+ * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
+ (GPGRT_ENABLE_ES_MACROS): Define.
+ (estream_INIT): Remove.
+ * m4/estream.m4: Remove.
+ * common/estream-printf.c, common/estream-printf.h: Remove.
+ * common/estream.c, common/estream.h: Remove.
+ * common/init.c (_init_common_subsystems): Call gpgrt initialization.
+
+ gpg: Allow for positional parameters in the passphrase prompt.
+ + commit a731c22952278c12c601b73d7581fda3a15a4b5b
+ * g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
+
+2014-08-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix "can't handle public key algorithm" warning.
+ + commit cb680c5ea540738692a5c74951802b0fdc658e85
+ * g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
+ capabilities.
+
+2014-08-19 Werner Koch <wk@gnupg.org>
+
+ speedo: Get version numbers from online database.
+ + commit 31649e72fd106a990614ce3cf720640a841ba722
+ * build-aux/getswdb.sh: New.
+ * build-aux/speedo.mk: Get release version numbers from swdb.lst.
+
+ build: Create VERSION file via autoconf.
+ + commit 4fc1c712e986f280057b1bce7ca4696ba6d95dfc
+ * Makefile.am (dist-hook): Remove creation of VERSION.
+ (EXTRA_DIST): Add VERSION.
+ * configure.ac: Let autoconf create VERSION.
+
+2014-08-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Install the current release signing pubkey.
+ + commit e5da80bc1888bf8801e69c9ff99f7f47550f7a09
+ * g10/distsigkey.gpg: New.
+
+ agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
+ + commit 3981ff15f3c0829ba22cd37794353502d996683c
+ * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
+ * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
+
+ kbx: Make user id and signature data optional for OpenPGP.
+ + commit e4aa006e4807285ffdd881e4e05af3bc47c5c964
+ * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
+
+ gpg: Change default cipher for --symmetric from CAST5 to AES-128.
+ + commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38
+ * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
+ depending on configure option.
+ * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
+
+ yat2m: Support @set and @value.
+ + commit 425d0750168f6b66a5d78a857cf21375a8f129eb
+ * doc/yat2m.c (variablelist): New.
+ (set_variable): New.
+ (macro_set_p): Also check the variables.
+ (proc_texi_cmd): Support the @value command.
+ (parse_file): Support the @set command.
+ (top_parse_file): Release variablelist.
+
+ yat2m: Support the $* command for man page rendering.
+ + commit 7e51ef0f77962f5fb215da53817caf28899ca190
+
+
+2014-08-17 Werner Koch <wk@gnupg.org>
+
+ estream: Change license from GPL to LPGL.
+ + commit af1196512f505e8a3a338f9b72394fa3585a5234
+ * common/estream-printf.c, common/estream-printf.h: Change license.
+ * common/estream.c, common/estream.h: Ditto.
+
+2014-08-14 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.0-beta783.
+ + commit a13198d9bcee368a8de7a401feb017efc83ff795
+
+
+ po: Update the German (de) translation.
+ + commit fe9ff33b9dc8793957998341cf4bcf5e50827b41
+
+
+ sm: Create homedir and lock empty keybox creation.
+ + commit c4b60cdae8dbf68206fd105fd09adeb61a9dafe4
+ * sm/gpgsm.h (opt): Add field "no_homedir_creation".
+ * sm/gpgsm.c (main): Set it if --no-options is used.
+ * sm/keydb.c (try_make_homedir): New. Similar to the one from
+ g10/openfile.c.
+ (maybe_create_keybox): New. Similar to the one from g10/keydb.c.
+ (keydb_add_resource): Replace some code by maybe_create_keybox.
+
+ gpg: Screen keyserver responses.
+ + commit c23c18c1543d1ff58f0f78baaa6a8e319c659ecb
+ * g10/main.h (import_screener_t): New.
+ * g10/import.c (import): Add screener callbacks to param list.
+ (import_one): Ditto.
+ (import_secret_one): Ditto.
+ (import_keys_internal): Ditto.
+ (import_keys_stream): Ditto.
+ * g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
+ (keyserver_retrieval_screener): New.
+ (keyserver_get): Pass screener to import_keys_es_stream().
+
+ scd: Minor changes to app-sc-hsm.
+ + commit a61b28df1f29b1e306115282ec1ce580fa54945a
+ * scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
+ after xfree for improbed robustness.
+ (read_ef_prkd): Replace serial operator by blocks for better
+ readability.
+ (apply_PKCS_padding): Rewrite for easier auditing.
+ (strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN.
+
+ gpg: Disable an MD5 workaround for pgp2 by default.
+ + commit ae29b52119aa419989b773b2d6abb6e287dfc81b
+ * g10/sig-check.c (do_check): Move some code to ...
+ * g10/misc.c (print_md5_rejected_note): new function.
+ * g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
+ only if option --allow-weak-digest-algos is used.
+
+ gpg: Remove options --pgp2 and --rfc1991.
+ + commit 2b8d8369d59249b89526c18c5ac276e6445dc35e
+ * g10/gpg.c (oRFC1991, oPGP2): Remove
+ (opts): Remove --pgp2 and --rfc1991.
+ * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
+ (RFC2440, PGP2): Remove. Remove all code only enabled by these
+ conditions.
+ * tests/openpgp/clearsig.test: Remove --rfc1991 test.
+
+ build: Fix autogen.sh base version hack.
+ + commit 49c9a958e0b786850309bca555d4465c97d337e1
+ * autogen.sh <find-version>: Fix.
+
+ gpg: Remove --compress-keys and --compress-sigs feature.
+ + commit 71b55e91f02cdb65a8884892f71c4c7bf8a75247
+ * g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
+ (opts): Turn --compress-keys and --compress-signs in NOPs.
+ * g10/options.h (opt): Remove fields compress_keys and compress_sigs.
+ * g10/export.c (do_export): Remove compress_keys feature.
+ * g10/sign.c (sign_file): Remove compress_sigs feature.
+
+2014-08-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Add list-option "show-usage".
+ + commit 7d0492075ea638607309b3ea6a792b0e95ea7d98
+ * g10/gpg.c (parse_list_options): Add "show-usage".
+ * g10/options.h (LIST_SHOW_USAGE): New.
+ * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller.
+ * g10/keylist.c (list_keyblock_print): Print usage info.
+
+2014-08-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Make --with-colons work again for --search-keys.
+ + commit a57c33c855c6757c8770529ee71f0f90744cd7a6
+ * g10/keyserver.c (search_line_handler): Replace log_debug by
+ es_printf.
+
+2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit 2d9f76e07082fc231303ac2c6ae1aea3c98fa2e4
+
+
+2014-07-25 Werner Koch <wk@gnupg.org>
+
+ scd: Minor and editorial changes to app-sc-hsm.c.
+ + commit 2e936915cf2f830e60d974d607b08822645f5753
+ * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
+ (parse_certid): Remove useless test.
+ (send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
+ (do_getattr): Ditto.
+ (verify_pin): Use SW_ macro.
+ (do_decipher): Replace OFS variable and extend comment.
+
+ scd: Add a new status word code.
+ + commit e49c851ff54d5ecf856411bf6cdee721695ea172
+ * scd/apdu.h (SW_REF_DATA_INV): New.
+ * scd/apdu.c (apdu_strerror): Add string.
+
+2014-07-25 Andreas Schwier <andreas.schwier@cardcontact.de>
+
+ scd: Support for SmartCard-HSM.
+ + commit 8eb9224f32ddf1c9e1490c4d9688a177f8b6ae64
+ * scd/app-sc-hsm.c: New.
+ * scd/app.c (select_application, get_supported_applications): Register
+ new app.
+
+2014-07-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Switch to an EdDSA format with prefix byte.
+ + commit 557cc11a605dd280d03c52d8b546deed8c4c714d
+ * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
+
+2014-07-23 Werner Koch <wk@gnupg.org>
+
+ agent: Show just one warning with all failed passphrase constraints.
+ + commit b3378b3a56fc90ba8ae38e6298b23a378305af32
+ * agent/genkey.c (check_passphrase_constraints): Build a final warning
+ after all checks.
+
+ agent: Only one confirmation prompt for an empty passphrase.
+ + commit a24510d53bb23e3a680ed2c306e576268c07060d
+ * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
+ check to the front.
+
+ gpg: Add command --quick-gen-key.
+ + commit ea186540db5b418bc6f6e5ca90337672c9981c88
+ * g10/gpg.c (aQuickKeygen): New.
+ * g10/misc.c (is_valid_user_id): New stub.
+ * g10/keygen.c (quickgen_set_para): New.
+ (quick_generate_keypair): New.
+
+ common: Add cpr_get_answer_is_yes_def()
+ + commit 75127bc4561787aa9bc1cf976658e20192446d7f
+ * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
+ (cpr_get_answer_is_yes_def): ...new.
+
+ gpg: Make --quick-sign-key promote local key signatures.
+ + commit 17404b2fccbc74c4f0b2364cc08e9dcc64175cf8
+ * g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
+
+2014-07-22 Werner Koch <wk@gnupg.org>
+
+ scd: Do not use the pcsc-wrapper.
+ + commit bc6b452129178658da7241903ca2174c79281752
+ * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
+ * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
+ (gnupg_pcsc_wrapper_SOURCES): Remove.
+ (gnupg_pcsc_wrapper_LDADD): Remove.
+ (gnupg_pcsc_wrapper_CFLAGS): Remove.
+
+2014-07-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve --list-packets output for faulty packets.
+ + commit 5b34e347b612765f31061d077b7c343e08662ba9
+ * g10/parse-packet.c: Add list_mode output for certain failures.
+
+ gpg: Cap size of attribute packets at 16MB.
+ + commit bab9cdd971f35ff47e153c00034c95e7ffeaa09a
+ * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
+ size of packet.
+
+2014-07-03 Werner Koch <wk@gnupg.org>
+
+ Release 2.1.0-beta751.
+ + commit 5ae34f574baca2b98a09fd982c941855558408e1
+
+
+ gpg: Make show-uid-validity the default.
+ + commit 5214d8f02bf65fb0a4af15ff80cf1369ccd4c167
+
+
+ tests: Fix end-of-all-ticks test for Western locales.
+ + commit 3533860ee316918dd47501c53e910bfd0032b39d
+ * common/t-timestuff.c (test_timegm): Use timegm if available.
+ (main): Set TX to UTC if timegm is not available.
+
+2014-07-03 Kristian Fiskerstrand <kf@sumptuouscapital.com>
+
+ gpg: Spelling error.
+ + commit b51af333bdf77c042c9fe748616e80d1f5e4d3f9
+
+
+2014-06-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Auto-create revocation certificates.
+ + commit 03018ef9eec75e4d91ea53c95547a77dedef8f80
+ * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
+ * g10/revoke.c (create_revocation): Add arg "leadin".
+ (gen_standard_revoke): New.
+ * g10/openfile.c (get_openpgp_revocdir): New.
+ (open_outfile): Add MODE value 3.
+ * g10/keyid.c (hexfingerprint): New.
+ * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
+
+ estream: Fix minor glitch in "%.*s" format.
+ + commit aa5b4392aac99382d96be94782ae745e0a42484a
+ * common/estream-printf.c (pr_string): Take care of non-nul terminated
+ strings.
+
+ gpg: Rearrange code in gen_revoke.
+ + commit 3a01b220715b3d1a90d94353e4980ab5a1ea8f26
+ * g10/revoke.c (gen_revoke): Factor some code out to ...
+ (create_revocation): new.
+
+ gpg: Create exported secret files and revocs with mode 700.
+ + commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18
+ * common/iobuf.c (direct_open): Add arg MODE700.
+ (iobuf_create): Ditto.
+ * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
+ callers to pass 0 for it.
+ * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
+ arg.
+ * g10/export.c (do_export): Pass true for new arg if SECRET is true.
+
+ common: Minor code cleanup for a legacy OS.
+ + commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f
+ * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
+
+2014-06-27 Werner Koch <wk@gnupg.org>
+
+ speedo: Fix the w32 installer name.
+ + commit adad1872b448593275d8cae06dffe376bee067b5
+
+
+ po: Update some strings of the French (fr) translation.
+ + commit 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd
+
+
+ po: Update the German (de) translation.
+ + commit c2e3eb98884785e6794dc79c1a53d75945f4c1ab
+
+
+ agent: Adjust for changed npth_eselect under W32.
+ + commit a1dff86da8ebaab6e154360f538ca9d43a6c4934
+ * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
+ unsigned int to match the changed prototype.
+
+ dirmngr: Use the homedir based socket also under W32.
+ + commit 5e1f9b5e1427688ac340f0829e02bece7f0caf9c
+ * common/homedir.c (dirmngr_user_socket_name): Use same code for all
+ platforms.
+
+2014-06-27 Yuri Chornoivan <yurchor@ukr.net>
+
+ po: Update and enable Ukrainian (uk) translation.
+ + commit 2c4025576105a9deb78e1cfb22c11af4af09c4fa
+
+
+ Fix typos in messages.
+ + commit e56a2d6a56d95c0f169506a8dc74a845c22b699d
+
+
+2014-06-27 Werner Koch <wk@gnupg.org>
+
+ build: Remove unused options.
+ + commit 2540a4b674a17b45ec33f43f26e830e74ff0afed
+ * configure.ac: Remove option --build-agent-only.
+ (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
+ (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
+ SENDMAIL check.
+ (GPGKEYS_KDNS): Remove ac_subst.
+ * autogen.rc (final_info): Remove suggestion to use the removed option
+ --enable-mailto.
+
+2014-06-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add pinpad support for REINER SCT cyberJack go.
+ + commit 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8
+ * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
+ * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
+ VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
+
+2014-06-27 Werner Koch <wk@gnupg.org>
+
+ scd: Support reader Gemalto IDBridge CT30.
+ + commit 24be0f24d3a9325a04de10ae0e5e277bf28a74fe
+ * scd/ccid-driver.h (GEMPC_CT30): New product id.
+ * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
+ reader.
+
+2014-06-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Limit keysize for unattended key generation to useful values.
+ + commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380
+ * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
+ (gen_rsa): Enforce keysize 1024 to 4096.
+ (gen_dsa): Enforce keysize 768 to 3072.
+
+ Enable DNS SRV records again.
+ + commit c0d1e7fca95629e1cddd7d129fa51b9a6556cb70
+ * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
+ (use_dns_srv): Make test work.
+
+ agent: Fix export of RSA keys to OpenPGP.
+ + commit 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a
+ * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format
+ string.
+
+ gpg,gpgsm: Simplify wrong_args function.
+ + commit 572502bd2c0637429bca547ba882629640477495
+
+
+ speedo: "make clean-gnupg" may not remove the source.
+ + commit c029a184d6a1a96c6de234835fff97d4e946b19c
+ * build-aux/speedo.mk (clean-$(1)): Take care of gnupg.
+
+ gpgsm: Fix default config name.
+ + commit 2480b0253166712a2f20b92f34c8e4c2db0fc26f
+
+
+2014-06-25 Werner Koch <wk@gnupg.org>
+
+ doc: Improve the rendering of the manual.
+ + commit b5f95c1b566f9530127f3f34e10d120a951cf428
+
+
+ doc: Update for modern makeinfo.
+ + commit f149e05427a370f5985bc3fb142370b043f19924
+ * doc/texi.css: Remove.
+ * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
+
+ gpg: Allow key-to-card upload for cert-only keys.
+ + commit f171fd226e84311f92545ca0494771db07ba777d
+ * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
+
+2014-06-24 Werner Koch <wk@gnupg.org>
+
+ doc: Add conditionals for GnuPG-1.
+ + commit 2c8e00137a340d04f0836f75e138dd85f8c9eff7
+
+
+2014-06-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Make export of ECC keys work again.
+ + commit f4fcaa29367daacfe0ca209fa83dfa8640ace276
+ * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
+ of the curve parameters.
+ * g10/export.c (canon_pubkey_algo): Rename to ...
+ (canon_pk_algo): this. Support ECC.
+ (transfer_format_to_openpgp): Expect curve name.
+
+ gpg: Avoid infinite loop in uncompressing garbled packets.
+ + commit d6ca407a27877174c10adfae9dc601bea996cf27
+ * g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
+
+2014-06-17 Kristian Fiskerstrand <kf@sumptuouscapital.com>
+
+ gpg: Fix a couple of spelling errors.
+ + commit 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb
+
+
+2014-06-17 Werner Koch <wk@gnupg.org>
+
+ speedo: Support building from dist-source generated tarball.
+ + commit 47e63dc00169030b6ff01ab67e73e52aec1395db
+
+
+2014-06-13 Werner Koch <wk@gnupg.org>
+
+ http: Print human readable GNUTLS status.
+ + commit 5bf04522e353675e4c3eda118fee2580756704a2
+ * common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
+ (http_verify_server_credentials): Print a human readable status.
+
+2014-06-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve the output of --list-packets.
+ + commit d8314e31c58ea0827d0e2361dabcdf869ab08fce
+ * g10/parse-packet.c (parse): Print packet meta info in list mode.
+
+2014-06-11 Werner Koch <wk@gnupg.org>
+
+ speedo: Improve building of the w32 installer.
+ + commit 6eeb31abee82cb2016bf054cd302af64f6dfdc2e
+ * build-aux/speedo.mk: Change name of build directory to PLAY.
+ Improve the dist-source target.
+ * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
+ line (plus comment).
+ * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
+ Install more tools.
+
+2014-06-10 Werner Koch <wk@gnupg.org>
+
+ speedo: Revamped speedo and include a w32 installer.
+ + commit e06d5d1a3b4a5c446a27d64cd2da0e48ccec5601
+ * build-aux/speedo/: New.
+ * build-aux/speedo/w32/: New.
+
+ build: Add more options to autogen.sh.
+ + commit 0399d87f7aaf2f2126a63899004c5c7bffd4346b
+ * autogen.sh: Add options --print-host and --print-build.
+
+ w32: Fix build problem with dirmngr.
+ + commit 141d69cb2a94a752244e89f49611923a2f184dfd
+ * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement
+ constant.
+
+ gpg: Use more specific reason codes for INV_RECP.
+ + commit 45ed901c466bd72118c2844069f566e190d847d6
+ * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
+ reasons codes for INV_RECP.
+
+2014-06-06 Werner Koch <wk@gnupg.org>
+
+ Improve the beta number generation.
+ + commit b67e4e523e6d19d384e23c5bb03010caebd150e7
+ * autogen.sh: Add option --find-version
+ * configure.ac: Rework the setting of the mym4_ variables.
+
+2014-06-05 Werner Koch <wk@gnupg.org>
+
+ Remove keyserver helper code.
+ + commit 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4
+ * configure.ac: Remove keyserver helper related stuff.
+ * Makefile.am (SUBDIRS): Remove keyserver.
+ * keyserver/Makefile.am: Remove.
+
+ gpg: Require confirmation for --gen-key with experimental curves.
+ + commit 9c9e26d41e7d65711da8dbf1afa452254749621c
+ * g10/keygen.c (ask_curve): Add arg both. Require confirmation for
+ Curve25519.
+
+ gpg: Auto-migrate existing secring.gpg.
+ + commit 4f0625889b768eabdec52696bf15059a9e8d9c02
+ * g10/migrate.c: New.
+ * g10/import.c (import_old_secring): New.
+ (import_one): Add arg silent.
+ (transfer_secret_keys): Add arg batch.
+ (import_secret_one): Add args batch and for_migration.
+ * g10/gpg.c (main): Call migration function.
+
+2014-06-04 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Fix commit be07ed65.
+ + commit 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37
+ * sm/server.c (option_handler): Use "with-secret".
+
+2014-06-03 Werner Koch <wk@gnupg.org>
+
+ Add new option --with-secret.
+ + commit be07ed65e169a7ec3fbecdb1abf988fc0245d9ff
+ * g10/gpg.c: Add option --with-secret.
+ * g10/options.h (struct opt): Add field with_secret.
+ * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
+ and list_one.
+ (list_all, list_one): Add arg mark_secret.
+ (list_keyblock_colon): Add arg has_secret.
+ * sm/gpgsm.c: Add option --with-secret.
+ * sm/server.c (option_handler): Add option "with-secret".
+ * sm/gpgsm.h (server_control_s): Add field with_secret.
+ * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
+ the token string from the wrong field 14 to 15.
+
+ gpgsm: New commands --export-secret-key-{p8,raw}
+ + commit 0beec2f0f255a71f9d5a4a0729d0259f673e8838
+ * sm/gpgsm.c: Add new commands.
+ * sm/minip12.c (build_key_sequence): Add arg mode.
+ (p12_raw_build): New.
+ * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
+ (gpgsm_p12_export): Ditto.
+ (print_short_info): Print the keygrip.
+
+2014-06-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid NULL-deref in default key listing.
+ + commit 958e5f292fa3f8e127f54bc088c56780c564dcae
+ * g10/keyid.c (hash_public_key): Take care of NULL keys.
+ * g10/misc.c (pubkey_nbits): Ditto.
+
+ gpg: Simplify default key listing.
+ + commit f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0
+ * g10/mainproc.c (list_node): Rework.
+
+ gpg: Graceful skip reading of corrupt MPIs.
+ + commit d9cde7ba7d4556b216f062d0cf92d60cbb204b00
+ * g10/parse-packet.c (mpi_read): Change error message on overflow.
+
+ gpgsm: Handle re-issued CA certificates in a better way.
+ + commit 715285bcbc12c024dbd9b633805189c09173e317
+ * sm/certchain.c (find_up_search_by_keyid): Consider all matching
+ certificates.
+ (find_up): Add some debug messages.
+
+ gpgsm: Add a way to save a found state.
+ + commit 42c043a8ad542c131917879c9b458f234b4bb645
+ * kbx/keybox-defs.h (keybox_found_s): New.
+ (keybox_handle): Factor FOUND out to above. Add saved_found.
+ * kbx/keybox-init.c (keybox_release): Release saved_found.
+ (keybox_push_found_state, keybox_pop_found_state): New.
+
+ * sm/keydb.c (keydb_handle): Add field saved_found.
+ (keydb_new): Init it.
+ (keydb_push_found_state, keydb_pop_found_state): New.
+
+ gpg: Fix bug parsing a zero length user id.
+ + commit 99972bd6e9abea71f270284f49997de5f00208af
+ * g10/getkey.c (get_user_id): Do not call xmalloc with 0.
+
+ * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
+ pass 0 to the arguments.
+
+2014-05-19 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Print certificates on failed TLS verification.
+ + commit 9e1c99f8009f056c39a7465b91912c136b248e8f
+ * dirmngr/ks-engine-hkp.c (cert_log_cb): New.
+ (send_request): Set callback.
+
+ http: Add callback to help logging of server certificates.
+ + commit 45f15b2d767d4068f79fd5b123e9eeae08a0616d
+ * common/http.c (http_session_s): Add field cert_log_cb.
+ (http_session_set_log_cb): New.
+ (http_verify_server_credentials): Call callback.
+
+2014-05-16 Werner Koch <wk@gnupg.org>
+
+ keyserver: Improve support for hkps pools.
+ + commit d2d9d4fb60e3f2160af6252335364d3aac4b7d17
+ * dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
+ v6addr.
+ (create_new_hostinfo): Clear them.
+ (my_getnameinfo): Add args numeric and r_isnumeric.
+ (is_ip_address): New.
+ (map_host): Add arg r_host. Rewrite the code to handle pools in a
+ special way.
+ (ks_hkp_print_hosttable): Change format of help info output.
+ (make_host_part): Add arg optional r_httphost.
+ (send_request): Add arg httphost.
+ (ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
+ send_request.
+
+ http: Allow overriding of the Host header.
+ + commit 8b90d79818355b81ce223e1cb96cd0c939096fe2
+ * common/http.c (http_open): Add arg httphost.
+ (http_open_document): Pass NULL for httphost.
+ (send_request): Add arg httphost. If given, use HTTPHOST instead of
+ SERVER. Use https with a proxy if requested.
+ (http_verify_server_credentials): Do not stop at the first error
+ message.
+ * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
+ * keyserver/curl-shim.c (curl_easy_perform): Ditto.
+ * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+ * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
+
+2014-05-14 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix uninitialized access to search descindex with gpg keyboxes.
+ + commit 25036ec6abbc0c9d0003dcfe227724038c35a304
+ * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
+ both callers.
+ * g10/keydb.c (keydb_search): Always set DESCINDEX.
+
+ w32: Make make_absfilename work with drive letters.
+ + commit 71fa6a35107d4d4547eb9155d7c2612b6a6a16fb
+ * common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
+
+ gpg: Remove useless diagnostic in MDC verification.
+ + commit 455a4a2212302c05095e736b127f647e95714fe7
+ * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
+ MDC packer header and a bad MDC.
+
+ gpg: Fix glitch entering a full expiration time.
+ + commit b2945c451d3d3f25ba11a9fe88c6cbf3f88c2fb5
+ * g10/keygen.c (ask_expire_interval): Get the current time after the
+ prompt.
+
+2014-05-08 Werner Koch <wk@gnupg.org>
+
+ agent: Fix import of non-protected gpg keys.
+ + commit 4aeb02562c9db4b96366220b781e2b4fa2d6fd3b
+ * agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
+ non-protected keys.
+ (convert_from_openpgp_main): Do not call agent_askpin for a
+ non-protected key.
+
+ Make more use of *_NAME macros.
+ + commit cb2aeb4e1157fc0d7dc25d94115973422dc1a800
+ * configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
+ (GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
+ (DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
+ (GPGCONF_DISP_NAME): New.
+ (SCDAEMON_SOCK_NAME): New.
+ * common/argparse.c (show_help): Map description string.
+
+2014-05-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix auth key comment handling.
+ + commit fb24808db9af9dfe36f9f6d7fc24e0b903ecc12c
+ * agent/command-ssh.c (ssh_send_key_public): Handle the case with no
+ comment.
+
+2014-05-07 Werner Koch <wk@gnupg.org>
+
+ Make -jN work again.
+ + commit 57011da53e43f9c8a6c7e7314166c3e17ff8627a
+ * common/Makefile.am ($(PROGRAMS)): New rule
+ (t_http_LDADD): Use libcommontls.a without directory prefix.
+ * dirmngr/Makefile.am ($(PROGRAMS)): New rule.
+
+ gpg: Print the key algorithm/curve with signature info.
+ + commit 359c643d747c890f73f68b42e0aeb896016f05fd
+ * g10/mainproc.c (check_sig_and_print): Print the name and curve.
+
+ gpg: Fix memleak in signature verification of bogus keys.
+ + commit e73edfb1759d05121ea66f67c775e763bf47d737
+ * g10/mainproc.c (check_sig_and_print): Factor common code out to ...
+ (print_good_bad_signature): here.
+
+ gpg: Mark experimental algorithms in the key listing.
+ + commit 09055aa0f7993aaf4dcffdd80d8192945ae6080a
+ * g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
+ Print a note for experimental algorithms.
+ * g10/misc.c (print_pubkey_algo_note): Fix warning message.
+
+ gpg: Finish experimental support for Ed25519.
+ + commit 8fee6c1ce6d116fe7909dbe1184d95bc91305484
+ * agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
+ (get_keygrip): Add and use arg CURVE.
+ (convert_secret_key): Ditto.
+ (convert_transfer_key): Ditto.
+ (get_npkey_nskey): New.
+ (prepare_unprotect): Replace gcrypt functions by
+ get_npkey_nskey. Allow opaque MPIs.
+ (do_unprotect): Use CURVE instead of parameters.
+ (convert_from_openpgp_main): Ditto.
+ (convert_to_openpgp): Simplify.
+ * g10/import.c (one_mpi_from_pkey): Remove.
+ (transfer_secret_keys): Rewrite to use the curve instead of the
+ parameters.
+ * g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
+
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
+ "NIST P-256" et al.
+ * g10/keygen.c (ask_curve): Add arg ALGO.
+ (generate_keypair): Rewrite the ECC key logic.
+
+ * tests/openpgp/ecc.test: Provide the "ecc" passphrase.
+
+ kbx: Add experimental support for EDDSA.
+ + commit bdb9c2b314400da9155b8a924e22e486793dda89
+ * kbx/keybox-openpgp.c (parse_key): Use algo constants and add
+ experimental support for EdDSA.
+
+ agent: Remove greeting message.
+ + commit a63ed9875830e5b3b4d48b7d97d24c18de36b326
+ * agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a
+ dummy.
+
+2014-05-06 Werner Koch <wk@gnupg.org>
+
+ Use "samethread" mode keyword for some es_fopenmem.
+ + commit 6477e51919ef97f0f9cc05d10cdc7aa2b89faafe
+ * dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
+ * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
+ * scd/atr.c (atr_dump): Ditto.
+
+2014-05-05 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Add support for hkps keyservers.
+ + commit 60e2fc7d38d8b37d1de944cf230e410c2ce37d5e
+ * dirmngr/dirmngr.c: Include gnutls.h.
+ (opts): Add --gnutls-debug and --hkp-cacert.
+ (opt_gnutls_debug, my_gnutls_log): New.
+ (set_debug): Set gnutls log level.
+ (parse_rereadable_options): Register a CA file.
+ (main): Init GNUTLS.
+ * dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
+ (send_request): Ditto.
+
+ http: Add reference counting to the session object.
+ + commit ea0f5481f01eacedff264bf08144164aa989ec4d
+ * common/http.c (http_session_t): Add field "refcount".
+ (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
+ (send_request, my_npth_read, my_npth_write): Use SOCK object for the
+ transport ptr.
+ (http_session_release): Factor all code out to ...
+ (session_unref): here. Deref SOCK.
+ (http_session_new): Init refcount and transport ptr.
+ (http_session_ref): New. Ref and unref all assignments.
+
+2014-05-02 Werner Koch <wk@gnupg.org>
+
+ http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
+ + commit 0e59195642eb26263b8e0b9200290538631d35cd
+ * common/http.c (http_parse_uri): Factor code out to ...
+ (parse_uri): here. Add arg FORCE_TLS.
+ (do_parse_uri): Ditto. Implement flag.
+ (http_get_tls_info): New.
+ (http_register_tls_ca): Allow clearing of the list.
+ (send_request): Use a default verification function.
+ * common/http.h (HTTP_FLAG_FORCE_TLS): New.
+ * common/t-http.c (main): Add several command line options.
+
+ common: Fix test for openpgp_oid_is_ed25519.
+ + commit 2def230231abd34f6012df284ab468321ffedc10
+ * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
+ value.
+
+ http: Revamp TLS API.
+ + commit 8412a5825c225c8ff14de3ffaad2e55e040b2eca
+ * configure.ac (NEED_GNUTLS_VERSION): New.
+ (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
+
+ * common/http.h (http_session_t): New.
+ * common/http.c: Remove compatibility for gnutls < 3.0.
+ (http_session_s): New.
+ (cookie_s): Replace gnutls_session_t by http_session_t.
+ (tls_callback, tls_ca_certlist): New variables.
+ (my_socket_unref): Add preclose args.
+ (my_npth_read, my_npth_write): New.
+ (make_header_line): Fix bug using int* instead of char*.
+ (http_register_tls_callback): New.
+ (http_register_tls_ca): New.
+ (http_session_new): New.
+ (http_session_release): New.
+ (http_get_header_names): New.
+ (escape_data): Add hack to escape in forms mode.
+ (send_request) [HTTP_USE_GNUTLS]: Support SNI.
+ (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
+ (send_gnutls_bye): New.
+ (cookie_close): Make use of preclose feature.
+ (http_verify_server_credentials): New.
+ (main) [TEST]: Remove test code.
+ * common/t-http.c: New.
+ * common/tls-ca.pem: New.
+ * common/Makefile.am (tls_sources): New. Move http code to here.
+ (libcommontls_a_SOURCES): New.
+ (libcommontlsnpth_a_SOURCES): New.
+ (EXTRA_DIST): Add tls-ca.pem
+ (module_maint_tests): Add t-http.
+ (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
+
+ * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
+
+ common: Cleanup the use of USE_NPTH and HAVE_NPTH macros.
+ + commit 84289e85c72ae58c321dfdb96816700a6b7f7122
+ * configure.ac (HAVE_NPTH): New ac_define.
+ * common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
+ * common/http.c: Ditto. Replace remaining calls to pth by npth calls.
+ (connect_server): Remove useless _().
+ * common/exechelp-posix.c, common/exechelp-w32.c
+ * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
+ * common/init.c (_init_common_subsystems): Remove call to pth_init.
+ * common/sysutils.c (gnupg_sleep): Use npth_sleep.
+ * scd/ccid-driver.c (my_sleep): Ditto.
+
+2014-04-30 Werner Koch <wk@gnupg.org>
+
+ estream: Implement "samethread" mode keyword.
+ + commit 8416c875a729426eae05ed1ca9f1ebcb933c246a
+ * src/estream.c (estream_internal): Add field SAMETHREAD.
+ (init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
+ (parse_mode): Add arg SAMETHREAD and parse that keyword.
+ (es_initialize): Rename to ...
+ (init_stream_obj): this. Add arg SAMETHREAD.
+ (es_create): Add arg SAMETHREAD. Call init_stream_lock after
+ init_stream_obj.
+ (doreadline): Call es_create with samethread flag.
+ (es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
+ (do_fpopen, do_w32open): Implement "samethread" keyword.
+ (es_freopen): Take samthread flag from old stream.
+ (es_tmpfile): Call es)_create w/o samethread.
+
+ estream: Fix deadlock in es_fileno.
+ + commit ecea94461ed40f3f6ef662c2501e1d56ec284022
+ * src/estream.c (es_fileno_unlocked): Call the unlocked functions.
+
+ estream: Add debug code to the lock functions.
+ + commit aeb81727c77dfea3bf5d2d689ffbdc897f2938a7
+ * common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.
+
+ estream: Replace locking macros by functions.
+ + commit 39e91a5f0a666aad2fef7a840b2cd03949bb1be4
+ * common/estream.c: Replace most macros.
+
+2014-04-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ ECC Fixes.
+ + commit 21dab64030c95a909767bf6d8f99e8476f9df8a2
+ * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
+ (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
+ does not distinguish the detail.
+ (do_unprotect, convert_from_openpgp_main): Don't call
+ map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
+ not the value defined by OpenPGP.
+ (convert_to_openpgp): It's "ecc".
+ * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
+ * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
+ * g10/pubkey-enc.c (get_it): Fix swapping the fields error.
+
+2014-04-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Pass --homedir to gpg-agent.
+ + commit fdd938a5bbecb5b70f564ae3afb4e17905404bb2
+ * agent/gpg-agent.c (main): Make sure homedir is absolute.
+ * common/asshelp.c (lock_spawning): Create lock file with an absolute
+ name.
+ (start_new_gpg_agent): Use an absolute name for the socket and pass
+ option --homedir to the agent.
+ (start_new_dirmngr): Use an absolute name for the --homedir.
+
+ common: Add functions make_absfilename and make_absfilename_try.
+ + commit 71a54313adf7b57b7b27bb9ad07b142a34306260
+ * common/stringhelp.c (do_make_filename): Add modes 2 and 3.
+ (make_absfilename): New.
+ (make_absfilename_try): New.
+
+ common: Add function gnupg_getcwd.
+ + commit 1a87edab6657a257876ab2f8790f2937feba7066
+ * tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
+ * common/sysutils.c (gnupg_getcwd): .. here.
+ * tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
+
+ gpg: Print a warning if GKR has hijacked gpg-agent.
+ + commit ffa39be5ebfc1059a737905ee317c9b6f3d2a77e
+ * g10/call-agent.c (check_hijacking): New.
+ (start_agent): Call it.
+ (membuf_data_cb, default_inq_cb): Move more to the top.
+
+2014-04-17 Werner Koch <wk@gnupg.org>
+
+ gpg: New %U expando for the photo viewer.
+ + commit e184a11f94e2d41cd9266484542631bec23628b5
+ * g10/photoid.c (show_photos): Set namehash.
+ * g10/misc.c (pct_expando): Add "%U" expando.
+
+ common: Add z-base-32 encoder.
+ + commit b8a91ebf46a927801866e99bb5a66ab00651424e
+ * common/zb32.c: New.
+ * common/t-zb32.c: New.
+ * common/Makefile.am (common_sources): Add zb82.c
+ (module_tests): Add t-zb32.
+
+2014-04-16 Werner Koch <wk@gnupg.org>
+
+ Two minor code cleanups and one NULL deref on error fix.
+ + commit a34afa8f2053d75f276d6d28dbf1a43db0fd9768
+ * common/estream.c (es_freopen): Remove useless check for STREAM.
+ * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
+ for BLOB.
+ * tools/sockprox.c (run_proxy): Do not fclose(NULL).
+
+2014-04-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Re-enable secret key deletion.
+ + commit db3b528239c9d56bc71fd2283e07a3f1d91e4fd0
+ * g10/call-agent.c (agent_delete_key): New.
+ * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
+ * g10/passphrase.c (gpg_format_keydesc): Support new format.
+ * g10/delkey.c (do_delete_key): Add secret key deletion.
+
+ gpg: Re-indent a file.
+ + commit d25d00b89efed461d344028d0e2e2be38cc77628
+ * g10/delkey.c: Re-indent.
+ (do_delete_key, delete_keys): Change return type top gpg_error_t.
+
+ gpg: Fix regression in secret key export.
+ + commit c4d983239a3f0a18c77f0a5aeba520a81a1b86e8
+ * agent/cvt-openpgp.c (convert_to_openpgp): Fix use
+ gcry_sexp_extract_param.
+ * g10/export.c (do_export_stream): Provide a proper prompt to the
+ agent.
+
+ gpg: Change pinentry prompt to talk about "secret key".
+ + commit e549799db66be30cdd68a3e6cdca9c6a050466d1
+ * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
+ * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
+ (FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
+
+ agent: Add command DELETE_KEY.
+ + commit e3a4ff89a0b106e678bf9d0a4d47917123071140
+ * agent/command.c (cmd_delete_key): New.
+ * agent/findkey.c (modify_description): Add '%C' feature.
+ (remove_key_file): New.
+ (agent_delete_key): New.
+ * agent/command-ssh.c (search_control_file): Make arg R_DISABLE
+ optional.
+
+ * configure.ac: Require libgpg-error 1.13.
+
+2014-04-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: EdDSA support.
+ + commit 3132bd90dc8db9c7fd19ba201918e95891306dc5
+ * scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
+ (struct app_local_s): Add eddsa.
+ (get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
+ (get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
+ (send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
+ (build_ecc_privkey_template): Rename as it supports both of
+ ECDSA and EdDSA.
+ (ecc_writekey): Rename. Support CURVE_ED25519, too.
+ (do_writekey): Follow the change of ecc_writekey.
+ (do_auth): Support KEY_TYPE_EDDSA.
+ (parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
+ (parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
+
+2014-04-08 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix compiler warning.
+ + commit db85feceaf43ebd6d44421bb14fcb60495804ae0
+ * common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
+ * dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
+ (time_for_housekeeping_p): new.
+
+ gpgconf: Add command --launch.
+ + commit b4cf4686f7349be9558217f20e51157398cd88a0
+ * tools/gpgconf.c: Add command --launch.
+ * tools/gpgconf-comp.c (gc_component_launch): New.
+
+ scd: Silent compiler warnings about unused variables.
+ + commit 36dfc37e438660632d3a2bf5d5526be9005fa8c5
+ * scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
+ (ecdh_writekey): Mark unused args.
+
+2014-04-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support EdDSA.
+ + commit 5ff6d0c25e6d0f422b17809b954e9e87cb137347
+ * agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
+
+ g10: EdDSA support.
+ + commit 40c3b0741e593d0658dda0c707c4f32e80648dd1
+ * g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
+ * g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
+ * common/openpgp-oid.c (oid_ed25519): Update.
+
+2014-04-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: EdDSA support for SSH.
+ + commit 513c67b7461a2451247ef2b2fc64e0470a16edf1
+ * agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
+ two 32-byte opaque data which should not be interpreted as number.
+
+2014-03-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Add commands --quick-sign-key and --quick-lsign-key.
+ + commit b6786cc3ec0bb582323adf94c2ee624bcfbeb466
+ * g10/gpg.c (main): Add commands --quick-sign-key and
+ --quick-lsign-key.
+ * g10/keyedit.c (sign_uids): Add args FP and QUICK.
+ (keyedit_quick_sign): New.
+ (show_key_with_all_names): Add arg NOWARN.
+
+ Change some keyedit functions to allow printing to arbitrary streams.
+ + commit 4f50ec98ddd57253cae66e2321f0cc98ee189a09
+ * common/ttyio.c (tty_print_string): Add optional arg FP. Change all
+ callers.
+ (tty_print_utf8_string2): Ditto.
+ * g10/keyedit.c (show_prefs): Ditto.
+ (show_key_with_all_names_colon): Ditto.
+ (show_names): Ditto.
+ * g10/keylist.c (print_revokers): Ditto.
+ (print_fingerprint): Ditto.
+
+2014-03-23 Werner Koch <wk@gnupg.org>
+
+ agent: Replace es_mopen by es_fopenmem for ssh.
+ + commit 5c2a50cdc90e85b1fc380851ccfbe9186969b658
+ * agent/command-ssh.c (ssh_read_key_public_from_blob): Use
+ es_fopenmem.
+ (ssh_handler_request_identities): Ditto.
+ (ssh_request_process): Ditto.
+
+2014-03-22 Werner Koch <wk@gnupg.org>
+
+ agent: Put ssh key type as comment into sshcontrol.
+ + commit fc3e70c11342267c1062e4244955d19ecd72e0f6
+ * agent/command-ssh.c (ssh_key_type_spec): Add field name.
+ (ssh_key_types): Add human readable names.
+ (add_control_entry): Add arg SPEC and print key type as comment.
+ (ssh_identity_register): Add arg SPEC.
+ (ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
+
+ agent: Support the Ed25519 signature algorithm for ssh.
+ + commit 072432883ededa15bf35f80102e0572746ba4af1
+ * agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
+ (ssh_key_types): Add entry for ssh-ed25519.
+ (ssh_identifier_from_curve_name): Move to the top.
+ (stream_read_skip): New.
+ (stream_read_blob): New.
+ (ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
+ the s-exp parsing to here.
+ (ssh_signature_encoder_dsa): Ditto.
+ (ssh_signature_encoder_ecdsa): Ditto.
+ (ssh_signature_encoder_eddsa): New.
+ (sexp_key_construct): Rewrite.
+ (ssh_key_extract): Rename to ...
+ (ssh_key_to_blob): .. this and rewrite most of it.
+ (ssh_receive_key): Add case for EdDSA.
+ (ssh_convert_key_to_blob, key_secret_to_public): Remove.
+ (ssh_send_key_public): Rewrite.
+ (ssh_handler_request_identities): Simplify.
+ (data_sign): Add rename args. Add new args HASH and HASHLEN. Make
+ use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs
+ which is now doe in the sgnature encoder functions.
+ (ssh_handler_sign_request): Take care of Ed25519.
+ (ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
+
+ agent: Cleanups to prepare implementation of Ed25519.
+ + commit a77ed0f266d03e234027dda4de5a7f3dd6787b1e
+ * agent/cvt-openpgp.c: Remove.
+ (convert_to_openpgp): Use gcry_sexp_extract_param.
+ * agent/findkey.c (is_eddsa): New.
+ (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
+ * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
+ OVERRIDEDATALEN.
+
+ * common/ssh-utils.c (is_eddsa): New.
+ (get_fingerprint): Take care or EdDSA.
+
+2014-03-18 Werner Koch <wk@gnupg.org>
+
+ tools: Fix NULL deref in gpg-connect-agent.
+ + commit 6376227a31b3076321ce16ad626b333057bda53d
+ * tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to
+ strlen.
+
+ dirmngr: Resurrect hosts in the HKP hosttable.
+ + commit 6c058fac65c7e9d1ffb72686f0f02644f172da22
+ * dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
+ (housekeeping_thread): New.
+ (handle_tick): Call new function.
+ * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
+ (struct hostinfo_s): Add field died_at and set it along with the dead
+ flag.
+ (ks_hkp_print_hosttable): Print that info.
+ (ks_hkp_housekeeping): New.
+
+ common: New function elapsed_time_string.
+ + commit 04e304278c9302831bc81e7fe9049c588ead029a
+ * common/gettime.c (elapsed_time_string): New.
+
+2014-03-17 Werner Koch <wk@gnupg.org>
+
+ gpg: Reject signatures made with MD5.
+ + commit f90cfe6b66269de0154d810c5cee1fe9a5af475c
+ * g10/gpg.c: Add option --allow-weak-digest-algos.
+ (main): Set option also in PGP2 mode.
+ * g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
+ * g10/sig-check.c (do_check): Reject MD5 signatures.
+ * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
+
+ gpg: Make --auto-key-locate work again with keyservers.
+ + commit 1e2e39c5758ffaf62f8bb85b4a86dc49c41f3a68
+ * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
+ * g10/keyserver.c (keyserver_import_name): Implement.
+ (keyserver_get): Use exact mode for name based import.
+ (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
+
+ gpg: New mechanism "clear" for --auto-key-locate.
+ + commit 1d642d3ca890daa65ee5dd949a00747da6b49015
+ * g10/getkey.c (parse_auto_key_locate): Implement "clear".
+
+2014-03-14 Werner Koch <wk@gnupg.org>
+
+ gpg-connect-agent: Make it easier to connect to the dirmngr.
+ + commit 2223eaefaf53aa7217ac593b83e4294148a4db5d
+ * tools/gpg-connect-agent.c: Add options --dirmngr and
+ --dirmngr-program.
+
+ dirmngr: Make use of IPv4 and IPV6 more explicit.
+ + commit 59b4fb5f4927908af06bb80ecd86adbf6e54ba14
+ * common/http.c (connect_server): Handle the new flags.
+ * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
+ * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
+ (make_host_part): Ditto.
+ (send_request): Add arg httpflags.
+ (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
+
+ dirmngr: Do not use brackets around legacy IP addresses.
+ + commit d7fbefeb82833db9eea8b15dc7889ecf0b7ffab4
+ * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
+ complete addrinfo. Bracket only v6 addresses. Change caller.
+
+ gpg: Print the actual used keyserver address.
+ + commit a401f768ca8e218eef7a5c87a8f99cb1d6b4aaeb
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
+ status lines.
+ * g10/call-dirmngr.c (ks_status_parm_s): New.
+ (ks_search_parm_s): Add field stparm.
+ (ks_status_cb): New.
+ (ks_search_data_cb): Send source to the data callback.
+ (gpg_dirmngr_ks_search): Change callback prototope to include the
+ SPECIAL arg. Adjust all users. Use ks_status_cb.
+ (gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
+ * g10/keyserver.c (search_line_handler): Adjust callback and print
+ "data source" disgnostic.
+ (keyserver_get): Print data source diagnostic.
+
+ dirmngr: Default to a user socket name and enable autostart.
+ + commit 5d321eb00be0774418de1a05678ac0ec44d7193b
+ * common/homedir.c (dirmngr_socket_name): Rename to
+ dirmngr_sys_socket_name.
+ (dirmngr_user_socket_name): New.
+ * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
+ socket.
+ * dirmngr/dirmngr.c (main): Ditto.
+ * dirmngr/server.c (cmd_getinfo): Ditto.
+ * sm/server.c (gpgsm_server): Ditto.
+ * dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
+ * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.
+
+ * configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
+
+2014-03-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Add option --dirmngr-program.
+ + commit 6dd5d99a61f24aff862ccba9f7410d7f1af87c05
+ * g10/gpg.c: Add option --dirmngr-program.
+ * g10/options.h (struct opt): Add field dirmngr_program.
+ * g10/call-dirmngr.c (create_context): Use new var.
+
+ * dirmngr/dirmngr.c: Include gc-opt-flags.h.
+ (main): Remove GC_OPT_FLAG_*.
+ * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
+ * common/gc-opt-flags.h: here.
+
+ dirmngr: Detect dead keyservers and try another one.
+ + commit fb56a273b1f2b3a99dc1d1a0850378ab7625e6b9
+ * dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
+ (ks_action_search, ks_action_put): Ditto.
+ (ks_action_get): Consult only the first server which retruned some
+ data.
+
+ * dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
+ (map_host): Add arg CTRL and call dirmngr_tick.
+ (make_host_part): Add arg CTRL.
+ (mark_host_dead): Allow the use of an URL.
+ (handle_send_request_error): New.
+ (ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
+ error.
+
+ http: Add a flag to the URL parser indicating a literal v6 address.
+ + commit 3d9e0eb02ce2b2e153e25deb0fc4b27b45f5026a
+ * common/http.h (struct parsed_uri_t): Add field v6lit.
+ * common/http.c (do_parse_uri): Set v6lit.
+
+2014-03-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: writekey support of ECC.
+ + commit 781b94174310dceffa075719420b74b29fe41764
+ * scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
+ (store_fpr): Support ECC keys with varargs.
+ (get_ecc_key_parameters, get_curve_name): Support secp256k1.
+ (parse_ecc_curve): Likewise.
+ (build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
+ (ecdh_writekey): New. Not implemented yet.
+ (do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
+ (do_genkey): Follow the change of store_fpr.
+
+2014-03-11 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Put brackets around IP addresses in the hosttable.
+ + commit 0b2cca807d5a4a3664145032271141da853e7bac
+ * dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
+ (my_getnameinfo): New.
+ (map_host): Use it.
+
+ dirmngr: Add command option to mark hosts as dead or alive.
+ + commit a3dee2889106fcab112c1c96b32e04d8154875e7
+ * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
+ (check_owner_permission): here.
+ (cmd_keyserver): Add options --dead and --alive.
+ * dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
+ (ks_hkp_mark_host): New.
+
+ dirmngr: Make Assuan output of keyblocks easier readable.
+ + commit 71b55c945542e695161ddbd783f87c5f534012a5
+ * dirmngr/server.c (data_line_cookie_write): Print shorter data lines
+ in verbose mode.
+
+ dirmngr: Fix HKP host selection code.
+ + commit 3c35b46a32ac7584f3807b611cde78b199c527d6
+ * dirmngr/server.c (cmd_keyserver): Add option --resolve and change
+ --print-hosttable to --hosttable.
+ * dirmngr/ks-action.c (ks_printf_help): New.
+ (ks_action_resolve): New.
+ * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
+ (ks_hkp_print_hosttable): Print to assuan stream.
+ (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric
+ IP addr if it can't be resolved.
+ (make_host_part): Add arg FORCE_SELECT; change callers to pass false.
+ (ks_hkp_resolve): New.
+
+ List readline support in configure summary.
+ + commit f30d8b018871495327cbf711b73b04278a34f3e1
+ * m4/readline.m4: Set gnupg_cv_have_readline.
+ * configure.ac: Add readline support to summary output.
+
+2014-03-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: API change of agent_key_from_file.
+ + commit ac5a1a3ccb7c3e6393bc83d73b545dec9b70e7d1
+ * agent/findkey.c (agent_key_from_file): Always return S-expression.
+ * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
+ (cmd_export_key): Likewise. Free SHADOW_INFO.
+ (cmd_keytocard): Likewise. Release S_SKEY.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
+ * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to
+ know the key type.
+
+2014-03-10 Werner Koch <wk@gnupg.org>
+
+ Backport useful code from fixes for bug 1447.
+ + commit 57d26f39afb3c75e24a8d240d7af32b9d2b9775a
+ * configure.ac: Cehck for inet_ntop.
+ * m4/libcurl.m4: Provide a #define for the version of the curl
+ library.
+
+ scd: acquire lock in new_reader_slot.
+ + commit 9ab9f414fb919f0bc87c301c3e36180715d0aa4e
+ * scd/apdu.c (new_reader_slot): Acquire lock.
+ (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
+ (open_ccid_reader, open_rapdu_reader): Release lock.
+ (lock_slot, trylock_slot, unlock_slot): Move more to the top.
+
+ Do not require libiconv for Android.
+ + commit b278043a8f38e2706ccf617d2ac5661b33791d6b
+ * configure.ac (require_iconv): New. Set to false for android.
+ (AM_ICONV): Run only if required.
+
+2014-03-07 Werner Koch <wk@gnupg.org>
+
+ dirmmgr: Use a portability wrapper for struct timeval.
+ + commit feda379595e06583bc5b3610dec74890de29cb8e
+ * dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
+ (my_ldap_timeval_t): New.
+
+ Silence more warnings about unused vars and args.
+ + commit 4387ecb11cdb2addf738eb922c1b9f14c6c76efc
+ * dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
+ * dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
+ * dirmngr/dirmngr.c (w32_service_control): Mark unused args.
+ (call_real_main): New.
+ (main) [W32]: Use new function to match prototype.
+ (real_main) [W32]: Mark unused vars.
+ (handle_signal) [W32]: Do not build the function at all.
+ (handle_connections) [W32]: Do not define signo.
+ * dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
+ * g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
+
+ dirmngr: Simplify strtok macro.
+ + commit 35266076e3452590931e58f188815859dff6de3c
+ * dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
+ (ldap_str2charray): Remove lasts.
+
+ Use attribute __gnu_printf__ also in estream header files.
+ + commit 72133b54de89e593d8193b106e9369cf90d2e1c0
+ * common/estream-printf.h: Use attribute gnu_printf.
+ * common/estream.h: Ditto.
+
+ Use attribute __gnu_printf__ with our estream-printf functions.
+ + commit 36372dcb2f75a659b7ace0e9c46f07bb431d009c
+ * common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
+ (JNLIB_GCC_A_NR_PRINTF): Ditto.
+
+ w32: Silence warnings about unused vars.
+ + commit 094aa2589e3920d400be93ae2823a6c4b23db623
+ * agent/gpg-agent.c (main) [W32]: Mark unused vars.
+ * sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
+ * g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
+ * scd/scdaemon.c (main) [W32]: Ditto.
+ (handle_connections) [W32]: Ditto.
+ (handle_signal) [W32]: Do not build the function at all.
+ * scd/apdu.c (pcsc_send_apdu_direct): Ditto.
+ (connect_pcsc_card): s/long/pcsc_dword_t/.
+ (open_pcsc_reader_direct): Remove var listlen.
+
+ w32: Fix a potential problem in gpgconf's gettext.
+ + commit a0fc42598f51ef4a958fc3c2fed7f4b8df2da3fd
+ * tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure
+ to return something even DOMAIN is not given.
+
+ Silence several warnings when building under Windows.
+ + commit 3032fc3ad78ac9ed857570844547afed520d635a
+ * agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
+ (start_pinentry): Ditto.
+ * common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
+ * common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
+ prototypes on Windows and some other platforms.
+ * common/logging.c (fun_writer): Declare addrbuf only if needed.
+ * g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
+ * g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
+ mode.
+ * g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
+ by -1 as temporary hack for Windows.
+ * g10/export.c (do_export): Ditto.
+ * g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
+ * g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
+ * g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
+
+ w32: Include winsock2.h to silence warnings.
+ + commit cb0dcc340836a64e2d33b27f1be7bc888c084f12
+
+
+ gl: Avoid warning about shadowing an arg.
+ + commit 84fd36f8baa2b800ea47ff74935f5aaf0e55c299
+ * gl/setenv.c (KNOWN_VALUE): s/value/_v/.
+
+ common: Fix build problem with Sun Studio compiler.
+ + commit 0fc71f7277c6f833f838bbd384f1a22d0c333e8e
+ * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
+ functions.
+ (ESTREAM_MUTEX_INITIALIZE): Ditto.
+
+ gpg: Do not require a trustdb with --always-trust.
+ + commit d8f0b83e4f04641e5e9adbdd8abada15380f981c
+ * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
+ * g10/trustdb.c (trustdb_args): Add field no_trustdb.
+ (init_trustdb): Set that field.
+ (revalidation_mark): Take care of a nonexistent trustdb file.
+ (read_trust_options): Ditto.
+ (tdb_get_ownertrust): Ditto.
+ (tdb_get_min_ownertrust): Ditto.
+ (tdb_update_ownertrust): Ditto.
+ (update_min_ownertrust): Ditto.
+ (tdb_clear_ownertrusts): Ditto.
+ (tdb_cache_disabled_value): Ditto.
+ (tdb_check_trustdb_stale): Ditto.
+ (tdb_get_validity_core): Ditto.
+ * g10/gpg.c (main): Do not create a trustdb with most commands for
+ trust-model always.
+
+ gpg: Print a "not found" message for an unknown key in --key-edit.
+ + commit dfb25d47a9fcfd7c7c084ea58744724cd5315086
+ * g10/keyedit.c (keyedit_menu): Print message.
+
+ gpg: Protect against rogue keyservers sending secret keys.
+ + commit db1f74ba5338f624f146a3cb41a346e46b15c8f9
+ * g10/options.h (IMPORT_NO_SECKEY): New.
+ * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
+ flag.
+ * g10/import.c (import_secret_one): Deny import if flag is set.
+
+ agent: Fix UPDATESTARTUPTTY for ssh.
+ + commit 90688b29f3701f4d3e2a5a49c5544fe8d2a84b2d
+ * agent/command-ssh.c (setup_ssh_env): Fix env setting.
+
+ gpgv: Init Libgcrypt to avoid syslog warning.
+ + commit 7c4bfa599fa69c3a942c8deea83737a4c5a0806e
+ * g10/gpgv.c (main): Check libgcrypt version and disable secure
+ memory.
+
+ Improve libcurl detection.
+ + commit 5ca482d5f949444ffd453de158ee186ab07fc9b6
+ * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
+ given. Suggested by John Marshall.
+
+ gpg: Remove legacy keyserver examples from the template conf file.
+ + commit 0ab752cc2d46bbd0077bed889676169b7aeb1eb6
+ * g10/options.skel: Update.
+
+ (cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)
+
+ w32: Define WINVER only if needed.
+ + commit 76b1940ad6f5f058c4a6bec35902da9f6d4e27b0
+ * common/sysutils.c (WINVER): Define only if less that 5.0.
+
+ w32: Remove unused code.
+ + commit 63b7658a29809249d7aeb0423bf8c5a693eee0c7
+ * jnlib/w32-reg.c (write_w32_registry_string): Remove.
+
+ agent: Make --allow-mark-trusted the default.
+ + commit 9942a149ff2ab919c1b2916c7bc347e578a56b14
+ * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
+ Put this option into the gpgconf-list.
+ (main): Enable opt.allow_mark_trusted by default.
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
+ allow-mark-trusted by no-allow-mark-trusted.
+
+ * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.
+
+ ssh: Add support for Putty.
+ + commit 5105c8d2d344fd7301d456d8c13c7e90a54f7e98
+ * agent/gpg-agent.c [W32]: Include Several Windows header.
+ (opts): Change help text for enable-ssh-support.
+ (opts, main): Add option --enable-putty-support
+ (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
+ (agent_init_default_ctrl): Add and asssert call.
+ (putty_message_proc, putty_message_thread): New.
+ (handle_connections) [W32]: Start putty message thread.
+ * common/sysutils.c (w32_get_user_sid): New for W32 only
+ * tools/gpgconf-comp.c (gc_options_gpg_agent): Add
+ --enable-ssh-support and --enable-putty-support. Make the
+ configuration group visible at basic level.
+ * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
+
+ agent: Fix binary vs. text mode problem in ssh.
+ + commit 179012ddd48e63ca83e8f5c24537a2db45c3e122
+ * agent/command-ssh.c (file_to_buffer)
+ (ssh_handler_request_identities): Open streams in binary mode.
+ (start_command_handler_ssh): Factor some code out to ..
+ (setup_ssh_env): new function.
+
+ Fix syntax error for building on APPLE.
+ + commit 4ad123d6fe341da7768e43360375e17fa89e8e0d
+ * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
+
+ Ignore obsolete option --disable-keypad.
+ + commit d2a6be24af0bf220bb448fdd50c0196faddee0f4
+ * scd/scdaemon.c (opts): Ignore --disable-keypad.
+
+ Allow marking options as ignored.
+ + commit 8fc9de8d6bf663f7c8419b42dab01f590a694d59
+ * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
+ (ARGPARSE_TYPE_MASK): New, for internal use.
+ (ARGPARSE_ignore): New.
+ * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
+ constants by macros.
+ (optfile_parse): Implement ARGPARSE_OPT_IGNORE.
+ (arg_parse): Exclide ignore options from --dump-options.
+
+2014-03-06 Werner Koch <wk@gnupg.org>
+
+ common: Fix recent commit 55656208.
+ + commit 191e32026f02054b1edb4f02536875462fd0b6b3
+ * common/membuf.c (get_membuf_shrink): Fix use of LEN.
+
+2014-03-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix g10/trust.c.
+ + commit 5ed8e9335fb886d7ddc86728d8481e5e47485531
+ * g10/trust.c (register_trusted_keyid, register_trusted_key)
+ (update_ownertrust): Call functions with tdb_.
+
+2014-02-26 Werner Koch <wk@gnupg.org>
+
+ common: Replace all macros in strusage() returned strings.
+ + commit 0f38c87f427a155ab5684e18e3b73956f81edfab
+ * common/argparse.c (writechar): Remove.
+ (writestrings): Simplify.
+ (strusage): Use map_static_macro_string.
+
+ common: New function map_static_macro_string.
+ + commit c72762f9acf3eef5c466ba76e895d7654df12ff7
+ * common/mapstrings.c: New.
+ * common/t-mapstrings.c: New.
+ * common/t-support.h (DIM, DIMof): Define if not defined.
+ * common/Makefile.am: Add new files.
+
+ common: New function get_membuf_shrink.
+ + commit 556562086acd2bc2f8e3aa3126ebf155715e042b
+ * common/membuf.c (get_membuf_shrink): New.
+
+ agent: Fixed unresolved symbol under Windows.
+ + commit 55c3e5f448c26360eda31e05b1f62249119f73d9
+ * agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/.
+
+ common: Require an installed libiconv.
+ + commit 380a2aa18e0c048cfefa1cb4102dfbf902a1962b
+ * common/utf8conv.c: Remove dynload.h.
+ (load_libiconv): Remove. Remove all calls to it.
+
+2014-02-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Silent more compiler warnings due to some configure options.
+ + commit 47e6b6bad1dff493f4102a5549a7bb54466684c2
+ * g10/keygen.c (generate_keypair, gen_card_key)
+ (gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
+
+ tests: Avoid segv if dns cert lookup is not configured.
+ + commit 672f4aeba8bf55839911e1fe805af6b2873853f7
+ * common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args.
+
+ gpg: Cleanup compiler warnings due to some configure options.
+ + commit 7901c5c2a3b7b24e9a4eaab590b0a54e9695c3e4
+ * g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
+ unused.
+ * tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
+ not configured.
+
+ gpg: Allow building without any trust model support.
+ + commit 62fb86c6589f7f74dad4741db31b3aefa0848420
+ * configure.ac: Add option --disable-trust-models
+ (NO_TRUST_MODELS): New ac_define and am_conditional.
+ * g10/Makefile.am (trust_source): New.
+ (gpg2_SOURCES): Factor some files out to above. Add trust.c.
+ * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
+ --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
+ --list-trustdb, --trustdb-name, --auto-check-trustdb,
+ --no-auto-check-trustdb, and --force-ownertrust.
+ (parse_trust_model) [NO_TRUST_MODELS]: Do not build.
+ (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
+ trustdb related option code.
+ * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
+ "enable", and "disable".
+ * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
+ "tru" record.
+
+ * g10/trust.c: New.
+ * g10/trustdb.c (struct key_item): Move to trustdb.h.
+ (register_trusted_keyid): Rename to tdb_register_trusted_keyid.
+ (register_trusted_key): Rename to tdb_register_trusted_key.
+ (trust_letter, uid_trust_string_fixed, trust_value_to_string)
+ (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
+ (get_ownertrust_string, get_validity_info, get_validity_string)
+ (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
+ (mark_usable_uid_certs): Move to trust.c and make global.
+ (is_in_klist): Move as inline to trustdb.h.
+ (trustdb_check_or_update): Rename to tdb_check_or_update
+ (revalidation_mark): Rename to tdb_revalidation_mark.
+ (get_ownertrust): Rename to tdb_get_ownertrust.
+ (get_min_ownertrust): Rename to tdb_get_min_ownertrust.
+ (update_ownertrust): Rename to tdb_update_ownertrust.
+ (clear_ownertrusts): Rename to tdb_clear_ownertrusts.
+ (cache_disabled_value): Rename to tdb_cache_disabled_value.
+ (check_trustdb_stale): Rename to tdb_check_trustdb_stale.
+ (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
+ factor some code out to ...
+ * trust.c (get_validity): ...new.
+ (check_or_update_trustdb): New wrapper.
+ (revalidation_mark): New wrapper.
+ (get_ownertrust): New wrapper.
+ (get_ownertrust_with_min): New wrapper.
+ (update_ownertrust): New wrapper.
+ (clear_ownertrusts): New wrapper.
+ (cache_disabled_value): New wrapper.
+ (check_trustdb_stale): New wrapper.
+
+ * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
+ of --always-trust.
+
+ tests: Handle disabled algorithms.
+ + commit ea7f895319e89150e5613b6d20f21410f99d6f22
+ * tests/openpgp/mds.test: Skip disabled algorithms.
+ * tests/openpgp/signencrypt-dsa.test: Ditto.
+ * tests/openpgp/sigs-dsa.test: Ditto.
+
+2014-02-07 Werner Koch <wk@gnupg.org>
+
+ Silence annoying ABI change warning.
+ + commit 111f082487dc7a2a50375e24203de31b000e0dea
+ * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc
+ option tests for gcc >= 4.6
+
+ Allow disabling of card support.
+ + commit 8e0ba4ecd3897c748ac2f06028406604ae7baced
+ * configure.ac: Add option --disable-card-support. Also add
+ am_conditional and do not build scd if card support is enabled.
+
+ gpg: List only available algos in --gen-key.
+ + commit 357b142e7225e5c7f1e0f9768f48e833d5804b6a
+ * g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.
+
+ gpg: Change --print-mds to output enabled OpenPGP algos.
+ + commit 54a11729fb71ba06e318fe229d0a230686ed4dc8
+ * g10/gpg.c (print_mds): Use opengpg_md_test_algo. Test also for MD5
+ availibility.
+
+ gpg: Avoid compiler warnings for disabled algos.
+ + commit aa76a1660613ece3fc0d774856abcbe0bb158300
+ * g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo.
+ (openpgp_pk_test_algo2): Ditto.
+ (map_md_openpgp_to_gcry): Ditto.
+
+2014-02-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Change format for the key size in --list-key and --edit-key.
+ + commit 2c814806d759e5cf611200e8210137cf8502a672
+ * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
+ * g10/options.h (struct opt): Add field legacy_list_mode.
+ * g10/keydb.h (PUBKEY_STRING_SIZE): New.
+ * g10/keyid.c (pubkey_string): New.
+ * g10/import.c (import_one, import_secret_one): Use pubkey_string.
+ * g10/keylist.c (print_seckey_info): Ditto.
+ (print_pubkey_info, print_card_key_info): Ditto.
+ (list_keyblock_print): Ditto.
+ * g10/mainproc.c (list_node): Ditto.
+ * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
+ * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
+ format.
+ (show_basic_key_info): Ditto.
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
+ (openpgp_oid_to_curve): Downcase "ed25519"
+
+2014-01-31 Werner Koch <wk@gnupg.org>
+
+ gpg: Add configure options to disable algorithms.
+ + commit 2ba818de1aa311ba8eb27012d69e93dd16e7d4ed
+ * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
+ * configure.ac: Add --enable-gpg-* options to disable non MUS
+ algorithms.
+ * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
+ (openpgp_pk_test_algo2): Ditto.
+ (map_md_openpgp_to_gcry): Ditto.
+ (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
+
+ gpg: Improve --version algo info output.
+ + commit 71540d40414dc8b304b45dc476e5e5650a2db20a
+ * g10/misc.c (openpgp_pk_algo_name): Return a different string for
+ each ECC algorithm.
+ * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the
+ different algo type enums.
+ (build_list_pk_algo_name): Ditto.
+ (build_list_cipher_test_algo): Ditto.
+ (build_list_cipher_algo_name): Ditto.
+ (build_list_md_test_algo): Ditto.
+ (build_list_md_algo_name): Ditto.
+ (my_strusage): Use them.
+ (list_config): Ditto. Add "pubkeyname".
+ (build_list): Add letter==1 hack.
+
+ gpg: Start using OpenPGP digest algo ids.
+ + commit bf50604a0d50b974c1d4b8ccf5d774489f996cae
+ * g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg.
+ (print_cipher_algo_note): Ditto.
+ (print_digest_algo_note): Ditto.
+ (map_md_openpgp_to_gcry): New.
+ (openpgp_md_test_algo): Rewrite.
+ (openpgp_md_algo_name): Rewrite to do without Libgcrypt.
+ * g10/cpr.c (write_status_begin_signing): Remove hardwired list of
+ algo ranges.
+
+ gpg: Use only OpenPGP cipher algo ids.
+ + commit 16a6311adefff0139056714521214f845315b7f8
+ * g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
+ use enums for the arg and return value.
+ (map_cipher_gcry_to_openpgp): Ditto.
+ (openpgp_cipher_blocklen): Use constant macros.
+ (openpgp_cipher_test_algo): Use mapping function and prepare to
+ disable algorithms.
+ (openpgp_cipher_algo_name): Do not use Libgcrypt.
+
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
+ CGRY_CIPHER_* by CIPHER_ALGO_*.
+
+ * common/openpgpdefs.h (cipher_algo_t): Remove unused
+ CIPHER_ALGO_DUMMY.
+
+2014-01-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
+ + commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
+ * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
+ string.
+ * g10/keygen.c (check_keygrip): Adjust for change.
+ * sm/certreqgen-ui.c (check_keygrip): Likewise.
+
+ * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
+
+ * g10/misc.c (map_pk_openpgp_to_gcry): Remove.
+ (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
+ (openpgp_pk_test_algo2): Rewrite.
+ (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
+ (openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
+ (pubkey_get_npkey, pubkey_get_nskey): Ditto.
+ (pubkey_get_nsig, pubkey_get_nenc): Ditto.
+ * g10/keygen.c(do_create_from_keygrip): Support EdDSA.
+ (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
+ * g10/build-packet.c (do_key): Ditto.
+ * g10/export.c (transfer_format_to_openpgp): Ditto.
+ * g10/getkey.c (cache_public_key): Ditto.
+ * g10/import.c (transfer_secret_keys): Ditto.
+ * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
+ * g10/mainproc.c (proc_pubkey_enc): Ditto.
+ * g10/parse-packet.c (parse_key): Ditto,
+ * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
+ * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
+ * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
+ OpenPGP algo ids and support EdDSA.
+ * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
+ * g10/seskey.c (encode_md_value): Ditto.
+
+2014-01-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove cipher.h and put algo ids into a common file.
+ + commit ea8a1685f75d27f5277d42ea7390ad5aeaf51b1f
+ * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
+ (compress_algo_t): New.
+ * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
+ * g10/cipher.h (DEK): Move to ...
+ * g10/dek.h: new file.
+ * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
+ (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
+ (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
+ (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
+ * g10/packet.h: here.
+ * g10/cipher.h: Remove. Remove from all files.
+ * g10/filter.h, g10/packet.h: Include dek.h.
+ * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h.
+
+ include: Remove this directory.
+ + commit 25b4c2acbd01f9b4c2c364f44c53b73498ed8469
+ * include/cipher.h: Move to ...
+ * g10/cipher.h: here.
+ * agent/gpg-agent.c: Adjust header file name.
+
+ * include/host2net.h: Move to ...
+ * common/host2net.h: here. Change license to LGPLv3/GPLv2. Adjust
+ notices to reflect that only me worked on that file.
+
+ * include/types.h: Remove.
+ * common/types.h: Include inttypes.h. Add byte typedef and comments
+ for __riscos__.
+ * common/iobuf.h: Adjust header file name.
+
+ * include/_regex.h: Remove this unused file.
+
+ * include/Makefile.am: Remove.
+ * Makefile.am (SUBDIRS): Remove "include".
+ * configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
+ * include/ChangeLog-2011: Move to ...
+ * common/ChangeLog-2011.include: here.
+ * common/Makefile.am (EXTRA_DIST): Add file.
+
+ * include/zlib-riscos.h: Move this repo only file to ...
+ * g10/zlib-riscos.h: here.
+
+ * include/: Remove.
+
+2014-01-17 Werner Koch <wk@gnupg.org>
+
+ Remove unused u64 type definitions.
+ + commit 362a30d8c2f529cd44687066f9c33cab7b43bedc
+ * configure.ac: Remove check for uint64 and UINT64_C.
+ * include/types.h: Remove u64 stuff.
+ * common/types.h: Ditto.
+
+2014-01-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Not remove SSH socket when already running.
+ + commit 0ee66a6f66d7389e381fffa5f9eedbc8de9add10
+ * agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
+ removal of the socket when it will die in create_server_socket for
+ socket_name.
+
+ agent: Fix agent_is_eddsa_key.
+ + commit 9c731bbedfd8bded5efd886304c5ca6655768c45
+ * agent/findkey.c (agent_is_eddsa_key): Implemented.
+
+2014-01-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add secp256k1.
+ + commit c5e41f539b9a21cbad10c7dae95572a4445d31c3
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
+ (openpgp_oid_to_curve): Likewise.
+
+ * g10/keygen.c (ask_curve): Add secp256k1.
+
+2014-01-10 Werner Koch <wk@gnupg.org>
+
+ autogen.sh: Add rule for 64 bit windows.
+ + commit aedfa95bcc49156f2bc6ae5d0f385705d4fbdd32
+
+
+ Turn autogen.sh into a generic script.
+ + commit e7973d36d88178b4b0a977e3fcc0d62600777618
+ * autogen.sh: Revamp.
+ * autogen.rc: New.
+ * Makefile.am (EXTRA_DIST): Add autogen.rc.
+
+ Rename scripts/ to build-aux/
+ + commit 99a48b2fcdf7c33fe553511c12f2ebb8eea5c634
+ * scripts/: Rename to build-aux/
+ * Makefile.am: Adjust accordingly.
+ * configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux.
+
+2014-01-09 Werner Koch <wk@gnupg.org>
+
+ Improve the speedo make script.
+ + commit a55ffb9da9a844bd2bd73a4a2ea65bf18b21c57f
+ * scripts/gpg-w32-dev/README: Remove
+ * scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
+ Merge into ..
+ * scripts/speedo.mk: this.
+
+ gpgsplit: Allow building without zlib support.
+ + commit 00d5d2204cefb0f4b953e0c00448f16aab2d39c7
+ * tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
+ (handle_zlib): Build only if HAVE_ZLIB is defined.
+ (write_part): Support zlib and zip only if HAVE_ZLIB is defined.
+
+ w32: Fix backslash quoting in registry name.
+ + commit fa318406c9bdb60aee1e1b410e4c9e0b3eb1392e
+ * configure.ac (GNUPG_REGISTRY_DIR): Double backslashes.
+
+ Fix test for zlib.
+ + commit 477aabaf753f987987f7a2e1f999a499ea3bd103
+ * configure.ac (HAVE_ZLIB): Define only if found.
+
+ Add --enable-silent-rules stuff.
+ + commit aba53e9f96d0c9b270edef0806976a56326249c4
+ * configure.ac: Add AM_SILENT_RULES.
+
+2014-01-08 Werner Koch <wk@gnupg.org>
+
+ w32: Add macro for the registry key.
+ + commit 75ba215ebd8be7e14b26bb53ef3c7d41e4ce1e02
+ * configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define.
+ * common/homedir.c (default_homedir): Use it.
+ * common/logging.c (do_logv): Use it.
+
+2013-12-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Change --show-session-key to print the session key earlier.
+ + commit 101a54add351ff62793cbfbf3877787c4791f833
+ * g10/cpr.c (write_status_strings): New.
+ (write_status_text): Replace code by a call to write_status_strings.
+ * g10/mainproc.c (proc_encrypted): Remove show_session_key code.
+ * g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
+
+2013-12-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Change OID of Ed25519 and add Brainpool oids.
+ + commit 59207a86e5f40c77fed296b642bf76692e8eef65
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
+ Ed25519. Add brainpool OIDs.
+ (openpgp_oid_to_curve): Ditto.
+
+2013-11-29 Werner Koch <wk@gnupg.org>
+
+ common: Add put_membuf_printf.
+ + commit 159d42ee6ab21d97f40ee129445f37209b875739
+ * common/membuf.c (put_membuf_printf): New.
+
+2013-11-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Change armor Version header to emit only the major version.
+ + commit e951782e937ce290be0d89d83e84b3daea997587
+ * g10/options.h (opt): Rename field no_version to emit_version.
+ * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version
+ to bump up opt.emit_version.
+ * g10/armor.c (armor_filter): Implement different --emit-version
+ values.
+
+2013-11-18 Werner Koch <wk@gnupg.org>
+
+ Make use of the *_NAME etc macros.
+ + commit cc9a0b69b698ba436eaf777e5020532845b56236
+ Replace hardwired strings at many places with new macros from config.h
+ and use the new strusage macro replacement feature.
+
+ * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
+ sentinels.
+ * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
+
+ Add strusage macro replacement feature.
+ + commit 798daaa1ddf73f64cf840fbdc1f4c5b9c4b4ec13
+ * common/argparse.c (writechar): New.
+ (writestrings): Add macro replacement feature.
+ (show_help): Remove specialized @EMAIL@ replacement.
+ * configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define.
+ (GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define.
+ (GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define.
+ (GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define.
+ (DIRMNGR_SOCK_NAME): Define.
+
+2013-11-15 Werner Koch <wk@gnupg.org>
+
+ kbx: Implement update operation for OpenPGP keyblocks.
+ + commit 5499942571a88a1223a7318992605c6d29858866
+ * kbx/keybox-update.c (keybox_update_keyblock): Implement.
+ * kbx/keybox-search.c (get_blob_flags): Move to ...
+ * kbx/keybox-defs.h (blob_get_type): here.
+ * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
+ * g10/keydb.c (build_keyblock_image): Allow calling without
+ R_SIGSTATUS.
+ (keydb_update_keyblock): Implement for keybox.
+
+ * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
+ size. Print "does not expire" also on 64 bit platforms.
+
+ gpg: Rework ECC support and add experimental support for Ed25519.
+ + commit 402aa0f94854bb00475c934be5ca6043a4632126
+ * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
+ (agent_is_dsa_key): Ditto.
+ (agent_is_eddsa_key): New. Not finished, though.
+ * agent/pksign.c (do_encode_eddsa): New.
+ (agent_pksign_do): Use gcry_log_debug functions.
+ * agent/protect.c (agent_protect): Parse a flags parameter.
+ * g10/keygen.c (gpg_curve_to_oid): Move to ...
+ * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
+ (oid_ed25519): New.
+ (openpgp_oid_is_ed25519): New.
+ (openpgp_oid_to_curve): New.
+ * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
+ * g10/build-packet.c (gpg_mpi_write): Write the length header also for
+ opaque MPIs.
+ (gpg_mpi_write_nohdr): New.
+ (do_key): Use gpg_mpi_write_nohdr depending on algorithm.
+ (do_pubkey_enc): Ditto.
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
+ gpg_mpi_write_nohdr.
+ * g10/export.c (transfer_format_to_openpgp):
+ * g10/keygen.c (ecckey_from_sexp): Return the error.
+ (gen_ecc): Repalce arg NBITS by CURVE.
+ (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
+ (ask_curve): New.
+ (generate_keypair, generate_subkeypair): Use ask_curve.
+ (do_generate_keypair): Also pass curve name.
+ * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
+ curve name.
+ * g10/parse-packet.c (mpi_read): Remove workaround for
+ Libcgrypt < 1.5.
+ (parse_key): Fix ECC case. Print the curve name.
+ * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
+ (pk_verify, pk_check_secret_key): Add special case for Ed25519.
+ * g10/seskey.c (encode_md_value): Ditto.
+ * g10/sign.c (do_sign, hash_for, sign_file): Ditto.
+
+ kbx: Fix possible segv in kbxdump.
+ + commit 9ae48b173c93f4747a9826beb1fbd023c4362c22
+ * kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.
+
+ Require Libgcrypt 1.6.
+ + commit b27161cd0c76ae6e2381f60c3a502cde3a2aaa21
+ * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
+
+2013-11-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: more pinpad input fix for PC/SC.
+ + commit abd922e79b2ff63a5a763a30d4a06a91f93d0b12
+ * scd/apdu.c (check_pcsc_pinpad): Set default values here.
+ (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
+ values, as it's too late.
+
+2013-11-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: more pinpad fix.
+ + commit 037dea9dd5eac7a74df0e12cb437e71fb0732afa
+ * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
+ those are specified.
+ (pcsc_pinpad_modify): Remove old check code.
+
+2013-10-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: pinpad fix for PC/SC on Windows.
+ + commit 32989ad2b152d18198d718bc2c7232ce3e79c72f
+ * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
+
+2013-10-28 Werner Koch <wk@gnupg.org>
+
+ doc: Change yat2m to allow arbitrary condition names.
+ + commit a15c35f37ed2b58805adc213029998aa3e52f038
+ * doc/yat2m.c (MAX_CONDITION_NESTING): New.
+ (gpgone_defined): Remove.
+ (condition_s, condition_stack, condition_stack_idx): New.
+ (cond_is_active, cond_in_verbatim): New.
+ (add_predefined_macro, set_macro, macro_set_p): New.
+ (evaluate_conditions, push_condition, pop_condition): New.
+ (parse_file): Rewrite to use the condition stack.
+ (top_parse_file): Set prefined macros.
+ (main): Change -D to define arbitrary macros.
+
+2013-10-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: fix pinpad input on Windows.
+ + commit de7e15c6b80164a351586e9087aad86420c8b89e
+ * scd/apdu.c (open_pcsc_reader_direct): Don't call
+ pcsc_vendor_specific_init here, but...
+ (connect_pcsc_card): Call it here.
+
+2013-10-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese translation.
+ + commit b66158cac7347e4c56c79ab7b5416ae5b3f4a0a2
+
+
+2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: add pinpad readers information for PC/SC service.
+ + commit 5efcc2b8fee8de31d255d09037f0a1e6209eab32
+ * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
+ ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
+ Advance.
+
+2013-10-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: remove pin length check.
+ + commit e0ab665a792ada6470cb8885b8427acc3c960998
+ * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
+ length.
+
+2013-10-04 Werner Koch <wk@gnupg.org>
+
+ gpg: Limit the nesting level of I/O filters.
+ + commit e6175055fbca958b7fa43aaf84359574ca7f3ebb
+ * common/iobuf.c (MAX_NESTING_FILTER): New.
+ (iobuf_push_filter2): Limit the nesting level.
+
+ * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
+ and ANY_SIG_SIGN to bit fields of ANY. Add bit field
+ UNCOMPRESS_FAILED.
+ (proc_compressed): Avoid printing multiple Bad Data messages.
+ (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
+
+2013-10-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix bug with deeply nested compressed packets.
+ + commit 0899f6d4be0406c9efbf9c3f342825804f359b5a
+ * g10/mainproc.c (MAX_NESTING_DEPTH): New.
+ (proc_compressed): Return an error code.
+ (check_nesting): New.
+ (do_proc_packets): Check packet nesting depth. Handle errors from
+ check_compressed.
+
+2013-09-08 Werner Koch <wk@gnupg.org>
+
+ Switch to deterministic DSA.
+ + commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd
+ * agent/pksign.c (rfc6979_hash_algo_string): New.
+ (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
+
+2013-08-30 Werner Koch <wk@gnupg.org>
+
+ scd: Suppress gcc warning about possible uninitialized use.
+ + commit 244587ea41d4c75cb5570356f09a6705864a7e8d
+ * scd/app-nks.c (parse_pwidstr): Always init r_pwid.
+
+ gpg: Use 2048 as the default keysize in batch mode.
+ + commit 4c3b35b067a4e7002bb6473b879b551014bb7857
+ * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
+ 2048.
+
+ gpgtar: Fix building for systems with a separate libintl.
+ + commit 12990efb45ee7c425167aad19fe759d5609c5182
+ * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV.
+
+ scd: Use vendor and product id macros also in apdu.c.
+ + commit fc31d730d8506b069de1d3529ed26660856bf07f
+ * scd/ccid-driver.c: Move vendor and product ids to ...
+ * scd/ccid-driver.h: here.
+ * scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
+ (pcsc_vendor_specific_init): Use vendor and product id macros.
+
+2013-08-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: PC/SC pinpad input improvement.
+ + commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1
+ * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
+ PINPAD_VERLEN_SUPPORTED.
+ (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
+ PCSCv2_PART10_PROPERTY_*): New.
+ (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
+ (pcsc_vendor_specific_init): New.
+ (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
+ pcsc_vendor_specific_init.
+ (check_pcsc_pinpad): Not detect here but use the result of
+ pcsc_vendor_specific_init.
+ (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.
+
+2013-08-29 Jonas Borgström <jonas@borgstrom.se>
+
+ scd: add support for RSA_CRT and RSA_CRT_N key import.
+ + commit cc67918c088e90c1d9a507af5f6288e8faa93d87
+ * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
+
+2013-08-29 Werner Koch <wk@gnupg.org>
+
+ kbx: Add a few macros for easier readability.
+ + commit 3adfaa9beee4502479b5673c7dfd386680a920c5
+ * kbx/keybox-update.c (FILECOPY_INSERT)
+ (FILECOPY_DELETE, FILECOPY_UPDATE): New macros. Replace numbers by
+ them.
+
+2013-08-28 Werner Koch <wk@gnupg.org>
+
+ Fix commit 04e2c83f.
+ + commit fdbf76eee6a4e81b040d423926b71af7b491fb4a
+ * agent/command-ssh.c (stream_read_string): Do not assign to a NULL
+ ptr.
+
+ gpg: Make decryption with the OpenPGP card work.
+ + commit 780ba3233618393835970bac4cf8aab713f4d7fa
+ * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
+ * scd/app-openpgp.c (do_decipher): Add arg R_INFO.
+ * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
+ * scd/app.c (app_decipher): Add arg R_INFO.
+ * scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
+ * agent/call-scd.c (padding_info_cb): New.
+ (agent_card_pkdecrypt): Add arg R_PADDING.
+ * agent/divert-scd.c (divert_pkdecrypt): Ditto.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
+ * agent/command.c (cmd_pkdecrypt): Print status line "PADDING".
+ * g10/call-agent.c (padding_info_cb): New.
+ (agent_pkdecrypt): Add arg R_PADDING.
+ * g10/pubkey-enc.c (get_it): Use padding info.
+
+ agent: Fix two compiler warnings.
+ + commit 04e2c83f189cc56342e1be784bdc63761ccdb5bb
+ * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
+ in format string.
+ * scd/ccid-driver.c (ccid_get_atr): Ditto.
+ * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
+ avoid maybe_unitialized warning.
+
+2013-08-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: fix parsing login-data DO.
+ + commit b6d54f1196d5f110fd94dfd661e74dbc60ca9811
+ * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing.
+
+ scd: fix Vega for Alpha reader.
+ + commit 54cbab29c700db2df74e808f16db49170e6c42f1
+ * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
+ and size of command.
+
+2013-08-21 Werner Koch <wk@gnupg.org>
+
+ scd: Make SPRx32 pinpad work with PC/SC on Windows.
+ + commit 5c5e52df4b92e23045ac87abac09357de58920d4
+ * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
+ (SCARD_CTL_CODE): Define if not defined.
+ (reader_table_s): Add is_spr532.
+ (new_reader_slot): Clear it.
+ (check_pcsc_pinpad): Set it.
+ (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
+
+ scd: Improve --enable-pinpad-varlen.
+ + commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b
+ * tools/gpgconf-comp.c (gc_options_scdaemon): Add
+ enable-pinpad-varlen.
+ * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.
+
+2013-08-08 Werner Koch <wk@gnupg.org>
+
+ agent: Extend cmd KEYINFO to return data from sshcontrol.
+ + commit 50c98c7ed6b542857ee2f902eca36cda37407737
+ * agent/command-ssh.c (struct control_file_s): Rename to
+ ssh_control_file_s.
+ (ssh_open_control_file, ssh_close_control_file)
+ (ssh_read_control_file, ssh_search_control_file): New.
+ (control_file_t): Rename and move to ...
+ * agent/agent.h (ssh_control_file_t): here.
+ * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
+ and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend
+ output.
+ (cmd_keyinfo): Add options --ssh-list and --with-ssh.
+
+2013-08-02 Werner Koch <wk@gnupg.org>
+
+ gpg: No need to create a trustdb when encrypting with --always-trust.
+ + commit 498b9a95dc65c43240835d64cc92d8fb43014d53
+ * g10/gpg.c (main): Special case setup_trustdb for --encrypt.
+
+2013-08-01 Werner Koch <wk@gnupg.org>
+
+ w32: Fix recent patch 9ff72e4.
+ + commit ca6fe88c0068f8d45ef39df0fc7b161998a91fe9
+ * common/homedir.c (check_portable_app): Fix the name of the control
+ file.
+
+ agent: Include missing prototype.
+ + commit ef6a6d973c2bcc54006c04dc41f978ff01005c97
+ * agent/protect.c: Include cvt-openpgp.h.
+
+ w32: Add code to support a portable use of GnuPG.
+ + commit 9ff72e4e7e4f56c241a525479a94ed4c95efc23f
+ * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
+ (check_portable_app) [W32]: New.
+ (standard_homedir, default_homedir) [W32]: Support the portable flag.
+ (w32_rootdir, w32_commondir) [W32]: Ditto.
+ (gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
+ * common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
+ * common/logging.c (no_registry): New variable.
+ (log_set_prefix, log_get_prefix): Set/get that variable.
+ (do_logv): Do not check the registry if that variable is set.
+
+ Silence compiler warning about deprecated Libgcrypt symbols.
+ + commit db4651734fe91935b17876dc9194329b00066eff
+ * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
+
+ dirmngr: Define missing LDAP constant.
+ + commit ef2e2e54020c3475bf2129c3ec8360c7bad3a6c9
+ * dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.
+
+ scd: Fix a syntax error for Apple and Windows.
+ + commit 25b0357bf0a4861a751cfbc3e0335ae05c8b2b1b
+ * scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.
+
+ common: Fix a build error when using adns.
+ + commit ffa7472db551f12f66b9789c31fabb5fc80cc13a
+ * common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
+
+2013-07-31 Werner Koch <wk@gnupg.org>
+
+ common: Comment out unused code.
+ + commit f101f34fffee4a02e7a5f62b59667e45e50e8325
+ * common/w32-reg.c (write_w32_registry_string): Comment out.
+
+ dirmngr: Remove unused file.
+ + commit 2830fcb83c99289a49da0e111766daf2d9a1fa3b
+ * dirmngr/get-path.c: Remove.
+
+2013-06-27 Werner Koch <wk@gnupg.org>
+
+ sm: Remove cruft from source files.
+ + commit f254497e09fa4e0e24e63d14f7316fc31c938844
+ * sm/keydb.c, sm/keydb.h: Remove disabled code parts.
+
+ Prepare for newer automake versions.
+ + commit 043e2728c813299fafcf62cd125ecf872b26179e
+ * configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
+ option form. Add options from the top Makefile.
+ (AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
+ * Makefile.am (AUTOMAKE_OPTIONS): Remove.
+
+ * kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some
+ AM_CPPFLAGS options to AM_CFLAGS.
+
+2013-06-26 Werner Koch <wk@gnupg.org>
+
+ Fix Makefile regression.
+ + commit 136f190a2f20c6ec4d5c3ca3ac7f0440c14e4dc2
+ * agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
+ resolve conflict 2013-04-25.
+ (gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
+ (gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
+
+2013-05-22 Werner Koch <wk@gnupg.org>
+
+ Implement unattended OpenPGP secret key import.
+ + commit 7777e68d0482c942f527e91c04adbcfb40bc8bef
+ * agent/command.c (cmd_import_key): Add option --unattended.
+ * agent/cvt-openpgp.c (convert_transfer_key): New.
+ (do_unprotect): Factor some code out to ...
+ (prepare_unprotect): new function.
+ (convert_from_openpgp): Factor all code out to ...
+ (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement
+ openpgp-native protection modes.
+ (convert_from_openpgp_native): New.
+ * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
+ * agent/protect-tool.c (convert_from_openpgp_native): Ditto.
+ * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all
+ callers. Support openpgp-native protection.
+ * g10/call-agent.c (agent_import_key): Add arg 'unattended'.
+ * g10/import.c (transfer_secret_keys): Use unattended in batch mode.
+
+ New debug functions log_printcanon and log_printsexp.
+ + commit cb6a64bb78296c8e9f72df0c482ff847e89a1541
+ * common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
+ (log_printcanon, log_printsexp): New.
+
+ agent: Fix length detection of canonical formatted openpgp keys.
+ + commit 0f0e0559f9b160824f10dc17b389268cdb53aea4
+ * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
+ gcry_sexp_canon_len.
+
+ agent: New option --disable-check-own-socket.
+ + commit f2d8a14e1b12534eba69d595a62c78f92331e11b
+ * agent/gpg-agent.c (oDisableCheckOwnSocket): New.
+ (disable_check_own_socket): New.
+ (parse_rereadable_options): Set new option.
+ (check_own_socket): Implement new option.
+
+2013-05-07 Werner Koch <wk@gnupg.org>
+
+ w32: Add icons and version information.
+ + commit 88e24341e57c96e31a25e92e09d67989e64cc1c1
+ * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
+ * agent/gpg-agent-w32info.rc: New.
+ * g10/gpg-w32info.rc: New.
+ * scd/scdaemon-w32info.rc: New.
+ * sm/gpgsm-w32info.rc: New.
+ * tools/gpg-connect-agent-w32info.rc: New.
+ * common/w32info-rc.h.in: New.
+ * configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
+ (BUILD_HOSTNAME): New.
+ (AC_CONFIG_FILES): Add w32info-rc.h.
+ * am/cmacros.am (.rc.o): New rule.
+ * agent/Makefile.am, common/Makefile.am, g10/Makefile.am
+ * scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
+ build resource files.
+
+2013-05-07 Ian Abbott <abbotti@mev.co.uk>
+
+ doc: fix some Texinfo warnings.
+ + commit 2c3fc4719b92d9e3ac32efd134a930e1cc126032
+ * doc/gpg.texi: Fix syntax and add missing menu entries.
+ * doc/gpgsm.texi: Fix subsectioning.
+
+2013-04-22 Werner Koch <wk@gnupg.org>
+
+ Fix potential heap corruption in "gpg -v --version".
+ + commit 151b78cc26d728e9eb42620e0caf8c6f4bd7f839
+ * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
+ certain locales.
+
+2013-04-19 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Remove non-implemented commands from --help.
+ + commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c
+ * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
+ --send-keys, and --recv-keys.
+
+2013-04-19 Daiki Ueno <ueno@gnu.org>
+
+ Make sure to call fflush if estream_t is backed with stdio.
+ + commit e498180d5647d3427a7d7e6c82a9f09cf1ba439d
+ * common/estream.c (es_func_fp_write): Call fflush after fwrite.
+
+2013-04-19 Werner Koch <wk@gnupg.org>
+
+ doc: Formatting fixes.
+ + commit ff6115227a1ced14e2fb3d160a12181b9dfbc502
+ * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
+ * doc/gpg.texi: Fix cross reference for --options.
+ * doc/gpgsm.texi: Likewise.
+ * doc/gpl.texi: Fix enumerate and re-indent examples.
+
+2013-04-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: move SCDaemon to libexecdir.
+ + commit 021767d8aa11aac8ac87dc3a31969ee6cfa65966
+ * common/homedir.c (gnupg_module_name): It's now libexecdir.
+ * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
+ (bin_PROGRAMS): Remove scdaemon.
+
+2013-03-29 Werner Koch <wk@gnupg.org>
+
+ copyright assignments are not anymore required.
+ + commit 07227279c44e3af0939f90025a0d22b782d0f185
+
+
+2013-03-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: PC/SC status fix.
+ + commit 64b1a2cf6f18348544a2d2cd4d49fd27bf01c150
+ * scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
+ PCSC_STATE_PRESENT.
+
+ * scd/pcsc-wrapper.c (handle_status): Ditto.
+
+ scd: PC/SC cleanup (more).
+ + commit b9aceaa442914beb4f5359283053b43ba5a46b4c
+ * scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
+ (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
+ pcsc_dword_t.
+
+ scd: call update_card_removed only when detecting removal.
+ + commit 1062893832bb15eaac853f52e1cb673e5e03790a
+ * scd/command.c (update_reader_status_file): Add condition
+ vr->status == 0.
+
+2013-03-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: PC/SC cleanup.
+ + commit ee95c23fcdc6673db0fc7287ab2197915d9b55b3
+ * scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
+ when a word was 16-bit.
+ (struct reader_table_s): Fixes for types.
+ (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
+ Throughout: Fixes for types.
+
+ * scd/pcsc-wrapper.c: Likewise.
+
+2013-03-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Enable ja.po.
+ + commit a75a08d6e30e93e1793aa78a15d473a3ea7623cb
+ * po/LINGUAS: Enable ja.po.
+
+ scd: change default value of pinpad maxlen.
+ + commit ca66f5c779af74d0eb7221afd7a9707201931e50
+ * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
+ of maxlen for pinpad input is now 15 (was: 25).
+
+ * scd/ccid-driver.c (ccid_transceive_secure): Likewise.
+
+2013-03-20 Werner Koch <wk@gnupg.org>
+
+ Add code to allow for late memory cleanup.
+ + commit 2739834206f23833161898a73427b8a9c6d5d26d
+ * common/init.c (mem_cleanup_item_t): New.
+ (run_mem_cleanup): New.
+ (_init_common_subsystems): Add an atexit for it.
+ (register_mem_cleanup_func): New.
+
+ * g10/kbnode.c (cleanup_registered): New.
+ (release_unused_nodes): New.
+ (alloc_node): Call register_mem_cleanup_func.
+
+ kbx: Remove unused macro.
+ + commit 44159b681f8f09000fabfc3ee294d5821578d3a6
+ * kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro.
+
+2013-03-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Print indicator for unknown key capability.
+ + commit c4dbd1b2de8ae3847a040444e86500848868bcf4
+ * g10/keylist.c (print_capabilities): Print '?' for unknown usage.
+
+2013-03-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpg: Allow setting of all zero key flags.
+ + commit b693ec02c467696bf9d7324dd081e279f9965151
+ * g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
+
+2013-03-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Distinguish between missing and cleared key flags.
+ + commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf
+ * include/cipher.h (PUBKEY_USAGE_NONE): New.
+ * g10/getkey.c (parse_key_usage): Set new flag.
+
+2013-03-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: ccid-driver supporting larger APDU.
+ + commit 76dc5c08dc2686eef32e1bd221c60fe91201246f
+ * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
+ APDU.
+
+ scd: fix missing close paren.
+ + commit 006782068e4d2a9413770400494421a2e9726ee7
+ * scd/app-openpgp.c (du_auth): Fix.
+
+2013-03-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: support ECDSA signing.
+ + commit 73ad742deacfe2bf7d6efc7cc30f9ced2d83521a
+ * scd/app-openpgp.c (do_sign): Only prepend message digest block
+ for RSA or do_auth.
+ (do_auth): Remove message digest block for ECDSA.
+
+2013-03-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: support ECDSA public key.
+ + commit 010bc7f4f06d8affb98950e1adc76c68bfcc9abb
+ * scd/app-openpgp.c (key_type_t): New.
+ (CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
+ (struct app_local_s): Change keyattr to have key_type and union.
+ (get_ecc_key_parameters, get_curve_name): New.
+ (send_key_attr, get_public_key): Support ECDSA.
+ (build_privkey_template, do_writekey, do_genkey): Follow the change
+ of the member KEY_ATTR.
+ (parse_historical): New.
+ (parse_algorithm_attribute): Support ECDSA.
+
+2013-03-05 Werner Koch <wk@gnupg.org>
+
+ Require libgpg-error 1.11.
+ + commit 5bac5040dc93343e1e89916b263390b0e52040bf
+ * configure.ac: Require libgpg-error 1.11.
+ * common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
+ (GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.
+
+2013-02-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: pksign result conversion to sexp to upper layer.
+ + commit ef1983d58b913306e9bf02a7189e530123839c59
+ * agent/agent.h (divert_pksign): Add R_SIGLEN argument.
+ * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
+ * agent/call-scd.c (agent_card_pksign): Move composition of
+ S-expression to...
+ * agent/pksign.c (agent_pksign_do): ... here.
+
+2013-02-22 Werner Koch <wk@gnupg.org>
+
+ Use has_leading_keyword in the assuan callbacks.
+ + commit 585d5c62eece23911a768d97d11f159be138b13d
+ * agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
+ * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
+ * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
+ (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
+ * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
+ * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
+ (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
+ (keyinfo_status_cb, inq_import_key_parms): Ditto.
+ * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
+ (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
+
+ Remove some unused variables.
+ + commit c6b8f05517228c6aeab28d2bf5da7724c059bb1a
+ * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
+ used_components.
+ * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
+ * g13/g13.c (main): Comment variable of yet unimplemented options.
+
+ gpg: Fix a memory leak in batch key generation.
+ + commit 161674118d568025896026ede5e03d26bdfdfa68
+ * g10/keygen.c (append_to_parameter): New.
+ (proc_parameter_file): Use new func to extend the parameter list.
+
+ * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
+ gcry_kdf_derive failed.
+ * g10/keygen.c (proc_parameter_file): Print a diagnostic if
+ passphrase_to_dek failed.
+
+ gpg: Handle the agent's NEW_PASSPHRASE inquiry.
+ + commit baee681d2406530c45fd6d4bde77193ba23ac263
+ * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
+
+ common: Add func has_leading_keyword.
+ + commit 2838385e76c8c7108bc949d5a1d1c947051bd5be
+ * common/stringhelp.c (has_leading_keyword): New.
+
+ Remove build hacks for FreeBSD.
+ + commit 21f5a9ec27c0794141a835a5bb3c69495ee554a6
+ * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
+ LDFLAGS.
+
+2013-02-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: fix two bugs.
+ + commit 3c3648e720b8014828573bd708c88ba4775014e3
+ * agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
+ * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.
+
+ gpg: fix keytocard and support ECC card for key attribute.
+ + commit 7d376ffa321d4af6e62a2bc64ef2b8574b122b1a
+ * g10/call-agent.c (agent_keytocard): Supply PARM arg.
+ * g10/card-util.c (card_status): Support ECC.
+ (card_store_subkey): Don't assume RSA.
+
+2013-02-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a memory leak in batch key generation.
+ + commit 273bb38cd7b517460cb3de67662e96e910104675
+ * g10/keygen.c (append_to_parameter): New.
+ (proc_parameter_file): Use new func to extend the parameter list.
+
+ * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
+ gcry_kdf_derive failed.
+ * g10/keygen.c (proc_parameter_file): Print a diagnostic if
+ passphrase_to_dek failed.
+
+ gpg: Handle the agent's NEW_PASSPHRASE inquiry.
+ + commit 18a261b65fd77a9e434b13483ceaaaf2176f1197
+ * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
+
+ common: Add func has_leading_keyword.
+ + commit 4af0c62b15c51056dc293c8e3b907e7c41fbf08c
+ * common/stringhelp.c (has_leading_keyword): New.
+
+2013-02-20 Werner Koch <wk@gnupg.org>
+
+ Remove build hacks for FreeBSD.
+ + commit 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe
+ * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
+ LDFLAGS.
+
+2013-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Implement card_store_subkey again.
+ + commit b90506ea220860c89128f002bd593d0462a08d73
+ * g10/call-agent.h (agent_keytocard): New.
+ * g10/call-agent.c (agent_keytocard): New.
+ * g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
+ (card_generate_subkey): Check return value of replace_existing_key_p.
+ (card_store_subkey): Implement again using agent_keytocard.
+
+ agent: Add KEYTOCARD command.
+ + commit 30f8a3c8736451d8c06ef72521a8da5eabf23016
+ * agent/agent.h (divert_writekey, agent_card_writekey): New.
+ * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
+ * agent/command.c (cmd_keytocard, hlp_keytocard): New.
+ (register_commands): Add cmd_keytocard.
+ * agent/divert-scd.c (divert_writekey): New.
+
+ Japanese: update po and doc.
+ + commit 595ab0da666c43a1315a72a1346ee149998d8771
+ * doc/help.ja.txt, po/ja.po: Updated.
+
+2013-02-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Rename 'keypad' to 'pinpad'.
+ + commit 7253093addfd82a8dd25cd80e3ba820a85e3c9a7
+ * NEWS: Mention scd changes.
+
+ * agent/divert-scd.c (getpin_cb): Change message.
+
+ * agent/call-scd.c (inq_needpin): Change the protocol to
+ POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
+ * scd/command.c (pin_cb): Likewise.
+
+ * scd/apdu.c (struct reader_table_s): Rename member functions.
+ (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
+ check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
+ apdu_pinpad_verify, apdu_pinpad_modify): Rename.
+
+ * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
+ (apdu_pinpad_verify, apdu_pinpad_modify): Rename.
+
+ * scd/iso7816.h (iso7816_check_pinpad): Rename.
+
+ * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
+ (iso7816_check_pinpad): Rename.
+ (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
+ the change.
+
+ * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
+ * scd/ccid-driver.c (ccid_transceive_secure): Use it.
+
+ * scd/app-dinsig.c (verify_pin): Follow the change.
+ * scd/app-nks.c (verify_pin): Follow the change.
+
+ * scd/app-openpgp.c (check_pinpad_request): Rename.
+ (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
+ the change.
+
+ * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
+
+ * scd/scdaemon.h (opt): Rename to disable_pinpad,
+ enable_pinpad_varlen.
+
+ * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
+ disable-pinpad.
+
+2013-02-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Add pinentry-mode feature.
+ + commit 21feecd48f990b2569cb4b385dea3e57b9501525
+ * g10/gpg.c: Include shareddefs.h.
+ (main): Add option --pinentry-mode.
+ * g10/options.h (struct opt): Add field pinentry_mode.
+ * g10/passphrase.c: Include shareddefs.h.
+ (have_static_passphrase): Take care of loopback pinentry_mode.
+ (read_passphrase_from_fd): Ditto.
+ (get_static_passphrase): New.
+ (passphrase_to_dek_ext): Factor some code out to ...
+ (emit_status_need_passphrase): new.
+ * g10/call-agent.c (start_agent): Send the pinentry mode.
+ (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
+ proper error code.
+ (agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
+ (agent_pkdecrypt): Ditto.
+ * g10/pubkey-enc.c (get_it): Pass new args.
+ * g10/sign.c (do_sign): Pass new args.
+
+ * g10/call-agent.c (struct default_inq_parm_s): New. Change all
+ similar structs to reference this one. Change all users and inquire
+ callback to use this struct, instead of NULL or some undefined but not
+ used structs. This change will help to eventually get rid of global
+ variables.
+
+2013-02-06 Werner Koch <wk@gnupg.org>
+
+ agent: Move a typedef to common and provide parse_pinentry_mode.
+ + commit 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4
+ * common/agent-opt.c: New.
+ * common/shareddefs.h: New.
+ * common/Makefile.am: Add new files.
+ * agent/agent.h: Include shareddefs.h.
+ (pinentry_mode_t): Factor out to shareddefs.h.
+ * agent/command.c (option_handler): Use parse_pinentry_mode.
+
+ agent: Return a better error code if no passphrase was given.
+ + commit 4483a4f0ea030046137ba04905eb5220c14a2161
+ * agent/protect.c (hash_passphrase): Handle an empty passphrase.
+
+2013-02-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix check_keypad_request.
+ + commit c27315fc6466cceb862c9e67755a8e044e9b7688
+ * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
+
+ SCD: Add vendor specific initalization.
+ + commit e791ac6683bfb90d5e40c0103324784bd58535c9
+ * scd/ccid-driver.c (ccid_vendor_specific_init): New.
+ (ccid_open_reader): Call ccid_vendor_specific_init.
+
+ SCD: Support P=N format for login data.
+ + commit 0407e642f796fb2780a77b7a1a86731d0de27e5d
+ * scd/app-openpgp.c (parse_login_data): Support P=N format.
+
+ SCD: Better interoperability.
+ + commit bd5eded73a1268afdf81482f8408e5f640abf9c4
+ * scd/apdu.c: Fill bTeoPrologue[2] field.
+
+ SCD: Defaults to use pinpad if the reader has the capability.
+ + commit a9ff97a10f7ae5a703ed1bccba294473ecc88d5d
+ * scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
+ (parse_login_data): "P=0" means to disable pinpad.
+ (check_keypad_request): Default is to use pinpad if available.
+
+ SCD: handle keypad request on the card.
+ + commit 334ba6efa5a05d8849fae213128a0505e7615e13
+ * scd/app-openpgp.c: Add 2013.
+ (struct app_local_s): Add keypad structure.
+ (parse_login_data): Add parsing keypad request on the card.
+ (check_keypad_request): New.
+ (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
+ to determine use of keypad.
+
+ SCD: Minor fix of ccid-driver.
+ + commit d5bf83a24cf3871b7d8cfe61049f70e1e206d09a
+ * scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
+
+ SCD: Add support of Covadis VEGA_ALPHA reader.
+ + commit 82e1e837c29225cd55642b193cc04ce6191d19bb
+ * scd/ccid-driver.c: Add 2013.
+ (VENDER_VEGA, VEGA_ALPHA):New.
+ (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
+ Change bNumberMessage to 0x01, as it works better (was: 0xff).
+
+ SCD: Support fixed length PIN input for keypad (PC/SC).
+ + commit 3aae780f9debaeb3560ff866b7e09d0923481c57
+ * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
+ keypad.
+ (pcsc_keypad_modify): Likewise.
+ * scd/ccid-driver.c (ccid_transceive_secure): Clean up.
+
+ SCD: Support fixed length PIN input for keypad.
+ + commit 40a914a2e3052847b49c4b5e8ac8538e97efd18a
+ * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
+ * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
+ * scd/app-nks.c (verify_pin): Likewise.
+ * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
+ Likewise.
+ * scd/apdu.c (check_pcsc_keypad): Add comment.
+ (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
+ readers with the feature of variable length input (yet).
+ (apdu_check_keypad): Set FIXEDLEN.
+ * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
+ specific settings.
+ Support fixed length PIN input for keypad.
+
+ SCD: API cleanup for keypad handling.
+ + commit b526f6e223604b7c1852ef2aab9fc1ea691b1181
+ * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
+ Change meaning of MODE.
+ (pininfo_t): Rename from iso7816_pininfo_t.
+ * scd/sc-copykeys.c: Include "iso7816.h".
+ * scd/scdaemon.c, scd/command.c: Likewise.
+ * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
+ (ccid_transceive_secure): Follow the change of PININFO_T.
+ * scd/app.c: Include "apdu.h" after "iso7816.h".
+ * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
+ (iso7816_change_reference_data_kp): Follow the change of API.
+ * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
+ KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
+ (check_pcsc_keypad, check_ccid_keypad): Likewise.
+ (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
+ (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
+ (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
+ (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
+ (send_le): Follow the change of API.
+ * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
+ (apdu_keypad_modify): Change the API.
+ * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
+ change.
+
+ SCD: Clean up. Remove PADLEN for keypad input.
+ + commit ca89277cb4cb9558da97a71a4cb070cb77c9b536
+ * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
+ (struct reader_table_s): Remove last arg from check_keypad method.
+ (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
+ (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
+ (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
+ (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
+ Likewise.
+
+ * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
+ (apdu_keypad_modify): Remove PIN_PADLEN.
+
+ * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.
+
+ * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.
+
+ * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
+ (iso7816_change_reference_data_kp): Remove PADLEN.
+
+ * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
+
+ SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
+ + commit d9f6cc7502793ed41928042cc2f968c8c7effc22
+ * scd/scdaemon.h (opt): Add enable_keypad_varlen.
+ * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
+ (opts, main): Add oEnableKeypadVarlen.
+ * scd/ccid-driver.c (GEMPC_PINPAD): New.
+ (ccid_transceive_secure): Add enable_varlen handling.
+ Enable GEMPC_PINPAD.
+
+2013-01-30 Werner Koch <wk@gnupg.org>
+
+ Remove unused status codes.
+ + commit 50a7badbdacac8ba472b35090c1aab4568434d04
+ * common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
+ (STATUS_SIEXPIRED): Remove unused codes.
+
+ gpg: Add status line PINENTRY_LAUNCHED.
+ + commit 1cd6445eec4c3642ad92afb02f3563a01cc10c10
+ * common/status.h (STATUS_PINENTRY_LAUNCHED): New.
+ * g10/server.c (server_local_s): Add field allow_pinentry_notify.
+ (option_handler): Add option "allow-pinentry-notify".
+ (gpg_proxy_pinentry_notify): New.
+ * g10/call-agent.c (default_inq_cb): Factor code out to the new
+ function.
+
+2013-01-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix a bug of handling return code from npth_join.
+ + commit 19994466449a93704d38d429ca1ea36f63da0bf0
+ * agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
+ return code.
+
+2013-01-11 Christian Aistleitner <christian@quelltextlich.at>
+
+ gpg: Fix honoring --cert-digest-algo when recreating a cert.
+ + commit 60c58766aeb847b769372fa981f79abac6014500
+ * g10/sign.c (update_keysig_packet): Override original signature's
+ digest algo in hashed data and for hash computation.
+
+2013-01-11 Werner Koch <wk@gnupg.org>
+
+ Fix spurious cruft from configure summary output.
+ + commit 7a638c094fa1aa7ed1d9caf085af9980a2664d64
+ * configure.ac (build_scdaemon_extra): Remove $tmp cruft.
+
+2013-01-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ SCD: Hold lock for pinpad input.
+ + commit 4dddf32c83f52483d95d7770232e9e808558e702
+ * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
+ (apdu_keypad_modify): Hold lock to serialize communication.
+
+2013-01-08 Werner Koch <wk@gnupg.org>
+
+ kbx: Switch from MD5 to SHA-1 for the checksum.
+ + commit b11f84b858bad867f1062977a7aba30299157e90
+ * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
+ (create_blob_finish): Write just the needed space.
+ (create_blob_finish): Switch to SHA-1.
+ * kbx/keybox-dump.c (print_checksum): New.
+ (_keybox_dump_blob): Print the checksum and the verification status.
+
+ gpg: Cache keybox searches.
+ + commit 492792378dc7a79316ef742b2ffaa46c6cda282a
+ * common/iobuf.c (iobuf_seek): Fix for temp streams.
+ * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
+ * g10/keydb.c (dump_search_desc): New.
+ (enum_keyblock_states, struct keyblock_cache): New.
+ (keyblock_cache_clear): New.
+ (keydb_get_keyblock, keydb_search): Implement a keyblock cache.
+ (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
+ (keydb_rebuild_caches, keydb_search_reset): Clear the cache.
+
+ Make log_clock easier to read.
+ + commit 5c565512b8af73bee2a176530663154b9277ef1c
+ * common/logging.c (log_clock): Print in microseconds.
+
+ gpg: Remove a function wrapper.
+ + commit f3f5721e6843a08d1011875400f385b8cd5fe226
+ * g10/keydb.h (keydb_search): Remove macro.
+ * g10/keydb.c (keydb_search2): Rename to keydb_search. Change all
+ callers.
+
+2013-01-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ SCD: Support not-so-smart card readers.
+ + commit a776f660363d20b6cc023609c4547e0aa8825d97
+ * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
+ auto_param, and auto_pps.
+ (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
+ Support non-autoconf readers.
+ (update_param_by_atr): New.
+ (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
+ Use 0x10 when nonnull_nad for SetParameters.
+ Call update_param_by_atr for parsing ATR, and use param for
+ SetParameters.
+ Send PPS if reader requires it and card is negotiable.
+ When bNadValue in the return values of SetParameters == 0,
+ clear handle->nonnull_nad flag.
+
+2013-01-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Set the node flags while retrieving a keyblock.
+ + commit f6d7b3f1ee5eed32bc3257c99cb878091d26c482
+ * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and
+ set the note flags accordingly.
+ (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image.
+ * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part)
+ (blob_cmp_name, blob_cmp_mail): Return the key/user number.
+ (keybox_search): Set the key and user number into the found struct.
+ (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from
+ the found struct.
+
+ New function log_clock.
+ + commit 0baedfd25a4bdc6c8e7aefbd67006b063e2dc33f
+ * common/logging.c (log_clock): New.
+ * g10/gpg.c (set_debug): Print clock debug flag.
+ * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
+
+ gpg: Allow searching for user ids in a keybox.
+ + commit fb31462e7e92d4b19256e6fd40b1b6ffcef2676c
+ * kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP
+ use. Change callers.
+ (blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP.
+ Chnage callers.
+ (has_subject_or_alt): Rename to has_username.
+ (has_username): Allow blobtype PGP.
+ (has_mail): Ditto.
+
+ gpg: Allow generation of more than 4096 keys in one run.
+ + commit 7d00e52bd58d9e40c18dcc0122b2c236ef3318f5
+ * g10/getkey.c (cache_public_key): Make room in the cache if needed.
+
+2013-01-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ Update Japanese Translation.
+ + commit bb51edc31e6595e38fcbd91d470de57d3a1a7150
+ * po/ja.po: Fix wrong translations for designated revocation.
+ Reported by Hideki Saito.
+
+ Conflicts:
+ po/ja.po
+
+2013-01-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ Update Japanese Translation.
+ + commit 05a4458e5721a0afd600f0ec908e739fa83d58f2
+ * po/ja.po: Fix fuzzy translations.
+
+2013-01-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ Update Japanese Translation.
+ + commit 709a8f8125b9ba5e1ad1e6268cca5ac96d478f63
+ * po/ja.po: Update with POT.
+
+ Update Japanese Translation.
+ + commit 0fae789c4125dd8492ed25bd6728b5ac98f19729
+ * po/ja.po: Start from the new one of 2.0.
+
+2012-12-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Add signature cache support to the keybox.
+ + commit 79f08fb0699f4a065e3a29bc7676a90534d7ba60
+ * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS.
+ (keydb_get_keyblock): Handle it.
+ (build_keyblock_image): Add arg SIGSTATUS.
+ (keydb_insert_keyblock): Handle it.
+ * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS.
+ (_keybox_create_openpgp_blob): Ditto.
+ * kbx/kbxutil.c (import_openpgp): Adjust for above change.
+ * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New.
+ * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag.
+ (keybox_get_keyblock): Add arg R_SIGSTATUS.
+ * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS.
+
+ kbxutil: Improve format of the Sig-Expire lines.
+ + commit 564d10ea5cd29685a00a4096d69ae2476b60506f
+ * kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp.
+
+ gpg: First working support for keyboxes.
+ + commit a9863834244fc2a58d8950977243702d12e420a1
+ * g10/getkey.c (get_pubkey_fast): Improve the assertion.
+ * kbx/keybox.h: Include iobuf.h.
+ * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF.
+ (KEYBOX_WITH_OPENPGP): Remove use of this macro.
+ (pgp_create_key_part_single): New.
+ (pgp_temp_store_kid): Change to use the keybox-openpgp parser.
+ (pgp_create_key_part): Ditto.
+ (pgp_create_uid_part): Ditto.
+ (pgp_create_sig_part): Ditto.
+ (pgp_create_blob_keyblock): Ditto.
+ (_keybox_create_openpgp_blob): Ditto.
+ * kbx/keybox-search.c (keybox_get_keyblock): New.
+ * kbx/keybox-update.c (keybox_insert_keyblock): New.
+ * g10/keydb.c (parse_keyblock_image):
+ (keydb_get_keyblock): Support keybox.
+ (build_keyblock_image): New.
+ (keydb_insert_keyblock): Support keybox.
+
+ * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print
+ a kbx file to stdout.
+
+ * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6
+ bytes.
+
+ kbxutil: Print algo number and fold similar lines.
+ + commit f7495f1004071a0ceac394007bb37f88d7a3467f
+ * kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO.
+ * kbx/keybox-openpgp.c (parse_key): Store algo.
+ * kbx/kbxutil.c (dump_openpgp_key): Print algo number.
+ * kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire
+ value lines with a range of indices.
+
+2012-12-27 Werner Koch <wk@gnupg.org>
+
+ gpg: First patches to support a keybox storage backend.
+ + commit 91e61d52539b1808e209c43e51465c76cebb06f9
+ * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to ..
+ * kbx/keybox.h: here.
+ * kbx/keybox-init.c (keybox_lock): Add dummy function
+ * g10/keydb.c: Include keybox.h.
+ (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX.
+ (struct resource_item): Add field kb.
+ (maybe_create_keyring_or_box): Add error descriptions to diagnostics.
+ Add arg IS_BOX. Write a header for a new keybox file.
+ (keydb_add_resource): No more need for the force flag. Rename the
+ local variable "force" to "create". Add URL scheme "gnupg-kbx". Add
+ magic test to detect a keybox file. Add basic support for keybox.
+ (keydb_new, keydb_get_resource_name, keydb_delete_keyblock)
+ (keydb_locate_writable, keydb_search_reset, keydb_search2): Add
+ support for keybox.
+ (lock_all, unlock_all): Ditto.
+ * g10/Makefile.am (needed_libs): Add libkeybox.a.
+ (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround.
+
+ * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY)
+ KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New.
+ * g10/gpg.c, g10/gpgv.c (main): Use new constants.
+
+2012-12-20 Werner Koch <wk@gnupg.org>
+
+ gpg: Import only packets which are allowed in a keyblock.
+ + commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+ * g10/import.c (valid_keyblock_packet): New.
+ (read_block): Store only valid packets.
+
+2012-12-19 Werner Koch <wk@gnupg.org>
+
+ gpg: Make commit 2b3cb2ee actually work.
+ + commit d61f7402f2b0f6dd288e403ed9408fd65e617f85
+ * g10/sign.c (update_keysig_packet): Use digest_algo.
+
+ (cherry-picked from commit d23ec86095714d388acac14b515445fe69f019e9)
+
+ gpg: Suppress "public key already present" in quiet mode.
+ + commit 8325d616593187ff227853de0295e3269b96edcb
+ * g10/pkclist.c (find_and_check_key, build_pk_list): Print a
+ diagnostic only in non-quiet mode.
+
+2012-12-18 Werner Koch <wk@gnupg.org>
+
+ common: Add meta option ignore-invalid-option.
+ + commit 41d564333d35c923f473aa90625d91f8fe18cd0b
+ * common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
+ (initialize): Init field IIO_LIST.
+ (ignore_invalid_option_p): New.
+ (ignore_invalid_option_add): New.
+ (ignore_invalid_option_clear): New.
+ (optfile_parse): Implement meta option.
+
+2012-12-13 Werner Koch <wk@gnupg.org>
+ Hans of Guardian <hans@guardianproject.info>
+
+ utf8conv.c: Add hacks for Android.
+ + commit 6177fb3c87f485fb654bbba492d04508755718b3
+ * common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h.
+ (iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New
+ dummy functions.
+ (set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8".
+ (jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32.
+ (jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto.
+ (jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto.
+
+2012-12-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ SCD: Fix the process of writing key or generating key.
+ + commit e7dca3e83ebd6df0a7ea55e97c3cd6e91be90af5
+ * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
+
+2012-12-12 Werner Koch <wk@gnupg.org>
+
+ ssh: Support ECDSA keys.
+ + commit 649b31c663b8674bc874b4ef283d714a13dc8cfe
+ * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
+ (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
+ (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
+ (ssh_signature_encoder_t): Add arg spec and adjust all callers.
+ (ssh_signature_encoder_ecdsa): New.
+ (sexp_key_construct, sexp_key_extract, ssh_receive_key)
+ (ssh_convert_key_to_blob): Support ecdsa.
+ (ssh_identifier_from_curve_name): New.
+ (ssh_send_key_public): Retrieve and pass the curve_name.
+ (key_secret_to_public): Ditto.
+ (data_sign): Add arg SPEC and change callers to pass it.
+ (ssh_handler_sign_request): Get the hash algo from SPEC.
+ * common/ssh-utils.c (get_fingerprint): Support ecdsa.
+
+ * agent/protect.c (protect_info): Add flag ECC_HACK.
+ (agent_protect): Allow the use of the "curve" parameter.
+ * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
+
+ * agent/command-ssh.c (ssh_key_grip): Print a better error code.
+
+2012-12-11 Werner Koch <wk@gnupg.org>
+
+ ssh: Rewrite a function for better maintainability.
+ + commit f76a0312c3794afd81fe1e172df15eb0612deae0
+ * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
+
+2012-12-10 Werner Koch <wk@gnupg.org>
+
+ ssh: Improve key lookup for many keys.
+ + commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f
+ * agent/command-ssh.c: Remove dirent.h.
+ (control_file_s): Add struct item.
+ (rewind_control_file): New.
+ (search_control_file): Factor code out to ...
+ (read_control_file_item): New.
+ (ssh_handler_request_identities): Change to iterate over entries in
+ sshcontrol.
+
+ ssh: Cleanup sshcontrol file access code.
+ + commit 25fb53ab4ae7e1c098500229c776d29b82713a20
+ * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
+ the direct use of the string.
+ (struct control_file_s, control_file_t): New.
+ (open_control_file, close_control_file): New. Use them instead of
+ using fopen/fclose directly.
+
+ agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
+ + commit 36ba7845995dd3caf8faeec3e09b3ffb879fc29b
+ * agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
+ an invoked process.
+
+ config: Update npth.m4.
+ + commit ceab60b59d907354d323ace09d7b3f2d36d330fb
+ * m4/npth.m4: Take from current npth master.
+
+2012-12-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ Revert SCD changes of 2010-05-03.
+ + commit 1e1326aeb8923782138e133f091afec41d969c40
+ * scd/apdu.c (pcsc_no_service): Remove.
+ (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
+ pcsc_no_service support.
+ (apdu_open_reader): Remove R_NO_SERVICE.
+ * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
+ * scd/command.c (reader_disabled): Remove.
+ (get_current_reader): Follow the change of R_NO_SERVICE.
+ (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
+ support.
+ * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
+
+ Don't keep opening unavailable card reader.
+ + commit baf7b09e124f9eb4ca4b8ee02474ee7710a95a40
+ * scd/command.c (update_reader_status_file): Don't call
+ get_current_reader.
+
+2012-11-30 David Shaw <dshaw@jabberwocky.com>
+
+ Refresh sample keys.
+ + commit b8eb2ab56971a309353ae2682bc6ef1357e9ac53
+
+
+ Adjust awk to not add trailing whitespace.
+ + commit 3f8ad564674431b4c0c6cff259f02248c80a6ef9
+ * mksamplekeys: Tweak awk script to not add trailing whitespace to
+ blank lines (makes git pre-commit hook unhappy)
+
+2012-11-29 David Shaw <dshaw@jabberwocky.com>
+
+ The keyserver search menu should honor --keyid-format.
+ + commit 7602d9e3edda99b0b65ba928eef435dab04ecd09
+ * keyserver.c (print_keyrec): Honor --keyid-format when getting back
+ full fingerprints from the keyserver (the comment in the code was
+ correct, the code was not).
+
+2012-11-27 Werner Koch <wk@gnupg.org>
+
+ Fix printing of ECC algo names in hkp keyserver listings.
+ + commit 3d2da6c82163ffbc2e827abc4144dc3197ed53db
+ * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
+
+2012-11-26 Ben Kibbey <bjk@luxsci.net>
+
+ Check for inet_addr() in -lnsl.
+ + commit 66331e138ec17e176cc3f45bb095820866d5358c
+ * configure.ac: Check for inet_addr() in libnsl.
+
+2012-11-20 Werner Koch <wk@gnupg.org>
+
+ Do not use a broken ttyname.
+ + commit 835698b72bc509565aad52b0753f1c56c1a8f062
+ * configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
+ systems.
+ * common/util.h (gnupg_ttyname): New macro. Change all callers of
+ ttyname to use this macro instead.
+ (ttyname) [W32]: Rename to _gnupg_ttyname and use also if
+ HAVE_BROKEN_TTYNAME is defined.
+ * common/simple-pwquery.c (agent_send_all_options): Keep on using
+ ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file
+ may be used standalone.
+
+2012-11-16 Werner Koch <wk@gnupg.org>
+
+ Fix non-portable use of chmod in autogen.sh.
+ + commit e7bc5012c568da9ceb0a80a8f3fe3edf3dac9564
+ * autogen.sh: Remove option -c from chmod.
+
+ Improve parsing of the GIT revision number.
+ + commit 011faa0c68cf0c628ef581193166e9ac9bf22b71
+ * configure.ac (mmm4_revision): Use git rev-parse.
+
+ Add an OpenPGP card vendor.
+ + commit ac775780fef3ef63f896e822add9ff6ea7e5119c
+ * g10/card-util.c (get_manufacturer): Add Yubico.
+
+2012-11-06 Werner Koch <wk@gnupg.org>
+
+ agent: Use wipememory instead of memset in one place.
+ + commit 9f0e9ea80ca30269770eb955e33b54401bff917f
+ * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben
+ Kibbey.
+
+ Allow decryption with card keys > 3072 bits.
+ + commit 905b6a36d3ca21b2f619721e1de892398e5eb759
+ * scd/command.c (MAXLEN_SETDATA): New.
+ (cmd_setdata): Add option --append.
+ * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
+ data.
+
+ * scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
+ (app_select_openpgp): Store manufacturer.
+ (do_decipher): Print a note for broken cards.
+
+2012-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix wrong use of gcry_sexp_build_array.
+ + commit 8f8c29d24ca13f987e6c118702b428a2051b7072
+ * findkey.c (agent_public_key_from_file): Fix use of
+ gcry_sexp_build_array.
+
+2012-10-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
+ + commit 8df89f3e9cf0255f11011c2f1df0d419a5c23a8c
+ * scd/apdu.c (PCSC_E_NO_SERVICE): New.
+ (open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
+ (open_pcsc_reader_wrapped): Set pcsc_no_service.
+
+2012-08-24 Werner Koch <wk@gnupg.org>
+
+ Update and enable French translation.
+ + commit 76055d49d1c8b8e4f6245e6729cae81b1eaecbf6
+ * po/fr.po: Update.
+ * po/LINGUAS: Enable fr.
+
+2012-08-24 David Prévot <taffit@debian.org>
+
+ Fix typos spotted during translations.
+ + commit ba591e2f14c0d85ba15346ffd04b9e7d72ec89dc
+ * agent/genkey.c: s/to to/to/
+ * sm/*.c: s/failed to allocated/failed to allocate/
+ * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
+ * g10/seskey.c: missing closing parenthesis
+ * dirmngr/crlcache.c: s/may has/may have/
+
+ Consistency fix:
+
+ * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
+ * dirmngr/dirmngr_ldap: no period in Syntax
+ * dirmngr/dirmngr-client.c: infinitive for option description:
+ s/certificates are expected/expect certificates/
+
+ Keep previous msgids of translated messages.
+ + commit bf95408fc33709d154cd41566d33af3ec3c48886
+ * po/Makefile.in.in: Use --previous with msgmerge.
+
+2012-08-24 Hans-Christoph Steiner <hans@eds.org>
+
+ Fix build system for Android by disabling tests since its x-compiled.
+ + commit 1da04bfb3f5714a0fa6d0b779d0d2ae4e9544b8f
+ * configure.ac (HAVE_ANDROID_SYSTEM, RUN_TESTS): New.
+ (AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname.
+ * Makefile.am: Depend tests on new RUN_TESTS conditional.
+
+2012-08-24 Werner Koch <wk@gnupg.org>
+
+ Fix left over use of jnlib on some platforms.
+ + commit 8156a38674421deef6c2eb3e91e0186fe7fe4b26
+ * tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/.
+
+2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: handle reader/token removal.
+ + commit ca8eec8e28abb8473d02dbaf8d61cfb1094c5c50
+ * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
+ SW_HOST_NO_READER.
+
+2012-06-05 Werner Koch <wk@gnupg.org>
+
+ Change all quotes in strings and comments to the new GNU standard.
+ + commit 096e7457ec636bcfcf128678660eb2f2e19f113a
+ The asymmetric quotes used by GNU in the past (`...') don't render
+ nicely on modern systems. We now use two \x27 characters ('...').
+
+ The proper solution would be to use the correct Unicode symmetric
+ quotes here. However this has the disadvantage that the system
+ requires Unicode support. We don't want that today. If Unicode is
+ available a generated po file can be used to output proper quotes. A
+ simple sed script like the one used for en@quote is sufficient to
+ change them.
+
+ The changes have been done by applying
+
+ sed -i "s/\`\([^'\`]*\)'/'\1'/g"
+
+ to most files and fixing obvious problems by hand. The msgid strings in
+ the po files were fixed with a similar command.
+
+2012-05-24 Werner Koch <wk@gnupg.org>
+
+ Print the hash algorithm in colon mode key listing.
+ + commit fc00d3fcb201476b3495f47138fa35b71c52f403
+ * g10/keylist.c (list_keyblock_colon): Print digest_algo.
+
+ Fix type conflict warning.
+ + commit f8a8c71c41bc1893df8af6ce522876ccbf6240a9
+ * g10/keylist.c: Change min_cert_level to a byte.
+
+2012-05-11 Werner Koch <wk@gnupg.org>
+
+ Switch to the new automagic beta numbering scheme.
+ + commit 68777b40dcf215305a325185f6bd9cfd6dcc0542
+ * configure.ac: Add all the require m4 magic.
+
+2012-05-08 Werner Koch <wk@gnupg.org>
+
+ Add tweaks for the not anymore patented IDEA algorithm.
+ + commit b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a
+ * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
+ compatibility mode.
+ * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
+ * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this
+ status anymore.
+
+ po: Update de.po.
+ + commit 59b77f9ea7dfa4d5c74573d2186c9a3e129ab3bf
+ * po/de.po: Update.
+
+ common: Remove generated files only during maintainer-clean.
+ + commit d800fa5ce6102e069305f8e1a5d55d18ac3a1993
+ * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
+
+2012-04-30 Werner Koch <wk@gnupg.org>
+
+ agent: Fix deadlock in trustlist due to the switch to npth.
+ + commit 0f02fba19df16c82ca1ad44a8cb09f952d755598
+ * agent/trustlist.c (clear_trusttable): New.
+ (agent_reload_trustlist): Use new function.
+ (read_trustfiles): Require to be called with lock held.
+ (agent_istrusted): Factor all code out to ...
+ (istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the
+ table islocked. Do not print TRUSTLISTFLAG stati if called internally.
+ (agent_marktrusted): Replace calls to agent_reload_trustlist by
+ explicit code.
+
+2012-04-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ make DNS and URI fields work in gpgsm --gen-key.
+ + commit 8d7522837c6dba3065d24594bcdbe7b99a702cde
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and
+ mb_dns.avoid buffer strncpy-induced buffer overrun
+
+2012-04-26 Jim Meyering <jim@meyering.net>
+
+ avoid buffer strncpy-induced buffer overrun.
+ + commit 20c9ac4df34e25f7085bb4e4ab5ea7223932f5c4
+ * dirmngr/crlcache.c (open_dir): Ensure that both this_update
+ and next_update member strings are NUL-terminated.
+
+ remove doubled words in a comment.
+ + commit 6e3882785a629b361c57c8b9d5cad51fb234ac23
+
+
+2012-04-20 Werner Koch <wk@gnupg.org>
+
+ Change license for some files in common to LGPLv3+/GPLv2+.
+ + commit 37df3d5f593f76ddbf1b9dc6de0173b7bb85c0ad
+ Having the LGPL on the common GnuPG code helps to share code
+ between GnuPG and related projects (like GPGME and Libassuan). This
+ is good for interoperability and to reduces bugs.
+
+ * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
+ * common/b64enc.c, common/convert.c, common/dns-cert.c
+ * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
+ * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
+ * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
+ * common/helpfile.c, common/homedir.c, common/http.c, common/http.h
+ * common/i18n.c, common/init.c, common/init.h, common/iobuf.c
+ * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
+ * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
+ * common/percent.c, common/pka.c, common/pka.h, common/session-env.c
+ * common/session-env.h, common/sexp-parse.h, common/sexputil.c
+ * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
+ * common/ssh-utils.h, common/sysutils.c, common/sysutils.h
+ * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
+ * common/userids.c, common/userids.h, common/xasprintf.c: Change
+ license to LGPLv3+/GPLv2+/
+
+2012-04-10 Ben Kibbey <bjk@luxsci.net>
+
+ Fix killing PID -1.
+ + commit bee0ac28c9c8027540ae56900b9f85e0bd555f1d
+ When the KILLSCD command had been sent a race condition would occur
+ causing PID -1 getting killed, which on Linux seems to terminate all
+ applications for the current user.
+
+2012-04-05 Werner Koch <wk@gnupg.org>
+
+ Do not mix test result with progress lines.
+ + commit f1e1387bee286c7434f0462185048872bcdb4484
+ This makes parsing of the results easier. Fixes bug#1400.
+
+ * tests/openpgp/defs.inc (progress_cancel, progress_end)
+ (progress_new): New.
+ * tests/openpgp/conventional-mdc.test: Use progress functions
+ * tests/openpgp/conventional.test: Ditto.
+ * tests/openpgp/encrypt-dsa.test: Ditto.
+ * tests/openpgp/encrypt.test: Ditto.
+ * tests/openpgp/sigs.test: Ditto.
+
+2012-04-04 Ben Kibbey <bjk@luxsci.net>
+
+ Mention status messages in the documentation.
+ + commit 99fc61f1cf09c7f72a9037d91d3cf0cd2e035ae6
+ Note INQUIRE_MAXLEN.
+
+ Document PASSWD --preset.
+ + commit a577f06c4aecc0af5b492e15812e9150c747cbe4
+
+
+ Document GENKEY options.
+ + commit 108e8f622ef9cfa256707debec1d379ce3cf21ca
+
+
+ Document PRESET_PASSPHRASE.
+ + commit 96e107fc29db625b247022ae1bf2cbe90b939c5d
+
+
+ Document CLEAR_PASSPHRASE.
+ + commit 26b59d78c43d72fa28609fb2c0d80fb377393127
+ And describe the --mode=normal option.
+
+2012-03-27 Werner Koch <wk@gnupg.org>
+
+ Fix timegm regression test.
+ + commit 17499e761e8cd0fe867b5b5f3e42a71b6d45f954
+ * common/t-timestuff.c (test_timegm): Change test to use January and
+ not February or December+1. Bug spotted by Daniel Kahn Gillmor.
+
+ Print warning for arguments not considered an option.
+ + commit de01c51ecb3918f427aa76281351749c8ad07ed6
+ GnuPG requires that options are given before other arguments. This
+ can sometimes be confusing. We now print a warning if we found an
+ argument looking alike a long option without being preceded by the
+ stop option. This is bug#1343.
+
+ * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
+ * common/argparse.c (arg_parse): Set new flag.
+ * g10/gpg.c (main): Print the warning.
+ * agent/gpg-agent.c (main): Ditto.
+ * dirmngr/dirmngr.c (main): Ditto.
+ * g13/g13.c (main): Ditto.
+ * scd/scdaemon.c (main): Ditto.
+ * sm/gpgsm.c (main): Ditto.
+ * tools/gpg-connect-agent.c (main): Ditto.
+ * tools/gpgconf.c (main): Ditto.
+
+2012-03-26 Werner Koch <wk@gnupg.org>
+
+ Allow compress algorithm 0.
+ + commit 7ddbcb6b6ab8b26c8e609fcd95c2c8a89bc20a7d
+ * g10/mainproc.c (proc_compressed): Remove superfluous check for
+ compress algorithm 0. Reported by pfandrade. This is bug#1326.
+
+ Add mksamplekeys script.
+ + commit 7441e622ffb3296686bd0d7f04b4051466aaad38
+ * doc/mksamplekeys: New.
+
+2012-02-28 Marcus Brinkmann <mb@g10code.com>
+
+ Replace npth_yield in busy wait by npth_usleep.
+ + commit 8f8c6594147608b1021c16fc3561feb96da5d55a
+ * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call
+ npth_usleep instead of npth_yield.
+
+2012-02-16 Marcus Brinkmann <mb@g10code.com>
+
+ Check for lber and link dirmngr_ldap to it.
+ + commit 76ff42ef8d1232dd36bf48c1020b0b9b2afb1c7d
+ * configure.ac (LBER_LIBS, HAVE_LBER): New variables, check for lber.
+ * dirmngr/Makefile.am (dirmngr_lda_LDADD): Add $(LBER_LIBS).
+
+2012-02-07 Werner Koch <wk@gnupg.org>
+
+ agent: Add pin length field to the shadowed private key format.
+ + commit b817ae7df947093384a25797999a9aa187e20f9c
+ This is not yet fully implemented. It will eventually allow to
+ support pinpad equipped readers which do not support variable length
+ pin lengths.
+ * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
+ parse pinlen info. Change all callers to pass NULL for it.
+
+ Use new status printing functions.
+ + commit 12ea5c904c0008a2adec2e8bbe45dac629548e7d
+ * agent/command.c (cmd_geteventcounter): Get rid of static buffers.
+ * scd/command.c (cmd_serialno, cmd_learn): Simplify by using
+ print_assuan_status.
+
+ agent: New function agent_print_status.
+ + commit e78585cd0f553d92f332e33810ab636758bc88a2
+ * common/asshelp2.c (vprint_assuan_status): New.
+ (print_assuan_status): Re-implement using above func.
+ * agent/command.c (agent_print_status): New.
+
+ po: Add Ukrainian translation.
+ + commit 8d8d740bfd73d8764a03220c0b0c949e03fea351
+ * po/uk.po: New.
+
+ common: Replace macro based function calls by using DEFAULT_ERRSOURCE.
+ + commit 13ec74481ce0137f7a60b3256cc4840073c77efa
+ * common/dns-cert.h (get_dns_cert): Remove macro.
+ * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace
+ arg ERRSOURCE by global DEFAULT_ERRSOURCE.
+ * common/http.h (http_parse_uri, http_raw_connect, http_open)
+ (http_open_document, http_wait_response): Remove macros.
+ * common/http.c (_http_parse_uri, _http_raw_connect, _http_open)
+ (_http_open_document, _http_wait_response): Remove underscore from
+ symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
+ * common/ssh-utils.h (ssh_get_fingerprint)
+ (ssh_get_fingerprint_string): Remove macros.
+ * common/ssh-utils.h (_ssh_get_fingerprint)
+ (_ssh_get_fingerprint_string): Remove underscore from symbols.
+ Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
+ * common/tlv.h (parse_ber_header, parse_sexp): Remove macros.
+ * common/tlv.c: Include util.h.
+ (_parse_ber_header, _parse_sexp): Remove underscore from symbols.
+ Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
+
+2012-02-06 Werner Koch <wk@gnupg.org>
+
+ Add replacement hack for Android's broken ttyname.
+ + commit 115a6ed55d1f6be33f66de6734359fa590ca3749
+ * configure.ac (HAVE_TTYNAME) [__ANDROID__]: Add hack.
+
+ agent: Simplify printing of INQUIRE_MAXLEN.
+ + commit 7981cdd1345d51fd917b2375691ead60c24db2cd
+ * agent/command.c: Include asshelp.h.
+ (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
+ (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
+
+ common: Add function print_assuan_status.
+ + commit 1a0df8506050448f16c63666850e3ae6d94a971b
+ * common/asshelp2.c: New.
+ (print_assuan_status): New function.
+ * common/Makefile.am (common_sources): Add asshelp2.c.
+
+ common: Add a global variable to for the default error source.
+ + commit eb0faef81dae2cba1f62056fdc4dc2a7d58ac86a
+ For the shared code parts it is cumbersome to pass an error sourse
+ variable to each function. Its value is always a constant for a given
+ binary and thus a global variable makes things a lot easier than the
+ former macro stuff.
+ * common/init.c (default_errsource): New global var.
+ (init_common_subsystems): Rename to _init_common_subsystems. Set
+ DEFAULT_ERRSOURCE.
+ * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
+ (init_common_subsystems): New macro.
+ * common/util.h (default_errsource): Add declaration.
+ * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
+
+2012-02-03 Ben Kibbey <bjk@luxsci.net>
+
+ Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.
+ + commit ecda65498ac60dfde50fbbc71cd0cc321d7175a9
+ * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status
+ message before doing the inquire.
+ (cmd_genkey): Ditto.
+
+2012-02-02 Ben Kibbey <bjk@luxsci.net>
+
+ Inform the client of the preset passphrase length.
+ + commit 3f7788f2e035eb939abb27b3a53854ec0fc6178c
+ * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN
+ status message before inquiring the passphrase.
+
+2012-02-01 David Shaw <dshaw@jabberwocky.com>
+
+ Honor --cert-digest-algo when recreating a cert.
+ + commit 2b3cb2ee94625498e7a7f939216c9bcddef6ec20
+ * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
+ recreating a cert.
+
+ This is used by various things in --edit-key like setpref, primary,
+ etc. Suggested by Christian Aistleitner.
+
+2012-01-27 Werner Koch <wk@gnupg.org>
+
+ gl: Add support for Android to stdint.h replacement.
+ + commit bdde44ae8d4709e33c09781c3d37a5da2c7a5e0d
+ * gl/stdint_.h: When included from Bionic <sys/types.h>, just include
+ the system's <stdint.h>.
+
+ gpg-connect-tool: Take the string "true" as a true condition.
+ + commit 2871422d9a889cb632f59efda4d9cd170fc9fca7
+ * tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in
+ conditions as expected.
+
+2012-01-26 Ben Kibbey <bjk@luxsci.net>
+
+ Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.
+ + commit cf748e8736b984194345bfd74887b35d3d23fa37
+ Since there isn't a way to prompt the user to insert the smartcard when
+ pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of
+ GPG_ERR_NO_PIN_ENTRY.
+
+ * agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
+ when pinentry-mode=loopback.
+
+ Also check for GPG_ERR_ASS_CANCELED during an inquire.
+ + commit 3da10eefcb09a520f11e4fae7f59a33f80ffba69
+ Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
+ This is similar to commit 4f21f8d but for both protocol command
+ cancellation and pinentry cancellation.
+
+ * agent/call-scd.c (agent_card_pkdecrypt): Check for
+ GPG_ERR_ASS_CANCELED.
+ (agent_card_pksign): Ditto.
+
+2012-01-25 Werner Koch <wk@gnupg.org>
+
+ nPth is now a hard requirement for GnuPG.
+ + commit 001352077cdc7e402421c77328bea1a052005673
+ * configure.ac: Remove cruft to allow building without npth.
+
+ Require libassuan 2.1.0.
+ + commit c254d0f0d13a54777a62dad8f78a8f287d6ae565
+ * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.1.0. This is due to
+ the npth changes.
+
+ Fix strerror vs. gpg_strerror usage.
+ + commit 2be7818c6d916a69ffdf88cce32960949a56e893
+ This bug was introduced by the migration to npth.
+ * agent/gpg-agent.c (handle_connections): Use strerror.
+
+ Add missing variable.
+ + commit a55d2e16f1090264338dc3ad0b2afca28db27c09
+ * agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable.
+
+2012-01-25 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ Port LDAP wrapper to NPTH.
+ + commit 4074f966276be10a794fd63a7f443b9d974d3982
+ * agent/gpg-agent.c (handle_connections): Handle error.
+ * dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH.
+
+ Port Windows code to NPTH.
+ + commit ccbb4c3652ee72386b8889358b829e256e1ebcda
+ * agent/gpg-agent.c (get_agent_ssh_socket_name): Use
+ INVALID_HANDLE_VALUE instead of 0.
+ (handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
+ (handle_connections): Port Windows code to NPTH.
+ * dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
+ * g13/g13.c (handle_connections): Port Windows code to NPTH.
+ * scd/scdaemon.c (handle_connections): Port Windows code to NPTH.
+
+ Port to npth.
+ + commit 7a7a59782766a8bde0c3e7156d14bb2b0e4a3951
+ * configure.ac: Don't check for PTH but for NPTH.
+ (AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
+ (have_pth): Rename to ...
+ (have_npth): ... this.
+ (USE_GNU_NPTH): Rename to ...
+ (USE_GNU_PTH): ... this.
+ * m4/npth.m4: New file.
+ * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
+ agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
+ agent/trustlist.c, common/Makefile.am, common/estream.c,
+ common/exechelp-posix.c, common/exechelp-w32.c,
+ common/exechelp-w32ce.c, common/http.c, common/init.c,
+ common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
+ dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
+ dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
+ g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
+ scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
+ scd/scdaemon.c, tools/Makefile.am: Port to npth.
+
+2012-01-25 Werner Koch <wk@gnupg.org>
+
+ Require gitlog-to-changelog to be installed.
+ + commit 495dc68586356891b82a2d2b6367c4131fd17f08
+ * Makefile.am (GITLOG_TO_CHANGELOG): New.
+ (gen-ChangeLog): Use installed version of gitlog-to-changelog.
+
+2012-01-20 David Shaw <dshaw@jabberwocky.com>
+
+ Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
+ + commit deee8147aab086161c91e6aa6fb41d7148a630f6
+ * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
+
+ * g10/trustdb.c (check_trustdb_stale): Request a rebuild if
+ pending_check_trustdb is true (set when we detect a trustdb
+ parameter has changed).
+
+ * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
+ listing for min_cert_level not matching.
+
+ * g10/tdbio.c (tdbio_update_version_record, create_version_record,
+ tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
+ tdbio_write_record): Add a byte for min_cert_level in the tdbio
+ version record.
+
+2012-01-20 Werner Koch <wk@gnupg.org>
+
+ estream: Fix unclean usage of realloc.
+ + commit e97e2ced6cf3ee295a3cc9f8968969a1910380ea
+ * common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove.
+ (_ESTREAM_PRINTF_FREE): Remove.
+ (_ESTREAM_PRINTF_REALLOC): New.
+ (fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New.
+ (estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc
+ and my_printf_free.
+ (dynamic_buffer_out): Use my_printf_realloc instead of realloc.
+
+ Do not copy default merge commit log entries into the ChangeLog.
+ + commit 7589e43b21c8d80c5a57ecb6eb78dfcd0b5dac46
+ * scripts/gitlog-to-changelog: Skip merge commits.
+
+2012-01-18 Ben Kibbey <bjk@luxsci.net>
+
+ Add the INQUIRE_MAXLEN status message.
+ + commit ae981dd8f454e2a8bbc6429bed5abc5e87cc83d5
+ This status message is used to inform the client of the maximum length
+ of an inquired passphrase and is used in pinentry-mode=loopback.
+
+ * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
+ message before doing the inquire.
+
+2012-01-16 Jim Meyering <meyering@redhat.com>
+
+ yat2m: don't dereference pointer to freed memory.
+ + commit 4402dc3f0a5c5d0f26ed2ae97f9cda9cf4e695fa
+ * doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop.
+
+ gpg-agent: fix lc-messages handling not to change Xauthority setting.
+ + commit 37801918cb916ae8c641e003f204dcc70cccb29c
+ * agent/gpg-agent.c (main): Supply omitted "break" statement for
+ lc-messages option. Otherwise, control would fall through to the
+ following oXauthority case and use the same value there.
+
+2012-01-15 Werner Koch <wk@gnupg.org>
+
+ Fix indentation.
+ + commit 75a402fc25e4ec9659723dd58306aff3415736f4
+
+
+2012-01-14 Ben Kibbey <bjk@luxsci.net>
+
+ Fix scdaemon pinentry inquire cancelation.
+ + commit 4f21f8d6e109eae111d2da91f4c946afda4174e4
+ Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.
+
+ * agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
+ when returning from the PKDECRYPT operation of scdaemon and cancel the
+ inquire.
+ (agent_card_pksign): Ditto.
+ (cancel_inquire): New.
+
+2012-01-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix segv with RSA_S keys.
+ + commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8
+ * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
+ (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
+ GCRY_PK_RSA.
+
+ estream: Avoid printing leading zeroes by %p on 32 bit systems.
+ + commit b42bc48dfb4b6d4f745eb02d8de4f4dcffdacf48
+ * common/estream-printf.c (pr_pointer): Synchronize definition of
+ AULONG with its use.
+
+2012-01-11 David Shaw <dshaw@jabberwocky.com>
+
+ Refresh sample keys.
+ + commit 860861279bc17dd80eecc9631c4ae5d161a335fd
+
+
+2012-01-10 David Shaw <dshaw@jabberwocky.com>
+
+ Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr.
+ + commit 3f59561cee635c6801e0a59d3abff1c064fcbdbe
+ * dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form
+
+2012-01-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Make the double space in the middle of a fingerprint optional.
+ + commit 957fe728466893bc63f5ccad197d3e245dca4bf3
+ This change might help to c+p a fingerprint from an HTML page without
+ being enclosed in a "pre" tag.
+ * common/userids.c (classify_user_id): Skip a second blank in the
+ middle of a fingerprint.
+
+ gpg: Allow use of a standard space separated fingerprint.
+ + commit 372fb4fc0661014ccd9275c89e6da2208f87155f
+ * common/userids.c (classify_user_id): Check for space separated GPG
+ fingerprint.
+
+2012-01-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ Merge ccid_driver_improvement branch.
+ + commit 5988c8bfb7eafaca53c8abeb793f189acd3177c6
+ * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
+ (open_ccid_reader): Use ccid_keypad_operation for verify and modify.
+
+ * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
+ (ccid_transceive_apdu_level): Permit sending packet where
+ apdulen <= 289. Support receiving packets in a chain.
+ (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
+ Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
+
+2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ Silence gcc warning.
+ + commit ed432f030e604f7b2fd4a79c2110d92b9cde7501
+ * sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized.
+
+ Revert last change, add comment about link() return values.
+ + commit ff2095ad7b4be7eaf9468b6ef39fd979527ecc4f
+ * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Do not check
+ return value of link().
+
+ Fix compiler warnings.
+ + commit 0dce26778ef8abd4fc40de689d7ec9b720d26430
+ * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return
+ value of link().
+ * g13/g13.c: Make sure err is initialized.
+ * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR.
+
+ Fix last change: Only set gcrypt thread callback for older versions.
+ + commit 61ccd8d92d9d3b8ba0eca3c2969d7f6f37e16405
+ * dirmngr/dirmngr.c, g13/g13.c: Rename FIX_GCRY_PTH_INIT to
+ USE_GCRY_THREAD_CBS.
+
+2012-01-03 Werner Koch <wk@gnupg.org>
+
+ Terminate csh commands with a semicolon also for dirmngr.
+ + commit 682df45d15661ed3544e2ed34bcb636200cc40f9
+ * dirmngr/dirmngr.c (main): Terminate csh style output with a semicolon.
+
+ Terminate csh commands with a semicolon.
+ + commit d01d9ff11f46cbd61b7b8c0e04431e4f0c4a8580
+ Fixes bug#1386.
+
+ * agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
+ * scd/scdaemon.c: Ditto.
+
+2012-01-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
+
+ Only set gcrypt thread callback for older version of gcrypt.
+ + commit a2d9e48fcca6cfc2dfadef6dbd3579a30314676b
+ * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
+ (USE_GCRY_THREAD_CBS): New macro, defined if
+ GCRY_THREAD_OPTION_VERSION is 0.
+ (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
+ (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
+
+2011-12-28 David Shaw <dshaw@jabberwocky.com>
+
+ Use the longest key ID available when talking to a HKP server.
+ + commit c6aaf024651c7d55ac9fb77a53c084efb3adc1a9
+ This is issue 1340. Now that PKSD is dead, and SKS supports long key
+ IDs, this is safe to do. Patch from Daniel Kahn Gillmor
+ <dkg@fifthhorseman.net>.
+
+2011-12-20 Werner Koch <wk@gnupg.org>
+
+ Post-release version number update.
+ + commit 97d1c884e62bba94e42bb5b2bb13cd3880334c31
+
+
+ Release 2.1.0beta3.
+ + commit 604c130a85d4203b9d84137a42673aeaff1c0bd1
+
+
+ Prepare for the beta3 release.
+ + commit 8e47f1e576f70d4dbe966523057fe3078006ae8b
+
+
+ po: Update the German translation.
+ + commit 6f02c143440865781b4e3c1753e24e55a0de40e4
+
+
+ Add the STEED Self-Signing Nonthority certificate.
+ + commit fe2f1826991e8130f727ee15df1a4651f679752f
+ * doc/com-certs.pem: Install it when creating a keybox.
+
+ faq: Add section on US export restrictions.
+ + commit 779611494dbd187d09b05d2eb10faabd31a70156
+
+
+ Require Libassuan 2.0.3.
+ + commit 366512abe44d9e71bb2c699c29477afa6ac71cdd
+ * configure.ac: Require Libassuan 2.0.3.
+ * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
+ * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
+ dependency.
+ (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
+ * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
+
+2011-12-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
+ + commit 07f20f313a0b13e5c93168a8a62ff1cbb94a4514
+ * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
+ (pcsc_keypad_modify): Likewise.
+
+2011-12-19 Werner Koch <wk@gnupg.org>
+ Ben Kibbey <bjk@luxsci.net>
+
+ scd: Fix for card change returning GPG_ERR_CARD_RESET.
+ + commit f4b7f7146349c388a2f3ce224ff2006606c66232
+ * scd/apdu.c (apdu_connect): Do not test for zero atrlen.
+
+2011-12-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ Don't kill pinentry by SIGKILL but let it quit by SIGINT.
+ + commit f6251c0d0af92331388f5e9bcd1750cbadcaca8f
+ * agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send
+ SIGINT (was: SIGKILL).
+
+2011-12-15 David Shaw <dshaw@jabberwocky.com>
+
+ Merge fix for issue 1331 from 1.4.
+ + commit a98260c39f1c0ccdad004784cbc9440376766082
+ * photoid.c (generate_photo_id): Check for the JPEG magic numbers
+ instead of JFIF since some programs generate an EXIF header first.
+
+2011-12-15 Werner Koch <wk@gnupg.org>
+
+ scd: Prefer application Geldkarte over DINSIG.
+ + commit 27089564b6453deaf7b4ffe7cc5f5f290b6d892b
+ * scd/app.c (select_application): Reorder application tests.
+
+ scd: Add option --dump-atr to command APDU.
+ + commit b22d62bd1481dfe13d60a6d16b09b9297944f063
+ * scd/atr.c: Rewrite.
+ * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h.
+ * scd/command.c (cmd_apdu): Add option --dump-atr.
+
+ estream: New function es_fclose_snatch.
+ + commit 7737a2c269657189a583cde7f214f20871d264f8
+ * common/estream.c (cookie_ioctl_function_t): New type.
+ (es_fclose_snatch): New function.
+ (COOKIE_IOCTL_SNATCH_BUFFER): New constant.
+ (struct estream_internal): Add field FUNC_IOCTL.
+ (es_initialize): Clear FUNC_IOCTL.
+ (es_func_mem_ioctl): New function.
+ (es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL.
+
+2011-12-14 Werner Koch <wk@gnupg.org>
+
+ scd: Skip S/N reading for the "undefined" application.
+ + commit 792e137ec7997a0ff5c54ff970611238d28d4ba8
+ * scd/app.c (select_application): Skip serial number reading.
+
+ scd: Add more status word values for documentation.
+ + commit 0bac31ee9f74a25d76b08c3e0355a338908f083a
+
+
+ scd: Add the "undefined" stub application.
+ + commit dcd64131c60efd0189aa05d5dbce6b93547b04e3
+ * scd/app.c (select_application): Implement the "undefined"
+ application.
+
+ agent: Pass comment lines from scd verbatim thru gpg-agent.
+ + commit 45cf9de341405a228e331bd3893cbcd6b72306be
+ * agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
+ * tools/gpg-connect-agent.c (help_cmd_p): New.
+ (main): Treat an "SCD HELP" the same as "HELP".
+
+ scd: Fix resetting and closing of the reader.
+ + commit 2d91febbd8d30beb7eb33f7aa80ffd5691d1d3cc
+ * scd/command.c (update_card_removed): Do no act on an invalid VRDR.
+ (do_reset): Ignore apdu_reset error codes for no and inactive card.
+ Close the reader before setting the slot to -1.
+ (update_reader_status_file): Notify the application before closing the
+ reader.
+
+ scd: Add debug option for reader function calls.
+ + commit 07ea8c56b507b06d4bd70e94fa51914659afac4b
+ * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New.
+ * scd/apdu.c (apdu_open_reader, apdu_close_reader)
+ (apdu_shutdown_reader, apdu_connect, apdu_disconnect)
+ (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code.
+ (apdu_activate): Remove this unused function.
+
+2011-12-13 Werner Koch <wk@gnupg.org>
+
+ scd: New option --debug-assuan-log-cats.
+ + commit 00c760f628f4cf0fc11e79d305c172f98123f815
+ * scd/scdaemon.c (oDebugAssuanLogCats): New.
+ (opts): Add option --debug-assuan-log-cats.
+ (main): Implement option.
+ * common/asshelp.c (set_libassuan_log_cats): New.
+
+ scd: Introduce a virtual reader table.
+ + commit 24e121ef261731069868ca403b818f1168237f53
+ The vreader table makes the code more clear by explicitly talking
+ about APDU slots and reader indices. It also accommodates for future
+ extensions.
+
+ * scd/scdaemon.h (server_control_s): Remove READER_SLOT.
+ * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
+ * scd/app.c (check_application_conflict): Add arg SLOT.
+ * scd/command.c (slot_status_s): Rename to vreader_s.
+ (server_local_s): Add field VREADER_IDX as replacement for
+ the READER_SLOT in server_control_s. Change all users.
+ (slot_table): Rename to vreader_table. Change all users.
+ (vreader_slot): New.
+ (do_reset, cmd_apdu): Map vreader to apdu slot.
+ (get_reader_slot): Rename to get_current_reader. Return -1 on error.
+ (open_card): Map vreader toapdu slot. Pass slot to
+ check_application_conflict.
+ (scd_command_handler): Init VREADER_IDX.
+ (update_reader_status_file): Reset SLOT field on error.
+
+2011-12-12 Werner Koch <wk@gnupg.org>
+
+ scd: Retry command SERIALNO for an inactive card.
+ + commit 11164662788036c4b15d30555ea33ec0b6f5a670
+ * scd/command.c (cmd_serialno): Retry once for an inactive card.
+
+ Fix detection of card removal and insertion.
+ + commit cd29dc0f1cf7f3bd7938ffa65bf13f9a75d8c156
+ * scd/apdu.c (apdu_connect): Return status codes for no card available
+ and inactive card.
+ * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
+ (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
+
+ gitlog-to-changelog: New option --tear-off.
+ + commit ea0a21410b8fa460882c0f8de90b9291345fd4fc
+ * scripts/gitlog-to-changelog: Add option --tear-off.
+ * Makefile.am (gen-ChangeLog): Use that option.
+
+2011-12-07 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Add new validation model "steed".
+ + commit 8a12a2000d82acfa881e8c18d028290100bf5e43
+ * sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
+ * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
+ * sm/server.c (option_handler): Allow validation model "steed".
+ * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
+ * sm/certchain.c (do_validate_chain): Handle the
+ well-known-private-key attribute. Support the "steed" model.
+ (gpgsm_validate_chain): Ditto.
+ * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
+ * sm/keylist.c (list_cert_colon): Print the new 'w' flag.
+
+ Correct punctuation in the ChangeLog summary line.
+ + commit 14e4fdc9f97d6f12bf563adfff1e3157305d7795
+ * Makefile.am (gen-ChangeLog): Supply --append-dot.
+
+ Allow comments which will not show up in the ChangeLog.
+ + commit cd3732841de32ce5c7841e6e158df3a5f1102f86
+ * scripts/gitlog-to-changelog: Ignore lines after a "--" line.
+
+2011-12-06 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Allow specification of an AuthorityKeyIdentifier.
+ + commit 596b84a4de58def2155d3fe56462f6607f135b69
+ * sm/certreqgen.c (pAUTHKEYID): New.
+ (read_parameters): Add keyword Authority-Key-Id.
+ (proc_parameters): Check its value.
+ (create_request): Insert an Authority-Key-Id.
+
+ gpgsm: Allow arbitrary extensions for cert creation.
+ + commit 5cdad8ff000152b4bd01953646bb87fe8703c70d
+ * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
+ (read_parameters): Add new keywords.
+ (proc_parameters): Check values of new keywords.
+ (create_request): Add SubjectKeyId and extensions.
+ (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
+
+ gpgsm: Fix storing of the serial number.
+ + commit 3f284e40502d8181b0b3ea66c77cd7c1252ea781
+ * sm/certreqgen.c (create_request): Fix hex-bin conversion.
+
+2011-12-05 Werner Koch <wk@gnupg.org>
+
+ Fix last change.
+ + commit 9274d4d18281b3364fa8abaa821dddf124b105d7
+ * agent/command.c (start_command_handler): Remove use of removed var.
+
+ Amend the agent code with more comments.
+ + commit 477360e8cdc458b0a36e9c7fb52a35f27766255d
+ * agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
+
+2011-12-02 Werner Koch <wk@gnupg.org>
+
+ Support the Cherry ST-2000 card reader.
+ + commit 239659d3a0b8c0c378734ca3d1e9210a02e24da7
+ * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
+ (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
+ (parse_ccid_descriptor): Use them.
+ (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
+ ST-2000. Suggested by Matthias-Christian Ott.
+
+ Avoid possible double free in export.c.
+ + commit 96dc146fa17a7853277dbf3dc771c585a815c247
+ * g10/export.c (transfer_format_to_openpgp): Avoid possible double
+ free of LIST. Reported by NIIBE Yutaka.
+
+2011-12-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ Fix pinpad input support for passphrase modification.
+ + commit bf37c32367ba149559385ee90b6435cef8bd6412
+ * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
+ (pcsc_keypad_modify): Likewise.
+ (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
+ bConfirmPIN value is determined by the parameter p0.
+
+ * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
+ reset_mode is on, or resetcode is on. use_keypad only makes sense for
+ iso7816_change_reference_data_kp.
+
+ * iso7816.h (iso7816_put_data_kp): Remove.
+ (iso7816_reset_retry_counter_kp): Remove.
+ (iso7816_reset_retry_counter_with_rc_kp): Remove.
+ (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
+
+ * iso7816.c (iso7816_put_data_kp): Remove.
+ (iso7816_reset_retry_counter_kp): Remove.
+ (iso7816_reset_retry_counter_with_rc_kp): Remove.
+ (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
+
+2011-12-01 Werner Koch <wk@gnupg.org>
+
+ Add hook to check the commit log syntax.
+ + commit 29e96e6b9a8e68e6554dd48bc2ce68ae9525d29f
+ * autogen.sh: Install commit-msg hook for git.
+
+ Generate the ChangeLog from commit logs.
+ + commit 2336b09779d313c1594acf6df3bd8a8486e90458
+ * scripts/gitlog-to-changelog: New script. Taken from gnulib.
+ * scripts/git-log-fix: New file.
+ * scripts/git-log-footer: New file.
+ * doc/HACKING: Describe the ChangeLog policy
+ * ChangeLog: New file.
+ * Makefile.am (EXTRA_DIST): Add new files.
+ (gen-ChangeLog): New.
+ (dist-hook): Run gen-ChangeLog.
+
+ Rename all ChangeLog files to ChangeLog-2011.
+
+2011-12-01 Werner Koch <wk@gnupg.org>
+
+ NB: Changes done before December 1st, 2011 are described in
+ per directory files named ChangeLog-2011. See doc/HACKING for
+ details.
+
+ -----
+ Copyright (C) 2011 Free Software Foundation, Inc.
+
+ Copying and distribution of this file and/or the original GIT
+ commit log messages, with or without modification, are
+ permitted provided the copyright notice and this notice are
+ preserved.